drivers/nfc/pn533.c

   1 /*
   2  * Copyright (C) 2011 Instituto Nokia de Tecnologia
   3  *
   4  * Authors:
   5  *    Lauro Ramos Venancio <lauro.venancio@openbossa.org>
   6  *    Aloisio Almeida Jr <aloisio.almeida@openbossa.org>
   7  *
   8  * This program is free software; you can redistribute it and/or modify
   9  * it under the terms of the GNU General Public License as published by
  10  * the Free Software Foundation; either version 2 of the License, or
  11  * (at your option) any later version.
  12  *
  13  * This program is distributed in the hope that it will be useful,
  14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16  * GNU General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License
  19  * along with this program; if not, write to the
  20  * Free Software Foundation, Inc.,
  21  * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
  22  */
  23
  24 #include <linux/device.h>
  25 #include <linux/kernel.h>
  26 #include <linux/module.h>
  27 #include <linux/slab.h>
  28 #include <linux/usb.h>
  29 #include <linux/nfc.h>
  30 #include <linux/netdevice.h>
  31 #include <net/nfc/nfc.h>
  32
  33 #define VERSION "0.1"
  34
  35 #define PN533_VENDOR_ID 0x4CC
  36 #define PN533_PRODUCT_ID 0x2533
  37
  38 #define SCM_VENDOR_ID 0x4E6
  39 #define SCL3711_PRODUCT_ID 0x5591
  40
  41 #define SONY_VENDOR_ID         0x054c
  42 #define PASORI_PRODUCT_ID      0x02e1
  43
  44 #define PN533_QUIRKS_TYPE_A          BIT(0)
  45 #define PN533_QUIRKS_TYPE_F          BIT(1)
  46 #define PN533_QUIRKS_DEP             BIT(2)
  47 #define PN533_QUIRKS_RAW_EXCHANGE    BIT(3)
  48
  49 #define PN533_DEVICE_STD    0x1
  50 #define PN533_DEVICE_PASORI 0x2
  51
  52 #define PN533_ALL_PROTOCOLS (NFC_PROTO_JEWEL_MASK | NFC_PROTO_MIFARE_MASK |\
  53                              NFC_PROTO_FELICA_MASK | NFC_PROTO_ISO14443_MASK |\
  54                              NFC_PROTO_NFC_DEP_MASK |\
  55                              NFC_PROTO_ISO14443_B_MASK)
  56
  57 #define PN533_NO_TYPE_B_PROTOCOLS (NFC_PROTO_JEWEL_MASK | \
  58                                    NFC_PROTO_MIFARE_MASK | \
  59                                    NFC_PROTO_FELICA_MASK | \
  60                                    NFC_PROTO_ISO14443_MASK | \
  61                                    NFC_PROTO_NFC_DEP_MASK)
  62
  63 static const struct usb_device_id pn533_table[] = {
  64         { .match_flags          = USB_DEVICE_ID_MATCH_DEVICE,
  65           .idVendor             = PN533_VENDOR_ID,
  66           .idProduct            = PN533_PRODUCT_ID,
  67           .driver_info          = PN533_DEVICE_STD,
  68         },
  69         { .match_flags          = USB_DEVICE_ID_MATCH_DEVICE,
  70           .idVendor             = SCM_VENDOR_ID,
  71           .idProduct            = SCL3711_PRODUCT_ID,
  72           .driver_info          = PN533_DEVICE_STD,
  73         },
  74         { .match_flags          = USB_DEVICE_ID_MATCH_DEVICE,
  75           .idVendor             = SONY_VENDOR_ID,
  76           .idProduct            = PASORI_PRODUCT_ID,
  77           .driver_info          = PN533_DEVICE_PASORI,
  78         },
  79         { }
  80 };
  81 MODULE_DEVICE_TABLE(usb, pn533_table);
  82
  83 /* How much time we spend listening for initiators */
  84 #define PN533_LISTEN_TIME 2
  85
  86 /* frame definitions */
  87 #define PN533_FRAME_TAIL_SIZE 2
  88 #define PN533_FRAME_SIZE(f) (sizeof(struct pn533_frame) + f->datalen + \
  89                                 PN533_FRAME_TAIL_SIZE)
  90 #define PN533_FRAME_ACK_SIZE (sizeof(struct pn533_frame) + 1)
  91 #define PN533_FRAME_CHECKSUM(f) (f->data[f->datalen])
  92 #define PN533_FRAME_POSTAMBLE(f) (f->data[f->datalen + 1])
  93
  94 /* start of frame */
  95 #define PN533_SOF 0x00FF
  96
  97 /* frame identifier: in/out/error */
  98 #define PN533_FRAME_IDENTIFIER(f) (f->data[0])
  99 #define PN533_DIR_OUT 0xD4
 100 #define PN533_DIR_IN 0xD5
 101
 102 /* PN533 Commands */
 103 #define PN533_FRAME_CMD(f) (f->data[1])
 104 #define PN533_FRAME_CMD_PARAMS_PTR(f) (&f->data[2])
 105 #define PN533_FRAME_CMD_PARAMS_LEN(f) (f->datalen - 2)
 106
 107 #define PN533_CMD_GET_FIRMWARE_VERSION 0x02
 108 #define PN533_CMD_RF_CONFIGURATION 0x32
 109 #define PN533_CMD_IN_DATA_EXCHANGE 0x40
 110 #define PN533_CMD_IN_COMM_THRU     0x42
 111 #define PN533_CMD_IN_LIST_PASSIVE_TARGET 0x4A
 112 #define PN533_CMD_IN_ATR 0x50
 113 #define PN533_CMD_IN_RELEASE 0x52
 114 #define PN533_CMD_IN_JUMP_FOR_DEP 0x56
 115
 116 #define PN533_CMD_TG_INIT_AS_TARGET 0x8c
 117 #define PN533_CMD_TG_GET_DATA 0x86
 118 #define PN533_CMD_TG_SET_DATA 0x8e
 119
 120 #define PN533_CMD_RESPONSE(cmd) (cmd + 1)
 121
 122 /* PN533 Return codes */
 123 #define PN533_CMD_RET_MASK 0x3F
 124 #define PN533_CMD_MI_MASK 0x40
 125 #define PN533_CMD_RET_SUCCESS 0x00
 126
 127 /* PN533 status codes */
 128 #define PN533_STATUS_TARGET_RELEASED 0x29
 129
 130 struct pn533;
 131
 132 typedef int (*pn533_cmd_complete_t) (struct pn533 *dev, void *arg,
 133                                         u8 *params, int params_len);
 134
 135 /* structs for pn533 commands */
 136
 137 /* PN533_CMD_GET_FIRMWARE_VERSION */
 138 struct pn533_fw_version {
 139         u8 ic;
 140         u8 ver;
 141         u8 rev;
 142         u8 support;
 143 };
 144
 145 /* PN533_CMD_RF_CONFIGURATION */
 146 #define PN533_CFGITEM_TIMING 0x02
 147 #define PN533_CFGITEM_MAX_RETRIES 0x05
 148 #define PN533_CFGITEM_PASORI 0x82
 149
 150 #define PN533_CONFIG_TIMING_102 0xb
 151 #define PN533_CONFIG_TIMING_204 0xc
 152 #define PN533_CONFIG_TIMING_409 0xd
 153 #define PN533_CONFIG_TIMING_819 0xe
 154
 155 #define PN533_CONFIG_MAX_RETRIES_NO_RETRY 0x00
 156 #define PN533_CONFIG_MAX_RETRIES_ENDLESS 0xFF
 157
 158 struct pn533_config_max_retries {
 159         u8 mx_rty_atr;
 160         u8 mx_rty_psl;
 161         u8 mx_rty_passive_act;
 162 } __packed;
 163
 164 struct pn533_config_timing {
 165         u8 rfu;
 166         u8 atr_res_timeout;
 167         u8 dep_timeout;
 168 } __packed;
 169
 170 /* PN533_CMD_IN_LIST_PASSIVE_TARGET */
 171
 172 /* felica commands opcode */
 173 #define PN533_FELICA_OPC_SENSF_REQ 0
 174 #define PN533_FELICA_OPC_SENSF_RES 1
 175 /* felica SENSF_REQ parameters */
 176 #define PN533_FELICA_SENSF_SC_ALL 0xFFFF
 177 #define PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE 0
 178 #define PN533_FELICA_SENSF_RC_SYSTEM_CODE 1
 179 #define PN533_FELICA_SENSF_RC_ADVANCED_PROTOCOL 2
 180
 181 /* type B initiator_data values */
 182 #define PN533_TYPE_B_AFI_ALL_FAMILIES 0
 183 #define PN533_TYPE_B_POLL_METHOD_TIMESLOT 0
 184 #define PN533_TYPE_B_POLL_METHOD_PROBABILISTIC 1
 185
 186 union pn533_cmd_poll_initdata {
 187         struct {
 188                 u8 afi;
 189                 u8 polling_method;
 190         } __packed type_b;
 191         struct {
 192                 u8 opcode;
 193                 __be16 sc;
 194                 u8 rc;
 195                 u8 tsn;
 196         } __packed felica;
 197 };
 198
 199 /* Poll modulations */
 200 enum {
 201         PN533_POLL_MOD_106KBPS_A,
 202         PN533_POLL_MOD_212KBPS_FELICA,
 203         PN533_POLL_MOD_424KBPS_FELICA,
 204         PN533_POLL_MOD_106KBPS_JEWEL,
 205         PN533_POLL_MOD_847KBPS_B,
 206         PN533_LISTEN_MOD,
 207
 208         __PN533_POLL_MOD_AFTER_LAST,
 209 };
 210 #define PN533_POLL_MOD_MAX (__PN533_POLL_MOD_AFTER_LAST - 1)
 211
 212 struct pn533_poll_modulations {
 213         struct {
 214                 u8 maxtg;
 215                 u8 brty;
 216                 union pn533_cmd_poll_initdata initiator_data;
 217         } __packed data;
 218         u8 len;
 219 };
 220
 221 const struct pn533_poll_modulations poll_mod[] = {
 222         [PN533_POLL_MOD_106KBPS_A] = {
 223                 .data = {
 224                         .maxtg = 1,
 225                         .brty = 0,
 226                 },
 227                 .len = 2,
 228         },
 229         [PN533_POLL_MOD_212KBPS_FELICA] = {
 230                 .data = {
 231                         .maxtg = 1,
 232                         .brty = 1,
 233                         .initiator_data.felica = {
 234                                 .opcode = PN533_FELICA_OPC_SENSF_REQ,
 235                                 .sc = PN533_FELICA_SENSF_SC_ALL,
 236                                 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
 237                                 .tsn = 0,
 238                         },
 239                 },
 240                 .len = 7,
 241         },
 242         [PN533_POLL_MOD_424KBPS_FELICA] = {
 243                 .data = {
 244                         .maxtg = 1,
 245                         .brty = 2,
 246                         .initiator_data.felica = {
 247                                 .opcode = PN533_FELICA_OPC_SENSF_REQ,
 248                                 .sc = PN533_FELICA_SENSF_SC_ALL,
 249                                 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
 250                                 .tsn = 0,
 251                         },
 252                  },
 253                 .len = 7,
 254         },
 255         [PN533_POLL_MOD_106KBPS_JEWEL] = {
 256                 .data = {
 257                         .maxtg = 1,
 258                         .brty = 4,
 259                 },
 260                 .len = 2,
 261         },
 262         [PN533_POLL_MOD_847KBPS_B] = {
 263                 .data = {
 264                         .maxtg = 1,
 265                         .brty = 8,
 266                         .initiator_data.type_b = {
 267                                 .afi = PN533_TYPE_B_AFI_ALL_FAMILIES,
 268                                 .polling_method =
 269                                         PN533_TYPE_B_POLL_METHOD_TIMESLOT,
 270                         },
 271                 },
 272                 .len = 3,
 273         },
 274         [PN533_LISTEN_MOD] = {
 275                 .len = 0,
 276         },
 277 };
 278
 279 /* PN533_CMD_IN_ATR */
 280
 281 struct pn533_cmd_activate_param {
 282         u8 tg;
 283         u8 next;
 284 } __packed;
 285
 286 struct pn533_cmd_activate_response {
 287         u8 status;
 288         u8 nfcid3t[10];
 289         u8 didt;
 290         u8 bst;
 291         u8 brt;
 292         u8 to;
 293         u8 ppt;
 294         /* optional */
 295         u8 gt[];
 296 } __packed;
 297
 298 /* PN533_CMD_IN_JUMP_FOR_DEP */
 299 struct pn533_cmd_jump_dep {
 300         u8 active;
 301         u8 baud;
 302         u8 next;
 303         u8 data[];
 304 } __packed;
 305
 306 struct pn533_cmd_jump_dep_response {
 307         u8 status;
 308         u8 tg;
 309         u8 nfcid3t[10];
 310         u8 didt;
 311         u8 bst;
 312         u8 brt;
 313         u8 to;
 314         u8 ppt;
 315         /* optional */
 316         u8 gt[];
 317 } __packed;
 318
 319
 320 /* PN533_TG_INIT_AS_TARGET */
 321 #define PN533_INIT_TARGET_PASSIVE 0x1
 322 #define PN533_INIT_TARGET_DEP 0x2
 323
 324 #define PN533_INIT_TARGET_RESP_FRAME_MASK 0x3
 325 #define PN533_INIT_TARGET_RESP_ACTIVE     0x1
 326 #define PN533_INIT_TARGET_RESP_DEP        0x4
 327
 328 struct pn533_cmd_init_target {
 329         u8 mode;
 330         u8 mifare[6];
 331         u8 felica[18];
 332         u8 nfcid3[10];
 333         u8 gb_len;
 334         u8 gb[];
 335 } __packed;
 336
 337 struct pn533_cmd_init_target_response {
 338         u8 mode;
 339         u8 cmd[];
 340 } __packed;
 341
 342 struct pn533 {
 343         struct usb_device *udev;
 344         struct usb_interface *interface;
 345         struct nfc_dev *nfc_dev;
 346
 347         struct urb *out_urb;
 348         int out_maxlen;
 349         struct pn533_frame *out_frame;
 350
 351         struct urb *in_urb;
 352         int in_maxlen;
 353         struct pn533_frame *in_frame;
 354
 355         struct sk_buff_head resp_q;
 356
 357         struct workqueue_struct *wq;
 358         struct work_struct cmd_work;
 359         struct work_struct cmd_complete_work;
 360         struct work_struct poll_work;
 361         struct work_struct mi_work;
 362         struct work_struct tg_work;
 363         struct timer_list listen_timer;
 364         struct pn533_frame *wq_in_frame;
 365         int wq_in_error;
 366         int cancel_listen;
 367
 368         pn533_cmd_complete_t cmd_complete;
 369         void *cmd_complete_arg;
 370         struct mutex cmd_lock;
 371         u8 cmd;
 372
 373         struct pn533_poll_modulations *poll_mod_active[PN533_POLL_MOD_MAX + 1];
 374         u8 poll_mod_count;
 375         u8 poll_mod_curr;
 376         u32 poll_protocols;
 377         u32 listen_protocols;
 378
 379         u8 *gb;
 380         size_t gb_len;
 381
 382         u8 tgt_available_prots;
 383         u8 tgt_active_prot;
 384         u8 tgt_mode;
 385
 386         u32 device_type;
 387
 388         struct list_head cmd_queue;
 389         u8 cmd_pending;
 390 };
 391
 392 struct pn533_cmd {
 393         struct list_head queue;
 394         struct pn533_frame *out_frame;
 395         struct pn533_frame *in_frame;
 396         int in_frame_len;
 397         pn533_cmd_complete_t cmd_complete;
 398         void *arg;
 399         gfp_t flags;
 400 };
 401
 402 struct pn533_frame {
 403         u8 preamble;
 404         __be16 start_frame;
 405         u8 datalen;
 406         u8 datalen_checksum;
 407         u8 data[];
 408 } __packed;
 409
 410 /* The rule: value + checksum = 0 */
 411 static inline u8 pn533_checksum(u8 value)
 412 {
 413         return ~value + 1;
 414 }
 415
 416 /* The rule: sum(data elements) + checksum = 0 */
 417 static u8 pn533_data_checksum(u8 *data, int datalen)
 418 {
 419         u8 sum = 0;
 420         int i;
 421
 422         for (i = 0; i < datalen; i++)
 423                 sum += data[i];
 424
 425         return pn533_checksum(sum);
 426 }
 427
 428 /**
 429  * pn533_tx_frame_ack - create a ack frame
 430  * @frame:      The frame to be set as ack
 431  *
 432  * Ack is different type of standard frame. As a standard frame, it has
 433  * preamble and start_frame. However the checksum of this frame must fail,
 434  * i.e. datalen + datalen_checksum must NOT be zero. When the checksum test
 435  * fails and datalen = 0 and datalen_checksum = 0xFF, the frame is a ack.
 436  * After datalen_checksum field, the postamble is placed.
 437  */
 438 static void pn533_tx_frame_ack(struct pn533_frame *frame)
 439 {
 440         frame->preamble = 0;
 441         frame->start_frame = cpu_to_be16(PN533_SOF);
 442         frame->datalen = 0;
 443         frame->datalen_checksum = 0xFF;
 444         /* data[0] is used as postamble */
 445         frame->data[0] = 0;
 446 }
 447
 448 static void pn533_tx_frame_init(struct pn533_frame *frame, u8 cmd)
 449 {
 450         frame->preamble = 0;
 451         frame->start_frame = cpu_to_be16(PN533_SOF);
 452         PN533_FRAME_IDENTIFIER(frame) = PN533_DIR_OUT;
 453         PN533_FRAME_CMD(frame) = cmd;
 454         frame->datalen = 2;
 455 }
 456
 457 static void pn533_tx_frame_finish(struct pn533_frame *frame)
 458 {
 459         frame->datalen_checksum = pn533_checksum(frame->datalen);
 460
 461         PN533_FRAME_CHECKSUM(frame) =
 462                 pn533_data_checksum(frame->data, frame->datalen);
 463
 464         PN533_FRAME_POSTAMBLE(frame) = 0;
 465 }
 466
 467 static bool pn533_rx_frame_is_valid(struct pn533_frame *frame)
 468 {
 469         u8 checksum;
 470
 471         if (frame->start_frame != cpu_to_be16(PN533_SOF))
 472                 return false;
 473
 474         checksum = pn533_checksum(frame->datalen);
 475         if (checksum != frame->datalen_checksum)
 476                 return false;
 477
 478         checksum = pn533_data_checksum(frame->data, frame->datalen);
 479         if (checksum != PN533_FRAME_CHECKSUM(frame))
 480                 return false;
 481
 482         return true;
 483 }
 484
 485 static bool pn533_rx_frame_is_ack(struct pn533_frame *frame)
 486 {
 487         if (frame->start_frame != cpu_to_be16(PN533_SOF))
 488                 return false;
 489
 490         if (frame->datalen != 0 || frame->datalen_checksum != 0xFF)
 491                 return false;
 492
 493         return true;
 494 }
 495
 496 static bool pn533_rx_frame_is_cmd_response(struct pn533_frame *frame, u8 cmd)
 497 {
 498         return (PN533_FRAME_CMD(frame) == PN533_CMD_RESPONSE(cmd));
 499 }
 500
 501
 502 static void pn533_wq_cmd_complete(struct work_struct *work)
 503 {
 504         struct pn533 *dev = container_of(work, struct pn533, cmd_complete_work);
 505         struct pn533_frame *in_frame;
 506         int rc;
 507
 508         in_frame = dev->wq_in_frame;
 509
 510         if (dev->wq_in_error)
 511                 rc = dev->cmd_complete(dev, dev->cmd_complete_arg, NULL,
 512                                                         dev->wq_in_error);
 513         else
 514                 rc = dev->cmd_complete(dev, dev->cmd_complete_arg,
 515                                         PN533_FRAME_CMD_PARAMS_PTR(in_frame),
 516                                         PN533_FRAME_CMD_PARAMS_LEN(in_frame));
 517
 518         if (rc != -EINPROGRESS)
 519                 queue_work(dev->wq, &dev->cmd_work);
 520 }
 521
 522 static void pn533_recv_response(struct urb *urb)
 523 {
 524         struct pn533 *dev = urb->context;
 525         struct pn533_frame *in_frame;
 526
 527         dev->wq_in_frame = NULL;
 528
 529         switch (urb->status) {
 530         case 0:
 531                 /* success */
 532                 break;
 533         case -ECONNRESET:
 534         case -ENOENT:
 535         case -ESHUTDOWN:
 536                 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
 537                                                 " status: %d", urb->status);
 538                 dev->wq_in_error = urb->status;
 539                 goto sched_wq;
 540         default:
 541                 nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
 542                                                         " %d", urb->status);
 543                 dev->wq_in_error = urb->status;
 544                 goto sched_wq;
 545         }
 546
 547         in_frame = dev->in_urb->transfer_buffer;
 548
 549         if (!pn533_rx_frame_is_valid(in_frame)) {
 550                 nfc_dev_err(&dev->interface->dev, "Received an invalid frame");
 551                 dev->wq_in_error = -EIO;
 552                 goto sched_wq;
 553         }
 554
 555         if (!pn533_rx_frame_is_cmd_response(in_frame, dev->cmd)) {
 556                 nfc_dev_err(&dev->interface->dev, "The received frame is not "
 557                                                 "response to the last command");
 558                 dev->wq_in_error = -EIO;
 559                 goto sched_wq;
 560         }
 561
 562         nfc_dev_dbg(&dev->interface->dev, "Received a valid frame");
 563         dev->wq_in_error = 0;
 564         dev->wq_in_frame = in_frame;
 565
 566 sched_wq:
 567         queue_work(dev->wq, &dev->cmd_complete_work);
 568 }
 569
 570 static int pn533_submit_urb_for_response(struct pn533 *dev, gfp_t flags)
 571 {
 572         dev->in_urb->complete = pn533_recv_response;
 573
 574         return usb_submit_urb(dev->in_urb, flags);
 575 }
 576
 577 static void pn533_recv_ack(struct urb *urb)
 578 {
 579         struct pn533 *dev = urb->context;
 580         struct pn533_frame *in_frame;
 581         int rc;
 582
 583         switch (urb->status) {
 584         case 0:
 585                 /* success */
 586                 break;
 587         case -ECONNRESET:
 588         case -ENOENT:
 589         case -ESHUTDOWN:
 590                 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
 591                                                 " status: %d", urb->status);
 592                 dev->wq_in_error = urb->status;
 593                 goto sched_wq;
 594         default:
 595                 nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
 596                                                         " %d", urb->status);
 597                 dev->wq_in_error = urb->status;
 598                 goto sched_wq;
 599         }
 600
 601         in_frame = dev->in_urb->transfer_buffer;
 602
 603         if (!pn533_rx_frame_is_ack(in_frame)) {
 604                 nfc_dev_err(&dev->interface->dev, "Received an invalid ack");
 605                 dev->wq_in_error = -EIO;
 606                 goto sched_wq;
 607         }
 608
 609         nfc_dev_dbg(&dev->interface->dev, "Received a valid ack");
 610
 611         rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
 612         if (rc) {
 613                 nfc_dev_err(&dev->interface->dev, "usb_submit_urb failed with"
 614                                                         " result %d", rc);
 615                 dev->wq_in_error = rc;
 616                 goto sched_wq;
 617         }
 618
 619         return;
 620
 621 sched_wq:
 622         dev->wq_in_frame = NULL;
 623         queue_work(dev->wq, &dev->cmd_complete_work);
 624 }
 625
 626 static int pn533_submit_urb_for_ack(struct pn533 *dev, gfp_t flags)
 627 {
 628         dev->in_urb->complete = pn533_recv_ack;
 629
 630         return usb_submit_urb(dev->in_urb, flags);
 631 }
 632
 633 static int pn533_send_ack(struct pn533 *dev, gfp_t flags)
 634 {
 635         int rc;
 636
 637         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
 638
 639         pn533_tx_frame_ack(dev->out_frame);
 640
 641         dev->out_urb->transfer_buffer = dev->out_frame;
 642         dev->out_urb->transfer_buffer_length = PN533_FRAME_ACK_SIZE;
 643         rc = usb_submit_urb(dev->out_urb, flags);
 644
 645         return rc;
 646 }
 647
 648 static int __pn533_send_cmd_frame_async(struct pn533 *dev,
 649                                         struct pn533_frame *out_frame,
 650                                         struct pn533_frame *in_frame,
 651                                         int in_frame_len,
 652                                         pn533_cmd_complete_t cmd_complete,
 653                                         void *arg, gfp_t flags)
 654 {
 655         int rc;
 656
 657         nfc_dev_dbg(&dev->interface->dev, "Sending command 0x%x",
 658                                                 PN533_FRAME_CMD(out_frame));
 659
 660         dev->cmd = PN533_FRAME_CMD(out_frame);
 661         dev->cmd_complete = cmd_complete;
 662         dev->cmd_complete_arg = arg;
 663
 664         dev->out_urb->transfer_buffer = out_frame;
 665         dev->out_urb->transfer_buffer_length =
 666                                 PN533_FRAME_SIZE(out_frame);
 667
 668         dev->in_urb->transfer_buffer = in_frame;
 669         dev->in_urb->transfer_buffer_length = in_frame_len;
 670
 671         rc = usb_submit_urb(dev->out_urb, flags);
 672         if (rc)
 673                 return rc;
 674
 675         rc = pn533_submit_urb_for_ack(dev, flags);
 676         if (rc)
 677                 goto error;
 678
 679         return 0;
 680
 681 error:
 682         usb_unlink_urb(dev->out_urb);
 683         return rc;
 684 }
 685
 686 static void pn533_wq_cmd(struct work_struct *work)
 687 {
 688         struct pn533 *dev = container_of(work, struct pn533, cmd_work);
 689         struct pn533_cmd *cmd;
 690
 691         mutex_lock(&dev->cmd_lock);
 692
 693         if (list_empty(&dev->cmd_queue)) {
 694                 dev->cmd_pending = 0;
 695                 mutex_unlock(&dev->cmd_lock);
 696                 return;
 697         }
 698
 699         cmd = list_first_entry(&dev->cmd_queue, struct pn533_cmd, queue);
 700
 701         mutex_unlock(&dev->cmd_lock);
 702
 703         __pn533_send_cmd_frame_async(dev, cmd->out_frame, cmd->in_frame,
 704                                      cmd->in_frame_len, cmd->cmd_complete,
 705                                      cmd->arg, cmd->flags);
 706
 707         list_del(&cmd->queue);
 708         kfree(cmd);
 709 }
 710
 711 static int pn533_send_cmd_frame_async(struct pn533 *dev,
 712                                         struct pn533_frame *out_frame,
 713                                         struct pn533_frame *in_frame,
 714                                         int in_frame_len,
 715                                         pn533_cmd_complete_t cmd_complete,
 716                                         void *arg, gfp_t flags)
 717 {
 718         struct pn533_cmd *cmd;
 719         int rc = 0;
 720
 721         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
 722
 723         mutex_lock(&dev->cmd_lock);
 724
 725         if (!dev->cmd_pending) {
 726                 rc = __pn533_send_cmd_frame_async(dev, out_frame, in_frame,
 727                                                   in_frame_len, cmd_complete,
 728                                                   arg, flags);
 729                 if (!rc)
 730                         dev->cmd_pending = 1;
 731
 732                 goto unlock;
 733         }
 734
 735         nfc_dev_dbg(&dev->interface->dev, "%s Queueing command", __func__);
 736
 737         cmd = kzalloc(sizeof(struct pn533_cmd), flags);
 738         if (!cmd) {
 739                 rc = -ENOMEM;
 740                 goto unlock;
 741         }
 742
 743         INIT_LIST_HEAD(&cmd->queue);
 744         cmd->out_frame = out_frame;
 745         cmd->in_frame = in_frame;
 746         cmd->in_frame_len = in_frame_len;
 747         cmd->cmd_complete = cmd_complete;
 748         cmd->arg = arg;
 749         cmd->flags = flags;
 750
 751         list_add_tail(&cmd->queue, &dev->cmd_queue);
 752
 753 unlock:
 754         mutex_unlock(&dev->cmd_lock);
 755
 756         return rc;
 757 }
 758
 759 struct pn533_sync_cmd_response {
 760         int rc;
 761         struct completion done;
 762 };
 763
 764 static int pn533_sync_cmd_complete(struct pn533 *dev, void *_arg,
 765                                         u8 *params, int params_len)
 766 {
 767         struct pn533_sync_cmd_response *arg = _arg;
 768
 769         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
 770
 771         arg->rc = 0;
 772
 773         if (params_len < 0) /* error */
 774                 arg->rc = params_len;
 775
 776         complete(&arg->done);
 777
 778         return 0;
 779 }
 780
 781 static int pn533_send_cmd_frame_sync(struct pn533 *dev,
 782                                                 struct pn533_frame *out_frame,
 783                                                 struct pn533_frame *in_frame,
 784                                                 int in_frame_len)
 785 {
 786         int rc;
 787         struct pn533_sync_cmd_response arg;
 788
 789         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
 790
 791         init_completion(&arg.done);
 792
 793         rc = pn533_send_cmd_frame_async(dev, out_frame, in_frame, in_frame_len,
 794                                 pn533_sync_cmd_complete, &arg, GFP_KERNEL);
 795         if (rc)
 796                 return rc;
 797
 798         wait_for_completion(&arg.done);
 799
 800         return arg.rc;
 801 }
 802
 803 static void pn533_send_complete(struct urb *urb)
 804 {
 805         struct pn533 *dev = urb->context;
 806
 807         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
 808
 809         switch (urb->status) {
 810         case 0:
 811                 /* success */
 812                 break;
 813         case -ECONNRESET:
 814         case -ENOENT:
 815         case -ESHUTDOWN:
 816                 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
 817                                                 " status: %d", urb->status);
 818                 break;
 819         default:
 820                 nfc_dev_dbg(&dev->interface->dev, "Nonzero urb status received:"
 821                                                         " %d", urb->status);
 822         }
 823 }
 824
 825 struct pn533_target_type_a {
 826         __be16 sens_res;
 827         u8 sel_res;
 828         u8 nfcid_len;
 829         u8 nfcid_data[];
 830 } __packed;
 831
 832
 833 #define PN533_TYPE_A_SENS_RES_NFCID1(x) ((u8)((be16_to_cpu(x) & 0x00C0) >> 6))
 834 #define PN533_TYPE_A_SENS_RES_SSD(x) ((u8)((be16_to_cpu(x) & 0x001F) >> 0))
 835 #define PN533_TYPE_A_SENS_RES_PLATCONF(x) ((u8)((be16_to_cpu(x) & 0x0F00) >> 8))
 836
 837 #define PN533_TYPE_A_SENS_RES_SSD_JEWEL 0x00
 838 #define PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL 0x0C
 839
 840 #define PN533_TYPE_A_SEL_PROT(x) (((x) & 0x60) >> 5)
 841 #define PN533_TYPE_A_SEL_CASCADE(x) (((x) & 0x04) >> 2)
 842
 843 #define PN533_TYPE_A_SEL_PROT_MIFARE 0
 844 #define PN533_TYPE_A_SEL_PROT_ISO14443 1
 845 #define PN533_TYPE_A_SEL_PROT_DEP 2
 846 #define PN533_TYPE_A_SEL_PROT_ISO14443_DEP 3
 847
 848 static bool pn533_target_type_a_is_valid(struct pn533_target_type_a *type_a,
 849                                                         int target_data_len)
 850 {
 851         u8 ssd;
 852         u8 platconf;
 853
 854         if (target_data_len < sizeof(struct pn533_target_type_a))
 855                 return false;
 856
 857         /* The lenght check of nfcid[] and ats[] are not being performed because
 858            the values are not being used */
 859
 860         /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
 861         ssd = PN533_TYPE_A_SENS_RES_SSD(type_a->sens_res);
 862         platconf = PN533_TYPE_A_SENS_RES_PLATCONF(type_a->sens_res);
 863
 864         if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
 865                         platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
 866                         (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
 867                         platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
 868                 return false;
 869
 870         /* Requirements 4.8.2.1, 4.8.2.3, 4.8.2.5 and 4.8.2.7 from NFC Forum */
 871         if (PN533_TYPE_A_SEL_CASCADE(type_a->sel_res) != 0)
 872                 return false;
 873
 874         return true;
 875 }
 876
 877 static int pn533_target_found_type_a(struct nfc_target *nfc_tgt, u8 *tgt_data,
 878                                                         int tgt_data_len)
 879 {
 880         struct pn533_target_type_a *tgt_type_a;
 881
 882         tgt_type_a = (struct pn533_target_type_a *) tgt_data;
 883
 884         if (!pn533_target_type_a_is_valid(tgt_type_a, tgt_data_len))
 885                 return -EPROTO;
 886
 887         switch (PN533_TYPE_A_SEL_PROT(tgt_type_a->sel_res)) {
 888         case PN533_TYPE_A_SEL_PROT_MIFARE:
 889                 nfc_tgt->supported_protocols = NFC_PROTO_MIFARE_MASK;
 890                 break;
 891         case PN533_TYPE_A_SEL_PROT_ISO14443:
 892                 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK;
 893                 break;
 894         case PN533_TYPE_A_SEL_PROT_DEP:
 895                 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
 896                 break;
 897         case PN533_TYPE_A_SEL_PROT_ISO14443_DEP:
 898                 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK |
 899                                                         NFC_PROTO_NFC_DEP_MASK;
 900                 break;
 901         }
 902
 903         nfc_tgt->sens_res = be16_to_cpu(tgt_type_a->sens_res);
 904         nfc_tgt->sel_res = tgt_type_a->sel_res;
 905         nfc_tgt->nfcid1_len = tgt_type_a->nfcid_len;
 906         memcpy(nfc_tgt->nfcid1, tgt_type_a->nfcid_data, nfc_tgt->nfcid1_len);
 907
 908         return 0;
 909 }
 910
 911 struct pn533_target_felica {
 912         u8 pol_res;
 913         u8 opcode;
 914         u8 nfcid2[8];
 915         u8 pad[8];
 916         /* optional */
 917         u8 syst_code[];
 918 } __packed;
 919
 920 #define PN533_FELICA_SENSF_NFCID2_DEP_B1 0x01
 921 #define PN533_FELICA_SENSF_NFCID2_DEP_B2 0xFE
 922
 923 static bool pn533_target_felica_is_valid(struct pn533_target_felica *felica,
 924                                                         int target_data_len)
 925 {
 926         if (target_data_len < sizeof(struct pn533_target_felica))
 927                 return false;
 928
 929         if (felica->opcode != PN533_FELICA_OPC_SENSF_RES)
 930                 return false;
 931
 932         return true;
 933 }
 934
 935 static int pn533_target_found_felica(struct nfc_target *nfc_tgt, u8 *tgt_data,
 936                                                         int tgt_data_len)
 937 {
 938         struct pn533_target_felica *tgt_felica;
 939
 940         tgt_felica = (struct pn533_target_felica *) tgt_data;
 941
 942         if (!pn533_target_felica_is_valid(tgt_felica, tgt_data_len))
 943                 return -EPROTO;
 944
 945         if (tgt_felica->nfcid2[0] == PN533_FELICA_SENSF_NFCID2_DEP_B1 &&
 946                                         tgt_felica->nfcid2[1] ==
 947                                         PN533_FELICA_SENSF_NFCID2_DEP_B2)
 948                 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
 949         else
 950                 nfc_tgt->supported_protocols = NFC_PROTO_FELICA_MASK;
 951
 952         memcpy(nfc_tgt->sensf_res, &tgt_felica->opcode, 9);
 953         nfc_tgt->sensf_res_len = 9;
 954
 955         return 0;
 956 }
 957
 958 struct pn533_target_jewel {
 959         __be16 sens_res;
 960         u8 jewelid[4];
 961 } __packed;
 962
 963 static bool pn533_target_jewel_is_valid(struct pn533_target_jewel *jewel,
 964                                                         int target_data_len)
 965 {
 966         u8 ssd;
 967         u8 platconf;
 968
 969         if (target_data_len < sizeof(struct pn533_target_jewel))
 970                 return false;
 971
 972         /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
 973         ssd = PN533_TYPE_A_SENS_RES_SSD(jewel->sens_res);
 974         platconf = PN533_TYPE_A_SENS_RES_PLATCONF(jewel->sens_res);
 975
 976         if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
 977                         platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
 978                         (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
 979                         platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
 980                 return false;
 981
 982         return true;
 983 }
 984
 985 static int pn533_target_found_jewel(struct nfc_target *nfc_tgt, u8 *tgt_data,
 986                                                         int tgt_data_len)
 987 {
 988         struct pn533_target_jewel *tgt_jewel;
 989
 990         tgt_jewel = (struct pn533_target_jewel *) tgt_data;
 991
 992         if (!pn533_target_jewel_is_valid(tgt_jewel, tgt_data_len))
 993                 return -EPROTO;
 994
 995         nfc_tgt->supported_protocols = NFC_PROTO_JEWEL_MASK;
 996         nfc_tgt->sens_res = be16_to_cpu(tgt_jewel->sens_res);
 997         nfc_tgt->nfcid1_len = 4;
 998         memcpy(nfc_tgt->nfcid1, tgt_jewel->jewelid, nfc_tgt->nfcid1_len);
 999
1000         return 0;
1001 }
1002
1003 struct pn533_type_b_prot_info {
1004         u8 bitrate;
1005         u8 fsci_type;
1006         u8 fwi_adc_fo;
1007 } __packed;
1008
1009 #define PN533_TYPE_B_PROT_FCSI(x) (((x) & 0xF0) >> 4)
1010 #define PN533_TYPE_B_PROT_TYPE(x) (((x) & 0x0F) >> 0)
1011 #define PN533_TYPE_B_PROT_TYPE_RFU_MASK 0x8
1012
1013 struct pn533_type_b_sens_res {
1014         u8 opcode;
1015         u8 nfcid[4];
1016         u8 appdata[4];
1017         struct pn533_type_b_prot_info prot_info;
1018 } __packed;
1019
1020 #define PN533_TYPE_B_OPC_SENSB_RES 0x50
1021
1022 struct pn533_target_type_b {
1023         struct pn533_type_b_sens_res sensb_res;
1024         u8 attrib_res_len;
1025         u8 attrib_res[];
1026 } __packed;
1027
1028 static bool pn533_target_type_b_is_valid(struct pn533_target_type_b *type_b,
1029                                                         int target_data_len)
1030 {
1031         if (target_data_len < sizeof(struct pn533_target_type_b))
1032                 return false;
1033
1034         if (type_b->sensb_res.opcode != PN533_TYPE_B_OPC_SENSB_RES)
1035                 return false;
1036
1037         if (PN533_TYPE_B_PROT_TYPE(type_b->sensb_res.prot_info.fsci_type) &
1038                                                 PN533_TYPE_B_PROT_TYPE_RFU_MASK)
1039                 return false;
1040
1041         return true;
1042 }
1043
1044 static int pn533_target_found_type_b(struct nfc_target *nfc_tgt, u8 *tgt_data,
1045                                                         int tgt_data_len)
1046 {
1047         struct pn533_target_type_b *tgt_type_b;
1048
1049         tgt_type_b = (struct pn533_target_type_b *) tgt_data;
1050
1051         if (!pn533_target_type_b_is_valid(tgt_type_b, tgt_data_len))
1052                 return -EPROTO;
1053
1054         nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_B_MASK;
1055
1056         return 0;
1057 }
1058
1059 struct pn533_poll_response {
1060         u8 nbtg;
1061         u8 tg;
1062         u8 target_data[];
1063 } __packed;
1064
1065 static int pn533_target_found(struct pn533 *dev,
1066                         struct pn533_poll_response *resp, int resp_len)
1067 {
1068         int target_data_len;
1069         struct nfc_target nfc_tgt;
1070         int rc;
1071
1072         nfc_dev_dbg(&dev->interface->dev, "%s - modulation=%d", __func__,
1073                                                         dev->poll_mod_curr);
1074
1075         if (resp->tg != 1)
1076                 return -EPROTO;
1077
1078         memset(&nfc_tgt, 0, sizeof(struct nfc_target));
1079
1080         target_data_len = resp_len - sizeof(struct pn533_poll_response);
1081
1082         switch (dev->poll_mod_curr) {
1083         case PN533_POLL_MOD_106KBPS_A:
1084                 rc = pn533_target_found_type_a(&nfc_tgt, resp->target_data,
1085                                                         target_data_len);
1086                 break;
1087         case PN533_POLL_MOD_212KBPS_FELICA:
1088         case PN533_POLL_MOD_424KBPS_FELICA:
1089                 rc = pn533_target_found_felica(&nfc_tgt, resp->target_data,
1090                                                         target_data_len);
1091                 break;
1092         case PN533_POLL_MOD_106KBPS_JEWEL:
1093                 rc = pn533_target_found_jewel(&nfc_tgt, resp->target_data,
1094                                                         target_data_len);
1095                 break;
1096         case PN533_POLL_MOD_847KBPS_B:
1097                 rc = pn533_target_found_type_b(&nfc_tgt, resp->target_data,
1098                                                         target_data_len);
1099                 break;
1100         default:
1101                 nfc_dev_err(&dev->interface->dev, "Unknown current poll"
1102                                                                 " modulation");
1103                 return -EPROTO;
1104         }
1105
1106         if (rc)
1107                 return rc;
1108
1109         if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) {
1110                 nfc_dev_dbg(&dev->interface->dev, "The target found does not"
1111                                                 " have the desired protocol");
1112                 return -EAGAIN;
1113         }
1114
1115         nfc_dev_dbg(&dev->interface->dev, "Target found - supported protocols: "
1116                                         "0x%x", nfc_tgt.supported_protocols);
1117
1118         dev->tgt_available_prots = nfc_tgt.supported_protocols;
1119
1120         nfc_targets_found(dev->nfc_dev, &nfc_tgt, 1);
1121
1122         return 0;
1123 }
1124
1125 static inline void pn533_poll_next_mod(struct pn533 *dev)
1126 {
1127         dev->poll_mod_curr = (dev->poll_mod_curr + 1) % dev->poll_mod_count;
1128 }
1129
1130 static void pn533_poll_reset_mod_list(struct pn533 *dev)
1131 {
1132         dev->poll_mod_count = 0;
1133 }
1134
1135 static void pn533_poll_add_mod(struct pn533 *dev, u8 mod_index)
1136 {
1137         dev->poll_mod_active[dev->poll_mod_count] =
1138                 (struct pn533_poll_modulations *) &poll_mod[mod_index];
1139         dev->poll_mod_count++;
1140 }
1141
1142 static void pn533_poll_create_mod_list(struct pn533 *dev,
1143                                        u32 im_protocols, u32 tm_protocols)
1144 {
1145         pn533_poll_reset_mod_list(dev);
1146
1147         if (im_protocols & NFC_PROTO_MIFARE_MASK
1148             || im_protocols & NFC_PROTO_ISO14443_MASK
1149             || im_protocols & NFC_PROTO_NFC_DEP_MASK)
1150                 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_A);
1151
1152         if (im_protocols & NFC_PROTO_FELICA_MASK
1153             || im_protocols & NFC_PROTO_NFC_DEP_MASK) {
1154                 pn533_poll_add_mod(dev, PN533_POLL_MOD_212KBPS_FELICA);
1155                 pn533_poll_add_mod(dev, PN533_POLL_MOD_424KBPS_FELICA);
1156         }
1157
1158         if (im_protocols & NFC_PROTO_JEWEL_MASK)
1159                 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_JEWEL);
1160
1161         if (im_protocols & NFC_PROTO_ISO14443_B_MASK)
1162                 pn533_poll_add_mod(dev, PN533_POLL_MOD_847KBPS_B);
1163
1164         if (tm_protocols)
1165                 pn533_poll_add_mod(dev, PN533_LISTEN_MOD);
1166 }
1167
1168 static int pn533_start_poll_complete(struct pn533 *dev, void *arg,
1169                                      u8 *params, int params_len)
1170 {
1171         struct pn533_poll_response *resp;
1172         int rc;
1173
1174         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1175
1176         resp = (struct pn533_poll_response *) params;
1177         if (resp->nbtg) {
1178                 rc = pn533_target_found(dev, resp, params_len);
1179
1180                 /* We must stop the poll after a valid target found */
1181                 if (rc == 0) {
1182                         pn533_poll_reset_mod_list(dev);
1183                         return 0;
1184                 }
1185         }
1186
1187         return -EAGAIN;
1188 }
1189
1190 static int pn533_init_target_frame(struct pn533_frame *frame,
1191                                    u8 *gb, size_t gb_len)
1192 {
1193         struct pn533_cmd_init_target *cmd;
1194         size_t cmd_len;
1195         u8 felica_params[18] = {0x1, 0xfe, /* DEP */
1196                                 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, /* random */
1197                                 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
1198                                 0xff, 0xff}; /* System code */
1199         u8 mifare_params[6] = {0x1, 0x1, /* SENS_RES */
1200                                0x0, 0x0, 0x0,
1201                                0x40}; /* SEL_RES for DEP */
1202
1203         cmd_len = sizeof(struct pn533_cmd_init_target) + gb_len + 1;
1204         cmd = kzalloc(cmd_len, GFP_KERNEL);
1205         if (cmd == NULL)
1206                 return -ENOMEM;
1207
1208         pn533_tx_frame_init(frame, PN533_CMD_TG_INIT_AS_TARGET);
1209
1210         /* DEP support only */
1211         cmd->mode |= PN533_INIT_TARGET_DEP;
1212
1213         /* Felica params */
1214         memcpy(cmd->felica, felica_params, 18);
1215         get_random_bytes(cmd->felica + 2, 6);
1216
1217         /* NFCID3 */
1218         memset(cmd->nfcid3, 0, 10);
1219         memcpy(cmd->nfcid3, cmd->felica, 8);
1220
1221         /* MIFARE params */
1222         memcpy(cmd->mifare, mifare_params, 6);
1223
1224         /* General bytes */
1225         cmd->gb_len = gb_len;
1226         memcpy(cmd->gb, gb, gb_len);
1227
1228         /* Len Tk */
1229         cmd->gb[gb_len] = 0;
1230
1231         memcpy(PN533_FRAME_CMD_PARAMS_PTR(frame), cmd, cmd_len);
1232
1233         frame->datalen += cmd_len;
1234
1235         pn533_tx_frame_finish(frame);
1236
1237         kfree(cmd);
1238
1239         return 0;
1240 }
1241
1242 #define PN533_CMD_DATAEXCH_HEAD_LEN (sizeof(struct pn533_frame) + 3)
1243 #define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
1244 static int pn533_tm_get_data_complete(struct pn533 *dev, void *arg,
1245                                       u8 *params, int params_len)
1246 {
1247         struct sk_buff *skb_resp = arg;
1248         struct pn533_frame *in_frame = (struct pn533_frame *) skb_resp->data;
1249
1250         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1251
1252         if (params_len < 0) {
1253                 nfc_dev_err(&dev->interface->dev,
1254                             "Error %d when starting as a target",
1255                             params_len);
1256
1257                 return params_len;
1258         }
1259
1260         if (params_len > 0 && params[0] != 0) {
1261                 nfc_tm_deactivated(dev->nfc_dev);
1262
1263                 dev->tgt_mode = 0;
1264
1265                 kfree_skb(skb_resp);
1266                 return 0;
1267         }
1268
1269         skb_put(skb_resp, PN533_FRAME_SIZE(in_frame));
1270         skb_pull(skb_resp, PN533_CMD_DATAEXCH_HEAD_LEN);
1271         skb_trim(skb_resp, skb_resp->len - PN533_FRAME_TAIL_SIZE);
1272
1273         return nfc_tm_data_received(dev->nfc_dev, skb_resp);
1274 }
1275
1276 static void pn533_wq_tg_get_data(struct work_struct *work)
1277 {
1278         struct pn533 *dev = container_of(work, struct pn533, tg_work);
1279         struct pn533_frame *in_frame;
1280         struct sk_buff *skb_resp;
1281         size_t skb_resp_len;
1282
1283         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1284
1285         skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
1286                 PN533_CMD_DATAEXCH_DATA_MAXLEN +
1287                 PN533_FRAME_TAIL_SIZE;
1288
1289         skb_resp = nfc_alloc_recv_skb(skb_resp_len, GFP_KERNEL);
1290         if (!skb_resp)
1291                 return;
1292
1293         in_frame = (struct pn533_frame *)skb_resp->data;
1294
1295         pn533_tx_frame_init(dev->out_frame, PN533_CMD_TG_GET_DATA);
1296         pn533_tx_frame_finish(dev->out_frame);
1297
1298         pn533_send_cmd_frame_async(dev, dev->out_frame, in_frame,
1299                                    skb_resp_len,
1300                                    pn533_tm_get_data_complete,
1301                                    skb_resp, GFP_KERNEL);
1302
1303         return;
1304 }
1305
1306 #define ATR_REQ_GB_OFFSET 17
1307 static int pn533_init_target_complete(struct pn533 *dev, void *arg,
1308                                       u8 *params, int params_len)
1309 {
1310         struct pn533_cmd_init_target_response *resp;
1311         u8 frame, comm_mode = NFC_COMM_PASSIVE, *gb;
1312         size_t gb_len;
1313         int rc;
1314
1315         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1316
1317         if (params_len < 0) {
1318                 nfc_dev_err(&dev->interface->dev,
1319                             "Error %d when starting as a target",
1320                             params_len);
1321
1322                 return params_len;
1323         }
1324
1325         if (params_len < ATR_REQ_GB_OFFSET + 1)
1326                 return -EINVAL;
1327
1328         resp = (struct pn533_cmd_init_target_response *) params;
1329
1330         nfc_dev_dbg(&dev->interface->dev, "Target mode 0x%x param len %d\n",
1331                     resp->mode, params_len);
1332
1333         frame = resp->mode & PN533_INIT_TARGET_RESP_FRAME_MASK;
1334         if (frame == PN533_INIT_TARGET_RESP_ACTIVE)
1335                 comm_mode = NFC_COMM_ACTIVE;
1336
1337         /* Again, only DEP */
1338         if ((resp->mode & PN533_INIT_TARGET_RESP_DEP) == 0)
1339                 return -EOPNOTSUPP;
1340
1341         gb = resp->cmd + ATR_REQ_GB_OFFSET;
1342         gb_len = params_len - (ATR_REQ_GB_OFFSET + 1);
1343
1344         rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
1345                               comm_mode, gb, gb_len);
1346         if (rc < 0) {
1347                 nfc_dev_err(&dev->interface->dev,
1348                             "Error when signaling target activation");
1349                 return rc;
1350         }
1351
1352         dev->tgt_mode = 1;
1353
1354         queue_work(dev->wq, &dev->tg_work);
1355
1356         return 0;
1357 }
1358
1359 static void pn533_listen_mode_timer(unsigned long data)
1360 {
1361         struct pn533 *dev = (struct pn533 *) data;
1362
1363         nfc_dev_dbg(&dev->interface->dev, "Listen mode timeout");
1364
1365         /* An ack will cancel the last issued command (poll) */
1366         pn533_send_ack(dev, GFP_ATOMIC);
1367
1368         dev->cancel_listen = 1;
1369
1370         pn533_poll_next_mod(dev);
1371
1372         queue_work(dev->wq, &dev->poll_work);
1373 }
1374
1375 static int pn533_poll_complete(struct pn533 *dev, void *arg,
1376                                u8 *params, int params_len)
1377 {
1378         struct pn533_poll_modulations *cur_mod;
1379         int rc;
1380
1381         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1382
1383         if (params_len == -ENOENT) {
1384                 if (dev->poll_mod_count != 0)
1385                         return 0;
1386
1387                 nfc_dev_err(&dev->interface->dev,
1388                             "Polling operation has been stopped");
1389
1390                 goto stop_poll;
1391         }
1392
1393         if (params_len < 0) {
1394                 nfc_dev_err(&dev->interface->dev,
1395                             "Error %d when running poll", params_len);
1396
1397                 goto stop_poll;
1398         }
1399
1400         cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1401
1402         if (cur_mod->len == 0) {
1403                 del_timer(&dev->listen_timer);
1404
1405                 return pn533_init_target_complete(dev, arg, params, params_len);
1406         } else {
1407                 rc = pn533_start_poll_complete(dev, arg, params, params_len);
1408                 if (!rc)
1409                         return rc;
1410         }
1411
1412         pn533_poll_next_mod(dev);
1413
1414         queue_work(dev->wq, &dev->poll_work);
1415
1416         return 0;
1417
1418 stop_poll:
1419         pn533_poll_reset_mod_list(dev);
1420         dev->poll_protocols = 0;
1421         return 0;
1422 }
1423
1424 static void pn533_build_poll_frame(struct pn533 *dev,
1425                                    struct pn533_frame *frame,
1426                                    struct pn533_poll_modulations *mod)
1427 {
1428         nfc_dev_dbg(&dev->interface->dev, "mod len %d\n", mod->len);
1429
1430         if (mod->len == 0) {
1431                 /* Listen mode */
1432                 pn533_init_target_frame(frame, dev->gb, dev->gb_len);
1433         } else {
1434                 /* Polling mode */
1435                 pn533_tx_frame_init(frame, PN533_CMD_IN_LIST_PASSIVE_TARGET);
1436
1437                 memcpy(PN533_FRAME_CMD_PARAMS_PTR(frame), &mod->data, mod->len);
1438                 frame->datalen += mod->len;
1439
1440                 pn533_tx_frame_finish(frame);
1441         }
1442 }
1443
1444 static int pn533_send_poll_frame(struct pn533 *dev)
1445 {
1446         struct pn533_poll_modulations *cur_mod;
1447         int rc;
1448
1449         cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1450
1451         pn533_build_poll_frame(dev, dev->out_frame, cur_mod);
1452
1453         rc = pn533_send_cmd_frame_async(dev, dev->out_frame, dev->in_frame,
1454                                 dev->in_maxlen, pn533_poll_complete,
1455                                 NULL, GFP_KERNEL);
1456         if (rc)
1457                 nfc_dev_err(&dev->interface->dev, "Polling loop error %d", rc);
1458
1459         return rc;
1460 }
1461
1462 static void pn533_wq_poll(struct work_struct *work)
1463 {
1464         struct pn533 *dev = container_of(work, struct pn533, poll_work);
1465         struct pn533_poll_modulations *cur_mod;
1466         int rc;
1467
1468         cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1469
1470         nfc_dev_dbg(&dev->interface->dev,
1471                     "%s cancel_listen %d modulation len %d",
1472                     __func__, dev->cancel_listen, cur_mod->len);
1473
1474         if (dev->cancel_listen == 1) {
1475                 dev->cancel_listen = 0;
1476                 usb_kill_urb(dev->in_urb);
1477         }
1478
1479         rc = pn533_send_poll_frame(dev);
1480         if (rc)
1481                 return;
1482
1483         if (cur_mod->len == 0 && dev->poll_mod_count > 1)
1484                 mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
1485
1486         return;
1487 }
1488
1489 static int pn533_start_poll(struct nfc_dev *nfc_dev,
1490                             u32 im_protocols, u32 tm_protocols)
1491 {
1492         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1493
1494         nfc_dev_dbg(&dev->interface->dev,
1495                     "%s: im protocols 0x%x tm protocols 0x%x",
1496                     __func__, im_protocols, tm_protocols);
1497
1498         if (dev->tgt_active_prot) {
1499                 nfc_dev_err(&dev->interface->dev,
1500                             "Cannot poll with a target already activated");
1501                 return -EBUSY;
1502         }
1503
1504         if (dev->tgt_mode) {
1505                 nfc_dev_err(&dev->interface->dev,
1506                             "Cannot poll while already being activated");
1507                 return -EBUSY;
1508         }
1509
1510         if (tm_protocols) {
1511                 dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
1512                 if (dev->gb == NULL)
1513                         tm_protocols = 0;
1514         }
1515
1516         dev->poll_mod_curr = 0;
1517         pn533_poll_create_mod_list(dev, im_protocols, tm_protocols);
1518         dev->poll_protocols = im_protocols;
1519         dev->listen_protocols = tm_protocols;
1520
1521         return pn533_send_poll_frame(dev);
1522 }
1523
1524 static void pn533_stop_poll(struct nfc_dev *nfc_dev)
1525 {
1526         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1527
1528         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1529
1530         del_timer(&dev->listen_timer);
1531
1532         if (!dev->poll_mod_count) {
1533                 nfc_dev_dbg(&dev->interface->dev, "Polling operation was not"
1534                                                                 " running");
1535                 return;
1536         }
1537
1538         /* An ack will cancel the last issued command (poll) */
1539         pn533_send_ack(dev, GFP_KERNEL);
1540
1541         /* prevent pn533_start_poll_complete to issue a new poll meanwhile */
1542         usb_kill_urb(dev->in_urb);
1543
1544         pn533_poll_reset_mod_list(dev);
1545 }
1546
1547 static int pn533_activate_target_nfcdep(struct pn533 *dev)
1548 {
1549         struct pn533_cmd_activate_param param;
1550         struct pn533_cmd_activate_response *resp;
1551         u16 gt_len;
1552         int rc;
1553
1554         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1555
1556         pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_ATR);
1557
1558         param.tg = 1;
1559         param.next = 0;
1560         memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), &param,
1561                                 sizeof(struct pn533_cmd_activate_param));
1562         dev->out_frame->datalen += sizeof(struct pn533_cmd_activate_param);
1563
1564         pn533_tx_frame_finish(dev->out_frame);
1565
1566         rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
1567                                                                 dev->in_maxlen);
1568         if (rc)
1569                 return rc;
1570
1571         resp = (struct pn533_cmd_activate_response *)
1572                                 PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame);
1573         rc = resp->status & PN533_CMD_RET_MASK;
1574         if (rc != PN533_CMD_RET_SUCCESS)
1575                 return -EIO;
1576
1577         /* ATR_RES general bytes are located at offset 16 */
1578         gt_len = PN533_FRAME_CMD_PARAMS_LEN(dev->in_frame) - 16;
1579         rc = nfc_set_remote_general_bytes(dev->nfc_dev, resp->gt, gt_len);
1580
1581         return rc;
1582 }
1583
1584 static int pn533_activate_target(struct nfc_dev *nfc_dev,
1585                                  struct nfc_target *target, u32 protocol)
1586 {
1587         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1588         int rc;
1589
1590         nfc_dev_dbg(&dev->interface->dev, "%s - protocol=%u", __func__,
1591                                                                 protocol);
1592
1593         if (dev->poll_mod_count) {
1594                 nfc_dev_err(&dev->interface->dev, "Cannot activate while"
1595                                                                 " polling");
1596                 return -EBUSY;
1597         }
1598
1599         if (dev->tgt_active_prot) {
1600                 nfc_dev_err(&dev->interface->dev, "There is already an active"
1601                                                                 " target");
1602                 return -EBUSY;
1603         }
1604
1605         if (!dev->tgt_available_prots) {
1606                 nfc_dev_err(&dev->interface->dev, "There is no available target"
1607                                                                 " to activate");
1608                 return -EINVAL;
1609         }
1610
1611         if (!(dev->tgt_available_prots & (1 << protocol))) {
1612                 nfc_dev_err(&dev->interface->dev, "The target does not support"
1613                                         " the requested protocol %u", protocol);
1614                 return -EINVAL;
1615         }
1616
1617         if (protocol == NFC_PROTO_NFC_DEP) {
1618                 rc = pn533_activate_target_nfcdep(dev);
1619                 if (rc) {
1620                         nfc_dev_err(&dev->interface->dev, "Error %d when"
1621                                                 " activating target with"
1622                                                 " NFC_DEP protocol", rc);
1623                         return rc;
1624                 }
1625         }
1626
1627         dev->tgt_active_prot = protocol;
1628         dev->tgt_available_prots = 0;
1629
1630         return 0;
1631 }
1632
1633 static void pn533_deactivate_target(struct nfc_dev *nfc_dev,
1634                                     struct nfc_target *target)
1635 {
1636         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1637         u8 tg;
1638         u8 status;
1639         int rc;
1640
1641         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1642
1643         if (!dev->tgt_active_prot) {
1644                 nfc_dev_err(&dev->interface->dev, "There is no active target");
1645                 return;
1646         }
1647
1648         dev->tgt_active_prot = 0;
1649
1650         skb_queue_purge(&dev->resp_q);
1651
1652         pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_RELEASE);
1653
1654         tg = 1;
1655         memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), &tg, sizeof(u8));
1656         dev->out_frame->datalen += sizeof(u8);
1657
1658         pn533_tx_frame_finish(dev->out_frame);
1659
1660         rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
1661                                                                 dev->in_maxlen);
1662         if (rc) {
1663                 nfc_dev_err(&dev->interface->dev, "Error when sending release"
1664                                                 " command to the controller");
1665                 return;
1666         }
1667
1668         status = PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame)[0];
1669         rc = status & PN533_CMD_RET_MASK;
1670         if (rc != PN533_CMD_RET_SUCCESS)
1671                 nfc_dev_err(&dev->interface->dev, "Error 0x%x when releasing"
1672                                                         " the target", rc);
1673
1674         return;
1675 }
1676
1677
1678 static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg,
1679                                                 u8 *params, int params_len)
1680 {
1681         struct pn533_cmd_jump_dep *cmd;
1682         struct pn533_cmd_jump_dep_response *resp;
1683         struct nfc_target nfc_target;
1684         u8 target_gt_len;
1685         int rc;
1686
1687         if (params_len == -ENOENT) {
1688                 nfc_dev_dbg(&dev->interface->dev, "");
1689                 return 0;
1690         }
1691
1692         if (params_len < 0) {
1693                 nfc_dev_err(&dev->interface->dev,
1694                                 "Error %d when bringing DEP link up",
1695                                                                 params_len);
1696                 return 0;
1697         }
1698
1699         if (dev->tgt_available_prots &&
1700             !(dev->tgt_available_prots & (1 << NFC_PROTO_NFC_DEP))) {
1701                 nfc_dev_err(&dev->interface->dev,
1702                         "The target does not support DEP");
1703                 return -EINVAL;
1704         }
1705
1706         resp = (struct pn533_cmd_jump_dep_response *) params;
1707         cmd = (struct pn533_cmd_jump_dep *) arg;
1708         rc = resp->status & PN533_CMD_RET_MASK;
1709         if (rc != PN533_CMD_RET_SUCCESS) {
1710                 nfc_dev_err(&dev->interface->dev,
1711                                 "Bringing DEP link up failed %d", rc);
1712                 return 0;
1713         }
1714
1715         if (!dev->tgt_available_prots) {
1716                 nfc_dev_dbg(&dev->interface->dev, "Creating new target");
1717
1718                 nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1719                 nfc_target.nfcid1_len = 10;
1720                 memcpy(nfc_target.nfcid1, resp->nfcid3t, nfc_target.nfcid1_len);
1721                 rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
1722                 if (rc)
1723                         return 0;
1724
1725                 dev->tgt_available_prots = 0;
1726         }
1727
1728         dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
1729
1730         /* ATR_RES general bytes are located at offset 17 */
1731         target_gt_len = PN533_FRAME_CMD_PARAMS_LEN(dev->in_frame) - 17;
1732         rc = nfc_set_remote_general_bytes(dev->nfc_dev,
1733                                                 resp->gt, target_gt_len);
1734         if (rc == 0)
1735                 rc = nfc_dep_link_is_up(dev->nfc_dev,
1736                                                 dev->nfc_dev->targets[0].idx,
1737                                                 !cmd->active, NFC_RF_INITIATOR);
1738
1739         return 0;
1740 }
1741
1742 static int pn533_mod_to_baud(struct pn533 *dev)
1743 {
1744         switch (dev->poll_mod_curr) {
1745         case PN533_POLL_MOD_106KBPS_A:
1746                 return 0;
1747         case PN533_POLL_MOD_212KBPS_FELICA:
1748                 return 1;
1749         case PN533_POLL_MOD_424KBPS_FELICA:
1750                 return 2;
1751         default:
1752                 return -EINVAL;
1753         }
1754 }
1755
1756 #define PASSIVE_DATA_LEN 5
1757 static int pn533_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
1758                              u8 comm_mode, u8* gb, size_t gb_len)
1759 {
1760         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1761         struct pn533_cmd_jump_dep *cmd;
1762         u8 cmd_len, *data_ptr;
1763         u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
1764         int rc, baud;
1765
1766         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1767
1768         if (dev->poll_mod_count) {
1769                 nfc_dev_err(&dev->interface->dev,
1770                                 "Cannot bring the DEP link up while polling");
1771                 return -EBUSY;
1772         }
1773
1774         if (dev->tgt_active_prot) {
1775                 nfc_dev_err(&dev->interface->dev,
1776                                 "There is already an active target");
1777                 return -EBUSY;
1778         }
1779
1780         baud = pn533_mod_to_baud(dev);
1781         if (baud < 0) {
1782                 nfc_dev_err(&dev->interface->dev,
1783                             "Invalid curr modulation %d", dev->poll_mod_curr);
1784                 return baud;
1785         }
1786
1787         cmd_len = sizeof(struct pn533_cmd_jump_dep) + gb_len;
1788         if (comm_mode == NFC_COMM_PASSIVE)
1789                 cmd_len += PASSIVE_DATA_LEN;
1790
1791         cmd = kzalloc(cmd_len, GFP_KERNEL);
1792         if (cmd == NULL)
1793                 return -ENOMEM;
1794
1795         pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_JUMP_FOR_DEP);
1796
1797         cmd->active = !comm_mode;
1798         cmd->next = 0;
1799         cmd->baud = baud;
1800         data_ptr = cmd->data;
1801         if (comm_mode == NFC_COMM_PASSIVE && cmd->baud > 0) {
1802                 memcpy(data_ptr, passive_data, PASSIVE_DATA_LEN);
1803                 cmd->next |= 1;
1804                 data_ptr += PASSIVE_DATA_LEN;
1805         }
1806
1807         if (gb != NULL && gb_len > 0) {
1808                 cmd->next |= 4; /* We have some Gi */
1809                 memcpy(data_ptr, gb, gb_len);
1810         } else {
1811                 cmd->next = 0;
1812         }
1813
1814         memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), cmd, cmd_len);
1815         dev->out_frame->datalen += cmd_len;
1816
1817         pn533_tx_frame_finish(dev->out_frame);
1818
1819         rc = pn533_send_cmd_frame_async(dev, dev->out_frame, dev->in_frame,
1820                                 dev->in_maxlen, pn533_in_dep_link_up_complete,
1821                                 cmd, GFP_KERNEL);
1822         if (rc)
1823                 goto out;
1824
1825
1826 out:
1827         kfree(cmd);
1828
1829         return rc;
1830 }
1831
1832 static int pn533_dep_link_down(struct nfc_dev *nfc_dev)
1833 {
1834         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1835
1836         pn533_poll_reset_mod_list(dev);
1837
1838         if (dev->tgt_mode || dev->tgt_active_prot) {
1839                 pn533_send_ack(dev, GFP_KERNEL);
1840                 usb_kill_urb(dev->in_urb);
1841         }
1842
1843         dev->tgt_active_prot = 0;
1844         dev->tgt_mode = 0;
1845
1846         skb_queue_purge(&dev->resp_q);
1847
1848         return 0;
1849 }
1850
1851 static int pn533_build_tx_frame(struct pn533 *dev, struct sk_buff *skb,
1852                                 bool target)
1853 {
1854         int payload_len = skb->len;
1855         struct pn533_frame *out_frame;
1856         u8 tg;
1857
1858         nfc_dev_dbg(&dev->interface->dev, "%s - Sending %d bytes", __func__,
1859                                                                 payload_len);
1860
1861         if (payload_len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
1862                 /* TODO: Implement support to multi-part data exchange */
1863                 nfc_dev_err(&dev->interface->dev, "Data length greater than the"
1864                                                 " max allowed: %d",
1865                                                 PN533_CMD_DATAEXCH_DATA_MAXLEN);
1866                 return -ENOSYS;
1867         }
1868
1869         if (target == true) {
1870                 switch (dev->device_type) {
1871                 case PN533_DEVICE_PASORI:
1872                         if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
1873                                 skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN - 1);
1874                                 out_frame = (struct pn533_frame *) skb->data;
1875                                 pn533_tx_frame_init(out_frame,
1876                                                     PN533_CMD_IN_COMM_THRU);
1877
1878                                 break;
1879                         }
1880
1881                 default:
1882                         skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN);
1883                         out_frame = (struct pn533_frame *) skb->data;
1884                         pn533_tx_frame_init(out_frame,
1885                                             PN533_CMD_IN_DATA_EXCHANGE);
1886                         tg = 1;
1887                         memcpy(PN533_FRAME_CMD_PARAMS_PTR(out_frame),
1888                                &tg, sizeof(u8));
1889                         out_frame->datalen += sizeof(u8);
1890
1891                         break;
1892                 }
1893
1894         } else {
1895                 skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN - 1);
1896                 out_frame = (struct pn533_frame *) skb->data;
1897                 pn533_tx_frame_init(out_frame, PN533_CMD_TG_SET_DATA);
1898         }
1899
1900
1901         /* The data is already in the out_frame, just update the datalen */
1902         out_frame->datalen += payload_len;
1903
1904         pn533_tx_frame_finish(out_frame);
1905         skb_put(skb, PN533_FRAME_TAIL_SIZE);
1906
1907         return 0;
1908 }
1909
1910 struct pn533_data_exchange_arg {
1911         struct sk_buff *skb_resp;
1912         struct sk_buff *skb_out;
1913         data_exchange_cb_t cb;
1914         void *cb_context;
1915 };
1916
1917 static struct sk_buff *pn533_build_response(struct pn533 *dev)
1918 {
1919         struct sk_buff *skb, *tmp, *t;
1920         unsigned int skb_len = 0, tmp_len = 0;
1921
1922         nfc_dev_dbg(&dev->interface->dev, "%s\n", __func__);
1923
1924         if (skb_queue_empty(&dev->resp_q))
1925                 return NULL;
1926
1927         if (skb_queue_len(&dev->resp_q) == 1) {
1928                 skb = skb_dequeue(&dev->resp_q);
1929                 goto out;
1930         }
1931
1932         skb_queue_walk_safe(&dev->resp_q, tmp, t)
1933                 skb_len += tmp->len;
1934
1935         nfc_dev_dbg(&dev->interface->dev, "%s total length %d\n",
1936                     __func__, skb_len);
1937
1938         skb = alloc_skb(skb_len, GFP_KERNEL);
1939         if (skb == NULL)
1940                 goto out;
1941
1942         skb_put(skb, skb_len);
1943
1944         skb_queue_walk_safe(&dev->resp_q, tmp, t) {
1945                 memcpy(skb->data + tmp_len, tmp->data, tmp->len);
1946                 tmp_len += tmp->len;
1947         }
1948
1949 out:
1950         skb_queue_purge(&dev->resp_q);
1951
1952         return skb;
1953 }
1954
1955 static int pn533_data_exchange_complete(struct pn533 *dev, void *_arg,
1956                                                 u8 *params, int params_len)
1957 {
1958         struct pn533_data_exchange_arg *arg = _arg;
1959         struct sk_buff *skb = NULL, *skb_resp = arg->skb_resp;
1960         struct pn533_frame *in_frame = (struct pn533_frame *) skb_resp->data;
1961         int err = 0;
1962         u8 status;
1963         u8 cmd_ret;
1964
1965         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1966
1967         dev_kfree_skb(arg->skb_out);
1968
1969         if (params_len < 0) { /* error */
1970                 err = params_len;
1971                 goto error;
1972         }
1973
1974         status = params[0];
1975
1976         cmd_ret = status & PN533_CMD_RET_MASK;
1977         if (cmd_ret != PN533_CMD_RET_SUCCESS) {
1978                 nfc_dev_err(&dev->interface->dev, "PN533 reported error %d when"
1979                                                 " exchanging data", cmd_ret);
1980                 err = -EIO;
1981                 goto error;
1982         }
1983
1984         skb_put(skb_resp, PN533_FRAME_SIZE(in_frame));
1985         skb_pull(skb_resp, PN533_CMD_DATAEXCH_HEAD_LEN);
1986         skb_trim(skb_resp, skb_resp->len - PN533_FRAME_TAIL_SIZE);
1987         skb_queue_tail(&dev->resp_q, skb_resp);
1988
1989         if (status & PN533_CMD_MI_MASK) {
1990                 queue_work(dev->wq, &dev->mi_work);
1991                 return -EINPROGRESS;
1992         }
1993
1994         skb = pn533_build_response(dev);
1995         if (skb == NULL)
1996                 goto error;
1997
1998         arg->cb(arg->cb_context, skb, 0);
1999         kfree(arg);
2000         return 0;
2001
2002 error:
2003         skb_queue_purge(&dev->resp_q);
2004         dev_kfree_skb(skb_resp);
2005         arg->cb(arg->cb_context, NULL, err);
2006         kfree(arg);
2007         return 0;
2008 }
2009
2010 static int pn533_transceive(struct nfc_dev *nfc_dev,
2011                             struct nfc_target *target, struct sk_buff *skb,
2012                             data_exchange_cb_t cb, void *cb_context)
2013 {
2014         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2015         struct pn533_frame *out_frame, *in_frame;
2016         struct pn533_data_exchange_arg *arg;
2017         struct sk_buff *skb_resp;
2018         int skb_resp_len;
2019         int rc;
2020
2021         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2022
2023         if (!dev->tgt_active_prot) {
2024                 nfc_dev_err(&dev->interface->dev, "Cannot exchange data if"
2025                                                 " there is no active target");
2026                 rc = -EINVAL;
2027                 goto error;
2028         }
2029
2030         rc = pn533_build_tx_frame(dev, skb, true);
2031         if (rc)
2032                 goto error;
2033
2034         skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
2035                         PN533_CMD_DATAEXCH_DATA_MAXLEN +
2036                         PN533_FRAME_TAIL_SIZE;
2037
2038         skb_resp = nfc_alloc_recv_skb(skb_resp_len, GFP_KERNEL);
2039         if (!skb_resp) {
2040                 rc = -ENOMEM;
2041                 goto error;
2042         }
2043
2044         in_frame = (struct pn533_frame *) skb_resp->data;
2045         out_frame = (struct pn533_frame *) skb->data;
2046
2047         arg = kmalloc(sizeof(struct pn533_data_exchange_arg), GFP_KERNEL);
2048         if (!arg) {
2049                 rc = -ENOMEM;
2050                 goto free_skb_resp;
2051         }
2052
2053         arg->skb_resp = skb_resp;
2054         arg->skb_out = skb;
2055         arg->cb = cb;
2056         arg->cb_context = cb_context;
2057
2058         rc = pn533_send_cmd_frame_async(dev, out_frame, in_frame, skb_resp_len,
2059                                         pn533_data_exchange_complete, arg,
2060                                         GFP_KERNEL);
2061         if (rc) {
2062                 nfc_dev_err(&dev->interface->dev, "Error %d when trying to"
2063                                                 " perform data_exchange", rc);
2064                 goto free_arg;
2065         }
2066
2067         return 0;
2068
2069 free_arg:
2070         kfree(arg);
2071 free_skb_resp:
2072         kfree_skb(skb_resp);
2073 error:
2074         kfree_skb(skb);
2075         return rc;
2076 }
2077
2078 static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
2079                                   u8 *params, int params_len)
2080 {
2081         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2082
2083         if (params_len < 0) {
2084                 nfc_dev_err(&dev->interface->dev,
2085                             "Error %d when sending data",
2086                             params_len);
2087
2088                 return params_len;
2089         }
2090
2091         if (params_len > 0 && params[0] != 0) {
2092                 nfc_tm_deactivated(dev->nfc_dev);
2093
2094                 dev->tgt_mode = 0;
2095
2096                 return 0;
2097         }
2098
2099         queue_work(dev->wq, &dev->tg_work);
2100
2101         return 0;
2102 }
2103
2104 static int pn533_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb)
2105 {
2106         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2107         struct pn533_frame *out_frame;
2108         int rc;
2109
2110         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2111
2112         rc = pn533_build_tx_frame(dev, skb, false);
2113         if (rc)
2114                 goto error;
2115
2116         out_frame = (struct pn533_frame *) skb->data;
2117
2118         rc = pn533_send_cmd_frame_async(dev, out_frame, dev->in_frame,
2119                                         dev->in_maxlen, pn533_tm_send_complete,
2120                                         NULL, GFP_KERNEL);
2121         if (rc) {
2122                 nfc_dev_err(&dev->interface->dev,
2123                             "Error %d when trying to send data", rc);
2124                 goto error;
2125         }
2126
2127         return 0;
2128
2129 error:
2130         kfree_skb(skb);
2131
2132         return rc;
2133 }
2134
2135 static void pn533_wq_mi_recv(struct work_struct *work)
2136 {
2137         struct pn533 *dev = container_of(work, struct pn533, mi_work);
2138         struct sk_buff *skb_cmd;
2139         struct pn533_data_exchange_arg *arg = dev->cmd_complete_arg;
2140         struct pn533_frame *out_frame, *in_frame;
2141         struct sk_buff *skb_resp;
2142         int skb_resp_len;
2143         int rc;
2144
2145         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2146
2147         /* This is a zero payload size skb */
2148         skb_cmd = alloc_skb(PN533_CMD_DATAEXCH_HEAD_LEN + PN533_FRAME_TAIL_SIZE,
2149                             GFP_KERNEL);
2150         if (skb_cmd == NULL)
2151                 goto error_cmd;
2152
2153         skb_reserve(skb_cmd, PN533_CMD_DATAEXCH_HEAD_LEN);
2154
2155         rc = pn533_build_tx_frame(dev, skb_cmd, true);
2156         if (rc)
2157                 goto error_frame;
2158
2159         skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
2160                         PN533_CMD_DATAEXCH_DATA_MAXLEN +
2161                         PN533_FRAME_TAIL_SIZE;
2162         skb_resp = alloc_skb(skb_resp_len, GFP_KERNEL);
2163         if (!skb_resp) {
2164                 rc = -ENOMEM;
2165                 goto error_frame;
2166         }
2167
2168         in_frame = (struct pn533_frame *) skb_resp->data;
2169         out_frame = (struct pn533_frame *) skb_cmd->data;
2170
2171         arg->skb_resp = skb_resp;
2172         arg->skb_out = skb_cmd;
2173
2174         rc = __pn533_send_cmd_frame_async(dev, out_frame, in_frame,
2175                                           skb_resp_len,
2176                                           pn533_data_exchange_complete,
2177                                           dev->cmd_complete_arg, GFP_KERNEL);
2178         if (!rc)
2179                 return;
2180
2181         nfc_dev_err(&dev->interface->dev, "Error %d when trying to"
2182                                                 " perform data_exchange", rc);
2183
2184         kfree_skb(skb_resp);
2185
2186 error_frame:
2187         kfree_skb(skb_cmd);
2188
2189 error_cmd:
2190         pn533_send_ack(dev, GFP_KERNEL);
2191
2192         kfree(arg);
2193
2194         queue_work(dev->wq, &dev->cmd_work);
2195 }
2196
2197 static int pn533_set_configuration(struct pn533 *dev, u8 cfgitem, u8 *cfgdata,
2198                                                                 u8 cfgdata_len)
2199 {
2200         int rc;
2201         u8 *params;
2202
2203         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2204
2205         pn533_tx_frame_init(dev->out_frame, PN533_CMD_RF_CONFIGURATION);
2206
2207         params = PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame);
2208         params[0] = cfgitem;
2209         memcpy(&params[1], cfgdata, cfgdata_len);
2210         dev->out_frame->datalen += (1 + cfgdata_len);
2211
2212         pn533_tx_frame_finish(dev->out_frame);
2213
2214         rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2215                                                                 dev->in_maxlen);
2216
2217         return rc;
2218 }
2219
2220 static int pn533_fw_reset(struct pn533 *dev)
2221 {
2222         int rc;
2223         u8 *params;
2224
2225         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2226
2227         pn533_tx_frame_init(dev->out_frame, 0x18);
2228
2229         params = PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame);
2230         params[0] = 0x1;
2231         dev->out_frame->datalen += 1;
2232
2233         pn533_tx_frame_finish(dev->out_frame);
2234
2235         rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2236                                        dev->in_maxlen);
2237
2238         return rc;
2239 }
2240
2241 static struct nfc_ops pn533_nfc_ops = {
2242         .dev_up = NULL,
2243         .dev_down = NULL,
2244         .dep_link_up = pn533_dep_link_up,
2245         .dep_link_down = pn533_dep_link_down,
2246         .start_poll = pn533_start_poll,
2247         .stop_poll = pn533_stop_poll,
2248         .activate_target = pn533_activate_target,
2249         .deactivate_target = pn533_deactivate_target,
2250         .im_transceive = pn533_transceive,
2251         .tm_send = pn533_tm_send,
2252 };
2253
2254 static int pn533_setup(struct pn533 *dev)
2255 {
2256         struct pn533_config_max_retries max_retries;
2257         struct pn533_config_timing timing;
2258         u8 pasori_cfg[3] = {0x08, 0x01, 0x08};
2259         int rc;
2260
2261         switch (dev->device_type) {
2262         case PN533_DEVICE_STD:
2263                 max_retries.mx_rty_atr = PN533_CONFIG_MAX_RETRIES_ENDLESS;
2264                 max_retries.mx_rty_psl = 2;
2265                 max_retries.mx_rty_passive_act =
2266                         PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2267
2268                 timing.rfu = PN533_CONFIG_TIMING_102;
2269                 timing.atr_res_timeout = PN533_CONFIG_TIMING_204;
2270                 timing.dep_timeout = PN533_CONFIG_TIMING_409;
2271
2272                 break;
2273
2274         case PN533_DEVICE_PASORI:
2275                 max_retries.mx_rty_atr = 0x2;
2276                 max_retries.mx_rty_psl = 0x1;
2277                 max_retries.mx_rty_passive_act =
2278                         PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2279
2280                 timing.rfu = PN533_CONFIG_TIMING_102;
2281                 timing.atr_res_timeout = PN533_CONFIG_TIMING_102;
2282                 timing.dep_timeout = PN533_CONFIG_TIMING_204;
2283
2284                 break;
2285
2286         default:
2287                 nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2288                             dev->device_type);
2289                 return -EINVAL;
2290         }
2291
2292         rc = pn533_set_configuration(dev, PN533_CFGITEM_MAX_RETRIES,
2293                                      (u8 *)&max_retries, sizeof(max_retries));
2294         if (rc) {
2295                 nfc_dev_err(&dev->interface->dev,
2296                             "Error on setting MAX_RETRIES config");
2297                 return rc;
2298         }
2299
2300
2301         rc = pn533_set_configuration(dev, PN533_CFGITEM_TIMING,
2302                                      (u8 *)&timing, sizeof(timing));
2303         if (rc) {
2304                 nfc_dev_err(&dev->interface->dev,
2305                             "Error on setting RF timings");
2306                 return rc;
2307         }
2308
2309         switch (dev->device_type) {
2310         case PN533_DEVICE_STD:
2311                 break;
2312
2313         case PN533_DEVICE_PASORI:
2314                 pn533_fw_reset(dev);
2315
2316                 rc = pn533_set_configuration(dev, PN533_CFGITEM_PASORI,
2317                                              pasori_cfg, 3);
2318                 if (rc) {
2319                         nfc_dev_err(&dev->interface->dev,
2320                                     "Error while settings PASORI config");
2321                         return rc;
2322                 }
2323
2324                 pn533_fw_reset(dev);
2325
2326                 break;
2327         }
2328
2329         return 0;
2330 }
2331
2332 static int pn533_probe(struct usb_interface *interface,
2333                         const struct usb_device_id *id)
2334 {
2335         struct pn533_fw_version *fw_ver;
2336         struct pn533 *dev;
2337         struct usb_host_interface *iface_desc;
2338         struct usb_endpoint_descriptor *endpoint;
2339         int in_endpoint = 0;
2340         int out_endpoint = 0;
2341         int rc = -ENOMEM;
2342         int i;
2343         u32 protocols;
2344
2345         dev = kzalloc(sizeof(*dev), GFP_KERNEL);
2346         if (!dev)
2347                 return -ENOMEM;
2348
2349         dev->udev = usb_get_dev(interface_to_usbdev(interface));
2350         dev->interface = interface;
2351         mutex_init(&dev->cmd_lock);
2352
2353         iface_desc = interface->cur_altsetting;
2354         for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
2355                 endpoint = &iface_desc->endpoint[i].desc;
2356
2357                 if (!in_endpoint && usb_endpoint_is_bulk_in(endpoint)) {
2358                         dev->in_maxlen = le16_to_cpu(endpoint->wMaxPacketSize);
2359                         in_endpoint = endpoint->bEndpointAddress;
2360                 }
2361
2362                 if (!out_endpoint && usb_endpoint_is_bulk_out(endpoint)) {
2363                         dev->out_maxlen =
2364                                 le16_to_cpu(endpoint->wMaxPacketSize);
2365                         out_endpoint = endpoint->bEndpointAddress;
2366                 }
2367         }
2368
2369         if (!in_endpoint || !out_endpoint) {
2370                 nfc_dev_err(&interface->dev, "Could not find bulk-in or"
2371                                                         " bulk-out endpoint");
2372                 rc = -ENODEV;
2373                 goto error;
2374         }
2375
2376         dev->in_frame = kmalloc(dev->in_maxlen, GFP_KERNEL);
2377         dev->in_urb = usb_alloc_urb(0, GFP_KERNEL);
2378         dev->out_frame = kmalloc(dev->out_maxlen, GFP_KERNEL);
2379         dev->out_urb = usb_alloc_urb(0, GFP_KERNEL);
2380
2381         if (!dev->in_frame || !dev->out_frame ||
2382                 !dev->in_urb || !dev->out_urb)
2383                 goto error;
2384
2385         usb_fill_bulk_urb(dev->in_urb, dev->udev,
2386                         usb_rcvbulkpipe(dev->udev, in_endpoint),
2387                         NULL, 0, NULL, dev);
2388         usb_fill_bulk_urb(dev->out_urb, dev->udev,
2389                         usb_sndbulkpipe(dev->udev, out_endpoint),
2390                         NULL, 0,
2391                         pn533_send_complete, dev);
2392
2393         INIT_WORK(&dev->cmd_work, pn533_wq_cmd);
2394         INIT_WORK(&dev->cmd_complete_work, pn533_wq_cmd_complete);
2395         INIT_WORK(&dev->mi_work, pn533_wq_mi_recv);
2396         INIT_WORK(&dev->tg_work, pn533_wq_tg_get_data);
2397         INIT_WORK(&dev->poll_work, pn533_wq_poll);
2398         dev->wq = alloc_ordered_workqueue("pn533", 0);
2399         if (dev->wq == NULL)
2400                 goto error;
2401
2402         init_timer(&dev->listen_timer);
2403         dev->listen_timer.data = (unsigned long) dev;
2404         dev->listen_timer.function = pn533_listen_mode_timer;
2405
2406         skb_queue_head_init(&dev->resp_q);
2407
2408         INIT_LIST_HEAD(&dev->cmd_queue);
2409
2410         usb_set_intfdata(interface, dev);
2411
2412         pn533_tx_frame_init(dev->out_frame, PN533_CMD_GET_FIRMWARE_VERSION);
2413         pn533_tx_frame_finish(dev->out_frame);
2414
2415         rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2416                                                                 dev->in_maxlen);
2417         if (rc)
2418                 goto destroy_wq;
2419
2420         fw_ver = (struct pn533_fw_version *)
2421                                 PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame);
2422         nfc_dev_info(&dev->interface->dev, "NXP PN533 firmware ver %d.%d now"
2423                                         " attached", fw_ver->ver, fw_ver->rev);
2424
2425         dev->device_type = id->driver_info;
2426         switch (dev->device_type) {
2427         case PN533_DEVICE_STD:
2428                 protocols = PN533_ALL_PROTOCOLS;
2429                 break;
2430
2431         case PN533_DEVICE_PASORI:
2432                 protocols = PN533_NO_TYPE_B_PROTOCOLS;
2433                 break;
2434
2435         default:
2436                 nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2437                             dev->device_type);
2438                 rc = -EINVAL;
2439                 goto destroy_wq;
2440         }
2441
2442         dev->nfc_dev = nfc_allocate_device(&pn533_nfc_ops, protocols,
2443                                            PN533_CMD_DATAEXCH_HEAD_LEN,
2444                                            PN533_FRAME_TAIL_SIZE);
2445         if (!dev->nfc_dev)
2446                 goto destroy_wq;
2447
2448         nfc_set_parent_dev(dev->nfc_dev, &interface->dev);
2449         nfc_set_drvdata(dev->nfc_dev, dev);
2450
2451         rc = nfc_register_device(dev->nfc_dev);
2452         if (rc)
2453                 goto free_nfc_dev;
2454
2455         rc = pn533_setup(dev);
2456         if (rc)
2457                 goto unregister_nfc_dev;
2458
2459         return 0;
2460
2461 unregister_nfc_dev:
2462         nfc_unregister_device(dev->nfc_dev);
2463
2464 free_nfc_dev:
2465         nfc_free_device(dev->nfc_dev);
2466
2467 destroy_wq:
2468         destroy_workqueue(dev->wq);
2469 error:
2470         kfree(dev->in_frame);
2471         usb_free_urb(dev->in_urb);
2472         kfree(dev->out_frame);
2473         usb_free_urb(dev->out_urb);
2474         kfree(dev);
2475         return rc;
2476 }
2477
2478 static void pn533_disconnect(struct usb_interface *interface)
2479 {
2480         struct pn533 *dev;
2481         struct pn533_cmd *cmd, *n;
2482
2483         dev = usb_get_intfdata(interface);
2484         usb_set_intfdata(interface, NULL);
2485
2486         nfc_unregister_device(dev->nfc_dev);
2487         nfc_free_device(dev->nfc_dev);
2488
2489         usb_kill_urb(dev->in_urb);
2490         usb_kill_urb(dev->out_urb);
2491
2492         destroy_workqueue(dev->wq);
2493
2494         skb_queue_purge(&dev->resp_q);
2495
2496         del_timer(&dev->listen_timer);
2497
2498         list_for_each_entry_safe(cmd, n, &dev->cmd_queue, queue) {
2499                 list_del(&cmd->queue);
2500                 kfree(cmd);
2501         }
2502
2503         kfree(dev->in_frame);
2504         usb_free_urb(dev->in_urb);
2505         kfree(dev->out_frame);
2506         usb_free_urb(dev->out_urb);
2507         kfree(dev);
2508
2509         nfc_dev_info(&interface->dev, "NXP PN533 NFC device disconnected");
2510 }
2511
2512 static struct usb_driver pn533_driver = {
2513         .name =         "pn533",
2514         .probe =        pn533_probe,
2515         .disconnect =   pn533_disconnect,
2516         .id_table =     pn533_table,
2517 };
2518
2519 module_usb_driver(pn533_driver);
2520
2521 MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>,"
2522                         " Aloisio Almeida Jr <aloisio.almeida@openbossa.org>");
2523 MODULE_DESCRIPTION("PN533 usb driver ver " VERSION);
2524 MODULE_VERSION(VERSION);
2525 MODULE_LICENSE("GPL");