projects / firefly-linux-kernel-4.4.55.git / blob
? search:


1016e09620686361b82289c09ccf5c40f97b8d63
[firefly-linux-kernel-4.4.55.git] / drivers / nfc / pn533.c
1 /*
2  * Copyright (C) 2011 Instituto Nokia de Tecnologia
3  *
4  * Authors:
5  *    Lauro Ramos Venancio <lauro.venancio@openbossa.org>
6  *    Aloisio Almeida Jr <aloisio.almeida@openbossa.org>
7  *
8  * This program is free software; you can redistribute it and/or modify
9  * it under the terms of the GNU General Public License as published by
10  * the Free Software Foundation; either version 2 of the License, or
11  * (at your option) any later version.
12  *
13  * This program is distributed in the hope that it will be useful,
14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16  * GNU General Public License for more details.
17  *
18  * You should have received a copy of the GNU General Public License
19  * along with this program; if not, write to the
20  * Free Software Foundation, Inc.,
21  * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
22  */
23
24 #include <linux/device.h>
25 #include <linux/kernel.h>
26 #include <linux/module.h>
27 #include <linux/slab.h>
28 #include <linux/usb.h>
29 #include <linux/nfc.h>
30 #include <linux/netdevice.h>
31 #include <net/nfc/nfc.h>
32
33 #define VERSION "0.1"
34
35 #define PN533_VENDOR_ID 0x4CC
36 #define PN533_PRODUCT_ID 0x2533
37
38 #define SCM_VENDOR_ID 0x4E6
39 #define SCL3711_PRODUCT_ID 0x5591
40
41 #define SONY_VENDOR_ID         0x054c
42 #define PASORI_PRODUCT_ID      0x02e1
43
44 #define PN533_DEVICE_STD    0x1
45 #define PN533_DEVICE_PASORI 0x2
46
47 #define PN533_ALL_PROTOCOLS (NFC_PROTO_JEWEL_MASK | NFC_PROTO_MIFARE_MASK |\
48                              NFC_PROTO_FELICA_MASK | NFC_PROTO_ISO14443_MASK |\
49                              NFC_PROTO_NFC_DEP_MASK |\
50                              NFC_PROTO_ISO14443_B_MASK)
51
52 #define PN533_NO_TYPE_B_PROTOCOLS (NFC_PROTO_JEWEL_MASK | \
53                                    NFC_PROTO_MIFARE_MASK | \
54                                    NFC_PROTO_FELICA_MASK | \
55                                    NFC_PROTO_ISO14443_MASK | \
56                                    NFC_PROTO_NFC_DEP_MASK)
57
58 static const struct usb_device_id pn533_table[] = {
59         { .match_flags          = USB_DEVICE_ID_MATCH_DEVICE,
60           .idVendor             = PN533_VENDOR_ID,
61           .idProduct            = PN533_PRODUCT_ID,
62           .driver_info          = PN533_DEVICE_STD,
63         },
64         { .match_flags          = USB_DEVICE_ID_MATCH_DEVICE,
65           .idVendor             = SCM_VENDOR_ID,
66           .idProduct            = SCL3711_PRODUCT_ID,
67           .driver_info          = PN533_DEVICE_STD,
68         },
69         { .match_flags          = USB_DEVICE_ID_MATCH_DEVICE,
70           .idVendor             = SONY_VENDOR_ID,
71           .idProduct            = PASORI_PRODUCT_ID,
72           .driver_info          = PN533_DEVICE_PASORI,
73         },
74         { }
75 };
76 MODULE_DEVICE_TABLE(usb, pn533_table);
77
78 /* How much time we spend listening for initiators */
79 #define PN533_LISTEN_TIME 2
80
81 /* frame definitions */
82 #define PN533_NORMAL_FRAME_MAX_LEN 262  /* 6   (PREAMBLE, SOF, LEN, LCS, TFI)
83                                            254 (DATA)
84                                            2   (DCS, postamble) */
85 #define PN533_FRAME_HEADER_LEN (sizeof(struct pn533_frame) \
86                                         + 2) /* data[0] TFI, data[1] CC */
87 #define PN533_FRAME_TAIL_LEN 2 /* data[len] DCS, data[len + 1] postamble*/
88
89 /*
90  * Max extended frame payload len, excluding TFI and CC
91  * which are already in PN533_FRAME_HEADER_LEN.
92  */
93 #define PN533_FRAME_MAX_PAYLOAD_LEN 263
94
95 #define PN533_FRAME_SIZE(f) (sizeof(struct pn533_frame) + f->datalen + \
96                                 PN533_FRAME_TAIL_LEN)
97 #define PN533_FRAME_ACK_SIZE (sizeof(struct pn533_frame) + 1)
98 #define PN533_FRAME_CHECKSUM(f) (f->data[f->datalen])
99 #define PN533_FRAME_POSTAMBLE(f) (f->data[f->datalen + 1])
100
101 /* start of frame */
102 #define PN533_SOF 0x00FF
103
104 /* frame identifier: in/out/error */
105 #define PN533_FRAME_IDENTIFIER(f) (f->data[0])
106 #define PN533_DIR_OUT 0xD4
107 #define PN533_DIR_IN 0xD5
108
109 /* PN533 Commands */
110 #define PN533_FRAME_CMD(f) (f->data[1])
111 #define PN533_FRAME_CMD_PARAMS_PTR(f) (&f->data[2])
112 #define PN533_FRAME_CMD_PARAMS_LEN(f) (f->datalen - 2)
113
114 #define PN533_CMD_GET_FIRMWARE_VERSION 0x02
115 #define PN533_CMD_RF_CONFIGURATION 0x32
116 #define PN533_CMD_IN_DATA_EXCHANGE 0x40
117 #define PN533_CMD_IN_COMM_THRU     0x42
118 #define PN533_CMD_IN_LIST_PASSIVE_TARGET 0x4A
119 #define PN533_CMD_IN_ATR 0x50
120 #define PN533_CMD_IN_RELEASE 0x52
121 #define PN533_CMD_IN_JUMP_FOR_DEP 0x56
122
123 #define PN533_CMD_TG_INIT_AS_TARGET 0x8c
124 #define PN533_CMD_TG_GET_DATA 0x86
125 #define PN533_CMD_TG_SET_DATA 0x8e
126 #define PN533_CMD_UNDEF 0xff
127
128 #define PN533_CMD_RESPONSE(cmd) (cmd + 1)
129
130 /* PN533 Return codes */
131 #define PN533_CMD_RET_MASK 0x3F
132 #define PN533_CMD_MI_MASK 0x40
133 #define PN533_CMD_RET_SUCCESS 0x00
134
135 struct pn533;
136
137 typedef int (*pn533_cmd_complete_t) (struct pn533 *dev, void *arg,
138                                         u8 *params, int params_len);
139
140 typedef int (*pn533_send_async_complete_t) (struct pn533 *dev, void *arg,
141                                         struct sk_buff *resp);
142
143 /* structs for pn533 commands */
144
145 /* PN533_CMD_GET_FIRMWARE_VERSION */
146 struct pn533_fw_version {
147         u8 ic;
148         u8 ver;
149         u8 rev;
150         u8 support;
151 };
152
153 /* PN533_CMD_RF_CONFIGURATION */
154 #define PN533_CFGITEM_TIMING 0x02
155 #define PN533_CFGITEM_MAX_RETRIES 0x05
156 #define PN533_CFGITEM_PASORI 0x82
157
158 #define PN533_CONFIG_TIMING_102 0xb
159 #define PN533_CONFIG_TIMING_204 0xc
160 #define PN533_CONFIG_TIMING_409 0xd
161 #define PN533_CONFIG_TIMING_819 0xe
162
163 #define PN533_CONFIG_MAX_RETRIES_NO_RETRY 0x00
164 #define PN533_CONFIG_MAX_RETRIES_ENDLESS 0xFF
165
166 struct pn533_config_max_retries {
167         u8 mx_rty_atr;
168         u8 mx_rty_psl;
169         u8 mx_rty_passive_act;
170 } __packed;
171
172 struct pn533_config_timing {
173         u8 rfu;
174         u8 atr_res_timeout;
175         u8 dep_timeout;
176 } __packed;
177
178 /* PN533_CMD_IN_LIST_PASSIVE_TARGET */
179
180 /* felica commands opcode */
181 #define PN533_FELICA_OPC_SENSF_REQ 0
182 #define PN533_FELICA_OPC_SENSF_RES 1
183 /* felica SENSF_REQ parameters */
184 #define PN533_FELICA_SENSF_SC_ALL 0xFFFF
185 #define PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE 0
186 #define PN533_FELICA_SENSF_RC_SYSTEM_CODE 1
187 #define PN533_FELICA_SENSF_RC_ADVANCED_PROTOCOL 2
188
189 /* type B initiator_data values */
190 #define PN533_TYPE_B_AFI_ALL_FAMILIES 0
191 #define PN533_TYPE_B_POLL_METHOD_TIMESLOT 0
192 #define PN533_TYPE_B_POLL_METHOD_PROBABILISTIC 1
193
194 union pn533_cmd_poll_initdata {
195         struct {
196                 u8 afi;
197                 u8 polling_method;
198         } __packed type_b;
199         struct {
200                 u8 opcode;
201                 __be16 sc;
202                 u8 rc;
203                 u8 tsn;
204         } __packed felica;
205 };
206
207 /* Poll modulations */
208 enum {
209         PN533_POLL_MOD_106KBPS_A,
210         PN533_POLL_MOD_212KBPS_FELICA,
211         PN533_POLL_MOD_424KBPS_FELICA,
212         PN533_POLL_MOD_106KBPS_JEWEL,
213         PN533_POLL_MOD_847KBPS_B,
214         PN533_LISTEN_MOD,
215
216         __PN533_POLL_MOD_AFTER_LAST,
217 };
218 #define PN533_POLL_MOD_MAX (__PN533_POLL_MOD_AFTER_LAST - 1)
219
220 struct pn533_poll_modulations {
221         struct {
222                 u8 maxtg;
223                 u8 brty;
224                 union pn533_cmd_poll_initdata initiator_data;
225         } __packed data;
226         u8 len;
227 };
228
229 const struct pn533_poll_modulations poll_mod[] = {
230         [PN533_POLL_MOD_106KBPS_A] = {
231                 .data = {
232                         .maxtg = 1,
233                         .brty = 0,
234                 },
235                 .len = 2,
236         },
237         [PN533_POLL_MOD_212KBPS_FELICA] = {
238                 .data = {
239                         .maxtg = 1,
240                         .brty = 1,
241                         .initiator_data.felica = {
242                                 .opcode = PN533_FELICA_OPC_SENSF_REQ,
243                                 .sc = PN533_FELICA_SENSF_SC_ALL,
244                                 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
245                                 .tsn = 0,
246                         },
247                 },
248                 .len = 7,
249         },
250         [PN533_POLL_MOD_424KBPS_FELICA] = {
251                 .data = {
252                         .maxtg = 1,
253                         .brty = 2,
254                         .initiator_data.felica = {
255                                 .opcode = PN533_FELICA_OPC_SENSF_REQ,
256                                 .sc = PN533_FELICA_SENSF_SC_ALL,
257                                 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
258                                 .tsn = 0,
259                         },
260                  },
261                 .len = 7,
262         },
263         [PN533_POLL_MOD_106KBPS_JEWEL] = {
264                 .data = {
265                         .maxtg = 1,
266                         .brty = 4,
267                 },
268                 .len = 2,
269         },
270         [PN533_POLL_MOD_847KBPS_B] = {
271                 .data = {
272                         .maxtg = 1,
273                         .brty = 8,
274                         .initiator_data.type_b = {
275                                 .afi = PN533_TYPE_B_AFI_ALL_FAMILIES,
276                                 .polling_method =
277                                         PN533_TYPE_B_POLL_METHOD_TIMESLOT,
278                         },
279                 },
280                 .len = 3,
281         },
282         [PN533_LISTEN_MOD] = {
283                 .len = 0,
284         },
285 };
286
287 /* PN533_CMD_IN_ATR */
288
289 struct pn533_cmd_activate_response {
290         u8 status;
291         u8 nfcid3t[10];
292         u8 didt;
293         u8 bst;
294         u8 brt;
295         u8 to;
296         u8 ppt;
297         /* optional */
298         u8 gt[];
299 } __packed;
300
301 struct pn533_cmd_jump_dep_response {
302         u8 status;
303         u8 tg;
304         u8 nfcid3t[10];
305         u8 didt;
306         u8 bst;
307         u8 brt;
308         u8 to;
309         u8 ppt;
310         /* optional */
311         u8 gt[];
312 } __packed;
313
314
315 /* PN533_TG_INIT_AS_TARGET */
316 #define PN533_INIT_TARGET_PASSIVE 0x1
317 #define PN533_INIT_TARGET_DEP 0x2
318
319 #define PN533_INIT_TARGET_RESP_FRAME_MASK 0x3
320 #define PN533_INIT_TARGET_RESP_ACTIVE     0x1
321 #define PN533_INIT_TARGET_RESP_DEP        0x4
322
323 struct pn533 {
324         struct usb_device *udev;
325         struct usb_interface *interface;
326         struct nfc_dev *nfc_dev;
327
328         struct urb *out_urb;
329         struct pn533_frame *out_frame;
330
331         struct urb *in_urb;
332         struct pn533_frame *in_frame;
333
334         struct sk_buff_head resp_q;
335
336         struct workqueue_struct *wq;
337         struct work_struct cmd_work;
338         struct work_struct cmd_complete_work;
339         struct work_struct poll_work;
340         struct work_struct mi_work;
341         struct work_struct tg_work;
342         struct timer_list listen_timer;
343         struct pn533_frame *wq_in_frame;
344         int wq_in_error;
345         int cancel_listen;
346
347         pn533_cmd_complete_t cmd_complete;
348         void *cmd_complete_arg;
349         void *cmd_complete_mi_arg;
350         struct mutex cmd_lock;
351         u8 cmd;
352
353         struct pn533_poll_modulations *poll_mod_active[PN533_POLL_MOD_MAX + 1];
354         u8 poll_mod_count;
355         u8 poll_mod_curr;
356         u32 poll_protocols;
357         u32 listen_protocols;
358
359         u8 *gb;
360         size_t gb_len;
361
362         u8 tgt_available_prots;
363         u8 tgt_active_prot;
364         u8 tgt_mode;
365
366         u32 device_type;
367
368         struct list_head cmd_queue;
369         u8 cmd_pending;
370 };
371
372 struct pn533_cmd {
373         struct list_head queue;
374         struct pn533_frame *out_frame;
375         struct pn533_frame *in_frame;
376         int in_frame_len;
377         u8 cmd_code;
378         struct sk_buff *req;
379         struct sk_buff *resp;
380         pn533_cmd_complete_t cmd_complete;
381         void *arg;
382 };
383
384 struct pn533_frame {
385         u8 preamble;
386         __be16 start_frame;
387         u8 datalen;
388         u8 datalen_checksum;
389         u8 data[];
390 } __packed;
391
392 /* The rule: value + checksum = 0 */
393 static inline u8 pn533_checksum(u8 value)
394 {
395         return ~value + 1;
396 }
397
398 /* The rule: sum(data elements) + checksum = 0 */
399 static u8 pn533_data_checksum(u8 *data, int datalen)
400 {
401         u8 sum = 0;
402         int i;
403
404         for (i = 0; i < datalen; i++)
405                 sum += data[i];
406
407         return pn533_checksum(sum);
408 }
409
410 /**
411  * pn533_tx_frame_ack - create a ack frame
412  * @frame:      The frame to be set as ack
413  *
414  * Ack is different type of standard frame. As a standard frame, it has
415  * preamble and start_frame. However the checksum of this frame must fail,
416  * i.e. datalen + datalen_checksum must NOT be zero. When the checksum test
417  * fails and datalen = 0 and datalen_checksum = 0xFF, the frame is a ack.
418  * After datalen_checksum field, the postamble is placed.
419  */
420 static void pn533_tx_frame_ack(struct pn533_frame *frame)
421 {
422         frame->preamble = 0;
423         frame->start_frame = cpu_to_be16(PN533_SOF);
424         frame->datalen = 0;
425         frame->datalen_checksum = 0xFF;
426         /* data[0] is used as postamble */
427         frame->data[0] = 0;
428 }
429
430 static void pn533_tx_frame_init(struct pn533_frame *frame, u8 cmd)
431 {
432         frame->preamble = 0;
433         frame->start_frame = cpu_to_be16(PN533_SOF);
434         PN533_FRAME_IDENTIFIER(frame) = PN533_DIR_OUT;
435         PN533_FRAME_CMD(frame) = cmd;
436         frame->datalen = 2;
437 }
438
439 static void pn533_tx_frame_finish(struct pn533_frame *frame)
440 {
441         frame->datalen_checksum = pn533_checksum(frame->datalen);
442
443         PN533_FRAME_CHECKSUM(frame) =
444                 pn533_data_checksum(frame->data, frame->datalen);
445
446         PN533_FRAME_POSTAMBLE(frame) = 0;
447 }
448
449 static bool pn533_rx_frame_is_valid(struct pn533_frame *frame)
450 {
451         u8 checksum;
452
453         if (frame->start_frame != cpu_to_be16(PN533_SOF))
454                 return false;
455
456         checksum = pn533_checksum(frame->datalen);
457         if (checksum != frame->datalen_checksum)
458                 return false;
459
460         checksum = pn533_data_checksum(frame->data, frame->datalen);
461         if (checksum != PN533_FRAME_CHECKSUM(frame))
462                 return false;
463
464         return true;
465 }
466
467 static bool pn533_rx_frame_is_ack(struct pn533_frame *frame)
468 {
469         if (frame->start_frame != cpu_to_be16(PN533_SOF))
470                 return false;
471
472         if (frame->datalen != 0 || frame->datalen_checksum != 0xFF)
473                 return false;
474
475         return true;
476 }
477
478 static bool pn533_rx_frame_is_cmd_response(struct pn533_frame *frame, u8 cmd)
479 {
480         return (PN533_FRAME_CMD(frame) == PN533_CMD_RESPONSE(cmd));
481 }
482
483
484 static void pn533_wq_cmd_complete(struct work_struct *work)
485 {
486         struct pn533 *dev = container_of(work, struct pn533, cmd_complete_work);
487         struct pn533_frame *in_frame;
488         int rc;
489
490         in_frame = dev->wq_in_frame;
491
492         if (dev->wq_in_error)
493                 rc = dev->cmd_complete(dev, dev->cmd_complete_arg, NULL,
494                                                         dev->wq_in_error);
495         else
496                 rc = dev->cmd_complete(dev, dev->cmd_complete_arg,
497                                         PN533_FRAME_CMD_PARAMS_PTR(in_frame),
498                                         PN533_FRAME_CMD_PARAMS_LEN(in_frame));
499
500         if (rc != -EINPROGRESS)
501                 queue_work(dev->wq, &dev->cmd_work);
502 }
503
504 static void pn533_recv_response(struct urb *urb)
505 {
506         struct pn533 *dev = urb->context;
507         struct pn533_frame *in_frame;
508
509         dev->wq_in_frame = NULL;
510
511         switch (urb->status) {
512         case 0:
513                 /* success */
514                 break;
515         case -ECONNRESET:
516         case -ENOENT:
517         case -ESHUTDOWN:
518                 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
519                                                 " status: %d", urb->status);
520                 dev->wq_in_error = urb->status;
521                 goto sched_wq;
522         default:
523                 nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
524                                                         " %d", urb->status);
525                 dev->wq_in_error = urb->status;
526                 goto sched_wq;
527         }
528
529         in_frame = dev->in_urb->transfer_buffer;
530
531         print_hex_dump(KERN_DEBUG, "PN533 RX: ", DUMP_PREFIX_NONE, 16, 1,
532                        in_frame, PN533_FRAME_SIZE(in_frame), false);
533
534         if (!pn533_rx_frame_is_valid(in_frame)) {
535                 nfc_dev_err(&dev->interface->dev, "Received an invalid frame");
536                 dev->wq_in_error = -EIO;
537                 goto sched_wq;
538         }
539
540         if (!pn533_rx_frame_is_cmd_response(in_frame, dev->cmd)) {
541                 nfc_dev_err(&dev->interface->dev, "The received frame is not "
542                                                 "response to the last command");
543                 dev->wq_in_error = -EIO;
544                 goto sched_wq;
545         }
546
547         nfc_dev_dbg(&dev->interface->dev, "Received a valid frame");
548         dev->wq_in_error = 0;
549         dev->wq_in_frame = in_frame;
550
551 sched_wq:
552         queue_work(dev->wq, &dev->cmd_complete_work);
553 }
554
555 static int pn533_submit_urb_for_response(struct pn533 *dev, gfp_t flags)
556 {
557         dev->in_urb->complete = pn533_recv_response;
558
559         return usb_submit_urb(dev->in_urb, flags);
560 }
561
562 static void pn533_recv_ack(struct urb *urb)
563 {
564         struct pn533 *dev = urb->context;
565         struct pn533_frame *in_frame;
566         int rc;
567
568         switch (urb->status) {
569         case 0:
570                 /* success */
571                 break;
572         case -ECONNRESET:
573         case -ENOENT:
574         case -ESHUTDOWN:
575                 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
576                                                 " status: %d", urb->status);
577                 dev->wq_in_error = urb->status;
578                 goto sched_wq;
579         default:
580                 nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
581                                                         " %d", urb->status);
582                 dev->wq_in_error = urb->status;
583                 goto sched_wq;
584         }
585
586         in_frame = dev->in_urb->transfer_buffer;
587
588         if (!pn533_rx_frame_is_ack(in_frame)) {
589                 nfc_dev_err(&dev->interface->dev, "Received an invalid ack");
590                 dev->wq_in_error = -EIO;
591                 goto sched_wq;
592         }
593
594         nfc_dev_dbg(&dev->interface->dev, "Received a valid ack");
595
596         rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
597         if (rc) {
598                 nfc_dev_err(&dev->interface->dev, "usb_submit_urb failed with"
599                                                         " result %d", rc);
600                 dev->wq_in_error = rc;
601                 goto sched_wq;
602         }
603
604         return;
605
606 sched_wq:
607         dev->wq_in_frame = NULL;
608         queue_work(dev->wq, &dev->cmd_complete_work);
609 }
610
611 static int pn533_submit_urb_for_ack(struct pn533 *dev, gfp_t flags)
612 {
613         dev->in_urb->complete = pn533_recv_ack;
614
615         return usb_submit_urb(dev->in_urb, flags);
616 }
617
618 static int pn533_send_ack(struct pn533 *dev, gfp_t flags)
619 {
620         int rc;
621
622         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
623
624         pn533_tx_frame_ack(dev->out_frame);
625
626         dev->out_urb->transfer_buffer = dev->out_frame;
627         dev->out_urb->transfer_buffer_length = PN533_FRAME_ACK_SIZE;
628         rc = usb_submit_urb(dev->out_urb, flags);
629
630         return rc;
631 }
632
633 static int __pn533_send_cmd_frame_async(struct pn533 *dev,
634                                         struct pn533_frame *out_frame,
635                                         struct pn533_frame *in_frame,
636                                         int in_frame_len,
637                                         pn533_cmd_complete_t cmd_complete,
638                                         void *arg)
639 {
640         int rc;
641
642         nfc_dev_dbg(&dev->interface->dev, "Sending command 0x%x",
643                                                 PN533_FRAME_CMD(out_frame));
644
645         dev->cmd = PN533_FRAME_CMD(out_frame);
646         dev->cmd_complete = cmd_complete;
647         dev->cmd_complete_arg = arg;
648
649         dev->out_urb->transfer_buffer = out_frame;
650         dev->out_urb->transfer_buffer_length =
651                                 PN533_FRAME_SIZE(out_frame);
652
653         dev->in_urb->transfer_buffer = in_frame;
654         dev->in_urb->transfer_buffer_length = in_frame_len;
655
656         print_hex_dump(KERN_DEBUG, "PN533 TX: ", DUMP_PREFIX_NONE, 16, 1,
657                        out_frame, PN533_FRAME_SIZE(out_frame), false);
658
659         rc = usb_submit_urb(dev->out_urb, GFP_KERNEL);
660         if (rc)
661                 return rc;
662
663         rc = pn533_submit_urb_for_ack(dev, GFP_KERNEL);
664         if (rc)
665                 goto error;
666
667         return 0;
668
669 error:
670         usb_unlink_urb(dev->out_urb);
671         return rc;
672 }
673
674 static void pn533_build_cmd_frame(u8 cmd_code, struct sk_buff *skb)
675 {
676         struct pn533_frame *frame;
677         /* payload is already there, just update datalen */
678         int payload_len = skb->len;
679
680         skb_push(skb, PN533_FRAME_HEADER_LEN);
681         skb_put(skb, PN533_FRAME_TAIL_LEN);
682
683         frame = (struct pn533_frame *)skb->data;
684
685         pn533_tx_frame_init(frame, cmd_code);
686         frame->datalen += payload_len;
687         pn533_tx_frame_finish(frame);
688 }
689
690 struct pn533_send_async_complete_arg {
691         pn533_send_async_complete_t  complete_cb;
692         void *complete_cb_context;
693         struct sk_buff *resp;
694         struct sk_buff *req;
695 };
696
697 static int pn533_send_async_complete(struct pn533 *dev, void *_arg, u8 *params,
698                                      int params_len)
699 {
700         struct pn533_send_async_complete_arg *arg = _arg;
701
702         struct sk_buff *req = arg->req;
703         struct sk_buff *resp = arg->resp;
704
705         struct pn533_frame *frame = (struct pn533_frame *)resp->data;
706         int rc;
707
708         dev_kfree_skb(req);
709
710         if (params_len < 0) {
711                 nfc_dev_err(&dev->interface->dev,
712                             "Error %d when starting as a target",
713                             params_len);
714
715                 arg->complete_cb(dev, arg->complete_cb_context,
716                                  ERR_PTR(params_len));
717                 rc = params_len;
718                 dev_kfree_skb(resp);
719                 goto out;
720         }
721
722         skb_put(resp, PN533_FRAME_SIZE(frame));
723         skb_pull(resp, PN533_FRAME_HEADER_LEN);
724         skb_trim(resp, resp->len - PN533_FRAME_TAIL_LEN);
725
726         rc = arg->complete_cb(dev, arg->complete_cb_context, resp);
727
728 out:
729         kfree(arg);
730         return rc;
731 }
732
733 static int __pn533_send_async(struct pn533 *dev, u8 cmd_code,
734                               struct sk_buff *req, struct sk_buff *resp,
735                               int resp_len,
736                               pn533_send_async_complete_t complete_cb,
737                               void *complete_cb_context)
738 {
739         struct pn533_cmd *cmd;
740         struct pn533_send_async_complete_arg *arg;
741         int rc = 0;
742
743         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
744
745         arg = kzalloc(sizeof(arg), GFP_KERNEL);
746         if (!arg)
747                 return -ENOMEM;
748
749         arg->complete_cb = complete_cb;
750         arg->complete_cb_context = complete_cb_context;
751         arg->resp = resp;
752         arg->req = req;
753
754         pn533_build_cmd_frame(cmd_code, req);
755
756         mutex_lock(&dev->cmd_lock);
757
758         if (!dev->cmd_pending) {
759                 rc = __pn533_send_cmd_frame_async(dev,
760                                                   (struct pn533_frame *)req->data,
761                                                   (struct pn533_frame *)resp->data,
762                                                   resp_len, pn533_send_async_complete,
763                                                   arg);
764                 if (rc)
765                         goto error;
766
767                 dev->cmd_pending = 1;
768                 goto unlock;
769         }
770
771         nfc_dev_dbg(&dev->interface->dev, "%s Queueing command", __func__);
772
773         cmd = kzalloc(sizeof(struct pn533_cmd), GFP_KERNEL);
774         if (!cmd) {
775                 rc = -ENOMEM;
776                 goto error;
777         }
778
779         INIT_LIST_HEAD(&cmd->queue);
780         cmd->cmd_code = cmd_code;
781         cmd->req = req;
782         cmd->resp = resp;
783         cmd->arg = arg;
784
785         list_add_tail(&cmd->queue, &dev->cmd_queue);
786
787         goto unlock;
788
789 error:
790         kfree(arg);
791 unlock:
792         mutex_unlock(&dev->cmd_lock);
793         return rc;
794 }
795
796 static int pn533_send_data_async(struct pn533 *dev, u8 cmd_code,
797                                  struct sk_buff *req,
798                                  pn533_send_async_complete_t complete_cb,
799                                  void *complete_cb_context)
800 {
801         struct sk_buff *resp;
802         int rc;
803         int  resp_len = PN533_FRAME_HEADER_LEN +
804                         PN533_FRAME_MAX_PAYLOAD_LEN +
805                         PN533_FRAME_TAIL_LEN;
806
807         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
808
809         resp = nfc_alloc_recv_skb(resp_len, GFP_KERNEL);
810         if (!resp)
811                 return -ENOMEM;
812
813         rc = __pn533_send_async(dev, cmd_code, req, resp, resp_len, complete_cb,
814                                 complete_cb_context);
815         if (rc)
816                 dev_kfree_skb(resp);
817
818         return rc;
819 }
820
821 static int pn533_send_cmd_async(struct pn533 *dev, u8 cmd_code,
822                                 struct sk_buff *req,
823                                 pn533_send_async_complete_t complete_cb,
824                                 void *complete_cb_context)
825 {
826         struct sk_buff *resp;
827         int rc;
828
829         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
830
831         resp = alloc_skb(PN533_NORMAL_FRAME_MAX_LEN, GFP_KERNEL);
832         if (!resp)
833                 return -ENOMEM;
834
835         rc = __pn533_send_async(dev, cmd_code, req, resp,
836                                 PN533_NORMAL_FRAME_MAX_LEN,
837                                 complete_cb, complete_cb_context);
838         if (rc)
839                 dev_kfree_skb(resp);
840
841         return rc;
842 }
843
844 /*
845  * pn533_send_cmd_direct_async
846  *
847  * The function sends a piority cmd directly to the chip omiting the cmd
848  * queue. It's intended to be used by chaining mechanism of received responses
849  * where the host has to request every single chunk of data before scheduling
850  * next cmd from the queue.
851  */
852 static int pn533_send_cmd_direct_async(struct pn533 *dev, u8 cmd_code,
853                                        struct sk_buff *req,
854                                        pn533_send_async_complete_t complete_cb,
855                                        void *complete_cb_context)
856 {
857         struct pn533_send_async_complete_arg *arg;
858         struct sk_buff *resp;
859         int rc;
860         int resp_len = PN533_FRAME_HEADER_LEN +
861                        PN533_FRAME_MAX_PAYLOAD_LEN +
862                        PN533_FRAME_TAIL_LEN;
863
864         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
865
866         resp = alloc_skb(resp_len, GFP_KERNEL);
867         if (!resp)
868                 return -ENOMEM;
869
870         arg = kzalloc(sizeof(arg), GFP_KERNEL);
871         if (!arg) {
872                 dev_kfree_skb(resp);
873                 return -ENOMEM;
874         }
875
876         arg->complete_cb = complete_cb;
877         arg->complete_cb_context = complete_cb_context;
878         arg->resp = resp;
879         arg->req = req;
880
881         pn533_build_cmd_frame(cmd_code, req);
882
883         rc = __pn533_send_cmd_frame_async(dev, (struct pn533_frame *)req->data,
884                                           (struct pn533_frame *)resp->data,
885                                           resp_len, pn533_send_async_complete,
886                                           arg);
887         if (rc < 0) {
888                 dev_kfree_skb(resp);
889                 kfree(arg);
890         }
891
892         return rc;
893 }
894
895 static void pn533_wq_cmd(struct work_struct *work)
896 {
897         struct pn533 *dev = container_of(work, struct pn533, cmd_work);
898         struct pn533_cmd *cmd;
899
900         mutex_lock(&dev->cmd_lock);
901
902         if (list_empty(&dev->cmd_queue)) {
903                 dev->cmd_pending = 0;
904                 mutex_unlock(&dev->cmd_lock);
905                 return;
906         }
907
908         cmd = list_first_entry(&dev->cmd_queue, struct pn533_cmd, queue);
909
910         list_del(&cmd->queue);
911
912         mutex_unlock(&dev->cmd_lock);
913
914         if (cmd->cmd_code != PN533_CMD_UNDEF)
915                 __pn533_send_cmd_frame_async(dev,
916                                              (struct pn533_frame *)cmd->req->data,
917                                              (struct pn533_frame *)cmd->resp->data,
918                                              PN533_NORMAL_FRAME_MAX_LEN,
919                                              pn533_send_async_complete,
920                                              cmd->arg);
921         else
922                 __pn533_send_cmd_frame_async(dev, cmd->out_frame, cmd->in_frame,
923                                              cmd->in_frame_len,
924                                              cmd->cmd_complete, cmd->arg);
925
926         kfree(cmd);
927 }
928
929 static int pn533_send_cmd_frame_async(struct pn533 *dev,
930                                         struct pn533_frame *out_frame,
931                                         struct pn533_frame *in_frame,
932                                         int in_frame_len,
933                                         pn533_cmd_complete_t cmd_complete,
934                                         void *arg)
935 {
936         struct pn533_cmd *cmd;
937         int rc = 0;
938
939         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
940
941         mutex_lock(&dev->cmd_lock);
942
943         if (!dev->cmd_pending) {
944                 rc = __pn533_send_cmd_frame_async(dev, out_frame, in_frame,
945                                                   in_frame_len, cmd_complete,
946                                                   arg);
947                 if (!rc)
948                         dev->cmd_pending = 1;
949
950                 goto unlock;
951         }
952
953         nfc_dev_dbg(&dev->interface->dev, "%s Queueing command", __func__);
954
955         cmd = kzalloc(sizeof(struct pn533_cmd), GFP_KERNEL);
956         if (!cmd) {
957                 rc = -ENOMEM;
958                 goto unlock;
959         }
960
961         INIT_LIST_HEAD(&cmd->queue);
962         cmd->out_frame = out_frame;
963         cmd->in_frame = in_frame;
964         cmd->in_frame_len = in_frame_len;
965         cmd->cmd_code = PN533_CMD_UNDEF;
966         cmd->cmd_complete = cmd_complete;
967         cmd->arg = arg;
968
969         list_add_tail(&cmd->queue, &dev->cmd_queue);
970
971 unlock:
972         mutex_unlock(&dev->cmd_lock);
973
974         return rc;
975 }
976
977 struct pn533_sync_cmd_response {
978         struct sk_buff *resp;
979         struct completion done;
980 };
981
982 static int pn533_send_sync_complete(struct pn533 *dev, void *_arg,
983                                     struct sk_buff *resp)
984 {
985         struct pn533_sync_cmd_response *arg = _arg;
986
987         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
988
989         arg->resp = resp;
990         complete(&arg->done);
991
992         return 0;
993 }
994
995 /*  pn533_send_cmd_sync
996  *
997  *  Please note the req parameter is freed inside the function to
998  *  limit a number of return value interpretations by the caller.
999  *
1000  *  1. negative in case of error during TX path -> req should be freed
1001  *
1002  *  2. negative in case of error during RX path -> req should not be freed
1003  *     as it's been already freed at the begining of RX path by
1004  *     async_complete_cb.
1005  *
1006  *  3. valid pointer in case of succesfult RX path
1007  *
1008  *  A caller has to check a return value with IS_ERR macro. If the test pass,
1009  *  the returned pointer is valid.
1010  *
1011  * */
1012 static struct sk_buff *pn533_send_cmd_sync(struct pn533 *dev, u8 cmd_code,
1013                                                struct sk_buff *req)
1014 {
1015         int rc;
1016         struct pn533_sync_cmd_response arg;
1017
1018         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1019
1020         init_completion(&arg.done);
1021
1022         rc = pn533_send_cmd_async(dev, cmd_code, req,
1023                                   pn533_send_sync_complete, &arg);
1024         if (rc) {
1025                 dev_kfree_skb(req);
1026                 return ERR_PTR(rc);
1027         }
1028
1029         wait_for_completion(&arg.done);
1030
1031         return arg.resp;
1032 }
1033
1034 static void pn533_send_complete(struct urb *urb)
1035 {
1036         struct pn533 *dev = urb->context;
1037
1038         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1039
1040         switch (urb->status) {
1041         case 0:
1042                 /* success */
1043                 break;
1044         case -ECONNRESET:
1045         case -ENOENT:
1046         case -ESHUTDOWN:
1047                 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
1048                                                 " status: %d", urb->status);
1049                 break;
1050         default:
1051                 nfc_dev_dbg(&dev->interface->dev, "Nonzero urb status received:"
1052                                                         " %d", urb->status);
1053         }
1054 }
1055
1056 static struct sk_buff *pn533_alloc_skb(unsigned int size)
1057 {
1058         struct sk_buff *skb;
1059
1060         skb = alloc_skb(PN533_FRAME_HEADER_LEN +
1061                         size +
1062                         PN533_FRAME_TAIL_LEN, GFP_KERNEL);
1063
1064         if (skb)
1065                 skb_reserve(skb, PN533_FRAME_HEADER_LEN);
1066
1067         return skb;
1068 }
1069
1070 struct pn533_target_type_a {
1071         __be16 sens_res;
1072         u8 sel_res;
1073         u8 nfcid_len;
1074         u8 nfcid_data[];
1075 } __packed;
1076
1077
1078 #define PN533_TYPE_A_SENS_RES_NFCID1(x) ((u8)((be16_to_cpu(x) & 0x00C0) >> 6))
1079 #define PN533_TYPE_A_SENS_RES_SSD(x) ((u8)((be16_to_cpu(x) & 0x001F) >> 0))
1080 #define PN533_TYPE_A_SENS_RES_PLATCONF(x) ((u8)((be16_to_cpu(x) & 0x0F00) >> 8))
1081
1082 #define PN533_TYPE_A_SENS_RES_SSD_JEWEL 0x00
1083 #define PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL 0x0C
1084
1085 #define PN533_TYPE_A_SEL_PROT(x) (((x) & 0x60) >> 5)
1086 #define PN533_TYPE_A_SEL_CASCADE(x) (((x) & 0x04) >> 2)
1087
1088 #define PN533_TYPE_A_SEL_PROT_MIFARE 0
1089 #define PN533_TYPE_A_SEL_PROT_ISO14443 1
1090 #define PN533_TYPE_A_SEL_PROT_DEP 2
1091 #define PN533_TYPE_A_SEL_PROT_ISO14443_DEP 3
1092
1093 static bool pn533_target_type_a_is_valid(struct pn533_target_type_a *type_a,
1094                                                         int target_data_len)
1095 {
1096         u8 ssd;
1097         u8 platconf;
1098
1099         if (target_data_len < sizeof(struct pn533_target_type_a))
1100                 return false;
1101
1102         /* The lenght check of nfcid[] and ats[] are not being performed because
1103            the values are not being used */
1104
1105         /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
1106         ssd = PN533_TYPE_A_SENS_RES_SSD(type_a->sens_res);
1107         platconf = PN533_TYPE_A_SENS_RES_PLATCONF(type_a->sens_res);
1108
1109         if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1110                         platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
1111                         (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1112                         platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
1113                 return false;
1114
1115         /* Requirements 4.8.2.1, 4.8.2.3, 4.8.2.5 and 4.8.2.7 from NFC Forum */
1116         if (PN533_TYPE_A_SEL_CASCADE(type_a->sel_res) != 0)
1117                 return false;
1118
1119         return true;
1120 }
1121
1122 static int pn533_target_found_type_a(struct nfc_target *nfc_tgt, u8 *tgt_data,
1123                                                         int tgt_data_len)
1124 {
1125         struct pn533_target_type_a *tgt_type_a;
1126
1127         tgt_type_a = (struct pn533_target_type_a *) tgt_data;
1128
1129         if (!pn533_target_type_a_is_valid(tgt_type_a, tgt_data_len))
1130                 return -EPROTO;
1131
1132         switch (PN533_TYPE_A_SEL_PROT(tgt_type_a->sel_res)) {
1133         case PN533_TYPE_A_SEL_PROT_MIFARE:
1134                 nfc_tgt->supported_protocols = NFC_PROTO_MIFARE_MASK;
1135                 break;
1136         case PN533_TYPE_A_SEL_PROT_ISO14443:
1137                 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK;
1138                 break;
1139         case PN533_TYPE_A_SEL_PROT_DEP:
1140                 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1141                 break;
1142         case PN533_TYPE_A_SEL_PROT_ISO14443_DEP:
1143                 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK |
1144                                                         NFC_PROTO_NFC_DEP_MASK;
1145                 break;
1146         }
1147
1148         nfc_tgt->sens_res = be16_to_cpu(tgt_type_a->sens_res);
1149         nfc_tgt->sel_res = tgt_type_a->sel_res;
1150         nfc_tgt->nfcid1_len = tgt_type_a->nfcid_len;
1151         memcpy(nfc_tgt->nfcid1, tgt_type_a->nfcid_data, nfc_tgt->nfcid1_len);
1152
1153         return 0;
1154 }
1155
1156 struct pn533_target_felica {
1157         u8 pol_res;
1158         u8 opcode;
1159         u8 nfcid2[8];
1160         u8 pad[8];
1161         /* optional */
1162         u8 syst_code[];
1163 } __packed;
1164
1165 #define PN533_FELICA_SENSF_NFCID2_DEP_B1 0x01
1166 #define PN533_FELICA_SENSF_NFCID2_DEP_B2 0xFE
1167
1168 static bool pn533_target_felica_is_valid(struct pn533_target_felica *felica,
1169                                                         int target_data_len)
1170 {
1171         if (target_data_len < sizeof(struct pn533_target_felica))
1172                 return false;
1173
1174         if (felica->opcode != PN533_FELICA_OPC_SENSF_RES)
1175                 return false;
1176
1177         return true;
1178 }
1179
1180 static int pn533_target_found_felica(struct nfc_target *nfc_tgt, u8 *tgt_data,
1181                                                         int tgt_data_len)
1182 {
1183         struct pn533_target_felica *tgt_felica;
1184
1185         tgt_felica = (struct pn533_target_felica *) tgt_data;
1186
1187         if (!pn533_target_felica_is_valid(tgt_felica, tgt_data_len))
1188                 return -EPROTO;
1189
1190         if (tgt_felica->nfcid2[0] == PN533_FELICA_SENSF_NFCID2_DEP_B1 &&
1191                                         tgt_felica->nfcid2[1] ==
1192                                         PN533_FELICA_SENSF_NFCID2_DEP_B2)
1193                 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1194         else
1195                 nfc_tgt->supported_protocols = NFC_PROTO_FELICA_MASK;
1196
1197         memcpy(nfc_tgt->sensf_res, &tgt_felica->opcode, 9);
1198         nfc_tgt->sensf_res_len = 9;
1199
1200         return 0;
1201 }
1202
1203 struct pn533_target_jewel {
1204         __be16 sens_res;
1205         u8 jewelid[4];
1206 } __packed;
1207
1208 static bool pn533_target_jewel_is_valid(struct pn533_target_jewel *jewel,
1209                                                         int target_data_len)
1210 {
1211         u8 ssd;
1212         u8 platconf;
1213
1214         if (target_data_len < sizeof(struct pn533_target_jewel))
1215                 return false;
1216
1217         /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
1218         ssd = PN533_TYPE_A_SENS_RES_SSD(jewel->sens_res);
1219         platconf = PN533_TYPE_A_SENS_RES_PLATCONF(jewel->sens_res);
1220
1221         if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1222                         platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
1223                         (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1224                         platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
1225                 return false;
1226
1227         return true;
1228 }
1229
1230 static int pn533_target_found_jewel(struct nfc_target *nfc_tgt, u8 *tgt_data,
1231                                                         int tgt_data_len)
1232 {
1233         struct pn533_target_jewel *tgt_jewel;
1234
1235         tgt_jewel = (struct pn533_target_jewel *) tgt_data;
1236
1237         if (!pn533_target_jewel_is_valid(tgt_jewel, tgt_data_len))
1238                 return -EPROTO;
1239
1240         nfc_tgt->supported_protocols = NFC_PROTO_JEWEL_MASK;
1241         nfc_tgt->sens_res = be16_to_cpu(tgt_jewel->sens_res);
1242         nfc_tgt->nfcid1_len = 4;
1243         memcpy(nfc_tgt->nfcid1, tgt_jewel->jewelid, nfc_tgt->nfcid1_len);
1244
1245         return 0;
1246 }
1247
1248 struct pn533_type_b_prot_info {
1249         u8 bitrate;
1250         u8 fsci_type;
1251         u8 fwi_adc_fo;
1252 } __packed;
1253
1254 #define PN533_TYPE_B_PROT_FCSI(x) (((x) & 0xF0) >> 4)
1255 #define PN533_TYPE_B_PROT_TYPE(x) (((x) & 0x0F) >> 0)
1256 #define PN533_TYPE_B_PROT_TYPE_RFU_MASK 0x8
1257
1258 struct pn533_type_b_sens_res {
1259         u8 opcode;
1260         u8 nfcid[4];
1261         u8 appdata[4];
1262         struct pn533_type_b_prot_info prot_info;
1263 } __packed;
1264
1265 #define PN533_TYPE_B_OPC_SENSB_RES 0x50
1266
1267 struct pn533_target_type_b {
1268         struct pn533_type_b_sens_res sensb_res;
1269         u8 attrib_res_len;
1270         u8 attrib_res[];
1271 } __packed;
1272
1273 static bool pn533_target_type_b_is_valid(struct pn533_target_type_b *type_b,
1274                                                         int target_data_len)
1275 {
1276         if (target_data_len < sizeof(struct pn533_target_type_b))
1277                 return false;
1278
1279         if (type_b->sensb_res.opcode != PN533_TYPE_B_OPC_SENSB_RES)
1280                 return false;
1281
1282         if (PN533_TYPE_B_PROT_TYPE(type_b->sensb_res.prot_info.fsci_type) &
1283                                                 PN533_TYPE_B_PROT_TYPE_RFU_MASK)
1284                 return false;
1285
1286         return true;
1287 }
1288
1289 static int pn533_target_found_type_b(struct nfc_target *nfc_tgt, u8 *tgt_data,
1290                                                         int tgt_data_len)
1291 {
1292         struct pn533_target_type_b *tgt_type_b;
1293
1294         tgt_type_b = (struct pn533_target_type_b *) tgt_data;
1295
1296         if (!pn533_target_type_b_is_valid(tgt_type_b, tgt_data_len))
1297                 return -EPROTO;
1298
1299         nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_B_MASK;
1300
1301         return 0;
1302 }
1303
1304 static int pn533_target_found(struct pn533 *dev, u8 tg, u8 *tgdata,
1305                               int tgdata_len)
1306 {
1307         struct nfc_target nfc_tgt;
1308         int rc;
1309
1310         nfc_dev_dbg(&dev->interface->dev, "%s - modulation=%d", __func__,
1311                     dev->poll_mod_curr);
1312
1313         if (tg != 1)
1314                 return -EPROTO;
1315
1316         memset(&nfc_tgt, 0, sizeof(struct nfc_target));
1317
1318         switch (dev->poll_mod_curr) {
1319         case PN533_POLL_MOD_106KBPS_A:
1320                 rc = pn533_target_found_type_a(&nfc_tgt, tgdata, tgdata_len);
1321                 break;
1322         case PN533_POLL_MOD_212KBPS_FELICA:
1323         case PN533_POLL_MOD_424KBPS_FELICA:
1324                 rc = pn533_target_found_felica(&nfc_tgt, tgdata, tgdata_len);
1325                 break;
1326         case PN533_POLL_MOD_106KBPS_JEWEL:
1327                 rc = pn533_target_found_jewel(&nfc_tgt, tgdata, tgdata_len);
1328                 break;
1329         case PN533_POLL_MOD_847KBPS_B:
1330                 rc = pn533_target_found_type_b(&nfc_tgt, tgdata, tgdata_len);
1331                 break;
1332         default:
1333                 nfc_dev_err(&dev->interface->dev,
1334                             "Unknown current poll modulation");
1335                 return -EPROTO;
1336         }
1337
1338         if (rc)
1339                 return rc;
1340
1341         if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) {
1342                 nfc_dev_dbg(&dev->interface->dev,
1343                             "The Tg found doesn't have the desired protocol");
1344                 return -EAGAIN;
1345         }
1346
1347         nfc_dev_dbg(&dev->interface->dev,
1348                     "Target found - supported protocols: 0x%x",
1349                     nfc_tgt.supported_protocols);
1350
1351         dev->tgt_available_prots = nfc_tgt.supported_protocols;
1352
1353         nfc_targets_found(dev->nfc_dev, &nfc_tgt, 1);
1354
1355         return 0;
1356 }
1357
1358 static inline void pn533_poll_next_mod(struct pn533 *dev)
1359 {
1360         dev->poll_mod_curr = (dev->poll_mod_curr + 1) % dev->poll_mod_count;
1361 }
1362
1363 static void pn533_poll_reset_mod_list(struct pn533 *dev)
1364 {
1365         dev->poll_mod_count = 0;
1366 }
1367
1368 static void pn533_poll_add_mod(struct pn533 *dev, u8 mod_index)
1369 {
1370         dev->poll_mod_active[dev->poll_mod_count] =
1371                 (struct pn533_poll_modulations *) &poll_mod[mod_index];
1372         dev->poll_mod_count++;
1373 }
1374
1375 static void pn533_poll_create_mod_list(struct pn533 *dev,
1376                                        u32 im_protocols, u32 tm_protocols)
1377 {
1378         pn533_poll_reset_mod_list(dev);
1379
1380         if (im_protocols & NFC_PROTO_MIFARE_MASK
1381             || im_protocols & NFC_PROTO_ISO14443_MASK
1382             || im_protocols & NFC_PROTO_NFC_DEP_MASK)
1383                 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_A);
1384
1385         if (im_protocols & NFC_PROTO_FELICA_MASK
1386             || im_protocols & NFC_PROTO_NFC_DEP_MASK) {
1387                 pn533_poll_add_mod(dev, PN533_POLL_MOD_212KBPS_FELICA);
1388                 pn533_poll_add_mod(dev, PN533_POLL_MOD_424KBPS_FELICA);
1389         }
1390
1391         if (im_protocols & NFC_PROTO_JEWEL_MASK)
1392                 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_JEWEL);
1393
1394         if (im_protocols & NFC_PROTO_ISO14443_B_MASK)
1395                 pn533_poll_add_mod(dev, PN533_POLL_MOD_847KBPS_B);
1396
1397         if (tm_protocols)
1398                 pn533_poll_add_mod(dev, PN533_LISTEN_MOD);
1399 }
1400
1401 static int pn533_start_poll_complete(struct pn533 *dev, struct sk_buff *resp)
1402 {
1403         u8 nbtg, tg, *tgdata;
1404         int rc, tgdata_len;
1405
1406         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1407
1408         nbtg = resp->data[0];
1409         tg = resp->data[1];
1410         tgdata = &resp->data[2];
1411         tgdata_len = resp->len - 2;  /* nbtg + tg */
1412
1413         if (nbtg) {
1414                 rc = pn533_target_found(dev, tg, tgdata, tgdata_len);
1415
1416                 /* We must stop the poll after a valid target found */
1417                 if (rc == 0) {
1418                         pn533_poll_reset_mod_list(dev);
1419                         return 0;
1420                 }
1421         }
1422
1423         return -EAGAIN;
1424 }
1425
1426 static struct sk_buff *pn533_alloc_poll_tg_frame(u8 *gbytes, size_t gbytes_len)
1427 {
1428         struct sk_buff *skb;
1429         u8 *felica, *nfcid3, *gb;
1430
1431         u8 felica_params[18] = {0x1, 0xfe, /* DEP */
1432                                 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, /* random */
1433                                 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
1434                                 0xff, 0xff}; /* System code */
1435
1436         u8 mifare_params[6] = {0x1, 0x1, /* SENS_RES */
1437                                0x0, 0x0, 0x0,
1438                                0x40}; /* SEL_RES for DEP */
1439
1440         unsigned int skb_len = 36 + /* mode (1), mifare (6),
1441                                        felica (18), nfcid3 (10), gb_len (1) */
1442                                gbytes_len +
1443                                1;  /* len Tk*/
1444
1445         skb = pn533_alloc_skb(skb_len);
1446         if (!skb)
1447                 return NULL;
1448
1449         /* DEP support only */
1450         *skb_put(skb, 1) |= PN533_INIT_TARGET_DEP;
1451
1452         /* MIFARE params */
1453         memcpy(skb_put(skb, 6), mifare_params, 6);
1454
1455         /* Felica params */
1456         felica = skb_put(skb, 18);
1457         memcpy(felica, felica_params, 18);
1458         get_random_bytes(felica + 2, 6);
1459
1460         /* NFCID3 */
1461         nfcid3 = skb_put(skb, 10);
1462         memset(nfcid3, 0, 10);
1463         memcpy(nfcid3, felica, 8);
1464
1465         /* General bytes */
1466         *skb_put(skb, 1) = gbytes_len;
1467
1468         gb = skb_put(skb, gbytes_len);
1469         memcpy(gb, gbytes, gbytes_len);
1470
1471         /* Len Tk */
1472         *skb_put(skb, 1) = 0;
1473
1474         return skb;
1475 }
1476
1477 #define PN533_CMD_DATAEXCH_HEAD_LEN 1
1478 #define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
1479 static int pn533_tm_get_data_complete(struct pn533 *dev, void *arg,
1480                                       struct sk_buff *resp)
1481 {
1482         u8 status;
1483
1484         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1485
1486         if (IS_ERR(resp))
1487                 return PTR_ERR(resp);
1488
1489         status = resp->data[0];
1490         skb_pull(resp, sizeof(status));
1491
1492         if (status != 0) {
1493                 nfc_tm_deactivated(dev->nfc_dev);
1494                 dev->tgt_mode = 0;
1495                 dev_kfree_skb(resp);
1496                 return 0;
1497         }
1498
1499         return nfc_tm_data_received(dev->nfc_dev, resp);
1500 }
1501
1502 static void pn533_wq_tg_get_data(struct work_struct *work)
1503 {
1504         struct pn533 *dev = container_of(work, struct pn533, tg_work);
1505
1506         struct sk_buff *skb;
1507         int rc;
1508
1509         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1510
1511         skb = pn533_alloc_skb(0);
1512         if (!skb)
1513                 return;
1514
1515         rc = pn533_send_data_async(dev, PN533_CMD_TG_GET_DATA, skb,
1516                                    pn533_tm_get_data_complete, NULL);
1517
1518         if (rc < 0)
1519                 dev_kfree_skb(skb);
1520
1521         return;
1522 }
1523
1524 #define ATR_REQ_GB_OFFSET 17
1525 static int pn533_init_target_complete(struct pn533 *dev, struct sk_buff *resp)
1526 {
1527         u8 mode, *cmd, comm_mode = NFC_COMM_PASSIVE, *gb;
1528         size_t gb_len;
1529         int rc;
1530
1531         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1532
1533         if (resp->len < ATR_REQ_GB_OFFSET + 1)
1534                 return -EINVAL;
1535
1536         mode = resp->data[0];
1537         cmd = &resp->data[1];
1538
1539         nfc_dev_dbg(&dev->interface->dev, "Target mode 0x%x len %d\n",
1540                     mode, resp->len);
1541
1542         if ((mode & PN533_INIT_TARGET_RESP_FRAME_MASK) ==
1543             PN533_INIT_TARGET_RESP_ACTIVE)
1544                 comm_mode = NFC_COMM_ACTIVE;
1545
1546         if ((mode & PN533_INIT_TARGET_RESP_DEP) == 0)  /* Only DEP supported */
1547                 return -EOPNOTSUPP;
1548
1549         gb = cmd + ATR_REQ_GB_OFFSET;
1550         gb_len = resp->len - (ATR_REQ_GB_OFFSET + 1);
1551
1552         rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
1553                               comm_mode, gb, gb_len);
1554         if (rc < 0) {
1555                 nfc_dev_err(&dev->interface->dev,
1556                             "Error when signaling target activation");
1557                 return rc;
1558         }
1559
1560         dev->tgt_mode = 1;
1561         queue_work(dev->wq, &dev->tg_work);
1562
1563         return 0;
1564 }
1565
1566 static void pn533_listen_mode_timer(unsigned long data)
1567 {
1568         struct pn533 *dev = (struct pn533 *) data;
1569
1570         nfc_dev_dbg(&dev->interface->dev, "Listen mode timeout");
1571
1572         /* An ack will cancel the last issued command (poll) */
1573         pn533_send_ack(dev, GFP_ATOMIC);
1574
1575         dev->cancel_listen = 1;
1576
1577         pn533_poll_next_mod(dev);
1578
1579         queue_work(dev->wq, &dev->poll_work);
1580 }
1581
1582 static int pn533_poll_complete(struct pn533 *dev, void *arg,
1583                                struct sk_buff *resp)
1584 {
1585         struct pn533_poll_modulations *cur_mod;
1586         int rc;
1587
1588         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1589
1590         if (IS_ERR(resp)) {
1591                 rc = PTR_ERR(resp);
1592
1593                 nfc_dev_err(&dev->interface->dev, "%s  Poll complete error %d",
1594                             __func__, rc);
1595
1596                 if (rc == -ENOENT) {
1597                         if (dev->poll_mod_count != 0)
1598                                 return rc;
1599                         else
1600                                 goto stop_poll;
1601                 } else if (rc < 0) {
1602                         nfc_dev_err(&dev->interface->dev,
1603                                     "Error %d when running poll", rc);
1604                         goto stop_poll;
1605                 }
1606         }
1607
1608         cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1609
1610         if (cur_mod->len == 0) { /* Target mode */
1611                 del_timer(&dev->listen_timer);
1612                 rc = pn533_init_target_complete(dev, resp);
1613                 goto done;
1614         }
1615
1616         /* Initiator mode */
1617         rc = pn533_start_poll_complete(dev, resp);
1618         if (!rc)
1619                 goto done;
1620
1621         pn533_poll_next_mod(dev);
1622         queue_work(dev->wq, &dev->poll_work);
1623
1624 done:
1625         dev_kfree_skb(resp);
1626         return rc;
1627
1628 stop_poll:
1629         nfc_dev_err(&dev->interface->dev, "Polling operation has been stopped");
1630
1631         pn533_poll_reset_mod_list(dev);
1632         dev->poll_protocols = 0;
1633         return rc;
1634 }
1635
1636 static struct sk_buff *pn533_alloc_poll_in_frame(struct pn533_poll_modulations
1637                                                  *mod)
1638 {
1639         struct sk_buff *skb;
1640
1641         skb = pn533_alloc_skb(mod->len);
1642         if (!skb)
1643                 return NULL;
1644
1645         memcpy(skb_put(skb, mod->len), &mod->data, mod->len);
1646
1647         return skb;
1648 }
1649
1650 static int pn533_send_poll_frame(struct pn533 *dev)
1651 {
1652         struct pn533_poll_modulations *mod;
1653         struct sk_buff *skb;
1654         int rc;
1655         u8 cmd_code;
1656
1657         mod = dev->poll_mod_active[dev->poll_mod_curr];
1658
1659         nfc_dev_dbg(&dev->interface->dev, "%s mod len %d\n",
1660                     __func__, mod->len);
1661
1662         if (mod->len == 0) {  /* Listen mode */
1663                 cmd_code = PN533_CMD_TG_INIT_AS_TARGET;
1664                 skb = pn533_alloc_poll_tg_frame(dev->gb, dev->gb_len);
1665         } else {  /* Polling mode */
1666                 cmd_code =  PN533_CMD_IN_LIST_PASSIVE_TARGET;
1667                 skb = pn533_alloc_poll_in_frame(mod);
1668         }
1669
1670         if (!skb) {
1671                 nfc_dev_err(&dev->interface->dev, "Failed to allocate skb.");
1672                 return -ENOMEM;
1673         }
1674
1675         rc = pn533_send_cmd_async(dev, cmd_code, skb, pn533_poll_complete,
1676                                   NULL);
1677         if (rc < 0) {
1678                 dev_kfree_skb(skb);
1679                 nfc_dev_err(&dev->interface->dev, "Polling loop error %d", rc);
1680         }
1681
1682         return rc;
1683 }
1684
1685 static void pn533_wq_poll(struct work_struct *work)
1686 {
1687         struct pn533 *dev = container_of(work, struct pn533, poll_work);
1688         struct pn533_poll_modulations *cur_mod;
1689         int rc;
1690
1691         cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1692
1693         nfc_dev_dbg(&dev->interface->dev,
1694                     "%s cancel_listen %d modulation len %d",
1695                     __func__, dev->cancel_listen, cur_mod->len);
1696
1697         if (dev->cancel_listen == 1) {
1698                 dev->cancel_listen = 0;
1699                 usb_kill_urb(dev->in_urb);
1700         }
1701
1702         rc = pn533_send_poll_frame(dev);
1703         if (rc)
1704                 return;
1705
1706         if (cur_mod->len == 0 && dev->poll_mod_count > 1)
1707                 mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
1708
1709         return;
1710 }
1711
1712 static int pn533_start_poll(struct nfc_dev *nfc_dev,
1713                             u32 im_protocols, u32 tm_protocols)
1714 {
1715         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1716
1717         nfc_dev_dbg(&dev->interface->dev,
1718                     "%s: im protocols 0x%x tm protocols 0x%x",
1719                     __func__, im_protocols, tm_protocols);
1720
1721         if (dev->tgt_active_prot) {
1722                 nfc_dev_err(&dev->interface->dev,
1723                             "Cannot poll with a target already activated");
1724                 return -EBUSY;
1725         }
1726
1727         if (dev->tgt_mode) {
1728                 nfc_dev_err(&dev->interface->dev,
1729                             "Cannot poll while already being activated");
1730                 return -EBUSY;
1731         }
1732
1733         if (tm_protocols) {
1734                 dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
1735                 if (dev->gb == NULL)
1736                         tm_protocols = 0;
1737         }
1738
1739         dev->poll_mod_curr = 0;
1740         pn533_poll_create_mod_list(dev, im_protocols, tm_protocols);
1741         dev->poll_protocols = im_protocols;
1742         dev->listen_protocols = tm_protocols;
1743
1744         return pn533_send_poll_frame(dev);
1745 }
1746
1747 static void pn533_stop_poll(struct nfc_dev *nfc_dev)
1748 {
1749         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1750
1751         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1752
1753         del_timer(&dev->listen_timer);
1754
1755         if (!dev->poll_mod_count) {
1756                 nfc_dev_dbg(&dev->interface->dev, "Polling operation was not"
1757                                                                 " running");
1758                 return;
1759         }
1760
1761         /* An ack will cancel the last issued command (poll) */
1762         pn533_send_ack(dev, GFP_KERNEL);
1763
1764         /* prevent pn533_start_poll_complete to issue a new poll meanwhile */
1765         usb_kill_urb(dev->in_urb);
1766
1767         pn533_poll_reset_mod_list(dev);
1768 }
1769
1770 static int pn533_activate_target_nfcdep(struct pn533 *dev)
1771 {
1772         struct pn533_cmd_activate_response *rsp;
1773         u16 gt_len;
1774         int rc;
1775
1776         struct sk_buff *skb;
1777         struct sk_buff *resp;
1778
1779         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1780
1781         skb = pn533_alloc_skb(sizeof(u8) * 2); /*TG + Next*/
1782         if (!skb)
1783                 return -ENOMEM;
1784
1785         *skb_put(skb, sizeof(u8)) = 1; /* TG */
1786         *skb_put(skb, sizeof(u8)) = 0; /* Next */
1787
1788         resp = pn533_send_cmd_sync(dev, PN533_CMD_IN_ATR, skb);
1789         if (IS_ERR(resp))
1790                 return PTR_ERR(resp);
1791
1792         rsp = (struct pn533_cmd_activate_response *) resp->data;
1793         rc = rsp->status & PN533_CMD_RET_MASK;
1794         if (rc != PN533_CMD_RET_SUCCESS)
1795                 dev_kfree_skb(resp);
1796                 return -EIO;
1797
1798         /* ATR_RES general bytes are located at offset 16 */
1799         gt_len = resp->len - 16;
1800         rc = nfc_set_remote_general_bytes(dev->nfc_dev, rsp->gt, gt_len);
1801
1802         dev_kfree_skb(resp);
1803         return rc;
1804 }
1805
1806 static int pn533_activate_target(struct nfc_dev *nfc_dev,
1807                                  struct nfc_target *target, u32 protocol)
1808 {
1809         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1810         int rc;
1811
1812         nfc_dev_dbg(&dev->interface->dev, "%s - protocol=%u", __func__,
1813                                                                 protocol);
1814
1815         if (dev->poll_mod_count) {
1816                 nfc_dev_err(&dev->interface->dev, "Cannot activate while"
1817                                                                 " polling");
1818                 return -EBUSY;
1819         }
1820
1821         if (dev->tgt_active_prot) {
1822                 nfc_dev_err(&dev->interface->dev, "There is already an active"
1823                                                                 " target");
1824                 return -EBUSY;
1825         }
1826
1827         if (!dev->tgt_available_prots) {
1828                 nfc_dev_err(&dev->interface->dev, "There is no available target"
1829                                                                 " to activate");
1830                 return -EINVAL;
1831         }
1832
1833         if (!(dev->tgt_available_prots & (1 << protocol))) {
1834                 nfc_dev_err(&dev->interface->dev, "The target does not support"
1835                                         " the requested protocol %u", protocol);
1836                 return -EINVAL;
1837         }
1838
1839         if (protocol == NFC_PROTO_NFC_DEP) {
1840                 rc = pn533_activate_target_nfcdep(dev);
1841                 if (rc) {
1842                         nfc_dev_err(&dev->interface->dev, "Error %d when"
1843                                                 " activating target with"
1844                                                 " NFC_DEP protocol", rc);
1845                         return rc;
1846                 }
1847         }
1848
1849         dev->tgt_active_prot = protocol;
1850         dev->tgt_available_prots = 0;
1851
1852         return 0;
1853 }
1854
1855 static void pn533_deactivate_target(struct nfc_dev *nfc_dev,
1856                                     struct nfc_target *target)
1857 {
1858         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1859
1860         struct sk_buff *skb;
1861         struct sk_buff *resp;
1862
1863         int rc;
1864
1865         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1866
1867         if (!dev->tgt_active_prot) {
1868                 nfc_dev_err(&dev->interface->dev, "There is no active target");
1869                 return;
1870         }
1871
1872         dev->tgt_active_prot = 0;
1873         skb_queue_purge(&dev->resp_q);
1874
1875         skb = pn533_alloc_skb(sizeof(u8));
1876         if (!skb)
1877                 return;
1878
1879         *skb_put(skb, 1) = 1; /* TG*/
1880
1881         resp = pn533_send_cmd_sync(dev, PN533_CMD_IN_RELEASE, skb);
1882         if (IS_ERR(resp))
1883                 return;
1884
1885         rc = resp->data[0] & PN533_CMD_RET_MASK;
1886         if (rc != PN533_CMD_RET_SUCCESS)
1887                 nfc_dev_err(&dev->interface->dev, "Error 0x%x when releasing"
1888                                                         " the target", rc);
1889
1890         dev_kfree_skb(resp);
1891         return;
1892 }
1893
1894
1895 static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg,
1896                                          struct sk_buff *resp)
1897 {
1898         struct pn533_cmd_jump_dep_response *rsp;
1899         u8 target_gt_len;
1900         int rc;
1901         u8 active = *(u8 *)arg;
1902
1903         kfree(arg);
1904
1905         if (IS_ERR(resp))
1906                 return PTR_ERR(resp);
1907
1908         if (dev->tgt_available_prots &&
1909             !(dev->tgt_available_prots & (1 << NFC_PROTO_NFC_DEP))) {
1910                 nfc_dev_err(&dev->interface->dev,
1911                         "The target does not support DEP");
1912                 rc =  -EINVAL;
1913                 goto error;
1914         }
1915
1916         rsp = (struct pn533_cmd_jump_dep_response *)resp->data;
1917
1918         rc = rsp->status & PN533_CMD_RET_MASK;
1919         if (rc != PN533_CMD_RET_SUCCESS) {
1920                 nfc_dev_err(&dev->interface->dev,
1921                                 "Bringing DEP link up failed %d", rc);
1922                 goto error;
1923         }
1924
1925         if (!dev->tgt_available_prots) {
1926                 struct nfc_target nfc_target;
1927
1928                 nfc_dev_dbg(&dev->interface->dev, "Creating new target");
1929
1930                 nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1931                 nfc_target.nfcid1_len = 10;
1932                 memcpy(nfc_target.nfcid1, rsp->nfcid3t, nfc_target.nfcid1_len);
1933                 rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
1934                 if (rc)
1935                         goto error;
1936
1937                 dev->tgt_available_prots = 0;
1938         }
1939
1940         dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
1941
1942         /* ATR_RES general bytes are located at offset 17 */
1943         target_gt_len = resp->len - 17;
1944         rc = nfc_set_remote_general_bytes(dev->nfc_dev,
1945                                           rsp->gt, target_gt_len);
1946         if (rc == 0)
1947                 rc = nfc_dep_link_is_up(dev->nfc_dev,
1948                                         dev->nfc_dev->targets[0].idx,
1949                                         !active, NFC_RF_INITIATOR);
1950
1951 error:
1952         dev_kfree_skb(resp);
1953         return rc;
1954 }
1955
1956 static int pn533_mod_to_baud(struct pn533 *dev)
1957 {
1958         switch (dev->poll_mod_curr) {
1959         case PN533_POLL_MOD_106KBPS_A:
1960                 return 0;
1961         case PN533_POLL_MOD_212KBPS_FELICA:
1962                 return 1;
1963         case PN533_POLL_MOD_424KBPS_FELICA:
1964                 return 2;
1965         default:
1966                 return -EINVAL;
1967         }
1968 }
1969
1970 #define PASSIVE_DATA_LEN 5
1971 static int pn533_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
1972                              u8 comm_mode, u8* gb, size_t gb_len)
1973 {
1974         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1975         struct sk_buff *skb;
1976         int rc, baud, skb_len;
1977         u8 *next, *arg;
1978
1979         u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
1980
1981         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1982
1983         if (dev->poll_mod_count) {
1984                 nfc_dev_err(&dev->interface->dev,
1985                                 "Cannot bring the DEP link up while polling");
1986                 return -EBUSY;
1987         }
1988
1989         if (dev->tgt_active_prot) {
1990                 nfc_dev_err(&dev->interface->dev,
1991                                 "There is already an active target");
1992                 return -EBUSY;
1993         }
1994
1995         baud = pn533_mod_to_baud(dev);
1996         if (baud < 0) {
1997                 nfc_dev_err(&dev->interface->dev,
1998                             "Invalid curr modulation %d", dev->poll_mod_curr);
1999                 return baud;
2000         }
2001
2002         skb_len = 3 + gb_len; /* ActPass + BR + Next */
2003         if (comm_mode == NFC_COMM_PASSIVE)
2004                 skb_len += PASSIVE_DATA_LEN;
2005
2006         skb = pn533_alloc_skb(skb_len);
2007         if (!skb)
2008                 return -ENOMEM;
2009
2010         *skb_put(skb, 1) = !comm_mode;  /* ActPass */
2011         *skb_put(skb, 1) = baud;  /* Baud rate */
2012
2013         next = skb_put(skb, 1);  /* Next */
2014         *next = 0;
2015
2016         if (comm_mode == NFC_COMM_PASSIVE && baud > 0) {
2017                 memcpy(skb_put(skb, PASSIVE_DATA_LEN), passive_data,
2018                        PASSIVE_DATA_LEN);
2019                 *next |= 1;
2020         }
2021
2022         if (gb != NULL && gb_len > 0) {
2023                 memcpy(skb_put(skb, gb_len), gb, gb_len);
2024                 *next |= 4; /* We have some Gi */
2025         } else {
2026                 *next = 0;
2027         }
2028
2029         arg = kmalloc(sizeof(*arg), GFP_KERNEL);
2030         if (!arg) {
2031                 dev_kfree_skb(skb);
2032                 return -ENOMEM;
2033         }
2034
2035         *arg = !comm_mode;
2036
2037         rc = pn533_send_cmd_async(dev, PN533_CMD_IN_JUMP_FOR_DEP, skb,
2038                                   pn533_in_dep_link_up_complete, arg);
2039
2040         if (rc < 0) {
2041                 dev_kfree_skb(skb);
2042                 kfree(arg);
2043         }
2044
2045         return rc;
2046 }
2047
2048 static int pn533_dep_link_down(struct nfc_dev *nfc_dev)
2049 {
2050         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2051
2052         pn533_poll_reset_mod_list(dev);
2053
2054         if (dev->tgt_mode || dev->tgt_active_prot) {
2055                 pn533_send_ack(dev, GFP_KERNEL);
2056                 usb_kill_urb(dev->in_urb);
2057         }
2058
2059         dev->tgt_active_prot = 0;
2060         dev->tgt_mode = 0;
2061
2062         skb_queue_purge(&dev->resp_q);
2063
2064         return 0;
2065 }
2066
2067 struct pn533_data_exchange_arg {
2068         data_exchange_cb_t cb;
2069         void *cb_context;
2070 };
2071
2072 static struct sk_buff *pn533_build_response(struct pn533 *dev)
2073 {
2074         struct sk_buff *skb, *tmp, *t;
2075         unsigned int skb_len = 0, tmp_len = 0;
2076
2077         nfc_dev_dbg(&dev->interface->dev, "%s\n", __func__);
2078
2079         if (skb_queue_empty(&dev->resp_q))
2080                 return NULL;
2081
2082         if (skb_queue_len(&dev->resp_q) == 1) {
2083                 skb = skb_dequeue(&dev->resp_q);
2084                 goto out;
2085         }
2086
2087         skb_queue_walk_safe(&dev->resp_q, tmp, t)
2088                 skb_len += tmp->len;
2089
2090         nfc_dev_dbg(&dev->interface->dev, "%s total length %d\n",
2091                     __func__, skb_len);
2092
2093         skb = alloc_skb(skb_len, GFP_KERNEL);
2094         if (skb == NULL)
2095                 goto out;
2096
2097         skb_put(skb, skb_len);
2098
2099         skb_queue_walk_safe(&dev->resp_q, tmp, t) {
2100                 memcpy(skb->data + tmp_len, tmp->data, tmp->len);
2101                 tmp_len += tmp->len;
2102         }
2103
2104 out:
2105         skb_queue_purge(&dev->resp_q);
2106
2107         return skb;
2108 }
2109
2110 static int pn533_data_exchange_complete(struct pn533 *dev, void *_arg,
2111                                         struct sk_buff *resp)
2112 {
2113         struct pn533_data_exchange_arg *arg = _arg;
2114         struct sk_buff *skb;
2115         int rc = 0;
2116         u8 status, ret, mi;
2117
2118         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2119
2120         if (IS_ERR(resp)) {
2121                 rc = PTR_ERR(resp);
2122                 goto _error;
2123         }
2124
2125         status = resp->data[0];
2126         ret = status & PN533_CMD_RET_MASK;
2127         mi = status & PN533_CMD_MI_MASK;
2128
2129         skb_pull(resp, sizeof(status));
2130
2131         if (ret != PN533_CMD_RET_SUCCESS) {
2132                 nfc_dev_err(&dev->interface->dev,
2133                             "PN533 reported error %d when exchanging data",
2134                             ret);
2135                 rc = -EIO;
2136                 goto error;
2137         }
2138
2139         skb_queue_tail(&dev->resp_q, resp);
2140
2141         if (mi) {
2142                 dev->cmd_complete_mi_arg = arg;
2143                 queue_work(dev->wq, &dev->mi_work);
2144                 return -EINPROGRESS;
2145         }
2146
2147         skb = pn533_build_response(dev);
2148         if (!skb)
2149                 goto error;
2150
2151         arg->cb(arg->cb_context, skb, 0);
2152         kfree(arg);
2153         return 0;
2154
2155 error:
2156         dev_kfree_skb(resp);
2157 _error:
2158         skb_queue_purge(&dev->resp_q);
2159         arg->cb(arg->cb_context, NULL, rc);
2160         kfree(arg);
2161         return rc;
2162 }
2163
2164 static int pn533_transceive(struct nfc_dev *nfc_dev,
2165                             struct nfc_target *target, struct sk_buff *skb,
2166                             data_exchange_cb_t cb, void *cb_context)
2167 {
2168         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2169         struct pn533_data_exchange_arg *arg = NULL;
2170         int rc;
2171
2172         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2173
2174         if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
2175                 /* TODO: Implement support to multi-part data exchange */
2176                 nfc_dev_err(&dev->interface->dev,
2177                             "Data length greater than the max allowed: %d",
2178                             PN533_CMD_DATAEXCH_DATA_MAXLEN);
2179                 rc = -ENOSYS;
2180                 goto error;
2181         }
2182
2183         if (!dev->tgt_active_prot) {
2184                 nfc_dev_err(&dev->interface->dev, "Cannot exchange data if"
2185                                                 " there is no active target");
2186                 rc = -EINVAL;
2187                 goto error;
2188         }
2189
2190         arg = kmalloc(sizeof(*arg), GFP_KERNEL);
2191         if (!arg) {
2192                 rc = -ENOMEM;
2193                 goto error;
2194         }
2195
2196         arg->cb = cb;
2197         arg->cb_context = cb_context;
2198
2199         switch (dev->device_type) {
2200         case PN533_DEVICE_PASORI:
2201                 if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
2202                         rc = pn533_send_data_async(dev, PN533_CMD_IN_COMM_THRU,
2203                                                    skb,
2204                                                    pn533_data_exchange_complete,
2205                                                    arg);
2206
2207                         break;
2208                 }
2209         default:
2210                 *skb_push(skb, sizeof(u8)) =  1; /*TG*/
2211
2212                 rc = pn533_send_data_async(dev, PN533_CMD_IN_DATA_EXCHANGE,
2213                                            skb, pn533_data_exchange_complete,
2214                                            arg);
2215
2216                 break;
2217         }
2218
2219         if (rc < 0) /* rc from send_async */
2220                 goto error;
2221
2222         return 0;
2223
2224 error:
2225         kfree(arg);
2226         dev_kfree_skb(skb);
2227         return rc;
2228 }
2229
2230 static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
2231                                   struct sk_buff *resp)
2232 {
2233         u8 status;
2234
2235         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2236
2237         if (IS_ERR(resp))
2238                 return PTR_ERR(resp);
2239
2240         status = resp->data[0];
2241
2242         dev_kfree_skb(resp);
2243
2244         if (status != 0) {
2245                 nfc_tm_deactivated(dev->nfc_dev);
2246
2247                 dev->tgt_mode = 0;
2248
2249                 return 0;
2250         }
2251
2252         queue_work(dev->wq, &dev->tg_work);
2253
2254         return 0;
2255 }
2256
2257 static int pn533_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb)
2258 {
2259         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2260         int rc;
2261
2262         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2263
2264         if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
2265                 nfc_dev_err(&dev->interface->dev,
2266                             "Data length greater than the max allowed: %d",
2267                             PN533_CMD_DATAEXCH_DATA_MAXLEN);
2268                 return -ENOSYS;
2269         }
2270
2271         rc = pn533_send_data_async(dev, PN533_CMD_TG_SET_DATA, skb,
2272                                    pn533_tm_send_complete, NULL);
2273         if (rc < 0)
2274                 dev_kfree_skb(skb);
2275
2276         return rc;
2277 }
2278
2279 static void pn533_wq_mi_recv(struct work_struct *work)
2280 {
2281         struct pn533 *dev = container_of(work, struct pn533, mi_work);
2282
2283         struct sk_buff *skb;
2284         int rc;
2285
2286         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2287
2288         skb = pn533_alloc_skb(PN533_CMD_DATAEXCH_HEAD_LEN);
2289         if (!skb)
2290                 goto error;
2291
2292         switch (dev->device_type) {
2293         case PN533_DEVICE_PASORI:
2294                 if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
2295                         rc = pn533_send_cmd_direct_async(dev,
2296                                                 PN533_CMD_IN_COMM_THRU,
2297                                                 skb,
2298                                                 pn533_data_exchange_complete,
2299                                                  dev->cmd_complete_mi_arg);
2300
2301                         break;
2302                 }
2303         default:
2304                 *skb_put(skb, sizeof(u8)) =  1; /*TG*/
2305
2306                 rc = pn533_send_cmd_direct_async(dev,
2307                                                  PN533_CMD_IN_DATA_EXCHANGE,
2308                                                  skb,
2309                                                  pn533_data_exchange_complete,
2310                                                  dev->cmd_complete_mi_arg);
2311
2312                 break;
2313         }
2314
2315         if (rc == 0) /* success */
2316                 return;
2317
2318         nfc_dev_err(&dev->interface->dev,
2319                     "Error %d when trying to perform data_exchange", rc);
2320
2321         dev_kfree_skb(skb);
2322         kfree(dev->cmd_complete_arg);
2323
2324 error:
2325         pn533_send_ack(dev, GFP_KERNEL);
2326         queue_work(dev->wq, &dev->cmd_work);
2327 }
2328
2329 static int pn533_set_configuration(struct pn533 *dev, u8 cfgitem, u8 *cfgdata,
2330                                                                 u8 cfgdata_len)
2331 {
2332         struct sk_buff *skb;
2333         struct sk_buff *resp;
2334
2335         int skb_len;
2336
2337         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2338
2339         skb_len = sizeof(cfgitem) + cfgdata_len; /* cfgitem + cfgdata */
2340
2341         skb = pn533_alloc_skb(skb_len);
2342         if (!skb)
2343                 return -ENOMEM;
2344
2345         *skb_put(skb, sizeof(cfgitem)) = cfgitem;
2346         memcpy(skb_put(skb, cfgdata_len), cfgdata, cfgdata_len);
2347
2348         resp = pn533_send_cmd_sync(dev, PN533_CMD_RF_CONFIGURATION, skb);
2349         if (IS_ERR(resp))
2350                 return PTR_ERR(resp);
2351
2352         dev_kfree_skb(resp);
2353         return 0;
2354 }
2355
2356 static int pn533_get_firmware_version(struct pn533 *dev,
2357                                       struct pn533_fw_version *fv)
2358 {
2359         struct sk_buff *skb;
2360         struct sk_buff *resp;
2361
2362         skb = pn533_alloc_skb(0);
2363         if (!skb)
2364                 return -ENOMEM;
2365
2366         resp = pn533_send_cmd_sync(dev, PN533_CMD_GET_FIRMWARE_VERSION, skb);
2367         if (IS_ERR(resp))
2368                 return PTR_ERR(resp);
2369
2370         fv->ic = resp->data[0];
2371         fv->ver = resp->data[1];
2372         fv->rev = resp->data[2];
2373         fv->support = resp->data[3];
2374
2375         dev_kfree_skb(resp);
2376         return 0;
2377 }
2378
2379 static int pn533_fw_reset(struct pn533 *dev)
2380 {
2381         struct sk_buff *skb;
2382         struct sk_buff *resp;
2383
2384         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2385
2386         skb = pn533_alloc_skb(sizeof(u8));
2387         if (!skb)
2388                 return -ENOMEM;
2389
2390         *skb_put(skb, sizeof(u8)) = 0x1;
2391
2392         resp = pn533_send_cmd_sync(dev, 0x18, skb);
2393         if (IS_ERR(resp))
2394                 return PTR_ERR(resp);
2395
2396         dev_kfree_skb(resp);
2397
2398         return 0;
2399 }
2400
2401 static struct nfc_ops pn533_nfc_ops = {
2402         .dev_up = NULL,
2403         .dev_down = NULL,
2404         .dep_link_up = pn533_dep_link_up,
2405         .dep_link_down = pn533_dep_link_down,
2406         .start_poll = pn533_start_poll,
2407         .stop_poll = pn533_stop_poll,
2408         .activate_target = pn533_activate_target,
2409         .deactivate_target = pn533_deactivate_target,
2410         .im_transceive = pn533_transceive,
2411         .tm_send = pn533_tm_send,
2412 };
2413
2414 static int pn533_setup(struct pn533 *dev)
2415 {
2416         struct pn533_config_max_retries max_retries;
2417         struct pn533_config_timing timing;
2418         u8 pasori_cfg[3] = {0x08, 0x01, 0x08};
2419         int rc;
2420
2421         switch (dev->device_type) {
2422         case PN533_DEVICE_STD:
2423                 max_retries.mx_rty_atr = PN533_CONFIG_MAX_RETRIES_ENDLESS;
2424                 max_retries.mx_rty_psl = 2;
2425                 max_retries.mx_rty_passive_act =
2426                         PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2427
2428                 timing.rfu = PN533_CONFIG_TIMING_102;
2429                 timing.atr_res_timeout = PN533_CONFIG_TIMING_204;
2430                 timing.dep_timeout = PN533_CONFIG_TIMING_409;
2431
2432                 break;
2433
2434         case PN533_DEVICE_PASORI:
2435                 max_retries.mx_rty_atr = 0x2;
2436                 max_retries.mx_rty_psl = 0x1;
2437                 max_retries.mx_rty_passive_act =
2438                         PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2439
2440                 timing.rfu = PN533_CONFIG_TIMING_102;
2441                 timing.atr_res_timeout = PN533_CONFIG_TIMING_102;
2442                 timing.dep_timeout = PN533_CONFIG_TIMING_204;
2443
2444                 break;
2445
2446         default:
2447                 nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2448                             dev->device_type);
2449                 return -EINVAL;
2450         }
2451
2452         rc = pn533_set_configuration(dev, PN533_CFGITEM_MAX_RETRIES,
2453                                      (u8 *)&max_retries, sizeof(max_retries));
2454         if (rc) {
2455                 nfc_dev_err(&dev->interface->dev,
2456                             "Error on setting MAX_RETRIES config");
2457                 return rc;
2458         }
2459
2460
2461         rc = pn533_set_configuration(dev, PN533_CFGITEM_TIMING,
2462                                      (u8 *)&timing, sizeof(timing));
2463         if (rc) {
2464                 nfc_dev_err(&dev->interface->dev,
2465                             "Error on setting RF timings");
2466                 return rc;
2467         }
2468
2469         switch (dev->device_type) {
2470         case PN533_DEVICE_STD:
2471                 break;
2472
2473         case PN533_DEVICE_PASORI:
2474                 pn533_fw_reset(dev);
2475
2476                 rc = pn533_set_configuration(dev, PN533_CFGITEM_PASORI,
2477                                              pasori_cfg, 3);
2478                 if (rc) {
2479                         nfc_dev_err(&dev->interface->dev,
2480                                     "Error while settings PASORI config");
2481                         return rc;
2482                 }
2483
2484                 pn533_fw_reset(dev);
2485
2486                 break;
2487         }
2488
2489         return 0;
2490 }
2491
2492 static int pn533_probe(struct usb_interface *interface,
2493                         const struct usb_device_id *id)
2494 {
2495         struct pn533_fw_version fw_ver;
2496         struct pn533 *dev;
2497         struct usb_host_interface *iface_desc;
2498         struct usb_endpoint_descriptor *endpoint;
2499         int in_endpoint = 0;
2500         int out_endpoint = 0;
2501         int rc = -ENOMEM;
2502         int i;
2503         u32 protocols;
2504
2505         dev = kzalloc(sizeof(*dev), GFP_KERNEL);
2506         if (!dev)
2507                 return -ENOMEM;
2508
2509         dev->udev = usb_get_dev(interface_to_usbdev(interface));
2510         dev->interface = interface;
2511         mutex_init(&dev->cmd_lock);
2512
2513         iface_desc = interface->cur_altsetting;
2514         for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
2515                 endpoint = &iface_desc->endpoint[i].desc;
2516
2517                 if (!in_endpoint && usb_endpoint_is_bulk_in(endpoint))
2518                         in_endpoint = endpoint->bEndpointAddress;
2519
2520                 if (!out_endpoint && usb_endpoint_is_bulk_out(endpoint))
2521                         out_endpoint = endpoint->bEndpointAddress;
2522         }
2523
2524         if (!in_endpoint || !out_endpoint) {
2525                 nfc_dev_err(&interface->dev, "Could not find bulk-in or"
2526                                                         " bulk-out endpoint");
2527                 rc = -ENODEV;
2528                 goto error;
2529         }
2530
2531         dev->in_frame = kmalloc(PN533_NORMAL_FRAME_MAX_LEN, GFP_KERNEL);
2532         dev->in_urb = usb_alloc_urb(0, GFP_KERNEL);
2533         dev->out_frame = kmalloc(PN533_NORMAL_FRAME_MAX_LEN, GFP_KERNEL);
2534         dev->out_urb = usb_alloc_urb(0, GFP_KERNEL);
2535
2536         if (!dev->in_frame || !dev->out_frame ||
2537                 !dev->in_urb || !dev->out_urb)
2538                 goto error;
2539
2540         usb_fill_bulk_urb(dev->in_urb, dev->udev,
2541                         usb_rcvbulkpipe(dev->udev, in_endpoint),
2542                         NULL, 0, NULL, dev);
2543         usb_fill_bulk_urb(dev->out_urb, dev->udev,
2544                         usb_sndbulkpipe(dev->udev, out_endpoint),
2545                         NULL, 0,
2546                         pn533_send_complete, dev);
2547
2548         INIT_WORK(&dev->cmd_work, pn533_wq_cmd);
2549         INIT_WORK(&dev->cmd_complete_work, pn533_wq_cmd_complete);
2550         INIT_WORK(&dev->mi_work, pn533_wq_mi_recv);
2551         INIT_WORK(&dev->tg_work, pn533_wq_tg_get_data);
2552         INIT_WORK(&dev->poll_work, pn533_wq_poll);
2553         dev->wq = alloc_ordered_workqueue("pn533", 0);
2554         if (dev->wq == NULL)
2555                 goto error;
2556
2557         init_timer(&dev->listen_timer);
2558         dev->listen_timer.data = (unsigned long) dev;
2559         dev->listen_timer.function = pn533_listen_mode_timer;
2560
2561         skb_queue_head_init(&dev->resp_q);
2562
2563         INIT_LIST_HEAD(&dev->cmd_queue);
2564
2565         usb_set_intfdata(interface, dev);
2566
2567         memset(&fw_ver, 0, sizeof(fw_ver));
2568         rc = pn533_get_firmware_version(dev, &fw_ver);
2569         if (rc < 0)
2570                 goto destroy_wq;
2571
2572         nfc_dev_info(&dev->interface->dev,
2573                      "NXP PN533 firmware ver %d.%d now attached",
2574                      fw_ver.ver, fw_ver.rev);
2575
2576         dev->device_type = id->driver_info;
2577         switch (dev->device_type) {
2578         case PN533_DEVICE_STD:
2579                 protocols = PN533_ALL_PROTOCOLS;
2580                 break;
2581
2582         case PN533_DEVICE_PASORI:
2583                 protocols = PN533_NO_TYPE_B_PROTOCOLS;
2584                 break;
2585
2586         default:
2587                 nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2588                             dev->device_type);
2589                 rc = -EINVAL;
2590                 goto destroy_wq;
2591         }
2592
2593         dev->nfc_dev = nfc_allocate_device(&pn533_nfc_ops, protocols,
2594                                            PN533_FRAME_HEADER_LEN +
2595                                            PN533_CMD_DATAEXCH_HEAD_LEN,
2596                                            PN533_FRAME_TAIL_LEN);
2597         if (!dev->nfc_dev)
2598                 goto destroy_wq;
2599
2600         nfc_set_parent_dev(dev->nfc_dev, &interface->dev);
2601         nfc_set_drvdata(dev->nfc_dev, dev);
2602
2603         rc = nfc_register_device(dev->nfc_dev);
2604         if (rc)
2605                 goto free_nfc_dev;
2606
2607         rc = pn533_setup(dev);
2608         if (rc)
2609                 goto unregister_nfc_dev;
2610
2611         return 0;
2612
2613 unregister_nfc_dev:
2614         nfc_unregister_device(dev->nfc_dev);
2615
2616 free_nfc_dev:
2617         nfc_free_device(dev->nfc_dev);
2618
2619 destroy_wq:
2620         destroy_workqueue(dev->wq);
2621 error:
2622         kfree(dev->in_frame);
2623         usb_free_urb(dev->in_urb);
2624         kfree(dev->out_frame);
2625         usb_free_urb(dev->out_urb);
2626         kfree(dev);
2627         return rc;
2628 }
2629
2630 static void pn533_disconnect(struct usb_interface *interface)
2631 {
2632         struct pn533 *dev;
2633         struct pn533_cmd *cmd, *n;
2634
2635         dev = usb_get_intfdata(interface);
2636         usb_set_intfdata(interface, NULL);
2637
2638         nfc_unregister_device(dev->nfc_dev);
2639         nfc_free_device(dev->nfc_dev);
2640
2641         usb_kill_urb(dev->in_urb);
2642         usb_kill_urb(dev->out_urb);
2643
2644         destroy_workqueue(dev->wq);
2645
2646         skb_queue_purge(&dev->resp_q);
2647
2648         del_timer(&dev->listen_timer);
2649
2650         list_for_each_entry_safe(cmd, n, &dev->cmd_queue, queue) {
2651                 list_del(&cmd->queue);
2652                 kfree(cmd);
2653         }
2654
2655         kfree(dev->in_frame);
2656         usb_free_urb(dev->in_urb);
2657         kfree(dev->out_frame);
2658         usb_free_urb(dev->out_urb);
2659         kfree(dev);
2660
2661         nfc_dev_info(&interface->dev, "NXP PN533 NFC device disconnected");
2662 }
2663
2664 static struct usb_driver pn533_driver = {
2665         .name =         "pn533",
2666         .probe =        pn533_probe,
2667         .disconnect =   pn533_disconnect,
2668         .id_table =     pn533_table,
2669 };
2670
2671 module_usb_driver(pn533_driver);
2672
2673 MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>,"
2674                         " Aloisio Almeida Jr <aloisio.almeida@openbossa.org>");
2675 MODULE_DESCRIPTION("PN533 usb driver ver " VERSION);
2676 MODULE_VERSION(VERSION);
2677 MODULE_LICENSE("GPL");
Unnamed repository; edit this file 'description' to name the repository.