projects / firefly-linux-kernel-4.4.55.git / blob
? search:


89f747479a4f6d98f4b023e13546649483bc49b7
[firefly-linux-kernel-4.4.55.git] / drivers / nfc / pn533.c
1 /*
2  * Copyright (C) 2011 Instituto Nokia de Tecnologia
3  *
4  * Authors:
5  *    Lauro Ramos Venancio <lauro.venancio@openbossa.org>
6  *    Aloisio Almeida Jr <aloisio.almeida@openbossa.org>
7  *
8  * This program is free software; you can redistribute it and/or modify
9  * it under the terms of the GNU General Public License as published by
10  * the Free Software Foundation; either version 2 of the License, or
11  * (at your option) any later version.
12  *
13  * This program is distributed in the hope that it will be useful,
14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16  * GNU General Public License for more details.
17  *
18  * You should have received a copy of the GNU General Public License
19  * along with this program; if not, write to the
20  * Free Software Foundation, Inc.,
21  * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
22  */
23
24 #include <linux/device.h>
25 #include <linux/kernel.h>
26 #include <linux/module.h>
27 #include <linux/slab.h>
28 #include <linux/usb.h>
29 #include <linux/nfc.h>
30 #include <linux/netdevice.h>
31 #include <net/nfc/nfc.h>
32
33 #define VERSION "0.1"
34
35 #define PN533_VENDOR_ID 0x4CC
36 #define PN533_PRODUCT_ID 0x2533
37
38 #define SCM_VENDOR_ID 0x4E6
39 #define SCL3711_PRODUCT_ID 0x5591
40
41 #define SONY_VENDOR_ID         0x054c
42 #define PASORI_PRODUCT_ID      0x02e1
43
44 #define PN533_DEVICE_STD    0x1
45 #define PN533_DEVICE_PASORI 0x2
46
47 #define PN533_ALL_PROTOCOLS (NFC_PROTO_JEWEL_MASK | NFC_PROTO_MIFARE_MASK |\
48                              NFC_PROTO_FELICA_MASK | NFC_PROTO_ISO14443_MASK |\
49                              NFC_PROTO_NFC_DEP_MASK |\
50                              NFC_PROTO_ISO14443_B_MASK)
51
52 #define PN533_NO_TYPE_B_PROTOCOLS (NFC_PROTO_JEWEL_MASK | \
53                                    NFC_PROTO_MIFARE_MASK | \
54                                    NFC_PROTO_FELICA_MASK | \
55                                    NFC_PROTO_ISO14443_MASK | \
56                                    NFC_PROTO_NFC_DEP_MASK)
57
58 static const struct usb_device_id pn533_table[] = {
59         { .match_flags          = USB_DEVICE_ID_MATCH_DEVICE,
60           .idVendor             = PN533_VENDOR_ID,
61           .idProduct            = PN533_PRODUCT_ID,
62           .driver_info          = PN533_DEVICE_STD,
63         },
64         { .match_flags          = USB_DEVICE_ID_MATCH_DEVICE,
65           .idVendor             = SCM_VENDOR_ID,
66           .idProduct            = SCL3711_PRODUCT_ID,
67           .driver_info          = PN533_DEVICE_STD,
68         },
69         { .match_flags          = USB_DEVICE_ID_MATCH_DEVICE,
70           .idVendor             = SONY_VENDOR_ID,
71           .idProduct            = PASORI_PRODUCT_ID,
72           .driver_info          = PN533_DEVICE_PASORI,
73         },
74         { }
75 };
76 MODULE_DEVICE_TABLE(usb, pn533_table);
77
78 /* How much time we spend listening for initiators */
79 #define PN533_LISTEN_TIME 2
80
81 /* frame definitions */
82 #define PN533_NORMAL_FRAME_MAX_LEN 262  /* 6   (PREAMBLE, SOF, LEN, LCS, TFI)
83                                            254 (DATA)
84                                            2   (DCS, postamble) */
85 #define PN533_FRAME_HEADER_LEN (sizeof(struct pn533_frame) \
86                                         + 2) /* data[0] TFI, data[1] CC */
87 #define PN533_FRAME_TAIL_LEN 2 /* data[len] DCS, data[len + 1] postamble*/
88
89 #define PN533_FRAME_SIZE(f) (sizeof(struct pn533_frame) + f->datalen + \
90                                 PN533_FRAME_TAIL_LEN)
91 #define PN533_FRAME_ACK_SIZE (sizeof(struct pn533_frame) + 1)
92 #define PN533_FRAME_CHECKSUM(f) (f->data[f->datalen])
93 #define PN533_FRAME_POSTAMBLE(f) (f->data[f->datalen + 1])
94
95 /* start of frame */
96 #define PN533_SOF 0x00FF
97
98 /* frame identifier: in/out/error */
99 #define PN533_FRAME_IDENTIFIER(f) (f->data[0])
100 #define PN533_DIR_OUT 0xD4
101 #define PN533_DIR_IN 0xD5
102
103 /* PN533 Commands */
104 #define PN533_FRAME_CMD(f) (f->data[1])
105 #define PN533_FRAME_CMD_PARAMS_PTR(f) (&f->data[2])
106 #define PN533_FRAME_CMD_PARAMS_LEN(f) (f->datalen - 2)
107
108 #define PN533_CMD_GET_FIRMWARE_VERSION 0x02
109 #define PN533_CMD_RF_CONFIGURATION 0x32
110 #define PN533_CMD_IN_DATA_EXCHANGE 0x40
111 #define PN533_CMD_IN_COMM_THRU     0x42
112 #define PN533_CMD_IN_LIST_PASSIVE_TARGET 0x4A
113 #define PN533_CMD_IN_ATR 0x50
114 #define PN533_CMD_IN_RELEASE 0x52
115 #define PN533_CMD_IN_JUMP_FOR_DEP 0x56
116
117 #define PN533_CMD_TG_INIT_AS_TARGET 0x8c
118 #define PN533_CMD_TG_GET_DATA 0x86
119 #define PN533_CMD_TG_SET_DATA 0x8e
120 #define PN533_CMD_UNDEF 0xff
121
122 #define PN533_CMD_RESPONSE(cmd) (cmd + 1)
123
124 /* PN533 Return codes */
125 #define PN533_CMD_RET_MASK 0x3F
126 #define PN533_CMD_MI_MASK 0x40
127 #define PN533_CMD_RET_SUCCESS 0x00
128
129 struct pn533;
130
131 typedef int (*pn533_cmd_complete_t) (struct pn533 *dev, void *arg,
132                                         u8 *params, int params_len);
133
134 typedef int (*pn533_send_async_complete_t) (struct pn533 *dev, void *arg,
135                                         struct sk_buff *resp);
136
137 /* structs for pn533 commands */
138
139 /* PN533_CMD_GET_FIRMWARE_VERSION */
140 struct pn533_fw_version {
141         u8 ic;
142         u8 ver;
143         u8 rev;
144         u8 support;
145 };
146
147 /* PN533_CMD_RF_CONFIGURATION */
148 #define PN533_CFGITEM_TIMING 0x02
149 #define PN533_CFGITEM_MAX_RETRIES 0x05
150 #define PN533_CFGITEM_PASORI 0x82
151
152 #define PN533_CONFIG_TIMING_102 0xb
153 #define PN533_CONFIG_TIMING_204 0xc
154 #define PN533_CONFIG_TIMING_409 0xd
155 #define PN533_CONFIG_TIMING_819 0xe
156
157 #define PN533_CONFIG_MAX_RETRIES_NO_RETRY 0x00
158 #define PN533_CONFIG_MAX_RETRIES_ENDLESS 0xFF
159
160 struct pn533_config_max_retries {
161         u8 mx_rty_atr;
162         u8 mx_rty_psl;
163         u8 mx_rty_passive_act;
164 } __packed;
165
166 struct pn533_config_timing {
167         u8 rfu;
168         u8 atr_res_timeout;
169         u8 dep_timeout;
170 } __packed;
171
172 /* PN533_CMD_IN_LIST_PASSIVE_TARGET */
173
174 /* felica commands opcode */
175 #define PN533_FELICA_OPC_SENSF_REQ 0
176 #define PN533_FELICA_OPC_SENSF_RES 1
177 /* felica SENSF_REQ parameters */
178 #define PN533_FELICA_SENSF_SC_ALL 0xFFFF
179 #define PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE 0
180 #define PN533_FELICA_SENSF_RC_SYSTEM_CODE 1
181 #define PN533_FELICA_SENSF_RC_ADVANCED_PROTOCOL 2
182
183 /* type B initiator_data values */
184 #define PN533_TYPE_B_AFI_ALL_FAMILIES 0
185 #define PN533_TYPE_B_POLL_METHOD_TIMESLOT 0
186 #define PN533_TYPE_B_POLL_METHOD_PROBABILISTIC 1
187
188 union pn533_cmd_poll_initdata {
189         struct {
190                 u8 afi;
191                 u8 polling_method;
192         } __packed type_b;
193         struct {
194                 u8 opcode;
195                 __be16 sc;
196                 u8 rc;
197                 u8 tsn;
198         } __packed felica;
199 };
200
201 /* Poll modulations */
202 enum {
203         PN533_POLL_MOD_106KBPS_A,
204         PN533_POLL_MOD_212KBPS_FELICA,
205         PN533_POLL_MOD_424KBPS_FELICA,
206         PN533_POLL_MOD_106KBPS_JEWEL,
207         PN533_POLL_MOD_847KBPS_B,
208         PN533_LISTEN_MOD,
209
210         __PN533_POLL_MOD_AFTER_LAST,
211 };
212 #define PN533_POLL_MOD_MAX (__PN533_POLL_MOD_AFTER_LAST - 1)
213
214 struct pn533_poll_modulations {
215         struct {
216                 u8 maxtg;
217                 u8 brty;
218                 union pn533_cmd_poll_initdata initiator_data;
219         } __packed data;
220         u8 len;
221 };
222
223 const struct pn533_poll_modulations poll_mod[] = {
224         [PN533_POLL_MOD_106KBPS_A] = {
225                 .data = {
226                         .maxtg = 1,
227                         .brty = 0,
228                 },
229                 .len = 2,
230         },
231         [PN533_POLL_MOD_212KBPS_FELICA] = {
232                 .data = {
233                         .maxtg = 1,
234                         .brty = 1,
235                         .initiator_data.felica = {
236                                 .opcode = PN533_FELICA_OPC_SENSF_REQ,
237                                 .sc = PN533_FELICA_SENSF_SC_ALL,
238                                 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
239                                 .tsn = 0,
240                         },
241                 },
242                 .len = 7,
243         },
244         [PN533_POLL_MOD_424KBPS_FELICA] = {
245                 .data = {
246                         .maxtg = 1,
247                         .brty = 2,
248                         .initiator_data.felica = {
249                                 .opcode = PN533_FELICA_OPC_SENSF_REQ,
250                                 .sc = PN533_FELICA_SENSF_SC_ALL,
251                                 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
252                                 .tsn = 0,
253                         },
254                  },
255                 .len = 7,
256         },
257         [PN533_POLL_MOD_106KBPS_JEWEL] = {
258                 .data = {
259                         .maxtg = 1,
260                         .brty = 4,
261                 },
262                 .len = 2,
263         },
264         [PN533_POLL_MOD_847KBPS_B] = {
265                 .data = {
266                         .maxtg = 1,
267                         .brty = 8,
268                         .initiator_data.type_b = {
269                                 .afi = PN533_TYPE_B_AFI_ALL_FAMILIES,
270                                 .polling_method =
271                                         PN533_TYPE_B_POLL_METHOD_TIMESLOT,
272                         },
273                 },
274                 .len = 3,
275         },
276         [PN533_LISTEN_MOD] = {
277                 .len = 0,
278         },
279 };
280
281 /* PN533_CMD_IN_ATR */
282
283 struct pn533_cmd_activate_param {
284         u8 tg;
285         u8 next;
286 } __packed;
287
288 struct pn533_cmd_activate_response {
289         u8 status;
290         u8 nfcid3t[10];
291         u8 didt;
292         u8 bst;
293         u8 brt;
294         u8 to;
295         u8 ppt;
296         /* optional */
297         u8 gt[];
298 } __packed;
299
300 /* PN533_CMD_IN_JUMP_FOR_DEP */
301 struct pn533_cmd_jump_dep {
302         u8 active;
303         u8 baud;
304         u8 next;
305         u8 data[];
306 } __packed;
307
308 struct pn533_cmd_jump_dep_response {
309         u8 status;
310         u8 tg;
311         u8 nfcid3t[10];
312         u8 didt;
313         u8 bst;
314         u8 brt;
315         u8 to;
316         u8 ppt;
317         /* optional */
318         u8 gt[];
319 } __packed;
320
321
322 /* PN533_TG_INIT_AS_TARGET */
323 #define PN533_INIT_TARGET_PASSIVE 0x1
324 #define PN533_INIT_TARGET_DEP 0x2
325
326 #define PN533_INIT_TARGET_RESP_FRAME_MASK 0x3
327 #define PN533_INIT_TARGET_RESP_ACTIVE     0x1
328 #define PN533_INIT_TARGET_RESP_DEP        0x4
329
330 struct pn533_cmd_init_target {
331         u8 mode;
332         u8 mifare[6];
333         u8 felica[18];
334         u8 nfcid3[10];
335         u8 gb_len;
336         u8 gb[];
337 } __packed;
338
339 struct pn533_cmd_init_target_response {
340         u8 mode;
341         u8 cmd[];
342 } __packed;
343
344 struct pn533 {
345         struct usb_device *udev;
346         struct usb_interface *interface;
347         struct nfc_dev *nfc_dev;
348
349         struct urb *out_urb;
350         struct pn533_frame *out_frame;
351
352         struct urb *in_urb;
353         struct pn533_frame *in_frame;
354
355         struct sk_buff_head resp_q;
356
357         struct workqueue_struct *wq;
358         struct work_struct cmd_work;
359         struct work_struct cmd_complete_work;
360         struct work_struct poll_work;
361         struct work_struct mi_work;
362         struct work_struct tg_work;
363         struct timer_list listen_timer;
364         struct pn533_frame *wq_in_frame;
365         int wq_in_error;
366         int cancel_listen;
367
368         pn533_cmd_complete_t cmd_complete;
369         void *cmd_complete_arg;
370         struct mutex cmd_lock;
371         u8 cmd;
372
373         struct pn533_poll_modulations *poll_mod_active[PN533_POLL_MOD_MAX + 1];
374         u8 poll_mod_count;
375         u8 poll_mod_curr;
376         u32 poll_protocols;
377         u32 listen_protocols;
378
379         u8 *gb;
380         size_t gb_len;
381
382         u8 tgt_available_prots;
383         u8 tgt_active_prot;
384         u8 tgt_mode;
385
386         u32 device_type;
387
388         struct list_head cmd_queue;
389         u8 cmd_pending;
390 };
391
392 struct pn533_cmd {
393         struct list_head queue;
394         struct pn533_frame *out_frame;
395         struct pn533_frame *in_frame;
396         int in_frame_len;
397         u8 cmd_code;
398         struct sk_buff *req;
399         struct sk_buff *resp;
400         pn533_cmd_complete_t cmd_complete;
401         void *arg;
402 };
403
404 struct pn533_frame {
405         u8 preamble;
406         __be16 start_frame;
407         u8 datalen;
408         u8 datalen_checksum;
409         u8 data[];
410 } __packed;
411
412 /* The rule: value + checksum = 0 */
413 static inline u8 pn533_checksum(u8 value)
414 {
415         return ~value + 1;
416 }
417
418 /* The rule: sum(data elements) + checksum = 0 */
419 static u8 pn533_data_checksum(u8 *data, int datalen)
420 {
421         u8 sum = 0;
422         int i;
423
424         for (i = 0; i < datalen; i++)
425                 sum += data[i];
426
427         return pn533_checksum(sum);
428 }
429
430 /**
431  * pn533_tx_frame_ack - create a ack frame
432  * @frame:      The frame to be set as ack
433  *
434  * Ack is different type of standard frame. As a standard frame, it has
435  * preamble and start_frame. However the checksum of this frame must fail,
436  * i.e. datalen + datalen_checksum must NOT be zero. When the checksum test
437  * fails and datalen = 0 and datalen_checksum = 0xFF, the frame is a ack.
438  * After datalen_checksum field, the postamble is placed.
439  */
440 static void pn533_tx_frame_ack(struct pn533_frame *frame)
441 {
442         frame->preamble = 0;
443         frame->start_frame = cpu_to_be16(PN533_SOF);
444         frame->datalen = 0;
445         frame->datalen_checksum = 0xFF;
446         /* data[0] is used as postamble */
447         frame->data[0] = 0;
448 }
449
450 static void pn533_tx_frame_init(struct pn533_frame *frame, u8 cmd)
451 {
452         frame->preamble = 0;
453         frame->start_frame = cpu_to_be16(PN533_SOF);
454         PN533_FRAME_IDENTIFIER(frame) = PN533_DIR_OUT;
455         PN533_FRAME_CMD(frame) = cmd;
456         frame->datalen = 2;
457 }
458
459 static void pn533_tx_frame_finish(struct pn533_frame *frame)
460 {
461         frame->datalen_checksum = pn533_checksum(frame->datalen);
462
463         PN533_FRAME_CHECKSUM(frame) =
464                 pn533_data_checksum(frame->data, frame->datalen);
465
466         PN533_FRAME_POSTAMBLE(frame) = 0;
467 }
468
469 static bool pn533_rx_frame_is_valid(struct pn533_frame *frame)
470 {
471         u8 checksum;
472
473         if (frame->start_frame != cpu_to_be16(PN533_SOF))
474                 return false;
475
476         checksum = pn533_checksum(frame->datalen);
477         if (checksum != frame->datalen_checksum)
478                 return false;
479
480         checksum = pn533_data_checksum(frame->data, frame->datalen);
481         if (checksum != PN533_FRAME_CHECKSUM(frame))
482                 return false;
483
484         return true;
485 }
486
487 static bool pn533_rx_frame_is_ack(struct pn533_frame *frame)
488 {
489         if (frame->start_frame != cpu_to_be16(PN533_SOF))
490                 return false;
491
492         if (frame->datalen != 0 || frame->datalen_checksum != 0xFF)
493                 return false;
494
495         return true;
496 }
497
498 static bool pn533_rx_frame_is_cmd_response(struct pn533_frame *frame, u8 cmd)
499 {
500         return (PN533_FRAME_CMD(frame) == PN533_CMD_RESPONSE(cmd));
501 }
502
503
504 static void pn533_wq_cmd_complete(struct work_struct *work)
505 {
506         struct pn533 *dev = container_of(work, struct pn533, cmd_complete_work);
507         struct pn533_frame *in_frame;
508         int rc;
509
510         in_frame = dev->wq_in_frame;
511
512         if (dev->wq_in_error)
513                 rc = dev->cmd_complete(dev, dev->cmd_complete_arg, NULL,
514                                                         dev->wq_in_error);
515         else
516                 rc = dev->cmd_complete(dev, dev->cmd_complete_arg,
517                                         PN533_FRAME_CMD_PARAMS_PTR(in_frame),
518                                         PN533_FRAME_CMD_PARAMS_LEN(in_frame));
519
520         if (rc != -EINPROGRESS)
521                 queue_work(dev->wq, &dev->cmd_work);
522 }
523
524 static void pn533_recv_response(struct urb *urb)
525 {
526         struct pn533 *dev = urb->context;
527         struct pn533_frame *in_frame;
528
529         dev->wq_in_frame = NULL;
530
531         switch (urb->status) {
532         case 0:
533                 /* success */
534                 break;
535         case -ECONNRESET:
536         case -ENOENT:
537         case -ESHUTDOWN:
538                 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
539                                                 " status: %d", urb->status);
540                 dev->wq_in_error = urb->status;
541                 goto sched_wq;
542         default:
543                 nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
544                                                         " %d", urb->status);
545                 dev->wq_in_error = urb->status;
546                 goto sched_wq;
547         }
548
549         in_frame = dev->in_urb->transfer_buffer;
550
551         if (!pn533_rx_frame_is_valid(in_frame)) {
552                 nfc_dev_err(&dev->interface->dev, "Received an invalid frame");
553                 dev->wq_in_error = -EIO;
554                 goto sched_wq;
555         }
556
557         if (!pn533_rx_frame_is_cmd_response(in_frame, dev->cmd)) {
558                 nfc_dev_err(&dev->interface->dev, "The received frame is not "
559                                                 "response to the last command");
560                 dev->wq_in_error = -EIO;
561                 goto sched_wq;
562         }
563
564         nfc_dev_dbg(&dev->interface->dev, "Received a valid frame");
565         dev->wq_in_error = 0;
566         dev->wq_in_frame = in_frame;
567
568 sched_wq:
569         queue_work(dev->wq, &dev->cmd_complete_work);
570 }
571
572 static int pn533_submit_urb_for_response(struct pn533 *dev, gfp_t flags)
573 {
574         dev->in_urb->complete = pn533_recv_response;
575
576         return usb_submit_urb(dev->in_urb, flags);
577 }
578
579 static void pn533_recv_ack(struct urb *urb)
580 {
581         struct pn533 *dev = urb->context;
582         struct pn533_frame *in_frame;
583         int rc;
584
585         switch (urb->status) {
586         case 0:
587                 /* success */
588                 break;
589         case -ECONNRESET:
590         case -ENOENT:
591         case -ESHUTDOWN:
592                 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
593                                                 " status: %d", urb->status);
594                 dev->wq_in_error = urb->status;
595                 goto sched_wq;
596         default:
597                 nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
598                                                         " %d", urb->status);
599                 dev->wq_in_error = urb->status;
600                 goto sched_wq;
601         }
602
603         in_frame = dev->in_urb->transfer_buffer;
604
605         if (!pn533_rx_frame_is_ack(in_frame)) {
606                 nfc_dev_err(&dev->interface->dev, "Received an invalid ack");
607                 dev->wq_in_error = -EIO;
608                 goto sched_wq;
609         }
610
611         nfc_dev_dbg(&dev->interface->dev, "Received a valid ack");
612
613         rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
614         if (rc) {
615                 nfc_dev_err(&dev->interface->dev, "usb_submit_urb failed with"
616                                                         " result %d", rc);
617                 dev->wq_in_error = rc;
618                 goto sched_wq;
619         }
620
621         return;
622
623 sched_wq:
624         dev->wq_in_frame = NULL;
625         queue_work(dev->wq, &dev->cmd_complete_work);
626 }
627
628 static int pn533_submit_urb_for_ack(struct pn533 *dev, gfp_t flags)
629 {
630         dev->in_urb->complete = pn533_recv_ack;
631
632         return usb_submit_urb(dev->in_urb, flags);
633 }
634
635 static int pn533_send_ack(struct pn533 *dev, gfp_t flags)
636 {
637         int rc;
638
639         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
640
641         pn533_tx_frame_ack(dev->out_frame);
642
643         dev->out_urb->transfer_buffer = dev->out_frame;
644         dev->out_urb->transfer_buffer_length = PN533_FRAME_ACK_SIZE;
645         rc = usb_submit_urb(dev->out_urb, flags);
646
647         return rc;
648 }
649
650 static int __pn533_send_cmd_frame_async(struct pn533 *dev,
651                                         struct pn533_frame *out_frame,
652                                         struct pn533_frame *in_frame,
653                                         int in_frame_len,
654                                         pn533_cmd_complete_t cmd_complete,
655                                         void *arg)
656 {
657         int rc;
658
659         nfc_dev_dbg(&dev->interface->dev, "Sending command 0x%x",
660                                                 PN533_FRAME_CMD(out_frame));
661
662         dev->cmd = PN533_FRAME_CMD(out_frame);
663         dev->cmd_complete = cmd_complete;
664         dev->cmd_complete_arg = arg;
665
666         dev->out_urb->transfer_buffer = out_frame;
667         dev->out_urb->transfer_buffer_length =
668                                 PN533_FRAME_SIZE(out_frame);
669
670         dev->in_urb->transfer_buffer = in_frame;
671         dev->in_urb->transfer_buffer_length = in_frame_len;
672
673         rc = usb_submit_urb(dev->out_urb, GFP_KERNEL);
674         if (rc)
675                 return rc;
676
677         rc = pn533_submit_urb_for_ack(dev, GFP_KERNEL);
678         if (rc)
679                 goto error;
680
681         return 0;
682
683 error:
684         usb_unlink_urb(dev->out_urb);
685         return rc;
686 }
687
688 static void pn533_build_cmd_frame(u8 cmd_code, struct sk_buff *skb)
689 {
690         struct pn533_frame *frame;
691         /* payload is already there, just update datalen */
692         int payload_len = skb->len;
693
694         skb_push(skb, PN533_FRAME_HEADER_LEN);
695         skb_put(skb, PN533_FRAME_TAIL_LEN);
696
697         frame = (struct pn533_frame *)skb->data;
698
699         pn533_tx_frame_init(frame, cmd_code);
700         frame->datalen += payload_len;
701         pn533_tx_frame_finish(frame);
702 }
703
704 struct pn533_send_async_complete_arg {
705         pn533_send_async_complete_t  complete_cb;
706         void *complete_cb_context;
707         struct sk_buff *resp;
708         struct sk_buff *req;
709 };
710
711 static int pn533_send_async_complete(struct pn533 *dev, void *_arg, u8 *params,
712                                      int params_len)
713 {
714         struct pn533_send_async_complete_arg *arg = _arg;
715
716         struct sk_buff *req = arg->req;
717         struct sk_buff *resp = arg->resp;
718
719         struct pn533_frame *frame = (struct pn533_frame *)resp->data;
720         int rc;
721
722         dev_kfree_skb(req);
723
724         if (params_len < 0) {
725                 nfc_dev_err(&dev->interface->dev,
726                             "Error %d when starting as a target",
727                             params_len);
728
729                 arg->complete_cb(dev, arg->complete_cb_context,
730                                  ERR_PTR(params_len));
731                 rc = params_len;
732                 dev_kfree_skb(resp);
733                 goto out;
734         }
735
736         skb_put(resp, PN533_FRAME_SIZE(frame));
737         skb_pull(resp, PN533_FRAME_HEADER_LEN);
738         skb_trim(resp, resp->len - PN533_FRAME_TAIL_LEN);
739
740         rc = arg->complete_cb(dev, arg->complete_cb_context, resp);
741
742 out:
743         kfree(arg);
744         return rc;
745 }
746
747 static int __pn533_send_async(struct pn533 *dev, u8 cmd_code,
748                               struct sk_buff *req, struct sk_buff *resp,
749                               int resp_len,
750                               pn533_send_async_complete_t complete_cb,
751                               void *complete_cb_context)
752 {
753         struct pn533_cmd *cmd;
754         struct pn533_send_async_complete_arg *arg;
755         int rc = 0;
756
757         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
758
759         arg = kzalloc(sizeof(arg), GFP_KERNEL);
760         if (!arg)
761                 return -ENOMEM;
762
763         arg->complete_cb = complete_cb;
764         arg->complete_cb_context = complete_cb_context;
765         arg->resp = resp;
766         arg->req = req;
767
768         pn533_build_cmd_frame(cmd_code, req);
769
770         mutex_lock(&dev->cmd_lock);
771
772         if (!dev->cmd_pending) {
773                 rc = __pn533_send_cmd_frame_async(dev,
774                                                   (struct pn533_frame *)req->data,
775                                                   (struct pn533_frame *)resp->data,
776                                                   resp_len, pn533_send_async_complete,
777                                                   arg);
778                 if (rc)
779                         goto error;
780
781                 dev->cmd_pending = 1;
782                 goto unlock;
783         }
784
785         nfc_dev_dbg(&dev->interface->dev, "%s Queueing command", __func__);
786
787         cmd = kzalloc(sizeof(struct pn533_cmd), GFP_KERNEL);
788         if (!cmd) {
789                 rc = -ENOMEM;
790                 goto error;
791         }
792
793         INIT_LIST_HEAD(&cmd->queue);
794         cmd->cmd_code = cmd_code;
795         cmd->req = req;
796         cmd->resp = resp;
797         cmd->arg = arg;
798
799         list_add_tail(&cmd->queue, &dev->cmd_queue);
800
801         goto unlock;
802
803 error:
804         kfree(arg);
805 unlock:
806         mutex_unlock(&dev->cmd_lock);
807         return rc;
808 }
809
810 static int pn533_send_cmd_async(struct pn533 *dev, u8 cmd_code,
811                                 struct sk_buff *req,
812                                 pn533_send_async_complete_t complete_cb,
813                                 void *complete_cb_context)
814 {
815         struct sk_buff *resp;
816         int rc;
817
818         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
819
820         resp = alloc_skb(PN533_NORMAL_FRAME_MAX_LEN, GFP_KERNEL);
821         if (!resp)
822                 return -ENOMEM;
823
824         rc = __pn533_send_async(dev, cmd_code, req, resp,
825                                 PN533_NORMAL_FRAME_MAX_LEN,
826                                 complete_cb, complete_cb_context);
827         if (rc)
828                 dev_kfree_skb(resp);
829
830         return rc;
831 }
832
833 static void pn533_wq_cmd(struct work_struct *work)
834 {
835         struct pn533 *dev = container_of(work, struct pn533, cmd_work);
836         struct pn533_cmd *cmd;
837
838         mutex_lock(&dev->cmd_lock);
839
840         if (list_empty(&dev->cmd_queue)) {
841                 dev->cmd_pending = 0;
842                 mutex_unlock(&dev->cmd_lock);
843                 return;
844         }
845
846         cmd = list_first_entry(&dev->cmd_queue, struct pn533_cmd, queue);
847
848         list_del(&cmd->queue);
849
850         mutex_unlock(&dev->cmd_lock);
851
852         if (cmd->cmd_code != PN533_CMD_UNDEF)
853                 __pn533_send_cmd_frame_async(dev,
854                                              (struct pn533_frame *)cmd->req->data,
855                                              (struct pn533_frame *)cmd->resp->data,
856                                              PN533_NORMAL_FRAME_MAX_LEN,
857                                              pn533_send_async_complete,
858                                              cmd->arg);
859         else
860                 __pn533_send_cmd_frame_async(dev, cmd->out_frame, cmd->in_frame,
861                                              cmd->in_frame_len,
862                                              cmd->cmd_complete, cmd->arg);
863
864         kfree(cmd);
865 }
866
867 static int pn533_send_cmd_frame_async(struct pn533 *dev,
868                                         struct pn533_frame *out_frame,
869                                         struct pn533_frame *in_frame,
870                                         int in_frame_len,
871                                         pn533_cmd_complete_t cmd_complete,
872                                         void *arg)
873 {
874         struct pn533_cmd *cmd;
875         int rc = 0;
876
877         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
878
879         mutex_lock(&dev->cmd_lock);
880
881         if (!dev->cmd_pending) {
882                 rc = __pn533_send_cmd_frame_async(dev, out_frame, in_frame,
883                                                   in_frame_len, cmd_complete,
884                                                   arg);
885                 if (!rc)
886                         dev->cmd_pending = 1;
887
888                 goto unlock;
889         }
890
891         nfc_dev_dbg(&dev->interface->dev, "%s Queueing command", __func__);
892
893         cmd = kzalloc(sizeof(struct pn533_cmd), GFP_KERNEL);
894         if (!cmd) {
895                 rc = -ENOMEM;
896                 goto unlock;
897         }
898
899         INIT_LIST_HEAD(&cmd->queue);
900         cmd->out_frame = out_frame;
901         cmd->in_frame = in_frame;
902         cmd->in_frame_len = in_frame_len;
903         cmd->cmd_code = PN533_CMD_UNDEF;
904         cmd->cmd_complete = cmd_complete;
905         cmd->arg = arg;
906
907         list_add_tail(&cmd->queue, &dev->cmd_queue);
908
909 unlock:
910         mutex_unlock(&dev->cmd_lock);
911
912         return rc;
913 }
914
915 struct pn533_sync_cmd_response {
916         int rc;
917         struct completion done;
918 };
919
920 static int pn533_sync_cmd_complete(struct pn533 *dev, void *_arg,
921                                         u8 *params, int params_len)
922 {
923         struct pn533_sync_cmd_response *arg = _arg;
924
925         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
926
927         arg->rc = 0;
928
929         if (params_len < 0) /* error */
930                 arg->rc = params_len;
931
932         complete(&arg->done);
933
934         return 0;
935 }
936
937 static int pn533_send_cmd_frame_sync(struct pn533 *dev,
938                                                 struct pn533_frame *out_frame,
939                                                 struct pn533_frame *in_frame,
940                                                 int in_frame_len)
941 {
942         int rc;
943         struct pn533_sync_cmd_response arg;
944
945         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
946
947         init_completion(&arg.done);
948
949         rc = pn533_send_cmd_frame_async(dev, out_frame, in_frame, in_frame_len,
950                                         pn533_sync_cmd_complete, &arg);
951         if (rc)
952                 return rc;
953
954         wait_for_completion(&arg.done);
955
956         return arg.rc;
957 }
958
959 static void pn533_send_complete(struct urb *urb)
960 {
961         struct pn533 *dev = urb->context;
962
963         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
964
965         switch (urb->status) {
966         case 0:
967                 /* success */
968                 break;
969         case -ECONNRESET:
970         case -ENOENT:
971         case -ESHUTDOWN:
972                 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
973                                                 " status: %d", urb->status);
974                 break;
975         default:
976                 nfc_dev_dbg(&dev->interface->dev, "Nonzero urb status received:"
977                                                         " %d", urb->status);
978         }
979 }
980
981 struct pn533_target_type_a {
982         __be16 sens_res;
983         u8 sel_res;
984         u8 nfcid_len;
985         u8 nfcid_data[];
986 } __packed;
987
988
989 #define PN533_TYPE_A_SENS_RES_NFCID1(x) ((u8)((be16_to_cpu(x) & 0x00C0) >> 6))
990 #define PN533_TYPE_A_SENS_RES_SSD(x) ((u8)((be16_to_cpu(x) & 0x001F) >> 0))
991 #define PN533_TYPE_A_SENS_RES_PLATCONF(x) ((u8)((be16_to_cpu(x) & 0x0F00) >> 8))
992
993 #define PN533_TYPE_A_SENS_RES_SSD_JEWEL 0x00
994 #define PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL 0x0C
995
996 #define PN533_TYPE_A_SEL_PROT(x) (((x) & 0x60) >> 5)
997 #define PN533_TYPE_A_SEL_CASCADE(x) (((x) & 0x04) >> 2)
998
999 #define PN533_TYPE_A_SEL_PROT_MIFARE 0
1000 #define PN533_TYPE_A_SEL_PROT_ISO14443 1
1001 #define PN533_TYPE_A_SEL_PROT_DEP 2
1002 #define PN533_TYPE_A_SEL_PROT_ISO14443_DEP 3
1003
1004 static bool pn533_target_type_a_is_valid(struct pn533_target_type_a *type_a,
1005                                                         int target_data_len)
1006 {
1007         u8 ssd;
1008         u8 platconf;
1009
1010         if (target_data_len < sizeof(struct pn533_target_type_a))
1011                 return false;
1012
1013         /* The lenght check of nfcid[] and ats[] are not being performed because
1014            the values are not being used */
1015
1016         /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
1017         ssd = PN533_TYPE_A_SENS_RES_SSD(type_a->sens_res);
1018         platconf = PN533_TYPE_A_SENS_RES_PLATCONF(type_a->sens_res);
1019
1020         if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1021                         platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
1022                         (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1023                         platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
1024                 return false;
1025
1026         /* Requirements 4.8.2.1, 4.8.2.3, 4.8.2.5 and 4.8.2.7 from NFC Forum */
1027         if (PN533_TYPE_A_SEL_CASCADE(type_a->sel_res) != 0)
1028                 return false;
1029
1030         return true;
1031 }
1032
1033 static int pn533_target_found_type_a(struct nfc_target *nfc_tgt, u8 *tgt_data,
1034                                                         int tgt_data_len)
1035 {
1036         struct pn533_target_type_a *tgt_type_a;
1037
1038         tgt_type_a = (struct pn533_target_type_a *) tgt_data;
1039
1040         if (!pn533_target_type_a_is_valid(tgt_type_a, tgt_data_len))
1041                 return -EPROTO;
1042
1043         switch (PN533_TYPE_A_SEL_PROT(tgt_type_a->sel_res)) {
1044         case PN533_TYPE_A_SEL_PROT_MIFARE:
1045                 nfc_tgt->supported_protocols = NFC_PROTO_MIFARE_MASK;
1046                 break;
1047         case PN533_TYPE_A_SEL_PROT_ISO14443:
1048                 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK;
1049                 break;
1050         case PN533_TYPE_A_SEL_PROT_DEP:
1051                 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1052                 break;
1053         case PN533_TYPE_A_SEL_PROT_ISO14443_DEP:
1054                 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK |
1055                                                         NFC_PROTO_NFC_DEP_MASK;
1056                 break;
1057         }
1058
1059         nfc_tgt->sens_res = be16_to_cpu(tgt_type_a->sens_res);
1060         nfc_tgt->sel_res = tgt_type_a->sel_res;
1061         nfc_tgt->nfcid1_len = tgt_type_a->nfcid_len;
1062         memcpy(nfc_tgt->nfcid1, tgt_type_a->nfcid_data, nfc_tgt->nfcid1_len);
1063
1064         return 0;
1065 }
1066
1067 struct pn533_target_felica {
1068         u8 pol_res;
1069         u8 opcode;
1070         u8 nfcid2[8];
1071         u8 pad[8];
1072         /* optional */
1073         u8 syst_code[];
1074 } __packed;
1075
1076 #define PN533_FELICA_SENSF_NFCID2_DEP_B1 0x01
1077 #define PN533_FELICA_SENSF_NFCID2_DEP_B2 0xFE
1078
1079 static bool pn533_target_felica_is_valid(struct pn533_target_felica *felica,
1080                                                         int target_data_len)
1081 {
1082         if (target_data_len < sizeof(struct pn533_target_felica))
1083                 return false;
1084
1085         if (felica->opcode != PN533_FELICA_OPC_SENSF_RES)
1086                 return false;
1087
1088         return true;
1089 }
1090
1091 static int pn533_target_found_felica(struct nfc_target *nfc_tgt, u8 *tgt_data,
1092                                                         int tgt_data_len)
1093 {
1094         struct pn533_target_felica *tgt_felica;
1095
1096         tgt_felica = (struct pn533_target_felica *) tgt_data;
1097
1098         if (!pn533_target_felica_is_valid(tgt_felica, tgt_data_len))
1099                 return -EPROTO;
1100
1101         if (tgt_felica->nfcid2[0] == PN533_FELICA_SENSF_NFCID2_DEP_B1 &&
1102                                         tgt_felica->nfcid2[1] ==
1103                                         PN533_FELICA_SENSF_NFCID2_DEP_B2)
1104                 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1105         else
1106                 nfc_tgt->supported_protocols = NFC_PROTO_FELICA_MASK;
1107
1108         memcpy(nfc_tgt->sensf_res, &tgt_felica->opcode, 9);
1109         nfc_tgt->sensf_res_len = 9;
1110
1111         return 0;
1112 }
1113
1114 struct pn533_target_jewel {
1115         __be16 sens_res;
1116         u8 jewelid[4];
1117 } __packed;
1118
1119 static bool pn533_target_jewel_is_valid(struct pn533_target_jewel *jewel,
1120                                                         int target_data_len)
1121 {
1122         u8 ssd;
1123         u8 platconf;
1124
1125         if (target_data_len < sizeof(struct pn533_target_jewel))
1126                 return false;
1127
1128         /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
1129         ssd = PN533_TYPE_A_SENS_RES_SSD(jewel->sens_res);
1130         platconf = PN533_TYPE_A_SENS_RES_PLATCONF(jewel->sens_res);
1131
1132         if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1133                         platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
1134                         (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1135                         platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
1136                 return false;
1137
1138         return true;
1139 }
1140
1141 static int pn533_target_found_jewel(struct nfc_target *nfc_tgt, u8 *tgt_data,
1142                                                         int tgt_data_len)
1143 {
1144         struct pn533_target_jewel *tgt_jewel;
1145
1146         tgt_jewel = (struct pn533_target_jewel *) tgt_data;
1147
1148         if (!pn533_target_jewel_is_valid(tgt_jewel, tgt_data_len))
1149                 return -EPROTO;
1150
1151         nfc_tgt->supported_protocols = NFC_PROTO_JEWEL_MASK;
1152         nfc_tgt->sens_res = be16_to_cpu(tgt_jewel->sens_res);
1153         nfc_tgt->nfcid1_len = 4;
1154         memcpy(nfc_tgt->nfcid1, tgt_jewel->jewelid, nfc_tgt->nfcid1_len);
1155
1156         return 0;
1157 }
1158
1159 struct pn533_type_b_prot_info {
1160         u8 bitrate;
1161         u8 fsci_type;
1162         u8 fwi_adc_fo;
1163 } __packed;
1164
1165 #define PN533_TYPE_B_PROT_FCSI(x) (((x) & 0xF0) >> 4)
1166 #define PN533_TYPE_B_PROT_TYPE(x) (((x) & 0x0F) >> 0)
1167 #define PN533_TYPE_B_PROT_TYPE_RFU_MASK 0x8
1168
1169 struct pn533_type_b_sens_res {
1170         u8 opcode;
1171         u8 nfcid[4];
1172         u8 appdata[4];
1173         struct pn533_type_b_prot_info prot_info;
1174 } __packed;
1175
1176 #define PN533_TYPE_B_OPC_SENSB_RES 0x50
1177
1178 struct pn533_target_type_b {
1179         struct pn533_type_b_sens_res sensb_res;
1180         u8 attrib_res_len;
1181         u8 attrib_res[];
1182 } __packed;
1183
1184 static bool pn533_target_type_b_is_valid(struct pn533_target_type_b *type_b,
1185                                                         int target_data_len)
1186 {
1187         if (target_data_len < sizeof(struct pn533_target_type_b))
1188                 return false;
1189
1190         if (type_b->sensb_res.opcode != PN533_TYPE_B_OPC_SENSB_RES)
1191                 return false;
1192
1193         if (PN533_TYPE_B_PROT_TYPE(type_b->sensb_res.prot_info.fsci_type) &
1194                                                 PN533_TYPE_B_PROT_TYPE_RFU_MASK)
1195                 return false;
1196
1197         return true;
1198 }
1199
1200 static int pn533_target_found_type_b(struct nfc_target *nfc_tgt, u8 *tgt_data,
1201                                                         int tgt_data_len)
1202 {
1203         struct pn533_target_type_b *tgt_type_b;
1204
1205         tgt_type_b = (struct pn533_target_type_b *) tgt_data;
1206
1207         if (!pn533_target_type_b_is_valid(tgt_type_b, tgt_data_len))
1208                 return -EPROTO;
1209
1210         nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_B_MASK;
1211
1212         return 0;
1213 }
1214
1215 struct pn533_poll_response {
1216         u8 nbtg;
1217         u8 tg;
1218         u8 target_data[];
1219 } __packed;
1220
1221 static int pn533_target_found(struct pn533 *dev,
1222                         struct pn533_poll_response *resp, int resp_len)
1223 {
1224         int target_data_len;
1225         struct nfc_target nfc_tgt;
1226         int rc;
1227
1228         nfc_dev_dbg(&dev->interface->dev, "%s - modulation=%d", __func__,
1229                                                         dev->poll_mod_curr);
1230
1231         if (resp->tg != 1)
1232                 return -EPROTO;
1233
1234         memset(&nfc_tgt, 0, sizeof(struct nfc_target));
1235
1236         target_data_len = resp_len - sizeof(struct pn533_poll_response);
1237
1238         switch (dev->poll_mod_curr) {
1239         case PN533_POLL_MOD_106KBPS_A:
1240                 rc = pn533_target_found_type_a(&nfc_tgt, resp->target_data,
1241                                                         target_data_len);
1242                 break;
1243         case PN533_POLL_MOD_212KBPS_FELICA:
1244         case PN533_POLL_MOD_424KBPS_FELICA:
1245                 rc = pn533_target_found_felica(&nfc_tgt, resp->target_data,
1246                                                         target_data_len);
1247                 break;
1248         case PN533_POLL_MOD_106KBPS_JEWEL:
1249                 rc = pn533_target_found_jewel(&nfc_tgt, resp->target_data,
1250                                                         target_data_len);
1251                 break;
1252         case PN533_POLL_MOD_847KBPS_B:
1253                 rc = pn533_target_found_type_b(&nfc_tgt, resp->target_data,
1254                                                         target_data_len);
1255                 break;
1256         default:
1257                 nfc_dev_err(&dev->interface->dev, "Unknown current poll"
1258                                                                 " modulation");
1259                 return -EPROTO;
1260         }
1261
1262         if (rc)
1263                 return rc;
1264
1265         if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) {
1266                 nfc_dev_dbg(&dev->interface->dev, "The target found does not"
1267                                                 " have the desired protocol");
1268                 return -EAGAIN;
1269         }
1270
1271         nfc_dev_dbg(&dev->interface->dev, "Target found - supported protocols: "
1272                                         "0x%x", nfc_tgt.supported_protocols);
1273
1274         dev->tgt_available_prots = nfc_tgt.supported_protocols;
1275
1276         nfc_targets_found(dev->nfc_dev, &nfc_tgt, 1);
1277
1278         return 0;
1279 }
1280
1281 static inline void pn533_poll_next_mod(struct pn533 *dev)
1282 {
1283         dev->poll_mod_curr = (dev->poll_mod_curr + 1) % dev->poll_mod_count;
1284 }
1285
1286 static void pn533_poll_reset_mod_list(struct pn533 *dev)
1287 {
1288         dev->poll_mod_count = 0;
1289 }
1290
1291 static void pn533_poll_add_mod(struct pn533 *dev, u8 mod_index)
1292 {
1293         dev->poll_mod_active[dev->poll_mod_count] =
1294                 (struct pn533_poll_modulations *) &poll_mod[mod_index];
1295         dev->poll_mod_count++;
1296 }
1297
1298 static void pn533_poll_create_mod_list(struct pn533 *dev,
1299                                        u32 im_protocols, u32 tm_protocols)
1300 {
1301         pn533_poll_reset_mod_list(dev);
1302
1303         if (im_protocols & NFC_PROTO_MIFARE_MASK
1304             || im_protocols & NFC_PROTO_ISO14443_MASK
1305             || im_protocols & NFC_PROTO_NFC_DEP_MASK)
1306                 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_A);
1307
1308         if (im_protocols & NFC_PROTO_FELICA_MASK
1309             || im_protocols & NFC_PROTO_NFC_DEP_MASK) {
1310                 pn533_poll_add_mod(dev, PN533_POLL_MOD_212KBPS_FELICA);
1311                 pn533_poll_add_mod(dev, PN533_POLL_MOD_424KBPS_FELICA);
1312         }
1313
1314         if (im_protocols & NFC_PROTO_JEWEL_MASK)
1315                 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_JEWEL);
1316
1317         if (im_protocols & NFC_PROTO_ISO14443_B_MASK)
1318                 pn533_poll_add_mod(dev, PN533_POLL_MOD_847KBPS_B);
1319
1320         if (tm_protocols)
1321                 pn533_poll_add_mod(dev, PN533_LISTEN_MOD);
1322 }
1323
1324 static int pn533_start_poll_complete(struct pn533 *dev, u8 *params, int params_len)
1325 {
1326         struct pn533_poll_response *resp;
1327         int rc;
1328
1329         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1330
1331         resp = (struct pn533_poll_response *) params;
1332         if (resp->nbtg) {
1333                 rc = pn533_target_found(dev, resp, params_len);
1334
1335                 /* We must stop the poll after a valid target found */
1336                 if (rc == 0) {
1337                         pn533_poll_reset_mod_list(dev);
1338                         return 0;
1339                 }
1340         }
1341
1342         return -EAGAIN;
1343 }
1344
1345 static int pn533_init_target_frame(struct pn533_frame *frame,
1346                                    u8 *gb, size_t gb_len)
1347 {
1348         struct pn533_cmd_init_target *cmd;
1349         size_t cmd_len;
1350         u8 felica_params[18] = {0x1, 0xfe, /* DEP */
1351                                 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, /* random */
1352                                 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
1353                                 0xff, 0xff}; /* System code */
1354         u8 mifare_params[6] = {0x1, 0x1, /* SENS_RES */
1355                                0x0, 0x0, 0x0,
1356                                0x40}; /* SEL_RES for DEP */
1357
1358         cmd_len = sizeof(struct pn533_cmd_init_target) + gb_len + 1;
1359         cmd = kzalloc(cmd_len, GFP_KERNEL);
1360         if (cmd == NULL)
1361                 return -ENOMEM;
1362
1363         pn533_tx_frame_init(frame, PN533_CMD_TG_INIT_AS_TARGET);
1364
1365         /* DEP support only */
1366         cmd->mode |= PN533_INIT_TARGET_DEP;
1367
1368         /* Felica params */
1369         memcpy(cmd->felica, felica_params, 18);
1370         get_random_bytes(cmd->felica + 2, 6);
1371
1372         /* NFCID3 */
1373         memset(cmd->nfcid3, 0, 10);
1374         memcpy(cmd->nfcid3, cmd->felica, 8);
1375
1376         /* MIFARE params */
1377         memcpy(cmd->mifare, mifare_params, 6);
1378
1379         /* General bytes */
1380         cmd->gb_len = gb_len;
1381         memcpy(cmd->gb, gb, gb_len);
1382
1383         /* Len Tk */
1384         cmd->gb[gb_len] = 0;
1385
1386         memcpy(PN533_FRAME_CMD_PARAMS_PTR(frame), cmd, cmd_len);
1387
1388         frame->datalen += cmd_len;
1389
1390         pn533_tx_frame_finish(frame);
1391
1392         kfree(cmd);
1393
1394         return 0;
1395 }
1396
1397 #define PN533_CMD_DATAEXCH_HEAD_LEN 1
1398 #define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
1399 static int pn533_tm_get_data_complete(struct pn533 *dev, void *arg,
1400                                       u8 *params, int params_len)
1401 {
1402         struct sk_buff *skb_resp = arg;
1403         struct pn533_frame *in_frame = (struct pn533_frame *) skb_resp->data;
1404
1405         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1406
1407         if (params_len < 0) {
1408                 nfc_dev_err(&dev->interface->dev,
1409                             "Error %d when starting as a target",
1410                             params_len);
1411
1412                 return params_len;
1413         }
1414
1415         if (params_len > 0 && params[0] != 0) {
1416                 nfc_tm_deactivated(dev->nfc_dev);
1417
1418                 dev->tgt_mode = 0;
1419
1420                 kfree_skb(skb_resp);
1421                 return 0;
1422         }
1423
1424         skb_put(skb_resp, PN533_FRAME_SIZE(in_frame));
1425         skb_pull(skb_resp,
1426                  PN533_FRAME_HEADER_LEN + PN533_CMD_DATAEXCH_HEAD_LEN);
1427         skb_trim(skb_resp, skb_resp->len - PN533_FRAME_TAIL_LEN);
1428
1429         return nfc_tm_data_received(dev->nfc_dev, skb_resp);
1430 }
1431
1432 static void pn533_wq_tg_get_data(struct work_struct *work)
1433 {
1434         struct pn533 *dev = container_of(work, struct pn533, tg_work);
1435         struct pn533_frame *in_frame;
1436         struct sk_buff *skb_resp;
1437         size_t skb_resp_len;
1438
1439         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1440
1441         skb_resp_len = PN533_FRAME_HEADER_LEN +
1442                        PN533_CMD_DATAEXCH_HEAD_LEN +
1443                        PN533_CMD_DATAEXCH_DATA_MAXLEN +
1444                        PN533_FRAME_TAIL_LEN;
1445
1446         skb_resp = nfc_alloc_recv_skb(skb_resp_len, GFP_KERNEL);
1447         if (!skb_resp)
1448                 return;
1449
1450         in_frame = (struct pn533_frame *)skb_resp->data;
1451
1452         pn533_tx_frame_init(dev->out_frame, PN533_CMD_TG_GET_DATA);
1453         pn533_tx_frame_finish(dev->out_frame);
1454
1455         pn533_send_cmd_frame_async(dev, dev->out_frame, in_frame,
1456                                    skb_resp_len,
1457                                    pn533_tm_get_data_complete,
1458                                    skb_resp);
1459
1460         return;
1461 }
1462
1463 #define ATR_REQ_GB_OFFSET 17
1464 static int pn533_init_target_complete(struct pn533 *dev, u8 *params, int params_len)
1465 {
1466         struct pn533_cmd_init_target_response *resp;
1467         u8 frame, comm_mode = NFC_COMM_PASSIVE, *gb;
1468         size_t gb_len;
1469         int rc;
1470
1471         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1472
1473         if (params_len < 0) {
1474                 nfc_dev_err(&dev->interface->dev,
1475                             "Error %d when starting as a target",
1476                             params_len);
1477
1478                 return params_len;
1479         }
1480
1481         if (params_len < ATR_REQ_GB_OFFSET + 1)
1482                 return -EINVAL;
1483
1484         resp = (struct pn533_cmd_init_target_response *) params;
1485
1486         nfc_dev_dbg(&dev->interface->dev, "Target mode 0x%x param len %d\n",
1487                     resp->mode, params_len);
1488
1489         frame = resp->mode & PN533_INIT_TARGET_RESP_FRAME_MASK;
1490         if (frame == PN533_INIT_TARGET_RESP_ACTIVE)
1491                 comm_mode = NFC_COMM_ACTIVE;
1492
1493         /* Again, only DEP */
1494         if ((resp->mode & PN533_INIT_TARGET_RESP_DEP) == 0)
1495                 return -EOPNOTSUPP;
1496
1497         gb = resp->cmd + ATR_REQ_GB_OFFSET;
1498         gb_len = params_len - (ATR_REQ_GB_OFFSET + 1);
1499
1500         rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
1501                               comm_mode, gb, gb_len);
1502         if (rc < 0) {
1503                 nfc_dev_err(&dev->interface->dev,
1504                             "Error when signaling target activation");
1505                 return rc;
1506         }
1507
1508         dev->tgt_mode = 1;
1509
1510         queue_work(dev->wq, &dev->tg_work);
1511
1512         return 0;
1513 }
1514
1515 static void pn533_listen_mode_timer(unsigned long data)
1516 {
1517         struct pn533 *dev = (struct pn533 *) data;
1518
1519         nfc_dev_dbg(&dev->interface->dev, "Listen mode timeout");
1520
1521         /* An ack will cancel the last issued command (poll) */
1522         pn533_send_ack(dev, GFP_ATOMIC);
1523
1524         dev->cancel_listen = 1;
1525
1526         pn533_poll_next_mod(dev);
1527
1528         queue_work(dev->wq, &dev->poll_work);
1529 }
1530
1531 static int pn533_poll_complete(struct pn533 *dev, void *arg,
1532                                u8 *params, int params_len)
1533 {
1534         struct pn533_poll_modulations *cur_mod;
1535         int rc;
1536
1537         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1538
1539         if (params_len == -ENOENT) {
1540                 if (dev->poll_mod_count != 0)
1541                         return 0;
1542
1543                 nfc_dev_err(&dev->interface->dev,
1544                             "Polling operation has been stopped");
1545
1546                 goto stop_poll;
1547         }
1548
1549         if (params_len < 0) {
1550                 nfc_dev_err(&dev->interface->dev,
1551                             "Error %d when running poll", params_len);
1552
1553                 goto stop_poll;
1554         }
1555
1556         cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1557
1558         if (cur_mod->len == 0) {
1559                 del_timer(&dev->listen_timer);
1560
1561                 return pn533_init_target_complete(dev, params, params_len);
1562         } else {
1563                 rc = pn533_start_poll_complete(dev, params, params_len);
1564                 if (!rc)
1565                         return rc;
1566         }
1567
1568         pn533_poll_next_mod(dev);
1569
1570         queue_work(dev->wq, &dev->poll_work);
1571
1572         return 0;
1573
1574 stop_poll:
1575         pn533_poll_reset_mod_list(dev);
1576         dev->poll_protocols = 0;
1577         return 0;
1578 }
1579
1580 static void pn533_build_poll_frame(struct pn533 *dev,
1581                                    struct pn533_frame *frame,
1582                                    struct pn533_poll_modulations *mod)
1583 {
1584         nfc_dev_dbg(&dev->interface->dev, "mod len %d\n", mod->len);
1585
1586         if (mod->len == 0) {
1587                 /* Listen mode */
1588                 pn533_init_target_frame(frame, dev->gb, dev->gb_len);
1589         } else {
1590                 /* Polling mode */
1591                 pn533_tx_frame_init(frame, PN533_CMD_IN_LIST_PASSIVE_TARGET);
1592
1593                 memcpy(PN533_FRAME_CMD_PARAMS_PTR(frame), &mod->data, mod->len);
1594                 frame->datalen += mod->len;
1595
1596                 pn533_tx_frame_finish(frame);
1597         }
1598 }
1599
1600 static int pn533_send_poll_frame(struct pn533 *dev)
1601 {
1602         struct pn533_poll_modulations *cur_mod;
1603         int rc;
1604
1605         cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1606
1607         pn533_build_poll_frame(dev, dev->out_frame, cur_mod);
1608
1609         rc = pn533_send_cmd_frame_async(dev, dev->out_frame, dev->in_frame,
1610                                         PN533_NORMAL_FRAME_MAX_LEN,
1611                                         pn533_poll_complete,
1612                                         NULL);
1613         if (rc)
1614                 nfc_dev_err(&dev->interface->dev, "Polling loop error %d", rc);
1615
1616         return rc;
1617 }
1618
1619 static void pn533_wq_poll(struct work_struct *work)
1620 {
1621         struct pn533 *dev = container_of(work, struct pn533, poll_work);
1622         struct pn533_poll_modulations *cur_mod;
1623         int rc;
1624
1625         cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1626
1627         nfc_dev_dbg(&dev->interface->dev,
1628                     "%s cancel_listen %d modulation len %d",
1629                     __func__, dev->cancel_listen, cur_mod->len);
1630
1631         if (dev->cancel_listen == 1) {
1632                 dev->cancel_listen = 0;
1633                 usb_kill_urb(dev->in_urb);
1634         }
1635
1636         rc = pn533_send_poll_frame(dev);
1637         if (rc)
1638                 return;
1639
1640         if (cur_mod->len == 0 && dev->poll_mod_count > 1)
1641                 mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
1642
1643         return;
1644 }
1645
1646 static int pn533_start_poll(struct nfc_dev *nfc_dev,
1647                             u32 im_protocols, u32 tm_protocols)
1648 {
1649         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1650
1651         nfc_dev_dbg(&dev->interface->dev,
1652                     "%s: im protocols 0x%x tm protocols 0x%x",
1653                     __func__, im_protocols, tm_protocols);
1654
1655         if (dev->tgt_active_prot) {
1656                 nfc_dev_err(&dev->interface->dev,
1657                             "Cannot poll with a target already activated");
1658                 return -EBUSY;
1659         }
1660
1661         if (dev->tgt_mode) {
1662                 nfc_dev_err(&dev->interface->dev,
1663                             "Cannot poll while already being activated");
1664                 return -EBUSY;
1665         }
1666
1667         if (tm_protocols) {
1668                 dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
1669                 if (dev->gb == NULL)
1670                         tm_protocols = 0;
1671         }
1672
1673         dev->poll_mod_curr = 0;
1674         pn533_poll_create_mod_list(dev, im_protocols, tm_protocols);
1675         dev->poll_protocols = im_protocols;
1676         dev->listen_protocols = tm_protocols;
1677
1678         return pn533_send_poll_frame(dev);
1679 }
1680
1681 static void pn533_stop_poll(struct nfc_dev *nfc_dev)
1682 {
1683         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1684
1685         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1686
1687         del_timer(&dev->listen_timer);
1688
1689         if (!dev->poll_mod_count) {
1690                 nfc_dev_dbg(&dev->interface->dev, "Polling operation was not"
1691                                                                 " running");
1692                 return;
1693         }
1694
1695         /* An ack will cancel the last issued command (poll) */
1696         pn533_send_ack(dev, GFP_KERNEL);
1697
1698         /* prevent pn533_start_poll_complete to issue a new poll meanwhile */
1699         usb_kill_urb(dev->in_urb);
1700
1701         pn533_poll_reset_mod_list(dev);
1702 }
1703
1704 static int pn533_activate_target_nfcdep(struct pn533 *dev)
1705 {
1706         struct pn533_cmd_activate_param param;
1707         struct pn533_cmd_activate_response *resp;
1708         u16 gt_len;
1709         int rc;
1710
1711         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1712
1713         pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_ATR);
1714
1715         param.tg = 1;
1716         param.next = 0;
1717         memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), &param,
1718                                 sizeof(struct pn533_cmd_activate_param));
1719         dev->out_frame->datalen += sizeof(struct pn533_cmd_activate_param);
1720
1721         pn533_tx_frame_finish(dev->out_frame);
1722
1723         rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
1724                                        PN533_NORMAL_FRAME_MAX_LEN);
1725         if (rc)
1726                 return rc;
1727
1728         resp = (struct pn533_cmd_activate_response *)
1729                                 PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame);
1730         rc = resp->status & PN533_CMD_RET_MASK;
1731         if (rc != PN533_CMD_RET_SUCCESS)
1732                 return -EIO;
1733
1734         /* ATR_RES general bytes are located at offset 16 */
1735         gt_len = PN533_FRAME_CMD_PARAMS_LEN(dev->in_frame) - 16;
1736         rc = nfc_set_remote_general_bytes(dev->nfc_dev, resp->gt, gt_len);
1737
1738         return rc;
1739 }
1740
1741 static int pn533_activate_target(struct nfc_dev *nfc_dev,
1742                                  struct nfc_target *target, u32 protocol)
1743 {
1744         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1745         int rc;
1746
1747         nfc_dev_dbg(&dev->interface->dev, "%s - protocol=%u", __func__,
1748                                                                 protocol);
1749
1750         if (dev->poll_mod_count) {
1751                 nfc_dev_err(&dev->interface->dev, "Cannot activate while"
1752                                                                 " polling");
1753                 return -EBUSY;
1754         }
1755
1756         if (dev->tgt_active_prot) {
1757                 nfc_dev_err(&dev->interface->dev, "There is already an active"
1758                                                                 " target");
1759                 return -EBUSY;
1760         }
1761
1762         if (!dev->tgt_available_prots) {
1763                 nfc_dev_err(&dev->interface->dev, "There is no available target"
1764                                                                 " to activate");
1765                 return -EINVAL;
1766         }
1767
1768         if (!(dev->tgt_available_prots & (1 << protocol))) {
1769                 nfc_dev_err(&dev->interface->dev, "The target does not support"
1770                                         " the requested protocol %u", protocol);
1771                 return -EINVAL;
1772         }
1773
1774         if (protocol == NFC_PROTO_NFC_DEP) {
1775                 rc = pn533_activate_target_nfcdep(dev);
1776                 if (rc) {
1777                         nfc_dev_err(&dev->interface->dev, "Error %d when"
1778                                                 " activating target with"
1779                                                 " NFC_DEP protocol", rc);
1780                         return rc;
1781                 }
1782         }
1783
1784         dev->tgt_active_prot = protocol;
1785         dev->tgt_available_prots = 0;
1786
1787         return 0;
1788 }
1789
1790 static void pn533_deactivate_target(struct nfc_dev *nfc_dev,
1791                                     struct nfc_target *target)
1792 {
1793         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1794         u8 tg;
1795         u8 status;
1796         int rc;
1797
1798         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1799
1800         if (!dev->tgt_active_prot) {
1801                 nfc_dev_err(&dev->interface->dev, "There is no active target");
1802                 return;
1803         }
1804
1805         dev->tgt_active_prot = 0;
1806
1807         skb_queue_purge(&dev->resp_q);
1808
1809         pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_RELEASE);
1810
1811         tg = 1;
1812         memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), &tg, sizeof(u8));
1813         dev->out_frame->datalen += sizeof(u8);
1814
1815         pn533_tx_frame_finish(dev->out_frame);
1816
1817         rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
1818                                        PN533_NORMAL_FRAME_MAX_LEN);
1819         if (rc) {
1820                 nfc_dev_err(&dev->interface->dev, "Error when sending release"
1821                                                 " command to the controller");
1822                 return;
1823         }
1824
1825         status = PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame)[0];
1826         rc = status & PN533_CMD_RET_MASK;
1827         if (rc != PN533_CMD_RET_SUCCESS)
1828                 nfc_dev_err(&dev->interface->dev, "Error 0x%x when releasing"
1829                                                         " the target", rc);
1830
1831         return;
1832 }
1833
1834
1835 static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg,
1836                                                 u8 *params, int params_len)
1837 {
1838         struct pn533_cmd_jump_dep_response *resp;
1839         struct nfc_target nfc_target;
1840         u8 target_gt_len;
1841         int rc;
1842         struct pn533_cmd_jump_dep *cmd = (struct pn533_cmd_jump_dep *)arg;
1843         u8 active = cmd->active;
1844
1845         kfree(arg);
1846
1847         if (params_len == -ENOENT) {
1848                 nfc_dev_dbg(&dev->interface->dev, "");
1849                 return 0;
1850         }
1851
1852         if (params_len < 0) {
1853                 nfc_dev_err(&dev->interface->dev,
1854                                 "Error %d when bringing DEP link up",
1855                                                                 params_len);
1856                 return 0;
1857         }
1858
1859         if (dev->tgt_available_prots &&
1860             !(dev->tgt_available_prots & (1 << NFC_PROTO_NFC_DEP))) {
1861                 nfc_dev_err(&dev->interface->dev,
1862                         "The target does not support DEP");
1863                 return -EINVAL;
1864         }
1865
1866         resp = (struct pn533_cmd_jump_dep_response *) params;
1867         rc = resp->status & PN533_CMD_RET_MASK;
1868         if (rc != PN533_CMD_RET_SUCCESS) {
1869                 nfc_dev_err(&dev->interface->dev,
1870                                 "Bringing DEP link up failed %d", rc);
1871                 return 0;
1872         }
1873
1874         if (!dev->tgt_available_prots) {
1875                 nfc_dev_dbg(&dev->interface->dev, "Creating new target");
1876
1877                 nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1878                 nfc_target.nfcid1_len = 10;
1879                 memcpy(nfc_target.nfcid1, resp->nfcid3t, nfc_target.nfcid1_len);
1880                 rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
1881                 if (rc)
1882                         return 0;
1883
1884                 dev->tgt_available_prots = 0;
1885         }
1886
1887         dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
1888
1889         /* ATR_RES general bytes are located at offset 17 */
1890         target_gt_len = PN533_FRAME_CMD_PARAMS_LEN(dev->in_frame) - 17;
1891         rc = nfc_set_remote_general_bytes(dev->nfc_dev,
1892                                                 resp->gt, target_gt_len);
1893         if (rc == 0)
1894                 rc = nfc_dep_link_is_up(dev->nfc_dev,
1895                                                 dev->nfc_dev->targets[0].idx,
1896                                                 !active, NFC_RF_INITIATOR);
1897
1898         return 0;
1899 }
1900
1901 static int pn533_mod_to_baud(struct pn533 *dev)
1902 {
1903         switch (dev->poll_mod_curr) {
1904         case PN533_POLL_MOD_106KBPS_A:
1905                 return 0;
1906         case PN533_POLL_MOD_212KBPS_FELICA:
1907                 return 1;
1908         case PN533_POLL_MOD_424KBPS_FELICA:
1909                 return 2;
1910         default:
1911                 return -EINVAL;
1912         }
1913 }
1914
1915 #define PASSIVE_DATA_LEN 5
1916 static int pn533_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
1917                              u8 comm_mode, u8* gb, size_t gb_len)
1918 {
1919         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1920         struct pn533_cmd_jump_dep *cmd;
1921         u8 cmd_len, *data_ptr;
1922         u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
1923         int rc, baud;
1924
1925         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1926
1927         if (dev->poll_mod_count) {
1928                 nfc_dev_err(&dev->interface->dev,
1929                                 "Cannot bring the DEP link up while polling");
1930                 return -EBUSY;
1931         }
1932
1933         if (dev->tgt_active_prot) {
1934                 nfc_dev_err(&dev->interface->dev,
1935                                 "There is already an active target");
1936                 return -EBUSY;
1937         }
1938
1939         baud = pn533_mod_to_baud(dev);
1940         if (baud < 0) {
1941                 nfc_dev_err(&dev->interface->dev,
1942                             "Invalid curr modulation %d", dev->poll_mod_curr);
1943                 return baud;
1944         }
1945
1946         cmd_len = sizeof(struct pn533_cmd_jump_dep) + gb_len;
1947         if (comm_mode == NFC_COMM_PASSIVE)
1948                 cmd_len += PASSIVE_DATA_LEN;
1949
1950         cmd = kzalloc(cmd_len, GFP_KERNEL);
1951         if (cmd == NULL)
1952                 return -ENOMEM;
1953
1954         pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_JUMP_FOR_DEP);
1955
1956         cmd->active = !comm_mode;
1957         cmd->next = 0;
1958         cmd->baud = baud;
1959         data_ptr = cmd->data;
1960         if (comm_mode == NFC_COMM_PASSIVE && cmd->baud > 0) {
1961                 memcpy(data_ptr, passive_data, PASSIVE_DATA_LEN);
1962                 cmd->next |= 1;
1963                 data_ptr += PASSIVE_DATA_LEN;
1964         }
1965
1966         if (gb != NULL && gb_len > 0) {
1967                 cmd->next |= 4; /* We have some Gi */
1968                 memcpy(data_ptr, gb, gb_len);
1969         } else {
1970                 cmd->next = 0;
1971         }
1972
1973         memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), cmd, cmd_len);
1974         dev->out_frame->datalen += cmd_len;
1975
1976         pn533_tx_frame_finish(dev->out_frame);
1977
1978         rc = pn533_send_cmd_frame_async(dev, dev->out_frame, dev->in_frame,
1979                                         PN533_NORMAL_FRAME_MAX_LEN,
1980                                         pn533_in_dep_link_up_complete, cmd);
1981         if (rc < 0)
1982                 kfree(cmd);
1983
1984         return rc;
1985 }
1986
1987 static int pn533_dep_link_down(struct nfc_dev *nfc_dev)
1988 {
1989         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1990
1991         pn533_poll_reset_mod_list(dev);
1992
1993         if (dev->tgt_mode || dev->tgt_active_prot) {
1994                 pn533_send_ack(dev, GFP_KERNEL);
1995                 usb_kill_urb(dev->in_urb);
1996         }
1997
1998         dev->tgt_active_prot = 0;
1999         dev->tgt_mode = 0;
2000
2001         skb_queue_purge(&dev->resp_q);
2002
2003         return 0;
2004 }
2005
2006 static int pn533_build_tx_frame(struct pn533 *dev, struct sk_buff *skb,
2007                                 bool target)
2008 {
2009         int payload_len = skb->len;
2010         struct pn533_frame *out_frame;
2011         u8 tg;
2012
2013         nfc_dev_dbg(&dev->interface->dev, "%s - Sending %d bytes", __func__,
2014                                                                 payload_len);
2015
2016         if (payload_len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
2017                 /* TODO: Implement support to multi-part data exchange */
2018                 nfc_dev_err(&dev->interface->dev, "Data length greater than the"
2019                                                 " max allowed: %d",
2020                                                 PN533_CMD_DATAEXCH_DATA_MAXLEN);
2021                 return -ENOSYS;
2022         }
2023
2024         skb_push(skb, PN533_FRAME_HEADER_LEN);
2025
2026         if (target == true) {
2027                 switch (dev->device_type) {
2028                 case PN533_DEVICE_PASORI:
2029                         if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
2030                                 out_frame = (struct pn533_frame *) skb->data;
2031                                 pn533_tx_frame_init(out_frame,
2032                                                     PN533_CMD_IN_COMM_THRU);
2033
2034                                 break;
2035                         }
2036
2037                 default:
2038                         skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN);
2039                         out_frame = (struct pn533_frame *) skb->data;
2040                         pn533_tx_frame_init(out_frame,
2041                                             PN533_CMD_IN_DATA_EXCHANGE);
2042                         tg = 1;
2043                         memcpy(PN533_FRAME_CMD_PARAMS_PTR(out_frame),
2044                                &tg, sizeof(u8));
2045                         out_frame->datalen += sizeof(u8);
2046
2047                         break;
2048                 }
2049
2050         } else {
2051                 skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN - 1);
2052                 out_frame = (struct pn533_frame *) skb->data;
2053                 pn533_tx_frame_init(out_frame, PN533_CMD_TG_SET_DATA);
2054         }
2055
2056
2057         /* The data is already in the out_frame, just update the datalen */
2058         out_frame->datalen += payload_len;
2059
2060         pn533_tx_frame_finish(out_frame);
2061         skb_put(skb, PN533_FRAME_TAIL_LEN);
2062
2063         return 0;
2064 }
2065
2066 struct pn533_data_exchange_arg {
2067         struct sk_buff *skb_resp;
2068         struct sk_buff *skb_out;
2069         data_exchange_cb_t cb;
2070         void *cb_context;
2071 };
2072
2073 static struct sk_buff *pn533_build_response(struct pn533 *dev)
2074 {
2075         struct sk_buff *skb, *tmp, *t;
2076         unsigned int skb_len = 0, tmp_len = 0;
2077
2078         nfc_dev_dbg(&dev->interface->dev, "%s\n", __func__);
2079
2080         if (skb_queue_empty(&dev->resp_q))
2081                 return NULL;
2082
2083         if (skb_queue_len(&dev->resp_q) == 1) {
2084                 skb = skb_dequeue(&dev->resp_q);
2085                 goto out;
2086         }
2087
2088         skb_queue_walk_safe(&dev->resp_q, tmp, t)
2089                 skb_len += tmp->len;
2090
2091         nfc_dev_dbg(&dev->interface->dev, "%s total length %d\n",
2092                     __func__, skb_len);
2093
2094         skb = alloc_skb(skb_len, GFP_KERNEL);
2095         if (skb == NULL)
2096                 goto out;
2097
2098         skb_put(skb, skb_len);
2099
2100         skb_queue_walk_safe(&dev->resp_q, tmp, t) {
2101                 memcpy(skb->data + tmp_len, tmp->data, tmp->len);
2102                 tmp_len += tmp->len;
2103         }
2104
2105 out:
2106         skb_queue_purge(&dev->resp_q);
2107
2108         return skb;
2109 }
2110
2111 static int pn533_data_exchange_complete(struct pn533 *dev, void *_arg,
2112                                                 u8 *params, int params_len)
2113 {
2114         struct pn533_data_exchange_arg *arg = _arg;
2115         struct sk_buff *skb = NULL, *skb_resp = arg->skb_resp;
2116         struct pn533_frame *in_frame = (struct pn533_frame *) skb_resp->data;
2117         int err = 0;
2118         u8 status;
2119         u8 cmd_ret;
2120
2121         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2122
2123         dev_kfree_skb(arg->skb_out);
2124
2125         if (params_len < 0) { /* error */
2126                 err = params_len;
2127                 goto error;
2128         }
2129
2130         status = params[0];
2131
2132         cmd_ret = status & PN533_CMD_RET_MASK;
2133         if (cmd_ret != PN533_CMD_RET_SUCCESS) {
2134                 nfc_dev_err(&dev->interface->dev, "PN533 reported error %d when"
2135                                                 " exchanging data", cmd_ret);
2136                 err = -EIO;
2137                 goto error;
2138         }
2139
2140         skb_put(skb_resp, PN533_FRAME_SIZE(in_frame));
2141         skb_pull(skb_resp, PN533_FRAME_HEADER_LEN);
2142         skb_pull(skb_resp, PN533_CMD_DATAEXCH_HEAD_LEN);
2143         skb_trim(skb_resp, skb_resp->len - PN533_FRAME_TAIL_LEN);
2144         skb_queue_tail(&dev->resp_q, skb_resp);
2145
2146         if (status & PN533_CMD_MI_MASK) {
2147                 queue_work(dev->wq, &dev->mi_work);
2148                 return -EINPROGRESS;
2149         }
2150
2151         skb = pn533_build_response(dev);
2152         if (skb == NULL)
2153                 goto error;
2154
2155         arg->cb(arg->cb_context, skb, 0);
2156         kfree(arg);
2157         return 0;
2158
2159 error:
2160         skb_queue_purge(&dev->resp_q);
2161         dev_kfree_skb(skb_resp);
2162         arg->cb(arg->cb_context, NULL, err);
2163         kfree(arg);
2164         return 0;
2165 }
2166
2167 static int pn533_transceive(struct nfc_dev *nfc_dev,
2168                             struct nfc_target *target, struct sk_buff *skb,
2169                             data_exchange_cb_t cb, void *cb_context)
2170 {
2171         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2172         struct pn533_frame *out_frame, *in_frame;
2173         struct pn533_data_exchange_arg *arg;
2174         struct sk_buff *skb_resp;
2175         int skb_resp_len;
2176         int rc;
2177
2178         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2179
2180         if (!dev->tgt_active_prot) {
2181                 nfc_dev_err(&dev->interface->dev, "Cannot exchange data if"
2182                                                 " there is no active target");
2183                 rc = -EINVAL;
2184                 goto error;
2185         }
2186
2187         rc = pn533_build_tx_frame(dev, skb, true);
2188         if (rc)
2189                 goto error;
2190
2191         skb_resp_len = PN533_FRAME_HEADER_LEN +
2192                        PN533_CMD_DATAEXCH_HEAD_LEN +
2193                        PN533_CMD_DATAEXCH_DATA_MAXLEN +
2194                        PN533_FRAME_TAIL_LEN;
2195
2196         skb_resp = nfc_alloc_recv_skb(skb_resp_len, GFP_KERNEL);
2197         if (!skb_resp) {
2198                 rc = -ENOMEM;
2199                 goto error;
2200         }
2201
2202         in_frame = (struct pn533_frame *) skb_resp->data;
2203         out_frame = (struct pn533_frame *) skb->data;
2204
2205         arg = kmalloc(sizeof(struct pn533_data_exchange_arg), GFP_KERNEL);
2206         if (!arg) {
2207                 rc = -ENOMEM;
2208                 goto free_skb_resp;
2209         }
2210
2211         arg->skb_resp = skb_resp;
2212         arg->skb_out = skb;
2213         arg->cb = cb;
2214         arg->cb_context = cb_context;
2215
2216         rc = pn533_send_cmd_frame_async(dev, out_frame, in_frame, skb_resp_len,
2217                                         pn533_data_exchange_complete, arg);
2218         if (rc) {
2219                 nfc_dev_err(&dev->interface->dev, "Error %d when trying to"
2220                                                 " perform data_exchange", rc);
2221                 goto free_arg;
2222         }
2223
2224         return 0;
2225
2226 free_arg:
2227         kfree(arg);
2228 free_skb_resp:
2229         kfree_skb(skb_resp);
2230 error:
2231         kfree_skb(skb);
2232         return rc;
2233 }
2234
2235 static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
2236                                   u8 *params, int params_len)
2237 {
2238         struct sk_buff *skb_out = arg;
2239
2240         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2241
2242         dev_kfree_skb(skb_out);
2243
2244         if (params_len < 0) {
2245                 nfc_dev_err(&dev->interface->dev,
2246                             "Error %d when sending data",
2247                             params_len);
2248
2249                 return params_len;
2250         }
2251
2252         if (params_len > 0 && params[0] != 0) {
2253                 nfc_tm_deactivated(dev->nfc_dev);
2254
2255                 dev->tgt_mode = 0;
2256
2257                 return 0;
2258         }
2259
2260         queue_work(dev->wq, &dev->tg_work);
2261
2262         return 0;
2263 }
2264
2265 static int pn533_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb)
2266 {
2267         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2268         struct pn533_frame *out_frame;
2269         int rc;
2270
2271         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2272
2273         rc = pn533_build_tx_frame(dev, skb, false);
2274         if (rc)
2275                 goto error;
2276
2277         out_frame = (struct pn533_frame *) skb->data;
2278
2279         rc = pn533_send_cmd_frame_async(dev, out_frame, dev->in_frame,
2280                                         PN533_NORMAL_FRAME_MAX_LEN,
2281                                         pn533_tm_send_complete, skb);
2282         if (rc) {
2283                 nfc_dev_err(&dev->interface->dev,
2284                             "Error %d when trying to send data", rc);
2285                 goto error;
2286         }
2287
2288         return 0;
2289
2290 error:
2291         kfree_skb(skb);
2292
2293         return rc;
2294 }
2295
2296 static void pn533_wq_mi_recv(struct work_struct *work)
2297 {
2298         struct pn533 *dev = container_of(work, struct pn533, mi_work);
2299         struct sk_buff *skb_cmd;
2300         struct pn533_data_exchange_arg *arg = dev->cmd_complete_arg;
2301         struct pn533_frame *out_frame, *in_frame;
2302         struct sk_buff *skb_resp;
2303         int skb_resp_len;
2304         int rc;
2305
2306         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2307
2308         /* This is a zero payload size skb */
2309         skb_cmd = alloc_skb(PN533_FRAME_HEADER_LEN +
2310                             PN533_CMD_DATAEXCH_HEAD_LEN +
2311                             PN533_FRAME_TAIL_LEN,
2312                             GFP_KERNEL);
2313         if (skb_cmd == NULL)
2314                 goto error_cmd;
2315
2316         skb_reserve(skb_cmd,
2317                     PN533_FRAME_HEADER_LEN + PN533_CMD_DATAEXCH_HEAD_LEN);
2318
2319         rc = pn533_build_tx_frame(dev, skb_cmd, true);
2320         if (rc)
2321                 goto error_frame;
2322
2323         skb_resp_len = PN533_FRAME_HEADER_LEN +
2324                        PN533_CMD_DATAEXCH_HEAD_LEN +
2325                        PN533_CMD_DATAEXCH_DATA_MAXLEN +
2326                        PN533_FRAME_TAIL_LEN;
2327
2328         skb_resp = alloc_skb(skb_resp_len, GFP_KERNEL);
2329         if (!skb_resp) {
2330                 rc = -ENOMEM;
2331                 goto error_frame;
2332         }
2333
2334         in_frame = (struct pn533_frame *) skb_resp->data;
2335         out_frame = (struct pn533_frame *) skb_cmd->data;
2336
2337         arg->skb_resp = skb_resp;
2338         arg->skb_out = skb_cmd;
2339
2340         rc = __pn533_send_cmd_frame_async(dev, out_frame, in_frame,
2341                                           skb_resp_len,
2342                                           pn533_data_exchange_complete,
2343                                           dev->cmd_complete_arg);
2344         if (!rc)
2345                 return;
2346
2347         nfc_dev_err(&dev->interface->dev, "Error %d when trying to"
2348                                                 " perform data_exchange", rc);
2349
2350         kfree_skb(skb_resp);
2351
2352 error_frame:
2353         kfree_skb(skb_cmd);
2354
2355 error_cmd:
2356         pn533_send_ack(dev, GFP_KERNEL);
2357
2358         kfree(arg);
2359
2360         queue_work(dev->wq, &dev->cmd_work);
2361 }
2362
2363 static int pn533_set_configuration(struct pn533 *dev, u8 cfgitem, u8 *cfgdata,
2364                                                                 u8 cfgdata_len)
2365 {
2366         int rc;
2367         u8 *params;
2368
2369         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2370
2371         pn533_tx_frame_init(dev->out_frame, PN533_CMD_RF_CONFIGURATION);
2372
2373         params = PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame);
2374         params[0] = cfgitem;
2375         memcpy(&params[1], cfgdata, cfgdata_len);
2376         dev->out_frame->datalen += (1 + cfgdata_len);
2377
2378         pn533_tx_frame_finish(dev->out_frame);
2379
2380         rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2381                                        PN533_NORMAL_FRAME_MAX_LEN);
2382
2383         return rc;
2384 }
2385
2386 static int pn533_fw_reset(struct pn533 *dev)
2387 {
2388         int rc;
2389         u8 *params;
2390
2391         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2392
2393         pn533_tx_frame_init(dev->out_frame, 0x18);
2394
2395         params = PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame);
2396         params[0] = 0x1;
2397         dev->out_frame->datalen += 1;
2398
2399         pn533_tx_frame_finish(dev->out_frame);
2400
2401         rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2402                                        PN533_NORMAL_FRAME_MAX_LEN);
2403
2404         return rc;
2405 }
2406
2407 static struct nfc_ops pn533_nfc_ops = {
2408         .dev_up = NULL,
2409         .dev_down = NULL,
2410         .dep_link_up = pn533_dep_link_up,
2411         .dep_link_down = pn533_dep_link_down,
2412         .start_poll = pn533_start_poll,
2413         .stop_poll = pn533_stop_poll,
2414         .activate_target = pn533_activate_target,
2415         .deactivate_target = pn533_deactivate_target,
2416         .im_transceive = pn533_transceive,
2417         .tm_send = pn533_tm_send,
2418 };
2419
2420 static int pn533_setup(struct pn533 *dev)
2421 {
2422         struct pn533_config_max_retries max_retries;
2423         struct pn533_config_timing timing;
2424         u8 pasori_cfg[3] = {0x08, 0x01, 0x08};
2425         int rc;
2426
2427         switch (dev->device_type) {
2428         case PN533_DEVICE_STD:
2429                 max_retries.mx_rty_atr = PN533_CONFIG_MAX_RETRIES_ENDLESS;
2430                 max_retries.mx_rty_psl = 2;
2431                 max_retries.mx_rty_passive_act =
2432                         PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2433
2434                 timing.rfu = PN533_CONFIG_TIMING_102;
2435                 timing.atr_res_timeout = PN533_CONFIG_TIMING_204;
2436                 timing.dep_timeout = PN533_CONFIG_TIMING_409;
2437
2438                 break;
2439
2440         case PN533_DEVICE_PASORI:
2441                 max_retries.mx_rty_atr = 0x2;
2442                 max_retries.mx_rty_psl = 0x1;
2443                 max_retries.mx_rty_passive_act =
2444                         PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2445
2446                 timing.rfu = PN533_CONFIG_TIMING_102;
2447                 timing.atr_res_timeout = PN533_CONFIG_TIMING_102;
2448                 timing.dep_timeout = PN533_CONFIG_TIMING_204;
2449
2450                 break;
2451
2452         default:
2453                 nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2454                             dev->device_type);
2455                 return -EINVAL;
2456         }
2457
2458         rc = pn533_set_configuration(dev, PN533_CFGITEM_MAX_RETRIES,
2459                                      (u8 *)&max_retries, sizeof(max_retries));
2460         if (rc) {
2461                 nfc_dev_err(&dev->interface->dev,
2462                             "Error on setting MAX_RETRIES config");
2463                 return rc;
2464         }
2465
2466
2467         rc = pn533_set_configuration(dev, PN533_CFGITEM_TIMING,
2468                                      (u8 *)&timing, sizeof(timing));
2469         if (rc) {
2470                 nfc_dev_err(&dev->interface->dev,
2471                             "Error on setting RF timings");
2472                 return rc;
2473         }
2474
2475         switch (dev->device_type) {
2476         case PN533_DEVICE_STD:
2477                 break;
2478
2479         case PN533_DEVICE_PASORI:
2480                 pn533_fw_reset(dev);
2481
2482                 rc = pn533_set_configuration(dev, PN533_CFGITEM_PASORI,
2483                                              pasori_cfg, 3);
2484                 if (rc) {
2485                         nfc_dev_err(&dev->interface->dev,
2486                                     "Error while settings PASORI config");
2487                         return rc;
2488                 }
2489
2490                 pn533_fw_reset(dev);
2491
2492                 break;
2493         }
2494
2495         return 0;
2496 }
2497
2498 static int pn533_probe(struct usb_interface *interface,
2499                         const struct usb_device_id *id)
2500 {
2501         struct pn533_fw_version *fw_ver;
2502         struct pn533 *dev;
2503         struct usb_host_interface *iface_desc;
2504         struct usb_endpoint_descriptor *endpoint;
2505         int in_endpoint = 0;
2506         int out_endpoint = 0;
2507         int rc = -ENOMEM;
2508         int i;
2509         u32 protocols;
2510
2511         dev = kzalloc(sizeof(*dev), GFP_KERNEL);
2512         if (!dev)
2513                 return -ENOMEM;
2514
2515         dev->udev = usb_get_dev(interface_to_usbdev(interface));
2516         dev->interface = interface;
2517         mutex_init(&dev->cmd_lock);
2518
2519         iface_desc = interface->cur_altsetting;
2520         for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
2521                 endpoint = &iface_desc->endpoint[i].desc;
2522
2523                 if (!in_endpoint && usb_endpoint_is_bulk_in(endpoint))
2524                         in_endpoint = endpoint->bEndpointAddress;
2525
2526                 if (!out_endpoint && usb_endpoint_is_bulk_out(endpoint))
2527                         out_endpoint = endpoint->bEndpointAddress;
2528         }
2529
2530         if (!in_endpoint || !out_endpoint) {
2531                 nfc_dev_err(&interface->dev, "Could not find bulk-in or"
2532                                                         " bulk-out endpoint");
2533                 rc = -ENODEV;
2534                 goto error;
2535         }
2536
2537         dev->in_frame = kmalloc(PN533_NORMAL_FRAME_MAX_LEN, GFP_KERNEL);
2538         dev->in_urb = usb_alloc_urb(0, GFP_KERNEL);
2539         dev->out_frame = kmalloc(PN533_NORMAL_FRAME_MAX_LEN, GFP_KERNEL);
2540         dev->out_urb = usb_alloc_urb(0, GFP_KERNEL);
2541
2542         if (!dev->in_frame || !dev->out_frame ||
2543                 !dev->in_urb || !dev->out_urb)
2544                 goto error;
2545
2546         usb_fill_bulk_urb(dev->in_urb, dev->udev,
2547                         usb_rcvbulkpipe(dev->udev, in_endpoint),
2548                         NULL, 0, NULL, dev);
2549         usb_fill_bulk_urb(dev->out_urb, dev->udev,
2550                         usb_sndbulkpipe(dev->udev, out_endpoint),
2551                         NULL, 0,
2552                         pn533_send_complete, dev);
2553
2554         INIT_WORK(&dev->cmd_work, pn533_wq_cmd);
2555         INIT_WORK(&dev->cmd_complete_work, pn533_wq_cmd_complete);
2556         INIT_WORK(&dev->mi_work, pn533_wq_mi_recv);
2557         INIT_WORK(&dev->tg_work, pn533_wq_tg_get_data);
2558         INIT_WORK(&dev->poll_work, pn533_wq_poll);
2559         dev->wq = alloc_ordered_workqueue("pn533", 0);
2560         if (dev->wq == NULL)
2561                 goto error;
2562
2563         init_timer(&dev->listen_timer);
2564         dev->listen_timer.data = (unsigned long) dev;
2565         dev->listen_timer.function = pn533_listen_mode_timer;
2566
2567         skb_queue_head_init(&dev->resp_q);
2568
2569         INIT_LIST_HEAD(&dev->cmd_queue);
2570
2571         usb_set_intfdata(interface, dev);
2572
2573         pn533_tx_frame_init(dev->out_frame, PN533_CMD_GET_FIRMWARE_VERSION);
2574         pn533_tx_frame_finish(dev->out_frame);
2575
2576         rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2577                                        PN533_NORMAL_FRAME_MAX_LEN);
2578         if (rc)
2579                 goto destroy_wq;
2580
2581         fw_ver = (struct pn533_fw_version *)
2582                                 PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame);
2583         nfc_dev_info(&dev->interface->dev, "NXP PN533 firmware ver %d.%d now"
2584                                         " attached", fw_ver->ver, fw_ver->rev);
2585
2586         dev->device_type = id->driver_info;
2587         switch (dev->device_type) {
2588         case PN533_DEVICE_STD:
2589                 protocols = PN533_ALL_PROTOCOLS;
2590                 break;
2591
2592         case PN533_DEVICE_PASORI:
2593                 protocols = PN533_NO_TYPE_B_PROTOCOLS;
2594                 break;
2595
2596         default:
2597                 nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2598                             dev->device_type);
2599                 rc = -EINVAL;
2600                 goto destroy_wq;
2601         }
2602
2603         dev->nfc_dev = nfc_allocate_device(&pn533_nfc_ops, protocols,
2604                                            PN533_FRAME_HEADER_LEN +
2605                                            PN533_CMD_DATAEXCH_HEAD_LEN,
2606                                            PN533_FRAME_TAIL_LEN);
2607         if (!dev->nfc_dev)
2608                 goto destroy_wq;
2609
2610         nfc_set_parent_dev(dev->nfc_dev, &interface->dev);
2611         nfc_set_drvdata(dev->nfc_dev, dev);
2612
2613         rc = nfc_register_device(dev->nfc_dev);
2614         if (rc)
2615                 goto free_nfc_dev;
2616
2617         rc = pn533_setup(dev);
2618         if (rc)
2619                 goto unregister_nfc_dev;
2620
2621         return 0;
2622
2623 unregister_nfc_dev:
2624         nfc_unregister_device(dev->nfc_dev);
2625
2626 free_nfc_dev:
2627         nfc_free_device(dev->nfc_dev);
2628
2629 destroy_wq:
2630         destroy_workqueue(dev->wq);
2631 error:
2632         kfree(dev->in_frame);
2633         usb_free_urb(dev->in_urb);
2634         kfree(dev->out_frame);
2635         usb_free_urb(dev->out_urb);
2636         kfree(dev);
2637         return rc;
2638 }
2639
2640 static void pn533_disconnect(struct usb_interface *interface)
2641 {
2642         struct pn533 *dev;
2643         struct pn533_cmd *cmd, *n;
2644
2645         dev = usb_get_intfdata(interface);
2646         usb_set_intfdata(interface, NULL);
2647
2648         nfc_unregister_device(dev->nfc_dev);
2649         nfc_free_device(dev->nfc_dev);
2650
2651         usb_kill_urb(dev->in_urb);
2652         usb_kill_urb(dev->out_urb);
2653
2654         destroy_workqueue(dev->wq);
2655
2656         skb_queue_purge(&dev->resp_q);
2657
2658         del_timer(&dev->listen_timer);
2659
2660         list_for_each_entry_safe(cmd, n, &dev->cmd_queue, queue) {
2661                 list_del(&cmd->queue);
2662                 kfree(cmd);
2663         }
2664
2665         kfree(dev->in_frame);
2666         usb_free_urb(dev->in_urb);
2667         kfree(dev->out_frame);
2668         usb_free_urb(dev->out_urb);
2669         kfree(dev);
2670
2671         nfc_dev_info(&interface->dev, "NXP PN533 NFC device disconnected");
2672 }
2673
2674 static struct usb_driver pn533_driver = {
2675         .name =         "pn533",
2676         .probe =        pn533_probe,
2677         .disconnect =   pn533_disconnect,
2678         .id_table =     pn533_table,
2679 };
2680
2681 module_usb_driver(pn533_driver);
2682
2683 MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>,"
2684                         " Aloisio Almeida Jr <aloisio.almeida@openbossa.org>");
2685 MODULE_DESCRIPTION("PN533 usb driver ver " VERSION);
2686 MODULE_VERSION(VERSION);
2687 MODULE_LICENSE("GPL");
Unnamed repository; edit this file 'description' to name the repository.