projects / firefly-linux-kernel-4.4.55.git / blob
? search:


91e1594dfd1394ded59d066661692e268225f48c
[firefly-linux-kernel-4.4.55.git] / drivers / nfc / pn533.c
1 /*
2  * Copyright (C) 2011 Instituto Nokia de Tecnologia
3  *
4  * Authors:
5  *    Lauro Ramos Venancio <lauro.venancio@openbossa.org>
6  *    Aloisio Almeida Jr <aloisio.almeida@openbossa.org>
7  *
8  * This program is free software; you can redistribute it and/or modify
9  * it under the terms of the GNU General Public License as published by
10  * the Free Software Foundation; either version 2 of the License, or
11  * (at your option) any later version.
12  *
13  * This program is distributed in the hope that it will be useful,
14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16  * GNU General Public License for more details.
17  *
18  * You should have received a copy of the GNU General Public License
19  * along with this program; if not, write to the
20  * Free Software Foundation, Inc.,
21  * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
22  */
23
24 #include <linux/device.h>
25 #include <linux/kernel.h>
26 #include <linux/module.h>
27 #include <linux/slab.h>
28 #include <linux/usb.h>
29 #include <linux/nfc.h>
30 #include <linux/netdevice.h>
31 #include <net/nfc/nfc.h>
32
33 #define VERSION "0.1"
34
35 #define PN533_VENDOR_ID 0x4CC
36 #define PN533_PRODUCT_ID 0x2533
37
38 #define SCM_VENDOR_ID 0x4E6
39 #define SCL3711_PRODUCT_ID 0x5591
40
41 #define SONY_VENDOR_ID         0x054c
42 #define PASORI_PRODUCT_ID      0x02e1
43
44 #define PN533_DEVICE_STD    0x1
45 #define PN533_DEVICE_PASORI 0x2
46
47 #define PN533_ALL_PROTOCOLS (NFC_PROTO_JEWEL_MASK | NFC_PROTO_MIFARE_MASK |\
48                              NFC_PROTO_FELICA_MASK | NFC_PROTO_ISO14443_MASK |\
49                              NFC_PROTO_NFC_DEP_MASK |\
50                              NFC_PROTO_ISO14443_B_MASK)
51
52 #define PN533_NO_TYPE_B_PROTOCOLS (NFC_PROTO_JEWEL_MASK | \
53                                    NFC_PROTO_MIFARE_MASK | \
54                                    NFC_PROTO_FELICA_MASK | \
55                                    NFC_PROTO_ISO14443_MASK | \
56                                    NFC_PROTO_NFC_DEP_MASK)
57
58 static const struct usb_device_id pn533_table[] = {
59         { .match_flags          = USB_DEVICE_ID_MATCH_DEVICE,
60           .idVendor             = PN533_VENDOR_ID,
61           .idProduct            = PN533_PRODUCT_ID,
62           .driver_info          = PN533_DEVICE_STD,
63         },
64         { .match_flags          = USB_DEVICE_ID_MATCH_DEVICE,
65           .idVendor             = SCM_VENDOR_ID,
66           .idProduct            = SCL3711_PRODUCT_ID,
67           .driver_info          = PN533_DEVICE_STD,
68         },
69         { .match_flags          = USB_DEVICE_ID_MATCH_DEVICE,
70           .idVendor             = SONY_VENDOR_ID,
71           .idProduct            = PASORI_PRODUCT_ID,
72           .driver_info          = PN533_DEVICE_PASORI,
73         },
74         { }
75 };
76 MODULE_DEVICE_TABLE(usb, pn533_table);
77
78 /* How much time we spend listening for initiators */
79 #define PN533_LISTEN_TIME 2
80
81 /* frame definitions */
82 #define PN533_NORMAL_FRAME_MAX_LEN 262  /* 6   (PREAMBLE, SOF, LEN, LCS, TFI)
83                                            254 (DATA)
84                                            2   (DCS, postamble) */
85 #define PN533_FRAME_HEADER_LEN (sizeof(struct pn533_frame) \
86                                         + 2) /* data[0] TFI, data[1] CC */
87 #define PN533_FRAME_TAIL_LEN 2 /* data[len] DCS, data[len + 1] postamble*/
88
89 /*
90  * Max extended frame payload len, excluding TFI and CC
91  * which are already in PN533_FRAME_HEADER_LEN.
92  */
93 #define PN533_FRAME_MAX_PAYLOAD_LEN 263
94
95 #define PN533_FRAME_SIZE(f) (sizeof(struct pn533_frame) + f->datalen + \
96                                 PN533_FRAME_TAIL_LEN)
97 #define PN533_FRAME_ACK_SIZE (sizeof(struct pn533_frame) + 1)
98 #define PN533_FRAME_CHECKSUM(f) (f->data[f->datalen])
99 #define PN533_FRAME_POSTAMBLE(f) (f->data[f->datalen + 1])
100
101 /* start of frame */
102 #define PN533_SOF 0x00FF
103
104 /* frame identifier: in/out/error */
105 #define PN533_FRAME_IDENTIFIER(f) (f->data[0])
106 #define PN533_DIR_OUT 0xD4
107 #define PN533_DIR_IN 0xD5
108
109 /* PN533 Commands */
110 #define PN533_FRAME_CMD(f) (f->data[1])
111 #define PN533_FRAME_CMD_PARAMS_PTR(f) (&f->data[2])
112 #define PN533_FRAME_CMD_PARAMS_LEN(f) (f->datalen - 2)
113
114 #define PN533_CMD_GET_FIRMWARE_VERSION 0x02
115 #define PN533_CMD_RF_CONFIGURATION 0x32
116 #define PN533_CMD_IN_DATA_EXCHANGE 0x40
117 #define PN533_CMD_IN_COMM_THRU     0x42
118 #define PN533_CMD_IN_LIST_PASSIVE_TARGET 0x4A
119 #define PN533_CMD_IN_ATR 0x50
120 #define PN533_CMD_IN_RELEASE 0x52
121 #define PN533_CMD_IN_JUMP_FOR_DEP 0x56
122
123 #define PN533_CMD_TG_INIT_AS_TARGET 0x8c
124 #define PN533_CMD_TG_GET_DATA 0x86
125 #define PN533_CMD_TG_SET_DATA 0x8e
126 #define PN533_CMD_UNDEF 0xff
127
128 #define PN533_CMD_RESPONSE(cmd) (cmd + 1)
129
130 /* PN533 Return codes */
131 #define PN533_CMD_RET_MASK 0x3F
132 #define PN533_CMD_MI_MASK 0x40
133 #define PN533_CMD_RET_SUCCESS 0x00
134
135 struct pn533;
136
137 typedef int (*pn533_cmd_complete_t) (struct pn533 *dev, void *arg,
138                                         u8 *params, int params_len);
139
140 typedef int (*pn533_send_async_complete_t) (struct pn533 *dev, void *arg,
141                                         struct sk_buff *resp);
142
143 /* structs for pn533 commands */
144
145 /* PN533_CMD_GET_FIRMWARE_VERSION */
146 struct pn533_fw_version {
147         u8 ic;
148         u8 ver;
149         u8 rev;
150         u8 support;
151 };
152
153 /* PN533_CMD_RF_CONFIGURATION */
154 #define PN533_CFGITEM_TIMING 0x02
155 #define PN533_CFGITEM_MAX_RETRIES 0x05
156 #define PN533_CFGITEM_PASORI 0x82
157
158 #define PN533_CONFIG_TIMING_102 0xb
159 #define PN533_CONFIG_TIMING_204 0xc
160 #define PN533_CONFIG_TIMING_409 0xd
161 #define PN533_CONFIG_TIMING_819 0xe
162
163 #define PN533_CONFIG_MAX_RETRIES_NO_RETRY 0x00
164 #define PN533_CONFIG_MAX_RETRIES_ENDLESS 0xFF
165
166 struct pn533_config_max_retries {
167         u8 mx_rty_atr;
168         u8 mx_rty_psl;
169         u8 mx_rty_passive_act;
170 } __packed;
171
172 struct pn533_config_timing {
173         u8 rfu;
174         u8 atr_res_timeout;
175         u8 dep_timeout;
176 } __packed;
177
178 /* PN533_CMD_IN_LIST_PASSIVE_TARGET */
179
180 /* felica commands opcode */
181 #define PN533_FELICA_OPC_SENSF_REQ 0
182 #define PN533_FELICA_OPC_SENSF_RES 1
183 /* felica SENSF_REQ parameters */
184 #define PN533_FELICA_SENSF_SC_ALL 0xFFFF
185 #define PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE 0
186 #define PN533_FELICA_SENSF_RC_SYSTEM_CODE 1
187 #define PN533_FELICA_SENSF_RC_ADVANCED_PROTOCOL 2
188
189 /* type B initiator_data values */
190 #define PN533_TYPE_B_AFI_ALL_FAMILIES 0
191 #define PN533_TYPE_B_POLL_METHOD_TIMESLOT 0
192 #define PN533_TYPE_B_POLL_METHOD_PROBABILISTIC 1
193
194 union pn533_cmd_poll_initdata {
195         struct {
196                 u8 afi;
197                 u8 polling_method;
198         } __packed type_b;
199         struct {
200                 u8 opcode;
201                 __be16 sc;
202                 u8 rc;
203                 u8 tsn;
204         } __packed felica;
205 };
206
207 /* Poll modulations */
208 enum {
209         PN533_POLL_MOD_106KBPS_A,
210         PN533_POLL_MOD_212KBPS_FELICA,
211         PN533_POLL_MOD_424KBPS_FELICA,
212         PN533_POLL_MOD_106KBPS_JEWEL,
213         PN533_POLL_MOD_847KBPS_B,
214         PN533_LISTEN_MOD,
215
216         __PN533_POLL_MOD_AFTER_LAST,
217 };
218 #define PN533_POLL_MOD_MAX (__PN533_POLL_MOD_AFTER_LAST - 1)
219
220 struct pn533_poll_modulations {
221         struct {
222                 u8 maxtg;
223                 u8 brty;
224                 union pn533_cmd_poll_initdata initiator_data;
225         } __packed data;
226         u8 len;
227 };
228
229 const struct pn533_poll_modulations poll_mod[] = {
230         [PN533_POLL_MOD_106KBPS_A] = {
231                 .data = {
232                         .maxtg = 1,
233                         .brty = 0,
234                 },
235                 .len = 2,
236         },
237         [PN533_POLL_MOD_212KBPS_FELICA] = {
238                 .data = {
239                         .maxtg = 1,
240                         .brty = 1,
241                         .initiator_data.felica = {
242                                 .opcode = PN533_FELICA_OPC_SENSF_REQ,
243                                 .sc = PN533_FELICA_SENSF_SC_ALL,
244                                 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
245                                 .tsn = 0,
246                         },
247                 },
248                 .len = 7,
249         },
250         [PN533_POLL_MOD_424KBPS_FELICA] = {
251                 .data = {
252                         .maxtg = 1,
253                         .brty = 2,
254                         .initiator_data.felica = {
255                                 .opcode = PN533_FELICA_OPC_SENSF_REQ,
256                                 .sc = PN533_FELICA_SENSF_SC_ALL,
257                                 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
258                                 .tsn = 0,
259                         },
260                  },
261                 .len = 7,
262         },
263         [PN533_POLL_MOD_106KBPS_JEWEL] = {
264                 .data = {
265                         .maxtg = 1,
266                         .brty = 4,
267                 },
268                 .len = 2,
269         },
270         [PN533_POLL_MOD_847KBPS_B] = {
271                 .data = {
272                         .maxtg = 1,
273                         .brty = 8,
274                         .initiator_data.type_b = {
275                                 .afi = PN533_TYPE_B_AFI_ALL_FAMILIES,
276                                 .polling_method =
277                                         PN533_TYPE_B_POLL_METHOD_TIMESLOT,
278                         },
279                 },
280                 .len = 3,
281         },
282         [PN533_LISTEN_MOD] = {
283                 .len = 0,
284         },
285 };
286
287 /* PN533_CMD_IN_ATR */
288
289 struct pn533_cmd_activate_response {
290         u8 status;
291         u8 nfcid3t[10];
292         u8 didt;
293         u8 bst;
294         u8 brt;
295         u8 to;
296         u8 ppt;
297         /* optional */
298         u8 gt[];
299 } __packed;
300
301 struct pn533_cmd_jump_dep_response {
302         u8 status;
303         u8 tg;
304         u8 nfcid3t[10];
305         u8 didt;
306         u8 bst;
307         u8 brt;
308         u8 to;
309         u8 ppt;
310         /* optional */
311         u8 gt[];
312 } __packed;
313
314
315 /* PN533_TG_INIT_AS_TARGET */
316 #define PN533_INIT_TARGET_PASSIVE 0x1
317 #define PN533_INIT_TARGET_DEP 0x2
318
319 #define PN533_INIT_TARGET_RESP_FRAME_MASK 0x3
320 #define PN533_INIT_TARGET_RESP_ACTIVE     0x1
321 #define PN533_INIT_TARGET_RESP_DEP        0x4
322
323 struct pn533_cmd_init_target {
324         u8 mode;
325         u8 mifare[6];
326         u8 felica[18];
327         u8 nfcid3[10];
328         u8 gb_len;
329         u8 gb[];
330 } __packed;
331
332 struct pn533_cmd_init_target_response {
333         u8 mode;
334         u8 cmd[];
335 } __packed;
336
337 struct pn533 {
338         struct usb_device *udev;
339         struct usb_interface *interface;
340         struct nfc_dev *nfc_dev;
341
342         struct urb *out_urb;
343         struct pn533_frame *out_frame;
344
345         struct urb *in_urb;
346         struct pn533_frame *in_frame;
347
348         struct sk_buff_head resp_q;
349
350         struct workqueue_struct *wq;
351         struct work_struct cmd_work;
352         struct work_struct cmd_complete_work;
353         struct work_struct poll_work;
354         struct work_struct mi_work;
355         struct work_struct tg_work;
356         struct timer_list listen_timer;
357         struct pn533_frame *wq_in_frame;
358         int wq_in_error;
359         int cancel_listen;
360
361         pn533_cmd_complete_t cmd_complete;
362         void *cmd_complete_arg;
363         void *cmd_complete_mi_arg;
364         struct mutex cmd_lock;
365         u8 cmd;
366
367         struct pn533_poll_modulations *poll_mod_active[PN533_POLL_MOD_MAX + 1];
368         u8 poll_mod_count;
369         u8 poll_mod_curr;
370         u32 poll_protocols;
371         u32 listen_protocols;
372
373         u8 *gb;
374         size_t gb_len;
375
376         u8 tgt_available_prots;
377         u8 tgt_active_prot;
378         u8 tgt_mode;
379
380         u32 device_type;
381
382         struct list_head cmd_queue;
383         u8 cmd_pending;
384 };
385
386 struct pn533_cmd {
387         struct list_head queue;
388         struct pn533_frame *out_frame;
389         struct pn533_frame *in_frame;
390         int in_frame_len;
391         u8 cmd_code;
392         struct sk_buff *req;
393         struct sk_buff *resp;
394         pn533_cmd_complete_t cmd_complete;
395         void *arg;
396 };
397
398 struct pn533_frame {
399         u8 preamble;
400         __be16 start_frame;
401         u8 datalen;
402         u8 datalen_checksum;
403         u8 data[];
404 } __packed;
405
406 /* The rule: value + checksum = 0 */
407 static inline u8 pn533_checksum(u8 value)
408 {
409         return ~value + 1;
410 }
411
412 /* The rule: sum(data elements) + checksum = 0 */
413 static u8 pn533_data_checksum(u8 *data, int datalen)
414 {
415         u8 sum = 0;
416         int i;
417
418         for (i = 0; i < datalen; i++)
419                 sum += data[i];
420
421         return pn533_checksum(sum);
422 }
423
424 /**
425  * pn533_tx_frame_ack - create a ack frame
426  * @frame:      The frame to be set as ack
427  *
428  * Ack is different type of standard frame. As a standard frame, it has
429  * preamble and start_frame. However the checksum of this frame must fail,
430  * i.e. datalen + datalen_checksum must NOT be zero. When the checksum test
431  * fails and datalen = 0 and datalen_checksum = 0xFF, the frame is a ack.
432  * After datalen_checksum field, the postamble is placed.
433  */
434 static void pn533_tx_frame_ack(struct pn533_frame *frame)
435 {
436         frame->preamble = 0;
437         frame->start_frame = cpu_to_be16(PN533_SOF);
438         frame->datalen = 0;
439         frame->datalen_checksum = 0xFF;
440         /* data[0] is used as postamble */
441         frame->data[0] = 0;
442 }
443
444 static void pn533_tx_frame_init(struct pn533_frame *frame, u8 cmd)
445 {
446         frame->preamble = 0;
447         frame->start_frame = cpu_to_be16(PN533_SOF);
448         PN533_FRAME_IDENTIFIER(frame) = PN533_DIR_OUT;
449         PN533_FRAME_CMD(frame) = cmd;
450         frame->datalen = 2;
451 }
452
453 static void pn533_tx_frame_finish(struct pn533_frame *frame)
454 {
455         frame->datalen_checksum = pn533_checksum(frame->datalen);
456
457         PN533_FRAME_CHECKSUM(frame) =
458                 pn533_data_checksum(frame->data, frame->datalen);
459
460         PN533_FRAME_POSTAMBLE(frame) = 0;
461 }
462
463 static bool pn533_rx_frame_is_valid(struct pn533_frame *frame)
464 {
465         u8 checksum;
466
467         if (frame->start_frame != cpu_to_be16(PN533_SOF))
468                 return false;
469
470         checksum = pn533_checksum(frame->datalen);
471         if (checksum != frame->datalen_checksum)
472                 return false;
473
474         checksum = pn533_data_checksum(frame->data, frame->datalen);
475         if (checksum != PN533_FRAME_CHECKSUM(frame))
476                 return false;
477
478         return true;
479 }
480
481 static bool pn533_rx_frame_is_ack(struct pn533_frame *frame)
482 {
483         if (frame->start_frame != cpu_to_be16(PN533_SOF))
484                 return false;
485
486         if (frame->datalen != 0 || frame->datalen_checksum != 0xFF)
487                 return false;
488
489         return true;
490 }
491
492 static bool pn533_rx_frame_is_cmd_response(struct pn533_frame *frame, u8 cmd)
493 {
494         return (PN533_FRAME_CMD(frame) == PN533_CMD_RESPONSE(cmd));
495 }
496
497
498 static void pn533_wq_cmd_complete(struct work_struct *work)
499 {
500         struct pn533 *dev = container_of(work, struct pn533, cmd_complete_work);
501         struct pn533_frame *in_frame;
502         int rc;
503
504         in_frame = dev->wq_in_frame;
505
506         if (dev->wq_in_error)
507                 rc = dev->cmd_complete(dev, dev->cmd_complete_arg, NULL,
508                                                         dev->wq_in_error);
509         else
510                 rc = dev->cmd_complete(dev, dev->cmd_complete_arg,
511                                         PN533_FRAME_CMD_PARAMS_PTR(in_frame),
512                                         PN533_FRAME_CMD_PARAMS_LEN(in_frame));
513
514         if (rc != -EINPROGRESS)
515                 queue_work(dev->wq, &dev->cmd_work);
516 }
517
518 static void pn533_recv_response(struct urb *urb)
519 {
520         struct pn533 *dev = urb->context;
521         struct pn533_frame *in_frame;
522
523         dev->wq_in_frame = NULL;
524
525         switch (urb->status) {
526         case 0:
527                 /* success */
528                 break;
529         case -ECONNRESET:
530         case -ENOENT:
531         case -ESHUTDOWN:
532                 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
533                                                 " status: %d", urb->status);
534                 dev->wq_in_error = urb->status;
535                 goto sched_wq;
536         default:
537                 nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
538                                                         " %d", urb->status);
539                 dev->wq_in_error = urb->status;
540                 goto sched_wq;
541         }
542
543         in_frame = dev->in_urb->transfer_buffer;
544
545         if (!pn533_rx_frame_is_valid(in_frame)) {
546                 nfc_dev_err(&dev->interface->dev, "Received an invalid frame");
547                 dev->wq_in_error = -EIO;
548                 goto sched_wq;
549         }
550
551         if (!pn533_rx_frame_is_cmd_response(in_frame, dev->cmd)) {
552                 nfc_dev_err(&dev->interface->dev, "The received frame is not "
553                                                 "response to the last command");
554                 dev->wq_in_error = -EIO;
555                 goto sched_wq;
556         }
557
558         nfc_dev_dbg(&dev->interface->dev, "Received a valid frame");
559         dev->wq_in_error = 0;
560         dev->wq_in_frame = in_frame;
561
562 sched_wq:
563         queue_work(dev->wq, &dev->cmd_complete_work);
564 }
565
566 static int pn533_submit_urb_for_response(struct pn533 *dev, gfp_t flags)
567 {
568         dev->in_urb->complete = pn533_recv_response;
569
570         return usb_submit_urb(dev->in_urb, flags);
571 }
572
573 static void pn533_recv_ack(struct urb *urb)
574 {
575         struct pn533 *dev = urb->context;
576         struct pn533_frame *in_frame;
577         int rc;
578
579         switch (urb->status) {
580         case 0:
581                 /* success */
582                 break;
583         case -ECONNRESET:
584         case -ENOENT:
585         case -ESHUTDOWN:
586                 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
587                                                 " status: %d", urb->status);
588                 dev->wq_in_error = urb->status;
589                 goto sched_wq;
590         default:
591                 nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
592                                                         " %d", urb->status);
593                 dev->wq_in_error = urb->status;
594                 goto sched_wq;
595         }
596
597         in_frame = dev->in_urb->transfer_buffer;
598
599         if (!pn533_rx_frame_is_ack(in_frame)) {
600                 nfc_dev_err(&dev->interface->dev, "Received an invalid ack");
601                 dev->wq_in_error = -EIO;
602                 goto sched_wq;
603         }
604
605         nfc_dev_dbg(&dev->interface->dev, "Received a valid ack");
606
607         rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
608         if (rc) {
609                 nfc_dev_err(&dev->interface->dev, "usb_submit_urb failed with"
610                                                         " result %d", rc);
611                 dev->wq_in_error = rc;
612                 goto sched_wq;
613         }
614
615         return;
616
617 sched_wq:
618         dev->wq_in_frame = NULL;
619         queue_work(dev->wq, &dev->cmd_complete_work);
620 }
621
622 static int pn533_submit_urb_for_ack(struct pn533 *dev, gfp_t flags)
623 {
624         dev->in_urb->complete = pn533_recv_ack;
625
626         return usb_submit_urb(dev->in_urb, flags);
627 }
628
629 static int pn533_send_ack(struct pn533 *dev, gfp_t flags)
630 {
631         int rc;
632
633         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
634
635         pn533_tx_frame_ack(dev->out_frame);
636
637         dev->out_urb->transfer_buffer = dev->out_frame;
638         dev->out_urb->transfer_buffer_length = PN533_FRAME_ACK_SIZE;
639         rc = usb_submit_urb(dev->out_urb, flags);
640
641         return rc;
642 }
643
644 static int __pn533_send_cmd_frame_async(struct pn533 *dev,
645                                         struct pn533_frame *out_frame,
646                                         struct pn533_frame *in_frame,
647                                         int in_frame_len,
648                                         pn533_cmd_complete_t cmd_complete,
649                                         void *arg)
650 {
651         int rc;
652
653         nfc_dev_dbg(&dev->interface->dev, "Sending command 0x%x",
654                                                 PN533_FRAME_CMD(out_frame));
655
656         dev->cmd = PN533_FRAME_CMD(out_frame);
657         dev->cmd_complete = cmd_complete;
658         dev->cmd_complete_arg = arg;
659
660         dev->out_urb->transfer_buffer = out_frame;
661         dev->out_urb->transfer_buffer_length =
662                                 PN533_FRAME_SIZE(out_frame);
663
664         dev->in_urb->transfer_buffer = in_frame;
665         dev->in_urb->transfer_buffer_length = in_frame_len;
666
667         rc = usb_submit_urb(dev->out_urb, GFP_KERNEL);
668         if (rc)
669                 return rc;
670
671         rc = pn533_submit_urb_for_ack(dev, GFP_KERNEL);
672         if (rc)
673                 goto error;
674
675         return 0;
676
677 error:
678         usb_unlink_urb(dev->out_urb);
679         return rc;
680 }
681
682 static void pn533_build_cmd_frame(u8 cmd_code, struct sk_buff *skb)
683 {
684         struct pn533_frame *frame;
685         /* payload is already there, just update datalen */
686         int payload_len = skb->len;
687
688         skb_push(skb, PN533_FRAME_HEADER_LEN);
689         skb_put(skb, PN533_FRAME_TAIL_LEN);
690
691         frame = (struct pn533_frame *)skb->data;
692
693         pn533_tx_frame_init(frame, cmd_code);
694         frame->datalen += payload_len;
695         pn533_tx_frame_finish(frame);
696 }
697
698 struct pn533_send_async_complete_arg {
699         pn533_send_async_complete_t  complete_cb;
700         void *complete_cb_context;
701         struct sk_buff *resp;
702         struct sk_buff *req;
703 };
704
705 static int pn533_send_async_complete(struct pn533 *dev, void *_arg, u8 *params,
706                                      int params_len)
707 {
708         struct pn533_send_async_complete_arg *arg = _arg;
709
710         struct sk_buff *req = arg->req;
711         struct sk_buff *resp = arg->resp;
712
713         struct pn533_frame *frame = (struct pn533_frame *)resp->data;
714         int rc;
715
716         dev_kfree_skb(req);
717
718         if (params_len < 0) {
719                 nfc_dev_err(&dev->interface->dev,
720                             "Error %d when starting as a target",
721                             params_len);
722
723                 arg->complete_cb(dev, arg->complete_cb_context,
724                                  ERR_PTR(params_len));
725                 rc = params_len;
726                 dev_kfree_skb(resp);
727                 goto out;
728         }
729
730         skb_put(resp, PN533_FRAME_SIZE(frame));
731         skb_pull(resp, PN533_FRAME_HEADER_LEN);
732         skb_trim(resp, resp->len - PN533_FRAME_TAIL_LEN);
733
734         rc = arg->complete_cb(dev, arg->complete_cb_context, resp);
735
736 out:
737         kfree(arg);
738         return rc;
739 }
740
741 static int __pn533_send_async(struct pn533 *dev, u8 cmd_code,
742                               struct sk_buff *req, struct sk_buff *resp,
743                               int resp_len,
744                               pn533_send_async_complete_t complete_cb,
745                               void *complete_cb_context)
746 {
747         struct pn533_cmd *cmd;
748         struct pn533_send_async_complete_arg *arg;
749         int rc = 0;
750
751         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
752
753         arg = kzalloc(sizeof(arg), GFP_KERNEL);
754         if (!arg)
755                 return -ENOMEM;
756
757         arg->complete_cb = complete_cb;
758         arg->complete_cb_context = complete_cb_context;
759         arg->resp = resp;
760         arg->req = req;
761
762         pn533_build_cmd_frame(cmd_code, req);
763
764         mutex_lock(&dev->cmd_lock);
765
766         if (!dev->cmd_pending) {
767                 rc = __pn533_send_cmd_frame_async(dev,
768                                                   (struct pn533_frame *)req->data,
769                                                   (struct pn533_frame *)resp->data,
770                                                   resp_len, pn533_send_async_complete,
771                                                   arg);
772                 if (rc)
773                         goto error;
774
775                 dev->cmd_pending = 1;
776                 goto unlock;
777         }
778
779         nfc_dev_dbg(&dev->interface->dev, "%s Queueing command", __func__);
780
781         cmd = kzalloc(sizeof(struct pn533_cmd), GFP_KERNEL);
782         if (!cmd) {
783                 rc = -ENOMEM;
784                 goto error;
785         }
786
787         INIT_LIST_HEAD(&cmd->queue);
788         cmd->cmd_code = cmd_code;
789         cmd->req = req;
790         cmd->resp = resp;
791         cmd->arg = arg;
792
793         list_add_tail(&cmd->queue, &dev->cmd_queue);
794
795         goto unlock;
796
797 error:
798         kfree(arg);
799 unlock:
800         mutex_unlock(&dev->cmd_lock);
801         return rc;
802 }
803
804 static int pn533_send_data_async(struct pn533 *dev, u8 cmd_code,
805                                  struct sk_buff *req,
806                                  pn533_send_async_complete_t complete_cb,
807                                  void *complete_cb_context)
808 {
809         struct sk_buff *resp;
810         int rc;
811         int  resp_len = PN533_FRAME_HEADER_LEN +
812                         PN533_FRAME_MAX_PAYLOAD_LEN +
813                         PN533_FRAME_TAIL_LEN;
814
815         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
816
817         resp = nfc_alloc_recv_skb(resp_len, GFP_KERNEL);
818         if (!resp)
819                 return -ENOMEM;
820
821         rc = __pn533_send_async(dev, cmd_code, req, resp, resp_len, complete_cb,
822                                 complete_cb_context);
823         if (rc)
824                 dev_kfree_skb(resp);
825
826         return rc;
827 }
828
829 static int pn533_send_cmd_async(struct pn533 *dev, u8 cmd_code,
830                                 struct sk_buff *req,
831                                 pn533_send_async_complete_t complete_cb,
832                                 void *complete_cb_context)
833 {
834         struct sk_buff *resp;
835         int rc;
836
837         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
838
839         resp = alloc_skb(PN533_NORMAL_FRAME_MAX_LEN, GFP_KERNEL);
840         if (!resp)
841                 return -ENOMEM;
842
843         rc = __pn533_send_async(dev, cmd_code, req, resp,
844                                 PN533_NORMAL_FRAME_MAX_LEN,
845                                 complete_cb, complete_cb_context);
846         if (rc)
847                 dev_kfree_skb(resp);
848
849         return rc;
850 }
851
852 /*
853  * pn533_send_cmd_direct_async
854  *
855  * The function sends a piority cmd directly to the chip omiting the cmd
856  * queue. It's intended to be used by chaining mechanism of received responses
857  * where the host has to request every single chunk of data before scheduling
858  * next cmd from the queue.
859  */
860 static int pn533_send_cmd_direct_async(struct pn533 *dev, u8 cmd_code,
861                                        struct sk_buff *req,
862                                        pn533_send_async_complete_t complete_cb,
863                                        void *complete_cb_context)
864 {
865         struct pn533_send_async_complete_arg *arg;
866         struct sk_buff *resp;
867         int rc;
868         int resp_len = PN533_FRAME_HEADER_LEN +
869                        PN533_FRAME_MAX_PAYLOAD_LEN +
870                        PN533_FRAME_TAIL_LEN;
871
872         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
873
874         resp = alloc_skb(resp_len, GFP_KERNEL);
875         if (!resp)
876                 return -ENOMEM;
877
878         arg = kzalloc(sizeof(arg), GFP_KERNEL);
879         if (!arg) {
880                 dev_kfree_skb(resp);
881                 return -ENOMEM;
882         }
883
884         arg->complete_cb = complete_cb;
885         arg->complete_cb_context = complete_cb_context;
886         arg->resp = resp;
887         arg->req = req;
888
889         pn533_build_cmd_frame(cmd_code, req);
890
891         rc = __pn533_send_cmd_frame_async(dev, (struct pn533_frame *)req->data,
892                                           (struct pn533_frame *)resp->data,
893                                           resp_len, pn533_send_async_complete,
894                                           arg);
895         if (rc < 0) {
896                 dev_kfree_skb(resp);
897                 kfree(arg);
898         }
899
900         return rc;
901 }
902
903 static void pn533_wq_cmd(struct work_struct *work)
904 {
905         struct pn533 *dev = container_of(work, struct pn533, cmd_work);
906         struct pn533_cmd *cmd;
907
908         mutex_lock(&dev->cmd_lock);
909
910         if (list_empty(&dev->cmd_queue)) {
911                 dev->cmd_pending = 0;
912                 mutex_unlock(&dev->cmd_lock);
913                 return;
914         }
915
916         cmd = list_first_entry(&dev->cmd_queue, struct pn533_cmd, queue);
917
918         list_del(&cmd->queue);
919
920         mutex_unlock(&dev->cmd_lock);
921
922         if (cmd->cmd_code != PN533_CMD_UNDEF)
923                 __pn533_send_cmd_frame_async(dev,
924                                              (struct pn533_frame *)cmd->req->data,
925                                              (struct pn533_frame *)cmd->resp->data,
926                                              PN533_NORMAL_FRAME_MAX_LEN,
927                                              pn533_send_async_complete,
928                                              cmd->arg);
929         else
930                 __pn533_send_cmd_frame_async(dev, cmd->out_frame, cmd->in_frame,
931                                              cmd->in_frame_len,
932                                              cmd->cmd_complete, cmd->arg);
933
934         kfree(cmd);
935 }
936
937 static int pn533_send_cmd_frame_async(struct pn533 *dev,
938                                         struct pn533_frame *out_frame,
939                                         struct pn533_frame *in_frame,
940                                         int in_frame_len,
941                                         pn533_cmd_complete_t cmd_complete,
942                                         void *arg)
943 {
944         struct pn533_cmd *cmd;
945         int rc = 0;
946
947         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
948
949         mutex_lock(&dev->cmd_lock);
950
951         if (!dev->cmd_pending) {
952                 rc = __pn533_send_cmd_frame_async(dev, out_frame, in_frame,
953                                                   in_frame_len, cmd_complete,
954                                                   arg);
955                 if (!rc)
956                         dev->cmd_pending = 1;
957
958                 goto unlock;
959         }
960
961         nfc_dev_dbg(&dev->interface->dev, "%s Queueing command", __func__);
962
963         cmd = kzalloc(sizeof(struct pn533_cmd), GFP_KERNEL);
964         if (!cmd) {
965                 rc = -ENOMEM;
966                 goto unlock;
967         }
968
969         INIT_LIST_HEAD(&cmd->queue);
970         cmd->out_frame = out_frame;
971         cmd->in_frame = in_frame;
972         cmd->in_frame_len = in_frame_len;
973         cmd->cmd_code = PN533_CMD_UNDEF;
974         cmd->cmd_complete = cmd_complete;
975         cmd->arg = arg;
976
977         list_add_tail(&cmd->queue, &dev->cmd_queue);
978
979 unlock:
980         mutex_unlock(&dev->cmd_lock);
981
982         return rc;
983 }
984
985 struct pn533_sync_cmd_response {
986         struct sk_buff *resp;
987         struct completion done;
988 };
989
990 static int pn533_send_sync_complete(struct pn533 *dev, void *_arg,
991                                     struct sk_buff *resp)
992 {
993         struct pn533_sync_cmd_response *arg = _arg;
994
995         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
996
997         arg->resp = resp;
998         complete(&arg->done);
999
1000         return 0;
1001 }
1002
1003 /*  pn533_send_cmd_sync
1004  *
1005  *  Please note the req parameter is freed inside the function to
1006  *  limit a number of return value interpretations by the caller.
1007  *
1008  *  1. negative in case of error during TX path -> req should be freed
1009  *
1010  *  2. negative in case of error during RX path -> req should not be freed
1011  *     as it's been already freed at the begining of RX path by
1012  *     async_complete_cb.
1013  *
1014  *  3. valid pointer in case of succesfult RX path
1015  *
1016  *  A caller has to check a return value with IS_ERR macro. If the test pass,
1017  *  the returned pointer is valid.
1018  *
1019  * */
1020 static struct sk_buff *pn533_send_cmd_sync(struct pn533 *dev, u8 cmd_code,
1021                                                struct sk_buff *req)
1022 {
1023         int rc;
1024         struct pn533_sync_cmd_response arg;
1025
1026         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1027
1028         init_completion(&arg.done);
1029
1030         rc = pn533_send_cmd_async(dev, cmd_code, req,
1031                                   pn533_send_sync_complete, &arg);
1032         if (rc) {
1033                 dev_kfree_skb(req);
1034                 return ERR_PTR(rc);
1035         }
1036
1037         wait_for_completion(&arg.done);
1038
1039         return arg.resp;
1040 }
1041
1042 static void pn533_send_complete(struct urb *urb)
1043 {
1044         struct pn533 *dev = urb->context;
1045
1046         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1047
1048         switch (urb->status) {
1049         case 0:
1050                 /* success */
1051                 break;
1052         case -ECONNRESET:
1053         case -ENOENT:
1054         case -ESHUTDOWN:
1055                 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
1056                                                 " status: %d", urb->status);
1057                 break;
1058         default:
1059                 nfc_dev_dbg(&dev->interface->dev, "Nonzero urb status received:"
1060                                                         " %d", urb->status);
1061         }
1062 }
1063
1064 static struct sk_buff *pn533_alloc_skb(unsigned int size)
1065 {
1066         struct sk_buff *skb;
1067
1068         skb = alloc_skb(PN533_FRAME_HEADER_LEN +
1069                         size +
1070                         PN533_FRAME_TAIL_LEN, GFP_KERNEL);
1071
1072         if (skb)
1073                 skb_reserve(skb, PN533_FRAME_HEADER_LEN);
1074
1075         return skb;
1076 }
1077
1078 struct pn533_target_type_a {
1079         __be16 sens_res;
1080         u8 sel_res;
1081         u8 nfcid_len;
1082         u8 nfcid_data[];
1083 } __packed;
1084
1085
1086 #define PN533_TYPE_A_SENS_RES_NFCID1(x) ((u8)((be16_to_cpu(x) & 0x00C0) >> 6))
1087 #define PN533_TYPE_A_SENS_RES_SSD(x) ((u8)((be16_to_cpu(x) & 0x001F) >> 0))
1088 #define PN533_TYPE_A_SENS_RES_PLATCONF(x) ((u8)((be16_to_cpu(x) & 0x0F00) >> 8))
1089
1090 #define PN533_TYPE_A_SENS_RES_SSD_JEWEL 0x00
1091 #define PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL 0x0C
1092
1093 #define PN533_TYPE_A_SEL_PROT(x) (((x) & 0x60) >> 5)
1094 #define PN533_TYPE_A_SEL_CASCADE(x) (((x) & 0x04) >> 2)
1095
1096 #define PN533_TYPE_A_SEL_PROT_MIFARE 0
1097 #define PN533_TYPE_A_SEL_PROT_ISO14443 1
1098 #define PN533_TYPE_A_SEL_PROT_DEP 2
1099 #define PN533_TYPE_A_SEL_PROT_ISO14443_DEP 3
1100
1101 static bool pn533_target_type_a_is_valid(struct pn533_target_type_a *type_a,
1102                                                         int target_data_len)
1103 {
1104         u8 ssd;
1105         u8 platconf;
1106
1107         if (target_data_len < sizeof(struct pn533_target_type_a))
1108                 return false;
1109
1110         /* The lenght check of nfcid[] and ats[] are not being performed because
1111            the values are not being used */
1112
1113         /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
1114         ssd = PN533_TYPE_A_SENS_RES_SSD(type_a->sens_res);
1115         platconf = PN533_TYPE_A_SENS_RES_PLATCONF(type_a->sens_res);
1116
1117         if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1118                         platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
1119                         (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1120                         platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
1121                 return false;
1122
1123         /* Requirements 4.8.2.1, 4.8.2.3, 4.8.2.5 and 4.8.2.7 from NFC Forum */
1124         if (PN533_TYPE_A_SEL_CASCADE(type_a->sel_res) != 0)
1125                 return false;
1126
1127         return true;
1128 }
1129
1130 static int pn533_target_found_type_a(struct nfc_target *nfc_tgt, u8 *tgt_data,
1131                                                         int tgt_data_len)
1132 {
1133         struct pn533_target_type_a *tgt_type_a;
1134
1135         tgt_type_a = (struct pn533_target_type_a *) tgt_data;
1136
1137         if (!pn533_target_type_a_is_valid(tgt_type_a, tgt_data_len))
1138                 return -EPROTO;
1139
1140         switch (PN533_TYPE_A_SEL_PROT(tgt_type_a->sel_res)) {
1141         case PN533_TYPE_A_SEL_PROT_MIFARE:
1142                 nfc_tgt->supported_protocols = NFC_PROTO_MIFARE_MASK;
1143                 break;
1144         case PN533_TYPE_A_SEL_PROT_ISO14443:
1145                 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK;
1146                 break;
1147         case PN533_TYPE_A_SEL_PROT_DEP:
1148                 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1149                 break;
1150         case PN533_TYPE_A_SEL_PROT_ISO14443_DEP:
1151                 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK |
1152                                                         NFC_PROTO_NFC_DEP_MASK;
1153                 break;
1154         }
1155
1156         nfc_tgt->sens_res = be16_to_cpu(tgt_type_a->sens_res);
1157         nfc_tgt->sel_res = tgt_type_a->sel_res;
1158         nfc_tgt->nfcid1_len = tgt_type_a->nfcid_len;
1159         memcpy(nfc_tgt->nfcid1, tgt_type_a->nfcid_data, nfc_tgt->nfcid1_len);
1160
1161         return 0;
1162 }
1163
1164 struct pn533_target_felica {
1165         u8 pol_res;
1166         u8 opcode;
1167         u8 nfcid2[8];
1168         u8 pad[8];
1169         /* optional */
1170         u8 syst_code[];
1171 } __packed;
1172
1173 #define PN533_FELICA_SENSF_NFCID2_DEP_B1 0x01
1174 #define PN533_FELICA_SENSF_NFCID2_DEP_B2 0xFE
1175
1176 static bool pn533_target_felica_is_valid(struct pn533_target_felica *felica,
1177                                                         int target_data_len)
1178 {
1179         if (target_data_len < sizeof(struct pn533_target_felica))
1180                 return false;
1181
1182         if (felica->opcode != PN533_FELICA_OPC_SENSF_RES)
1183                 return false;
1184
1185         return true;
1186 }
1187
1188 static int pn533_target_found_felica(struct nfc_target *nfc_tgt, u8 *tgt_data,
1189                                                         int tgt_data_len)
1190 {
1191         struct pn533_target_felica *tgt_felica;
1192
1193         tgt_felica = (struct pn533_target_felica *) tgt_data;
1194
1195         if (!pn533_target_felica_is_valid(tgt_felica, tgt_data_len))
1196                 return -EPROTO;
1197
1198         if (tgt_felica->nfcid2[0] == PN533_FELICA_SENSF_NFCID2_DEP_B1 &&
1199                                         tgt_felica->nfcid2[1] ==
1200                                         PN533_FELICA_SENSF_NFCID2_DEP_B2)
1201                 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1202         else
1203                 nfc_tgt->supported_protocols = NFC_PROTO_FELICA_MASK;
1204
1205         memcpy(nfc_tgt->sensf_res, &tgt_felica->opcode, 9);
1206         nfc_tgt->sensf_res_len = 9;
1207
1208         return 0;
1209 }
1210
1211 struct pn533_target_jewel {
1212         __be16 sens_res;
1213         u8 jewelid[4];
1214 } __packed;
1215
1216 static bool pn533_target_jewel_is_valid(struct pn533_target_jewel *jewel,
1217                                                         int target_data_len)
1218 {
1219         u8 ssd;
1220         u8 platconf;
1221
1222         if (target_data_len < sizeof(struct pn533_target_jewel))
1223                 return false;
1224
1225         /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
1226         ssd = PN533_TYPE_A_SENS_RES_SSD(jewel->sens_res);
1227         platconf = PN533_TYPE_A_SENS_RES_PLATCONF(jewel->sens_res);
1228
1229         if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1230                         platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
1231                         (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1232                         platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
1233                 return false;
1234
1235         return true;
1236 }
1237
1238 static int pn533_target_found_jewel(struct nfc_target *nfc_tgt, u8 *tgt_data,
1239                                                         int tgt_data_len)
1240 {
1241         struct pn533_target_jewel *tgt_jewel;
1242
1243         tgt_jewel = (struct pn533_target_jewel *) tgt_data;
1244
1245         if (!pn533_target_jewel_is_valid(tgt_jewel, tgt_data_len))
1246                 return -EPROTO;
1247
1248         nfc_tgt->supported_protocols = NFC_PROTO_JEWEL_MASK;
1249         nfc_tgt->sens_res = be16_to_cpu(tgt_jewel->sens_res);
1250         nfc_tgt->nfcid1_len = 4;
1251         memcpy(nfc_tgt->nfcid1, tgt_jewel->jewelid, nfc_tgt->nfcid1_len);
1252
1253         return 0;
1254 }
1255
1256 struct pn533_type_b_prot_info {
1257         u8 bitrate;
1258         u8 fsci_type;
1259         u8 fwi_adc_fo;
1260 } __packed;
1261
1262 #define PN533_TYPE_B_PROT_FCSI(x) (((x) & 0xF0) >> 4)
1263 #define PN533_TYPE_B_PROT_TYPE(x) (((x) & 0x0F) >> 0)
1264 #define PN533_TYPE_B_PROT_TYPE_RFU_MASK 0x8
1265
1266 struct pn533_type_b_sens_res {
1267         u8 opcode;
1268         u8 nfcid[4];
1269         u8 appdata[4];
1270         struct pn533_type_b_prot_info prot_info;
1271 } __packed;
1272
1273 #define PN533_TYPE_B_OPC_SENSB_RES 0x50
1274
1275 struct pn533_target_type_b {
1276         struct pn533_type_b_sens_res sensb_res;
1277         u8 attrib_res_len;
1278         u8 attrib_res[];
1279 } __packed;
1280
1281 static bool pn533_target_type_b_is_valid(struct pn533_target_type_b *type_b,
1282                                                         int target_data_len)
1283 {
1284         if (target_data_len < sizeof(struct pn533_target_type_b))
1285                 return false;
1286
1287         if (type_b->sensb_res.opcode != PN533_TYPE_B_OPC_SENSB_RES)
1288                 return false;
1289
1290         if (PN533_TYPE_B_PROT_TYPE(type_b->sensb_res.prot_info.fsci_type) &
1291                                                 PN533_TYPE_B_PROT_TYPE_RFU_MASK)
1292                 return false;
1293
1294         return true;
1295 }
1296
1297 static int pn533_target_found_type_b(struct nfc_target *nfc_tgt, u8 *tgt_data,
1298                                                         int tgt_data_len)
1299 {
1300         struct pn533_target_type_b *tgt_type_b;
1301
1302         tgt_type_b = (struct pn533_target_type_b *) tgt_data;
1303
1304         if (!pn533_target_type_b_is_valid(tgt_type_b, tgt_data_len))
1305                 return -EPROTO;
1306
1307         nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_B_MASK;
1308
1309         return 0;
1310 }
1311
1312 struct pn533_poll_response {
1313         u8 nbtg;
1314         u8 tg;
1315         u8 target_data[];
1316 } __packed;
1317
1318 static int pn533_target_found(struct pn533 *dev,
1319                         struct pn533_poll_response *resp, int resp_len)
1320 {
1321         int target_data_len;
1322         struct nfc_target nfc_tgt;
1323         int rc;
1324
1325         nfc_dev_dbg(&dev->interface->dev, "%s - modulation=%d", __func__,
1326                                                         dev->poll_mod_curr);
1327
1328         if (resp->tg != 1)
1329                 return -EPROTO;
1330
1331         memset(&nfc_tgt, 0, sizeof(struct nfc_target));
1332
1333         target_data_len = resp_len - sizeof(struct pn533_poll_response);
1334
1335         switch (dev->poll_mod_curr) {
1336         case PN533_POLL_MOD_106KBPS_A:
1337                 rc = pn533_target_found_type_a(&nfc_tgt, resp->target_data,
1338                                                         target_data_len);
1339                 break;
1340         case PN533_POLL_MOD_212KBPS_FELICA:
1341         case PN533_POLL_MOD_424KBPS_FELICA:
1342                 rc = pn533_target_found_felica(&nfc_tgt, resp->target_data,
1343                                                         target_data_len);
1344                 break;
1345         case PN533_POLL_MOD_106KBPS_JEWEL:
1346                 rc = pn533_target_found_jewel(&nfc_tgt, resp->target_data,
1347                                                         target_data_len);
1348                 break;
1349         case PN533_POLL_MOD_847KBPS_B:
1350                 rc = pn533_target_found_type_b(&nfc_tgt, resp->target_data,
1351                                                         target_data_len);
1352                 break;
1353         default:
1354                 nfc_dev_err(&dev->interface->dev, "Unknown current poll"
1355                                                                 " modulation");
1356                 return -EPROTO;
1357         }
1358
1359         if (rc)
1360                 return rc;
1361
1362         if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) {
1363                 nfc_dev_dbg(&dev->interface->dev, "The target found does not"
1364                                                 " have the desired protocol");
1365                 return -EAGAIN;
1366         }
1367
1368         nfc_dev_dbg(&dev->interface->dev, "Target found - supported protocols: "
1369                                         "0x%x", nfc_tgt.supported_protocols);
1370
1371         dev->tgt_available_prots = nfc_tgt.supported_protocols;
1372
1373         nfc_targets_found(dev->nfc_dev, &nfc_tgt, 1);
1374
1375         return 0;
1376 }
1377
1378 static inline void pn533_poll_next_mod(struct pn533 *dev)
1379 {
1380         dev->poll_mod_curr = (dev->poll_mod_curr + 1) % dev->poll_mod_count;
1381 }
1382
1383 static void pn533_poll_reset_mod_list(struct pn533 *dev)
1384 {
1385         dev->poll_mod_count = 0;
1386 }
1387
1388 static void pn533_poll_add_mod(struct pn533 *dev, u8 mod_index)
1389 {
1390         dev->poll_mod_active[dev->poll_mod_count] =
1391                 (struct pn533_poll_modulations *) &poll_mod[mod_index];
1392         dev->poll_mod_count++;
1393 }
1394
1395 static void pn533_poll_create_mod_list(struct pn533 *dev,
1396                                        u32 im_protocols, u32 tm_protocols)
1397 {
1398         pn533_poll_reset_mod_list(dev);
1399
1400         if (im_protocols & NFC_PROTO_MIFARE_MASK
1401             || im_protocols & NFC_PROTO_ISO14443_MASK
1402             || im_protocols & NFC_PROTO_NFC_DEP_MASK)
1403                 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_A);
1404
1405         if (im_protocols & NFC_PROTO_FELICA_MASK
1406             || im_protocols & NFC_PROTO_NFC_DEP_MASK) {
1407                 pn533_poll_add_mod(dev, PN533_POLL_MOD_212KBPS_FELICA);
1408                 pn533_poll_add_mod(dev, PN533_POLL_MOD_424KBPS_FELICA);
1409         }
1410
1411         if (im_protocols & NFC_PROTO_JEWEL_MASK)
1412                 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_JEWEL);
1413
1414         if (im_protocols & NFC_PROTO_ISO14443_B_MASK)
1415                 pn533_poll_add_mod(dev, PN533_POLL_MOD_847KBPS_B);
1416
1417         if (tm_protocols)
1418                 pn533_poll_add_mod(dev, PN533_LISTEN_MOD);
1419 }
1420
1421 static int pn533_start_poll_complete(struct pn533 *dev, u8 *params, int params_len)
1422 {
1423         struct pn533_poll_response *resp;
1424         int rc;
1425
1426         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1427
1428         resp = (struct pn533_poll_response *) params;
1429         if (resp->nbtg) {
1430                 rc = pn533_target_found(dev, resp, params_len);
1431
1432                 /* We must stop the poll after a valid target found */
1433                 if (rc == 0) {
1434                         pn533_poll_reset_mod_list(dev);
1435                         return 0;
1436                 }
1437         }
1438
1439         return -EAGAIN;
1440 }
1441
1442 static int pn533_init_target_frame(struct pn533_frame *frame,
1443                                    u8 *gb, size_t gb_len)
1444 {
1445         struct pn533_cmd_init_target *cmd;
1446         size_t cmd_len;
1447         u8 felica_params[18] = {0x1, 0xfe, /* DEP */
1448                                 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, /* random */
1449                                 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
1450                                 0xff, 0xff}; /* System code */
1451         u8 mifare_params[6] = {0x1, 0x1, /* SENS_RES */
1452                                0x0, 0x0, 0x0,
1453                                0x40}; /* SEL_RES for DEP */
1454
1455         cmd_len = sizeof(struct pn533_cmd_init_target) + gb_len + 1;
1456         cmd = kzalloc(cmd_len, GFP_KERNEL);
1457         if (cmd == NULL)
1458                 return -ENOMEM;
1459
1460         pn533_tx_frame_init(frame, PN533_CMD_TG_INIT_AS_TARGET);
1461
1462         /* DEP support only */
1463         cmd->mode |= PN533_INIT_TARGET_DEP;
1464
1465         /* Felica params */
1466         memcpy(cmd->felica, felica_params, 18);
1467         get_random_bytes(cmd->felica + 2, 6);
1468
1469         /* NFCID3 */
1470         memset(cmd->nfcid3, 0, 10);
1471         memcpy(cmd->nfcid3, cmd->felica, 8);
1472
1473         /* MIFARE params */
1474         memcpy(cmd->mifare, mifare_params, 6);
1475
1476         /* General bytes */
1477         cmd->gb_len = gb_len;
1478         memcpy(cmd->gb, gb, gb_len);
1479
1480         /* Len Tk */
1481         cmd->gb[gb_len] = 0;
1482
1483         memcpy(PN533_FRAME_CMD_PARAMS_PTR(frame), cmd, cmd_len);
1484
1485         frame->datalen += cmd_len;
1486
1487         pn533_tx_frame_finish(frame);
1488
1489         kfree(cmd);
1490
1491         return 0;
1492 }
1493
1494 #define PN533_CMD_DATAEXCH_HEAD_LEN 1
1495 #define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
1496 static int pn533_tm_get_data_complete(struct pn533 *dev, void *arg,
1497                                       struct sk_buff *resp)
1498 {
1499         u8 status;
1500
1501         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1502
1503         if (IS_ERR(resp))
1504                 return PTR_ERR(resp);
1505
1506         status = resp->data[0];
1507         skb_pull(resp, sizeof(status));
1508
1509         if (status != 0) {
1510                 nfc_tm_deactivated(dev->nfc_dev);
1511                 dev->tgt_mode = 0;
1512                 dev_kfree_skb(resp);
1513                 return 0;
1514         }
1515
1516         return nfc_tm_data_received(dev->nfc_dev, resp);
1517 }
1518
1519 static void pn533_wq_tg_get_data(struct work_struct *work)
1520 {
1521         struct pn533 *dev = container_of(work, struct pn533, tg_work);
1522
1523         struct sk_buff *skb;
1524         int rc;
1525
1526         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1527
1528         skb = pn533_alloc_skb(0);
1529         if (!skb)
1530                 return;
1531
1532         rc = pn533_send_data_async(dev, PN533_CMD_TG_GET_DATA, skb,
1533                                    pn533_tm_get_data_complete, NULL);
1534
1535         if (rc < 0)
1536                 dev_kfree_skb(skb);
1537
1538         return;
1539 }
1540
1541 #define ATR_REQ_GB_OFFSET 17
1542 static int pn533_init_target_complete(struct pn533 *dev, u8 *params, int params_len)
1543 {
1544         struct pn533_cmd_init_target_response *resp;
1545         u8 frame, comm_mode = NFC_COMM_PASSIVE, *gb;
1546         size_t gb_len;
1547         int rc;
1548
1549         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1550
1551         if (params_len < 0) {
1552                 nfc_dev_err(&dev->interface->dev,
1553                             "Error %d when starting as a target",
1554                             params_len);
1555
1556                 return params_len;
1557         }
1558
1559         if (params_len < ATR_REQ_GB_OFFSET + 1)
1560                 return -EINVAL;
1561
1562         resp = (struct pn533_cmd_init_target_response *) params;
1563
1564         nfc_dev_dbg(&dev->interface->dev, "Target mode 0x%x param len %d\n",
1565                     resp->mode, params_len);
1566
1567         frame = resp->mode & PN533_INIT_TARGET_RESP_FRAME_MASK;
1568         if (frame == PN533_INIT_TARGET_RESP_ACTIVE)
1569                 comm_mode = NFC_COMM_ACTIVE;
1570
1571         /* Again, only DEP */
1572         if ((resp->mode & PN533_INIT_TARGET_RESP_DEP) == 0)
1573                 return -EOPNOTSUPP;
1574
1575         gb = resp->cmd + ATR_REQ_GB_OFFSET;
1576         gb_len = params_len - (ATR_REQ_GB_OFFSET + 1);
1577
1578         rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
1579                               comm_mode, gb, gb_len);
1580         if (rc < 0) {
1581                 nfc_dev_err(&dev->interface->dev,
1582                             "Error when signaling target activation");
1583                 return rc;
1584         }
1585
1586         dev->tgt_mode = 1;
1587
1588         queue_work(dev->wq, &dev->tg_work);
1589
1590         return 0;
1591 }
1592
1593 static void pn533_listen_mode_timer(unsigned long data)
1594 {
1595         struct pn533 *dev = (struct pn533 *) data;
1596
1597         nfc_dev_dbg(&dev->interface->dev, "Listen mode timeout");
1598
1599         /* An ack will cancel the last issued command (poll) */
1600         pn533_send_ack(dev, GFP_ATOMIC);
1601
1602         dev->cancel_listen = 1;
1603
1604         pn533_poll_next_mod(dev);
1605
1606         queue_work(dev->wq, &dev->poll_work);
1607 }
1608
1609 static int pn533_poll_complete(struct pn533 *dev, void *arg,
1610                                u8 *params, int params_len)
1611 {
1612         struct pn533_poll_modulations *cur_mod;
1613         int rc;
1614
1615         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1616
1617         if (params_len == -ENOENT) {
1618                 if (dev->poll_mod_count != 0)
1619                         return 0;
1620
1621                 nfc_dev_err(&dev->interface->dev,
1622                             "Polling operation has been stopped");
1623
1624                 goto stop_poll;
1625         }
1626
1627         if (params_len < 0) {
1628                 nfc_dev_err(&dev->interface->dev,
1629                             "Error %d when running poll", params_len);
1630
1631                 goto stop_poll;
1632         }
1633
1634         cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1635
1636         if (cur_mod->len == 0) {
1637                 del_timer(&dev->listen_timer);
1638
1639                 return pn533_init_target_complete(dev, params, params_len);
1640         } else {
1641                 rc = pn533_start_poll_complete(dev, params, params_len);
1642                 if (!rc)
1643                         return rc;
1644         }
1645
1646         pn533_poll_next_mod(dev);
1647
1648         queue_work(dev->wq, &dev->poll_work);
1649
1650         return 0;
1651
1652 stop_poll:
1653         pn533_poll_reset_mod_list(dev);
1654         dev->poll_protocols = 0;
1655         return 0;
1656 }
1657
1658 static void pn533_build_poll_frame(struct pn533 *dev,
1659                                    struct pn533_frame *frame,
1660                                    struct pn533_poll_modulations *mod)
1661 {
1662         nfc_dev_dbg(&dev->interface->dev, "mod len %d\n", mod->len);
1663
1664         if (mod->len == 0) {
1665                 /* Listen mode */
1666                 pn533_init_target_frame(frame, dev->gb, dev->gb_len);
1667         } else {
1668                 /* Polling mode */
1669                 pn533_tx_frame_init(frame, PN533_CMD_IN_LIST_PASSIVE_TARGET);
1670
1671                 memcpy(PN533_FRAME_CMD_PARAMS_PTR(frame), &mod->data, mod->len);
1672                 frame->datalen += mod->len;
1673
1674                 pn533_tx_frame_finish(frame);
1675         }
1676 }
1677
1678 static int pn533_send_poll_frame(struct pn533 *dev)
1679 {
1680         struct pn533_poll_modulations *cur_mod;
1681         int rc;
1682
1683         cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1684
1685         pn533_build_poll_frame(dev, dev->out_frame, cur_mod);
1686
1687         rc = pn533_send_cmd_frame_async(dev, dev->out_frame, dev->in_frame,
1688                                         PN533_NORMAL_FRAME_MAX_LEN,
1689                                         pn533_poll_complete,
1690                                         NULL);
1691         if (rc)
1692                 nfc_dev_err(&dev->interface->dev, "Polling loop error %d", rc);
1693
1694         return rc;
1695 }
1696
1697 static void pn533_wq_poll(struct work_struct *work)
1698 {
1699         struct pn533 *dev = container_of(work, struct pn533, poll_work);
1700         struct pn533_poll_modulations *cur_mod;
1701         int rc;
1702
1703         cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1704
1705         nfc_dev_dbg(&dev->interface->dev,
1706                     "%s cancel_listen %d modulation len %d",
1707                     __func__, dev->cancel_listen, cur_mod->len);
1708
1709         if (dev->cancel_listen == 1) {
1710                 dev->cancel_listen = 0;
1711                 usb_kill_urb(dev->in_urb);
1712         }
1713
1714         rc = pn533_send_poll_frame(dev);
1715         if (rc)
1716                 return;
1717
1718         if (cur_mod->len == 0 && dev->poll_mod_count > 1)
1719                 mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
1720
1721         return;
1722 }
1723
1724 static int pn533_start_poll(struct nfc_dev *nfc_dev,
1725                             u32 im_protocols, u32 tm_protocols)
1726 {
1727         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1728
1729         nfc_dev_dbg(&dev->interface->dev,
1730                     "%s: im protocols 0x%x tm protocols 0x%x",
1731                     __func__, im_protocols, tm_protocols);
1732
1733         if (dev->tgt_active_prot) {
1734                 nfc_dev_err(&dev->interface->dev,
1735                             "Cannot poll with a target already activated");
1736                 return -EBUSY;
1737         }
1738
1739         if (dev->tgt_mode) {
1740                 nfc_dev_err(&dev->interface->dev,
1741                             "Cannot poll while already being activated");
1742                 return -EBUSY;
1743         }
1744
1745         if (tm_protocols) {
1746                 dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
1747                 if (dev->gb == NULL)
1748                         tm_protocols = 0;
1749         }
1750
1751         dev->poll_mod_curr = 0;
1752         pn533_poll_create_mod_list(dev, im_protocols, tm_protocols);
1753         dev->poll_protocols = im_protocols;
1754         dev->listen_protocols = tm_protocols;
1755
1756         return pn533_send_poll_frame(dev);
1757 }
1758
1759 static void pn533_stop_poll(struct nfc_dev *nfc_dev)
1760 {
1761         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1762
1763         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1764
1765         del_timer(&dev->listen_timer);
1766
1767         if (!dev->poll_mod_count) {
1768                 nfc_dev_dbg(&dev->interface->dev, "Polling operation was not"
1769                                                                 " running");
1770                 return;
1771         }
1772
1773         /* An ack will cancel the last issued command (poll) */
1774         pn533_send_ack(dev, GFP_KERNEL);
1775
1776         /* prevent pn533_start_poll_complete to issue a new poll meanwhile */
1777         usb_kill_urb(dev->in_urb);
1778
1779         pn533_poll_reset_mod_list(dev);
1780 }
1781
1782 static int pn533_activate_target_nfcdep(struct pn533 *dev)
1783 {
1784         struct pn533_cmd_activate_response *rsp;
1785         u16 gt_len;
1786         int rc;
1787
1788         struct sk_buff *skb;
1789         struct sk_buff *resp;
1790
1791         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1792
1793         skb = pn533_alloc_skb(sizeof(u8) * 2); /*TG + Next*/
1794         if (!skb)
1795                 return -ENOMEM;
1796
1797         *skb_put(skb, sizeof(u8)) = 1; /* TG */
1798         *skb_put(skb, sizeof(u8)) = 0; /* Next */
1799
1800         resp = pn533_send_cmd_sync(dev, PN533_CMD_IN_ATR, skb);
1801         if (IS_ERR(resp))
1802                 return PTR_ERR(resp);
1803
1804         rsp = (struct pn533_cmd_activate_response *) resp->data;
1805         rc = rsp->status & PN533_CMD_RET_MASK;
1806         if (rc != PN533_CMD_RET_SUCCESS)
1807                 dev_kfree_skb(resp);
1808                 return -EIO;
1809
1810         /* ATR_RES general bytes are located at offset 16 */
1811         gt_len = resp->len - 16;
1812         rc = nfc_set_remote_general_bytes(dev->nfc_dev, rsp->gt, gt_len);
1813
1814         dev_kfree_skb(resp);
1815         return rc;
1816 }
1817
1818 static int pn533_activate_target(struct nfc_dev *nfc_dev,
1819                                  struct nfc_target *target, u32 protocol)
1820 {
1821         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1822         int rc;
1823
1824         nfc_dev_dbg(&dev->interface->dev, "%s - protocol=%u", __func__,
1825                                                                 protocol);
1826
1827         if (dev->poll_mod_count) {
1828                 nfc_dev_err(&dev->interface->dev, "Cannot activate while"
1829                                                                 " polling");
1830                 return -EBUSY;
1831         }
1832
1833         if (dev->tgt_active_prot) {
1834                 nfc_dev_err(&dev->interface->dev, "There is already an active"
1835                                                                 " target");
1836                 return -EBUSY;
1837         }
1838
1839         if (!dev->tgt_available_prots) {
1840                 nfc_dev_err(&dev->interface->dev, "There is no available target"
1841                                                                 " to activate");
1842                 return -EINVAL;
1843         }
1844
1845         if (!(dev->tgt_available_prots & (1 << protocol))) {
1846                 nfc_dev_err(&dev->interface->dev, "The target does not support"
1847                                         " the requested protocol %u", protocol);
1848                 return -EINVAL;
1849         }
1850
1851         if (protocol == NFC_PROTO_NFC_DEP) {
1852                 rc = pn533_activate_target_nfcdep(dev);
1853                 if (rc) {
1854                         nfc_dev_err(&dev->interface->dev, "Error %d when"
1855                                                 " activating target with"
1856                                                 " NFC_DEP protocol", rc);
1857                         return rc;
1858                 }
1859         }
1860
1861         dev->tgt_active_prot = protocol;
1862         dev->tgt_available_prots = 0;
1863
1864         return 0;
1865 }
1866
1867 static void pn533_deactivate_target(struct nfc_dev *nfc_dev,
1868                                     struct nfc_target *target)
1869 {
1870         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1871
1872         struct sk_buff *skb;
1873         struct sk_buff *resp;
1874
1875         int rc;
1876
1877         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1878
1879         if (!dev->tgt_active_prot) {
1880                 nfc_dev_err(&dev->interface->dev, "There is no active target");
1881                 return;
1882         }
1883
1884         dev->tgt_active_prot = 0;
1885         skb_queue_purge(&dev->resp_q);
1886
1887         skb = pn533_alloc_skb(sizeof(u8));
1888         if (!skb)
1889                 return;
1890
1891         *skb_put(skb, 1) = 1; /* TG*/
1892
1893         resp = pn533_send_cmd_sync(dev, PN533_CMD_IN_RELEASE, skb);
1894         if (IS_ERR(resp))
1895                 return;
1896
1897         rc = resp->data[0] & PN533_CMD_RET_MASK;
1898         if (rc != PN533_CMD_RET_SUCCESS)
1899                 nfc_dev_err(&dev->interface->dev, "Error 0x%x when releasing"
1900                                                         " the target", rc);
1901
1902         dev_kfree_skb(resp);
1903         return;
1904 }
1905
1906
1907 static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg,
1908                                          struct sk_buff *resp)
1909 {
1910         struct pn533_cmd_jump_dep_response *rsp;
1911         u8 target_gt_len;
1912         int rc;
1913         u8 active = *(u8 *)arg;
1914
1915         kfree(arg);
1916
1917         if (IS_ERR(resp))
1918                 return PTR_ERR(resp);
1919
1920         if (dev->tgt_available_prots &&
1921             !(dev->tgt_available_prots & (1 << NFC_PROTO_NFC_DEP))) {
1922                 nfc_dev_err(&dev->interface->dev,
1923                         "The target does not support DEP");
1924                 rc =  -EINVAL;
1925                 goto error;
1926         }
1927
1928         rsp = (struct pn533_cmd_jump_dep_response *)resp->data;
1929
1930         rc = rsp->status & PN533_CMD_RET_MASK;
1931         if (rc != PN533_CMD_RET_SUCCESS) {
1932                 nfc_dev_err(&dev->interface->dev,
1933                                 "Bringing DEP link up failed %d", rc);
1934                 goto error;
1935         }
1936
1937         if (!dev->tgt_available_prots) {
1938                 struct nfc_target nfc_target;
1939
1940                 nfc_dev_dbg(&dev->interface->dev, "Creating new target");
1941
1942                 nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1943                 nfc_target.nfcid1_len = 10;
1944                 memcpy(nfc_target.nfcid1, rsp->nfcid3t, nfc_target.nfcid1_len);
1945                 rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
1946                 if (rc)
1947                         goto error;
1948
1949                 dev->tgt_available_prots = 0;
1950         }
1951
1952         dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
1953
1954         /* ATR_RES general bytes are located at offset 17 */
1955         target_gt_len = resp->len - 17;
1956         rc = nfc_set_remote_general_bytes(dev->nfc_dev,
1957                                           rsp->gt, target_gt_len);
1958         if (rc == 0)
1959                 rc = nfc_dep_link_is_up(dev->nfc_dev,
1960                                         dev->nfc_dev->targets[0].idx,
1961                                         !active, NFC_RF_INITIATOR);
1962
1963 error:
1964         dev_kfree_skb(resp);
1965         return rc;
1966 }
1967
1968 static int pn533_mod_to_baud(struct pn533 *dev)
1969 {
1970         switch (dev->poll_mod_curr) {
1971         case PN533_POLL_MOD_106KBPS_A:
1972                 return 0;
1973         case PN533_POLL_MOD_212KBPS_FELICA:
1974                 return 1;
1975         case PN533_POLL_MOD_424KBPS_FELICA:
1976                 return 2;
1977         default:
1978                 return -EINVAL;
1979         }
1980 }
1981
1982 #define PASSIVE_DATA_LEN 5
1983 static int pn533_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
1984                              u8 comm_mode, u8* gb, size_t gb_len)
1985 {
1986         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1987         struct sk_buff *skb;
1988         int rc, baud, skb_len;
1989         u8 *next, *arg;
1990
1991         u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
1992
1993         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1994
1995         if (dev->poll_mod_count) {
1996                 nfc_dev_err(&dev->interface->dev,
1997                                 "Cannot bring the DEP link up while polling");
1998                 return -EBUSY;
1999         }
2000
2001         if (dev->tgt_active_prot) {
2002                 nfc_dev_err(&dev->interface->dev,
2003                                 "There is already an active target");
2004                 return -EBUSY;
2005         }
2006
2007         baud = pn533_mod_to_baud(dev);
2008         if (baud < 0) {
2009                 nfc_dev_err(&dev->interface->dev,
2010                             "Invalid curr modulation %d", dev->poll_mod_curr);
2011                 return baud;
2012         }
2013
2014         skb_len = 3 + gb_len; /* ActPass + BR + Next */
2015         if (comm_mode == NFC_COMM_PASSIVE)
2016                 skb_len += PASSIVE_DATA_LEN;
2017
2018         skb = pn533_alloc_skb(skb_len);
2019         if (!skb)
2020                 return -ENOMEM;
2021
2022         *skb_put(skb, 1) = !comm_mode;  /* ActPass */
2023         *skb_put(skb, 1) = baud;  /* Baud rate */
2024
2025         next = skb_put(skb, 1);  /* Next */
2026         *next = 0;
2027
2028         if (comm_mode == NFC_COMM_PASSIVE && baud > 0) {
2029                 memcpy(skb_put(skb, PASSIVE_DATA_LEN), passive_data,
2030                        PASSIVE_DATA_LEN);
2031                 *next |= 1;
2032         }
2033
2034         if (gb != NULL && gb_len > 0) {
2035                 memcpy(skb_put(skb, gb_len), gb, gb_len);
2036                 *next |= 4; /* We have some Gi */
2037         } else {
2038                 *next = 0;
2039         }
2040
2041         arg = kmalloc(sizeof(*arg), GFP_KERNEL);
2042         if (!arg) {
2043                 dev_kfree_skb(skb);
2044                 return -ENOMEM;
2045         }
2046
2047         *arg = !comm_mode;
2048
2049         rc = pn533_send_cmd_async(dev, PN533_CMD_IN_JUMP_FOR_DEP, skb,
2050                                   pn533_in_dep_link_up_complete, arg);
2051
2052         if (rc < 0) {
2053                 dev_kfree_skb(skb);
2054                 kfree(arg);
2055         }
2056
2057         return rc;
2058 }
2059
2060 static int pn533_dep_link_down(struct nfc_dev *nfc_dev)
2061 {
2062         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2063
2064         pn533_poll_reset_mod_list(dev);
2065
2066         if (dev->tgt_mode || dev->tgt_active_prot) {
2067                 pn533_send_ack(dev, GFP_KERNEL);
2068                 usb_kill_urb(dev->in_urb);
2069         }
2070
2071         dev->tgt_active_prot = 0;
2072         dev->tgt_mode = 0;
2073
2074         skb_queue_purge(&dev->resp_q);
2075
2076         return 0;
2077 }
2078
2079 struct pn533_data_exchange_arg {
2080         data_exchange_cb_t cb;
2081         void *cb_context;
2082 };
2083
2084 static struct sk_buff *pn533_build_response(struct pn533 *dev)
2085 {
2086         struct sk_buff *skb, *tmp, *t;
2087         unsigned int skb_len = 0, tmp_len = 0;
2088
2089         nfc_dev_dbg(&dev->interface->dev, "%s\n", __func__);
2090
2091         if (skb_queue_empty(&dev->resp_q))
2092                 return NULL;
2093
2094         if (skb_queue_len(&dev->resp_q) == 1) {
2095                 skb = skb_dequeue(&dev->resp_q);
2096                 goto out;
2097         }
2098
2099         skb_queue_walk_safe(&dev->resp_q, tmp, t)
2100                 skb_len += tmp->len;
2101
2102         nfc_dev_dbg(&dev->interface->dev, "%s total length %d\n",
2103                     __func__, skb_len);
2104
2105         skb = alloc_skb(skb_len, GFP_KERNEL);
2106         if (skb == NULL)
2107                 goto out;
2108
2109         skb_put(skb, skb_len);
2110
2111         skb_queue_walk_safe(&dev->resp_q, tmp, t) {
2112                 memcpy(skb->data + tmp_len, tmp->data, tmp->len);
2113                 tmp_len += tmp->len;
2114         }
2115
2116 out:
2117         skb_queue_purge(&dev->resp_q);
2118
2119         return skb;
2120 }
2121
2122 static int pn533_data_exchange_complete(struct pn533 *dev, void *_arg,
2123                                         struct sk_buff *resp)
2124 {
2125         struct pn533_data_exchange_arg *arg = _arg;
2126         struct sk_buff *skb;
2127         int rc = 0;
2128         u8 status, ret, mi;
2129
2130         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2131
2132         if (IS_ERR(resp)) {
2133                 rc = PTR_ERR(resp);
2134                 goto _error;
2135         }
2136
2137         status = resp->data[0];
2138         ret = status & PN533_CMD_RET_MASK;
2139         mi = status & PN533_CMD_MI_MASK;
2140
2141         skb_pull(resp, sizeof(status));
2142
2143         if (ret != PN533_CMD_RET_SUCCESS) {
2144                 nfc_dev_err(&dev->interface->dev,
2145                             "PN533 reported error %d when exchanging data",
2146                             ret);
2147                 rc = -EIO;
2148                 goto error;
2149         }
2150
2151         skb_queue_tail(&dev->resp_q, resp);
2152
2153         if (mi) {
2154                 dev->cmd_complete_mi_arg = arg;
2155                 queue_work(dev->wq, &dev->mi_work);
2156                 return -EINPROGRESS;
2157         }
2158
2159         skb = pn533_build_response(dev);
2160         if (!skb)
2161                 goto error;
2162
2163         arg->cb(arg->cb_context, skb, 0);
2164         kfree(arg);
2165         return 0;
2166
2167 error:
2168         dev_kfree_skb(resp);
2169 _error:
2170         skb_queue_purge(&dev->resp_q);
2171         arg->cb(arg->cb_context, NULL, rc);
2172         kfree(arg);
2173         return rc;
2174 }
2175
2176 static int pn533_transceive(struct nfc_dev *nfc_dev,
2177                             struct nfc_target *target, struct sk_buff *skb,
2178                             data_exchange_cb_t cb, void *cb_context)
2179 {
2180         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2181         struct pn533_data_exchange_arg *arg = NULL;
2182         int rc;
2183
2184         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2185
2186         if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
2187                 /* TODO: Implement support to multi-part data exchange */
2188                 nfc_dev_err(&dev->interface->dev,
2189                             "Data length greater than the max allowed: %d",
2190                             PN533_CMD_DATAEXCH_DATA_MAXLEN);
2191                 rc = -ENOSYS;
2192                 goto error;
2193         }
2194
2195         if (!dev->tgt_active_prot) {
2196                 nfc_dev_err(&dev->interface->dev, "Cannot exchange data if"
2197                                                 " there is no active target");
2198                 rc = -EINVAL;
2199                 goto error;
2200         }
2201
2202         arg = kmalloc(sizeof(*arg), GFP_KERNEL);
2203         if (!arg) {
2204                 rc = -ENOMEM;
2205                 goto error;
2206         }
2207
2208         arg->cb = cb;
2209         arg->cb_context = cb_context;
2210
2211         switch (dev->device_type) {
2212         case PN533_DEVICE_PASORI:
2213                 if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
2214                         rc = pn533_send_data_async(dev, PN533_CMD_IN_COMM_THRU,
2215                                                    skb,
2216                                                    pn533_data_exchange_complete,
2217                                                    arg);
2218
2219                         break;
2220                 }
2221         default:
2222                 *skb_push(skb, sizeof(u8)) =  1; /*TG*/
2223
2224                 rc = pn533_send_data_async(dev, PN533_CMD_IN_DATA_EXCHANGE,
2225                                            skb, pn533_data_exchange_complete,
2226                                            arg);
2227
2228                 break;
2229         }
2230
2231         if (rc < 0) /* rc from send_async */
2232                 goto error;
2233
2234         return 0;
2235
2236 error:
2237         kfree(arg);
2238         dev_kfree_skb(skb);
2239         return rc;
2240 }
2241
2242 static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
2243                                   struct sk_buff *resp)
2244 {
2245         u8 status;
2246
2247         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2248
2249         if (IS_ERR(resp))
2250                 return PTR_ERR(resp);
2251
2252         status = resp->data[0];
2253
2254         dev_kfree_skb(resp);
2255
2256         if (status != 0) {
2257                 nfc_tm_deactivated(dev->nfc_dev);
2258
2259                 dev->tgt_mode = 0;
2260
2261                 return 0;
2262         }
2263
2264         queue_work(dev->wq, &dev->tg_work);
2265
2266         return 0;
2267 }
2268
2269 static int pn533_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb)
2270 {
2271         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2272         int rc;
2273
2274         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2275
2276         if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
2277                 nfc_dev_err(&dev->interface->dev,
2278                             "Data length greater than the max allowed: %d",
2279                             PN533_CMD_DATAEXCH_DATA_MAXLEN);
2280                 return -ENOSYS;
2281         }
2282
2283         rc = pn533_send_data_async(dev, PN533_CMD_TG_SET_DATA, skb,
2284                                    pn533_tm_send_complete, NULL);
2285         if (rc < 0)
2286                 dev_kfree_skb(skb);
2287
2288         return rc;
2289 }
2290
2291 static void pn533_wq_mi_recv(struct work_struct *work)
2292 {
2293         struct pn533 *dev = container_of(work, struct pn533, mi_work);
2294
2295         struct sk_buff *skb;
2296         int rc;
2297
2298         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2299
2300         skb = pn533_alloc_skb(PN533_CMD_DATAEXCH_HEAD_LEN);
2301         if (!skb)
2302                 goto error;
2303
2304         switch (dev->device_type) {
2305         case PN533_DEVICE_PASORI:
2306                 if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
2307                         rc = pn533_send_cmd_direct_async(dev,
2308                                                 PN533_CMD_IN_COMM_THRU,
2309                                                 skb,
2310                                                 pn533_data_exchange_complete,
2311                                                  dev->cmd_complete_mi_arg);
2312
2313                         break;
2314                 }
2315         default:
2316                 *skb_put(skb, sizeof(u8)) =  1; /*TG*/
2317
2318                 rc = pn533_send_cmd_direct_async(dev,
2319                                                  PN533_CMD_IN_DATA_EXCHANGE,
2320                                                  skb,
2321                                                  pn533_data_exchange_complete,
2322                                                  dev->cmd_complete_mi_arg);
2323
2324                 break;
2325         }
2326
2327         if (rc == 0) /* success */
2328                 return;
2329
2330         nfc_dev_err(&dev->interface->dev,
2331                     "Error %d when trying to perform data_exchange", rc);
2332
2333         dev_kfree_skb(skb);
2334         kfree(dev->cmd_complete_arg);
2335
2336 error:
2337         pn533_send_ack(dev, GFP_KERNEL);
2338         queue_work(dev->wq, &dev->cmd_work);
2339 }
2340
2341 static int pn533_set_configuration(struct pn533 *dev, u8 cfgitem, u8 *cfgdata,
2342                                                                 u8 cfgdata_len)
2343 {
2344         struct sk_buff *skb;
2345         struct sk_buff *resp;
2346
2347         int skb_len;
2348
2349         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2350
2351         skb_len = sizeof(cfgitem) + cfgdata_len; /* cfgitem + cfgdata */
2352
2353         skb = pn533_alloc_skb(skb_len);
2354         if (!skb)
2355                 return -ENOMEM;
2356
2357         *skb_put(skb, sizeof(cfgitem)) = cfgitem;
2358         memcpy(skb_put(skb, cfgdata_len), cfgdata, cfgdata_len);
2359
2360         resp = pn533_send_cmd_sync(dev, PN533_CMD_RF_CONFIGURATION, skb);
2361         if (IS_ERR(resp))
2362                 return PTR_ERR(resp);
2363
2364         dev_kfree_skb(resp);
2365         return 0;
2366 }
2367
2368 static int pn533_get_firmware_version(struct pn533 *dev,
2369                                       struct pn533_fw_version *fv)
2370 {
2371         struct sk_buff *skb;
2372         struct sk_buff *resp;
2373
2374         skb = pn533_alloc_skb(0);
2375         if (!skb)
2376                 return -ENOMEM;
2377
2378         resp = pn533_send_cmd_sync(dev, PN533_CMD_GET_FIRMWARE_VERSION, skb);
2379         if (IS_ERR(resp))
2380                 return PTR_ERR(resp);
2381
2382         fv->ic = resp->data[0];
2383         fv->ver = resp->data[1];
2384         fv->rev = resp->data[2];
2385         fv->support = resp->data[3];
2386
2387         dev_kfree_skb(resp);
2388         return 0;
2389 }
2390
2391 static int pn533_fw_reset(struct pn533 *dev)
2392 {
2393         struct sk_buff *skb;
2394         struct sk_buff *resp;
2395
2396         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2397
2398         skb = pn533_alloc_skb(sizeof(u8));
2399         if (!skb)
2400                 return -ENOMEM;
2401
2402         *skb_put(skb, sizeof(u8)) = 0x1;
2403
2404         resp = pn533_send_cmd_sync(dev, 0x18, skb);
2405         if (IS_ERR(resp))
2406                 return PTR_ERR(resp);
2407
2408         dev_kfree_skb(resp);
2409
2410         return 0;
2411 }
2412
2413 static struct nfc_ops pn533_nfc_ops = {
2414         .dev_up = NULL,
2415         .dev_down = NULL,
2416         .dep_link_up = pn533_dep_link_up,
2417         .dep_link_down = pn533_dep_link_down,
2418         .start_poll = pn533_start_poll,
2419         .stop_poll = pn533_stop_poll,
2420         .activate_target = pn533_activate_target,
2421         .deactivate_target = pn533_deactivate_target,
2422         .im_transceive = pn533_transceive,
2423         .tm_send = pn533_tm_send,
2424 };
2425
2426 static int pn533_setup(struct pn533 *dev)
2427 {
2428         struct pn533_config_max_retries max_retries;
2429         struct pn533_config_timing timing;
2430         u8 pasori_cfg[3] = {0x08, 0x01, 0x08};
2431         int rc;
2432
2433         switch (dev->device_type) {
2434         case PN533_DEVICE_STD:
2435                 max_retries.mx_rty_atr = PN533_CONFIG_MAX_RETRIES_ENDLESS;
2436                 max_retries.mx_rty_psl = 2;
2437                 max_retries.mx_rty_passive_act =
2438                         PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2439
2440                 timing.rfu = PN533_CONFIG_TIMING_102;
2441                 timing.atr_res_timeout = PN533_CONFIG_TIMING_204;
2442                 timing.dep_timeout = PN533_CONFIG_TIMING_409;
2443
2444                 break;
2445
2446         case PN533_DEVICE_PASORI:
2447                 max_retries.mx_rty_atr = 0x2;
2448                 max_retries.mx_rty_psl = 0x1;
2449                 max_retries.mx_rty_passive_act =
2450                         PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2451
2452                 timing.rfu = PN533_CONFIG_TIMING_102;
2453                 timing.atr_res_timeout = PN533_CONFIG_TIMING_102;
2454                 timing.dep_timeout = PN533_CONFIG_TIMING_204;
2455
2456                 break;
2457
2458         default:
2459                 nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2460                             dev->device_type);
2461                 return -EINVAL;
2462         }
2463
2464         rc = pn533_set_configuration(dev, PN533_CFGITEM_MAX_RETRIES,
2465                                      (u8 *)&max_retries, sizeof(max_retries));
2466         if (rc) {
2467                 nfc_dev_err(&dev->interface->dev,
2468                             "Error on setting MAX_RETRIES config");
2469                 return rc;
2470         }
2471
2472
2473         rc = pn533_set_configuration(dev, PN533_CFGITEM_TIMING,
2474                                      (u8 *)&timing, sizeof(timing));
2475         if (rc) {
2476                 nfc_dev_err(&dev->interface->dev,
2477                             "Error on setting RF timings");
2478                 return rc;
2479         }
2480
2481         switch (dev->device_type) {
2482         case PN533_DEVICE_STD:
2483                 break;
2484
2485         case PN533_DEVICE_PASORI:
2486                 pn533_fw_reset(dev);
2487
2488                 rc = pn533_set_configuration(dev, PN533_CFGITEM_PASORI,
2489                                              pasori_cfg, 3);
2490                 if (rc) {
2491                         nfc_dev_err(&dev->interface->dev,
2492                                     "Error while settings PASORI config");
2493                         return rc;
2494                 }
2495
2496                 pn533_fw_reset(dev);
2497
2498                 break;
2499         }
2500
2501         return 0;
2502 }
2503
2504 static int pn533_probe(struct usb_interface *interface,
2505                         const struct usb_device_id *id)
2506 {
2507         struct pn533_fw_version fw_ver;
2508         struct pn533 *dev;
2509         struct usb_host_interface *iface_desc;
2510         struct usb_endpoint_descriptor *endpoint;
2511         int in_endpoint = 0;
2512         int out_endpoint = 0;
2513         int rc = -ENOMEM;
2514         int i;
2515         u32 protocols;
2516
2517         dev = kzalloc(sizeof(*dev), GFP_KERNEL);
2518         if (!dev)
2519                 return -ENOMEM;
2520
2521         dev->udev = usb_get_dev(interface_to_usbdev(interface));
2522         dev->interface = interface;
2523         mutex_init(&dev->cmd_lock);
2524
2525         iface_desc = interface->cur_altsetting;
2526         for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
2527                 endpoint = &iface_desc->endpoint[i].desc;
2528
2529                 if (!in_endpoint && usb_endpoint_is_bulk_in(endpoint))
2530                         in_endpoint = endpoint->bEndpointAddress;
2531
2532                 if (!out_endpoint && usb_endpoint_is_bulk_out(endpoint))
2533                         out_endpoint = endpoint->bEndpointAddress;
2534         }
2535
2536         if (!in_endpoint || !out_endpoint) {
2537                 nfc_dev_err(&interface->dev, "Could not find bulk-in or"
2538                                                         " bulk-out endpoint");
2539                 rc = -ENODEV;
2540                 goto error;
2541         }
2542
2543         dev->in_frame = kmalloc(PN533_NORMAL_FRAME_MAX_LEN, GFP_KERNEL);
2544         dev->in_urb = usb_alloc_urb(0, GFP_KERNEL);
2545         dev->out_frame = kmalloc(PN533_NORMAL_FRAME_MAX_LEN, GFP_KERNEL);
2546         dev->out_urb = usb_alloc_urb(0, GFP_KERNEL);
2547
2548         if (!dev->in_frame || !dev->out_frame ||
2549                 !dev->in_urb || !dev->out_urb)
2550                 goto error;
2551
2552         usb_fill_bulk_urb(dev->in_urb, dev->udev,
2553                         usb_rcvbulkpipe(dev->udev, in_endpoint),
2554                         NULL, 0, NULL, dev);
2555         usb_fill_bulk_urb(dev->out_urb, dev->udev,
2556                         usb_sndbulkpipe(dev->udev, out_endpoint),
2557                         NULL, 0,
2558                         pn533_send_complete, dev);
2559
2560         INIT_WORK(&dev->cmd_work, pn533_wq_cmd);
2561         INIT_WORK(&dev->cmd_complete_work, pn533_wq_cmd_complete);
2562         INIT_WORK(&dev->mi_work, pn533_wq_mi_recv);
2563         INIT_WORK(&dev->tg_work, pn533_wq_tg_get_data);
2564         INIT_WORK(&dev->poll_work, pn533_wq_poll);
2565         dev->wq = alloc_ordered_workqueue("pn533", 0);
2566         if (dev->wq == NULL)
2567                 goto error;
2568
2569         init_timer(&dev->listen_timer);
2570         dev->listen_timer.data = (unsigned long) dev;
2571         dev->listen_timer.function = pn533_listen_mode_timer;
2572
2573         skb_queue_head_init(&dev->resp_q);
2574
2575         INIT_LIST_HEAD(&dev->cmd_queue);
2576
2577         usb_set_intfdata(interface, dev);
2578
2579         memset(&fw_ver, 0, sizeof(fw_ver));
2580         rc = pn533_get_firmware_version(dev, &fw_ver);
2581         if (rc < 0)
2582                 goto destroy_wq;
2583
2584         nfc_dev_info(&dev->interface->dev,
2585                      "NXP PN533 firmware ver %d.%d now attached",
2586                      fw_ver.ver, fw_ver.rev);
2587
2588         dev->device_type = id->driver_info;
2589         switch (dev->device_type) {
2590         case PN533_DEVICE_STD:
2591                 protocols = PN533_ALL_PROTOCOLS;
2592                 break;
2593
2594         case PN533_DEVICE_PASORI:
2595                 protocols = PN533_NO_TYPE_B_PROTOCOLS;
2596                 break;
2597
2598         default:
2599                 nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2600                             dev->device_type);
2601                 rc = -EINVAL;
2602                 goto destroy_wq;
2603         }
2604
2605         dev->nfc_dev = nfc_allocate_device(&pn533_nfc_ops, protocols,
2606                                            PN533_FRAME_HEADER_LEN +
2607                                            PN533_CMD_DATAEXCH_HEAD_LEN,
2608                                            PN533_FRAME_TAIL_LEN);
2609         if (!dev->nfc_dev)
2610                 goto destroy_wq;
2611
2612         nfc_set_parent_dev(dev->nfc_dev, &interface->dev);
2613         nfc_set_drvdata(dev->nfc_dev, dev);
2614
2615         rc = nfc_register_device(dev->nfc_dev);
2616         if (rc)
2617                 goto free_nfc_dev;
2618
2619         rc = pn533_setup(dev);
2620         if (rc)
2621                 goto unregister_nfc_dev;
2622
2623         return 0;
2624
2625 unregister_nfc_dev:
2626         nfc_unregister_device(dev->nfc_dev);
2627
2628 free_nfc_dev:
2629         nfc_free_device(dev->nfc_dev);
2630
2631 destroy_wq:
2632         destroy_workqueue(dev->wq);
2633 error:
2634         kfree(dev->in_frame);
2635         usb_free_urb(dev->in_urb);
2636         kfree(dev->out_frame);
2637         usb_free_urb(dev->out_urb);
2638         kfree(dev);
2639         return rc;
2640 }
2641
2642 static void pn533_disconnect(struct usb_interface *interface)
2643 {
2644         struct pn533 *dev;
2645         struct pn533_cmd *cmd, *n;
2646
2647         dev = usb_get_intfdata(interface);
2648         usb_set_intfdata(interface, NULL);
2649
2650         nfc_unregister_device(dev->nfc_dev);
2651         nfc_free_device(dev->nfc_dev);
2652
2653         usb_kill_urb(dev->in_urb);
2654         usb_kill_urb(dev->out_urb);
2655
2656         destroy_workqueue(dev->wq);
2657
2658         skb_queue_purge(&dev->resp_q);
2659
2660         del_timer(&dev->listen_timer);
2661
2662         list_for_each_entry_safe(cmd, n, &dev->cmd_queue, queue) {
2663                 list_del(&cmd->queue);
2664                 kfree(cmd);
2665         }
2666
2667         kfree(dev->in_frame);
2668         usb_free_urb(dev->in_urb);
2669         kfree(dev->out_frame);
2670         usb_free_urb(dev->out_urb);
2671         kfree(dev);
2672
2673         nfc_dev_info(&interface->dev, "NXP PN533 NFC device disconnected");
2674 }
2675
2676 static struct usb_driver pn533_driver = {
2677         .name =         "pn533",
2678         .probe =        pn533_probe,
2679         .disconnect =   pn533_disconnect,
2680         .id_table =     pn533_table,
2681 };
2682
2683 module_usb_driver(pn533_driver);
2684
2685 MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>,"
2686                         " Aloisio Almeida Jr <aloisio.almeida@openbossa.org>");
2687 MODULE_DESCRIPTION("PN533 usb driver ver " VERSION);
2688 MODULE_VERSION(VERSION);
2689 MODULE_LICENSE("GPL");
Unnamed repository; edit this file 'description' to name the repository.