1 files changed, 126 insertions, 144 deletions
diff --git a/drivers/nfc/pn533.c b/drivers/nfc/pn533.c
index b445f0339e03..1016e0962068 100644
--- a/drivers/nfc/pn533.c
+++ b/drivers/nfc/pn533.c
@@ -320,20 +320,6 @@ struct pn533_cmd_jump_dep_response {
 #define PN533_INIT_TARGET_RESP_ACTIVE     0x1
 #define PN533_INIT_TARGET_RESP_DEP        0x4
-struct pn533_cmd_init_target {
-        u8 mode;
-        u8 mifare[6];
-        u8 felica[18];
-        u8 nfcid3[10];
-        u8 gb_len;
-        u8 gb[];
-} __packed;
-struct pn533_cmd_init_target_response {
-        u8 mode;
-        u8 cmd[];
-} __packed;
 struct pn533 {
        struct usb_device *udev;
        struct usb_interface *interface;
@@ -1315,50 +1301,37 @@ static int pn533_target_found_type_b(struct nfc_target *nfc_tgt, u8 *tgt_data,
        return 0;
 }
-struct pn533_poll_response {
+static int pn533_target_found(struct pn533 *dev, u8 tg, u8 *tgdata,
-        u8 nbtg;
+                              int tgdata_len)
-        u8 tg;
-        u8 target_data[];
-} __packed;
-static int pn533_target_found(struct pn533 *dev,
-                        struct pn533_poll_response *resp, int resp_len)
 {
-        int target_data_len;
        struct nfc_target nfc_tgt;
        int rc;
        nfc_dev_dbg(&dev->interface->dev, "%s - modulation=%d", __func__,
-                                                        dev->poll_mod_curr);
+                    dev->poll_mod_curr);
-        if (resp->tg != 1)
+        if (tg != 1)
                return -EPROTO;
        memset(&nfc_tgt, 0, sizeof(struct nfc_target));
-        target_data_len = resp_len - sizeof(struct pn533_poll_response);
        switch (dev->poll_mod_curr) {
        case PN533_POLL_MOD_106KBPS_A:
-                rc = pn533_target_found_type_a(&nfc_tgt, resp->target_data,
+                rc = pn533_target_found_type_a(&nfc_tgt, tgdata, tgdata_len);
-                                                        target_data_len);
                break;
        case PN533_POLL_MOD_212KBPS_FELICA:
        case PN533_POLL_MOD_424KBPS_FELICA:
-                rc = pn533_target_found_felica(&nfc_tgt, resp->target_data,
+                rc = pn533_target_found_felica(&nfc_tgt, tgdata, tgdata_len);
-                                                        target_data_len);
                break;
        case PN533_POLL_MOD_106KBPS_JEWEL:
-                rc = pn533_target_found_jewel(&nfc_tgt, resp->target_data,
+                rc = pn533_target_found_jewel(&nfc_tgt, tgdata, tgdata_len);
-                                                        target_data_len);
                break;
        case PN533_POLL_MOD_847KBPS_B:
-                rc = pn533_target_found_type_b(&nfc_tgt, resp->target_data,
+                rc = pn533_target_found_type_b(&nfc_tgt, tgdata, tgdata_len);
-                                                        target_data_len);
                break;
        default:
-                nfc_dev_err(&dev->interface->dev, "Unknown current poll"
+                nfc_dev_err(&dev->interface->dev,
-                                                                " modulation");
+                            "Unknown current poll modulation");
                return -EPROTO;
        }
@@ -1366,13 +1339,14 @@ static int pn533_target_found(struct pn533 *dev,
                return rc;
        if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) {
-                nfc_dev_dbg(&dev->interface->dev, "The target found does not"
+                nfc_dev_dbg(&dev->interface->dev,
-                                                " have the desired protocol");
+                            "The Tg found doesn't have the desired protocol");
                return -EAGAIN;
        }
-        nfc_dev_dbg(&dev->interface->dev, "Target found - supported protocols: "
+        nfc_dev_dbg(&dev->interface->dev,
-                                        "0x%x", nfc_tgt.supported_protocols);
+                    "Target found - supported protocols: 0x%x",
+                    nfc_tgt.supported_protocols);
        dev->tgt_available_prots = nfc_tgt.supported_protocols;
@@ -1424,16 +1398,20 @@ static void pn533_poll_create_mod_list(struct pn533 *dev,
                pn533_poll_add_mod(dev, PN533_LISTEN_MOD);
 }
-static int pn533_start_poll_complete(struct pn533 *dev, u8 *params, int params_len)
+static int pn533_start_poll_complete(struct pn533 *dev, struct sk_buff *resp)
 {
-        struct pn533_poll_response *resp;
+        u8 nbtg, tg, *tgdata;
-        int rc;
+        int rc, tgdata_len;
        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
-        resp = (struct pn533_poll_response *) params;
+        nbtg = resp->data[0];
-        if (resp->nbtg) {
+        tg = resp->data[1];
-                rc = pn533_target_found(dev, resp, params_len);
+        tgdata = &resp->data[2];
+        tgdata_len = resp->len - 2;  /* nbtg + tg */
+        if (nbtg) {
+                rc = pn533_target_found(dev, tg, tgdata, tgdata_len);
                /* We must stop the poll after a valid target found */
                if (rc == 0) {
@@ -1445,56 +1423,55 @@ static int pn533_start_poll_complete(struct pn533 *dev, u8 *params, int params_l
        return -EAGAIN;
 }
-static int pn533_init_target_frame(struct pn533_frame *frame,
+static struct sk_buff *pn533_alloc_poll_tg_frame(u8 *gbytes, size_t gbytes_len)
-                                   u8 *gb, size_t gb_len)
 {
-        struct pn533_cmd_init_target *cmd;
+        struct sk_buff *skb;
-        size_t cmd_len;
+        u8 *felica, *nfcid3, *gb;
        u8 felica_params[18] = {0x1, 0xfe, /* DEP */
                                0x0, 0x0, 0x0, 0x0, 0x0, 0x0, /* random */
                                0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
                                0xff, 0xff}; /* System code */
        u8 mifare_params[6] = {0x1, 0x1, /* SENS_RES */
                               0x0, 0x0, 0x0,
                               0x40}; /* SEL_RES for DEP */
-        cmd_len = sizeof(struct pn533_cmd_init_target) + gb_len + 1;
+        unsigned int skb_len = 36 + /* mode (1), mifare (6),
-        cmd = kzalloc(cmd_len, GFP_KERNEL);
+                                       felica (18), nfcid3 (10), gb_len (1) */
-        if (cmd == NULL)
+                               gbytes_len +
-                return -ENOMEM;
+                               1;  /* len Tk*/
-        pn533_tx_frame_init(frame, PN533_CMD_TG_INIT_AS_TARGET);
+        skb = pn533_alloc_skb(skb_len);
+        if (!skb)
+                return NULL;
        /* DEP support only */
-        cmd->mode |= PN533_INIT_TARGET_DEP;
+        *skb_put(skb, 1) |= PN533_INIT_TARGET_DEP;
+        /* MIFARE params */
+        memcpy(skb_put(skb, 6), mifare_params, 6);
        /* Felica params */
-        memcpy(cmd->felica, felica_params, 18);
+        felica = skb_put(skb, 18);
-        get_random_bytes(cmd->felica + 2, 6);
+        memcpy(felica, felica_params, 18);
+        get_random_bytes(felica + 2, 6);
        /* NFCID3 */
-        memset(cmd->nfcid3, 0, 10);
+        nfcid3 = skb_put(skb, 10);
-        memcpy(cmd->nfcid3, cmd->felica, 8);
+        memset(nfcid3, 0, 10);
+        memcpy(nfcid3, felica, 8);
-        /* MIFARE params */
-        memcpy(cmd->mifare, mifare_params, 6);
        /* General bytes */
-        cmd->gb_len = gb_len;
+        *skb_put(skb, 1) = gbytes_len;
-        memcpy(cmd->gb, gb, gb_len);
-        /* Len Tk */
-        cmd->gb[gb_len] = 0;
-        memcpy(PN533_FRAME_CMD_PARAMS_PTR(frame), cmd, cmd_len);
-        frame->datalen += cmd_len;
+        gb = skb_put(skb, gbytes_len);
+        memcpy(gb, gbytes, gbytes_len);
-        pn533_tx_frame_finish(frame);
+        /* Len Tk */
+        *skb_put(skb, 1) = 0;
-        kfree(cmd);
-        return 0;
+        return skb;
 }
 #define PN533_CMD_DATAEXCH_HEAD_LEN 1
@@ -1545,41 +1522,32 @@ static void pn533_wq_tg_get_data(struct work_struct *work)
 }
 #define ATR_REQ_GB_OFFSET 17
-static int pn533_init_target_complete(struct pn533 *dev, u8 *params, int params_len)
+static int pn533_init_target_complete(struct pn533 *dev, struct sk_buff *resp)
 {
-        struct pn533_cmd_init_target_response *resp;
+        u8 mode, *cmd, comm_mode = NFC_COMM_PASSIVE, *gb;
-        u8 frame, comm_mode = NFC_COMM_PASSIVE, *gb;
        size_t gb_len;
        int rc;
        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
-        if (params_len < 0) {
+        if (resp->len < ATR_REQ_GB_OFFSET + 1)
-                nfc_dev_err(&dev->interface->dev,
-                            "Error %d when starting as a target",
-                            params_len);
-                return params_len;
-        }
-        if (params_len < ATR_REQ_GB_OFFSET + 1)
                return -EINVAL;
-        resp = (struct pn533_cmd_init_target_response *) params;
+        mode = resp->data[0];
+        cmd = &resp->data[1];
-        nfc_dev_dbg(&dev->interface->dev, "Target mode 0x%x param len %d\n",
+        nfc_dev_dbg(&dev->interface->dev, "Target mode 0x%x len %d\n",
-                    resp->mode, params_len);
+                    mode, resp->len);
-        frame = resp->mode & PN533_INIT_TARGET_RESP_FRAME_MASK;
+        if ((mode & PN533_INIT_TARGET_RESP_FRAME_MASK) ==
-        if (frame == PN533_INIT_TARGET_RESP_ACTIVE)
+            PN533_INIT_TARGET_RESP_ACTIVE)
                comm_mode = NFC_COMM_ACTIVE;
-        /* Again, only DEP */
+        if ((mode & PN533_INIT_TARGET_RESP_DEP) == 0)  /* Only DEP supported */
-        if ((resp->mode & PN533_INIT_TARGET_RESP_DEP) == 0)
                return -EOPNOTSUPP;
-        gb = resp->cmd + ATR_REQ_GB_OFFSET;
+        gb = cmd + ATR_REQ_GB_OFFSET;
-        gb_len = params_len - (ATR_REQ_GB_OFFSET + 1);
+        gb_len = resp->len - (ATR_REQ_GB_OFFSET + 1);
        rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
                              comm_mode, gb, gb_len);
@@ -1590,7 +1558,6 @@ static int pn533_init_target_complete(struct pn533 *dev, u8 *params, int params_
        }
        dev->tgt_mode = 1;
        queue_work(dev->wq, &dev->tg_work);
        return 0;
@@ -1613,89 +1580,104 @@ static void pn533_listen_mode_timer(unsigned long data)
 }
 static int pn533_poll_complete(struct pn533 *dev, void *arg,
-                               u8 *params, int params_len)
+                               struct sk_buff *resp)
 {
        struct pn533_poll_modulations *cur_mod;
        int rc;
        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
-        if (params_len == -ENOENT) {
+        if (IS_ERR(resp)) {
-                if (dev->poll_mod_count != 0)
+                rc = PTR_ERR(resp);
-                        return 0;
-                nfc_dev_err(&dev->interface->dev,
-                            "Polling operation has been stopped");
-                goto stop_poll;
+                nfc_dev_err(&dev->interface->dev, "%s  Poll complete error %d",
-        }
+                            __func__, rc);
-        if (params_len < 0) {
+                if (rc == -ENOENT) {
-                nfc_dev_err(&dev->interface->dev,
+                        if (dev->poll_mod_count != 0)
-                            "Error %d when running poll", params_len);
+                                return rc;
+                        else
-                goto stop_poll;
+                                goto stop_poll;
+                } else if (rc < 0) {
+                        nfc_dev_err(&dev->interface->dev,
+                                    "Error %d when running poll", rc);
+                        goto stop_poll;
+                }
        }
        cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
-        if (cur_mod->len == 0) {
+        if (cur_mod->len == 0) { /* Target mode */
                del_timer(&dev->listen_timer);
+                rc = pn533_init_target_complete(dev, resp);
-                return pn533_init_target_complete(dev, params, params_len);
+                goto done;
-        } else {
-                rc = pn533_start_poll_complete(dev, params, params_len);
-                if (!rc)
-                        return rc;
        }
-        pn533_poll_next_mod(dev);
+        /* Initiator mode */
+        rc = pn533_start_poll_complete(dev, resp);
+        if (!rc)
+                goto done;
+        pn533_poll_next_mod(dev);
        queue_work(dev->wq, &dev->poll_work);
-        return 0;
+done:
+        dev_kfree_skb(resp);
+        return rc;
 stop_poll:
+        nfc_dev_err(&dev->interface->dev, "Polling operation has been stopped");
        pn533_poll_reset_mod_list(dev);
        dev->poll_protocols = 0;
-        return 0;
+        return rc;
 }
-static void pn533_build_poll_frame(struct pn533 *dev,
+static struct sk_buff *pn533_alloc_poll_in_frame(struct pn533_poll_modulations
-                                   struct pn533_frame *frame,
+                                                 *mod)
-                                   struct pn533_poll_modulations *mod)
 {
-        nfc_dev_dbg(&dev->interface->dev, "mod len %d\n", mod->len);
+        struct sk_buff *skb;
-        if (mod->len == 0) {
+        skb = pn533_alloc_skb(mod->len);
-                /* Listen mode */
+        if (!skb)
-                pn533_init_target_frame(frame, dev->gb, dev->gb_len);
+                return NULL;
-        } else {
-                /* Polling mode */
-                pn533_tx_frame_init(frame, PN533_CMD_IN_LIST_PASSIVE_TARGET);
-                memcpy(PN533_FRAME_CMD_PARAMS_PTR(frame), &mod->data, mod->len);
+        memcpy(skb_put(skb, mod->len), &mod->data, mod->len);
-                frame->datalen += mod->len;
-                pn533_tx_frame_finish(frame);
+        return skb;
-        }
 }
 static int pn533_send_poll_frame(struct pn533 *dev)
 {
-        struct pn533_poll_modulations *cur_mod;
+        struct pn533_poll_modulations *mod;
+        struct sk_buff *skb;
        int rc;
+        u8 cmd_code;
-        cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
+        mod = dev->poll_mod_active[dev->poll_mod_curr];
-        pn533_build_poll_frame(dev, dev->out_frame, cur_mod);
+        nfc_dev_dbg(&dev->interface->dev, "%s mod len %d\n",
+                    __func__, mod->len);
-        rc = pn533_send_cmd_frame_async(dev, dev->out_frame, dev->in_frame,
+        if (mod->len == 0) {  /* Listen mode */
-                                        PN533_NORMAL_FRAME_MAX_LEN,
+                cmd_code = PN533_CMD_TG_INIT_AS_TARGET;
-                                        pn533_poll_complete,
+                skb = pn533_alloc_poll_tg_frame(dev->gb, dev->gb_len);
-                                        NULL);
+        } else {  /* Polling mode */
-        if (rc)
+                cmd_code =  PN533_CMD_IN_LIST_PASSIVE_TARGET;
+                skb = pn533_alloc_poll_in_frame(mod);
+        }
+        if (!skb) {
+                nfc_dev_err(&dev->interface->dev, "Failed to allocate skb.");
+                return -ENOMEM;
+        }
+        rc = pn533_send_cmd_async(dev, cmd_code, skb, pn533_poll_complete,
+                                  NULL);
+        if (rc < 0) {
+                dev_kfree_skb(skb);
                nfc_dev_err(&dev->interface->dev, "Polling loop error %d", rc);
+        }
        return rc;
 }

diff --git a/drivers/nfc/pn533.c b/drivers/nfc/pn533.c index b445f0339e03..1016e0962068 100644 --- a/drivers/nfc/pn533.c +++ b/drivers/nfc/pn533.c
@@ -320,20 +320,6 @@ struct pn533_cmd_jump_dep_response {
320	#define PN533_INIT_TARGET_RESP_ACTIVE 0x1	320	#define PN533_INIT_TARGET_RESP_ACTIVE 0x1
321	#define PN533_INIT_TARGET_RESP_DEP 0x4	321	#define PN533_INIT_TARGET_RESP_DEP 0x4
322		322
323	struct pn533_cmd_init_target {
324	u8 mode;
325	u8 mifare[6];
326	u8 felica[18];
327	u8 nfcid3[10];
328	u8 gb_len;
329	u8 gb[];
330	} __packed;
331
332	struct pn533_cmd_init_target_response {
333	u8 mode;
334	u8 cmd[];
335	} __packed;
336
337	struct pn533 {	323	struct pn533 {
338	struct usb_device *udev;	324	struct usb_device *udev;
339	struct usb_interface *interface;	325	struct usb_interface *interface;
@@ -1315,50 +1301,37 @@ static int pn533_target_found_type_b(struct nfc_target nfc_tgt, u8 tgt_data,
1315	return 0;	1301	return 0;
1316	}	1302	}
1317		1303
1318	struct pn533_poll_response {	1304	static int pn533_target_found(struct pn533 dev, u8 tg, u8 tgdata,
1319	u8 nbtg;	1305	int tgdata_len)
1320	u8 tg;
1321	u8 target_data[];
1322	} __packed;
1323
1324	static int pn533_target_found(struct pn533 *dev,
1325	struct pn533_poll_response *resp, int resp_len)
1326	{	1306	{
1327	int target_data_len;
1328	struct nfc_target nfc_tgt;	1307	struct nfc_target nfc_tgt;
1329	int rc;	1308	int rc;
1330		1309
1331	nfc_dev_dbg(&dev->interface->dev, "%s - modulation=%d", __func__,	1310	nfc_dev_dbg(&dev->interface->dev, "%s - modulation=%d", __func__,
1332	dev->poll_mod_curr);	1311	dev->poll_mod_curr);
1333		1312
1334	if (resp->tg != 1)	1313	if (tg != 1)
1335	return -EPROTO;	1314	return -EPROTO;
1336		1315
1337	memset(&nfc_tgt, 0, sizeof(struct nfc_target));	1316	memset(&nfc_tgt, 0, sizeof(struct nfc_target));
1338		1317
1339	target_data_len = resp_len - sizeof(struct pn533_poll_response);
1340
1341	switch (dev->poll_mod_curr) {	1318	switch (dev->poll_mod_curr) {
1342	case PN533_POLL_MOD_106KBPS_A:	1319	case PN533_POLL_MOD_106KBPS_A:
1343	rc = pn533_target_found_type_a(&nfc_tgt, resp->target_data,	1320	rc = pn533_target_found_type_a(&nfc_tgt, tgdata, tgdata_len);
1344	target_data_len);
1345	break;	1321	break;
1346	case PN533_POLL_MOD_212KBPS_FELICA:	1322	case PN533_POLL_MOD_212KBPS_FELICA:
1347	case PN533_POLL_MOD_424KBPS_FELICA:	1323	case PN533_POLL_MOD_424KBPS_FELICA:
1348	rc = pn533_target_found_felica(&nfc_tgt, resp->target_data,	1324	rc = pn533_target_found_felica(&nfc_tgt, tgdata, tgdata_len);
1349	target_data_len);
1350	break;	1325	break;
1351	case PN533_POLL_MOD_106KBPS_JEWEL:	1326	case PN533_POLL_MOD_106KBPS_JEWEL:
1352	rc = pn533_target_found_jewel(&nfc_tgt, resp->target_data,	1327	rc = pn533_target_found_jewel(&nfc_tgt, tgdata, tgdata_len);
1353	target_data_len);
1354	break;	1328	break;
1355	case PN533_POLL_MOD_847KBPS_B:	1329	case PN533_POLL_MOD_847KBPS_B:
1356	rc = pn533_target_found_type_b(&nfc_tgt, resp->target_data,	1330	rc = pn533_target_found_type_b(&nfc_tgt, tgdata, tgdata_len);
1357	target_data_len);
1358	break;	1331	break;
1359	default:	1332	default:
1360	nfc_dev_err(&dev->interface->dev, "Unknown current poll"	1333	nfc_dev_err(&dev->interface->dev,
1361	" modulation");	1334	"Unknown current poll modulation");
1362	return -EPROTO;	1335	return -EPROTO;
1363	}	1336	}
1364		1337
@@ -1366,13 +1339,14 @@ static int pn533_target_found(struct pn533 *dev,
1366	return rc;	1339	return rc;
1367		1340
1368	if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) {	1341	if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) {
1369	nfc_dev_dbg(&dev->interface->dev, "The target found does not"	1342	nfc_dev_dbg(&dev->interface->dev,
1370	" have the desired protocol");	1343	"The Tg found doesn't have the desired protocol");
1371	return -EAGAIN;	1344	return -EAGAIN;
1372	}	1345	}
1373		1346
1374	nfc_dev_dbg(&dev->interface->dev, "Target found - supported protocols: "	1347	nfc_dev_dbg(&dev->interface->dev,
1375	"0x%x", nfc_tgt.supported_protocols);	1348	"Target found - supported protocols: 0x%x",
		1349	nfc_tgt.supported_protocols);
1376		1350
1377	dev->tgt_available_prots = nfc_tgt.supported_protocols;	1351	dev->tgt_available_prots = nfc_tgt.supported_protocols;
1378		1352
@@ -1424,16 +1398,20 @@ static void pn533_poll_create_mod_list(struct pn533 *dev,
1424	pn533_poll_add_mod(dev, PN533_LISTEN_MOD);	1398	pn533_poll_add_mod(dev, PN533_LISTEN_MOD);
1425	}	1399	}
1426		1400
1427	static int pn533_start_poll_complete(struct pn533 dev, u8 params, int params_len)	1401	static int pn533_start_poll_complete(struct pn533 dev, struct sk_buff resp)
1428	{	1402	{
1429	struct pn533_poll_response *resp;	1403	u8 nbtg, tg, *tgdata;
1430	int rc;	1404	int rc, tgdata_len;
1431		1405
1432	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);	1406	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1433		1407
1434	resp = (struct pn533_poll_response *) params;	1408	nbtg = resp->data[0];
1435	if (resp->nbtg) {	1409	tg = resp->data[1];
1436	rc = pn533_target_found(dev, resp, params_len);	1410	tgdata = &resp->data[2];
		1411	tgdata_len = resp->len - 2; /* nbtg + tg */
		1412
		1413	if (nbtg) {
		1414	rc = pn533_target_found(dev, tg, tgdata, tgdata_len);
1437		1415
1438	/* We must stop the poll after a valid target found */	1416	/* We must stop the poll after a valid target found */
1439	if (rc == 0) {	1417	if (rc == 0) {
@@ -1445,56 +1423,55 @@ static int pn533_start_poll_complete(struct pn533 dev, u8 params, int params_l
1445	return -EAGAIN;	1423	return -EAGAIN;
1446	}	1424	}
1447		1425
1448	static int pn533_init_target_frame(struct pn533_frame *frame,	1426	static struct sk_buff pn533_alloc_poll_tg_frame(u8 gbytes, size_t gbytes_len)
1449	u8 *gb, size_t gb_len)
1450	{	1427	{
1451	struct pn533_cmd_init_target *cmd;	1428	struct sk_buff *skb;
1452	size_t cmd_len;	1429	u8 felica, nfcid3, *gb;
		1430
1453	u8 felica_params[18] = {0x1, 0xfe, /* DEP */	1431	u8 felica_params[18] = {0x1, 0xfe, /* DEP */
1454	0x0, 0x0, 0x0, 0x0, 0x0, 0x0, /* random */	1432	0x0, 0x0, 0x0, 0x0, 0x0, 0x0, /* random */
1455	0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,	1433	0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
1456	0xff, 0xff}; /* System code */	1434	0xff, 0xff}; /* System code */
		1435
1457	u8 mifare_params[6] = {0x1, 0x1, /* SENS_RES */	1436	u8 mifare_params[6] = {0x1, 0x1, /* SENS_RES */
1458	0x0, 0x0, 0x0,	1437	0x0, 0x0, 0x0,
1459	0x40}; /* SEL_RES for DEP */	1438	0x40}; /* SEL_RES for DEP */
1460		1439
1461	cmd_len = sizeof(struct pn533_cmd_init_target) + gb_len + 1;	1440	unsigned int skb_len = 36 + /* mode (1), mifare (6),
1462	cmd = kzalloc(cmd_len, GFP_KERNEL);	1441	felica (18), nfcid3 (10), gb_len (1) */
1463	if (cmd == NULL)	1442	gbytes_len +
1464	return -ENOMEM;	1443	1; /* len Tk*/
1465		1444
1466	pn533_tx_frame_init(frame, PN533_CMD_TG_INIT_AS_TARGET);	1445	skb = pn533_alloc_skb(skb_len);
		1446	if (!skb)
		1447	return NULL;
1467		1448
1468	/* DEP support only */	1449	/* DEP support only */
1469	cmd->mode \|= PN533_INIT_TARGET_DEP;	1450	*skb_put(skb, 1) \|= PN533_INIT_TARGET_DEP;
		1451
		1452	/* MIFARE params */
		1453	memcpy(skb_put(skb, 6), mifare_params, 6);
1470		1454
1471	/* Felica params */	1455	/* Felica params */
1472	memcpy(cmd->felica, felica_params, 18);	1456	felica = skb_put(skb, 18);
1473	get_random_bytes(cmd->felica + 2, 6);	1457	memcpy(felica, felica_params, 18);
		1458	get_random_bytes(felica + 2, 6);
1474		1459
1475	/* NFCID3 */	1460	/* NFCID3 */
1476	memset(cmd->nfcid3, 0, 10);	1461	nfcid3 = skb_put(skb, 10);
1477	memcpy(cmd->nfcid3, cmd->felica, 8);	1462	memset(nfcid3, 0, 10);
1478		1463	memcpy(nfcid3, felica, 8);
1479	/* MIFARE params */
1480	memcpy(cmd->mifare, mifare_params, 6);
1481		1464
1482	/* General bytes */	1465	/* General bytes */
1483	cmd->gb_len = gb_len;	1466	*skb_put(skb, 1) = gbytes_len;
1484	memcpy(cmd->gb, gb, gb_len);
1485
1486	/* Len Tk */
1487	cmd->gb[gb_len] = 0;
1488
1489	memcpy(PN533_FRAME_CMD_PARAMS_PTR(frame), cmd, cmd_len);
1490		1467
1491	frame->datalen += cmd_len;	1468	gb = skb_put(skb, gbytes_len);
		1469	memcpy(gb, gbytes, gbytes_len);
1492		1470
1493	pn533_tx_frame_finish(frame);	1471	/* Len Tk */
1494		1472	*skb_put(skb, 1) = 0;
1495	kfree(cmd);
1496		1473
1497	return 0;	1474	return skb;
1498	}	1475	}
1499		1476
1500	#define PN533_CMD_DATAEXCH_HEAD_LEN 1	1477	#define PN533_CMD_DATAEXCH_HEAD_LEN 1
@@ -1545,41 +1522,32 @@ static void pn533_wq_tg_get_data(struct work_struct *work)
1545	}	1522	}
1546		1523
1547	#define ATR_REQ_GB_OFFSET 17	1524	#define ATR_REQ_GB_OFFSET 17
1548	static int pn533_init_target_complete(struct pn533 dev, u8 params, int params_len)	1525	static int pn533_init_target_complete(struct pn533 dev, struct sk_buff resp)
1549	{	1526	{
1550	struct pn533_cmd_init_target_response *resp;	1527	u8 mode, cmd, comm_mode = NFC_COMM_PASSIVE, gb;
1551	u8 frame, comm_mode = NFC_COMM_PASSIVE, *gb;
1552	size_t gb_len;	1528	size_t gb_len;
1553	int rc;	1529	int rc;
1554		1530
1555	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);	1531	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1556		1532
1557	if (params_len < 0) {	1533	if (resp->len < ATR_REQ_GB_OFFSET + 1)
1558	nfc_dev_err(&dev->interface->dev,
1559	"Error %d when starting as a target",
1560	params_len);
1561
1562	return params_len;
1563	}
1564
1565	if (params_len < ATR_REQ_GB_OFFSET + 1)
1566	return -EINVAL;	1534	return -EINVAL;
1567		1535
1568	resp = (struct pn533_cmd_init_target_response *) params;	1536	mode = resp->data[0];
		1537	cmd = &resp->data[1];
1569		1538
1570	nfc_dev_dbg(&dev->interface->dev, "Target mode 0x%x param len %d\n",	1539	nfc_dev_dbg(&dev->interface->dev, "Target mode 0x%x len %d\n",
1571	resp->mode, params_len);	1540	mode, resp->len);
1572		1541
1573	frame = resp->mode & PN533_INIT_TARGET_RESP_FRAME_MASK;	1542	if ((mode & PN533_INIT_TARGET_RESP_FRAME_MASK) ==
1574	if (frame == PN533_INIT_TARGET_RESP_ACTIVE)	1543	PN533_INIT_TARGET_RESP_ACTIVE)
1575	comm_mode = NFC_COMM_ACTIVE;	1544	comm_mode = NFC_COMM_ACTIVE;
1576		1545
1577	/* Again, only DEP */	1546	if ((mode & PN533_INIT_TARGET_RESP_DEP) == 0) /* Only DEP supported */
1578	if ((resp->mode & PN533_INIT_TARGET_RESP_DEP) == 0)
1579	return -EOPNOTSUPP;	1547	return -EOPNOTSUPP;
1580		1548
1581	gb = resp->cmd + ATR_REQ_GB_OFFSET;	1549	gb = cmd + ATR_REQ_GB_OFFSET;
1582	gb_len = params_len - (ATR_REQ_GB_OFFSET + 1);	1550	gb_len = resp->len - (ATR_REQ_GB_OFFSET + 1);
1583		1551
1584	rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,	1552	rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
1585	comm_mode, gb, gb_len);	1553	comm_mode, gb, gb_len);
@@ -1590,7 +1558,6 @@ static int pn533_init_target_complete(struct pn533 dev, u8 params, int params_
1590	}	1558	}
1591		1559
1592	dev->tgt_mode = 1;	1560	dev->tgt_mode = 1;
1593
1594	queue_work(dev->wq, &dev->tg_work);	1561	queue_work(dev->wq, &dev->tg_work);
1595		1562
1596	return 0;	1563	return 0;
@@ -1613,89 +1580,104 @@ static void pn533_listen_mode_timer(unsigned long data)
1613	}	1580	}
1614		1581
1615	static int pn533_poll_complete(struct pn533 dev, void arg,	1582	static int pn533_poll_complete(struct pn533 dev, void arg,
1616	u8 *params, int params_len)	1583	struct sk_buff *resp)
1617	{	1584	{
1618	struct pn533_poll_modulations *cur_mod;	1585	struct pn533_poll_modulations *cur_mod;
1619	int rc;	1586	int rc;
1620		1587
1621	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);	1588	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1622		1589
1623	if (params_len == -ENOENT) {	1590	if (IS_ERR(resp)) {
1624	if (dev->poll_mod_count != 0)	1591	rc = PTR_ERR(resp);
1625	return 0;
1626
1627	nfc_dev_err(&dev->interface->dev,
1628	"Polling operation has been stopped");
1629		1592
1630	goto stop_poll;	1593	nfc_dev_err(&dev->interface->dev, "%s Poll complete error %d",
1631	}	1594	__func__, rc);
1632		1595
1633	if (params_len < 0) {	1596	if (rc == -ENOENT) {
1634	nfc_dev_err(&dev->interface->dev,	1597	if (dev->poll_mod_count != 0)
1635	"Error %d when running poll", params_len);	1598	return rc;
1636		1599	else
1637	goto stop_poll;	1600	goto stop_poll;
		1601	} else if (rc < 0) {
		1602	nfc_dev_err(&dev->interface->dev,
		1603	"Error %d when running poll", rc);
		1604	goto stop_poll;
		1605	}
1638	}	1606	}
1639		1607
1640	cur_mod = dev->poll_mod_active[dev->poll_mod_curr];	1608	cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1641		1609
1642	if (cur_mod->len == 0) {	1610	if (cur_mod->len == 0) { /* Target mode */
1643	del_timer(&dev->listen_timer);	1611	del_timer(&dev->listen_timer);
1644		1612	rc = pn533_init_target_complete(dev, resp);
1645	return pn533_init_target_complete(dev, params, params_len);	1613	goto done;
1646	} else {
1647	rc = pn533_start_poll_complete(dev, params, params_len);
1648	if (!rc)
1649	return rc;
1650	}	1614	}
1651		1615
1652	pn533_poll_next_mod(dev);	1616	/* Initiator mode */
		1617	rc = pn533_start_poll_complete(dev, resp);
		1618	if (!rc)
		1619	goto done;
1653		1620
		1621	pn533_poll_next_mod(dev);
1654	queue_work(dev->wq, &dev->poll_work);	1622	queue_work(dev->wq, &dev->poll_work);
1655		1623
1656	return 0;	1624	done:
		1625	dev_kfree_skb(resp);
		1626	return rc;
1657		1627
1658	stop_poll:	1628	stop_poll:
		1629	nfc_dev_err(&dev->interface->dev, "Polling operation has been stopped");
		1630
1659	pn533_poll_reset_mod_list(dev);	1631	pn533_poll_reset_mod_list(dev);
1660	dev->poll_protocols = 0;	1632	dev->poll_protocols = 0;
1661	return 0;	1633	return rc;
1662	}	1634	}
1663		1635
1664	static void pn533_build_poll_frame(struct pn533 *dev,	1636	static struct sk_buff *pn533_alloc_poll_in_frame(struct pn533_poll_modulations
1665	struct pn533_frame *frame,	1637	*mod)
1666	struct pn533_poll_modulations *mod)
1667	{	1638	{
1668	nfc_dev_dbg(&dev->interface->dev, "mod len %d\n", mod->len);	1639	struct sk_buff *skb;
1669		1640
1670	if (mod->len == 0) {	1641	skb = pn533_alloc_skb(mod->len);
1671	/* Listen mode */	1642	if (!skb)
1672	pn533_init_target_frame(frame, dev->gb, dev->gb_len);	1643	return NULL;
1673	} else {
1674	/* Polling mode */
1675	pn533_tx_frame_init(frame, PN533_CMD_IN_LIST_PASSIVE_TARGET);
1676		1644
1677	memcpy(PN533_FRAME_CMD_PARAMS_PTR(frame), &mod->data, mod->len);	1645	memcpy(skb_put(skb, mod->len), &mod->data, mod->len);
1678	frame->datalen += mod->len;
1679		1646
1680	pn533_tx_frame_finish(frame);	1647	return skb;
1681	}
1682	}	1648	}
1683		1649
1684	static int pn533_send_poll_frame(struct pn533 *dev)	1650	static int pn533_send_poll_frame(struct pn533 *dev)
1685	{	1651	{
1686	struct pn533_poll_modulations *cur_mod;	1652	struct pn533_poll_modulations *mod;
		1653	struct sk_buff *skb;
1687	int rc;	1654	int rc;
		1655	u8 cmd_code;
1688		1656
1689	cur_mod = dev->poll_mod_active[dev->poll_mod_curr];	1657	mod = dev->poll_mod_active[dev->poll_mod_curr];
1690		1658
1691	pn533_build_poll_frame(dev, dev->out_frame, cur_mod);	1659	nfc_dev_dbg(&dev->interface->dev, "%s mod len %d\n",
		1660	__func__, mod->len);
1692		1661
1693	rc = pn533_send_cmd_frame_async(dev, dev->out_frame, dev->in_frame,	1662	if (mod->len == 0) { /* Listen mode */
1694	PN533_NORMAL_FRAME_MAX_LEN,	1663	cmd_code = PN533_CMD_TG_INIT_AS_TARGET;
1695	pn533_poll_complete,	1664	skb = pn533_alloc_poll_tg_frame(dev->gb, dev->gb_len);
1696	NULL);	1665	} else { /* Polling mode */
1697	if (rc)	1666	cmd_code = PN533_CMD_IN_LIST_PASSIVE_TARGET;
		1667	skb = pn533_alloc_poll_in_frame(mod);
		1668	}
		1669
		1670	if (!skb) {
		1671	nfc_dev_err(&dev->interface->dev, "Failed to allocate skb.");
		1672	return -ENOMEM;
		1673	}
		1674
		1675	rc = pn533_send_cmd_async(dev, cmd_code, skb, pn533_poll_complete,
		1676	NULL);
		1677	if (rc < 0) {
		1678	dev_kfree_skb(skb);
1698	nfc_dev_err(&dev->interface->dev, "Polling loop error %d", rc);	1679	nfc_dev_err(&dev->interface->dev, "Polling loop error %d", rc);
		1680	}
1699		1681
1700	return rc;	1682	return rc;
1701	}	1683	}