in pn533/pn533.c [1956:2036]
static int pn533_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
u8 comm_mode, u8 *gb, size_t gb_len)
{
struct pn533 *dev = nfc_get_drvdata(nfc_dev);
struct sk_buff *skb;
int rc, skb_len;
u8 *next, *arg, nfcid3[NFC_NFCID3_MAXSIZE];
u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
if (dev->poll_mod_count) {
nfc_err(dev->dev,
"Cannot bring the DEP link up while polling\n");
return -EBUSY;
}
if (dev->tgt_active_prot) {
nfc_err(dev->dev,
"There is already an active target\n");
return -EBUSY;
}
skb_len = 3 + gb_len; /* ActPass + BR + Next */
skb_len += PASSIVE_DATA_LEN;
/* NFCID3 */
skb_len += NFC_NFCID3_MAXSIZE;
if (target && !target->nfcid2_len) {
nfcid3[0] = 0x1;
nfcid3[1] = 0xfe;
get_random_bytes(nfcid3 + 2, 6);
}
skb = pn533_alloc_skb(dev, skb_len);
if (!skb)
return -ENOMEM;
skb_put_u8(skb, !comm_mode); /* ActPass */
skb_put_u8(skb, 0x02); /* 424 kbps */
next = skb_put(skb, 1); /* Next */
*next = 0;
/* Copy passive data */
skb_put_data(skb, passive_data, PASSIVE_DATA_LEN);
*next |= 1;
/* Copy NFCID3 (which is NFCID2 from SENSF_RES) */
if (target && target->nfcid2_len)
memcpy(skb_put(skb, NFC_NFCID3_MAXSIZE), target->nfcid2,
target->nfcid2_len);
else
skb_put_data(skb, nfcid3, NFC_NFCID3_MAXSIZE);
*next |= 2;
if (gb != NULL && gb_len > 0) {
skb_put_data(skb, gb, gb_len);
*next |= 4; /* We have some Gi */
} else {
*next = 0;
}
arg = kmalloc(sizeof(*arg), GFP_KERNEL);
if (!arg) {
dev_kfree_skb(skb);
return -ENOMEM;
}
*arg = !comm_mode;
pn533_rf_field(dev->nfc_dev, 0);
rc = pn533_send_cmd_async(dev, PN533_CMD_IN_JUMP_FOR_DEP, skb,
pn533_in_dep_link_up_complete, arg);
if (rc < 0) {
dev_kfree_skb(skb);
kfree(arg);
}
return rc;
}