Openwrt-EcoNet/kernel-49
1
0
Fork 0
Code Activity
Files
kernel-49/net/nfc/digital_dep.c
Greg Kroah-Hartman b2edd4e6c6 Merge 4.9.269 into android-4.9-q 
Changes in 4.9.269
	net: usb: ax88179_178a: initialize local variables before use
	iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_enqueue_hcmd()
	ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX
	USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet
	USB: Add reset-resume quirk for WD19's Realtek Hub
	platform/x86: thinkpad_acpi: Correct thermal sensor allocation
	s390/disassembler: increase ebpf disasm buffer size
	ACPI: custom_method: fix potential use-after-free issue
	ACPI: custom_method: fix a possible memory leak
	arm64: dts: mt8173: fix property typo of 'phys' in dsi node
	ecryptfs: fix kernel panic with null dev_name
	mmc: core: Do a power cycle when the CMD11 fails
	mmc: core: Set read only for SD cards with permanent write protect bit
	btrfs: fix metadata extent leak after failure to create subvolume
	fbdev: zero-fill colormap in fbcmap.c
	staging: wimax/i2400m: fix byte-order issue
	usb: gadget: uvc: add bInterval checking for HS mode
	usb: dwc3: gadget: Ignore EP queue requests during bus reset
	usb: xhci: Fix port minor revision
	PCI: PM: Do not read power state in pci_enable_device_flags()
	x86/build: Propagate $(CLANG_FLAGS) to $(REALMODE_FLAGS)
	spi: dln2: Fix reference leak to master
	spi: omap-100k: Fix reference leak to master
	intel_th: Consistency and off-by-one fix
	phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove()
	btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s
	scsi: target: pscsi: Fix warning in pscsi_complete_cmd()
	media: ite-cir: check for receive overflow
	extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged
	media: media/saa7164: fix saa7164_encoder_register() memory leak bugs
	media: gspca/sq905.c: fix uninitialized variable
	power: supply: Use IRQF_ONESHOT
	scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats()
	scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg()
	media: em28xx: fix memory leak
	clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return
	power: supply: generic-adc-battery: fix possible use-after-free in gab_remove()
	power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove()
	media: adv7604: fix possible use-after-free in adv76xx_remove()
	media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove()
	media: i2c: adv7842: fix possible use-after-free in adv7842_remove()
	media: dvb-usb: fix memory leak in dvb_usb_adapter_init
	media: gscpa/stv06xx: fix memory leak
	drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal
	drm/amdgpu: fix NULL pointer dereference
	scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response
	scsi: libfc: Fix a format specifier
	ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer
	ALSA: sb: Fix two use after free in snd_sb_qsound_build
	arm64/vdso: Discard .note.gnu.property sections in vDSO
	openvswitch: fix stack OOB read while fragmenting IPv4 packets
	NFSv4: Don't discard segments marked for return in _pnfs_return_layout()
	jffs2: Fix kasan slab-out-of-bounds problem
	powerpc/eeh: Fix EEH handling for hugepages in ioremap space.
	powerpc: fix EDEADLOCK redefinition error in uapi/asm/errno.h
	jffs2: check the validity of dstlen in jffs2_zlib_compress()
	Revert 337f13046ff0 ("futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT op")
	ftrace: Handle commands when closing set_ftrace_filter file
	ext4: fix check to prevent false positive report of incorrect used inodes
	ext4: fix error code in ext4_commit_super
	media: dvbdev: Fix memory leak in dvb_media_device_free()
	usb: gadget: dummy_hcd: fix gpf in gadget_setup
	usb: gadget: Fix double free of device descriptor pointers
	usb: gadget/function/f_fs string table fix for multiple languages
	dm persistent data: packed struct should have an aligned() attribute too
	dm space map common: fix division bug in sm_ll_find_free_block()
	dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails
	Bluetooth: verify AMP hci_chan before amp_destroy
	hsr: use netdev_err() instead of WARN_ONCE()
	bluetooth: eliminate the potential race condition when removing the HCI controller
	net/nfc: fix use-after-free llcp_sock_bind/connect
	FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR
	misc: lis3lv02d: Fix false-positive WARN on various HP models
	misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct
	misc: vmw_vmci: explicitly initialize vmci_datagram payload
	tracing: Treat recording comm for idle task as a success
	tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()
	tracing: Map all PIDs to command lines
	tracing: Restructure trace_clock_global() to never block
	md-cluster: fix use-after-free issue when removing rdev
	md: factor out a mddev_find_locked helper from mddev_find
	md: md_open returns -EBUSY when entering racing area
	ipw2x00: potential buffer overflow in libipw_wx_set_encodeext()
	cfg80211: scan: drop entry from hidden_list on overflow
	drm/radeon: fix copy of uninitialized variable back to userspace
	ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries
	ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries
	ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries
	ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries
	ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices
	usb: gadget: pch_udc: Revert d3cb25a12138 completely
	memory: gpmc: fix out of bounds read and dereference on gpmc_cs[]
	ARM: dts: exynos: correct PMIC interrupt trigger level on SMDK5250
	ARM: dts: exynos: correct PMIC interrupt trigger level on Snow
	serial: stm32: fix incorrect characters on console
	usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits()
	usb: gadget: pch_udc: Check if driver is present before calling ->setup()
	usb: gadget: pch_udc: Check for DMA mapping error
	crypto: qat - don't release uninitialized resources
	crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init
	fotg210-udc: Fix DMA on EP0 for length > max packet size
	fotg210-udc: Fix EP0 IN requests bigger than two packets
	fotg210-udc: Remove a dubious condition leading to fotg210_done
	fotg210-udc: Mask GRP2 interrupts we don't handle
	fotg210-udc: Don't DMA more than the buffer can take
	fotg210-udc: Complete OUT requests on short packets
	mtd: require write permissions for locking and badblock ioctls
	bus: qcom: Put child node before return
	crypto: qat - fix error path in adf_isr_resource_alloc()
	mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init
	staging: rtl8192u: Fix potential infinite loop
	staging: greybus: uart: fix unprivileged TIOCCSERIAL
	crypto: qat - Fix a double free in adf_create_ring
	usb: gadget: r8a66597: Add missing null check on return from platform_get_resource
	USB: cdc-acm: fix unprivileged TIOCCSERIAL
	tty: actually undefine superseded ASYNC flags
	tty: fix return value for unsupported ioctls
	firmware: qcom-scm: Fix QCOM_SCM configuration
	x86/platform/uv: Fix !KEXEC build failure
	Drivers: hv: vmbus: Increase wait time for VMbus unload
	ttyprintk: Add TTY hangup callback.
	media: vivid: fix assignment of dev->fbuf_out_flags
	media: omap4iss: return error code when omap4iss_get() failed
	media: m88rs6000t: avoid potential out-of-bounds reads on arrays
	pata_arasan_cf: fix IRQ check
	pata_ipx4xx_cf: fix IRQ check
	sata_mv: add IRQ checks
	ata: libahci_platform: fix IRQ check
	scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration
	media: dvb-usb-remote: fix dvb_usb_nec_rc_key_to_event type mismatch
	clk: uniphier: Fix potential infinite loop
	scsi: jazz_esp: Add IRQ check
	scsi: sun3x_esp: Add IRQ check
	scsi: sni_53c710: Add IRQ check
	HSI: core: fix resource leaks in hsi_add_client_from_dt()
	x86/events/amd/iommu: Fix sysfs type mismatch
	HID: plantronics: Workaround for double volume key presses
	perf symbols: Fix dso__fprintf_symbols_by_name() to return the number of printed chars
	net: lapbether: Prevent racing when checking whether the netif is running
	powerpc/prom: Mark identical_pvr_fixup as __init
	ALSA: core: remove redundant spin_lock pair in snd_card_disconnect
	nfc: pn533: prevent potential memory corruption
	ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls
	liquidio: Fix unintented sign extension of a left shift of a u16
	powerpc/perf: Fix PMU constraint check for EBB events
	powerpc: iommu: fix build when neither PCI or IBMVIO is set
	mac80211: bail out if cipher schemes are invalid
	mt7601u: fix always true expression
	net: thunderx: Fix unintentional sign extension issue
	i2c: cadence: add IRQ check
	i2c: emev2: add IRQ check
	i2c: jz4780: add IRQ check
	i2c: sh7760: add IRQ check
	MIPS: pci-legacy: stop using of_pci_range_to_resource
	powerpc/pseries: extract host bridge from pci_bus prior to bus removal
	i2c: sh7760: fix IRQ error path
	mwl8k: Fix a double Free in mwl8k_probe_hw
	vsock/vmci: log once the failed queue pair allocation
	RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails
	net: davinci_emac: Fix incorrect masking of tx and rx error channel
	ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices
	powerpc/52xx: Fix an invalid ASM expression ('addi' used instead of 'add')
	net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
	net:nfc:digital: Fix a double free in digital_tg_recv_dep_req
	kfifo: fix ternary sign extension bugs
	Revert "net/sctp: fix race condition in sctp_destroy_sock"
	sctp: delay auto_asconf init until binding the first addr
	Revert "of/fdt: Make sure no-map does not remove already reserved regions"
	Revert "fdt: Properly handle "no-map" field in the memory region"
	fs: dlm: fix debugfs dump
	tipc: convert dest node's address to network order
	net: stmmac: Set FIFO sizes for ipq806x
	ALSA: hdsp: don't disable if not enabled
	ALSA: hdspm: don't disable if not enabled
	ALSA: rme9652: don't disable if not enabled
	Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default
	Bluetooth: initialize skb_queue_head at l2cap_chan_create()
	ip6_vti: proper dev_{hold|put} in ndo_[un]init methods
	mac80211: clear the beacon's CRC after channel switch
	cuse: prevent clone
	selftests: Set CC to clang in lib.mk if LLVM is set
	kconfig: nconf: stop endless search loops
	sctp: Fix out-of-bounds warning in sctp_process_asconf_param()
	ASoC: rt286: Generalize support for ALC3263 codec
	samples/bpf: Fix broken tracex1 due to kprobe argument change
	powerpc/pseries: Stop calling printk in rtas_stop_self()
	wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt
	wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join
	powerpc/iommu: Annotate nested lock for lockdep
	net: ethernet: mtk_eth_soc: fix RX VLAN offload
	ASoC: rt286: Make RT286_SET_GPIO_* readable and writable
	f2fs: fix a redundant call to f2fs_balance_fs if an error occurs
	PCI: Release OF node in pci_scan_device()'s error path
	ARM: 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook
	NFSv4.2: Always flush out writes in nfs42_proc_fallocate()
	NFS: Deal correctly with attribute generation counter overflow
	pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()
	NFSv4.2 fix handling of sr_eof in SEEK's reply
	sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b
	drm/radeon: Fix off-by-one power_state index heap overwrite
	khugepaged: fix wrong result value for trace_mm_collapse_huge_page_isolate()
	mm/hugeltb: handle the error case in hugetlb_fix_reserve_counts()
	ksm: fix potential missing rmap_item for stable_node
	kernel: kexec_file: fix error return code of kexec_calculate_store_digests()
	ARC: entry: fix off-by-one error in syscall number validation
	powerpc/64s: Fix crashes when toggling entry flush barrier
	squashfs: fix divide error in calculate_skip()
	iio: proximity: pulsedlight: Fix rumtime PM imbalance on error
	usb: fotg210-hcd: Fix an error message
	ACPI: scan: Fix a memory leak in an error handling path
	usb: xhci: Increase timeout for HC halt
	usb: dwc2: Fix gadget DMA unmap direction
	usb: core: hub: fix race condition about TRSMRCY of resume
	KVM: x86: Cancel pvclock_gtod_work on module removal
	FDDI: defxx: Make MMIO the configuration default except for EISA
	MIPS: Reinstate platform `__div64_32' handler
	MIPS: Avoid DIVU in `__div64_32' is result would be zero
	MIPS: Avoid handcoded DIVU in `__div64_32' altogether
	thermal/core/fair share: Lock the thermal zone while looping over instances
	dm ioctl: fix out of bounds array access when no devices
	kobject_uevent: remove warning in init_uevent_argv()
	netfilter: conntrack: Make global sysctls readonly in non-init netns
	clk: exynos7: Mark aclk_fsys1_200 as critical
	x86/msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes
	extcon: adc-jack: Fix incompatible pointer type warning
	kgdb: fix gcc-11 warning on indentation
	usb: sl811-hcd: improve misleading indentation
	cxgb4: Fix the -Wmisleading-indentation warning
	isdn: capi: fix mismatched prototypes
	ACPI / hotplug / PCI: Fix reference count leak in enable_slot()
	Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state
	um: Mark all kernel symbols as local
	ceph: fix fscache invalidation
	ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP
	lib: stackdepot: turn depot_lock spinlock to raw_spinlock
	sit: proper dev_{hold|put} in ndo_[un]init methods
	ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods
	xhci: Do not use GFP_KERNEL in (potentially) atomic context
	ipv6: remove extra dev_hold() for fallback tunnels
	Linux 4.9.269

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ib994aef2c6746afa8dcbb237d8c0645ba2c6f7e1
2021-05-26 21:04:22 +03:00

1651 lines
35 KiB
C
Raw Permalink Blame History

/*
* NFC Digital Protocol stack
* Copyright (c) 2013, Intel Corporation.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
*/
#define pr_fmt(fmt) "digital: %s: " fmt, __func__
#include "digital.h"
#define DIGITAL_NFC_DEP_N_RETRY_NACK 2
#define DIGITAL_NFC_DEP_N_RETRY_ATN 2
#define DIGITAL_NFC_DEP_FRAME_DIR_OUT 0xD4
#define DIGITAL_NFC_DEP_FRAME_DIR_IN 0xD5
#define DIGITAL_NFC_DEP_NFCA_SOD_SB 0xF0
#define DIGITAL_CMD_ATR_REQ 0x00
#define DIGITAL_CMD_ATR_RES 0x01
#define DIGITAL_CMD_PSL_REQ 0x04
#define DIGITAL_CMD_PSL_RES 0x05
#define DIGITAL_CMD_DEP_REQ 0x06
#define DIGITAL_CMD_DEP_RES 0x07
#define DIGITAL_ATR_REQ_MIN_SIZE 16
#define DIGITAL_ATR_REQ_MAX_SIZE 64
#define DIGITAL_ATR_RES_TO_WT(s) ((s) & 0xF)
#define DIGITAL_DID_MAX 14
#define DIGITAL_PAYLOAD_SIZE_MAX 254
#define DIGITAL_PAYLOAD_BITS_TO_PP(s) (((s) & 0x3) << 4)
#define DIGITAL_PAYLOAD_PP_TO_BITS(s) (((s) >> 4) & 0x3)
#define DIGITAL_PAYLOAD_BITS_TO_FSL(s) ((s) & 0x3)
#define DIGITAL_PAYLOAD_FSL_TO_BITS(s) ((s) & 0x3)
#define DIGITAL_GB_BIT 0x02
#define DIGITAL_NFC_DEP_REQ_RES_HEADROOM 2 /* SoD: [SB (NFC-A)] + LEN */
#define DIGITAL_NFC_DEP_REQ_RES_TAILROOM 2 /* EoD: 2-byte CRC */
#define DIGITAL_NFC_DEP_PFB_TYPE(pfb) ((pfb) & 0xE0)
#define DIGITAL_NFC_DEP_PFB_TIMEOUT_BIT 0x10
#define DIGITAL_NFC_DEP_PFB_MI_BIT 0x10
#define DIGITAL_NFC_DEP_PFB_NACK_BIT 0x10
#define DIGITAL_NFC_DEP_PFB_DID_BIT 0x04
#define DIGITAL_NFC_DEP_PFB_IS_TIMEOUT(pfb) \
((pfb) & DIGITAL_NFC_DEP_PFB_TIMEOUT_BIT)
#define DIGITAL_NFC_DEP_MI_BIT_SET(pfb) ((pfb) & DIGITAL_NFC_DEP_PFB_MI_BIT)
#define DIGITAL_NFC_DEP_NACK_BIT_SET(pfb) ((pfb) & DIGITAL_NFC_DEP_PFB_NACK_BIT)
#define DIGITAL_NFC_DEP_NAD_BIT_SET(pfb) ((pfb) & 0x08)
#define DIGITAL_NFC_DEP_DID_BIT_SET(pfb) ((pfb) & DIGITAL_NFC_DEP_PFB_DID_BIT)
#define DIGITAL_NFC_DEP_PFB_PNI(pfb) ((pfb) & 0x03)
#define DIGITAL_NFC_DEP_RTOX_VALUE(data) ((data) & 0x3F)
#define DIGITAL_NFC_DEP_RTOX_MAX 59
#define DIGITAL_NFC_DEP_PFB_I_PDU 0x00
#define DIGITAL_NFC_DEP_PFB_ACK_NACK_PDU 0x40
#define DIGITAL_NFC_DEP_PFB_SUPERVISOR_PDU 0x80
struct digital_atr_req {
u8 dir;
u8 cmd;
u8 nfcid3[10];
u8 did;
u8 bs;
u8 br;
u8 pp;
u8 gb[0];
} __packed;
struct digital_atr_res {
u8 dir;
u8 cmd;
u8 nfcid3[10];
u8 did;
u8 bs;
u8 br;
u8 to;
u8 pp;
u8 gb[0];
} __packed;
struct digital_psl_req {
u8 dir;
u8 cmd;
u8 did;
u8 brs;
u8 fsl;
} __packed;
struct digital_psl_res {
u8 dir;
u8 cmd;
u8 did;
} __packed;
struct digital_dep_req_res {
u8 dir;
u8 cmd;
u8 pfb;
} __packed;
static void digital_in_recv_dep_res(struct nfc_digital_dev *ddev, void *arg,
struct sk_buff *resp);
static void digital_tg_recv_dep_req(struct nfc_digital_dev *ddev, void *arg,
struct sk_buff *resp);
static const u8 digital_payload_bits_map[4] = {
[0] = 64,
[1] = 128,
[2] = 192,
[3] = 254
};
/* Response Waiting Time for ATR_RES PDU in ms
*
* RWT(ATR_RES) = RWT(nfcdep,activation) + dRWT(nfcdep) + dT(nfcdep,initiator)
*
* with:
* RWT(nfcdep,activation) = 4096 * 2^12 / f(c) s
* dRWT(nfcdep) = 16 / f(c) s
* dT(nfcdep,initiator) = 100 ms
* f(c) = 13560000 Hz
*/
#define DIGITAL_ATR_RES_RWT 1337
/* Response Waiting Time for other DEP PDUs in ms
*
* max_rwt = rwt + dRWT(nfcdep) + dT(nfcdep,initiator)
*
* with:
* rwt = (256 * 16 / f(c)) * 2^wt s
* dRWT(nfcdep) = 16 / f(c) s
* dT(nfcdep,initiator) = 100 ms
* f(c) = 13560000 Hz
* 0 <= wt <= 14 (given by the target by the TO field of ATR_RES response)
*/
#define DIGITAL_NFC_DEP_IN_MAX_WT 14
#define DIGITAL_NFC_DEP_TG_MAX_WT 8
static const u16 digital_rwt_map[DIGITAL_NFC_DEP_IN_MAX_WT + 1] = {
100, 101, 101, 102, 105,
110, 119, 139, 177, 255,
409, 719, 1337, 2575, 5049,
};
static u8 digital_payload_bits_to_size(u8 payload_bits)
{
if (payload_bits >= ARRAY_SIZE(digital_payload_bits_map))
return 0;
return digital_payload_bits_map[payload_bits];
}
static u8 digital_payload_size_to_bits(u8 payload_size)
{
int i;
for (i = 0; i < ARRAY_SIZE(digital_payload_bits_map); i++)
if (digital_payload_bits_map[i] == payload_size)
return i;
return 0xff;
}
static void digital_skb_push_dep_sod(struct nfc_digital_dev *ddev,
struct sk_buff *skb)
{
skb_push(skb, sizeof(u8));
skb->data[0] = skb->len;
if (ddev->curr_rf_tech == NFC_DIGITAL_RF_TECH_106A)
*skb_push(skb, sizeof(u8)) = DIGITAL_NFC_DEP_NFCA_SOD_SB;
}
static int digital_skb_pull_dep_sod(struct nfc_digital_dev *ddev,
struct sk_buff *skb)
{
u8 size;
if (skb->len < 2)
return -EIO;
if (ddev->curr_rf_tech == NFC_DIGITAL_RF_TECH_106A)
skb_pull(skb, sizeof(u8));
size = skb->data[0];
if (size != skb->len)
return -EIO;
skb_pull(skb, sizeof(u8));
return 0;
}
static struct sk_buff *
digital_send_dep_data_prep(struct nfc_digital_dev *ddev, struct sk_buff *skb,
struct digital_dep_req_res *dep_req_res,
struct digital_data_exch *data_exch)
{
struct sk_buff *new_skb;
if (skb->len > ddev->remote_payload_max) {
dep_req_res->pfb |= DIGITAL_NFC_DEP_PFB_MI_BIT;
new_skb = digital_skb_alloc(ddev, ddev->remote_payload_max);
if (!new_skb) {
kfree_skb(ddev->chaining_skb);
ddev->chaining_skb = NULL;
return ERR_PTR(-ENOMEM);
}
memcpy(skb_put(new_skb, ddev->remote_payload_max), skb->data,
ddev->remote_payload_max);
skb_pull(skb, ddev->remote_payload_max);
ddev->chaining_skb = skb;
ddev->data_exch = data_exch;
} else {
ddev->chaining_skb = NULL;
new_skb = skb;
}
return new_skb;
}
static struct sk_buff *
digital_recv_dep_data_gather(struct nfc_digital_dev *ddev, u8 pfb,
struct sk_buff *resp,
int (*send_ack)(struct nfc_digital_dev *ddev,
struct digital_data_exch
*data_exch),
struct digital_data_exch *data_exch)
{
struct sk_buff *new_skb;
int rc;
if (DIGITAL_NFC_DEP_MI_BIT_SET(pfb) && (!ddev->chaining_skb)) {
ddev->chaining_skb =
nfc_alloc_recv_skb(8 * ddev->local_payload_max,
GFP_KERNEL);
if (!ddev->chaining_skb) {
rc = -ENOMEM;
goto error;
}
}
if (ddev->chaining_skb) {
if (resp->len > skb_tailroom(ddev->chaining_skb)) {
new_skb = skb_copy_expand(ddev->chaining_skb,
skb_headroom(
ddev->chaining_skb),
8 * ddev->local_payload_max,
GFP_KERNEL);
if (!new_skb) {
rc = -ENOMEM;
goto error;
}
kfree_skb(ddev->chaining_skb);
ddev->chaining_skb = new_skb;
}
memcpy(skb_put(ddev->chaining_skb, resp->len), resp->data,
resp->len);
kfree_skb(resp);
resp = NULL;
if (DIGITAL_NFC_DEP_MI_BIT_SET(pfb)) {
rc = send_ack(ddev, data_exch);
if (rc)
goto error;
return NULL;
}
resp = ddev->chaining_skb;
ddev->chaining_skb = NULL;
}
return resp;
error:
kfree_skb(resp);
kfree_skb(ddev->chaining_skb);
ddev->chaining_skb = NULL;
return ERR_PTR(rc);
}
static void digital_in_recv_psl_res(struct nfc_digital_dev *ddev, void *arg,
struct sk_buff *resp)
{
struct nfc_target *target = arg;
struct digital_psl_res *psl_res;
int rc;
if (IS_ERR(resp)) {
rc = PTR_ERR(resp);
resp = NULL;
goto exit;
}
rc = ddev->skb_check_crc(resp);
if (rc) {
PROTOCOL_ERR("14.4.1.6");
goto exit;
}
rc = digital_skb_pull_dep_sod(ddev, resp);
if (rc) {
PROTOCOL_ERR("14.4.1.2");
goto exit;
}
psl_res = (struct digital_psl_res *)resp->data;
if ((resp->len != sizeof(*psl_res)) ||
(psl_res->dir != DIGITAL_NFC_DEP_FRAME_DIR_IN) ||
(psl_res->cmd != DIGITAL_CMD_PSL_RES)) {
rc = -EIO;
goto exit;
}
rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
NFC_DIGITAL_RF_TECH_424F);
if (rc)
goto exit;
rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
NFC_DIGITAL_FRAMING_NFCF_NFC_DEP);
if (rc)
goto exit;
if (!DIGITAL_DRV_CAPS_IN_CRC(ddev) &&
(ddev->curr_rf_tech == NFC_DIGITAL_RF_TECH_106A)) {
ddev->skb_add_crc = digital_skb_add_crc_f;
ddev->skb_check_crc = digital_skb_check_crc_f;
}
ddev->curr_rf_tech = NFC_DIGITAL_RF_TECH_424F;
nfc_dep_link_is_up(ddev->nfc_dev, target->idx, NFC_COMM_ACTIVE,
NFC_RF_INITIATOR);
ddev->curr_nfc_dep_pni = 0;
exit:
dev_kfree_skb(resp);
if (rc)
ddev->curr_protocol = 0;
}
static int digital_in_send_psl_req(struct nfc_digital_dev *ddev,
struct nfc_target *target)
{
struct sk_buff *skb;
struct digital_psl_req *psl_req;
int rc;
u8 payload_size, payload_bits;
skb = digital_skb_alloc(ddev, sizeof(*psl_req));
if (!skb)
return -ENOMEM;
skb_put(skb, sizeof(*psl_req));
psl_req = (struct digital_psl_req *)skb->data;
psl_req->dir = DIGITAL_NFC_DEP_FRAME_DIR_OUT;
psl_req->cmd = DIGITAL_CMD_PSL_REQ;
psl_req->did = 0;
psl_req->brs = (0x2 << 3) | 0x2; /* 424F both directions */
payload_size = min(ddev->local_payload_max, ddev->remote_payload_max);
payload_bits = digital_payload_size_to_bits(payload_size);
psl_req->fsl = DIGITAL_PAYLOAD_BITS_TO_FSL(payload_bits);
ddev->local_payload_max = payload_size;
ddev->remote_payload_max = payload_size;
digital_skb_push_dep_sod(ddev, skb);
ddev->skb_add_crc(skb);
rc = digital_in_send_cmd(ddev, skb, ddev->dep_rwt,
digital_in_recv_psl_res, target);
if (rc)
kfree_skb(skb);
return rc;
}
static void digital_in_recv_atr_res(struct nfc_digital_dev *ddev, void *arg,
struct sk_buff *resp)
{
struct nfc_target *target = arg;
struct digital_atr_res *atr_res;
u8 gb_len, payload_bits;
u8 wt;
int rc;
if (IS_ERR(resp)) {
rc = PTR_ERR(resp);
resp = NULL;
goto exit;
}
rc = ddev->skb_check_crc(resp);
if (rc) {
PROTOCOL_ERR("14.4.1.6");
goto exit;
}
rc = digital_skb_pull_dep_sod(ddev, resp);
if (rc) {
PROTOCOL_ERR("14.4.1.2");
goto exit;
}
if (resp->len < sizeof(struct digital_atr_res)) {
rc = -EIO;
goto exit;
}
gb_len = resp->len - sizeof(struct digital_atr_res);
atr_res = (struct digital_atr_res *)resp->data;
wt = DIGITAL_ATR_RES_TO_WT(atr_res->to);
if (wt > DIGITAL_NFC_DEP_IN_MAX_WT)
wt = DIGITAL_NFC_DEP_IN_MAX_WT;
ddev->dep_rwt = digital_rwt_map[wt];
payload_bits = DIGITAL_PAYLOAD_PP_TO_BITS(atr_res->pp);
ddev->remote_payload_max = digital_payload_bits_to_size(payload_bits);
if (!ddev->remote_payload_max) {
rc = -EINVAL;
goto exit;
}
rc = nfc_set_remote_general_bytes(ddev->nfc_dev, atr_res->gb, gb_len);
if (rc)
goto exit;
if ((ddev->protocols & NFC_PROTO_FELICA_MASK) &&
(ddev->curr_rf_tech != NFC_DIGITAL_RF_TECH_424F)) {
rc = digital_in_send_psl_req(ddev, target);
if (!rc)
goto exit;
}
rc = nfc_dep_link_is_up(ddev->nfc_dev, target->idx, NFC_COMM_ACTIVE,
NFC_RF_INITIATOR);
ddev->curr_nfc_dep_pni = 0;
exit:
dev_kfree_skb(resp);
if (rc)
ddev->curr_protocol = 0;
}
int digital_in_send_atr_req(struct nfc_digital_dev *ddev,
struct nfc_target *target, __u8 comm_mode, __u8 *gb,
size_t gb_len)
{
struct sk_buff *skb;
struct digital_atr_req *atr_req;
uint size;
int rc;
u8 payload_bits;
size = DIGITAL_ATR_REQ_MIN_SIZE + gb_len;
if (size > DIGITAL_ATR_REQ_MAX_SIZE) {
PROTOCOL_ERR("14.6.1.1");
return -EINVAL;
}
skb = digital_skb_alloc(ddev, size);
if (!skb)
return -ENOMEM;
skb_put(skb, sizeof(struct digital_atr_req));
atr_req = (struct digital_atr_req *)skb->data;
memset(atr_req, 0, sizeof(struct digital_atr_req));
atr_req->dir = DIGITAL_NFC_DEP_FRAME_DIR_OUT;
atr_req->cmd = DIGITAL_CMD_ATR_REQ;
if (target->nfcid2_len)
memcpy(atr_req->nfcid3, target->nfcid2, NFC_NFCID2_MAXSIZE);
else
get_random_bytes(atr_req->nfcid3, NFC_NFCID3_MAXSIZE);
atr_req->did = 0;
atr_req->bs = 0;
atr_req->br = 0;
ddev->local_payload_max = DIGITAL_PAYLOAD_SIZE_MAX;
payload_bits = digital_payload_size_to_bits(ddev->local_payload_max);
atr_req->pp = DIGITAL_PAYLOAD_BITS_TO_PP(payload_bits);
if (gb_len) {
atr_req->pp |= DIGITAL_GB_BIT;
memcpy(skb_put(skb, gb_len), gb, gb_len);
}
digital_skb_push_dep_sod(ddev, skb);
ddev->skb_add_crc(skb);
rc = digital_in_send_cmd(ddev, skb, DIGITAL_ATR_RES_RWT,
digital_in_recv_atr_res, target);
if (rc)
kfree_skb(skb);
return rc;
}
static int digital_in_send_ack(struct nfc_digital_dev *ddev,
struct digital_data_exch *data_exch)
{
struct digital_dep_req_res *dep_req;
struct sk_buff *skb;
int rc;
skb = digital_skb_alloc(ddev, 1);
if (!skb)
return -ENOMEM;
skb_push(skb, sizeof(struct digital_dep_req_res));
dep_req = (struct digital_dep_req_res *)skb->data;
dep_req->dir = DIGITAL_NFC_DEP_FRAME_DIR_OUT;
dep_req->cmd = DIGITAL_CMD_DEP_REQ;
dep_req->pfb = DIGITAL_NFC_DEP_PFB_ACK_NACK_PDU |
ddev->curr_nfc_dep_pni;
digital_skb_push_dep_sod(ddev, skb);
ddev->skb_add_crc(skb);
ddev->saved_skb = pskb_copy(skb, GFP_KERNEL);
rc = digital_in_send_cmd(ddev, skb, ddev->dep_rwt,
digital_in_recv_dep_res, data_exch);
if (rc) {
kfree_skb(skb);
kfree_skb(ddev->saved_skb);
ddev->saved_skb = NULL;
}
return rc;
}
static int digital_in_send_nack(struct nfc_digital_dev *ddev,
struct digital_data_exch *data_exch)
{
struct digital_dep_req_res *dep_req;
struct sk_buff *skb;
int rc;
skb = digital_skb_alloc(ddev, 1);
if (!skb)
return -ENOMEM;
skb_push(skb, sizeof(struct digital_dep_req_res));
dep_req = (struct digital_dep_req_res *)skb->data;
dep_req->dir = DIGITAL_NFC_DEP_FRAME_DIR_OUT;
dep_req->cmd = DIGITAL_CMD_DEP_REQ;
dep_req->pfb = DIGITAL_NFC_DEP_PFB_ACK_NACK_PDU |
DIGITAL_NFC_DEP_PFB_NACK_BIT | ddev->curr_nfc_dep_pni;
digital_skb_push_dep_sod(ddev, skb);
ddev->skb_add_crc(skb);
rc = digital_in_send_cmd(ddev, skb, ddev->dep_rwt,
digital_in_recv_dep_res, data_exch);
if (rc)
kfree_skb(skb);
return rc;
}
static int digital_in_send_atn(struct nfc_digital_dev *ddev,
struct digital_data_exch *data_exch)
{
struct digital_dep_req_res *dep_req;
struct sk_buff *skb;
int rc;
skb = digital_skb_alloc(ddev, 1);
if (!skb)
return -ENOMEM;
skb_push(skb, sizeof(struct digital_dep_req_res));
dep_req = (struct digital_dep_req_res *)skb->data;
dep_req->dir = DIGITAL_NFC_DEP_FRAME_DIR_OUT;
dep_req->cmd = DIGITAL_CMD_DEP_REQ;
dep_req->pfb = DIGITAL_NFC_DEP_PFB_SUPERVISOR_PDU;
digital_skb_push_dep_sod(ddev, skb);
ddev->skb_add_crc(skb);
rc = digital_in_send_cmd(ddev, skb, ddev->dep_rwt,
digital_in_recv_dep_res, data_exch);
if (rc)
kfree_skb(skb);
return rc;
}
static int digital_in_send_rtox(struct nfc_digital_dev *ddev,
struct digital_data_exch *data_exch, u8 rtox)
{
struct digital_dep_req_res *dep_req;
struct sk_buff *skb;
int rc;
u16 rwt_int;
rwt_int = ddev->dep_rwt * rtox;
if (rwt_int > digital_rwt_map[DIGITAL_NFC_DEP_IN_MAX_WT])
rwt_int = digital_rwt_map[DIGITAL_NFC_DEP_IN_MAX_WT];
skb = digital_skb_alloc(ddev, 1);
if (!skb)
return -ENOMEM;
*skb_put(skb, 1) = rtox;
skb_push(skb, sizeof(struct digital_dep_req_res));
dep_req = (struct digital_dep_req_res *)skb->data;
dep_req->dir = DIGITAL_NFC_DEP_FRAME_DIR_OUT;
dep_req->cmd = DIGITAL_CMD_DEP_REQ;
dep_req->pfb = DIGITAL_NFC_DEP_PFB_SUPERVISOR_PDU |
DIGITAL_NFC_DEP_PFB_TIMEOUT_BIT;
digital_skb_push_dep_sod(ddev, skb);
ddev->skb_add_crc(skb);
rc = digital_in_send_cmd(ddev, skb, rwt_int,
digital_in_recv_dep_res, data_exch);
if (rc)
kfree_skb(skb);
return rc;
}
static int digital_in_send_saved_skb(struct nfc_digital_dev *ddev,
struct digital_data_exch *data_exch)
{
int rc;
if (!ddev->saved_skb)
return -EINVAL;
skb_get(ddev->saved_skb);
rc = digital_in_send_cmd(ddev, ddev->saved_skb, ddev->dep_rwt,
digital_in_recv_dep_res, data_exch);
if (rc)
kfree_skb(ddev->saved_skb);
return rc;
}
static void digital_in_recv_dep_res(struct nfc_digital_dev *ddev, void *arg,
struct sk_buff *resp)
{
struct digital_data_exch *data_exch = arg;
struct digital_dep_req_res *dep_res;
u8 pfb;
uint size;
int rc;
u8 rtox;
if (IS_ERR(resp)) {
rc = PTR_ERR(resp);
resp = NULL;
if ((rc == -EIO || (rc == -ETIMEDOUT && ddev->nack_count)) &&
(ddev->nack_count++ < DIGITAL_NFC_DEP_N_RETRY_NACK)) {
ddev->atn_count = 0;
rc = digital_in_send_nack(ddev, data_exch);
if (rc)
goto error;
return;
} else if ((rc == -ETIMEDOUT) &&
(ddev->atn_count++ < DIGITAL_NFC_DEP_N_RETRY_ATN)) {
ddev->nack_count = 0;
rc = digital_in_send_atn(ddev, data_exch);
if (rc)
goto error;
return;
}
goto exit;
}
rc = digital_skb_pull_dep_sod(ddev, resp);
if (rc) {
PROTOCOL_ERR("14.4.1.2");
goto exit;
}
rc = ddev->skb_check_crc(resp);
if (rc) {
if ((resp->len >= 4) &&
(ddev->nack_count++ < DIGITAL_NFC_DEP_N_RETRY_NACK)) {
ddev->atn_count = 0;
rc = digital_in_send_nack(ddev, data_exch);
if (rc)
goto error;
kfree_skb(resp);
return;
}
PROTOCOL_ERR("14.4.1.6");
goto error;
}
ddev->atn_count = 0;
ddev->nack_count = 0;
if (resp->len > ddev->local_payload_max) {
rc = -EMSGSIZE;
goto exit;
}
size = sizeof(struct digital_dep_req_res);
dep_res = (struct digital_dep_req_res *)resp->data;
if (resp->len < size || dep_res->dir != DIGITAL_NFC_DEP_FRAME_DIR_IN ||
dep_res->cmd != DIGITAL_CMD_DEP_RES) {
rc = -EIO;
goto error;
}
pfb = dep_res->pfb;
if (DIGITAL_NFC_DEP_DID_BIT_SET(pfb)) {
PROTOCOL_ERR("14.8.2.1");
rc = -EIO;
goto error;
}
if (DIGITAL_NFC_DEP_NAD_BIT_SET(pfb)) {
rc = -EIO;
goto exit;
}
if (size > resp->len) {
rc = -EIO;
goto error;
}
skb_pull(resp, size);
switch (DIGITAL_NFC_DEP_PFB_TYPE(pfb)) {
case DIGITAL_NFC_DEP_PFB_I_PDU:
if (DIGITAL_NFC_DEP_PFB_PNI(pfb) != ddev->curr_nfc_dep_pni) {
PROTOCOL_ERR("14.12.3.3");
rc = -EIO;
goto error;
}
ddev->curr_nfc_dep_pni =
DIGITAL_NFC_DEP_PFB_PNI(ddev->curr_nfc_dep_pni + 1);
kfree_skb(ddev->saved_skb);
ddev->saved_skb = NULL;
resp = digital_recv_dep_data_gather(ddev, pfb, resp,
digital_in_send_ack,
data_exch);
if (IS_ERR(resp)) {
rc = PTR_ERR(resp);
resp = NULL;
goto error;
}
/* If resp is NULL then we're still chaining so return and
* wait for the next part of the PDU. Else, the PDU is
* complete so pass it up.
*/
if (!resp)
return;
rc = 0;
break;
case DIGITAL_NFC_DEP_PFB_ACK_NACK_PDU:
if (DIGITAL_NFC_DEP_NACK_BIT_SET(pfb)) {
PROTOCOL_ERR("14.12.4.5");
rc = -EIO;
goto exit;
}
if (DIGITAL_NFC_DEP_PFB_PNI(pfb) != ddev->curr_nfc_dep_pni) {
PROTOCOL_ERR("14.12.3.3");
rc = -EIO;
goto exit;
}
ddev->curr_nfc_dep_pni =
DIGITAL_NFC_DEP_PFB_PNI(ddev->curr_nfc_dep_pni + 1);
if (!ddev->chaining_skb) {
PROTOCOL_ERR("14.12.4.3");
rc = -EIO;
goto exit;
}
/* The initiator has received a valid ACK. Free the last sent
* PDU and keep on sending chained skb.
*/
kfree_skb(ddev->saved_skb);
ddev->saved_skb = NULL;
rc = digital_in_send_dep_req(ddev, NULL,
ddev->chaining_skb,
ddev->data_exch);
if (rc)
goto error;
goto free_resp;
case DIGITAL_NFC_DEP_PFB_SUPERVISOR_PDU:
if (!DIGITAL_NFC_DEP_PFB_IS_TIMEOUT(pfb)) { /* ATN */
rc = digital_in_send_saved_skb(ddev, data_exch);
if (rc)
goto error;
goto free_resp;
}
if (ddev->atn_count || ddev->nack_count) {
PROTOCOL_ERR("14.12.4.4");
rc = -EIO;
goto error;
}
rtox = DIGITAL_NFC_DEP_RTOX_VALUE(resp->data[0]);
if (!rtox || rtox > DIGITAL_NFC_DEP_RTOX_MAX) {
PROTOCOL_ERR("14.8.4.1");
rc = -EIO;
goto error;
}
rc = digital_in_send_rtox(ddev, data_exch, rtox);
if (rc)
goto error;
goto free_resp;
}
exit:
data_exch->cb(data_exch->cb_context, resp, rc);
error:
kfree(data_exch);
kfree_skb(ddev->chaining_skb);
ddev->chaining_skb = NULL;
kfree_skb(ddev->saved_skb);
ddev->saved_skb = NULL;
if (rc)
kfree_skb(resp);
return;
free_resp:
dev_kfree_skb(resp);
}
int digital_in_send_dep_req(struct nfc_digital_dev *ddev,
struct nfc_target *target, struct sk_buff *skb,
struct digital_data_exch *data_exch)
{
struct digital_dep_req_res *dep_req;
struct sk_buff *chaining_skb, *tmp_skb;
int rc;
skb_push(skb, sizeof(struct digital_dep_req_res));
dep_req = (struct digital_dep_req_res *)skb->data;
dep_req->dir = DIGITAL_NFC_DEP_FRAME_DIR_OUT;
dep_req->cmd = DIGITAL_CMD_DEP_REQ;
dep_req->pfb = ddev->curr_nfc_dep_pni;
ddev->atn_count = 0;
ddev->nack_count = 0;
chaining_skb = ddev->chaining_skb;
tmp_skb = digital_send_dep_data_prep(ddev, skb, dep_req, data_exch);
if (IS_ERR(tmp_skb))
return PTR_ERR(tmp_skb);
digital_skb_push_dep_sod(ddev, tmp_skb);
ddev->skb_add_crc(tmp_skb);
ddev->saved_skb = pskb_copy(tmp_skb, GFP_KERNEL);
rc = digital_in_send_cmd(ddev, tmp_skb, ddev->dep_rwt,
digital_in_recv_dep_res, data_exch);
if (rc) {
if (tmp_skb != skb)
kfree_skb(tmp_skb);
kfree_skb(chaining_skb);
ddev->chaining_skb = NULL;
kfree_skb(ddev->saved_skb);
ddev->saved_skb = NULL;
}
return rc;
}
static void digital_tg_set_rf_tech(struct nfc_digital_dev *ddev, u8 rf_tech)
{
ddev->curr_rf_tech = rf_tech;
ddev->skb_add_crc = digital_skb_add_crc_none;
ddev->skb_check_crc = digital_skb_check_crc_none;
if (DIGITAL_DRV_CAPS_TG_CRC(ddev))
return;
switch (ddev->curr_rf_tech) {
case NFC_DIGITAL_RF_TECH_106A:
ddev->skb_add_crc = digital_skb_add_crc_a;
ddev->skb_check_crc = digital_skb_check_crc_a;
break;
case NFC_DIGITAL_RF_TECH_212F:
case NFC_DIGITAL_RF_TECH_424F:
ddev->skb_add_crc = digital_skb_add_crc_f;
ddev->skb_check_crc = digital_skb_check_crc_f;
break;
default:
break;
}
}
static int digital_tg_send_ack(struct nfc_digital_dev *ddev,
struct digital_data_exch *data_exch)
{
struct digital_dep_req_res *dep_res;
struct sk_buff *skb;
int rc;
skb = digital_skb_alloc(ddev, 1);
if (!skb)
return -ENOMEM;
skb_push(skb, sizeof(struct digital_dep_req_res));
dep_res = (struct digital_dep_req_res *)skb->data;
dep_res->dir = DIGITAL_NFC_DEP_FRAME_DIR_IN;
dep_res->cmd = DIGITAL_CMD_DEP_RES;
dep_res->pfb = DIGITAL_NFC_DEP_PFB_ACK_NACK_PDU |
ddev->curr_nfc_dep_pni;
if (ddev->did) {
dep_res->pfb |= DIGITAL_NFC_DEP_PFB_DID_BIT;
memcpy(skb_put(skb, sizeof(ddev->did)), &ddev->did,
sizeof(ddev->did));
}
ddev->curr_nfc_dep_pni =
DIGITAL_NFC_DEP_PFB_PNI(ddev->curr_nfc_dep_pni + 1);
digital_skb_push_dep_sod(ddev, skb);
ddev->skb_add_crc(skb);
ddev->saved_skb = pskb_copy(skb, GFP_KERNEL);
rc = digital_tg_send_cmd(ddev, skb, 1500, digital_tg_recv_dep_req,
data_exch);
if (rc) {
kfree_skb(skb);
kfree_skb(ddev->saved_skb);
ddev->saved_skb = NULL;
}
return rc;
}
static int digital_tg_send_atn(struct nfc_digital_dev *ddev)
{
struct digital_dep_req_res *dep_res;
struct sk_buff *skb;
int rc;
skb = digital_skb_alloc(ddev, 1);
if (!skb)
return -ENOMEM;
skb_push(skb, sizeof(struct digital_dep_req_res));
dep_res = (struct digital_dep_req_res *)skb->data;
dep_res->dir = DIGITAL_NFC_DEP_FRAME_DIR_IN;
dep_res->cmd = DIGITAL_CMD_DEP_RES;
dep_res->pfb = DIGITAL_NFC_DEP_PFB_SUPERVISOR_PDU;
if (ddev->did) {
dep_res->pfb |= DIGITAL_NFC_DEP_PFB_DID_BIT;
memcpy(skb_put(skb, sizeof(ddev->did)), &ddev->did,
sizeof(ddev->did));
}
digital_skb_push_dep_sod(ddev, skb);
ddev->skb_add_crc(skb);
rc = digital_tg_send_cmd(ddev, skb, 1500, digital_tg_recv_dep_req,
NULL);
if (rc)
kfree_skb(skb);
return rc;
}
static int digital_tg_send_saved_skb(struct nfc_digital_dev *ddev)
{
int rc;
if (!ddev->saved_skb)
return -EINVAL;
skb_get(ddev->saved_skb);
rc = digital_tg_send_cmd(ddev, ddev->saved_skb, 1500,
digital_tg_recv_dep_req, NULL);
if (rc)
kfree_skb(ddev->saved_skb);
return rc;
}
static void digital_tg_recv_dep_req(struct nfc_digital_dev *ddev, void *arg,
struct sk_buff *resp)
{
int rc;
struct digital_dep_req_res *dep_req;
u8 pfb;
size_t size;
if (IS_ERR(resp)) {
rc = PTR_ERR(resp);
resp = NULL;
goto exit;
}
rc = ddev->skb_check_crc(resp);
if (rc) {
PROTOCOL_ERR("14.4.1.6");
goto exit;
}
rc = digital_skb_pull_dep_sod(ddev, resp);
if (rc) {
PROTOCOL_ERR("14.4.1.2");
goto exit;
}
if (resp->len > ddev->local_payload_max) {
rc = -EMSGSIZE;
goto exit;
}
size = sizeof(struct digital_dep_req_res);
dep_req = (struct digital_dep_req_res *)resp->data;
if (resp->len < size || dep_req->dir != DIGITAL_NFC_DEP_FRAME_DIR_OUT ||
dep_req->cmd != DIGITAL_CMD_DEP_REQ) {
rc = -EIO;
goto exit;
}
pfb = dep_req->pfb;
if (DIGITAL_NFC_DEP_DID_BIT_SET(pfb)) {
if (ddev->did && (ddev->did == resp->data[3])) {
size++;
} else {
rc = -EIO;
goto exit;
}
} else if (ddev->did) {
rc = -EIO;
goto exit;
}
if (DIGITAL_NFC_DEP_NAD_BIT_SET(pfb)) {
rc = -EIO;
goto exit;
}
if (size > resp->len) {
rc = -EIO;
goto exit;
}
skb_pull(resp, size);
switch (DIGITAL_NFC_DEP_PFB_TYPE(pfb)) {
case DIGITAL_NFC_DEP_PFB_I_PDU:
pr_debug("DIGITAL_NFC_DEP_PFB_I_PDU\n");
if (ddev->atn_count) {
/* The target has received (and replied to) at least one
* ATN DEP_REQ.
*/
ddev->atn_count = 0;
/* pni of resp PDU equal to the target current pni - 1
* means resp is the previous DEP_REQ PDU received from
* the initiator so the target replies with saved_skb
* which is the previous DEP_RES saved in
* digital_tg_send_dep_res().
*/
if (DIGITAL_NFC_DEP_PFB_PNI(pfb) ==
DIGITAL_NFC_DEP_PFB_PNI(ddev->curr_nfc_dep_pni - 1)) {
rc = digital_tg_send_saved_skb(ddev);
if (rc)
goto exit;
goto free_resp;
}
/* atn_count > 0 and PDU pni != curr_nfc_dep_pni - 1
* means the target probably did not received the last
* DEP_REQ PDU sent by the initiator. The target
* fallbacks to normal processing then.
*/
}
if (DIGITAL_NFC_DEP_PFB_PNI(pfb) != ddev->curr_nfc_dep_pni) {
PROTOCOL_ERR("14.12.3.4");
rc = -EIO;
goto exit;
}
kfree_skb(ddev->saved_skb);
ddev->saved_skb = NULL;
resp = digital_recv_dep_data_gather(ddev, pfb, resp,
digital_tg_send_ack, NULL);
if (IS_ERR(resp)) {
rc = PTR_ERR(resp);
resp = NULL;
goto exit;
}
/* If resp is NULL then we're still chaining so return and
* wait for the next part of the PDU. Else, the PDU is
* complete so pass it up.
*/
if (!resp)
return;
rc = 0;
break;
case DIGITAL_NFC_DEP_PFB_ACK_NACK_PDU:
if (DIGITAL_NFC_DEP_NACK_BIT_SET(pfb)) { /* NACK */
if (DIGITAL_NFC_DEP_PFB_PNI(pfb + 1) !=
ddev->curr_nfc_dep_pni) {
rc = -EIO;
goto exit;
}
ddev->atn_count = 0;
rc = digital_tg_send_saved_skb(ddev);
if (rc)
goto exit;
goto free_resp;
}
/* ACK */
if (ddev->atn_count) {
/* The target has previously recevied one or more ATN
* PDUs.
*/
ddev->atn_count = 0;
/* If the ACK PNI is equal to the target PNI - 1 means
* that the initiator did not receive the previous PDU
* sent by the target so re-send it.
*/
if (DIGITAL_NFC_DEP_PFB_PNI(pfb + 1) ==
ddev->curr_nfc_dep_pni) {
rc = digital_tg_send_saved_skb(ddev);
if (rc)
goto exit;
goto free_resp;
}
/* Otherwise, the target did not receive the previous
* ACK PDU from the initiator. Fallback to normal
* processing of chained PDU then.
*/
}
/* Keep on sending chained PDU */
if (!ddev->chaining_skb ||
DIGITAL_NFC_DEP_PFB_PNI(pfb) !=
ddev->curr_nfc_dep_pni) {
rc = -EIO;
goto exit;
}
kfree_skb(ddev->saved_skb);
ddev->saved_skb = NULL;
rc = digital_tg_send_dep_res(ddev, ddev->chaining_skb);
if (rc)
goto exit;
goto free_resp;
case DIGITAL_NFC_DEP_PFB_SUPERVISOR_PDU:
if (DIGITAL_NFC_DEP_PFB_IS_TIMEOUT(pfb)) {
rc = -EINVAL;
goto exit;
}
rc = digital_tg_send_atn(ddev);
if (rc)
goto exit;
ddev->atn_count++;
goto free_resp;
}
rc = nfc_tm_data_received(ddev->nfc_dev, resp);
if (rc)
resp = NULL;
exit:
kfree_skb(ddev->chaining_skb);
ddev->chaining_skb = NULL;
ddev->atn_count = 0;
kfree_skb(ddev->saved_skb);
ddev->saved_skb = NULL;
if (rc)
kfree_skb(resp);
return;
free_resp:
dev_kfree_skb(resp);
}
int digital_tg_send_dep_res(struct nfc_digital_dev *ddev, struct sk_buff *skb)
{
struct digital_dep_req_res *dep_res;
struct sk_buff *chaining_skb, *tmp_skb;
int rc;
skb_push(skb, sizeof(struct digital_dep_req_res));
dep_res = (struct digital_dep_req_res *)skb->data;
dep_res->dir = DIGITAL_NFC_DEP_FRAME_DIR_IN;
dep_res->cmd = DIGITAL_CMD_DEP_RES;
dep_res->pfb = ddev->curr_nfc_dep_pni;
if (ddev->did) {
dep_res->pfb |= DIGITAL_NFC_DEP_PFB_DID_BIT;
memcpy(skb_put(skb, sizeof(ddev->did)), &ddev->did,
sizeof(ddev->did));
}
ddev->curr_nfc_dep_pni =
DIGITAL_NFC_DEP_PFB_PNI(ddev->curr_nfc_dep_pni + 1);
chaining_skb = ddev->chaining_skb;
tmp_skb = digital_send_dep_data_prep(ddev, skb, dep_res, NULL);
if (IS_ERR(tmp_skb))
return PTR_ERR(tmp_skb);
digital_skb_push_dep_sod(ddev, tmp_skb);
ddev->skb_add_crc(tmp_skb);
ddev->saved_skb = pskb_copy(tmp_skb, GFP_KERNEL);
rc = digital_tg_send_cmd(ddev, tmp_skb, 1500, digital_tg_recv_dep_req,
NULL);
if (rc) {
if (tmp_skb != skb)
kfree_skb(tmp_skb);
kfree_skb(chaining_skb);
ddev->chaining_skb = NULL;
kfree_skb(ddev->saved_skb);
ddev->saved_skb = NULL;
}
return rc;
}
static void digital_tg_send_psl_res_complete(struct nfc_digital_dev *ddev,
void *arg, struct sk_buff *resp)
{
u8 rf_tech = (unsigned long)arg;
if (IS_ERR(resp))
return;
digital_tg_set_rf_tech(ddev, rf_tech);
digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH, rf_tech);
digital_tg_listen(ddev, 1500, digital_tg_recv_dep_req, NULL);
dev_kfree_skb(resp);
}
static int digital_tg_send_psl_res(struct nfc_digital_dev *ddev, u8 did,
u8 rf_tech)
{
struct digital_psl_res *psl_res;
struct sk_buff *skb;
int rc;
skb = digital_skb_alloc(ddev, sizeof(struct digital_psl_res));
if (!skb)
return -ENOMEM;
skb_put(skb, sizeof(struct digital_psl_res));
psl_res = (struct digital_psl_res *)skb->data;
psl_res->dir = DIGITAL_NFC_DEP_FRAME_DIR_IN;
psl_res->cmd = DIGITAL_CMD_PSL_RES;
psl_res->did = did;
digital_skb_push_dep_sod(ddev, skb);
ddev->skb_add_crc(skb);
ddev->curr_nfc_dep_pni = 0;
rc = digital_tg_send_cmd(ddev, skb, 0, digital_tg_send_psl_res_complete,
(void *)(unsigned long)rf_tech);
if (rc)
kfree_skb(skb);
return rc;
}
static void digital_tg_recv_psl_req(struct nfc_digital_dev *ddev, void *arg,
struct sk_buff *resp)
{
int rc;
struct digital_psl_req *psl_req;
u8 rf_tech;
u8 dsi, payload_size, payload_bits;
if (IS_ERR(resp)) {
rc = PTR_ERR(resp);
resp = NULL;
goto exit;
}
rc = ddev->skb_check_crc(resp);
if (rc) {
PROTOCOL_ERR("14.4.1.6");
goto exit;
}
rc = digital_skb_pull_dep_sod(ddev, resp);
if (rc) {
PROTOCOL_ERR("14.4.1.2");
goto exit;
}
psl_req = (struct digital_psl_req *)resp->data;
if (resp->len != sizeof(struct digital_psl_req) ||
psl_req->dir != DIGITAL_NFC_DEP_FRAME_DIR_OUT ||
psl_req->cmd != DIGITAL_CMD_PSL_REQ) {
rc = -EIO;
goto exit;
}
dsi = (psl_req->brs >> 3) & 0x07;
switch (dsi) {
case 0:
rf_tech = NFC_DIGITAL_RF_TECH_106A;
break;
case 1:
rf_tech = NFC_DIGITAL_RF_TECH_212F;
break;
case 2:
rf_tech = NFC_DIGITAL_RF_TECH_424F;
break;
default:
pr_err("Unsupported dsi value %d\n", dsi);
goto exit;
}
payload_bits = DIGITAL_PAYLOAD_FSL_TO_BITS(psl_req->fsl);
payload_size = digital_payload_bits_to_size(payload_bits);
if (!payload_size || (payload_size > min(ddev->local_payload_max,
ddev->remote_payload_max))) {
rc = -EINVAL;
goto exit;
}
ddev->local_payload_max = payload_size;
ddev->remote_payload_max = payload_size;
rc = digital_tg_send_psl_res(ddev, psl_req->did, rf_tech);
exit:
kfree_skb(resp);
}
static void digital_tg_send_atr_res_complete(struct nfc_digital_dev *ddev,
void *arg, struct sk_buff *resp)
{
int offset;
if (IS_ERR(resp)) {
digital_poll_next_tech(ddev);
return;
}
offset = 2;
if (resp->data[0] == DIGITAL_NFC_DEP_NFCA_SOD_SB)
offset++;
ddev->atn_count = 0;
if (resp->data[offset] == DIGITAL_CMD_PSL_REQ)
digital_tg_recv_psl_req(ddev, arg, resp);
else
digital_tg_recv_dep_req(ddev, arg, resp);
}
static int digital_tg_send_atr_res(struct nfc_digital_dev *ddev,
struct digital_atr_req *atr_req)
{
struct digital_atr_res *atr_res;
struct sk_buff *skb;
u8 *gb, payload_bits;
size_t gb_len;
int rc;
gb = nfc_get_local_general_bytes(ddev->nfc_dev, &gb_len);
if (!gb)
gb_len = 0;
skb = digital_skb_alloc(ddev, sizeof(struct digital_atr_res) + gb_len);
if (!skb)
return -ENOMEM;
skb_put(skb, sizeof(struct digital_atr_res));
atr_res = (struct digital_atr_res *)skb->data;
memset(atr_res, 0, sizeof(struct digital_atr_res));
atr_res->dir = DIGITAL_NFC_DEP_FRAME_DIR_IN;
atr_res->cmd = DIGITAL_CMD_ATR_RES;
memcpy(atr_res->nfcid3, atr_req->nfcid3, sizeof(atr_req->nfcid3));
atr_res->to = DIGITAL_NFC_DEP_TG_MAX_WT;
ddev->local_payload_max = DIGITAL_PAYLOAD_SIZE_MAX;
payload_bits = digital_payload_size_to_bits(ddev->local_payload_max);
atr_res->pp = DIGITAL_PAYLOAD_BITS_TO_PP(payload_bits);
if (gb_len) {
skb_put(skb, gb_len);
atr_res->pp |= DIGITAL_GB_BIT;
memcpy(atr_res->gb, gb, gb_len);
}
digital_skb_push_dep_sod(ddev, skb);
ddev->skb_add_crc(skb);
ddev->curr_nfc_dep_pni = 0;
rc = digital_tg_send_cmd(ddev, skb, 999,
digital_tg_send_atr_res_complete, NULL);
if (rc)
kfree_skb(skb);
return rc;
}
void digital_tg_recv_atr_req(struct nfc_digital_dev *ddev, void *arg,
struct sk_buff *resp)
{
int rc;
struct digital_atr_req *atr_req;
size_t gb_len, min_size;
u8 poll_tech_count, payload_bits;
if (IS_ERR(resp)) {
rc = PTR_ERR(resp);
resp = NULL;
goto exit;
}
if (!resp->len) {
rc = -EIO;
goto exit;
}
if (resp->data[0] == DIGITAL_NFC_DEP_NFCA_SOD_SB) {
min_size = DIGITAL_ATR_REQ_MIN_SIZE + 2;
digital_tg_set_rf_tech(ddev, NFC_DIGITAL_RF_TECH_106A);
} else {
min_size = DIGITAL_ATR_REQ_MIN_SIZE + 1;
digital_tg_set_rf_tech(ddev, NFC_DIGITAL_RF_TECH_212F);
}
if (resp->len < min_size) {
rc = -EIO;
goto exit;
}
ddev->curr_protocol = NFC_PROTO_NFC_DEP_MASK;
rc = ddev->skb_check_crc(resp);
if (rc) {
PROTOCOL_ERR("14.4.1.6");
goto exit;
}
rc = digital_skb_pull_dep_sod(ddev, resp);
if (rc) {
PROTOCOL_ERR("14.4.1.2");
goto exit;
}
atr_req = (struct digital_atr_req *)resp->data;
if (atr_req->dir != DIGITAL_NFC_DEP_FRAME_DIR_OUT ||
atr_req->cmd != DIGITAL_CMD_ATR_REQ ||
atr_req->did > DIGITAL_DID_MAX) {
rc = -EINVAL;
goto exit;
}
payload_bits = DIGITAL_PAYLOAD_PP_TO_BITS(atr_req->pp);
ddev->remote_payload_max = digital_payload_bits_to_size(payload_bits);
if (!ddev->remote_payload_max) {
rc = -EINVAL;
goto exit;
}
ddev->did = atr_req->did;
rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
NFC_DIGITAL_FRAMING_NFC_DEP_ACTIVATED);
if (rc)
goto exit;
rc = digital_tg_send_atr_res(ddev, atr_req);
if (rc)
goto exit;
gb_len = resp->len - sizeof(struct digital_atr_req);
poll_tech_count = ddev->poll_tech_count;
ddev->poll_tech_count = 0;
rc = nfc_tm_activated(ddev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
NFC_COMM_PASSIVE, atr_req->gb, gb_len);
if (rc) {
ddev->poll_tech_count = poll_tech_count;
goto exit;
}
rc = 0;
exit:
if (rc)
digital_poll_next_tech(ddev);
dev_kfree_skb(resp);
}
View Git Blame Copy Permalink