1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * The NFC Controller Interface is the communication protocol between an 4 * NFC Controller (NFCC) and a Device Host (DH). 5 * 6 * Copyright (C) 2014 Marvell International Ltd. 7 * Copyright (C) 2011 Texas Instruments, Inc. 8 * 9 * Written by Ilan Elias <ilane@ti.com> 10 * 11 * Acknowledgements: 12 * This file is based on hci_event.c, which was written 13 * by Maxim Krasnyansky. 14 */ 15 16 #define pr_fmt(fmt) KBUILD_MODNAME ": %s: " fmt, __func__ 17 18 #include <linux/types.h> 19 #include <linux/interrupt.h> 20 #include <linux/bitops.h> 21 #include <linux/skbuff.h> 22 23 #include "../nfc.h" 24 #include <net/nfc/nci.h> 25 #include <net/nfc/nci_core.h> 26 #include <linux/nfc.h> 27 28 /* Handle NCI Notification packets */ 29 30 static int nci_core_reset_ntf_packet(struct nci_dev *ndev, 31 const struct sk_buff *skb) 32 { 33 /* Handle NCI 2.x core reset notification */ 34 const struct nci_core_reset_ntf *ntf; 35 36 if (skb->len < sizeof(struct nci_core_reset_ntf)) 37 return -EINVAL; 38 39 ntf = (struct nci_core_reset_ntf *)skb->data; 40 41 ndev->nci_ver = ntf->nci_ver; 42 pr_debug("nci_ver 0x%x, config_status 0x%x\n", 43 ntf->nci_ver, ntf->config_status); 44 45 ndev->manufact_id = ntf->manufact_id; 46 ndev->manufact_specific_info = 47 __le32_to_cpu(ntf->manufact_specific_info); 48 49 nci_req_complete(ndev, NCI_STATUS_OK); 50 51 return 0; 52 } 53 54 static int nci_core_conn_credits_ntf_packet(struct nci_dev *ndev, 55 struct sk_buff *skb) 56 { 57 struct nci_core_conn_credit_ntf *ntf; 58 struct nci_conn_info *conn_info; 59 int i; 60 61 if (skb->len < offsetofend(struct nci_core_conn_credit_ntf, num_entries)) 62 return -EINVAL; 63 64 ntf = (struct nci_core_conn_credit_ntf *)skb->data; 65 66 pr_debug("num_entries %d\n", ntf->num_entries); 67 68 if (ntf->num_entries > NCI_MAX_NUM_CONN) 69 ntf->num_entries = NCI_MAX_NUM_CONN; 70 71 if (skb->len < offsetofend(struct nci_core_conn_credit_ntf, num_entries) + 72 ntf->num_entries * sizeof(struct conn_credit_entry)) 73 return -EINVAL; 74 75 /* update the credits */ 76 for (i = 0; i < ntf->num_entries; i++) { 77 ntf->conn_entries[i].conn_id = 78 nci_conn_id(&ntf->conn_entries[i].conn_id); 79 80 pr_debug("entry[%d]: conn_id %d, credits %d\n", 81 i, ntf->conn_entries[i].conn_id, 82 ntf->conn_entries[i].credits); 83 84 conn_info = nci_get_conn_info_by_conn_id(ndev, 85 ntf->conn_entries[i].conn_id); 86 if (!conn_info) 87 return 0; 88 89 atomic_add(ntf->conn_entries[i].credits, 90 &conn_info->credits_cnt); 91 } 92 93 /* trigger the next tx */ 94 if (!skb_queue_empty(&ndev->tx_q)) 95 queue_work(ndev->tx_wq, &ndev->tx_work); 96 97 return 0; 98 } 99 100 static int nci_core_generic_error_ntf_packet(struct nci_dev *ndev, 101 const struct sk_buff *skb) 102 { 103 __u8 status; 104 105 if (skb->len < 1) 106 return -EINVAL; 107 108 status = skb->data[0]; 109 110 pr_debug("status 0x%x\n", status); 111 112 if (atomic_read(&ndev->state) == NCI_W4_HOST_SELECT) { 113 /* Activation failed, so complete the request 114 (the state remains the same) */ 115 nci_req_complete(ndev, status); 116 } 117 118 return 0; 119 } 120 121 static int nci_core_conn_intf_error_ntf_packet(struct nci_dev *ndev, 122 struct sk_buff *skb) 123 { 124 struct nci_core_intf_error_ntf *ntf; 125 126 if (skb->len < sizeof(struct nci_core_intf_error_ntf)) 127 return -EINVAL; 128 129 ntf = (struct nci_core_intf_error_ntf *)skb->data; 130 131 ntf->conn_id = nci_conn_id(&ntf->conn_id); 132 133 pr_debug("status 0x%x, conn_id %d\n", ntf->status, ntf->conn_id); 134 135 /* complete the data exchange transaction, if exists */ 136 if (test_bit(NCI_DATA_EXCHANGE, &ndev->flags)) 137 nci_data_exchange_complete(ndev, NULL, ntf->conn_id, -EIO); 138 139 return 0; 140 } 141 142 static const __u8 * 143 nci_extract_rf_params_nfca_passive_poll(struct nci_dev *ndev, 144 struct rf_tech_specific_params_nfca_poll *nfca_poll, 145 const __u8 *data, ssize_t data_len) 146 { 147 /* Check if we have enough data for sens_res (2 bytes) */ 148 if (data_len < 2) 149 return ERR_PTR(-EINVAL); 150 151 nfca_poll->sens_res = __le16_to_cpu(*((__le16 *)data)); 152 data += 2; 153 data_len -= 2; 154 155 /* Check if we have enough data for nfcid1_len (1 byte) */ 156 if (data_len < 1) 157 return ERR_PTR(-EINVAL); 158 159 nfca_poll->nfcid1_len = min_t(__u8, *data++, NFC_NFCID1_MAXSIZE); 160 data_len--; 161 162 pr_debug("sens_res 0x%x, nfcid1_len %d\n", 163 nfca_poll->sens_res, nfca_poll->nfcid1_len); 164 165 /* Check if we have enough data for nfcid1 */ 166 if (data_len < nfca_poll->nfcid1_len) 167 return ERR_PTR(-EINVAL); 168 169 memcpy(nfca_poll->nfcid1, data, nfca_poll->nfcid1_len); 170 data += nfca_poll->nfcid1_len; 171 data_len -= nfca_poll->nfcid1_len; 172 173 /* Check if we have enough data for sel_res_len (1 byte) */ 174 if (data_len < 1) 175 return ERR_PTR(-EINVAL); 176 177 nfca_poll->sel_res_len = *data++; 178 data_len--; 179 180 if (nfca_poll->sel_res_len != 0) { 181 /* Check if we have enough data for sel_res (1 byte) */ 182 if (data_len < 1) 183 return ERR_PTR(-EINVAL); 184 185 nfca_poll->sel_res = *data++; 186 } 187 188 pr_debug("sel_res_len %d, sel_res 0x%x\n", 189 nfca_poll->sel_res_len, 190 nfca_poll->sel_res); 191 192 return data; 193 } 194 195 static const __u8 * 196 nci_extract_rf_params_nfcb_passive_poll(struct nci_dev *ndev, 197 struct rf_tech_specific_params_nfcb_poll *nfcb_poll, 198 const __u8 *data, ssize_t data_len) 199 { 200 /* Check if we have enough data for sensb_res_len (1 byte) */ 201 if (data_len < 1) 202 return ERR_PTR(-EINVAL); 203 204 nfcb_poll->sensb_res_len = min_t(__u8, *data++, NFC_SENSB_RES_MAXSIZE); 205 data_len--; 206 207 pr_debug("sensb_res_len %d\n", nfcb_poll->sensb_res_len); 208 209 /* Check if we have enough data for sensb_res */ 210 if (data_len < nfcb_poll->sensb_res_len) 211 return ERR_PTR(-EINVAL); 212 213 memcpy(nfcb_poll->sensb_res, data, nfcb_poll->sensb_res_len); 214 data += nfcb_poll->sensb_res_len; 215 216 return data; 217 } 218 219 static const __u8 * 220 nci_extract_rf_params_nfcf_passive_poll(struct nci_dev *ndev, 221 struct rf_tech_specific_params_nfcf_poll *nfcf_poll, 222 const __u8 *data, ssize_t data_len) 223 { 224 /* Check if we have enough data for bit_rate (1 byte) */ 225 if (data_len < 1) 226 return ERR_PTR(-EINVAL); 227 228 nfcf_poll->bit_rate = *data++; 229 data_len--; 230 231 /* Check if we have enough data for sensf_res_len (1 byte) */ 232 if (data_len < 1) 233 return ERR_PTR(-EINVAL); 234 235 nfcf_poll->sensf_res_len = min_t(__u8, *data++, NFC_SENSF_RES_MAXSIZE); 236 data_len--; 237 238 pr_debug("bit_rate %d, sensf_res_len %d\n", 239 nfcf_poll->bit_rate, nfcf_poll->sensf_res_len); 240 241 /* Check if we have enough data for sensf_res */ 242 if (data_len < nfcf_poll->sensf_res_len) 243 return ERR_PTR(-EINVAL); 244 245 memcpy(nfcf_poll->sensf_res, data, nfcf_poll->sensf_res_len); 246 data += nfcf_poll->sensf_res_len; 247 248 return data; 249 } 250 251 static const __u8 * 252 nci_extract_rf_params_nfcv_passive_poll(struct nci_dev *ndev, 253 struct rf_tech_specific_params_nfcv_poll *nfcv_poll, 254 const __u8 *data, ssize_t data_len) 255 { 256 /* Skip 1 byte (reserved) */ 257 if (data_len < 1) 258 return ERR_PTR(-EINVAL); 259 260 ++data; 261 data_len--; 262 263 /* Check if we have enough data for dsfid (1 byte) */ 264 if (data_len < 1) 265 return ERR_PTR(-EINVAL); 266 267 nfcv_poll->dsfid = *data++; 268 data_len--; 269 270 /* Check if we have enough data for uid (8 bytes) */ 271 if (data_len < NFC_ISO15693_UID_MAXSIZE) 272 return ERR_PTR(-EINVAL); 273 274 memcpy(nfcv_poll->uid, data, NFC_ISO15693_UID_MAXSIZE); 275 data += NFC_ISO15693_UID_MAXSIZE; 276 277 return data; 278 } 279 280 static const __u8 * 281 nci_extract_rf_params_nfcf_passive_listen(struct nci_dev *ndev, 282 struct rf_tech_specific_params_nfcf_listen *nfcf_listen, 283 const __u8 *data, ssize_t data_len) 284 { 285 /* Check if we have enough data for local_nfcid2_len (1 byte) */ 286 if (data_len < 1) 287 return ERR_PTR(-EINVAL); 288 289 nfcf_listen->local_nfcid2_len = min_t(__u8, *data++, 290 NFC_NFCID2_MAXSIZE); 291 data_len--; 292 293 /* Check if we have enough data for local_nfcid2 */ 294 if (data_len < nfcf_listen->local_nfcid2_len) 295 return ERR_PTR(-EINVAL); 296 297 memcpy(nfcf_listen->local_nfcid2, data, nfcf_listen->local_nfcid2_len); 298 data += nfcf_listen->local_nfcid2_len; 299 300 return data; 301 } 302 303 static __u32 nci_get_prop_rf_protocol(struct nci_dev *ndev, __u8 rf_protocol) 304 { 305 if (ndev->ops->get_rfprotocol) 306 return ndev->ops->get_rfprotocol(ndev, rf_protocol); 307 return 0; 308 } 309 310 static int nci_add_new_protocol(struct nci_dev *ndev, 311 struct nfc_target *target, 312 __u8 rf_protocol, 313 __u8 rf_tech_and_mode, 314 const void *params) 315 { 316 const struct rf_tech_specific_params_nfca_poll *nfca_poll; 317 const struct rf_tech_specific_params_nfcb_poll *nfcb_poll; 318 const struct rf_tech_specific_params_nfcf_poll *nfcf_poll; 319 const struct rf_tech_specific_params_nfcv_poll *nfcv_poll; 320 __u32 protocol; 321 322 if (rf_protocol == NCI_RF_PROTOCOL_T1T) 323 protocol = NFC_PROTO_JEWEL_MASK; 324 else if (rf_protocol == NCI_RF_PROTOCOL_T2T) 325 protocol = NFC_PROTO_MIFARE_MASK; 326 else if (rf_protocol == NCI_RF_PROTOCOL_ISO_DEP) 327 if (rf_tech_and_mode == NCI_NFC_A_PASSIVE_POLL_MODE) 328 protocol = NFC_PROTO_ISO14443_MASK; 329 else 330 protocol = NFC_PROTO_ISO14443_B_MASK; 331 else if (rf_protocol == NCI_RF_PROTOCOL_T3T) 332 protocol = NFC_PROTO_FELICA_MASK; 333 else if (rf_protocol == NCI_RF_PROTOCOL_NFC_DEP) 334 protocol = NFC_PROTO_NFC_DEP_MASK; 335 else if (rf_protocol == NCI_RF_PROTOCOL_T5T) 336 protocol = NFC_PROTO_ISO15693_MASK; 337 else 338 protocol = nci_get_prop_rf_protocol(ndev, rf_protocol); 339 340 if (!(protocol & ndev->poll_prots)) { 341 pr_err("the target found does not have the desired protocol\n"); 342 return -EPROTO; 343 } 344 345 if (rf_tech_and_mode == NCI_NFC_A_PASSIVE_POLL_MODE) { 346 nfca_poll = (struct rf_tech_specific_params_nfca_poll *)params; 347 348 target->sens_res = nfca_poll->sens_res; 349 target->sel_res = nfca_poll->sel_res; 350 target->nfcid1_len = nfca_poll->nfcid1_len; 351 if (target->nfcid1_len > ARRAY_SIZE(target->nfcid1)) 352 return -EPROTO; 353 if (target->nfcid1_len > 0) { 354 memcpy(target->nfcid1, nfca_poll->nfcid1, 355 target->nfcid1_len); 356 } 357 } else if (rf_tech_and_mode == NCI_NFC_B_PASSIVE_POLL_MODE) { 358 nfcb_poll = (struct rf_tech_specific_params_nfcb_poll *)params; 359 360 target->sensb_res_len = nfcb_poll->sensb_res_len; 361 if (target->sensb_res_len > ARRAY_SIZE(target->sensb_res)) 362 return -EPROTO; 363 if (target->sensb_res_len > 0) { 364 memcpy(target->sensb_res, nfcb_poll->sensb_res, 365 target->sensb_res_len); 366 } 367 } else if (rf_tech_and_mode == NCI_NFC_F_PASSIVE_POLL_MODE) { 368 nfcf_poll = (struct rf_tech_specific_params_nfcf_poll *)params; 369 370 target->sensf_res_len = nfcf_poll->sensf_res_len; 371 if (target->sensf_res_len > ARRAY_SIZE(target->sensf_res)) 372 return -EPROTO; 373 if (target->sensf_res_len > 0) { 374 memcpy(target->sensf_res, nfcf_poll->sensf_res, 375 target->sensf_res_len); 376 } 377 } else if (rf_tech_and_mode == NCI_NFC_V_PASSIVE_POLL_MODE) { 378 nfcv_poll = (struct rf_tech_specific_params_nfcv_poll *)params; 379 380 target->is_iso15693 = 1; 381 target->iso15693_dsfid = nfcv_poll->dsfid; 382 memcpy(target->iso15693_uid, nfcv_poll->uid, NFC_ISO15693_UID_MAXSIZE); 383 } else { 384 pr_err("unsupported rf_tech_and_mode 0x%x\n", rf_tech_and_mode); 385 return -EPROTO; 386 } 387 388 target->supported_protocols |= protocol; 389 390 pr_debug("protocol 0x%x\n", protocol); 391 392 return 0; 393 } 394 395 static void nci_add_new_target(struct nci_dev *ndev, 396 const struct nci_rf_discover_ntf *ntf) 397 { 398 struct nfc_target *target; 399 int i, rc; 400 401 for (i = 0; i < ndev->n_targets; i++) { 402 target = &ndev->targets[i]; 403 if (target->logical_idx == ntf->rf_discovery_id) { 404 /* This target already exists, add the new protocol */ 405 nci_add_new_protocol(ndev, target, ntf->rf_protocol, 406 ntf->rf_tech_and_mode, 407 &ntf->rf_tech_specific_params); 408 return; 409 } 410 } 411 412 /* This is a new target, check if we've enough room */ 413 if (ndev->n_targets == NCI_MAX_DISCOVERED_TARGETS) { 414 pr_debug("not enough room, ignoring new target...\n"); 415 return; 416 } 417 418 target = &ndev->targets[ndev->n_targets]; 419 420 rc = nci_add_new_protocol(ndev, target, ntf->rf_protocol, 421 ntf->rf_tech_and_mode, 422 &ntf->rf_tech_specific_params); 423 if (!rc) { 424 target->logical_idx = ntf->rf_discovery_id; 425 ndev->n_targets++; 426 427 pr_debug("logical idx %d, n_targets %d\n", target->logical_idx, 428 ndev->n_targets); 429 } 430 } 431 432 void nci_clear_target_list(struct nci_dev *ndev) 433 { 434 memset(ndev->targets, 0, 435 (sizeof(struct nfc_target)*NCI_MAX_DISCOVERED_TARGETS)); 436 437 ndev->n_targets = 0; 438 } 439 440 static int nci_rf_discover_ntf_packet(struct nci_dev *ndev, 441 const struct sk_buff *skb) 442 { 443 struct nci_rf_discover_ntf ntf; 444 const __u8 *data; 445 bool add_target = true; 446 447 if (skb->len < offsetofend(struct nci_rf_discover_ntf, rf_tech_specific_params_len)) 448 return -EINVAL; 449 450 data = skb->data; 451 452 ntf.rf_discovery_id = *data++; 453 ntf.rf_protocol = *data++; 454 ntf.rf_tech_and_mode = *data++; 455 ntf.rf_tech_specific_params_len = *data++; 456 457 pr_debug("rf_discovery_id %d\n", ntf.rf_discovery_id); 458 pr_debug("rf_protocol 0x%x\n", ntf.rf_protocol); 459 pr_debug("rf_tech_and_mode 0x%x\n", ntf.rf_tech_and_mode); 460 pr_debug("rf_tech_specific_params_len %d\n", 461 ntf.rf_tech_specific_params_len); 462 463 if (skb->len < (data - skb->data) + 464 ntf.rf_tech_specific_params_len + sizeof(ntf.ntf_type)) 465 return -EINVAL; 466 467 if (ntf.rf_tech_specific_params_len > 0) { 468 switch (ntf.rf_tech_and_mode) { 469 case NCI_NFC_A_PASSIVE_POLL_MODE: 470 data = nci_extract_rf_params_nfca_passive_poll(ndev, 471 &(ntf.rf_tech_specific_params.nfca_poll), data, 472 ntf.rf_tech_specific_params_len); 473 if (IS_ERR(data)) 474 return PTR_ERR(data); 475 break; 476 477 case NCI_NFC_B_PASSIVE_POLL_MODE: 478 data = nci_extract_rf_params_nfcb_passive_poll(ndev, 479 &(ntf.rf_tech_specific_params.nfcb_poll), data, 480 ntf.rf_tech_specific_params_len); 481 if (IS_ERR(data)) 482 return PTR_ERR(data); 483 break; 484 485 case NCI_NFC_F_PASSIVE_POLL_MODE: 486 data = nci_extract_rf_params_nfcf_passive_poll(ndev, 487 &(ntf.rf_tech_specific_params.nfcf_poll), data, 488 ntf.rf_tech_specific_params_len); 489 if (IS_ERR(data)) 490 return PTR_ERR(data); 491 break; 492 493 case NCI_NFC_V_PASSIVE_POLL_MODE: 494 data = nci_extract_rf_params_nfcv_passive_poll(ndev, 495 &(ntf.rf_tech_specific_params.nfcv_poll), data, 496 ntf.rf_tech_specific_params_len); 497 if (IS_ERR(data)) 498 return PTR_ERR(data); 499 break; 500 501 default: 502 pr_err("unsupported rf_tech_and_mode 0x%x\n", 503 ntf.rf_tech_and_mode); 504 data += ntf.rf_tech_specific_params_len; 505 add_target = false; 506 } 507 } 508 509 ntf.ntf_type = *data++; 510 pr_debug("ntf_type %d\n", ntf.ntf_type); 511 512 if (add_target == true) 513 nci_add_new_target(ndev, &ntf); 514 515 if (ntf.ntf_type == NCI_DISCOVER_NTF_TYPE_MORE) { 516 atomic_set(&ndev->state, NCI_W4_ALL_DISCOVERIES); 517 } else { 518 atomic_set(&ndev->state, NCI_W4_HOST_SELECT); 519 nfc_targets_found(ndev->nfc_dev, ndev->targets, 520 ndev->n_targets); 521 } 522 523 return 0; 524 } 525 526 static int nci_extract_activation_params_iso_dep(struct nci_dev *ndev, 527 struct nci_rf_intf_activated_ntf *ntf, 528 const __u8 *data) 529 { 530 struct activation_params_nfca_poll_iso_dep *nfca_poll; 531 struct activation_params_nfcb_poll_iso_dep *nfcb_poll; 532 533 switch (ntf->activation_rf_tech_and_mode) { 534 case NCI_NFC_A_PASSIVE_POLL_MODE: 535 nfca_poll = &ntf->activation_params.nfca_poll_iso_dep; 536 nfca_poll->rats_res_len = min_t(__u8, *data++, NFC_ATS_MAXSIZE); 537 pr_debug("rats_res_len %d\n", nfca_poll->rats_res_len); 538 if (nfca_poll->rats_res_len > 0) { 539 memcpy(nfca_poll->rats_res, 540 data, nfca_poll->rats_res_len); 541 } 542 break; 543 544 case NCI_NFC_B_PASSIVE_POLL_MODE: 545 nfcb_poll = &ntf->activation_params.nfcb_poll_iso_dep; 546 nfcb_poll->attrib_res_len = min_t(__u8, *data++, 50); 547 pr_debug("attrib_res_len %d\n", nfcb_poll->attrib_res_len); 548 if (nfcb_poll->attrib_res_len > 0) { 549 memcpy(nfcb_poll->attrib_res, 550 data, nfcb_poll->attrib_res_len); 551 } 552 break; 553 554 default: 555 pr_err("unsupported activation_rf_tech_and_mode 0x%x\n", 556 ntf->activation_rf_tech_and_mode); 557 return NCI_STATUS_RF_PROTOCOL_ERROR; 558 } 559 560 return NCI_STATUS_OK; 561 } 562 563 static int nci_extract_activation_params_nfc_dep(struct nci_dev *ndev, 564 struct nci_rf_intf_activated_ntf *ntf, 565 const __u8 *data) 566 { 567 struct activation_params_poll_nfc_dep *poll; 568 struct activation_params_listen_nfc_dep *listen; 569 570 switch (ntf->activation_rf_tech_and_mode) { 571 case NCI_NFC_A_PASSIVE_POLL_MODE: 572 case NCI_NFC_F_PASSIVE_POLL_MODE: 573 poll = &ntf->activation_params.poll_nfc_dep; 574 poll->atr_res_len = min_t(__u8, *data++, 575 NFC_ATR_RES_MAXSIZE - 2); 576 pr_debug("atr_res_len %d\n", poll->atr_res_len); 577 if (poll->atr_res_len > 0) 578 memcpy(poll->atr_res, data, poll->atr_res_len); 579 break; 580 581 case NCI_NFC_A_PASSIVE_LISTEN_MODE: 582 case NCI_NFC_F_PASSIVE_LISTEN_MODE: 583 listen = &ntf->activation_params.listen_nfc_dep; 584 listen->atr_req_len = min_t(__u8, *data++, 585 NFC_ATR_REQ_MAXSIZE - 2); 586 pr_debug("atr_req_len %d\n", listen->atr_req_len); 587 if (listen->atr_req_len > 0) 588 memcpy(listen->atr_req, data, listen->atr_req_len); 589 break; 590 591 default: 592 pr_err("unsupported activation_rf_tech_and_mode 0x%x\n", 593 ntf->activation_rf_tech_and_mode); 594 return NCI_STATUS_RF_PROTOCOL_ERROR; 595 } 596 597 return NCI_STATUS_OK; 598 } 599 600 static void nci_target_auto_activated(struct nci_dev *ndev, 601 const struct nci_rf_intf_activated_ntf *ntf) 602 { 603 struct nfc_target *target; 604 int rc; 605 606 target = &ndev->targets[ndev->n_targets]; 607 608 rc = nci_add_new_protocol(ndev, target, ntf->rf_protocol, 609 ntf->activation_rf_tech_and_mode, 610 &ntf->rf_tech_specific_params); 611 if (rc) 612 return; 613 614 target->logical_idx = ntf->rf_discovery_id; 615 ndev->n_targets++; 616 617 pr_debug("logical idx %d, n_targets %d\n", 618 target->logical_idx, ndev->n_targets); 619 620 nfc_targets_found(ndev->nfc_dev, ndev->targets, ndev->n_targets); 621 } 622 623 static int nci_store_general_bytes_nfc_dep(struct nci_dev *ndev, 624 const struct nci_rf_intf_activated_ntf *ntf) 625 { 626 ndev->remote_gb_len = 0; 627 628 if (ntf->activation_params_len <= 0) 629 return NCI_STATUS_OK; 630 631 switch (ntf->activation_rf_tech_and_mode) { 632 case NCI_NFC_A_PASSIVE_POLL_MODE: 633 case NCI_NFC_F_PASSIVE_POLL_MODE: 634 ndev->remote_gb_len = min_t(__u8, 635 (ntf->activation_params.poll_nfc_dep.atr_res_len 636 - NFC_ATR_RES_GT_OFFSET), 637 NFC_ATR_RES_GB_MAXSIZE); 638 memcpy(ndev->remote_gb, 639 (ntf->activation_params.poll_nfc_dep.atr_res 640 + NFC_ATR_RES_GT_OFFSET), 641 ndev->remote_gb_len); 642 break; 643 644 case NCI_NFC_A_PASSIVE_LISTEN_MODE: 645 case NCI_NFC_F_PASSIVE_LISTEN_MODE: 646 ndev->remote_gb_len = min_t(__u8, 647 (ntf->activation_params.listen_nfc_dep.atr_req_len 648 - NFC_ATR_REQ_GT_OFFSET), 649 NFC_ATR_REQ_GB_MAXSIZE); 650 memcpy(ndev->remote_gb, 651 (ntf->activation_params.listen_nfc_dep.atr_req 652 + NFC_ATR_REQ_GT_OFFSET), 653 ndev->remote_gb_len); 654 break; 655 656 default: 657 pr_err("unsupported activation_rf_tech_and_mode 0x%x\n", 658 ntf->activation_rf_tech_and_mode); 659 return NCI_STATUS_RF_PROTOCOL_ERROR; 660 } 661 662 return NCI_STATUS_OK; 663 } 664 665 static int nci_store_ats_nfc_iso_dep(struct nci_dev *ndev, 666 const struct nci_rf_intf_activated_ntf *ntf) 667 { 668 ndev->target_ats_len = 0; 669 670 if (ntf->activation_params_len <= 0) 671 return NCI_STATUS_OK; 672 673 if (ntf->activation_params.nfca_poll_iso_dep.rats_res_len > NFC_ATS_MAXSIZE) { 674 pr_debug("ATS too long\n"); 675 return NCI_STATUS_RF_PROTOCOL_ERROR; 676 } 677 678 if (ntf->activation_params.nfca_poll_iso_dep.rats_res_len > 0) { 679 ndev->target_ats_len = ntf->activation_params.nfca_poll_iso_dep.rats_res_len; 680 memcpy(ndev->target_ats, ntf->activation_params.nfca_poll_iso_dep.rats_res, 681 ndev->target_ats_len); 682 } 683 684 return NCI_STATUS_OK; 685 } 686 687 static int nci_rf_intf_activated_ntf_packet(struct nci_dev *ndev, 688 const struct sk_buff *skb) 689 { 690 struct nci_conn_info *conn_info; 691 struct nci_rf_intf_activated_ntf ntf; 692 const __u8 *data; 693 int err = NCI_STATUS_OK; 694 695 if (skb->len < offsetofend(struct nci_rf_intf_activated_ntf, rf_tech_specific_params_len)) 696 return -EINVAL; 697 698 data = skb->data; 699 700 ntf.rf_discovery_id = *data++; 701 ntf.rf_interface = *data++; 702 ntf.rf_protocol = *data++; 703 ntf.activation_rf_tech_and_mode = *data++; 704 ntf.max_data_pkt_payload_size = *data++; 705 ntf.initial_num_credits = *data++; 706 ntf.rf_tech_specific_params_len = *data++; 707 708 pr_debug("rf_discovery_id %d\n", ntf.rf_discovery_id); 709 pr_debug("rf_interface 0x%x\n", ntf.rf_interface); 710 pr_debug("rf_protocol 0x%x\n", ntf.rf_protocol); 711 pr_debug("activation_rf_tech_and_mode 0x%x\n", 712 ntf.activation_rf_tech_and_mode); 713 pr_debug("max_data_pkt_payload_size 0x%x\n", 714 ntf.max_data_pkt_payload_size); 715 pr_debug("initial_num_credits 0x%x\n", 716 ntf.initial_num_credits); 717 pr_debug("rf_tech_specific_params_len %d\n", 718 ntf.rf_tech_specific_params_len); 719 720 /* If this contains a value of 0x00 (NFCEE Direct RF 721 * Interface) then all following parameters SHALL contain a 722 * value of 0 and SHALL be ignored. 723 */ 724 if (ntf.rf_interface == NCI_RF_INTERFACE_NFCEE_DIRECT) 725 goto listen; 726 727 if (skb->len < (data - skb->data) + ntf.rf_tech_specific_params_len) 728 return -EINVAL; 729 730 if (ntf.rf_tech_specific_params_len > 0) { 731 switch (ntf.activation_rf_tech_and_mode) { 732 case NCI_NFC_A_PASSIVE_POLL_MODE: 733 data = nci_extract_rf_params_nfca_passive_poll(ndev, 734 &(ntf.rf_tech_specific_params.nfca_poll), data, 735 ntf.rf_tech_specific_params_len); 736 if (IS_ERR(data)) 737 return -EINVAL; 738 break; 739 740 case NCI_NFC_B_PASSIVE_POLL_MODE: 741 data = nci_extract_rf_params_nfcb_passive_poll(ndev, 742 &(ntf.rf_tech_specific_params.nfcb_poll), data, 743 ntf.rf_tech_specific_params_len); 744 if (IS_ERR(data)) 745 return -EINVAL; 746 break; 747 748 case NCI_NFC_F_PASSIVE_POLL_MODE: 749 data = nci_extract_rf_params_nfcf_passive_poll(ndev, 750 &(ntf.rf_tech_specific_params.nfcf_poll), data, 751 ntf.rf_tech_specific_params_len); 752 if (IS_ERR(data)) 753 return -EINVAL; 754 break; 755 756 case NCI_NFC_V_PASSIVE_POLL_MODE: 757 data = nci_extract_rf_params_nfcv_passive_poll(ndev, 758 &(ntf.rf_tech_specific_params.nfcv_poll), data, 759 ntf.rf_tech_specific_params_len); 760 if (IS_ERR(data)) 761 return -EINVAL; 762 break; 763 764 case NCI_NFC_A_PASSIVE_LISTEN_MODE: 765 /* no RF technology specific parameters */ 766 break; 767 768 case NCI_NFC_F_PASSIVE_LISTEN_MODE: 769 data = nci_extract_rf_params_nfcf_passive_listen(ndev, 770 &(ntf.rf_tech_specific_params.nfcf_listen), 771 data, ntf.rf_tech_specific_params_len); 772 if (IS_ERR(data)) 773 return -EINVAL; 774 break; 775 776 default: 777 pr_err("unsupported activation_rf_tech_and_mode 0x%x\n", 778 ntf.activation_rf_tech_and_mode); 779 err = NCI_STATUS_RF_PROTOCOL_ERROR; 780 goto exit; 781 } 782 } 783 784 if (skb->len < (data - skb->data) + 785 sizeof(ntf.data_exch_rf_tech_and_mode) + 786 sizeof(ntf.data_exch_tx_bit_rate) + 787 sizeof(ntf.data_exch_rx_bit_rate) + 788 sizeof(ntf.activation_params_len)) 789 return -EINVAL; 790 791 ntf.data_exch_rf_tech_and_mode = *data++; 792 ntf.data_exch_tx_bit_rate = *data++; 793 ntf.data_exch_rx_bit_rate = *data++; 794 ntf.activation_params_len = *data++; 795 796 pr_debug("data_exch_rf_tech_and_mode 0x%x\n", 797 ntf.data_exch_rf_tech_and_mode); 798 pr_debug("data_exch_tx_bit_rate 0x%x\n", ntf.data_exch_tx_bit_rate); 799 pr_debug("data_exch_rx_bit_rate 0x%x\n", ntf.data_exch_rx_bit_rate); 800 pr_debug("activation_params_len %d\n", ntf.activation_params_len); 801 802 if (skb->len < (data - skb->data) + ntf.activation_params_len) 803 return -EINVAL; 804 805 if (ntf.activation_params_len > 0) { 806 switch (ntf.rf_interface) { 807 case NCI_RF_INTERFACE_ISO_DEP: 808 err = nci_extract_activation_params_iso_dep(ndev, 809 &ntf, data); 810 break; 811 812 case NCI_RF_INTERFACE_NFC_DEP: 813 err = nci_extract_activation_params_nfc_dep(ndev, 814 &ntf, data); 815 break; 816 817 case NCI_RF_INTERFACE_FRAME: 818 /* no activation params */ 819 break; 820 821 default: 822 pr_err("unsupported rf_interface 0x%x\n", 823 ntf.rf_interface); 824 err = NCI_STATUS_RF_PROTOCOL_ERROR; 825 break; 826 } 827 } 828 829 exit: 830 if (err == NCI_STATUS_OK) { 831 conn_info = ndev->rf_conn_info; 832 if (!conn_info) 833 return 0; 834 835 conn_info->max_pkt_payload_len = ntf.max_data_pkt_payload_size; 836 conn_info->initial_num_credits = ntf.initial_num_credits; 837 838 /* set the available credits to initial value */ 839 atomic_set(&conn_info->credits_cnt, 840 conn_info->initial_num_credits); 841 842 /* store general bytes to be reported later in dep_link_up */ 843 if (ntf.rf_interface == NCI_RF_INTERFACE_NFC_DEP) { 844 err = nci_store_general_bytes_nfc_dep(ndev, &ntf); 845 if (err != NCI_STATUS_OK) 846 pr_err("unable to store general bytes\n"); 847 } 848 849 /* store ATS to be reported later in nci_activate_target */ 850 if (ntf.rf_interface == NCI_RF_INTERFACE_ISO_DEP && 851 ntf.activation_rf_tech_and_mode == NCI_NFC_A_PASSIVE_POLL_MODE) { 852 err = nci_store_ats_nfc_iso_dep(ndev, &ntf); 853 if (err != NCI_STATUS_OK) 854 pr_err("unable to store ATS\n"); 855 } 856 } 857 858 if (!(ntf.activation_rf_tech_and_mode & NCI_RF_TECH_MODE_LISTEN_MASK)) { 859 /* Poll mode */ 860 if (atomic_read(&ndev->state) == NCI_DISCOVERY) { 861 /* A single target was found and activated 862 * automatically */ 863 atomic_set(&ndev->state, NCI_POLL_ACTIVE); 864 if (err == NCI_STATUS_OK) 865 nci_target_auto_activated(ndev, &ntf); 866 } else { /* ndev->state == NCI_W4_HOST_SELECT */ 867 /* A selected target was activated, so complete the 868 * request */ 869 atomic_set(&ndev->state, NCI_POLL_ACTIVE); 870 nci_req_complete(ndev, err); 871 } 872 } else { 873 listen: 874 /* Listen mode */ 875 atomic_set(&ndev->state, NCI_LISTEN_ACTIVE); 876 if (err == NCI_STATUS_OK && 877 ntf.rf_protocol == NCI_RF_PROTOCOL_NFC_DEP) { 878 err = nfc_tm_activated(ndev->nfc_dev, 879 NFC_PROTO_NFC_DEP_MASK, 880 NFC_COMM_PASSIVE, 881 ndev->remote_gb, 882 ndev->remote_gb_len); 883 if (err != NCI_STATUS_OK) 884 pr_err("error when signaling tm activation\n"); 885 } 886 } 887 888 return 0; 889 } 890 891 static int nci_rf_deactivate_ntf_packet(struct nci_dev *ndev, 892 const struct sk_buff *skb) 893 { 894 const struct nci_conn_info *conn_info; 895 const struct nci_rf_deactivate_ntf *ntf; 896 897 if (skb->len < sizeof(struct nci_rf_deactivate_ntf)) 898 return -EINVAL; 899 900 ntf = (struct nci_rf_deactivate_ntf *)skb->data; 901 902 pr_debug("entry, type 0x%x, reason 0x%x\n", ntf->type, ntf->reason); 903 904 conn_info = ndev->rf_conn_info; 905 if (!conn_info) 906 return 0; 907 908 /* drop tx data queue */ 909 skb_queue_purge(&ndev->tx_q); 910 911 /* drop partial rx data packet */ 912 if (ndev->rx_data_reassembly) { 913 kfree_skb(ndev->rx_data_reassembly); 914 ndev->rx_data_reassembly = NULL; 915 } 916 917 /* complete the data exchange transaction, if exists */ 918 if (test_bit(NCI_DATA_EXCHANGE, &ndev->flags)) 919 nci_data_exchange_complete(ndev, NULL, NCI_STATIC_RF_CONN_ID, 920 -EIO); 921 922 switch (ntf->type) { 923 case NCI_DEACTIVATE_TYPE_IDLE_MODE: 924 nci_clear_target_list(ndev); 925 atomic_set(&ndev->state, NCI_IDLE); 926 break; 927 case NCI_DEACTIVATE_TYPE_SLEEP_MODE: 928 case NCI_DEACTIVATE_TYPE_SLEEP_AF_MODE: 929 atomic_set(&ndev->state, NCI_W4_HOST_SELECT); 930 break; 931 case NCI_DEACTIVATE_TYPE_DISCOVERY: 932 nci_clear_target_list(ndev); 933 atomic_set(&ndev->state, NCI_DISCOVERY); 934 break; 935 } 936 937 nci_req_complete(ndev, NCI_STATUS_OK); 938 939 return 0; 940 } 941 942 static int nci_nfcee_discover_ntf_packet(struct nci_dev *ndev, 943 const struct sk_buff *skb) 944 { 945 u8 status = NCI_STATUS_OK; 946 const struct nci_nfcee_discover_ntf *nfcee_ntf; 947 948 if (skb->len < sizeof(struct nci_nfcee_discover_ntf)) 949 return -EINVAL; 950 951 nfcee_ntf = (struct nci_nfcee_discover_ntf *)skb->data; 952 953 /* NFCForum NCI 9.2.1 HCI Network Specific Handling 954 * If the NFCC supports the HCI Network, it SHALL return one, 955 * and only one, NFCEE_DISCOVER_NTF with a Protocol type of 956 * “HCI Access”, even if the HCI Network contains multiple NFCEEs. 957 */ 958 ndev->hci_dev->nfcee_id = nfcee_ntf->nfcee_id; 959 ndev->cur_params.id = nfcee_ntf->nfcee_id; 960 961 nci_req_complete(ndev, status); 962 963 return 0; 964 } 965 966 void nci_ntf_packet(struct nci_dev *ndev, struct sk_buff *skb) 967 { 968 __u16 ntf_opcode = nci_opcode(skb->data); 969 970 pr_debug("NCI RX: MT=ntf, PBF=%d, GID=0x%x, OID=0x%x, plen=%d\n", 971 nci_pbf(skb->data), 972 nci_opcode_gid(ntf_opcode), 973 nci_opcode_oid(ntf_opcode), 974 nci_plen(skb->data)); 975 976 /* strip the nci control header */ 977 skb_pull(skb, NCI_CTRL_HDR_SIZE); 978 979 if (nci_opcode_gid(ntf_opcode) == NCI_GID_PROPRIETARY) { 980 if (nci_prop_ntf_packet(ndev, ntf_opcode, skb) == -ENOTSUPP) { 981 pr_err("unsupported ntf opcode 0x%x\n", 982 ntf_opcode); 983 } 984 985 goto end; 986 } 987 988 switch (ntf_opcode) { 989 case NCI_OP_CORE_RESET_NTF: 990 if (nci_core_reset_ntf_packet(ndev, skb)) 991 goto end; 992 break; 993 994 case NCI_OP_CORE_CONN_CREDITS_NTF: 995 if (nci_core_conn_credits_ntf_packet(ndev, skb)) 996 goto end; 997 break; 998 999 case NCI_OP_CORE_GENERIC_ERROR_NTF: 1000 if (nci_core_generic_error_ntf_packet(ndev, skb)) 1001 goto end; 1002 break; 1003 1004 case NCI_OP_CORE_INTF_ERROR_NTF: 1005 if (nci_core_conn_intf_error_ntf_packet(ndev, skb)) 1006 goto end; 1007 break; 1008 1009 case NCI_OP_RF_DISCOVER_NTF: 1010 if (nci_rf_discover_ntf_packet(ndev, skb)) 1011 goto end; 1012 break; 1013 1014 case NCI_OP_RF_INTF_ACTIVATED_NTF: 1015 if (nci_rf_intf_activated_ntf_packet(ndev, skb)) 1016 goto end; 1017 break; 1018 1019 case NCI_OP_RF_DEACTIVATE_NTF: 1020 if (nci_rf_deactivate_ntf_packet(ndev, skb)) 1021 goto end; 1022 break; 1023 1024 case NCI_OP_NFCEE_DISCOVER_NTF: 1025 if (nci_nfcee_discover_ntf_packet(ndev, skb)) 1026 goto end; 1027 break; 1028 1029 case NCI_OP_RF_NFCEE_ACTION_NTF: 1030 break; 1031 1032 default: 1033 pr_err("unknown ntf opcode 0x%x\n", ntf_opcode); 1034 break; 1035 } 1036 1037 nci_core_ntf_packet(ndev, ntf_opcode, skb); 1038 end: 1039 kfree_skb(skb); 1040 } 1041