Avoid beyond bounds copy while caching ACL
[zen-stable.git] / net / nfc / nci / ntf.c
blobb16a8dc2afbe7fcd457787791f887092985021e5
1 /*
2 * The NFC Controller Interface is the communication protocol between an
3 * NFC Controller (NFCC) and a Device Host (DH).
5 * Copyright (C) 2011 Texas Instruments, Inc.
7 * Written by Ilan Elias <ilane@ti.com>
9 * Acknowledgements:
10 * This file is based on hci_event.c, which was written
11 * by Maxim Krasnyansky.
13 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License version 2
15 * as published by the Free Software Foundation
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
28 #define pr_fmt(fmt) KBUILD_MODNAME ": %s: " fmt, __func__
30 #include <linux/types.h>
31 #include <linux/interrupt.h>
32 #include <linux/bitops.h>
33 #include <linux/skbuff.h>
35 #include "../nfc.h"
36 #include <net/nfc/nci.h>
37 #include <net/nfc/nci_core.h>
38 #include <linux/nfc.h>
40 /* Handle NCI Notification packets */
42 static void nci_core_conn_credits_ntf_packet(struct nci_dev *ndev,
43 struct sk_buff *skb)
45 struct nci_core_conn_credit_ntf *ntf = (void *) skb->data;
46 int i;
48 pr_debug("num_entries %d\n", ntf->num_entries);
50 if (ntf->num_entries > NCI_MAX_NUM_CONN)
51 ntf->num_entries = NCI_MAX_NUM_CONN;
53 /* update the credits */
54 for (i = 0; i < ntf->num_entries; i++) {
55 ntf->conn_entries[i].conn_id =
56 nci_conn_id(&ntf->conn_entries[i].conn_id);
58 pr_debug("entry[%d]: conn_id %d, credits %d\n",
59 i, ntf->conn_entries[i].conn_id,
60 ntf->conn_entries[i].credits);
62 if (ntf->conn_entries[i].conn_id == NCI_STATIC_RF_CONN_ID) {
63 /* found static rf connection */
64 atomic_add(ntf->conn_entries[i].credits,
65 &ndev->credits_cnt);
69 /* trigger the next tx */
70 if (!skb_queue_empty(&ndev->tx_q))
71 queue_work(ndev->tx_wq, &ndev->tx_work);
74 static void nci_core_conn_intf_error_ntf_packet(struct nci_dev *ndev,
75 struct sk_buff *skb)
77 struct nci_core_intf_error_ntf *ntf = (void *) skb->data;
79 ntf->conn_id = nci_conn_id(&ntf->conn_id);
81 pr_debug("status 0x%x, conn_id %d\n", ntf->status, ntf->conn_id);
83 /* complete the data exchange transaction, if exists */
84 if (test_bit(NCI_DATA_EXCHANGE, &ndev->flags))
85 nci_data_exchange_complete(ndev, NULL, -EIO);
88 static __u8 *nci_extract_rf_params_nfca_passive_poll(struct nci_dev *ndev,
89 struct nci_rf_intf_activated_ntf *ntf, __u8 *data)
91 struct rf_tech_specific_params_nfca_poll *nfca_poll;
93 nfca_poll = &ntf->rf_tech_specific_params.nfca_poll;
95 nfca_poll->sens_res = __le16_to_cpu(*((__u16 *)data));
96 data += 2;
98 nfca_poll->nfcid1_len = *data++;
100 pr_debug("sens_res 0x%x, nfcid1_len %d\n",
101 nfca_poll->sens_res, nfca_poll->nfcid1_len);
103 memcpy(nfca_poll->nfcid1, data, nfca_poll->nfcid1_len);
104 data += nfca_poll->nfcid1_len;
106 nfca_poll->sel_res_len = *data++;
108 if (nfca_poll->sel_res_len != 0)
109 nfca_poll->sel_res = *data++;
111 pr_debug("sel_res_len %d, sel_res 0x%x\n",
112 nfca_poll->sel_res_len,
113 nfca_poll->sel_res);
115 return data;
118 static int nci_extract_activation_params_iso_dep(struct nci_dev *ndev,
119 struct nci_rf_intf_activated_ntf *ntf, __u8 *data)
121 struct activation_params_nfca_poll_iso_dep *nfca_poll;
123 switch (ntf->activation_rf_tech_and_mode) {
124 case NCI_NFC_A_PASSIVE_POLL_MODE:
125 nfca_poll = &ntf->activation_params.nfca_poll_iso_dep;
126 nfca_poll->rats_res_len = *data++;
127 if (nfca_poll->rats_res_len > 0) {
128 memcpy(nfca_poll->rats_res,
129 data,
130 nfca_poll->rats_res_len);
132 break;
134 default:
135 pr_err("unsupported activation_rf_tech_and_mode 0x%x\n",
136 ntf->activation_rf_tech_and_mode);
137 return -EPROTO;
140 return 0;
143 static void nci_target_found(struct nci_dev *ndev,
144 struct nci_rf_intf_activated_ntf *ntf)
146 struct nfc_target nfc_tgt;
148 if (ntf->rf_protocol == NCI_RF_PROTOCOL_T2T) /* T2T MifareUL */
149 nfc_tgt.supported_protocols = NFC_PROTO_MIFARE_MASK;
150 else if (ntf->rf_protocol == NCI_RF_PROTOCOL_ISO_DEP) /* 4A */
151 nfc_tgt.supported_protocols = NFC_PROTO_ISO14443_MASK;
152 else
153 nfc_tgt.supported_protocols = 0;
155 nfc_tgt.sens_res = ntf->rf_tech_specific_params.nfca_poll.sens_res;
156 nfc_tgt.sel_res = ntf->rf_tech_specific_params.nfca_poll.sel_res;
157 nfc_tgt.nfcid1_len = ntf->rf_tech_specific_params.nfca_poll.nfcid1_len;
158 if (nfc_tgt.nfcid1_len > 0) {
159 memcpy(nfc_tgt.nfcid1,
160 ntf->rf_tech_specific_params.nfca_poll.nfcid1,
161 nfc_tgt.nfcid1_len);
164 if (!(nfc_tgt.supported_protocols & ndev->poll_prots)) {
165 pr_debug("the target found does not have the desired protocol\n");
166 return;
169 pr_debug("new target found, supported_protocols 0x%x\n",
170 nfc_tgt.supported_protocols);
172 ndev->target_available_prots = nfc_tgt.supported_protocols;
173 ndev->max_data_pkt_payload_size = ntf->max_data_pkt_payload_size;
174 ndev->initial_num_credits = ntf->initial_num_credits;
176 /* set the available credits to initial value */
177 atomic_set(&ndev->credits_cnt, ndev->initial_num_credits);
179 nfc_targets_found(ndev->nfc_dev, &nfc_tgt, 1);
182 static void nci_rf_intf_activated_ntf_packet(struct nci_dev *ndev,
183 struct sk_buff *skb)
185 struct nci_rf_intf_activated_ntf ntf;
186 __u8 *data = skb->data;
187 int err = 0;
189 clear_bit(NCI_DISCOVERY, &ndev->flags);
190 set_bit(NCI_POLL_ACTIVE, &ndev->flags);
192 ntf.rf_discovery_id = *data++;
193 ntf.rf_interface = *data++;
194 ntf.rf_protocol = *data++;
195 ntf.activation_rf_tech_and_mode = *data++;
196 ntf.max_data_pkt_payload_size = *data++;
197 ntf.initial_num_credits = *data++;
198 ntf.rf_tech_specific_params_len = *data++;
200 pr_debug("rf_discovery_id %d\n", ntf.rf_discovery_id);
201 pr_debug("rf_interface 0x%x\n", ntf.rf_interface);
202 pr_debug("rf_protocol 0x%x\n", ntf.rf_protocol);
203 pr_debug("activation_rf_tech_and_mode 0x%x\n",
204 ntf.activation_rf_tech_and_mode);
205 pr_debug("max_data_pkt_payload_size 0x%x\n",
206 ntf.max_data_pkt_payload_size);
207 pr_debug("initial_num_credits 0x%x\n", ntf.initial_num_credits);
208 pr_debug("rf_tech_specific_params_len %d\n",
209 ntf.rf_tech_specific_params_len);
211 if (ntf.rf_tech_specific_params_len > 0) {
212 switch (ntf.activation_rf_tech_and_mode) {
213 case NCI_NFC_A_PASSIVE_POLL_MODE:
214 data = nci_extract_rf_params_nfca_passive_poll(ndev,
215 &ntf, data);
216 break;
218 default:
219 pr_err("unsupported activation_rf_tech_and_mode 0x%x\n",
220 ntf.activation_rf_tech_and_mode);
221 return;
225 ntf.data_exch_rf_tech_and_mode = *data++;
226 ntf.data_exch_tx_bit_rate = *data++;
227 ntf.data_exch_rx_bit_rate = *data++;
228 ntf.activation_params_len = *data++;
230 pr_debug("data_exch_rf_tech_and_mode 0x%x\n",
231 ntf.data_exch_rf_tech_and_mode);
232 pr_debug("data_exch_tx_bit_rate 0x%x\n",
233 ntf.data_exch_tx_bit_rate);
234 pr_debug("data_exch_rx_bit_rate 0x%x\n",
235 ntf.data_exch_rx_bit_rate);
236 pr_debug("activation_params_len %d\n",
237 ntf.activation_params_len);
239 if (ntf.activation_params_len > 0) {
240 switch (ntf.rf_interface) {
241 case NCI_RF_INTERFACE_ISO_DEP:
242 err = nci_extract_activation_params_iso_dep(ndev,
243 &ntf, data);
244 break;
246 case NCI_RF_INTERFACE_FRAME:
247 /* no activation params */
248 break;
250 default:
251 pr_err("unsupported rf_interface 0x%x\n",
252 ntf.rf_interface);
253 return;
257 if (!err)
258 nci_target_found(ndev, &ntf);
261 static void nci_rf_deactivate_ntf_packet(struct nci_dev *ndev,
262 struct sk_buff *skb)
264 struct nci_rf_deactivate_ntf *ntf = (void *) skb->data;
266 pr_debug("entry, type 0x%x, reason 0x%x\n", ntf->type, ntf->reason);
268 clear_bit(NCI_POLL_ACTIVE, &ndev->flags);
269 ndev->target_active_prot = 0;
271 /* drop tx data queue */
272 skb_queue_purge(&ndev->tx_q);
274 /* drop partial rx data packet */
275 if (ndev->rx_data_reassembly) {
276 kfree_skb(ndev->rx_data_reassembly);
277 ndev->rx_data_reassembly = 0;
280 /* complete the data exchange transaction, if exists */
281 if (test_bit(NCI_DATA_EXCHANGE, &ndev->flags))
282 nci_data_exchange_complete(ndev, NULL, -EIO);
285 void nci_ntf_packet(struct nci_dev *ndev, struct sk_buff *skb)
287 __u16 ntf_opcode = nci_opcode(skb->data);
289 pr_debug("NCI RX: MT=ntf, PBF=%d, GID=0x%x, OID=0x%x, plen=%d\n",
290 nci_pbf(skb->data),
291 nci_opcode_gid(ntf_opcode),
292 nci_opcode_oid(ntf_opcode),
293 nci_plen(skb->data));
295 /* strip the nci control header */
296 skb_pull(skb, NCI_CTRL_HDR_SIZE);
298 switch (ntf_opcode) {
299 case NCI_OP_CORE_CONN_CREDITS_NTF:
300 nci_core_conn_credits_ntf_packet(ndev, skb);
301 break;
303 case NCI_OP_CORE_INTF_ERROR_NTF:
304 nci_core_conn_intf_error_ntf_packet(ndev, skb);
305 break;
307 case NCI_OP_RF_INTF_ACTIVATED_NTF:
308 nci_rf_intf_activated_ntf_packet(ndev, skb);
309 break;
311 case NCI_OP_RF_DEACTIVATE_NTF:
312 nci_rf_deactivate_ntf_packet(ndev, skb);
313 break;
315 default:
316 pr_err("unknown ntf opcode 0x%x\n", ntf_opcode);
317 break;
320 kfree_skb(skb);