Avoid beyond bounds copy while caching ACL
[zen-stable.git] / net / nfc / nci / rsp.c
blob2840ae2f361527e278ae871a84f18f968d612057
1 /*
2 * The NFC Controller Interface is the communication protocol between an
3 * NFC Controller (NFCC) and a Device Host (DH).
5 * Copyright (C) 2011 Texas Instruments, Inc.
7 * Written by Ilan Elias <ilane@ti.com>
9 * Acknowledgements:
10 * This file is based on hci_event.c, which was written
11 * by Maxim Krasnyansky.
13 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License version 2
15 * as published by the Free Software Foundation
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
28 #define pr_fmt(fmt) KBUILD_MODNAME ": %s: " fmt, __func__
30 #include <linux/types.h>
31 #include <linux/interrupt.h>
32 #include <linux/bitops.h>
33 #include <linux/skbuff.h>
35 #include "../nfc.h"
36 #include <net/nfc/nci.h>
37 #include <net/nfc/nci_core.h>
39 /* Handle NCI Response packets */
41 static void nci_core_reset_rsp_packet(struct nci_dev *ndev, struct sk_buff *skb)
43 struct nci_core_reset_rsp *rsp = (void *) skb->data;
45 pr_debug("status 0x%x\n", rsp->status);
47 if (rsp->status == NCI_STATUS_OK) {
48 ndev->nci_ver = rsp->nci_ver;
49 pr_debug("nci_ver 0x%x, config_status 0x%x\n",
50 rsp->nci_ver, rsp->config_status);
53 nci_req_complete(ndev, rsp->status);
56 static void nci_core_init_rsp_packet(struct nci_dev *ndev, struct sk_buff *skb)
58 struct nci_core_init_rsp_1 *rsp_1 = (void *) skb->data;
59 struct nci_core_init_rsp_2 *rsp_2;
61 pr_debug("status 0x%x\n", rsp_1->status);
63 if (rsp_1->status != NCI_STATUS_OK)
64 goto exit;
66 ndev->nfcc_features = __le32_to_cpu(rsp_1->nfcc_features);
67 ndev->num_supported_rf_interfaces = rsp_1->num_supported_rf_interfaces;
69 if (ndev->num_supported_rf_interfaces >
70 NCI_MAX_SUPPORTED_RF_INTERFACES) {
71 ndev->num_supported_rf_interfaces =
72 NCI_MAX_SUPPORTED_RF_INTERFACES;
75 memcpy(ndev->supported_rf_interfaces,
76 rsp_1->supported_rf_interfaces,
77 ndev->num_supported_rf_interfaces);
79 rsp_2 = (void *) (skb->data + 6 + rsp_1->num_supported_rf_interfaces);
81 ndev->max_logical_connections =
82 rsp_2->max_logical_connections;
83 ndev->max_routing_table_size =
84 __le16_to_cpu(rsp_2->max_routing_table_size);
85 ndev->max_ctrl_pkt_payload_len =
86 rsp_2->max_ctrl_pkt_payload_len;
87 ndev->max_size_for_large_params =
88 __le16_to_cpu(rsp_2->max_size_for_large_params);
89 ndev->manufact_id =
90 rsp_2->manufact_id;
91 ndev->manufact_specific_info =
92 __le32_to_cpu(rsp_2->manufact_specific_info);
94 pr_debug("nfcc_features 0x%x\n",
95 ndev->nfcc_features);
96 pr_debug("num_supported_rf_interfaces %d\n",
97 ndev->num_supported_rf_interfaces);
98 pr_debug("supported_rf_interfaces[0] 0x%x\n",
99 ndev->supported_rf_interfaces[0]);
100 pr_debug("supported_rf_interfaces[1] 0x%x\n",
101 ndev->supported_rf_interfaces[1]);
102 pr_debug("supported_rf_interfaces[2] 0x%x\n",
103 ndev->supported_rf_interfaces[2]);
104 pr_debug("supported_rf_interfaces[3] 0x%x\n",
105 ndev->supported_rf_interfaces[3]);
106 pr_debug("max_logical_connections %d\n",
107 ndev->max_logical_connections);
108 pr_debug("max_routing_table_size %d\n",
109 ndev->max_routing_table_size);
110 pr_debug("max_ctrl_pkt_payload_len %d\n",
111 ndev->max_ctrl_pkt_payload_len);
112 pr_debug("max_size_for_large_params %d\n",
113 ndev->max_size_for_large_params);
114 pr_debug("manufact_id 0x%x\n",
115 ndev->manufact_id);
116 pr_debug("manufact_specific_info 0x%x\n",
117 ndev->manufact_specific_info);
119 exit:
120 nci_req_complete(ndev, rsp_1->status);
123 static void nci_rf_disc_map_rsp_packet(struct nci_dev *ndev,
124 struct sk_buff *skb)
126 __u8 status = skb->data[0];
128 pr_debug("status 0x%x\n", status);
130 nci_req_complete(ndev, status);
133 static void nci_rf_disc_rsp_packet(struct nci_dev *ndev, struct sk_buff *skb)
135 __u8 status = skb->data[0];
137 pr_debug("status 0x%x\n", status);
139 if (status == NCI_STATUS_OK)
140 set_bit(NCI_DISCOVERY, &ndev->flags);
142 nci_req_complete(ndev, status);
145 static void nci_rf_deactivate_rsp_packet(struct nci_dev *ndev,
146 struct sk_buff *skb)
148 __u8 status = skb->data[0];
150 pr_debug("status 0x%x\n", status);
152 clear_bit(NCI_DISCOVERY, &ndev->flags);
154 nci_req_complete(ndev, status);
157 void nci_rsp_packet(struct nci_dev *ndev, struct sk_buff *skb)
159 __u16 rsp_opcode = nci_opcode(skb->data);
161 /* we got a rsp, stop the cmd timer */
162 del_timer(&ndev->cmd_timer);
164 pr_debug("NCI RX: MT=rsp, PBF=%d, GID=0x%x, OID=0x%x, plen=%d\n",
165 nci_pbf(skb->data),
166 nci_opcode_gid(rsp_opcode),
167 nci_opcode_oid(rsp_opcode),
168 nci_plen(skb->data));
170 /* strip the nci control header */
171 skb_pull(skb, NCI_CTRL_HDR_SIZE);
173 switch (rsp_opcode) {
174 case NCI_OP_CORE_RESET_RSP:
175 nci_core_reset_rsp_packet(ndev, skb);
176 break;
178 case NCI_OP_CORE_INIT_RSP:
179 nci_core_init_rsp_packet(ndev, skb);
180 break;
182 case NCI_OP_RF_DISCOVER_MAP_RSP:
183 nci_rf_disc_map_rsp_packet(ndev, skb);
184 break;
186 case NCI_OP_RF_DISCOVER_RSP:
187 nci_rf_disc_rsp_packet(ndev, skb);
188 break;
190 case NCI_OP_RF_DEACTIVATE_RSP:
191 nci_rf_deactivate_rsp_packet(ndev, skb);
192 break;
194 default:
195 pr_err("unknown rsp opcode 0x%x\n", rsp_opcode);
196 break;
199 kfree_skb(skb);
201 /* trigger the next cmd */
202 atomic_set(&ndev->cmd_cnt, 1);
203 if (!skb_queue_empty(&ndev->cmd_q))
204 queue_work(ndev->cmd_wq, &ndev->cmd_work);