1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Copyright (C) 2011 Intel Corporation. All rights reserved.
4 * Copyright (C) 2014 Marvell International Ltd.
7 #define pr_fmt(fmt) "llcp: %s: " fmt, __func__
9 #include <linux/init.h>
10 #include <linux/kernel.h>
11 #include <linux/list.h>
12 #include <linux/nfc.h>
17 static u8 llcp_magic[3] = {0x46, 0x66, 0x6d};
19 static LIST_HEAD(llcp_devices);
20 /* Protects llcp_devices list */
21 static DEFINE_SPINLOCK(llcp_devices_lock);
23 static void nfc_llcp_rx_skb(struct nfc_llcp_local *local, struct sk_buff *skb);
25 void nfc_llcp_sock_link(struct llcp_sock_list *l, struct sock *sk)
28 sk_add_node(sk, &l->head);
29 write_unlock(&l->lock);
32 void nfc_llcp_sock_unlink(struct llcp_sock_list *l, struct sock *sk)
36 write_unlock(&l->lock);
39 void nfc_llcp_socket_remote_param_init(struct nfc_llcp_sock *sock)
41 sock->remote_rw = LLCP_DEFAULT_RW;
42 sock->remote_miu = LLCP_MAX_MIU + 1;
45 static void nfc_llcp_socket_purge(struct nfc_llcp_sock *sock)
47 struct nfc_llcp_local *local = sock->local;
48 struct sk_buff *s, *tmp;
50 pr_debug("%p\n", &sock->sk);
52 skb_queue_purge(&sock->tx_queue);
53 skb_queue_purge(&sock->tx_pending_queue);
58 /* Search for local pending SKBs that are related to this socket */
59 skb_queue_walk_safe(&local->tx_queue, s, tmp) {
60 if (s->sk != &sock->sk)
63 skb_unlink(s, &local->tx_queue);
68 static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool device,
72 struct hlist_node *tmp;
73 struct nfc_llcp_sock *llcp_sock;
75 skb_queue_purge(&local->tx_queue);
77 write_lock(&local->sockets.lock);
79 sk_for_each_safe(sk, tmp, &local->sockets.head) {
80 llcp_sock = nfc_llcp_sock(sk);
84 nfc_llcp_socket_purge(llcp_sock);
86 if (sk->sk_state == LLCP_CONNECTED)
87 nfc_put_device(llcp_sock->dev);
89 if (sk->sk_state == LLCP_LISTEN) {
90 struct nfc_llcp_sock *lsk, *n;
91 struct sock *accept_sk;
93 list_for_each_entry_safe(lsk, n,
94 &llcp_sock->accept_queue,
97 bh_lock_sock(accept_sk);
99 nfc_llcp_accept_unlink(accept_sk);
102 accept_sk->sk_err = err;
103 accept_sk->sk_state = LLCP_CLOSED;
104 accept_sk->sk_state_change(sk);
106 bh_unlock_sock(accept_sk);
112 sk->sk_state = LLCP_CLOSED;
113 sk->sk_state_change(sk);
117 sk_del_node_init(sk);
120 write_unlock(&local->sockets.lock);
122 /* If we still have a device, we keep the RAW sockets alive */
126 write_lock(&local->raw_sockets.lock);
128 sk_for_each_safe(sk, tmp, &local->raw_sockets.head) {
129 llcp_sock = nfc_llcp_sock(sk);
133 nfc_llcp_socket_purge(llcp_sock);
137 sk->sk_state = LLCP_CLOSED;
138 sk->sk_state_change(sk);
142 sk_del_node_init(sk);
145 write_unlock(&local->raw_sockets.lock);
148 static struct nfc_llcp_local *nfc_llcp_local_get(struct nfc_llcp_local *local)
150 kref_get(&local->ref);
155 static void local_cleanup(struct nfc_llcp_local *local)
157 nfc_llcp_socket_release(local, false, ENXIO);
158 del_timer_sync(&local->link_timer);
159 skb_queue_purge(&local->tx_queue);
160 cancel_work_sync(&local->tx_work);
161 cancel_work_sync(&local->rx_work);
162 cancel_work_sync(&local->timeout_work);
163 kfree_skb(local->rx_pending);
164 local->rx_pending = NULL;
165 del_timer_sync(&local->sdreq_timer);
166 cancel_work_sync(&local->sdreq_timeout_work);
167 nfc_llcp_free_sdp_tlv_list(&local->pending_sdreqs);
170 static void local_release(struct kref *ref)
172 struct nfc_llcp_local *local;
174 local = container_of(ref, struct nfc_llcp_local, ref);
176 local_cleanup(local);
180 int nfc_llcp_local_put(struct nfc_llcp_local *local)
185 return kref_put(&local->ref, local_release);
188 static struct nfc_llcp_sock *nfc_llcp_sock_get(struct nfc_llcp_local *local,
192 struct nfc_llcp_sock *llcp_sock, *tmp_sock;
194 pr_debug("ssap dsap %d %d\n", ssap, dsap);
196 if (ssap == 0 && dsap == 0)
199 read_lock(&local->sockets.lock);
203 sk_for_each(sk, &local->sockets.head) {
204 tmp_sock = nfc_llcp_sock(sk);
206 if (tmp_sock->ssap == ssap && tmp_sock->dsap == dsap) {
207 llcp_sock = tmp_sock;
208 sock_hold(&llcp_sock->sk);
213 read_unlock(&local->sockets.lock);
218 static void nfc_llcp_sock_put(struct nfc_llcp_sock *sock)
223 static void nfc_llcp_timeout_work(struct work_struct *work)
225 struct nfc_llcp_local *local = container_of(work, struct nfc_llcp_local,
228 nfc_dep_link_down(local->dev);
231 static void nfc_llcp_symm_timer(struct timer_list *t)
233 struct nfc_llcp_local *local = from_timer(local, t, link_timer);
235 pr_err("SYMM timeout\n");
237 schedule_work(&local->timeout_work);
240 static void nfc_llcp_sdreq_timeout_work(struct work_struct *work)
243 HLIST_HEAD(nl_sdres_list);
244 struct hlist_node *n;
245 struct nfc_llcp_sdp_tlv *sdp;
246 struct nfc_llcp_local *local = container_of(work, struct nfc_llcp_local,
249 mutex_lock(&local->sdreq_lock);
251 time = jiffies - msecs_to_jiffies(3 * local->remote_lto);
253 hlist_for_each_entry_safe(sdp, n, &local->pending_sdreqs, node) {
254 if (time_after(sdp->time, time))
257 sdp->sap = LLCP_SDP_UNBOUND;
259 hlist_del(&sdp->node);
261 hlist_add_head(&sdp->node, &nl_sdres_list);
264 if (!hlist_empty(&local->pending_sdreqs))
265 mod_timer(&local->sdreq_timer,
266 jiffies + msecs_to_jiffies(3 * local->remote_lto));
268 mutex_unlock(&local->sdreq_lock);
270 if (!hlist_empty(&nl_sdres_list))
271 nfc_genl_llc_send_sdres(local->dev, &nl_sdres_list);
274 static void nfc_llcp_sdreq_timer(struct timer_list *t)
276 struct nfc_llcp_local *local = from_timer(local, t, sdreq_timer);
278 schedule_work(&local->sdreq_timeout_work);
281 struct nfc_llcp_local *nfc_llcp_find_local(struct nfc_dev *dev)
283 struct nfc_llcp_local *local;
284 struct nfc_llcp_local *res = NULL;
286 spin_lock(&llcp_devices_lock);
287 list_for_each_entry(local, &llcp_devices, list)
288 if (local->dev == dev) {
289 res = nfc_llcp_local_get(local);
292 spin_unlock(&llcp_devices_lock);
297 static struct nfc_llcp_local *nfc_llcp_remove_local(struct nfc_dev *dev)
299 struct nfc_llcp_local *local, *tmp;
301 spin_lock(&llcp_devices_lock);
302 list_for_each_entry_safe(local, tmp, &llcp_devices, list)
303 if (local->dev == dev) {
304 list_del(&local->list);
305 spin_unlock(&llcp_devices_lock);
308 spin_unlock(&llcp_devices_lock);
310 pr_warn("Shutting down device not found\n");
315 static char *wks[] = {
323 static int nfc_llcp_wks_sap(const char *service_name, size_t service_name_len)
327 pr_debug("%s\n", service_name);
329 if (service_name == NULL)
332 num_wks = ARRAY_SIZE(wks);
334 for (sap = 0; sap < num_wks; sap++) {
335 if (wks[sap] == NULL)
338 if (strncmp(wks[sap], service_name, service_name_len) == 0)
346 struct nfc_llcp_sock *nfc_llcp_sock_from_sn(struct nfc_llcp_local *local,
347 const u8 *sn, size_t sn_len,
351 struct nfc_llcp_sock *llcp_sock, *tmp_sock;
353 pr_debug("sn %zd %p\n", sn_len, sn);
355 if (sn == NULL || sn_len == 0)
358 read_lock(&local->sockets.lock);
362 sk_for_each(sk, &local->sockets.head) {
363 tmp_sock = nfc_llcp_sock(sk);
365 pr_debug("llcp sock %p\n", tmp_sock);
367 if (tmp_sock->sk.sk_type == SOCK_STREAM &&
368 tmp_sock->sk.sk_state != LLCP_LISTEN)
371 if (tmp_sock->sk.sk_type == SOCK_DGRAM &&
372 tmp_sock->sk.sk_state != LLCP_BOUND)
375 if (tmp_sock->service_name == NULL ||
376 tmp_sock->service_name_len == 0)
379 if (tmp_sock->service_name_len != sn_len)
382 if (memcmp(sn, tmp_sock->service_name, sn_len) == 0) {
383 llcp_sock = tmp_sock;
385 sock_hold(&llcp_sock->sk);
390 read_unlock(&local->sockets.lock);
392 pr_debug("Found llcp sock %p\n", llcp_sock);
397 u8 nfc_llcp_get_sdp_ssap(struct nfc_llcp_local *local,
398 struct nfc_llcp_sock *sock)
400 mutex_lock(&local->sdp_lock);
402 if (sock->service_name != NULL && sock->service_name_len > 0) {
403 int ssap = nfc_llcp_wks_sap(sock->service_name,
404 sock->service_name_len);
407 pr_debug("WKS %d\n", ssap);
409 /* This is a WKS, let's check if it's free */
410 if (local->local_wks & BIT(ssap)) {
411 mutex_unlock(&local->sdp_lock);
416 set_bit(ssap, &local->local_wks);
417 mutex_unlock(&local->sdp_lock);
423 * Check if there already is a non WKS socket bound
424 * to this service name.
426 if (nfc_llcp_sock_from_sn(local, sock->service_name,
427 sock->service_name_len,
429 mutex_unlock(&local->sdp_lock);
434 mutex_unlock(&local->sdp_lock);
436 return LLCP_SDP_UNBOUND;
438 } else if (sock->ssap != 0 && sock->ssap < LLCP_WKS_NUM_SAP) {
439 if (!test_bit(sock->ssap, &local->local_wks)) {
440 set_bit(sock->ssap, &local->local_wks);
441 mutex_unlock(&local->sdp_lock);
447 mutex_unlock(&local->sdp_lock);
452 u8 nfc_llcp_get_local_ssap(struct nfc_llcp_local *local)
456 mutex_lock(&local->sdp_lock);
458 local_ssap = find_first_zero_bit(&local->local_sap, LLCP_LOCAL_NUM_SAP);
459 if (local_ssap == LLCP_LOCAL_NUM_SAP) {
460 mutex_unlock(&local->sdp_lock);
464 set_bit(local_ssap, &local->local_sap);
466 mutex_unlock(&local->sdp_lock);
468 return local_ssap + LLCP_LOCAL_SAP_OFFSET;
471 void nfc_llcp_put_ssap(struct nfc_llcp_local *local, u8 ssap)
476 if (ssap < LLCP_WKS_NUM_SAP) {
478 sdp = &local->local_wks;
479 } else if (ssap < LLCP_LOCAL_NUM_SAP) {
480 atomic_t *client_cnt;
482 local_ssap = ssap - LLCP_WKS_NUM_SAP;
483 sdp = &local->local_sdp;
484 client_cnt = &local->local_sdp_cnt[local_ssap];
486 pr_debug("%d clients\n", atomic_read(client_cnt));
488 mutex_lock(&local->sdp_lock);
490 if (atomic_dec_and_test(client_cnt)) {
491 struct nfc_llcp_sock *l_sock;
493 pr_debug("No more clients for SAP %d\n", ssap);
495 clear_bit(local_ssap, sdp);
497 /* Find the listening sock and set it back to UNBOUND */
498 l_sock = nfc_llcp_sock_get(local, ssap, LLCP_SAP_SDP);
500 l_sock->ssap = LLCP_SDP_UNBOUND;
501 nfc_llcp_sock_put(l_sock);
505 mutex_unlock(&local->sdp_lock);
508 } else if (ssap < LLCP_MAX_SAP) {
509 local_ssap = ssap - LLCP_LOCAL_NUM_SAP;
510 sdp = &local->local_sap;
515 mutex_lock(&local->sdp_lock);
517 clear_bit(local_ssap, sdp);
519 mutex_unlock(&local->sdp_lock);
522 static u8 nfc_llcp_reserve_sdp_ssap(struct nfc_llcp_local *local)
526 mutex_lock(&local->sdp_lock);
528 ssap = find_first_zero_bit(&local->local_sdp, LLCP_SDP_NUM_SAP);
529 if (ssap == LLCP_SDP_NUM_SAP) {
530 mutex_unlock(&local->sdp_lock);
535 pr_debug("SDP ssap %d\n", LLCP_WKS_NUM_SAP + ssap);
537 set_bit(ssap, &local->local_sdp);
539 mutex_unlock(&local->sdp_lock);
541 return LLCP_WKS_NUM_SAP + ssap;
544 static int nfc_llcp_build_gb(struct nfc_llcp_local *local)
546 u8 *gb_cur, version, version_length;
547 u8 lto_length, wks_length, miux_length;
548 const u8 *version_tlv = NULL, *lto_tlv = NULL,
549 *wks_tlv = NULL, *miux_tlv = NULL;
550 __be16 wks = cpu_to_be16(local->local_wks);
554 version = LLCP_VERSION_11;
555 version_tlv = nfc_llcp_build_tlv(LLCP_TLV_VERSION, &version,
561 gb_len += version_length;
563 lto_tlv = nfc_llcp_build_tlv(LLCP_TLV_LTO, &local->lto, 1, <o_length);
568 gb_len += lto_length;
570 pr_debug("Local wks 0x%lx\n", local->local_wks);
571 wks_tlv = nfc_llcp_build_tlv(LLCP_TLV_WKS, (u8 *)&wks, 2, &wks_length);
576 gb_len += wks_length;
578 miux_tlv = nfc_llcp_build_tlv(LLCP_TLV_MIUX, (u8 *)&local->miux, 0,
584 gb_len += miux_length;
586 gb_len += ARRAY_SIZE(llcp_magic);
588 if (gb_len > NFC_MAX_GT_LEN) {
595 memcpy(gb_cur, llcp_magic, ARRAY_SIZE(llcp_magic));
596 gb_cur += ARRAY_SIZE(llcp_magic);
598 memcpy(gb_cur, version_tlv, version_length);
599 gb_cur += version_length;
601 memcpy(gb_cur, lto_tlv, lto_length);
602 gb_cur += lto_length;
604 memcpy(gb_cur, wks_tlv, wks_length);
605 gb_cur += wks_length;
607 memcpy(gb_cur, miux_tlv, miux_length);
608 gb_cur += miux_length;
610 local->gb_len = gb_len;
621 u8 *nfc_llcp_general_bytes(struct nfc_dev *dev, size_t *general_bytes_len)
623 struct nfc_llcp_local *local;
625 local = nfc_llcp_find_local(dev);
627 *general_bytes_len = 0;
631 nfc_llcp_build_gb(local);
633 *general_bytes_len = local->gb_len;
635 nfc_llcp_local_put(local);
640 int nfc_llcp_set_remote_gb(struct nfc_dev *dev, const u8 *gb, u8 gb_len)
642 struct nfc_llcp_local *local;
645 if (gb_len < 3 || gb_len > NFC_MAX_GT_LEN)
648 local = nfc_llcp_find_local(dev);
650 pr_err("No LLCP device\n");
654 memset(local->remote_gb, 0, NFC_MAX_GT_LEN);
655 memcpy(local->remote_gb, gb, gb_len);
656 local->remote_gb_len = gb_len;
658 if (memcmp(local->remote_gb, llcp_magic, 3)) {
659 pr_err("MAC does not support LLCP\n");
664 err = nfc_llcp_parse_gb_tlv(local,
665 &local->remote_gb[3],
666 local->remote_gb_len - 3);
668 nfc_llcp_local_put(local);
672 static u8 nfc_llcp_dsap(const struct sk_buff *pdu)
674 return (pdu->data[0] & 0xfc) >> 2;
677 static u8 nfc_llcp_ptype(const struct sk_buff *pdu)
679 return ((pdu->data[0] & 0x03) << 2) | ((pdu->data[1] & 0xc0) >> 6);
682 static u8 nfc_llcp_ssap(const struct sk_buff *pdu)
684 return pdu->data[1] & 0x3f;
687 static u8 nfc_llcp_ns(const struct sk_buff *pdu)
689 return pdu->data[2] >> 4;
692 static u8 nfc_llcp_nr(const struct sk_buff *pdu)
694 return pdu->data[2] & 0xf;
697 static void nfc_llcp_set_nrns(struct nfc_llcp_sock *sock, struct sk_buff *pdu)
699 pdu->data[2] = (sock->send_n << 4) | (sock->recv_n);
700 sock->send_n = (sock->send_n + 1) % 16;
701 sock->recv_ack_n = (sock->recv_n - 1) % 16;
704 void nfc_llcp_send_to_raw_sock(struct nfc_llcp_local *local,
705 struct sk_buff *skb, u8 direction)
707 struct sk_buff *skb_copy = NULL, *nskb;
711 read_lock(&local->raw_sockets.lock);
713 sk_for_each(sk, &local->raw_sockets.head) {
714 if (sk->sk_state != LLCP_BOUND)
717 if (skb_copy == NULL) {
718 skb_copy = __pskb_copy_fclone(skb, NFC_RAW_HEADER_SIZE,
721 if (skb_copy == NULL)
724 data = skb_push(skb_copy, NFC_RAW_HEADER_SIZE);
726 data[0] = local->dev ? local->dev->idx : 0xFF;
727 data[1] = direction & 0x01;
728 data[1] |= (RAW_PAYLOAD_LLCP << 1);
731 nskb = skb_clone(skb_copy, GFP_ATOMIC);
735 if (sock_queue_rcv_skb(sk, nskb))
739 read_unlock(&local->raw_sockets.lock);
744 static void nfc_llcp_tx_work(struct work_struct *work)
746 struct nfc_llcp_local *local = container_of(work, struct nfc_llcp_local,
750 struct nfc_llcp_sock *llcp_sock;
752 skb = skb_dequeue(&local->tx_queue);
755 llcp_sock = nfc_llcp_sock(sk);
757 if (llcp_sock == NULL && nfc_llcp_ptype(skb) == LLCP_PDU_I) {
759 nfc_llcp_send_symm(local->dev);
760 } else if (llcp_sock && !llcp_sock->remote_ready) {
761 skb_queue_head(&local->tx_queue, skb);
762 nfc_llcp_send_symm(local->dev);
764 struct sk_buff *copy_skb = NULL;
765 u8 ptype = nfc_llcp_ptype(skb);
768 pr_debug("Sending pending skb\n");
769 print_hex_dump_debug("LLCP Tx: ", DUMP_PREFIX_OFFSET,
770 16, 1, skb->data, skb->len, true);
772 if (ptype == LLCP_PDU_DISC && sk != NULL &&
773 sk->sk_state == LLCP_DISCONNECTING) {
774 nfc_llcp_sock_unlink(&local->sockets, sk);
779 if (ptype == LLCP_PDU_I)
780 copy_skb = skb_copy(skb, GFP_ATOMIC);
782 __net_timestamp(skb);
784 nfc_llcp_send_to_raw_sock(local, skb,
787 ret = nfc_data_exchange(local->dev, local->target_idx,
788 skb, nfc_llcp_recv, local);
795 if (ptype == LLCP_PDU_I && copy_skb)
796 skb_queue_tail(&llcp_sock->tx_pending_queue,
800 nfc_llcp_send_symm(local->dev);
804 mod_timer(&local->link_timer,
805 jiffies + msecs_to_jiffies(2 * local->remote_lto));
808 static struct nfc_llcp_sock *nfc_llcp_connecting_sock_get(struct nfc_llcp_local *local,
812 struct nfc_llcp_sock *llcp_sock;
814 read_lock(&local->connecting_sockets.lock);
816 sk_for_each(sk, &local->connecting_sockets.head) {
817 llcp_sock = nfc_llcp_sock(sk);
819 if (llcp_sock->ssap == ssap) {
820 sock_hold(&llcp_sock->sk);
828 read_unlock(&local->connecting_sockets.lock);
833 static struct nfc_llcp_sock *nfc_llcp_sock_get_sn(struct nfc_llcp_local *local,
834 const u8 *sn, size_t sn_len)
836 return nfc_llcp_sock_from_sn(local, sn, sn_len, true);
839 static const u8 *nfc_llcp_connect_sn(const struct sk_buff *skb, size_t *sn_len)
842 const u8 *tlv = &skb->data[2];
843 size_t tlv_array_len = skb->len - LLCP_HEADER_SIZE, offset = 0;
845 while (offset < tlv_array_len) {
849 pr_debug("type 0x%x length %d\n", type, length);
851 if (type == LLCP_TLV_SN) {
856 offset += length + 2;
863 static void nfc_llcp_recv_ui(struct nfc_llcp_local *local,
866 struct nfc_llcp_sock *llcp_sock;
867 struct nfc_llcp_ui_cb *ui_cb;
870 dsap = nfc_llcp_dsap(skb);
871 ssap = nfc_llcp_ssap(skb);
873 ui_cb = nfc_llcp_ui_skb_cb(skb);
877 pr_debug("%d %d\n", dsap, ssap);
879 /* We're looking for a bound socket, not a client one */
880 llcp_sock = nfc_llcp_sock_get(local, dsap, LLCP_SAP_SDP);
881 if (llcp_sock == NULL || llcp_sock->sk.sk_type != SOCK_DGRAM)
884 /* There is no sequence with UI frames */
885 skb_pull(skb, LLCP_HEADER_SIZE);
886 if (!sock_queue_rcv_skb(&llcp_sock->sk, skb)) {
888 * UI frames will be freed from the socket layer, so we
889 * need to keep them alive until someone receives them.
893 pr_err("Receive queue is full\n");
896 nfc_llcp_sock_put(llcp_sock);
899 static void nfc_llcp_recv_connect(struct nfc_llcp_local *local,
900 const struct sk_buff *skb)
902 struct sock *new_sk, *parent;
903 struct nfc_llcp_sock *sock, *new_sock;
904 u8 dsap, ssap, reason;
906 dsap = nfc_llcp_dsap(skb);
907 ssap = nfc_llcp_ssap(skb);
909 pr_debug("%d %d\n", dsap, ssap);
911 if (dsap != LLCP_SAP_SDP) {
912 sock = nfc_llcp_sock_get(local, dsap, LLCP_SAP_SDP);
913 if (sock == NULL || sock->sk.sk_state != LLCP_LISTEN) {
914 reason = LLCP_DM_NOBOUND;
921 sn = nfc_llcp_connect_sn(skb, &sn_len);
923 reason = LLCP_DM_NOBOUND;
927 pr_debug("Service name length %zu\n", sn_len);
929 sock = nfc_llcp_sock_get_sn(local, sn, sn_len);
931 reason = LLCP_DM_NOBOUND;
936 lock_sock(&sock->sk);
940 if (sk_acceptq_is_full(parent)) {
941 reason = LLCP_DM_REJ;
942 release_sock(&sock->sk);
947 if (sock->ssap == LLCP_SDP_UNBOUND) {
948 u8 ssap = nfc_llcp_reserve_sdp_ssap(local);
950 pr_debug("First client, reserving %d\n", ssap);
952 if (ssap == LLCP_SAP_MAX) {
953 reason = LLCP_DM_REJ;
954 release_sock(&sock->sk);
962 new_sk = nfc_llcp_sock_alloc(NULL, parent->sk_type, GFP_ATOMIC, 0);
963 if (new_sk == NULL) {
964 reason = LLCP_DM_REJ;
965 release_sock(&sock->sk);
970 new_sock = nfc_llcp_sock(new_sk);
971 new_sock->dev = local->dev;
972 new_sock->local = nfc_llcp_local_get(local);
973 new_sock->rw = sock->rw;
974 new_sock->miux = sock->miux;
975 new_sock->nfc_protocol = sock->nfc_protocol;
976 new_sock->dsap = ssap;
977 new_sock->target_idx = local->target_idx;
978 new_sock->parent = parent;
979 new_sock->ssap = sock->ssap;
980 if (sock->ssap < LLCP_LOCAL_NUM_SAP && sock->ssap >= LLCP_WKS_NUM_SAP) {
981 atomic_t *client_count;
983 pr_debug("reserved_ssap %d for %p\n", sock->ssap, new_sock);
986 &local->local_sdp_cnt[sock->ssap - LLCP_WKS_NUM_SAP];
988 atomic_inc(client_count);
989 new_sock->reserved_ssap = sock->ssap;
992 nfc_llcp_parse_connection_tlv(new_sock, &skb->data[LLCP_HEADER_SIZE],
993 skb->len - LLCP_HEADER_SIZE);
995 pr_debug("new sock %p sk %p\n", new_sock, &new_sock->sk);
997 nfc_llcp_sock_link(&local->sockets, new_sk);
999 nfc_llcp_accept_enqueue(&sock->sk, new_sk);
1001 nfc_get_device(local->dev->idx);
1003 new_sk->sk_state = LLCP_CONNECTED;
1005 /* Wake the listening processes */
1006 parent->sk_data_ready(parent);
1009 nfc_llcp_send_cc(new_sock);
1011 release_sock(&sock->sk);
1012 sock_put(&sock->sk);
1018 nfc_llcp_send_dm(local, dsap, ssap, reason);
1021 int nfc_llcp_queue_i_frames(struct nfc_llcp_sock *sock)
1024 struct nfc_llcp_local *local = sock->local;
1026 pr_debug("Remote ready %d tx queue len %d remote rw %d",
1027 sock->remote_ready, skb_queue_len(&sock->tx_pending_queue),
1030 /* Try to queue some I frames for transmission */
1031 while (sock->remote_ready &&
1032 skb_queue_len(&sock->tx_pending_queue) < sock->remote_rw) {
1033 struct sk_buff *pdu;
1035 pdu = skb_dequeue(&sock->tx_queue);
1039 /* Update N(S)/N(R) */
1040 nfc_llcp_set_nrns(sock, pdu);
1042 skb_queue_tail(&local->tx_queue, pdu);
1049 static void nfc_llcp_recv_hdlc(struct nfc_llcp_local *local,
1050 struct sk_buff *skb)
1052 struct nfc_llcp_sock *llcp_sock;
1054 u8 dsap, ssap, ptype, ns, nr;
1056 ptype = nfc_llcp_ptype(skb);
1057 dsap = nfc_llcp_dsap(skb);
1058 ssap = nfc_llcp_ssap(skb);
1059 ns = nfc_llcp_ns(skb);
1060 nr = nfc_llcp_nr(skb);
1062 pr_debug("%d %d R %d S %d\n", dsap, ssap, nr, ns);
1064 llcp_sock = nfc_llcp_sock_get(local, dsap, ssap);
1065 if (llcp_sock == NULL) {
1066 nfc_llcp_send_dm(local, dsap, ssap, LLCP_DM_NOCONN);
1070 sk = &llcp_sock->sk;
1072 if (sk->sk_state == LLCP_CLOSED) {
1074 nfc_llcp_sock_put(llcp_sock);
1077 /* Pass the payload upstream */
1078 if (ptype == LLCP_PDU_I) {
1079 pr_debug("I frame, queueing on %p\n", &llcp_sock->sk);
1081 if (ns == llcp_sock->recv_n)
1082 llcp_sock->recv_n = (llcp_sock->recv_n + 1) % 16;
1084 pr_err("Received out of sequence I PDU\n");
1086 skb_pull(skb, LLCP_HEADER_SIZE + LLCP_SEQUENCE_SIZE);
1087 if (!sock_queue_rcv_skb(&llcp_sock->sk, skb)) {
1089 * I frames will be freed from the socket layer, so we
1090 * need to keep them alive until someone receives them.
1094 pr_err("Receive queue is full\n");
1098 /* Remove skbs from the pending queue */
1099 if (llcp_sock->send_ack_n != nr) {
1100 struct sk_buff *s, *tmp;
1103 llcp_sock->send_ack_n = nr;
1105 /* Remove and free all skbs until ns == nr */
1106 skb_queue_walk_safe(&llcp_sock->tx_pending_queue, s, tmp) {
1109 skb_unlink(s, &llcp_sock->tx_pending_queue);
1116 /* Re-queue the remaining skbs for transmission */
1117 skb_queue_reverse_walk_safe(&llcp_sock->tx_pending_queue,
1119 skb_unlink(s, &llcp_sock->tx_pending_queue);
1120 skb_queue_head(&local->tx_queue, s);
1124 if (ptype == LLCP_PDU_RR)
1125 llcp_sock->remote_ready = true;
1126 else if (ptype == LLCP_PDU_RNR)
1127 llcp_sock->remote_ready = false;
1129 if (nfc_llcp_queue_i_frames(llcp_sock) == 0 && ptype == LLCP_PDU_I)
1130 nfc_llcp_send_rr(llcp_sock);
1133 nfc_llcp_sock_put(llcp_sock);
1136 static void nfc_llcp_recv_disc(struct nfc_llcp_local *local,
1137 const struct sk_buff *skb)
1139 struct nfc_llcp_sock *llcp_sock;
1143 dsap = nfc_llcp_dsap(skb);
1144 ssap = nfc_llcp_ssap(skb);
1146 if ((dsap == 0) && (ssap == 0)) {
1147 pr_debug("Connection termination");
1148 nfc_dep_link_down(local->dev);
1152 llcp_sock = nfc_llcp_sock_get(local, dsap, ssap);
1153 if (llcp_sock == NULL) {
1154 nfc_llcp_send_dm(local, dsap, ssap, LLCP_DM_NOCONN);
1158 sk = &llcp_sock->sk;
1161 nfc_llcp_socket_purge(llcp_sock);
1163 if (sk->sk_state == LLCP_CLOSED) {
1165 nfc_llcp_sock_put(llcp_sock);
1168 if (sk->sk_state == LLCP_CONNECTED) {
1169 nfc_put_device(local->dev);
1170 sk->sk_state = LLCP_CLOSED;
1171 sk->sk_state_change(sk);
1174 nfc_llcp_send_dm(local, dsap, ssap, LLCP_DM_DISC);
1177 nfc_llcp_sock_put(llcp_sock);
1180 static void nfc_llcp_recv_cc(struct nfc_llcp_local *local,
1181 const struct sk_buff *skb)
1183 struct nfc_llcp_sock *llcp_sock;
1187 dsap = nfc_llcp_dsap(skb);
1188 ssap = nfc_llcp_ssap(skb);
1190 llcp_sock = nfc_llcp_connecting_sock_get(local, dsap);
1191 if (llcp_sock == NULL) {
1192 pr_err("Invalid CC\n");
1193 nfc_llcp_send_dm(local, dsap, ssap, LLCP_DM_NOCONN);
1198 sk = &llcp_sock->sk;
1200 /* Unlink from connecting and link to the client array */
1201 nfc_llcp_sock_unlink(&local->connecting_sockets, sk);
1202 nfc_llcp_sock_link(&local->sockets, sk);
1203 llcp_sock->dsap = ssap;
1205 nfc_llcp_parse_connection_tlv(llcp_sock, &skb->data[LLCP_HEADER_SIZE],
1206 skb->len - LLCP_HEADER_SIZE);
1208 sk->sk_state = LLCP_CONNECTED;
1209 sk->sk_state_change(sk);
1211 nfc_llcp_sock_put(llcp_sock);
1214 static void nfc_llcp_recv_dm(struct nfc_llcp_local *local,
1215 const struct sk_buff *skb)
1217 struct nfc_llcp_sock *llcp_sock;
1219 u8 dsap, ssap, reason;
1221 dsap = nfc_llcp_dsap(skb);
1222 ssap = nfc_llcp_ssap(skb);
1223 reason = skb->data[2];
1225 pr_debug("%d %d reason %d\n", ssap, dsap, reason);
1228 case LLCP_DM_NOBOUND:
1230 llcp_sock = nfc_llcp_connecting_sock_get(local, dsap);
1234 llcp_sock = nfc_llcp_sock_get(local, dsap, ssap);
1238 if (llcp_sock == NULL) {
1239 pr_debug("Already closed\n");
1243 sk = &llcp_sock->sk;
1246 sk->sk_state = LLCP_CLOSED;
1247 sk->sk_state_change(sk);
1249 nfc_llcp_sock_put(llcp_sock);
1252 static void nfc_llcp_recv_snl(struct nfc_llcp_local *local,
1253 const struct sk_buff *skb)
1255 struct nfc_llcp_sock *llcp_sock;
1256 u8 dsap, ssap, type, length, tid, sap;
1258 u16 tlv_len, offset;
1259 const char *service_name;
1260 size_t service_name_len;
1261 struct nfc_llcp_sdp_tlv *sdp;
1262 HLIST_HEAD(llc_sdres_list);
1263 size_t sdres_tlvs_len;
1264 HLIST_HEAD(nl_sdres_list);
1266 dsap = nfc_llcp_dsap(skb);
1267 ssap = nfc_llcp_ssap(skb);
1269 pr_debug("%d %d\n", dsap, ssap);
1271 if (dsap != LLCP_SAP_SDP || ssap != LLCP_SAP_SDP) {
1272 pr_err("Wrong SNL SAP\n");
1276 tlv = &skb->data[LLCP_HEADER_SIZE];
1277 tlv_len = skb->len - LLCP_HEADER_SIZE;
1281 while (offset < tlv_len) {
1286 case LLCP_TLV_SDREQ:
1288 service_name = (char *) &tlv[3];
1289 service_name_len = length - 1;
1291 pr_debug("Looking for %.16s\n", service_name);
1293 if (service_name_len == strlen("urn:nfc:sn:sdp") &&
1294 !strncmp(service_name, "urn:nfc:sn:sdp",
1295 service_name_len)) {
1300 llcp_sock = nfc_llcp_sock_from_sn(local, service_name,
1309 * We found a socket but its ssap has not been reserved
1310 * yet. We need to assign it for good and send a reply.
1311 * The ssap will be freed when the socket is closed.
1313 if (llcp_sock->ssap == LLCP_SDP_UNBOUND) {
1314 atomic_t *client_count;
1316 sap = nfc_llcp_reserve_sdp_ssap(local);
1318 pr_debug("Reserving %d\n", sap);
1320 if (sap == LLCP_SAP_MAX) {
1322 nfc_llcp_sock_put(llcp_sock);
1327 &local->local_sdp_cnt[sap -
1330 atomic_inc(client_count);
1332 llcp_sock->ssap = sap;
1333 llcp_sock->reserved_ssap = sap;
1335 sap = llcp_sock->ssap;
1338 pr_debug("%p %d\n", llcp_sock, sap);
1340 nfc_llcp_sock_put(llcp_sock);
1342 sdp = nfc_llcp_build_sdres_tlv(tid, sap);
1346 sdres_tlvs_len += sdp->tlv_len;
1347 hlist_add_head(&sdp->node, &llc_sdres_list);
1350 case LLCP_TLV_SDRES:
1351 mutex_lock(&local->sdreq_lock);
1353 pr_debug("LLCP_TLV_SDRES: searching tid %d\n", tlv[2]);
1355 hlist_for_each_entry(sdp, &local->pending_sdreqs, node) {
1356 if (sdp->tid != tlv[2])
1361 pr_debug("Found: uri=%s, sap=%d\n",
1362 sdp->uri, sdp->sap);
1364 hlist_del(&sdp->node);
1366 hlist_add_head(&sdp->node, &nl_sdres_list);
1371 mutex_unlock(&local->sdreq_lock);
1375 pr_err("Invalid SNL tlv value 0x%x\n", type);
1379 offset += length + 2;
1384 if (!hlist_empty(&nl_sdres_list))
1385 nfc_genl_llc_send_sdres(local->dev, &nl_sdres_list);
1387 if (!hlist_empty(&llc_sdres_list))
1388 nfc_llcp_send_snl_sdres(local, &llc_sdres_list, sdres_tlvs_len);
1391 static void nfc_llcp_recv_agf(struct nfc_llcp_local *local, struct sk_buff *skb)
1395 struct sk_buff *new_skb;
1397 if (skb->len <= LLCP_HEADER_SIZE) {
1398 pr_err("Malformed AGF PDU\n");
1402 skb_pull(skb, LLCP_HEADER_SIZE);
1404 while (skb->len > LLCP_AGF_PDU_HEADER_SIZE) {
1405 pdu_len = skb->data[0] << 8 | skb->data[1];
1407 skb_pull(skb, LLCP_AGF_PDU_HEADER_SIZE);
1409 if (pdu_len < LLCP_HEADER_SIZE || pdu_len > skb->len) {
1410 pr_err("Malformed AGF PDU\n");
1414 ptype = nfc_llcp_ptype(skb);
1416 if (ptype == LLCP_PDU_SYMM || ptype == LLCP_PDU_AGF)
1419 new_skb = nfc_alloc_recv_skb(pdu_len, GFP_KERNEL);
1420 if (new_skb == NULL) {
1421 pr_err("Could not allocate PDU\n");
1425 skb_put_data(new_skb, skb->data, pdu_len);
1427 nfc_llcp_rx_skb(local, new_skb);
1431 skb_pull(skb, pdu_len);
1435 static void nfc_llcp_rx_skb(struct nfc_llcp_local *local, struct sk_buff *skb)
1437 u8 dsap, ssap, ptype;
1439 ptype = nfc_llcp_ptype(skb);
1440 dsap = nfc_llcp_dsap(skb);
1441 ssap = nfc_llcp_ssap(skb);
1443 pr_debug("ptype 0x%x dsap 0x%x ssap 0x%x\n", ptype, dsap, ssap);
1445 if (ptype != LLCP_PDU_SYMM)
1446 print_hex_dump_debug("LLCP Rx: ", DUMP_PREFIX_OFFSET, 16, 1,
1447 skb->data, skb->len, true);
1456 nfc_llcp_recv_ui(local, skb);
1459 case LLCP_PDU_CONNECT:
1460 pr_debug("CONNECT\n");
1461 nfc_llcp_recv_connect(local, skb);
1466 nfc_llcp_recv_disc(local, skb);
1471 nfc_llcp_recv_cc(local, skb);
1476 nfc_llcp_recv_dm(local, skb);
1481 nfc_llcp_recv_snl(local, skb);
1487 pr_debug("I frame\n");
1488 nfc_llcp_recv_hdlc(local, skb);
1492 pr_debug("AGF frame\n");
1493 nfc_llcp_recv_agf(local, skb);
1498 static void nfc_llcp_rx_work(struct work_struct *work)
1500 struct nfc_llcp_local *local = container_of(work, struct nfc_llcp_local,
1502 struct sk_buff *skb;
1504 skb = local->rx_pending;
1506 pr_debug("No pending SKB\n");
1510 __net_timestamp(skb);
1512 nfc_llcp_send_to_raw_sock(local, skb, NFC_DIRECTION_RX);
1514 nfc_llcp_rx_skb(local, skb);
1516 schedule_work(&local->tx_work);
1517 kfree_skb(local->rx_pending);
1518 local->rx_pending = NULL;
1521 static void __nfc_llcp_recv(struct nfc_llcp_local *local, struct sk_buff *skb)
1523 local->rx_pending = skb;
1524 del_timer(&local->link_timer);
1525 schedule_work(&local->rx_work);
1528 void nfc_llcp_recv(void *data, struct sk_buff *skb, int err)
1530 struct nfc_llcp_local *local = (struct nfc_llcp_local *) data;
1532 pr_debug("Received an LLCP PDU\n");
1534 pr_err("err %d\n", err);
1538 __nfc_llcp_recv(local, skb);
1541 int nfc_llcp_data_received(struct nfc_dev *dev, struct sk_buff *skb)
1543 struct nfc_llcp_local *local;
1545 local = nfc_llcp_find_local(dev);
1546 if (local == NULL) {
1551 __nfc_llcp_recv(local, skb);
1553 nfc_llcp_local_put(local);
1558 void nfc_llcp_mac_is_down(struct nfc_dev *dev)
1560 struct nfc_llcp_local *local;
1562 local = nfc_llcp_find_local(dev);
1566 local->remote_miu = LLCP_DEFAULT_MIU;
1567 local->remote_lto = LLCP_DEFAULT_LTO;
1569 /* Close and purge all existing sockets */
1570 nfc_llcp_socket_release(local, true, 0);
1572 nfc_llcp_local_put(local);
1575 void nfc_llcp_mac_is_up(struct nfc_dev *dev, u32 target_idx,
1576 u8 comm_mode, u8 rf_mode)
1578 struct nfc_llcp_local *local;
1580 pr_debug("rf mode %d\n", rf_mode);
1582 local = nfc_llcp_find_local(dev);
1586 local->target_idx = target_idx;
1587 local->comm_mode = comm_mode;
1588 local->rf_mode = rf_mode;
1590 if (rf_mode == NFC_RF_INITIATOR) {
1591 pr_debug("Queueing Tx work\n");
1593 schedule_work(&local->tx_work);
1595 mod_timer(&local->link_timer,
1596 jiffies + msecs_to_jiffies(local->remote_lto));
1599 nfc_llcp_local_put(local);
1602 int nfc_llcp_register_device(struct nfc_dev *ndev)
1604 struct nfc_llcp_local *local;
1606 local = kzalloc(sizeof(struct nfc_llcp_local), GFP_KERNEL);
1611 INIT_LIST_HEAD(&local->list);
1612 kref_init(&local->ref);
1613 mutex_init(&local->sdp_lock);
1614 timer_setup(&local->link_timer, nfc_llcp_symm_timer, 0);
1616 skb_queue_head_init(&local->tx_queue);
1617 INIT_WORK(&local->tx_work, nfc_llcp_tx_work);
1619 local->rx_pending = NULL;
1620 INIT_WORK(&local->rx_work, nfc_llcp_rx_work);
1622 INIT_WORK(&local->timeout_work, nfc_llcp_timeout_work);
1624 rwlock_init(&local->sockets.lock);
1625 rwlock_init(&local->connecting_sockets.lock);
1626 rwlock_init(&local->raw_sockets.lock);
1628 local->lto = 150; /* 1500 ms */
1629 local->rw = LLCP_MAX_RW;
1630 local->miux = cpu_to_be16(LLCP_MAX_MIUX);
1631 local->local_wks = 0x1; /* LLC Link Management */
1633 nfc_llcp_build_gb(local);
1635 local->remote_miu = LLCP_DEFAULT_MIU;
1636 local->remote_lto = LLCP_DEFAULT_LTO;
1638 mutex_init(&local->sdreq_lock);
1639 INIT_HLIST_HEAD(&local->pending_sdreqs);
1640 timer_setup(&local->sdreq_timer, nfc_llcp_sdreq_timer, 0);
1641 INIT_WORK(&local->sdreq_timeout_work, nfc_llcp_sdreq_timeout_work);
1643 spin_lock(&llcp_devices_lock);
1644 list_add(&local->list, &llcp_devices);
1645 spin_unlock(&llcp_devices_lock);
1650 void nfc_llcp_unregister_device(struct nfc_dev *dev)
1652 struct nfc_llcp_local *local = nfc_llcp_remove_local(dev);
1654 if (local == NULL) {
1655 pr_debug("No such device\n");
1659 local_cleanup(local);
1661 nfc_llcp_local_put(local);
1664 int __init nfc_llcp_init(void)
1666 return nfc_llcp_sock_init();
1669 void nfc_llcp_exit(void)
1671 nfc_llcp_sock_exit();
projects / releases.git / blob