1
// SPDX-License-Identifier: GPL-2.0-or-later
2
/*
3
 * Copyright (C) 2012  Intel Corporation. All rights reserved.
4
 */
5

6
#define pr_fmt(fmt) "hci: %s: " fmt, __func__
7

8
#include <linux/init.h>
9
#include <linux/kernel.h>
10
#include <linux/module.h>
11
#include <linux/nfc.h>
12

13
#include <net/nfc/nfc.h>
14
#include <net/nfc/hci.h>
15
#include <net/nfc/llc.h>
16

17
#include "hci.h"
18

19
/* Largest headroom needed for outgoing HCI commands */
20
#define HCI_CMDS_HEADROOM 1
21

22
int nfc_hci_result_to_errno(u8 result)
23
{
24
	switch (result) {
25
	case NFC_HCI_ANY_OK:
26
		return 0;
27
	case NFC_HCI_ANY_E_REG_PAR_UNKNOWN:
28
		return -EOPNOTSUPP;
29
	case NFC_HCI_ANY_E_TIMEOUT:
30
		return -ETIME;
31
	default:
32
		return -1;
33
	}
34
}
35
EXPORT_SYMBOL(nfc_hci_result_to_errno);
36

37
void nfc_hci_reset_pipes(struct nfc_hci_dev *hdev)
38
{
39
	int i = 0;
40

41
	for (i = 0; i < NFC_HCI_MAX_PIPES; i++) {
42
		hdev->pipes[i].gate = NFC_HCI_INVALID_GATE;
43
		hdev->pipes[i].dest_host = NFC_HCI_INVALID_HOST;
44
	}
45
	memset(hdev->gate2pipe, NFC_HCI_INVALID_PIPE, sizeof(hdev->gate2pipe));
46
}
47
EXPORT_SYMBOL(nfc_hci_reset_pipes);
48

49
void nfc_hci_reset_pipes_per_host(struct nfc_hci_dev *hdev, u8 host)
50
{
51
	int i = 0;
52

53
	for (i = 0; i < NFC_HCI_MAX_PIPES; i++) {
54
		if (hdev->pipes[i].dest_host != host)
55
			continue;
56

57
		hdev->pipes[i].gate = NFC_HCI_INVALID_GATE;
58
		hdev->pipes[i].dest_host = NFC_HCI_INVALID_HOST;
59
	}
60
}
61
EXPORT_SYMBOL(nfc_hci_reset_pipes_per_host);
62

63
static void nfc_hci_msg_tx_work(struct work_struct *work)
64
{
65
	struct nfc_hci_dev *hdev = container_of(work, struct nfc_hci_dev,
66
						msg_tx_work);
67
	struct hci_msg *msg;
68
	struct sk_buff *skb;
69
	int r = 0;
70

71
	mutex_lock(&hdev->msg_tx_mutex);
72
	if (hdev->shutting_down)
73
		goto exit;
74

75
	if (hdev->cmd_pending_msg) {
76
		if (timer_pending(&hdev->cmd_timer) == 0) {
77
			if (hdev->cmd_pending_msg->cb)
78
				hdev->cmd_pending_msg->cb(hdev->
79
							  cmd_pending_msg->
80
							  cb_context,
81
							  NULL,
82
							  -ETIME);
83
			kfree(hdev->cmd_pending_msg);
84
			hdev->cmd_pending_msg = NULL;
85
		} else {
86
			goto exit;
87
		}
88
	}
89

90
next_msg:
91
	if (list_empty(&hdev->msg_tx_queue))
92
		goto exit;
93

94
	msg = list_first_entry(&hdev->msg_tx_queue, struct hci_msg, msg_l);
95
	list_del(&msg->msg_l);
96

97
	pr_debug("msg_tx_queue has a cmd to send\n");
98
	while ((skb = skb_dequeue(&msg->msg_frags)) != NULL) {
99
		r = nfc_llc_xmit_from_hci(hdev->llc, skb);
100
		if (r < 0) {
101
			kfree_skb(skb);
102
			skb_queue_purge(&msg->msg_frags);
103
			if (msg->cb)
104
				msg->cb(msg->cb_context, NULL, r);
105
			kfree(msg);
106
			break;
107
		}
108
	}
109

110
	if (r)
111
		goto next_msg;
112

113
	if (msg->wait_response == false) {
114
		kfree(msg);
115
		goto next_msg;
116
	}
117

118
	hdev->cmd_pending_msg = msg;
119
	mod_timer(&hdev->cmd_timer, jiffies +
120
		  msecs_to_jiffies(hdev->cmd_pending_msg->completion_delay));
121

122
exit:
123
	mutex_unlock(&hdev->msg_tx_mutex);
124
}
125

126
static void nfc_hci_msg_rx_work(struct work_struct *work)
127
{
128
	struct nfc_hci_dev *hdev = container_of(work, struct nfc_hci_dev,
129
						msg_rx_work);
130
	struct sk_buff *skb;
131
	const struct hcp_message *message;
132
	u8 pipe;
133
	u8 type;
134
	u8 instruction;
135

136
	while ((skb = skb_dequeue(&hdev->msg_rx_queue)) != NULL) {
137
		pipe = skb->data[0];
138
		skb_pull(skb, NFC_HCI_HCP_PACKET_HEADER_LEN);
139
		message = (struct hcp_message *)skb->data;
140
		type = HCP_MSG_GET_TYPE(message->header);
141
		instruction = HCP_MSG_GET_CMD(message->header);
142
		skb_pull(skb, NFC_HCI_HCP_MESSAGE_HEADER_LEN);
143

144
		nfc_hci_hcp_message_rx(hdev, pipe, type, instruction, skb);
145
	}
146
}
147

148
static void __nfc_hci_cmd_completion(struct nfc_hci_dev *hdev, int err,
149
				     struct sk_buff *skb)
150
{
151
	timer_delete_sync(&hdev->cmd_timer);
152

153
	if (hdev->cmd_pending_msg->cb)
154
		hdev->cmd_pending_msg->cb(hdev->cmd_pending_msg->cb_context,
155
					  skb, err);
156
	else
157
		kfree_skb(skb);
158

159
	kfree(hdev->cmd_pending_msg);
160
	hdev->cmd_pending_msg = NULL;
161

162
	schedule_work(&hdev->msg_tx_work);
163
}
164

165
void nfc_hci_resp_received(struct nfc_hci_dev *hdev, u8 result,
166
			   struct sk_buff *skb)
167
{
168
	mutex_lock(&hdev->msg_tx_mutex);
169

170
	if (hdev->cmd_pending_msg == NULL) {
171
		kfree_skb(skb);
172
		goto exit;
173
	}
174

175
	__nfc_hci_cmd_completion(hdev, nfc_hci_result_to_errno(result), skb);
176

177
exit:
178
	mutex_unlock(&hdev->msg_tx_mutex);
179
}
180

181
void nfc_hci_cmd_received(struct nfc_hci_dev *hdev, u8 pipe, u8 cmd,
182
			  struct sk_buff *skb)
183
{
184
	u8 status = NFC_HCI_ANY_OK;
185
	const struct hci_create_pipe_resp *create_info;
186
	const struct hci_delete_pipe_noti *delete_info;
187
	const struct hci_all_pipe_cleared_noti *cleared_info;
188
	u8 gate;
189

190
	pr_debug("from pipe %x cmd %x\n", pipe, cmd);
191

192
	if (pipe >= NFC_HCI_MAX_PIPES) {
193
		status = NFC_HCI_ANY_E_NOK;
194
		goto exit;
195
	}
196

197
	gate = hdev->pipes[pipe].gate;
198

199
	switch (cmd) {
200
	case NFC_HCI_ADM_NOTIFY_PIPE_CREATED:
201
		if (skb->len != 5) {
202
			status = NFC_HCI_ANY_E_NOK;
203
			goto exit;
204
		}
205
		create_info = (struct hci_create_pipe_resp *)skb->data;
206

207
		if (create_info->pipe >= NFC_HCI_MAX_PIPES) {
208
			status = NFC_HCI_ANY_E_NOK;
209
			goto exit;
210
		}
211

212
		/* Save the new created pipe and bind with local gate,
213
		 * the description for skb->data[3] is destination gate id
214
		 * but since we received this cmd from host controller, we
215
		 * are the destination and it is our local gate
216
		 */
217
		hdev->gate2pipe[create_info->dest_gate] = create_info->pipe;
218
		hdev->pipes[create_info->pipe].gate = create_info->dest_gate;
219
		hdev->pipes[create_info->pipe].dest_host =
220
							create_info->src_host;
221
		break;
222
	case NFC_HCI_ANY_OPEN_PIPE:
223
		if (gate == NFC_HCI_INVALID_GATE) {
224
			status = NFC_HCI_ANY_E_NOK;
225
			goto exit;
226
		}
227
		break;
228
	case NFC_HCI_ADM_NOTIFY_PIPE_DELETED:
229
		if (skb->len != 1) {
230
			status = NFC_HCI_ANY_E_NOK;
231
			goto exit;
232
		}
233
		delete_info = (struct hci_delete_pipe_noti *)skb->data;
234

235
		if (delete_info->pipe >= NFC_HCI_MAX_PIPES) {
236
			status = NFC_HCI_ANY_E_NOK;
237
			goto exit;
238
		}
239

240
		hdev->pipes[delete_info->pipe].gate = NFC_HCI_INVALID_GATE;
241
		hdev->pipes[delete_info->pipe].dest_host = NFC_HCI_INVALID_HOST;
242
		break;
243
	case NFC_HCI_ADM_NOTIFY_ALL_PIPE_CLEARED:
244
		if (skb->len != 1) {
245
			status = NFC_HCI_ANY_E_NOK;
246
			goto exit;
247
		}
248
		cleared_info = (struct hci_all_pipe_cleared_noti *)skb->data;
249

250
		nfc_hci_reset_pipes_per_host(hdev, cleared_info->host);
251
		break;
252
	default:
253
		pr_info("Discarded unknown cmd %x to gate %x\n", cmd, gate);
254
		break;
255
	}
256

257
	if (hdev->ops->cmd_received)
258
		hdev->ops->cmd_received(hdev, pipe, cmd, skb);
259

260
exit:
261
	nfc_hci_hcp_message_tx(hdev, pipe, NFC_HCI_HCP_RESPONSE,
262
			       status, NULL, 0, NULL, NULL, 0);
263

264
	kfree_skb(skb);
265
}
266

267
u32 nfc_hci_sak_to_protocol(u8 sak)
268
{
269
	switch (NFC_HCI_TYPE_A_SEL_PROT(sak)) {
270
	case NFC_HCI_TYPE_A_SEL_PROT_MIFARE:
271
		return NFC_PROTO_MIFARE_MASK;
272
	case NFC_HCI_TYPE_A_SEL_PROT_ISO14443:
273
		return NFC_PROTO_ISO14443_MASK;
274
	case NFC_HCI_TYPE_A_SEL_PROT_DEP:
275
		return NFC_PROTO_NFC_DEP_MASK;
276
	case NFC_HCI_TYPE_A_SEL_PROT_ISO14443_DEP:
277
		return NFC_PROTO_ISO14443_MASK | NFC_PROTO_NFC_DEP_MASK;
278
	default:
279
		return 0xffffffff;
280
	}
281
}
282
EXPORT_SYMBOL(nfc_hci_sak_to_protocol);
283

284
int nfc_hci_target_discovered(struct nfc_hci_dev *hdev, u8 gate)
285
{
286
	struct nfc_target *targets;
287
	struct sk_buff *atqa_skb = NULL;
288
	struct sk_buff *sak_skb = NULL;
289
	struct sk_buff *uid_skb = NULL;
290
	int r;
291

292
	pr_debug("from gate %d\n", gate);
293

294
	targets = kzalloc(sizeof(struct nfc_target), GFP_KERNEL);
295
	if (targets == NULL)
296
		return -ENOMEM;
297

298
	switch (gate) {
299
	case NFC_HCI_RF_READER_A_GATE:
300
		r = nfc_hci_get_param(hdev, NFC_HCI_RF_READER_A_GATE,
301
				      NFC_HCI_RF_READER_A_ATQA, &atqa_skb);
302
		if (r < 0)
303
			goto exit;
304

305
		r = nfc_hci_get_param(hdev, NFC_HCI_RF_READER_A_GATE,
306
				      NFC_HCI_RF_READER_A_SAK, &sak_skb);
307
		if (r < 0)
308
			goto exit;
309

310
		if (atqa_skb->len != 2 || sak_skb->len != 1) {
311
			r = -EPROTO;
312
			goto exit;
313
		}
314

315
		targets->supported_protocols =
316
				nfc_hci_sak_to_protocol(sak_skb->data[0]);
317
		if (targets->supported_protocols == 0xffffffff) {
318
			r = -EPROTO;
319
			goto exit;
320
		}
321

322
		targets->sens_res = be16_to_cpu(*(__be16 *)atqa_skb->data);
323
		targets->sel_res = sak_skb->data[0];
324

325
		r = nfc_hci_get_param(hdev, NFC_HCI_RF_READER_A_GATE,
326
				      NFC_HCI_RF_READER_A_UID, &uid_skb);
327
		if (r < 0)
328
			goto exit;
329

330
		if (uid_skb->len == 0 || uid_skb->len > NFC_NFCID1_MAXSIZE) {
331
			r = -EPROTO;
332
			goto exit;
333
		}
334

335
		memcpy(targets->nfcid1, uid_skb->data, uid_skb->len);
336
		targets->nfcid1_len = uid_skb->len;
337

338
		if (hdev->ops->complete_target_discovered) {
339
			r = hdev->ops->complete_target_discovered(hdev, gate,
340
								  targets);
341
			if (r < 0)
342
				goto exit;
343
		}
344
		break;
345
	case NFC_HCI_RF_READER_B_GATE:
346
		targets->supported_protocols = NFC_PROTO_ISO14443_B_MASK;
347
		break;
348
	default:
349
		if (hdev->ops->target_from_gate)
350
			r = hdev->ops->target_from_gate(hdev, gate, targets);
351
		else
352
			r = -EPROTO;
353
		if (r < 0)
354
			goto exit;
355

356
		if (hdev->ops->complete_target_discovered) {
357
			r = hdev->ops->complete_target_discovered(hdev, gate,
358
								  targets);
359
			if (r < 0)
360
				goto exit;
361
		}
362
		break;
363
	}
364

365
	/* if driver set the new gate, we will skip the old one */
366
	if (targets->hci_reader_gate == 0x00)
367
		targets->hci_reader_gate = gate;
368

369
	r = nfc_targets_found(hdev->ndev, targets, 1);
370

371
exit:
372
	kfree(targets);
373
	kfree_skb(atqa_skb);
374
	kfree_skb(sak_skb);
375
	kfree_skb(uid_skb);
376

377
	return r;
378
}
379
EXPORT_SYMBOL(nfc_hci_target_discovered);
380

381
void nfc_hci_event_received(struct nfc_hci_dev *hdev, u8 pipe, u8 event,
382
			    struct sk_buff *skb)
383
{
384
	int r = 0;
385
	u8 gate;
386

387
	if (pipe >= NFC_HCI_MAX_PIPES) {
388
		pr_err("Discarded event %x to invalid pipe %x\n", event, pipe);
389
		goto exit;
390
	}
391

392
	gate = hdev->pipes[pipe].gate;
393
	if (gate == NFC_HCI_INVALID_GATE) {
394
		pr_err("Discarded event %x to unopened pipe %x\n", event, pipe);
395
		goto exit;
396
	}
397

398
	if (hdev->ops->event_received) {
399
		r = hdev->ops->event_received(hdev, pipe, event, skb);
400
		if (r <= 0)
401
			goto exit_noskb;
402
	}
403

404
	switch (event) {
405
	case NFC_HCI_EVT_TARGET_DISCOVERED:
406
		if (skb->len < 1) {	/* no status data? */
407
			r = -EPROTO;
408
			goto exit;
409
		}
410

411
		if (skb->data[0] == 3) {
412
			/* TODO: Multiple targets in field, none activated
413
			 * poll is supposedly stopped, but there is no
414
			 * single target to activate, so nothing to report
415
			 * up.
416
			 * if we need to restart poll, we must save the
417
			 * protocols from the initial poll and reuse here.
418
			 */
419
		}
420

421
		if (skb->data[0] != 0) {
422
			r = -EPROTO;
423
			goto exit;
424
		}
425

426
		r = nfc_hci_target_discovered(hdev, gate);
427
		break;
428
	default:
429
		pr_info("Discarded unknown event %x to gate %x\n", event, gate);
430
		r = -EINVAL;
431
		break;
432
	}
433

434
exit:
435
	kfree_skb(skb);
436

437
exit_noskb:
438
	if (r)
439
		nfc_hci_driver_failure(hdev, r);
440
}
441

442
static void nfc_hci_cmd_timeout(struct timer_list *t)
443
{
444
	struct nfc_hci_dev *hdev = timer_container_of(hdev, t, cmd_timer);
445

446
	schedule_work(&hdev->msg_tx_work);
447
}
448

449
static int hci_dev_connect_gates(struct nfc_hci_dev *hdev, u8 gate_count,
450
				 const struct nfc_hci_gate *gates)
451
{
452
	int r;
453
	while (gate_count--) {
454
		r = nfc_hci_connect_gate(hdev, NFC_HCI_HOST_CONTROLLER_ID,
455
					 gates->gate, gates->pipe);
456
		if (r < 0)
457
			return r;
458
		gates++;
459
	}
460

461
	return 0;
462
}
463

464
static int hci_dev_session_init(struct nfc_hci_dev *hdev)
465
{
466
	struct sk_buff *skb = NULL;
467
	int r;
468

469
	if (hdev->init_data.gates[0].gate != NFC_HCI_ADMIN_GATE)
470
		return -EPROTO;
471

472
	r = nfc_hci_connect_gate(hdev, NFC_HCI_HOST_CONTROLLER_ID,
473
				 hdev->init_data.gates[0].gate,
474
				 hdev->init_data.gates[0].pipe);
475
	if (r < 0)
476
		goto exit;
477

478
	r = nfc_hci_get_param(hdev, NFC_HCI_ADMIN_GATE,
479
			      NFC_HCI_ADMIN_SESSION_IDENTITY, &skb);
480
	if (r < 0)
481
		goto disconnect_all;
482

483
	if (skb->len && skb->len == strlen(hdev->init_data.session_id) &&
484
		(memcmp(hdev->init_data.session_id, skb->data,
485
			   skb->len) == 0) && hdev->ops->load_session) {
486
		/* Restore gate<->pipe table from some proprietary location. */
487

488
		r = hdev->ops->load_session(hdev);
489

490
		if (r < 0)
491
			goto disconnect_all;
492
	} else {
493

494
		r = nfc_hci_disconnect_all_gates(hdev);
495
		if (r < 0)
496
			goto exit;
497

498
		r = hci_dev_connect_gates(hdev, hdev->init_data.gate_count,
499
					  hdev->init_data.gates);
500
		if (r < 0)
501
			goto disconnect_all;
502

503
		r = nfc_hci_set_param(hdev, NFC_HCI_ADMIN_GATE,
504
				NFC_HCI_ADMIN_SESSION_IDENTITY,
505
				hdev->init_data.session_id,
506
				strlen(hdev->init_data.session_id));
507
	}
508
	if (r == 0)
509
		goto exit;
510

511
disconnect_all:
512
	nfc_hci_disconnect_all_gates(hdev);
513

514
exit:
515
	kfree_skb(skb);
516

517
	return r;
518
}
519

520
static int hci_dev_version(struct nfc_hci_dev *hdev)
521
{
522
	int r;
523
	struct sk_buff *skb;
524

525
	r = nfc_hci_get_param(hdev, NFC_HCI_ID_MGMT_GATE,
526
			      NFC_HCI_ID_MGMT_VERSION_SW, &skb);
527
	if (r == -EOPNOTSUPP) {
528
		pr_info("Software/Hardware info not available\n");
529
		return 0;
530
	}
531
	if (r < 0)
532
		return r;
533

534
	if (skb->len != 3) {
535
		kfree_skb(skb);
536
		return -EINVAL;
537
	}
538

539
	hdev->sw_romlib = (skb->data[0] & 0xf0) >> 4;
540
	hdev->sw_patch = skb->data[0] & 0x0f;
541
	hdev->sw_flashlib_major = skb->data[1];
542
	hdev->sw_flashlib_minor = skb->data[2];
543

544
	kfree_skb(skb);
545

546
	r = nfc_hci_get_param(hdev, NFC_HCI_ID_MGMT_GATE,
547
			      NFC_HCI_ID_MGMT_VERSION_HW, &skb);
548
	if (r < 0)
549
		return r;
550

551
	if (skb->len != 3) {
552
		kfree_skb(skb);
553
		return -EINVAL;
554
	}
555

556
	hdev->hw_derivative = (skb->data[0] & 0xe0) >> 5;
557
	hdev->hw_version = skb->data[0] & 0x1f;
558
	hdev->hw_mpw = (skb->data[1] & 0xc0) >> 6;
559
	hdev->hw_software = skb->data[1] & 0x3f;
560
	hdev->hw_bsid = skb->data[2];
561

562
	kfree_skb(skb);
563

564
	pr_info("SOFTWARE INFO:\n");
565
	pr_info("RomLib         : %d\n", hdev->sw_romlib);
566
	pr_info("Patch          : %d\n", hdev->sw_patch);
567
	pr_info("FlashLib Major : %d\n", hdev->sw_flashlib_major);
568
	pr_info("FlashLib Minor : %d\n", hdev->sw_flashlib_minor);
569
	pr_info("HARDWARE INFO:\n");
570
	pr_info("Derivative     : %d\n", hdev->hw_derivative);
571
	pr_info("HW Version     : %d\n", hdev->hw_version);
572
	pr_info("#MPW           : %d\n", hdev->hw_mpw);
573
	pr_info("Software       : %d\n", hdev->hw_software);
574
	pr_info("BSID Version   : %d\n", hdev->hw_bsid);
575

576
	return 0;
577
}
578

579
static int hci_dev_up(struct nfc_dev *nfc_dev)
580
{
581
	struct nfc_hci_dev *hdev = nfc_get_drvdata(nfc_dev);
582
	int r = 0;
583

584
	if (hdev->ops->open) {
585
		r = hdev->ops->open(hdev);
586
		if (r < 0)
587
			return r;
588
	}
589

590
	r = nfc_llc_start(hdev->llc);
591
	if (r < 0)
592
		goto exit_close;
593

594
	r = hci_dev_session_init(hdev);
595
	if (r < 0)
596
		goto exit_llc;
597

598
	r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
599
			       NFC_HCI_EVT_END_OPERATION, NULL, 0);
600
	if (r < 0)
601
		goto exit_llc;
602

603
	if (hdev->ops->hci_ready) {
604
		r = hdev->ops->hci_ready(hdev);
605
		if (r < 0)
606
			goto exit_llc;
607
	}
608

609
	r = hci_dev_version(hdev);
610
	if (r < 0)
611
		goto exit_llc;
612

613
	return 0;
614

615
exit_llc:
616
	nfc_llc_stop(hdev->llc);
617

618
exit_close:
619
	if (hdev->ops->close)
620
		hdev->ops->close(hdev);
621

622
	return r;
623
}
624

625
static int hci_dev_down(struct nfc_dev *nfc_dev)
626
{
627
	struct nfc_hci_dev *hdev = nfc_get_drvdata(nfc_dev);
628

629
	nfc_llc_stop(hdev->llc);
630

631
	if (hdev->ops->close)
632
		hdev->ops->close(hdev);
633

634
	nfc_hci_reset_pipes(hdev);
635

636
	return 0;
637
}
638

639
static int hci_start_poll(struct nfc_dev *nfc_dev,
640
			  u32 im_protocols, u32 tm_protocols)
641
{
642
	struct nfc_hci_dev *hdev = nfc_get_drvdata(nfc_dev);
643

644
	if (hdev->ops->start_poll)
645
		return hdev->ops->start_poll(hdev, im_protocols, tm_protocols);
646
	else
647
		return nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
648
					  NFC_HCI_EVT_READER_REQUESTED,
649
					  NULL, 0);
650
}
651

652
static void hci_stop_poll(struct nfc_dev *nfc_dev)
653
{
654
	struct nfc_hci_dev *hdev = nfc_get_drvdata(nfc_dev);
655

656
	if (hdev->ops->stop_poll)
657
		hdev->ops->stop_poll(hdev);
658
	else
659
		nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
660
				   NFC_HCI_EVT_END_OPERATION, NULL, 0);
661
}
662

663
static int hci_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
664
				__u8 comm_mode, __u8 *gb, size_t gb_len)
665
{
666
	struct nfc_hci_dev *hdev = nfc_get_drvdata(nfc_dev);
667

668
	if (!hdev->ops->dep_link_up)
669
		return 0;
670

671
	return hdev->ops->dep_link_up(hdev, target, comm_mode,
672
				      gb, gb_len);
673
}
674

675
static int hci_dep_link_down(struct nfc_dev *nfc_dev)
676
{
677
	struct nfc_hci_dev *hdev = nfc_get_drvdata(nfc_dev);
678

679
	if (!hdev->ops->dep_link_down)
680
		return 0;
681

682
	return hdev->ops->dep_link_down(hdev);
683
}
684

685
static int hci_activate_target(struct nfc_dev *nfc_dev,
686
			       struct nfc_target *target, u32 protocol)
687
{
688
	return 0;
689
}
690

691
static void hci_deactivate_target(struct nfc_dev *nfc_dev,
692
				  struct nfc_target *target,
693
				  u8 mode)
694
{
695
}
696

697
#define HCI_CB_TYPE_TRANSCEIVE 1
698

699
static void hci_transceive_cb(void *context, struct sk_buff *skb, int err)
700
{
701
	struct nfc_hci_dev *hdev = context;
702

703
	switch (hdev->async_cb_type) {
704
	case HCI_CB_TYPE_TRANSCEIVE:
705
		/*
706
		 * TODO: Check RF Error indicator to make sure data is valid.
707
		 * It seems that HCI cmd can complete without error, but data
708
		 * can be invalid if an RF error occurred? Ignore for now.
709
		 */
710
		if (err == 0)
711
			skb_trim(skb, skb->len - 1); /* RF Err ind */
712

713
		hdev->async_cb(hdev->async_cb_context, skb, err);
714
		break;
715
	default:
716
		if (err == 0)
717
			kfree_skb(skb);
718
		break;
719
	}
720
}
721

722
static int hci_transceive(struct nfc_dev *nfc_dev, struct nfc_target *target,
723
			  struct sk_buff *skb, data_exchange_cb_t cb,
724
			  void *cb_context)
725
{
726
	struct nfc_hci_dev *hdev = nfc_get_drvdata(nfc_dev);
727
	int r;
728

729
	pr_debug("target_idx=%d\n", target->idx);
730

731
	switch (target->hci_reader_gate) {
732
	case NFC_HCI_RF_READER_A_GATE:
733
	case NFC_HCI_RF_READER_B_GATE:
734
		if (hdev->ops->im_transceive) {
735
			r = hdev->ops->im_transceive(hdev, target, skb, cb,
736
						     cb_context);
737
			if (r <= 0)	/* handled */
738
				break;
739
		}
740

741
		*(u8 *)skb_push(skb, 1) = 0;	/* CTR, see spec:10.2.2.1 */
742

743
		hdev->async_cb_type = HCI_CB_TYPE_TRANSCEIVE;
744
		hdev->async_cb = cb;
745
		hdev->async_cb_context = cb_context;
746

747
		r = nfc_hci_send_cmd_async(hdev, target->hci_reader_gate,
748
					   NFC_HCI_WR_XCHG_DATA, skb->data,
749
					   skb->len, hci_transceive_cb, hdev);
750
		break;
751
	default:
752
		if (hdev->ops->im_transceive) {
753
			r = hdev->ops->im_transceive(hdev, target, skb, cb,
754
						     cb_context);
755
			if (r == 1)
756
				r = -ENOTSUPP;
757
		} else {
758
			r = -ENOTSUPP;
759
		}
760
		break;
761
	}
762

763
	kfree_skb(skb);
764

765
	return r;
766
}
767

768
static int hci_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb)
769
{
770
	struct nfc_hci_dev *hdev = nfc_get_drvdata(nfc_dev);
771

772
	if (!hdev->ops->tm_send) {
773
		kfree_skb(skb);
774
		return -ENOTSUPP;
775
	}
776

777
	return hdev->ops->tm_send(hdev, skb);
778
}
779

780
static int hci_check_presence(struct nfc_dev *nfc_dev,
781
			      struct nfc_target *target)
782
{
783
	struct nfc_hci_dev *hdev = nfc_get_drvdata(nfc_dev);
784

785
	if (!hdev->ops->check_presence)
786
		return 0;
787

788
	return hdev->ops->check_presence(hdev, target);
789
}
790

791
static int hci_discover_se(struct nfc_dev *nfc_dev)
792
{
793
	struct nfc_hci_dev *hdev = nfc_get_drvdata(nfc_dev);
794

795
	if (hdev->ops->discover_se)
796
		return hdev->ops->discover_se(hdev);
797

798
	return 0;
799
}
800

801
static int hci_enable_se(struct nfc_dev *nfc_dev, u32 se_idx)
802
{
803
	struct nfc_hci_dev *hdev = nfc_get_drvdata(nfc_dev);
804

805
	if (hdev->ops->enable_se)
806
		return hdev->ops->enable_se(hdev, se_idx);
807

808
	return 0;
809
}
810

811
static int hci_disable_se(struct nfc_dev *nfc_dev, u32 se_idx)
812
{
813
	struct nfc_hci_dev *hdev = nfc_get_drvdata(nfc_dev);
814

815
	if (hdev->ops->disable_se)
816
		return hdev->ops->disable_se(hdev, se_idx);
817

818
	return 0;
819
}
820

821
static int hci_se_io(struct nfc_dev *nfc_dev, u32 se_idx,
822
		     u8 *apdu, size_t apdu_length,
823
		     se_io_cb_t cb, void *cb_context)
824
{
825
	struct nfc_hci_dev *hdev = nfc_get_drvdata(nfc_dev);
826

827
	if (hdev->ops->se_io)
828
		return hdev->ops->se_io(hdev, se_idx, apdu,
829
					apdu_length, cb, cb_context);
830

831
	return 0;
832
}
833

834
static void nfc_hci_failure(struct nfc_hci_dev *hdev, int err)
835
{
836
	mutex_lock(&hdev->msg_tx_mutex);
837

838
	if (hdev->cmd_pending_msg == NULL) {
839
		nfc_driver_failure(hdev->ndev, err);
840
		goto exit;
841
	}
842

843
	__nfc_hci_cmd_completion(hdev, err, NULL);
844

845
exit:
846
	mutex_unlock(&hdev->msg_tx_mutex);
847
}
848

849
static void nfc_hci_llc_failure(struct nfc_hci_dev *hdev, int err)
850
{
851
	nfc_hci_failure(hdev, err);
852
}
853

854
static void nfc_hci_recv_from_llc(struct nfc_hci_dev *hdev, struct sk_buff *skb)
855
{
856
	struct hcp_packet *packet;
857
	u8 type;
858
	u8 instruction;
859
	struct sk_buff *hcp_skb;
860
	u8 pipe;
861
	struct sk_buff *frag_skb;
862
	int msg_len;
863

864
	packet = (struct hcp_packet *)skb->data;
865
	if ((packet->header & ~NFC_HCI_FRAGMENT) == 0) {
866
		skb_queue_tail(&hdev->rx_hcp_frags, skb);
867
		return;
868
	}
869

870
	/* it's the last fragment. Does it need re-aggregation? */
871
	if (skb_queue_len(&hdev->rx_hcp_frags)) {
872
		pipe = packet->header & NFC_HCI_FRAGMENT;
873
		skb_queue_tail(&hdev->rx_hcp_frags, skb);
874

875
		msg_len = 0;
876
		skb_queue_walk(&hdev->rx_hcp_frags, frag_skb) {
877
			msg_len += (frag_skb->len -
878
				    NFC_HCI_HCP_PACKET_HEADER_LEN);
879
		}
880

881
		hcp_skb = nfc_alloc_recv_skb(NFC_HCI_HCP_PACKET_HEADER_LEN +
882
					     msg_len, GFP_KERNEL);
883
		if (hcp_skb == NULL) {
884
			nfc_hci_failure(hdev, -ENOMEM);
885
			return;
886
		}
887

888
		skb_put_u8(hcp_skb, pipe);
889

890
		skb_queue_walk(&hdev->rx_hcp_frags, frag_skb) {
891
			msg_len = frag_skb->len - NFC_HCI_HCP_PACKET_HEADER_LEN;
892
			skb_put_data(hcp_skb,
893
				     frag_skb->data + NFC_HCI_HCP_PACKET_HEADER_LEN,
894
				     msg_len);
895
		}
896

897
		skb_queue_purge(&hdev->rx_hcp_frags);
898
	} else {
899
		packet->header &= NFC_HCI_FRAGMENT;
900
		hcp_skb = skb;
901
	}
902

903
	/* if this is a response, dispatch immediately to
904
	 * unblock waiting cmd context. Otherwise, enqueue to dispatch
905
	 * in separate context where handler can also execute command.
906
	 */
907
	packet = (struct hcp_packet *)hcp_skb->data;
908
	type = HCP_MSG_GET_TYPE(packet->message.header);
909
	if (type == NFC_HCI_HCP_RESPONSE) {
910
		pipe = packet->header;
911
		instruction = HCP_MSG_GET_CMD(packet->message.header);
912
		skb_pull(hcp_skb, NFC_HCI_HCP_PACKET_HEADER_LEN +
913
			 NFC_HCI_HCP_MESSAGE_HEADER_LEN);
914
		nfc_hci_hcp_message_rx(hdev, pipe, type, instruction, hcp_skb);
915
	} else {
916
		skb_queue_tail(&hdev->msg_rx_queue, hcp_skb);
917
		schedule_work(&hdev->msg_rx_work);
918
	}
919
}
920

921
static int hci_fw_download(struct nfc_dev *nfc_dev, const char *firmware_name)
922
{
923
	struct nfc_hci_dev *hdev = nfc_get_drvdata(nfc_dev);
924

925
	if (!hdev->ops->fw_download)
926
		return -ENOTSUPP;
927

928
	return hdev->ops->fw_download(hdev, firmware_name);
929
}
930

931
static const struct nfc_ops hci_nfc_ops = {
932
	.dev_up = hci_dev_up,
933
	.dev_down = hci_dev_down,
934
	.start_poll = hci_start_poll,
935
	.stop_poll = hci_stop_poll,
936
	.dep_link_up = hci_dep_link_up,
937
	.dep_link_down = hci_dep_link_down,
938
	.activate_target = hci_activate_target,
939
	.deactivate_target = hci_deactivate_target,
940
	.im_transceive = hci_transceive,
941
	.tm_send = hci_tm_send,
942
	.check_presence = hci_check_presence,
943
	.fw_download = hci_fw_download,
944
	.discover_se = hci_discover_se,
945
	.enable_se = hci_enable_se,
946
	.disable_se = hci_disable_se,
947
	.se_io = hci_se_io,
948
};
949

950
struct nfc_hci_dev *nfc_hci_allocate_device(const struct nfc_hci_ops *ops,
951
					    struct nfc_hci_init_data *init_data,
952
					    unsigned long quirks,
953
					    u32 protocols,
954
					    const char *llc_name,
955
					    int tx_headroom,
956
					    int tx_tailroom,
957
					    int max_link_payload)
958
{
959
	struct nfc_hci_dev *hdev;
960

961
	if (ops->xmit == NULL)
962
		return NULL;
963

964
	if (protocols == 0)
965
		return NULL;
966

967
	hdev = kzalloc(sizeof(struct nfc_hci_dev), GFP_KERNEL);
968
	if (hdev == NULL)
969
		return NULL;
970

971
	hdev->llc = nfc_llc_allocate(llc_name, hdev, ops->xmit,
972
				     nfc_hci_recv_from_llc, tx_headroom,
973
				     tx_tailroom, nfc_hci_llc_failure);
974
	if (hdev->llc == NULL) {
975
		kfree(hdev);
976
		return NULL;
977
	}
978

979
	hdev->ndev = nfc_allocate_device(&hci_nfc_ops, protocols,
980
					 tx_headroom + HCI_CMDS_HEADROOM,
981
					 tx_tailroom);
982
	if (!hdev->ndev) {
983
		nfc_llc_free(hdev->llc);
984
		kfree(hdev);
985
		return NULL;
986
	}
987

988
	hdev->ops = ops;
989
	hdev->max_data_link_payload = max_link_payload;
990
	hdev->init_data = *init_data;
991

992
	nfc_set_drvdata(hdev->ndev, hdev);
993

994
	nfc_hci_reset_pipes(hdev);
995

996
	hdev->quirks = quirks;
997

998
	return hdev;
999
}
1000
EXPORT_SYMBOL(nfc_hci_allocate_device);
1001

1002
void nfc_hci_free_device(struct nfc_hci_dev *hdev)
1003
{
1004
	nfc_free_device(hdev->ndev);
1005
	nfc_llc_free(hdev->llc);
1006
	kfree(hdev);
1007
}
1008
EXPORT_SYMBOL(nfc_hci_free_device);
1009

1010
int nfc_hci_register_device(struct nfc_hci_dev *hdev)
1011
{
1012
	mutex_init(&hdev->msg_tx_mutex);
1013

1014
	INIT_LIST_HEAD(&hdev->msg_tx_queue);
1015

1016
	INIT_WORK(&hdev->msg_tx_work, nfc_hci_msg_tx_work);
1017

1018
	timer_setup(&hdev->cmd_timer, nfc_hci_cmd_timeout, 0);
1019

1020
	skb_queue_head_init(&hdev->rx_hcp_frags);
1021

1022
	INIT_WORK(&hdev->msg_rx_work, nfc_hci_msg_rx_work);
1023

1024
	skb_queue_head_init(&hdev->msg_rx_queue);
1025

1026
	return nfc_register_device(hdev->ndev);
1027
}
1028
EXPORT_SYMBOL(nfc_hci_register_device);
1029

1030
void nfc_hci_unregister_device(struct nfc_hci_dev *hdev)
1031
{
1032
	struct hci_msg *msg, *n;
1033

1034
	mutex_lock(&hdev->msg_tx_mutex);
1035

1036
	if (hdev->cmd_pending_msg) {
1037
		if (hdev->cmd_pending_msg->cb)
1038
			hdev->cmd_pending_msg->cb(
1039
					     hdev->cmd_pending_msg->cb_context,
1040
					     NULL, -ESHUTDOWN);
1041
		kfree(hdev->cmd_pending_msg);
1042
		hdev->cmd_pending_msg = NULL;
1043
	}
1044

1045
	hdev->shutting_down = true;
1046

1047
	mutex_unlock(&hdev->msg_tx_mutex);
1048

1049
	timer_delete_sync(&hdev->cmd_timer);
1050
	cancel_work_sync(&hdev->msg_tx_work);
1051

1052
	cancel_work_sync(&hdev->msg_rx_work);
1053

1054
	nfc_unregister_device(hdev->ndev);
1055

1056
	skb_queue_purge(&hdev->rx_hcp_frags);
1057
	skb_queue_purge(&hdev->msg_rx_queue);
1058

1059
	list_for_each_entry_safe(msg, n, &hdev->msg_tx_queue, msg_l) {
1060
		list_del(&msg->msg_l);
1061
		skb_queue_purge(&msg->msg_frags);
1062
		kfree(msg);
1063
	}
1064
}
1065
EXPORT_SYMBOL(nfc_hci_unregister_device);
1066

1067
void nfc_hci_set_clientdata(struct nfc_hci_dev *hdev, void *clientdata)
1068
{
1069
	hdev->clientdata = clientdata;
1070
}
1071
EXPORT_SYMBOL(nfc_hci_set_clientdata);
1072

1073
void *nfc_hci_get_clientdata(struct nfc_hci_dev *hdev)
1074
{
1075
	return hdev->clientdata;
1076
}
1077
EXPORT_SYMBOL(nfc_hci_get_clientdata);
1078

1079
void nfc_hci_driver_failure(struct nfc_hci_dev *hdev, int err)
1080
{
1081
	nfc_hci_failure(hdev, err);
1082
}
1083
EXPORT_SYMBOL(nfc_hci_driver_failure);
1084

1085
void nfc_hci_recv_frame(struct nfc_hci_dev *hdev, struct sk_buff *skb)
1086
{
1087
	nfc_llc_rcv_from_drv(hdev->llc, skb);
1088
}
1089
EXPORT_SYMBOL(nfc_hci_recv_frame);
1090

1091
static int __init nfc_hci_init(void)
1092
{
1093
	return nfc_llc_init();
1094
}
1095

1096
static void __exit nfc_hci_exit(void)
1097
{
1098
	nfc_llc_exit();
1099
}
1100

1101
subsys_initcall(nfc_hci_init);
1102
module_exit(nfc_hci_exit);
1103

1104
MODULE_LICENSE("GPL");
1105
MODULE_DESCRIPTION("NFC HCI Core");
1106

1107