llcp_core.c (34768B)
1// SPDX-License-Identifier: GPL-2.0-or-later 2/* 3 * Copyright (C) 2011 Intel Corporation. All rights reserved. 4 * Copyright (C) 2014 Marvell International Ltd. 5 */ 6 7#define pr_fmt(fmt) "llcp: %s: " fmt, __func__ 8 9#include <linux/init.h> 10#include <linux/kernel.h> 11#include <linux/list.h> 12#include <linux/nfc.h> 13 14#include "nfc.h" 15#include "llcp.h" 16 17static u8 llcp_magic[3] = {0x46, 0x66, 0x6d}; 18 19static LIST_HEAD(llcp_devices); 20 21static void nfc_llcp_rx_skb(struct nfc_llcp_local *local, struct sk_buff *skb); 22 23void nfc_llcp_sock_link(struct llcp_sock_list *l, struct sock *sk) 24{ 25 write_lock(&l->lock); 26 sk_add_node(sk, &l->head); 27 write_unlock(&l->lock); 28} 29 30void nfc_llcp_sock_unlink(struct llcp_sock_list *l, struct sock *sk) 31{ 32 write_lock(&l->lock); 33 sk_del_node_init(sk); 34 write_unlock(&l->lock); 35} 36 37void nfc_llcp_socket_remote_param_init(struct nfc_llcp_sock *sock) 38{ 39 sock->remote_rw = LLCP_DEFAULT_RW; 40 sock->remote_miu = LLCP_MAX_MIU + 1; 41} 42 43static void nfc_llcp_socket_purge(struct nfc_llcp_sock *sock) 44{ 45 struct nfc_llcp_local *local = sock->local; 46 struct sk_buff *s, *tmp; 47 48 skb_queue_purge(&sock->tx_queue); 49 skb_queue_purge(&sock->tx_pending_queue); 50 51 if (local == NULL) 52 return; 53 54 /* Search for local pending SKBs that are related to this socket */ 55 skb_queue_walk_safe(&local->tx_queue, s, tmp) { 56 if (s->sk != &sock->sk) 57 continue; 58 59 skb_unlink(s, &local->tx_queue); 60 kfree_skb(s); 61 } 62} 63 64static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool device, 65 int err) 66{ 67 struct sock *sk; 68 struct hlist_node *tmp; 69 struct nfc_llcp_sock *llcp_sock; 70 71 skb_queue_purge(&local->tx_queue); 72 73 write_lock(&local->sockets.lock); 74 75 sk_for_each_safe(sk, tmp, &local->sockets.head) { 76 llcp_sock = nfc_llcp_sock(sk); 77 78 bh_lock_sock(sk); 79 80 nfc_llcp_socket_purge(llcp_sock); 81 82 if (sk->sk_state == LLCP_CONNECTED) 83 nfc_put_device(llcp_sock->dev); 84 85 if (sk->sk_state == LLCP_LISTEN) { 86 struct nfc_llcp_sock *lsk, *n; 87 struct sock *accept_sk; 88 89 list_for_each_entry_safe(lsk, n, 90 &llcp_sock->accept_queue, 91 accept_queue) { 92 accept_sk = &lsk->sk; 93 bh_lock_sock(accept_sk); 94 95 nfc_llcp_accept_unlink(accept_sk); 96 97 if (err) 98 accept_sk->sk_err = err; 99 accept_sk->sk_state = LLCP_CLOSED; 100 accept_sk->sk_state_change(sk); 101 102 bh_unlock_sock(accept_sk); 103 } 104 } 105 106 if (err) 107 sk->sk_err = err; 108 sk->sk_state = LLCP_CLOSED; 109 sk->sk_state_change(sk); 110 111 bh_unlock_sock(sk); 112 113 sk_del_node_init(sk); 114 } 115 116 write_unlock(&local->sockets.lock); 117 118 /* If we still have a device, we keep the RAW sockets alive */ 119 if (device == true) 120 return; 121 122 write_lock(&local->raw_sockets.lock); 123 124 sk_for_each_safe(sk, tmp, &local->raw_sockets.head) { 125 llcp_sock = nfc_llcp_sock(sk); 126 127 bh_lock_sock(sk); 128 129 nfc_llcp_socket_purge(llcp_sock); 130 131 if (err) 132 sk->sk_err = err; 133 sk->sk_state = LLCP_CLOSED; 134 sk->sk_state_change(sk); 135 136 bh_unlock_sock(sk); 137 138 sk_del_node_init(sk); 139 } 140 141 write_unlock(&local->raw_sockets.lock); 142} 143 144struct nfc_llcp_local *nfc_llcp_local_get(struct nfc_llcp_local *local) 145{ 146 kref_get(&local->ref); 147 148 return local; 149} 150 151static void local_cleanup(struct nfc_llcp_local *local) 152{ 153 nfc_llcp_socket_release(local, false, ENXIO); 154 del_timer_sync(&local->link_timer); 155 skb_queue_purge(&local->tx_queue); 156 cancel_work_sync(&local->tx_work); 157 cancel_work_sync(&local->rx_work); 158 cancel_work_sync(&local->timeout_work); 159 kfree_skb(local->rx_pending); 160 del_timer_sync(&local->sdreq_timer); 161 cancel_work_sync(&local->sdreq_timeout_work); 162 nfc_llcp_free_sdp_tlv_list(&local->pending_sdreqs); 163} 164 165static void local_release(struct kref *ref) 166{ 167 struct nfc_llcp_local *local; 168 169 local = container_of(ref, struct nfc_llcp_local, ref); 170 171 list_del(&local->list); 172 local_cleanup(local); 173 kfree(local); 174} 175 176int nfc_llcp_local_put(struct nfc_llcp_local *local) 177{ 178 if (local == NULL) 179 return 0; 180 181 return kref_put(&local->ref, local_release); 182} 183 184static struct nfc_llcp_sock *nfc_llcp_sock_get(struct nfc_llcp_local *local, 185 u8 ssap, u8 dsap) 186{ 187 struct sock *sk; 188 struct nfc_llcp_sock *llcp_sock, *tmp_sock; 189 190 pr_debug("ssap dsap %d %d\n", ssap, dsap); 191 192 if (ssap == 0 && dsap == 0) 193 return NULL; 194 195 read_lock(&local->sockets.lock); 196 197 llcp_sock = NULL; 198 199 sk_for_each(sk, &local->sockets.head) { 200 tmp_sock = nfc_llcp_sock(sk); 201 202 if (tmp_sock->ssap == ssap && tmp_sock->dsap == dsap) { 203 llcp_sock = tmp_sock; 204 break; 205 } 206 } 207 208 read_unlock(&local->sockets.lock); 209 210 if (llcp_sock == NULL) 211 return NULL; 212 213 sock_hold(&llcp_sock->sk); 214 215 return llcp_sock; 216} 217 218static void nfc_llcp_sock_put(struct nfc_llcp_sock *sock) 219{ 220 sock_put(&sock->sk); 221} 222 223static void nfc_llcp_timeout_work(struct work_struct *work) 224{ 225 struct nfc_llcp_local *local = container_of(work, struct nfc_llcp_local, 226 timeout_work); 227 228 nfc_dep_link_down(local->dev); 229} 230 231static void nfc_llcp_symm_timer(struct timer_list *t) 232{ 233 struct nfc_llcp_local *local = from_timer(local, t, link_timer); 234 235 pr_err("SYMM timeout\n"); 236 237 schedule_work(&local->timeout_work); 238} 239 240static void nfc_llcp_sdreq_timeout_work(struct work_struct *work) 241{ 242 unsigned long time; 243 HLIST_HEAD(nl_sdres_list); 244 struct hlist_node *n; 245 struct nfc_llcp_sdp_tlv *sdp; 246 struct nfc_llcp_local *local = container_of(work, struct nfc_llcp_local, 247 sdreq_timeout_work); 248 249 mutex_lock(&local->sdreq_lock); 250 251 time = jiffies - msecs_to_jiffies(3 * local->remote_lto); 252 253 hlist_for_each_entry_safe(sdp, n, &local->pending_sdreqs, node) { 254 if (time_after(sdp->time, time)) 255 continue; 256 257 sdp->sap = LLCP_SDP_UNBOUND; 258 259 hlist_del(&sdp->node); 260 261 hlist_add_head(&sdp->node, &nl_sdres_list); 262 } 263 264 if (!hlist_empty(&local->pending_sdreqs)) 265 mod_timer(&local->sdreq_timer, 266 jiffies + msecs_to_jiffies(3 * local->remote_lto)); 267 268 mutex_unlock(&local->sdreq_lock); 269 270 if (!hlist_empty(&nl_sdres_list)) 271 nfc_genl_llc_send_sdres(local->dev, &nl_sdres_list); 272} 273 274static void nfc_llcp_sdreq_timer(struct timer_list *t) 275{ 276 struct nfc_llcp_local *local = from_timer(local, t, sdreq_timer); 277 278 schedule_work(&local->sdreq_timeout_work); 279} 280 281struct nfc_llcp_local *nfc_llcp_find_local(struct nfc_dev *dev) 282{ 283 struct nfc_llcp_local *local; 284 285 list_for_each_entry(local, &llcp_devices, list) 286 if (local->dev == dev) 287 return local; 288 289 pr_debug("No device found\n"); 290 291 return NULL; 292} 293 294static char *wks[] = { 295 NULL, 296 NULL, /* SDP */ 297 "urn:nfc:sn:ip", 298 "urn:nfc:sn:obex", 299 "urn:nfc:sn:snep", 300}; 301 302static int nfc_llcp_wks_sap(const char *service_name, size_t service_name_len) 303{ 304 int sap, num_wks; 305 306 pr_debug("%s\n", service_name); 307 308 if (service_name == NULL) 309 return -EINVAL; 310 311 num_wks = ARRAY_SIZE(wks); 312 313 for (sap = 0; sap < num_wks; sap++) { 314 if (wks[sap] == NULL) 315 continue; 316 317 if (strncmp(wks[sap], service_name, service_name_len) == 0) 318 return sap; 319 } 320 321 return -EINVAL; 322} 323 324static 325struct nfc_llcp_sock *nfc_llcp_sock_from_sn(struct nfc_llcp_local *local, 326 const u8 *sn, size_t sn_len) 327{ 328 struct sock *sk; 329 struct nfc_llcp_sock *llcp_sock, *tmp_sock; 330 331 pr_debug("sn %zd %p\n", sn_len, sn); 332 333 if (sn == NULL || sn_len == 0) 334 return NULL; 335 336 read_lock(&local->sockets.lock); 337 338 llcp_sock = NULL; 339 340 sk_for_each(sk, &local->sockets.head) { 341 tmp_sock = nfc_llcp_sock(sk); 342 343 pr_debug("llcp sock %p\n", tmp_sock); 344 345 if (tmp_sock->sk.sk_type == SOCK_STREAM && 346 tmp_sock->sk.sk_state != LLCP_LISTEN) 347 continue; 348 349 if (tmp_sock->sk.sk_type == SOCK_DGRAM && 350 tmp_sock->sk.sk_state != LLCP_BOUND) 351 continue; 352 353 if (tmp_sock->service_name == NULL || 354 tmp_sock->service_name_len == 0) 355 continue; 356 357 if (tmp_sock->service_name_len != sn_len) 358 continue; 359 360 if (memcmp(sn, tmp_sock->service_name, sn_len) == 0) { 361 llcp_sock = tmp_sock; 362 break; 363 } 364 } 365 366 read_unlock(&local->sockets.lock); 367 368 pr_debug("Found llcp sock %p\n", llcp_sock); 369 370 return llcp_sock; 371} 372 373u8 nfc_llcp_get_sdp_ssap(struct nfc_llcp_local *local, 374 struct nfc_llcp_sock *sock) 375{ 376 mutex_lock(&local->sdp_lock); 377 378 if (sock->service_name != NULL && sock->service_name_len > 0) { 379 int ssap = nfc_llcp_wks_sap(sock->service_name, 380 sock->service_name_len); 381 382 if (ssap > 0) { 383 pr_debug("WKS %d\n", ssap); 384 385 /* This is a WKS, let's check if it's free */ 386 if (test_bit(ssap, &local->local_wks)) { 387 mutex_unlock(&local->sdp_lock); 388 389 return LLCP_SAP_MAX; 390 } 391 392 set_bit(ssap, &local->local_wks); 393 mutex_unlock(&local->sdp_lock); 394 395 return ssap; 396 } 397 398 /* 399 * Check if there already is a non WKS socket bound 400 * to this service name. 401 */ 402 if (nfc_llcp_sock_from_sn(local, sock->service_name, 403 sock->service_name_len) != NULL) { 404 mutex_unlock(&local->sdp_lock); 405 406 return LLCP_SAP_MAX; 407 } 408 409 mutex_unlock(&local->sdp_lock); 410 411 return LLCP_SDP_UNBOUND; 412 413 } else if (sock->ssap != 0 && sock->ssap < LLCP_WKS_NUM_SAP) { 414 if (!test_bit(sock->ssap, &local->local_wks)) { 415 set_bit(sock->ssap, &local->local_wks); 416 mutex_unlock(&local->sdp_lock); 417 418 return sock->ssap; 419 } 420 } 421 422 mutex_unlock(&local->sdp_lock); 423 424 return LLCP_SAP_MAX; 425} 426 427u8 nfc_llcp_get_local_ssap(struct nfc_llcp_local *local) 428{ 429 u8 local_ssap; 430 431 mutex_lock(&local->sdp_lock); 432 433 local_ssap = find_first_zero_bit(&local->local_sap, LLCP_LOCAL_NUM_SAP); 434 if (local_ssap == LLCP_LOCAL_NUM_SAP) { 435 mutex_unlock(&local->sdp_lock); 436 return LLCP_SAP_MAX; 437 } 438 439 set_bit(local_ssap, &local->local_sap); 440 441 mutex_unlock(&local->sdp_lock); 442 443 return local_ssap + LLCP_LOCAL_SAP_OFFSET; 444} 445 446void nfc_llcp_put_ssap(struct nfc_llcp_local *local, u8 ssap) 447{ 448 u8 local_ssap; 449 unsigned long *sdp; 450 451 if (ssap < LLCP_WKS_NUM_SAP) { 452 local_ssap = ssap; 453 sdp = &local->local_wks; 454 } else if (ssap < LLCP_LOCAL_NUM_SAP) { 455 atomic_t *client_cnt; 456 457 local_ssap = ssap - LLCP_WKS_NUM_SAP; 458 sdp = &local->local_sdp; 459 client_cnt = &local->local_sdp_cnt[local_ssap]; 460 461 pr_debug("%d clients\n", atomic_read(client_cnt)); 462 463 mutex_lock(&local->sdp_lock); 464 465 if (atomic_dec_and_test(client_cnt)) { 466 struct nfc_llcp_sock *l_sock; 467 468 pr_debug("No more clients for SAP %d\n", ssap); 469 470 clear_bit(local_ssap, sdp); 471 472 /* Find the listening sock and set it back to UNBOUND */ 473 l_sock = nfc_llcp_sock_get(local, ssap, LLCP_SAP_SDP); 474 if (l_sock) { 475 l_sock->ssap = LLCP_SDP_UNBOUND; 476 nfc_llcp_sock_put(l_sock); 477 } 478 } 479 480 mutex_unlock(&local->sdp_lock); 481 482 return; 483 } else if (ssap < LLCP_MAX_SAP) { 484 local_ssap = ssap - LLCP_LOCAL_NUM_SAP; 485 sdp = &local->local_sap; 486 } else { 487 return; 488 } 489 490 mutex_lock(&local->sdp_lock); 491 492 clear_bit(local_ssap, sdp); 493 494 mutex_unlock(&local->sdp_lock); 495} 496 497static u8 nfc_llcp_reserve_sdp_ssap(struct nfc_llcp_local *local) 498{ 499 u8 ssap; 500 501 mutex_lock(&local->sdp_lock); 502 503 ssap = find_first_zero_bit(&local->local_sdp, LLCP_SDP_NUM_SAP); 504 if (ssap == LLCP_SDP_NUM_SAP) { 505 mutex_unlock(&local->sdp_lock); 506 507 return LLCP_SAP_MAX; 508 } 509 510 pr_debug("SDP ssap %d\n", LLCP_WKS_NUM_SAP + ssap); 511 512 set_bit(ssap, &local->local_sdp); 513 514 mutex_unlock(&local->sdp_lock); 515 516 return LLCP_WKS_NUM_SAP + ssap; 517} 518 519static int nfc_llcp_build_gb(struct nfc_llcp_local *local) 520{ 521 u8 *gb_cur, version, version_length; 522 u8 lto_length, wks_length, miux_length; 523 const u8 *version_tlv = NULL, *lto_tlv = NULL, 524 *wks_tlv = NULL, *miux_tlv = NULL; 525 __be16 wks = cpu_to_be16(local->local_wks); 526 u8 gb_len = 0; 527 int ret = 0; 528 529 version = LLCP_VERSION_11; 530 version_tlv = nfc_llcp_build_tlv(LLCP_TLV_VERSION, &version, 531 1, &version_length); 532 if (!version_tlv) { 533 ret = -ENOMEM; 534 goto out; 535 } 536 gb_len += version_length; 537 538 lto_tlv = nfc_llcp_build_tlv(LLCP_TLV_LTO, &local->lto, 1, <o_length); 539 if (!lto_tlv) { 540 ret = -ENOMEM; 541 goto out; 542 } 543 gb_len += lto_length; 544 545 pr_debug("Local wks 0x%lx\n", local->local_wks); 546 wks_tlv = nfc_llcp_build_tlv(LLCP_TLV_WKS, (u8 *)&wks, 2, &wks_length); 547 if (!wks_tlv) { 548 ret = -ENOMEM; 549 goto out; 550 } 551 gb_len += wks_length; 552 553 miux_tlv = nfc_llcp_build_tlv(LLCP_TLV_MIUX, (u8 *)&local->miux, 0, 554 &miux_length); 555 if (!miux_tlv) { 556 ret = -ENOMEM; 557 goto out; 558 } 559 gb_len += miux_length; 560 561 gb_len += ARRAY_SIZE(llcp_magic); 562 563 if (gb_len > NFC_MAX_GT_LEN) { 564 ret = -EINVAL; 565 goto out; 566 } 567 568 gb_cur = local->gb; 569 570 memcpy(gb_cur, llcp_magic, ARRAY_SIZE(llcp_magic)); 571 gb_cur += ARRAY_SIZE(llcp_magic); 572 573 memcpy(gb_cur, version_tlv, version_length); 574 gb_cur += version_length; 575 576 memcpy(gb_cur, lto_tlv, lto_length); 577 gb_cur += lto_length; 578 579 memcpy(gb_cur, wks_tlv, wks_length); 580 gb_cur += wks_length; 581 582 memcpy(gb_cur, miux_tlv, miux_length); 583 gb_cur += miux_length; 584 585 local->gb_len = gb_len; 586 587out: 588 kfree(version_tlv); 589 kfree(lto_tlv); 590 kfree(wks_tlv); 591 kfree(miux_tlv); 592 593 return ret; 594} 595 596u8 *nfc_llcp_general_bytes(struct nfc_dev *dev, size_t *general_bytes_len) 597{ 598 struct nfc_llcp_local *local; 599 600 local = nfc_llcp_find_local(dev); 601 if (local == NULL) { 602 *general_bytes_len = 0; 603 return NULL; 604 } 605 606 nfc_llcp_build_gb(local); 607 608 *general_bytes_len = local->gb_len; 609 610 return local->gb; 611} 612 613int nfc_llcp_set_remote_gb(struct nfc_dev *dev, const u8 *gb, u8 gb_len) 614{ 615 struct nfc_llcp_local *local; 616 617 if (gb_len < 3 || gb_len > NFC_MAX_GT_LEN) 618 return -EINVAL; 619 620 local = nfc_llcp_find_local(dev); 621 if (local == NULL) { 622 pr_err("No LLCP device\n"); 623 return -ENODEV; 624 } 625 626 memset(local->remote_gb, 0, NFC_MAX_GT_LEN); 627 memcpy(local->remote_gb, gb, gb_len); 628 local->remote_gb_len = gb_len; 629 630 if (memcmp(local->remote_gb, llcp_magic, 3)) { 631 pr_err("MAC does not support LLCP\n"); 632 return -EINVAL; 633 } 634 635 return nfc_llcp_parse_gb_tlv(local, 636 &local->remote_gb[3], 637 local->remote_gb_len - 3); 638} 639 640static u8 nfc_llcp_dsap(const struct sk_buff *pdu) 641{ 642 return (pdu->data[0] & 0xfc) >> 2; 643} 644 645static u8 nfc_llcp_ptype(const struct sk_buff *pdu) 646{ 647 return ((pdu->data[0] & 0x03) << 2) | ((pdu->data[1] & 0xc0) >> 6); 648} 649 650static u8 nfc_llcp_ssap(const struct sk_buff *pdu) 651{ 652 return pdu->data[1] & 0x3f; 653} 654 655static u8 nfc_llcp_ns(const struct sk_buff *pdu) 656{ 657 return pdu->data[2] >> 4; 658} 659 660static u8 nfc_llcp_nr(const struct sk_buff *pdu) 661{ 662 return pdu->data[2] & 0xf; 663} 664 665static void nfc_llcp_set_nrns(struct nfc_llcp_sock *sock, struct sk_buff *pdu) 666{ 667 pdu->data[2] = (sock->send_n << 4) | (sock->recv_n); 668 sock->send_n = (sock->send_n + 1) % 16; 669 sock->recv_ack_n = (sock->recv_n - 1) % 16; 670} 671 672void nfc_llcp_send_to_raw_sock(struct nfc_llcp_local *local, 673 struct sk_buff *skb, u8 direction) 674{ 675 struct sk_buff *skb_copy = NULL, *nskb; 676 struct sock *sk; 677 u8 *data; 678 679 read_lock(&local->raw_sockets.lock); 680 681 sk_for_each(sk, &local->raw_sockets.head) { 682 if (sk->sk_state != LLCP_BOUND) 683 continue; 684 685 if (skb_copy == NULL) { 686 skb_copy = __pskb_copy_fclone(skb, NFC_RAW_HEADER_SIZE, 687 GFP_ATOMIC, true); 688 689 if (skb_copy == NULL) 690 continue; 691 692 data = skb_push(skb_copy, NFC_RAW_HEADER_SIZE); 693 694 data[0] = local->dev ? local->dev->idx : 0xFF; 695 data[1] = direction & 0x01; 696 data[1] |= (RAW_PAYLOAD_LLCP << 1); 697 } 698 699 nskb = skb_clone(skb_copy, GFP_ATOMIC); 700 if (!nskb) 701 continue; 702 703 if (sock_queue_rcv_skb(sk, nskb)) 704 kfree_skb(nskb); 705 } 706 707 read_unlock(&local->raw_sockets.lock); 708 709 kfree_skb(skb_copy); 710} 711 712static void nfc_llcp_tx_work(struct work_struct *work) 713{ 714 struct nfc_llcp_local *local = container_of(work, struct nfc_llcp_local, 715 tx_work); 716 struct sk_buff *skb; 717 struct sock *sk; 718 struct nfc_llcp_sock *llcp_sock; 719 720 skb = skb_dequeue(&local->tx_queue); 721 if (skb != NULL) { 722 sk = skb->sk; 723 llcp_sock = nfc_llcp_sock(sk); 724 725 if (llcp_sock == NULL && nfc_llcp_ptype(skb) == LLCP_PDU_I) { 726 kfree_skb(skb); 727 nfc_llcp_send_symm(local->dev); 728 } else if (llcp_sock && !llcp_sock->remote_ready) { 729 skb_queue_head(&local->tx_queue, skb); 730 nfc_llcp_send_symm(local->dev); 731 } else { 732 struct sk_buff *copy_skb = NULL; 733 u8 ptype = nfc_llcp_ptype(skb); 734 int ret; 735 736 pr_debug("Sending pending skb\n"); 737 print_hex_dump_debug("LLCP Tx: ", DUMP_PREFIX_OFFSET, 738 16, 1, skb->data, skb->len, true); 739 740 if (ptype == LLCP_PDU_I) 741 copy_skb = skb_copy(skb, GFP_ATOMIC); 742 743 __net_timestamp(skb); 744 745 nfc_llcp_send_to_raw_sock(local, skb, 746 NFC_DIRECTION_TX); 747 748 ret = nfc_data_exchange(local->dev, local->target_idx, 749 skb, nfc_llcp_recv, local); 750 751 if (ret) { 752 kfree_skb(copy_skb); 753 goto out; 754 } 755 756 if (ptype == LLCP_PDU_I && copy_skb) 757 skb_queue_tail(&llcp_sock->tx_pending_queue, 758 copy_skb); 759 } 760 } else { 761 nfc_llcp_send_symm(local->dev); 762 } 763 764out: 765 mod_timer(&local->link_timer, 766 jiffies + msecs_to_jiffies(2 * local->remote_lto)); 767} 768 769static struct nfc_llcp_sock *nfc_llcp_connecting_sock_get(struct nfc_llcp_local *local, 770 u8 ssap) 771{ 772 struct sock *sk; 773 struct nfc_llcp_sock *llcp_sock; 774 775 read_lock(&local->connecting_sockets.lock); 776 777 sk_for_each(sk, &local->connecting_sockets.head) { 778 llcp_sock = nfc_llcp_sock(sk); 779 780 if (llcp_sock->ssap == ssap) { 781 sock_hold(&llcp_sock->sk); 782 goto out; 783 } 784 } 785 786 llcp_sock = NULL; 787 788out: 789 read_unlock(&local->connecting_sockets.lock); 790 791 return llcp_sock; 792} 793 794static struct nfc_llcp_sock *nfc_llcp_sock_get_sn(struct nfc_llcp_local *local, 795 const u8 *sn, size_t sn_len) 796{ 797 struct nfc_llcp_sock *llcp_sock; 798 799 llcp_sock = nfc_llcp_sock_from_sn(local, sn, sn_len); 800 801 if (llcp_sock == NULL) 802 return NULL; 803 804 sock_hold(&llcp_sock->sk); 805 806 return llcp_sock; 807} 808 809static const u8 *nfc_llcp_connect_sn(const struct sk_buff *skb, size_t *sn_len) 810{ 811 u8 type, length; 812 const u8 *tlv = &skb->data[2]; 813 size_t tlv_array_len = skb->len - LLCP_HEADER_SIZE, offset = 0; 814 815 while (offset < tlv_array_len) { 816 type = tlv[0]; 817 length = tlv[1]; 818 819 pr_debug("type 0x%x length %d\n", type, length); 820 821 if (type == LLCP_TLV_SN) { 822 *sn_len = length; 823 return &tlv[2]; 824 } 825 826 offset += length + 2; 827 tlv += length + 2; 828 } 829 830 return NULL; 831} 832 833static void nfc_llcp_recv_ui(struct nfc_llcp_local *local, 834 struct sk_buff *skb) 835{ 836 struct nfc_llcp_sock *llcp_sock; 837 struct nfc_llcp_ui_cb *ui_cb; 838 u8 dsap, ssap; 839 840 dsap = nfc_llcp_dsap(skb); 841 ssap = nfc_llcp_ssap(skb); 842 843 ui_cb = nfc_llcp_ui_skb_cb(skb); 844 ui_cb->dsap = dsap; 845 ui_cb->ssap = ssap; 846 847 pr_debug("%d %d\n", dsap, ssap); 848 849 /* We're looking for a bound socket, not a client one */ 850 llcp_sock = nfc_llcp_sock_get(local, dsap, LLCP_SAP_SDP); 851 if (llcp_sock == NULL || llcp_sock->sk.sk_type != SOCK_DGRAM) 852 return; 853 854 /* There is no sequence with UI frames */ 855 skb_pull(skb, LLCP_HEADER_SIZE); 856 if (!sock_queue_rcv_skb(&llcp_sock->sk, skb)) { 857 /* 858 * UI frames will be freed from the socket layer, so we 859 * need to keep them alive until someone receives them. 860 */ 861 skb_get(skb); 862 } else { 863 pr_err("Receive queue is full\n"); 864 } 865 866 nfc_llcp_sock_put(llcp_sock); 867} 868 869static void nfc_llcp_recv_connect(struct nfc_llcp_local *local, 870 const struct sk_buff *skb) 871{ 872 struct sock *new_sk, *parent; 873 struct nfc_llcp_sock *sock, *new_sock; 874 u8 dsap, ssap, reason; 875 876 dsap = nfc_llcp_dsap(skb); 877 ssap = nfc_llcp_ssap(skb); 878 879 pr_debug("%d %d\n", dsap, ssap); 880 881 if (dsap != LLCP_SAP_SDP) { 882 sock = nfc_llcp_sock_get(local, dsap, LLCP_SAP_SDP); 883 if (sock == NULL || sock->sk.sk_state != LLCP_LISTEN) { 884 reason = LLCP_DM_NOBOUND; 885 goto fail; 886 } 887 } else { 888 const u8 *sn; 889 size_t sn_len; 890 891 sn = nfc_llcp_connect_sn(skb, &sn_len); 892 if (sn == NULL) { 893 reason = LLCP_DM_NOBOUND; 894 goto fail; 895 } 896 897 pr_debug("Service name length %zu\n", sn_len); 898 899 sock = nfc_llcp_sock_get_sn(local, sn, sn_len); 900 if (sock == NULL) { 901 reason = LLCP_DM_NOBOUND; 902 goto fail; 903 } 904 } 905 906 lock_sock(&sock->sk); 907 908 parent = &sock->sk; 909 910 if (sk_acceptq_is_full(parent)) { 911 reason = LLCP_DM_REJ; 912 release_sock(&sock->sk); 913 sock_put(&sock->sk); 914 goto fail; 915 } 916 917 if (sock->ssap == LLCP_SDP_UNBOUND) { 918 u8 ssap = nfc_llcp_reserve_sdp_ssap(local); 919 920 pr_debug("First client, reserving %d\n", ssap); 921 922 if (ssap == LLCP_SAP_MAX) { 923 reason = LLCP_DM_REJ; 924 release_sock(&sock->sk); 925 sock_put(&sock->sk); 926 goto fail; 927 } 928 929 sock->ssap = ssap; 930 } 931 932 new_sk = nfc_llcp_sock_alloc(NULL, parent->sk_type, GFP_ATOMIC, 0); 933 if (new_sk == NULL) { 934 reason = LLCP_DM_REJ; 935 release_sock(&sock->sk); 936 sock_put(&sock->sk); 937 goto fail; 938 } 939 940 new_sock = nfc_llcp_sock(new_sk); 941 new_sock->dev = local->dev; 942 new_sock->local = nfc_llcp_local_get(local); 943 new_sock->rw = sock->rw; 944 new_sock->miux = sock->miux; 945 new_sock->nfc_protocol = sock->nfc_protocol; 946 new_sock->dsap = ssap; 947 new_sock->target_idx = local->target_idx; 948 new_sock->parent = parent; 949 new_sock->ssap = sock->ssap; 950 if (sock->ssap < LLCP_LOCAL_NUM_SAP && sock->ssap >= LLCP_WKS_NUM_SAP) { 951 atomic_t *client_count; 952 953 pr_debug("reserved_ssap %d for %p\n", sock->ssap, new_sock); 954 955 client_count = 956 &local->local_sdp_cnt[sock->ssap - LLCP_WKS_NUM_SAP]; 957 958 atomic_inc(client_count); 959 new_sock->reserved_ssap = sock->ssap; 960 } 961 962 nfc_llcp_parse_connection_tlv(new_sock, &skb->data[LLCP_HEADER_SIZE], 963 skb->len - LLCP_HEADER_SIZE); 964 965 pr_debug("new sock %p sk %p\n", new_sock, &new_sock->sk); 966 967 nfc_llcp_sock_link(&local->sockets, new_sk); 968 969 nfc_llcp_accept_enqueue(&sock->sk, new_sk); 970 971 nfc_get_device(local->dev->idx); 972 973 new_sk->sk_state = LLCP_CONNECTED; 974 975 /* Wake the listening processes */ 976 parent->sk_data_ready(parent); 977 978 /* Send CC */ 979 nfc_llcp_send_cc(new_sock); 980 981 release_sock(&sock->sk); 982 sock_put(&sock->sk); 983 984 return; 985 986fail: 987 /* Send DM */ 988 nfc_llcp_send_dm(local, dsap, ssap, reason); 989} 990 991int nfc_llcp_queue_i_frames(struct nfc_llcp_sock *sock) 992{ 993 int nr_frames = 0; 994 struct nfc_llcp_local *local = sock->local; 995 996 pr_debug("Remote ready %d tx queue len %d remote rw %d", 997 sock->remote_ready, skb_queue_len(&sock->tx_pending_queue), 998 sock->remote_rw); 999 1000 /* Try to queue some I frames for transmission */ 1001 while (sock->remote_ready && 1002 skb_queue_len(&sock->tx_pending_queue) < sock->remote_rw) { 1003 struct sk_buff *pdu; 1004 1005 pdu = skb_dequeue(&sock->tx_queue); 1006 if (pdu == NULL) 1007 break; 1008 1009 /* Update N(S)/N(R) */ 1010 nfc_llcp_set_nrns(sock, pdu); 1011 1012 skb_queue_tail(&local->tx_queue, pdu); 1013 nr_frames++; 1014 } 1015 1016 return nr_frames; 1017} 1018 1019static void nfc_llcp_recv_hdlc(struct nfc_llcp_local *local, 1020 struct sk_buff *skb) 1021{ 1022 struct nfc_llcp_sock *llcp_sock; 1023 struct sock *sk; 1024 u8 dsap, ssap, ptype, ns, nr; 1025 1026 ptype = nfc_llcp_ptype(skb); 1027 dsap = nfc_llcp_dsap(skb); 1028 ssap = nfc_llcp_ssap(skb); 1029 ns = nfc_llcp_ns(skb); 1030 nr = nfc_llcp_nr(skb); 1031 1032 pr_debug("%d %d R %d S %d\n", dsap, ssap, nr, ns); 1033 1034 llcp_sock = nfc_llcp_sock_get(local, dsap, ssap); 1035 if (llcp_sock == NULL) { 1036 nfc_llcp_send_dm(local, dsap, ssap, LLCP_DM_NOCONN); 1037 return; 1038 } 1039 1040 sk = &llcp_sock->sk; 1041 lock_sock(sk); 1042 if (sk->sk_state == LLCP_CLOSED) { 1043 release_sock(sk); 1044 nfc_llcp_sock_put(llcp_sock); 1045 } 1046 1047 /* Pass the payload upstream */ 1048 if (ptype == LLCP_PDU_I) { 1049 pr_debug("I frame, queueing on %p\n", &llcp_sock->sk); 1050 1051 if (ns == llcp_sock->recv_n) 1052 llcp_sock->recv_n = (llcp_sock->recv_n + 1) % 16; 1053 else 1054 pr_err("Received out of sequence I PDU\n"); 1055 1056 skb_pull(skb, LLCP_HEADER_SIZE + LLCP_SEQUENCE_SIZE); 1057 if (!sock_queue_rcv_skb(&llcp_sock->sk, skb)) { 1058 /* 1059 * I frames will be freed from the socket layer, so we 1060 * need to keep them alive until someone receives them. 1061 */ 1062 skb_get(skb); 1063 } else { 1064 pr_err("Receive queue is full\n"); 1065 } 1066 } 1067 1068 /* Remove skbs from the pending queue */ 1069 if (llcp_sock->send_ack_n != nr) { 1070 struct sk_buff *s, *tmp; 1071 u8 n; 1072 1073 llcp_sock->send_ack_n = nr; 1074 1075 /* Remove and free all skbs until ns == nr */ 1076 skb_queue_walk_safe(&llcp_sock->tx_pending_queue, s, tmp) { 1077 n = nfc_llcp_ns(s); 1078 1079 skb_unlink(s, &llcp_sock->tx_pending_queue); 1080 kfree_skb(s); 1081 1082 if (n == nr) 1083 break; 1084 } 1085 1086 /* Re-queue the remaining skbs for transmission */ 1087 skb_queue_reverse_walk_safe(&llcp_sock->tx_pending_queue, 1088 s, tmp) { 1089 skb_unlink(s, &llcp_sock->tx_pending_queue); 1090 skb_queue_head(&local->tx_queue, s); 1091 } 1092 } 1093 1094 if (ptype == LLCP_PDU_RR) 1095 llcp_sock->remote_ready = true; 1096 else if (ptype == LLCP_PDU_RNR) 1097 llcp_sock->remote_ready = false; 1098 1099 if (nfc_llcp_queue_i_frames(llcp_sock) == 0 && ptype == LLCP_PDU_I) 1100 nfc_llcp_send_rr(llcp_sock); 1101 1102 release_sock(sk); 1103 nfc_llcp_sock_put(llcp_sock); 1104} 1105 1106static void nfc_llcp_recv_disc(struct nfc_llcp_local *local, 1107 const struct sk_buff *skb) 1108{ 1109 struct nfc_llcp_sock *llcp_sock; 1110 struct sock *sk; 1111 u8 dsap, ssap; 1112 1113 dsap = nfc_llcp_dsap(skb); 1114 ssap = nfc_llcp_ssap(skb); 1115 1116 if ((dsap == 0) && (ssap == 0)) { 1117 pr_debug("Connection termination"); 1118 nfc_dep_link_down(local->dev); 1119 return; 1120 } 1121 1122 llcp_sock = nfc_llcp_sock_get(local, dsap, ssap); 1123 if (llcp_sock == NULL) { 1124 nfc_llcp_send_dm(local, dsap, ssap, LLCP_DM_NOCONN); 1125 return; 1126 } 1127 1128 sk = &llcp_sock->sk; 1129 lock_sock(sk); 1130 1131 nfc_llcp_socket_purge(llcp_sock); 1132 1133 if (sk->sk_state == LLCP_CLOSED) { 1134 release_sock(sk); 1135 nfc_llcp_sock_put(llcp_sock); 1136 } 1137 1138 if (sk->sk_state == LLCP_CONNECTED) { 1139 nfc_put_device(local->dev); 1140 sk->sk_state = LLCP_CLOSED; 1141 sk->sk_state_change(sk); 1142 } 1143 1144 nfc_llcp_send_dm(local, dsap, ssap, LLCP_DM_DISC); 1145 1146 release_sock(sk); 1147 nfc_llcp_sock_put(llcp_sock); 1148} 1149 1150static void nfc_llcp_recv_cc(struct nfc_llcp_local *local, 1151 const struct sk_buff *skb) 1152{ 1153 struct nfc_llcp_sock *llcp_sock; 1154 struct sock *sk; 1155 u8 dsap, ssap; 1156 1157 dsap = nfc_llcp_dsap(skb); 1158 ssap = nfc_llcp_ssap(skb); 1159 1160 llcp_sock = nfc_llcp_connecting_sock_get(local, dsap); 1161 if (llcp_sock == NULL) { 1162 pr_err("Invalid CC\n"); 1163 nfc_llcp_send_dm(local, dsap, ssap, LLCP_DM_NOCONN); 1164 1165 return; 1166 } 1167 1168 sk = &llcp_sock->sk; 1169 1170 /* Unlink from connecting and link to the client array */ 1171 nfc_llcp_sock_unlink(&local->connecting_sockets, sk); 1172 nfc_llcp_sock_link(&local->sockets, sk); 1173 llcp_sock->dsap = ssap; 1174 1175 nfc_llcp_parse_connection_tlv(llcp_sock, &skb->data[LLCP_HEADER_SIZE], 1176 skb->len - LLCP_HEADER_SIZE); 1177 1178 sk->sk_state = LLCP_CONNECTED; 1179 sk->sk_state_change(sk); 1180 1181 nfc_llcp_sock_put(llcp_sock); 1182} 1183 1184static void nfc_llcp_recv_dm(struct nfc_llcp_local *local, 1185 const struct sk_buff *skb) 1186{ 1187 struct nfc_llcp_sock *llcp_sock; 1188 struct sock *sk; 1189 u8 dsap, ssap, reason; 1190 1191 dsap = nfc_llcp_dsap(skb); 1192 ssap = nfc_llcp_ssap(skb); 1193 reason = skb->data[2]; 1194 1195 pr_debug("%d %d reason %d\n", ssap, dsap, reason); 1196 1197 switch (reason) { 1198 case LLCP_DM_NOBOUND: 1199 case LLCP_DM_REJ: 1200 llcp_sock = nfc_llcp_connecting_sock_get(local, dsap); 1201 break; 1202 1203 default: 1204 llcp_sock = nfc_llcp_sock_get(local, dsap, ssap); 1205 break; 1206 } 1207 1208 if (llcp_sock == NULL) { 1209 pr_debug("Already closed\n"); 1210 return; 1211 } 1212 1213 sk = &llcp_sock->sk; 1214 1215 sk->sk_err = ENXIO; 1216 sk->sk_state = LLCP_CLOSED; 1217 sk->sk_state_change(sk); 1218 1219 nfc_llcp_sock_put(llcp_sock); 1220} 1221 1222static void nfc_llcp_recv_snl(struct nfc_llcp_local *local, 1223 const struct sk_buff *skb) 1224{ 1225 struct nfc_llcp_sock *llcp_sock; 1226 u8 dsap, ssap, type, length, tid, sap; 1227 const u8 *tlv; 1228 u16 tlv_len, offset; 1229 const char *service_name; 1230 size_t service_name_len; 1231 struct nfc_llcp_sdp_tlv *sdp; 1232 HLIST_HEAD(llc_sdres_list); 1233 size_t sdres_tlvs_len; 1234 HLIST_HEAD(nl_sdres_list); 1235 1236 dsap = nfc_llcp_dsap(skb); 1237 ssap = nfc_llcp_ssap(skb); 1238 1239 pr_debug("%d %d\n", dsap, ssap); 1240 1241 if (dsap != LLCP_SAP_SDP || ssap != LLCP_SAP_SDP) { 1242 pr_err("Wrong SNL SAP\n"); 1243 return; 1244 } 1245 1246 tlv = &skb->data[LLCP_HEADER_SIZE]; 1247 tlv_len = skb->len - LLCP_HEADER_SIZE; 1248 offset = 0; 1249 sdres_tlvs_len = 0; 1250 1251 while (offset < tlv_len) { 1252 type = tlv[0]; 1253 length = tlv[1]; 1254 1255 switch (type) { 1256 case LLCP_TLV_SDREQ: 1257 tid = tlv[2]; 1258 service_name = (char *) &tlv[3]; 1259 service_name_len = length - 1; 1260 1261 pr_debug("Looking for %.16s\n", service_name); 1262 1263 if (service_name_len == strlen("urn:nfc:sn:sdp") && 1264 !strncmp(service_name, "urn:nfc:sn:sdp", 1265 service_name_len)) { 1266 sap = 1; 1267 goto add_snl; 1268 } 1269 1270 llcp_sock = nfc_llcp_sock_from_sn(local, service_name, 1271 service_name_len); 1272 if (!llcp_sock) { 1273 sap = 0; 1274 goto add_snl; 1275 } 1276 1277 /* 1278 * We found a socket but its ssap has not been reserved 1279 * yet. We need to assign it for good and send a reply. 1280 * The ssap will be freed when the socket is closed. 1281 */ 1282 if (llcp_sock->ssap == LLCP_SDP_UNBOUND) { 1283 atomic_t *client_count; 1284 1285 sap = nfc_llcp_reserve_sdp_ssap(local); 1286 1287 pr_debug("Reserving %d\n", sap); 1288 1289 if (sap == LLCP_SAP_MAX) { 1290 sap = 0; 1291 goto add_snl; 1292 } 1293 1294 client_count = 1295 &local->local_sdp_cnt[sap - 1296 LLCP_WKS_NUM_SAP]; 1297 1298 atomic_inc(client_count); 1299 1300 llcp_sock->ssap = sap; 1301 llcp_sock->reserved_ssap = sap; 1302 } else { 1303 sap = llcp_sock->ssap; 1304 } 1305 1306 pr_debug("%p %d\n", llcp_sock, sap); 1307 1308add_snl: 1309 sdp = nfc_llcp_build_sdres_tlv(tid, sap); 1310 if (sdp == NULL) 1311 goto exit; 1312 1313 sdres_tlvs_len += sdp->tlv_len; 1314 hlist_add_head(&sdp->node, &llc_sdres_list); 1315 break; 1316 1317 case LLCP_TLV_SDRES: 1318 mutex_lock(&local->sdreq_lock); 1319 1320 pr_debug("LLCP_TLV_SDRES: searching tid %d\n", tlv[2]); 1321 1322 hlist_for_each_entry(sdp, &local->pending_sdreqs, node) { 1323 if (sdp->tid != tlv[2]) 1324 continue; 1325 1326 sdp->sap = tlv[3]; 1327 1328 pr_debug("Found: uri=%s, sap=%d\n", 1329 sdp->uri, sdp->sap); 1330 1331 hlist_del(&sdp->node); 1332 1333 hlist_add_head(&sdp->node, &nl_sdres_list); 1334 1335 break; 1336 } 1337 1338 mutex_unlock(&local->sdreq_lock); 1339 break; 1340 1341 default: 1342 pr_err("Invalid SNL tlv value 0x%x\n", type); 1343 break; 1344 } 1345 1346 offset += length + 2; 1347 tlv += length + 2; 1348 } 1349 1350exit: 1351 if (!hlist_empty(&nl_sdres_list)) 1352 nfc_genl_llc_send_sdres(local->dev, &nl_sdres_list); 1353 1354 if (!hlist_empty(&llc_sdres_list)) 1355 nfc_llcp_send_snl_sdres(local, &llc_sdres_list, sdres_tlvs_len); 1356} 1357 1358static void nfc_llcp_recv_agf(struct nfc_llcp_local *local, struct sk_buff *skb) 1359{ 1360 u8 ptype; 1361 u16 pdu_len; 1362 struct sk_buff *new_skb; 1363 1364 if (skb->len <= LLCP_HEADER_SIZE) { 1365 pr_err("Malformed AGF PDU\n"); 1366 return; 1367 } 1368 1369 skb_pull(skb, LLCP_HEADER_SIZE); 1370 1371 while (skb->len > LLCP_AGF_PDU_HEADER_SIZE) { 1372 pdu_len = skb->data[0] << 8 | skb->data[1]; 1373 1374 skb_pull(skb, LLCP_AGF_PDU_HEADER_SIZE); 1375 1376 if (pdu_len < LLCP_HEADER_SIZE || pdu_len > skb->len) { 1377 pr_err("Malformed AGF PDU\n"); 1378 return; 1379 } 1380 1381 ptype = nfc_llcp_ptype(skb); 1382 1383 if (ptype == LLCP_PDU_SYMM || ptype == LLCP_PDU_AGF) 1384 goto next; 1385 1386 new_skb = nfc_alloc_recv_skb(pdu_len, GFP_KERNEL); 1387 if (new_skb == NULL) { 1388 pr_err("Could not allocate PDU\n"); 1389 return; 1390 } 1391 1392 skb_put_data(new_skb, skb->data, pdu_len); 1393 1394 nfc_llcp_rx_skb(local, new_skb); 1395 1396 kfree_skb(new_skb); 1397next: 1398 skb_pull(skb, pdu_len); 1399 } 1400} 1401 1402static void nfc_llcp_rx_skb(struct nfc_llcp_local *local, struct sk_buff *skb) 1403{ 1404 u8 dsap, ssap, ptype; 1405 1406 ptype = nfc_llcp_ptype(skb); 1407 dsap = nfc_llcp_dsap(skb); 1408 ssap = nfc_llcp_ssap(skb); 1409 1410 pr_debug("ptype 0x%x dsap 0x%x ssap 0x%x\n", ptype, dsap, ssap); 1411 1412 if (ptype != LLCP_PDU_SYMM) 1413 print_hex_dump_debug("LLCP Rx: ", DUMP_PREFIX_OFFSET, 16, 1, 1414 skb->data, skb->len, true); 1415 1416 switch (ptype) { 1417 case LLCP_PDU_SYMM: 1418 pr_debug("SYMM\n"); 1419 break; 1420 1421 case LLCP_PDU_UI: 1422 pr_debug("UI\n"); 1423 nfc_llcp_recv_ui(local, skb); 1424 break; 1425 1426 case LLCP_PDU_CONNECT: 1427 pr_debug("CONNECT\n"); 1428 nfc_llcp_recv_connect(local, skb); 1429 break; 1430 1431 case LLCP_PDU_DISC: 1432 pr_debug("DISC\n"); 1433 nfc_llcp_recv_disc(local, skb); 1434 break; 1435 1436 case LLCP_PDU_CC: 1437 pr_debug("CC\n"); 1438 nfc_llcp_recv_cc(local, skb); 1439 break; 1440 1441 case LLCP_PDU_DM: 1442 pr_debug("DM\n"); 1443 nfc_llcp_recv_dm(local, skb); 1444 break; 1445 1446 case LLCP_PDU_SNL: 1447 pr_debug("SNL\n"); 1448 nfc_llcp_recv_snl(local, skb); 1449 break; 1450 1451 case LLCP_PDU_I: 1452 case LLCP_PDU_RR: 1453 case LLCP_PDU_RNR: 1454 pr_debug("I frame\n"); 1455 nfc_llcp_recv_hdlc(local, skb); 1456 break; 1457 1458 case LLCP_PDU_AGF: 1459 pr_debug("AGF frame\n"); 1460 nfc_llcp_recv_agf(local, skb); 1461 break; 1462 } 1463} 1464 1465static void nfc_llcp_rx_work(struct work_struct *work) 1466{ 1467 struct nfc_llcp_local *local = container_of(work, struct nfc_llcp_local, 1468 rx_work); 1469 struct sk_buff *skb; 1470 1471 skb = local->rx_pending; 1472 if (skb == NULL) { 1473 pr_debug("No pending SKB\n"); 1474 return; 1475 } 1476 1477 __net_timestamp(skb); 1478 1479 nfc_llcp_send_to_raw_sock(local, skb, NFC_DIRECTION_RX); 1480 1481 nfc_llcp_rx_skb(local, skb); 1482 1483 schedule_work(&local->tx_work); 1484 kfree_skb(local->rx_pending); 1485 local->rx_pending = NULL; 1486} 1487 1488static void __nfc_llcp_recv(struct nfc_llcp_local *local, struct sk_buff *skb) 1489{ 1490 local->rx_pending = skb; 1491 del_timer(&local->link_timer); 1492 schedule_work(&local->rx_work); 1493} 1494 1495void nfc_llcp_recv(void *data, struct sk_buff *skb, int err) 1496{ 1497 struct nfc_llcp_local *local = (struct nfc_llcp_local *) data; 1498 1499 if (err < 0) { 1500 pr_err("LLCP PDU receive err %d\n", err); 1501 return; 1502 } 1503 1504 __nfc_llcp_recv(local, skb); 1505} 1506 1507int nfc_llcp_data_received(struct nfc_dev *dev, struct sk_buff *skb) 1508{ 1509 struct nfc_llcp_local *local; 1510 1511 local = nfc_llcp_find_local(dev); 1512 if (local == NULL) { 1513 kfree_skb(skb); 1514 return -ENODEV; 1515 } 1516 1517 __nfc_llcp_recv(local, skb); 1518 1519 return 0; 1520} 1521 1522void nfc_llcp_mac_is_down(struct nfc_dev *dev) 1523{ 1524 struct nfc_llcp_local *local; 1525 1526 local = nfc_llcp_find_local(dev); 1527 if (local == NULL) 1528 return; 1529 1530 local->remote_miu = LLCP_DEFAULT_MIU; 1531 local->remote_lto = LLCP_DEFAULT_LTO; 1532 1533 /* Close and purge all existing sockets */ 1534 nfc_llcp_socket_release(local, true, 0); 1535} 1536 1537void nfc_llcp_mac_is_up(struct nfc_dev *dev, u32 target_idx, 1538 u8 comm_mode, u8 rf_mode) 1539{ 1540 struct nfc_llcp_local *local; 1541 1542 pr_debug("rf mode %d\n", rf_mode); 1543 1544 local = nfc_llcp_find_local(dev); 1545 if (local == NULL) 1546 return; 1547 1548 local->target_idx = target_idx; 1549 local->comm_mode = comm_mode; 1550 local->rf_mode = rf_mode; 1551 1552 if (rf_mode == NFC_RF_INITIATOR) { 1553 pr_debug("Queueing Tx work\n"); 1554 1555 schedule_work(&local->tx_work); 1556 } else { 1557 mod_timer(&local->link_timer, 1558 jiffies + msecs_to_jiffies(local->remote_lto)); 1559 } 1560} 1561 1562int nfc_llcp_register_device(struct nfc_dev *ndev) 1563{ 1564 struct nfc_llcp_local *local; 1565 1566 local = kzalloc(sizeof(struct nfc_llcp_local), GFP_KERNEL); 1567 if (local == NULL) 1568 return -ENOMEM; 1569 1570 local->dev = ndev; 1571 INIT_LIST_HEAD(&local->list); 1572 kref_init(&local->ref); 1573 mutex_init(&local->sdp_lock); 1574 timer_setup(&local->link_timer, nfc_llcp_symm_timer, 0); 1575 1576 skb_queue_head_init(&local->tx_queue); 1577 INIT_WORK(&local->tx_work, nfc_llcp_tx_work); 1578 1579 local->rx_pending = NULL; 1580 INIT_WORK(&local->rx_work, nfc_llcp_rx_work); 1581 1582 INIT_WORK(&local->timeout_work, nfc_llcp_timeout_work); 1583 1584 rwlock_init(&local->sockets.lock); 1585 rwlock_init(&local->connecting_sockets.lock); 1586 rwlock_init(&local->raw_sockets.lock); 1587 1588 local->lto = 150; /* 1500 ms */ 1589 local->rw = LLCP_MAX_RW; 1590 local->miux = cpu_to_be16(LLCP_MAX_MIUX); 1591 local->local_wks = 0x1; /* LLC Link Management */ 1592 1593 nfc_llcp_build_gb(local); 1594 1595 local->remote_miu = LLCP_DEFAULT_MIU; 1596 local->remote_lto = LLCP_DEFAULT_LTO; 1597 1598 mutex_init(&local->sdreq_lock); 1599 INIT_HLIST_HEAD(&local->pending_sdreqs); 1600 timer_setup(&local->sdreq_timer, nfc_llcp_sdreq_timer, 0); 1601 INIT_WORK(&local->sdreq_timeout_work, nfc_llcp_sdreq_timeout_work); 1602 1603 list_add(&local->list, &llcp_devices); 1604 1605 return 0; 1606} 1607 1608void nfc_llcp_unregister_device(struct nfc_dev *dev) 1609{ 1610 struct nfc_llcp_local *local = nfc_llcp_find_local(dev); 1611 1612 if (local == NULL) { 1613 pr_debug("No such device\n"); 1614 return; 1615 } 1616 1617 local_cleanup(local); 1618 1619 nfc_llcp_local_put(local); 1620} 1621 1622int __init nfc_llcp_init(void) 1623{ 1624 return nfc_llcp_sock_init(); 1625} 1626 1627void nfc_llcp_exit(void) 1628{ 1629 nfc_llcp_sock_exit(); 1630}