linux/include/net/nfc/nci_core.h

465 lines
13 KiB
C
Raw Normal View History

/* SPDX-License-Identifier: GPL-2.0-only */
/*
* The NFC Controller Interface is the communication protocol between an
* NFC Controller (NFCC) and a Device Host (DH).
*
* Copyright (C) 2011 Texas Instruments, Inc.
* Copyright (C) 2013 Intel Corporation. All rights reserved.
* Copyright (C) 2014 Marvell International Ltd.
*
* Written by Ilan Elias <ilane@ti.com>
*
* Acknowledgements:
* This file is based on hci_core.h, which was written
* by Maxim Krasnyansky.
*/
#ifndef __NCI_CORE_H
#define __NCI_CORE_H
#include <linux/interrupt.h>
#include <linux/skbuff.h>
#include <linux/tty.h>
#include <net/nfc/nfc.h>
#include <net/nfc/nci.h>
/* NCI device flags */
enum nci_flag {
NCI_INIT,
NCI_UP,
NCI_DATA_EXCHANGE,
NCI_DATA_EXCHANGE_TO,
};
/* NCI device states */
enum nci_state {
NCI_IDLE,
NCI_DISCOVERY,
NCI_W4_ALL_DISCOVERIES,
NCI_W4_HOST_SELECT,
NCI_POLL_ACTIVE,
NCI_LISTEN_ACTIVE,
NCI_LISTEN_SLEEP,
};
/* NCI timeouts */
#define NCI_RESET_TIMEOUT 5000
#define NCI_INIT_TIMEOUT 5000
#define NCI_SET_CONFIG_TIMEOUT 5000
#define NCI_RF_DISC_TIMEOUT 5000
#define NCI_RF_DISC_SELECT_TIMEOUT 5000
#define NCI_RF_DEACTIVATE_TIMEOUT 30000
#define NCI_CMD_TIMEOUT 5000
#define NCI_DATA_TIMEOUT 700
struct nci_dev;
struct nci_driver_ops {
__u16 opcode;
int (*rsp)(struct nci_dev *dev, struct sk_buff *skb);
int (*ntf)(struct nci_dev *dev, struct sk_buff *skb);
};
struct nci_ops {
int (*init)(struct nci_dev *ndev);
int (*open)(struct nci_dev *ndev);
int (*close)(struct nci_dev *ndev);
int (*send)(struct nci_dev *ndev, struct sk_buff *skb);
int (*setup)(struct nci_dev *ndev);
int (*post_setup)(struct nci_dev *ndev);
int (*fw_download)(struct nci_dev *ndev, const char *firmware_name);
__u32 (*get_rfprotocol)(struct nci_dev *ndev, __u8 rf_protocol);
int (*discover_se)(struct nci_dev *ndev);
int (*disable_se)(struct nci_dev *ndev, u32 se_idx);
int (*enable_se)(struct nci_dev *ndev, u32 se_idx);
int (*se_io)(struct nci_dev *ndev, u32 se_idx,
u8 *apdu, size_t apdu_length,
se_io_cb_t cb, void *cb_context);
int (*hci_load_session)(struct nci_dev *ndev);
void (*hci_event_received)(struct nci_dev *ndev, u8 pipe, u8 event,
struct sk_buff *skb);
void (*hci_cmd_received)(struct nci_dev *ndev, u8 pipe, u8 cmd,
struct sk_buff *skb);
const struct nci_driver_ops *prop_ops;
size_t n_prop_ops;
const struct nci_driver_ops *core_ops;
size_t n_core_ops;
};
#define NCI_MAX_SUPPORTED_RF_INTERFACES 4
#define NCI_MAX_DISCOVERED_TARGETS 10
#define NCI_MAX_NUM_NFCEE 255
#define NCI_MAX_CONN_ID 7
#define NCI_MAX_PROPRIETARY_CMD 64
struct nci_conn_info {
struct list_head list;
/* NCI specification 4.4.2 Connection Creation
* The combination of destination type and destination specific
* parameters shall uniquely identify a single destination for the
* Logical Connection
*/
struct dest_spec_params *dest_params;
__u8 dest_type;
__u8 conn_id;
__u8 max_pkt_payload_len;
atomic_t credits_cnt;
__u8 initial_num_credits;
data_exchange_cb_t data_exchange_cb;
void *data_exchange_cb_context;
struct sk_buff *rx_skb;
};
#define NCI_INVALID_CONN_ID 0x80
#define NCI_HCI_ANY_OPEN_PIPE 0x03
/* Gates */
#define NCI_HCI_ADMIN_GATE 0x00
NFC: st-nci: Add support for proprietary commands Add support for proprietary commands useful mainly for factory testings. Here is a list: - FACTORY_MODE: Allow to set the driver into a mode where no secure element are activated. It does not consider any NFC_ATTR_VENDOR_DATA. - HCI_CLEAR_ALL_PIPES: Allow to execute a HCI clear all pipes command. It does not consider any NFC_ATTR_VENDOR_DATA. - HCI_DM_PUT_DATA: Allow to configure specific CLF registry like for example RF trimmings or low level drivers configurations (I2C, SPI, SWP). - HCI_DM_UPDATE_AID: Allow to configure an AID routing into the CLF routing table following RF technology, CLF mode or protocol. - HCI_DM_GET_INFO: Allow to retrieve CLF information. - HCI_DM_GET_DATA: Allow to retrieve CLF configurable data such as low level drivers configurations or RF trimmings. - HCI_DM_DIRECT_LOAD: Allow to load a firmware into the CLF. A complete packet can be more than 8KB. - HCI_DM_RESET: Allow to run a CLF reset in order to "commit" CLF configuration changes without CLF power off. - HCI_GET_PARAM: Allow to retrieve an HCI CLF parameter (for example the white list). - HCI_DM_FIELD_GENERATOR: Allow to generate different kind of RF technology. When using this command to anti-collision is done. - HCI_LOOPBACK: Allow to echo a command and test the Dh to CLF connectivity. - HCI_DM_VDC_MEASUREMENT_VALUE: Allow to measure the field applied on the CLF antenna. A value between 0 and 0x0f is returned. 0 is maximum. - HCI_DM_FWUPD_START: Allow to put CLF into firmware update mode. It is a specific CLF command as there is no GPIO for this. - HCI_DM_FWUPD_END: Allow to complete firmware update. - HCI_DM_VDC_VALUE_COMPARISON: Allow to compare the field applied on the CLF antenna to a reference value. - MANUFACTURER_SPECIFIC: Allow to retrieve manufacturer specific data received during a NCI_CORE_INIT_CMD. Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2015-10-25 21:54:36 +00:00
#define NCI_HCI_LOOPBACK_GATE 0x04
#define NCI_HCI_IDENTITY_MGMT_GATE 0x05
#define NCI_HCI_LINK_MGMT_GATE 0x06
/* Pipes */
#define NCI_HCI_LINK_MGMT_PIPE 0x00
#define NCI_HCI_ADMIN_PIPE 0x01
/* Generic responses */
#define NCI_HCI_ANY_OK 0x00
#define NCI_HCI_ANY_E_NOT_CONNECTED 0x01
#define NCI_HCI_ANY_E_CMD_PAR_UNKNOWN 0x02
#define NCI_HCI_ANY_E_NOK 0x03
#define NCI_HCI_ANY_E_PIPES_FULL 0x04
#define NCI_HCI_ANY_E_REG_PAR_UNKNOWN 0x05
#define NCI_HCI_ANY_E_PIPE_NOT_OPENED 0x06
#define NCI_HCI_ANY_E_CMD_NOT_SUPPORTED 0x07
#define NCI_HCI_ANY_E_INHIBITED 0x08
#define NCI_HCI_ANY_E_TIMEOUT 0x09
#define NCI_HCI_ANY_E_REG_ACCESS_DENIED 0x0a
#define NCI_HCI_ANY_E_PIPE_ACCESS_DENIED 0x0b
#define NCI_HCI_DO_NOT_OPEN_PIPE 0x81
#define NCI_HCI_INVALID_PIPE 0x80
#define NCI_HCI_INVALID_GATE 0xFF
#define NCI_HCI_INVALID_HOST 0x80
#define NCI_HCI_MAX_CUSTOM_GATES 50
/*
* According to specification 102 622 chapter 4.4 Pipes,
* the pipe identifier is 7 bits long.
*/
#define NCI_HCI_MAX_PIPES 128
struct nci_hci_gate {
u8 gate;
u8 pipe;
u8 dest_host;
} __packed;
struct nci_hci_pipe {
u8 gate;
u8 host;
} __packed;
struct nci_hci_init_data {
u8 gate_count;
struct nci_hci_gate gates[NCI_HCI_MAX_CUSTOM_GATES];
char session_id[9];
};
#define NCI_HCI_MAX_GATES 256
struct nci_hci_dev {
u8 nfcee_id;
struct nci_dev *ndev;
struct nci_conn_info *conn_info;
struct nci_hci_init_data init_data;
struct nci_hci_pipe pipes[NCI_HCI_MAX_PIPES];
u8 gate2pipe[NCI_HCI_MAX_GATES];
int expected_pipes;
int count_pipes;
struct sk_buff_head rx_hcp_frags;
struct work_struct msg_rx_work;
struct sk_buff_head msg_rx_queue;
};
/* NCI Core structures */
struct nci_dev {
struct nfc_dev *nfc_dev;
const struct nci_ops *ops;
struct nci_hci_dev *hci_dev;
int tx_headroom;
int tx_tailroom;
atomic_t state;
unsigned long flags;
atomic_t cmd_cnt;
__u8 cur_conn_id;
struct list_head conn_info_list;
struct nci_conn_info *rf_conn_info;
struct timer_list cmd_timer;
struct timer_list data_timer;
struct workqueue_struct *cmd_wq;
struct work_struct cmd_work;
struct workqueue_struct *rx_wq;
struct work_struct rx_work;
struct workqueue_struct *tx_wq;
struct work_struct tx_work;
struct sk_buff_head cmd_q;
struct sk_buff_head rx_q;
struct sk_buff_head tx_q;
struct mutex req_lock;
struct completion req_completion;
__u32 req_status;
__u32 req_result;
void *driver_data;
__u32 poll_prots;
__u32 target_active_prot;
struct nfc_target targets[NCI_MAX_DISCOVERED_TARGETS];
int n_targets;
/* received during NCI_OP_CORE_RESET_RSP */
__u8 nci_ver;
/* received during NCI_OP_CORE_INIT_RSP */
__u32 nfcc_features;
__u8 num_supported_rf_interfaces;
__u8 supported_rf_interfaces
[NCI_MAX_SUPPORTED_RF_INTERFACES];
__u8 max_logical_connections;
__u16 max_routing_table_size;
__u8 max_ctrl_pkt_payload_len;
__u16 max_size_for_large_params;
__u8 manufact_id;
__u32 manufact_specific_info;
/* Save RF Discovery ID or NFCEE ID under conn_create */
struct dest_spec_params cur_params;
/* Save destination type under conn_create */
__u8 cur_dest_type;
/* stored during nci_data_exchange */
struct sk_buff *rx_data_reassembly;
/* stored during intf_activated_ntf */
__u8 remote_gb[NFC_MAX_GT_LEN];
__u8 remote_gb_len;
};
/* ----- NCI Devices ----- */
struct nci_dev *nci_allocate_device(const struct nci_ops *ops,
__u32 supported_protocols,
int tx_headroom,
int tx_tailroom);
void nci_free_device(struct nci_dev *ndev);
int nci_register_device(struct nci_dev *ndev);
void nci_unregister_device(struct nci_dev *ndev);
int nci_request(struct nci_dev *ndev,
void (*req)(struct nci_dev *ndev,
unsigned long opt),
unsigned long opt, __u32 timeout);
int nci_prop_cmd(struct nci_dev *ndev, __u8 oid, size_t len,
const __u8 *payload);
int nci_core_cmd(struct nci_dev *ndev, __u16 opcode, size_t len,
const __u8 *payload);
int nci_core_reset(struct nci_dev *ndev);
int nci_core_init(struct nci_dev *ndev);
int nci_recv_frame(struct nci_dev *ndev, struct sk_buff *skb);
int nci_send_frame(struct nci_dev *ndev, struct sk_buff *skb);
int nci_set_config(struct nci_dev *ndev, __u8 id, size_t len, const __u8 *val);
int nci_nfcee_discover(struct nci_dev *ndev, u8 action);
int nci_nfcee_mode_set(struct nci_dev *ndev, u8 nfcee_id, u8 nfcee_mode);
int nci_core_conn_create(struct nci_dev *ndev, u8 destination_type,
u8 number_destination_params,
size_t params_len,
const struct core_conn_create_dest_spec_params *params);
int nci_core_conn_close(struct nci_dev *ndev, u8 conn_id);
int nci_nfcc_loopback(struct nci_dev *ndev, const void *data, size_t data_len,
struct sk_buff **resp);
struct nci_hci_dev *nci_hci_allocate(struct nci_dev *ndev);
NFC: nci: fix memory leak in nci_allocate_device nfcmrvl_disconnect fails to free the hci_dev field in struct nci_dev. Fix this by freeing hci_dev in nci_free_device. BUG: memory leak unreferenced object 0xffff888111ea6800 (size 1024): comm "kworker/1:0", pid 19, jiffies 4294942308 (age 13.580s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 60 fd 0c 81 88 ff ff .........`...... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000004bc25d43>] kmalloc include/linux/slab.h:552 [inline] [<000000004bc25d43>] kzalloc include/linux/slab.h:682 [inline] [<000000004bc25d43>] nci_hci_allocate+0x21/0xd0 net/nfc/nci/hci.c:784 [<00000000c59cff92>] nci_allocate_device net/nfc/nci/core.c:1170 [inline] [<00000000c59cff92>] nci_allocate_device+0x10b/0x160 net/nfc/nci/core.c:1132 [<00000000006e0a8e>] nfcmrvl_nci_register_dev+0x10a/0x1c0 drivers/nfc/nfcmrvl/main.c:153 [<000000004da1b57e>] nfcmrvl_probe+0x223/0x290 drivers/nfc/nfcmrvl/usb.c:345 [<00000000d506aed9>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396 [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554 [<00000000f5009125>] driver_probe_device+0x84/0x100 drivers/base/dd.c:740 [<000000000ce658ca>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:846 [<000000007067d05f>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431 [<00000000f8e13372>] __device_attach+0x122/0x250 drivers/base/dd.c:914 [<000000009cf68860>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491 [<00000000359c965a>] device_add+0x5be/0xc30 drivers/base/core.c:3109 [<00000000086e4bd3>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164 [<00000000ca036872>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238 [<00000000d40d36f6>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293 [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554 Reported-by: syzbot+19bcfc64a8df1318d1c3@syzkaller.appspotmail.com Fixes: 11f54f228643 ("NFC: nci: Add HCI over NCI protocol support") Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2021-05-14 23:29:06 +00:00
void nci_hci_deallocate(struct nci_dev *ndev);
int nci_hci_send_event(struct nci_dev *ndev, u8 gate, u8 event,
const u8 *param, size_t param_len);
int nci_hci_send_cmd(struct nci_dev *ndev, u8 gate,
u8 cmd, const u8 *param, size_t param_len,
struct sk_buff **skb);
int nci_hci_open_pipe(struct nci_dev *ndev, u8 pipe);
int nci_hci_connect_gate(struct nci_dev *ndev, u8 dest_host,
u8 dest_gate, u8 pipe);
int nci_hci_set_param(struct nci_dev *ndev, u8 gate, u8 idx,
const u8 *param, size_t param_len);
int nci_hci_get_param(struct nci_dev *ndev, u8 gate, u8 idx,
struct sk_buff **skb);
int nci_hci_clear_all_pipes(struct nci_dev *ndev);
int nci_hci_dev_session_init(struct nci_dev *ndev);
static inline struct sk_buff *nci_skb_alloc(struct nci_dev *ndev,
unsigned int len,
gfp_t how)
{
struct sk_buff *skb;
skb = alloc_skb(len + ndev->tx_headroom + ndev->tx_tailroom, how);
if (skb)
skb_reserve(skb, ndev->tx_headroom);
return skb;
}
static inline void nci_set_parent_dev(struct nci_dev *ndev, struct device *dev)
{
nfc_set_parent_dev(ndev->nfc_dev, dev);
}
static inline void nci_set_drvdata(struct nci_dev *ndev, void *data)
{
ndev->driver_data = data;
}
static inline void *nci_get_drvdata(struct nci_dev *ndev)
{
return ndev->driver_data;
}
static inline int nci_set_vendor_cmds(struct nci_dev *ndev,
const struct nfc_vendor_cmd *cmds,
int n_cmds)
{
return nfc_set_vendor_cmds(ndev->nfc_dev, cmds, n_cmds);
}
void nci_rsp_packet(struct nci_dev *ndev, struct sk_buff *skb);
void nci_ntf_packet(struct nci_dev *ndev, struct sk_buff *skb);
int nci_prop_rsp_packet(struct nci_dev *ndev, __u16 opcode,
struct sk_buff *skb);
int nci_prop_ntf_packet(struct nci_dev *ndev, __u16 opcode,
struct sk_buff *skb);
int nci_core_rsp_packet(struct nci_dev *ndev, __u16 opcode,
struct sk_buff *skb);
int nci_core_ntf_packet(struct nci_dev *ndev, __u16 opcode,
struct sk_buff *skb);
void nci_rx_data_packet(struct nci_dev *ndev, struct sk_buff *skb);
int nci_send_cmd(struct nci_dev *ndev, __u16 opcode, __u8 plen, const void *payload);
int nci_send_data(struct nci_dev *ndev, __u8 conn_id, struct sk_buff *skb);
int nci_conn_max_data_pkt_payload_size(struct nci_dev *ndev, __u8 conn_id);
void nci_data_exchange_complete(struct nci_dev *ndev, struct sk_buff *skb,
__u8 conn_id, int err);
void nci_hci_data_received_cb(void *context, struct sk_buff *skb, int err);
void nci_clear_target_list(struct nci_dev *ndev);
/* ----- NCI requests ----- */
#define NCI_REQ_DONE 0
#define NCI_REQ_PEND 1
#define NCI_REQ_CANCELED 2
void nci_req_complete(struct nci_dev *ndev, int result);
struct nci_conn_info *nci_get_conn_info_by_conn_id(struct nci_dev *ndev,
int conn_id);
int nci_get_conn_info_by_dest_type_params(struct nci_dev *ndev, u8 dest_type,
const struct dest_spec_params *params);
/* ----- NCI status code ----- */
int nci_to_errno(__u8 code);
/* ----- NCI over SPI acknowledge modes ----- */
#define NCI_SPI_CRC_DISABLED 0x00
#define NCI_SPI_CRC_ENABLED 0x01
/* ----- NCI SPI structures ----- */
struct nci_spi {
struct nci_dev *ndev;
struct spi_device *spi;
unsigned int xfer_udelay; /* microseconds delay between
transactions */
unsigned int xfer_speed_hz; /*
* SPI clock frequency
* 0 => default clock
*/
u8 acknowledge_mode;
struct completion req_completion;
u8 req_result;
};
/* ----- NCI SPI ----- */
struct nci_spi *nci_spi_allocate_spi(struct spi_device *spi,
u8 acknowledge_mode, unsigned int delay,
struct nci_dev *ndev);
NFC: NCI: Modify NCI SPI to implement CS/INT handshake per the spec The NFC Forum NCI specification defines both a hardware and software protocol when using a SPI physical transport to connect an NFC NCI Chipset. The hardware requirement is that, after having raised the chip select line, the SPI driver must wait for an INT line from the NFC chipset to raise before it sends the data. The chip select must be raised first though, because this is the signal that the NFC chipset will detect to wake up and then raise its INT line. If the INT line doesn't raise in a timely fashion, the SPI driver should abort operation. When data is transferred from Device host (DH) to NFC Controller (NFCC), the signaling sequence is the following: Data Transfer from DH to NFCC • 1-Master asserts SPI_CSN • 2-Slave asserts SPI_INT • 3-Master sends NCI-over-SPI protocol header and payload data • 4-Slave deasserts SPI_INT • 5-Master deasserts SPI_CSN When data must be transferred from NFCC to DH, things are a little bit different. Data Transfer from NFCC to DH • 1-Slave asserts SPI_INT -> NFC chipset irq handler called -> process reading from SPI • 2-Master asserts SPI_CSN • 3-Master send 2-octet NCI-over-SPI protocol header • 4-Slave sends 2-octet NCI-over-SPI protocol payload length • 5-Slave sends NCI-over-SPI protocol payload • 6-Master deasserts SPI_CSN In this case, SPI driver should function normally as it does today. Note that the INT line can and will be lowered anytime between beginning of step 3 and end of step 5. A low INT is therefore valid after chip select has been raised. This would be easily implemented in a single driver. Unfortunately, we don't write the SPI driver and I had to imagine some workaround trick to get the SPI and NFC drivers to work in a synchronized fashion. The trick is the following: - send an empty spi message: this will raise the chip select line, and send nothing. We expect the /CS line will stay arisen because we asked for it in the spi_transfer cs_change field - wait for a completion, that will be completed by the NFC driver IRQ handler when it knows we are in the process of sending data (NFC spec says that we use SPI in a half duplex mode, so we are either sending or receiving). - when completed, proceed with the normal data send. This has been tested and verified to work very consistently on a Nexus 10 (spi-s3c64xx driver). It may not work the same with other spi drivers. The previously defined nci_spi_ops{} whose intended purpose were to address this problem are not used anymore and therefore totally removed. The nci_spi_send() takes a new optional write_handshake_completion completion pointer. If non NULL, the nci spi layer will run the above trick when sending data to the NFC Chip. If NULL, the data is sent normally all at once and it is then the NFC driver responsibility to know what it's doing. Signed-off-by: Eric Lapuyade <eric.lapuyade@intel.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2013-09-23 15:56:43 +00:00
int nci_spi_send(struct nci_spi *nspi,
struct completion *write_handshake_completion,
struct sk_buff *skb);
struct sk_buff *nci_spi_read(struct nci_spi *nspi);
/* ----- NCI UART ---- */
/* Ioctl */
#define NCIUARTSETDRIVER _IOW('U', 0, char *)
enum nci_uart_driver {
NCI_UART_DRIVER_MARVELL = 0,
NCI_UART_DRIVER_MAX
};
struct nci_uart;
struct nci_uart_ops {
int (*open)(struct nci_uart *nci_uart);
void (*close)(struct nci_uart *nci_uart);
int (*recv)(struct nci_uart *nci_uart, struct sk_buff *skb);
int (*send)(struct nci_uart *nci_uart, struct sk_buff *skb);
void (*tx_start)(struct nci_uart *nci_uart);
void (*tx_done)(struct nci_uart *nci_uart);
};
struct nci_uart {
struct module *owner;
struct nci_uart_ops ops;
const char *name;
enum nci_uart_driver driver;
/* Dynamic data */
struct nci_dev *ndev;
spinlock_t rx_lock;
struct work_struct write_work;
struct tty_struct *tty;
unsigned long tx_state;
struct sk_buff_head tx_q;
struct sk_buff *tx_skb;
struct sk_buff *rx_skb;
int rx_packet_len;
void *drv_data;
};
int nci_uart_register(struct nci_uart *nu);
void nci_uart_unregister(struct nci_uart *nu);
void nci_uart_set_config(struct nci_uart *nu, int baudrate, int flow_ctrl);
#endif /* __NCI_CORE_H */