1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  *  The NFC Controller Interface is the communication protocol between an
4  *  NFC Controller (NFCC) and a Device Host (DH).
5  *
6  *  Copyright (C) 2014 Marvell International Ltd.
7  *  Copyright (C) 2011 Texas Instruments, Inc.
8  *
9  *  Written by Ilan Elias <ilane@ti.com>
10  *
11  *  Acknowledgements:
12  *  This file is based on hci_event.c, which was written
13  *  by Maxim Krasnyansky.
14  */
15 
16 #define pr_fmt(fmt) KBUILD_MODNAME ": %s: " fmt, __func__
17 
18 #include <linux/types.h>
19 #include <linux/interrupt.h>
20 #include <linux/bitops.h>
21 #include <linux/skbuff.h>
22 
23 #include "../nfc.h"
24 #include <net/nfc/nci.h>
25 #include <net/nfc/nci_core.h>
26 #include <linux/nfc.h>
27 
28 /* Handle NCI Notification packets */
29 
nci_core_conn_credits_ntf_packet(struct nci_dev * ndev,struct sk_buff * skb)30 static void nci_core_conn_credits_ntf_packet(struct nci_dev *ndev,
31 					     struct sk_buff *skb)
32 {
33 	struct nci_core_conn_credit_ntf *ntf = (void *) skb->data;
34 	struct nci_conn_info	*conn_info;
35 	int i;
36 
37 	pr_debug("num_entries %d\n", ntf->num_entries);
38 
39 	if (ntf->num_entries > NCI_MAX_NUM_CONN)
40 		ntf->num_entries = NCI_MAX_NUM_CONN;
41 
42 	/* update the credits */
43 	for (i = 0; i < ntf->num_entries; i++) {
44 		ntf->conn_entries[i].conn_id =
45 			nci_conn_id(&ntf->conn_entries[i].conn_id);
46 
47 		pr_debug("entry[%d]: conn_id %d, credits %d\n",
48 			 i, ntf->conn_entries[i].conn_id,
49 			 ntf->conn_entries[i].credits);
50 
51 		conn_info = nci_get_conn_info_by_conn_id(ndev,
52 							 ntf->conn_entries[i].conn_id);
53 		if (!conn_info)
54 			return;
55 
56 		atomic_add(ntf->conn_entries[i].credits,
57 			   &conn_info->credits_cnt);
58 	}
59 
60 	/* trigger the next tx */
61 	if (!skb_queue_empty(&ndev->tx_q))
62 		queue_work(ndev->tx_wq, &ndev->tx_work);
63 }
64 
nci_core_generic_error_ntf_packet(struct nci_dev * ndev,struct sk_buff * skb)65 static void nci_core_generic_error_ntf_packet(struct nci_dev *ndev,
66 					      struct sk_buff *skb)
67 {
68 	__u8 status = skb->data[0];
69 
70 	pr_debug("status 0x%x\n", status);
71 
72 	if (atomic_read(&ndev->state) == NCI_W4_HOST_SELECT) {
73 		/* Activation failed, so complete the request
74 		   (the state remains the same) */
75 		nci_req_complete(ndev, status);
76 	}
77 }
78 
nci_core_conn_intf_error_ntf_packet(struct nci_dev * ndev,struct sk_buff * skb)79 static void nci_core_conn_intf_error_ntf_packet(struct nci_dev *ndev,
80 						struct sk_buff *skb)
81 {
82 	struct nci_core_intf_error_ntf *ntf = (void *) skb->data;
83 
84 	ntf->conn_id = nci_conn_id(&ntf->conn_id);
85 
86 	pr_debug("status 0x%x, conn_id %d\n", ntf->status, ntf->conn_id);
87 
88 	/* complete the data exchange transaction, if exists */
89 	if (test_bit(NCI_DATA_EXCHANGE, &ndev->flags))
90 		nci_data_exchange_complete(ndev, NULL, ntf->conn_id, -EIO);
91 }
92 
nci_extract_rf_params_nfca_passive_poll(struct nci_dev * ndev,struct rf_tech_specific_params_nfca_poll * nfca_poll,__u8 * data)93 static __u8 *nci_extract_rf_params_nfca_passive_poll(struct nci_dev *ndev,
94 			struct rf_tech_specific_params_nfca_poll *nfca_poll,
95 						     __u8 *data)
96 {
97 	nfca_poll->sens_res = __le16_to_cpu(*((__le16 *)data));
98 	data += 2;
99 
100 	nfca_poll->nfcid1_len = min_t(__u8, *data++, NFC_NFCID1_MAXSIZE);
101 
102 	pr_debug("sens_res 0x%x, nfcid1_len %d\n",
103 		 nfca_poll->sens_res, nfca_poll->nfcid1_len);
104 
105 	memcpy(nfca_poll->nfcid1, data, nfca_poll->nfcid1_len);
106 	data += nfca_poll->nfcid1_len;
107 
108 	nfca_poll->sel_res_len = *data++;
109 
110 	if (nfca_poll->sel_res_len != 0)
111 		nfca_poll->sel_res = *data++;
112 
113 	pr_debug("sel_res_len %d, sel_res 0x%x\n",
114 		 nfca_poll->sel_res_len,
115 		 nfca_poll->sel_res);
116 
117 	return data;
118 }
119 
nci_extract_rf_params_nfcb_passive_poll(struct nci_dev * ndev,struct rf_tech_specific_params_nfcb_poll * nfcb_poll,__u8 * data)120 static __u8 *nci_extract_rf_params_nfcb_passive_poll(struct nci_dev *ndev,
121 			struct rf_tech_specific_params_nfcb_poll *nfcb_poll,
122 						     __u8 *data)
123 {
124 	nfcb_poll->sensb_res_len = min_t(__u8, *data++, NFC_SENSB_RES_MAXSIZE);
125 
126 	pr_debug("sensb_res_len %d\n", nfcb_poll->sensb_res_len);
127 
128 	memcpy(nfcb_poll->sensb_res, data, nfcb_poll->sensb_res_len);
129 	data += nfcb_poll->sensb_res_len;
130 
131 	return data;
132 }
133 
nci_extract_rf_params_nfcf_passive_poll(struct nci_dev * ndev,struct rf_tech_specific_params_nfcf_poll * nfcf_poll,__u8 * data)134 static __u8 *nci_extract_rf_params_nfcf_passive_poll(struct nci_dev *ndev,
135 			struct rf_tech_specific_params_nfcf_poll *nfcf_poll,
136 						     __u8 *data)
137 {
138 	nfcf_poll->bit_rate = *data++;
139 	nfcf_poll->sensf_res_len = min_t(__u8, *data++, NFC_SENSF_RES_MAXSIZE);
140 
141 	pr_debug("bit_rate %d, sensf_res_len %d\n",
142 		 nfcf_poll->bit_rate, nfcf_poll->sensf_res_len);
143 
144 	memcpy(nfcf_poll->sensf_res, data, nfcf_poll->sensf_res_len);
145 	data += nfcf_poll->sensf_res_len;
146 
147 	return data;
148 }
149 
nci_extract_rf_params_nfcv_passive_poll(struct nci_dev * ndev,struct rf_tech_specific_params_nfcv_poll * nfcv_poll,__u8 * data)150 static __u8 *nci_extract_rf_params_nfcv_passive_poll(struct nci_dev *ndev,
151 			struct rf_tech_specific_params_nfcv_poll *nfcv_poll,
152 						     __u8 *data)
153 {
154 	++data;
155 	nfcv_poll->dsfid = *data++;
156 	memcpy(nfcv_poll->uid, data, NFC_ISO15693_UID_MAXSIZE);
157 	data += NFC_ISO15693_UID_MAXSIZE;
158 	return data;
159 }
160 
nci_extract_rf_params_nfcf_passive_listen(struct nci_dev * ndev,struct rf_tech_specific_params_nfcf_listen * nfcf_listen,__u8 * data)161 static __u8 *nci_extract_rf_params_nfcf_passive_listen(struct nci_dev *ndev,
162 			struct rf_tech_specific_params_nfcf_listen *nfcf_listen,
163 						     __u8 *data)
164 {
165 	nfcf_listen->local_nfcid2_len = min_t(__u8, *data++,
166 					      NFC_NFCID2_MAXSIZE);
167 	memcpy(nfcf_listen->local_nfcid2, data, nfcf_listen->local_nfcid2_len);
168 	data += nfcf_listen->local_nfcid2_len;
169 
170 	return data;
171 }
172 
nci_get_prop_rf_protocol(struct nci_dev * ndev,__u8 rf_protocol)173 static __u32 nci_get_prop_rf_protocol(struct nci_dev *ndev, __u8 rf_protocol)
174 {
175 	if (ndev->ops->get_rfprotocol)
176 		return ndev->ops->get_rfprotocol(ndev, rf_protocol);
177 	return 0;
178 }
179 
nci_add_new_protocol(struct nci_dev * ndev,struct nfc_target * target,__u8 rf_protocol,__u8 rf_tech_and_mode,void * params)180 static int nci_add_new_protocol(struct nci_dev *ndev,
181 				struct nfc_target *target,
182 				__u8 rf_protocol,
183 				__u8 rf_tech_and_mode,
184 				void *params)
185 {
186 	struct rf_tech_specific_params_nfca_poll *nfca_poll;
187 	struct rf_tech_specific_params_nfcb_poll *nfcb_poll;
188 	struct rf_tech_specific_params_nfcf_poll *nfcf_poll;
189 	struct rf_tech_specific_params_nfcv_poll *nfcv_poll;
190 	__u32 protocol;
191 
192 	if (rf_protocol == NCI_RF_PROTOCOL_T1T)
193 		protocol = NFC_PROTO_JEWEL_MASK;
194 	else if (rf_protocol == NCI_RF_PROTOCOL_T2T)
195 		protocol = NFC_PROTO_MIFARE_MASK;
196 	else if (rf_protocol == NCI_RF_PROTOCOL_ISO_DEP)
197 		if (rf_tech_and_mode == NCI_NFC_A_PASSIVE_POLL_MODE)
198 			protocol = NFC_PROTO_ISO14443_MASK;
199 		else
200 			protocol = NFC_PROTO_ISO14443_B_MASK;
201 	else if (rf_protocol == NCI_RF_PROTOCOL_T3T)
202 		protocol = NFC_PROTO_FELICA_MASK;
203 	else if (rf_protocol == NCI_RF_PROTOCOL_NFC_DEP)
204 		protocol = NFC_PROTO_NFC_DEP_MASK;
205 	else if (rf_protocol == NCI_RF_PROTOCOL_T5T)
206 		protocol = NFC_PROTO_ISO15693_MASK;
207 	else
208 		protocol = nci_get_prop_rf_protocol(ndev, rf_protocol);
209 
210 	if (!(protocol & ndev->poll_prots)) {
211 		pr_err("the target found does not have the desired protocol\n");
212 		return -EPROTO;
213 	}
214 
215 	if (rf_tech_and_mode == NCI_NFC_A_PASSIVE_POLL_MODE) {
216 		nfca_poll = (struct rf_tech_specific_params_nfca_poll *)params;
217 
218 		target->sens_res = nfca_poll->sens_res;
219 		target->sel_res = nfca_poll->sel_res;
220 		target->nfcid1_len = nfca_poll->nfcid1_len;
221 		if (target->nfcid1_len > 0) {
222 			memcpy(target->nfcid1, nfca_poll->nfcid1,
223 			       target->nfcid1_len);
224 		}
225 	} else if (rf_tech_and_mode == NCI_NFC_B_PASSIVE_POLL_MODE) {
226 		nfcb_poll = (struct rf_tech_specific_params_nfcb_poll *)params;
227 
228 		target->sensb_res_len = nfcb_poll->sensb_res_len;
229 		if (target->sensb_res_len > 0) {
230 			memcpy(target->sensb_res, nfcb_poll->sensb_res,
231 			       target->sensb_res_len);
232 		}
233 	} else if (rf_tech_and_mode == NCI_NFC_F_PASSIVE_POLL_MODE) {
234 		nfcf_poll = (struct rf_tech_specific_params_nfcf_poll *)params;
235 
236 		target->sensf_res_len = nfcf_poll->sensf_res_len;
237 		if (target->sensf_res_len > 0) {
238 			memcpy(target->sensf_res, nfcf_poll->sensf_res,
239 			       target->sensf_res_len);
240 		}
241 	} else if (rf_tech_and_mode == NCI_NFC_V_PASSIVE_POLL_MODE) {
242 		nfcv_poll = (struct rf_tech_specific_params_nfcv_poll *)params;
243 
244 		target->is_iso15693 = 1;
245 		target->iso15693_dsfid = nfcv_poll->dsfid;
246 		memcpy(target->iso15693_uid, nfcv_poll->uid, NFC_ISO15693_UID_MAXSIZE);
247 	} else {
248 		pr_err("unsupported rf_tech_and_mode 0x%x\n", rf_tech_and_mode);
249 		return -EPROTO;
250 	}
251 
252 	target->supported_protocols |= protocol;
253 
254 	pr_debug("protocol 0x%x\n", protocol);
255 
256 	return 0;
257 }
258 
nci_add_new_target(struct nci_dev * ndev,struct nci_rf_discover_ntf * ntf)259 static void nci_add_new_target(struct nci_dev *ndev,
260 			       struct nci_rf_discover_ntf *ntf)
261 {
262 	struct nfc_target *target;
263 	int i, rc;
264 
265 	for (i = 0; i < ndev->n_targets; i++) {
266 		target = &ndev->targets[i];
267 		if (target->logical_idx == ntf->rf_discovery_id) {
268 			/* This target already exists, add the new protocol */
269 			nci_add_new_protocol(ndev, target, ntf->rf_protocol,
270 					     ntf->rf_tech_and_mode,
271 					     &ntf->rf_tech_specific_params);
272 			return;
273 		}
274 	}
275 
276 	/* This is a new target, check if we've enough room */
277 	if (ndev->n_targets == NCI_MAX_DISCOVERED_TARGETS) {
278 		pr_debug("not enough room, ignoring new target...\n");
279 		return;
280 	}
281 
282 	target = &ndev->targets[ndev->n_targets];
283 
284 	rc = nci_add_new_protocol(ndev, target, ntf->rf_protocol,
285 				  ntf->rf_tech_and_mode,
286 				  &ntf->rf_tech_specific_params);
287 	if (!rc) {
288 		target->logical_idx = ntf->rf_discovery_id;
289 		ndev->n_targets++;
290 
291 		pr_debug("logical idx %d, n_targets %d\n", target->logical_idx,
292 			 ndev->n_targets);
293 	}
294 }
295 
nci_clear_target_list(struct nci_dev * ndev)296 void nci_clear_target_list(struct nci_dev *ndev)
297 {
298 	memset(ndev->targets, 0,
299 	       (sizeof(struct nfc_target)*NCI_MAX_DISCOVERED_TARGETS));
300 
301 	ndev->n_targets = 0;
302 }
303 
nci_rf_discover_ntf_packet(struct nci_dev * ndev,struct sk_buff * skb)304 static void nci_rf_discover_ntf_packet(struct nci_dev *ndev,
305 				       struct sk_buff *skb)
306 {
307 	struct nci_rf_discover_ntf ntf;
308 	__u8 *data = skb->data;
309 	bool add_target = true;
310 
311 	ntf.rf_discovery_id = *data++;
312 	ntf.rf_protocol = *data++;
313 	ntf.rf_tech_and_mode = *data++;
314 	ntf.rf_tech_specific_params_len = *data++;
315 
316 	pr_debug("rf_discovery_id %d\n", ntf.rf_discovery_id);
317 	pr_debug("rf_protocol 0x%x\n", ntf.rf_protocol);
318 	pr_debug("rf_tech_and_mode 0x%x\n", ntf.rf_tech_and_mode);
319 	pr_debug("rf_tech_specific_params_len %d\n",
320 		 ntf.rf_tech_specific_params_len);
321 
322 	if (ntf.rf_tech_specific_params_len > 0) {
323 		switch (ntf.rf_tech_and_mode) {
324 		case NCI_NFC_A_PASSIVE_POLL_MODE:
325 			data = nci_extract_rf_params_nfca_passive_poll(ndev,
326 				&(ntf.rf_tech_specific_params.nfca_poll), data);
327 			break;
328 
329 		case NCI_NFC_B_PASSIVE_POLL_MODE:
330 			data = nci_extract_rf_params_nfcb_passive_poll(ndev,
331 				&(ntf.rf_tech_specific_params.nfcb_poll), data);
332 			break;
333 
334 		case NCI_NFC_F_PASSIVE_POLL_MODE:
335 			data = nci_extract_rf_params_nfcf_passive_poll(ndev,
336 				&(ntf.rf_tech_specific_params.nfcf_poll), data);
337 			break;
338 
339 		case NCI_NFC_V_PASSIVE_POLL_MODE:
340 			data = nci_extract_rf_params_nfcv_passive_poll(ndev,
341 				&(ntf.rf_tech_specific_params.nfcv_poll), data);
342 			break;
343 
344 		default:
345 			pr_err("unsupported rf_tech_and_mode 0x%x\n",
346 			       ntf.rf_tech_and_mode);
347 			data += ntf.rf_tech_specific_params_len;
348 			add_target = false;
349 		}
350 	}
351 
352 	ntf.ntf_type = *data++;
353 	pr_debug("ntf_type %d\n", ntf.ntf_type);
354 
355 	if (add_target == true)
356 		nci_add_new_target(ndev, &ntf);
357 
358 	if (ntf.ntf_type == NCI_DISCOVER_NTF_TYPE_MORE) {
359 		atomic_set(&ndev->state, NCI_W4_ALL_DISCOVERIES);
360 	} else {
361 		atomic_set(&ndev->state, NCI_W4_HOST_SELECT);
362 		nfc_targets_found(ndev->nfc_dev, ndev->targets,
363 				  ndev->n_targets);
364 	}
365 }
366 
nci_extract_activation_params_iso_dep(struct nci_dev * ndev,struct nci_rf_intf_activated_ntf * ntf,__u8 * data)367 static int nci_extract_activation_params_iso_dep(struct nci_dev *ndev,
368 			struct nci_rf_intf_activated_ntf *ntf, __u8 *data)
369 {
370 	struct activation_params_nfca_poll_iso_dep *nfca_poll;
371 	struct activation_params_nfcb_poll_iso_dep *nfcb_poll;
372 
373 	switch (ntf->activation_rf_tech_and_mode) {
374 	case NCI_NFC_A_PASSIVE_POLL_MODE:
375 		nfca_poll = &ntf->activation_params.nfca_poll_iso_dep;
376 		nfca_poll->rats_res_len = min_t(__u8, *data++, 20);
377 		pr_debug("rats_res_len %d\n", nfca_poll->rats_res_len);
378 		if (nfca_poll->rats_res_len > 0) {
379 			memcpy(nfca_poll->rats_res,
380 			       data, nfca_poll->rats_res_len);
381 		}
382 		break;
383 
384 	case NCI_NFC_B_PASSIVE_POLL_MODE:
385 		nfcb_poll = &ntf->activation_params.nfcb_poll_iso_dep;
386 		nfcb_poll->attrib_res_len = min_t(__u8, *data++, 50);
387 		pr_debug("attrib_res_len %d\n", nfcb_poll->attrib_res_len);
388 		if (nfcb_poll->attrib_res_len > 0) {
389 			memcpy(nfcb_poll->attrib_res,
390 			       data, nfcb_poll->attrib_res_len);
391 		}
392 		break;
393 
394 	default:
395 		pr_err("unsupported activation_rf_tech_and_mode 0x%x\n",
396 		       ntf->activation_rf_tech_and_mode);
397 		return NCI_STATUS_RF_PROTOCOL_ERROR;
398 	}
399 
400 	return NCI_STATUS_OK;
401 }
402 
nci_extract_activation_params_nfc_dep(struct nci_dev * ndev,struct nci_rf_intf_activated_ntf * ntf,__u8 * data)403 static int nci_extract_activation_params_nfc_dep(struct nci_dev *ndev,
404 			struct nci_rf_intf_activated_ntf *ntf, __u8 *data)
405 {
406 	struct activation_params_poll_nfc_dep *poll;
407 	struct activation_params_listen_nfc_dep *listen;
408 
409 	switch (ntf->activation_rf_tech_and_mode) {
410 	case NCI_NFC_A_PASSIVE_POLL_MODE:
411 	case NCI_NFC_F_PASSIVE_POLL_MODE:
412 		poll = &ntf->activation_params.poll_nfc_dep;
413 		poll->atr_res_len = min_t(__u8, *data++,
414 					  NFC_ATR_RES_MAXSIZE - 2);
415 		pr_debug("atr_res_len %d\n", poll->atr_res_len);
416 		if (poll->atr_res_len > 0)
417 			memcpy(poll->atr_res, data, poll->atr_res_len);
418 		break;
419 
420 	case NCI_NFC_A_PASSIVE_LISTEN_MODE:
421 	case NCI_NFC_F_PASSIVE_LISTEN_MODE:
422 		listen = &ntf->activation_params.listen_nfc_dep;
423 		listen->atr_req_len = min_t(__u8, *data++,
424 					    NFC_ATR_REQ_MAXSIZE - 2);
425 		pr_debug("atr_req_len %d\n", listen->atr_req_len);
426 		if (listen->atr_req_len > 0)
427 			memcpy(listen->atr_req, data, listen->atr_req_len);
428 		break;
429 
430 	default:
431 		pr_err("unsupported activation_rf_tech_and_mode 0x%x\n",
432 		       ntf->activation_rf_tech_and_mode);
433 		return NCI_STATUS_RF_PROTOCOL_ERROR;
434 	}
435 
436 	return NCI_STATUS_OK;
437 }
438 
nci_target_auto_activated(struct nci_dev * ndev,struct nci_rf_intf_activated_ntf * ntf)439 static void nci_target_auto_activated(struct nci_dev *ndev,
440 				      struct nci_rf_intf_activated_ntf *ntf)
441 {
442 	struct nfc_target *target;
443 	int rc;
444 
445 	target = &ndev->targets[ndev->n_targets];
446 
447 	rc = nci_add_new_protocol(ndev, target, ntf->rf_protocol,
448 				  ntf->activation_rf_tech_and_mode,
449 				  &ntf->rf_tech_specific_params);
450 	if (rc)
451 		return;
452 
453 	target->logical_idx = ntf->rf_discovery_id;
454 	ndev->n_targets++;
455 
456 	pr_debug("logical idx %d, n_targets %d\n",
457 		 target->logical_idx, ndev->n_targets);
458 
459 	nfc_targets_found(ndev->nfc_dev, ndev->targets, ndev->n_targets);
460 }
461 
nci_store_general_bytes_nfc_dep(struct nci_dev * ndev,struct nci_rf_intf_activated_ntf * ntf)462 static int nci_store_general_bytes_nfc_dep(struct nci_dev *ndev,
463 		struct nci_rf_intf_activated_ntf *ntf)
464 {
465 	ndev->remote_gb_len = 0;
466 
467 	if (ntf->activation_params_len <= 0)
468 		return NCI_STATUS_OK;
469 
470 	switch (ntf->activation_rf_tech_and_mode) {
471 	case NCI_NFC_A_PASSIVE_POLL_MODE:
472 	case NCI_NFC_F_PASSIVE_POLL_MODE:
473 		ndev->remote_gb_len = min_t(__u8,
474 			(ntf->activation_params.poll_nfc_dep.atr_res_len
475 						- NFC_ATR_RES_GT_OFFSET),
476 			NFC_ATR_RES_GB_MAXSIZE);
477 		memcpy(ndev->remote_gb,
478 		       (ntf->activation_params.poll_nfc_dep.atr_res
479 						+ NFC_ATR_RES_GT_OFFSET),
480 		       ndev->remote_gb_len);
481 		break;
482 
483 	case NCI_NFC_A_PASSIVE_LISTEN_MODE:
484 	case NCI_NFC_F_PASSIVE_LISTEN_MODE:
485 		ndev->remote_gb_len = min_t(__u8,
486 			(ntf->activation_params.listen_nfc_dep.atr_req_len
487 						- NFC_ATR_REQ_GT_OFFSET),
488 			NFC_ATR_REQ_GB_MAXSIZE);
489 		memcpy(ndev->remote_gb,
490 		       (ntf->activation_params.listen_nfc_dep.atr_req
491 						+ NFC_ATR_REQ_GT_OFFSET),
492 		       ndev->remote_gb_len);
493 		break;
494 
495 	default:
496 		pr_err("unsupported activation_rf_tech_and_mode 0x%x\n",
497 		       ntf->activation_rf_tech_and_mode);
498 		return NCI_STATUS_RF_PROTOCOL_ERROR;
499 	}
500 
501 	return NCI_STATUS_OK;
502 }
503 
nci_rf_intf_activated_ntf_packet(struct nci_dev * ndev,struct sk_buff * skb)504 static void nci_rf_intf_activated_ntf_packet(struct nci_dev *ndev,
505 					     struct sk_buff *skb)
506 {
507 	struct nci_conn_info    *conn_info;
508 	struct nci_rf_intf_activated_ntf ntf;
509 	__u8 *data = skb->data;
510 	int err = NCI_STATUS_OK;
511 
512 	ntf.rf_discovery_id = *data++;
513 	ntf.rf_interface = *data++;
514 	ntf.rf_protocol = *data++;
515 	ntf.activation_rf_tech_and_mode = *data++;
516 	ntf.max_data_pkt_payload_size = *data++;
517 	ntf.initial_num_credits = *data++;
518 	ntf.rf_tech_specific_params_len = *data++;
519 
520 	pr_debug("rf_discovery_id %d\n", ntf.rf_discovery_id);
521 	pr_debug("rf_interface 0x%x\n", ntf.rf_interface);
522 	pr_debug("rf_protocol 0x%x\n", ntf.rf_protocol);
523 	pr_debug("activation_rf_tech_and_mode 0x%x\n",
524 		 ntf.activation_rf_tech_and_mode);
525 	pr_debug("max_data_pkt_payload_size 0x%x\n",
526 		 ntf.max_data_pkt_payload_size);
527 	pr_debug("initial_num_credits 0x%x\n",
528 		 ntf.initial_num_credits);
529 	pr_debug("rf_tech_specific_params_len %d\n",
530 		 ntf.rf_tech_specific_params_len);
531 
532 	/* If this contains a value of 0x00 (NFCEE Direct RF
533 	 * Interface) then all following parameters SHALL contain a
534 	 * value of 0 and SHALL be ignored.
535 	 */
536 	if (ntf.rf_interface == NCI_RF_INTERFACE_NFCEE_DIRECT)
537 		goto listen;
538 
539 	if (ntf.rf_tech_specific_params_len > 0) {
540 		switch (ntf.activation_rf_tech_and_mode) {
541 		case NCI_NFC_A_PASSIVE_POLL_MODE:
542 			data = nci_extract_rf_params_nfca_passive_poll(ndev,
543 				&(ntf.rf_tech_specific_params.nfca_poll), data);
544 			break;
545 
546 		case NCI_NFC_B_PASSIVE_POLL_MODE:
547 			data = nci_extract_rf_params_nfcb_passive_poll(ndev,
548 				&(ntf.rf_tech_specific_params.nfcb_poll), data);
549 			break;
550 
551 		case NCI_NFC_F_PASSIVE_POLL_MODE:
552 			data = nci_extract_rf_params_nfcf_passive_poll(ndev,
553 				&(ntf.rf_tech_specific_params.nfcf_poll), data);
554 			break;
555 
556 		case NCI_NFC_V_PASSIVE_POLL_MODE:
557 			data = nci_extract_rf_params_nfcv_passive_poll(ndev,
558 				&(ntf.rf_tech_specific_params.nfcv_poll), data);
559 			break;
560 
561 		case NCI_NFC_A_PASSIVE_LISTEN_MODE:
562 			/* no RF technology specific parameters */
563 			break;
564 
565 		case NCI_NFC_F_PASSIVE_LISTEN_MODE:
566 			data = nci_extract_rf_params_nfcf_passive_listen(ndev,
567 				&(ntf.rf_tech_specific_params.nfcf_listen),
568 				data);
569 			break;
570 
571 		default:
572 			pr_err("unsupported activation_rf_tech_and_mode 0x%x\n",
573 			       ntf.activation_rf_tech_and_mode);
574 			err = NCI_STATUS_RF_PROTOCOL_ERROR;
575 			goto exit;
576 		}
577 	}
578 
579 	ntf.data_exch_rf_tech_and_mode = *data++;
580 	ntf.data_exch_tx_bit_rate = *data++;
581 	ntf.data_exch_rx_bit_rate = *data++;
582 	ntf.activation_params_len = *data++;
583 
584 	pr_debug("data_exch_rf_tech_and_mode 0x%x\n",
585 		 ntf.data_exch_rf_tech_and_mode);
586 	pr_debug("data_exch_tx_bit_rate 0x%x\n", ntf.data_exch_tx_bit_rate);
587 	pr_debug("data_exch_rx_bit_rate 0x%x\n", ntf.data_exch_rx_bit_rate);
588 	pr_debug("activation_params_len %d\n", ntf.activation_params_len);
589 
590 	if (ntf.activation_params_len > 0) {
591 		switch (ntf.rf_interface) {
592 		case NCI_RF_INTERFACE_ISO_DEP:
593 			err = nci_extract_activation_params_iso_dep(ndev,
594 								    &ntf, data);
595 			break;
596 
597 		case NCI_RF_INTERFACE_NFC_DEP:
598 			err = nci_extract_activation_params_nfc_dep(ndev,
599 								    &ntf, data);
600 			break;
601 
602 		case NCI_RF_INTERFACE_FRAME:
603 			/* no activation params */
604 			break;
605 
606 		default:
607 			pr_err("unsupported rf_interface 0x%x\n",
608 			       ntf.rf_interface);
609 			err = NCI_STATUS_RF_PROTOCOL_ERROR;
610 			break;
611 		}
612 	}
613 
614 exit:
615 	if (err == NCI_STATUS_OK) {
616 		conn_info = ndev->rf_conn_info;
617 		if (!conn_info)
618 			return;
619 
620 		conn_info->max_pkt_payload_len = ntf.max_data_pkt_payload_size;
621 		conn_info->initial_num_credits = ntf.initial_num_credits;
622 
623 		/* set the available credits to initial value */
624 		atomic_set(&conn_info->credits_cnt,
625 			   conn_info->initial_num_credits);
626 
627 		/* store general bytes to be reported later in dep_link_up */
628 		if (ntf.rf_interface == NCI_RF_INTERFACE_NFC_DEP) {
629 			err = nci_store_general_bytes_nfc_dep(ndev, &ntf);
630 			if (err != NCI_STATUS_OK)
631 				pr_err("unable to store general bytes\n");
632 		}
633 	}
634 
635 	if (!(ntf.activation_rf_tech_and_mode & NCI_RF_TECH_MODE_LISTEN_MASK)) {
636 		/* Poll mode */
637 		if (atomic_read(&ndev->state) == NCI_DISCOVERY) {
638 			/* A single target was found and activated
639 			 * automatically */
640 			atomic_set(&ndev->state, NCI_POLL_ACTIVE);
641 			if (err == NCI_STATUS_OK)
642 				nci_target_auto_activated(ndev, &ntf);
643 		} else {	/* ndev->state == NCI_W4_HOST_SELECT */
644 			/* A selected target was activated, so complete the
645 			 * request */
646 			atomic_set(&ndev->state, NCI_POLL_ACTIVE);
647 			nci_req_complete(ndev, err);
648 		}
649 	} else {
650 listen:
651 		/* Listen mode */
652 		atomic_set(&ndev->state, NCI_LISTEN_ACTIVE);
653 		if (err == NCI_STATUS_OK &&
654 		    ntf.rf_protocol == NCI_RF_PROTOCOL_NFC_DEP) {
655 			err = nfc_tm_activated(ndev->nfc_dev,
656 					       NFC_PROTO_NFC_DEP_MASK,
657 					       NFC_COMM_PASSIVE,
658 					       ndev->remote_gb,
659 					       ndev->remote_gb_len);
660 			if (err != NCI_STATUS_OK)
661 				pr_err("error when signaling tm activation\n");
662 		}
663 	}
664 }
665 
nci_rf_deactivate_ntf_packet(struct nci_dev * ndev,struct sk_buff * skb)666 static void nci_rf_deactivate_ntf_packet(struct nci_dev *ndev,
667 					 struct sk_buff *skb)
668 {
669 	struct nci_conn_info    *conn_info;
670 	struct nci_rf_deactivate_ntf *ntf = (void *) skb->data;
671 
672 	pr_debug("entry, type 0x%x, reason 0x%x\n", ntf->type, ntf->reason);
673 
674 	conn_info = ndev->rf_conn_info;
675 	if (!conn_info)
676 		return;
677 
678 	/* drop tx data queue */
679 	skb_queue_purge(&ndev->tx_q);
680 
681 	/* drop partial rx data packet */
682 	if (ndev->rx_data_reassembly) {
683 		kfree_skb(ndev->rx_data_reassembly);
684 		ndev->rx_data_reassembly = NULL;
685 	}
686 
687 	/* complete the data exchange transaction, if exists */
688 	if (test_bit(NCI_DATA_EXCHANGE, &ndev->flags))
689 		nci_data_exchange_complete(ndev, NULL, NCI_STATIC_RF_CONN_ID,
690 					   -EIO);
691 
692 	switch (ntf->type) {
693 	case NCI_DEACTIVATE_TYPE_IDLE_MODE:
694 		nci_clear_target_list(ndev);
695 		atomic_set(&ndev->state, NCI_IDLE);
696 		break;
697 	case NCI_DEACTIVATE_TYPE_SLEEP_MODE:
698 	case NCI_DEACTIVATE_TYPE_SLEEP_AF_MODE:
699 		atomic_set(&ndev->state, NCI_W4_HOST_SELECT);
700 		break;
701 	case NCI_DEACTIVATE_TYPE_DISCOVERY:
702 		nci_clear_target_list(ndev);
703 		atomic_set(&ndev->state, NCI_DISCOVERY);
704 		break;
705 	}
706 
707 	nci_req_complete(ndev, NCI_STATUS_OK);
708 }
709 
nci_nfcee_discover_ntf_packet(struct nci_dev * ndev,struct sk_buff * skb)710 static void nci_nfcee_discover_ntf_packet(struct nci_dev *ndev,
711 					  struct sk_buff *skb)
712 {
713 	u8 status = NCI_STATUS_OK;
714 	struct nci_nfcee_discover_ntf   *nfcee_ntf =
715 				(struct nci_nfcee_discover_ntf *)skb->data;
716 
717 	pr_debug("\n");
718 
719 	/* NFCForum NCI 9.2.1 HCI Network Specific Handling
720 	 * If the NFCC supports the HCI Network, it SHALL return one,
721 	 * and only one, NFCEE_DISCOVER_NTF with a Protocol type of
722 	 * “HCI Access”, even if the HCI Network contains multiple NFCEEs.
723 	 */
724 	ndev->hci_dev->nfcee_id = nfcee_ntf->nfcee_id;
725 	ndev->cur_params.id = nfcee_ntf->nfcee_id;
726 
727 	nci_req_complete(ndev, status);
728 }
729 
nci_nfcee_action_ntf_packet(struct nci_dev * ndev,struct sk_buff * skb)730 static void nci_nfcee_action_ntf_packet(struct nci_dev *ndev,
731 					struct sk_buff *skb)
732 {
733 	pr_debug("\n");
734 }
735 
nci_ntf_packet(struct nci_dev * ndev,struct sk_buff * skb)736 void nci_ntf_packet(struct nci_dev *ndev, struct sk_buff *skb)
737 {
738 	__u16 ntf_opcode = nci_opcode(skb->data);
739 
740 	pr_debug("NCI RX: MT=ntf, PBF=%d, GID=0x%x, OID=0x%x, plen=%d\n",
741 		 nci_pbf(skb->data),
742 		 nci_opcode_gid(ntf_opcode),
743 		 nci_opcode_oid(ntf_opcode),
744 		 nci_plen(skb->data));
745 
746 	/* strip the nci control header */
747 	skb_pull(skb, NCI_CTRL_HDR_SIZE);
748 
749 	if (nci_opcode_gid(ntf_opcode) == NCI_GID_PROPRIETARY) {
750 		if (nci_prop_ntf_packet(ndev, ntf_opcode, skb) == -ENOTSUPP) {
751 			pr_err("unsupported ntf opcode 0x%x\n",
752 			       ntf_opcode);
753 		}
754 
755 		goto end;
756 	}
757 
758 	switch (ntf_opcode) {
759 	case NCI_OP_CORE_CONN_CREDITS_NTF:
760 		nci_core_conn_credits_ntf_packet(ndev, skb);
761 		break;
762 
763 	case NCI_OP_CORE_GENERIC_ERROR_NTF:
764 		nci_core_generic_error_ntf_packet(ndev, skb);
765 		break;
766 
767 	case NCI_OP_CORE_INTF_ERROR_NTF:
768 		nci_core_conn_intf_error_ntf_packet(ndev, skb);
769 		break;
770 
771 	case NCI_OP_RF_DISCOVER_NTF:
772 		nci_rf_discover_ntf_packet(ndev, skb);
773 		break;
774 
775 	case NCI_OP_RF_INTF_ACTIVATED_NTF:
776 		nci_rf_intf_activated_ntf_packet(ndev, skb);
777 		break;
778 
779 	case NCI_OP_RF_DEACTIVATE_NTF:
780 		nci_rf_deactivate_ntf_packet(ndev, skb);
781 		break;
782 
783 	case NCI_OP_NFCEE_DISCOVER_NTF:
784 		nci_nfcee_discover_ntf_packet(ndev, skb);
785 		break;
786 
787 	case NCI_OP_RF_NFCEE_ACTION_NTF:
788 		nci_nfcee_action_ntf_packet(ndev, skb);
789 		break;
790 
791 	default:
792 		pr_err("unknown ntf opcode 0x%x\n", ntf_opcode);
793 		break;
794 	}
795 
796 	nci_core_ntf_packet(ndev, ntf_opcode, skb);
797 end:
798 	kfree_skb(skb);
799 }
800