st21nfca_hci_load_session() calls kfree_skb() on unitialized
variables skb_pipe_info and skb_pipe_list if the call to
nfc_hci_connect_gate() failed. Reword the error path to not use
these variables when they are not initialized. While at it, there
seemed to be a memory leak because skb_pipe_info was only freed
once, after the for-loop, even though several ones were created
by nfc_hci_send_cmd.
Fixes: ec03ff1a8f
("NFC: st21nfca: Remove skb_pipe_list and skb_pipe_info
useless allocation")
Cc: stable@vger.kernel.org
Acked-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Nicolas Iooss <nicolas.iooss_linux@m4x.org>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Add comments about HCI EVT_TRANSACTION in order to make the code
understandable by other readers.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
st21nfca_get_iso14443_3_uid gate parameter name is incorrect
and should be uid.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
st21nfca_get_iso14443_3_uid() does not correctly copy the uid from
uid_skb->data to its gate parameter. "gate = uid_skb->data;" only
puts a pointer to uid_skb->data to the local variable gate.
This means that in st21nfca_hci_target_from_gate() the content
of "u8 uid[NFC_NFCID1_MAXSIZE]" local variable is never initialized
before being used in memcpy(target->nfcid1, uid, len).
Fix this by replacing the local variable assignment with a memcpy.
This was found by compiling Linux with
"gcc -Wunused-but-set-parameter".
Acked-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Nicolas Iooss <nicolas.iooss_linux@m4x.org>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
The transaction notifies the host (DH) that an action
is required to manage a specific Secure Element application.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
st21nfca has 1 physical SWP line and can support up to 2 secure elements
(UICC & eSE) thanks to an external switch managed with a gpio.
The platform integrator needs to specify thanks to 2 initialization
properties, uicc-present and ese-present, if it is suppose to have uicc
and/or ese. Of course if the platform does not have an external switch,
only one kind of secure element can be supported. Those parameters are
under platform integrator responsibilities.
During initialization, the white_list will be set according to those
parameters.
The discovery_se function will assume a secure element is physically
present according to uicc-present and ese-present values and will add it
to the secure element list. On ese activation, the atr is retrieved to
calculate a command exchange timeout based on the first atr(TB) value.
The se_io will allow to transfer data over SWP. 2 kind of events may appear
after a data is sent over:
- ST21NFCA_EVT_TRANSMIT_DATA when receiving an apdu answer
- ST21NFCA_EVT_WTX_REQUEST when the secure element needs more time than
expected to compute a command. If this timeout expired, a first recovery
tentative consist to send a simple software reset proprietary command.
If this tentative still fail, a second recovery tentative consist to send
a hardware reset proprietary command.
This function is only relevant for eSE like secure element.
This patch also change the way a pipe is referenced. There can be
different pipe connected to the same gate with different host destination
(ex: CONNECTIVITY). In order to keep host information every pipe are
reference with a tuple (gate, host). In order to reduce changes, we are
keeping unchanged the way a gate is addressed on the Terminal Host.
However, this is working because we consider the apdu reader gate is only
present on the eSE slot also the connectivity gate cannot give a reliable
value; it will give the latest stored pipe value.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Fix some memory leaks after some nfc_hci_get_param calls.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Remove unnecessary memory allocation message already shown by devm_kzalloc.
This remove a warning when running scripts/checkpatch.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
skb_pipe_list and skb_pipe_info are allocated in nfc_hci_send_cmd.
alloc_skb on those buffer are then useless.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
kfree_skb(skb) in st21nfca_hci_event_received is never reach.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Other drivers are following the following compatible string format for dts:
s/_/-/
Because some devices may still use the previous string, the new corrected
string is added to the of_device_id table.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Report error returned by devm_gpio_request_one or
st21nfca_hci_platform_init instead of -ENODEV.
Reported-by: Dmitry Torokhov <dtor@chromium.org>
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
As many event with the same id can come from several gates,
it will be easier to manage each of them by gate.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
- phy->gpio_irq is never done out of the request resources.
- irq_of_parse_and_map is already done in the i2c core so client->irq is
already set when entering in st21nfca_hci_i2c_of_request_resources
- In case of static platform configuration client->irq can be set directly
- It simplifies the code a bit.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
When CONFIG_OF is define add of_st21nfca_i2c_match to
MODULE_DEVICE_TABLE.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
This is a specific implementation, <asm/unaligned.h> is the
multiplexer that has the arch-specific knowledge of which
of the implementations needs to be used, so include that.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
John W. Linville says:
====================
pull request: wireless-next 2014-10-03
Please pull tihs batch of updates intended for the 3.18 stream!
For the iwlwifi bits, Emmanuel says:
"I have here a few things that depend on the latest mac80211's changes:
RRM, TPC, Quiet Period etc... Eyal keeps improving our rate control
and we have a new device ID. This last patch should probably have
gone to wireless.git, but at that stage, I preferred to send it to
-next and CC stable."
For (most of) the Atheros bits, Kalle says:
"The only new feature is testmode support from me. Ben added a new method
to crash the firmware with an assert for debug purposes. As usual, we
have lots of smaller fixes from Michal. Matteo fixed a Kconfig
dependency with debugfs. I fixed some warnings recently added to
checkpatch."
For the NFC bits, Samuel says:
"We've had major updates for TI and ST Microelectronics drivers, and a
few NCI related changes.
For TI's trf7970a driver:
- Target mode support for trf7970a
- Suspend/resume support for trf7970a
- DT properties additions to handle different quirks
- A bunch of fixes for smartphone IOP related issues
For ST Microelectronics' ST21NFCA and ST21NFCB drivers:
- ISO15693 support for st21nfcb
- checkpatch and sparse related warning fixes
- Code cleanups and a few minor fixes
Finally, Marvell added ISO15693 support to the NCI stack, together with a
couple of NCI fixes."
For the Bluetooth bits, Johan says:
"This 3.18 pull request replaces the one I did on Monday ("bluetooth-next
2014-09-22", which hasn't been pulled yet). The additions since the last
request are:
- SCO connection fix for devices not supporting eSCO
- Cleanups regarding the SCO establishment logic
- Remove unnecessary return value from logging functions
- Header compression fix for 6lowpan
- Cleanups to the ieee802154/mrf24j40 driver
Here's a copy from previous request that this one replaces:
'
Here are some more patches for 3.18. They include various fixes to the
btusb HCI driver, a fix for LE SMP, as well as adding Jukka to the
MAINTAINERS file for generic 6LoWPAN (as requested by Alexander Aring).
I've held on to this pull request a bit since we were waiting for a SCO
related fix to get sorted out first. However, since the merge window is
getting closer I decided not to wait for it. If we do get the fix sorted
out there'll probably be a second small pull request later this week.
'"
And,
"Unless 3.17 gets delayed this will probably be our last -next pull request for
3.18. We've got:
- New Marvell hardware supportr
- Multicast support for 6lowpan
- Several of 6lowpan fixes & cleanups
- Fix for a (false-positive) lockdep warning in L2CAP
- Minor btusb cleanup"
On top of all that comes the usual sort of updates to ath5k, ath9k,
ath10k, brcmfmac, mwifiex, and wil6210. This time around there are
also a number of rtlwifi updates to enable some new hardware and
to reconcile the in-kernel drivers with some newer releases of the
Realtek vendor drivers. Also of note is some device tree work for
the bcma bus.
Please let me know if there are problems!
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
skb is already freed in st21nfca_tx_work and was freed also in
st21nfca_im_send_psl_req.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
"skb" can be NULL here but it can't be an ERR_PTR:
- IS_ERR(NULL) return false and skb migth be NULL.
- skb cannot be a ERR_PTR as nfc_hci_send_cmd_async it never using such cast.
!skb is more appropriate at those places.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
This patch fix a previous patch introduce by commit 0a91e8ac24
It is actually fixing a double free mistake in all st21nfca_tm_* function.
We decide to return directly in case of successful execution because skb
got already freed. In st21nfca_tm_recv_dep_req it got freed by nfc_tm_data_received.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
After a unsuccessful call to nfc_hci_send_event the skb was not
freed and might lead to memory leak.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Fix few conding style issue such as useless line return or tab.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
scripts/checkpatch.pl -f drivers/nfc/st21nfca.c is throwing the following:
WARNING: else is not generally useful after a break or return
#866: FILE: drivers/nfc/st21nfca/st21nfca.c:866:
+ return 0;
+ } else {
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Align every macros on the same column.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Clean up st21nfca.h macros and move the one only used in st21nfca.c.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
gb_len in st21nfca_tm_send_atr_res can be negative. Not checking for
that could lead to a potential kernel oops.
We now make sure that atr_req->length > sizeof(struct st21nfca_atr_req)
to avoid such situation.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
skb is already verified to be not null from the below hci layer.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
On top of st21nfca_im_recv_atr_res_cb and st21nfca_im_recv_dep_res_cb a
condition if (err != 0) is present. Because err is never modified in the
code err will always be 0 at the end.
The condition can be removed.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
nfcid3 is based on sensf_res value. target->sensf is never NULL
as it is a table.
Check the sensf_res_len instead to make sure sensf_res is set or not.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Remove a useless new line in nfc_err call.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
If dev_num >= ST21NFCA_NUM_DEVICES, the driver was returning an incorrect
success return code.
Once dev_num is set, it was not stated as busy.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Fixing "sparse: cast to restricted __be32" message when building with
make C=1 CF=-D__CHECK_ENDIAN__
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
This simplifies the code a bit.
Acked-by: Christophe RICARD <christophe-h.ricard@st.com>
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
The .owner member of struct device_driver is assigned THIS_MODULE twice.
Introduced by:
commit c44cb2edd0
("NFC: dts: st21nfca: Add device-tree (Open Firmware) support to st21nfca")
Acked-by: Christophe RICARD <christophe-h.ricard@st.com>
Signed-off-by: Emil Goode <emilgoode@gmail.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
In the previous makefile 2 modules were generated for CONFIG_NFC_ST21NFCA
(st21nfca.ko and st21nfca_dep.ko). Merge both of them into st21nfca_hci.ko
and fix a potential depmod dependency cycle, similar to the one we saw
on st21nfcb:
depmod: WARNING: found 6 modules in dependency cycles!
depmod: WARNING:
/lib/modules/3.17.0-rc3-00002-g7505cea/kernel/drivers/nfc/st21nfcb/st21nfcb.ko
in dependency cycle!
depmod: WARNING:
/lib/modules/3.17.0-rc3-00002-g7505cea/kernel/drivers/nfc/st21nfcb/ndlc.ko
in dependency cycle!
depmod: WARNING:
/lib/modules/3.17.0-rc3-00002-g7505cea/kernel/net/rfkill/rfkill.ko in
dependency cycle!
depmod: WARNING:
/lib/modules/3.17.0-rc3-00002-g7505cea/kernel/net/nfc/nfc.ko in
dependency cycle!
depmod: WARNING:
/lib/modules/3.17.0-rc3-00002-g7505cea/kernel/net/nfc/nci/nci.ko in
dependency cycle!
depmod: WARNING:
/lib/modules/3.17.0-rc3-00002-g7505cea/kernel/lib/crc-ccitt.ko in
dependency cycle!
./scripts/depmod.sh: line 57: 23387 Segmentation fault (core
dumped) "$DEPMOD" "$@" "$KERNELRELEASE" $SYMBOL_PREFIX
make: *** [_modinst_post] Error 139
Reported-by: Daniel Wagner <wagi@monom.org>
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Support for Initiator and Target mode with ISO18092 commands support:
- ATR_REQ/ATR_RES
- PSL_REQ/PSL_RES
- DEP_REQ/DEP_RES
Work based on net/nfc/digital_dep.c.
st21nfca is using:
- Gate reader F for P2P in initiator mode.
- Gate card F for P2P in target mode.
Felica tag and p2p are differentiated with NFCID2.
When starting with 01FE it is acting in p2p mode.
On complete_target_discovered on ST21NFCA_RF_READER_F_GATE
supported_protocols is set to NFC_PROTO_NFC_DEP_MASK
for P2P.
Tested against: Nexus S, Galaxy S2, Galaxy S3, Galaxy S3 Mini,
Nexus 4 & Nexus 5.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Send DM_DISCONNECT command to disconnect Terminal Host from the HCI network.
- The persistent states of the terminal host pipes, including registry values,
are not modifies. Therefore, there is no NVRAM update to disconnect the
terminal host.
- The terminal host RF card gates are disabled which means that there will be no event
related to card RF gates until communication has been restored.
- The terminal host RF reader request is reset so the RF reader polling for terminal
host is disabled.
To restore the communication, the terminal host can send any HCI command or event.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
A DEP_RES with a SUPERVISOR PDU can be up to 16 bytes long.
In order to avoid useless read during p2p, extend first read
sequence to 16 and reduce third sequence to 12 to keep same
total on the full sequence.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
A start of frame is 7E 00 not only 7E. Make sure the first read sequence is
starting with 7E 00.
For example: 7E FF FF FF FF is as a correct crc but it is a bad frame.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
In case no data are retrieve through i2c or one specific case is not handled.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Add support for ISO/IEC 15693 RF technology and Type 5 tags.
ISO15963 is using proprietary gate 12.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
In case anybody uses previous patchset with the CLF, add a check to make sure
missing pipe are created.
st21nfca returns its pipe list in the creation order (most recent latest).
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Add functions to recover hardware resources from the device-tree
when not provided by the platform data.
Based on pn544 devicetree implementation
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
When a bad frame is detected for a bad crc.
We were reallocating and loosing the previous frame pointer.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Stabilize communication by using a mutex.
This avoids running a write transaction during a read retry or a read
transaction during a write retry.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
A frame starts with ST21NFCA_SOF_EOF(0x7e) + 0x00.
A frame ends with ST21NFCA_SOF_EOF(0x7e).
It is possible that the i2c macrocell is stopped for other
communication interfaces with highest priority(RF or SWP).
This can be seen with some 0xFF data at the end of a received shdlc buffer.
If this happen we need to discard the frame because the CLF will repeat it.
In order to push accurate data to hci layer, we add the following fix:
- Instead of looking for the first 0x7e in the frame, check that the last
received byte is 0x7e.
- Check that the first frame reception block start with start of
frame(0x7e 0x00). If not, clear the buffer.
- Check that the next frame reception block do not start with start of
frame(0x7e). If so, clear the buffer.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
There is no byte stuffing when data are stored in skb.
TAILROOM is 2 byte crc + 1 byte eof.
st21nfca_hci_remove_len_crc was doing an incorrect operation on
the TAILROOM data.
If shdlc timer T2 is triggered, it will request to send the same data.
Before every hci data was lost after st21nfca_hci_remove_len_crc.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Byte stuffing was not correctly removed after a i2c read operation.
This was causing improper crc calculation when byte stuffing was
applied to more than 1 byte.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>