st21nfca_hci_load_session() calls kfree_skb() on unitialized
variables skb_pipe_info and skb_pipe_list if the call to
nfc_hci_connect_gate() failed. Reword the error path to not use
these variables when they are not initialized. While at it, there
seemed to be a memory leak because skb_pipe_info was only freed
once, after the for-loop, even though several ones were created
by nfc_hci_send_cmd.
Fixes: ec03ff1a8f
("NFC: st21nfca: Remove skb_pipe_list and skb_pipe_info
useless allocation")
Cc: stable@vger.kernel.org
Acked-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Nicolas Iooss <nicolas.iooss_linux@m4x.org>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
st21nfca_get_iso14443_3_uid gate parameter name is incorrect
and should be uid.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
st21nfca_get_iso14443_3_uid() does not correctly copy the uid from
uid_skb->data to its gate parameter. "gate = uid_skb->data;" only
puts a pointer to uid_skb->data to the local variable gate.
This means that in st21nfca_hci_target_from_gate() the content
of "u8 uid[NFC_NFCID1_MAXSIZE]" local variable is never initialized
before being used in memcpy(target->nfcid1, uid, len).
Fix this by replacing the local variable assignment with a memcpy.
This was found by compiling Linux with
"gcc -Wunused-but-set-parameter".
Acked-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Nicolas Iooss <nicolas.iooss_linux@m4x.org>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
st21nfca has 1 physical SWP line and can support up to 2 secure elements
(UICC & eSE) thanks to an external switch managed with a gpio.
The platform integrator needs to specify thanks to 2 initialization
properties, uicc-present and ese-present, if it is suppose to have uicc
and/or ese. Of course if the platform does not have an external switch,
only one kind of secure element can be supported. Those parameters are
under platform integrator responsibilities.
During initialization, the white_list will be set according to those
parameters.
The discovery_se function will assume a secure element is physically
present according to uicc-present and ese-present values and will add it
to the secure element list. On ese activation, the atr is retrieved to
calculate a command exchange timeout based on the first atr(TB) value.
The se_io will allow to transfer data over SWP. 2 kind of events may appear
after a data is sent over:
- ST21NFCA_EVT_TRANSMIT_DATA when receiving an apdu answer
- ST21NFCA_EVT_WTX_REQUEST when the secure element needs more time than
expected to compute a command. If this timeout expired, a first recovery
tentative consist to send a simple software reset proprietary command.
If this tentative still fail, a second recovery tentative consist to send
a hardware reset proprietary command.
This function is only relevant for eSE like secure element.
This patch also change the way a pipe is referenced. There can be
different pipe connected to the same gate with different host destination
(ex: CONNECTIVITY). In order to keep host information every pipe are
reference with a tuple (gate, host). In order to reduce changes, we are
keeping unchanged the way a gate is addressed on the Terminal Host.
However, this is working because we consider the apdu reader gate is only
present on the eSE slot also the connectivity gate cannot give a reliable
value; it will give the latest stored pipe value.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Fix some memory leaks after some nfc_hci_get_param calls.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
skb_pipe_list and skb_pipe_info are allocated in nfc_hci_send_cmd.
alloc_skb on those buffer are then useless.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
kfree_skb(skb) in st21nfca_hci_event_received is never reach.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
As many event with the same id can come from several gates,
it will be easier to manage each of them by gate.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
This patch fix a previous patch introduce by commit 0a91e8ac24
It is actually fixing a double free mistake in all st21nfca_tm_* function.
We decide to return directly in case of successful execution because skb
got already freed. In st21nfca_tm_recv_dep_req it got freed by nfc_tm_data_received.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
scripts/checkpatch.pl -f drivers/nfc/st21nfca.c is throwing the following:
WARNING: else is not generally useful after a break or return
#866: FILE: drivers/nfc/st21nfca/st21nfca.c:866:
+ return 0;
+ } else {
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Align every macros on the same column.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Clean up st21nfca.h macros and move the one only used in st21nfca.c.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
If dev_num >= ST21NFCA_NUM_DEVICES, the driver was returning an incorrect
success return code.
Once dev_num is set, it was not stated as busy.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Fixing "sparse: cast to restricted __be32" message when building with
make C=1 CF=-D__CHECK_ENDIAN__
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Support for Initiator and Target mode with ISO18092 commands support:
- ATR_REQ/ATR_RES
- PSL_REQ/PSL_RES
- DEP_REQ/DEP_RES
Work based on net/nfc/digital_dep.c.
st21nfca is using:
- Gate reader F for P2P in initiator mode.
- Gate card F for P2P in target mode.
Felica tag and p2p are differentiated with NFCID2.
When starting with 01FE it is acting in p2p mode.
On complete_target_discovered on ST21NFCA_RF_READER_F_GATE
supported_protocols is set to NFC_PROTO_NFC_DEP_MASK
for P2P.
Tested against: Nexus S, Galaxy S2, Galaxy S3, Galaxy S3 Mini,
Nexus 4 & Nexus 5.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Send DM_DISCONNECT command to disconnect Terminal Host from the HCI network.
- The persistent states of the terminal host pipes, including registry values,
are not modifies. Therefore, there is no NVRAM update to disconnect the
terminal host.
- The terminal host RF card gates are disabled which means that there will be no event
related to card RF gates until communication has been restored.
- The terminal host RF reader request is reset so the RF reader polling for terminal
host is disabled.
To restore the communication, the terminal host can send any HCI command or event.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Add support for ISO/IEC 15693 RF technology and Type 5 tags.
ISO15963 is using proprietary gate 12.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
In case anybody uses previous patchset with the CLF, add a check to make sure
missing pipe are created.
st21nfca returns its pipe list in the creation order (most recent latest).
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Fixing "sparse: cast to restricted __be16" message when building with
make C=1 CF=-D__CHECK_ENDIAN__
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
This implementation rely on the ST21NFCA_DEVICE_MGNT_GATE and
ST21NFCA_DM_GETINFO proprietary gates commands.
First we are retrieving a pipe list available on the CLF with the
ST21NFCA_DM_GETINFO_PIPE_LIST parameter. A gate<->pipe table match
is done with ST21NFCA_DM_GETINFO_PIPE_INFO for each pipe.
If the pipe is created and open, we fill st21nfca_gates table.
If the pipe is create but closed or is not created we keep the gate
with NFC_HCI_INVALID_PIPE.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Add driver for STMicroelectronics ST21NFCA NFC controller.
ST21NFCA is using HCI protocol, shdlc as LLC layer & I2C as
communication protocol.
Adding support for Reader/Writer mode with Tag type 1/2/3/4 A & B.
It is using proprietary gate 15 for ISO14443-3 such as type 1 &
type 2 tags. It is using proprietary gate 14 for type F tags.
ST21NFCA_DEVICE_MGNT_GATE gives access to proprietary CLF configuration.
Standard gate for ISO14443-4 A (13) & B (11) are also used.
ST21NFCA specific mecanism:
One particular point to notice for the data handling is that frame
does not contain any length value. Therefore the i2c part of this driver
is managing the reception with a read length sequence until the end of
frame (0x7e) is reached.
In order to avoid conflict between sof & eof a mecanism
called byte stuffing concist of an escape byte (0x7d) insertion before
special byte (0x7e, 0x7d). The special byte is then xored with 0x20.
In this driver, When data are available in the CLF, the interrupt
gpio is driven to active state and triggered an interrupt.
Once the i2c_master_recv start, the interrupt gpio is driven to idle
state until its complete. If the frame is incomplete or data are still
available, interrupts will be triggered again.
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>