1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * NFC Digital Protocol stack
4  * Copyright (c) 2013, Intel Corporation.
5  */
6 
7 #define pr_fmt(fmt) "digital: %s: " fmt, __func__
8 
9 #include "digital.h"
10 
11 #define DIGITAL_NFC_DEP_N_RETRY_NACK	2
12 #define DIGITAL_NFC_DEP_N_RETRY_ATN	2
13 
14 #define DIGITAL_NFC_DEP_FRAME_DIR_OUT 0xD4
15 #define DIGITAL_NFC_DEP_FRAME_DIR_IN  0xD5
16 
17 #define DIGITAL_NFC_DEP_NFCA_SOD_SB   0xF0
18 
19 #define DIGITAL_CMD_ATR_REQ 0x00
20 #define DIGITAL_CMD_ATR_RES 0x01
21 #define DIGITAL_CMD_PSL_REQ 0x04
22 #define DIGITAL_CMD_PSL_RES 0x05
23 #define DIGITAL_CMD_DEP_REQ 0x06
24 #define DIGITAL_CMD_DEP_RES 0x07
25 
26 #define DIGITAL_ATR_REQ_MIN_SIZE 16
27 #define DIGITAL_ATR_REQ_MAX_SIZE 64
28 
29 #define DIGITAL_ATR_RES_TO_WT(s)	((s) & 0xF)
30 
31 #define DIGITAL_DID_MAX	14
32 
33 #define DIGITAL_PAYLOAD_SIZE_MAX	254
34 #define DIGITAL_PAYLOAD_BITS_TO_PP(s)	(((s) & 0x3) << 4)
35 #define DIGITAL_PAYLOAD_PP_TO_BITS(s)	(((s) >> 4) & 0x3)
36 #define DIGITAL_PAYLOAD_BITS_TO_FSL(s)	((s) & 0x3)
37 #define DIGITAL_PAYLOAD_FSL_TO_BITS(s)	((s) & 0x3)
38 
39 #define DIGITAL_GB_BIT	0x02
40 
41 #define DIGITAL_NFC_DEP_PFB_TYPE(pfb) ((pfb) & 0xE0)
42 
43 #define DIGITAL_NFC_DEP_PFB_TIMEOUT_BIT 0x10
44 #define DIGITAL_NFC_DEP_PFB_MI_BIT	0x10
45 #define DIGITAL_NFC_DEP_PFB_NACK_BIT	0x10
46 #define DIGITAL_NFC_DEP_PFB_DID_BIT	0x04
47 
48 #define DIGITAL_NFC_DEP_PFB_IS_TIMEOUT(pfb) \
49 				((pfb) & DIGITAL_NFC_DEP_PFB_TIMEOUT_BIT)
50 #define DIGITAL_NFC_DEP_MI_BIT_SET(pfb)  ((pfb) & DIGITAL_NFC_DEP_PFB_MI_BIT)
51 #define DIGITAL_NFC_DEP_NACK_BIT_SET(pfb) ((pfb) & DIGITAL_NFC_DEP_PFB_NACK_BIT)
52 #define DIGITAL_NFC_DEP_NAD_BIT_SET(pfb) ((pfb) & 0x08)
53 #define DIGITAL_NFC_DEP_DID_BIT_SET(pfb) ((pfb) & DIGITAL_NFC_DEP_PFB_DID_BIT)
54 #define DIGITAL_NFC_DEP_PFB_PNI(pfb)     ((pfb) & 0x03)
55 
56 #define DIGITAL_NFC_DEP_RTOX_VALUE(data) ((data) & 0x3F)
57 #define DIGITAL_NFC_DEP_RTOX_MAX	 59
58 
59 #define DIGITAL_NFC_DEP_PFB_I_PDU          0x00
60 #define DIGITAL_NFC_DEP_PFB_ACK_NACK_PDU   0x40
61 #define DIGITAL_NFC_DEP_PFB_SUPERVISOR_PDU 0x80
62 
63 struct digital_atr_req {
64 	u8 dir;
65 	u8 cmd;
66 	u8 nfcid3[10];
67 	u8 did;
68 	u8 bs;
69 	u8 br;
70 	u8 pp;
71 	u8 gb[];
72 } __packed;
73 
74 struct digital_atr_res {
75 	u8 dir;
76 	u8 cmd;
77 	u8 nfcid3[10];
78 	u8 did;
79 	u8 bs;
80 	u8 br;
81 	u8 to;
82 	u8 pp;
83 	u8 gb[];
84 } __packed;
85 
86 struct digital_psl_req {
87 	u8 dir;
88 	u8 cmd;
89 	u8 did;
90 	u8 brs;
91 	u8 fsl;
92 } __packed;
93 
94 struct digital_psl_res {
95 	u8 dir;
96 	u8 cmd;
97 	u8 did;
98 } __packed;
99 
100 struct digital_dep_req_res {
101 	u8 dir;
102 	u8 cmd;
103 	u8 pfb;
104 } __packed;
105 
106 static void digital_in_recv_dep_res(struct nfc_digital_dev *ddev, void *arg,
107 				    struct sk_buff *resp);
108 static void digital_tg_recv_dep_req(struct nfc_digital_dev *ddev, void *arg,
109 				    struct sk_buff *resp);
110 
111 static const u8 digital_payload_bits_map[4] = {
112 	[0] = 64,
113 	[1] = 128,
114 	[2] = 192,
115 	[3] = 254
116 };
117 
118 /* Response Waiting Time for ATR_RES PDU in ms
119  *
120  * RWT(ATR_RES) = RWT(nfcdep,activation) + dRWT(nfcdep) + dT(nfcdep,initiator)
121  *
122  * with:
123  *  RWT(nfcdep,activation) = 4096 * 2^12 / f(c) s
124  *  dRWT(nfcdep) = 16 / f(c) s
125  *  dT(nfcdep,initiator) = 100 ms
126  *  f(c) = 13560000 Hz
127  */
128 #define DIGITAL_ATR_RES_RWT 1337
129 
130 /* Response Waiting Time for other DEP PDUs in ms
131  *
132  * max_rwt = rwt + dRWT(nfcdep) + dT(nfcdep,initiator)
133  *
134  * with:
135  *  rwt = (256 * 16 / f(c)) * 2^wt s
136  *  dRWT(nfcdep) = 16 / f(c) s
137  *  dT(nfcdep,initiator) = 100 ms
138  *  f(c) = 13560000 Hz
139  *  0 <= wt <= 14 (given by the target by the TO field of ATR_RES response)
140  */
141 #define DIGITAL_NFC_DEP_IN_MAX_WT 14
142 #define DIGITAL_NFC_DEP_TG_MAX_WT 14
143 static const u16 digital_rwt_map[DIGITAL_NFC_DEP_IN_MAX_WT + 1] = {
144 	100,  101,  101,  102,  105,
145 	110,  119,  139,  177,  255,
146 	409,  719, 1337, 2575, 5049,
147 };
148 
digital_payload_bits_to_size(u8 payload_bits)149 static u8 digital_payload_bits_to_size(u8 payload_bits)
150 {
151 	if (payload_bits >= ARRAY_SIZE(digital_payload_bits_map))
152 		return 0;
153 
154 	return digital_payload_bits_map[payload_bits];
155 }
156 
digital_payload_size_to_bits(u8 payload_size)157 static u8 digital_payload_size_to_bits(u8 payload_size)
158 {
159 	int i;
160 
161 	for (i = 0; i < ARRAY_SIZE(digital_payload_bits_map); i++)
162 		if (digital_payload_bits_map[i] == payload_size)
163 			return i;
164 
165 	return 0xff;
166 }
167 
digital_skb_push_dep_sod(struct nfc_digital_dev * ddev,struct sk_buff * skb)168 static void digital_skb_push_dep_sod(struct nfc_digital_dev *ddev,
169 				     struct sk_buff *skb)
170 {
171 	skb_push(skb, sizeof(u8));
172 
173 	skb->data[0] = skb->len;
174 
175 	if (ddev->curr_rf_tech == NFC_DIGITAL_RF_TECH_106A)
176 		*(u8 *)skb_push(skb, sizeof(u8)) = DIGITAL_NFC_DEP_NFCA_SOD_SB;
177 }
178 
digital_skb_pull_dep_sod(struct nfc_digital_dev * ddev,struct sk_buff * skb)179 static int digital_skb_pull_dep_sod(struct nfc_digital_dev *ddev,
180 				    struct sk_buff *skb)
181 {
182 	u8 size;
183 
184 	if (skb->len < 2)
185 		return -EIO;
186 
187 	if (ddev->curr_rf_tech == NFC_DIGITAL_RF_TECH_106A)
188 		skb_pull(skb, sizeof(u8));
189 
190 	size = skb->data[0];
191 	if (size != skb->len)
192 		return -EIO;
193 
194 	skb_pull(skb, sizeof(u8));
195 
196 	return 0;
197 }
198 
199 static struct sk_buff *
digital_send_dep_data_prep(struct nfc_digital_dev * ddev,struct sk_buff * skb,struct digital_dep_req_res * dep_req_res,struct digital_data_exch * data_exch)200 digital_send_dep_data_prep(struct nfc_digital_dev *ddev, struct sk_buff *skb,
201 			   struct digital_dep_req_res *dep_req_res,
202 			   struct digital_data_exch *data_exch)
203 {
204 	struct sk_buff *new_skb;
205 
206 	if (skb->len > ddev->remote_payload_max) {
207 		dep_req_res->pfb |= DIGITAL_NFC_DEP_PFB_MI_BIT;
208 
209 		new_skb = digital_skb_alloc(ddev, ddev->remote_payload_max);
210 		if (!new_skb) {
211 			kfree_skb(ddev->chaining_skb);
212 			ddev->chaining_skb = NULL;
213 
214 			return ERR_PTR(-ENOMEM);
215 		}
216 
217 		skb_put_data(new_skb, skb->data, ddev->remote_payload_max);
218 		skb_pull(skb, ddev->remote_payload_max);
219 
220 		ddev->chaining_skb = skb;
221 		ddev->data_exch = data_exch;
222 	} else {
223 		ddev->chaining_skb = NULL;
224 		new_skb = skb;
225 	}
226 
227 	return new_skb;
228 }
229 
230 static struct sk_buff *
digital_recv_dep_data_gather(struct nfc_digital_dev * ddev,u8 pfb,struct sk_buff * resp,int (* send_ack)(struct nfc_digital_dev * ddev,struct digital_data_exch * data_exch),struct digital_data_exch * data_exch)231 digital_recv_dep_data_gather(struct nfc_digital_dev *ddev, u8 pfb,
232 			     struct sk_buff *resp,
233 			     int (*send_ack)(struct nfc_digital_dev *ddev,
234 					     struct digital_data_exch
235 							     *data_exch),
236 			     struct digital_data_exch *data_exch)
237 {
238 	struct sk_buff *new_skb;
239 	int rc;
240 
241 	if (DIGITAL_NFC_DEP_MI_BIT_SET(pfb) && (!ddev->chaining_skb)) {
242 		ddev->chaining_skb =
243 			nfc_alloc_recv_skb(8 * ddev->local_payload_max,
244 					   GFP_KERNEL);
245 		if (!ddev->chaining_skb) {
246 			rc = -ENOMEM;
247 			goto error;
248 		}
249 	}
250 
251 	if (ddev->chaining_skb) {
252 		if (resp->len > skb_tailroom(ddev->chaining_skb)) {
253 			new_skb = skb_copy_expand(ddev->chaining_skb,
254 						  skb_headroom(
255 							  ddev->chaining_skb),
256 						  8 * ddev->local_payload_max,
257 						  GFP_KERNEL);
258 			if (!new_skb) {
259 				rc = -ENOMEM;
260 				goto error;
261 			}
262 
263 			kfree_skb(ddev->chaining_skb);
264 			ddev->chaining_skb = new_skb;
265 		}
266 
267 		skb_put_data(ddev->chaining_skb, resp->data, resp->len);
268 
269 		kfree_skb(resp);
270 		resp = NULL;
271 
272 		if (DIGITAL_NFC_DEP_MI_BIT_SET(pfb)) {
273 			rc = send_ack(ddev, data_exch);
274 			if (rc)
275 				goto error;
276 
277 			return NULL;
278 		}
279 
280 		resp = ddev->chaining_skb;
281 		ddev->chaining_skb = NULL;
282 	}
283 
284 	return resp;
285 
286 error:
287 	kfree_skb(resp);
288 
289 	kfree_skb(ddev->chaining_skb);
290 	ddev->chaining_skb = NULL;
291 
292 	return ERR_PTR(rc);
293 }
294 
digital_in_recv_psl_res(struct nfc_digital_dev * ddev,void * arg,struct sk_buff * resp)295 static void digital_in_recv_psl_res(struct nfc_digital_dev *ddev, void *arg,
296 				    struct sk_buff *resp)
297 {
298 	struct nfc_target *target = arg;
299 	struct digital_psl_res *psl_res;
300 	int rc;
301 
302 	if (IS_ERR(resp)) {
303 		rc = PTR_ERR(resp);
304 		resp = NULL;
305 		goto exit;
306 	}
307 
308 	rc = ddev->skb_check_crc(resp);
309 	if (rc) {
310 		PROTOCOL_ERR("14.4.1.6");
311 		goto exit;
312 	}
313 
314 	rc = digital_skb_pull_dep_sod(ddev, resp);
315 	if (rc) {
316 		PROTOCOL_ERR("14.4.1.2");
317 		goto exit;
318 	}
319 
320 	psl_res = (struct digital_psl_res *)resp->data;
321 
322 	if ((resp->len != sizeof(*psl_res)) ||
323 	    (psl_res->dir != DIGITAL_NFC_DEP_FRAME_DIR_IN) ||
324 	    (psl_res->cmd != DIGITAL_CMD_PSL_RES)) {
325 		rc = -EIO;
326 		goto exit;
327 	}
328 
329 	rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH,
330 				     NFC_DIGITAL_RF_TECH_424F);
331 	if (rc)
332 		goto exit;
333 
334 	rc = digital_in_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
335 				     NFC_DIGITAL_FRAMING_NFCF_NFC_DEP);
336 	if (rc)
337 		goto exit;
338 
339 	if (!DIGITAL_DRV_CAPS_IN_CRC(ddev) &&
340 	    (ddev->curr_rf_tech == NFC_DIGITAL_RF_TECH_106A)) {
341 		ddev->skb_add_crc = digital_skb_add_crc_f;
342 		ddev->skb_check_crc = digital_skb_check_crc_f;
343 	}
344 
345 	ddev->curr_rf_tech = NFC_DIGITAL_RF_TECH_424F;
346 
347 	nfc_dep_link_is_up(ddev->nfc_dev, target->idx, NFC_COMM_ACTIVE,
348 			   NFC_RF_INITIATOR);
349 
350 	ddev->curr_nfc_dep_pni = 0;
351 
352 exit:
353 	dev_kfree_skb(resp);
354 
355 	if (rc)
356 		ddev->curr_protocol = 0;
357 }
358 
digital_in_send_psl_req(struct nfc_digital_dev * ddev,struct nfc_target * target)359 static int digital_in_send_psl_req(struct nfc_digital_dev *ddev,
360 				   struct nfc_target *target)
361 {
362 	struct sk_buff *skb;
363 	struct digital_psl_req *psl_req;
364 	int rc;
365 	u8 payload_size, payload_bits;
366 
367 	skb = digital_skb_alloc(ddev, sizeof(*psl_req));
368 	if (!skb)
369 		return -ENOMEM;
370 
371 	skb_put(skb, sizeof(*psl_req));
372 
373 	psl_req = (struct digital_psl_req *)skb->data;
374 
375 	psl_req->dir = DIGITAL_NFC_DEP_FRAME_DIR_OUT;
376 	psl_req->cmd = DIGITAL_CMD_PSL_REQ;
377 	psl_req->did = 0;
378 	psl_req->brs = (0x2 << 3) | 0x2; /* 424F both directions */
379 
380 	payload_size = min(ddev->local_payload_max, ddev->remote_payload_max);
381 	payload_bits = digital_payload_size_to_bits(payload_size);
382 	psl_req->fsl = DIGITAL_PAYLOAD_BITS_TO_FSL(payload_bits);
383 
384 	ddev->local_payload_max = payload_size;
385 	ddev->remote_payload_max = payload_size;
386 
387 	digital_skb_push_dep_sod(ddev, skb);
388 
389 	ddev->skb_add_crc(skb);
390 
391 	rc = digital_in_send_cmd(ddev, skb, ddev->dep_rwt,
392 				 digital_in_recv_psl_res, target);
393 	if (rc)
394 		kfree_skb(skb);
395 
396 	return rc;
397 }
398 
digital_in_recv_atr_res(struct nfc_digital_dev * ddev,void * arg,struct sk_buff * resp)399 static void digital_in_recv_atr_res(struct nfc_digital_dev *ddev, void *arg,
400 				 struct sk_buff *resp)
401 {
402 	struct nfc_target *target = arg;
403 	struct digital_atr_res *atr_res;
404 	u8 gb_len, payload_bits;
405 	u8 wt;
406 	int rc;
407 
408 	if (IS_ERR(resp)) {
409 		rc = PTR_ERR(resp);
410 		resp = NULL;
411 		goto exit;
412 	}
413 
414 	rc = ddev->skb_check_crc(resp);
415 	if (rc) {
416 		PROTOCOL_ERR("14.4.1.6");
417 		goto exit;
418 	}
419 
420 	rc = digital_skb_pull_dep_sod(ddev, resp);
421 	if (rc) {
422 		PROTOCOL_ERR("14.4.1.2");
423 		goto exit;
424 	}
425 
426 	if (resp->len < sizeof(struct digital_atr_res)) {
427 		rc = -EIO;
428 		goto exit;
429 	}
430 
431 	gb_len = resp->len - sizeof(struct digital_atr_res);
432 
433 	atr_res = (struct digital_atr_res *)resp->data;
434 
435 	wt = DIGITAL_ATR_RES_TO_WT(atr_res->to);
436 	if (wt > DIGITAL_NFC_DEP_IN_MAX_WT)
437 		wt = DIGITAL_NFC_DEP_IN_MAX_WT;
438 	ddev->dep_rwt = digital_rwt_map[wt];
439 
440 	payload_bits = DIGITAL_PAYLOAD_PP_TO_BITS(atr_res->pp);
441 	ddev->remote_payload_max = digital_payload_bits_to_size(payload_bits);
442 
443 	if (!ddev->remote_payload_max) {
444 		rc = -EINVAL;
445 		goto exit;
446 	}
447 
448 	rc = nfc_set_remote_general_bytes(ddev->nfc_dev, atr_res->gb, gb_len);
449 	if (rc)
450 		goto exit;
451 
452 	if ((ddev->protocols & NFC_PROTO_FELICA_MASK) &&
453 	    (ddev->curr_rf_tech != NFC_DIGITAL_RF_TECH_424F)) {
454 		rc = digital_in_send_psl_req(ddev, target);
455 		if (!rc)
456 			goto exit;
457 	}
458 
459 	rc = nfc_dep_link_is_up(ddev->nfc_dev, target->idx, NFC_COMM_ACTIVE,
460 				NFC_RF_INITIATOR);
461 
462 	ddev->curr_nfc_dep_pni = 0;
463 
464 exit:
465 	dev_kfree_skb(resp);
466 
467 	if (rc)
468 		ddev->curr_protocol = 0;
469 }
470 
digital_in_send_atr_req(struct nfc_digital_dev * ddev,struct nfc_target * target,__u8 comm_mode,__u8 * gb,size_t gb_len)471 int digital_in_send_atr_req(struct nfc_digital_dev *ddev,
472 			    struct nfc_target *target, __u8 comm_mode, __u8 *gb,
473 			    size_t gb_len)
474 {
475 	struct sk_buff *skb;
476 	struct digital_atr_req *atr_req;
477 	uint size;
478 	int rc;
479 	u8 payload_bits;
480 
481 	size = DIGITAL_ATR_REQ_MIN_SIZE + gb_len;
482 
483 	if (size > DIGITAL_ATR_REQ_MAX_SIZE) {
484 		PROTOCOL_ERR("14.6.1.1");
485 		return -EINVAL;
486 	}
487 
488 	skb = digital_skb_alloc(ddev, size);
489 	if (!skb)
490 		return -ENOMEM;
491 
492 	skb_put(skb, sizeof(struct digital_atr_req));
493 
494 	atr_req = (struct digital_atr_req *)skb->data;
495 	memset(atr_req, 0, sizeof(struct digital_atr_req));
496 
497 	atr_req->dir = DIGITAL_NFC_DEP_FRAME_DIR_OUT;
498 	atr_req->cmd = DIGITAL_CMD_ATR_REQ;
499 	if (target->nfcid2_len)
500 		memcpy(atr_req->nfcid3, target->nfcid2, NFC_NFCID2_MAXSIZE);
501 	else
502 		get_random_bytes(atr_req->nfcid3, NFC_NFCID3_MAXSIZE);
503 
504 	atr_req->did = 0;
505 	atr_req->bs = 0;
506 	atr_req->br = 0;
507 
508 	ddev->local_payload_max = DIGITAL_PAYLOAD_SIZE_MAX;
509 	payload_bits = digital_payload_size_to_bits(ddev->local_payload_max);
510 	atr_req->pp = DIGITAL_PAYLOAD_BITS_TO_PP(payload_bits);
511 
512 	if (gb_len) {
513 		atr_req->pp |= DIGITAL_GB_BIT;
514 		skb_put_data(skb, gb, gb_len);
515 	}
516 
517 	digital_skb_push_dep_sod(ddev, skb);
518 
519 	ddev->skb_add_crc(skb);
520 
521 	rc = digital_in_send_cmd(ddev, skb, DIGITAL_ATR_RES_RWT,
522 				 digital_in_recv_atr_res, target);
523 	if (rc)
524 		kfree_skb(skb);
525 
526 	return rc;
527 }
528 
digital_in_send_ack(struct nfc_digital_dev * ddev,struct digital_data_exch * data_exch)529 static int digital_in_send_ack(struct nfc_digital_dev *ddev,
530 			       struct digital_data_exch *data_exch)
531 {
532 	struct digital_dep_req_res *dep_req;
533 	struct sk_buff *skb;
534 	int rc;
535 
536 	skb = digital_skb_alloc(ddev, 1);
537 	if (!skb)
538 		return -ENOMEM;
539 
540 	skb_push(skb, sizeof(struct digital_dep_req_res));
541 
542 	dep_req = (struct digital_dep_req_res *)skb->data;
543 
544 	dep_req->dir = DIGITAL_NFC_DEP_FRAME_DIR_OUT;
545 	dep_req->cmd = DIGITAL_CMD_DEP_REQ;
546 	dep_req->pfb = DIGITAL_NFC_DEP_PFB_ACK_NACK_PDU |
547 		       ddev->curr_nfc_dep_pni;
548 
549 	digital_skb_push_dep_sod(ddev, skb);
550 
551 	ddev->skb_add_crc(skb);
552 
553 	ddev->saved_skb = pskb_copy(skb, GFP_KERNEL);
554 
555 	rc = digital_in_send_cmd(ddev, skb, ddev->dep_rwt,
556 				 digital_in_recv_dep_res, data_exch);
557 	if (rc) {
558 		kfree_skb(skb);
559 		kfree_skb(ddev->saved_skb);
560 		ddev->saved_skb = NULL;
561 	}
562 
563 	return rc;
564 }
565 
digital_in_send_nack(struct nfc_digital_dev * ddev,struct digital_data_exch * data_exch)566 static int digital_in_send_nack(struct nfc_digital_dev *ddev,
567 				struct digital_data_exch *data_exch)
568 {
569 	struct digital_dep_req_res *dep_req;
570 	struct sk_buff *skb;
571 	int rc;
572 
573 	skb = digital_skb_alloc(ddev, 1);
574 	if (!skb)
575 		return -ENOMEM;
576 
577 	skb_push(skb, sizeof(struct digital_dep_req_res));
578 
579 	dep_req = (struct digital_dep_req_res *)skb->data;
580 
581 	dep_req->dir = DIGITAL_NFC_DEP_FRAME_DIR_OUT;
582 	dep_req->cmd = DIGITAL_CMD_DEP_REQ;
583 	dep_req->pfb = DIGITAL_NFC_DEP_PFB_ACK_NACK_PDU |
584 		       DIGITAL_NFC_DEP_PFB_NACK_BIT | ddev->curr_nfc_dep_pni;
585 
586 	digital_skb_push_dep_sod(ddev, skb);
587 
588 	ddev->skb_add_crc(skb);
589 
590 	rc = digital_in_send_cmd(ddev, skb, ddev->dep_rwt,
591 				 digital_in_recv_dep_res, data_exch);
592 	if (rc)
593 		kfree_skb(skb);
594 
595 	return rc;
596 }
597 
digital_in_send_atn(struct nfc_digital_dev * ddev,struct digital_data_exch * data_exch)598 static int digital_in_send_atn(struct nfc_digital_dev *ddev,
599 			       struct digital_data_exch *data_exch)
600 {
601 	struct digital_dep_req_res *dep_req;
602 	struct sk_buff *skb;
603 	int rc;
604 
605 	skb = digital_skb_alloc(ddev, 1);
606 	if (!skb)
607 		return -ENOMEM;
608 
609 	skb_push(skb, sizeof(struct digital_dep_req_res));
610 
611 	dep_req = (struct digital_dep_req_res *)skb->data;
612 
613 	dep_req->dir = DIGITAL_NFC_DEP_FRAME_DIR_OUT;
614 	dep_req->cmd = DIGITAL_CMD_DEP_REQ;
615 	dep_req->pfb = DIGITAL_NFC_DEP_PFB_SUPERVISOR_PDU;
616 
617 	digital_skb_push_dep_sod(ddev, skb);
618 
619 	ddev->skb_add_crc(skb);
620 
621 	rc = digital_in_send_cmd(ddev, skb, ddev->dep_rwt,
622 				 digital_in_recv_dep_res, data_exch);
623 	if (rc)
624 		kfree_skb(skb);
625 
626 	return rc;
627 }
628 
digital_in_send_rtox(struct nfc_digital_dev * ddev,struct digital_data_exch * data_exch,u8 rtox)629 static int digital_in_send_rtox(struct nfc_digital_dev *ddev,
630 				struct digital_data_exch *data_exch, u8 rtox)
631 {
632 	struct digital_dep_req_res *dep_req;
633 	struct sk_buff *skb;
634 	int rc;
635 	u16 rwt_int;
636 
637 	rwt_int = ddev->dep_rwt * rtox;
638 	if (rwt_int > digital_rwt_map[DIGITAL_NFC_DEP_IN_MAX_WT])
639 		rwt_int = digital_rwt_map[DIGITAL_NFC_DEP_IN_MAX_WT];
640 
641 	skb = digital_skb_alloc(ddev, 1);
642 	if (!skb)
643 		return -ENOMEM;
644 
645 	skb_put_u8(skb, rtox);
646 
647 	skb_push(skb, sizeof(struct digital_dep_req_res));
648 
649 	dep_req = (struct digital_dep_req_res *)skb->data;
650 
651 	dep_req->dir = DIGITAL_NFC_DEP_FRAME_DIR_OUT;
652 	dep_req->cmd = DIGITAL_CMD_DEP_REQ;
653 	dep_req->pfb = DIGITAL_NFC_DEP_PFB_SUPERVISOR_PDU |
654 		       DIGITAL_NFC_DEP_PFB_TIMEOUT_BIT;
655 
656 	digital_skb_push_dep_sod(ddev, skb);
657 
658 	ddev->skb_add_crc(skb);
659 
660 	rc = digital_in_send_cmd(ddev, skb, rwt_int,
661 				 digital_in_recv_dep_res, data_exch);
662 	if (rc)
663 		kfree_skb(skb);
664 
665 	return rc;
666 }
667 
digital_in_send_saved_skb(struct nfc_digital_dev * ddev,struct digital_data_exch * data_exch)668 static int digital_in_send_saved_skb(struct nfc_digital_dev *ddev,
669 				     struct digital_data_exch *data_exch)
670 {
671 	int rc;
672 
673 	if (!ddev->saved_skb)
674 		return -EINVAL;
675 
676 	skb_get(ddev->saved_skb);
677 
678 	rc = digital_in_send_cmd(ddev, ddev->saved_skb, ddev->dep_rwt,
679 				 digital_in_recv_dep_res, data_exch);
680 	if (rc)
681 		kfree_skb(ddev->saved_skb);
682 
683 	return rc;
684 }
685 
digital_in_recv_dep_res(struct nfc_digital_dev * ddev,void * arg,struct sk_buff * resp)686 static void digital_in_recv_dep_res(struct nfc_digital_dev *ddev, void *arg,
687 				    struct sk_buff *resp)
688 {
689 	struct digital_data_exch *data_exch = arg;
690 	struct digital_dep_req_res *dep_res;
691 	u8 pfb;
692 	uint size;
693 	int rc;
694 	u8 rtox;
695 
696 	if (IS_ERR(resp)) {
697 		rc = PTR_ERR(resp);
698 		resp = NULL;
699 
700 		if ((rc == -EIO || (rc == -ETIMEDOUT && ddev->nack_count)) &&
701 		    (ddev->nack_count++ < DIGITAL_NFC_DEP_N_RETRY_NACK)) {
702 			ddev->atn_count = 0;
703 
704 			rc = digital_in_send_nack(ddev, data_exch);
705 			if (rc)
706 				goto error;
707 
708 			return;
709 		} else if ((rc == -ETIMEDOUT) &&
710 			   (ddev->atn_count++ < DIGITAL_NFC_DEP_N_RETRY_ATN)) {
711 			ddev->nack_count = 0;
712 
713 			rc = digital_in_send_atn(ddev, data_exch);
714 			if (rc)
715 				goto error;
716 
717 			return;
718 		}
719 
720 		goto exit;
721 	}
722 
723 	rc = digital_skb_pull_dep_sod(ddev, resp);
724 	if (rc) {
725 		PROTOCOL_ERR("14.4.1.2");
726 		goto exit;
727 	}
728 
729 	rc = ddev->skb_check_crc(resp);
730 	if (rc) {
731 		if ((resp->len >= 4) &&
732 		    (ddev->nack_count++ < DIGITAL_NFC_DEP_N_RETRY_NACK)) {
733 			ddev->atn_count = 0;
734 
735 			rc = digital_in_send_nack(ddev, data_exch);
736 			if (rc)
737 				goto error;
738 
739 			kfree_skb(resp);
740 
741 			return;
742 		}
743 
744 		PROTOCOL_ERR("14.4.1.6");
745 		goto error;
746 	}
747 
748 	ddev->atn_count = 0;
749 	ddev->nack_count = 0;
750 
751 	if (resp->len > ddev->local_payload_max) {
752 		rc = -EMSGSIZE;
753 		goto exit;
754 	}
755 
756 	size = sizeof(struct digital_dep_req_res);
757 	dep_res = (struct digital_dep_req_res *)resp->data;
758 
759 	if (resp->len < size || dep_res->dir != DIGITAL_NFC_DEP_FRAME_DIR_IN ||
760 	    dep_res->cmd != DIGITAL_CMD_DEP_RES) {
761 		rc = -EIO;
762 		goto error;
763 	}
764 
765 	pfb = dep_res->pfb;
766 
767 	if (DIGITAL_NFC_DEP_DID_BIT_SET(pfb)) {
768 		PROTOCOL_ERR("14.8.2.1");
769 		rc = -EIO;
770 		goto error;
771 	}
772 
773 	if (DIGITAL_NFC_DEP_NAD_BIT_SET(pfb)) {
774 		rc = -EIO;
775 		goto exit;
776 	}
777 
778 	if (size > resp->len) {
779 		rc = -EIO;
780 		goto error;
781 	}
782 
783 	skb_pull(resp, size);
784 
785 	switch (DIGITAL_NFC_DEP_PFB_TYPE(pfb)) {
786 	case DIGITAL_NFC_DEP_PFB_I_PDU:
787 		if (DIGITAL_NFC_DEP_PFB_PNI(pfb) != ddev->curr_nfc_dep_pni) {
788 			PROTOCOL_ERR("14.12.3.3");
789 			rc = -EIO;
790 			goto error;
791 		}
792 
793 		ddev->curr_nfc_dep_pni =
794 			DIGITAL_NFC_DEP_PFB_PNI(ddev->curr_nfc_dep_pni + 1);
795 
796 		kfree_skb(ddev->saved_skb);
797 		ddev->saved_skb = NULL;
798 
799 		resp = digital_recv_dep_data_gather(ddev, pfb, resp,
800 						    digital_in_send_ack,
801 						    data_exch);
802 		if (IS_ERR(resp)) {
803 			rc = PTR_ERR(resp);
804 			resp = NULL;
805 			goto error;
806 		}
807 
808 		/* If resp is NULL then we're still chaining so return and
809 		 * wait for the next part of the PDU.  Else, the PDU is
810 		 * complete so pass it up.
811 		 */
812 		if (!resp)
813 			return;
814 
815 		rc = 0;
816 		break;
817 
818 	case DIGITAL_NFC_DEP_PFB_ACK_NACK_PDU:
819 		if (DIGITAL_NFC_DEP_NACK_BIT_SET(pfb)) {
820 			PROTOCOL_ERR("14.12.4.5");
821 			rc = -EIO;
822 			goto exit;
823 		}
824 
825 		if (DIGITAL_NFC_DEP_PFB_PNI(pfb) != ddev->curr_nfc_dep_pni) {
826 			PROTOCOL_ERR("14.12.3.3");
827 			rc = -EIO;
828 			goto exit;
829 		}
830 
831 		ddev->curr_nfc_dep_pni =
832 			DIGITAL_NFC_DEP_PFB_PNI(ddev->curr_nfc_dep_pni + 1);
833 
834 		if (!ddev->chaining_skb) {
835 			PROTOCOL_ERR("14.12.4.3");
836 			rc = -EIO;
837 			goto exit;
838 		}
839 
840 		/* The initiator has received a valid ACK. Free the last sent
841 		 * PDU and keep on sending chained skb.
842 		 */
843 		kfree_skb(ddev->saved_skb);
844 		ddev->saved_skb = NULL;
845 
846 		rc = digital_in_send_dep_req(ddev, NULL,
847 					     ddev->chaining_skb,
848 					     ddev->data_exch);
849 		if (rc)
850 			goto error;
851 
852 		goto free_resp;
853 
854 	case DIGITAL_NFC_DEP_PFB_SUPERVISOR_PDU:
855 		if (!DIGITAL_NFC_DEP_PFB_IS_TIMEOUT(pfb)) { /* ATN */
856 			rc = digital_in_send_saved_skb(ddev, data_exch);
857 			if (rc)
858 				goto error;
859 
860 			goto free_resp;
861 		}
862 
863 		if (ddev->atn_count || ddev->nack_count) {
864 			PROTOCOL_ERR("14.12.4.4");
865 			rc = -EIO;
866 			goto error;
867 		}
868 
869 		rtox = DIGITAL_NFC_DEP_RTOX_VALUE(resp->data[0]);
870 		if (!rtox || rtox > DIGITAL_NFC_DEP_RTOX_MAX) {
871 			PROTOCOL_ERR("14.8.4.1");
872 			rc = -EIO;
873 			goto error;
874 		}
875 
876 		rc = digital_in_send_rtox(ddev, data_exch, rtox);
877 		if (rc)
878 			goto error;
879 
880 		goto free_resp;
881 	}
882 
883 exit:
884 	data_exch->cb(data_exch->cb_context, resp, rc);
885 
886 error:
887 	kfree(data_exch);
888 
889 	kfree_skb(ddev->chaining_skb);
890 	ddev->chaining_skb = NULL;
891 
892 	kfree_skb(ddev->saved_skb);
893 	ddev->saved_skb = NULL;
894 
895 	if (rc)
896 		kfree_skb(resp);
897 
898 	return;
899 
900 free_resp:
901 	dev_kfree_skb(resp);
902 }
903 
digital_in_send_dep_req(struct nfc_digital_dev * ddev,struct nfc_target * target,struct sk_buff * skb,struct digital_data_exch * data_exch)904 int digital_in_send_dep_req(struct nfc_digital_dev *ddev,
905 			    struct nfc_target *target, struct sk_buff *skb,
906 			    struct digital_data_exch *data_exch)
907 {
908 	struct digital_dep_req_res *dep_req;
909 	struct sk_buff *chaining_skb, *tmp_skb;
910 	int rc;
911 
912 	skb_push(skb, sizeof(struct digital_dep_req_res));
913 
914 	dep_req = (struct digital_dep_req_res *)skb->data;
915 
916 	dep_req->dir = DIGITAL_NFC_DEP_FRAME_DIR_OUT;
917 	dep_req->cmd = DIGITAL_CMD_DEP_REQ;
918 	dep_req->pfb = ddev->curr_nfc_dep_pni;
919 
920 	ddev->atn_count = 0;
921 	ddev->nack_count = 0;
922 
923 	chaining_skb = ddev->chaining_skb;
924 
925 	tmp_skb = digital_send_dep_data_prep(ddev, skb, dep_req, data_exch);
926 	if (IS_ERR(tmp_skb))
927 		return PTR_ERR(tmp_skb);
928 
929 	digital_skb_push_dep_sod(ddev, tmp_skb);
930 
931 	ddev->skb_add_crc(tmp_skb);
932 
933 	ddev->saved_skb = pskb_copy(tmp_skb, GFP_KERNEL);
934 
935 	rc = digital_in_send_cmd(ddev, tmp_skb, ddev->dep_rwt,
936 				 digital_in_recv_dep_res, data_exch);
937 	if (rc) {
938 		if (tmp_skb != skb)
939 			kfree_skb(tmp_skb);
940 
941 		kfree_skb(chaining_skb);
942 		ddev->chaining_skb = NULL;
943 
944 		kfree_skb(ddev->saved_skb);
945 		ddev->saved_skb = NULL;
946 	}
947 
948 	return rc;
949 }
950 
digital_tg_set_rf_tech(struct nfc_digital_dev * ddev,u8 rf_tech)951 static void digital_tg_set_rf_tech(struct nfc_digital_dev *ddev, u8 rf_tech)
952 {
953 	ddev->curr_rf_tech = rf_tech;
954 
955 	ddev->skb_add_crc = digital_skb_add_crc_none;
956 	ddev->skb_check_crc = digital_skb_check_crc_none;
957 
958 	if (DIGITAL_DRV_CAPS_TG_CRC(ddev))
959 		return;
960 
961 	switch (ddev->curr_rf_tech) {
962 	case NFC_DIGITAL_RF_TECH_106A:
963 		ddev->skb_add_crc = digital_skb_add_crc_a;
964 		ddev->skb_check_crc = digital_skb_check_crc_a;
965 		break;
966 
967 	case NFC_DIGITAL_RF_TECH_212F:
968 	case NFC_DIGITAL_RF_TECH_424F:
969 		ddev->skb_add_crc = digital_skb_add_crc_f;
970 		ddev->skb_check_crc = digital_skb_check_crc_f;
971 		break;
972 
973 	default:
974 		break;
975 	}
976 }
977 
digital_tg_send_ack(struct nfc_digital_dev * ddev,struct digital_data_exch * data_exch)978 static int digital_tg_send_ack(struct nfc_digital_dev *ddev,
979 			       struct digital_data_exch *data_exch)
980 {
981 	struct digital_dep_req_res *dep_res;
982 	struct sk_buff *skb;
983 	int rc;
984 
985 	skb = digital_skb_alloc(ddev, 1);
986 	if (!skb)
987 		return -ENOMEM;
988 
989 	skb_push(skb, sizeof(struct digital_dep_req_res));
990 
991 	dep_res = (struct digital_dep_req_res *)skb->data;
992 
993 	dep_res->dir = DIGITAL_NFC_DEP_FRAME_DIR_IN;
994 	dep_res->cmd = DIGITAL_CMD_DEP_RES;
995 	dep_res->pfb = DIGITAL_NFC_DEP_PFB_ACK_NACK_PDU |
996 		       ddev->curr_nfc_dep_pni;
997 
998 	if (ddev->did) {
999 		dep_res->pfb |= DIGITAL_NFC_DEP_PFB_DID_BIT;
1000 
1001 		skb_put_data(skb, &ddev->did, sizeof(ddev->did));
1002 	}
1003 
1004 	ddev->curr_nfc_dep_pni =
1005 		DIGITAL_NFC_DEP_PFB_PNI(ddev->curr_nfc_dep_pni + 1);
1006 
1007 	digital_skb_push_dep_sod(ddev, skb);
1008 
1009 	ddev->skb_add_crc(skb);
1010 
1011 	ddev->saved_skb = pskb_copy(skb, GFP_KERNEL);
1012 
1013 	rc = digital_tg_send_cmd(ddev, skb, 1500, digital_tg_recv_dep_req,
1014 				 data_exch);
1015 	if (rc) {
1016 		kfree_skb(skb);
1017 		kfree_skb(ddev->saved_skb);
1018 		ddev->saved_skb = NULL;
1019 	}
1020 
1021 	return rc;
1022 }
1023 
digital_tg_send_atn(struct nfc_digital_dev * ddev)1024 static int digital_tg_send_atn(struct nfc_digital_dev *ddev)
1025 {
1026 	struct digital_dep_req_res *dep_res;
1027 	struct sk_buff *skb;
1028 	int rc;
1029 
1030 	skb = digital_skb_alloc(ddev, 1);
1031 	if (!skb)
1032 		return -ENOMEM;
1033 
1034 	skb_push(skb, sizeof(struct digital_dep_req_res));
1035 
1036 	dep_res = (struct digital_dep_req_res *)skb->data;
1037 
1038 	dep_res->dir = DIGITAL_NFC_DEP_FRAME_DIR_IN;
1039 	dep_res->cmd = DIGITAL_CMD_DEP_RES;
1040 	dep_res->pfb = DIGITAL_NFC_DEP_PFB_SUPERVISOR_PDU;
1041 
1042 	if (ddev->did) {
1043 		dep_res->pfb |= DIGITAL_NFC_DEP_PFB_DID_BIT;
1044 
1045 		skb_put_data(skb, &ddev->did, sizeof(ddev->did));
1046 	}
1047 
1048 	digital_skb_push_dep_sod(ddev, skb);
1049 
1050 	ddev->skb_add_crc(skb);
1051 
1052 	rc = digital_tg_send_cmd(ddev, skb, 1500, digital_tg_recv_dep_req,
1053 				 NULL);
1054 	if (rc)
1055 		kfree_skb(skb);
1056 
1057 	return rc;
1058 }
1059 
digital_tg_send_saved_skb(struct nfc_digital_dev * ddev)1060 static int digital_tg_send_saved_skb(struct nfc_digital_dev *ddev)
1061 {
1062 	int rc;
1063 
1064 	if (!ddev->saved_skb)
1065 		return -EINVAL;
1066 
1067 	skb_get(ddev->saved_skb);
1068 
1069 	rc = digital_tg_send_cmd(ddev, ddev->saved_skb, 1500,
1070 				 digital_tg_recv_dep_req, NULL);
1071 	if (rc)
1072 		kfree_skb(ddev->saved_skb);
1073 
1074 	return rc;
1075 }
1076 
digital_tg_recv_dep_req(struct nfc_digital_dev * ddev,void * arg,struct sk_buff * resp)1077 static void digital_tg_recv_dep_req(struct nfc_digital_dev *ddev, void *arg,
1078 				    struct sk_buff *resp)
1079 {
1080 	int rc;
1081 	struct digital_dep_req_res *dep_req;
1082 	u8 pfb;
1083 	size_t size;
1084 
1085 	if (IS_ERR(resp)) {
1086 		rc = PTR_ERR(resp);
1087 		resp = NULL;
1088 		goto exit;
1089 	}
1090 
1091 	rc = ddev->skb_check_crc(resp);
1092 	if (rc) {
1093 		PROTOCOL_ERR("14.4.1.6");
1094 		goto exit;
1095 	}
1096 
1097 	rc = digital_skb_pull_dep_sod(ddev, resp);
1098 	if (rc) {
1099 		PROTOCOL_ERR("14.4.1.2");
1100 		goto exit;
1101 	}
1102 
1103 	if (resp->len > ddev->local_payload_max) {
1104 		rc = -EMSGSIZE;
1105 		goto exit;
1106 	}
1107 
1108 	size = sizeof(struct digital_dep_req_res);
1109 	dep_req = (struct digital_dep_req_res *)resp->data;
1110 
1111 	if (resp->len < size || dep_req->dir != DIGITAL_NFC_DEP_FRAME_DIR_OUT ||
1112 	    dep_req->cmd != DIGITAL_CMD_DEP_REQ) {
1113 		rc = -EIO;
1114 		goto exit;
1115 	}
1116 
1117 	pfb = dep_req->pfb;
1118 
1119 	if (DIGITAL_NFC_DEP_DID_BIT_SET(pfb)) {
1120 		if (ddev->did && (ddev->did == resp->data[3])) {
1121 			size++;
1122 		} else {
1123 			rc = -EIO;
1124 			goto exit;
1125 		}
1126 	} else if (ddev->did) {
1127 		rc = -EIO;
1128 		goto exit;
1129 	}
1130 
1131 	if (DIGITAL_NFC_DEP_NAD_BIT_SET(pfb)) {
1132 		rc = -EIO;
1133 		goto exit;
1134 	}
1135 
1136 	if (size > resp->len) {
1137 		rc = -EIO;
1138 		goto exit;
1139 	}
1140 
1141 	skb_pull(resp, size);
1142 
1143 	switch (DIGITAL_NFC_DEP_PFB_TYPE(pfb)) {
1144 	case DIGITAL_NFC_DEP_PFB_I_PDU:
1145 		pr_debug("DIGITAL_NFC_DEP_PFB_I_PDU\n");
1146 
1147 		if (ddev->atn_count) {
1148 			/* The target has received (and replied to) at least one
1149 			 * ATN DEP_REQ.
1150 			 */
1151 			ddev->atn_count = 0;
1152 
1153 			/* pni of resp PDU equal to the target current pni - 1
1154 			 * means resp is the previous DEP_REQ PDU received from
1155 			 * the initiator so the target replies with saved_skb
1156 			 * which is the previous DEP_RES saved in
1157 			 * digital_tg_send_dep_res().
1158 			 */
1159 			if (DIGITAL_NFC_DEP_PFB_PNI(pfb) ==
1160 			  DIGITAL_NFC_DEP_PFB_PNI(ddev->curr_nfc_dep_pni - 1)) {
1161 				rc = digital_tg_send_saved_skb(ddev);
1162 				if (rc)
1163 					goto exit;
1164 
1165 				goto free_resp;
1166 			}
1167 
1168 			/* atn_count > 0 and PDU pni != curr_nfc_dep_pni - 1
1169 			 * means the target probably did not received the last
1170 			 * DEP_REQ PDU sent by the initiator. The target
1171 			 * fallbacks to normal processing then.
1172 			 */
1173 		}
1174 
1175 		if (DIGITAL_NFC_DEP_PFB_PNI(pfb) != ddev->curr_nfc_dep_pni) {
1176 			PROTOCOL_ERR("14.12.3.4");
1177 			rc = -EIO;
1178 			goto exit;
1179 		}
1180 
1181 		kfree_skb(ddev->saved_skb);
1182 		ddev->saved_skb = NULL;
1183 
1184 		resp = digital_recv_dep_data_gather(ddev, pfb, resp,
1185 						    digital_tg_send_ack, NULL);
1186 		if (IS_ERR(resp)) {
1187 			rc = PTR_ERR(resp);
1188 			resp = NULL;
1189 			goto exit;
1190 		}
1191 
1192 		/* If resp is NULL then we're still chaining so return and
1193 		 * wait for the next part of the PDU.  Else, the PDU is
1194 		 * complete so pass it up.
1195 		 */
1196 		if (!resp)
1197 			return;
1198 
1199 		rc = 0;
1200 		break;
1201 	case DIGITAL_NFC_DEP_PFB_ACK_NACK_PDU:
1202 		if (DIGITAL_NFC_DEP_NACK_BIT_SET(pfb)) { /* NACK */
1203 			if (DIGITAL_NFC_DEP_PFB_PNI(pfb + 1) !=
1204 						ddev->curr_nfc_dep_pni) {
1205 				rc = -EIO;
1206 				goto exit;
1207 			}
1208 
1209 			ddev->atn_count = 0;
1210 
1211 			rc = digital_tg_send_saved_skb(ddev);
1212 			if (rc)
1213 				goto exit;
1214 
1215 			goto free_resp;
1216 		}
1217 
1218 		/* ACK */
1219 		if (ddev->atn_count) {
1220 			/* The target has previously received one or more ATN
1221 			 * PDUs.
1222 			 */
1223 			ddev->atn_count = 0;
1224 
1225 			/* If the ACK PNI is equal to the target PNI - 1 means
1226 			 * that the initiator did not receive the previous PDU
1227 			 * sent by the target so re-send it.
1228 			 */
1229 			if (DIGITAL_NFC_DEP_PFB_PNI(pfb + 1) ==
1230 						ddev->curr_nfc_dep_pni) {
1231 				rc = digital_tg_send_saved_skb(ddev);
1232 				if (rc)
1233 					goto exit;
1234 
1235 				goto free_resp;
1236 			}
1237 
1238 			/* Otherwise, the target did not receive the previous
1239 			 * ACK PDU from the initiator. Fallback to normal
1240 			 * processing of chained PDU then.
1241 			 */
1242 		}
1243 
1244 		/* Keep on sending chained PDU */
1245 		if (!ddev->chaining_skb ||
1246 		    DIGITAL_NFC_DEP_PFB_PNI(pfb) !=
1247 					ddev->curr_nfc_dep_pni) {
1248 			rc = -EIO;
1249 			goto exit;
1250 		}
1251 
1252 		kfree_skb(ddev->saved_skb);
1253 		ddev->saved_skb = NULL;
1254 
1255 		rc = digital_tg_send_dep_res(ddev, ddev->chaining_skb);
1256 		if (rc)
1257 			goto exit;
1258 
1259 		goto free_resp;
1260 	case DIGITAL_NFC_DEP_PFB_SUPERVISOR_PDU:
1261 		if (DIGITAL_NFC_DEP_PFB_IS_TIMEOUT(pfb)) {
1262 			rc = -EINVAL;
1263 			goto exit;
1264 		}
1265 
1266 		rc = digital_tg_send_atn(ddev);
1267 		if (rc)
1268 			goto exit;
1269 
1270 		ddev->atn_count++;
1271 
1272 		goto free_resp;
1273 	}
1274 
1275 	rc = nfc_tm_data_received(ddev->nfc_dev, resp);
1276 	if (rc)
1277 		resp = NULL;
1278 
1279 exit:
1280 	kfree_skb(ddev->chaining_skb);
1281 	ddev->chaining_skb = NULL;
1282 
1283 	ddev->atn_count = 0;
1284 
1285 	kfree_skb(ddev->saved_skb);
1286 	ddev->saved_skb = NULL;
1287 
1288 	if (rc)
1289 		kfree_skb(resp);
1290 
1291 	return;
1292 
1293 free_resp:
1294 	dev_kfree_skb(resp);
1295 }
1296 
digital_tg_send_dep_res(struct nfc_digital_dev * ddev,struct sk_buff * skb)1297 int digital_tg_send_dep_res(struct nfc_digital_dev *ddev, struct sk_buff *skb)
1298 {
1299 	struct digital_dep_req_res *dep_res;
1300 	struct sk_buff *chaining_skb, *tmp_skb;
1301 	int rc;
1302 
1303 	skb_push(skb, sizeof(struct digital_dep_req_res));
1304 
1305 	dep_res = (struct digital_dep_req_res *)skb->data;
1306 
1307 	dep_res->dir = DIGITAL_NFC_DEP_FRAME_DIR_IN;
1308 	dep_res->cmd = DIGITAL_CMD_DEP_RES;
1309 	dep_res->pfb = ddev->curr_nfc_dep_pni;
1310 
1311 	if (ddev->did) {
1312 		dep_res->pfb |= DIGITAL_NFC_DEP_PFB_DID_BIT;
1313 
1314 		skb_put_data(skb, &ddev->did, sizeof(ddev->did));
1315 	}
1316 
1317 	ddev->curr_nfc_dep_pni =
1318 		DIGITAL_NFC_DEP_PFB_PNI(ddev->curr_nfc_dep_pni + 1);
1319 
1320 	chaining_skb = ddev->chaining_skb;
1321 
1322 	tmp_skb = digital_send_dep_data_prep(ddev, skb, dep_res, NULL);
1323 	if (IS_ERR(tmp_skb))
1324 		return PTR_ERR(tmp_skb);
1325 
1326 	digital_skb_push_dep_sod(ddev, tmp_skb);
1327 
1328 	ddev->skb_add_crc(tmp_skb);
1329 
1330 	ddev->saved_skb = pskb_copy(tmp_skb, GFP_KERNEL);
1331 
1332 	rc = digital_tg_send_cmd(ddev, tmp_skb, 1500, digital_tg_recv_dep_req,
1333 				 NULL);
1334 	if (rc) {
1335 		if (tmp_skb != skb)
1336 			kfree_skb(tmp_skb);
1337 
1338 		kfree_skb(chaining_skb);
1339 		ddev->chaining_skb = NULL;
1340 
1341 		kfree_skb(ddev->saved_skb);
1342 		ddev->saved_skb = NULL;
1343 	}
1344 
1345 	return rc;
1346 }
1347 
digital_tg_send_psl_res_complete(struct nfc_digital_dev * ddev,void * arg,struct sk_buff * resp)1348 static void digital_tg_send_psl_res_complete(struct nfc_digital_dev *ddev,
1349 					     void *arg, struct sk_buff *resp)
1350 {
1351 	u8 rf_tech = (unsigned long)arg;
1352 
1353 	if (IS_ERR(resp))
1354 		return;
1355 
1356 	digital_tg_set_rf_tech(ddev, rf_tech);
1357 
1358 	digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_RF_TECH, rf_tech);
1359 
1360 	digital_tg_listen(ddev, 1500, digital_tg_recv_dep_req, NULL);
1361 
1362 	dev_kfree_skb(resp);
1363 }
1364 
digital_tg_send_psl_res(struct nfc_digital_dev * ddev,u8 did,u8 rf_tech)1365 static int digital_tg_send_psl_res(struct nfc_digital_dev *ddev, u8 did,
1366 				   u8 rf_tech)
1367 {
1368 	struct digital_psl_res *psl_res;
1369 	struct sk_buff *skb;
1370 	int rc;
1371 
1372 	skb = digital_skb_alloc(ddev, sizeof(struct digital_psl_res));
1373 	if (!skb)
1374 		return -ENOMEM;
1375 
1376 	skb_put(skb, sizeof(struct digital_psl_res));
1377 
1378 	psl_res = (struct digital_psl_res *)skb->data;
1379 
1380 	psl_res->dir = DIGITAL_NFC_DEP_FRAME_DIR_IN;
1381 	psl_res->cmd = DIGITAL_CMD_PSL_RES;
1382 	psl_res->did = did;
1383 
1384 	digital_skb_push_dep_sod(ddev, skb);
1385 
1386 	ddev->skb_add_crc(skb);
1387 
1388 	ddev->curr_nfc_dep_pni = 0;
1389 
1390 	rc = digital_tg_send_cmd(ddev, skb, 0, digital_tg_send_psl_res_complete,
1391 				 (void *)(unsigned long)rf_tech);
1392 	if (rc)
1393 		kfree_skb(skb);
1394 
1395 	return rc;
1396 }
1397 
digital_tg_recv_psl_req(struct nfc_digital_dev * ddev,void * arg,struct sk_buff * resp)1398 static void digital_tg_recv_psl_req(struct nfc_digital_dev *ddev, void *arg,
1399 				    struct sk_buff *resp)
1400 {
1401 	int rc;
1402 	struct digital_psl_req *psl_req;
1403 	u8 rf_tech;
1404 	u8 dsi, payload_size, payload_bits;
1405 
1406 	if (IS_ERR(resp)) {
1407 		rc = PTR_ERR(resp);
1408 		resp = NULL;
1409 		goto exit;
1410 	}
1411 
1412 	rc = ddev->skb_check_crc(resp);
1413 	if (rc) {
1414 		PROTOCOL_ERR("14.4.1.6");
1415 		goto exit;
1416 	}
1417 
1418 	rc = digital_skb_pull_dep_sod(ddev, resp);
1419 	if (rc) {
1420 		PROTOCOL_ERR("14.4.1.2");
1421 		goto exit;
1422 	}
1423 
1424 	psl_req = (struct digital_psl_req *)resp->data;
1425 
1426 	if (resp->len != sizeof(struct digital_psl_req) ||
1427 	    psl_req->dir != DIGITAL_NFC_DEP_FRAME_DIR_OUT ||
1428 	    psl_req->cmd != DIGITAL_CMD_PSL_REQ) {
1429 		rc = -EIO;
1430 		goto exit;
1431 	}
1432 
1433 	dsi = (psl_req->brs >> 3) & 0x07;
1434 	switch (dsi) {
1435 	case 0:
1436 		rf_tech = NFC_DIGITAL_RF_TECH_106A;
1437 		break;
1438 	case 1:
1439 		rf_tech = NFC_DIGITAL_RF_TECH_212F;
1440 		break;
1441 	case 2:
1442 		rf_tech = NFC_DIGITAL_RF_TECH_424F;
1443 		break;
1444 	default:
1445 		pr_err("Unsupported dsi value %d\n", dsi);
1446 		goto exit;
1447 	}
1448 
1449 	payload_bits = DIGITAL_PAYLOAD_FSL_TO_BITS(psl_req->fsl);
1450 	payload_size = digital_payload_bits_to_size(payload_bits);
1451 
1452 	if (!payload_size || (payload_size > min(ddev->local_payload_max,
1453 						 ddev->remote_payload_max))) {
1454 		rc = -EINVAL;
1455 		goto exit;
1456 	}
1457 
1458 	ddev->local_payload_max = payload_size;
1459 	ddev->remote_payload_max = payload_size;
1460 
1461 	rc = digital_tg_send_psl_res(ddev, psl_req->did, rf_tech);
1462 
1463 exit:
1464 	kfree_skb(resp);
1465 }
1466 
digital_tg_send_atr_res_complete(struct nfc_digital_dev * ddev,void * arg,struct sk_buff * resp)1467 static void digital_tg_send_atr_res_complete(struct nfc_digital_dev *ddev,
1468 					     void *arg, struct sk_buff *resp)
1469 {
1470 	int offset;
1471 
1472 	if (IS_ERR(resp)) {
1473 		digital_poll_next_tech(ddev);
1474 		return;
1475 	}
1476 
1477 	offset = 2;
1478 	if (resp->data[0] == DIGITAL_NFC_DEP_NFCA_SOD_SB)
1479 		offset++;
1480 
1481 	ddev->atn_count = 0;
1482 
1483 	if (resp->data[offset] == DIGITAL_CMD_PSL_REQ)
1484 		digital_tg_recv_psl_req(ddev, arg, resp);
1485 	else
1486 		digital_tg_recv_dep_req(ddev, arg, resp);
1487 }
1488 
digital_tg_send_atr_res(struct nfc_digital_dev * ddev,struct digital_atr_req * atr_req)1489 static int digital_tg_send_atr_res(struct nfc_digital_dev *ddev,
1490 				   struct digital_atr_req *atr_req)
1491 {
1492 	struct digital_atr_res *atr_res;
1493 	struct sk_buff *skb;
1494 	u8 *gb, payload_bits;
1495 	size_t gb_len;
1496 	int rc;
1497 
1498 	gb = nfc_get_local_general_bytes(ddev->nfc_dev, &gb_len);
1499 	if (!gb)
1500 		gb_len = 0;
1501 
1502 	skb = digital_skb_alloc(ddev, sizeof(struct digital_atr_res) + gb_len);
1503 	if (!skb)
1504 		return -ENOMEM;
1505 
1506 	skb_put(skb, sizeof(struct digital_atr_res));
1507 	atr_res = (struct digital_atr_res *)skb->data;
1508 
1509 	memset(atr_res, 0, sizeof(struct digital_atr_res));
1510 
1511 	atr_res->dir = DIGITAL_NFC_DEP_FRAME_DIR_IN;
1512 	atr_res->cmd = DIGITAL_CMD_ATR_RES;
1513 	memcpy(atr_res->nfcid3, atr_req->nfcid3, sizeof(atr_req->nfcid3));
1514 	atr_res->to = DIGITAL_NFC_DEP_TG_MAX_WT;
1515 
1516 	ddev->local_payload_max = DIGITAL_PAYLOAD_SIZE_MAX;
1517 	payload_bits = digital_payload_size_to_bits(ddev->local_payload_max);
1518 	atr_res->pp = DIGITAL_PAYLOAD_BITS_TO_PP(payload_bits);
1519 
1520 	if (gb_len) {
1521 		skb_put(skb, gb_len);
1522 
1523 		atr_res->pp |= DIGITAL_GB_BIT;
1524 		memcpy(atr_res->gb, gb, gb_len);
1525 	}
1526 
1527 	digital_skb_push_dep_sod(ddev, skb);
1528 
1529 	ddev->skb_add_crc(skb);
1530 
1531 	ddev->curr_nfc_dep_pni = 0;
1532 
1533 	rc = digital_tg_send_cmd(ddev, skb, 999,
1534 				 digital_tg_send_atr_res_complete, NULL);
1535 	if (rc)
1536 		kfree_skb(skb);
1537 
1538 	return rc;
1539 }
1540 
digital_tg_recv_atr_req(struct nfc_digital_dev * ddev,void * arg,struct sk_buff * resp)1541 void digital_tg_recv_atr_req(struct nfc_digital_dev *ddev, void *arg,
1542 			     struct sk_buff *resp)
1543 {
1544 	int rc;
1545 	struct digital_atr_req *atr_req;
1546 	size_t gb_len, min_size;
1547 	u8 poll_tech_count, payload_bits;
1548 
1549 	if (IS_ERR(resp)) {
1550 		rc = PTR_ERR(resp);
1551 		resp = NULL;
1552 		goto exit;
1553 	}
1554 
1555 	if (!resp->len) {
1556 		rc = -EIO;
1557 		goto exit;
1558 	}
1559 
1560 	if (resp->data[0] == DIGITAL_NFC_DEP_NFCA_SOD_SB) {
1561 		min_size = DIGITAL_ATR_REQ_MIN_SIZE + 2;
1562 		digital_tg_set_rf_tech(ddev, NFC_DIGITAL_RF_TECH_106A);
1563 	} else {
1564 		min_size = DIGITAL_ATR_REQ_MIN_SIZE + 1;
1565 		digital_tg_set_rf_tech(ddev, NFC_DIGITAL_RF_TECH_212F);
1566 	}
1567 
1568 	if (resp->len < min_size) {
1569 		rc = -EIO;
1570 		goto exit;
1571 	}
1572 
1573 	ddev->curr_protocol = NFC_PROTO_NFC_DEP_MASK;
1574 
1575 	rc = ddev->skb_check_crc(resp);
1576 	if (rc) {
1577 		PROTOCOL_ERR("14.4.1.6");
1578 		goto exit;
1579 	}
1580 
1581 	rc = digital_skb_pull_dep_sod(ddev, resp);
1582 	if (rc) {
1583 		PROTOCOL_ERR("14.4.1.2");
1584 		goto exit;
1585 	}
1586 
1587 	atr_req = (struct digital_atr_req *)resp->data;
1588 
1589 	if (atr_req->dir != DIGITAL_NFC_DEP_FRAME_DIR_OUT ||
1590 	    atr_req->cmd != DIGITAL_CMD_ATR_REQ ||
1591 	    atr_req->did > DIGITAL_DID_MAX) {
1592 		rc = -EINVAL;
1593 		goto exit;
1594 	}
1595 
1596 	payload_bits = DIGITAL_PAYLOAD_PP_TO_BITS(atr_req->pp);
1597 	ddev->remote_payload_max = digital_payload_bits_to_size(payload_bits);
1598 
1599 	if (!ddev->remote_payload_max) {
1600 		rc = -EINVAL;
1601 		goto exit;
1602 	}
1603 
1604 	ddev->did = atr_req->did;
1605 
1606 	rc = digital_tg_configure_hw(ddev, NFC_DIGITAL_CONFIG_FRAMING,
1607 				     NFC_DIGITAL_FRAMING_NFC_DEP_ACTIVATED);
1608 	if (rc)
1609 		goto exit;
1610 
1611 	rc = digital_tg_send_atr_res(ddev, atr_req);
1612 	if (rc)
1613 		goto exit;
1614 
1615 	gb_len = resp->len - sizeof(struct digital_atr_req);
1616 
1617 	poll_tech_count = ddev->poll_tech_count;
1618 	ddev->poll_tech_count = 0;
1619 
1620 	rc = nfc_tm_activated(ddev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
1621 			      NFC_COMM_PASSIVE, atr_req->gb, gb_len);
1622 	if (rc) {
1623 		ddev->poll_tech_count = poll_tech_count;
1624 		goto exit;
1625 	}
1626 
1627 	rc = 0;
1628 exit:
1629 	if (rc)
1630 		digital_poll_next_tech(ddev);
1631 
1632 	dev_kfree_skb(resp);
1633 }
1634