Commit graph

23 commits

Author SHA1 Message Date
Mao Wenan
ec0237cb36 NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use le16_add_cpu().
[ Upstream commit 718eae277e62a26e5862eb72a830b5e0fe37b04a ]

Convert cpu_to_le16(le16_to_cpu(frame->datalen) + len) to
use le16_add_cpu(), which is more concise and does the same thing.

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Mao Wenan <maowenan@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2020-02-24 08:34:40 +01:00
Oliver Neukum
af8071f50f nfc: port100: handle command failure cleanly
commit 5f9f0b11f0816b35867f2cf71e54d95f53f03902 upstream.

If starting the transfer of a command suceeds but the transfer for the reply
fails, it is not enough to initiate killing the transfer for the
command may still be running. You need to wait for the killing to finish
before you can reuse URB and buffer.

Reported-and-tested-by: syzbot+711468aa5c3a1eabf863@syzkaller.appspotmail.com
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-12-01 09:17:38 +01:00
Johannes Berg
634fef6107 networking: add and use skb_put_u8()
Joe and Bjørn suggested that it'd be nicer to not have the
cast in the fairly common case of doing
	*(u8 *)skb_put(skb, 1) = c;

Add skb_put_u8() for this case, and use it across the code,
using the following spatch:

    @@
    expression SKB, C, S;
    typedef u8;
    identifier fn = {skb_put};
    fresh identifier fn2 = fn ## "_u8";
    @@
    - *(u8 *)fn(SKB, S) = C;
    + fn2(SKB, C);

Note that due to the "S", the spatch isn't perfect, it should
have checked that S is 1, but there's also places that use a
sizeof expression like sizeof(var) or sizeof(u8) etc. Turns
out that nobody ever did something like
	*(u8 *)skb_put(skb, 2) = c;

which would be wrong anyway since the second byte wouldn't be
initialized.

Suggested-by: Joe Perches <joe@perches.com>
Suggested-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-06-16 11:48:40 -04:00
Johannes Berg
4df864c1d9 networking: make skb_put & friends return void pointers
It seems like a historic accident that these return unsigned char *,
and in many places that means casts are required, more often than not.

Make these functions (skb_put, __skb_put and pskb_put) return void *
and remove all the casts across the tree, adding a (u8 *) cast only
where the unsigned char pointer was used directly, all done with the
following spatch:

    @@
    expression SKB, LEN;
    typedef u8;
    identifier fn = { skb_put, __skb_put };
    @@
    - *(fn(SKB, LEN))
    + *(u8 *)fn(SKB, LEN)

    @@
    expression E, SKB, LEN;
    identifier fn = { skb_put, __skb_put };
    type T;
    @@
    - E = ((T *)(fn(SKB, LEN)))
    + E = fn(SKB, LEN)

which actually doesn't cover pskb_put since there are only three
users overall.

A handful of stragglers were converted manually, notably a macro in
drivers/isdn/i4l/isdn_bsdcomp.c and, oddly enough, one of the many
instances in net/bluetooth/hci_sock.c. In the former file, I also
had to fix one whitespace problem spatch introduced.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-06-16 11:48:39 -04:00
Johannes Berg
59ae1d127a networking: introduce and use skb_put_data()
A common pattern with skb_put() is to just want to memcpy()
some data into the new space, introduce skb_put_data() for
this.

An spatch similar to the one for skb_put_zero() converts many
of the places using it:

    @@
    identifier p, p2;
    expression len, skb, data;
    type t, t2;
    @@
    (
    -p = skb_put(skb, len);
    +p = skb_put_data(skb, data, len);
    |
    -p = (t)skb_put(skb, len);
    +p = skb_put_data(skb, data, len);
    )
    (
    p2 = (t2)p;
    -memcpy(p2, data, len);
    |
    -memcpy(p, data, len);
    )

    @@
    type t, t2;
    identifier p, p2;
    expression skb, data;
    @@
    t *p;
    ...
    (
    -p = skb_put(skb, sizeof(t));
    +p = skb_put_data(skb, data, sizeof(t));
    |
    -p = (t *)skb_put(skb, sizeof(t));
    +p = skb_put_data(skb, data, sizeof(t));
    )
    (
    p2 = (t2)p;
    -memcpy(p2, data, sizeof(*p));
    |
    -memcpy(p, data, sizeof(*p));
    )

    @@
    expression skb, len, data;
    @@
    -memcpy(skb_put(skb, len), data, len);
    +skb_put_data(skb, data, len);

(again, manually post-processed to retain some comments)

Reviewed-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-06-16 11:48:37 -04:00
OGAWA Hirofumi
2497128133 nfc: Fix hangup of RC-S380* in port100_send_ack()
If port100_send_ack() was called twice or more, it has race to hangup.

  port100_send_ack()          port100_send_ack()
    init_completion()
    [...]
    dev->cmd_cancel = true
                                /* this removes previous from completion */
                                init_completion()
				[...]
                                dev->cmd_cancel = true
                                wait_for_completion()
    /* never be waked up */
    wait_for_completion()

Like above race, this code is not assuming port100_send_ack() is
called twice or more.

To fix, this checks dev->cmd_cancel to know if prior cancel is
in-flight or not. And never be remove prior task from completion by
using reinit_completion(), so this guarantees to be waked up properly
soon or later.

Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-04-01 23:04:30 +02:00
OGAWA Hirofumi
0ada076819 nfc: Fix RC-S380* needs zero-length packet
If sent packet size is wMaxPacketSize boundary, this device doesn't
answer. To fix this, we have to send zero-length packet in usb spec.

Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-04-01 23:04:30 +02:00
OGAWA Hirofumi
9728ee92f7 nfc: Add support RC-S380P to port100
Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-04-01 23:04:29 +02:00
Thierry Escande
9f0c4542c4 NFC: port100: Abort current command before switching RF off
If a command is still being processed by the device, the switch RF off
command will be rejected. With this patch, the port100 driver calls
port100_abort_cmd() before sending the switch RF off command.

Signed-off-by: Thierry Escande <thierry.escande@collabora.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-07-06 10:02:08 +02:00
Thierry Escande
a52bd7d275 NFC: port100: Make port100_abort_cmd() synchronous
This patch makes the abort_cmd function synchronous. This allows the
caller to immediately send a new command after abort_cmd() returns.

Signed-off-by: Thierry Escande <thierry.escande@collabora.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-07-06 10:02:08 +02:00
Thierry Escande
b74584c1a6 NFC: port100: Fix the command cancellation process
The USB out_urb used to send commands to the device can be submitted
through the standard command processing queue coming from the Digital
Protocol layer but it can also be submitted from port100_abort_cmd().

To not submit the URB while already active, a mutex is now used to
protect it and a cmd_cancel flag is used to not send command while
canceling the previous one.

Signed-off-by: Thierry Escande <thierry.escande@collabora.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-07-06 10:02:07 +02:00
Thierry Escande
e3e0258839 NFC: port100: Don't send a new command if one is still pending
This patch ensures that a command is not still in process before sending
a new one to the device. This can happen when neard is in constant
polling mode: the configure_hw command can be sent when neard restarts
polling after a LLCP SYMM timeout but before the device has returned in
timeout from the last DEP frame sent.

Signed-off-by: Thierry Escande <thierry.escande@collabora.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-07-06 10:02:07 +02:00
Thierry Escande
a81ba50a89 NFC: port100: Explicitly set NFC-F framing for NFC-DEP
When setting the driver framing as NFC_DIGITAL_FRAMING_NFCF_NFC_DEP it
used to be already configured as NFC_DIGITAL_FRAMING_NFCF which is the
same. So this entry was empty in the in_protocols table.
Now that the digital stack can handle PLS requests, it can be changed
on the fly from NFC_DIGITAL_FRAMING_NFCA_NFC_DEP.
This patch explicitly defines the framing configuration values for
NFC_DIGITAL_FRAMING_NFCF_NFC_DEP.

Signed-off-by: Thierry Escande <thierry.escande@collabora.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-07-04 12:26:27 +02:00
Joe Perches
3590ebc040 NFC: logging neatening
Add missing terminating newlines to nfc_info and nfc_err
to avoid possible interleaving from other messages.

Miscellanea:

o typo fix of "unknonwn" in message
o remove unnecessary OOM messages as there's a generic dump_stack()
o realign arguments

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2015-04-07 12:05:12 +02:00
Thierry Escande
09592ccfc2 NFC: port100: Add support for type 4B tag
This patch adds support for ISO-DEP protocol over NFC-B rf technology
by adding NFC_PROTO_ISO14443_B to the supported protocols and an entry
for framing configuration.

Signed-off-by: Thierry Escande <thierry.escande@linux.intel.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2014-05-26 00:42:02 +02:00
Axel Lin
4aa7ed02f5 NFC: port100: Convert to use USB_DEVICE macro
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2014-02-23 23:32:18 +01:00
Thierry Escande
2a26f9a2c1 NFC: port100: Add support for type 4A tag platform
This adds support for ISO-DEP protocol over NFC-A rf technology. The
port100 already supports NFC-A and ATS request and response for type 4A
tags are handled at digital level. This patch adds NFC_PROTO_ISO14443
to the supported protocols and an entry for framing configuration which
is the same as NFC-A standard frame with CRC handling.

Signed-off-by: Thierry Escande <thierry.escande@linux.intel.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2014-02-16 23:49:54 +01:00
Thierry Escande
d3815ea95c NFC: port100: Fix possible buffer overflow
The arrays for protocols and rf techs must define a number of entries
corresponding to their maximum possible index values.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Thierry Escande <thierry.escande@linux.intel.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2014-02-16 23:49:54 +01:00
Alexey Khoroshilov
c36aeba8c0 NFC: port100: Fix device leak
port100_probe() calls usb_get_dev(), but there is no usb_put_dev()
in port100_disconnect(). The patch adds one.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2014-01-05 00:49:00 +01:00
Thierry Escande
7227c0216d NFC: port100: Add target mode support
This implements the target NFC digital operations tg_configure_hw(),
tg_listen(), tg_listen_mdaa(), and tg_send_cmd().

The target mode supports NFC-A technology at 106kbits/s and NFC-F
technologies at 212 and 424kbits/s.

Signed-off-by: Thierry Escande <thierry.escande@linux.intel.com>
Cc: Stephen Tiedemann <stephen.tiedemann@gmail.com>
Tested-by: Cho, Yu-Chen <acho@suse.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2013-10-07 14:11:20 +02:00
Thierry Escande
9f7b57f28c NFC: port100: Add initiator mode support
This patch implements the initiator NFC operations in_configure_hw()
and in_send_cmd(). It also implements the switch_rf() operation.

The initiator mode supports NFC-A technology at 106kbits/s and NFC-F
technologies at 212 and 424kbits/s.

Signed-off-by: Thierry Escande <thierry.escande@linux.intel.com>
Cc: Stephen Tiedemann <stephen.tiedemann@gmail.com>
Tested-by: Cho, Yu-Chen <acho@suse.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2013-10-07 14:11:14 +02:00
Thierry Escande
0347a6ab30 NFC: port100: Commands mechanism implementation
This patch implements the command handling mechanism. The digital stack
serializes all commands sent to the driver. This means that the digital
stack waits for the reply of the current command before sending a new
one. So there is no command queue managed at driver level.

All Port-100 commands are asynchronous. If the command has been sent
successfully to the device, it replies with an ACK frame. Then the
command response is received (or actually no-response in case of
timeout or error) and a command complete work on the system workqueue
is responsible for sending the response (or the error) back to the
digital stack.

The digital stack requires some commands to be synchronous, mainly
hardware configuration ones. These commands use the asynchronous
command path but are made synchronous by using a completion object.

Signed-off-by: Thierry Escande <thierry.escande@linux.intel.com>
Cc: Stephen Tiedemann <stephen.tiedemann@gmail.com>
Tested-by: Cho, Yu-Chen <acho@suse.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2013-10-07 14:10:52 +02:00
Thierry Escande
562d4d59b8 NFC: Sony Port-100 Series driver
This adds support for the Sony NFC USB dongle RC-S380, based on the
Port-100 chip. This dongle is an analog frontend and does not implement
the digital layer. This driver uses the nfc_digital module which is an
implementation of the NFC Digital Protocol stack.

This patch is a skeleton. It only registers the dongle against the NFC
digital protocol stack. All NFC digital operation functions are stubbed
out.

Signed-off-by: Thierry Escande <thierry.escande@linux.intel.com>
Cc: Stephen Tiedemann <stephen.tiedemann@gmail.com>
Tested-by: Cho, Yu-Chen <acho@suse.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2013-10-07 14:09:33 +02:00