2 * Copyright (C) 2011 Intel Corporation. All rights reserved.
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the
16 * Free Software Foundation, Inc.,
17 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
20 #define pr_fmt(fmt) "llcp: %s: " fmt, __func__
22 #include <linux/init.h>
23 #include <linux/kernel.h>
24 #include <linux/list.h>
25 #include <linux/nfc.h>
30 static u8 llcp_magic[3] = {0x46, 0x66, 0x6d};
32 static struct list_head llcp_devices;
34 void nfc_llcp_sock_link(struct llcp_sock_list *l, struct sock *sk)
37 sk_add_node(sk, &l->head);
38 write_unlock(&l->lock);
41 void nfc_llcp_sock_unlink(struct llcp_sock_list *l, struct sock *sk)
45 write_unlock(&l->lock);
48 static void nfc_llcp_socket_purge(struct nfc_llcp_sock *sock)
50 struct nfc_llcp_local *local = sock->local;
51 struct sk_buff *s, *tmp;
53 pr_debug("%p\n", &sock->sk);
55 skb_queue_purge(&sock->tx_queue);
56 skb_queue_purge(&sock->tx_pending_queue);
61 /* Search for local pending SKBs that are related to this socket */
62 skb_queue_walk_safe(&local->tx_queue, s, tmp) {
63 if (s->sk != &sock->sk)
66 skb_unlink(s, &local->tx_queue);
71 static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool listen)
74 struct hlist_node *node, *tmp;
75 struct nfc_llcp_sock *llcp_sock;
77 skb_queue_purge(&local->tx_queue);
79 write_lock(&local->sockets.lock);
81 sk_for_each_safe(sk, node, tmp, &local->sockets.head) {
82 llcp_sock = nfc_llcp_sock(sk);
86 nfc_llcp_socket_purge(llcp_sock);
88 if (sk->sk_state == LLCP_CONNECTED)
89 nfc_put_device(llcp_sock->dev);
91 if (sk->sk_state == LLCP_LISTEN) {
92 struct nfc_llcp_sock *lsk, *n;
93 struct sock *accept_sk;
95 list_for_each_entry_safe(lsk, n,
96 &llcp_sock->accept_queue,
99 bh_lock_sock(accept_sk);
101 nfc_llcp_accept_unlink(accept_sk);
103 accept_sk->sk_state = LLCP_CLOSED;
105 bh_unlock_sock(accept_sk);
107 sock_orphan(accept_sk);
110 if (listen == true) {
117 * If we have a connection less socket bound, we keep it alive
118 * if the device is still present.
120 if (sk->sk_state == LLCP_BOUND && sk->sk_type == SOCK_DGRAM &&
126 sk->sk_state = LLCP_CLOSED;
132 sk_del_node_init(sk);
135 write_unlock(&local->sockets.lock);
138 struct nfc_llcp_local *nfc_llcp_local_get(struct nfc_llcp_local *local)
140 kref_get(&local->ref);
145 static void local_release(struct kref *ref)
147 struct nfc_llcp_local *local;
149 local = container_of(ref, struct nfc_llcp_local, ref);
151 list_del(&local->list);
152 nfc_llcp_socket_release(local, false);
153 del_timer_sync(&local->link_timer);
154 skb_queue_purge(&local->tx_queue);
155 cancel_work_sync(&local->tx_work);
156 cancel_work_sync(&local->rx_work);
157 cancel_work_sync(&local->timeout_work);
158 kfree_skb(local->rx_pending);
162 int nfc_llcp_local_put(struct nfc_llcp_local *local)
167 return kref_put(&local->ref, local_release);
170 static struct nfc_llcp_sock *nfc_llcp_sock_get(struct nfc_llcp_local *local,
174 struct hlist_node *node;
175 struct nfc_llcp_sock *llcp_sock, *tmp_sock;
177 pr_debug("ssap dsap %d %d\n", ssap, dsap);
179 if (ssap == 0 && dsap == 0)
182 read_lock(&local->sockets.lock);
186 sk_for_each(sk, node, &local->sockets.head) {
187 tmp_sock = nfc_llcp_sock(sk);
189 if (tmp_sock->ssap == ssap && tmp_sock->dsap == dsap) {
190 llcp_sock = tmp_sock;
195 read_unlock(&local->sockets.lock);
197 if (llcp_sock == NULL)
200 sock_hold(&llcp_sock->sk);
205 static void nfc_llcp_sock_put(struct nfc_llcp_sock *sock)
210 static void nfc_llcp_timeout_work(struct work_struct *work)
212 struct nfc_llcp_local *local = container_of(work, struct nfc_llcp_local,
215 nfc_dep_link_down(local->dev);
218 static void nfc_llcp_symm_timer(unsigned long data)
220 struct nfc_llcp_local *local = (struct nfc_llcp_local *) data;
222 pr_err("SYMM timeout\n");
224 schedule_work(&local->timeout_work);
227 struct nfc_llcp_local *nfc_llcp_find_local(struct nfc_dev *dev)
229 struct nfc_llcp_local *local, *n;
231 list_for_each_entry_safe(local, n, &llcp_devices, list)
232 if (local->dev == dev)
235 pr_debug("No device found\n");
240 static char *wks[] = {
248 static int nfc_llcp_wks_sap(char *service_name, size_t service_name_len)
252 pr_debug("%s\n", service_name);
254 if (service_name == NULL)
257 num_wks = ARRAY_SIZE(wks);
259 for (sap = 0; sap < num_wks; sap++) {
260 if (wks[sap] == NULL)
263 if (strncmp(wks[sap], service_name, service_name_len) == 0)
271 struct nfc_llcp_sock *nfc_llcp_sock_from_sn(struct nfc_llcp_local *local,
272 u8 *sn, size_t sn_len)
275 struct hlist_node *node;
276 struct nfc_llcp_sock *llcp_sock, *tmp_sock;
278 pr_debug("sn %zd %p\n", sn_len, sn);
280 if (sn == NULL || sn_len == 0)
283 read_lock(&local->sockets.lock);
287 sk_for_each(sk, node, &local->sockets.head) {
288 tmp_sock = nfc_llcp_sock(sk);
290 pr_debug("llcp sock %p\n", tmp_sock);
292 if (tmp_sock->sk.sk_type == SOCK_STREAM &&
293 tmp_sock->sk.sk_state != LLCP_LISTEN)
296 if (tmp_sock->sk.sk_type == SOCK_DGRAM &&
297 tmp_sock->sk.sk_state != LLCP_BOUND)
300 if (tmp_sock->service_name == NULL ||
301 tmp_sock->service_name_len == 0)
304 if (tmp_sock->service_name_len != sn_len)
307 if (memcmp(sn, tmp_sock->service_name, sn_len) == 0) {
308 llcp_sock = tmp_sock;
313 read_unlock(&local->sockets.lock);
315 pr_debug("Found llcp sock %p\n", llcp_sock);
320 u8 nfc_llcp_get_sdp_ssap(struct nfc_llcp_local *local,
321 struct nfc_llcp_sock *sock)
323 mutex_lock(&local->sdp_lock);
325 if (sock->service_name != NULL && sock->service_name_len > 0) {
326 int ssap = nfc_llcp_wks_sap(sock->service_name,
327 sock->service_name_len);
330 pr_debug("WKS %d\n", ssap);
332 /* This is a WKS, let's check if it's free */
333 if (local->local_wks & BIT(ssap)) {
334 mutex_unlock(&local->sdp_lock);
339 set_bit(ssap, &local->local_wks);
340 mutex_unlock(&local->sdp_lock);
346 * Check if there already is a non WKS socket bound
347 * to this service name.
349 if (nfc_llcp_sock_from_sn(local, sock->service_name,
350 sock->service_name_len) != NULL) {
351 mutex_unlock(&local->sdp_lock);
356 mutex_unlock(&local->sdp_lock);
358 return LLCP_SDP_UNBOUND;
360 } else if (sock->ssap != 0 && sock->ssap < LLCP_WKS_NUM_SAP) {
361 if (!test_bit(sock->ssap, &local->local_wks)) {
362 set_bit(sock->ssap, &local->local_wks);
363 mutex_unlock(&local->sdp_lock);
369 mutex_unlock(&local->sdp_lock);
374 u8 nfc_llcp_get_local_ssap(struct nfc_llcp_local *local)
378 mutex_lock(&local->sdp_lock);
380 local_ssap = find_first_zero_bit(&local->local_sap, LLCP_LOCAL_NUM_SAP);
381 if (local_ssap == LLCP_LOCAL_NUM_SAP) {
382 mutex_unlock(&local->sdp_lock);
386 set_bit(local_ssap, &local->local_sap);
388 mutex_unlock(&local->sdp_lock);
390 return local_ssap + LLCP_LOCAL_SAP_OFFSET;
393 void nfc_llcp_put_ssap(struct nfc_llcp_local *local, u8 ssap)
398 if (ssap < LLCP_WKS_NUM_SAP) {
400 sdp = &local->local_wks;
401 } else if (ssap < LLCP_LOCAL_NUM_SAP) {
402 atomic_t *client_cnt;
404 local_ssap = ssap - LLCP_WKS_NUM_SAP;
405 sdp = &local->local_sdp;
406 client_cnt = &local->local_sdp_cnt[local_ssap];
408 pr_debug("%d clients\n", atomic_read(client_cnt));
410 mutex_lock(&local->sdp_lock);
412 if (atomic_dec_and_test(client_cnt)) {
413 struct nfc_llcp_sock *l_sock;
415 pr_debug("No more clients for SAP %d\n", ssap);
417 clear_bit(local_ssap, sdp);
419 /* Find the listening sock and set it back to UNBOUND */
420 l_sock = nfc_llcp_sock_get(local, ssap, LLCP_SAP_SDP);
422 l_sock->ssap = LLCP_SDP_UNBOUND;
423 nfc_llcp_sock_put(l_sock);
427 mutex_unlock(&local->sdp_lock);
430 } else if (ssap < LLCP_MAX_SAP) {
431 local_ssap = ssap - LLCP_LOCAL_NUM_SAP;
432 sdp = &local->local_sap;
437 mutex_lock(&local->sdp_lock);
439 clear_bit(local_ssap, sdp);
441 mutex_unlock(&local->sdp_lock);
444 static u8 nfc_llcp_reserve_sdp_ssap(struct nfc_llcp_local *local)
448 mutex_lock(&local->sdp_lock);
450 ssap = find_first_zero_bit(&local->local_sdp, LLCP_SDP_NUM_SAP);
451 if (ssap == LLCP_SDP_NUM_SAP) {
452 mutex_unlock(&local->sdp_lock);
457 pr_debug("SDP ssap %d\n", LLCP_WKS_NUM_SAP + ssap);
459 set_bit(ssap, &local->local_sdp);
461 mutex_unlock(&local->sdp_lock);
463 return LLCP_WKS_NUM_SAP + ssap;
466 static int nfc_llcp_build_gb(struct nfc_llcp_local *local)
468 u8 *gb_cur, *version_tlv, version, version_length;
469 u8 *lto_tlv, lto_length;
470 u8 *wks_tlv, wks_length;
471 u8 *miux_tlv, miux_length;
475 version = LLCP_VERSION_11;
476 version_tlv = nfc_llcp_build_tlv(LLCP_TLV_VERSION, &version,
478 gb_len += version_length;
480 lto_tlv = nfc_llcp_build_tlv(LLCP_TLV_LTO, &local->lto, 1, <o_length);
481 gb_len += lto_length;
483 pr_debug("Local wks 0x%lx\n", local->local_wks);
484 wks_tlv = nfc_llcp_build_tlv(LLCP_TLV_WKS, (u8 *)&local->local_wks, 2,
486 gb_len += wks_length;
488 miux_tlv = nfc_llcp_build_tlv(LLCP_TLV_MIUX, (u8 *)&local->miux, 0,
490 gb_len += miux_length;
492 gb_len += ARRAY_SIZE(llcp_magic);
494 if (gb_len > NFC_MAX_GT_LEN) {
501 memcpy(gb_cur, llcp_magic, ARRAY_SIZE(llcp_magic));
502 gb_cur += ARRAY_SIZE(llcp_magic);
504 memcpy(gb_cur, version_tlv, version_length);
505 gb_cur += version_length;
507 memcpy(gb_cur, lto_tlv, lto_length);
508 gb_cur += lto_length;
510 memcpy(gb_cur, wks_tlv, wks_length);
511 gb_cur += wks_length;
513 memcpy(gb_cur, miux_tlv, miux_length);
514 gb_cur += miux_length;
516 local->gb_len = gb_len;
527 u8 *nfc_llcp_general_bytes(struct nfc_dev *dev, size_t *general_bytes_len)
529 struct nfc_llcp_local *local;
531 local = nfc_llcp_find_local(dev);
533 *general_bytes_len = 0;
537 nfc_llcp_build_gb(local);
539 *general_bytes_len = local->gb_len;
544 int nfc_llcp_set_remote_gb(struct nfc_dev *dev, u8 *gb, u8 gb_len)
546 struct nfc_llcp_local *local = nfc_llcp_find_local(dev);
549 pr_err("No LLCP device\n");
553 memset(local->remote_gb, 0, NFC_MAX_GT_LEN);
554 memcpy(local->remote_gb, gb, gb_len);
555 local->remote_gb_len = gb_len;
557 if (local->remote_gb == NULL || local->remote_gb_len == 0)
560 if (memcmp(local->remote_gb, llcp_magic, 3)) {
561 pr_err("MAC does not support LLCP\n");
565 return nfc_llcp_parse_gb_tlv(local,
566 &local->remote_gb[3],
567 local->remote_gb_len - 3);
570 static u8 nfc_llcp_dsap(struct sk_buff *pdu)
572 return (pdu->data[0] & 0xfc) >> 2;
575 static u8 nfc_llcp_ptype(struct sk_buff *pdu)
577 return ((pdu->data[0] & 0x03) << 2) | ((pdu->data[1] & 0xc0) >> 6);
580 static u8 nfc_llcp_ssap(struct sk_buff *pdu)
582 return pdu->data[1] & 0x3f;
585 static u8 nfc_llcp_ns(struct sk_buff *pdu)
587 return pdu->data[2] >> 4;
590 static u8 nfc_llcp_nr(struct sk_buff *pdu)
592 return pdu->data[2] & 0xf;
595 static void nfc_llcp_set_nrns(struct nfc_llcp_sock *sock, struct sk_buff *pdu)
597 pdu->data[2] = (sock->send_n << 4) | (sock->recv_n);
598 sock->send_n = (sock->send_n + 1) % 16;
599 sock->recv_ack_n = (sock->recv_n - 1) % 16;
602 void nfc_llcp_send_to_raw_sock(struct nfc_llcp_local *local,
603 struct sk_buff *skb, u8 direction)
605 struct hlist_node *node;
606 struct sk_buff *skb_copy = NULL, *nskb;
610 read_lock(&local->raw_sockets.lock);
612 sk_for_each(sk, node, &local->raw_sockets.head) {
613 if (sk->sk_state != LLCP_BOUND)
616 if (skb_copy == NULL) {
617 skb_copy = __pskb_copy(skb, NFC_LLCP_RAW_HEADER_SIZE,
620 if (skb_copy == NULL)
623 data = skb_push(skb_copy, NFC_LLCP_RAW_HEADER_SIZE);
625 data[0] = local->dev ? local->dev->idx : 0xFF;
629 nskb = skb_clone(skb_copy, GFP_ATOMIC);
633 if (sock_queue_rcv_skb(sk, nskb))
637 read_unlock(&local->raw_sockets.lock);
642 static void nfc_llcp_tx_work(struct work_struct *work)
644 struct nfc_llcp_local *local = container_of(work, struct nfc_llcp_local,
648 struct nfc_llcp_sock *llcp_sock;
650 skb = skb_dequeue(&local->tx_queue);
653 llcp_sock = nfc_llcp_sock(sk);
655 if (llcp_sock == NULL && nfc_llcp_ptype(skb) == LLCP_PDU_I) {
656 nfc_llcp_send_symm(local->dev);
658 struct sk_buff *copy_skb = NULL;
659 u8 ptype = nfc_llcp_ptype(skb);
662 pr_debug("Sending pending skb\n");
663 print_hex_dump(KERN_DEBUG, "LLCP Tx: ",
664 DUMP_PREFIX_OFFSET, 16, 1,
665 skb->data, skb->len, true);
667 if (ptype == LLCP_PDU_I)
668 copy_skb = skb_copy(skb, GFP_ATOMIC);
670 __net_timestamp(skb);
672 nfc_llcp_send_to_raw_sock(local, skb,
673 NFC_LLCP_DIRECTION_TX);
675 ret = nfc_data_exchange(local->dev, local->target_idx,
676 skb, nfc_llcp_recv, local);
683 if (ptype == LLCP_PDU_I && copy_skb)
684 skb_queue_tail(&llcp_sock->tx_pending_queue,
688 nfc_llcp_send_symm(local->dev);
692 mod_timer(&local->link_timer,
693 jiffies + msecs_to_jiffies(2 * local->remote_lto));
696 static struct nfc_llcp_sock *nfc_llcp_connecting_sock_get(struct nfc_llcp_local *local,
700 struct nfc_llcp_sock *llcp_sock;
701 struct hlist_node *node;
703 read_lock(&local->connecting_sockets.lock);
705 sk_for_each(sk, node, &local->connecting_sockets.head) {
706 llcp_sock = nfc_llcp_sock(sk);
708 if (llcp_sock->ssap == ssap) {
709 sock_hold(&llcp_sock->sk);
717 read_unlock(&local->connecting_sockets.lock);
722 static struct nfc_llcp_sock *nfc_llcp_sock_get_sn(struct nfc_llcp_local *local,
723 u8 *sn, size_t sn_len)
725 struct nfc_llcp_sock *llcp_sock;
727 llcp_sock = nfc_llcp_sock_from_sn(local, sn, sn_len);
729 if (llcp_sock == NULL)
732 sock_hold(&llcp_sock->sk);
737 static u8 *nfc_llcp_connect_sn(struct sk_buff *skb, size_t *sn_len)
739 u8 *tlv = &skb->data[2], type, length;
740 size_t tlv_array_len = skb->len - LLCP_HEADER_SIZE, offset = 0;
742 while (offset < tlv_array_len) {
746 pr_debug("type 0x%x length %d\n", type, length);
748 if (type == LLCP_TLV_SN) {
753 offset += length + 2;
760 static void nfc_llcp_recv_ui(struct nfc_llcp_local *local,
763 struct nfc_llcp_sock *llcp_sock;
764 struct nfc_llcp_ui_cb *ui_cb;
767 dsap = nfc_llcp_dsap(skb);
768 ssap = nfc_llcp_ssap(skb);
770 ui_cb = nfc_llcp_ui_skb_cb(skb);
774 printk("%s %d %d\n", __func__, dsap, ssap);
776 pr_debug("%d %d\n", dsap, ssap);
778 /* We're looking for a bound socket, not a client one */
779 llcp_sock = nfc_llcp_sock_get(local, dsap, LLCP_SAP_SDP);
780 if (llcp_sock == NULL || llcp_sock->sk.sk_type != SOCK_DGRAM)
783 /* There is no sequence with UI frames */
784 skb_pull(skb, LLCP_HEADER_SIZE);
785 if (sock_queue_rcv_skb(&llcp_sock->sk, skb)) {
786 pr_err("receive queue is full\n");
790 nfc_llcp_sock_put(llcp_sock);
793 static void nfc_llcp_recv_connect(struct nfc_llcp_local *local,
796 struct sock *new_sk, *parent;
797 struct nfc_llcp_sock *sock, *new_sock;
798 u8 dsap, ssap, reason;
800 dsap = nfc_llcp_dsap(skb);
801 ssap = nfc_llcp_ssap(skb);
803 pr_debug("%d %d\n", dsap, ssap);
805 if (dsap != LLCP_SAP_SDP) {
806 sock = nfc_llcp_sock_get(local, dsap, LLCP_SAP_SDP);
807 if (sock == NULL || sock->sk.sk_state != LLCP_LISTEN) {
808 reason = LLCP_DM_NOBOUND;
815 sn = nfc_llcp_connect_sn(skb, &sn_len);
817 reason = LLCP_DM_NOBOUND;
821 pr_debug("Service name length %zu\n", sn_len);
823 sock = nfc_llcp_sock_get_sn(local, sn, sn_len);
825 reason = LLCP_DM_NOBOUND;
830 lock_sock(&sock->sk);
834 if (sk_acceptq_is_full(parent)) {
835 reason = LLCP_DM_REJ;
836 release_sock(&sock->sk);
841 if (sock->ssap == LLCP_SDP_UNBOUND) {
842 u8 ssap = nfc_llcp_reserve_sdp_ssap(local);
844 pr_debug("First client, reserving %d\n", ssap);
846 if (ssap == LLCP_SAP_MAX) {
847 reason = LLCP_DM_REJ;
848 release_sock(&sock->sk);
856 new_sk = nfc_llcp_sock_alloc(NULL, parent->sk_type, GFP_ATOMIC);
857 if (new_sk == NULL) {
858 reason = LLCP_DM_REJ;
859 release_sock(&sock->sk);
864 new_sock = nfc_llcp_sock(new_sk);
865 new_sock->dev = local->dev;
866 new_sock->local = nfc_llcp_local_get(local);
867 new_sock->miu = local->remote_miu;
868 new_sock->nfc_protocol = sock->nfc_protocol;
869 new_sock->dsap = ssap;
870 new_sock->target_idx = local->target_idx;
871 new_sock->parent = parent;
872 new_sock->ssap = sock->ssap;
873 if (sock->ssap < LLCP_LOCAL_NUM_SAP && sock->ssap >= LLCP_WKS_NUM_SAP) {
874 atomic_t *client_count;
876 pr_debug("reserved_ssap %d for %p\n", sock->ssap, new_sock);
879 &local->local_sdp_cnt[sock->ssap - LLCP_WKS_NUM_SAP];
881 atomic_inc(client_count);
882 new_sock->reserved_ssap = sock->ssap;
885 nfc_llcp_parse_connection_tlv(new_sock, &skb->data[LLCP_HEADER_SIZE],
886 skb->len - LLCP_HEADER_SIZE);
888 pr_debug("new sock %p sk %p\n", new_sock, &new_sock->sk);
890 nfc_llcp_sock_link(&local->sockets, new_sk);
892 nfc_llcp_accept_enqueue(&sock->sk, new_sk);
894 nfc_get_device(local->dev->idx);
896 new_sk->sk_state = LLCP_CONNECTED;
898 /* Wake the listening processes */
899 parent->sk_data_ready(parent, 0);
902 nfc_llcp_send_cc(new_sock);
904 release_sock(&sock->sk);
911 nfc_llcp_send_dm(local, dsap, ssap, reason);
914 int nfc_llcp_queue_i_frames(struct nfc_llcp_sock *sock)
917 struct nfc_llcp_local *local = sock->local;
919 pr_debug("Remote ready %d tx queue len %d remote rw %d",
920 sock->remote_ready, skb_queue_len(&sock->tx_pending_queue),
923 /* Try to queue some I frames for transmission */
924 while (sock->remote_ready &&
925 skb_queue_len(&sock->tx_pending_queue) < sock->rw) {
928 pdu = skb_dequeue(&sock->tx_queue);
932 /* Update N(S)/N(R) */
933 nfc_llcp_set_nrns(sock, pdu);
935 skb_queue_tail(&local->tx_queue, pdu);
942 static void nfc_llcp_recv_hdlc(struct nfc_llcp_local *local,
945 struct nfc_llcp_sock *llcp_sock;
947 u8 dsap, ssap, ptype, ns, nr;
949 ptype = nfc_llcp_ptype(skb);
950 dsap = nfc_llcp_dsap(skb);
951 ssap = nfc_llcp_ssap(skb);
952 ns = nfc_llcp_ns(skb);
953 nr = nfc_llcp_nr(skb);
955 pr_debug("%d %d R %d S %d\n", dsap, ssap, nr, ns);
957 llcp_sock = nfc_llcp_sock_get(local, dsap, ssap);
958 if (llcp_sock == NULL) {
959 nfc_llcp_send_dm(local, dsap, ssap, LLCP_DM_NOCONN);
965 if (sk->sk_state == LLCP_CLOSED) {
967 nfc_llcp_sock_put(llcp_sock);
970 /* Pass the payload upstream */
971 if (ptype == LLCP_PDU_I) {
972 pr_debug("I frame, queueing on %p\n", &llcp_sock->sk);
974 if (ns == llcp_sock->recv_n)
975 llcp_sock->recv_n = (llcp_sock->recv_n + 1) % 16;
977 pr_err("Received out of sequence I PDU\n");
979 skb_pull(skb, LLCP_HEADER_SIZE + LLCP_SEQUENCE_SIZE);
980 if (sock_queue_rcv_skb(&llcp_sock->sk, skb)) {
981 pr_err("receive queue is full\n");
986 /* Remove skbs from the pending queue */
987 if (llcp_sock->send_ack_n != nr) {
988 struct sk_buff *s, *tmp;
991 llcp_sock->send_ack_n = nr;
993 /* Remove and free all skbs until ns == nr */
994 skb_queue_walk_safe(&llcp_sock->tx_pending_queue, s, tmp) {
997 skb_unlink(s, &llcp_sock->tx_pending_queue);
1004 /* Re-queue the remaining skbs for transmission */
1005 skb_queue_reverse_walk_safe(&llcp_sock->tx_pending_queue,
1007 skb_unlink(s, &llcp_sock->tx_pending_queue);
1008 skb_queue_head(&local->tx_queue, s);
1012 if (ptype == LLCP_PDU_RR)
1013 llcp_sock->remote_ready = true;
1014 else if (ptype == LLCP_PDU_RNR)
1015 llcp_sock->remote_ready = false;
1017 if (nfc_llcp_queue_i_frames(llcp_sock) == 0 && ptype == LLCP_PDU_I)
1018 nfc_llcp_send_rr(llcp_sock);
1021 nfc_llcp_sock_put(llcp_sock);
1024 static void nfc_llcp_recv_disc(struct nfc_llcp_local *local,
1025 struct sk_buff *skb)
1027 struct nfc_llcp_sock *llcp_sock;
1031 dsap = nfc_llcp_dsap(skb);
1032 ssap = nfc_llcp_ssap(skb);
1034 llcp_sock = nfc_llcp_sock_get(local, dsap, ssap);
1035 if (llcp_sock == NULL) {
1036 nfc_llcp_send_dm(local, dsap, ssap, LLCP_DM_NOCONN);
1040 sk = &llcp_sock->sk;
1043 nfc_llcp_socket_purge(llcp_sock);
1045 if (sk->sk_state == LLCP_CLOSED) {
1047 nfc_llcp_sock_put(llcp_sock);
1050 if (sk->sk_state == LLCP_CONNECTED) {
1051 nfc_put_device(local->dev);
1052 sk->sk_state = LLCP_CLOSED;
1053 sk->sk_state_change(sk);
1056 nfc_llcp_send_dm(local, dsap, ssap, LLCP_DM_DISC);
1059 nfc_llcp_sock_put(llcp_sock);
1062 static void nfc_llcp_recv_cc(struct nfc_llcp_local *local, struct sk_buff *skb)
1064 struct nfc_llcp_sock *llcp_sock;
1068 dsap = nfc_llcp_dsap(skb);
1069 ssap = nfc_llcp_ssap(skb);
1071 llcp_sock = nfc_llcp_connecting_sock_get(local, dsap);
1072 if (llcp_sock == NULL) {
1073 pr_err("Invalid CC\n");
1074 nfc_llcp_send_dm(local, dsap, ssap, LLCP_DM_NOCONN);
1079 sk = &llcp_sock->sk;
1081 /* Unlink from connecting and link to the client array */
1082 nfc_llcp_sock_unlink(&local->connecting_sockets, sk);
1083 nfc_llcp_sock_link(&local->sockets, sk);
1084 llcp_sock->dsap = ssap;
1086 nfc_llcp_parse_connection_tlv(llcp_sock, &skb->data[LLCP_HEADER_SIZE],
1087 skb->len - LLCP_HEADER_SIZE);
1089 sk->sk_state = LLCP_CONNECTED;
1090 sk->sk_state_change(sk);
1092 nfc_llcp_sock_put(llcp_sock);
1095 static void nfc_llcp_recv_dm(struct nfc_llcp_local *local, struct sk_buff *skb)
1097 struct nfc_llcp_sock *llcp_sock;
1099 u8 dsap, ssap, reason;
1101 dsap = nfc_llcp_dsap(skb);
1102 ssap = nfc_llcp_ssap(skb);
1103 reason = skb->data[2];
1105 pr_debug("%d %d reason %d\n", ssap, dsap, reason);
1108 case LLCP_DM_NOBOUND:
1110 llcp_sock = nfc_llcp_connecting_sock_get(local, dsap);
1114 llcp_sock = nfc_llcp_sock_get(local, dsap, ssap);
1118 if (llcp_sock == NULL) {
1119 pr_debug("Already closed\n");
1123 sk = &llcp_sock->sk;
1126 sk->sk_state = LLCP_CLOSED;
1127 sk->sk_state_change(sk);
1129 nfc_llcp_sock_put(llcp_sock);
1132 static void nfc_llcp_recv_snl(struct nfc_llcp_local *local,
1133 struct sk_buff *skb)
1135 struct nfc_llcp_sock *llcp_sock;
1136 u8 dsap, ssap, *tlv, type, length, tid, sap;
1137 u16 tlv_len, offset;
1139 size_t service_name_len;
1141 dsap = nfc_llcp_dsap(skb);
1142 ssap = nfc_llcp_ssap(skb);
1144 pr_debug("%d %d\n", dsap, ssap);
1146 if (dsap != LLCP_SAP_SDP || ssap != LLCP_SAP_SDP) {
1147 pr_err("Wrong SNL SAP\n");
1151 tlv = &skb->data[LLCP_HEADER_SIZE];
1152 tlv_len = skb->len - LLCP_HEADER_SIZE;
1155 while (offset < tlv_len) {
1160 case LLCP_TLV_SDREQ:
1162 service_name = (char *) &tlv[3];
1163 service_name_len = length - 1;
1165 pr_debug("Looking for %.16s\n", service_name);
1167 if (service_name_len == strlen("urn:nfc:sn:sdp") &&
1168 !strncmp(service_name, "urn:nfc:sn:sdp",
1169 service_name_len)) {
1174 llcp_sock = nfc_llcp_sock_from_sn(local, service_name,
1182 * We found a socket but its ssap has not been reserved
1183 * yet. We need to assign it for good and send a reply.
1184 * The ssap will be freed when the socket is closed.
1186 if (llcp_sock->ssap == LLCP_SDP_UNBOUND) {
1187 atomic_t *client_count;
1189 sap = nfc_llcp_reserve_sdp_ssap(local);
1191 pr_debug("Reserving %d\n", sap);
1193 if (sap == LLCP_SAP_MAX) {
1199 &local->local_sdp_cnt[sap -
1202 atomic_inc(client_count);
1204 llcp_sock->ssap = sap;
1205 llcp_sock->reserved_ssap = sap;
1207 sap = llcp_sock->ssap;
1210 pr_debug("%p %d\n", llcp_sock, sap);
1213 nfc_llcp_send_snl(local, tid, sap);
1217 pr_err("Invalid SNL tlv value 0x%x\n", type);
1221 offset += length + 2;
1226 static void nfc_llcp_rx_work(struct work_struct *work)
1228 struct nfc_llcp_local *local = container_of(work, struct nfc_llcp_local,
1230 u8 dsap, ssap, ptype;
1231 struct sk_buff *skb;
1233 skb = local->rx_pending;
1235 pr_debug("No pending SKB\n");
1239 ptype = nfc_llcp_ptype(skb);
1240 dsap = nfc_llcp_dsap(skb);
1241 ssap = nfc_llcp_ssap(skb);
1243 pr_debug("ptype 0x%x dsap 0x%x ssap 0x%x\n", ptype, dsap, ssap);
1245 if (ptype != LLCP_PDU_SYMM)
1246 print_hex_dump(KERN_DEBUG, "LLCP Rx: ", DUMP_PREFIX_OFFSET,
1247 16, 1, skb->data, skb->len, true);
1249 __net_timestamp(skb);
1251 nfc_llcp_send_to_raw_sock(local, skb, NFC_LLCP_DIRECTION_RX);
1260 nfc_llcp_recv_ui(local, skb);
1263 case LLCP_PDU_CONNECT:
1264 pr_debug("CONNECT\n");
1265 nfc_llcp_recv_connect(local, skb);
1270 nfc_llcp_recv_disc(local, skb);
1275 nfc_llcp_recv_cc(local, skb);
1280 nfc_llcp_recv_dm(local, skb);
1285 nfc_llcp_recv_snl(local, skb);
1291 pr_debug("I frame\n");
1292 nfc_llcp_recv_hdlc(local, skb);
1297 schedule_work(&local->tx_work);
1298 kfree_skb(local->rx_pending);
1299 local->rx_pending = NULL;
1302 void nfc_llcp_recv(void *data, struct sk_buff *skb, int err)
1304 struct nfc_llcp_local *local = (struct nfc_llcp_local *) data;
1306 pr_debug("Received an LLCP PDU\n");
1308 pr_err("err %d\n", err);
1312 local->rx_pending = skb_get(skb);
1313 del_timer(&local->link_timer);
1314 schedule_work(&local->rx_work);
1317 int nfc_llcp_data_received(struct nfc_dev *dev, struct sk_buff *skb)
1319 struct nfc_llcp_local *local;
1321 local = nfc_llcp_find_local(dev);
1325 local->rx_pending = skb_get(skb);
1326 del_timer(&local->link_timer);
1327 schedule_work(&local->rx_work);
1332 void nfc_llcp_mac_is_down(struct nfc_dev *dev)
1334 struct nfc_llcp_local *local;
1336 local = nfc_llcp_find_local(dev);
1340 /* Close and purge all existing sockets */
1341 nfc_llcp_socket_release(local, true);
1344 void nfc_llcp_mac_is_up(struct nfc_dev *dev, u32 target_idx,
1345 u8 comm_mode, u8 rf_mode)
1347 struct nfc_llcp_local *local;
1349 pr_debug("rf mode %d\n", rf_mode);
1351 local = nfc_llcp_find_local(dev);
1355 local->target_idx = target_idx;
1356 local->comm_mode = comm_mode;
1357 local->rf_mode = rf_mode;
1359 if (rf_mode == NFC_RF_INITIATOR) {
1360 pr_debug("Queueing Tx work\n");
1362 schedule_work(&local->tx_work);
1364 mod_timer(&local->link_timer,
1365 jiffies + msecs_to_jiffies(local->remote_lto));
1369 int nfc_llcp_register_device(struct nfc_dev *ndev)
1371 struct nfc_llcp_local *local;
1373 local = kzalloc(sizeof(struct nfc_llcp_local), GFP_KERNEL);
1378 INIT_LIST_HEAD(&local->list);
1379 kref_init(&local->ref);
1380 mutex_init(&local->sdp_lock);
1381 init_timer(&local->link_timer);
1382 local->link_timer.data = (unsigned long) local;
1383 local->link_timer.function = nfc_llcp_symm_timer;
1385 skb_queue_head_init(&local->tx_queue);
1386 INIT_WORK(&local->tx_work, nfc_llcp_tx_work);
1388 local->rx_pending = NULL;
1389 INIT_WORK(&local->rx_work, nfc_llcp_rx_work);
1391 INIT_WORK(&local->timeout_work, nfc_llcp_timeout_work);
1393 rwlock_init(&local->sockets.lock);
1394 rwlock_init(&local->connecting_sockets.lock);
1395 rwlock_init(&local->raw_sockets.lock);
1397 local->lto = 150; /* 1500 ms */
1398 local->rw = LLCP_MAX_RW;
1399 local->miux = cpu_to_be16(LLCP_MAX_MIUX);
1401 nfc_llcp_build_gb(local);
1403 local->remote_miu = LLCP_DEFAULT_MIU;
1404 local->remote_lto = LLCP_DEFAULT_LTO;
1406 list_add(&local->list, &llcp_devices);
1411 void nfc_llcp_unregister_device(struct nfc_dev *dev)
1413 struct nfc_llcp_local *local = nfc_llcp_find_local(dev);
1415 if (local == NULL) {
1416 pr_debug("No such device\n");
1420 nfc_llcp_local_put(local);
1423 int __init nfc_llcp_init(void)
1425 INIT_LIST_HEAD(&llcp_devices);
1427 return nfc_llcp_sock_init();
1430 void nfc_llcp_exit(void)
1432 nfc_llcp_sock_exit();