Some ACR122 firmwares seem to send 0 length data frames. Before using
that length as a data index, we check that it's not 0. If it is we
report the frame as being invalid.
Reported-by: Arthur Taylor <arthur@advancedtelematic.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Several files refer to an old address for the Free Software Foundation
in the file header comment. Resolve by replacing the address with
the URL <http://www.gnu.org/licenses/> so that we do not have to keep
updating the header comments anytime the address changes.
CC: linux-wireless@vger.kernel.org
CC: Lauro Ramos Venancio <lauro.venancio@openbossa.org>
CC: Aloisio Almeida Jr <aloisio.almeida@openbossa.org>
CC: Samuel Ortiz <sameo@linux.intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
In target mode, when we want to send frames larger than the max length
(PN533_CMD_DATAEXCH_DATA_MAXLEN), we have to split the frame in smaller
chunks and send them, using a specific working queue, with the TgSetMetaData
command. TgSetMetaData sets his own MI bit in the PFB.
The last chunk is sent using the TgSetData command.
Signed-off-by: Olivier Guiter <olivier.guiter@linux.intel.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
This code processes, for Target Mode, incoming fragmented frames.
If the MI bit is present, we start a working queue to grab and aggregate
all the parts (using TmGetData between each parts). On the last one, as
there's no more MI bit, we jump on the usual behavior.
Signed-off-by: Olivier Guiter <olivier.guiter@linux.intel.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
The fragmentation routine (used to split big frames) could be used in
target or initiator mode (TgSetMetaData vs InDataExchange), but the
MI/TG bytes are not needed in target mode (TgSetMetaData), so we
add a check on the mode
Signed-off-by: Olivier Guiter <olivier.guiter@linux.intel.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Local symbols used only in this file are made static.
Signed-off-by: Sachin Kamat <sachin.kamat@linaro.org>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
If we start the polling loop from a listening cycle, we need to start
the corresponding timer as well.
This bug showed up after commit dfccd0f5 as it was impossible to start
from a listening cycle before it.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
In order to improve active devices detection, we send an ATR_REQ between
each passive detection cycle. Without this algorithm, Android 4.3 based
devices running the Broadcom stack are hardly detected.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Use standardized styles to minimize coding defects.
Always use nfc_<level> where feasible.
Add \n to formats where appropriate.
Typo "it it" correction.
Add #define pr_fmt where appropriate.
Remove function tracing logging messages.
Remove OOM messages.
Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Use a more standard kernel style macro logging name.
Standardize the spacing of the "NFC: " prefix.
Add \n to uses, remove from macro.
Fix the defective uses that already had a \n.
Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Use the generic kernel function instead of a home-grown
one that does the same thing.
Add \n to uses not at the macro. Don't add \n where
the nfc_dev_dbg macro mistakenly had them already.
Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
By not always starting the polling loop from the same modulation, we
avoid entering infinite loops where devices exporting 2 targets (on 2
different modulations) get the same target activated over and over.
If this target is not readable (e.g. a wallet emulating a tag), we will
stay in an error loop for ever.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
It seems that some pn533 firmwares go belly up when being asked to send
poll frames too frequently. Adding a 10ms delay between each of them
calm the chip down and prevent it from crashing.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
The extended information frame are sent by PN533 to exchange frames
larger than 255 bytes. These extended frame are very close from the
standard ones except for the header size length. On each incoming
frame, we set the correct header length, and we do that only for the
standard pn533 chipsets as the acr122 does not seem to support extended
frames properly.
Signed-off-by: Olivier Guiter <olivier.guiter@linux.intel.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
On sending large frames (size > 262), we split it in multiple chunks and
send them asynchronously with MI bit.
Signed-off-by: Olivier Guiter <olivier.guiter@linux.intel.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Extended Information frames are slightly different from standard frames
as they can (theorically) handle datas up tu 64kB. PN533 firmware only
supports packet data up to 265 (incl. TFI byte)
This kind of frame are used when the pn533 wants to exchange more than
255 bytes, and this patch handles the reception of such frames.
Signed-off-by: Olivier Guiter <olivier.guiter@linux.intel.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
The AUTO RFCA bit forbids the pn533 chipset to turn its radio on
whenever an external field is present.
Without this bit set, some devices seems to get over flood by the
pn533 rf field and thus become hardly detectable.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
p2p devices must be able to support 424 kbps, so we should always select
that bitrate in initiator mode.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
By turning the radio off after each failed polling try, we dramatically
improve the pn533 polling loop efficiency.
Without this fix, all Android phones running the broadcom NFC stack are
almost never detected.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
By using the standard setting for the regular pn533 dongles, we no
longer wait for ever for an ATR_RES. Without this, a failing ATR_REQ
will put the hardware into a busy loop, constantly waiting for an
ATR_RES.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Pull networking updates from David Miller:
"This is a re-do of the net-next pull request for the current merge
window. The only difference from the one I made the other day is that
this has Eliezer's interface renames and the timeout handling changes
made based upon your feedback, as well as a few bug fixes that have
trickeled in.
Highlights:
1) Low latency device polling, eliminating the cost of interrupt
handling and context switches. Allows direct polling of a network
device from socket operations, such as recvmsg() and poll().
Currently ixgbe, mlx4, and bnx2x support this feature.
Full high level description, performance numbers, and design in
commit 0a4db187a999 ("Merge branch 'll_poll'")
From Eliezer Tamir.
2) With the routing cache removed, ip_check_mc_rcu() gets exercised
more than ever before in the case where we have lots of multicast
addresses. Use a hash table instead of a simple linked list, from
Eric Dumazet.
3) Add driver for Atheros CQA98xx 802.11ac wireless devices, from
Bartosz Markowski, Janusz Dziedzic, Kalle Valo, Marek Kwaczynski,
Marek Puzyniak, Michal Kazior, and Sujith Manoharan.
4) Support reporting the TUN device persist flag to userspace, from
Pavel Emelyanov.
5) Allow controlling network device VF link state using netlink, from
Rony Efraim.
6) Support GRE tunneling in openvswitch, from Pravin B Shelar.
7) Adjust SOCK_MIN_RCVBUF and SOCK_MIN_SNDBUF for modern times, from
Daniel Borkmann and Eric Dumazet.
8) Allow controlling of TCP quickack behavior on a per-route basis,
from Cong Wang.
9) Several bug fixes and improvements to vxlan from Stephen
Hemminger, Pravin B Shelar, and Mike Rapoport. In particular,
support receiving on multiple UDP ports.
10) Major cleanups, particular in the area of debugging and cookie
lifetime handline, to the SCTP protocol code. From Daniel
Borkmann.
11) Allow packets to cross network namespaces when traversing tunnel
devices. From Nicolas Dichtel.
12) Allow monitoring netlink traffic via AF_PACKET sockets, in a
manner akin to how we monitor real network traffic via ptype_all.
From Daniel Borkmann.
13) Several bug fixes and improvements for the new alx device driver,
from Johannes Berg.
14) Fix scalability issues in the netem packet scheduler's time queue,
by using an rbtree. From Eric Dumazet.
15) Several bug fixes in TCP loss recovery handling, from Yuchung
Cheng.
16) Add support for GSO segmentation of MPLS packets, from Simon
Horman.
17) Make network notifiers have a real data type for the opaque
pointer that's passed into them. Use this to properly handle
network device flag changes in arp_netdev_event(). From Jiri
Pirko and Timo Teräs.
18) Convert several drivers over to module_pci_driver(), from Peter
Huewe.
19) tcp_fixup_rcvbuf() can loop 500 times over loopback, just use a
O(1) calculation instead. From Eric Dumazet.
20) Support setting of explicit tunnel peer addresses in ipv6, just
like ipv4. From Nicolas Dichtel.
21) Protect x86 BPF JIT against spraying attacks, from Eric Dumazet.
22) Prevent a single high rate flow from overruning an individual cpu
during RX packet processing via selective flow shedding. From
Willem de Bruijn.
23) Don't use spinlocks in TCP md5 signing fast paths, from Eric
Dumazet.
24) Don't just drop GSO packets which are above the TBF scheduler's
burst limit, chop them up so they are in-bounds instead. Also
from Eric Dumazet.
25) VLAN offloads are missed when configured on top of a bridge, fix
from Vlad Yasevich.
26) Support IPV6 in ping sockets. From Lorenzo Colitti.
27) Receive flow steering targets should be updated at poll() time
too, from David Majnemer.
28) Fix several corner case regressions in PMTU/redirect handling due
to the routing cache removal, from Timo Teräs.
29) We have to be mindful of ipv4 mapped ipv6 sockets in
upd_v6_push_pending_frames(). From Hannes Frederic Sowa.
30) Fix L2TP sequence number handling bugs, from James Chapman."
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1214 commits)
drivers/net: caif: fix wrong rtnl_is_locked() usage
drivers/net: enic: release rtnl_lock on error-path
vhost-net: fix use-after-free in vhost_net_flush
net: mv643xx_eth: do not use port number as platform device id
net: sctp: confirm route during forward progress
virtio_net: fix race in RX VQ processing
virtio: support unlocked queue poll
net/cadence/macb: fix bug/typo in extracting gem_irq_read_clear bit
Documentation: Fix references to defunct linux-net@vger.kernel.org
net/fs: change busy poll time accounting
net: rename low latency sockets functions to busy poll
bridge: fix some kernel warning in multicast timer
sfc: Fix memory leak when discarding scattered packets
sit: fix tunnel update via netlink
dt:net:stmmac: Add dt specific phy reset callback support.
dt:net:stmmac: Add support to dwmac version 3.610 and 3.710
dt:net:stmmac: Allocate platform data only if its NULL.
net:stmmac: fix memleak in the open method
ipv6: rt6_check_neigh should successfully verify neigh if no NUD information are available
net: ipv6: fix wrong ping_v6_sendmsg return value
...
Instead of dumping ACR122 frames as errors, we use the print_hex_dump()
dynamic debug APIs.
We also print an accurate IC version, as the ACR122 is pn532 based.
Signed-off-by: Olivier Guiter <olivier.guiter@linux.intel.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Supported secure elements are typically found during a discovery process
initiated when the NFC controller is up and running. For a given NFC
chipset there can be many configurations (embedded SE or not, with or
without a SIM card wired to the NFC controller SWP interface, etc...) and
thus driver code will never know before hand which SEs are available.
So we remove this field, it will be replaced by a real SE discovery
mechanism.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
When using NFC-F we should copy the NFCID2 buffer that we got from
SENSF_RES through the ATR_REQ NFCID3 buffer. Not doing so violates
NFC Forum digital requirement #189.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Fix to return -ENOMEM in the nfc device alloc error handling
case instead of 0, as done elsewhere in this function.
Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Add missing usb_put_dev on failure path in pn533_probe().
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Marina Makienko <makienko@ispras.ru>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Major features added in 0.2 version:
* frame ops added to support wider set of devices
* support of ACS ACR122U
Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
pn533_abort_cmd() aborts last command sent to the controller
and cancels already requested urb.
As ACR122U does not support any mechanism (as ACK for standard
PN533) which aborts last command this cannot be issued for this
device. Otherwise, acr122u will behave in an unstable way.
Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
ACS ACR122U is an USB NFC reader, PC/SC and CCID compilant, based
on NXP PN532 chip.
Internally, it's build of MCU, PN532 and an antenna. MCU makes the
device CCID and PC/SC compilant and provide USB connection.
In this achitecture, a host cannot talk directly to PN532 and must
rely on MCU. Luckily, MCU exposes pseud-APDU through PC/SC Escape
mechanism which let the host to transmit standard PN532 commands
directly to PN532 chip with some limitations.
The frame roughly looks like:
CCID header | APDU header | PN532 header
(pc_to_rdr_escape) | (pseudo apdu Direct Tramsmit) | (len, TFI, cmd, params)
Accordign to limitations, ACR122U does't provide any mechanism to
abort last issued command.
Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
As not all devices require ACK confirmation of every request sent to the
controller, differentiate two protocol types.
First one, request-ack-response and the second one request-response type.
Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Rename 'wq_in_error' field to more relevant 'status'
and move it to cmd context struct.
Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
In all cases (send_cmd_async, send_data_async and send_sync)
pn533_send_async_complete() handles all responses internally,
so there is no need to pass this as a callback.
Cmd context is passed to __pn533_send_frame_async in all the
cases as well. It's already kept in struct pn533 which is
available all the time the device is attached. So we can make
use of it instead.
Therefore, cmd_complete and cmd_complete_arg are no needed any more.
Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
We must free 'cmd_complete_mi_arg' and not 'cmd_complete_arg'
when getting send error handling fragmented response.
Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Keep cmd context in pn533 struct instead of only cmd code.
The context already includes cmd_code.
Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Use struct pn533_cmd instead of pn533_send_async_complete_arg
to track the context of the issued cmd.
This way pn533_send_async_complete_arg struct is no needed
anymore. Just move issuer complete callback to pn533_cmd struct.
Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
In case of error from __pn533_send_frame_async() while sending
next cmd from the queue (cmd_wq), cmd->req, cmd->resp and
cmd->arg pointers won't be freed.
Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Define explicitely it is Pasori specific reset command.
Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Remove duplicated authors info from the header as well.
Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
For better debugging as the codes are defined in hex in the spec.
Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>