xref: /openbmc/linux/net/nfc/hci/core.c (revision 089a49b6)
1 /*
2  * Copyright (C) 2012  Intel Corporation. All rights reserved.
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published by
6  * the Free Software Foundation; either version 2 of the License, or
7  * (at your option) any later version.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12  * GNU General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the
16  * Free Software Foundation, Inc.,
17  * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
18  */
19 
20 #define pr_fmt(fmt) "hci: %s: " fmt, __func__
21 
22 #include <linux/init.h>
23 #include <linux/kernel.h>
24 #include <linux/module.h>
25 #include <linux/nfc.h>
26 
27 #include <net/nfc/nfc.h>
28 #include <net/nfc/hci.h>
29 #include <net/nfc/llc.h>
30 
31 #include "hci.h"
32 
33 /* Largest headroom needed for outgoing HCI commands */
34 #define HCI_CMDS_HEADROOM 1
35 
36 int nfc_hci_result_to_errno(u8 result)
37 {
38 	switch (result) {
39 	case NFC_HCI_ANY_OK:
40 		return 0;
41 	case NFC_HCI_ANY_E_REG_PAR_UNKNOWN:
42 		return -EOPNOTSUPP;
43 	case NFC_HCI_ANY_E_TIMEOUT:
44 		return -ETIME;
45 	default:
46 		return -1;
47 	}
48 }
49 EXPORT_SYMBOL(nfc_hci_result_to_errno);
50 
51 static void nfc_hci_msg_tx_work(struct work_struct *work)
52 {
53 	struct nfc_hci_dev *hdev = container_of(work, struct nfc_hci_dev,
54 						msg_tx_work);
55 	struct hci_msg *msg;
56 	struct sk_buff *skb;
57 	int r = 0;
58 
59 	mutex_lock(&hdev->msg_tx_mutex);
60 	if (hdev->shutting_down)
61 		goto exit;
62 
63 	if (hdev->cmd_pending_msg) {
64 		if (timer_pending(&hdev->cmd_timer) == 0) {
65 			if (hdev->cmd_pending_msg->cb)
66 				hdev->cmd_pending_msg->cb(hdev->
67 							  cmd_pending_msg->
68 							  cb_context,
69 							  NULL,
70 							  -ETIME);
71 			kfree(hdev->cmd_pending_msg);
72 			hdev->cmd_pending_msg = NULL;
73 		} else {
74 			goto exit;
75 		}
76 	}
77 
78 next_msg:
79 	if (list_empty(&hdev->msg_tx_queue))
80 		goto exit;
81 
82 	msg = list_first_entry(&hdev->msg_tx_queue, struct hci_msg, msg_l);
83 	list_del(&msg->msg_l);
84 
85 	pr_debug("msg_tx_queue has a cmd to send\n");
86 	while ((skb = skb_dequeue(&msg->msg_frags)) != NULL) {
87 		r = nfc_llc_xmit_from_hci(hdev->llc, skb);
88 		if (r < 0) {
89 			kfree_skb(skb);
90 			skb_queue_purge(&msg->msg_frags);
91 			if (msg->cb)
92 				msg->cb(msg->cb_context, NULL, r);
93 			kfree(msg);
94 			break;
95 		}
96 	}
97 
98 	if (r)
99 		goto next_msg;
100 
101 	if (msg->wait_response == false) {
102 		kfree(msg);
103 		goto next_msg;
104 	}
105 
106 	hdev->cmd_pending_msg = msg;
107 	mod_timer(&hdev->cmd_timer, jiffies +
108 		  msecs_to_jiffies(hdev->cmd_pending_msg->completion_delay));
109 
110 exit:
111 	mutex_unlock(&hdev->msg_tx_mutex);
112 }
113 
114 static void nfc_hci_msg_rx_work(struct work_struct *work)
115 {
116 	struct nfc_hci_dev *hdev = container_of(work, struct nfc_hci_dev,
117 						msg_rx_work);
118 	struct sk_buff *skb;
119 	struct hcp_message *message;
120 	u8 pipe;
121 	u8 type;
122 	u8 instruction;
123 
124 	while ((skb = skb_dequeue(&hdev->msg_rx_queue)) != NULL) {
125 		pipe = skb->data[0];
126 		skb_pull(skb, NFC_HCI_HCP_PACKET_HEADER_LEN);
127 		message = (struct hcp_message *)skb->data;
128 		type = HCP_MSG_GET_TYPE(message->header);
129 		instruction = HCP_MSG_GET_CMD(message->header);
130 		skb_pull(skb, NFC_HCI_HCP_MESSAGE_HEADER_LEN);
131 
132 		nfc_hci_hcp_message_rx(hdev, pipe, type, instruction, skb);
133 	}
134 }
135 
136 static void __nfc_hci_cmd_completion(struct nfc_hci_dev *hdev, int err,
137 				     struct sk_buff *skb)
138 {
139 	del_timer_sync(&hdev->cmd_timer);
140 
141 	if (hdev->cmd_pending_msg->cb)
142 		hdev->cmd_pending_msg->cb(hdev->cmd_pending_msg->cb_context,
143 					  skb, err);
144 	else
145 		kfree_skb(skb);
146 
147 	kfree(hdev->cmd_pending_msg);
148 	hdev->cmd_pending_msg = NULL;
149 
150 	schedule_work(&hdev->msg_tx_work);
151 }
152 
153 void nfc_hci_resp_received(struct nfc_hci_dev *hdev, u8 result,
154 			   struct sk_buff *skb)
155 {
156 	mutex_lock(&hdev->msg_tx_mutex);
157 
158 	if (hdev->cmd_pending_msg == NULL) {
159 		kfree_skb(skb);
160 		goto exit;
161 	}
162 
163 	__nfc_hci_cmd_completion(hdev, nfc_hci_result_to_errno(result), skb);
164 
165 exit:
166 	mutex_unlock(&hdev->msg_tx_mutex);
167 }
168 
169 void nfc_hci_cmd_received(struct nfc_hci_dev *hdev, u8 pipe, u8 cmd,
170 			  struct sk_buff *skb)
171 {
172 	kfree_skb(skb);
173 }
174 
175 u32 nfc_hci_sak_to_protocol(u8 sak)
176 {
177 	switch (NFC_HCI_TYPE_A_SEL_PROT(sak)) {
178 	case NFC_HCI_TYPE_A_SEL_PROT_MIFARE:
179 		return NFC_PROTO_MIFARE_MASK;
180 	case NFC_HCI_TYPE_A_SEL_PROT_ISO14443:
181 		return NFC_PROTO_ISO14443_MASK;
182 	case NFC_HCI_TYPE_A_SEL_PROT_DEP:
183 		return NFC_PROTO_NFC_DEP_MASK;
184 	case NFC_HCI_TYPE_A_SEL_PROT_ISO14443_DEP:
185 		return NFC_PROTO_ISO14443_MASK | NFC_PROTO_NFC_DEP_MASK;
186 	default:
187 		return 0xffffffff;
188 	}
189 }
190 EXPORT_SYMBOL(nfc_hci_sak_to_protocol);
191 
192 int nfc_hci_target_discovered(struct nfc_hci_dev *hdev, u8 gate)
193 {
194 	struct nfc_target *targets;
195 	struct sk_buff *atqa_skb = NULL;
196 	struct sk_buff *sak_skb = NULL;
197 	struct sk_buff *uid_skb = NULL;
198 	int r;
199 
200 	pr_debug("from gate %d\n", gate);
201 
202 	targets = kzalloc(sizeof(struct nfc_target), GFP_KERNEL);
203 	if (targets == NULL)
204 		return -ENOMEM;
205 
206 	switch (gate) {
207 	case NFC_HCI_RF_READER_A_GATE:
208 		r = nfc_hci_get_param(hdev, NFC_HCI_RF_READER_A_GATE,
209 				      NFC_HCI_RF_READER_A_ATQA, &atqa_skb);
210 		if (r < 0)
211 			goto exit;
212 
213 		r = nfc_hci_get_param(hdev, NFC_HCI_RF_READER_A_GATE,
214 				      NFC_HCI_RF_READER_A_SAK, &sak_skb);
215 		if (r < 0)
216 			goto exit;
217 
218 		if (atqa_skb->len != 2 || sak_skb->len != 1) {
219 			r = -EPROTO;
220 			goto exit;
221 		}
222 
223 		targets->supported_protocols =
224 				nfc_hci_sak_to_protocol(sak_skb->data[0]);
225 		if (targets->supported_protocols == 0xffffffff) {
226 			r = -EPROTO;
227 			goto exit;
228 		}
229 
230 		targets->sens_res = be16_to_cpu(*(u16 *)atqa_skb->data);
231 		targets->sel_res = sak_skb->data[0];
232 
233 		r = nfc_hci_get_param(hdev, NFC_HCI_RF_READER_A_GATE,
234 				      NFC_HCI_RF_READER_A_UID, &uid_skb);
235 		if (r < 0)
236 			goto exit;
237 
238 		if (uid_skb->len == 0 || uid_skb->len > NFC_NFCID1_MAXSIZE) {
239 			r = -EPROTO;
240 			goto exit;
241 		}
242 
243 		memcpy(targets->nfcid1, uid_skb->data, uid_skb->len);
244 		targets->nfcid1_len = uid_skb->len;
245 
246 		if (hdev->ops->complete_target_discovered) {
247 			r = hdev->ops->complete_target_discovered(hdev, gate,
248 								  targets);
249 			if (r < 0)
250 				goto exit;
251 		}
252 		break;
253 	case NFC_HCI_RF_READER_B_GATE:
254 		targets->supported_protocols = NFC_PROTO_ISO14443_B_MASK;
255 		break;
256 	default:
257 		if (hdev->ops->target_from_gate)
258 			r = hdev->ops->target_from_gate(hdev, gate, targets);
259 		else
260 			r = -EPROTO;
261 		if (r < 0)
262 			goto exit;
263 
264 		if (hdev->ops->complete_target_discovered) {
265 			r = hdev->ops->complete_target_discovered(hdev, gate,
266 								  targets);
267 			if (r < 0)
268 				goto exit;
269 		}
270 		break;
271 	}
272 
273 	/* if driver set the new gate, we will skip the old one */
274 	if (targets->hci_reader_gate == 0x00)
275 		targets->hci_reader_gate = gate;
276 
277 	r = nfc_targets_found(hdev->ndev, targets, 1);
278 
279 exit:
280 	kfree(targets);
281 	kfree_skb(atqa_skb);
282 	kfree_skb(sak_skb);
283 	kfree_skb(uid_skb);
284 
285 	return r;
286 }
287 EXPORT_SYMBOL(nfc_hci_target_discovered);
288 
289 void nfc_hci_event_received(struct nfc_hci_dev *hdev, u8 pipe, u8 event,
290 			    struct sk_buff *skb)
291 {
292 	int r = 0;
293 	u8 gate = nfc_hci_pipe2gate(hdev, pipe);
294 
295 	if (gate == 0xff) {
296 		pr_err("Discarded event %x to unopened pipe %x\n", event, pipe);
297 		goto exit;
298 	}
299 
300 	if (hdev->ops->event_received) {
301 		r = hdev->ops->event_received(hdev, gate, event, skb);
302 		if (r <= 0)
303 			goto exit_noskb;
304 	}
305 
306 	switch (event) {
307 	case NFC_HCI_EVT_TARGET_DISCOVERED:
308 		if (skb->len < 1) {	/* no status data? */
309 			r = -EPROTO;
310 			goto exit;
311 		}
312 
313 		if (skb->data[0] == 3) {
314 			/* TODO: Multiple targets in field, none activated
315 			 * poll is supposedly stopped, but there is no
316 			 * single target to activate, so nothing to report
317 			 * up.
318 			 * if we need to restart poll, we must save the
319 			 * protocols from the initial poll and reuse here.
320 			 */
321 		}
322 
323 		if (skb->data[0] != 0) {
324 			r = -EPROTO;
325 			goto exit;
326 		}
327 
328 		r = nfc_hci_target_discovered(hdev, gate);
329 		break;
330 	default:
331 		pr_info("Discarded unknown event %x to gate %x\n", event, gate);
332 		r = -EINVAL;
333 		break;
334 	}
335 
336 exit:
337 	kfree_skb(skb);
338 
339 exit_noskb:
340 	if (r) {
341 		/* TODO: There was an error dispatching the event,
342 		 * how to propagate up to nfc core?
343 		 */
344 	}
345 }
346 
347 static void nfc_hci_cmd_timeout(unsigned long data)
348 {
349 	struct nfc_hci_dev *hdev = (struct nfc_hci_dev *)data;
350 
351 	schedule_work(&hdev->msg_tx_work);
352 }
353 
354 static int hci_dev_connect_gates(struct nfc_hci_dev *hdev, u8 gate_count,
355 				 struct nfc_hci_gate *gates)
356 {
357 	int r;
358 	while (gate_count--) {
359 		r = nfc_hci_connect_gate(hdev, NFC_HCI_HOST_CONTROLLER_ID,
360 					 gates->gate, gates->pipe);
361 		if (r < 0)
362 			return r;
363 		gates++;
364 	}
365 
366 	return 0;
367 }
368 
369 static int hci_dev_session_init(struct nfc_hci_dev *hdev)
370 {
371 	struct sk_buff *skb = NULL;
372 	int r;
373 
374 	if (hdev->init_data.gates[0].gate != NFC_HCI_ADMIN_GATE)
375 		return -EPROTO;
376 
377 	r = nfc_hci_connect_gate(hdev, NFC_HCI_HOST_CONTROLLER_ID,
378 				 hdev->init_data.gates[0].gate,
379 				 hdev->init_data.gates[0].pipe);
380 	if (r < 0)
381 		goto exit;
382 
383 	r = nfc_hci_get_param(hdev, NFC_HCI_ADMIN_GATE,
384 			      NFC_HCI_ADMIN_SESSION_IDENTITY, &skb);
385 	if (r < 0)
386 		goto disconnect_all;
387 
388 	if (skb->len && skb->len == strlen(hdev->init_data.session_id))
389 		if (memcmp(hdev->init_data.session_id, skb->data,
390 			   skb->len) == 0) {
391 			/* TODO ELa: restore gate<->pipe table from
392 			 * some TBD location.
393 			 * note: it doesn't seem possible to get the chip
394 			 * currently open gate/pipe table.
395 			 * It is only possible to obtain the supported
396 			 * gate list.
397 			 */
398 
399 			/* goto exit
400 			 * For now, always do a full initialization */
401 		}
402 
403 	r = nfc_hci_disconnect_all_gates(hdev);
404 	if (r < 0)
405 		goto exit;
406 
407 	r = hci_dev_connect_gates(hdev, hdev->init_data.gate_count,
408 				  hdev->init_data.gates);
409 	if (r < 0)
410 		goto disconnect_all;
411 
412 	r = nfc_hci_set_param(hdev, NFC_HCI_ADMIN_GATE,
413 			      NFC_HCI_ADMIN_SESSION_IDENTITY,
414 			      hdev->init_data.session_id,
415 			      strlen(hdev->init_data.session_id));
416 	if (r == 0)
417 		goto exit;
418 
419 disconnect_all:
420 	nfc_hci_disconnect_all_gates(hdev);
421 
422 exit:
423 	kfree_skb(skb);
424 
425 	return r;
426 }
427 
428 static int hci_dev_version(struct nfc_hci_dev *hdev)
429 {
430 	int r;
431 	struct sk_buff *skb;
432 
433 	r = nfc_hci_get_param(hdev, NFC_HCI_ID_MGMT_GATE,
434 			      NFC_HCI_ID_MGMT_VERSION_SW, &skb);
435 	if (r == -EOPNOTSUPP) {
436 		pr_info("Software/Hardware info not available\n");
437 		return 0;
438 	}
439 	if (r < 0)
440 		return r;
441 
442 	if (skb->len != 3) {
443 		kfree_skb(skb);
444 		return -EINVAL;
445 	}
446 
447 	hdev->sw_romlib = (skb->data[0] & 0xf0) >> 4;
448 	hdev->sw_patch = skb->data[0] & 0x0f;
449 	hdev->sw_flashlib_major = skb->data[1];
450 	hdev->sw_flashlib_minor = skb->data[2];
451 
452 	kfree_skb(skb);
453 
454 	r = nfc_hci_get_param(hdev, NFC_HCI_ID_MGMT_GATE,
455 			      NFC_HCI_ID_MGMT_VERSION_HW, &skb);
456 	if (r < 0)
457 		return r;
458 
459 	if (skb->len != 3) {
460 		kfree_skb(skb);
461 		return -EINVAL;
462 	}
463 
464 	hdev->hw_derivative = (skb->data[0] & 0xe0) >> 5;
465 	hdev->hw_version = skb->data[0] & 0x1f;
466 	hdev->hw_mpw = (skb->data[1] & 0xc0) >> 6;
467 	hdev->hw_software = skb->data[1] & 0x3f;
468 	hdev->hw_bsid = skb->data[2];
469 
470 	kfree_skb(skb);
471 
472 	pr_info("SOFTWARE INFO:\n");
473 	pr_info("RomLib         : %d\n", hdev->sw_romlib);
474 	pr_info("Patch          : %d\n", hdev->sw_patch);
475 	pr_info("FlashLib Major : %d\n", hdev->sw_flashlib_major);
476 	pr_info("FlashLib Minor : %d\n", hdev->sw_flashlib_minor);
477 	pr_info("HARDWARE INFO:\n");
478 	pr_info("Derivative     : %d\n", hdev->hw_derivative);
479 	pr_info("HW Version     : %d\n", hdev->hw_version);
480 	pr_info("#MPW           : %d\n", hdev->hw_mpw);
481 	pr_info("Software       : %d\n", hdev->hw_software);
482 	pr_info("BSID Version   : %d\n", hdev->hw_bsid);
483 
484 	return 0;
485 }
486 
487 static int hci_dev_up(struct nfc_dev *nfc_dev)
488 {
489 	struct nfc_hci_dev *hdev = nfc_get_drvdata(nfc_dev);
490 	int r = 0;
491 
492 	if (hdev->ops->open) {
493 		r = hdev->ops->open(hdev);
494 		if (r < 0)
495 			return r;
496 	}
497 
498 	r = nfc_llc_start(hdev->llc);
499 	if (r < 0)
500 		goto exit_close;
501 
502 	r = hci_dev_session_init(hdev);
503 	if (r < 0)
504 		goto exit_llc;
505 
506 	r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
507 			       NFC_HCI_EVT_END_OPERATION, NULL, 0);
508 	if (r < 0)
509 		goto exit_llc;
510 
511 	if (hdev->ops->hci_ready) {
512 		r = hdev->ops->hci_ready(hdev);
513 		if (r < 0)
514 			goto exit_llc;
515 	}
516 
517 	r = hci_dev_version(hdev);
518 	if (r < 0)
519 		goto exit_llc;
520 
521 	return 0;
522 
523 exit_llc:
524 	nfc_llc_stop(hdev->llc);
525 
526 exit_close:
527 	if (hdev->ops->close)
528 		hdev->ops->close(hdev);
529 
530 	return r;
531 }
532 
533 static int hci_dev_down(struct nfc_dev *nfc_dev)
534 {
535 	struct nfc_hci_dev *hdev = nfc_get_drvdata(nfc_dev);
536 
537 	nfc_llc_stop(hdev->llc);
538 
539 	if (hdev->ops->close)
540 		hdev->ops->close(hdev);
541 
542 	memset(hdev->gate2pipe, NFC_HCI_INVALID_PIPE, sizeof(hdev->gate2pipe));
543 
544 	return 0;
545 }
546 
547 static int hci_start_poll(struct nfc_dev *nfc_dev,
548 			  u32 im_protocols, u32 tm_protocols)
549 {
550 	struct nfc_hci_dev *hdev = nfc_get_drvdata(nfc_dev);
551 
552 	if (hdev->ops->start_poll)
553 		return hdev->ops->start_poll(hdev, im_protocols, tm_protocols);
554 	else
555 		return nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
556 					  NFC_HCI_EVT_READER_REQUESTED,
557 					  NULL, 0);
558 }
559 
560 static void hci_stop_poll(struct nfc_dev *nfc_dev)
561 {
562 	struct nfc_hci_dev *hdev = nfc_get_drvdata(nfc_dev);
563 
564 	nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
565 			   NFC_HCI_EVT_END_OPERATION, NULL, 0);
566 }
567 
568 static int hci_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
569 				__u8 comm_mode, __u8 *gb, size_t gb_len)
570 {
571 	struct nfc_hci_dev *hdev = nfc_get_drvdata(nfc_dev);
572 
573 	if (!hdev->ops->dep_link_up)
574 		return 0;
575 
576 	return hdev->ops->dep_link_up(hdev, target, comm_mode,
577 				      gb, gb_len);
578 }
579 
580 static int hci_dep_link_down(struct nfc_dev *nfc_dev)
581 {
582 	struct nfc_hci_dev *hdev = nfc_get_drvdata(nfc_dev);
583 
584 	if (!hdev->ops->dep_link_down)
585 		return 0;
586 
587 	return hdev->ops->dep_link_down(hdev);
588 }
589 
590 static int hci_activate_target(struct nfc_dev *nfc_dev,
591 			       struct nfc_target *target, u32 protocol)
592 {
593 	return 0;
594 }
595 
596 static void hci_deactivate_target(struct nfc_dev *nfc_dev,
597 				  struct nfc_target *target)
598 {
599 }
600 
601 #define HCI_CB_TYPE_TRANSCEIVE 1
602 
603 static void hci_transceive_cb(void *context, struct sk_buff *skb, int err)
604 {
605 	struct nfc_hci_dev *hdev = context;
606 
607 	switch (hdev->async_cb_type) {
608 	case HCI_CB_TYPE_TRANSCEIVE:
609 		/*
610 		 * TODO: Check RF Error indicator to make sure data is valid.
611 		 * It seems that HCI cmd can complete without error, but data
612 		 * can be invalid if an RF error occured? Ignore for now.
613 		 */
614 		if (err == 0)
615 			skb_trim(skb, skb->len - 1); /* RF Err ind */
616 
617 		hdev->async_cb(hdev->async_cb_context, skb, err);
618 		break;
619 	default:
620 		if (err == 0)
621 			kfree_skb(skb);
622 		break;
623 	}
624 }
625 
626 static int hci_transceive(struct nfc_dev *nfc_dev, struct nfc_target *target,
627 			  struct sk_buff *skb, data_exchange_cb_t cb,
628 			  void *cb_context)
629 {
630 	struct nfc_hci_dev *hdev = nfc_get_drvdata(nfc_dev);
631 	int r;
632 
633 	pr_debug("target_idx=%d\n", target->idx);
634 
635 	switch (target->hci_reader_gate) {
636 	case NFC_HCI_RF_READER_A_GATE:
637 	case NFC_HCI_RF_READER_B_GATE:
638 		if (hdev->ops->im_transceive) {
639 			r = hdev->ops->im_transceive(hdev, target, skb, cb,
640 						     cb_context);
641 			if (r <= 0)	/* handled */
642 				break;
643 		}
644 
645 		*skb_push(skb, 1) = 0;	/* CTR, see spec:10.2.2.1 */
646 
647 		hdev->async_cb_type = HCI_CB_TYPE_TRANSCEIVE;
648 		hdev->async_cb = cb;
649 		hdev->async_cb_context = cb_context;
650 
651 		r = nfc_hci_send_cmd_async(hdev, target->hci_reader_gate,
652 					   NFC_HCI_WR_XCHG_DATA, skb->data,
653 					   skb->len, hci_transceive_cb, hdev);
654 		break;
655 	default:
656 		if (hdev->ops->im_transceive) {
657 			r = hdev->ops->im_transceive(hdev, target, skb, cb,
658 						     cb_context);
659 			if (r == 1)
660 				r = -ENOTSUPP;
661 		} else {
662 			r = -ENOTSUPP;
663 		}
664 		break;
665 	}
666 
667 	kfree_skb(skb);
668 
669 	return r;
670 }
671 
672 static int hci_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb)
673 {
674 	struct nfc_hci_dev *hdev = nfc_get_drvdata(nfc_dev);
675 
676 	if (!hdev->ops->tm_send) {
677 		kfree_skb(skb);
678 		return -ENOTSUPP;
679 	}
680 
681 	return hdev->ops->tm_send(hdev, skb);
682 }
683 
684 static int hci_check_presence(struct nfc_dev *nfc_dev,
685 			      struct nfc_target *target)
686 {
687 	struct nfc_hci_dev *hdev = nfc_get_drvdata(nfc_dev);
688 
689 	if (!hdev->ops->check_presence)
690 		return 0;
691 
692 	return hdev->ops->check_presence(hdev, target);
693 }
694 
695 static int hci_discover_se(struct nfc_dev *nfc_dev)
696 {
697 	struct nfc_hci_dev *hdev = nfc_get_drvdata(nfc_dev);
698 
699 	if (hdev->ops->discover_se)
700 		return hdev->ops->discover_se(hdev);
701 
702 	return 0;
703 }
704 
705 static int hci_enable_se(struct nfc_dev *nfc_dev, u32 se_idx)
706 {
707 	struct nfc_hci_dev *hdev = nfc_get_drvdata(nfc_dev);
708 
709 	if (hdev->ops->enable_se)
710 		return hdev->ops->enable_se(hdev, se_idx);
711 
712 	return 0;
713 }
714 
715 static int hci_disable_se(struct nfc_dev *nfc_dev, u32 se_idx)
716 {
717 	struct nfc_hci_dev *hdev = nfc_get_drvdata(nfc_dev);
718 
719 	if (hdev->ops->disable_se)
720 		return hdev->ops->disable_se(hdev, se_idx);
721 
722 	return 0;
723 }
724 
725 static void nfc_hci_failure(struct nfc_hci_dev *hdev, int err)
726 {
727 	mutex_lock(&hdev->msg_tx_mutex);
728 
729 	if (hdev->cmd_pending_msg == NULL) {
730 		nfc_driver_failure(hdev->ndev, err);
731 		goto exit;
732 	}
733 
734 	__nfc_hci_cmd_completion(hdev, err, NULL);
735 
736 exit:
737 	mutex_unlock(&hdev->msg_tx_mutex);
738 }
739 
740 static void nfc_hci_llc_failure(struct nfc_hci_dev *hdev, int err)
741 {
742 	nfc_hci_failure(hdev, err);
743 }
744 
745 static void nfc_hci_recv_from_llc(struct nfc_hci_dev *hdev, struct sk_buff *skb)
746 {
747 	struct hcp_packet *packet;
748 	u8 type;
749 	u8 instruction;
750 	struct sk_buff *hcp_skb;
751 	u8 pipe;
752 	struct sk_buff *frag_skb;
753 	int msg_len;
754 
755 	packet = (struct hcp_packet *)skb->data;
756 	if ((packet->header & ~NFC_HCI_FRAGMENT) == 0) {
757 		skb_queue_tail(&hdev->rx_hcp_frags, skb);
758 		return;
759 	}
760 
761 	/* it's the last fragment. Does it need re-aggregation? */
762 	if (skb_queue_len(&hdev->rx_hcp_frags)) {
763 		pipe = packet->header & NFC_HCI_FRAGMENT;
764 		skb_queue_tail(&hdev->rx_hcp_frags, skb);
765 
766 		msg_len = 0;
767 		skb_queue_walk(&hdev->rx_hcp_frags, frag_skb) {
768 			msg_len += (frag_skb->len -
769 				    NFC_HCI_HCP_PACKET_HEADER_LEN);
770 		}
771 
772 		hcp_skb = nfc_alloc_recv_skb(NFC_HCI_HCP_PACKET_HEADER_LEN +
773 					     msg_len, GFP_KERNEL);
774 		if (hcp_skb == NULL) {
775 			nfc_hci_failure(hdev, -ENOMEM);
776 			return;
777 		}
778 
779 		*skb_put(hcp_skb, NFC_HCI_HCP_PACKET_HEADER_LEN) = pipe;
780 
781 		skb_queue_walk(&hdev->rx_hcp_frags, frag_skb) {
782 			msg_len = frag_skb->len - NFC_HCI_HCP_PACKET_HEADER_LEN;
783 			memcpy(skb_put(hcp_skb, msg_len),
784 			       frag_skb->data + NFC_HCI_HCP_PACKET_HEADER_LEN,
785 			       msg_len);
786 		}
787 
788 		skb_queue_purge(&hdev->rx_hcp_frags);
789 	} else {
790 		packet->header &= NFC_HCI_FRAGMENT;
791 		hcp_skb = skb;
792 	}
793 
794 	/* if this is a response, dispatch immediately to
795 	 * unblock waiting cmd context. Otherwise, enqueue to dispatch
796 	 * in separate context where handler can also execute command.
797 	 */
798 	packet = (struct hcp_packet *)hcp_skb->data;
799 	type = HCP_MSG_GET_TYPE(packet->message.header);
800 	if (type == NFC_HCI_HCP_RESPONSE) {
801 		pipe = packet->header;
802 		instruction = HCP_MSG_GET_CMD(packet->message.header);
803 		skb_pull(hcp_skb, NFC_HCI_HCP_PACKET_HEADER_LEN +
804 			 NFC_HCI_HCP_MESSAGE_HEADER_LEN);
805 		nfc_hci_hcp_message_rx(hdev, pipe, type, instruction, hcp_skb);
806 	} else {
807 		skb_queue_tail(&hdev->msg_rx_queue, hcp_skb);
808 		schedule_work(&hdev->msg_rx_work);
809 	}
810 }
811 
812 static int hci_fw_download(struct nfc_dev *nfc_dev, const char *firmware_name)
813 {
814 	struct nfc_hci_dev *hdev = nfc_get_drvdata(nfc_dev);
815 
816 	if (!hdev->ops->fw_download)
817 		return -ENOTSUPP;
818 
819 	return hdev->ops->fw_download(hdev, firmware_name);
820 }
821 
822 static struct nfc_ops hci_nfc_ops = {
823 	.dev_up = hci_dev_up,
824 	.dev_down = hci_dev_down,
825 	.start_poll = hci_start_poll,
826 	.stop_poll = hci_stop_poll,
827 	.dep_link_up = hci_dep_link_up,
828 	.dep_link_down = hci_dep_link_down,
829 	.activate_target = hci_activate_target,
830 	.deactivate_target = hci_deactivate_target,
831 	.im_transceive = hci_transceive,
832 	.tm_send = hci_tm_send,
833 	.check_presence = hci_check_presence,
834 	.fw_download = hci_fw_download,
835 	.discover_se = hci_discover_se,
836 	.enable_se = hci_enable_se,
837 	.disable_se = hci_disable_se,
838 };
839 
840 struct nfc_hci_dev *nfc_hci_allocate_device(struct nfc_hci_ops *ops,
841 					    struct nfc_hci_init_data *init_data,
842 					    unsigned long quirks,
843 					    u32 protocols,
844 					    const char *llc_name,
845 					    int tx_headroom,
846 					    int tx_tailroom,
847 					    int max_link_payload)
848 {
849 	struct nfc_hci_dev *hdev;
850 
851 	if (ops->xmit == NULL)
852 		return NULL;
853 
854 	if (protocols == 0)
855 		return NULL;
856 
857 	hdev = kzalloc(sizeof(struct nfc_hci_dev), GFP_KERNEL);
858 	if (hdev == NULL)
859 		return NULL;
860 
861 	hdev->llc = nfc_llc_allocate(llc_name, hdev, ops->xmit,
862 				     nfc_hci_recv_from_llc, tx_headroom,
863 				     tx_tailroom, nfc_hci_llc_failure);
864 	if (hdev->llc == NULL) {
865 		kfree(hdev);
866 		return NULL;
867 	}
868 
869 	hdev->ndev = nfc_allocate_device(&hci_nfc_ops, protocols,
870 					 tx_headroom + HCI_CMDS_HEADROOM,
871 					 tx_tailroom);
872 	if (!hdev->ndev) {
873 		nfc_llc_free(hdev->llc);
874 		kfree(hdev);
875 		return NULL;
876 	}
877 
878 	hdev->ops = ops;
879 	hdev->max_data_link_payload = max_link_payload;
880 	hdev->init_data = *init_data;
881 
882 	nfc_set_drvdata(hdev->ndev, hdev);
883 
884 	memset(hdev->gate2pipe, NFC_HCI_INVALID_PIPE, sizeof(hdev->gate2pipe));
885 
886 	hdev->quirks = quirks;
887 
888 	return hdev;
889 }
890 EXPORT_SYMBOL(nfc_hci_allocate_device);
891 
892 void nfc_hci_free_device(struct nfc_hci_dev *hdev)
893 {
894 	nfc_free_device(hdev->ndev);
895 	nfc_llc_free(hdev->llc);
896 	kfree(hdev);
897 }
898 EXPORT_SYMBOL(nfc_hci_free_device);
899 
900 int nfc_hci_register_device(struct nfc_hci_dev *hdev)
901 {
902 	mutex_init(&hdev->msg_tx_mutex);
903 
904 	INIT_LIST_HEAD(&hdev->msg_tx_queue);
905 
906 	INIT_WORK(&hdev->msg_tx_work, nfc_hci_msg_tx_work);
907 
908 	init_timer(&hdev->cmd_timer);
909 	hdev->cmd_timer.data = (unsigned long)hdev;
910 	hdev->cmd_timer.function = nfc_hci_cmd_timeout;
911 
912 	skb_queue_head_init(&hdev->rx_hcp_frags);
913 
914 	INIT_WORK(&hdev->msg_rx_work, nfc_hci_msg_rx_work);
915 
916 	skb_queue_head_init(&hdev->msg_rx_queue);
917 
918 	return nfc_register_device(hdev->ndev);
919 }
920 EXPORT_SYMBOL(nfc_hci_register_device);
921 
922 void nfc_hci_unregister_device(struct nfc_hci_dev *hdev)
923 {
924 	struct hci_msg *msg, *n;
925 
926 	mutex_lock(&hdev->msg_tx_mutex);
927 
928 	if (hdev->cmd_pending_msg) {
929 		if (hdev->cmd_pending_msg->cb)
930 			hdev->cmd_pending_msg->cb(
931 					     hdev->cmd_pending_msg->cb_context,
932 					     NULL, -ESHUTDOWN);
933 		kfree(hdev->cmd_pending_msg);
934 		hdev->cmd_pending_msg = NULL;
935 	}
936 
937 	hdev->shutting_down = true;
938 
939 	mutex_unlock(&hdev->msg_tx_mutex);
940 
941 	del_timer_sync(&hdev->cmd_timer);
942 	cancel_work_sync(&hdev->msg_tx_work);
943 
944 	cancel_work_sync(&hdev->msg_rx_work);
945 
946 	nfc_unregister_device(hdev->ndev);
947 
948 	skb_queue_purge(&hdev->rx_hcp_frags);
949 	skb_queue_purge(&hdev->msg_rx_queue);
950 
951 	list_for_each_entry_safe(msg, n, &hdev->msg_tx_queue, msg_l) {
952 		list_del(&msg->msg_l);
953 		skb_queue_purge(&msg->msg_frags);
954 		kfree(msg);
955 	}
956 }
957 EXPORT_SYMBOL(nfc_hci_unregister_device);
958 
959 void nfc_hci_set_clientdata(struct nfc_hci_dev *hdev, void *clientdata)
960 {
961 	hdev->clientdata = clientdata;
962 }
963 EXPORT_SYMBOL(nfc_hci_set_clientdata);
964 
965 void *nfc_hci_get_clientdata(struct nfc_hci_dev *hdev)
966 {
967 	return hdev->clientdata;
968 }
969 EXPORT_SYMBOL(nfc_hci_get_clientdata);
970 
971 void nfc_hci_driver_failure(struct nfc_hci_dev *hdev, int err)
972 {
973 	nfc_hci_failure(hdev, err);
974 }
975 EXPORT_SYMBOL(nfc_hci_driver_failure);
976 
977 void nfc_hci_recv_frame(struct nfc_hci_dev *hdev, struct sk_buff *skb)
978 {
979 	nfc_llc_rcv_from_drv(hdev->llc, skb);
980 }
981 EXPORT_SYMBOL(nfc_hci_recv_frame);
982 
983 static int __init nfc_hci_init(void)
984 {
985 	return nfc_llc_init();
986 }
987 
988 static void __exit nfc_hci_exit(void)
989 {
990 	nfc_llc_exit();
991 }
992 
993 subsys_initcall(nfc_hci_init);
994 module_exit(nfc_hci_exit);
995 
996 MODULE_LICENSE("GPL");
997 MODULE_DESCRIPTION("NFC HCI Core");
998