[PATCH 0/2] NFC fixes for 3.5

[PATCH 0/2] NFC fixes for 3.5

[Samuel Ortiz]

Hi John,

The 3rd and hopefully last pull request for NFC fixes.
You can pull them from:

git://git.kernel.org/pub/scm/linux/kernel/git/sameo/nfc-3.0.git tags/nfc-fixes-3.5-3

Dave Jones (1):
  NFC: NCI module license 'unspecified' taints kernel

Eric Lapuyade (1):
  NFC: Set target nfcid1 for all HCI reader A targets

 net/nfc/hci/core.c |   15 +++++++++++++++
 net/nfc/nci/core.c |    3 +++
 2 files changed, 18 insertions(+)

-- 
1.7.10

[PATCH 1/2] NFC: Set target nfcid1 for all HCI reader A targets

[Samuel Ortiz]

From: Eric Lapuyade <eric.lapuyade@intel.com>

Signed-off-by: Eric Lapuyade <eric.lapuyade@intel.com>
Reported-by: Mathias Jeppsson <mathias.jeppsson@sonymobile.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
---
 net/nfc/hci/core.c |   15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/net/nfc/hci/core.c b/net/nfc/hci/core.c
index e1a640d..7b1ca7d 100644
--- a/net/nfc/hci/core.c
+++ b/net/nfc/hci/core.c
@@ -170,6 +170,7 @@ static int nfc_hci_target_discovered(struct nfc_hci_dev *hdev, u8 gate)
 	struct nfc_target *targets;
 	struct sk_buff *atqa_skb = NULL;
 	struct sk_buff *sak_skb = NULL;
+	struct sk_buff *uid_skb = NULL;
 	int r;
 
 	pr_debug("from gate %d\n", gate);
@@ -205,6 +206,19 @@ static int nfc_hci_target_discovered(struct nfc_hci_dev *hdev, u8 gate)
 		targets->sens_res = be16_to_cpu(*(u16 *)atqa_skb->data);
 		targets->sel_res = sak_skb->data[0];
 
+		r = nfc_hci_get_param(hdev, NFC_HCI_RF_READER_A_GATE,
+				      NFC_HCI_RF_READER_A_UID, &uid_skb);
+		if (r < 0)
+			goto exit;
+
+		if (uid_skb->len == 0 || uid_skb->len > NFC_NFCID1_MAXSIZE) {
+			r = -EPROTO;
+			goto exit;
+		}
+
+		memcpy (targets->nfcid1, uid_skb->data, uid_skb->len);
+		targets->nfcid1_len = uid_skb->len;
+
 		if (hdev->ops->complete_target_discovered) {
 			r = hdev->ops->complete_target_discovered(hdev, gate,
 								  targets);
@@ -240,6 +254,7 @@ exit:
 	kfree(targets);
 	kfree_skb(atqa_skb);
 	kfree_skb(sak_skb);
+	kfree_skb(uid_skb);
 
 	return r;
 }
-- 
1.7.10

[PATCH 2/2] NFC: NCI module license 'unspecified' taints kernel

[Samuel Ortiz]

From: Dave Jones <davej@redhat.com>

Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
---
 net/nfc/nci/core.c |    3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c
index d560e6f..f18f207 100644
--- a/net/nfc/nci/core.c
+++ b/net/nfc/nci/core.c
@@ -27,6 +27,7 @@
 
 #define pr_fmt(fmt) KBUILD_MODNAME ": %s: " fmt, __func__
 
+#include <linux/module.h>
 #include <linux/types.h>
 #include <linux/workqueue.h>
 #include <linux/completion.h>
@@ -878,3 +879,5 @@ static void nci_cmd_work(struct work_struct *work)
 			  jiffies + msecs_to_jiffies(NCI_CMD_TIMEOUT));
 	}
 }
+
+MODULE_LICENSE("GPL");
-- 
1.7.10

Re: [PATCH 1/2] NFC: Set target nfcid1 for all HCI reader A targets

[John W. Linville]

What is the bug we are preventing with this?

On Thu, Jul 12, 2012 at 07:17:33PM +0200, Samuel Ortiz wrote:
> From: Eric Lapuyade <eric.lapuyade@intel.com>
> 
> Signed-off-by: Eric Lapuyade <eric.lapuyade@intel.com>
> Reported-by: Mathias Jeppsson <mathias.jeppsson@sonymobile.com>
> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
> ---
>  net/nfc/hci/core.c |   15 +++++++++++++++
>  1 file changed, 15 insertions(+)
> 
> diff --git a/net/nfc/hci/core.c b/net/nfc/hci/core.c
> index e1a640d..7b1ca7d 100644
> --- a/net/nfc/hci/core.c
> +++ b/net/nfc/hci/core.c
> @@ -170,6 +170,7 @@ static int nfc_hci_target_discovered(struct nfc_hci_dev *hdev, u8 gate)
>  	struct nfc_target *targets;
>  	struct sk_buff *atqa_skb = NULL;
>  	struct sk_buff *sak_skb = NULL;
> +	struct sk_buff *uid_skb = NULL;
>  	int r;
>  
>  	pr_debug("from gate %d\n", gate);
> @@ -205,6 +206,19 @@ static int nfc_hci_target_discovered(struct nfc_hci_dev *hdev, u8 gate)
>  		targets->sens_res = be16_to_cpu(*(u16 *)atqa_skb->data);
>  		targets->sel_res = sak_skb->data[0];
>  
> +		r = nfc_hci_get_param(hdev, NFC_HCI_RF_READER_A_GATE,
> +				      NFC_HCI_RF_READER_A_UID, &uid_skb);
> +		if (r < 0)
> +			goto exit;
> +
> +		if (uid_skb->len == 0 || uid_skb->len > NFC_NFCID1_MAXSIZE) {
> +			r = -EPROTO;
> +			goto exit;
> +		}
> +
> +		memcpy (targets->nfcid1, uid_skb->data, uid_skb->len);
> +		targets->nfcid1_len = uid_skb->len;
> +
>  		if (hdev->ops->complete_target_discovered) {
>  			r = hdev->ops->complete_target_discovered(hdev, gate,
>  								  targets);
> @@ -240,6 +254,7 @@ exit:
>  	kfree(targets);
>  	kfree_skb(atqa_skb);
>  	kfree_skb(sak_skb);
> +	kfree_skb(uid_skb);
>  
>  	return r;
>  }
> -- 
> 1.7.10
> 
> 

-- 
John W. Linville		Someday the world will need a hero, and you
linville@tuxdriver.com			might be all we have.  Be ready.

Re: [PATCH 1/2] NFC: Set target nfcid1 for all HCI reader A targets

[Samuel Ortiz]

Hi John,

On Thu, Jul 12, 2012 at 01:30:35PM -0400, John W. Linville wrote:
> What is the bug we are preventing with this?
My bad for not having a proper changelog.
Let me send a new pull request to you with a better description.

Cheers,
Samuel.

-- 
Intel Open Source Technology Centre
http://oss.intel.com/

[PATCH 1/2 v2] NFC: Set target nfcid1 for all HCI reader A targets

[Samuel Ortiz]

From: Eric Lapuyade <eric.lapuyade@intel.com>

Without the discovered target nfcid1 and its length set properly, type 2
tags detection fails with the pn544 as it checks for them from
pn544_hci_complete_target_discovered().

Signed-off-by: Eric Lapuyade <eric.lapuyade@intel.com>
Reported-by: Mathias Jeppsson <mathias.jeppsson@sonymobile.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
---
v2: Add proper changelog and fix a checkpatch warning

---
 net/nfc/hci/core.c |   15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/net/nfc/hci/core.c b/net/nfc/hci/core.c
index e1a640d..c48f534 100644
--- a/net/nfc/hci/core.c
+++ b/net/nfc/hci/core.c
@@ -170,6 +170,7 @@ static int nfc_hci_target_discovered(struct nfc_hci_dev *hdev, u8 gate)
 	struct nfc_target *targets;
 	struct sk_buff *atqa_skb = NULL;
 	struct sk_buff *sak_skb = NULL;
+	struct sk_buff *uid_skb = NULL;
 	int r;
 
 	pr_debug("from gate %d\n", gate);
@@ -205,6 +206,19 @@ static int nfc_hci_target_discovered(struct nfc_hci_dev *hdev, u8 gate)
 		targets->sens_res = be16_to_cpu(*(u16 *)atqa_skb->data);
 		targets->sel_res = sak_skb->data[0];
 
+		r = nfc_hci_get_param(hdev, NFC_HCI_RF_READER_A_GATE,
+				      NFC_HCI_RF_READER_A_UID, &uid_skb);
+		if (r < 0)
+			goto exit;
+
+		if (uid_skb->len == 0 || uid_skb->len > NFC_NFCID1_MAXSIZE) {
+			r = -EPROTO;
+			goto exit;
+		}
+
+		memcpy(targets->nfcid1, uid_skb->data, uid_skb->len);
+		targets->nfcid1_len = uid_skb->len;
+
 		if (hdev->ops->complete_target_discovered) {
 			r = hdev->ops->complete_target_discovered(hdev, gate,
 								  targets);
@@ -240,6 +254,7 @@ exit:
 	kfree(targets);
 	kfree_skb(atqa_skb);
 	kfree_skb(sak_skb);
+	kfree_skb(uid_skb);
 
 	return r;
 }
-- 
1.7.10

-- 
Intel Open Source Technology Centre
http://oss.intel.com/

[PATCH 0/2] NFC fixes for 3.5

[Samuel Ortiz]

Hi John,

I have a couple of HCI fixes from Mathias, for 3.5. Thanks in advance for
pulling them in.

You can pull them from:

git://git.kernel.org/pub/scm/linux/kernel/git/sameo/nfc-3.0.git tags/nfc-fixes-3.5-2


Mathias Jeppsson (2):
  NFC: Fix empty HCI message list check
  NFC: Fix order of arguments to list_add_tail() when queueing HCP
    frames

 net/nfc/hci/core.c |    5 ++---
 net/nfc/hci/hcp.c  |    2 +-
 2 files changed, 3 insertions(+), 4 deletions(-)

-- 
1.7.10

[PATCH 0/2] NFC fixes for 3.5

[Samuel Ortiz]

Hi John,

I have a couple of 3.5 fixes for NFC, one of them being a security issue.
As usual you can apply them manually or pull from:

git://git.kernel.org/pub/scm/linux/kernel/git/sameo/nfc-3.0.git for-wireless

Dan Rosenberg (1):
  NFC: Prevent multiple buffer overflows in NCI

Eric Dumazet (1):
  NFC: Return from rawsock_release when sk is NULL

 net/nfc/nci/ntf.c |   10 +++++-----
 net/nfc/rawsock.c |    5 ++++-
 2 files changed, 9 insertions(+), 6 deletions(-)

-- 
1.7.10