artf237561-NULL-pointer-deferencing-when-MW-recovery
diff --git a/halimpl/pn54x/hal/phNxpNciHal.c b/halimpl/pn54x/hal/phNxpNciHal.c
index e8f1077..11f026e 100644
--- a/halimpl/pn54x/hal/phNxpNciHal.c
+++ b/halimpl/pn54x/hal/phNxpNciHal.c
@@ -695,13 +695,16 @@
******************************************************************************/
int phNxpNciHal_open(nfc_stack_callback_t *p_cback, nfc_stack_data_callback_t *p_data_cback)
{
- phOsalNfc_Config_t tOsalConfig;
- phTmlNfc_Config_t tTmlConfig;
- uint8_t *nfc_dev_node = NULL;
- const uint16_t max_len = 260; /* device node name is max of 255 bytes + 5 bytes (/dev/) */
- NFCSTATUS wConfigStatus = NFCSTATUS_SUCCESS;
- NFCSTATUS status = NFCSTATUS_SUCCESS;
- uint8_t boot_mode = nxpncihal_ctrl.hal_boot_mode;
+ NFCSTATUS wConfigStatus = NFCSTATUS_SUCCESS;
+ NFCSTATUS status = NFCSTATUS_SUCCESS;
+ uint8_t boot_mode = nxpncihal_ctrl.hal_boot_mode;
+ uint8_t *nfc_dev_node = NULL;
+ uint8_t ret_val = 0x00;
+ const uint16_t max_len = 260; /* device node name is max of 255 bytes + 5 bytes (/dev/) */
+ static uint8_t cmd_init_nci[] = {0x20,0x01,0x00};
+ static uint8_t cmd_reset_nci[] = {0x20,0x00,0x01,0x00};
+ phTmlNfc_Config_t tTmlConfig;
+ phOsalNfc_Config_t tOsalConfig;
if(nxpncihal_ctrl.hal_boot_mode == NFC_FAST_BOOT_MODE)
{
@@ -710,14 +713,9 @@
return wConfigStatus;
}
- /*NCI_INIT_CMD*/
- static uint8_t cmd_init_nci[] = {0x20,0x01,0x00};
- /*NCI_RESET_CMD*/
- static uint8_t cmd_reset_nci[] = {0x20,0x00,0x01,0x00};
/* reset config cache */
resetNxpConfig();
- int8_t ret_val = 0x00;
/* initialize trace level */
phNxpLog_InitializeLogLevel();
@@ -740,28 +738,26 @@
memset(&nxpncihal_ctrl, 0x00, sizeof(nxpncihal_ctrl));
memset(&tOsalConfig, 0x00, sizeof(tOsalConfig));
memset(&tTmlConfig, 0x00, sizeof(tTmlConfig));
- memset (&nxpprofile_ctrl, 0, sizeof(phNxpNciProfile_Control_t));
+ memset(&nxpprofile_ctrl, 0, sizeof(phNxpNciProfile_Control_t));
/* By default HAL status is HAL_STATUS_OPEN */
- nxpncihal_ctrl.halStatus = HAL_STATUS_OPEN;
- nxpncihal_ctrl.is_wait_for_ce_ntf = FALSE;
- nxpncihal_ctrl.p_nfc_stack_cback = p_cback;
- nxpncihal_ctrl.p_nfc_stack_data_cback = p_data_cback;
- nxpncihal_ctrl.hal_boot_mode = boot_mode;
+ nxpncihal_ctrl.halStatus = HAL_STATUS_OPEN;
+ nxpncihal_ctrl.is_wait_for_ce_ntf = FALSE;
+ nxpncihal_ctrl.p_nfc_stack_cback = p_cback;
+ nxpncihal_ctrl.p_nfc_stack_data_cback = p_data_cback;
+ nxpncihal_ctrl.hal_boot_mode = boot_mode;
- /*structure related to set config management
- Initialising pointer variable
- */
- mGetCfg_info = NULL;
- mGetCfg_info = nxp_malloc(sizeof(phNxpNci_getCfg_info_t));
+ /*Structure related to set config management*/
+ mGetCfg_info = NULL;
+ mGetCfg_info = nxp_malloc(sizeof(phNxpNci_getCfg_info_t));
if(mGetCfg_info == NULL)
{
goto clean_and_return;
}
memset(mGetCfg_info,0x00,sizeof(phNxpNci_getCfg_info_t));
- /* Read the nfc device node name */
- nfc_dev_node = (uint8_t*) nxp_malloc(max_len*sizeof(uint8_t));
+ /*Read the nfc device node name*/
+ nfc_dev_node = (uint8_t*)nxp_malloc(max_len*sizeof(uint8_t));
if(nfc_dev_node == NULL)
{
NXPLOG_NCIHAL_E("malloc of nfc_dev_node failed ");
@@ -1257,48 +1253,44 @@
******************************************************************************/
int phNxpNciHal_core_initialized(uint8_t* p_core_init_rsp_params)
{
- NFCSTATUS status = NFCSTATUS_SUCCESS;
- static uint8_t p2p_listen_mode_routing_cmd[] = { 0x21, 0x01, 0x07, 0x00, 0x01,
- 0x01, 0x03, 0x00, 0x01, 0x05 };
-
- uint8_t swp_full_pwr_mode_on_cmd[] = { 0x20, 0x02, 0x05, 0x01, 0xA0,
- 0xF1,0x01,0x01 };
+ NFCSTATUS status = NFCSTATUS_SUCCESS;
+ uint8_t *buffer = NULL;
+ uint8_t isfound = FALSE;
+ uint8_t fw_dwnld_flag = FALSE;
+ uint8_t setConfigAlways = FALSE;
+ uint8_t temp_fix = 1;
+ static uint8_t retry_core_init_cnt = 0;
+ static uint8_t p2p_listen_mode_routing_cmd[] = { 0x21, 0x01, 0x07, 0x00, 0x01,
+ 0x01, 0x03, 0x00, 0x01, 0x05 };
+ static uint8_t swp_full_pwr_mode_on_cmd[] = { 0x20, 0x02, 0x05, 0x01, 0xA0,
+ 0xF1, 0x01, 0x01 };
+ static uint8_t swp_switch_timeout_cmd[] = { 0x20, 0x02, 0x06, 0x01, 0xA0,
+ 0xF3, 0x02, 0x00, 0x00 };
+ static uint8_t cmd_init_nci[] = { 0x20, 0x01, 0x00 };
+ static uint8_t cmd_reset_nci[] = { 0x20, 0x00, 0x01, 0x00 };
+ long bufflen = 260;
+ long retlen = 0;
+ unsigned long num = 0;
+ phNxpNci_EEPROM_info_t mEEPROM_info = {.request_mode = 0};
#if( NXP_NFCC_AID_MATCHING_PLATFORM_CONFIG == TRUE)
- static uint8_t android_l_aid_matching_mode_on_cmd[] = {0x20, 0x02, 0x05, 0x01, 0xA0, 0x91, 0x01, 0x01};
+ static uint8_t android_l_aid_matching_mode_on_cmd[] = { 0x20, 0x02, 0x05, 0x01, 0xA0,
+ 0x91, 0x01, 0x01};
#endif
- static uint8_t swp_switch_timeout_cmd[] = {0x20, 0x02, 0x06, 0x01, 0xA0, 0xF3, 0x02, 0x00, 0x00};
-
- uint8_t *buffer = NULL;
- long bufflen = 260;
- long retlen = 0;
- int isfound;
- //EEPROM access variables
- phNxpNci_EEPROM_info_t mEEPROM_info = {.request_mode = 0};
- uint8_t fw_dwnld_flag = FALSE, setConfigAlways = FALSE;
-
- /* Temp fix to re-apply the proper clock setting */
- int temp_fix = 1;
- unsigned long num = 0;
#if(NFC_NXP_CHIP_TYPE != PN547C2)
- //initialize dummy FW recovery variables
- gRecFwRetryCount = 0;
- gRecFWDwnld = FALSE;
+ /*initialize dummy FW recovery variables*/
+ gRecFwRetryCount = 0;
+ gRecFWDwnld = FALSE;
#endif
- // recovery --start
- /*NCI_INIT_CMD*/
- static uint8_t cmd_init_nci[] = {0x20,0x01,0x00};
- /*NCI_RESET_CMD*/
- static uint8_t cmd_reset_nci[] = {0x20,0x00,0x01,0x00}; //keep configuration
- /* reset config cache */
- static uint8_t retry_core_init_cnt;
- if((*p_core_init_rsp_params > 0) && (*p_core_init_rsp_params < 4)) //initializing for recovery.
+ /*MW recovery -- begins*/
+ if((*p_core_init_rsp_params > 0) && (*p_core_init_rsp_params < 4))
{
retry_core_init:
config_access = FALSE;
- if(mGetCfg_info != NULL)
+ if (mGetCfg_info != NULL)
+ {
mGetCfg_info->isGetcfg = FALSE;
-
+ }
if(buffer != NULL)
{
free(buffer);
@@ -1311,17 +1303,22 @@
{
NXPLOG_NCIHAL_D("Posting Core Init Failed\n");
read_failed_disable_nfc = TRUE;
- /* Send the event */
- (*nxpncihal_ctrl.p_nfc_stack_cback)(HAL_NFC_ERROR_EVT,
- HAL_NFC_STATUS_ERR_CMD_TIMEOUT);
+ (*nxpncihal_ctrl.p_nfc_stack_cback)(HAL_NFC_ERROR_EVT, HAL_NFC_STATUS_ERR_CMD_TIMEOUT);
}
#endif
return NFCSTATUS_FAILED;
}
status = phTmlNfc_IoCtl(phTmlNfc_e_ResetDevice);
- if(NFCSTATUS_SUCCESS == status) { NXPLOG_NCIHAL_D("PN54X Reset - SUCCESS\n"); }
- else { NXPLOG_NCIHAL_D("PN54X Reset - FAILED\n"); }
+ if(NFCSTATUS_SUCCESS == status)
+ {
+ NXPLOG_NCIHAL_D("PN54X Reset - SUCCESS\n");
+ }
+ else
+ {
+ NXPLOG_NCIHAL_D("PN54X Reset - FAILED\n");
+ }
+
#if(NXP_NFCC_FORCE_NCI1_0_INIT == TRUE)
status = phNxpNciHal_send_ext_cmd_ntf(sizeof(cmd_reset_nci),cmd_reset_nci);
#else
@@ -1338,10 +1335,10 @@
NXPLOG_NCIHAL_E ("NCI_CORE_RESET: Failed");
retry_core_init_cnt++;
goto retry_core_init;
-
}
- if(*p_core_init_rsp_params == 2) {
+ if(*p_core_init_rsp_params == 2)
+ {
NXPLOG_NCIHAL_E(" Last command is CORE_RESET!!");
goto invoke_callback;
}
@@ -1354,13 +1351,13 @@
goto retry_core_init;
}
- if(*p_core_init_rsp_params == 3) {
+ if(*p_core_init_rsp_params == 3)
+ {
NXPLOG_NCIHAL_E(" Last command is CORE_INIT!!");
goto invoke_callback;
}
}
-// recovery --end
-
+ /*MW recovery --ended*/
buffer = (uint8_t*) nxp_malloc(bufflen*sizeof(uint8_t));
if(NULL == buffer)
@@ -1383,7 +1380,6 @@
}
retlen = 0;
-
isfound = GetNxpByteArrayValue(NAME_NXP_CORE_STANDBY, (char *) buffer,bufflen, &retlen);
if (retlen > 0) {
/* NXP ACT Proprietary Ext */
diff --git a/halimpl/pn54x/utils/phNxpNciHal_utils.c b/halimpl/pn54x/utils/phNxpNciHal_utils.c
index 6363745..200a648 100644
--- a/halimpl/pn54x/utils/phNxpNciHal_utils.c
+++ b/halimpl/pn54x/utils/phNxpNciHal_utils.c
@@ -496,11 +496,11 @@
}
if( 0 == memcmp(pString,"SEND",0x04))
{
- NXPLOG_NCIX_D("len = %3d > %s", len, print_buffer);
+ NXPLOG_NCIX_D("len = %3d => %s", len, print_buffer);
}
else if( 0 == memcmp(pString,"RECV",0x04))
{
- NXPLOG_NCIR_D("len = %3d > %s", len, print_buffer);
+ NXPLOG_NCIR_D("len = %3d <= %s", len, print_buffer);
}
return;
diff --git a/src/nfc/nfc/nfc_ncif.c b/src/nfc/nfc/nfc_ncif.c
index af4c459..36c7b34 100644
--- a/src/nfc/nfc/nfc_ncif.c
+++ b/src/nfc/nfc/nfc_ncif.c
@@ -161,158 +161,182 @@
*******************************************************************************/
void nfc_ncif_cmd_timeout (void)
{
- NFC_TRACE_ERROR0 ("nfc_ncif_cmd_timeout");
+ NFC_TRACE_DEBUG0 ("nfc_ncif_cmd_timeout(): enter");
#if(NXP_EXTNS == TRUE)
-
- NFC_TRACE_ERROR0 ("Recovery Start!");
+ NFC_TRACE_DEBUG0 ("Start Middleware Recovery Procedure");
{
// TO DO:
// Sending command which are core_reset,init,discovery as raw packet (Hard coding)
// and we have to match the RF state between before entering recovery and after recovery.
// finally, executing the last command which is before entering recovery, and invoking the callback.
- //step 1. sending core reset/init command
+ //step 1. Sending core reset/init command
//step 2. deciding to send command whether discovery or not.
//step 3. invoking the callback function which is registered at last time before entering recovery.
/*
- consist of buffer(p_core_init_rsp_params)
- buffer[0] = Used by recovery. 0 or 1. 1- used for recovery 2-core reset is last command 3-core init is last command
- buffer[1] = Last RF State, 0:Idle State 1:Discovery State
- buffer[2] = Length of discovery packet.
- buffer[3~34] = Last Discovery command(including phase data).(32 byte)
- buffer[35] = Length of last command packet.
- buffer[36~254] = Last Command /or Last Command & Data.
- buffer[255] = Last screen state
+ consist of buffer(p_core_init_rsp_params)
+ buffer[0] = Indicators 0:Normal mode 1:Recovery mode 2:core reset was last command 3:core init was last command
+ buffer[1] = Last NFCC NCI RF State, 0:IDLE 1:DISCOVERY
+ buffer[2] = Length of discovery command to be sent as a part of recovery.
+ buffer[3~34] = Last Discovery command(including phase data).(32 byte)
+ buffer[35] = Length of last command.
+ buffer[36~254] = Last Command /or Last Command including Data.
+ buffer[255] = Last screen state
*/
- UINT8 *buffer = NULL;
- UINT16 bufflen = 0x100;
- UINT16 fw_dwnld_status = NFC_STATUS_FAILED;
- tNFC_STATUS status = NFC_STATUS_FAILED;
+ UINT8 *buffer = NULL;
+ tNFC_CONN_CB *p_cb = NULL;
+ UINT16 bufflen = 0x100;
+ UINT16 fw_dwnld_status = NFC_STATUS_FAILED;
+ tNFC_STATUS status = NFC_STATUS_FAILED;
tNFC_FWUpdate_Info_t fw_update_inf;
- tNFC_CONN_CB * p_cb = NULL;
- nfc_stop_timer (&nfc_cb.nci_wait_rsp_timer); // stop the command timeout timer.
- buffer = (UINT8 *) malloc(bufflen*sizeof(UINT8));
+ /*Stop the command timeout timer*/
+ nfc_stop_timer (&nfc_cb.nci_wait_rsp_timer);
+
+ buffer = (UINT8 *)malloc(bufflen*sizeof(UINT8));
+
if(NULL == buffer)
{
NFC_TRACE_ERROR0 ("Recovery MEM Allocation is failed!!");
return;
}
memset(buffer, 0x00, (bufflen*sizeof(UINT8)));
- buffer[0] = 1; //Sending reset/init command as raw packet in HAL layer.
+
+ /*We need to send Core Reset and Core Init as a part of recovery*/
+ buffer[0] = 0x01;
+
+ /*Set the last screen state*/
+ buffer[255] = gScreenState;
+
+ NFC_TRACE_DEBUG1 ("MW last RF discovery flags 0x%x", nfa_dm_cb.disc_cb.disc_flags);
+ NFC_TRACE_DEBUG1 ("MW last RF discovery state 0x%x", nfa_dm_cb.disc_cb.disc_state);
if (nfc_cb.nfc_state == NFC_STATE_CORE_INIT)
{
#if((NXP_EXTNS == TRUE) && (NXP_NFCC_MW_RCVRY_BLK_FW_DNLD == TRUE))
- NFC_TRACE_ERROR0("MW recovery should abort FW download checking at time of cmd_timeout");
+ NFC_TRACE_DEBUG0 ("MW recovery should abort FW download checking at time of cmd_timeout");
#else
- NFC_TRACE_ERROR0 ("Force FW Download !");
- NFC_TRACE_ERROR0 ("Force FW Download !");
- nfc_cb.p_hal->ioctl(HAL_NFC_IOCTL_CHECK_FLASH_REQ, &fw_update_inf);
- nfc_cb.p_hal->ioctl(HAL_NFC_IOCTL_FW_DWNLD, &fw_dwnld_status);
- NFC_TRACE_ERROR1 ("FW Download 0x%x", fw_dwnld_status);
- if (fw_dwnld_status != NFC_STATUS_OK)
- nfc_enabled (NFC_STATUS_FAILED, NULL);
-
+ NFC_TRACE_DEBUG0 ("Force FW Download !");
+ nfc_cb.p_hal->ioctl(HAL_NFC_IOCTL_CHECK_FLASH_REQ, &fw_update_inf);
+ nfc_cb.p_hal->ioctl(HAL_NFC_IOCTL_FW_DWNLD, &fw_dwnld_status);
+ NFC_TRACE_DEBUG1 ("FW Download 0x%x", fw_dwnld_status);
+ if (fw_dwnld_status != NFC_STATUS_OK)
+ nfc_enabled (NFC_STATUS_FAILED, NULL);
#endif
}
-
- NFC_TRACE_ERROR1 ("Last State nfa_dm_cb.disc_cb.disc_flags 0x%x", nfa_dm_cb.disc_cb.disc_flags);
- NFC_TRACE_ERROR1 ("Last State nfa_dm_cb.disc_cb.disc_state 0x%x", nfa_dm_cb.disc_cb.disc_state);
-
- buffer[255] = gScreenState;
-
+ /*Prepare the DISCOVERY command*/
if(!(nfa_dm_cb.disc_cb.disc_state > NFA_DM_RFST_IDLE))
{
- NFC_TRACE_ERROR0 ("Last State is Idle!!");
- buffer[1] = 0; //Idle State.
+ NFC_TRACE_DEBUG0 ("NFCC last NCI RF state is IDLE");
+ /*NCI stack RF state set to IDLE*/
+ buffer[1] = 0x00;
}
else
{
UINT8 *ps = (UINT8 *)nfc_cb.p_last_disc;
- NFC_TRACE_ERROR0 ("Last State is Discovery!!");
- buffer[1] = 1; //Discovery State.
- nfa_dm_cb.disc_cb.disc_state = 0x01; //RF State is initialized to discovery.
- nfa_ce_cb.flags = 0x00; // Listen Flag is initialized to 0x00.
+ NFC_TRACE_DEBUG0 ("NFCC last NCI RF state is DISCOVERY");
+ /*Last NFCC state set to DISCOVERY*/
+ buffer[1] = 0x01;
+ /*NCI stack RF state set to DISCOVERY*/
+ nfa_dm_cb.disc_cb.disc_state = 0x01;
+ /*Listen Mode flags initialized to 0x00*/
+ nfa_ce_cb.flags = 0x00;
+
if(ps[0])
{
- buffer[2] = 2 + 1 + 1 + (ps[0] * 2); // HDR(2) + Length(1) + Entry(1) + Data(Tech(2) * 2)
+ /*Set the length of last DISCOVERY packet including header*/
+ buffer[2] = 2 + 1 + 1 + (ps[0] * 2); /*HDR(2) + Length(1) + Configs(1) + Data(TechnMode(2) * 2)*/
+ /*Copy the DISCOVERY command header*/
memcpy((UINT8 *)&buffer[3], "\x21\x03", 2);
- buffer[5] = 1 + (ps[0] * 2); // Entity(1) + Data(Tech(2) * 2)
+ /*Set the length of content of the last DISCOVERY command*/
+ buffer[5] = 1 + (ps[0] * 2); /*Configs(1) + Data(TechnMode(2) * 2)*/
+ /*Copy the content of DISCOVERY command*/
memcpy((UINT8 *)&buffer[6], ps, buffer[5]);
}
else
{
- buffer[2] = 26; //Length of packet
+ buffer[2] = 0x1A; /*Length of hard coded recovery discovery command*/
memcpy((UINT8 *)&buffer[3],
"\x21\x03\x17\x0B\x00\x01\x01\x01\x02\x01\x03\x01\x80\x01\x81\x01\x82\x01\x83\x01\x85\x01\x06\x01\x77\x01", 24);
}
}
- if((nfc_cb.last_hdr[0] == 0x21 && nfc_cb.last_hdr[1] == 0x06 && nfc_cb.last_cmd_buf[0] == 0x01 && nfc_cb.last_cmd_buf[1] == 0x01) ||
- (nfc_cb.last_hdr[0] == 0x21 && nfc_cb.last_hdr[1] == 0x04) ||
- (nfc_cb.last_hdr[0] == 0x21 && nfc_cb.last_hdr[1] == 0x08) ||
- (nfc_cb.last_hdr[0] == 0x21 && nfc_cb.last_hdr[1] == 0x06 && nfc_cb.last_cmd_buf[0] == 0x01 && nfc_cb.last_cmd_buf[1] == 0x03))
+ /*Prepare the last command sent just before CORE_RESET_NTF*/
+ if(( (nfc_cb.last_hdr[0] == 0x21 && nfc_cb.last_hdr[1] == 0x06) &&
+ (nfc_cb.last_cmd_buf[0] == 0x01 && nfc_cb.last_cmd_buf[1] == 0x01) ) || /*DEACTIVATE TO SLEEP*/
+ (nfc_cb.last_hdr[0] == 0x21 && nfc_cb.last_hdr[1] == 0x04) || /**/
+ (nfc_cb.last_hdr[0] == 0x21 && nfc_cb.last_hdr[1] == 0x08) || /**/
+ ( (nfc_cb.last_hdr[0] == 0x21 && nfc_cb.last_hdr[1] == 0x06) && /*DEACTIVATE TO DISCOVERY*/
+ (nfc_cb.last_cmd_buf[0] == 0x01 && nfc_cb.last_cmd_buf[1] == 0x03) )
+ )
{
- buffer[35] = 0x00;
+ buffer[35] = 0x00; /*No need to send last command*/
}
- else if((nfc_cb.last_hdr[0] == 0x20 && (nfc_cb.last_hdr[1] == 0x02 || nfc_cb.last_hdr[1] == 0x03))
- || (nfc_cb.last_hdr[0] == 0x2F && nfc_cb.last_hdr[1] == 0x15)
- || (nfc_cb.last_hdr[0] == 0x21 && nfc_cb.last_hdr[1] == 0x01)
- || (nfc_cb.last_hdr[0] == 0x21 && nfc_cb.last_hdr[1] == 0x06))
+ else if( (nfc_cb.last_hdr[0] == 0x20 && (nfc_cb.last_hdr[1] == 0x02 || nfc_cb.last_hdr[1] == 0x03)) || /*SET CONFIG COMMAND*/
+ (nfc_cb.last_hdr[0] == 0x2F && nfc_cb.last_hdr[1] == 0x15) || /*PROPRIETARY COMMAND*/
+ (nfc_cb.last_hdr[0] == 0x21 && nfc_cb.last_hdr[1] == 0x01) || /*LISTEN ROUTING COMMAND*/
+ ( (nfc_cb.last_hdr[0] == 0x21 && nfc_cb.last_hdr[1] == 0x06) &&
+ (nfc_cb.last_cmd_buf[0] == 0x01 && nfc_cb.last_cmd_buf[1] == 0x00) ) /*DEACTIVATE TO IDLE*/
+ )
{
- buffer[35] = nfc_cb.cmd_size + 3; //HDR(2) + Lengh(1) + Cmd data(n)
- memcpy(&buffer[36], nfc_cb.last_hdr, 2);
+ /*Set the length of last command*/
+ buffer[35] = nfc_cb.cmd_size + 3; /*HDR(2) + Length(1) + Cmd data(n)*/
+ /*Copy the last HEADER*/
+ memcpy(&buffer[36], nfc_cb.last_hdr, NFC_SAVED_HDR_SIZE);
+ /*Copy the last command*/
memcpy(&buffer[38], nfc_cb.last_cmd_buf, nfc_cb.cmd_size + 1);
}
- else
+ else /*either CORE_RESET or CORE_INIT was the last command*/
{
- buffer[35] = 2 + 1 + nfc_cb.cmd_size; //HDR(2) + Lengh(1) + Command Size(2)
+ /*full length of command*/
+ buffer[35] = 2 + 1 + nfc_cb.cmd_size; /*HDR(2) + Length(1) + Command data size(n)*/
+
memcpy(&buffer[36], nfc_cb.last_hdr, NFC_SAVED_HDR_SIZE);
- buffer[38] = nfc_cb.cmd_size; // Length of Command.(2)
- if(nfc_cb.cmd_size > 0)
+
+ buffer[38] = nfc_cb.cmd_size; /*Length of last command*/
+
+ if(nfc_cb.cmd_size > 0) /*last command was CORE_RESET*/
memcpy(&buffer[39], nfc_cb.last_cmd, NFC_SAVED_CMD_SIZE);
- else buffer[35] = 0x00;
- if(nfc_cb.last_hdr[0] == 0x20 && nfc_cb.last_hdr[1] == 0x00) buffer[0] = 2; //last packet is CORE_RESET.
- else if (nfc_cb.last_hdr[0] == 0x20 && nfc_cb.last_hdr[1] == 0x01) buffer[0] = 3; //last packet is CORE_INIT.
+ else
+ buffer[35] = 0x00; /*last command was CORE_INIT*/
+
+ if(nfc_cb.last_hdr[0] == 0x20 && nfc_cb.last_hdr[1] == 0x00)
+ buffer[0] = 2; /*indicate last command was CORE_RESET*/
+ else if (nfc_cb.last_hdr[0] == 0x20 && nfc_cb.last_hdr[1] == 0x01)
+ buffer[0] = 3; /*indicate last command was CORE_INIT*/
}
- /* if HCI state is in wait response then stop the timer and send the response timeout event to the upper layer*/
+ /* if HCI state is in wait for response then stop the timer and send the response timeout event to the upper layer*/
if(nfa_hci_cb.hci_state == NFA_HCI_STATE_WAIT_RSP)
{
BT_HDR *p_msg;
nfa_sys_stop_timer(&nfa_hci_cb.timer);
if ((p_msg = (BT_HDR *) GKI_getbuf (sizeof (BT_HDR))) != NULL)
{
- NFC_TRACE_ERROR0("GKI Get Buffer Successful...Sending response timeout to upper layer");
+ NFC_TRACE_DEBUG0("nfc_ncif_cmd_timeout(): Sending HCI response timeout to upper layer");
p_msg->event = NFA_HCI_RSP_TIMEOUT_EVT;
p_msg->layer_specific = 0;
nfa_sys_sendmsg (p_msg);
}
}
- /* Flush the data if any before proceeding further with the recovery */
- p_cb = nfc_find_conn_cb_by_conn_id(nfcc_dh_conn_id);
- NFC_TRACE_ERROR1("connection id %d", nfcc_dh_conn_id);
- if(NULL != p_cb)
+ if(0xFF != nfcc_dh_conn_id)
{
- if(0xFF != nfcc_dh_conn_id)
+ /* Flush the data if any before proceeding further with the recovery */
+ p_cb = nfc_find_conn_cb_by_conn_id(nfcc_dh_conn_id);
+ if(NULL != p_cb)
{
- /* Flush the data if any before proceeding further with the recovery */
- p_cb = nfc_find_conn_cb_by_conn_id(nfcc_dh_conn_id);
- if(NULL != p_cb)
+ NFC_TRACE_DEBUG1("nfc_ncif_cmd_timeout(): connection id %d", nfcc_dh_conn_id);
+ status = NFC_FlushData(p_cb->conn_id);
+ if(status != NFC_STATUS_OK)
{
- NFC_TRACE_ERROR1("connection id %d", nfcc_dh_conn_id);
- status = NFC_FlushData(p_cb->conn_id);
- if(status != NFC_STATUS_OK)
- {
- NFC_TRACE_ERROR0 ("NFC data flush failed");
- }
+ NFC_TRACE_ERROR0 ("nfc_ncif_cmd_timeout(): NFC data flush failed");
}
}
}
+ NFC_TRACE_DEBUG3 ("nfc_ncif_cmd_timeout(): Indicator:0x%X disc cmd len:0x%X last cmd len:0x%X", buffer[0], buffer[2], buffer[35]);
nfc_cb.p_hal->core_initialized (buffer);
-
if(buffer != NULL) free(buffer);
+ NFC_TRACE_DEBUG0 ("nfc_ncif_cmd_timeout(): exit");
}
#else
/* report an error */
@@ -615,23 +639,26 @@
{
#if (NXP_EXTNS == TRUE)
NFC_TRACE_DEBUG0 ("nfc_ncif_check_cmd_queue : Writing to HAL...");
- /* save the message header to double check the response */
+ /*save the message header to double check the response */
ps = (UINT8 *)(p_buf + 1) + p_buf->offset;
+ /*save command HEADER(GID+OID) only*/
memcpy(nfc_cb.last_hdr, ps, NFC_SAVED_HDR_SIZE);
-
+ /*save command length only*/
+ nfc_cb.cmd_size = *(ps + NFC_SAVED_HDR_SIZE);
+ NFC_TRACE_DEBUG2 ("%s : cmd_size:%d", __FUNCTION__, nfc_cb.cmd_size);
if((nfc_cb.last_hdr[0] == 0x20 && (nfc_cb.last_hdr[1] == 0x02 || nfc_cb.last_hdr[1] == 0x03))
|| (nfc_cb.last_hdr[0] == 0x2F && nfc_cb.last_hdr[1] == 0x15)
|| (nfc_cb.last_hdr[0] == 0x21 && nfc_cb.last_hdr[1] == 0x01)
|| (nfc_cb.last_hdr[0] == 0x21 && nfc_cb.last_hdr[1] == 0x06))
{
- nfc_cb.cmd_size = *(ps + NFC_SAVED_HDR_SIZE);
if (nfc_cb.last_cmd_buf != NULL)
{
GKI_freebuf(nfc_cb.last_cmd_buf); // ======> Free before allocation
}
- nfc_cb.last_cmd_buf = (UINT8 *) GKI_getbuf(nfc_cb.cmd_size +1 );
+ nfc_cb.last_cmd_buf = (UINT8 *) GKI_getbuf(nfc_cb.cmd_size + 1);
if(nfc_cb.last_cmd_buf != NULL)
{
+ /*save command data including length and excluding header*/
memcpy(nfc_cb.last_cmd_buf, ps + NFC_SAVED_HDR_SIZE, (nfc_cb.cmd_size + 1));
memcpy(nfc_cb.last_cmd, ps + NCI_MSG_HDR_SIZE, NFC_SAVED_CMD_SIZE);
}
@@ -642,7 +669,6 @@
}
else
{
- nfc_cb.cmd_size = *(ps + NFC_SAVED_HDR_SIZE);
memcpy(nfc_cb.last_cmd, ps + NCI_MSG_HDR_SIZE, NFC_SAVED_CMD_SIZE);
}
#else