1 files changed, 251 insertions, 170 deletions
diff --git a/net/nfc/llcp/llcp.c b/net/nfc/llcp/llcp.c
index 42994fac26d6..5d503eeb15a1 100644
--- a/net/nfc/llcp/llcp.c
+++ b/net/nfc/llcp/llcp.c
@@ -31,47 +31,41 @@ static u8 llcp_magic[3] = {0x46, 0x66, 0x6d};
 static struct list_head llcp_devices;
-static void nfc_llcp_socket_release(struct nfc_llcp_local *local)
+void nfc_llcp_sock_link(struct llcp_sock_list *l, struct sock *sk)
 {
-        struct nfc_llcp_sock *parent, *s, *n;
+        write_lock(&l->lock);
-        struct sock *sk, *parent_sk;
+        sk_add_node(sk, &l->head);
-        int i;
+        write_unlock(&l->lock);
+}
-        mutex_lock(&local->socket_lock);
-        for (i = 0; i < LLCP_MAX_SAP; i++) {
-                parent = local->sockets[i];
-                if (parent == NULL)
-                        continue;
-                /* Release all child sockets */
-                list_for_each_entry_safe(s, n, &parent->list, list) {
-                        list_del_init(&s->list);
-                        sk = &s->sk;
-                        lock_sock(sk);
-                        if (sk->sk_state == LLCP_CONNECTED)
-                                nfc_put_device(s->dev);
-                        sk->sk_state = LLCP_CLOSED;
+void nfc_llcp_sock_unlink(struct llcp_sock_list *l, struct sock *sk)
+{
+        write_lock(&l->lock);
+        sk_del_node_init(sk);
+        write_unlock(&l->lock);
+}
-                        release_sock(sk);
+static void nfc_llcp_socket_release(struct nfc_llcp_local *local)
+{
+        struct sock *sk;
+        struct hlist_node *node, *tmp;
+        struct nfc_llcp_sock *llcp_sock;
-                        sock_orphan(sk);
+        write_lock(&local->sockets.lock);
-                        s->local = NULL;
+        sk_for_each_safe(sk, node, tmp, &local->sockets.head) {
-                }
+                llcp_sock = nfc_llcp_sock(sk);
-                parent_sk = &parent->sk;
+                lock_sock(sk);
-                lock_sock(parent_sk);
+                if (sk->sk_state == LLCP_CONNECTED)
+                        nfc_put_device(llcp_sock->dev);
-                if (parent_sk->sk_state == LLCP_LISTEN) {
+                if (sk->sk_state == LLCP_LISTEN) {
                        struct nfc_llcp_sock *lsk, *n;
                        struct sock *accept_sk;
-                        list_for_each_entry_safe(lsk, n, &parent->accept_queue,
+                        list_for_each_entry_safe(lsk, n, &llcp_sock->accept_queue,
                                                 accept_queue) {
                                accept_sk = &lsk->sk;
                                lock_sock(accept_sk);
@@ -83,24 +77,53 @@ static void nfc_llcp_socket_release(struct nfc_llcp_local *local)
                                release_sock(accept_sk);
                                sock_orphan(accept_sk);
-                                lsk->local = NULL;
                        }
                }
-                if (parent_sk->sk_state == LLCP_CONNECTED)
+                sk->sk_state = LLCP_CLOSED;
-                        nfc_put_device(parent->dev);
-                parent_sk->sk_state = LLCP_CLOSED;
-                release_sock(parent_sk);
+                release_sock(sk);
-                sock_orphan(parent_sk);
+                sock_orphan(sk);
-                parent->local = NULL;
+                sk_del_node_init(sk);
        }
-        mutex_unlock(&local->socket_lock);
+        write_unlock(&local->sockets.lock);
+}
+struct nfc_llcp_local *nfc_llcp_local_get(struct nfc_llcp_local *local)
+{
+        kref_get(&local->ref);
+        return local;
+}
+static void local_release(struct kref *ref)
+{
+        struct nfc_llcp_local *local;
+        local = container_of(ref, struct nfc_llcp_local, ref);
+        list_del(&local->list);
+        nfc_llcp_socket_release(local);
+        del_timer_sync(&local->link_timer);
+        skb_queue_purge(&local->tx_queue);
+        destroy_workqueue(local->tx_wq);
+        destroy_workqueue(local->rx_wq);
+        destroy_workqueue(local->timeout_wq);
+        kfree_skb(local->rx_pending);
+        kfree(local);
+}
+int nfc_llcp_local_put(struct nfc_llcp_local *local)
+{
+        WARN_ON(local == NULL);
+        if (local == NULL)
+                return 0;
+        return kref_put(&local->ref, local_release);
 }
 static void nfc_llcp_clear_sdp(struct nfc_llcp_local *local)
@@ -384,31 +407,9 @@ int nfc_llcp_set_remote_gb(struct nfc_dev *dev, u8 *gb, u8 gb_len)
                return -EINVAL;
        }
-        return nfc_llcp_parse_tlv(local,
+        return nfc_llcp_parse_gb_tlv(local,
-                                  &local->remote_gb[3],
+                                     &local->remote_gb[3],
-                                  local->remote_gb_len - 3);
+                                     local->remote_gb_len - 3);
-}
-static void nfc_llcp_tx_work(struct work_struct *work)
-{
-        struct nfc_llcp_local *local = container_of(work, struct nfc_llcp_local,
-                                                    tx_work);
-        struct sk_buff *skb;
-        skb = skb_dequeue(&local->tx_queue);
-        if (skb != NULL) {
-                pr_debug("Sending pending skb\n");
-                print_hex_dump(KERN_DEBUG, "LLCP Tx: ", DUMP_PREFIX_OFFSET,
-                               16, 1, skb->data, skb->len, true);
-                nfc_data_exchange(local->dev, local->target_idx,
-                                  skb, nfc_llcp_recv, local);
-        } else {
-                nfc_llcp_send_symm(local->dev);
-        }
-        mod_timer(&local->link_timer,
-                  jiffies + msecs_to_jiffies(local->remote_lto));
 }
 static u8 nfc_llcp_dsap(struct sk_buff *pdu)
@@ -443,46 +444,146 @@ static void nfc_llcp_set_nrns(struct nfc_llcp_sock *sock, struct sk_buff *pdu)
        sock->recv_ack_n = (sock->recv_n - 1) % 16;
 }
+static void nfc_llcp_tx_work(struct work_struct *work)
+{
+        struct nfc_llcp_local *local = container_of(work, struct nfc_llcp_local,
+                                                    tx_work);
+        struct sk_buff *skb;
+        struct sock *sk;
+        struct nfc_llcp_sock *llcp_sock;
+        skb = skb_dequeue(&local->tx_queue);
+        if (skb != NULL) {
+                sk = skb->sk;
+                llcp_sock = nfc_llcp_sock(sk);
+                if (llcp_sock != NULL) {
+                        int ret;
+                        pr_debug("Sending pending skb\n");
+                        print_hex_dump(KERN_DEBUG, "LLCP Tx: ",
+                                       DUMP_PREFIX_OFFSET, 16, 1,
+                                       skb->data, skb->len, true);
+                        ret = nfc_data_exchange(local->dev, local->target_idx,
+                                                skb, nfc_llcp_recv, local);
+                        if (!ret && nfc_llcp_ptype(skb) == LLCP_PDU_I) {
+                                skb = skb_get(skb);
+                                skb_queue_tail(&llcp_sock->tx_pending_queue,
+                                               skb);
+                        }
+                } else {
+                        nfc_llcp_send_symm(local->dev);
+                }
+        } else {
+                nfc_llcp_send_symm(local->dev);
+        }
+        mod_timer(&local->link_timer,
+                  jiffies + msecs_to_jiffies(2 * local->remote_lto));
+}
+static struct nfc_llcp_sock *nfc_llcp_connecting_sock_get(struct nfc_llcp_local *local,
+                                                          u8 ssap)
+{
+        struct sock *sk;
+        struct nfc_llcp_sock *llcp_sock;
+        struct hlist_node *node;
+        read_lock(&local->connecting_sockets.lock);
+        sk_for_each(sk, node, &local->connecting_sockets.head) {
+                llcp_sock = nfc_llcp_sock(sk);
+                if (llcp_sock->ssap == ssap) {
+                        sock_hold(&llcp_sock->sk);
+                        goto out;
+                }
+        }
+        llcp_sock = NULL;
+out:
+        read_unlock(&local->connecting_sockets.lock);
+        return llcp_sock;
+}
 static struct nfc_llcp_sock *nfc_llcp_sock_get(struct nfc_llcp_local *local,
                                               u8 ssap, u8 dsap)
 {
-        struct nfc_llcp_sock *sock, *llcp_sock, *n;
+        struct sock *sk;
+        struct hlist_node *node;
+        struct nfc_llcp_sock *llcp_sock;
        pr_debug("ssap dsap %d %d\n", ssap, dsap);
        if (ssap == 0 && dsap == 0)
                return NULL;
-        mutex_lock(&local->socket_lock);
+        read_lock(&local->sockets.lock);
-        sock = local->sockets[ssap];
-        if (sock == NULL) {
-                mutex_unlock(&local->socket_lock);
-                return NULL;
-        }
-        pr_debug("root dsap %d (%d)\n", sock->dsap, dsap);
+        llcp_sock = NULL;
-        if (sock->dsap == dsap) {
+        sk_for_each(sk, node, &local->sockets.head) {
-                sock_hold(&sock->sk);
+                llcp_sock = nfc_llcp_sock(sk);
-                mutex_unlock(&local->socket_lock);
-                return sock;
+                if (llcp_sock->ssap == ssap &&
+                    llcp_sock->dsap == dsap)
+                        break;
        }
-        list_for_each_entry_safe(llcp_sock, n, &sock->list, list) {
+        read_unlock(&local->sockets.lock);
-                pr_debug("llcp_sock %p sk %p dsap %d\n", llcp_sock,
-                         &llcp_sock->sk, llcp_sock->dsap);
+        if (llcp_sock == NULL)
-                if (llcp_sock->dsap == dsap) {
+                return NULL;
-                        sock_hold(&llcp_sock->sk);
-                        mutex_unlock(&local->socket_lock);
+        sock_hold(&llcp_sock->sk);
-                        return llcp_sock;
-                }
+        return llcp_sock;
+}
+static struct nfc_llcp_sock *nfc_llcp_sock_get_sn(struct nfc_llcp_local *local,
+                                                  u8 *sn, size_t sn_len)
+{
+        struct sock *sk;
+        struct hlist_node *node;
+        struct nfc_llcp_sock *llcp_sock;
+        pr_debug("sn %zd\n", sn_len);
+        if (sn == NULL || sn_len == 0)
+                return NULL;
+        read_lock(&local->sockets.lock);
+        llcp_sock = NULL;
+        sk_for_each(sk, node, &local->sockets.head) {
+                llcp_sock = nfc_llcp_sock(sk);
+                if (llcp_sock->sk.sk_state != LLCP_LISTEN)
+                        continue;
+                if (llcp_sock->service_name == NULL ||
+                    llcp_sock->service_name_len == 0)
+                        continue;
+                if (llcp_sock->service_name_len != sn_len)
+                        continue;
+                if (memcmp(sn, llcp_sock->service_name, sn_len) == 0)
+                        break;
        }
-        pr_err("Could not find socket for %d %d\n", ssap, dsap);
+        read_unlock(&local->sockets.lock);
-        mutex_unlock(&local->socket_lock);
+        if (llcp_sock == NULL)
+                return NULL;
-        return NULL;
+        sock_hold(&llcp_sock->sk);
+        return llcp_sock;
 }
 static void nfc_llcp_sock_put(struct nfc_llcp_sock *sock)
@@ -518,35 +619,19 @@ static void nfc_llcp_recv_connect(struct nfc_llcp_local *local,
 {
        struct sock *new_sk, *parent;
        struct nfc_llcp_sock *sock, *new_sock;
-        u8 dsap, ssap, bound_sap, reason;
+        u8 dsap, ssap, reason;
        dsap = nfc_llcp_dsap(skb);
        ssap = nfc_llcp_ssap(skb);
        pr_debug("%d %d\n", dsap, ssap);
-        nfc_llcp_parse_tlv(local, &skb->data[LLCP_HEADER_SIZE],
-                           skb->len - LLCP_HEADER_SIZE);
        if (dsap != LLCP_SAP_SDP) {
-                bound_sap = dsap;
+                sock = nfc_llcp_sock_get(local, dsap, LLCP_SAP_SDP);
+                if (sock == NULL || sock->sk.sk_state != LLCP_LISTEN) {
-                mutex_lock(&local->socket_lock);
-                sock = local->sockets[dsap];
-                if (sock == NULL) {
-                        mutex_unlock(&local->socket_lock);
                        reason = LLCP_DM_NOBOUND;
                        goto fail;
                }
-                sock_hold(&sock->sk);
-                mutex_unlock(&local->socket_lock);
-                lock_sock(&sock->sk);
-                if (sock->dsap == LLCP_SAP_SDP &&
-                    sock->sk.sk_state == LLCP_LISTEN)
-                        goto enqueue;
        } else {
                u8 *sn;
                size_t sn_len;
@@ -559,40 +644,15 @@ static void nfc_llcp_recv_connect(struct nfc_llcp_local *local,
                pr_debug("Service name length %zu\n", sn_len);
-                mutex_lock(&local->socket_lock);
+                sock = nfc_llcp_sock_get_sn(local, sn, sn_len);
-                for (bound_sap = 0; bound_sap < LLCP_LOCAL_SAP_OFFSET;
+                if (sock == NULL) {
-                     bound_sap++) {
+                        reason = LLCP_DM_NOBOUND;
-                        sock = local->sockets[bound_sap];
+                        goto fail;
-                        if (sock == NULL)
-                                continue;
-                        if (sock->service_name == NULL ||
-                            sock->service_name_len == 0)
-                                        continue;
-                        if (sock->service_name_len != sn_len)
-                                continue;
-                        if (sock->dsap == LLCP_SAP_SDP &&
-                            sock->sk.sk_state == LLCP_LISTEN &&
-                            !memcmp(sn, sock->service_name, sn_len)) {
-                                pr_debug("Found service name at SAP %d\n",
-                                         bound_sap);
-                                sock_hold(&sock->sk);
-                                mutex_unlock(&local->socket_lock);
-                                lock_sock(&sock->sk);
-                                goto enqueue;
-                        }
                }
-                mutex_unlock(&local->socket_lock);
        }
-        reason = LLCP_DM_NOBOUND;
+        lock_sock(&sock->sk);
-        goto fail;
-enqueue:
        parent = &sock->sk;
        if (sk_acceptq_is_full(parent)) {
@@ -612,15 +672,19 @@ enqueue:
        new_sock = nfc_llcp_sock(new_sk);
        new_sock->dev = local->dev;
-        new_sock->local = local;
+        new_sock->local = nfc_llcp_local_get(local);
+        new_sock->miu = local->remote_miu;
        new_sock->nfc_protocol = sock->nfc_protocol;
-        new_sock->ssap = bound_sap;
+        new_sock->ssap = sock->ssap;
        new_sock->dsap = ssap;
        new_sock->parent = parent;
+        nfc_llcp_parse_connection_tlv(new_sock, &skb->data[LLCP_HEADER_SIZE],
+                                      skb->len - LLCP_HEADER_SIZE);
        pr_debug("new sock %p sk %p\n", new_sock, &new_sock->sk);
-        list_add_tail(&new_sock->list, &sock->list);
+        nfc_llcp_sock_link(&local->sockets, new_sk);
        nfc_llcp_accept_enqueue(&sock->sk, new_sk);
@@ -654,12 +718,12 @@ int nfc_llcp_queue_i_frames(struct nfc_llcp_sock *sock)
        pr_debug("Remote ready %d tx queue len %d remote rw %d",
                 sock->remote_ready, skb_queue_len(&sock->tx_pending_queue),
-                 local->remote_rw);
+                 sock->rw);
        /* Try to queue some I frames for transmission */
        while (sock->remote_ready &&
-               skb_queue_len(&sock->tx_pending_queue) < local->remote_rw) {
+               skb_queue_len(&sock->tx_pending_queue) < sock->rw) {
-                struct sk_buff *pdu, *pending_pdu;
+                struct sk_buff *pdu;
                pdu = skb_dequeue(&sock->tx_queue);
                if (pdu == NULL)
@@ -668,10 +732,7 @@ int nfc_llcp_queue_i_frames(struct nfc_llcp_sock *sock)
                /* Update N(S)/N(R) */
                nfc_llcp_set_nrns(sock, pdu);
-                pending_pdu = skb_clone(pdu, GFP_KERNEL);
                skb_queue_tail(&local->tx_queue, pdu);
-                skb_queue_tail(&sock->tx_pending_queue, pending_pdu);
                nr_frames++;
        }
@@ -728,11 +789,21 @@ static void nfc_llcp_recv_hdlc(struct nfc_llcp_local *local,
                llcp_sock->send_ack_n = nr;
-                skb_queue_walk_safe(&llcp_sock->tx_pending_queue, s, tmp)
+                /* Remove and free all skbs until ns == nr */
-                        if (nfc_llcp_ns(s) <= nr) {
+                skb_queue_walk_safe(&llcp_sock->tx_pending_queue, s, tmp) {
-                                skb_unlink(s, &llcp_sock->tx_pending_queue);
+                        skb_unlink(s, &llcp_sock->tx_pending_queue);
-                                kfree_skb(s);
+                        kfree_skb(s);
-                        }
+                        if (nfc_llcp_ns(s) == nr)
+                                break;
+                }
+                /* Re-queue the remaining skbs for transmission */
+                skb_queue_reverse_walk_safe(&llcp_sock->tx_pending_queue,
+                                            s, tmp) {
+                        skb_unlink(s, &llcp_sock->tx_pending_queue);
+                        skb_queue_head(&local->tx_queue, s);
+                }
        }
        if (ptype == LLCP_PDU_RR)
@@ -740,7 +811,7 @@ static void nfc_llcp_recv_hdlc(struct nfc_llcp_local *local,
        else if (ptype == LLCP_PDU_RNR)
                llcp_sock->remote_ready = false;
-        if (nfc_llcp_queue_i_frames(llcp_sock) == 0)
+        if (nfc_llcp_queue_i_frames(llcp_sock) == 0 && ptype == LLCP_PDU_I)
                nfc_llcp_send_rr(llcp_sock);
        release_sock(sk);
@@ -791,11 +862,7 @@ static void nfc_llcp_recv_cc(struct nfc_llcp_local *local, struct sk_buff *skb)
        dsap = nfc_llcp_dsap(skb);
        ssap = nfc_llcp_ssap(skb);
-        llcp_sock = nfc_llcp_sock_get(local, dsap, ssap);
+        llcp_sock = nfc_llcp_connecting_sock_get(local, dsap);
-        if (llcp_sock == NULL)
-                llcp_sock = nfc_llcp_sock_get(local, dsap, LLCP_SAP_SDP);
        if (llcp_sock == NULL) {
                pr_err("Invalid CC\n");
                nfc_llcp_send_dm(local, dsap, ssap, LLCP_DM_NOCONN);
@@ -803,11 +870,15 @@ static void nfc_llcp_recv_cc(struct nfc_llcp_local *local, struct sk_buff *skb)
                return;
        }
-        llcp_sock->dsap = ssap;
        sk = &llcp_sock->sk;
-        nfc_llcp_parse_tlv(local, &skb->data[LLCP_HEADER_SIZE],
+        /* Unlink from connecting and link to the client array */
-                           skb->len - LLCP_HEADER_SIZE);
+        nfc_llcp_sock_unlink(&local->connecting_sockets, sk);
+        nfc_llcp_sock_link(&local->sockets, sk);
+        llcp_sock->dsap = ssap;
+        nfc_llcp_parse_connection_tlv(llcp_sock, &skb->data[LLCP_HEADER_SIZE],
+                                      skb->len - LLCP_HEADER_SIZE);
        sk->sk_state = LLCP_CONNECTED;
        sk->sk_state_change(sk);
@@ -891,6 +962,21 @@ void nfc_llcp_recv(void *data, struct sk_buff *skb, int err)
        return;
 }
+int nfc_llcp_data_received(struct nfc_dev *dev, struct sk_buff *skb)
+{
+        struct nfc_llcp_local *local;
+        local = nfc_llcp_find_local(dev);
+        if (local == NULL)
+                return -ENODEV;
+        local->rx_pending = skb_get(skb);
+        del_timer(&local->link_timer);
+        queue_work(local->rx_wq, &local->rx_work);
+        return 0;
+}
 void nfc_llcp_mac_is_down(struct nfc_dev *dev)
 {
        struct nfc_llcp_local *local;
@@ -943,8 +1029,8 @@ int nfc_llcp_register_device(struct nfc_dev *ndev)
        local->dev = ndev;
        INIT_LIST_HEAD(&local->list);
+        kref_init(&local->ref);
        mutex_init(&local->sdp_lock);
-        mutex_init(&local->socket_lock);
        init_timer(&local->link_timer);
        local->link_timer.data = (unsigned long) local;
        local->link_timer.function = nfc_llcp_symm_timer;
@@ -984,11 +1070,13 @@ int nfc_llcp_register_device(struct nfc_dev *ndev)
                goto err_rx_wq;
        }
+        local->sockets.lock = __RW_LOCK_UNLOCKED(local->sockets.lock);
+        local->connecting_sockets.lock = __RW_LOCK_UNLOCKED(local->connecting_sockets.lock);
        nfc_llcp_build_gb(local);
        local->remote_miu = LLCP_DEFAULT_MIU;
        local->remote_lto = LLCP_DEFAULT_LTO;
-        local->remote_rw = LLCP_DEFAULT_RW;
        list_add(&llcp_devices, &local->list);
@@ -1015,14 +1103,7 @@ void nfc_llcp_unregister_device(struct nfc_dev *dev)
                return;
        }
-        list_del(&local->list);
+        nfc_llcp_local_put(local);
-        nfc_llcp_socket_release(local);
-        del_timer_sync(&local->link_timer);
-        skb_queue_purge(&local->tx_queue);
-        destroy_workqueue(local->tx_wq);
-        destroy_workqueue(local->rx_wq);
-        kfree_skb(local->rx_pending);
-        kfree(local);
 }
 int __init nfc_llcp_init(void)

diff --git a/net/nfc/llcp/llcp.c b/net/nfc/llcp/llcp.c index 42994fac26d6..5d503eeb15a1 100644 --- a/net/nfc/llcp/llcp.c +++ b/net/nfc/llcp/llcp.c
@@ -31,47 +31,41 @@ static u8 llcp_magic[3] = {0x46, 0x66, 0x6d};
31		31
32	static struct list_head llcp_devices;	32	static struct list_head llcp_devices;
33		33
34	static void nfc_llcp_socket_release(struct nfc_llcp_local *local)	34	void nfc_llcp_sock_link(struct llcp_sock_list l, struct sock sk)
35	{	35	{
36	struct nfc_llcp_sock parent, s, *n;	36	write_lock(&l->lock);
37	struct sock sk, parent_sk;	37	sk_add_node(sk, &l->head);
38	int i;	38	write_unlock(&l->lock);
39		39	}
40	mutex_lock(&local->socket_lock);
41
42	for (i = 0; i < LLCP_MAX_SAP; i++) {
43	parent = local->sockets[i];
44	if (parent == NULL)
45	continue;
46
47	/* Release all child sockets */
48	list_for_each_entry_safe(s, n, &parent->list, list) {
49	list_del_init(&s->list);
50	sk = &s->sk;
51
52	lock_sock(sk);
53
54	if (sk->sk_state == LLCP_CONNECTED)
55	nfc_put_device(s->dev);
56		40
57	sk->sk_state = LLCP_CLOSED;	41	void nfc_llcp_sock_unlink(struct llcp_sock_list l, struct sock sk)
		42	{
		43	write_lock(&l->lock);
		44	sk_del_node_init(sk);
		45	write_unlock(&l->lock);
		46	}
58		47
59	release_sock(sk);	48	static void nfc_llcp_socket_release(struct nfc_llcp_local *local)
		49	{
		50	struct sock *sk;
		51	struct hlist_node node, tmp;
		52	struct nfc_llcp_sock *llcp_sock;
60		53
61	sock_orphan(sk);	54	write_lock(&local->sockets.lock);
62		55
63	s->local = NULL;	56	sk_for_each_safe(sk, node, tmp, &local->sockets.head) {
64	}	57	llcp_sock = nfc_llcp_sock(sk);
65		58
66	parent_sk = &parent->sk;	59	lock_sock(sk);
67		60
68	lock_sock(parent_sk);	61	if (sk->sk_state == LLCP_CONNECTED)
		62	nfc_put_device(llcp_sock->dev);
69		63
70	if (parent_sk->sk_state == LLCP_LISTEN) {	64	if (sk->sk_state == LLCP_LISTEN) {
71	struct nfc_llcp_sock lsk, n;	65	struct nfc_llcp_sock lsk, n;
72	struct sock *accept_sk;	66	struct sock *accept_sk;
73		67
74	list_for_each_entry_safe(lsk, n, &parent->accept_queue,	68	list_for_each_entry_safe(lsk, n, &llcp_sock->accept_queue,
75	accept_queue) {	69	accept_queue) {
76	accept_sk = &lsk->sk;	70	accept_sk = &lsk->sk;
77	lock_sock(accept_sk);	71	lock_sock(accept_sk);
@@ -83,24 +77,53 @@ static void nfc_llcp_socket_release(struct nfc_llcp_local *local)
83	release_sock(accept_sk);	77	release_sock(accept_sk);
84		78
85	sock_orphan(accept_sk);	79	sock_orphan(accept_sk);
86
87	lsk->local = NULL;
88	}	80	}
89	}	81	}
90		82
91	if (parent_sk->sk_state == LLCP_CONNECTED)	83	sk->sk_state = LLCP_CLOSED;
92	nfc_put_device(parent->dev);
93
94	parent_sk->sk_state = LLCP_CLOSED;
95		84
96	release_sock(parent_sk);	85	release_sock(sk);
97		86
98	sock_orphan(parent_sk);	87	sock_orphan(sk);
99		88
100	parent->local = NULL;	89	sk_del_node_init(sk);
101	}	90	}
102		91
103	mutex_unlock(&local->socket_lock);	92	write_unlock(&local->sockets.lock);
		93	}
		94
		95	struct nfc_llcp_local nfc_llcp_local_get(struct nfc_llcp_local local)
		96	{
		97	kref_get(&local->ref);
		98
		99	return local;
		100	}
		101
		102	static void local_release(struct kref *ref)
		103	{
		104	struct nfc_llcp_local *local;
		105
		106	local = container_of(ref, struct nfc_llcp_local, ref);
		107
		108	list_del(&local->list);
		109	nfc_llcp_socket_release(local);
		110	del_timer_sync(&local->link_timer);
		111	skb_queue_purge(&local->tx_queue);
		112	destroy_workqueue(local->tx_wq);
		113	destroy_workqueue(local->rx_wq);
		114	destroy_workqueue(local->timeout_wq);
		115	kfree_skb(local->rx_pending);
		116	kfree(local);
		117	}
		118
		119	int nfc_llcp_local_put(struct nfc_llcp_local *local)
		120	{
		121	WARN_ON(local == NULL);
		122
		123	if (local == NULL)
		124	return 0;
		125
		126	return kref_put(&local->ref, local_release);
104	}	127	}
105		128
106	static void nfc_llcp_clear_sdp(struct nfc_llcp_local *local)	129	static void nfc_llcp_clear_sdp(struct nfc_llcp_local *local)
@@ -384,31 +407,9 @@ int nfc_llcp_set_remote_gb(struct nfc_dev dev, u8 gb, u8 gb_len)
384	return -EINVAL;	407	return -EINVAL;
385	}	408	}
386		409
387	return nfc_llcp_parse_tlv(local,	410	return nfc_llcp_parse_gb_tlv(local,
388	&local->remote_gb[3],	411	&local->remote_gb[3],
389	local->remote_gb_len - 3);	412	local->remote_gb_len - 3);
390	}
391
392	static void nfc_llcp_tx_work(struct work_struct *work)
393	{
394	struct nfc_llcp_local *local = container_of(work, struct nfc_llcp_local,
395	tx_work);
396	struct sk_buff *skb;
397
398	skb = skb_dequeue(&local->tx_queue);
399	if (skb != NULL) {
400	pr_debug("Sending pending skb\n");
401	print_hex_dump(KERN_DEBUG, "LLCP Tx: ", DUMP_PREFIX_OFFSET,
402	16, 1, skb->data, skb->len, true);
403
404	nfc_data_exchange(local->dev, local->target_idx,
405	skb, nfc_llcp_recv, local);
406	} else {
407	nfc_llcp_send_symm(local->dev);
408	}
409
410	mod_timer(&local->link_timer,
411	jiffies + msecs_to_jiffies(local->remote_lto));
412	}	413	}
413		414
414	static u8 nfc_llcp_dsap(struct sk_buff *pdu)	415	static u8 nfc_llcp_dsap(struct sk_buff *pdu)
@@ -443,46 +444,146 @@ static void nfc_llcp_set_nrns(struct nfc_llcp_sock sock, struct sk_buff pdu)
443	sock->recv_ack_n = (sock->recv_n - 1) % 16;	444	sock->recv_ack_n = (sock->recv_n - 1) % 16;
444	}	445	}
445		446
		447	static void nfc_llcp_tx_work(struct work_struct *work)
		448	{
		449	struct nfc_llcp_local *local = container_of(work, struct nfc_llcp_local,
		450	tx_work);
		451	struct sk_buff *skb;
		452	struct sock *sk;
		453	struct nfc_llcp_sock *llcp_sock;
		454
		455	skb = skb_dequeue(&local->tx_queue);
		456	if (skb != NULL) {
		457	sk = skb->sk;
		458	llcp_sock = nfc_llcp_sock(sk);
		459	if (llcp_sock != NULL) {
		460	int ret;
		461
		462	pr_debug("Sending pending skb\n");
		463	print_hex_dump(KERN_DEBUG, "LLCP Tx: ",
		464	DUMP_PREFIX_OFFSET, 16, 1,
		465	skb->data, skb->len, true);
		466
		467	ret = nfc_data_exchange(local->dev, local->target_idx,
		468	skb, nfc_llcp_recv, local);
		469
		470	if (!ret && nfc_llcp_ptype(skb) == LLCP_PDU_I) {
		471	skb = skb_get(skb);
		472	skb_queue_tail(&llcp_sock->tx_pending_queue,
		473	skb);
		474	}
		475	} else {
		476	nfc_llcp_send_symm(local->dev);
		477	}
		478	} else {
		479	nfc_llcp_send_symm(local->dev);
		480	}
		481
		482	mod_timer(&local->link_timer,
		483	jiffies + msecs_to_jiffies(2 * local->remote_lto));
		484	}
		485
		486	static struct nfc_llcp_sock nfc_llcp_connecting_sock_get(struct nfc_llcp_local local,
		487	u8 ssap)
		488	{
		489	struct sock *sk;
		490	struct nfc_llcp_sock *llcp_sock;
		491	struct hlist_node *node;
		492
		493	read_lock(&local->connecting_sockets.lock);
		494
		495	sk_for_each(sk, node, &local->connecting_sockets.head) {
		496	llcp_sock = nfc_llcp_sock(sk);
		497
		498	if (llcp_sock->ssap == ssap) {
		499	sock_hold(&llcp_sock->sk);
		500	goto out;
		501	}
		502	}
		503
		504	llcp_sock = NULL;
		505
		506	out:
		507	read_unlock(&local->connecting_sockets.lock);
		508
		509	return llcp_sock;
		510	}
		511
446	static struct nfc_llcp_sock nfc_llcp_sock_get(struct nfc_llcp_local local,	512	static struct nfc_llcp_sock nfc_llcp_sock_get(struct nfc_llcp_local local,
447	u8 ssap, u8 dsap)	513	u8 ssap, u8 dsap)
448	{	514	{
449	struct nfc_llcp_sock sock, llcp_sock, *n;	515	struct sock *sk;
		516	struct hlist_node *node;
		517	struct nfc_llcp_sock *llcp_sock;
450		518
451	pr_debug("ssap dsap %d %d\n", ssap, dsap);	519	pr_debug("ssap dsap %d %d\n", ssap, dsap);
452		520
453	if (ssap == 0 && dsap == 0)	521	if (ssap == 0 && dsap == 0)
454	return NULL;	522	return NULL;
455		523
456	mutex_lock(&local->socket_lock);	524	read_lock(&local->sockets.lock);
457	sock = local->sockets[ssap];
458	if (sock == NULL) {
459	mutex_unlock(&local->socket_lock);
460	return NULL;
461	}
462		525
463	pr_debug("root dsap %d (%d)\n", sock->dsap, dsap);	526	llcp_sock = NULL;
464		527
465	if (sock->dsap == dsap) {	528	sk_for_each(sk, node, &local->sockets.head) {
466	sock_hold(&sock->sk);	529	llcp_sock = nfc_llcp_sock(sk);
467	mutex_unlock(&local->socket_lock);	530
468	return sock;	531	if (llcp_sock->ssap == ssap &&
		532	llcp_sock->dsap == dsap)
		533	break;
469	}	534	}
470		535
471	list_for_each_entry_safe(llcp_sock, n, &sock->list, list) {	536	read_unlock(&local->sockets.lock);
472	pr_debug("llcp_sock %p sk %p dsap %d\n", llcp_sock,	537
473	&llcp_sock->sk, llcp_sock->dsap);	538	if (llcp_sock == NULL)
474	if (llcp_sock->dsap == dsap) {	539	return NULL;
475	sock_hold(&llcp_sock->sk);	540
476	mutex_unlock(&local->socket_lock);	541	sock_hold(&llcp_sock->sk);
477	return llcp_sock;	542
478	}	543	return llcp_sock;
		544	}
		545
		546	static struct nfc_llcp_sock nfc_llcp_sock_get_sn(struct nfc_llcp_local local,
		547	u8 *sn, size_t sn_len)
		548	{
		549	struct sock *sk;
		550	struct hlist_node *node;
		551	struct nfc_llcp_sock *llcp_sock;
		552
		553	pr_debug("sn %zd\n", sn_len);
		554
		555	if (sn == NULL \|\| sn_len == 0)
		556	return NULL;
		557
		558	read_lock(&local->sockets.lock);
		559
		560	llcp_sock = NULL;
		561
		562	sk_for_each(sk, node, &local->sockets.head) {
		563	llcp_sock = nfc_llcp_sock(sk);
		564
		565	if (llcp_sock->sk.sk_state != LLCP_LISTEN)
		566	continue;
		567
		568	if (llcp_sock->service_name == NULL \|\|
		569	llcp_sock->service_name_len == 0)
		570	continue;
		571
		572	if (llcp_sock->service_name_len != sn_len)
		573	continue;
		574
		575	if (memcmp(sn, llcp_sock->service_name, sn_len) == 0)
		576	break;
479	}	577	}
480		578
481	pr_err("Could not find socket for %d %d\n", ssap, dsap);	579	read_unlock(&local->sockets.lock);
482		580
483	mutex_unlock(&local->socket_lock);	581	if (llcp_sock == NULL)
		582	return NULL;
484		583
485	return NULL;	584	sock_hold(&llcp_sock->sk);
		585
		586	return llcp_sock;
486	}	587	}
487		588
488	static void nfc_llcp_sock_put(struct nfc_llcp_sock *sock)	589	static void nfc_llcp_sock_put(struct nfc_llcp_sock *sock)
@@ -518,35 +619,19 @@ static void nfc_llcp_recv_connect(struct nfc_llcp_local *local,
518	{	619	{
519	struct sock new_sk, parent;	620	struct sock new_sk, parent;
520	struct nfc_llcp_sock sock, new_sock;	621	struct nfc_llcp_sock sock, new_sock;
521	u8 dsap, ssap, bound_sap, reason;	622	u8 dsap, ssap, reason;
522		623
523	dsap = nfc_llcp_dsap(skb);	624	dsap = nfc_llcp_dsap(skb);
524	ssap = nfc_llcp_ssap(skb);	625	ssap = nfc_llcp_ssap(skb);
525		626
526	pr_debug("%d %d\n", dsap, ssap);	627	pr_debug("%d %d\n", dsap, ssap);
527		628
528	nfc_llcp_parse_tlv(local, &skb->data[LLCP_HEADER_SIZE],
529	skb->len - LLCP_HEADER_SIZE);
530
531	if (dsap != LLCP_SAP_SDP) {	629	if (dsap != LLCP_SAP_SDP) {
532	bound_sap = dsap;	630	sock = nfc_llcp_sock_get(local, dsap, LLCP_SAP_SDP);
533		631	if (sock == NULL \|\| sock->sk.sk_state != LLCP_LISTEN) {
534	mutex_lock(&local->socket_lock);
535	sock = local->sockets[dsap];
536	if (sock == NULL) {
537	mutex_unlock(&local->socket_lock);
538	reason = LLCP_DM_NOBOUND;	632	reason = LLCP_DM_NOBOUND;
539	goto fail;	633	goto fail;
540	}	634	}
541
542	sock_hold(&sock->sk);
543	mutex_unlock(&local->socket_lock);
544
545	lock_sock(&sock->sk);
546
547	if (sock->dsap == LLCP_SAP_SDP &&
548	sock->sk.sk_state == LLCP_LISTEN)
549	goto enqueue;
550	} else {	635	} else {
551	u8 *sn;	636	u8 *sn;
552	size_t sn_len;	637	size_t sn_len;
@@ -559,40 +644,15 @@ static void nfc_llcp_recv_connect(struct nfc_llcp_local *local,
559		644
560	pr_debug("Service name length %zu\n", sn_len);	645	pr_debug("Service name length %zu\n", sn_len);
561		646
562	mutex_lock(&local->socket_lock);	647	sock = nfc_llcp_sock_get_sn(local, sn, sn_len);
563	for (bound_sap = 0; bound_sap < LLCP_LOCAL_SAP_OFFSET;	648	if (sock == NULL) {
564	bound_sap++) {	649	reason = LLCP_DM_NOBOUND;
565	sock = local->sockets[bound_sap];	650	goto fail;
566	if (sock == NULL)
567	continue;
568
569	if (sock->service_name == NULL \|\|
570	sock->service_name_len == 0)
571	continue;
572
573	if (sock->service_name_len != sn_len)
574	continue;
575
576	if (sock->dsap == LLCP_SAP_SDP &&
577	sock->sk.sk_state == LLCP_LISTEN &&
578	!memcmp(sn, sock->service_name, sn_len)) {
579	pr_debug("Found service name at SAP %d\n",
580	bound_sap);
581	sock_hold(&sock->sk);
582	mutex_unlock(&local->socket_lock);
583
584	lock_sock(&sock->sk);
585
586	goto enqueue;
587	}
588	}	651	}
589	mutex_unlock(&local->socket_lock);
590	}	652	}
591		653
592	reason = LLCP_DM_NOBOUND;	654	lock_sock(&sock->sk);
593	goto fail;
594		655
595	enqueue:
596	parent = &sock->sk;	656	parent = &sock->sk;
597		657
598	if (sk_acceptq_is_full(parent)) {	658	if (sk_acceptq_is_full(parent)) {
@@ -612,15 +672,19 @@ enqueue:
612		672
613	new_sock = nfc_llcp_sock(new_sk);	673	new_sock = nfc_llcp_sock(new_sk);
614	new_sock->dev = local->dev;	674	new_sock->dev = local->dev;
615	new_sock->local = local;	675	new_sock->local = nfc_llcp_local_get(local);
		676	new_sock->miu = local->remote_miu;
616	new_sock->nfc_protocol = sock->nfc_protocol;	677	new_sock->nfc_protocol = sock->nfc_protocol;
617	new_sock->ssap = bound_sap;	678	new_sock->ssap = sock->ssap;
618	new_sock->dsap = ssap;	679	new_sock->dsap = ssap;
619	new_sock->parent = parent;	680	new_sock->parent = parent;
620		681
		682	nfc_llcp_parse_connection_tlv(new_sock, &skb->data[LLCP_HEADER_SIZE],
		683	skb->len - LLCP_HEADER_SIZE);
		684
621	pr_debug("new sock %p sk %p\n", new_sock, &new_sock->sk);	685	pr_debug("new sock %p sk %p\n", new_sock, &new_sock->sk);
622		686
623	list_add_tail(&new_sock->list, &sock->list);	687	nfc_llcp_sock_link(&local->sockets, new_sk);
624		688
625	nfc_llcp_accept_enqueue(&sock->sk, new_sk);	689	nfc_llcp_accept_enqueue(&sock->sk, new_sk);
626		690
@@ -654,12 +718,12 @@ int nfc_llcp_queue_i_frames(struct nfc_llcp_sock *sock)
654		718
655	pr_debug("Remote ready %d tx queue len %d remote rw %d",	719	pr_debug("Remote ready %d tx queue len %d remote rw %d",
656	sock->remote_ready, skb_queue_len(&sock->tx_pending_queue),	720	sock->remote_ready, skb_queue_len(&sock->tx_pending_queue),
657	local->remote_rw);	721	sock->rw);
658		722
659	/* Try to queue some I frames for transmission */	723	/* Try to queue some I frames for transmission */
660	while (sock->remote_ready &&	724	while (sock->remote_ready &&
661	skb_queue_len(&sock->tx_pending_queue) < local->remote_rw) {	725	skb_queue_len(&sock->tx_pending_queue) < sock->rw) {
662	struct sk_buff pdu, pending_pdu;	726	struct sk_buff *pdu;
663		727
664	pdu = skb_dequeue(&sock->tx_queue);	728	pdu = skb_dequeue(&sock->tx_queue);
665	if (pdu == NULL)	729	if (pdu == NULL)
@@ -668,10 +732,7 @@ int nfc_llcp_queue_i_frames(struct nfc_llcp_sock *sock)
668	/* Update N(S)/N(R) */	732	/* Update N(S)/N(R) */
669	nfc_llcp_set_nrns(sock, pdu);	733	nfc_llcp_set_nrns(sock, pdu);
670		734
671	pending_pdu = skb_clone(pdu, GFP_KERNEL);
672
673	skb_queue_tail(&local->tx_queue, pdu);	735	skb_queue_tail(&local->tx_queue, pdu);
674	skb_queue_tail(&sock->tx_pending_queue, pending_pdu);
675	nr_frames++;	736	nr_frames++;
676	}	737	}
677		738
@@ -728,11 +789,21 @@ static void nfc_llcp_recv_hdlc(struct nfc_llcp_local *local,
728		789
729	llcp_sock->send_ack_n = nr;	790	llcp_sock->send_ack_n = nr;
730		791
731	skb_queue_walk_safe(&llcp_sock->tx_pending_queue, s, tmp)	792	/* Remove and free all skbs until ns == nr */
732	if (nfc_llcp_ns(s) <= nr) {	793	skb_queue_walk_safe(&llcp_sock->tx_pending_queue, s, tmp) {
733	skb_unlink(s, &llcp_sock->tx_pending_queue);	794	skb_unlink(s, &llcp_sock->tx_pending_queue);
734	kfree_skb(s);	795	kfree_skb(s);
735	}	796
		797	if (nfc_llcp_ns(s) == nr)
		798	break;
		799	}
		800
		801	/* Re-queue the remaining skbs for transmission */
		802	skb_queue_reverse_walk_safe(&llcp_sock->tx_pending_queue,
		803	s, tmp) {
		804	skb_unlink(s, &llcp_sock->tx_pending_queue);
		805	skb_queue_head(&local->tx_queue, s);
		806	}
736	}	807	}
737		808
738	if (ptype == LLCP_PDU_RR)	809	if (ptype == LLCP_PDU_RR)
@@ -740,7 +811,7 @@ static void nfc_llcp_recv_hdlc(struct nfc_llcp_local *local,
740	else if (ptype == LLCP_PDU_RNR)	811	else if (ptype == LLCP_PDU_RNR)
741	llcp_sock->remote_ready = false;	812	llcp_sock->remote_ready = false;
742		813
743	if (nfc_llcp_queue_i_frames(llcp_sock) == 0)	814	if (nfc_llcp_queue_i_frames(llcp_sock) == 0 && ptype == LLCP_PDU_I)
744	nfc_llcp_send_rr(llcp_sock);	815	nfc_llcp_send_rr(llcp_sock);
745		816
746	release_sock(sk);	817	release_sock(sk);
@@ -791,11 +862,7 @@ static void nfc_llcp_recv_cc(struct nfc_llcp_local local, struct sk_buff skb)
791	dsap = nfc_llcp_dsap(skb);	862	dsap = nfc_llcp_dsap(skb);
792	ssap = nfc_llcp_ssap(skb);	863	ssap = nfc_llcp_ssap(skb);
793		864
794	llcp_sock = nfc_llcp_sock_get(local, dsap, ssap);	865	llcp_sock = nfc_llcp_connecting_sock_get(local, dsap);
795
796	if (llcp_sock == NULL)
797	llcp_sock = nfc_llcp_sock_get(local, dsap, LLCP_SAP_SDP);
798
799	if (llcp_sock == NULL) {	866	if (llcp_sock == NULL) {
800	pr_err("Invalid CC\n");	867	pr_err("Invalid CC\n");
801	nfc_llcp_send_dm(local, dsap, ssap, LLCP_DM_NOCONN);	868	nfc_llcp_send_dm(local, dsap, ssap, LLCP_DM_NOCONN);
@@ -803,11 +870,15 @@ static void nfc_llcp_recv_cc(struct nfc_llcp_local local, struct sk_buff skb)
803	return;	870	return;
804	}	871	}
805		872
806	llcp_sock->dsap = ssap;
807	sk = &llcp_sock->sk;	873	sk = &llcp_sock->sk;
808		874
809	nfc_llcp_parse_tlv(local, &skb->data[LLCP_HEADER_SIZE],	875	/* Unlink from connecting and link to the client array */
810	skb->len - LLCP_HEADER_SIZE);	876	nfc_llcp_sock_unlink(&local->connecting_sockets, sk);
		877	nfc_llcp_sock_link(&local->sockets, sk);
		878	llcp_sock->dsap = ssap;
		879
		880	nfc_llcp_parse_connection_tlv(llcp_sock, &skb->data[LLCP_HEADER_SIZE],
		881	skb->len - LLCP_HEADER_SIZE);
811		882
812	sk->sk_state = LLCP_CONNECTED;	883	sk->sk_state = LLCP_CONNECTED;
813	sk->sk_state_change(sk);	884	sk->sk_state_change(sk);
@@ -891,6 +962,21 @@ void nfc_llcp_recv(void data, struct sk_buff skb, int err)
891	return;	962	return;
892	}	963	}
893		964
		965	int nfc_llcp_data_received(struct nfc_dev dev, struct sk_buff skb)
		966	{
		967	struct nfc_llcp_local *local;
		968
		969	local = nfc_llcp_find_local(dev);
		970	if (local == NULL)
		971	return -ENODEV;
		972
		973	local->rx_pending = skb_get(skb);
		974	del_timer(&local->link_timer);
		975	queue_work(local->rx_wq, &local->rx_work);
		976
		977	return 0;
		978	}
		979
894	void nfc_llcp_mac_is_down(struct nfc_dev *dev)	980	void nfc_llcp_mac_is_down(struct nfc_dev *dev)
895	{	981	{
896	struct nfc_llcp_local *local;	982	struct nfc_llcp_local *local;
@@ -943,8 +1029,8 @@ int nfc_llcp_register_device(struct nfc_dev *ndev)
943		1029
944	local->dev = ndev;	1030	local->dev = ndev;
945	INIT_LIST_HEAD(&local->list);	1031	INIT_LIST_HEAD(&local->list);
		1032	kref_init(&local->ref);
946	mutex_init(&local->sdp_lock);	1033	mutex_init(&local->sdp_lock);
947	mutex_init(&local->socket_lock);
948	init_timer(&local->link_timer);	1034	init_timer(&local->link_timer);
949	local->link_timer.data = (unsigned long) local;	1035	local->link_timer.data = (unsigned long) local;
950	local->link_timer.function = nfc_llcp_symm_timer;	1036	local->link_timer.function = nfc_llcp_symm_timer;
@@ -984,11 +1070,13 @@ int nfc_llcp_register_device(struct nfc_dev *ndev)
984	goto err_rx_wq;	1070	goto err_rx_wq;
985	}	1071	}
986		1072
		1073	local->sockets.lock = __RW_LOCK_UNLOCKED(local->sockets.lock);
		1074	local->connecting_sockets.lock = __RW_LOCK_UNLOCKED(local->connecting_sockets.lock);
		1075
987	nfc_llcp_build_gb(local);	1076	nfc_llcp_build_gb(local);
988		1077
989	local->remote_miu = LLCP_DEFAULT_MIU;	1078	local->remote_miu = LLCP_DEFAULT_MIU;
990	local->remote_lto = LLCP_DEFAULT_LTO;	1079	local->remote_lto = LLCP_DEFAULT_LTO;
991	local->remote_rw = LLCP_DEFAULT_RW;
992		1080
993	list_add(&llcp_devices, &local->list);	1081	list_add(&llcp_devices, &local->list);
994		1082
@@ -1015,14 +1103,7 @@ void nfc_llcp_unregister_device(struct nfc_dev *dev)
1015	return;	1103	return;
1016	}	1104	}
1017		1105
1018	list_del(&local->list);	1106	nfc_llcp_local_put(local);
1019	nfc_llcp_socket_release(local);
1020	del_timer_sync(&local->link_timer);
1021	skb_queue_purge(&local->tx_queue);
1022	destroy_workqueue(local->tx_wq);
1023	destroy_workqueue(local->rx_wq);
1024	kfree_skb(local->rx_pending);
1025	kfree(local);
1026	}	1107	}
1027		1108
1028	int __init nfc_llcp_init(void)	1109	int __init nfc_llcp_init(void)