Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth

	__u8     data[240];

} __packed;

#define HCI_EV_KEY_REFRESH_COMPLETE	0x30

struct hci_ev_key_refresh_complete {

	__u8	status;

	__le16	handle;

} __packed;

#define HCI_EV_IO_CAPA_REQUEST		0x31

struct hci_ev_io_capa_request {

	bdaddr_t bdaddr;

	hci_dev_unlock(hdev);

}

static void hci_key_refresh_complete_evt(struct hci_dev *hdev,

					 struct sk_buff *skb)

{

	struct hci_ev_key_refresh_complete *ev = (void *) skb->data;

	struct hci_conn *conn;

	BT_DBG("%s status %u handle %u", hdev->name, ev->status,

	       __le16_to_cpu(ev->handle));

	hci_dev_lock(hdev);

	conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));

	if (!conn)

		goto unlock;

	if (!ev->status)

		conn->sec_level = conn->pending_sec_level;

	clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);

	if (ev->status && conn->state == BT_CONNECTED) {

		hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);

		hci_conn_put(conn);

		goto unlock;

	}

	if (conn->state == BT_CONFIG) {

		if (!ev->status)

			conn->state = BT_CONNECTED;

		hci_proto_connect_cfm(conn, ev->status);

		hci_conn_put(conn);

	} else {

		hci_auth_cfm(conn, ev->status);

		hci_conn_hold(conn);

		conn->disc_timeout = HCI_DISCONN_TIMEOUT;

		hci_conn_put(conn);

	}

unlock:

	hci_dev_unlock(hdev);

}

static inline u8 hci_get_auth_req(struct hci_conn *conn)

{

	/* If remote requests dedicated bonding follow that lead */

		hci_extended_inquiry_result_evt(hdev, skb);

		break;

	case HCI_EV_KEY_REFRESH_COMPLETE:

		hci_key_refresh_complete_evt(hdev, skb);

		break;

	case HCI_EV_IO_CAPA_REQUEST:

		hci_io_capa_request_evt(hdev, skb);

		break;

	struct l2cap_conn *conn = container_of(work, struct l2cap_conn,

						security_timer.work);

	BT_DBG("conn %p", conn);

	if (test_and_clear_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags)) {

		smp_chan_destroy(conn);

		l2cap_conn_del(conn->hcon, ETIMEDOUT);

	}

}

static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)

{

		pairing_complete(cmd, mgmt_status(status));

}

static void le_connect_complete_cb(struct hci_conn *conn, u8 status)

{

	struct pending_cmd *cmd;

	BT_DBG("status %u", status);

	if (!status)

		return;

	cmd = find_pairing(conn);

	if (!cmd)

		BT_DBG("Unable to find a pending command");

	else

		pairing_complete(cmd, mgmt_status(status));

}

static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,

		       u16 len)

{

	/* For LE, just connecting isn't a proof that the pairing finished */

	if (cp->addr.type == BDADDR_BREDR)

		conn->connect_cfm_cb = pairing_complete_cb;

	else

		conn->connect_cfm_cb = le_connect_complete_cb;

	conn->security_cfm_cb = pairing_complete_cb;

	conn->disconn_cfm_cb = pairing_complete_cb;

	auth |= (req->auth_req | rsp->auth_req) & SMP_AUTH_MITM;

	ret = tk_request(conn, 0, auth, rsp->io_capability, req->io_capability);

	ret = tk_request(conn, 0, auth, req->io_capability, rsp->io_capability);

	if (ret)

		return SMP_UNSPECIFIED;

	return 0;

}

static u8 smp_ltk_encrypt(struct l2cap_conn *conn)

static u8 smp_ltk_encrypt(struct l2cap_conn *conn, u8 sec_level)

{

	struct smp_ltk *key;

	struct hci_conn *hcon = conn->hcon;

	if (!key)

		return 0;

	if (sec_level > BT_SECURITY_MEDIUM && !key->authenticated)

		return 0;

	if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &hcon->flags))

		return 1;

	hcon->pending_sec_level = authreq_to_seclevel(rp->auth_req);

	if (smp_ltk_encrypt(conn))

	if (smp_ltk_encrypt(conn, hcon->pending_sec_level))

		return 0;

	if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))

		return 1;

	if (hcon->link_mode & HCI_LM_MASTER)

		if (smp_ltk_encrypt(conn))

		if (smp_ltk_encrypt(conn, sec_level))

			goto done;

	if (test_and_set_bit(HCI_CONN_LE_SMP_PEND, &hcon->flags))