Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth

	if (hci_update_random_address(req, false, &own_addr_type))

		return;

	/* Save the address type used for this connnection attempt so we able

	 * to retrieve this information if we need it.

	 */

	conn->src_type = own_addr_type;

	cp.scan_interval = cpu_to_le16(hdev->le_scan_interval);

	cp.scan_window = cpu_to_le16(hdev->le_scan_window);

	bacpy(&cp.peer_addr, &conn->dst);

		/* If we're already encrypted set the REAUTH_PEND flag,

		 * otherwise set the ENCRYPT_PEND.

		 */

		if (conn->key_type != 0xff)

		if (conn->link_mode & HCI_LM_ENCRYPT)

			set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);

		else

			set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);

	smp_mb__after_atomic(); /* wake_up_bit advises about this barrier */

	wake_up_bit(&hdev->flags, HCI_INQUIRY);

	hci_dev_lock(hdev);

	hci_discovery_set_state(hdev, DISCOVERY_STOPPED);

	hci_dev_unlock(hdev);

	hci_conn_check_pending(hdev);

}

			cp.authentication = conn->auth_type;

			/* Request MITM protection if our IO caps allow it

			 * except for the no-bonding case

			 * except for the no-bonding case.

			 * conn->auth_type is not updated here since

			 * that might cause the user confirmation to be

			 * rejected in case the remote doesn't have the

			 * IO capabilities for MITM.

			 */

			if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&

			    cp.authentication != HCI_AT_NO_BONDING)

		/* If we're not the initiators request authorization to

		 * proceed from user space (mgmt_user_confirm with

		 * confirm_hint set to 1). */

		if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {

		 * confirm_hint set to 1). The exception is if neither

		 * side had MITM in which case we do auto-accept.

		 */

		if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&

		    (loc_mitm || rem_mitm)) {

			BT_DBG("Confirming auto-accept as acceptor");

			confirm_hint = 1;

			goto confirm;

	kfree_skb(conn->rx_skb);

	skb_queue_purge(&conn->pending_rx);

	flush_work(&conn->pending_rx_work);

	/* We can not call flush_work(&conn->pending_rx_work) here since we

	 * might block if we are running on a worker from the same workqueue

	 * pending_rx_work is waiting on.

	 */

	if (work_pending(&conn->pending_rx_work))

		cancel_work_sync(&conn->pending_rx_work);

	l2cap_unregister_all_users(conn);

		/*change security for LE channels */

		if (chan->scid == L2CAP_CID_ATT) {

			if (!conn->hcon->out) {

				err = -EINVAL;

				break;

			}

			if (smp_conn_security(conn->hcon, sec.level))

				break;

			sk->sk_state = BT_CONFIG;

	}

}

static void hci_stop_discovery(struct hci_request *req)

{

	struct hci_dev *hdev = req->hdev;

	struct hci_cp_remote_name_req_cancel cp;

	struct inquiry_entry *e;

	switch (hdev->discovery.state) {

	case DISCOVERY_FINDING:

		if (test_bit(HCI_INQUIRY, &hdev->flags)) {

			hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);

		} else {

			cancel_delayed_work(&hdev->le_scan_disable);

			hci_req_add_le_scan_disable(req);

		}

		break;

	case DISCOVERY_RESOLVING:

		e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,

						     NAME_PENDING);

		if (!e)

			return;

		bacpy(&cp.bdaddr, &e->data.bdaddr);

		hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),

			    &cp);

		break;

	default:

		/* Passive scanning */

		if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))

			hci_req_add_le_scan_disable(req);

		break;

	}

}

static int clean_up_hci_state(struct hci_dev *hdev)

{

	struct hci_request req;

	if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))

		disable_advertising(&req);

	if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {

		hci_req_add_le_scan_disable(&req);

	}

	hci_stop_discovery(&req);

	list_for_each_entry(conn, &hdev->conn_hash.list, list) {

		struct hci_cp_disconnect dc;

	}

	if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {

		/* Continue with pairing via SMP */

		/* Continue with pairing via SMP. The hdev lock must be

		 * released as SMP may try to recquire it for crypto

		 * purposes.

		 */

		hci_dev_unlock(hdev);

		err = smp_user_confirm_reply(conn, mgmt_op, passkey);

		hci_dev_lock(hdev);

		if (!err)

			err = cmd_complete(sk, hdev->id, mgmt_op,

{

	struct mgmt_cp_stop_discovery *mgmt_cp = data;

	struct pending_cmd *cmd;

	struct hci_cp_remote_name_req_cancel cp;

	struct inquiry_entry *e;

	struct hci_request req;

	int err;

	hci_req_init(&req, hdev);

	switch (hdev->discovery.state) {

	case DISCOVERY_FINDING:

		if (test_bit(HCI_INQUIRY, &hdev->flags)) {

			hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);

		} else {

			cancel_delayed_work(&hdev->le_scan_disable);

			hci_req_add_le_scan_disable(&req);

		}

	hci_stop_discovery(&req);

		break;

	case DISCOVERY_RESOLVING:

		e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,

						     NAME_PENDING);

		if (!e) {

			mgmt_pending_remove(cmd);

			err = cmd_complete(sk, hdev->id,

					   MGMT_OP_STOP_DISCOVERY, 0,

					   &mgmt_cp->type,

					   sizeof(mgmt_cp->type));

			hci_discovery_set_state(hdev, DISCOVERY_STOPPED);

	err = hci_req_run(&req, stop_discovery_complete);

	if (!err) {

		hci_discovery_set_state(hdev, DISCOVERY_STOPPING);

		goto unlock;

	}

		bacpy(&cp.bdaddr, &e->data.bdaddr);

		hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),

			    &cp);

		break;

	default:

		BT_DBG("unknown discovery state %u", hdev->discovery.state);

	mgmt_pending_remove(cmd);

		err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,

				   MGMT_STATUS_FAILED, &mgmt_cp->type,

				   sizeof(mgmt_cp->type));

		goto unlock;

	}

	err = hci_req_run(&req, stop_discovery_complete);

	if (err < 0)

		mgmt_pending_remove(cmd);

	else

		hci_discovery_set_state(hdev, DISCOVERY_STOPPING);

	/* If no HCI commands were sent we're done */

	if (err == -ENODATA) {

		err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,

				   &mgmt_cp->type, sizeof(mgmt_cp->type));

		hci_discovery_set_state(hdev, DISCOVERY_STOPPED);

	}

unlock:

	hci_dev_unlock(hdev);