Bluetooth: Use the updated key structures for handling LTKs

[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / hci_event.c

diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 4221bd256bddfd89e147f1605f0dd334aa042ea6..23dbb31f0423e8ee7f7e667a9c13ebfa5c4a5fe5 100644 (file)
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -65,7 +65,7 @@ static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
        clear_bit(HCI_INQUIRY, &hdev->flags);
 
        hci_dev_lock(hdev);
-       mgmt_discovering(hdev, 0);
+       hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
        hci_dev_unlock(hdev);
 
        hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
@@ -195,7 +195,9 @@ static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
 
        hci_req_complete(hdev, HCI_OP_RESET, status);
 
-       hdev->dev_flags = 0;
+       /* Reset all flags, except persistent ones */
+       hdev->dev_flags &= BIT(HCI_MGMT) | BIT(HCI_SETUP) | BIT(HCI_AUTO_OFF) |
+                               BIT(HCI_LINK_KEYS) | BIT(HCI_DEBUG_KEYS);
 }
 
 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
@@ -211,7 +213,7 @@ static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
 
        hci_dev_lock(hdev);
 
-       if (test_bit(HCI_MGMT, &hdev->flags))
+       if (test_bit(HCI_MGMT, &hdev->dev_flags))
                mgmt_set_local_name_complete(hdev, sent, status);
 
        if (status == 0)
@@ -428,7 +430,10 @@ static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
        if (rp->status)
                return;
 
-       hdev->ssp_mode = rp->mode;
+       if (rp->mode)
+               set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
+       else
+               clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
 }
 
 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
@@ -445,7 +450,10 @@ static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
        if (!sent)
                return;
 
-       hdev->ssp_mode = *((__u8 *) sent);
+       if (*((u8 *) sent))
+               set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
+       else
+               clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
 }
 
 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
@@ -711,7 +719,14 @@ static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
        if (rp->status)
                return;
 
-       memcpy(hdev->extfeatures, rp->features, 8);
+       switch (rp->page) {
+       case 0:
+               memcpy(hdev->features, rp->features, 8);
+               break;
+       case 1:
+               memcpy(hdev->host_features, rp->features, 8);
+               break;
+       }
 
        hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
 }
@@ -883,7 +898,7 @@ static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
 
        hci_dev_lock(hdev);
 
-       if (test_bit(HCI_MGMT, &hdev->flags))
+       if (test_bit(HCI_MGMT, &hdev->dev_flags))
                mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
 
        if (rp->status != 0)
@@ -909,7 +924,7 @@ static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
 
        hci_dev_lock(hdev);
 
-       if (test_bit(HCI_MGMT, &hdev->flags))
+       if (test_bit(HCI_MGMT, &hdev->dev_flags))
                mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
                                                                rp->status);
 
@@ -944,7 +959,7 @@ static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
 
        hci_dev_lock(hdev);
 
-       if (test_bit(HCI_MGMT, &hdev->flags))
+       if (test_bit(HCI_MGMT, &hdev->dev_flags))
                mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr,
                                                                rp->status);
 
@@ -960,7 +975,7 @@ static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
 
        hci_dev_lock(hdev);
 
-       if (test_bit(HCI_MGMT, &hdev->flags))
+       if (test_bit(HCI_MGMT, &hdev->dev_flags))
                mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
                                                                rp->status);
 
@@ -975,7 +990,7 @@ static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
 
        hci_dev_lock(hdev);
 
-       if (test_bit(HCI_MGMT, &hdev->flags))
+       if (test_bit(HCI_MGMT, &hdev->dev_flags))
                mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr,
                                                                rp->status);
 
@@ -991,7 +1006,7 @@ static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
 
        hci_dev_lock(hdev);
 
-       if (test_bit(HCI_MGMT, &hdev->flags))
+       if (test_bit(HCI_MGMT, &hdev->dev_flags))
                mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
                                                                rp->status);
 
@@ -1047,9 +1062,7 @@ static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
        case LE_SCANNING_DISABLED:
                clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
 
-               cancel_delayed_work_sync(&hdev->adv_work);
-               queue_delayed_work(hdev->workqueue, &hdev->adv_work,
-                                                jiffies + ADV_CLEAR_TIMEOUT);
+               schedule_delayed_work(&hdev->adv_work, ADV_CLEAR_TIMEOUT);
                break;
 
        default:
@@ -1105,7 +1118,7 @@ static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
                hci_req_complete(hdev, HCI_OP_INQUIRY, status);
                hci_conn_check_pending(hdev);
                hci_dev_lock(hdev);
-               if (test_bit(HCI_MGMT, &hdev->flags))
+               if (test_bit(HCI_MGMT, &hdev->dev_flags))
                        mgmt_start_discovery_failed(hdev, status);
                hci_dev_unlock(hdev);
                return;
@@ -1114,7 +1127,7 @@ static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
        set_bit(HCI_INQUIRY, &hdev->flags);
 
        hci_dev_lock(hdev);
-       mgmt_discovering(hdev, 1);
+       hci_discovery_set_state(hdev, DISCOVERY_INQUIRY);
        hci_dev_unlock(hdev);
 }
 
@@ -1148,7 +1161,7 @@ static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
                if (!conn) {
                        conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
                        if (conn) {
-                               conn->out = 1;
+                               conn->out = true;
                                conn->link_mode |= HCI_LM_MASTER;
                        } else
                                BT_ERR("No memory for new connection");
@@ -1258,7 +1271,7 @@ static int hci_outgoing_auth_needed(struct hci_dev *hdev,
 
        /* Only request authentication for SSP connections or non-SSP
         * devices with sec_level HIGH or if MITM protection is requested */
-       if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
+       if (!hci_conn_ssp_enabled(conn) &&
                                conn->pending_sec_level != BT_SECURITY_HIGH &&
                                !(conn->auth_type & 0x01))
                return 0;
@@ -1266,6 +1279,72 @@ static int hci_outgoing_auth_needed(struct hci_dev *hdev,
        return 1;
 }
 
+static inline int hci_resolve_name(struct hci_dev *hdev, struct inquiry_entry *e)
+{
+       struct hci_cp_remote_name_req cp;
+
+       memset(&cp, 0, sizeof(cp));
+
+       bacpy(&cp.bdaddr, &e->data.bdaddr);
+       cp.pscan_rep_mode = e->data.pscan_rep_mode;
+       cp.pscan_mode = e->data.pscan_mode;
+       cp.clock_offset = e->data.clock_offset;
+
+       return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
+}
+
+static bool hci_resolve_next_name(struct hci_dev *hdev)
+{
+       struct discovery_state *discov = &hdev->discovery;
+       struct inquiry_entry *e;
+
+       if (list_empty(&discov->resolve))
+               return false;
+
+       e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
+       if (hci_resolve_name(hdev, e) == 0) {
+               e->name_state = NAME_PENDING;
+               return true;
+       }
+
+       return false;
+}
+
+static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
+                                       bdaddr_t *bdaddr, u8 *name, u8 name_len)
+{
+       struct discovery_state *discov = &hdev->discovery;
+       struct inquiry_entry *e;
+
+       if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
+               mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00,
+                                       name, name_len, conn->dev_class);
+
+       if (discov->state == DISCOVERY_STOPPED)
+               return;
+
+       if (discov->state == DISCOVERY_STOPPING)
+               goto discov_complete;
+
+       if (discov->state != DISCOVERY_RESOLVING)
+               return;
+
+       e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
+       if (e) {
+               e->name_state = NAME_KNOWN;
+               list_del(&e->list);
+               if (name)
+                       mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
+                                       e->data.rssi, name, name_len);
+       }
+
+       if (hci_resolve_next_name(hdev))
+               return;
+
+discov_complete:
+       hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
+}
+
 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
 {
        struct hci_cp_remote_name_req *cp;
@@ -1285,13 +1364,17 @@ static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
        hci_dev_lock(hdev);
 
        conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
+
+       if (test_bit(HCI_MGMT, &hdev->dev_flags))
+               hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
+
        if (!conn)
                goto unlock;
 
        if (!hci_outgoing_auth_needed(hdev, conn))
                goto unlock;
 
-       if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
+       if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
                struct hci_cp_auth_requested cp;
                cp.handle = __cpu_to_le16(conn->handle);
                hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
@@ -1408,9 +1491,9 @@ static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
 
        conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
        if (conn) {
-               clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
+               clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
 
-               if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
+               if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
                        hci_sco_setup(conn, status);
        }
 
@@ -1435,9 +1518,9 @@ static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
 
        conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
        if (conn) {
-               clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
+               clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
 
-               if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
+               if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
                        hci_sco_setup(conn, status);
        }
 
@@ -1473,7 +1556,7 @@ static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
                        conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
                        if (conn) {
                                conn->dst_type = cp->peer_addr_type;
-                               conn->out = 1;
+                               conn->out = true;
                        } else {
                                BT_ERR("No memory for new connection");
                        }
@@ -1491,6 +1574,8 @@ static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
 {
        __u8 status = *((__u8 *) skb->data);
+       struct discovery_state *discov = &hdev->discovery;
+       struct inquiry_entry *e;
 
        BT_DBG("%s status %d", hdev->name, status);
 
@@ -1501,8 +1586,28 @@ static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff
        if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
                return;
 
+       if (!test_bit(HCI_MGMT, &hdev->dev_flags))
+               return;
+
        hci_dev_lock(hdev);
-       mgmt_discovering(hdev, 0);
+
+       if (discov->state != DISCOVERY_INQUIRY)
+               goto unlock;
+
+       if (list_empty(&discov->resolve)) {
+               hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
+               goto unlock;
+       }
+
+       e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
+       if (e && hci_resolve_name(hdev, e) == 0) {
+               e->name_state = NAME_PENDING;
+               hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
+       } else {
+               hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
+       }
+
+unlock:
        hci_dev_unlock(hdev);
 }
 
@@ -1520,6 +1625,8 @@ static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *
        hci_dev_lock(hdev);
 
        for (; num_rsp; num_rsp--, info++) {
+               bool name_known;
+
                bacpy(&data.bdaddr, &info->bdaddr);
                data.pscan_rep_mode     = info->pscan_rep_mode;
                data.pscan_period_mode  = info->pscan_period_mode;
@@ -1528,9 +1635,11 @@ static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *
                data.clock_offset       = info->clock_offset;
                data.rssi               = 0x00;
                data.ssp_mode           = 0x00;
-               hci_inquiry_cache_update(hdev, &data);
+
+               name_known = hci_inquiry_cache_update(hdev, &data, false);
                mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
-                                               info->dev_class, 0, NULL);
+                                       info->dev_class, 0, !name_known,
+                                       NULL, 0);
        }
 
        hci_dev_unlock(hdev);
@@ -1564,8 +1673,6 @@ static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *s
                        conn->state = BT_CONFIG;
                        hci_conn_hold(conn);
                        conn->disc_timeout = HCI_DISCONN_TIMEOUT;
-                       mgmt_connected(hdev, &ev->bdaddr, conn->type,
-                                                       conn->dst_type);
                } else
                        conn->state = BT_CONNECTED;
 
@@ -1706,11 +1813,12 @@ static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff
        if (ev->status == 0)
                conn->state = BT_CLOSED;
 
-       if (conn->type == ACL_LINK || conn->type == LE_LINK) {
+       if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
+                       (conn->type == ACL_LINK || conn->type == LE_LINK)) {
                if (ev->status != 0)
                        mgmt_disconnect_failed(hdev, &conn->dst, ev->status);
                else
-                       mgmt_disconnected(hdev, &conn->dst, conn->type,
+                       mgmt_device_disconnected(hdev, &conn->dst, conn->type,
                                                        conn->dst_type);
        }
 
@@ -1737,8 +1845,8 @@ static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *s
                goto unlock;
 
        if (!ev->status) {
-               if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) &&
-                               test_bit(HCI_CONN_REAUTH_PEND,  &conn->pend)) {
+               if (!hci_conn_ssp_enabled(conn) &&
+                               test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
                        BT_INFO("re-auth of legacy device is not possible.");
                } else {
                        conn->link_mode |= HCI_LM_AUTH;
@@ -1748,11 +1856,11 @@ static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *s
                mgmt_auth_failed(hdev, &conn->dst, ev->status);
        }
 
-       clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
-       clear_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
+       clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
+       clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
 
        if (conn->state == BT_CONFIG) {
-               if (!ev->status && hdev->ssp_mode > 0 && conn->ssp_mode > 0) {
+               if (!ev->status && hci_conn_ssp_enabled(conn)) {
                        struct hci_cp_set_conn_encrypt cp;
                        cp.handle  = ev->handle;
                        cp.encrypt = 0x01;
@@ -1771,7 +1879,7 @@ static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *s
                hci_conn_put(conn);
        }
 
-       if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
+       if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
                if (!ev->status) {
                        struct hci_cp_set_conn_encrypt cp;
                        cp.handle  = ev->handle;
@@ -1779,7 +1887,7 @@ static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *s
                        hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
                                                                        &cp);
                } else {
-                       clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
+                       clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
                        hci_encrypt_cfm(conn, ev->status, 0x00);
                }
        }
@@ -1799,17 +1907,25 @@ static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb
 
        hci_dev_lock(hdev);
 
-       if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
-               mgmt_remote_name(hdev, &ev->bdaddr, ev->name);
-
        conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
+
+       if (!test_bit(HCI_MGMT, &hdev->dev_flags))
+               goto check_auth;
+
+       if (ev->status == 0)
+               hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
+                                       strnlen(ev->name, HCI_MAX_NAME_LENGTH));
+       else
+               hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
+
+check_auth:
        if (!conn)
                goto unlock;
 
        if (!hci_outgoing_auth_needed(hdev, conn))
                goto unlock;
 
-       if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
+       if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
                struct hci_cp_auth_requested cp;
                cp.handle = __cpu_to_le16(conn->handle);
                hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
@@ -1840,7 +1956,7 @@ static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *
                                conn->link_mode &= ~HCI_LM_ENCRYPT;
                }
 
-               clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
+               clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
 
                if (conn->state == BT_CONFIG) {
                        if (!ev->status)
@@ -1869,7 +1985,7 @@ static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct
                if (!ev->status)
                        conn->link_mode |= HCI_LM_SECURE;
 
-               clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
+               clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
 
                hci_key_change_cfm(conn, ev->status);
        }
@@ -1911,7 +2027,10 @@ static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff
                bacpy(&cp.bdaddr, &conn->dst);
                cp.pscan_rep_mode = 0x02;
                hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
-       }
+       } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
+               mgmt_device_connected(hdev, &conn->dst, conn->type,
+                                               conn->dst_type, NULL, 0,
+                                               conn->dev_class);
 
        if (!hci_outgoing_auth_needed(hdev, conn)) {
                conn->state = BT_CONNECTED;
@@ -2253,7 +2372,7 @@ static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb
                                conn->link_mode |= HCI_LM_MASTER;
                }
 
-               clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
+               clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
 
                hci_role_switch_cfm(conn, ev->status, ev->role);
        }
@@ -2266,20 +2385,19 @@ static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *s
        struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
        int i;
 
-       skb_pull(skb, sizeof(*ev));
-
-       BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
-
        if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
                BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
                return;
        }
 
-       if (skb->len < ev->num_hndl * 4) {
+       if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
+                       ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
                BT_DBG("%s bad parameters", hdev->name);
                return;
        }
 
+       BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
+
        for (i = 0; i < ev->num_hndl; i++) {
                struct hci_comp_pkts_info *info = &ev->handles[i];
                struct hci_conn *conn;
@@ -2328,6 +2446,56 @@ static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *s
        queue_work(hdev->workqueue, &hdev->tx_work);
 }
 
+static inline void hci_num_comp_blocks_evt(struct hci_dev *hdev,
+                                                       struct sk_buff *skb)
+{
+       struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
+       int i;
+
+       if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
+               BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
+               return;
+       }
+
+       if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
+                       ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
+               BT_DBG("%s bad parameters", hdev->name);
+               return;
+       }
+
+       BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
+                                                               ev->num_hndl);
+
+       for (i = 0; i < ev->num_hndl; i++) {
+               struct hci_comp_blocks_info *info = &ev->handles[i];
+               struct hci_conn *conn;
+               __u16  handle, block_count;
+
+               handle = __le16_to_cpu(info->handle);
+               block_count = __le16_to_cpu(info->blocks);
+
+               conn = hci_conn_hash_lookup_handle(hdev, handle);
+               if (!conn)
+                       continue;
+
+               conn->sent -= block_count;
+
+               switch (conn->type) {
+               case ACL_LINK:
+                       hdev->block_cnt += block_count;
+                       if (hdev->block_cnt > hdev->num_blocks)
+                               hdev->block_cnt = hdev->num_blocks;
+                       break;
+
+               default:
+                       BT_ERR("Unknown type %d conn %p", conn->type, conn);
+                       break;
+               }
+       }
+
+       queue_work(hdev->workqueue, &hdev->tx_work);
+}
+
 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
 {
        struct hci_ev_mode_change *ev = (void *) skb->data;
@@ -2342,14 +2510,14 @@ static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb
                conn->mode = ev->mode;
                conn->interval = __le16_to_cpu(ev->interval);
 
-               if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
+               if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
                        if (conn->mode == HCI_CM_ACTIVE)
-                               conn->power_save = 1;
+                               set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
                        else
-                               conn->power_save = 0;
+                               clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
                }
 
-               if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
+               if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
                        hci_sco_setup(conn, ev->status);
        }
 
@@ -2375,10 +2543,10 @@ static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff
                hci_conn_put(conn);
        }
 
-       if (!test_bit(HCI_PAIRABLE, &hdev->flags))
+       if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
                hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
                                        sizeof(ev->bdaddr), &ev->bdaddr);
-       else if (test_bit(HCI_MGMT, &hdev->flags)) {
+       else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
                u8 secure;
 
                if (conn->pending_sec_level == BT_SECURITY_HIGH)
@@ -2402,7 +2570,7 @@ static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff
 
        BT_DBG("%s", hdev->name);
 
-       if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
+       if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
                return;
 
        hci_dev_lock(hdev);
@@ -2417,7 +2585,7 @@ static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff
        BT_DBG("%s found key type %u for %s", hdev->name, key->type,
                                                        batostr(&ev->bdaddr));
 
-       if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
+       if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
                                key->type == HCI_LK_DEBUG_COMBINATION) {
                BT_DBG("%s ignoring debug key", hdev->name);
                goto not_found;
@@ -2479,7 +2647,7 @@ static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff
                hci_conn_put(conn);
        }
 
-       if (test_bit(HCI_LINK_KEYS, &hdev->flags))
+       if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
                hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
                                                        ev->key_type, pin_len);
 
@@ -2547,6 +2715,7 @@ static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct
 {
        struct inquiry_data data;
        int num_rsp = *((__u8 *) skb->data);
+       bool name_known;
 
        BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
 
@@ -2568,10 +2737,12 @@ static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct
                        data.clock_offset       = info->clock_offset;
                        data.rssi               = info->rssi;
                        data.ssp_mode           = 0x00;
-                       hci_inquiry_cache_update(hdev, &data);
+
+                       name_known = hci_inquiry_cache_update(hdev, &data,
+                                                               false);
                        mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
                                                info->dev_class, info->rssi,
-                                               NULL);
+                                               !name_known, NULL, 0);
                }
        } else {
                struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
@@ -2585,10 +2756,11 @@ static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct
                        data.clock_offset       = info->clock_offset;
                        data.rssi               = info->rssi;
                        data.ssp_mode           = 0x00;
-                       hci_inquiry_cache_update(hdev, &data);
+                       name_known = hci_inquiry_cache_update(hdev, &data,
+                                                               false);
                        mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
                                                info->dev_class, info->rssi,
-                                               NULL);
+                                               !name_known, NULL, 0);
                }
        }
 
@@ -2615,7 +2787,8 @@ static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_b
                if (ie)
                        ie->data.ssp_mode = (ev->features[0] & 0x01);
 
-               conn->ssp_mode = (ev->features[0] & 0x01);
+               if (ev->features[0] & 0x01)
+                       set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
        }
 
        if (conn->state != BT_CONFIG)
@@ -2627,7 +2800,10 @@ static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_b
                bacpy(&cp.bdaddr, &conn->dst);
                cp.pscan_rep_mode = 0x02;
                hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
-       }
+       } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
+               mgmt_device_connected(hdev, &conn->dst, conn->type,
+                                               conn->dst_type, NULL, 0,
+                                               conn->dev_class);
 
        if (!hci_outgoing_auth_needed(hdev, conn)) {
                conn->state = BT_CONNECTED;
@@ -2720,6 +2896,8 @@ static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct
        hci_dev_lock(hdev);
 
        for (; num_rsp; num_rsp--, info++) {
+               bool name_known;
+
                bacpy(&data.bdaddr, &info->bdaddr);
                data.pscan_rep_mode     = info->pscan_rep_mode;
                data.pscan_period_mode  = info->pscan_period_mode;
@@ -2728,9 +2906,19 @@ static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct
                data.clock_offset       = info->clock_offset;
                data.rssi               = info->rssi;
                data.ssp_mode           = 0x01;
-               hci_inquiry_cache_update(hdev, &data);
+
+               if (test_bit(HCI_MGMT, &hdev->dev_flags))
+                       name_known = eir_has_data_type(info->data,
+                                                       sizeof(info->data),
+                                                       EIR_NAME_COMPLETE);
+               else
+                       name_known = true;
+
+               name_known = hci_inquiry_cache_update(hdev, &data, name_known);
                mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
-                               info->dev_class, info->rssi, info->data);
+                                               info->dev_class, info->rssi,
+                                               !name_known, info->data,
+                                               sizeof(info->data));
        }
 
        hci_dev_unlock(hdev);
@@ -2770,19 +2958,22 @@ static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff
 
        hci_conn_hold(conn);
 
-       if (!test_bit(HCI_MGMT, &hdev->flags))
+       if (!test_bit(HCI_MGMT, &hdev->dev_flags))
                goto unlock;
 
-       if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
+       if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
                        (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
                struct hci_cp_io_capability_reply cp;
 
                bacpy(&cp.bdaddr, &ev->bdaddr);
-               cp.capability = conn->io_capability;
+               /* Change the IO capability from KeyboardDisplay
+                * to DisplayYesNo as it is not supported by BT spec. */
+               cp.capability = (conn->io_capability == 0x04) ?
+                                               0x01 : conn->io_capability;
                conn->auth_type = hci_get_auth_req(conn);
                cp.authentication = conn->auth_type;
 
-               if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
+               if ((conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)) &&
                                hci_find_remote_oob_data(hdev, &conn->dst))
                        cp.oob_data = 0x01;
                else
@@ -2818,8 +3009,9 @@ static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *s
                goto unlock;
 
        conn->remote_cap = ev->capability;
-       conn->remote_oob = ev->oob_data;
        conn->remote_auth = ev->authentication;
+       if (ev->oob_data)
+               set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
 
 unlock:
        hci_dev_unlock(hdev);
@@ -2836,7 +3028,7 @@ static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
 
        hci_dev_lock(hdev);
 
-       if (!test_bit(HCI_MGMT, &hdev->flags))
+       if (!test_bit(HCI_MGMT, &hdev->dev_flags))
                goto unlock;
 
        conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
@@ -2865,7 +3057,7 @@ static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
                /* If we're not the initiators request authorization to
                 * proceed from user space (mgmt_user_confirm with
                 * confirm_hint set to 1). */
-               if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
+               if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
                        BT_DBG("Confirming auto-accept as acceptor");
                        confirm_hint = 1;
                        goto confirm;
@@ -2902,7 +3094,7 @@ static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
 
        hci_dev_lock(hdev);
 
-       if (test_bit(HCI_MGMT, &hdev->flags))
+       if (test_bit(HCI_MGMT, &hdev->dev_flags))
                mgmt_user_passkey_request(hdev, &ev->bdaddr);
 
        hci_dev_unlock(hdev);
@@ -2926,7 +3118,7 @@ static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_
         * initiated the authentication. A traditional auth_complete
         * event gets always produced as initiator and is also mapped to
         * the mgmt_auth_failed event */
-       if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
+       if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
                mgmt_auth_failed(hdev, &conn->dst, ev->status);
 
        hci_conn_put(conn);
@@ -2961,7 +3153,7 @@ static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
 
        hci_dev_lock(hdev);
 
-       if (!test_bit(HCI_MGMT, &hdev->flags))
+       if (!test_bit(HCI_MGMT, &hdev->dev_flags))
                goto unlock;
 
        data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
@@ -3016,7 +3208,9 @@ static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff
                goto unlock;
        }
 
-       mgmt_connected(hdev, &ev->bdaddr, conn->type, conn->dst_type);
+       if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
+               mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
+                                               conn->dst_type, NULL, 0, 0);
 
        conn->sec_level = BT_SECURITY_LOW;
        conn->handle = __le16_to_cpu(ev->handle);
@@ -3036,6 +3230,7 @@ static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
 {
        u8 num_reports = skb->data[0];
        void *ptr = &skb->data[1];
+       s8 rssi;
 
        hci_dev_lock(hdev);
 
@@ -3044,6 +3239,10 @@ static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
 
                hci_add_adv_entry(hdev, ev);
 
+               rssi = ev->data[ev->length];
+               mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
+                                       NULL, rssi, 0, ev->data, ev->length);
+
                ptr += sizeof(*ev) + ev->length + 1;
        }
 
@@ -3057,7 +3256,7 @@ static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
        struct hci_cp_le_ltk_reply cp;
        struct hci_cp_le_ltk_neg_reply neg;
        struct hci_conn *conn;
-       struct link_key *ltk;
+       struct smp_ltk *ltk;
 
        BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
 
@@ -3073,10 +3272,17 @@ static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
 
        memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
        cp.handle = cpu_to_le16(conn->handle);
-       conn->pin_length = ltk->pin_len;
+
+       if (ltk->authenticated)
+               conn->sec_level = BT_SECURITY_HIGH;
 
        hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
 
+       if (ltk->type & HCI_SMP_STK) {
+               list_del(&ltk->list);
+               kfree(ltk);
+       }
+
        hci_dev_unlock(hdev);
 
        return;
@@ -3267,6 +3473,10 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
                hci_remote_oob_data_request_evt(hdev, skb);
                break;
 
+       case HCI_EV_NUM_COMP_BLOCKS:
+               hci_num_comp_blocks_evt(hdev, skb);
+               break;
+
        default:
                BT_DBG("%s event 0x%x", hdev->name, event);
                break;