7 files changed, 611 insertions, 289 deletions
diff --git a/include/net/bluetooth/bluetooth.h b/include/net/bluetooth/bluetooth.h
index 4a82ca0bb0b2..262ebd1747d4 100644
--- a/include/net/bluetooth/bluetooth.h
+++ b/include/net/bluetooth/bluetooth.h
@@ -109,12 +109,14 @@ struct bt_power {
 */
 #define BT_CHANNEL_POLICY_AMP_PREFERRED         2
-__printf(2, 3)
+__printf(1, 2)
-int bt_printk(const char *level, const char *fmt, ...);
+int bt_info(const char *fmt, ...);
+__printf(1, 2)
+int bt_err(const char *fmt, ...);
-#define BT_INFO(fmt, arg...)   bt_printk(KERN_INFO, pr_fmt(fmt), ##arg)
+#define BT_INFO(fmt, ...)       bt_info(fmt "\n", ##__VA_ARGS__)
-#define BT_ERR(fmt, arg...)    bt_printk(KERN_ERR, pr_fmt(fmt), ##arg)
+#define BT_ERR(fmt, ...)        bt_err(fmt "\n", ##__VA_ARGS__)
-#define BT_DBG(fmt, arg...)    pr_debug(fmt "\n", ##arg)
+#define BT_DBG(fmt, ...)        pr_debug(fmt "\n", ##__VA_ARGS__)
 /* Connection and socket states */
 enum {
@@ -129,6 +131,33 @@ enum {
        BT_CLOSED
 };
+/* If unused will be removed by compiler */
+static inline const char *state_to_string(int state)
+{
+        switch (state) {
+        case BT_CONNECTED:
+                return "BT_CONNECTED";
+        case BT_OPEN:
+                return "BT_OPEN";
+        case BT_BOUND:
+                return "BT_BOUND";
+        case BT_LISTEN:
+                return "BT_LISTEN";
+        case BT_CONNECT:
+                return "BT_CONNECT";
+        case BT_CONNECT2:
+                return "BT_CONNECT2";
+        case BT_CONFIG:
+                return "BT_CONFIG";
+        case BT_DISCONN:
+                return "BT_DISCONN";
+        case BT_CLOSED:
+                return "BT_CLOSED";
+        }
+        return "invalid state";
+}
 /* BD Address */
 typedef struct {
        __u8 b[6];
@@ -193,7 +222,6 @@ struct bt_skb_cb {
        __u16 tx_seq;
        __u8 retries;
        __u8 sar;
-        unsigned short channel;
        __u8 force_active;
 };
 #define bt_cb(skb) ((struct bt_skb_cb *)((skb)->cb))
diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h
index 00596e816b4d..d47e523c9d83 100644
--- a/include/net/bluetooth/hci.h
+++ b/include/net/bluetooth/hci.h
@@ -77,14 +77,6 @@ enum {
        HCI_RAW,
-        HCI_SETUP,
-        HCI_AUTO_OFF,
-        HCI_MGMT,
-        HCI_PAIRABLE,
-        HCI_SERVICE_CACHE,
-        HCI_LINK_KEYS,
-        HCI_DEBUG_KEYS,
        HCI_RESET,
 };
@@ -93,7 +85,23 @@ enum {
 * states from the controller.
 */
 enum {
+        HCI_SETUP,
+        HCI_AUTO_OFF,
+        HCI_MGMT,
+        HCI_PAIRABLE,
+        HCI_SERVICE_CACHE,
+        HCI_LINK_KEYS,
+        HCI_DEBUG_KEYS,
+        HCI_UNREGISTER,
        HCI_LE_SCAN,
+        HCI_SSP_ENABLED,
+        HCI_HS_ENABLED,
+        HCI_LE_ENABLED,
+        HCI_CONNECTABLE,
+        HCI_DISCOVERABLE,
+        HCI_LINK_SECURITY,
+        HCI_PENDING_CLASS,
 };
 /* HCI ioctl defines */
@@ -130,6 +138,7 @@ enum {
 #define HCI_IDLE_TIMEOUT        (6000)  /* 6 seconds */
 #define HCI_INIT_TIMEOUT        (10000) /* 10 seconds */
 #define HCI_CMD_TIMEOUT         (1000)  /* 1 seconds */
+#define HCI_ACL_TX_TIMEOUT      (45000) /* 45 seconds */
 /* HCI data types */
 #define HCI_COMMAND_PKT         0x01
@@ -229,7 +238,9 @@ enum {
 #define LMP_EXTFEATURES 0x80
 /* Extended LMP features */
-#define LMP_HOST_LE     0x02
+#define LMP_HOST_SSP            0x01
+#define LMP_HOST_LE             0x02
+#define LMP_HOST_LE_BREDR       0x04
 /* Connection modes */
 #define HCI_CM_ACTIVE   0x0000
@@ -268,10 +279,11 @@ enum {
 #define HCI_LK_UNAUTH_COMBINATION       0x04
 #define HCI_LK_AUTH_COMBINATION         0x05
 #define HCI_LK_CHANGED_COMBINATION      0x06
-/* The spec doesn't define types for SMP keys */
+/* The spec doesn't define types for SMP keys, the _MASTER suffix is implied */
-#define HCI_LK_SMP_LTK                  0x81
+#define HCI_SMP_STK                     0x80
-#define HCI_LK_SMP_IRK                  0x82
+#define HCI_SMP_STK_SLAVE               0x81
-#define HCI_LK_SMP_CSRK                 0x83
+#define HCI_SMP_LTK                     0x82
+#define HCI_SMP_LTK_SLAVE               0x83
 /* ---- HCI Error Codes ---- */
 #define HCI_ERROR_AUTH_FAILURE          0x05
@@ -284,6 +296,22 @@ enum {
 #define HCI_FLOW_CTL_MODE_PACKET_BASED  0x00
 #define HCI_FLOW_CTL_MODE_BLOCK_BASED   0x01
+/* Extended Inquiry Response field types */
+#define EIR_FLAGS               0x01 /* flags */
+#define EIR_UUID16_SOME         0x02 /* 16-bit UUID, more available */
+#define EIR_UUID16_ALL          0x03 /* 16-bit UUID, all listed */
+#define EIR_UUID32_SOME         0x04 /* 32-bit UUID, more available */
+#define EIR_UUID32_ALL          0x05 /* 32-bit UUID, all listed */
+#define EIR_UUID128_SOME        0x06 /* 128-bit UUID, more available */
+#define EIR_UUID128_ALL         0x07 /* 128-bit UUID, all listed */
+#define EIR_NAME_SHORT          0x08 /* shortened local name */
+#define EIR_NAME_COMPLETE       0x09 /* complete local name */
+#define EIR_TX_POWER            0x0A /* transmit power level */
+#define EIR_CLASS_OF_DEV        0x0D /* Class of Device */
+#define EIR_SSP_HASH_C          0x0E /* Simple Pairing Hash C */
+#define EIR_SSP_RAND_R          0x0F /* Simple Pairing Randomizer R */
+#define EIR_DEVICE_ID           0x10 /* device ID */
 /* -----  HCI Commands ---- */
 #define HCI_OP_NOP                      0x0000
@@ -666,8 +694,8 @@ struct hci_cp_host_buffer_size {
 #define HCI_OP_WRITE_EIR                0x0c52
 struct hci_cp_write_eir {
-        uint8_t         fec;
+        __u8    fec;
-        uint8_t         data[HCI_MAX_EIR_LENGTH];
+        __u8    data[HCI_MAX_EIR_LENGTH];
 } __packed;
 #define HCI_OP_READ_SSP_MODE            0x0c55
@@ -698,8 +726,8 @@ struct hci_rp_read_flow_control_mode {
 #define HCI_OP_WRITE_LE_HOST_SUPPORTED  0x0c6d
 struct hci_cp_write_le_host_supported {
-        __u8 le;
+        __u8    le;
-        __u8 simul;
+        __u8    simul;
 } __packed;
 #define HCI_OP_READ_LOCAL_VERSION       0x1001
@@ -1155,6 +1183,19 @@ struct hci_ev_le_meta {
        __u8     subevent;
 } __packed;
+#define HCI_EV_NUM_COMP_BLOCKS          0x48
+struct hci_comp_blocks_info {
+        __le16   handle;
+        __le16   pkts;
+        __le16   blocks;
+} __packed;
+struct hci_ev_num_comp_blocks {
+        __le16   num_blocks;
+        __u8     num_hndl;
+        struct hci_comp_blocks_info handles[0];
+} __packed;
 /* Low energy meta events */
 #define HCI_EV_LE_CONN_COMPLETE         0x01
 struct hci_ev_le_conn_complete {
@@ -1287,7 +1328,8 @@ struct sockaddr_hci {
 #define HCI_DEV_NONE    0xffff
 #define HCI_CHANNEL_RAW         0
-#define HCI_CHANNEL_CONTROL     1
+#define HCI_CHANNEL_MONITOR     2
+#define HCI_CHANNEL_CONTROL     3
 struct hci_filter {
        unsigned long type_mask;
@@ -1389,5 +1431,6 @@ struct hci_inquiry_req {
 #define IREQ_CACHE_FLUSH 0x0001
 extern bool enable_hs;
+extern bool enable_le;
 #endif /* __HCI_H */
diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
index 453893b3120e..6822d2595aff 100644
--- a/include/net/bluetooth/hci_core.h
+++ b/include/net/bluetooth/hci_core.h
@@ -44,14 +44,31 @@ struct inquiry_data {
 };
 struct inquiry_entry {
-        struct inquiry_entry    *next;
+        struct list_head        all;            /* inq_cache.all */
+        struct list_head        list;           /* unknown or resolve */
+        enum {
+                NAME_NOT_KNOWN,
+                NAME_NEEDED,
+                NAME_PENDING,
+                NAME_KNOWN,
+        } name_state;
        __u32                   timestamp;
        struct inquiry_data     data;
 };
-struct inquiry_cache {
+struct discovery_state {
+        int                     type;
+        enum {
+                DISCOVERY_STOPPED,
+                DISCOVERY_STARTING,
+                DISCOVERY_FINDING,
+                DISCOVERY_RESOLVING,
+                DISCOVERY_STOPPING,
+        } state;
+        struct list_head        all;            /* All devices found during inquiry */
+        struct list_head        unknown;        /* Name state not known */
+        struct list_head        resolve;        /* Name needs to be resolved */
        __u32                   timestamp;
-        struct inquiry_entry    *list;
 };
 struct hci_conn_hash {
@@ -72,18 +89,16 @@ struct bt_uuid {
        u8 svc_hint;
 };
-struct key_master_id {
+struct smp_ltk {
-        __le16 ediv;
+        struct list_head list;
-        u8 rand[8];
-} __packed;
-struct link_key_data {
        bdaddr_t bdaddr;
+        u8 bdaddr_type;
+        u8 authenticated;
        u8 type;
+        u8 enc_size;
+        __le16 ediv;
+        u8 rand[8];
        u8 val[16];
-        u8 pin_len;
-        u8 dlen;
-        u8 data[0];
 } __packed;
 struct link_key {
@@ -92,8 +107,6 @@ struct link_key {
        u8 type;
        u8 val[16];
        u8 pin_len;
-        u8 dlen;
-        u8 data[0];
 };
 struct oob_data {
@@ -109,11 +122,19 @@ struct adv_entry {
        u8 bdaddr_type;
 };
+struct le_scan_params {
+        u8 type;
+        u16 interval;
+        u16 window;
+        int timeout;
+};
+#define HCI_MAX_SHORT_NAME_LENGTH       10
 #define NUM_REASSEMBLY 4
 struct hci_dev {
        struct list_head list;
        struct mutex    lock;
-        atomic_t        refcnt;
        char            name[8];
        unsigned long   flags;
@@ -122,6 +143,7 @@ struct hci_dev {
        __u8            dev_type;
        bdaddr_t        bdaddr;
        __u8            dev_name[HCI_MAX_NAME_LENGTH];
+        __u8            short_name[HCI_MAX_SHORT_NAME_LENGTH];
        __u8            eir[HCI_MAX_EIR_LENGTH];
        __u8            dev_class[3];
        __u8            major_class;
@@ -129,7 +151,6 @@ struct hci_dev {
        __u8            features[8];
        __u8            host_features[8];
        __u8            commands[64];
-        __u8            ssp_mode;
        __u8            hci_ver;
        __u16           hci_rev;
        __u8            lmp_ver;
@@ -217,7 +238,7 @@ struct hci_dev {
        struct list_head        mgmt_pending;
-        struct inquiry_cache    inq_cache;
+        struct discovery_state  discovery;
        struct hci_conn_hash    conn_hash;
        struct list_head        blacklist;
@@ -225,6 +246,8 @@ struct hci_dev {
        struct list_head        link_keys;
+        struct list_head        long_term_keys;
        struct list_head        remote_oob_data;
        struct list_head        adv_entries;
@@ -234,7 +257,6 @@ struct hci_dev {
        struct sk_buff_head     driver_init;
-        void                    *driver_data;
        void                    *core_data;
        atomic_t                promisc;
@@ -246,15 +268,17 @@ struct hci_dev {
        struct rfkill           *rfkill;
-        struct module           *owner;
        unsigned long           dev_flags;
+        struct delayed_work     le_scan_disable;
+        struct work_struct      le_scan;
+        struct le_scan_params   le_scan_params;
        int (*open)(struct hci_dev *hdev);
        int (*close)(struct hci_dev *hdev);
        int (*flush)(struct hci_dev *hdev);
        int (*send)(struct sk_buff *skb);
-        void (*destruct)(struct hci_dev *hdev);
        void (*notify)(struct hci_dev *hdev, unsigned int evt);
        int (*ioctl)(struct hci_dev *hdev, unsigned int cmd, unsigned long arg);
 };
@@ -270,11 +294,10 @@ struct hci_conn {
        __u16           state;
        __u8            mode;
        __u8            type;
-        __u8            out;
+        bool            out;
        __u8            attempt;
        __u8            dev_class[3];
        __u8            features[8];
-        __u8            ssp_mode;
        __u16           interval;
        __u16           pkt_type;
        __u16           link_policy;
@@ -286,12 +309,10 @@ struct hci_conn {
        __u8            pin_length;
        __u8            enc_key_size;
        __u8            io_capability;
-        __u8            power_save;
        __u16           disc_timeout;
-        unsigned long   pend;
+        unsigned long   flags;
        __u8            remote_cap;
-        __u8            remote_oob;
        __u8            remote_auth;
        unsigned int    sent;
@@ -348,21 +369,26 @@ extern int sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb);
 #define INQUIRY_CACHE_AGE_MAX   (HZ*30)   /* 30 seconds */
 #define INQUIRY_ENTRY_AGE_MAX   (HZ*60)   /* 60 seconds */
-static inline void inquiry_cache_init(struct hci_dev *hdev)
+static inline void discovery_init(struct hci_dev *hdev)
 {
-        struct inquiry_cache *c = &hdev->inq_cache;
+        hdev->discovery.state = DISCOVERY_STOPPED;
-        c->list = NULL;
+        INIT_LIST_HEAD(&hdev->discovery.all);
+        INIT_LIST_HEAD(&hdev->discovery.unknown);
+        INIT_LIST_HEAD(&hdev->discovery.resolve);
 }
+bool hci_discovery_active(struct hci_dev *hdev);
+void hci_discovery_set_state(struct hci_dev *hdev, int state);
 static inline int inquiry_cache_empty(struct hci_dev *hdev)
 {
-        struct inquiry_cache *c = &hdev->inq_cache;
+        return list_empty(&hdev->discovery.all);
-        return c->list == NULL;
 }
 static inline long inquiry_cache_age(struct hci_dev *hdev)
 {
-        struct inquiry_cache *c = &hdev->inq_cache;
+        struct discovery_state *c = &hdev->discovery;
        return jiffies - c->timestamp;
 }
@@ -372,8 +398,16 @@ static inline long inquiry_entry_age(struct inquiry_entry *e)
 }
 struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev,
-                                                        bdaddr_t *bdaddr);
+                                               bdaddr_t *bdaddr);
-void hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data);
+struct inquiry_entry *hci_inquiry_cache_lookup_unknown(struct hci_dev *hdev,
+                                                       bdaddr_t *bdaddr);
+struct inquiry_entry *hci_inquiry_cache_lookup_resolve(struct hci_dev *hdev,
+                                                       bdaddr_t *bdaddr,
+                                                       int state);
+void hci_inquiry_cache_update_resolve(struct hci_dev *hdev,
+                                      struct inquiry_entry *ie);
+bool hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data,
+                              bool name_known, bool *ssp);
 /* ----- HCI Connections ----- */
 enum {
@@ -384,8 +418,19 @@ enum {
        HCI_CONN_MODE_CHANGE_PEND,
        HCI_CONN_SCO_SETUP_PEND,
        HCI_CONN_LE_SMP_PEND,
+        HCI_CONN_MGMT_CONNECTED,
+        HCI_CONN_SSP_ENABLED,
+        HCI_CONN_POWER_SAVE,
+        HCI_CONN_REMOTE_OOB,
 };
+static inline bool hci_conn_ssp_enabled(struct hci_conn *conn)
+{
+        struct hci_dev *hdev = conn->hdev;
+        return (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
+                                test_bit(HCI_CONN_SSP_ENABLED, &conn->flags));
+}
 static inline void hci_conn_hash_init(struct hci_dev *hdev)
 {
        struct hci_conn_hash *h = &hdev->conn_hash;
@@ -566,36 +611,33 @@ static inline void hci_conn_put(struct hci_conn *conn)
 }
 /* ----- HCI Devices ----- */
-static inline void __hci_dev_put(struct hci_dev *d)
+static inline void hci_dev_put(struct hci_dev *d)
 {
-        if (atomic_dec_and_test(&d->refcnt))
+        put_device(&d->dev);
-                d->destruct(d);
 }
-/*
+static inline struct hci_dev *hci_dev_hold(struct hci_dev *d)
- * hci_dev_put and hci_dev_hold are macros to avoid dragging all the
- * overhead of all the modular infrastructure into this header.
- */
-#define hci_dev_put(d)          \
-do {                            \
-        __hci_dev_put(d);       \
-        module_put(d->owner);   \
-} while (0)
-static inline struct hci_dev *__hci_dev_hold(struct hci_dev *d)
 {
-        atomic_inc(&d->refcnt);
+        get_device(&d->dev);
        return d;
 }
-#define hci_dev_hold(d)                                         \
-({                                                              \
-        try_module_get(d->owner) ? __hci_dev_hold(d) : NULL;    \
-})
 #define hci_dev_lock(d)         mutex_lock(&d->lock)
 #define hci_dev_unlock(d)       mutex_unlock(&d->lock)
+#define to_hci_dev(d) container_of(d, struct hci_dev, dev)
+#define to_hci_conn(c) container_of(c, struct hci_conn, dev)
+static inline void *hci_get_drvdata(struct hci_dev *hdev)
+{
+        return dev_get_drvdata(&hdev->dev);
+}
+static inline void hci_set_drvdata(struct hci_dev *hdev, void *data)
+{
+        dev_set_drvdata(&hdev->dev, data);
+}
 struct hci_dev *hci_dev_get(int index);
 struct hci_dev *hci_get_route(bdaddr_t *src, bdaddr_t *dst);
@@ -619,20 +661,23 @@ int hci_inquiry(void __user *arg);
 struct bdaddr_list *hci_blacklist_lookup(struct hci_dev *hdev, bdaddr_t *bdaddr);
 int hci_blacklist_clear(struct hci_dev *hdev);
-int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr);
+int hci_blacklist_add(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type);
-int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr);
+int hci_blacklist_del(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type);
 int hci_uuids_clear(struct hci_dev *hdev);
 int hci_link_keys_clear(struct hci_dev *hdev);
 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr);
 int hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, int new_key,
-                        bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len);
+                     bdaddr_t *bdaddr, u8 *val, u8 type, u8 pin_len);
-struct link_key *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, u8 rand[8]);
+struct smp_ltk *hci_find_ltk(struct hci_dev *hdev, __le16 ediv, u8 rand[8]);
-struct link_key *hci_find_link_key_type(struct hci_dev *hdev,
+int hci_add_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 addr_type, u8 type,
-                                        bdaddr_t *bdaddr, u8 type);
+                int new_key, u8 authenticated, u8 tk[16], u8 enc_size, u16 ediv,
-int hci_add_ltk(struct hci_dev *hdev, int new_key, bdaddr_t *bdaddr,
+                u8 rand[8]);
-                        u8 key_size, __le16 ediv, u8 rand[8], u8 ltk[16]);
+struct smp_ltk *hci_find_ltk_by_addr(struct hci_dev *hdev, bdaddr_t *bdaddr,
+                                     u8 addr_type);
+int hci_remove_ltk(struct hci_dev *hdev, bdaddr_t *bdaddr);
+int hci_smp_ltks_clear(struct hci_dev *hdev);
 int hci_remove_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr);
 int hci_remote_oob_data_clear(struct hci_dev *hdev);
@@ -674,6 +719,7 @@ void hci_conn_del_sysfs(struct hci_conn *conn);
 #define lmp_ssp_capable(dev)       ((dev)->features[6] & LMP_SIMPLE_PAIR)
 #define lmp_no_flush_capable(dev)  ((dev)->features[6] & LMP_NO_FLUSH)
 #define lmp_le_capable(dev)        ((dev)->features[4] & LMP_LE)
+#define lmp_bredr_capable(dev)     (!((dev)->features[4] & LMP_NO_BREDR))
 /* ----- Extended LMP capabilities ----- */
 #define lmp_host_le_capable(dev)   ((dev)->host_features[0] & LMP_HOST_LE)
@@ -755,7 +801,7 @@ static inline void hci_proto_auth_cfm(struct hci_conn *conn, __u8 status)
        if (conn->type != ACL_LINK && conn->type != LE_LINK)
                return;
-        if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
+        if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
                return;
        encrypt = (conn->link_mode & HCI_LM_ENCRYPT) ? 0x01 : 0x00;
@@ -796,7 +842,7 @@ static inline void hci_auth_cfm(struct hci_conn *conn, __u8 status)
        hci_proto_auth_cfm(conn, status);
-        if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
+        if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags))
                return;
        encrypt = (conn->link_mode & HCI_LM_ENCRYPT) ? 0x01 : 0x00;
@@ -859,25 +905,73 @@ static inline void hci_role_switch_cfm(struct hci_conn *conn, __u8 status,
        read_unlock(&hci_cb_list_lock);
 }
+static inline bool eir_has_data_type(u8 *data, size_t data_len, u8 type)
+{
+        size_t parsed = 0;
+        if (data_len < 2)
+                return false;
+        while (parsed < data_len - 1) {
+                u8 field_len = data[0];
+                if (field_len == 0)
+                        break;
+                parsed += field_len + 1;
+                if (parsed > data_len)
+                        break;
+                if (data[1] == type)
+                        return true;
+                data += field_len + 1;
+        }
+        return false;
+}
+static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
+                                  u8 data_len)
+{
+        eir[eir_len++] = sizeof(type) + data_len;
+        eir[eir_len++] = type;
+        memcpy(&eir[eir_len], data, data_len);
+        eir_len += data_len;
+        return eir_len;
+}
 int hci_register_cb(struct hci_cb *hcb);
 int hci_unregister_cb(struct hci_cb *hcb);
-int hci_register_notifier(struct notifier_block *nb);
-int hci_unregister_notifier(struct notifier_block *nb);
 int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param);
 void hci_send_acl(struct hci_chan *chan, struct sk_buff *skb, __u16 flags);
 void hci_send_sco(struct hci_conn *conn, struct sk_buff *skb);
 void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode);
-void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data);
 /* ----- HCI Sockets ----- */
-void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb,
+void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb);
-                                                        struct sock *skip_sk);
+void hci_send_to_control(struct sk_buff *skb, struct sock *skip_sk);
+void hci_send_to_monitor(struct hci_dev *hdev, struct sk_buff *skb);
+void hci_sock_dev_event(struct hci_dev *hdev, int event);
 /* Management interface */
+#define MGMT_ADDR_BREDR                 0x00
+#define MGMT_ADDR_LE_PUBLIC             0x01
+#define MGMT_ADDR_LE_RANDOM             0x02
+#define MGMT_ADDR_INVALID               0xff
+#define DISCOV_TYPE_BREDR               (BIT(MGMT_ADDR_BREDR))
+#define DISCOV_TYPE_LE                  (BIT(MGMT_ADDR_LE_PUBLIC) | \
+                                                BIT(MGMT_ADDR_LE_RANDOM))
+#define DISCOV_TYPE_INTERLEAVED         (BIT(MGMT_ADDR_BREDR) | \
+                                                BIT(MGMT_ADDR_LE_PUBLIC) | \
+                                                BIT(MGMT_ADDR_LE_RANDOM))
 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t len);
 int mgmt_index_added(struct hci_dev *hdev);
 int mgmt_index_removed(struct hci_dev *hdev);
@@ -886,56 +980,67 @@ int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable);
 int mgmt_connectable(struct hci_dev *hdev, u8 connectable);
 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status);
 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
-                                                                u8 persistent);
+                      u8 persistent);
-int mgmt_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
+int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
-                                                                u8 addr_type);
+                          u8 addr_type, u32 flags, u8 *name, u8 name_len,
-int mgmt_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
+                          u8 *dev_class);
-                                                                u8 addr_type);
+int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
-int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status);
+                             u8 link_type, u8 addr_type);
+int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
+                           u8 link_type, u8 addr_type, u8 status);
 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
-                                                u8 addr_type, u8 status);
+                        u8 addr_type, u8 status);
 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure);
 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
-                                                                u8 status);
+                                 u8 status);
 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
-                                                                u8 status);
+                                     u8 status);
 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
-                                                __le32 value, u8 confirm_hint);
+                              u8 link_type, u8 addr_type, __le32 value,
+                              u8 confirm_hint);
 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
-                                                                u8 status);
+                                     u8 link_type, u8 addr_type, u8 status);
-int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev,
+int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
-                                                bdaddr_t *bdaddr, u8 status);
+                                         u8 link_type, u8 addr_type, u8 status);
-int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr);
+int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
+                              u8 link_type, u8 addr_type);
 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
-                                                                u8 status);
+                                     u8 link_type, u8 addr_type, u8 status);
-int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev,
+int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
-                                                bdaddr_t *bdaddr, u8 status);
+                                         u8 link_type, u8 addr_type, u8 status);
-int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status);
+int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
+                     u8 addr_type, u8 status);
+int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status);
+int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status);
+int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
+                                   u8 status);
 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status);
 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
-                                                u8 *randomizer, u8 status);
+                                            u8 *randomizer, u8 status);
+int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status);
 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
-                                u8 addr_type, u8 *dev_class, s8 rssi, u8 *eir);
+                      u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name,
-int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name);
+                      u8 ssp, u8 *eir, u16 eir_len);
+int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
+                     u8 addr_type, s8 rssi, u8 *name, u8 name_len);
 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status);
 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status);
 int mgmt_discovering(struct hci_dev *hdev, u8 discovering);
-int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr);
+int mgmt_interleaved_discovery(struct hci_dev *hdev);
-int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr);
+int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type);
+int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type);
+int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent);
 /* HCI info for socket */
 #define hci_pi(sk) ((struct hci_pinfo *) sk)
-/* HCI socket flags */
-#define HCI_PI_MGMT_INIT        0
 struct hci_pinfo {
        struct bt_sock    bt;
        struct hci_dev    *hdev;
        struct hci_filter filter;
        __u32             cmsg_mask;
        unsigned short   channel;
-        unsigned long     flags;
 };
 /* HCI security filter */
@@ -966,5 +1071,7 @@ void hci_le_ltk_neg_reply(struct hci_conn *conn);
 int hci_do_inquiry(struct hci_dev *hdev, u8 length);
 int hci_cancel_inquiry(struct hci_dev *hdev);
+int hci_le_scan(struct hci_dev *hdev, u8 type, u16 interval, u16 window,
+                int timeout);
 #endif /* __HCI_CORE_H */
diff --git a/include/net/bluetooth/hci_mon.h b/include/net/bluetooth/hci_mon.h
new file mode 100644
index 000000000000..77d1e5764185
--- /dev/null
+++ b/include/net/bluetooth/hci_mon.h
@@ -0,0 +1,51 @@
+/*
+   BlueZ - Bluetooth protocol stack for Linux
+   Copyright (C) 2011-2012  Intel Corporation
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License version 2 as
+   published by the Free Software Foundation;
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
+   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
+   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
+   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
+   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
+   SOFTWARE IS DISCLAIMED.
+*/
+#ifndef __HCI_MON_H
+#define __HCI_MON_H
+struct hci_mon_hdr {
+        __le16  opcode;
+        __le16  index;
+        __le16  len;
+} __packed;
+#define HCI_MON_HDR_SIZE 6
+#define HCI_MON_NEW_INDEX       0
+#define HCI_MON_DEL_INDEX       1
+#define HCI_MON_COMMAND_PKT     2
+#define HCI_MON_EVENT_PKT       3
+#define HCI_MON_ACL_TX_PKT      4
+#define HCI_MON_ACL_RX_PKT      5
+#define HCI_MON_SCO_TX_PKT      6
+#define HCI_MON_SCO_RX_PKT      7
+struct hci_mon_new_index {
+        __u8            type;
+        __u8            bus;
+        bdaddr_t        bdaddr;
+        char            name[8];
+} __packed;
+#define HCI_MON_NEW_INDEX_SIZE 16
+#endif /* __HCI_MON_H */
diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h
index b1664ed884e6..9b242c6bf55b 100644
--- a/include/net/bluetooth/l2cap.h
+++ b/include/net/bluetooth/l2cap.h
@@ -45,11 +45,11 @@
 #define L2CAP_DEFAULT_SDU_ITIME         0xFFFFFFFF
 #define L2CAP_DEFAULT_ACC_LAT           0xFFFFFFFF
-#define L2CAP_DISC_TIMEOUT             (100)
+#define L2CAP_DISC_TIMEOUT              msecs_to_jiffies(100)
-#define L2CAP_DISC_REJ_TIMEOUT         (5000)  /*  5 seconds */
+#define L2CAP_DISC_REJ_TIMEOUT          msecs_to_jiffies(5000)
-#define L2CAP_ENC_TIMEOUT              (5000)  /*  5 seconds */
+#define L2CAP_ENC_TIMEOUT               msecs_to_jiffies(5000)
-#define L2CAP_CONN_TIMEOUT             (40000) /* 40 seconds */
+#define L2CAP_CONN_TIMEOUT              msecs_to_jiffies(40000)
-#define L2CAP_INFO_TIMEOUT             (4000)  /*  4 seconds */
+#define L2CAP_INFO_TIMEOUT              msecs_to_jiffies(4000)
 /* L2CAP socket address */
 struct sockaddr_l2 {
@@ -492,51 +492,56 @@ struct l2cap_chan {
        struct sk_buff_head     srej_q;
        struct list_head        srej_l;
-        struct list_head list;
+        struct list_head        list;
-        struct list_head global_l;
+        struct list_head        global_l;
-        void            *data;
+        void                    *data;
-        struct l2cap_ops *ops;
+        struct l2cap_ops        *ops;
+        struct mutex            lock;
 };
 struct l2cap_ops {
-        char            *name;
+        char                    *name;
        struct l2cap_chan       *(*new_connection) (void *data);
        int                     (*recv) (void *data, struct sk_buff *skb);
        void                    (*close) (void *data);
        void                    (*state_change) (void *data, int state);
+        struct sk_buff          *(*alloc_skb) (struct l2cap_chan *chan,
+                                        unsigned long len, int nb, int *err);
 };
 struct l2cap_conn {
-        struct hci_conn *hcon;
+        struct hci_conn         *hcon;
-        struct hci_chan *hchan;
+        struct hci_chan         *hchan;
-        bdaddr_t        *dst;
+        bdaddr_t                *dst;
-        bdaddr_t        *src;
+        bdaddr_t                *src;
-        unsigned int    mtu;
+        unsigned int            mtu;
-        __u32           feat_mask;
+        __u32                   feat_mask;
+        __u8                    fixed_chan_mask;
-        __u8            info_state;
+        __u8                    info_state;
-        __u8            info_ident;
+        __u8                    info_ident;
-        struct delayed_work info_timer;
+        struct delayed_work     info_timer;
-        spinlock_t      lock;
+        spinlock_t              lock;
-        struct sk_buff *rx_skb;
+        struct sk_buff          *rx_skb;
-        __u32           rx_len;
+        __u32                   rx_len;
-        __u8            tx_ident;
+        __u8                    tx_ident;
-        __u8            disc_reason;
+        __u8                    disc_reason;
-        struct delayed_work  security_timer;
+        struct delayed_work     security_timer;
-        struct smp_chan *smp_chan;
+        struct smp_chan         *smp_chan;
-        struct list_head chan_l;
+        struct list_head        chan_l;
-        struct mutex    chan_lock;
+        struct mutex            chan_lock;
 };
 #define L2CAP_INFO_CL_MTU_REQ_SENT      0x01
@@ -551,9 +556,9 @@ struct l2cap_conn {
 #define l2cap_pi(sk) ((struct l2cap_pinfo *) sk)
 struct l2cap_pinfo {
-        struct bt_sock  bt;
+        struct bt_sock          bt;
        struct l2cap_chan       *chan;
-        struct sk_buff  *rx_busy_skb;
+        struct sk_buff          *rx_busy_skb;
 };
 enum {
@@ -606,21 +611,37 @@ static inline void l2cap_chan_put(struct l2cap_chan *c)
                kfree(c);
 }
+static inline void l2cap_chan_lock(struct l2cap_chan *chan)
+{
+        mutex_lock(&chan->lock);
+}
+static inline void l2cap_chan_unlock(struct l2cap_chan *chan)
+{
+        mutex_unlock(&chan->lock);
+}
 static inline void l2cap_set_timer(struct l2cap_chan *chan,
                                        struct delayed_work *work, long timeout)
 {
-        BT_DBG("chan %p state %d timeout %ld", chan, chan->state, timeout);
+        BT_DBG("chan %p state %s timeout %ld", chan,
+                                        state_to_string(chan->state), timeout);
        if (!cancel_delayed_work(work))
                l2cap_chan_hold(chan);
        schedule_delayed_work(work, timeout);
 }
-static inline void l2cap_clear_timer(struct l2cap_chan *chan,
+static inline bool l2cap_clear_timer(struct l2cap_chan *chan,
                                        struct delayed_work *work)
 {
-        if (cancel_delayed_work(work))
+        bool ret;
+        ret = cancel_delayed_work(work);
+        if (ret)
                l2cap_chan_put(chan);
+        return ret;
 }
 #define __set_chan_timer(c, t) l2cap_set_timer(c, &c->chan_timer, (t))
diff --git a/include/net/bluetooth/mgmt.h b/include/net/bluetooth/mgmt.h
index be65d3417883..ebfd91fc20f8 100644
--- a/include/net/bluetooth/mgmt.h
+++ b/include/net/bluetooth/mgmt.h
@@ -2,6 +2,7 @@
   BlueZ - Bluetooth protocol stack for Linux
   Copyright (C) 2010  Nokia Corporation
+   Copyright (C) 2011-2012  Intel Corporation
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License version 2 as
@@ -39,29 +40,47 @@
 #define MGMT_STATUS_INVALID_PARAMS      0x0d
 #define MGMT_STATUS_DISCONNECTED        0x0e
 #define MGMT_STATUS_NOT_POWERED         0x0f
+#define MGMT_STATUS_CANCELLED           0x10
+#define MGMT_STATUS_INVALID_INDEX       0x11
 struct mgmt_hdr {
-        __le16 opcode;
+        __le16  opcode;
-        __le16 index;
+        __le16  index;
-        __le16 len;
+        __le16  len;
 } __packed;
+struct mgmt_addr_info {
+        bdaddr_t        bdaddr;
+        __u8            type;
+} __packed;
+#define MGMT_ADDR_INFO_SIZE             7
 #define MGMT_OP_READ_VERSION            0x0001
+#define MGMT_READ_VERSION_SIZE          0
 struct mgmt_rp_read_version {
-        __u8 version;
+        __u8    version;
-        __le16 revision;
+        __le16  revision;
+} __packed;
+#define MGMT_OP_READ_COMMANDS           0x0002
+#define MGMT_READ_COMMANDS_SIZE         0
+struct mgmt_rp_read_commands {
+        __le16  num_commands;
+        __le16  num_events;
+        __le16  opcodes[0];
 } __packed;
 #define MGMT_OP_READ_INDEX_LIST         0x0003
+#define MGMT_READ_INDEX_LIST_SIZE       0
 struct mgmt_rp_read_index_list {
-        __le16 num_controllers;
+        __le16  num_controllers;
-        __le16 index[0];
+        __le16  index[0];
 } __packed;
 /* Reserve one extra byte for names in management messages so that they
 * are always guaranteed to be nul-terminated */
 #define MGMT_MAX_NAME_LENGTH            (HCI_MAX_NAME_LENGTH + 1)
-#define MGMT_MAX_SHORT_NAME_LENGTH      (10 + 1)
+#define MGMT_MAX_SHORT_NAME_LENGTH      (HCI_MAX_SHORT_NAME_LENGTH + 1)
 #define MGMT_SETTING_POWERED            0x00000001
 #define MGMT_SETTING_CONNECTABLE        0x00000002
@@ -75,28 +94,32 @@ struct mgmt_rp_read_index_list {
 #define MGMT_SETTING_LE                 0x00000200
 #define MGMT_OP_READ_INFO               0x0004
+#define MGMT_READ_INFO_SIZE             0
 struct mgmt_rp_read_info {
-        bdaddr_t bdaddr;
+        bdaddr_t        bdaddr;
-        __u8 version;
+        __u8            version;
-        __le16 manufacturer;
+        __le16          manufacturer;
-        __le32 supported_settings;
+        __le32          supported_settings;
-        __le32 current_settings;
+        __le32          current_settings;
-        __u8 dev_class[3];
+        __u8            dev_class[3];
-        __u8 name[MGMT_MAX_NAME_LENGTH];
+        __u8            name[MGMT_MAX_NAME_LENGTH];
-        __u8 short_name[MGMT_MAX_SHORT_NAME_LENGTH];
+        __u8            short_name[MGMT_MAX_SHORT_NAME_LENGTH];
 } __packed;
 struct mgmt_mode {
        __u8 val;
 } __packed;
+#define MGMT_SETTING_SIZE               1
 #define MGMT_OP_SET_POWERED             0x0005
 #define MGMT_OP_SET_DISCOVERABLE        0x0006
 struct mgmt_cp_set_discoverable {
-        __u8 val;
+        __u8    val;
-        __u16 timeout;
+        __le16  timeout;
 } __packed;
+#define MGMT_SET_DISCOVERABLE_SIZE      3
 #define MGMT_OP_SET_CONNECTABLE         0x0007
@@ -111,73 +134,76 @@ struct mgmt_cp_set_discoverable {
 #define MGMT_OP_SET_HS                  0x000C
 #define MGMT_OP_SET_LE                  0x000D
 #define MGMT_OP_SET_DEV_CLASS           0x000E
 struct mgmt_cp_set_dev_class {
-        __u8 major;
+        __u8    major;
-        __u8 minor;
+        __u8    minor;
 } __packed;
+#define MGMT_SET_DEV_CLASS_SIZE         2
 #define MGMT_OP_SET_LOCAL_NAME          0x000F
 struct mgmt_cp_set_local_name {
-        __u8 name[MGMT_MAX_NAME_LENGTH];
+        __u8    name[MGMT_MAX_NAME_LENGTH];
+        __u8    short_name[MGMT_MAX_SHORT_NAME_LENGTH];
 } __packed;
+#define MGMT_SET_LOCAL_NAME_SIZE        260
 #define MGMT_OP_ADD_UUID                0x0010
 struct mgmt_cp_add_uuid {
-        __u8 uuid[16];
+        __u8    uuid[16];
-        __u8 svc_hint;
+        __u8    svc_hint;
 } __packed;
+#define MGMT_ADD_UUID_SIZE              17
 #define MGMT_OP_REMOVE_UUID             0x0011
 struct mgmt_cp_remove_uuid {
-        __u8 uuid[16];
+        __u8    uuid[16];
 } __packed;
+#define MGMT_REMOVE_UUID_SIZE           16
 struct mgmt_link_key_info {
-        bdaddr_t bdaddr;
+        struct mgmt_addr_info addr;
-        u8 type;
+        __u8    type;
-        u8 val[16];
+        __u8    val[16];
-        u8 pin_len;
+        __u8    pin_len;
 } __packed;
 #define MGMT_OP_LOAD_LINK_KEYS          0x0012
 struct mgmt_cp_load_link_keys {
-        __u8 debug_keys;
+        __u8    debug_keys;
-        __le16 key_count;
+        __le16  key_count;
-        struct mgmt_link_key_info keys[0];
+        struct  mgmt_link_key_info keys[0];
 } __packed;
+#define MGMT_LOAD_LINK_KEYS_SIZE        3
-#define MGMT_OP_REMOVE_KEYS             0x0013
+struct mgmt_ltk_info {
-struct mgmt_cp_remove_keys {
+        struct mgmt_addr_info addr;
-        bdaddr_t bdaddr;
+        __u8    authenticated;
-        __u8 disconnect;
+        __u8    master;
+        __u8    enc_size;
+        __le16  ediv;
+        __u8    rand[8];
+        __u8    val[16];
 } __packed;
-struct mgmt_rp_remove_keys {
-        bdaddr_t bdaddr;
+#define MGMT_OP_LOAD_LONG_TERM_KEYS     0x0013
-        __u8 status;
+struct mgmt_cp_load_long_term_keys {
-};
+        __le16  key_count;
+        struct  mgmt_ltk_info keys[0];
+} __packed;
+#define MGMT_LOAD_LONG_TERM_KEYS_SIZE   2
 #define MGMT_OP_DISCONNECT              0x0014
 struct mgmt_cp_disconnect {
-        bdaddr_t bdaddr;
+        struct mgmt_addr_info addr;
 } __packed;
+#define MGMT_DISCONNECT_SIZE            MGMT_ADDR_INFO_SIZE
 struct mgmt_rp_disconnect {
-        bdaddr_t bdaddr;
+        struct mgmt_addr_info addr;
-        __u8 status;
-} __packed;
-#define MGMT_ADDR_BREDR                 0x00
-#define MGMT_ADDR_LE_PUBLIC             0x01
-#define MGMT_ADDR_LE_RANDOM             0x02
-#define MGMT_ADDR_INVALID               0xff
-struct mgmt_addr_info {
-        bdaddr_t bdaddr;
-        __u8 type;
 } __packed;
 #define MGMT_OP_GET_CONNECTIONS         0x0015
+#define MGMT_GET_CONNECTIONS_SIZE       0
 struct mgmt_rp_get_connections {
        __le16 conn_count;
        struct mgmt_addr_info addr[0];
@@ -185,124 +211,152 @@ struct mgmt_rp_get_connections {
 #define MGMT_OP_PIN_CODE_REPLY          0x0016
 struct mgmt_cp_pin_code_reply {
-        bdaddr_t bdaddr;
+        struct mgmt_addr_info addr;
-        __u8 pin_len;
+        __u8    pin_len;
-        __u8 pin_code[16];
+        __u8    pin_code[16];
 } __packed;
+#define MGMT_PIN_CODE_REPLY_SIZE        (MGMT_ADDR_INFO_SIZE + 17)
 struct mgmt_rp_pin_code_reply {
-        bdaddr_t bdaddr;
+        struct mgmt_addr_info addr;
-        uint8_t status;
 } __packed;
 #define MGMT_OP_PIN_CODE_NEG_REPLY      0x0017
 struct mgmt_cp_pin_code_neg_reply {
-        bdaddr_t bdaddr;
+        struct mgmt_addr_info addr;
 } __packed;
+#define MGMT_PIN_CODE_NEG_REPLY_SIZE    MGMT_ADDR_INFO_SIZE
 #define MGMT_OP_SET_IO_CAPABILITY       0x0018
 struct mgmt_cp_set_io_capability {
-        __u8 io_capability;
+        __u8    io_capability;
 } __packed;
+#define MGMT_SET_IO_CAPABILITY_SIZE     1
 #define MGMT_OP_PAIR_DEVICE             0x0019
 struct mgmt_cp_pair_device {
        struct mgmt_addr_info addr;
-        __u8 io_cap;
+        __u8    io_cap;
 } __packed;
+#define MGMT_PAIR_DEVICE_SIZE           (MGMT_ADDR_INFO_SIZE + 1)
 struct mgmt_rp_pair_device {
        struct mgmt_addr_info addr;
-        __u8 status;
 } __packed;
-#define MGMT_OP_USER_CONFIRM_REPLY      0x001A
+#define MGMT_OP_CANCEL_PAIR_DEVICE      0x001A
+#define MGMT_CANCEL_PAIR_DEVICE_SIZE    MGMT_ADDR_INFO_SIZE
+#define MGMT_OP_UNPAIR_DEVICE           0x001B
+struct mgmt_cp_unpair_device {
+        struct mgmt_addr_info addr;
+        __u8 disconnect;
+} __packed;
+#define MGMT_UNPAIR_DEVICE_SIZE         (MGMT_ADDR_INFO_SIZE + 1)
+struct mgmt_rp_unpair_device {
+        struct mgmt_addr_info addr;
+};
+#define MGMT_OP_USER_CONFIRM_REPLY      0x001C
 struct mgmt_cp_user_confirm_reply {
-        bdaddr_t bdaddr;
+        struct mgmt_addr_info addr;
 } __packed;
+#define MGMT_USER_CONFIRM_REPLY_SIZE    MGMT_ADDR_INFO_SIZE
 struct mgmt_rp_user_confirm_reply {
-        bdaddr_t bdaddr;
+        struct mgmt_addr_info addr;
-        __u8 status;
 } __packed;
-#define MGMT_OP_USER_CONFIRM_NEG_REPLY  0x001B
+#define MGMT_OP_USER_CONFIRM_NEG_REPLY  0x001D
 struct mgmt_cp_user_confirm_neg_reply {
-        bdaddr_t bdaddr;
+        struct mgmt_addr_info addr;
 } __packed;
+#define MGMT_USER_CONFIRM_NEG_REPLY_SIZE MGMT_ADDR_INFO_SIZE
-#define MGMT_OP_USER_PASSKEY_REPLY      0x001C
+#define MGMT_OP_USER_PASSKEY_REPLY      0x001E
 struct mgmt_cp_user_passkey_reply {
-        bdaddr_t bdaddr;
+        struct mgmt_addr_info addr;
-        __le32 passkey;
+        __le32  passkey;
 } __packed;
+#define MGMT_USER_PASSKEY_REPLY_SIZE    (MGMT_ADDR_INFO_SIZE + 4)
 struct mgmt_rp_user_passkey_reply {
-        bdaddr_t bdaddr;
+        struct mgmt_addr_info addr;
-        __u8 status;
 } __packed;
-#define MGMT_OP_USER_PASSKEY_NEG_REPLY  0x001D
+#define MGMT_OP_USER_PASSKEY_NEG_REPLY  0x001F
 struct mgmt_cp_user_passkey_neg_reply {
-        bdaddr_t bdaddr;
+        struct mgmt_addr_info addr;
 } __packed;
+#define MGMT_USER_PASSKEY_NEG_REPLY_SIZE MGMT_ADDR_INFO_SIZE
-#define MGMT_OP_READ_LOCAL_OOB_DATA     0x001E
+#define MGMT_OP_READ_LOCAL_OOB_DATA     0x0020
+#define MGMT_READ_LOCAL_OOB_DATA_SIZE   0
 struct mgmt_rp_read_local_oob_data {
-        __u8 hash[16];
+        __u8    hash[16];
-        __u8 randomizer[16];
+        __u8    randomizer[16];
 } __packed;
-#define MGMT_OP_ADD_REMOTE_OOB_DATA     0x001F
+#define MGMT_OP_ADD_REMOTE_OOB_DATA     0x0021
 struct mgmt_cp_add_remote_oob_data {
-        bdaddr_t bdaddr;
+        struct mgmt_addr_info addr;
-        __u8 hash[16];
+        __u8    hash[16];
-        __u8 randomizer[16];
+        __u8    randomizer[16];
 } __packed;
+#define MGMT_ADD_REMOTE_OOB_DATA_SIZE   (MGMT_ADDR_INFO_SIZE + 32)
-#define MGMT_OP_REMOVE_REMOTE_OOB_DATA  0x0020
+#define MGMT_OP_REMOVE_REMOTE_OOB_DATA  0x0022
 struct mgmt_cp_remove_remote_oob_data {
-        bdaddr_t bdaddr;
+        struct mgmt_addr_info addr;
 } __packed;
+#define MGMT_REMOVE_REMOTE_OOB_DATA_SIZE MGMT_ADDR_INFO_SIZE
-#define MGMT_OP_START_DISCOVERY         0x0021
+#define MGMT_OP_START_DISCOVERY         0x0023
 struct mgmt_cp_start_discovery {
        __u8 type;
 } __packed;
+#define MGMT_START_DISCOVERY_SIZE       1
-#define MGMT_OP_STOP_DISCOVERY          0x0022
+#define MGMT_OP_STOP_DISCOVERY          0x0024
+struct mgmt_cp_stop_discovery {
+        __u8 type;
+} __packed;
+#define MGMT_STOP_DISCOVERY_SIZE        1
-#define MGMT_OP_CONFIRM_NAME            0x0023
+#define MGMT_OP_CONFIRM_NAME            0x0025
 struct mgmt_cp_confirm_name {
-        bdaddr_t bdaddr;
+        struct mgmt_addr_info addr;
-        __u8 name_known;
+        __u8    name_known;
 } __packed;
+#define MGMT_CONFIRM_NAME_SIZE          (MGMT_ADDR_INFO_SIZE + 1)
 struct mgmt_rp_confirm_name {
-        bdaddr_t bdaddr;
+        struct mgmt_addr_info addr;
-        __u8 status;
 } __packed;
-#define MGMT_OP_BLOCK_DEVICE            0x0024
+#define MGMT_OP_BLOCK_DEVICE            0x0026
 struct mgmt_cp_block_device {
-        bdaddr_t bdaddr;
+        struct mgmt_addr_info addr;
 } __packed;
+#define MGMT_BLOCK_DEVICE_SIZE          MGMT_ADDR_INFO_SIZE
-#define MGMT_OP_UNBLOCK_DEVICE          0x0025
+#define MGMT_OP_UNBLOCK_DEVICE          0x0027
 struct mgmt_cp_unblock_device {
-        bdaddr_t bdaddr;
+        struct mgmt_addr_info addr;
 } __packed;
+#define MGMT_UNBLOCK_DEVICE_SIZE        MGMT_ADDR_INFO_SIZE
 #define MGMT_EV_CMD_COMPLETE            0x0001
 struct mgmt_ev_cmd_complete {
-        __le16 opcode;
+        __le16  opcode;
-        __u8 data[0];
+        __u8    status;
+        __u8    data[0];
 } __packed;
 #define MGMT_EV_CMD_STATUS              0x0002
 struct mgmt_ev_cmd_status {
-        __u8 status;
+        __le16  opcode;
-        __le16 opcode;
+        __u8    status;
 } __packed;
 #define MGMT_EV_CONTROLLER_ERROR        0x0003
 struct mgmt_ev_controller_error {
-        __u8 error_code;
+        __u8    error_code;
 } __packed;
 #define MGMT_EV_INDEX_ADDED             0x0004
@@ -313,78 +367,96 @@ struct mgmt_ev_controller_error {
 #define MGMT_EV_CLASS_OF_DEV_CHANGED    0x0007
 struct mgmt_ev_class_of_dev_changed {
-        __u8 dev_class[3];
+        __u8    dev_class[3];
 };
 #define MGMT_EV_LOCAL_NAME_CHANGED      0x0008
 struct mgmt_ev_local_name_changed {
-        __u8 name[MGMT_MAX_NAME_LENGTH];
+        __u8    name[MGMT_MAX_NAME_LENGTH];
-        __u8 short_name[MGMT_MAX_SHORT_NAME_LENGTH];
+        __u8    short_name[MGMT_MAX_SHORT_NAME_LENGTH];
 } __packed;
 #define MGMT_EV_NEW_LINK_KEY            0x0009
 struct mgmt_ev_new_link_key {
-        __u8 store_hint;
+        __u8    store_hint;
        struct mgmt_link_key_info key;
 } __packed;
-#define MGMT_EV_CONNECTED               0x000A
+#define MGMT_EV_NEW_LONG_TERM_KEY       0x000A
+struct mgmt_ev_new_long_term_key {
+        __u8    store_hint;
+        struct mgmt_ltk_info key;
+} __packed;
-#define MGMT_EV_DISCONNECTED            0x000B
+#define MGMT_EV_DEVICE_CONNECTED        0x000B
+struct mgmt_ev_device_connected {
+        struct mgmt_addr_info addr;
+        __le32  flags;
+        __le16  eir_len;
+        __u8    eir[0];
+} __packed;
+#define MGMT_EV_DEVICE_DISCONNECTED     0x000C
-#define MGMT_EV_CONNECT_FAILED          0x000C
+#define MGMT_EV_CONNECT_FAILED          0x000D
 struct mgmt_ev_connect_failed {
        struct mgmt_addr_info addr;
-        __u8 status;
+        __u8    status;
 } __packed;
-#define MGMT_EV_PIN_CODE_REQUEST        0x000D
+#define MGMT_EV_PIN_CODE_REQUEST        0x000E
 struct mgmt_ev_pin_code_request {
-        bdaddr_t bdaddr;
+        struct mgmt_addr_info addr;
-        __u8 secure;
+        __u8    secure;
 } __packed;
-#define MGMT_EV_USER_CONFIRM_REQUEST    0x000E
+#define MGMT_EV_USER_CONFIRM_REQUEST    0x000F
 struct mgmt_ev_user_confirm_request {
-        bdaddr_t bdaddr;
+        struct mgmt_addr_info addr;
-        __u8 confirm_hint;
+        __u8    confirm_hint;
-        __le32 value;
+        __le32  value;
 } __packed;
-#define MGMT_EV_USER_PASSKEY_REQUEST    0x000F
+#define MGMT_EV_USER_PASSKEY_REQUEST    0x0010
 struct mgmt_ev_user_passkey_request {
-        bdaddr_t bdaddr;
+        struct mgmt_addr_info addr;
 } __packed;
-#define MGMT_EV_AUTH_FAILED             0x0010
+#define MGMT_EV_AUTH_FAILED             0x0011
 struct mgmt_ev_auth_failed {
-        bdaddr_t bdaddr;
+        struct mgmt_addr_info addr;
-        __u8 status;
+        __u8    status;
 } __packed;
-#define MGMT_EV_DEVICE_FOUND            0x0011
+#define MGMT_DEV_FOUND_CONFIRM_NAME    0x01
+#define MGMT_DEV_FOUND_LEGACY_PAIRING  0x02
+#define MGMT_EV_DEVICE_FOUND            0x0012
 struct mgmt_ev_device_found {
        struct mgmt_addr_info addr;
-        __u8 dev_class[3];
+        __s8    rssi;
-        __s8 rssi;
+        __u8    flags[4];
-        __u8 confirm_name;
+        __le16  eir_len;
-        __u8 eir[HCI_MAX_EIR_LENGTH];
+        __u8    eir[0];
-} __packed;
-#define MGMT_EV_REMOTE_NAME             0x0012
-struct mgmt_ev_remote_name {
-        bdaddr_t bdaddr;
-        __u8 name[MGMT_MAX_NAME_LENGTH];
 } __packed;
 #define MGMT_EV_DISCOVERING             0x0013
+struct mgmt_ev_discovering {
+        __u8    type;
+        __u8    discovering;
+} __packed;
 #define MGMT_EV_DEVICE_BLOCKED          0x0014
 struct mgmt_ev_device_blocked {
-        bdaddr_t bdaddr;
+        struct mgmt_addr_info addr;
 } __packed;
 #define MGMT_EV_DEVICE_UNBLOCKED        0x0015
 struct mgmt_ev_device_unblocked {
-        bdaddr_t bdaddr;
+        struct mgmt_addr_info addr;
+} __packed;
+#define MGMT_EV_DEVICE_UNPAIRED         0x0016
+struct mgmt_ev_device_unpaired {
+        struct mgmt_addr_info addr;
 } __packed;
diff --git a/include/net/bluetooth/smp.h b/include/net/bluetooth/smp.h
index aeaf5fa2b9f1..7b3acdd29134 100644
--- a/include/net/bluetooth/smp.h
+++ b/include/net/bluetooth/smp.h
@@ -127,7 +127,7 @@ struct smp_chan {
        u8              rrnd[16]; /* SMP Pairing Random (remote) */
        u8              pcnf[16]; /* SMP Pairing Confirm */
        u8              tk[16]; /* SMP Temporary Key */
-        u8              smp_key_size;
+        u8              enc_key_size;
        unsigned long   smp_flags;
        struct crypto_blkcipher *tfm;
        struct work_struct confirm;