aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--drivers/bluetooth/bfusb.c8
-rw-r--r--drivers/bluetooth/bluecard_cs.c24
-rw-r--r--drivers/bluetooth/bpa10x.c14
-rw-r--r--drivers/bluetooth/bt3c_cs.c12
-rw-r--r--drivers/bluetooth/btuart_cs.c10
-rw-r--r--drivers/bluetooth/dtl1_cs.c10
-rw-r--r--drivers/bluetooth/hci_bcsp.c18
-rw-r--r--drivers/bluetooth/hci_h4.c4
-rw-r--r--drivers/bluetooth/hci_ldisc.c4
-rw-r--r--drivers/bluetooth/hci_usb.c21
-rw-r--r--drivers/bluetooth/hci_vhci.c24
-rw-r--r--include/net/bluetooth/bluetooth.h3
-rw-r--r--net/bluetooth/hci_core.c16
-rw-r--r--net/bluetooth/hci_event.c2
-rw-r--r--net/bluetooth/hci_sock.c18
15 files changed, 96 insertions, 92 deletions
diff --git a/drivers/bluetooth/bfusb.c b/drivers/bluetooth/bfusb.c
index e8d2a340356d..1e9db0156ea7 100644
--- a/drivers/bluetooth/bfusb.c
+++ b/drivers/bluetooth/bfusb.c
@@ -330,7 +330,7 @@ static inline int bfusb_recv_block(struct bfusb *bfusb, int hdr, unsigned char *
330 } 330 }
331 331
332 skb->dev = (void *) bfusb->hdev; 332 skb->dev = (void *) bfusb->hdev;
333 skb->pkt_type = pkt_type; 333 bt_cb(skb)->pkt_type = pkt_type;
334 334
335 bfusb->reassembly = skb; 335 bfusb->reassembly = skb;
336 } else { 336 } else {
@@ -485,7 +485,7 @@ static int bfusb_send_frame(struct sk_buff *skb)
485 unsigned char buf[3]; 485 unsigned char buf[3];
486 int sent = 0, size, count; 486 int sent = 0, size, count;
487 487
488 BT_DBG("hdev %p skb %p type %d len %d", hdev, skb, skb->pkt_type, skb->len); 488 BT_DBG("hdev %p skb %p type %d len %d", hdev, skb, bt_cb(skb)->pkt_type, skb->len);
489 489
490 if (!hdev) { 490 if (!hdev) {
491 BT_ERR("Frame for unknown HCI device (hdev=NULL)"); 491 BT_ERR("Frame for unknown HCI device (hdev=NULL)");
@@ -497,7 +497,7 @@ static int bfusb_send_frame(struct sk_buff *skb)
497 497
498 bfusb = (struct bfusb *) hdev->driver_data; 498 bfusb = (struct bfusb *) hdev->driver_data;
499 499
500 switch (skb->pkt_type) { 500 switch (bt_cb(skb)->pkt_type) {
501 case HCI_COMMAND_PKT: 501 case HCI_COMMAND_PKT:
502 hdev->stat.cmd_tx++; 502 hdev->stat.cmd_tx++;
503 break; 503 break;
@@ -510,7 +510,7 @@ static int bfusb_send_frame(struct sk_buff *skb)
510 }; 510 };
511 511
512 /* Prepend skb with frame type */ 512 /* Prepend skb with frame type */
513 memcpy(skb_push(skb, 1), &(skb->pkt_type), 1); 513 memcpy(skb_push(skb, 1), &bt_cb(skb)->pkt_type, 1);
514 514
515 count = skb->len; 515 count = skb->len;
516 516
diff --git a/drivers/bluetooth/bluecard_cs.c b/drivers/bluetooth/bluecard_cs.c
index bd2ec7e284cc..26fe9c0e1d20 100644
--- a/drivers/bluetooth/bluecard_cs.c
+++ b/drivers/bluetooth/bluecard_cs.c
@@ -270,7 +270,7 @@ static void bluecard_write_wakeup(bluecard_info_t *info)
270 if (!(skb = skb_dequeue(&(info->txq)))) 270 if (!(skb = skb_dequeue(&(info->txq))))
271 break; 271 break;
272 272
273 if (skb->pkt_type & 0x80) { 273 if (bt_cb(skb)->pkt_type & 0x80) {
274 /* Disable RTS */ 274 /* Disable RTS */
275 info->ctrl_reg |= REG_CONTROL_RTS; 275 info->ctrl_reg |= REG_CONTROL_RTS;
276 outb(info->ctrl_reg, iobase + REG_CONTROL); 276 outb(info->ctrl_reg, iobase + REG_CONTROL);
@@ -288,13 +288,13 @@ static void bluecard_write_wakeup(bluecard_info_t *info)
288 /* Mark the buffer as dirty */ 288 /* Mark the buffer as dirty */
289 clear_bit(ready_bit, &(info->tx_state)); 289 clear_bit(ready_bit, &(info->tx_state));
290 290
291 if (skb->pkt_type & 0x80) { 291 if (bt_cb(skb)->pkt_type & 0x80) {
292 DECLARE_WAIT_QUEUE_HEAD(wq); 292 DECLARE_WAIT_QUEUE_HEAD(wq);
293 DEFINE_WAIT(wait); 293 DEFINE_WAIT(wait);
294 294
295 unsigned char baud_reg; 295 unsigned char baud_reg;
296 296
297 switch (skb->pkt_type) { 297 switch (bt_cb(skb)->pkt_type) {
298 case PKT_BAUD_RATE_460800: 298 case PKT_BAUD_RATE_460800:
299 baud_reg = REG_CONTROL_BAUD_RATE_460800; 299 baud_reg = REG_CONTROL_BAUD_RATE_460800;
300 break; 300 break;
@@ -410,9 +410,9 @@ static void bluecard_receive(bluecard_info_t *info, unsigned int offset)
410 if (info->rx_state == RECV_WAIT_PACKET_TYPE) { 410 if (info->rx_state == RECV_WAIT_PACKET_TYPE) {
411 411
412 info->rx_skb->dev = (void *) info->hdev; 412 info->rx_skb->dev = (void *) info->hdev;
413 info->rx_skb->pkt_type = buf[i]; 413 bt_cb(info->rx_skb)->pkt_type = buf[i];
414 414
415 switch (info->rx_skb->pkt_type) { 415 switch (bt_cb(info->rx_skb)->pkt_type) {
416 416
417 case 0x00: 417 case 0x00:
418 /* init packet */ 418 /* init packet */
@@ -444,7 +444,7 @@ static void bluecard_receive(bluecard_info_t *info, unsigned int offset)
444 444
445 default: 445 default:
446 /* unknown packet */ 446 /* unknown packet */
447 BT_ERR("Unknown HCI packet with type 0x%02x received", info->rx_skb->pkt_type); 447 BT_ERR("Unknown HCI packet with type 0x%02x received", bt_cb(info->rx_skb)->pkt_type);
448 info->hdev->stat.err_rx++; 448 info->hdev->stat.err_rx++;
449 449
450 kfree_skb(info->rx_skb); 450 kfree_skb(info->rx_skb);
@@ -586,21 +586,21 @@ static int bluecard_hci_set_baud_rate(struct hci_dev *hdev, int baud)
586 switch (baud) { 586 switch (baud) {
587 case 460800: 587 case 460800:
588 cmd[4] = 0x00; 588 cmd[4] = 0x00;
589 skb->pkt_type = PKT_BAUD_RATE_460800; 589 bt_cb(skb)->pkt_type = PKT_BAUD_RATE_460800;
590 break; 590 break;
591 case 230400: 591 case 230400:
592 cmd[4] = 0x01; 592 cmd[4] = 0x01;
593 skb->pkt_type = PKT_BAUD_RATE_230400; 593 bt_cb(skb)->pkt_type = PKT_BAUD_RATE_230400;
594 break; 594 break;
595 case 115200: 595 case 115200:
596 cmd[4] = 0x02; 596 cmd[4] = 0x02;
597 skb->pkt_type = PKT_BAUD_RATE_115200; 597 bt_cb(skb)->pkt_type = PKT_BAUD_RATE_115200;
598 break; 598 break;
599 case 57600: 599 case 57600:
600 /* Fall through... */ 600 /* Fall through... */
601 default: 601 default:
602 cmd[4] = 0x03; 602 cmd[4] = 0x03;
603 skb->pkt_type = PKT_BAUD_RATE_57600; 603 bt_cb(skb)->pkt_type = PKT_BAUD_RATE_57600;
604 break; 604 break;
605 } 605 }
606 606
@@ -680,7 +680,7 @@ static int bluecard_hci_send_frame(struct sk_buff *skb)
680 680
681 info = (bluecard_info_t *)(hdev->driver_data); 681 info = (bluecard_info_t *)(hdev->driver_data);
682 682
683 switch (skb->pkt_type) { 683 switch (bt_cb(skb)->pkt_type) {
684 case HCI_COMMAND_PKT: 684 case HCI_COMMAND_PKT:
685 hdev->stat.cmd_tx++; 685 hdev->stat.cmd_tx++;
686 break; 686 break;
@@ -693,7 +693,7 @@ static int bluecard_hci_send_frame(struct sk_buff *skb)
693 }; 693 };
694 694
695 /* Prepend skb with frame type */ 695 /* Prepend skb with frame type */
696 memcpy(skb_push(skb, 1), &(skb->pkt_type), 1); 696 memcpy(skb_push(skb, 1), &bt_cb(skb)->pkt_type, 1);
697 skb_queue_tail(&(info->txq), skb); 697 skb_queue_tail(&(info->txq), skb);
698 698
699 bluecard_write_wakeup(info); 699 bluecard_write_wakeup(info);
diff --git a/drivers/bluetooth/bpa10x.c b/drivers/bluetooth/bpa10x.c
index d6b81c1535dd..a1bf8f066c88 100644
--- a/drivers/bluetooth/bpa10x.c
+++ b/drivers/bluetooth/bpa10x.c
@@ -105,7 +105,7 @@ static void bpa10x_recv_bulk(struct bpa10x_data *data, unsigned char *buf, int c
105 if (skb) { 105 if (skb) {
106 memcpy(skb_put(skb, len), buf, len); 106 memcpy(skb_put(skb, len), buf, len);
107 skb->dev = (void *) data->hdev; 107 skb->dev = (void *) data->hdev;
108 skb->pkt_type = HCI_ACLDATA_PKT; 108 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
109 hci_recv_frame(skb); 109 hci_recv_frame(skb);
110 } 110 }
111 break; 111 break;
@@ -117,7 +117,7 @@ static void bpa10x_recv_bulk(struct bpa10x_data *data, unsigned char *buf, int c
117 if (skb) { 117 if (skb) {
118 memcpy(skb_put(skb, len), buf, len); 118 memcpy(skb_put(skb, len), buf, len);
119 skb->dev = (void *) data->hdev; 119 skb->dev = (void *) data->hdev;
120 skb->pkt_type = HCI_SCODATA_PKT; 120 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
121 hci_recv_frame(skb); 121 hci_recv_frame(skb);
122 } 122 }
123 break; 123 break;
@@ -129,7 +129,7 @@ static void bpa10x_recv_bulk(struct bpa10x_data *data, unsigned char *buf, int c
129 if (skb) { 129 if (skb) {
130 memcpy(skb_put(skb, len), buf, len); 130 memcpy(skb_put(skb, len), buf, len);
131 skb->dev = (void *) data->hdev; 131 skb->dev = (void *) data->hdev;
132 skb->pkt_type = HCI_VENDOR_PKT; 132 bt_cb(skb)->pkt_type = HCI_VENDOR_PKT;
133 hci_recv_frame(skb); 133 hci_recv_frame(skb);
134 } 134 }
135 break; 135 break;
@@ -190,7 +190,7 @@ static int bpa10x_recv_event(struct bpa10x_data *data, unsigned char *buf, int s
190 } 190 }
191 191
192 skb->dev = (void *) data->hdev; 192 skb->dev = (void *) data->hdev;
193 skb->pkt_type = pkt_type; 193 bt_cb(skb)->pkt_type = pkt_type;
194 194
195 memcpy(skb_put(skb, size), buf, size); 195 memcpy(skb_put(skb, size), buf, size);
196 196
@@ -488,7 +488,7 @@ static int bpa10x_send_frame(struct sk_buff *skb)
488 struct hci_dev *hdev = (struct hci_dev *) skb->dev; 488 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
489 struct bpa10x_data *data; 489 struct bpa10x_data *data;
490 490
491 BT_DBG("hdev %p skb %p type %d len %d", hdev, skb, skb->pkt_type, skb->len); 491 BT_DBG("hdev %p skb %p type %d len %d", hdev, skb, bt_cb(skb)->pkt_type, skb->len);
492 492
493 if (!hdev) { 493 if (!hdev) {
494 BT_ERR("Frame for unknown HCI device"); 494 BT_ERR("Frame for unknown HCI device");
@@ -501,9 +501,9 @@ static int bpa10x_send_frame(struct sk_buff *skb)
501 data = hdev->driver_data; 501 data = hdev->driver_data;
502 502
503 /* Prepend skb with frame type */ 503 /* Prepend skb with frame type */
504 memcpy(skb_push(skb, 1), &(skb->pkt_type), 1); 504 memcpy(skb_push(skb, 1), &bt_cb(skb)->pkt_type, 1);
505 505
506 switch (skb->pkt_type) { 506 switch (bt_cb(skb)->pkt_type) {
507 case HCI_COMMAND_PKT: 507 case HCI_COMMAND_PKT:
508 hdev->stat.cmd_tx++; 508 hdev->stat.cmd_tx++;
509 skb_queue_tail(&data->cmd_queue, skb); 509 skb_queue_tail(&data->cmd_queue, skb);
diff --git a/drivers/bluetooth/bt3c_cs.c b/drivers/bluetooth/bt3c_cs.c
index adf1750ea58d..2e0338d80f32 100644
--- a/drivers/bluetooth/bt3c_cs.c
+++ b/drivers/bluetooth/bt3c_cs.c
@@ -259,11 +259,11 @@ static void bt3c_receive(bt3c_info_t *info)
259 if (info->rx_state == RECV_WAIT_PACKET_TYPE) { 259 if (info->rx_state == RECV_WAIT_PACKET_TYPE) {
260 260
261 info->rx_skb->dev = (void *) info->hdev; 261 info->rx_skb->dev = (void *) info->hdev;
262 info->rx_skb->pkt_type = inb(iobase + DATA_L); 262 bt_cb(info->rx_skb)->pkt_type = inb(iobase + DATA_L);
263 inb(iobase + DATA_H); 263 inb(iobase + DATA_H);
264 //printk("bt3c: PACKET_TYPE=%02x\n", info->rx_skb->pkt_type); 264 //printk("bt3c: PACKET_TYPE=%02x\n", bt_cb(info->rx_skb)->pkt_type);
265 265
266 switch (info->rx_skb->pkt_type) { 266 switch (bt_cb(info->rx_skb)->pkt_type) {
267 267
268 case HCI_EVENT_PKT: 268 case HCI_EVENT_PKT:
269 info->rx_state = RECV_WAIT_EVENT_HEADER; 269 info->rx_state = RECV_WAIT_EVENT_HEADER;
@@ -282,7 +282,7 @@ static void bt3c_receive(bt3c_info_t *info)
282 282
283 default: 283 default:
284 /* Unknown packet */ 284 /* Unknown packet */
285 BT_ERR("Unknown HCI packet with type 0x%02x received", info->rx_skb->pkt_type); 285 BT_ERR("Unknown HCI packet with type 0x%02x received", bt_cb(info->rx_skb)->pkt_type);
286 info->hdev->stat.err_rx++; 286 info->hdev->stat.err_rx++;
287 clear_bit(HCI_RUNNING, &(info->hdev->flags)); 287 clear_bit(HCI_RUNNING, &(info->hdev->flags));
288 288
@@ -439,7 +439,7 @@ static int bt3c_hci_send_frame(struct sk_buff *skb)
439 439
440 info = (bt3c_info_t *) (hdev->driver_data); 440 info = (bt3c_info_t *) (hdev->driver_data);
441 441
442 switch (skb->pkt_type) { 442 switch (bt_cb(skb)->pkt_type) {
443 case HCI_COMMAND_PKT: 443 case HCI_COMMAND_PKT:
444 hdev->stat.cmd_tx++; 444 hdev->stat.cmd_tx++;
445 break; 445 break;
@@ -452,7 +452,7 @@ static int bt3c_hci_send_frame(struct sk_buff *skb)
452 }; 452 };
453 453
454 /* Prepend skb with frame type */ 454 /* Prepend skb with frame type */
455 memcpy(skb_push(skb, 1), &(skb->pkt_type), 1); 455 memcpy(skb_push(skb, 1), &bt_cb(skb)->pkt_type, 1);
456 skb_queue_tail(&(info->txq), skb); 456 skb_queue_tail(&(info->txq), skb);
457 457
458 spin_lock_irqsave(&(info->lock), flags); 458 spin_lock_irqsave(&(info->lock), flags);
diff --git a/drivers/bluetooth/btuart_cs.c b/drivers/bluetooth/btuart_cs.c
index e4c59fdc0e12..89486ea7a021 100644
--- a/drivers/bluetooth/btuart_cs.c
+++ b/drivers/bluetooth/btuart_cs.c
@@ -211,9 +211,9 @@ static void btuart_receive(btuart_info_t *info)
211 if (info->rx_state == RECV_WAIT_PACKET_TYPE) { 211 if (info->rx_state == RECV_WAIT_PACKET_TYPE) {
212 212
213 info->rx_skb->dev = (void *) info->hdev; 213 info->rx_skb->dev = (void *) info->hdev;
214 info->rx_skb->pkt_type = inb(iobase + UART_RX); 214 bt_cb(info->rx_skb)->pkt_type = inb(iobase + UART_RX);
215 215
216 switch (info->rx_skb->pkt_type) { 216 switch (bt_cb(info->rx_skb)->pkt_type) {
217 217
218 case HCI_EVENT_PKT: 218 case HCI_EVENT_PKT:
219 info->rx_state = RECV_WAIT_EVENT_HEADER; 219 info->rx_state = RECV_WAIT_EVENT_HEADER;
@@ -232,7 +232,7 @@ static void btuart_receive(btuart_info_t *info)
232 232
233 default: 233 default:
234 /* Unknown packet */ 234 /* Unknown packet */
235 BT_ERR("Unknown HCI packet with type 0x%02x received", info->rx_skb->pkt_type); 235 BT_ERR("Unknown HCI packet with type 0x%02x received", bt_cb(info->rx_skb)->pkt_type);
236 info->hdev->stat.err_rx++; 236 info->hdev->stat.err_rx++;
237 clear_bit(HCI_RUNNING, &(info->hdev->flags)); 237 clear_bit(HCI_RUNNING, &(info->hdev->flags));
238 238
@@ -447,7 +447,7 @@ static int btuart_hci_send_frame(struct sk_buff *skb)
447 447
448 info = (btuart_info_t *)(hdev->driver_data); 448 info = (btuart_info_t *)(hdev->driver_data);
449 449
450 switch (skb->pkt_type) { 450 switch (bt_cb(skb)->pkt_type) {
451 case HCI_COMMAND_PKT: 451 case HCI_COMMAND_PKT:
452 hdev->stat.cmd_tx++; 452 hdev->stat.cmd_tx++;
453 break; 453 break;
@@ -460,7 +460,7 @@ static int btuart_hci_send_frame(struct sk_buff *skb)
460 }; 460 };
461 461
462 /* Prepend skb with frame type */ 462 /* Prepend skb with frame type */
463 memcpy(skb_push(skb, 1), &(skb->pkt_type), 1); 463 memcpy(skb_push(skb, 1), &bt_cb(skb)->pkt_type, 1);
464 skb_queue_tail(&(info->txq), skb); 464 skb_queue_tail(&(info->txq), skb);
465 465
466 btuart_write_wakeup(info); 466 btuart_write_wakeup(info);
diff --git a/drivers/bluetooth/dtl1_cs.c b/drivers/bluetooth/dtl1_cs.c
index e39868c3da48..84c1f8839422 100644
--- a/drivers/bluetooth/dtl1_cs.c
+++ b/drivers/bluetooth/dtl1_cs.c
@@ -251,7 +251,7 @@ static void dtl1_receive(dtl1_info_t *info)
251 info->rx_count = nsh->len + (nsh->len & 0x0001); 251 info->rx_count = nsh->len + (nsh->len & 0x0001);
252 break; 252 break;
253 case RECV_WAIT_DATA: 253 case RECV_WAIT_DATA:
254 info->rx_skb->pkt_type = nsh->type; 254 bt_cb(info->rx_skb)->pkt_type = nsh->type;
255 255
256 /* remove PAD byte if it exists */ 256 /* remove PAD byte if it exists */
257 if (nsh->len & 0x0001) { 257 if (nsh->len & 0x0001) {
@@ -262,7 +262,7 @@ static void dtl1_receive(dtl1_info_t *info)
262 /* remove NSH */ 262 /* remove NSH */
263 skb_pull(info->rx_skb, NSHL); 263 skb_pull(info->rx_skb, NSHL);
264 264
265 switch (info->rx_skb->pkt_type) { 265 switch (bt_cb(info->rx_skb)->pkt_type) {
266 case 0x80: 266 case 0x80:
267 /* control data for the Nokia Card */ 267 /* control data for the Nokia Card */
268 dtl1_control(info, info->rx_skb); 268 dtl1_control(info, info->rx_skb);
@@ -272,12 +272,12 @@ static void dtl1_receive(dtl1_info_t *info)
272 case 0x84: 272 case 0x84:
273 /* send frame to the HCI layer */ 273 /* send frame to the HCI layer */
274 info->rx_skb->dev = (void *) info->hdev; 274 info->rx_skb->dev = (void *) info->hdev;
275 info->rx_skb->pkt_type &= 0x0f; 275 bt_cb(info->rx_skb)->pkt_type &= 0x0f;
276 hci_recv_frame(info->rx_skb); 276 hci_recv_frame(info->rx_skb);
277 break; 277 break;
278 default: 278 default:
279 /* unknown packet */ 279 /* unknown packet */
280 BT_ERR("Unknown HCI packet with type 0x%02x received", info->rx_skb->pkt_type); 280 BT_ERR("Unknown HCI packet with type 0x%02x received", bt_cb(info->rx_skb)->pkt_type);
281 kfree_skb(info->rx_skb); 281 kfree_skb(info->rx_skb);
282 break; 282 break;
283 } 283 }
@@ -410,7 +410,7 @@ static int dtl1_hci_send_frame(struct sk_buff *skb)
410 410
411 info = (dtl1_info_t *)(hdev->driver_data); 411 info = (dtl1_info_t *)(hdev->driver_data);
412 412
413 switch (skb->pkt_type) { 413 switch (bt_cb(skb)->pkt_type) {
414 case HCI_COMMAND_PKT: 414 case HCI_COMMAND_PKT:
415 hdev->stat.cmd_tx++; 415 hdev->stat.cmd_tx++;
416 nsh.type = 0x81; 416 nsh.type = 0x81;
diff --git a/drivers/bluetooth/hci_bcsp.c b/drivers/bluetooth/hci_bcsp.c
index 858fddb046de..0ee324e1265d 100644
--- a/drivers/bluetooth/hci_bcsp.c
+++ b/drivers/bluetooth/hci_bcsp.c
@@ -149,7 +149,7 @@ static int bcsp_enqueue(struct hci_uart *hu, struct sk_buff *skb)
149 return 0; 149 return 0;
150 } 150 }
151 151
152 switch (skb->pkt_type) { 152 switch (bt_cb(skb)->pkt_type) {
153 case HCI_ACLDATA_PKT: 153 case HCI_ACLDATA_PKT:
154 case HCI_COMMAND_PKT: 154 case HCI_COMMAND_PKT:
155 skb_queue_tail(&bcsp->rel, skb); 155 skb_queue_tail(&bcsp->rel, skb);
@@ -227,7 +227,7 @@ static struct sk_buff *bcsp_prepare_pkt(struct bcsp_struct *bcsp, u8 *data,
227 if (!nskb) 227 if (!nskb)
228 return NULL; 228 return NULL;
229 229
230 nskb->pkt_type = pkt_type; 230 bt_cb(nskb)->pkt_type = pkt_type;
231 231
232 bcsp_slip_msgdelim(nskb); 232 bcsp_slip_msgdelim(nskb);
233 233
@@ -286,7 +286,7 @@ static struct sk_buff *bcsp_dequeue(struct hci_uart *hu)
286 since they have priority */ 286 since they have priority */
287 287
288 if ((skb = skb_dequeue(&bcsp->unrel)) != NULL) { 288 if ((skb = skb_dequeue(&bcsp->unrel)) != NULL) {
289 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, skb->pkt_type); 289 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, bt_cb(skb)->pkt_type);
290 if (nskb) { 290 if (nskb) {
291 kfree_skb(skb); 291 kfree_skb(skb);
292 return nskb; 292 return nskb;
@@ -303,7 +303,7 @@ static struct sk_buff *bcsp_dequeue(struct hci_uart *hu)
303 spin_lock_irqsave(&bcsp->unack.lock, flags); 303 spin_lock_irqsave(&bcsp->unack.lock, flags);
304 304
305 if (bcsp->unack.qlen < BCSP_TXWINSIZE && (skb = skb_dequeue(&bcsp->rel)) != NULL) { 305 if (bcsp->unack.qlen < BCSP_TXWINSIZE && (skb = skb_dequeue(&bcsp->rel)) != NULL) {
306 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, skb->pkt_type); 306 struct sk_buff *nskb = bcsp_prepare_pkt(bcsp, skb->data, skb->len, bt_cb(skb)->pkt_type);
307 if (nskb) { 307 if (nskb) {
308 __skb_queue_tail(&bcsp->unack, skb); 308 __skb_queue_tail(&bcsp->unack, skb);
309 mod_timer(&bcsp->tbcsp, jiffies + HZ / 4); 309 mod_timer(&bcsp->tbcsp, jiffies + HZ / 4);
@@ -401,7 +401,7 @@ static void bcsp_handle_le_pkt(struct hci_uart *hu)
401 if (!nskb) 401 if (!nskb)
402 return; 402 return;
403 memcpy(skb_put(nskb, 4), conf_rsp_pkt, 4); 403 memcpy(skb_put(nskb, 4), conf_rsp_pkt, 4);
404 nskb->pkt_type = BCSP_LE_PKT; 404 bt_cb(nskb)->pkt_type = BCSP_LE_PKT;
405 405
406 skb_queue_head(&bcsp->unrel, nskb); 406 skb_queue_head(&bcsp->unrel, nskb);
407 hci_uart_tx_wakeup(hu); 407 hci_uart_tx_wakeup(hu);
@@ -483,14 +483,14 @@ static inline void bcsp_complete_rx_pkt(struct hci_uart *hu)
483 bcsp_pkt_cull(bcsp); 483 bcsp_pkt_cull(bcsp);
484 if ((bcsp->rx_skb->data[1] & 0x0f) == 6 && 484 if ((bcsp->rx_skb->data[1] & 0x0f) == 6 &&
485 bcsp->rx_skb->data[0] & 0x80) { 485 bcsp->rx_skb->data[0] & 0x80) {
486 bcsp->rx_skb->pkt_type = HCI_ACLDATA_PKT; 486 bt_cb(bcsp->rx_skb)->pkt_type = HCI_ACLDATA_PKT;
487 pass_up = 1; 487 pass_up = 1;
488 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 && 488 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 5 &&
489 bcsp->rx_skb->data[0] & 0x80) { 489 bcsp->rx_skb->data[0] & 0x80) {
490 bcsp->rx_skb->pkt_type = HCI_EVENT_PKT; 490 bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT;
491 pass_up = 1; 491 pass_up = 1;
492 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) { 492 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 7) {
493 bcsp->rx_skb->pkt_type = HCI_SCODATA_PKT; 493 bt_cb(bcsp->rx_skb)->pkt_type = HCI_SCODATA_PKT;
494 pass_up = 1; 494 pass_up = 1;
495 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 && 495 } else if ((bcsp->rx_skb->data[1] & 0x0f) == 1 &&
496 !(bcsp->rx_skb->data[0] & 0x80)) { 496 !(bcsp->rx_skb->data[0] & 0x80)) {
@@ -512,7 +512,7 @@ static inline void bcsp_complete_rx_pkt(struct hci_uart *hu)
512 hdr.evt = 0xff; 512 hdr.evt = 0xff;
513 hdr.plen = bcsp->rx_skb->len; 513 hdr.plen = bcsp->rx_skb->len;
514 memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE); 514 memcpy(skb_push(bcsp->rx_skb, HCI_EVENT_HDR_SIZE), &hdr, HCI_EVENT_HDR_SIZE);
515 bcsp->rx_skb->pkt_type = HCI_EVENT_PKT; 515 bt_cb(bcsp->rx_skb)->pkt_type = HCI_EVENT_PKT;
516 516
517 hci_recv_frame(bcsp->rx_skb); 517 hci_recv_frame(bcsp->rx_skb);
518 } else { 518 } else {
diff --git a/drivers/bluetooth/hci_h4.c b/drivers/bluetooth/hci_h4.c
index 533323b60e63..cf8a22d58d96 100644
--- a/drivers/bluetooth/hci_h4.c
+++ b/drivers/bluetooth/hci_h4.c
@@ -112,7 +112,7 @@ static int h4_enqueue(struct hci_uart *hu, struct sk_buff *skb)
112 BT_DBG("hu %p skb %p", hu, skb); 112 BT_DBG("hu %p skb %p", hu, skb);
113 113
114 /* Prepend skb with frame type */ 114 /* Prepend skb with frame type */
115 memcpy(skb_push(skb, 1), &skb->pkt_type, 1); 115 memcpy(skb_push(skb, 1), &bt_cb(skb)->pkt_type, 1);
116 skb_queue_tail(&h4->txq, skb); 116 skb_queue_tail(&h4->txq, skb);
117 return 0; 117 return 0;
118} 118}
@@ -239,7 +239,7 @@ static int h4_recv(struct hci_uart *hu, void *data, int count)
239 return 0; 239 return 0;
240 } 240 }
241 h4->rx_skb->dev = (void *) hu->hdev; 241 h4->rx_skb->dev = (void *) hu->hdev;
242 h4->rx_skb->pkt_type = type; 242 bt_cb(h4->rx_skb)->pkt_type = type;
243 } 243 }
244 return count; 244 return count;
245} 245}
diff --git a/drivers/bluetooth/hci_ldisc.c b/drivers/bluetooth/hci_ldisc.c
index 90be2eae52e0..aed80cc22890 100644
--- a/drivers/bluetooth/hci_ldisc.c
+++ b/drivers/bluetooth/hci_ldisc.c
@@ -153,7 +153,7 @@ restart:
153 break; 153 break;
154 } 154 }
155 155
156 hci_uart_tx_complete(hu, skb->pkt_type); 156 hci_uart_tx_complete(hu, bt_cb(skb)->pkt_type);
157 kfree_skb(skb); 157 kfree_skb(skb);
158 } 158 }
159 159
@@ -229,7 +229,7 @@ static int hci_uart_send_frame(struct sk_buff *skb)
229 hu = (struct hci_uart *) hdev->driver_data; 229 hu = (struct hci_uart *) hdev->driver_data;
230 tty = hu->tty; 230 tty = hu->tty;
231 231
232 BT_DBG("%s: type %d len %d", hdev->name, skb->pkt_type, skb->len); 232 BT_DBG("%s: type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
233 233
234 hu->proto->enqueue(hu, skb); 234 hu->proto->enqueue(hu, skb);
235 235
diff --git a/drivers/bluetooth/hci_usb.c b/drivers/bluetooth/hci_usb.c
index 65740346de36..67d96b5cbb96 100644
--- a/drivers/bluetooth/hci_usb.c
+++ b/drivers/bluetooth/hci_usb.c
@@ -443,7 +443,7 @@ static int __tx_submit(struct hci_usb *husb, struct _urb *_urb)
443 443
444static inline int hci_usb_send_ctrl(struct hci_usb *husb, struct sk_buff *skb) 444static inline int hci_usb_send_ctrl(struct hci_usb *husb, struct sk_buff *skb)
445{ 445{
446 struct _urb *_urb = __get_completed(husb, skb->pkt_type); 446 struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type);
447 struct usb_ctrlrequest *dr; 447 struct usb_ctrlrequest *dr;
448 struct urb *urb; 448 struct urb *urb;
449 449
@@ -451,7 +451,7 @@ static inline int hci_usb_send_ctrl(struct hci_usb *husb, struct sk_buff *skb)
451 _urb = _urb_alloc(0, GFP_ATOMIC); 451 _urb = _urb_alloc(0, GFP_ATOMIC);
452 if (!_urb) 452 if (!_urb)
453 return -ENOMEM; 453 return -ENOMEM;
454 _urb->type = skb->pkt_type; 454 _urb->type = bt_cb(skb)->pkt_type;
455 455
456 dr = kmalloc(sizeof(*dr), GFP_ATOMIC); 456 dr = kmalloc(sizeof(*dr), GFP_ATOMIC);
457 if (!dr) { 457 if (!dr) {
@@ -479,7 +479,7 @@ static inline int hci_usb_send_ctrl(struct hci_usb *husb, struct sk_buff *skb)
479 479
480static inline int hci_usb_send_bulk(struct hci_usb *husb, struct sk_buff *skb) 480static inline int hci_usb_send_bulk(struct hci_usb *husb, struct sk_buff *skb)
481{ 481{
482 struct _urb *_urb = __get_completed(husb, skb->pkt_type); 482 struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type);
483 struct urb *urb; 483 struct urb *urb;
484 int pipe; 484 int pipe;
485 485
@@ -487,7 +487,7 @@ static inline int hci_usb_send_bulk(struct hci_usb *husb, struct sk_buff *skb)
487 _urb = _urb_alloc(0, GFP_ATOMIC); 487 _urb = _urb_alloc(0, GFP_ATOMIC);
488 if (!_urb) 488 if (!_urb)
489 return -ENOMEM; 489 return -ENOMEM;
490 _urb->type = skb->pkt_type; 490 _urb->type = bt_cb(skb)->pkt_type;
491 } 491 }
492 492
493 urb = &_urb->urb; 493 urb = &_urb->urb;
@@ -505,14 +505,14 @@ static inline int hci_usb_send_bulk(struct hci_usb *husb, struct sk_buff *skb)
505#ifdef CONFIG_BT_HCIUSB_SCO 505#ifdef CONFIG_BT_HCIUSB_SCO
506static inline int hci_usb_send_isoc(struct hci_usb *husb, struct sk_buff *skb) 506static inline int hci_usb_send_isoc(struct hci_usb *husb, struct sk_buff *skb)
507{ 507{
508 struct _urb *_urb = __get_completed(husb, skb->pkt_type); 508 struct _urb *_urb = __get_completed(husb, bt_cb(skb)->pkt_type);
509 struct urb *urb; 509 struct urb *urb;
510 510
511 if (!_urb) { 511 if (!_urb) {
512 _urb = _urb_alloc(HCI_MAX_ISOC_FRAMES, GFP_ATOMIC); 512 _urb = _urb_alloc(HCI_MAX_ISOC_FRAMES, GFP_ATOMIC);
513 if (!_urb) 513 if (!_urb)
514 return -ENOMEM; 514 return -ENOMEM;
515 _urb->type = skb->pkt_type; 515 _urb->type = bt_cb(skb)->pkt_type;
516 } 516 }
517 517
518 BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len); 518 BT_DBG("%s skb %p len %d", husb->hdev->name, skb, skb->len);
@@ -601,11 +601,11 @@ static int hci_usb_send_frame(struct sk_buff *skb)
601 if (!test_bit(HCI_RUNNING, &hdev->flags)) 601 if (!test_bit(HCI_RUNNING, &hdev->flags))
602 return -EBUSY; 602 return -EBUSY;
603 603
604 BT_DBG("%s type %d len %d", hdev->name, skb->pkt_type, skb->len); 604 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
605 605
606 husb = (struct hci_usb *) hdev->driver_data; 606 husb = (struct hci_usb *) hdev->driver_data;
607 607
608 switch (skb->pkt_type) { 608 switch (bt_cb(skb)->pkt_type) {
609 case HCI_COMMAND_PKT: 609 case HCI_COMMAND_PKT:
610 hdev->stat.cmd_tx++; 610 hdev->stat.cmd_tx++;
611 break; 611 break;
@@ -627,7 +627,7 @@ static int hci_usb_send_frame(struct sk_buff *skb)
627 627
628 read_lock(&husb->completion_lock); 628 read_lock(&husb->completion_lock);
629 629
630 skb_queue_tail(__transmit_q(husb, skb->pkt_type), skb); 630 skb_queue_tail(__transmit_q(husb, bt_cb(skb)->pkt_type), skb);
631 hci_usb_tx_wakeup(husb); 631 hci_usb_tx_wakeup(husb);
632 632
633 read_unlock(&husb->completion_lock); 633 read_unlock(&husb->completion_lock);
@@ -682,7 +682,7 @@ static inline int __recv_frame(struct hci_usb *husb, int type, void *data, int c
682 return -ENOMEM; 682 return -ENOMEM;
683 } 683 }
684 skb->dev = (void *) husb->hdev; 684 skb->dev = (void *) husb->hdev;
685 skb->pkt_type = type; 685 bt_cb(skb)->pkt_type = type;
686 686
687 __reassembly(husb, type) = skb; 687 __reassembly(husb, type) = skb;
688 688
@@ -702,6 +702,7 @@ static inline int __recv_frame(struct hci_usb *husb, int type, void *data, int c
702 if (!scb->expect) { 702 if (!scb->expect) {
703 /* Complete frame */ 703 /* Complete frame */
704 __reassembly(husb, type) = NULL; 704 __reassembly(husb, type) = NULL;
705 bt_cb(skb)->pkt_type = type;
705 hci_recv_frame(skb); 706 hci_recv_frame(skb);
706 } 707 }
707 708
diff --git a/drivers/bluetooth/hci_vhci.c b/drivers/bluetooth/hci_vhci.c
index 4aa5dfff12be..52cbd45c308f 100644
--- a/drivers/bluetooth/hci_vhci.c
+++ b/drivers/bluetooth/hci_vhci.c
@@ -107,7 +107,7 @@ static int vhci_send_frame(struct sk_buff *skb)
107 107
108 vhci = hdev->driver_data; 108 vhci = hdev->driver_data;
109 109
110 memcpy(skb_push(skb, 1), &skb->pkt_type, 1); 110 memcpy(skb_push(skb, 1), &bt_cb(skb)->pkt_type, 1);
111 skb_queue_tail(&vhci->readq, skb); 111 skb_queue_tail(&vhci->readq, skb);
112 112
113 if (vhci->flags & VHCI_FASYNC) 113 if (vhci->flags & VHCI_FASYNC)
@@ -141,7 +141,7 @@ static inline ssize_t vhci_get_user(struct vhci_data *vhci,
141 } 141 }
142 142
143 skb->dev = (void *) vhci->hdev; 143 skb->dev = (void *) vhci->hdev;
144 skb->pkt_type = *((__u8 *) skb->data); 144 bt_cb(skb)->pkt_type = *((__u8 *) skb->data);
145 skb_pull(skb, 1); 145 skb_pull(skb, 1);
146 146
147 hci_recv_frame(skb); 147 hci_recv_frame(skb);
@@ -164,18 +164,18 @@ static inline ssize_t vhci_put_user(struct vhci_data *vhci,
164 164
165 vhci->hdev->stat.byte_tx += len; 165 vhci->hdev->stat.byte_tx += len;
166 166
167 switch (skb->pkt_type) { 167 switch (bt_cb(skb)->pkt_type) {
168 case HCI_COMMAND_PKT: 168 case HCI_COMMAND_PKT:
169 vhci->hdev->stat.cmd_tx++; 169 vhci->hdev->stat.cmd_tx++;
170 break; 170 break;
171 171
172 case HCI_ACLDATA_PKT: 172 case HCI_ACLDATA_PKT:
173 vhci->hdev->stat.acl_tx++; 173 vhci->hdev->stat.acl_tx++;
174 break; 174 break;
175 175
176 case HCI_SCODATA_PKT: 176 case HCI_SCODATA_PKT:
177 vhci->hdev->stat.cmd_tx++; 177 vhci->hdev->stat.cmd_tx++;
178 break; 178 break;
179 }; 179 };
180 180
181 return total; 181 return total;
diff --git a/include/net/bluetooth/bluetooth.h b/include/net/bluetooth/bluetooth.h
index 5309b6fa6690..6dfa4a61ffd0 100644
--- a/include/net/bluetooth/bluetooth.h
+++ b/include/net/bluetooth/bluetooth.h
@@ -131,7 +131,8 @@ struct sock *bt_accept_dequeue(struct sock *parent, struct socket *newsock);
131 131
132/* Skb helpers */ 132/* Skb helpers */
133struct bt_skb_cb { 133struct bt_skb_cb {
134 int incoming; 134 __u8 pkt_type;
135 __u8 incoming;
135}; 136};
136#define bt_cb(skb) ((struct bt_skb_cb *)(skb->cb)) 137#define bt_cb(skb) ((struct bt_skb_cb *)(skb->cb))
137 138
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index ffa26c10bfe8..4f9e11b533a3 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -191,7 +191,7 @@ static void hci_init_req(struct hci_dev *hdev, unsigned long opt)
191 191
192 /* Special commands */ 192 /* Special commands */
193 while ((skb = skb_dequeue(&hdev->driver_init))) { 193 while ((skb = skb_dequeue(&hdev->driver_init))) {
194 skb->pkt_type = HCI_COMMAND_PKT; 194 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
195 skb->dev = (void *) hdev; 195 skb->dev = (void *) hdev;
196 skb_queue_tail(&hdev->cmd_q, skb); 196 skb_queue_tail(&hdev->cmd_q, skb);
197 hci_sched_cmd(hdev); 197 hci_sched_cmd(hdev);
@@ -995,7 +995,7 @@ static int hci_send_frame(struct sk_buff *skb)
995 return -ENODEV; 995 return -ENODEV;
996 } 996 }
997 997
998 BT_DBG("%s type %d len %d", hdev->name, skb->pkt_type, skb->len); 998 BT_DBG("%s type %d len %d", hdev->name, bt_cb(skb)->pkt_type, skb->len);
999 999
1000 if (atomic_read(&hdev->promisc)) { 1000 if (atomic_read(&hdev->promisc)) {
1001 /* Time stamp */ 1001 /* Time stamp */
@@ -1034,7 +1034,7 @@ int hci_send_cmd(struct hci_dev *hdev, __u16 ogf, __u16 ocf, __u32 plen, void *p
1034 1034
1035 BT_DBG("skb len %d", skb->len); 1035 BT_DBG("skb len %d", skb->len);
1036 1036
1037 skb->pkt_type = HCI_COMMAND_PKT; 1037 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
1038 skb->dev = (void *) hdev; 1038 skb->dev = (void *) hdev;
1039 skb_queue_tail(&hdev->cmd_q, skb); 1039 skb_queue_tail(&hdev->cmd_q, skb);
1040 hci_sched_cmd(hdev); 1040 hci_sched_cmd(hdev);
@@ -1081,7 +1081,7 @@ int hci_send_acl(struct hci_conn *conn, struct sk_buff *skb, __u16 flags)
1081 BT_DBG("%s conn %p flags 0x%x", hdev->name, conn, flags); 1081 BT_DBG("%s conn %p flags 0x%x", hdev->name, conn, flags);
1082 1082
1083 skb->dev = (void *) hdev; 1083 skb->dev = (void *) hdev;
1084 skb->pkt_type = HCI_ACLDATA_PKT; 1084 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
1085 hci_add_acl_hdr(skb, conn->handle, flags | ACL_START); 1085 hci_add_acl_hdr(skb, conn->handle, flags | ACL_START);
1086 1086
1087 if (!(list = skb_shinfo(skb)->frag_list)) { 1087 if (!(list = skb_shinfo(skb)->frag_list)) {
@@ -1103,7 +1103,7 @@ int hci_send_acl(struct hci_conn *conn, struct sk_buff *skb, __u16 flags)
1103 skb = list; list = list->next; 1103 skb = list; list = list->next;
1104 1104
1105 skb->dev = (void *) hdev; 1105 skb->dev = (void *) hdev;
1106 skb->pkt_type = HCI_ACLDATA_PKT; 1106 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
1107 hci_add_acl_hdr(skb, conn->handle, flags | ACL_CONT); 1107 hci_add_acl_hdr(skb, conn->handle, flags | ACL_CONT);
1108 1108
1109 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len); 1109 BT_DBG("%s frag %p len %d", hdev->name, skb, skb->len);
@@ -1139,7 +1139,7 @@ int hci_send_sco(struct hci_conn *conn, struct sk_buff *skb)
1139 memcpy(skb->h.raw, &hdr, HCI_SCO_HDR_SIZE); 1139 memcpy(skb->h.raw, &hdr, HCI_SCO_HDR_SIZE);
1140 1140
1141 skb->dev = (void *) hdev; 1141 skb->dev = (void *) hdev;
1142 skb->pkt_type = HCI_SCODATA_PKT; 1142 bt_cb(skb)->pkt_type = HCI_SCODATA_PKT;
1143 skb_queue_tail(&conn->data_q, skb); 1143 skb_queue_tail(&conn->data_q, skb);
1144 hci_sched_tx(hdev); 1144 hci_sched_tx(hdev);
1145 return 0; 1145 return 0;
@@ -1369,7 +1369,7 @@ void hci_rx_task(unsigned long arg)
1369 1369
1370 if (test_bit(HCI_INIT, &hdev->flags)) { 1370 if (test_bit(HCI_INIT, &hdev->flags)) {
1371 /* Don't process data packets in this states. */ 1371 /* Don't process data packets in this states. */
1372 switch (skb->pkt_type) { 1372 switch (bt_cb(skb)->pkt_type) {
1373 case HCI_ACLDATA_PKT: 1373 case HCI_ACLDATA_PKT:
1374 case HCI_SCODATA_PKT: 1374 case HCI_SCODATA_PKT:
1375 kfree_skb(skb); 1375 kfree_skb(skb);
@@ -1378,7 +1378,7 @@ void hci_rx_task(unsigned long arg)
1378 } 1378 }
1379 1379
1380 /* Process frame */ 1380 /* Process frame */
1381 switch (skb->pkt_type) { 1381 switch (bt_cb(skb)->pkt_type) {
1382 case HCI_EVENT_PKT: 1382 case HCI_EVENT_PKT:
1383 hci_event_packet(hdev, skb); 1383 hci_event_packet(hdev, skb);
1384 break; 1384 break;
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index a004284c4d98..40b219560bb1 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -1089,7 +1089,7 @@ void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
1089 bt_cb(skb)->incoming = 1; 1089 bt_cb(skb)->incoming = 1;
1090 do_gettimeofday(&skb->stamp); 1090 do_gettimeofday(&skb->stamp);
1091 1091
1092 skb->pkt_type = HCI_EVENT_PKT; 1092 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1093 skb->dev = (void *) hdev; 1093 skb->dev = (void *) hdev;
1094 hci_send_to_sock(hdev, skb); 1094 hci_send_to_sock(hdev, skb);
1095 kfree_skb(skb); 1095 kfree_skb(skb);
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index ebdcce5e7ca0..eed9090d77f1 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -110,11 +110,11 @@ void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
110 /* Apply filter */ 110 /* Apply filter */
111 flt = &hci_pi(sk)->filter; 111 flt = &hci_pi(sk)->filter;
112 112
113 if (!test_bit((skb->pkt_type == HCI_VENDOR_PKT) ? 113 if (!test_bit((bt_cb(skb)->pkt_type == HCI_VENDOR_PKT) ?
114 0 : (skb->pkt_type & HCI_FLT_TYPE_BITS), &flt->type_mask)) 114 0 : (bt_cb(skb)->pkt_type & HCI_FLT_TYPE_BITS), &flt->type_mask))
115 continue; 115 continue;
116 116
117 if (skb->pkt_type == HCI_EVENT_PKT) { 117 if (bt_cb(skb)->pkt_type == HCI_EVENT_PKT) {
118 register int evt = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS); 118 register int evt = (*(__u8 *)skb->data & HCI_FLT_EVENT_BITS);
119 119
120 if (!hci_test_bit(evt, &flt->event_mask)) 120 if (!hci_test_bit(evt, &flt->event_mask))
@@ -131,7 +131,7 @@ void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
131 continue; 131 continue;
132 132
133 /* Put type byte before the data */ 133 /* Put type byte before the data */
134 memcpy(skb_push(nskb, 1), &nskb->pkt_type, 1); 134 memcpy(skb_push(nskb, 1), &bt_cb(nskb)->pkt_type, 1);
135 135
136 if (sock_queue_rcv_skb(sk, nskb)) 136 if (sock_queue_rcv_skb(sk, nskb))
137 kfree_skb(nskb); 137 kfree_skb(nskb);
@@ -327,8 +327,10 @@ static inline void hci_sock_cmsg(struct sock *sk, struct msghdr *msg, struct sk_
327{ 327{
328 __u32 mask = hci_pi(sk)->cmsg_mask; 328 __u32 mask = hci_pi(sk)->cmsg_mask;
329 329
330 if (mask & HCI_CMSG_DIR) 330 if (mask & HCI_CMSG_DIR) {
331 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(int), &bt_cb(skb)->incoming); 331 int incoming = bt_cb(skb)->incoming;
332 put_cmsg(msg, SOL_HCI, HCI_CMSG_DIR, sizeof(incoming), &incoming);
333 }
332 334
333 if (mask & HCI_CMSG_TSTAMP) 335 if (mask & HCI_CMSG_TSTAMP)
334 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, sizeof(skb->stamp), &skb->stamp); 336 put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, sizeof(skb->stamp), &skb->stamp);
@@ -405,11 +407,11 @@ static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
405 goto drop; 407 goto drop;
406 } 408 }
407 409
408 skb->pkt_type = *((unsigned char *) skb->data); 410 bt_cb(skb)->pkt_type = *((unsigned char *) skb->data);
409 skb_pull(skb, 1); 411 skb_pull(skb, 1);
410 skb->dev = (void *) hdev; 412 skb->dev = (void *) hdev;
411 413
412 if (skb->pkt_type == HCI_COMMAND_PKT) { 414 if (bt_cb(skb)->pkt_type == HCI_COMMAND_PKT) {
413 u16 opcode = __le16_to_cpu(get_unaligned((u16 *)skb->data)); 415 u16 opcode = __le16_to_cpu(get_unaligned((u16 *)skb->data));
414 u16 ogf = hci_opcode_ogf(opcode); 416 u16 ogf = hci_opcode_ogf(opcode);
415 u16 ocf = hci_opcode_ocf(opcode); 417 u16 ocf = hci_opcode_ocf(opcode);