projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
mptcp: dispose initial struct socket when its subflow is closed
[linux-block.git] / net / mptcp / protocol.c
CommitLineData
f870fa0b
MM		 1// SPDX-License-Identifier: GPL-2.0
2/* Multipath TCP
3 *
4 * Copyright (c) 2017 - 2019, Intel Corporation.
5 */
6
7#define pr_fmt(fmt) "MPTCP: " fmt
8
9#include <linux/kernel.h>
10#include <linux/module.h>
11#include <linux/netdevice.h>
7a6a6cbc
PA		 12#include <linux/sched/signal.h>
13#include <linux/atomic.h>
ad98dd37 14#include <linux/igmp.h>
f870fa0b
MM		 15#include <net/sock.h>
16#include <net/inet_common.h>
17#include <net/inet_hashtables.h>
18#include <net/protocol.h>
19#include <net/tcp.h>
3721b9b6 20#include <net/tcp_states.h>
cf7da0d6
PK		 21#if IS_ENABLED(CONFIG_MPTCP_IPV6)
22#include <net/transp_v6.h>
ad98dd37 23#include <net/addrconf.h>
cf7da0d6 24#endif
f870fa0b 25#include <net/mptcp.h>
e16163b6 26#include <net/xfrm.h>
f870fa0b 27#include "protocol.h"
fc518953 28#include "mib.h"
f870fa0b 29
b0519de8
FW		 30#if IS_ENABLED(CONFIG_MPTCP_IPV6)
31struct mptcp6_sock {
32 struct mptcp_sock msk;
33 struct ipv6_pinfo np;
34};
35#endif
36
6771bfd9 37struct mptcp_skb_cb {
ab174ad8
PA		 38 u64 map_seq;
39 u64 end_seq;
6771bfd9
FW		 40 u32 offset;
41};
42
43#define MPTCP_SKB_CB(__skb) ((struct mptcp_skb_cb *)&((__skb)->cb[0]))
44
d027236c
PA		 45static struct percpu_counter mptcp_sockets_allocated;
46
e16163b6 47static void __mptcp_destroy_sock(struct sock *sk);
d9ca1de8 48static void __mptcp_check_send_data_fin(struct sock *sk);
e16163b6 49
b19bc294
PA		 50DEFINE_PER_CPU(struct mptcp_delegated_action, mptcp_delegated_actions);
51static struct net_device mptcp_napi_dev;
52
2303f994
PK		 53/* If msk has an initial subflow socket, and the MP_CAPABLE handshake has not
54 * completed yet or has failed, return the subflow socket.
55 * Otherwise return NULL.
56 */
1729cf18 57struct socket *__mptcp_nmpc_socket(const struct mptcp_sock *msk)
2303f994 58{
d22f4988 59 if (!msk->subflow || READ_ONCE(msk->can_ack))
2303f994
PK		 60 return NULL;
61
62 return msk->subflow;
63}
64
6f8a612a
FW		 65/* Returns end sequence number of the receiver's advertised window */
66static u64 mptcp_wnd_end(const struct mptcp_sock *msk)
67{
7439d687 68 return READ_ONCE(msk->wnd_end);
6f8a612a
FW		 69}
70
d2f77c53 71static bool mptcp_is_tcpsk(struct sock *sk)
0b4f33de
FW		 72{
73 struct socket *sock = sk->sk_socket;
74
0b4f33de
FW		 75 if (unlikely(sk->sk_prot == &tcp_prot)) {
76 /* we are being invoked after mptcp_accept() has
77 * accepted a non-mp-capable flow: sk is a tcp_sk,
78 * not an mptcp one.
79 *
80 * Hand the socket over to tcp so all further socket ops
81 * bypass mptcp.
82 */
83 sock->ops = &inet_stream_ops;
d2f77c53 84 return true;
0b4f33de
FW		 85#if IS_ENABLED(CONFIG_MPTCP_IPV6)
86 } else if (unlikely(sk->sk_prot == &tcpv6_prot)) {
87 sock->ops = &inet6_stream_ops;
d2f77c53 88 return true;
0b4f33de
FW		 89#endif
90 }
91
d2f77c53 92 return false;
0b4f33de
FW		 93}
94
76660afb 95static struct sock *__mptcp_tcp_fallback(struct mptcp_sock *msk)
cec37a6e 96{
cec37a6e
PK		 97 sock_owned_by_me((const struct sock *)msk);
98
e1ff9e82 99 if (likely(!__mptcp_check_fallback(msk)))
cec37a6e
PK		 100 return NULL;
101
76660afb 102 return msk->first;
cec37a6e
PK		 103}
104
fa68018d 105static int __mptcp_socket_create(struct mptcp_sock *msk)
2303f994
PK		 106{
107 struct mptcp_subflow_context *subflow;
108 struct sock *sk = (struct sock *)msk;
109 struct socket *ssock;
110 int err;
111
2303f994
PK		 112 err = mptcp_subflow_create_socket(sk, &ssock);
113 if (err)
fa68018d 114 return err;
2303f994 115
8ab183de 116 msk->first = ssock->sk;
2303f994
PK		 117 msk->subflow = ssock;
118 subflow = mptcp_subflow_ctx(ssock->sk);
cec37a6e 119 list_add(&subflow->node, &msk->conn_list);
e16163b6 120 sock_hold(ssock->sk);
2303f994 121 subflow->request_mptcp = 1;
866f26f2 122 mptcp_sock_graft(msk->first, sk->sk_socket);
e1ff9e82 123
fa68018d 124 return 0;
2303f994
PK		 125}
126
ab174ad8
PA		 127static void mptcp_drop(struct sock *sk, struct sk_buff *skb)
128{
129 sk_drops_add(sk, skb);
130 __kfree_skb(skb);
131}
132
8268ed4c
PA		 133static bool mptcp_try_coalesce(struct sock *sk, struct sk_buff *to,
134 struct sk_buff *from)
135{
136 bool fragstolen;
137 int delta;
138
139 if (MPTCP_SKB_CB(from)->offset ||
140 !skb_try_coalesce(to, from, &fragstolen, &delta))
141 return false;
142
06242e44
PA		 143 pr_debug("colesced seq %llx into %llx new len %d new end seq %llx",
144 MPTCP_SKB_CB(from)->map_seq, MPTCP_SKB_CB(to)->map_seq,
145 to->len, MPTCP_SKB_CB(from)->end_seq);
ab174ad8 146 MPTCP_SKB_CB(to)->end_seq = MPTCP_SKB_CB(from)->end_seq;
8268ed4c
PA		 147 kfree_skb_partial(from, fragstolen);
148 atomic_add(delta, &sk->sk_rmem_alloc);
149 sk_mem_charge(sk, delta);
150 return true;
151}
152
ab174ad8
PA		 153static bool mptcp_ooo_try_coalesce(struct mptcp_sock *msk, struct sk_buff *to,
154 struct sk_buff *from)
155{
156 if (MPTCP_SKB_CB(from)->map_seq != MPTCP_SKB_CB(to)->end_seq)
157 return false;
158
159 return mptcp_try_coalesce((struct sock *)msk, to, from);
160}
161
162/* "inspired" by tcp_data_queue_ofo(), main differences:
163 * - use mptcp seqs
164 * - don't cope with sacks
165 */
166static void mptcp_data_queue_ofo(struct mptcp_sock *msk, struct sk_buff *skb)
167{
168 struct sock *sk = (struct sock *)msk;
169 struct rb_node **p, *parent;
170 u64 seq, end_seq, max_seq;
171 struct sk_buff *skb1;
172
173 seq = MPTCP_SKB_CB(skb)->map_seq;
174 end_seq = MPTCP_SKB_CB(skb)->end_seq;
fa3fe2b1 175 max_seq = READ_ONCE(msk->rcv_wnd_sent);
ab174ad8 176
06242e44
PA		 177 pr_debug("msk=%p seq=%llx limit=%llx empty=%d", msk, seq, max_seq,
178 RB_EMPTY_ROOT(&msk->out_of_order_queue));
fa3fe2b1 179 if (after64(end_seq, max_seq)) {
ab174ad8
PA		 180 /* out of window */
181 mptcp_drop(sk, skb);
fa3fe2b1
FW		 182 pr_debug("oow by %lld, rcv_wnd_sent %llu\n",
183 (unsigned long long)end_seq - (unsigned long)max_seq,
184 (unsigned long long)msk->rcv_wnd_sent);
06242e44 185 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_NODSSWINDOW);
ab174ad8
PA		 186 return;
187 }
188
189 p = &msk->out_of_order_queue.rb_node;
06242e44 190 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_OFOQUEUE);
ab174ad8
PA		 191 if (RB_EMPTY_ROOT(&msk->out_of_order_queue)) {
192 rb_link_node(&skb->rbnode, NULL, p);
193 rb_insert_color(&skb->rbnode, &msk->out_of_order_queue);
194 msk->ooo_last_skb = skb;
195 goto end;
196 }
197
198 /* with 2 subflows, adding at end of ooo queue is quite likely
199 * Use of ooo_last_skb avoids the O(Log(N)) rbtree lookup.
200 */
06242e44
PA		 201 if (mptcp_ooo_try_coalesce(msk, msk->ooo_last_skb, skb)) {
202 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_OFOMERGE);
203 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_OFOQUEUETAIL);
ab174ad8 204 return;
06242e44 205 }
ab174ad8
PA		 206
207 /* Can avoid an rbtree lookup if we are adding skb after ooo_last_skb */
208 if (!before64(seq, MPTCP_SKB_CB(msk->ooo_last_skb)->end_seq)) {
06242e44 209 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_OFOQUEUETAIL);
ab174ad8
PA		 210 parent = &msk->ooo_last_skb->rbnode;
211 p = &parent->rb_right;
212 goto insert;
213 }
214
215 /* Find place to insert this segment. Handle overlaps on the way. */
216 parent = NULL;
217 while (*p) {
218 parent = *p;
219 skb1 = rb_to_skb(parent);
220 if (before64(seq, MPTCP_SKB_CB(skb1)->map_seq)) {
221 p = &parent->rb_left;
222 continue;
223 }
224 if (before64(seq, MPTCP_SKB_CB(skb1)->end_seq)) {
225 if (!after64(end_seq, MPTCP_SKB_CB(skb1)->end_seq)) {
226 /* All the bits are present. Drop. */
227 mptcp_drop(sk, skb);
06242e44 228 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_DUPDATA);
ab174ad8
PA		 229 return;
230 }
231 if (after64(seq, MPTCP_SKB_CB(skb1)->map_seq)) {
232 /* partial overlap:
233 * | skb |
234 * | skb1 |
235 * continue traversing
236 */
237 } else {
238 /* skb's seq == skb1's seq and skb covers skb1.
239 * Replace skb1 with skb.
240 */
241 rb_replace_node(&skb1->rbnode, &skb->rbnode,
242 &msk->out_of_order_queue);
243 mptcp_drop(sk, skb1);
06242e44 244 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_DUPDATA);
ab174ad8
PA		 245 goto merge_right;
246 }
247 } else if (mptcp_ooo_try_coalesce(msk, skb1, skb)) {
06242e44 248 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_OFOMERGE);
ab174ad8
PA		 249 return;
250 }
251 p = &parent->rb_right;
252 }
06242e44 253
ab174ad8
PA		 254insert:
255 /* Insert segment into RB tree. */
256 rb_link_node(&skb->rbnode, parent, p);
257 rb_insert_color(&skb->rbnode, &msk->out_of_order_queue);
258
259merge_right:
260 /* Remove other segments covered by skb. */
261 while ((skb1 = skb_rb_next(skb)) != NULL) {
262 if (before64(end_seq, MPTCP_SKB_CB(skb1)->end_seq))
263 break;
264 rb_erase(&skb1->rbnode, &msk->out_of_order_queue);
265 mptcp_drop(sk, skb1);
06242e44 266 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_DUPDATA);
ab174ad8
PA		 267 }
268 /* If there is no skb after us, we are the last_skb ! */
269 if (!skb1)
270 msk->ooo_last_skb = skb;
271
272end:
273 skb_condense(skb);
274 skb_set_owner_r(skb, sk);
275}
276
277static bool __mptcp_move_skb(struct mptcp_sock *msk, struct sock *ssk,
278 struct sk_buff *skb, unsigned int offset,
279 size_t copy_len)
6771bfd9 280{
ab174ad8 281 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk);
6771bfd9 282 struct sock *sk = (struct sock *)msk;
4e637c70 283 struct sk_buff *tail;
6771bfd9
FW		 284
285 __skb_unlink(skb, &ssk->sk_receive_queue);
6771bfd9 286
4e637c70
FW		 287 skb_ext_reset(skb);
288 skb_orphan(skb);
ab174ad8 289
9c3f94e1
PA		 290 /* try to fetch required memory from subflow */
291 if (!sk_rmem_schedule(sk, skb, skb->truesize)) {
292 if (ssk->sk_forward_alloc < skb->truesize)
293 goto drop;
294 __sk_mem_reclaim(ssk, skb->truesize);
295 if (!sk_rmem_schedule(sk, skb, skb->truesize))
296 goto drop;
297 }
298
ab174ad8
PA		 299 /* the skb map_seq accounts for the skb offset:
300 * mptcp_subflow_get_mapped_dsn() is based on the current tp->copied_seq
301 * value
302 */
303 MPTCP_SKB_CB(skb)->map_seq = mptcp_subflow_get_mapped_dsn(subflow);
304 MPTCP_SKB_CB(skb)->end_seq = MPTCP_SKB_CB(skb)->map_seq + copy_len;
8268ed4c 305 MPTCP_SKB_CB(skb)->offset = offset;
4e637c70 306
ab174ad8
PA		 307 if (MPTCP_SKB_CB(skb)->map_seq == msk->ack_seq) {
308 /* in sequence */
8b0308fe 309 WRITE_ONCE(msk->ack_seq, msk->ack_seq + copy_len);
ab174ad8
PA		 310 tail = skb_peek_tail(&sk->sk_receive_queue);
311 if (tail && mptcp_try_coalesce(sk, tail, skb))
312 return true;
4e637c70 313
ab174ad8
PA		 314 skb_set_owner_r(skb, sk);
315 __skb_queue_tail(&sk->sk_receive_queue, skb);
316 return true;
317 } else if (after64(MPTCP_SKB_CB(skb)->map_seq, msk->ack_seq)) {
318 mptcp_data_queue_ofo(msk, skb);
319 return false;
320 }
321
322 /* old data, keep it simple and drop the whole pkt, sender
323 * will retransmit as needed, if needed.
324 */
06242e44 325 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_DUPDATA);
9c3f94e1 326drop:
ab174ad8
PA		 327 mptcp_drop(sk, skb);
328 return false;
6771bfd9
FW		 329}
330
16a9a9da
MM		 331static void mptcp_stop_timer(struct sock *sk)
332{
333 struct inet_connection_sock *icsk = inet_csk(sk);
334
335 sk_stop_timer(sk, &icsk->icsk_retransmit_timer);
336 mptcp_sk(sk)->timer_ival = 0;
337}
338
e16163b6
PA		 339static void mptcp_close_wake_up(struct sock *sk)
340{
341 if (sock_flag(sk, SOCK_DEAD))
342 return;
343
344 sk->sk_state_change(sk);
345 if (sk->sk_shutdown == SHUTDOWN_MASK ||
346 sk->sk_state == TCP_CLOSE)
347 sk_wake_async(sk, SOCK_WAKE_WAITD, POLL_HUP);
348 else
349 sk_wake_async(sk, SOCK_WAKE_WAITD, POLL_IN);
350}
351
6e628cd3 352static bool mptcp_pending_data_fin_ack(struct sock *sk)
16a9a9da
MM		 353{
354 struct mptcp_sock *msk = mptcp_sk(sk);
355
6e628cd3
PA		 356 return !__mptcp_check_fallback(msk) &&
357 ((1 << sk->sk_state) &
358 (TCPF_FIN_WAIT1 | TCPF_CLOSING | TCPF_LAST_ACK)) &&
359 msk->write_seq == READ_ONCE(msk->snd_una);
360}
361
362static void mptcp_check_data_fin_ack(struct sock *sk)
363{
364 struct mptcp_sock *msk = mptcp_sk(sk);
16a9a9da
MM		 365
366 /* Look for an acknowledged DATA_FIN */
6e628cd3 367 if (mptcp_pending_data_fin_ack(sk)) {
16a9a9da
MM		 368 WRITE_ONCE(msk->snd_data_fin_enable, 0);
369
370 switch (sk->sk_state) {
371 case TCP_FIN_WAIT1:
372 inet_sk_state_store(sk, TCP_FIN_WAIT2);
16a9a9da
MM		 373 break;
374 case TCP_CLOSING:
16a9a9da
MM		 375 case TCP_LAST_ACK:
376 inet_sk_state_store(sk, TCP_CLOSE);
16a9a9da
MM		 377 break;
378 }
379
e16163b6 380 mptcp_close_wake_up(sk);
16a9a9da
MM		 381 }
382}
383
3721b9b6
MM		 384static bool mptcp_pending_data_fin(struct sock *sk, u64 *seq)
385{
386 struct mptcp_sock *msk = mptcp_sk(sk);
387
388 if (READ_ONCE(msk->rcv_data_fin) &&
389 ((1 << sk->sk_state) &
390 (TCPF_ESTABLISHED | TCPF_FIN_WAIT1 | TCPF_FIN_WAIT2))) {
391 u64 rcv_data_fin_seq = READ_ONCE(msk->rcv_data_fin_seq);
392
393 if (msk->ack_seq == rcv_data_fin_seq) {
394 if (seq)
395 *seq = rcv_data_fin_seq;
396
397 return true;
398 }
399 }
400
401 return false;
402}
403
404static void mptcp_set_timeout(const struct sock *sk, const struct sock *ssk)
405{
406 long tout = ssk && inet_csk(ssk)->icsk_pending ?
407 inet_csk(ssk)->icsk_timeout - jiffies : 0;
408
409 if (tout <= 0)
410 tout = mptcp_sk(sk)->timer_ival;
411 mptcp_sk(sk)->timer_ival = tout > 0 ? tout : TCP_RTO_MIN;
412}
413
ea4ca586
PA		 414static bool mptcp_subflow_active(struct mptcp_subflow_context *subflow)
415{
416 struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
417
418 /* can't send if JOIN hasn't completed yet (i.e. is usable for mptcp) */
419 if (subflow->request_join && !subflow->fully_established)
420 return false;
421
422 /* only send if our side has not closed yet */
423 return ((1 << ssk->sk_state) & (TCPF_ESTABLISHED | TCPF_CLOSE_WAIT));
424}
425
fd897679
PA		 426static bool tcp_can_send_ack(const struct sock *ssk)
427{
428 return !((1 << inet_sk_state_load(ssk)) &
20bc80b6 429 (TCPF_SYN_SENT | TCPF_SYN_RECV | TCPF_TIME_WAIT | TCPF_CLOSE | TCPF_LISTEN));
fd897679
PA		 430}
431
432static void mptcp_send_ack(struct mptcp_sock *msk)
7ed90803
PA		 433{
434 struct mptcp_subflow_context *subflow;
435
436 mptcp_for_each_subflow(msk, subflow) {
437 struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
438
fd897679
PA		 439 lock_sock(ssk);
440 if (tcp_can_send_ack(ssk))
ea4ca586 441 tcp_send_ack(ssk);
fd897679 442 release_sock(ssk);
ea4ca586 443 }
fd897679
PA		 444}
445
446static bool mptcp_subflow_cleanup_rbuf(struct sock *ssk)
447{
448 int ret;
449
450 lock_sock(ssk);
451 ret = tcp_can_send_ack(ssk);
452 if (ret)
453 tcp_cleanup_rbuf(ssk, 1);
454 release_sock(ssk);
455 return ret;
456}
457
458static void mptcp_cleanup_rbuf(struct mptcp_sock *msk)
459{
87952603 460 struct sock *ack_hint = READ_ONCE(msk->ack_hint);
e3859603 461 int old_space = READ_ONCE(msk->old_wspace);
fd897679 462 struct mptcp_subflow_context *subflow;
e3859603
PA		 463 struct sock *sk = (struct sock *)msk;
464 bool cleanup;
465
466 /* this is a simple superset of what tcp_cleanup_rbuf() implements
467 * so that we don't have to acquire the ssk socket lock most of the time
468 * to do actually nothing
469 */
470 cleanup = __mptcp_space(sk) - old_space >= max(0, old_space);
471 if (!cleanup)
472 return;
fd897679
PA		 473
474 /* if the hinted ssk is still active, try to use it */
87952603 475 if (likely(ack_hint)) {
fd897679
PA		 476 mptcp_for_each_subflow(msk, subflow) {
477 struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
478
87952603 479 if (ack_hint == ssk && mptcp_subflow_cleanup_rbuf(ssk))
fd897679
PA		 480 return;
481 }
7ed90803 482 }
fd897679
PA		 483
484 /* otherwise pick the first active subflow */
485 mptcp_for_each_subflow(msk, subflow)
486 if (mptcp_subflow_cleanup_rbuf(mptcp_subflow_tcp_sock(subflow)))
487 return;
7ed90803
PA		 488}
489
490static bool mptcp_check_data_fin(struct sock *sk)
3721b9b6
MM		 491{
492 struct mptcp_sock *msk = mptcp_sk(sk);
493 u64 rcv_data_fin_seq;
7ed90803 494 bool ret = false;
3721b9b6
MM		 495
496 if (__mptcp_check_fallback(msk) || !msk->first)
7ed90803 497 return ret;
3721b9b6
MM		 498
499 /* Need to ack a DATA_FIN received from a peer while this side
500 * of the connection is in ESTABLISHED, FIN_WAIT1, or FIN_WAIT2.
501 * msk->rcv_data_fin was set when parsing the incoming options
502 * at the subflow level and the msk lock was not held, so this
503 * is the first opportunity to act on the DATA_FIN and change
504 * the msk state.
505 *
506 * If we are caught up to the sequence number of the incoming
507 * DATA_FIN, send the DATA_ACK now and do state transition. If
508 * not caught up, do nothing and let the recv code send DATA_ACK
509 * when catching up.
510 */
511
512 if (mptcp_pending_data_fin(sk, &rcv_data_fin_seq)) {
917944da 513 WRITE_ONCE(msk->ack_seq, msk->ack_seq + 1);
3721b9b6
MM		 514 WRITE_ONCE(msk->rcv_data_fin, 0);
515
516 sk->sk_shutdown |= RCV_SHUTDOWN;
16a9a9da
MM		 517 smp_mb__before_atomic(); /* SHUTDOWN must be visible first */
518 set_bit(MPTCP_DATA_READY, &msk->flags);
3721b9b6
MM		 519
520 switch (sk->sk_state) {
521 case TCP_ESTABLISHED:
522 inet_sk_state_store(sk, TCP_CLOSE_WAIT);
523 break;
524 case TCP_FIN_WAIT1:
525 inet_sk_state_store(sk, TCP_CLOSING);
526 break;
527 case TCP_FIN_WAIT2:
528 inet_sk_state_store(sk, TCP_CLOSE);
3721b9b6
MM		 529 break;
530 default:
531 /* Other states not expected */
532 WARN_ON_ONCE(1);
533 break;
534 }
535
7ed90803 536 ret = true;
3721b9b6 537 mptcp_set_timeout(sk, NULL);
fd897679 538 mptcp_send_ack(msk);
e16163b6 539 mptcp_close_wake_up(sk);
3721b9b6 540 }
7ed90803 541 return ret;
3721b9b6
MM		 542}
543
6771bfd9
FW		 544static bool __mptcp_move_skbs_from_subflow(struct mptcp_sock *msk,
545 struct sock *ssk,
546 unsigned int *bytes)
547{
548 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk);
600911ff 549 struct sock *sk = (struct sock *)msk;
6771bfd9
FW		 550 unsigned int moved = 0;
551 bool more_data_avail;
552 struct tcp_sock *tp;
553 bool done = false;
13c7ba0c
FW		 554 int sk_rbuf;
555
556 sk_rbuf = READ_ONCE(sk->sk_rcvbuf);
557
558 if (!(sk->sk_userlocks & SOCK_RCVBUF_LOCK)) {
559 int ssk_rbuf = READ_ONCE(ssk->sk_rcvbuf);
560
561 if (unlikely(ssk_rbuf > sk_rbuf)) {
562 WRITE_ONCE(sk->sk_rcvbuf, ssk_rbuf);
563 sk_rbuf = ssk_rbuf;
564 }
565 }
600911ff 566
ab174ad8 567 pr_debug("msk=%p ssk=%p", msk, ssk);
6771bfd9
FW		 568 tp = tcp_sk(ssk);
569 do {
570 u32 map_remaining, offset;
571 u32 seq = tp->copied_seq;
572 struct sk_buff *skb;
573 bool fin;
574
575 /* try to move as much data as available */
576 map_remaining = subflow->map_data_len -
577 mptcp_subflow_get_map_offset(subflow);
578
579 skb = skb_peek(&ssk->sk_receive_queue);
d9fb8c50
PA		 580 if (!skb) {
581 /* if no data is found, a racing workqueue/recvmsg
582 * already processed the new data, stop here or we
583 * can enter an infinite loop
584 */
585 if (!moved)
586 done = true;
6771bfd9 587 break;
d9fb8c50 588 }
6771bfd9 589
e1ff9e82
DC		 590 if (__mptcp_check_fallback(msk)) {
591 /* if we are running under the workqueue, TCP could have
592 * collapsed skbs between dummy map creation and now
593 * be sure to adjust the size
594 */
595 map_remaining = skb->len;
596 subflow->map_data_len = skb->len;
597 }
598
6771bfd9
FW		 599 offset = seq - TCP_SKB_CB(skb)->seq;
600 fin = TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN;
601 if (fin) {
602 done = true;
603 seq++;
604 }
605
606 if (offset < skb->len) {
607 size_t len = skb->len - offset;
608
609 if (tp->urg_data)
610 done = true;
611
ab174ad8
PA		 612 if (__mptcp_move_skb(msk, ssk, skb, offset, len))
613 moved += len;
6771bfd9 614 seq += len;
6771bfd9
FW		 615
616 if (WARN_ON_ONCE(map_remaining < len))
617 break;
618 } else {
619 WARN_ON_ONCE(!fin);
620 sk_eat_skb(ssk, skb);
621 done = true;
622 }
623
624 WRITE_ONCE(tp->copied_seq, seq);
625 more_data_avail = mptcp_subflow_data_available(ssk);
600911ff 626
13c7ba0c 627 if (atomic_read(&sk->sk_rmem_alloc) > sk_rbuf) {
600911ff
FW		 628 done = true;
629 break;
630 }
6771bfd9 631 } while (more_data_avail);
87952603 632 WRITE_ONCE(msk->ack_hint, ssk);
6771bfd9 633
6719331c 634 *bytes += moved;
6771bfd9
FW		 635 return done;
636}
637
87952603 638static bool __mptcp_ofo_queue(struct mptcp_sock *msk)
ab174ad8
PA		 639{
640 struct sock *sk = (struct sock *)msk;
641 struct sk_buff *skb, *tail;
642 bool moved = false;
643 struct rb_node *p;
644 u64 end_seq;
645
646 p = rb_first(&msk->out_of_order_queue);
06242e44 647 pr_debug("msk=%p empty=%d", msk, RB_EMPTY_ROOT(&msk->out_of_order_queue));
ab174ad8
PA		 648 while (p) {
649 skb = rb_to_skb(p);
650 if (after64(MPTCP_SKB_CB(skb)->map_seq, msk->ack_seq))
651 break;
652
653 p = rb_next(p);
654 rb_erase(&skb->rbnode, &msk->out_of_order_queue);
655
656 if (unlikely(!after64(MPTCP_SKB_CB(skb)->end_seq,
657 msk->ack_seq))) {
658 mptcp_drop(sk, skb);
06242e44 659 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_DUPDATA);
ab174ad8
PA		 660 continue;
661 }
662
663 end_seq = MPTCP_SKB_CB(skb)->end_seq;
664 tail = skb_peek_tail(&sk->sk_receive_queue);
665 if (!tail || !mptcp_ooo_try_coalesce(msk, tail, skb)) {
666 int delta = msk->ack_seq - MPTCP_SKB_CB(skb)->map_seq;
667
668 /* skip overlapping data, if any */
06242e44
PA		 669 pr_debug("uncoalesced seq=%llx ack seq=%llx delta=%d",
670 MPTCP_SKB_CB(skb)->map_seq, msk->ack_seq,
671 delta);
ab174ad8
PA		 672 MPTCP_SKB_CB(skb)->offset += delta;
673 __skb_queue_tail(&sk->sk_receive_queue, skb);
674 }
675 msk->ack_seq = end_seq;
676 moved = true;
677 }
678 return moved;
679}
680
2e52213c
FW		 681/* In most cases we will be able to lock the mptcp socket. If its already
682 * owned, we need to defer to the work queue to avoid ABBA deadlock.
683 */
87952603 684static void move_skbs_to_msk(struct mptcp_sock *msk, struct sock *ssk)
2e52213c
FW		 685{
686 struct sock *sk = (struct sock *)msk;
687 unsigned int moved = 0;
688
87952603
PA		 689 if (inet_sk_state_load(sk) == TCP_CLOSE)
690 return;
ab174ad8 691
87952603 692 mptcp_data_lock(sk);
2e52213c 693
87952603
PA		 694 __mptcp_move_skbs_from_subflow(msk, ssk, &moved);
695 __mptcp_ofo_queue(msk);
2e52213c 696
87952603
PA		 697 /* If the moves have caught up with the DATA_FIN sequence number
698 * it's time to ack the DATA_FIN and change socket state, but
699 * this is not a good place to change state. Let the workqueue
700 * do it.
701 */
702 if (mptcp_pending_data_fin(sk, NULL))
703 mptcp_schedule_work(sk);
704 mptcp_data_unlock(sk);
2e52213c
FW		 705}
706
707void mptcp_data_ready(struct sock *sk, struct sock *ssk)
101f6f85 708{
6719331c 709 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk);
101f6f85 710 struct mptcp_sock *msk = mptcp_sk(sk);
13c7ba0c 711 int sk_rbuf, ssk_rbuf;
6719331c 712 bool wake;
101f6f85 713
d7b1bfd0
PA		 714 /* The peer can send data while we are shutting down this
715 * subflow at msk destruction time, but we must avoid enqueuing
716 * more data to the msk receive queue
717 */
718 if (unlikely(subflow->disposable))
719 return;
720
6719331c
PA		 721 /* move_skbs_to_msk below can legitly clear the data_avail flag,
722 * but we will need later to properly woke the reader, cache its
723 * value
724 */
725 wake = subflow->data_avail == MPTCP_SUBFLOW_DATA_AVAIL;
726 if (wake)
727 set_bit(MPTCP_DATA_READY, &msk->flags);
6771bfd9 728
13c7ba0c
FW		 729 ssk_rbuf = READ_ONCE(ssk->sk_rcvbuf);
730 sk_rbuf = READ_ONCE(sk->sk_rcvbuf);
731 if (unlikely(ssk_rbuf > sk_rbuf))
732 sk_rbuf = ssk_rbuf;
733
734 /* over limit? can't append more skbs to msk */
735 if (atomic_read(&sk->sk_rmem_alloc) > sk_rbuf)
2e52213c
FW		 736 goto wake;
737
ea4ca586 738 move_skbs_to_msk(msk, ssk);
600911ff 739
600911ff 740wake:
6719331c
PA		 741 if (wake)
742 sk->sk_data_ready(sk);
101f6f85
FW		 743}
744
84dfe367 745void __mptcp_flush_join_list(struct mptcp_sock *msk)
ec3edaa7 746{
5cf92bba
PA		 747 struct mptcp_subflow_context *subflow;
748
ec3edaa7
PK		 749 if (likely(list_empty(&msk->join_list)))
750 return;
751
752 spin_lock_bh(&msk->join_list_lock);
5cf92bba
PA		 753 list_for_each_entry(subflow, &msk->join_list, node)
754 mptcp_propagate_sndbuf((struct sock *)msk, mptcp_subflow_tcp_sock(subflow));
ec3edaa7
PK		 755 list_splice_tail_init(&msk->join_list, &msk->conn_list);
756 spin_unlock_bh(&msk->join_list_lock);
757}
758
b51f9b80
PA		 759static bool mptcp_timer_pending(struct sock *sk)
760{
761 return timer_pending(&inet_csk(sk)->icsk_retransmit_timer);
762}
763
764static void mptcp_reset_timer(struct sock *sk)
765{
766 struct inet_connection_sock *icsk = inet_csk(sk);
767 unsigned long tout;
768
e16163b6
PA		 769 /* prevent rescheduling on close */
770 if (unlikely(inet_sk_state_load(sk) == TCP_CLOSE))
771 return;
772
b51f9b80
PA		 773 /* should never be called with mptcp level timer cleared */
774 tout = READ_ONCE(mptcp_sk(sk)->timer_ival);
775 if (WARN_ON_ONCE(!tout))
776 tout = TCP_RTO_MIN;
777 sk_reset_timer(sk, &icsk->icsk_retransmit_timer, jiffies + tout);
778}
779
ba8f48f7
PA		 780bool mptcp_schedule_work(struct sock *sk)
781{
782 if (inet_sk_state_load(sk) != TCP_CLOSE &&
783 schedule_work(&mptcp_sk(sk)->work)) {
784 /* each subflow already holds a reference to the sk, and the
785 * workqueue is invoked by a subflow, so sk can't go away here.
786 */
787 sock_hold(sk);
788 return true;
789 }
790 return false;
791}
792
59832e24
FW		 793void mptcp_subflow_eof(struct sock *sk)
794{
ba8f48f7
PA		 795 if (!test_and_set_bit(MPTCP_WORK_EOF, &mptcp_sk(sk)->flags))
796 mptcp_schedule_work(sk);
59832e24
FW		 797}
798
5969856a
PA		 799static void mptcp_check_for_eof(struct mptcp_sock *msk)
800{
801 struct mptcp_subflow_context *subflow;
802 struct sock *sk = (struct sock *)msk;
803 int receivers = 0;
804
805 mptcp_for_each_subflow(msk, subflow)
806 receivers += !subflow->rx_eof;
e16163b6
PA		 807 if (receivers)
808 return;
5969856a 809
e16163b6 810 if (!(sk->sk_shutdown & RCV_SHUTDOWN)) {
5969856a
PA		 811 /* hopefully temporary hack: propagate shutdown status
812 * to msk, when all subflows agree on it
813 */
814 sk->sk_shutdown |= RCV_SHUTDOWN;
815
816 smp_mb__before_atomic(); /* SHUTDOWN must be visible first */
817 set_bit(MPTCP_DATA_READY, &msk->flags);
818 sk->sk_data_ready(sk);
819 }
e16163b6
PA		 820
821 switch (sk->sk_state) {
822 case TCP_ESTABLISHED:
823 inet_sk_state_store(sk, TCP_CLOSE_WAIT);
824 break;
825 case TCP_FIN_WAIT1:
26aa2314
PA		 826 inet_sk_state_store(sk, TCP_CLOSING);
827 break;
828 case TCP_FIN_WAIT2:
e16163b6
PA		 829 inet_sk_state_store(sk, TCP_CLOSE);
830 break;
831 default:
832 return;
833 }
834 mptcp_close_wake_up(sk);
5969856a
PA		 835}
836
7a6a6cbc
PA		 837static struct sock *mptcp_subflow_recv_lookup(const struct mptcp_sock *msk)
838{
839 struct mptcp_subflow_context *subflow;
840 struct sock *sk = (struct sock *)msk;
841
842 sock_owned_by_me(sk);
843
844 mptcp_for_each_subflow(msk, subflow) {
845 if (subflow->data_avail)
846 return mptcp_subflow_tcp_sock(subflow);
847 }
848
849 return NULL;
850}
851
3f8e0aae
PA		 852static bool mptcp_skb_can_collapse_to(u64 write_seq,
853 const struct sk_buff *skb,
854 const struct mptcp_ext *mpext)
57040755
PA		 855{
856 if (!tcp_skb_can_collapse_to(skb))
857 return false;
858
5a369ca6
PA		 859 /* can collapse only if MPTCP level sequence is in order and this
860 * mapping has not been xmitted yet
861 */
862 return mpext && mpext->data_seq + mpext->data_len == write_seq &&
863 !mpext->frozen;
57040755
PA		 864}
865
18b683bf
PA		 866static bool mptcp_frag_can_collapse_to(const struct mptcp_sock *msk,
867 const struct page_frag *pfrag,
868 const struct mptcp_data_frag *df)
869{
870 return df && pfrag->page == df->page &&
d9ca1de8 871 pfrag->size - pfrag->offset > 0 &&
18b683bf
PA		 872 df->data_seq + df->data_len == msk->write_seq;
873}
874
724cfd2e 875static int mptcp_wmem_with_overhead(struct sock *sk, int size)
e93da928 876{
724cfd2e
PA		 877 struct mptcp_sock *msk = mptcp_sk(sk);
878 int ret, skbs;
879
880 ret = size + ((sizeof(struct mptcp_data_frag) * size) >> PAGE_SHIFT);
881 skbs = (msk->tx_pending_data + size) / msk->size_goal_cache;
882 if (skbs < msk->skb_tx_cache.qlen)
883 return ret;
884
885 return ret + (skbs - msk->skb_tx_cache.qlen) * SKB_TRUESIZE(MAX_TCP_HEADER);
e93da928
PA		 886}
887
888static void __mptcp_wmem_reserve(struct sock *sk, int size)
889{
724cfd2e 890 int amount = mptcp_wmem_with_overhead(sk, size);
e93da928
PA		 891 struct mptcp_sock *msk = mptcp_sk(sk);
892
893 WARN_ON_ONCE(msk->wmem_reserved);
e7579d5d
DC		 894 if (WARN_ON_ONCE(amount < 0))
895 amount = 0;
896
e93da928
PA		 897 if (amount <= sk->sk_forward_alloc)
898 goto reserve;
899
900 /* under memory pressure try to reserve at most a single page
901 * otherwise try to reserve the full estimate and fallback
902 * to a single page before entering the error path
903 */
904 if ((tcp_under_memory_pressure(sk) && amount > PAGE_SIZE) ||
905 !sk_wmem_schedule(sk, amount)) {
906 if (amount <= PAGE_SIZE)
907 goto nomem;
908
909 amount = PAGE_SIZE;
910 if (!sk_wmem_schedule(sk, amount))
911 goto nomem;
912 }
913
914reserve:
915 msk->wmem_reserved = amount;
916 sk->sk_forward_alloc -= amount;
917 return;
918
919nomem:
920 /* we will wait for memory on next allocation */
921 msk->wmem_reserved = -1;
922}
923
924static void __mptcp_update_wmem(struct sock *sk)
925{
926 struct mptcp_sock *msk = mptcp_sk(sk);
927
928 if (!msk->wmem_reserved)
929 return;
930
931 if (msk->wmem_reserved < 0)
932 msk->wmem_reserved = 0;
933 if (msk->wmem_reserved > 0) {
934 sk->sk_forward_alloc += msk->wmem_reserved;
935 msk->wmem_reserved = 0;
936 }
937}
938
939static bool mptcp_wmem_alloc(struct sock *sk, int size)
940{
941 struct mptcp_sock *msk = mptcp_sk(sk);
942
943 /* check for pre-existing error condition */
944 if (msk->wmem_reserved < 0)
945 return false;
946
947 if (msk->wmem_reserved >= size)
948 goto account;
949
87952603
PA		 950 mptcp_data_lock(sk);
951 if (!sk_wmem_schedule(sk, size)) {
952 mptcp_data_unlock(sk);
e93da928 953 return false;
87952603 954 }
e93da928
PA		 955
956 sk->sk_forward_alloc -= size;
957 msk->wmem_reserved += size;
87952603 958 mptcp_data_unlock(sk);
e93da928
PA		 959
960account:
961 msk->wmem_reserved -= size;
962 return true;
963}
964
87952603
PA		 965static void mptcp_wmem_uncharge(struct sock *sk, int size)
966{
967 struct mptcp_sock *msk = mptcp_sk(sk);
968
969 if (msk->wmem_reserved < 0)
970 msk->wmem_reserved = 0;
971 msk->wmem_reserved += size;
972}
973
724cfd2e
PA		 974static void mptcp_mem_reclaim_partial(struct sock *sk)
975{
976 struct mptcp_sock *msk = mptcp_sk(sk);
977
978 /* if we are experiencing a transint allocation error,
979 * the forward allocation memory has been already
980 * released
981 */
982 if (msk->wmem_reserved < 0)
983 return;
984
985 mptcp_data_lock(sk);
986 sk->sk_forward_alloc += msk->wmem_reserved;
987 sk_mem_reclaim_partial(sk);
988 msk->wmem_reserved = sk->sk_forward_alloc;
989 sk->sk_forward_alloc = 0;
990 mptcp_data_unlock(sk);
991}
992
d027236c
PA		 993static void dfrag_uncharge(struct sock *sk, int len)
994{
995 sk_mem_uncharge(sk, len);
7948f6cc 996 sk_wmem_queued_add(sk, -len);
d027236c
PA		 997}
998
999static void dfrag_clear(struct sock *sk, struct mptcp_data_frag *dfrag)
18b683bf 1000{
d027236c
PA		 1001 int len = dfrag->data_len + dfrag->overhead;
1002
18b683bf 1003 list_del(&dfrag->list);
d027236c 1004 dfrag_uncharge(sk, len);
18b683bf
PA		 1005 put_page(dfrag->page);
1006}
1007
6e628cd3 1008static void __mptcp_clean_una(struct sock *sk)
18b683bf
PA		 1009{
1010 struct mptcp_sock *msk = mptcp_sk(sk);
1011 struct mptcp_data_frag *dtmp, *dfrag;
d027236c 1012 bool cleaned = false;
e1ff9e82
DC		 1013 u64 snd_una;
1014
1015 /* on fallback we just need to ignore snd_una, as this is really
1016 * plain TCP
1017 */
1018 if (__mptcp_check_fallback(msk))
7439d687 1019 msk->snd_una = READ_ONCE(msk->snd_nxt);
6f8a612a 1020
7439d687 1021 snd_una = msk->snd_una;
18b683bf
PA		 1022 list_for_each_entry_safe(dfrag, dtmp, &msk->rtx_queue, list) {
1023 if (after64(dfrag->data_seq + dfrag->data_len, snd_una))
1024 break;
1025
d9ca1de8
PA		 1026 if (WARN_ON_ONCE(dfrag == msk->first_pending))
1027 break;
d027236c
PA		 1028 dfrag_clear(sk, dfrag);
1029 cleaned = true;
1030 }
1031
7948f6cc
FW		 1032 dfrag = mptcp_rtx_head(sk);
1033 if (dfrag && after64(snd_una, dfrag->data_seq)) {
53eb4c38
PA		 1034 u64 delta = snd_una - dfrag->data_seq;
1035
d9ca1de8 1036 if (WARN_ON_ONCE(delta > dfrag->already_sent))
53eb4c38 1037 goto out;
7948f6cc
FW		 1038
1039 dfrag->data_seq += delta;
53eb4c38 1040 dfrag->offset += delta;
7948f6cc 1041 dfrag->data_len -= delta;
d9ca1de8 1042 dfrag->already_sent -= delta;
7948f6cc
FW		 1043
1044 dfrag_uncharge(sk, delta);
1045 cleaned = true;
1046 }
1047
53eb4c38 1048out:
6e628cd3
PA		 1049 if (cleaned) {
1050 if (tcp_under_memory_pressure(sk)) {
1051 __mptcp_update_wmem(sk);
1052 sk_mem_reclaim_partial(sk);
1053 }
6e628cd3 1054 }
95ed690e 1055
6e628cd3
PA		 1056 if (snd_una == READ_ONCE(msk->snd_nxt)) {
1057 if (msk->timer_ival)
1058 mptcp_stop_timer(sk);
1059 } else {
1060 mptcp_reset_timer(sk);
18b683bf
PA		 1061 }
1062}
1063
724cfd2e 1064static void mptcp_enter_memory_pressure(struct sock *sk)
18b683bf 1065{
d9ca1de8
PA		 1066 struct mptcp_subflow_context *subflow;
1067 struct mptcp_sock *msk = mptcp_sk(sk);
1068 bool first = true;
1069
18b683bf 1070 sk_stream_moderate_sndbuf(sk);
d9ca1de8
PA		 1071 mptcp_for_each_subflow(msk, subflow) {
1072 struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
1073
1074 if (first)
1075 tcp_enter_memory_pressure(ssk);
1076 sk_stream_moderate_sndbuf(ssk);
1077 first = false;
1078 }
724cfd2e
PA		 1079}
1080
1081/* ensure we get enough memory for the frag hdr, beyond some minimal amount of
1082 * data
1083 */
1084static bool mptcp_page_frag_refill(struct sock *sk, struct page_frag *pfrag)
1085{
1086 if (likely(skb_page_frag_refill(32U + sizeof(struct mptcp_data_frag),
1087 pfrag, sk->sk_allocation)))
1088 return true;
1089
1090 mptcp_enter_memory_pressure(sk);
18b683bf
PA		 1091 return false;
1092}
1093
1094static struct mptcp_data_frag *
1095mptcp_carve_data_frag(const struct mptcp_sock *msk, struct page_frag *pfrag,
1096 int orig_offset)
1097{
1098 int offset = ALIGN(orig_offset, sizeof(long));
1099 struct mptcp_data_frag *dfrag;
1100
1101 dfrag = (struct mptcp_data_frag *)(page_to_virt(pfrag->page) + offset);
1102 dfrag->data_len = 0;
1103 dfrag->data_seq = msk->write_seq;
1104 dfrag->overhead = offset - orig_offset + sizeof(struct mptcp_data_frag);
1105 dfrag->offset = offset + sizeof(struct mptcp_data_frag);
d9ca1de8 1106 dfrag->already_sent = 0;
18b683bf
PA		 1107 dfrag->page = pfrag->page;
1108
1109 return dfrag;
1110}
1111
caf971df
PA		 1112struct mptcp_sendmsg_info {
1113 int mss_now;
1114 int size_goal;
d9ca1de8
PA		 1115 u16 limit;
1116 u16 sent;
1117 unsigned int flags;
caf971df
PA		 1118};
1119
6f8a612a
FW		 1120static int mptcp_check_allowed_size(struct mptcp_sock *msk, u64 data_seq,
1121 int avail_size)
1122{
1123 u64 window_end = mptcp_wnd_end(msk);
1124
1125 if (__mptcp_check_fallback(msk))
1126 return avail_size;
1127
1128 if (!before64(data_seq + avail_size, window_end)) {
1129 u64 allowed_size = window_end - data_seq;
1130
1131 return min_t(unsigned int, allowed_size, avail_size);
1132 }
1133
1134 return avail_size;
1135}
1136
724cfd2e
PA		 1137static bool __mptcp_add_ext(struct sk_buff *skb, gfp_t gfp)
1138{
1139 struct skb_ext *mpext = __skb_ext_alloc(gfp);
1140
1141 if (!mpext)
1142 return false;
1143 __skb_ext_set(skb, SKB_EXT_MPTCP, mpext);
1144 return true;
1145}
1146
6e628cd3 1147static struct sk_buff *__mptcp_do_alloc_tx_skb(struct sock *sk, gfp_t gfp)
724cfd2e
PA		 1148{
1149 struct sk_buff *skb;
1150
6e628cd3 1151 skb = alloc_skb_fclone(MAX_TCP_HEADER, gfp);
724cfd2e 1152 if (likely(skb)) {
6e628cd3 1153 if (likely(__mptcp_add_ext(skb, gfp))) {
724cfd2e
PA		 1154 skb_reserve(skb, MAX_TCP_HEADER);
1155 skb->reserved_tailroom = skb->end - skb->tail;
1156 return skb;
1157 }
1158 __kfree_skb(skb);
1159 } else {
1160 mptcp_enter_memory_pressure(sk);
1161 }
1162 return NULL;
1163}
1164
1165static bool mptcp_tx_cache_refill(struct sock *sk, int size,
1166 struct sk_buff_head *skbs, int *total_ts)
1167{
1168 struct mptcp_sock *msk = mptcp_sk(sk);
1169 struct sk_buff *skb;
1170 int space_needed;
1171
1172 if (unlikely(tcp_under_memory_pressure(sk))) {
1173 mptcp_mem_reclaim_partial(sk);
1174
1175 /* under pressure pre-allocate at most a single skb */
1176 if (msk->skb_tx_cache.qlen)
1177 return true;
1178 space_needed = msk->size_goal_cache;
1179 } else {
1180 space_needed = msk->tx_pending_data + size -
1181 msk->skb_tx_cache.qlen * msk->size_goal_cache;
1182 }
1183
1184 while (space_needed > 0) {
6e628cd3 1185 skb = __mptcp_do_alloc_tx_skb(sk, sk->sk_allocation);
724cfd2e
PA		 1186 if (unlikely(!skb)) {
1187 /* under memory pressure, try to pass the caller a
1188 * single skb to allow forward progress
1189 */
1190 while (skbs->qlen > 1) {
1191 skb = __skb_dequeue_tail(skbs);
eaeef1ce 1192 *total_ts -= skb->truesize;
724cfd2e
PA		 1193 __kfree_skb(skb);
1194 }
1195 return skbs->qlen > 0;
1196 }
1197
1198 *total_ts += skb->truesize;
1199 __skb_queue_tail(skbs, skb);
1200 space_needed -= msk->size_goal_cache;
1201 }
1202 return true;
1203}
1204
6e628cd3 1205static bool __mptcp_alloc_tx_skb(struct sock *sk, struct sock *ssk, gfp_t gfp)
724cfd2e
PA		 1206{
1207 struct mptcp_sock *msk = mptcp_sk(sk);
1208 struct sk_buff *skb;
1209
1210 if (ssk->sk_tx_skb_cache) {
1211 skb = ssk->sk_tx_skb_cache;
1212 if (unlikely(!skb_ext_find(skb, SKB_EXT_MPTCP) &&
6e628cd3 1213 !__mptcp_add_ext(skb, gfp)))
724cfd2e
PA		 1214 return false;
1215 return true;
1216 }
1217
1218 skb = skb_peek(&msk->skb_tx_cache);
1219 if (skb) {
1220 if (likely(sk_wmem_schedule(ssk, skb->truesize))) {
1221 skb = __skb_dequeue(&msk->skb_tx_cache);
1222 if (WARN_ON_ONCE(!skb))
1223 return false;
1224
1225 mptcp_wmem_uncharge(sk, skb->truesize);
1226 ssk->sk_tx_skb_cache = skb;
1227 return true;
1228 }
1229
1230 /* over memory limit, no point to try to allocate a new skb */
1231 return false;
1232 }
1233
6e628cd3 1234 skb = __mptcp_do_alloc_tx_skb(sk, gfp);
724cfd2e
PA		 1235 if (!skb)
1236 return false;
1237
1238 if (likely(sk_wmem_schedule(ssk, skb->truesize))) {
1239 ssk->sk_tx_skb_cache = skb;
1240 return true;
1241 }
1242 kfree_skb(skb);
1243 return false;
1244}
1245
1246static bool mptcp_must_reclaim_memory(struct sock *sk, struct sock *ssk)
1247{
1248 return !ssk->sk_tx_skb_cache &&
1249 !skb_peek(&mptcp_sk(sk)->skb_tx_cache) &&
1250 tcp_under_memory_pressure(sk);
1251}
1252
1253static bool mptcp_alloc_tx_skb(struct sock *sk, struct sock *ssk)
1254{
1255 if (unlikely(mptcp_must_reclaim_memory(sk, ssk)))
1256 mptcp_mem_reclaim_partial(sk);
6e628cd3 1257 return __mptcp_alloc_tx_skb(sk, ssk, sk->sk_allocation);
724cfd2e
PA		 1258}
1259
6d0060f6 1260static int mptcp_sendmsg_frag(struct sock *sk, struct sock *ssk,
d9ca1de8 1261 struct mptcp_data_frag *dfrag,
caf971df 1262 struct mptcp_sendmsg_info *info)
6d0060f6 1263{
d9ca1de8 1264 u64 data_seq = dfrag->data_seq + info->sent;
6d0060f6 1265 struct mptcp_sock *msk = mptcp_sk(sk);
6f8a612a 1266 bool zero_window_probe = false;
6d0060f6 1267 struct mptcp_ext *mpext = NULL;
57040755 1268 struct sk_buff *skb, *tail;
d9ca1de8 1269 bool can_collapse = false;
15e6ca97 1270 int size_bias = 0;
d9ca1de8 1271 int avail_size;
724cfd2e 1272 size_t ret = 0;
6d0060f6 1273
d9ca1de8
PA		 1274 pr_debug("msk=%p ssk=%p sending dfrag at seq=%lld len=%d already sent=%d",
1275 msk, ssk, dfrag->data_seq, dfrag->data_len, info->sent);
1276
1277 /* compute send limit */
1278 info->mss_now = tcp_send_mss(ssk, &info->size_goal, info->flags);
caf971df 1279 avail_size = info->size_goal;
724cfd2e 1280 msk->size_goal_cache = info->size_goal;
57040755
PA		 1281 skb = tcp_write_queue_tail(ssk);
1282 if (skb) {
57040755
PA		 1283 /* Limit the write to the size available in the
1284 * current skb, if any, so that we create at most a new skb.
1285 * Explicitly tells TCP internals to avoid collapsing on later
1286 * queue management operation, to avoid breaking the ext <->
1287 * SSN association set here
1288 */
d9ca1de8 1289 mpext = skb_ext_find(skb, SKB_EXT_MPTCP);
caf971df 1290 can_collapse = (info->size_goal - skb->len > 0) &&
d9ca1de8 1291 mptcp_skb_can_collapse_to(data_seq, skb, mpext);
15e6ca97 1292 if (!can_collapse) {
57040755 1293 TCP_SKB_CB(skb)->eor = 1;
15e6ca97
PA		 1294 } else {
1295 size_bias = skb->len;
caf971df 1296 avail_size = info->size_goal - skb->len;
15e6ca97 1297 }
57040755 1298 }
18b683bf 1299
6f8a612a
FW		 1300 /* Zero window and all data acked? Probe. */
1301 avail_size = mptcp_check_allowed_size(msk, data_seq, avail_size);
1302 if (avail_size == 0) {
7439d687
PA		 1303 u64 snd_una = READ_ONCE(msk->snd_una);
1304
1305 if (skb || snd_una != msk->snd_nxt)
6f8a612a
FW		 1306 return 0;
1307 zero_window_probe = true;
7439d687 1308 data_seq = snd_una - 1;
6f8a612a
FW		 1309 avail_size = 1;
1310 }
1311
d9ca1de8
PA		 1312 if (WARN_ON_ONCE(info->sent > info->limit ||
1313 info->limit > dfrag->data_len))
1314 return 0;
d027236c 1315
d9ca1de8 1316 ret = info->limit - info->sent;
15e6ca97
PA		 1317 tail = tcp_build_frag(ssk, avail_size + size_bias, info->flags,
1318 dfrag->page, dfrag->offset + info->sent, &ret);
e2223995
PA		 1319 if (!tail) {
1320 tcp_remove_empty_skb(sk, tcp_write_queue_tail(ssk));
1321 return -ENOMEM;
35759383 1322 }
18b683bf 1323
e2223995 1324 /* if the tail skb is still the cached one, collapsing really happened.
57040755 1325 */
e2223995 1326 if (skb == tail) {
15e6ca97 1327 TCP_SKB_CB(tail)->tcp_flags &= ~TCPHDR_PSH;
57040755 1328 mpext->data_len += ret;
15e6ca97 1329 WARN_ON_ONCE(!can_collapse);
6f8a612a 1330 WARN_ON_ONCE(zero_window_probe);
57040755
PA		 1331 goto out;
1332 }
1333
724cfd2e
PA		 1334 mpext = skb_ext_find(tail, SKB_EXT_MPTCP);
1335 if (WARN_ON_ONCE(!mpext)) {
1336 /* should never reach here, stream corrupted */
1337 return -EINVAL;
1338 }
6d0060f6
MM		 1339
1340 memset(mpext, 0, sizeof(*mpext));
d9ca1de8 1341 mpext->data_seq = data_seq;
6d0060f6
MM		 1342 mpext->subflow_seq = mptcp_subflow_ctx(ssk)->rel_write_seq;
1343 mpext->data_len = ret;
1344 mpext->use_map = 1;
1345 mpext->dsn64 = 1;
1346
1347 pr_debug("data_seq=%llu subflow_seq=%u data_len=%u dsn64=%d",
1348 mpext->data_seq, mpext->subflow_seq, mpext->data_len,
1349 mpext->dsn64);
1350
6f8a612a
FW		 1351 if (zero_window_probe) {
1352 mptcp_subflow_ctx(ssk)->rel_write_seq += ret;
1353 mpext->frozen = 1;
1354 ret = 0;
1355 tcp_push_pending_frames(ssk);
1356 }
57040755 1357out:
6d0060f6 1358 mptcp_subflow_ctx(ssk)->rel_write_seq += ret;
6d0060f6
MM		 1359 return ret;
1360}
1361
d5f49190
PA		 1362#define MPTCP_SEND_BURST_SIZE ((1 << 16) - \
1363 sizeof(struct tcphdr) - \
1364 MAX_TCP_OPTION_SPACE - \
1365 sizeof(struct ipv6hdr) - \
1366 sizeof(struct frag_hdr))
1367
1368struct subflow_send_info {
1369 struct sock *ssk;
1370 u64 ratio;
1371};
1372
5cf92bba 1373static struct sock *mptcp_subflow_get_send(struct mptcp_sock *msk)
f296234c 1374{
d5f49190 1375 struct subflow_send_info send_info[2];
f296234c 1376 struct mptcp_subflow_context *subflow;
d5f49190
PA		 1377 int i, nr_active = 0;
1378 struct sock *ssk;
1379 u64 ratio;
1380 u32 pace;
f296234c 1381
d5f49190 1382 sock_owned_by_me((struct sock *)msk);
f296234c 1383
d5f49190
PA		 1384 if (__mptcp_check_fallback(msk)) {
1385 if (!msk->first)
f296234c 1386 return NULL;
d5f49190
PA		 1387 return sk_stream_memory_free(msk->first) ? msk->first : NULL;
1388 }
1389
1390 /* re-use last subflow, if the burst allow that */
1391 if (msk->last_snd && msk->snd_burst > 0 &&
1392 sk_stream_memory_free(msk->last_snd) &&
5cf92bba 1393 mptcp_subflow_active(mptcp_subflow_ctx(msk->last_snd)))
d5f49190 1394 return msk->last_snd;
f296234c 1395
d5f49190
PA		 1396 /* pick the subflow with the lower wmem/wspace ratio */
1397 for (i = 0; i < 2; ++i) {
1398 send_info[i].ssk = NULL;
1399 send_info[i].ratio = -1;
1400 }
1401 mptcp_for_each_subflow(msk, subflow) {
1402 ssk = mptcp_subflow_tcp_sock(subflow);
1403 if (!mptcp_subflow_active(subflow))
1404 continue;
1405
1406 nr_active += !subflow->backup;
ec369c3a 1407 if (!sk_stream_memory_free(subflow->tcp_sock) || !tcp_sk(ssk)->snd_wnd)
d5f49190 1408 continue;
f296234c 1409
d5f49190
PA		 1410 pace = READ_ONCE(ssk->sk_pacing_rate);
1411 if (!pace)
f296234c 1412 continue;
f296234c 1413
d5f49190
PA		 1414 ratio = div_u64((u64)READ_ONCE(ssk->sk_wmem_queued) << 32,
1415 pace);
1416 if (ratio < send_info[subflow->backup].ratio) {
1417 send_info[subflow->backup].ssk = ssk;
1418 send_info[subflow->backup].ratio = ratio;
1419 }
f296234c
PK		 1420 }
1421
d5f49190
PA		 1422 pr_debug("msk=%p nr_active=%d ssk=%p:%lld backup=%p:%lld",
1423 msk, nr_active, send_info[0].ssk, send_info[0].ratio,
1424 send_info[1].ssk, send_info[1].ratio);
1425
1426 /* pick the best backup if no other subflow is active */
1427 if (!nr_active)
1428 send_info[0].ssk = send_info[1].ssk;
1429
1430 if (send_info[0].ssk) {
1431 msk->last_snd = send_info[0].ssk;
1432 msk->snd_burst = min_t(int, MPTCP_SEND_BURST_SIZE,
ec369c3a 1433 tcp_sk(msk->last_snd)->snd_wnd);
d5f49190
PA		 1434 return msk->last_snd;
1435 }
5cf92bba 1436
d5f49190 1437 return NULL;
f296234c
PK		 1438}
1439
d9ca1de8
PA		 1440static void mptcp_push_release(struct sock *sk, struct sock *ssk,
1441 struct mptcp_sendmsg_info *info)
1442{
1443 mptcp_set_timeout(sk, ssk);
1444 tcp_push(ssk, 0, info->mss_now, tcp_sk(ssk)->nonagle, info->size_goal);
1445 release_sock(ssk);
1446}
1447
1448static void mptcp_push_pending(struct sock *sk, unsigned int flags)
f870fa0b 1449{
d9ca1de8 1450 struct sock *prev_ssk = NULL, *ssk = NULL;
f870fa0b 1451 struct mptcp_sock *msk = mptcp_sk(sk);
caf971df 1452 struct mptcp_sendmsg_info info = {
d9ca1de8 1453 .flags = flags,
caf971df 1454 };
d9ca1de8
PA		 1455 struct mptcp_data_frag *dfrag;
1456 int len, copied = 0;
d9ca1de8
PA		 1457
1458 while ((dfrag = mptcp_send_head(sk))) {
1459 info.sent = dfrag->already_sent;
1460 info.limit = dfrag->data_len;
1461 len = dfrag->data_len - dfrag->already_sent;
1462 while (len > 0) {
1463 int ret = 0;
1464
1465 prev_ssk = ssk;
1466 __mptcp_flush_join_list(msk);
5cf92bba 1467 ssk = mptcp_subflow_get_send(msk);
d9ca1de8
PA		 1468
1469 /* try to keep the subflow socket lock across
1470 * consecutive xmit on the same socket
1471 */
1472 if (ssk != prev_ssk && prev_ssk)
1473 mptcp_push_release(sk, prev_ssk, &info);
1474 if (!ssk)
1475 goto out;
1476
1477 if (ssk != prev_ssk || !prev_ssk)
1478 lock_sock(ssk);
1479
724cfd2e
PA		 1480 /* keep it simple and always provide a new skb for the
1481 * subflow, even if we will not use it when collapsing
1482 * on the pending one
1483 */
1484 if (!mptcp_alloc_tx_skb(sk, ssk)) {
1485 mptcp_push_release(sk, ssk, &info);
1486 goto out;
1487 }
1488
d9ca1de8
PA		 1489 ret = mptcp_sendmsg_frag(sk, ssk, dfrag, &info);
1490 if (ret <= 0) {
1491 mptcp_push_release(sk, ssk, &info);
1492 goto out;
1493 }
1494
1495 info.sent += ret;
1496 dfrag->already_sent += ret;
1497 msk->snd_nxt += ret;
1498 msk->snd_burst -= ret;
724cfd2e 1499 msk->tx_pending_data -= ret;
d9ca1de8
PA		 1500 copied += ret;
1501 len -= ret;
1502 }
1503 WRITE_ONCE(msk->first_pending, mptcp_send_next(sk));
1504 }
1505
1506 /* at this point we held the socket lock for the last subflow we used */
1507 if (ssk)
1508 mptcp_push_release(sk, ssk, &info);
1509
1510out:
b680a214
PA		 1511 if (copied) {
1512 /* start the timer, if it's not pending */
1513 if (!mptcp_timer_pending(sk))
1514 mptcp_reset_timer(sk);
d9ca1de8 1515 __mptcp_check_send_data_fin(sk);
b680a214 1516 }
d9ca1de8
PA		 1517}
1518
6e628cd3
PA		 1519static void __mptcp_subflow_push_pending(struct sock *sk, struct sock *ssk)
1520{
1521 struct mptcp_sock *msk = mptcp_sk(sk);
1522 struct mptcp_sendmsg_info info;
1523 struct mptcp_data_frag *dfrag;
b19bc294 1524 struct sock *xmit_ssk;
6e628cd3 1525 int len, copied = 0;
b19bc294 1526 bool first = true;
6e628cd3
PA		 1527
1528 info.flags = 0;
1529 while ((dfrag = mptcp_send_head(sk))) {
1530 info.sent = dfrag->already_sent;
1531 info.limit = dfrag->data_len;
1532 len = dfrag->data_len - dfrag->already_sent;
1533 while (len > 0) {
1534 int ret = 0;
1535
b19bc294
PA		 1536 /* the caller already invoked the packet scheduler,
1537 * check for a different subflow usage only after
1538 * spooling the first chunk of data
1539 */
1540 xmit_ssk = first ? ssk : mptcp_subflow_get_send(mptcp_sk(sk));
1541 if (!xmit_ssk)
1542 goto out;
1543 if (xmit_ssk != ssk) {
1544 mptcp_subflow_delegate(mptcp_subflow_ctx(xmit_ssk));
1545 goto out;
1546 }
1547
6e628cd3
PA		 1548 if (unlikely(mptcp_must_reclaim_memory(sk, ssk))) {
1549 __mptcp_update_wmem(sk);
1550 sk_mem_reclaim_partial(sk);
1551 }
1552 if (!__mptcp_alloc_tx_skb(sk, ssk, GFP_ATOMIC))
1553 goto out;
1554
1555 ret = mptcp_sendmsg_frag(sk, ssk, dfrag, &info);
1556 if (ret <= 0)
1557 goto out;
1558
1559 info.sent += ret;
1560 dfrag->already_sent += ret;
1561 msk->snd_nxt += ret;
1562 msk->snd_burst -= ret;
1563 msk->tx_pending_data -= ret;
1564 copied += ret;
1565 len -= ret;
b19bc294 1566 first = false;
6e628cd3
PA		 1567 }
1568 WRITE_ONCE(msk->first_pending, mptcp_send_next(sk));
1569 }
1570
1571out:
1572 /* __mptcp_alloc_tx_skb could have released some wmem and we are
1573 * not going to flush it via release_sock()
1574 */
1575 __mptcp_update_wmem(sk);
1576 if (copied) {
1577 mptcp_set_timeout(sk, ssk);
1578 tcp_push(ssk, 0, info.mss_now, tcp_sk(ssk)->nonagle,
1579 info.size_goal);
d09d818e
PA		 1580 if (!mptcp_timer_pending(sk))
1581 mptcp_reset_timer(sk);
1582
6e628cd3
PA		 1583 if (msk->snd_data_fin_enable &&
1584 msk->snd_nxt + 1 == msk->write_seq)
1585 mptcp_schedule_work(sk);
1586 }
1587}
1588
5cf92bba
PA		 1589static void mptcp_set_nospace(struct sock *sk)
1590{
1591 /* enable autotune */
1592 set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
1593
1594 /* will be cleared on avail space */
1595 set_bit(MPTCP_NOSPACE, &mptcp_sk(sk)->flags);
1596}
1597
d9ca1de8
PA		 1598static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
1599{
1600 struct mptcp_sock *msk = mptcp_sk(sk);
17091708 1601 struct page_frag *pfrag;
6d0060f6 1602 size_t copied = 0;
caf971df 1603 int ret = 0;
6d0060f6 1604 long timeo;
f870fa0b
MM		 1605
1606 if (msg->msg_flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL))
1607 return -EOPNOTSUPP;
1608
e7579d5d 1609 mptcp_lock_sock(sk, __mptcp_wmem_reserve(sk, min_t(size_t, 1 << 20, len)));
1954b860
MM		 1610
1611 timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
1612
1613 if ((1 << sk->sk_state) & ~(TCPF_ESTABLISHED | TCPF_CLOSE_WAIT)) {
1614 ret = sk_stream_wait_connect(sk, &timeo);
1615 if (ret)
1616 goto out;
1617 }
1618
17091708 1619 pfrag = sk_page_frag(sk);
18b683bf 1620
d9ca1de8 1621 while (msg_data_left(msg)) {
724cfd2e 1622 int total_ts, frag_truesize = 0;
d9ca1de8 1623 struct mptcp_data_frag *dfrag;
724cfd2e 1624 struct sk_buff_head skbs;
d9ca1de8
PA		 1625 bool dfrag_collapsed;
1626 size_t psize, offset;
18b683bf 1627
d9ca1de8
PA		 1628 if (sk->sk_err || (sk->sk_shutdown & SEND_SHUTDOWN)) {
1629 ret = -EPIPE;
f296234c
PK		 1630 goto out;
1631 }
da51aef5 1632
d9ca1de8
PA		 1633 /* reuse tail pfrag, if possible, or carve a new one from the
1634 * page allocator
1635 */
1636 dfrag = mptcp_pending_tail(sk);
1637 dfrag_collapsed = mptcp_frag_can_collapse_to(msk, pfrag, dfrag);
1638 if (!dfrag_collapsed) {
6e628cd3
PA		 1639 if (!sk_stream_memory_free(sk))
1640 goto wait_for_memory;
1641
d9ca1de8
PA		 1642 if (!mptcp_page_frag_refill(sk, pfrag))
1643 goto wait_for_memory;
1644
1645 dfrag = mptcp_carve_data_frag(msk, pfrag, pfrag->offset);
1646 frag_truesize = dfrag->overhead;
72511aab 1647 }
6d0060f6 1648
d9ca1de8
PA		 1649 /* we do not bound vs wspace, to allow a single packet.
1650 * memory accounting will prevent execessive memory usage
1651 * anyway
d5f49190 1652 */
d9ca1de8
PA		 1653 offset = dfrag->offset + dfrag->data_len;
1654 psize = pfrag->size - offset;
1655 psize = min_t(size_t, psize, msg_data_left(msg));
724cfd2e
PA		 1656 total_ts = psize + frag_truesize;
1657 __skb_queue_head_init(&skbs);
1658 if (!mptcp_tx_cache_refill(sk, psize, &skbs, &total_ts))
d9ca1de8
PA		 1659 goto wait_for_memory;
1660
724cfd2e
PA		 1661 if (!mptcp_wmem_alloc(sk, total_ts)) {
1662 __skb_queue_purge(&skbs);
1663 goto wait_for_memory;
1664 }
1665
1666 skb_queue_splice_tail(&skbs, &msk->skb_tx_cache);
d9ca1de8
PA		 1667 if (copy_page_from_iter(dfrag->page, offset, psize,
1668 &msg->msg_iter) != psize) {
87952603 1669 mptcp_wmem_uncharge(sk, psize + frag_truesize);
d9ca1de8
PA		 1670 ret = -EFAULT;
1671 goto out;
72511aab
FW		 1672 }
1673
d9ca1de8
PA		 1674 /* data successfully copied into the write queue */
1675 copied += psize;
1676 dfrag->data_len += psize;
1677 frag_truesize += psize;
1678 pfrag->offset += frag_truesize;
1679 WRITE_ONCE(msk->write_seq, msk->write_seq + psize);
13e16037 1680 msk->tx_pending_data += psize;
d9ca1de8
PA		 1681
1682 /* charge data on mptcp pending queue to the msk socket
1683 * Note: we charge such data both to sk and ssk
fb529e62 1684 */
d9ca1de8 1685 sk_wmem_queued_add(sk, frag_truesize);
d9ca1de8
PA		 1686 if (!dfrag_collapsed) {
1687 get_page(dfrag->page);
1688 list_add_tail(&dfrag->list, &msk->rtx_queue);
1689 if (!msk->first_pending)
1690 WRITE_ONCE(msk->first_pending, dfrag);
fb529e62 1691 }
d9ca1de8
PA		 1692 pr_debug("msk=%p dfrag at seq=%lld len=%d sent=%d new=%d", msk,
1693 dfrag->data_seq, dfrag->data_len, dfrag->already_sent,
1694 !dfrag_collapsed);
6d0060f6 1695
d9ca1de8 1696 continue;
b51f9b80 1697
d9ca1de8 1698wait_for_memory:
5cf92bba 1699 mptcp_set_nospace(sk);
6e628cd3 1700 mptcp_push_pending(sk, msg->msg_flags);
d9ca1de8
PA		 1701 ret = sk_stream_wait_memory(sk, &timeo);
1702 if (ret)
1703 goto out;
57040755 1704 }
6d0060f6 1705
13e16037 1706 if (copied)
d9ca1de8
PA		 1707 mptcp_push_pending(sk, msg->msg_flags);
1708
1954b860 1709out:
cec37a6e 1710 release_sock(sk);
8555c6bf 1711 return copied ? : ret;
f870fa0b
MM		 1712}
1713
7a6a6cbc
PA		 1714static void mptcp_wait_data(struct sock *sk, long *timeo)
1715{
1716 DEFINE_WAIT_FUNC(wait, woken_wake_function);
1717 struct mptcp_sock *msk = mptcp_sk(sk);
1718
1719 add_wait_queue(sk_sleep(sk), &wait);
1720 sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk);
1721
1722 sk_wait_event(sk, timeo,
1723 test_and_clear_bit(MPTCP_DATA_READY, &msk->flags), &wait);
1724
1725 sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk);
1726 remove_wait_queue(sk_sleep(sk), &wait);
1727}
1728
6771bfd9
FW		 1729static int __mptcp_recvmsg_mskq(struct mptcp_sock *msk,
1730 struct msghdr *msg,
1731 size_t len)
1732{
6771bfd9
FW		 1733 struct sk_buff *skb;
1734 int copied = 0;
1735
87952603 1736 while ((skb = skb_peek(&msk->receive_queue)) != NULL) {
6771bfd9
FW		 1737 u32 offset = MPTCP_SKB_CB(skb)->offset;
1738 u32 data_len = skb->len - offset;
1739 u32 count = min_t(size_t, len - copied, data_len);
1740 int err;
1741
1742 err = skb_copy_datagram_msg(skb, offset, msg, count);
1743 if (unlikely(err < 0)) {
1744 if (!copied)
1745 return err;
1746 break;
1747 }
1748
1749 copied += count;
1750
1751 if (count < data_len) {
1752 MPTCP_SKB_CB(skb)->offset += count;
1753 break;
1754 }
1755
87952603
PA		 1756 /* we will bulk release the skb memory later */
1757 skb->destructor = NULL;
1758 msk->rmem_released += skb->truesize;
1759 __skb_unlink(skb, &msk->receive_queue);
6771bfd9
FW		 1760 __kfree_skb(skb);
1761
1762 if (copied >= len)
1763 break;
1764 }
1765
1766 return copied;
1767}
1768
a6b118fe
FW		 1769/* receive buffer autotuning. See tcp_rcv_space_adjust for more information.
1770 *
1771 * Only difference: Use highest rtt estimate of the subflows in use.
1772 */
1773static void mptcp_rcv_space_adjust(struct mptcp_sock *msk, int copied)
1774{
1775 struct mptcp_subflow_context *subflow;
1776 struct sock *sk = (struct sock *)msk;
1777 u32 time, advmss = 1;
1778 u64 rtt_us, mstamp;
1779
1780 sock_owned_by_me(sk);
1781
1782 if (copied <= 0)
1783 return;
1784
1785 msk->rcvq_space.copied += copied;
1786
1787 mstamp = div_u64(tcp_clock_ns(), NSEC_PER_USEC);
1788 time = tcp_stamp_us_delta(mstamp, msk->rcvq_space.time);
1789
1790 rtt_us = msk->rcvq_space.rtt_us;
1791 if (rtt_us && time < (rtt_us >> 3))
1792 return;
1793
1794 rtt_us = 0;
1795 mptcp_for_each_subflow(msk, subflow) {
1796 const struct tcp_sock *tp;
1797 u64 sf_rtt_us;
1798 u32 sf_advmss;
1799
1800 tp = tcp_sk(mptcp_subflow_tcp_sock(subflow));
1801
1802 sf_rtt_us = READ_ONCE(tp->rcv_rtt_est.rtt_us);
1803 sf_advmss = READ_ONCE(tp->advmss);
1804
1805 rtt_us = max(sf_rtt_us, rtt_us);
1806 advmss = max(sf_advmss, advmss);
1807 }
1808
1809 msk->rcvq_space.rtt_us = rtt_us;
1810 if (time < (rtt_us >> 3) || rtt_us == 0)
1811 return;
1812
1813 if (msk->rcvq_space.copied <= msk->rcvq_space.space)
1814 goto new_measure;
1815
1816 if (sock_net(sk)->ipv4.sysctl_tcp_moderate_rcvbuf &&
1817 !(sk->sk_userlocks & SOCK_RCVBUF_LOCK)) {
1818 int rcvmem, rcvbuf;
1819 u64 rcvwin, grow;
1820
1821 rcvwin = ((u64)msk->rcvq_space.copied << 1) + 16 * advmss;
1822
1823 grow = rcvwin * (msk->rcvq_space.copied - msk->rcvq_space.space);
1824
1825 do_div(grow, msk->rcvq_space.space);
1826 rcvwin += (grow << 1);
1827
1828 rcvmem = SKB_TRUESIZE(advmss + MAX_TCP_HEADER);
1829 while (tcp_win_from_space(sk, rcvmem) < advmss)
1830 rcvmem += 128;
1831
1832 do_div(rcvwin, advmss);
1833 rcvbuf = min_t(u64, rcvwin * rcvmem,
1834 sock_net(sk)->ipv4.sysctl_tcp_rmem[2]);
1835
1836 if (rcvbuf > sk->sk_rcvbuf) {
1837 u32 window_clamp;
1838
1839 window_clamp = tcp_win_from_space(sk, rcvbuf);
1840 WRITE_ONCE(sk->sk_rcvbuf, rcvbuf);
1841
1842 /* Make subflows follow along. If we do not do this, we
1843 * get drops at subflow level if skbs can't be moved to
1844 * the mptcp rx queue fast enough (announced rcv_win can
1845 * exceed ssk->sk_rcvbuf).
1846 */
1847 mptcp_for_each_subflow(msk, subflow) {
1848 struct sock *ssk;
c76c6956 1849 bool slow;
a6b118fe
FW		 1850
1851 ssk = mptcp_subflow_tcp_sock(subflow);
c76c6956 1852 slow = lock_sock_fast(ssk);
a6b118fe
FW		 1853 WRITE_ONCE(ssk->sk_rcvbuf, rcvbuf);
1854 tcp_sk(ssk)->window_clamp = window_clamp;
c76c6956
PA		 1855 tcp_cleanup_rbuf(ssk, 1);
1856 unlock_sock_fast(ssk, slow);
a6b118fe
FW		 1857 }
1858 }
1859 }
1860
1861 msk->rcvq_space.space = msk->rcvq_space.copied;
1862new_measure:
1863 msk->rcvq_space.copied = 0;
1864 msk->rcvq_space.time = mstamp;
1865}
1866
87952603
PA		 1867static void __mptcp_update_rmem(struct sock *sk)
1868{
1869 struct mptcp_sock *msk = mptcp_sk(sk);
1870
1871 if (!msk->rmem_released)
1872 return;
1873
1874 atomic_sub(msk->rmem_released, &sk->sk_rmem_alloc);
1875 sk_mem_uncharge(sk, msk->rmem_released);
1876 msk->rmem_released = 0;
1877}
1878
1879static void __mptcp_splice_receive_queue(struct sock *sk)
1880{
1881 struct mptcp_sock *msk = mptcp_sk(sk);
1882
1883 skb_queue_splice_tail_init(&sk->sk_receive_queue, &msk->receive_queue);
1884}
1885
e3859603 1886static bool __mptcp_move_skbs(struct mptcp_sock *msk)
6771bfd9 1887{
87952603 1888 struct sock *sk = (struct sock *)msk;
6771bfd9 1889 unsigned int moved = 0;
87952603 1890 bool ret, done;
d5f49190
PA		 1891
1892 __mptcp_flush_join_list(msk);
6771bfd9
FW		 1893 do {
1894 struct sock *ssk = mptcp_subflow_recv_lookup(msk);
65f49fe7 1895 bool slowpath;
6771bfd9 1896
87952603
PA		 1897 /* we can have data pending in the subflows only if the msk
1898 * receive buffer was full at subflow_data_ready() time,
1899 * that is an unlikely slow path.
1900 */
1901 if (likely(!ssk))
6771bfd9
FW		 1902 break;
1903
65f49fe7 1904 slowpath = lock_sock_fast(ssk);
87952603 1905 mptcp_data_lock(sk);
e3859603 1906 __mptcp_update_rmem(sk);
6771bfd9 1907 done = __mptcp_move_skbs_from_subflow(msk, ssk, &moved);
87952603 1908 mptcp_data_unlock(sk);
e3859603 1909 tcp_cleanup_rbuf(ssk, moved);
65f49fe7 1910 unlock_sock_fast(ssk, slowpath);
6771bfd9
FW		 1911 } while (!done);
1912
87952603
PA		 1913 /* acquire the data lock only if some input data is pending */
1914 ret = moved > 0;
1915 if (!RB_EMPTY_ROOT(&msk->out_of_order_queue) ||
1916 !skb_queue_empty_lockless(&sk->sk_receive_queue)) {
1917 mptcp_data_lock(sk);
1918 __mptcp_update_rmem(sk);
1919 ret |= __mptcp_ofo_queue(msk);
1920 __mptcp_splice_receive_queue(sk);
1921 mptcp_data_unlock(sk);
e3859603 1922 mptcp_cleanup_rbuf(msk);
ab174ad8 1923 }
87952603
PA		 1924 if (ret)
1925 mptcp_check_data_fin((struct sock *)msk);
1926 return !skb_queue_empty(&msk->receive_queue);
6771bfd9
FW		 1927}
1928
f870fa0b
MM		 1929static int mptcp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len,
1930 int nonblock, int flags, int *addr_len)
1931{
1932 struct mptcp_sock *msk = mptcp_sk(sk);
cec37a6e 1933 int copied = 0;
7a6a6cbc
PA		 1934 int target;
1935 long timeo;
f870fa0b
MM		 1936
1937 if (msg->msg_flags & ~(MSG_WAITALL | MSG_DONTWAIT))
1938 return -EOPNOTSUPP;
1939
87952603 1940 mptcp_lock_sock(sk, __mptcp_splice_receive_queue(sk));
fd897679
PA		 1941 if (unlikely(sk->sk_state == TCP_LISTEN)) {
1942 copied = -ENOTCONN;
1943 goto out_err;
1944 }
1945
7a6a6cbc
PA		 1946 timeo = sock_rcvtimeo(sk, nonblock);
1947
1948 len = min_t(size_t, len, INT_MAX);
1949 target = sock_rcvlowat(sk, flags & MSG_WAITALL, len);
1950
05e3ecea 1951 while (copied < len) {
e3859603 1952 int bytes_read;
7a6a6cbc 1953
6771bfd9
FW		 1954 bytes_read = __mptcp_recvmsg_mskq(msk, msg, len - copied);
1955 if (unlikely(bytes_read < 0)) {
1956 if (!copied)
1957 copied = bytes_read;
1958 goto out_err;
1959 }
7a6a6cbc 1960
6771bfd9 1961 copied += bytes_read;
7a6a6cbc 1962
ea4ca586 1963 /* be sure to advertise window change */
e3859603
PA		 1964 mptcp_cleanup_rbuf(msk);
1965
1966 if (skb_queue_empty(&msk->receive_queue) && __mptcp_move_skbs(msk))
1967 continue;
ea4ca586 1968
7a6a6cbc
PA		 1969 /* only the master socket status is relevant here. The exit
1970 * conditions mirror closely tcp_recvmsg()
1971 */
1972 if (copied >= target)
1973 break;
1974
1975 if (copied) {
1976 if (sk->sk_err ||
1977 sk->sk_state == TCP_CLOSE ||
1978 (sk->sk_shutdown & RCV_SHUTDOWN) ||
1979 !timeo ||
1980 signal_pending(current))
1981 break;
1982 } else {
1983 if (sk->sk_err) {
1984 copied = sock_error(sk);
1985 break;
1986 }
1987
5969856a
PA		 1988 if (test_and_clear_bit(MPTCP_WORK_EOF, &msk->flags))
1989 mptcp_check_for_eof(msk);
1990
87952603
PA		 1991 if (sk->sk_shutdown & RCV_SHUTDOWN) {
1992 /* race breaker: the shutdown could be after the
1993 * previous receive queue check
1994 */
e3859603 1995 if (__mptcp_move_skbs(msk))
87952603 1996 continue;
7a6a6cbc 1997 break;
87952603 1998 }
7a6a6cbc
PA		 1999
2000 if (sk->sk_state == TCP_CLOSE) {
2001 copied = -ENOTCONN;
2002 break;
2003 }
2004
2005 if (!timeo) {
2006 copied = -EAGAIN;
2007 break;
2008 }
2009
2010 if (signal_pending(current)) {
2011 copied = sock_intr_errno(timeo);
2012 break;
2013 }
2014 }
2015
2016 pr_debug("block timeout %ld", timeo);
7a6a6cbc 2017 mptcp_wait_data(sk, &timeo);
cec37a6e
PK		 2018 }
2019
87952603
PA		 2020 if (skb_queue_empty_lockless(&sk->sk_receive_queue) &&
2021 skb_queue_empty(&msk->receive_queue)) {
6771bfd9 2022 /* entire backlog drained, clear DATA_READY. */
7a6a6cbc 2023 clear_bit(MPTCP_DATA_READY, &msk->flags);
cec37a6e 2024
6771bfd9
FW		 2025 /* .. race-breaker: ssk might have gotten new data
2026 * after last __mptcp_move_skbs() returned false.
7a6a6cbc 2027 */
e3859603 2028 if (unlikely(__mptcp_move_skbs(msk)))
7a6a6cbc 2029 set_bit(MPTCP_DATA_READY, &msk->flags);
6771bfd9
FW		 2030 } else if (unlikely(!test_bit(MPTCP_DATA_READY, &msk->flags))) {
2031 /* data to read but mptcp_wait_data() cleared DATA_READY */
2032 set_bit(MPTCP_DATA_READY, &msk->flags);
7a6a6cbc 2033 }
6771bfd9 2034out_err:
6719331c
PA		 2035 pr_debug("msk=%p data_ready=%d rx queue empty=%d copied=%d",
2036 msk, test_bit(MPTCP_DATA_READY, &msk->flags),
87952603 2037 skb_queue_empty_lockless(&sk->sk_receive_queue), copied);
a6b118fe
FW		 2038 mptcp_rcv_space_adjust(msk, copied);
2039
7a6a6cbc 2040 release_sock(sk);
cec37a6e
PK		 2041 return copied;
2042}
2043
b51f9b80
PA		 2044static void mptcp_retransmit_handler(struct sock *sk)
2045{
2046 struct mptcp_sock *msk = mptcp_sk(sk);
2047
7439d687
PA		 2048 set_bit(MPTCP_WORK_RTX, &msk->flags);
2049 mptcp_schedule_work(sk);
b51f9b80
PA		 2050}
2051
2052static void mptcp_retransmit_timer(struct timer_list *t)
2053{
2054 struct inet_connection_sock *icsk = from_timer(icsk, t,
2055 icsk_retransmit_timer);
2056 struct sock *sk = &icsk->icsk_inet.sk;
2057
2058 bh_lock_sock(sk);
2059 if (!sock_owned_by_user(sk)) {
2060 mptcp_retransmit_handler(sk);
2061 } else {
2062 /* delegate our work to tcp_release_cb() */
2063 if (!test_and_set_bit(TCP_WRITE_TIMER_DEFERRED,
2064 &sk->sk_tsq_flags))
2065 sock_hold(sk);
2066 }
2067 bh_unlock_sock(sk);
2068 sock_put(sk);
2069}
2070
e16163b6
PA		 2071static void mptcp_timeout_timer(struct timer_list *t)
2072{
2073 struct sock *sk = from_timer(sk, t, sk_timer);
2074
2075 mptcp_schedule_work(sk);
b6d69fc8 2076 sock_put(sk);
e16163b6
PA		 2077}
2078
3b1d6210
PA		 2079/* Find an idle subflow. Return NULL if there is unacked data at tcp
2080 * level.
2081 *
2082 * A backup subflow is returned only if that is the only kind available.
2083 */
2084static struct sock *mptcp_subflow_get_retrans(const struct mptcp_sock *msk)
2085{
2086 struct mptcp_subflow_context *subflow;
2087 struct sock *backup = NULL;
2088
2089 sock_owned_by_me((const struct sock *)msk);
2090
d5f49190 2091 if (__mptcp_check_fallback(msk))
d9ca1de8 2092 return NULL;
d5f49190 2093
3b1d6210
PA		 2094 mptcp_for_each_subflow(msk, subflow) {
2095 struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
2096
d5f49190
PA		 2097 if (!mptcp_subflow_active(subflow))
2098 continue;
2099
3b1d6210 2100 /* still data outstanding at TCP level? Don't retransmit. */
860975c6
FW		 2101 if (!tcp_write_queue_empty(ssk)) {
2102 if (inet_csk(ssk)->icsk_ca_state >= TCP_CA_Loss)
2103 continue;
3b1d6210 2104 return NULL;
860975c6 2105 }
3b1d6210
PA		 2106
2107 if (subflow->backup) {
2108 if (!backup)
2109 backup = ssk;
2110 continue;
2111 }
2112
2113 return ssk;
2114 }
2115
2116 return backup;
2117}
2118
17aee05d
FW		 2119static void mptcp_dispose_initial_subflow(struct mptcp_sock *msk)
2120{
2121 if (msk->subflow) {
2122 iput(SOCK_INODE(msk->subflow));
2123 msk->subflow = NULL;
2124 }
2125}
2126
cec37a6e
PK		 2127/* subflow sockets can be either outgoing (connect) or incoming
2128 * (accept).
2129 *
2130 * Outgoing subflows use in-kernel sockets.
2131 * Incoming subflows do not have their own 'struct socket' allocated,
2132 * so we need to use tcp_close() after detaching them from the mptcp
2133 * parent socket.
2134 */
a141e02e
FW		 2135static void __mptcp_close_ssk(struct sock *sk, struct sock *ssk,
2136 struct mptcp_subflow_context *subflow)
cec37a6e 2137{
e0be4931
FW		 2138 struct mptcp_sock *msk = mptcp_sk(sk);
2139
cec37a6e
PK		 2140 list_del(&subflow->node);
2141
3f8b2667 2142 lock_sock_nested(ssk, SINGLE_DEPTH_NESTING);
e16163b6
PA		 2143
2144 /* if we are invoked by the msk cleanup code, the subflow is
2145 * already orphaned
2146 */
866f26f2 2147 if (ssk->sk_socket)
e16163b6 2148 sock_orphan(ssk);
e16163b6 2149
d7b1bfd0
PA		 2150 subflow->disposable = 1;
2151
e16163b6
PA		 2152 /* if ssk hit tcp_done(), tcp_cleanup_ulp() cleared the related ops
2153 * the ssk has been already destroyed, we just need to release the
2154 * reference owned by msk;
2155 */
2156 if (!inet_csk(ssk)->icsk_ulp_ops) {
2157 kfree_rcu(subflow, rcu);
cec37a6e 2158 } else {
d7b1bfd0 2159 /* otherwise tcp will dispose of the ssk and subflow ctx */
e16163b6
PA		 2160 __tcp_close(ssk, 0);
2161
2162 /* close acquired an extra ref */
2163 __sock_put(ssk);
cec37a6e 2164 }
e16163b6 2165 release_sock(ssk);
e16163b6
PA		 2166
2167 sock_put(ssk);
e0be4931
FW		 2168
2169 if (ssk == msk->last_snd)
2170 msk->last_snd = NULL;
17aee05d
FW		 2171
2172 if (msk->subflow && ssk == msk->subflow->sk)
2173 mptcp_dispose_initial_subflow(msk);
f870fa0b
MM		 2174}
2175
a141e02e
FW		 2176void mptcp_close_ssk(struct sock *sk, struct sock *ssk,
2177 struct mptcp_subflow_context *subflow)
2178{
b911c97c
FW		 2179 if (sk->sk_state == TCP_ESTABLISHED)
2180 mptcp_event(MPTCP_EVENT_SUB_CLOSED, mptcp_sk(sk), ssk, GFP_KERNEL);
a141e02e
FW		 2181 __mptcp_close_ssk(sk, ssk, subflow);
2182}
2183
dc24f8b4
PA		 2184static unsigned int mptcp_sync_mss(struct sock *sk, u32 pmtu)
2185{
2186 return 0;
2187}
2188
0e4f35d7
PA		 2189static void __mptcp_close_subflow(struct mptcp_sock *msk)
2190{
2191 struct mptcp_subflow_context *subflow, *tmp;
2192
3abc05d9
FW		 2193 might_sleep();
2194
0e4f35d7
PA		 2195 list_for_each_entry_safe(subflow, tmp, &msk->conn_list, node) {
2196 struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
2197
2198 if (inet_sk_state_load(ssk) != TCP_CLOSE)
2199 continue;
2200
40947e13
FW		 2201 /* 'subflow_data_ready' will re-sched once rx queue is empty */
2202 if (!skb_queue_empty_lockless(&ssk->sk_receive_queue))
2203 continue;
2204
a141e02e 2205 mptcp_close_ssk((struct sock *)msk, ssk, subflow);
0e4f35d7
PA		 2206 }
2207}
2208
e16163b6
PA		 2209static bool mptcp_check_close_timeout(const struct sock *sk)
2210{
2211 s32 delta = tcp_jiffies32 - inet_csk(sk)->icsk_mtup.probe_timestamp;
2212 struct mptcp_subflow_context *subflow;
2213
2214 if (delta >= TCP_TIMEWAIT_LEN)
2215 return true;
2216
2217 /* if all subflows are in closed status don't bother with additional
2218 * timeout
2219 */
2220 mptcp_for_each_subflow(mptcp_sk(sk), subflow) {
2221 if (inet_sk_state_load(mptcp_subflow_tcp_sock(subflow)) !=
2222 TCP_CLOSE)
2223 return false;
2224 }
2225 return true;
2226}
2227
50c504a2
FW		 2228static void mptcp_check_fastclose(struct mptcp_sock *msk)
2229{
2230 struct mptcp_subflow_context *subflow, *tmp;
2231 struct sock *sk = &msk->sk.icsk_inet.sk;
2232
2233 if (likely(!READ_ONCE(msk->rcv_fastclose)))
2234 return;
2235
2236 mptcp_token_destroy(msk);
2237
2238 list_for_each_entry_safe(subflow, tmp, &msk->conn_list, node) {
2239 struct sock *tcp_sk = mptcp_subflow_tcp_sock(subflow);
2240
2241 lock_sock(tcp_sk);
2242 if (tcp_sk->sk_state != TCP_CLOSE) {
2243 tcp_send_active_reset(tcp_sk, GFP_ATOMIC);
2244 tcp_set_state(tcp_sk, TCP_CLOSE);
2245 }
2246 release_sock(tcp_sk);
2247 }
2248
2249 inet_sk_state_store(sk, TCP_CLOSE);
2250 sk->sk_shutdown = SHUTDOWN_MASK;
2251 smp_mb__before_atomic(); /* SHUTDOWN must be visible first */
2252 set_bit(MPTCP_DATA_READY, &msk->flags);
2253 set_bit(MPTCP_WORK_CLOSE_SUBFLOW, &msk->flags);
2254
2255 mptcp_close_wake_up(sk);
2256}
2257
80992017
PA		 2258static void mptcp_worker(struct work_struct *work)
2259{
2260 struct mptcp_sock *msk = container_of(work, struct mptcp_sock, work);
3b1d6210 2261 struct sock *ssk, *sk = &msk->sk.icsk_inet.sk;
caf971df 2262 struct mptcp_sendmsg_info info = {};
3b1d6210 2263 struct mptcp_data_frag *dfrag;
3b1d6210 2264 size_t copied = 0;
e16163b6 2265 int state, ret;
80992017
PA		 2266
2267 lock_sock(sk);
e16163b6
PA		 2268 state = sk->sk_state;
2269 if (unlikely(state == TCP_CLOSE))
2270 goto unlock;
2271
43b54c6e 2272 mptcp_check_data_fin_ack(sk);
ec3edaa7 2273 __mptcp_flush_join_list(msk);
50c504a2
FW		 2274
2275 mptcp_check_fastclose(msk);
2276
b416268b 2277 if (msk->pm.status)
e9801430 2278 mptcp_pm_nl_work(msk);
b416268b 2279
59832e24
FW		 2280 if (test_and_clear_bit(MPTCP_WORK_EOF, &msk->flags))
2281 mptcp_check_for_eof(msk);
2282
6e628cd3 2283 __mptcp_check_send_data_fin(sk);
43b54c6e
MM		 2284 mptcp_check_data_fin(sk);
2285
341c6524
PA		 2286 /* There is no point in keeping around an orphaned sk timedout or
2287 * closed, but we need the msk around to reply to incoming DATA_FIN,
2288 * even if it is orphaned and in FIN_WAIT2 state
e16163b6
PA		 2289 */
2290 if (sock_flag(sk, SOCK_DEAD) &&
341c6524 2291 (mptcp_check_close_timeout(sk) || sk->sk_state == TCP_CLOSE)) {
e16163b6
PA		 2292 inet_sk_state_store(sk, TCP_CLOSE);
2293 __mptcp_destroy_sock(sk);
2294 goto unlock;
2295 }
2296
b263b0d7
FW		 2297 if (test_and_clear_bit(MPTCP_WORK_CLOSE_SUBFLOW, &msk->flags))
2298 __mptcp_close_subflow(msk);
2299
3b1d6210
PA		 2300 if (!test_and_clear_bit(MPTCP_WORK_RTX, &msk->flags))
2301 goto unlock;
2302
64b9cea7 2303 __mptcp_clean_una(sk);
3b1d6210
PA		 2304 dfrag = mptcp_rtx_head(sk);
2305 if (!dfrag)
2306 goto unlock;
2307
2308 ssk = mptcp_subflow_get_retrans(msk);
2309 if (!ssk)
2310 goto reset_unlock;
2311
2312 lock_sock(ssk);
2313
d9ca1de8
PA		 2314 /* limit retransmission to the bytes already sent on some subflows */
2315 info.sent = 0;
2316 info.limit = dfrag->already_sent;
2317 while (info.sent < dfrag->already_sent) {
724cfd2e
PA		 2318 if (!mptcp_alloc_tx_skb(sk, ssk))
2319 break;
2320
d9ca1de8 2321 ret = mptcp_sendmsg_frag(sk, ssk, dfrag, &info);
6f8a612a 2322 if (ret <= 0)
3b1d6210
PA		 2323 break;
2324
fc518953 2325 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_RETRANSSEGS);
3b1d6210 2326 copied += ret;
d9ca1de8 2327 info.sent += ret;
3b1d6210
PA		 2328 }
2329 if (copied)
caf971df
PA		 2330 tcp_push(ssk, 0, info.mss_now, tcp_sk(ssk)->nonagle,
2331 info.size_goal);
3b1d6210 2332
3b1d6210
PA		 2333 mptcp_set_timeout(sk, ssk);
2334 release_sock(ssk);
2335
2336reset_unlock:
2337 if (!mptcp_timer_pending(sk))
2338 mptcp_reset_timer(sk);
2339
2340unlock:
80992017
PA		 2341 release_sock(sk);
2342 sock_put(sk);
2343}
2344
784325e9 2345static int __mptcp_init_sock(struct sock *sk)
f870fa0b 2346{
cec37a6e
PK		 2347 struct mptcp_sock *msk = mptcp_sk(sk);
2348
ec3edaa7
PK		 2349 spin_lock_init(&msk->join_list_lock);
2350
cec37a6e 2351 INIT_LIST_HEAD(&msk->conn_list);
ec3edaa7 2352 INIT_LIST_HEAD(&msk->join_list);
18b683bf 2353 INIT_LIST_HEAD(&msk->rtx_queue);
80992017 2354 INIT_WORK(&msk->work, mptcp_worker);
87952603 2355 __skb_queue_head_init(&msk->receive_queue);
724cfd2e 2356 __skb_queue_head_init(&msk->skb_tx_cache);
ab174ad8 2357 msk->out_of_order_queue = RB_ROOT;
f0e6a4cf 2358 msk->first_pending = NULL;
e93da928 2359 msk->wmem_reserved = 0;
87952603 2360 msk->rmem_released = 0;
724cfd2e
PA		 2361 msk->tx_pending_data = 0;
2362 msk->size_goal_cache = TCP_BASE_MSS;
cec37a6e 2363
ea4ca586 2364 msk->ack_hint = NULL;
8ab183de 2365 msk->first = NULL;
dc24f8b4 2366 inet_csk(sk)->icsk_sync_mss = mptcp_sync_mss;
8ab183de 2367
1b1c7a0e
PK		 2368 mptcp_pm_data_init(msk);
2369
b51f9b80
PA		 2370 /* re-use the csk retrans timer for MPTCP-level retrans */
2371 timer_setup(&msk->sk.icsk_retransmit_timer, mptcp_retransmit_timer, 0);
e16163b6 2372 timer_setup(&sk->sk_timer, mptcp_timeout_timer, 0);
f870fa0b
MM		 2373 return 0;
2374}
2375
784325e9
MB		 2376static int mptcp_init_sock(struct sock *sk)
2377{
fc518953
FW		 2378 struct net *net = sock_net(sk);
2379 int ret;
18b683bf 2380
b6c08380
GT		 2381 ret = __mptcp_init_sock(sk);
2382 if (ret)
2383 return ret;
2384
fc518953
FW		 2385 if (!mptcp_is_enabled(net))
2386 return -ENOPROTOOPT;
2387
2388 if (unlikely(!net->mib.mptcp_statistics) && !mptcp_mib_alloc(net))
2389 return -ENOMEM;
2390
fa68018d
PA		 2391 ret = __mptcp_socket_create(mptcp_sk(sk));
2392 if (ret)
2393 return ret;
2394
d027236c 2395 sk_sockets_allocated_inc(sk);
a6b118fe 2396 sk->sk_rcvbuf = sock_net(sk)->ipv4.sysctl_tcp_rmem[1];
da51aef5 2397 sk->sk_sndbuf = sock_net(sk)->ipv4.sysctl_tcp_wmem[1];
d027236c 2398
18b683bf
PA		 2399 return 0;
2400}
2401
2402static void __mptcp_clear_xmit(struct sock *sk)
2403{
2404 struct mptcp_sock *msk = mptcp_sk(sk);
2405 struct mptcp_data_frag *dtmp, *dfrag;
724cfd2e 2406 struct sk_buff *skb;
18b683bf 2407
d9ca1de8 2408 WRITE_ONCE(msk->first_pending, NULL);
18b683bf 2409 list_for_each_entry_safe(dfrag, dtmp, &msk->rtx_queue, list)
d027236c 2410 dfrag_clear(sk, dfrag);
724cfd2e
PA		 2411 while ((skb = __skb_dequeue(&msk->skb_tx_cache)) != NULL) {
2412 sk->sk_forward_alloc += skb->truesize;
2413 kfree_skb(skb);
2414 }
784325e9
MB		 2415}
2416
80992017
PA		 2417static void mptcp_cancel_work(struct sock *sk)
2418{
2419 struct mptcp_sock *msk = mptcp_sk(sk);
2420
b2771d24 2421 if (cancel_work_sync(&msk->work))
e16163b6 2422 __sock_put(sk);
80992017
PA		 2423}
2424
d0876b22 2425void mptcp_subflow_shutdown(struct sock *sk, struct sock *ssk, int how)
21498490
PK		 2426{
2427 lock_sock(ssk);
2428
2429 switch (ssk->sk_state) {
2430 case TCP_LISTEN:
2431 if (!(how & RCV_SHUTDOWN))
2432 break;
df561f66 2433 fallthrough;
21498490
PK		 2434 case TCP_SYN_SENT:
2435 tcp_disconnect(ssk, O_NONBLOCK);
2436 break;
2437 default:
43b54c6e
MM		 2438 if (__mptcp_check_fallback(mptcp_sk(sk))) {
2439 pr_debug("Fallback");
2440 ssk->sk_shutdown |= how;
2441 tcp_shutdown(ssk, how);
2442 } else {
2443 pr_debug("Sending DATA_FIN on subflow %p", ssk);
2444 mptcp_set_timeout(sk, ssk);
2445 tcp_send_ack(ssk);
2446 }
21498490
PK		 2447 break;
2448 }
2449
21498490
PK		 2450 release_sock(ssk);
2451}
2452
6920b851
MM		 2453static const unsigned char new_state[16] = {
2454 /* current state: new state: action: */
2455 [0 /* (Invalid) */] = TCP_CLOSE,
2456 [TCP_ESTABLISHED] = TCP_FIN_WAIT1 | TCP_ACTION_FIN,
2457 [TCP_SYN_SENT] = TCP_CLOSE,
2458 [TCP_SYN_RECV] = TCP_FIN_WAIT1 | TCP_ACTION_FIN,
2459 [TCP_FIN_WAIT1] = TCP_FIN_WAIT1,
2460 [TCP_FIN_WAIT2] = TCP_FIN_WAIT2,
2461 [TCP_TIME_WAIT] = TCP_CLOSE, /* should not happen ! */
2462 [TCP_CLOSE] = TCP_CLOSE,
2463 [TCP_CLOSE_WAIT] = TCP_LAST_ACK | TCP_ACTION_FIN,
2464 [TCP_LAST_ACK] = TCP_LAST_ACK,
2465 [TCP_LISTEN] = TCP_CLOSE,
2466 [TCP_CLOSING] = TCP_CLOSING,
2467 [TCP_NEW_SYN_RECV] = TCP_CLOSE, /* should not happen ! */
2468};
2469
2470static int mptcp_close_state(struct sock *sk)
2471{
2472 int next = (int)new_state[sk->sk_state];
2473 int ns = next & TCP_STATE_MASK;
2474
2475 inet_sk_state_store(sk, ns);
2476
2477 return next & TCP_ACTION_FIN;
2478}
2479
e16163b6 2480static void __mptcp_check_send_data_fin(struct sock *sk)
f870fa0b 2481{
e16163b6 2482 struct mptcp_subflow_context *subflow;
f870fa0b
MM		 2483 struct mptcp_sock *msk = mptcp_sk(sk);
2484
e16163b6
PA		 2485 pr_debug("msk=%p snd_data_fin_enable=%d pending=%d snd_nxt=%llu write_seq=%llu",
2486 msk, msk->snd_data_fin_enable, !!mptcp_send_head(sk),
2487 msk->snd_nxt, msk->write_seq);
43b54c6e 2488
e16163b6
PA		 2489 /* we still need to enqueue subflows or not really shutting down,
2490 * skip this
2491 */
2492 if (!msk->snd_data_fin_enable || msk->snd_nxt + 1 != msk->write_seq ||
2493 mptcp_send_head(sk))
2494 return;
2495
2496 WRITE_ONCE(msk->snd_nxt, msk->write_seq);
2497
26aa2314
PA		 2498 /* fallback socket will not get data_fin/ack, can move to the next
2499 * state now
2500 */
2501 if (__mptcp_check_fallback(msk)) {
2502 if ((1 << sk->sk_state) & (TCPF_CLOSING | TCPF_LAST_ACK)) {
2503 inet_sk_state_store(sk, TCP_CLOSE);
2504 mptcp_close_wake_up(sk);
2505 } else if (sk->sk_state == TCP_FIN_WAIT1) {
2506 inet_sk_state_store(sk, TCP_FIN_WAIT2);
2507 }
43b54c6e
MM		 2508 }
2509
e16163b6
PA		 2510 __mptcp_flush_join_list(msk);
2511 mptcp_for_each_subflow(msk, subflow) {
2512 struct sock *tcp_sk = mptcp_subflow_tcp_sock(subflow);
43b54c6e 2513
e16163b6 2514 mptcp_subflow_shutdown(sk, tcp_sk, SEND_SHUTDOWN);
43b54c6e 2515 }
e16163b6 2516}
2c22c06c 2517
e16163b6
PA		 2518static void __mptcp_wr_shutdown(struct sock *sk)
2519{
2520 struct mptcp_sock *msk = mptcp_sk(sk);
43b54c6e 2521
e16163b6
PA		 2522 pr_debug("msk=%p snd_data_fin_enable=%d shutdown=%x state=%d pending=%d",
2523 msk, msk->snd_data_fin_enable, sk->sk_shutdown, sk->sk_state,
2524 !!mptcp_send_head(sk));
2525
2526 /* will be ignored by fallback sockets */
2527 WRITE_ONCE(msk->write_seq, msk->write_seq + 1);
2528 WRITE_ONCE(msk->snd_data_fin_enable, 1);
2529
2530 __mptcp_check_send_data_fin(sk);
2531}
2532
2533static void __mptcp_destroy_sock(struct sock *sk)
2534{
2535 struct mptcp_subflow_context *subflow, *tmp;
2536 struct mptcp_sock *msk = mptcp_sk(sk);
2537 LIST_HEAD(conn_list);
2538
2539 pr_debug("msk=%p", msk);
f870fa0b 2540
3abc05d9
FW		 2541 might_sleep();
2542
10f6d46c
PA		 2543 /* be sure to always acquire the join list lock, to sync vs
2544 * mptcp_finish_join().
2545 */
2546 spin_lock_bh(&msk->join_list_lock);
2547 list_splice_tail_init(&msk->join_list, &msk->conn_list);
2548 spin_unlock_bh(&msk->join_list_lock);
b2c5b614
FW		 2549 list_splice_init(&msk->conn_list, &conn_list);
2550
6e628cd3 2551 sk_stop_timer(sk, &msk->sk.icsk_retransmit_timer);
e16163b6
PA		 2552 sk_stop_timer(sk, &sk->sk_timer);
2553 msk->pm.status = 0;
b2c5b614
FW		 2554
2555 list_for_each_entry_safe(subflow, tmp, &conn_list, node) {
cec37a6e 2556 struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
e16163b6 2557 __mptcp_close_ssk(sk, ssk, subflow);
f870fa0b
MM		 2558 }
2559
e16163b6 2560 sk->sk_prot->destroy(sk);
80992017 2561
e93da928 2562 WARN_ON_ONCE(msk->wmem_reserved);
87952603 2563 WARN_ON_ONCE(msk->rmem_released);
e16163b6
PA		 2564 sk_stream_kill_queues(sk);
2565 xfrm_sk_free_policy(sk);
2566 sk_refcnt_debug_release(sk);
17aee05d 2567 mptcp_dispose_initial_subflow(msk);
e16163b6
PA		 2568 sock_put(sk);
2569}
2570
2571static void mptcp_close(struct sock *sk, long timeout)
2572{
2573 struct mptcp_subflow_context *subflow;
2574 bool do_cancel_work = false;
2575
2576 lock_sock(sk);
2577 sk->sk_shutdown = SHUTDOWN_MASK;
2578
2579 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) {
2580 inet_sk_state_store(sk, TCP_CLOSE);
2581 goto cleanup;
2582 }
6771bfd9 2583
e16163b6
PA		 2584 if (mptcp_close_state(sk))
2585 __mptcp_wr_shutdown(sk);
2586
2587 sk_stream_wait_close(sk, timeout);
2588
2589cleanup:
2590 /* orphan all the subflows */
2591 inet_csk(sk)->icsk_mtup.probe_timestamp = tcp_jiffies32;
2592 list_for_each_entry(subflow, &mptcp_sk(sk)->conn_list, node) {
2593 struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
866f26f2 2594 bool slow = lock_sock_fast(ssk);
e16163b6 2595
e16163b6
PA		 2596 sock_orphan(ssk);
2597 unlock_sock_fast(ssk, slow);
e16163b6
PA		 2598 }
2599 sock_orphan(sk);
2600
2601 sock_hold(sk);
2602 pr_debug("msk=%p state=%d", sk, sk->sk_state);
2603 if (sk->sk_state == TCP_CLOSE) {
2604 __mptcp_destroy_sock(sk);
2605 do_cancel_work = true;
2606 } else {
2607 sk_reset_timer(sk, &sk->sk_timer, jiffies + TCP_TIMEWAIT_LEN);
2608 }
2609 release_sock(sk);
2610 if (do_cancel_work)
2611 mptcp_cancel_work(sk);
b911c97c
FW		 2612
2613 if (mptcp_sk(sk)->token)
2614 mptcp_event(MPTCP_EVENT_CLOSED, mptcp_sk(sk), NULL, GFP_KERNEL);
2615
e16163b6 2616 sock_put(sk);
f870fa0b
MM		 2617}
2618
cf7da0d6
PK		 2619static void mptcp_copy_inaddrs(struct sock *msk, const struct sock *ssk)
2620{
2621#if IS_ENABLED(CONFIG_MPTCP_IPV6)
2622 const struct ipv6_pinfo *ssk6 = inet6_sk(ssk);
2623 struct ipv6_pinfo *msk6 = inet6_sk(msk);
2624
2625 msk->sk_v6_daddr = ssk->sk_v6_daddr;
2626 msk->sk_v6_rcv_saddr = ssk->sk_v6_rcv_saddr;
2627
2628 if (msk6 && ssk6) {
2629 msk6->saddr = ssk6->saddr;
2630 msk6->flow_label = ssk6->flow_label;
2631 }
2632#endif
2633
2634 inet_sk(msk)->inet_num = inet_sk(ssk)->inet_num;
2635 inet_sk(msk)->inet_dport = inet_sk(ssk)->inet_dport;
2636 inet_sk(msk)->inet_sport = inet_sk(ssk)->inet_sport;
2637 inet_sk(msk)->inet_daddr = inet_sk(ssk)->inet_daddr;
2638 inet_sk(msk)->inet_saddr = inet_sk(ssk)->inet_saddr;
2639 inet_sk(msk)->inet_rcv_saddr = inet_sk(ssk)->inet_rcv_saddr;
2640}
2641
18b683bf
PA		 2642static int mptcp_disconnect(struct sock *sk, int flags)
2643{
76e2a55d
PA		 2644 struct mptcp_subflow_context *subflow;
2645 struct mptcp_sock *msk = mptcp_sk(sk);
2646
2647 __mptcp_flush_join_list(msk);
13a9499e
PA		 2648 mptcp_for_each_subflow(msk, subflow) {
2649 struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
2650
2651 lock_sock(ssk);
2652 tcp_disconnect(ssk, flags);
2653 release_sock(ssk);
2654 }
42c556fe 2655 return 0;
18b683bf
PA		 2656}
2657
b0519de8
FW		 2658#if IS_ENABLED(CONFIG_MPTCP_IPV6)
2659static struct ipv6_pinfo *mptcp_inet6_sk(const struct sock *sk)
2660{
2661 unsigned int offset = sizeof(struct mptcp6_sock) - sizeof(struct ipv6_pinfo);
2662
2663 return (struct ipv6_pinfo *)(((u8 *)sk) + offset);
2664}
2665#endif
2666
fca5c82c 2667struct sock *mptcp_sk_clone(const struct sock *sk,
cfde141e 2668 const struct mptcp_options_received *mp_opt,
fca5c82c 2669 struct request_sock *req)
b0519de8 2670{
58b09919 2671 struct mptcp_subflow_request_sock *subflow_req = mptcp_subflow_rsk(req);
b0519de8 2672 struct sock *nsk = sk_clone_lock(sk, GFP_ATOMIC);
58b09919
PA		 2673 struct mptcp_sock *msk;
2674 u64 ack_seq;
b0519de8
FW		 2675
2676 if (!nsk)
2677 return NULL;
2678
2679#if IS_ENABLED(CONFIG_MPTCP_IPV6)
2680 if (nsk->sk_family == AF_INET6)
2681 inet_sk(nsk)->pinet6 = mptcp_inet6_sk(nsk);
2682#endif
2683
58b09919
PA		 2684 __mptcp_init_sock(nsk);
2685
2686 msk = mptcp_sk(nsk);
2687 msk->local_key = subflow_req->local_key;
2688 msk->token = subflow_req->token;
2689 msk->subflow = NULL;
b93df08c 2690 WRITE_ONCE(msk->fully_established, false);
58b09919 2691
58b09919 2692 msk->write_seq = subflow_req->idsn + 1;
eaa2ffab 2693 msk->snd_nxt = msk->write_seq;
7439d687
PA		 2694 msk->snd_una = msk->write_seq;
2695 msk->wnd_end = msk->snd_nxt + req->rsk_rcv_wnd;
6f8a612a 2696
cfde141e 2697 if (mp_opt->mp_capable) {
58b09919 2698 msk->can_ack = true;
cfde141e 2699 msk->remote_key = mp_opt->sndr_key;
58b09919
PA		 2700 mptcp_crypto_key_sha(msk->remote_key, NULL, &ack_seq);
2701 ack_seq++;
917944da 2702 WRITE_ONCE(msk->ack_seq, ack_seq);
fa3fe2b1 2703 WRITE_ONCE(msk->rcv_wnd_sent, ack_seq);
58b09919 2704 }
7f20d5fc 2705
5e20087d 2706 sock_reset_flag(nsk, SOCK_RCU_FREE);
7f20d5fc
PA		 2707 /* will be fully established after successful MPC subflow creation */
2708 inet_sk_state_store(nsk, TCP_SYN_RECV);
0c148460
PA		 2709
2710 security_inet_csk_clone(nsk, req);
58b09919
PA		 2711 bh_unlock_sock(nsk);
2712
2713 /* keep a single reference */
2714 __sock_put(nsk);
b0519de8
FW		 2715 return nsk;
2716}
2717
a6b118fe
FW		 2718void mptcp_rcv_space_init(struct mptcp_sock *msk, const struct sock *ssk)
2719{
2720 const struct tcp_sock *tp = tcp_sk(ssk);
2721
2722 msk->rcvq_space.copied = 0;
2723 msk->rcvq_space.rtt_us = 0;
2724
2725 msk->rcvq_space.time = tp->tcp_mstamp;
2726
2727 /* initial rcv_space offering made to peer */
2728 msk->rcvq_space.space = min_t(u32, tp->rcv_wnd,
2729 TCP_INIT_CWND * tp->advmss);
2730 if (msk->rcvq_space.space == 0)
2731 msk->rcvq_space.space = TCP_INIT_CWND * TCP_MSS_DEFAULT;
6f8a612a 2732
7439d687 2733 WRITE_ONCE(msk->wnd_end, msk->snd_nxt + tcp_sk(ssk)->snd_wnd);
a6b118fe
FW		 2734}
2735
cf7da0d6
PK		 2736static struct sock *mptcp_accept(struct sock *sk, int flags, int *err,
2737 bool kern)
2738{
2739 struct mptcp_sock *msk = mptcp_sk(sk);
2740 struct socket *listener;
2741 struct sock *newsk;
2742
2743 listener = __mptcp_nmpc_socket(msk);
2744 if (WARN_ON_ONCE(!listener)) {
2745 *err = -EINVAL;
2746 return NULL;
2747 }
2748
2749 pr_debug("msk=%p, listener=%p", msk, mptcp_subflow_ctx(listener->sk));
2750 newsk = inet_csk_accept(listener->sk, flags, err, kern);
2751 if (!newsk)
2752 return NULL;
2753
2754 pr_debug("msk=%p, subflow is mptcp=%d", msk, sk_is_mptcp(newsk));
cf7da0d6
PK		 2755 if (sk_is_mptcp(newsk)) {
2756 struct mptcp_subflow_context *subflow;
2757 struct sock *new_mptcp_sock;
cf7da0d6
PK		 2758
2759 subflow = mptcp_subflow_ctx(newsk);
58b09919 2760 new_mptcp_sock = subflow->conn;
cf7da0d6 2761
58b09919
PA		 2762 /* is_mptcp should be false if subflow->conn is missing, see
2763 * subflow_syn_recv_sock()
2764 */
2765 if (WARN_ON_ONCE(!new_mptcp_sock)) {
2766 tcp_sk(newsk)->is_mptcp = 0;
2767 return newsk;
cf7da0d6
PK		 2768 }
2769
58b09919
PA		 2770 /* acquire the 2nd reference for the owning socket */
2771 sock_hold(new_mptcp_sock);
cf7da0d6 2772 newsk = new_mptcp_sock;
0397c6d8 2773 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_MPCAPABLEPASSIVEACK);
fc518953
FW		 2774 } else {
2775 MPTCP_INC_STATS(sock_net(sk),
2776 MPTCP_MIB_MPCAPABLEPASSIVEFALLBACK);
cf7da0d6
PK		 2777 }
2778
2779 return newsk;
2780}
2781
5c8c1640
GT		 2782void mptcp_destroy_common(struct mptcp_sock *msk)
2783{
87952603
PA		 2784 struct sock *sk = (struct sock *)msk;
2785
6e628cd3
PA		 2786 __mptcp_clear_xmit(sk);
2787
87952603
PA		 2788 /* move to sk_receive_queue, sk_stream_kill_queues will purge it */
2789 skb_queue_splice_tail_init(&msk->receive_queue, &sk->sk_receive_queue);
2790
5c8c1640
GT		 2791 skb_rbtree_purge(&msk->out_of_order_queue);
2792 mptcp_token_destroy(msk);
2793 mptcp_pm_free_anno_list(msk);
2794}
2795
79c0949e
PK		 2796static void mptcp_destroy(struct sock *sk)
2797{
c9fd9c5f
FW		 2798 struct mptcp_sock *msk = mptcp_sk(sk);
2799
5c8c1640 2800 mptcp_destroy_common(msk);
d027236c 2801 sk_sockets_allocated_dec(sk);
79c0949e
PK		 2802}
2803
fd1452d8 2804static int mptcp_setsockopt_sol_socket(struct mptcp_sock *msk, int optname,
a7b75c5a 2805 sockptr_t optval, unsigned int optlen)
fd1452d8
FW		 2806{
2807 struct sock *sk = (struct sock *)msk;
2808 struct socket *ssock;
2809 int ret;
2810
2811 switch (optname) {
2812 case SO_REUSEPORT:
2813 case SO_REUSEADDR:
2814 lock_sock(sk);
2815 ssock = __mptcp_nmpc_socket(msk);
2816 if (!ssock) {
2817 release_sock(sk);
2818 return -EINVAL;
2819 }
2820
a7b75c5a 2821 ret = sock_setsockopt(ssock, SOL_SOCKET, optname, optval, optlen);
fd1452d8
FW		 2822 if (ret == 0) {
2823 if (optname == SO_REUSEPORT)
2824 sk->sk_reuseport = ssock->sk->sk_reuseport;
2825 else if (optname == SO_REUSEADDR)
2826 sk->sk_reuse = ssock->sk->sk_reuse;
2827 }
2828 release_sock(sk);
2829 return ret;
2830 }
2831
a7b75c5a 2832 return sock_setsockopt(sk->sk_socket, SOL_SOCKET, optname, optval, optlen);
fd1452d8
FW		 2833}
2834
c9b95a13 2835static int mptcp_setsockopt_v6(struct mptcp_sock *msk, int optname,
a7b75c5a 2836 sockptr_t optval, unsigned int optlen)
c9b95a13
FW		 2837{
2838 struct sock *sk = (struct sock *)msk;
2839 int ret = -EOPNOTSUPP;
2840 struct socket *ssock;
2841
2842 switch (optname) {
2843 case IPV6_V6ONLY:
2844 lock_sock(sk);
2845 ssock = __mptcp_nmpc_socket(msk);
2846 if (!ssock) {
2847 release_sock(sk);
2848 return -EINVAL;
2849 }
2850
2851 ret = tcp_setsockopt(ssock->sk, SOL_IPV6, optname, optval, optlen);
2852 if (ret == 0)
2853 sk->sk_ipv6only = ssock->sk->sk_ipv6only;
2854
2855 release_sock(sk);
2856 break;
2857 }
2858
2859 return ret;
2860}
2861
717e79c8 2862static int mptcp_setsockopt(struct sock *sk, int level, int optname,
a7b75c5a 2863 sockptr_t optval, unsigned int optlen)
717e79c8
PK		 2864{
2865 struct mptcp_sock *msk = mptcp_sk(sk);
76660afb 2866 struct sock *ssk;
717e79c8
PK		 2867
2868 pr_debug("msk=%p", msk);
2869
83f0c10b 2870 if (level == SOL_SOCKET)
fd1452d8 2871 return mptcp_setsockopt_sol_socket(msk, optname, optval, optlen);
83f0c10b 2872
717e79c8 2873 /* @@ the meaning of setsockopt() when the socket is connected and
b6e4a1ae
MM		 2874 * there are multiple subflows is not yet defined. It is up to the
2875 * MPTCP-level socket to configure the subflows until the subflow
2876 * is in TCP fallback, when TCP socket options are passed through
2877 * to the one remaining subflow.
717e79c8
PK		 2878 */
2879 lock_sock(sk);
76660afb 2880 ssk = __mptcp_tcp_fallback(msk);
e154659b 2881 release_sock(sk);
76660afb
PA		 2882 if (ssk)
2883 return tcp_setsockopt(ssk, level, optname, optval, optlen);
50e741bb 2884
c9b95a13
FW		 2885 if (level == SOL_IPV6)
2886 return mptcp_setsockopt_v6(msk, optname, optval, optlen);
2887
b6e4a1ae 2888 return -EOPNOTSUPP;
717e79c8
PK		 2889}
2890
2891static int mptcp_getsockopt(struct sock *sk, int level, int optname,
50e741bb 2892 char __user *optval, int __user *option)
717e79c8
PK		 2893{
2894 struct mptcp_sock *msk = mptcp_sk(sk);
76660afb 2895 struct sock *ssk;
717e79c8
PK		 2896
2897 pr_debug("msk=%p", msk);
2898
b6e4a1ae
MM		 2899 /* @@ the meaning of setsockopt() when the socket is connected and
2900 * there are multiple subflows is not yet defined. It is up to the
2901 * MPTCP-level socket to configure the subflows until the subflow
2902 * is in TCP fallback, when socket options are passed through
2903 * to the one remaining subflow.
717e79c8
PK		 2904 */
2905 lock_sock(sk);
76660afb 2906 ssk = __mptcp_tcp_fallback(msk);
e154659b 2907 release_sock(sk);
76660afb
PA		 2908 if (ssk)
2909 return tcp_getsockopt(ssk, level, optname, optval, option);
50e741bb 2910
b6e4a1ae 2911 return -EOPNOTSUPP;
717e79c8
PK		 2912}
2913
6e628cd3
PA		 2914void __mptcp_data_acked(struct sock *sk)
2915{
2916 if (!sock_owned_by_user(sk))
2917 __mptcp_clean_una(sk);
2918 else
2919 set_bit(MPTCP_CLEAN_UNA, &mptcp_sk(sk)->flags);
2920
2921 if (mptcp_pending_data_fin_ack(sk))
2922 mptcp_schedule_work(sk);
2923}
2924
219d0499 2925void __mptcp_check_push(struct sock *sk, struct sock *ssk)
6e628cd3
PA		 2926{
2927 if (!mptcp_send_head(sk))
2928 return;
2929
40dc9416 2930 if (!sock_owned_by_user(sk)) {
b19bc294
PA		 2931 struct sock *xmit_ssk = mptcp_subflow_get_send(mptcp_sk(sk));
2932
2933 if (xmit_ssk == ssk)
40dc9416 2934 __mptcp_subflow_push_pending(sk, ssk);
b19bc294
PA		 2935 else if (xmit_ssk)
2936 mptcp_subflow_delegate(mptcp_subflow_ctx(xmit_ssk));
40dc9416 2937 } else {
6e628cd3 2938 set_bit(MPTCP_PUSH_PENDING, &mptcp_sk(sk)->flags);
40dc9416 2939 }
6e628cd3
PA		 2940}
2941
ea4ca586 2942#define MPTCP_DEFERRED_ALL (TCPF_WRITE_TIMER_DEFERRED)
14c441b5 2943
e93da928 2944/* processes deferred events and flush wmem */
14c441b5
PA		 2945static void mptcp_release_cb(struct sock *sk)
2946{
2947 unsigned long flags, nflags;
2948
6e628cd3
PA		 2949 /* push_pending may touch wmem_reserved, do it before the later
2950 * cleanup
2951 */
2952 if (test_and_clear_bit(MPTCP_CLEAN_UNA, &mptcp_sk(sk)->flags))
2953 __mptcp_clean_una(sk);
2954 if (test_and_clear_bit(MPTCP_PUSH_PENDING, &mptcp_sk(sk)->flags)) {
2955 /* mptcp_push_pending() acquires the subflow socket lock
2956 *
2957 * 1) can't be invoked in atomic scope
2958 * 2) must avoid ABBA deadlock with msk socket spinlock: the RX
2959 * datapath acquires the msk socket spinlock while helding
2960 * the subflow socket lock
2961 */
2962
2963 spin_unlock_bh(&sk->sk_lock.slock);
2964 mptcp_push_pending(sk, 0);
2965 spin_lock_bh(&sk->sk_lock.slock);
2966 }
15cc1045
PA		 2967 if (test_and_clear_bit(MPTCP_ERROR_REPORT, &mptcp_sk(sk)->flags))
2968 __mptcp_error_report(sk);
6e628cd3 2969
e93da928
PA		 2970 /* clear any wmem reservation and errors */
2971 __mptcp_update_wmem(sk);
87952603 2972 __mptcp_update_rmem(sk);
e93da928 2973
14c441b5
PA		 2974 do {
2975 flags = sk->sk_tsq_flags;
2976 if (!(flags & MPTCP_DEFERRED_ALL))
2977 return;
2978 nflags = flags & ~MPTCP_DEFERRED_ALL;
2979 } while (cmpxchg(&sk->sk_tsq_flags, flags, nflags) != flags);
2980
b51f9b80
PA		 2981 sock_release_ownership(sk);
2982
b51f9b80
PA		 2983 if (flags & TCPF_WRITE_TIMER_DEFERRED) {
2984 mptcp_retransmit_handler(sk);
2985 __sock_put(sk);
2986 }
14c441b5
PA		 2987}
2988
b19bc294
PA		 2989void mptcp_subflow_process_delegated(struct sock *ssk)
2990{
2991 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk);
2992 struct sock *sk = subflow->conn;
2993
2994 mptcp_data_lock(sk);
2995 if (!sock_owned_by_user(sk))
2996 __mptcp_subflow_push_pending(sk, ssk);
2997 else
2998 set_bit(MPTCP_PUSH_PENDING, &mptcp_sk(sk)->flags);
2999 mptcp_data_unlock(sk);
3000 mptcp_subflow_delegated_done(subflow);
3001}
3002
2c5ebd00
PA		 3003static int mptcp_hash(struct sock *sk)
3004{
3005 /* should never be called,
3006 * we hash the TCP subflows not the master socket
3007 */
3008 WARN_ON_ONCE(1);
3009 return 0;
3010}
3011
3012static void mptcp_unhash(struct sock *sk)
3013{
3014 /* called from sk_common_release(), but nothing to do here */
3015}
3016
cec37a6e 3017static int mptcp_get_port(struct sock *sk, unsigned short snum)
f870fa0b
MM		 3018{
3019 struct mptcp_sock *msk = mptcp_sk(sk);
cec37a6e 3020 struct socket *ssock;
f870fa0b 3021
cec37a6e
PK		 3022 ssock = __mptcp_nmpc_socket(msk);
3023 pr_debug("msk=%p, subflow=%p", msk, ssock);
3024 if (WARN_ON_ONCE(!ssock))
3025 return -EINVAL;
f870fa0b 3026
cec37a6e
PK		 3027 return inet_csk_get_port(ssock->sk, snum);
3028}
f870fa0b 3029
cec37a6e
PK		 3030void mptcp_finish_connect(struct sock *ssk)
3031{
3032 struct mptcp_subflow_context *subflow;
3033 struct mptcp_sock *msk;
3034 struct sock *sk;
6d0060f6 3035 u64 ack_seq;
f870fa0b 3036
cec37a6e 3037 subflow = mptcp_subflow_ctx(ssk);
cec37a6e
PK		 3038 sk = subflow->conn;
3039 msk = mptcp_sk(sk);
3040
648ef4b8
MM		 3041 pr_debug("msk=%p, token=%u", sk, subflow->token);
3042
6d0060f6
MM		 3043 mptcp_crypto_key_sha(subflow->remote_key, NULL, &ack_seq);
3044 ack_seq++;
648ef4b8
MM		 3045 subflow->map_seq = ack_seq;
3046 subflow->map_subflow_seq = 1;
6d0060f6 3047
cec37a6e
PK		 3048 /* the socket is not connected yet, no msk/subflow ops can access/race
3049 * accessing the field below
3050 */
3051 WRITE_ONCE(msk->remote_key, subflow->remote_key);
3052 WRITE_ONCE(msk->local_key, subflow->local_key);
6d0060f6 3053 WRITE_ONCE(msk->write_seq, subflow->idsn + 1);
eaa2ffab 3054 WRITE_ONCE(msk->snd_nxt, msk->write_seq);
6d0060f6 3055 WRITE_ONCE(msk->ack_seq, ack_seq);
fa3fe2b1 3056 WRITE_ONCE(msk->rcv_wnd_sent, ack_seq);
d22f4988 3057 WRITE_ONCE(msk->can_ack, 1);
7439d687 3058 WRITE_ONCE(msk->snd_una, msk->write_seq);
1b1c7a0e 3059
6c714f1b 3060 mptcp_pm_new_connection(msk, ssk, 0);
a6b118fe
FW		 3061
3062 mptcp_rcv_space_init(msk, ssk);
f870fa0b
MM		 3063}
3064
866f26f2 3065void mptcp_sock_graft(struct sock *sk, struct socket *parent)
cf7da0d6
PK		 3066{
3067 write_lock_bh(&sk->sk_callback_lock);
3068 rcu_assign_pointer(sk->sk_wq, &parent->wq);
3069 sk_set_socket(sk, parent);
3070 sk->sk_uid = SOCK_INODE(parent)->i_uid;
3071 write_unlock_bh(&sk->sk_callback_lock);
3072}
3073
e16163b6 3074bool mptcp_finish_join(struct sock *ssk)
f296234c 3075{
e16163b6 3076 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk);
f296234c
PK		 3077 struct mptcp_sock *msk = mptcp_sk(subflow->conn);
3078 struct sock *parent = (void *)msk;
3079 struct socket *parent_sock;
ec3edaa7 3080 bool ret;
f296234c
PK		 3081
3082 pr_debug("msk=%p, subflow=%p", msk, subflow);
3083
3084 /* mptcp socket already closing? */
b93df08c 3085 if (!mptcp_is_fully_established(parent))
f296234c
PK		 3086 return false;
3087
3088 if (!msk->pm.server_side)
b911c97c 3089 goto out;
f296234c 3090
10f6d46c
PA		 3091 if (!mptcp_pm_allow_new_subflow(msk))
3092 return false;
3093
3094 /* active connections are already on conn_list, and we can't acquire
3095 * msk lock here.
3096 * use the join list lock as synchronization point and double-check
e16163b6 3097 * msk status to avoid racing with __mptcp_destroy_sock()
10f6d46c
PA		 3098 */
3099 spin_lock_bh(&msk->join_list_lock);
3100 ret = inet_sk_state_load(parent) == TCP_ESTABLISHED;
e16163b6 3101 if (ret && !WARN_ON_ONCE(!list_empty(&subflow->node))) {
10f6d46c 3102 list_add_tail(&subflow->node, &msk->join_list);
e16163b6
PA		 3103 sock_hold(ssk);
3104 }
10f6d46c
PA		 3105 spin_unlock_bh(&msk->join_list_lock);
3106 if (!ret)
3107 return false;
3108
3109 /* attach to msk socket only after we are sure he will deal with us
3110 * at close time
3111 */
f296234c 3112 parent_sock = READ_ONCE(parent->sk_socket);
e16163b6
PA		 3113 if (parent_sock && !ssk->sk_socket)
3114 mptcp_sock_graft(ssk, parent_sock);
917944da 3115 subflow->map_seq = READ_ONCE(msk->ack_seq);
b911c97c
FW		 3116out:
3117 mptcp_event(MPTCP_EVENT_SUB_ESTABLISHED, msk, ssk, GFP_ATOMIC);
10f6d46c 3118 return true;
f296234c
PK		 3119}
3120
76e2a55d
PA		 3121static void mptcp_shutdown(struct sock *sk, int how)
3122{
3123 pr_debug("sk=%p, how=%d", sk, how);
3124
3125 if ((how & SEND_SHUTDOWN) && mptcp_close_state(sk))
3126 __mptcp_wr_shutdown(sk);
3127}
3128
f870fa0b
MM		 3129static struct proto mptcp_prot = {
3130 .name = "MPTCP",
3131 .owner = THIS_MODULE,
3132 .init = mptcp_init_sock,
18b683bf 3133 .disconnect = mptcp_disconnect,
f870fa0b 3134 .close = mptcp_close,
cf7da0d6 3135 .accept = mptcp_accept,
717e79c8
PK		 3136 .setsockopt = mptcp_setsockopt,
3137 .getsockopt = mptcp_getsockopt,
76e2a55d 3138 .shutdown = mptcp_shutdown,
79c0949e 3139 .destroy = mptcp_destroy,
f870fa0b
MM		 3140 .sendmsg = mptcp_sendmsg,
3141 .recvmsg = mptcp_recvmsg,
14c441b5 3142 .release_cb = mptcp_release_cb,
2c5ebd00
PA		 3143 .hash = mptcp_hash,
3144 .unhash = mptcp_unhash,
cec37a6e 3145 .get_port = mptcp_get_port,
d027236c
PA		 3146 .sockets_allocated = &mptcp_sockets_allocated,
3147 .memory_allocated = &tcp_memory_allocated,
3148 .memory_pressure = &tcp_memory_pressure,
d027236c 3149 .sysctl_wmem_offset = offsetof(struct net, ipv4.sysctl_tcp_wmem),
989ef49b 3150 .sysctl_rmem_offset = offsetof(struct net, ipv4.sysctl_tcp_rmem),
d027236c 3151 .sysctl_mem = sysctl_tcp_mem,
f870fa0b 3152 .obj_size = sizeof(struct mptcp_sock),
2c5ebd00 3153 .slab_flags = SLAB_TYPESAFE_BY_RCU,
f870fa0b
MM		 3154 .no_autobind = true,
3155};
3156
2303f994
PK		 3157static int mptcp_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
3158{
3159 struct mptcp_sock *msk = mptcp_sk(sock->sk);
3160 struct socket *ssock;
cf7da0d6 3161 int err;
2303f994
PK		 3162
3163 lock_sock(sock->sk);
fa68018d
PA		 3164 ssock = __mptcp_nmpc_socket(msk);
3165 if (!ssock) {
3166 err = -EINVAL;
2303f994
PK		 3167 goto unlock;
3168 }
3169
3170 err = ssock->ops->bind(ssock, uaddr, addr_len);
cf7da0d6
PK		 3171 if (!err)
3172 mptcp_copy_inaddrs(sock->sk, ssock->sk);
2303f994
PK		 3173
3174unlock:
3175 release_sock(sock->sk);
3176 return err;
3177}
3178
0235d075
PA		 3179static void mptcp_subflow_early_fallback(struct mptcp_sock *msk,
3180 struct mptcp_subflow_context *subflow)
3181{
3182 subflow->request_mptcp = 0;
3183 __mptcp_do_fallback(msk);
3184}
3185
2303f994
PK		 3186static int mptcp_stream_connect(struct socket *sock, struct sockaddr *uaddr,
3187 int addr_len, int flags)
3188{
3189 struct mptcp_sock *msk = mptcp_sk(sock->sk);
2c5ebd00 3190 struct mptcp_subflow_context *subflow;
2303f994
PK		 3191 struct socket *ssock;
3192 int err;
3193
3194 lock_sock(sock->sk);
41be81a8
PA		 3195 if (sock->state != SS_UNCONNECTED && msk->subflow) {
3196 /* pending connection or invalid state, let existing subflow
3197 * cope with that
3198 */
3199 ssock = msk->subflow;
3200 goto do_connect;
3201 }
3202
fa68018d
PA		 3203 ssock = __mptcp_nmpc_socket(msk);
3204 if (!ssock) {
3205 err = -EINVAL;
2303f994
PK		 3206 goto unlock;
3207 }
3208
fa68018d
PA		 3209 mptcp_token_destroy(msk);
3210 inet_sk_state_store(sock->sk, TCP_SYN_SENT);
2c5ebd00 3211 subflow = mptcp_subflow_ctx(ssock->sk);
cf7da0d6
PK		 3212#ifdef CONFIG_TCP_MD5SIG
3213 /* no MPTCP if MD5SIG is enabled on this socket or we may run out of
3214 * TCP option space.
3215 */
3216 if (rcu_access_pointer(tcp_sk(ssock->sk)->md5sig_info))
0235d075 3217 mptcp_subflow_early_fallback(msk, subflow);
cf7da0d6 3218#endif
2c5ebd00 3219 if (subflow->request_mptcp && mptcp_token_new_connect(ssock->sk))
0235d075 3220 mptcp_subflow_early_fallback(msk, subflow);
cf7da0d6 3221
41be81a8 3222do_connect:
2303f994 3223 err = ssock->ops->connect(ssock, uaddr, addr_len, flags);
41be81a8
PA		 3224 sock->state = ssock->state;
3225
3226 /* on successful connect, the msk state will be moved to established by
3227 * subflow_finish_connect()
3228 */
367fe04e 3229 if (!err || err == -EINPROGRESS)
41be81a8
PA		 3230 mptcp_copy_inaddrs(sock->sk, ssock->sk);
3231 else
3232 inet_sk_state_store(sock->sk, inet_sk_state_load(ssock->sk));
2303f994
PK		 3233
3234unlock:
3235 release_sock(sock->sk);
3236 return err;
3237}
3238
cf7da0d6
PK		 3239static int mptcp_listen(struct socket *sock, int backlog)
3240{
3241 struct mptcp_sock *msk = mptcp_sk(sock->sk);
3242 struct socket *ssock;
3243 int err;
3244
3245 pr_debug("msk=%p", msk);
3246
3247 lock_sock(sock->sk);
fa68018d
PA		 3248 ssock = __mptcp_nmpc_socket(msk);
3249 if (!ssock) {
3250 err = -EINVAL;
cf7da0d6
PK		 3251 goto unlock;
3252 }
3253
fa68018d
PA		 3254 mptcp_token_destroy(msk);
3255 inet_sk_state_store(sock->sk, TCP_LISTEN);
5e20087d
FW		 3256 sock_set_flag(sock->sk, SOCK_RCU_FREE);
3257
cf7da0d6
PK		 3258 err = ssock->ops->listen(ssock, backlog);
3259 inet_sk_state_store(sock->sk, inet_sk_state_load(ssock->sk));
3260 if (!err)
3261 mptcp_copy_inaddrs(sock->sk, ssock->sk);
3262
3263unlock:
3264 release_sock(sock->sk);
3265 return err;
3266}
3267
cf7da0d6
PK		 3268static int mptcp_stream_accept(struct socket *sock, struct socket *newsock,
3269 int flags, bool kern)
3270{
3271 struct mptcp_sock *msk = mptcp_sk(sock->sk);
3272 struct socket *ssock;
3273 int err;
3274
3275 pr_debug("msk=%p", msk);
3276
3277 lock_sock(sock->sk);
3278 if (sock->sk->sk_state != TCP_LISTEN)
3279 goto unlock_fail;
3280
3281 ssock = __mptcp_nmpc_socket(msk);
3282 if (!ssock)
3283 goto unlock_fail;
3284
8a05661b 3285 clear_bit(MPTCP_DATA_READY, &msk->flags);
cf7da0d6
PK		 3286 sock_hold(ssock->sk);
3287 release_sock(sock->sk);
3288
3289 err = ssock->ops->accept(sock, newsock, flags, kern);
d2f77c53 3290 if (err == 0 && !mptcp_is_tcpsk(newsock->sk)) {
cf7da0d6
PK		 3291 struct mptcp_sock *msk = mptcp_sk(newsock->sk);
3292 struct mptcp_subflow_context *subflow;
0397c6d8 3293 struct sock *newsk = newsock->sk;
0397c6d8 3294
4d54cc32 3295 lock_sock(newsk);
5b950ff4
PA		 3296
3297 /* PM/worker can now acquire the first subflow socket
3298 * lock without racing with listener queue cleanup,
3299 * we can notify it, if needed.
3300 */
3301 subflow = mptcp_subflow_ctx(msk->first);
3302 list_add(&subflow->node, &msk->conn_list);
3303 sock_hold(msk->first);
3304 if (mptcp_is_fully_established(newsk))
6c714f1b 3305 mptcp_pm_fully_established(msk, msk->first, GFP_KERNEL);
5b950ff4 3306
0397c6d8
PA		 3307 mptcp_copy_inaddrs(newsk, msk->first);
3308 mptcp_rcv_space_init(msk, msk->first);
5cf92bba 3309 mptcp_propagate_sndbuf(newsk, msk->first);
cf7da0d6
PK		 3310
3311 /* set ssk->sk_socket of accept()ed flows to mptcp socket.
3312 * This is needed so NOSPACE flag can be set from tcp stack.
3313 */
ec3edaa7 3314 __mptcp_flush_join_list(msk);
190f8b06 3315 mptcp_for_each_subflow(msk, subflow) {
cf7da0d6
PK		 3316 struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
3317
3318 if (!ssk->sk_socket)
3319 mptcp_sock_graft(ssk, newsock);
3320 }
4d54cc32 3321 release_sock(newsk);
cf7da0d6
PK		 3322 }
3323
8a05661b
PA		 3324 if (inet_csk_listen_poll(ssock->sk))
3325 set_bit(MPTCP_DATA_READY, &msk->flags);
cf7da0d6
PK		 3326 sock_put(ssock->sk);
3327 return err;
3328
3329unlock_fail:
3330 release_sock(sock->sk);
3331 return -EINVAL;
3332}
3333
8a05661b
PA		 3334static __poll_t mptcp_check_readable(struct mptcp_sock *msk)
3335{
3336 return test_bit(MPTCP_DATA_READY, &msk->flags) ? EPOLLIN | EPOLLRDNORM :
3337 0;
3338}
3339
8edf0864
FW		 3340static __poll_t mptcp_check_writeable(struct mptcp_sock *msk)
3341{
3342 struct sock *sk = (struct sock *)msk;
8edf0864
FW		 3343
3344 if (unlikely(sk->sk_shutdown & SEND_SHUTDOWN))
dd913410 3345 return EPOLLOUT | EPOLLWRNORM;
8edf0864
FW		 3346
3347 if (sk_stream_is_writeable(sk))
3348 return EPOLLOUT | EPOLLWRNORM;
3349
5cf92bba 3350 mptcp_set_nospace(sk);
6e628cd3
PA		 3351 smp_mb__after_atomic(); /* msk->flags is changed by write_space cb */
3352 if (sk_stream_is_writeable(sk))
3353 return EPOLLOUT | EPOLLWRNORM;
8edf0864 3354
6e628cd3 3355 return 0;
8edf0864
FW		 3356}
3357
2303f994
PK		 3358static __poll_t mptcp_poll(struct file *file, struct socket *sock,
3359 struct poll_table_struct *wait)
3360{
1891c4a0 3361 struct sock *sk = sock->sk;
8ab183de 3362 struct mptcp_sock *msk;
2303f994 3363 __poll_t mask = 0;
8a05661b 3364 int state;
2303f994 3365
1891c4a0 3366 msk = mptcp_sk(sk);
1891c4a0 3367 sock_poll_wait(file, sock, wait);
1891c4a0 3368
8a05661b 3369 state = inet_sk_state_load(sk);
6719331c 3370 pr_debug("msk=%p state=%d flags=%lx", msk, state, msk->flags);
8a05661b
PA		 3371 if (state == TCP_LISTEN)
3372 return mptcp_check_readable(msk);
3373
3374 if (state != TCP_SYN_SENT && state != TCP_SYN_RECV) {
3375 mask |= mptcp_check_readable(msk);
8edf0864 3376 mask |= mptcp_check_writeable(msk);
8a05661b 3377 }
dd913410
PA		 3378 if (sk->sk_shutdown == SHUTDOWN_MASK || state == TCP_CLOSE)
3379 mask |= EPOLLHUP;
1891c4a0
FW		 3380 if (sk->sk_shutdown & RCV_SHUTDOWN)
3381 mask |= EPOLLIN | EPOLLRDNORM | EPOLLRDHUP;
3382
15cc1045
PA		 3383 /* This barrier is coupled with smp_wmb() in tcp_reset() */
3384 smp_rmb();
3385 if (sk->sk_err)
3386 mask |= EPOLLERR;
3387
2303f994
PK		 3388 return mask;
3389}
3390
ad98dd37
FW		 3391static int mptcp_release(struct socket *sock)
3392{
3393 struct mptcp_subflow_context *subflow;
3394 struct sock *sk = sock->sk;
3395 struct mptcp_sock *msk;
3396
3397 if (!sk)
3398 return 0;
3399
3400 lock_sock(sk);
3401
3402 msk = mptcp_sk(sk);
3403
3404 mptcp_for_each_subflow(msk, subflow) {
3405 struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
3406
3407 ip_mc_drop_socket(ssk);
3408 }
3409
3410 release_sock(sk);
3411
3412 return inet_release(sock);
3413}
3414
e42f1ac6
FW		 3415static const struct proto_ops mptcp_stream_ops = {
3416 .family = PF_INET,
3417 .owner = THIS_MODULE,
ad98dd37 3418 .release = mptcp_release,
e42f1ac6
FW		 3419 .bind = mptcp_bind,
3420 .connect = mptcp_stream_connect,
3421 .socketpair = sock_no_socketpair,
3422 .accept = mptcp_stream_accept,
d2f77c53 3423 .getname = inet_getname,
e42f1ac6
FW		 3424 .poll = mptcp_poll,
3425 .ioctl = inet_ioctl,
3426 .gettstamp = sock_gettstamp,
3427 .listen = mptcp_listen,
76e2a55d 3428 .shutdown = inet_shutdown,
e42f1ac6
FW		 3429 .setsockopt = sock_common_setsockopt,
3430 .getsockopt = sock_common_getsockopt,
3431 .sendmsg = inet_sendmsg,
3432 .recvmsg = inet_recvmsg,
3433 .mmap = sock_no_mmap,
3434 .sendpage = inet_sendpage,
e42f1ac6 3435};
2303f994 3436
f870fa0b
MM		 3437static struct inet_protosw mptcp_protosw = {
3438 .type = SOCK_STREAM,
3439 .protocol = IPPROTO_MPTCP,
3440 .prot = &mptcp_prot,
2303f994
PK		 3441 .ops = &mptcp_stream_ops,
3442 .flags = INET_PROTOSW_ICSK,
f870fa0b
MM		 3443};
3444
b19bc294
PA		 3445static int mptcp_napi_poll(struct napi_struct *napi, int budget)
3446{
3447 struct mptcp_delegated_action *delegated;
3448 struct mptcp_subflow_context *subflow;
3449 int work_done = 0;
3450
3451 delegated = container_of(napi, struct mptcp_delegated_action, napi);
3452 while ((subflow = mptcp_subflow_delegated_next(delegated)) != NULL) {
3453 struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
3454
3455 bh_lock_sock_nested(ssk);
3456 if (!sock_owned_by_user(ssk) &&
3457 mptcp_subflow_has_delegated_action(subflow))
3458 mptcp_subflow_process_delegated(ssk);
3459 /* ... elsewhere tcp_release_cb_override already processed
3460 * the action or will do at next release_sock().
3461 * In both case must dequeue the subflow here - on the same
3462 * CPU that scheduled it.
3463 */
3464 bh_unlock_sock(ssk);
3465 sock_put(ssk);
3466
3467 if (++work_done == budget)
3468 return budget;
3469 }
3470
3471 /* always provide a 0 'work_done' argument, so that napi_complete_done
3472 * will not try accessing the NULL napi->dev ptr
3473 */
3474 napi_complete_done(napi, 0);
3475 return work_done;
3476}
3477
d39dceca 3478void __init mptcp_proto_init(void)
f870fa0b 3479{
b19bc294
PA		 3480 struct mptcp_delegated_action *delegated;
3481 int cpu;
3482
2303f994 3483 mptcp_prot.h.hashinfo = tcp_prot.h.hashinfo;
2303f994 3484
d027236c
PA		 3485 if (percpu_counter_init(&mptcp_sockets_allocated, 0, GFP_KERNEL))
3486 panic("Failed to allocate MPTCP pcpu counter\n");
3487
b19bc294
PA		 3488 init_dummy_netdev(&mptcp_napi_dev);
3489 for_each_possible_cpu(cpu) {
3490 delegated = per_cpu_ptr(&mptcp_delegated_actions, cpu);
3491 INIT_LIST_HEAD(&delegated->head);
3492 netif_tx_napi_add(&mptcp_napi_dev, &delegated->napi, mptcp_napi_poll,
3493 NAPI_POLL_WEIGHT);
3494 napi_enable(&delegated->napi);
3495 }
3496
2303f994 3497 mptcp_subflow_init();
1b1c7a0e 3498 mptcp_pm_init();
2c5ebd00 3499 mptcp_token_init();
2303f994 3500
f870fa0b
MM		 3501 if (proto_register(&mptcp_prot, 1) != 0)
3502 panic("Failed to register MPTCP proto.\n");
3503
3504 inet_register_protosw(&mptcp_protosw);
6771bfd9
FW		 3505
3506 BUILD_BUG_ON(sizeof(struct mptcp_skb_cb) > sizeof_field(struct sk_buff, cb));
f870fa0b
MM		 3507}
3508
3509#if IS_ENABLED(CONFIG_MPTCP_IPV6)
ad98dd37
FW		 3510static int mptcp6_release(struct socket *sock)
3511{
3512 struct mptcp_subflow_context *subflow;
3513 struct mptcp_sock *msk;
3514 struct sock *sk = sock->sk;
3515
3516 if (!sk)
3517 return 0;
3518
3519 lock_sock(sk);
3520
3521 msk = mptcp_sk(sk);
3522
3523 mptcp_for_each_subflow(msk, subflow) {
3524 struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
3525
3526 ip_mc_drop_socket(ssk);
3527 ipv6_sock_mc_close(ssk);
3528 ipv6_sock_ac_close(ssk);
3529 }
3530
3531 release_sock(sk);
3532 return inet6_release(sock);
3533}
3534
e42f1ac6
FW		 3535static const struct proto_ops mptcp_v6_stream_ops = {
3536 .family = PF_INET6,
3537 .owner = THIS_MODULE,
ad98dd37 3538 .release = mptcp6_release,
e42f1ac6
FW		 3539 .bind = mptcp_bind,
3540 .connect = mptcp_stream_connect,
3541 .socketpair = sock_no_socketpair,
3542 .accept = mptcp_stream_accept,
d2f77c53 3543 .getname = inet6_getname,
e42f1ac6
FW		 3544 .poll = mptcp_poll,
3545 .ioctl = inet6_ioctl,
3546 .gettstamp = sock_gettstamp,
3547 .listen = mptcp_listen,
76e2a55d 3548 .shutdown = inet_shutdown,
e42f1ac6
FW		 3549 .setsockopt = sock_common_setsockopt,
3550 .getsockopt = sock_common_getsockopt,
3551 .sendmsg = inet6_sendmsg,
3552 .recvmsg = inet6_recvmsg,
3553 .mmap = sock_no_mmap,
3554 .sendpage = inet_sendpage,
3555#ifdef CONFIG_COMPAT
3986912f 3556 .compat_ioctl = inet6_compat_ioctl,
e42f1ac6
FW		 3557#endif
3558};
3559
f870fa0b
MM		 3560static struct proto mptcp_v6_prot;
3561
79c0949e
PK		 3562static void mptcp_v6_destroy(struct sock *sk)
3563{
3564 mptcp_destroy(sk);
3565 inet6_destroy_sock(sk);
3566}
3567
f870fa0b
MM		 3568static struct inet_protosw mptcp_v6_protosw = {
3569 .type = SOCK_STREAM,
3570 .protocol = IPPROTO_MPTCP,
3571 .prot = &mptcp_v6_prot,
2303f994 3572 .ops = &mptcp_v6_stream_ops,
f870fa0b
MM		 3573 .flags = INET_PROTOSW_ICSK,
3574};
3575
d39dceca 3576int __init mptcp_proto_v6_init(void)
f870fa0b
MM		 3577{
3578 int err;
3579
3580 mptcp_v6_prot = mptcp_prot;
3581 strcpy(mptcp_v6_prot.name, "MPTCPv6");
3582 mptcp_v6_prot.slab = NULL;
79c0949e 3583 mptcp_v6_prot.destroy = mptcp_v6_destroy;
b0519de8 3584 mptcp_v6_prot.obj_size = sizeof(struct mptcp6_sock);
f870fa0b
MM		 3585
3586 err = proto_register(&mptcp_v6_prot, 1);
3587 if (err)
3588 return err;
3589
3590 err = inet6_register_protosw(&mptcp_v6_protosw);
3591 if (err)
3592 proto_unregister(&mptcp_v6_prot);
3593
3594 return err;
3595}
3596#endif
Linux 6.x block layer and io_uring tree(s)