projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
mptcp: add the outgoing RM_ADDR support
[linux-block.git] / net / mptcp / protocol.c
CommitLineData
f870fa0b
MM		 1// SPDX-License-Identifier: GPL-2.0
2/* Multipath TCP
3 *
4 * Copyright (c) 2017 - 2019, Intel Corporation.
5 */
6
7#define pr_fmt(fmt) "MPTCP: " fmt
8
9#include <linux/kernel.h>
10#include <linux/module.h>
11#include <linux/netdevice.h>
7a6a6cbc
PA		 12#include <linux/sched/signal.h>
13#include <linux/atomic.h>
f870fa0b
MM		 14#include <net/sock.h>
15#include <net/inet_common.h>
16#include <net/inet_hashtables.h>
17#include <net/protocol.h>
18#include <net/tcp.h>
3721b9b6 19#include <net/tcp_states.h>
cf7da0d6
PK		 20#if IS_ENABLED(CONFIG_MPTCP_IPV6)
21#include <net/transp_v6.h>
22#endif
f870fa0b
MM		 23#include <net/mptcp.h>
24#include "protocol.h"
fc518953 25#include "mib.h"
f870fa0b 26
b0519de8
FW		 27#if IS_ENABLED(CONFIG_MPTCP_IPV6)
28struct mptcp6_sock {
29 struct mptcp_sock msk;
30 struct ipv6_pinfo np;
31};
32#endif
33
6771bfd9 34struct mptcp_skb_cb {
ab174ad8
PA		 35 u64 map_seq;
36 u64 end_seq;
6771bfd9
FW		 37 u32 offset;
38};
39
40#define MPTCP_SKB_CB(__skb) ((struct mptcp_skb_cb *)&((__skb)->cb[0]))
41
d027236c
PA		 42static struct percpu_counter mptcp_sockets_allocated;
43
2303f994
PK		 44/* If msk has an initial subflow socket, and the MP_CAPABLE handshake has not
45 * completed yet or has failed, return the subflow socket.
46 * Otherwise return NULL.
47 */
48static struct socket *__mptcp_nmpc_socket(const struct mptcp_sock *msk)
49{
d22f4988 50 if (!msk->subflow || READ_ONCE(msk->can_ack))
2303f994
PK		 51 return NULL;
52
53 return msk->subflow;
54}
55
d2f77c53 56static bool mptcp_is_tcpsk(struct sock *sk)
0b4f33de
FW		 57{
58 struct socket *sock = sk->sk_socket;
59
0b4f33de
FW		 60 if (unlikely(sk->sk_prot == &tcp_prot)) {
61 /* we are being invoked after mptcp_accept() has
62 * accepted a non-mp-capable flow: sk is a tcp_sk,
63 * not an mptcp one.
64 *
65 * Hand the socket over to tcp so all further socket ops
66 * bypass mptcp.
67 */
68 sock->ops = &inet_stream_ops;
d2f77c53 69 return true;
0b4f33de
FW		 70#if IS_ENABLED(CONFIG_MPTCP_IPV6)
71 } else if (unlikely(sk->sk_prot == &tcpv6_prot)) {
72 sock->ops = &inet6_stream_ops;
d2f77c53 73 return true;
0b4f33de
FW		 74#endif
75 }
76
d2f77c53 77 return false;
0b4f33de
FW		 78}
79
76660afb 80static struct sock *__mptcp_tcp_fallback(struct mptcp_sock *msk)
cec37a6e 81{
cec37a6e
PK		 82 sock_owned_by_me((const struct sock *)msk);
83
e1ff9e82 84 if (likely(!__mptcp_check_fallback(msk)))
cec37a6e
PK		 85 return NULL;
86
76660afb 87 return msk->first;
cec37a6e
PK		 88}
89
fa68018d 90static int __mptcp_socket_create(struct mptcp_sock *msk)
2303f994
PK		 91{
92 struct mptcp_subflow_context *subflow;
93 struct sock *sk = (struct sock *)msk;
94 struct socket *ssock;
95 int err;
96
2303f994
PK		 97 err = mptcp_subflow_create_socket(sk, &ssock);
98 if (err)
fa68018d 99 return err;
2303f994 100
8ab183de 101 msk->first = ssock->sk;
2303f994
PK		 102 msk->subflow = ssock;
103 subflow = mptcp_subflow_ctx(ssock->sk);
cec37a6e 104 list_add(&subflow->node, &msk->conn_list);
2303f994
PK		 105 subflow->request_mptcp = 1;
106
e1ff9e82
DC		 107 /* accept() will wait on first subflow sk_wq, and we always wakes up
108 * via msk->sk_socket
109 */
110 RCU_INIT_POINTER(msk->first->sk_wq, &sk->sk_socket->wq);
111
fa68018d 112 return 0;
2303f994
PK		 113}
114
ab174ad8
PA		 115static void mptcp_drop(struct sock *sk, struct sk_buff *skb)
116{
117 sk_drops_add(sk, skb);
118 __kfree_skb(skb);
119}
120
8268ed4c
PA		 121static bool mptcp_try_coalesce(struct sock *sk, struct sk_buff *to,
122 struct sk_buff *from)
123{
124 bool fragstolen;
125 int delta;
126
127 if (MPTCP_SKB_CB(from)->offset ||
128 !skb_try_coalesce(to, from, &fragstolen, &delta))
129 return false;
130
06242e44
PA		 131 pr_debug("colesced seq %llx into %llx new len %d new end seq %llx",
132 MPTCP_SKB_CB(from)->map_seq, MPTCP_SKB_CB(to)->map_seq,
133 to->len, MPTCP_SKB_CB(from)->end_seq);
ab174ad8 134 MPTCP_SKB_CB(to)->end_seq = MPTCP_SKB_CB(from)->end_seq;
8268ed4c
PA		 135 kfree_skb_partial(from, fragstolen);
136 atomic_add(delta, &sk->sk_rmem_alloc);
137 sk_mem_charge(sk, delta);
138 return true;
139}
140
ab174ad8
PA		 141static bool mptcp_ooo_try_coalesce(struct mptcp_sock *msk, struct sk_buff *to,
142 struct sk_buff *from)
143{
144 if (MPTCP_SKB_CB(from)->map_seq != MPTCP_SKB_CB(to)->end_seq)
145 return false;
146
147 return mptcp_try_coalesce((struct sock *)msk, to, from);
148}
149
150/* "inspired" by tcp_data_queue_ofo(), main differences:
151 * - use mptcp seqs
152 * - don't cope with sacks
153 */
154static void mptcp_data_queue_ofo(struct mptcp_sock *msk, struct sk_buff *skb)
155{
156 struct sock *sk = (struct sock *)msk;
157 struct rb_node **p, *parent;
158 u64 seq, end_seq, max_seq;
159 struct sk_buff *skb1;
c2ec6bc0 160 int space;
ab174ad8
PA		 161
162 seq = MPTCP_SKB_CB(skb)->map_seq;
163 end_seq = MPTCP_SKB_CB(skb)->end_seq;
c2ec6bc0
YB		 164 space = tcp_space(sk);
165 max_seq = space > 0 ? space + msk->ack_seq : msk->ack_seq;
ab174ad8 166
06242e44
PA		 167 pr_debug("msk=%p seq=%llx limit=%llx empty=%d", msk, seq, max_seq,
168 RB_EMPTY_ROOT(&msk->out_of_order_queue));
ab174ad8
PA		 169 if (after64(seq, max_seq)) {
170 /* out of window */
171 mptcp_drop(sk, skb);
06242e44 172 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_NODSSWINDOW);
ab174ad8
PA		 173 return;
174 }
175
176 p = &msk->out_of_order_queue.rb_node;
06242e44 177 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_OFOQUEUE);
ab174ad8
PA		 178 if (RB_EMPTY_ROOT(&msk->out_of_order_queue)) {
179 rb_link_node(&skb->rbnode, NULL, p);
180 rb_insert_color(&skb->rbnode, &msk->out_of_order_queue);
181 msk->ooo_last_skb = skb;
182 goto end;
183 }
184
185 /* with 2 subflows, adding at end of ooo queue is quite likely
186 * Use of ooo_last_skb avoids the O(Log(N)) rbtree lookup.
187 */
06242e44
PA		 188 if (mptcp_ooo_try_coalesce(msk, msk->ooo_last_skb, skb)) {
189 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_OFOMERGE);
190 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_OFOQUEUETAIL);
ab174ad8 191 return;
06242e44 192 }
ab174ad8
PA		 193
194 /* Can avoid an rbtree lookup if we are adding skb after ooo_last_skb */
195 if (!before64(seq, MPTCP_SKB_CB(msk->ooo_last_skb)->end_seq)) {
06242e44 196 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_OFOQUEUETAIL);
ab174ad8
PA		 197 parent = &msk->ooo_last_skb->rbnode;
198 p = &parent->rb_right;
199 goto insert;
200 }
201
202 /* Find place to insert this segment. Handle overlaps on the way. */
203 parent = NULL;
204 while (*p) {
205 parent = *p;
206 skb1 = rb_to_skb(parent);
207 if (before64(seq, MPTCP_SKB_CB(skb1)->map_seq)) {
208 p = &parent->rb_left;
209 continue;
210 }
211 if (before64(seq, MPTCP_SKB_CB(skb1)->end_seq)) {
212 if (!after64(end_seq, MPTCP_SKB_CB(skb1)->end_seq)) {
213 /* All the bits are present. Drop. */
214 mptcp_drop(sk, skb);
06242e44 215 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_DUPDATA);
ab174ad8
PA		 216 return;
217 }
218 if (after64(seq, MPTCP_SKB_CB(skb1)->map_seq)) {
219 /* partial overlap:
220 * | skb |
221 * | skb1 |
222 * continue traversing
223 */
224 } else {
225 /* skb's seq == skb1's seq and skb covers skb1.
226 * Replace skb1 with skb.
227 */
228 rb_replace_node(&skb1->rbnode, &skb->rbnode,
229 &msk->out_of_order_queue);
230 mptcp_drop(sk, skb1);
06242e44 231 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_DUPDATA);
ab174ad8
PA		 232 goto merge_right;
233 }
234 } else if (mptcp_ooo_try_coalesce(msk, skb1, skb)) {
06242e44 235 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_OFOMERGE);
ab174ad8
PA		 236 return;
237 }
238 p = &parent->rb_right;
239 }
06242e44 240
ab174ad8
PA		 241insert:
242 /* Insert segment into RB tree. */
243 rb_link_node(&skb->rbnode, parent, p);
244 rb_insert_color(&skb->rbnode, &msk->out_of_order_queue);
245
246merge_right:
247 /* Remove other segments covered by skb. */
248 while ((skb1 = skb_rb_next(skb)) != NULL) {
249 if (before64(end_seq, MPTCP_SKB_CB(skb1)->end_seq))
250 break;
251 rb_erase(&skb1->rbnode, &msk->out_of_order_queue);
252 mptcp_drop(sk, skb1);
06242e44 253 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_DUPDATA);
ab174ad8
PA		 254 }
255 /* If there is no skb after us, we are the last_skb ! */
256 if (!skb1)
257 msk->ooo_last_skb = skb;
258
259end:
260 skb_condense(skb);
261 skb_set_owner_r(skb, sk);
262}
263
264static bool __mptcp_move_skb(struct mptcp_sock *msk, struct sock *ssk,
265 struct sk_buff *skb, unsigned int offset,
266 size_t copy_len)
6771bfd9 267{
ab174ad8 268 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk);
6771bfd9 269 struct sock *sk = (struct sock *)msk;
4e637c70 270 struct sk_buff *tail;
6771bfd9
FW		 271
272 __skb_unlink(skb, &ssk->sk_receive_queue);
6771bfd9 273
4e637c70
FW		 274 skb_ext_reset(skb);
275 skb_orphan(skb);
ab174ad8
PA		 276
277 /* the skb map_seq accounts for the skb offset:
278 * mptcp_subflow_get_mapped_dsn() is based on the current tp->copied_seq
279 * value
280 */
281 MPTCP_SKB_CB(skb)->map_seq = mptcp_subflow_get_mapped_dsn(subflow);
282 MPTCP_SKB_CB(skb)->end_seq = MPTCP_SKB_CB(skb)->map_seq + copy_len;
8268ed4c 283 MPTCP_SKB_CB(skb)->offset = offset;
4e637c70 284
ab174ad8
PA		 285 if (MPTCP_SKB_CB(skb)->map_seq == msk->ack_seq) {
286 /* in sequence */
287 msk->ack_seq += copy_len;
288 tail = skb_peek_tail(&sk->sk_receive_queue);
289 if (tail && mptcp_try_coalesce(sk, tail, skb))
290 return true;
4e637c70 291
ab174ad8
PA		 292 skb_set_owner_r(skb, sk);
293 __skb_queue_tail(&sk->sk_receive_queue, skb);
294 return true;
295 } else if (after64(MPTCP_SKB_CB(skb)->map_seq, msk->ack_seq)) {
296 mptcp_data_queue_ofo(msk, skb);
297 return false;
298 }
299
300 /* old data, keep it simple and drop the whole pkt, sender
301 * will retransmit as needed, if needed.
302 */
06242e44 303 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_DUPDATA);
ab174ad8
PA		 304 mptcp_drop(sk, skb);
305 return false;
6771bfd9
FW		 306}
307
16a9a9da
MM		 308static void mptcp_stop_timer(struct sock *sk)
309{
310 struct inet_connection_sock *icsk = inet_csk(sk);
311
312 sk_stop_timer(sk, &icsk->icsk_retransmit_timer);
313 mptcp_sk(sk)->timer_ival = 0;
314}
315
16a9a9da
MM		 316static void mptcp_check_data_fin_ack(struct sock *sk)
317{
318 struct mptcp_sock *msk = mptcp_sk(sk);
319
320 if (__mptcp_check_fallback(msk))
321 return;
322
323 /* Look for an acknowledged DATA_FIN */
324 if (((1 << sk->sk_state) &
325 (TCPF_FIN_WAIT1 | TCPF_CLOSING | TCPF_LAST_ACK)) &&
326 msk->write_seq == atomic64_read(&msk->snd_una)) {
327 mptcp_stop_timer(sk);
328
329 WRITE_ONCE(msk->snd_data_fin_enable, 0);
330
331 switch (sk->sk_state) {
332 case TCP_FIN_WAIT1:
333 inet_sk_state_store(sk, TCP_FIN_WAIT2);
334 sk->sk_state_change(sk);
335 break;
336 case TCP_CLOSING:
16a9a9da
MM		 337 case TCP_LAST_ACK:
338 inet_sk_state_store(sk, TCP_CLOSE);
339 sk->sk_state_change(sk);
340 break;
341 }
342
343 if (sk->sk_shutdown == SHUTDOWN_MASK ||
344 sk->sk_state == TCP_CLOSE)
345 sk_wake_async(sk, SOCK_WAKE_WAITD, POLL_HUP);
346 else
347 sk_wake_async(sk, SOCK_WAKE_WAITD, POLL_IN);
348 }
349}
350
3721b9b6
MM		 351static bool mptcp_pending_data_fin(struct sock *sk, u64 *seq)
352{
353 struct mptcp_sock *msk = mptcp_sk(sk);
354
355 if (READ_ONCE(msk->rcv_data_fin) &&
356 ((1 << sk->sk_state) &
357 (TCPF_ESTABLISHED | TCPF_FIN_WAIT1 | TCPF_FIN_WAIT2))) {
358 u64 rcv_data_fin_seq = READ_ONCE(msk->rcv_data_fin_seq);
359
360 if (msk->ack_seq == rcv_data_fin_seq) {
361 if (seq)
362 *seq = rcv_data_fin_seq;
363
364 return true;
365 }
366 }
367
368 return false;
369}
370
371static void mptcp_set_timeout(const struct sock *sk, const struct sock *ssk)
372{
373 long tout = ssk && inet_csk(ssk)->icsk_pending ?
374 inet_csk(ssk)->icsk_timeout - jiffies : 0;
375
376 if (tout <= 0)
377 tout = mptcp_sk(sk)->timer_ival;
378 mptcp_sk(sk)->timer_ival = tout > 0 ? tout : TCP_RTO_MIN;
379}
380
381static void mptcp_check_data_fin(struct sock *sk)
382{
383 struct mptcp_sock *msk = mptcp_sk(sk);
384 u64 rcv_data_fin_seq;
385
386 if (__mptcp_check_fallback(msk) || !msk->first)
387 return;
388
389 /* Need to ack a DATA_FIN received from a peer while this side
390 * of the connection is in ESTABLISHED, FIN_WAIT1, or FIN_WAIT2.
391 * msk->rcv_data_fin was set when parsing the incoming options
392 * at the subflow level and the msk lock was not held, so this
393 * is the first opportunity to act on the DATA_FIN and change
394 * the msk state.
395 *
396 * If we are caught up to the sequence number of the incoming
397 * DATA_FIN, send the DATA_ACK now and do state transition. If
398 * not caught up, do nothing and let the recv code send DATA_ACK
399 * when catching up.
400 */
401
402 if (mptcp_pending_data_fin(sk, &rcv_data_fin_seq)) {
403 struct mptcp_subflow_context *subflow;
404
405 msk->ack_seq++;
406 WRITE_ONCE(msk->rcv_data_fin, 0);
407
408 sk->sk_shutdown |= RCV_SHUTDOWN;
16a9a9da
MM		 409 smp_mb__before_atomic(); /* SHUTDOWN must be visible first */
410 set_bit(MPTCP_DATA_READY, &msk->flags);
3721b9b6
MM		 411
412 switch (sk->sk_state) {
413 case TCP_ESTABLISHED:
414 inet_sk_state_store(sk, TCP_CLOSE_WAIT);
415 break;
416 case TCP_FIN_WAIT1:
417 inet_sk_state_store(sk, TCP_CLOSING);
418 break;
419 case TCP_FIN_WAIT2:
420 inet_sk_state_store(sk, TCP_CLOSE);
421 // @@ Close subflows now?
422 break;
423 default:
424 /* Other states not expected */
425 WARN_ON_ONCE(1);
426 break;
427 }
428
429 mptcp_set_timeout(sk, NULL);
430 mptcp_for_each_subflow(msk, subflow) {
431 struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
432
433 lock_sock(ssk);
434 tcp_send_ack(ssk);
435 release_sock(ssk);
436 }
437
438 sk->sk_state_change(sk);
439
440 if (sk->sk_shutdown == SHUTDOWN_MASK ||
441 sk->sk_state == TCP_CLOSE)
442 sk_wake_async(sk, SOCK_WAKE_WAITD, POLL_HUP);
443 else
444 sk_wake_async(sk, SOCK_WAKE_WAITD, POLL_IN);
445 }
446}
447
6771bfd9
FW		 448static bool __mptcp_move_skbs_from_subflow(struct mptcp_sock *msk,
449 struct sock *ssk,
450 unsigned int *bytes)
451{
452 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk);
600911ff 453 struct sock *sk = (struct sock *)msk;
6771bfd9
FW		 454 unsigned int moved = 0;
455 bool more_data_avail;
456 struct tcp_sock *tp;
457 bool done = false;
600911ff 458
ab174ad8 459 pr_debug("msk=%p ssk=%p", msk, ssk);
6771bfd9
FW		 460 tp = tcp_sk(ssk);
461 do {
462 u32 map_remaining, offset;
463 u32 seq = tp->copied_seq;
464 struct sk_buff *skb;
465 bool fin;
466
467 /* try to move as much data as available */
468 map_remaining = subflow->map_data_len -
469 mptcp_subflow_get_map_offset(subflow);
470
471 skb = skb_peek(&ssk->sk_receive_queue);
472 if (!skb)
473 break;
474
e1ff9e82
DC		 475 if (__mptcp_check_fallback(msk)) {
476 /* if we are running under the workqueue, TCP could have
477 * collapsed skbs between dummy map creation and now
478 * be sure to adjust the size
479 */
480 map_remaining = skb->len;
481 subflow->map_data_len = skb->len;
482 }
483
6771bfd9
FW		 484 offset = seq - TCP_SKB_CB(skb)->seq;
485 fin = TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN;
486 if (fin) {
487 done = true;
488 seq++;
489 }
490
491 if (offset < skb->len) {
492 size_t len = skb->len - offset;
493
494 if (tp->urg_data)
495 done = true;
496
ab174ad8
PA		 497 if (__mptcp_move_skb(msk, ssk, skb, offset, len))
498 moved += len;
6771bfd9 499 seq += len;
6771bfd9
FW		 500
501 if (WARN_ON_ONCE(map_remaining < len))
502 break;
503 } else {
504 WARN_ON_ONCE(!fin);
505 sk_eat_skb(ssk, skb);
506 done = true;
507 }
508
509 WRITE_ONCE(tp->copied_seq, seq);
510 more_data_avail = mptcp_subflow_data_available(ssk);
600911ff
FW		 511
512 if (atomic_read(&sk->sk_rmem_alloc) > READ_ONCE(sk->sk_rcvbuf)) {
513 done = true;
514 break;
515 }
6771bfd9
FW		 516 } while (more_data_avail);
517
6719331c 518 *bytes += moved;
c76c6956
PA		 519 if (moved)
520 tcp_cleanup_rbuf(ssk, moved);
6771bfd9
FW		 521
522 return done;
523}
524
ab174ad8
PA		 525static bool mptcp_ofo_queue(struct mptcp_sock *msk)
526{
527 struct sock *sk = (struct sock *)msk;
528 struct sk_buff *skb, *tail;
529 bool moved = false;
530 struct rb_node *p;
531 u64 end_seq;
532
533 p = rb_first(&msk->out_of_order_queue);
06242e44 534 pr_debug("msk=%p empty=%d", msk, RB_EMPTY_ROOT(&msk->out_of_order_queue));
ab174ad8
PA		 535 while (p) {
536 skb = rb_to_skb(p);
537 if (after64(MPTCP_SKB_CB(skb)->map_seq, msk->ack_seq))
538 break;
539
540 p = rb_next(p);
541 rb_erase(&skb->rbnode, &msk->out_of_order_queue);
542
543 if (unlikely(!after64(MPTCP_SKB_CB(skb)->end_seq,
544 msk->ack_seq))) {
545 mptcp_drop(sk, skb);
06242e44 546 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_DUPDATA);
ab174ad8
PA		 547 continue;
548 }
549
550 end_seq = MPTCP_SKB_CB(skb)->end_seq;
551 tail = skb_peek_tail(&sk->sk_receive_queue);
552 if (!tail || !mptcp_ooo_try_coalesce(msk, tail, skb)) {
553 int delta = msk->ack_seq - MPTCP_SKB_CB(skb)->map_seq;
554
555 /* skip overlapping data, if any */
06242e44
PA		 556 pr_debug("uncoalesced seq=%llx ack seq=%llx delta=%d",
557 MPTCP_SKB_CB(skb)->map_seq, msk->ack_seq,
558 delta);
ab174ad8
PA		 559 MPTCP_SKB_CB(skb)->offset += delta;
560 __skb_queue_tail(&sk->sk_receive_queue, skb);
561 }
562 msk->ack_seq = end_seq;
563 moved = true;
564 }
565 return moved;
566}
567
2e52213c
FW		 568/* In most cases we will be able to lock the mptcp socket. If its already
569 * owned, we need to defer to the work queue to avoid ABBA deadlock.
570 */
571static bool move_skbs_to_msk(struct mptcp_sock *msk, struct sock *ssk)
572{
573 struct sock *sk = (struct sock *)msk;
574 unsigned int moved = 0;
575
576 if (READ_ONCE(sk->sk_lock.owned))
577 return false;
578
579 if (unlikely(!spin_trylock_bh(&sk->sk_lock.slock)))
580 return false;
581
582 /* must re-check after taking the lock */
ab174ad8 583 if (!READ_ONCE(sk->sk_lock.owned)) {
2e52213c 584 __mptcp_move_skbs_from_subflow(msk, ssk, &moved);
ab174ad8
PA		 585 mptcp_ofo_queue(msk);
586
587 /* If the moves have caught up with the DATA_FIN sequence number
588 * it's time to ack the DATA_FIN and change socket state, but
589 * this is not a good place to change state. Let the workqueue
590 * do it.
591 */
592 if (mptcp_pending_data_fin(sk, NULL) &&
593 schedule_work(&msk->work))
594 sock_hold(sk);
595 }
2e52213c
FW		 596
597 spin_unlock_bh(&sk->sk_lock.slock);
598
599 return moved > 0;
600}
601
602void mptcp_data_ready(struct sock *sk, struct sock *ssk)
101f6f85 603{
6719331c 604 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk);
101f6f85 605 struct mptcp_sock *msk = mptcp_sk(sk);
6719331c 606 bool wake;
101f6f85 607
6719331c
PA		 608 /* move_skbs_to_msk below can legitly clear the data_avail flag,
609 * but we will need later to properly woke the reader, cache its
610 * value
611 */
612 wake = subflow->data_avail == MPTCP_SUBFLOW_DATA_AVAIL;
613 if (wake)
614 set_bit(MPTCP_DATA_READY, &msk->flags);
6771bfd9 615
2e52213c
FW		 616 if (atomic_read(&sk->sk_rmem_alloc) < READ_ONCE(sk->sk_rcvbuf) &&
617 move_skbs_to_msk(msk, ssk))
618 goto wake;
619
600911ff
FW		 620 /* don't schedule if mptcp sk is (still) over limit */
621 if (atomic_read(&sk->sk_rmem_alloc) > READ_ONCE(sk->sk_rcvbuf))
622 goto wake;
623
14c441b5
PA		 624 /* mptcp socket is owned, release_cb should retry */
625 if (!test_and_set_bit(TCP_DELACK_TIMER_DEFERRED,
626 &sk->sk_tsq_flags)) {
627 sock_hold(sk);
6771bfd9 628
14c441b5
PA		 629 /* need to try again, its possible release_cb() has already
630 * been called after the test_and_set_bit() above.
631 */
632 move_skbs_to_msk(msk, ssk);
633 }
600911ff 634wake:
6719331c
PA		 635 if (wake)
636 sk->sk_data_ready(sk);
101f6f85
FW		 637}
638
ec3edaa7
PK		 639static void __mptcp_flush_join_list(struct mptcp_sock *msk)
640{
641 if (likely(list_empty(&msk->join_list)))
642 return;
643
644 spin_lock_bh(&msk->join_list_lock);
645 list_splice_tail_init(&msk->join_list, &msk->conn_list);
646 spin_unlock_bh(&msk->join_list_lock);
647}
648
b51f9b80
PA		 649static bool mptcp_timer_pending(struct sock *sk)
650{
651 return timer_pending(&inet_csk(sk)->icsk_retransmit_timer);
652}
653
654static void mptcp_reset_timer(struct sock *sk)
655{
656 struct inet_connection_sock *icsk = inet_csk(sk);
657 unsigned long tout;
658
659 /* should never be called with mptcp level timer cleared */
660 tout = READ_ONCE(mptcp_sk(sk)->timer_ival);
661 if (WARN_ON_ONCE(!tout))
662 tout = TCP_RTO_MIN;
663 sk_reset_timer(sk, &icsk->icsk_retransmit_timer, jiffies + tout);
664}
665
666void mptcp_data_acked(struct sock *sk)
667{
668 mptcp_reset_timer(sk);
3b1d6210 669
63561a40 670 if ((!test_bit(MPTCP_SEND_SPACE, &mptcp_sk(sk)->flags) ||
43b54c6e 671 (inet_sk_state_load(sk) != TCP_ESTABLISHED)) &&
3b1d6210
PA		 672 schedule_work(&mptcp_sk(sk)->work))
673 sock_hold(sk);
b51f9b80
PA		 674}
675
59832e24
FW		 676void mptcp_subflow_eof(struct sock *sk)
677{
678 struct mptcp_sock *msk = mptcp_sk(sk);
679
680 if (!test_and_set_bit(MPTCP_WORK_EOF, &msk->flags) &&
681 schedule_work(&msk->work))
682 sock_hold(sk);
683}
684
5969856a
PA		 685static void mptcp_check_for_eof(struct mptcp_sock *msk)
686{
687 struct mptcp_subflow_context *subflow;
688 struct sock *sk = (struct sock *)msk;
689 int receivers = 0;
690
691 mptcp_for_each_subflow(msk, subflow)
692 receivers += !subflow->rx_eof;
693
694 if (!receivers && !(sk->sk_shutdown & RCV_SHUTDOWN)) {
695 /* hopefully temporary hack: propagate shutdown status
696 * to msk, when all subflows agree on it
697 */
698 sk->sk_shutdown |= RCV_SHUTDOWN;
699
700 smp_mb__before_atomic(); /* SHUTDOWN must be visible first */
701 set_bit(MPTCP_DATA_READY, &msk->flags);
702 sk->sk_data_ready(sk);
703 }
704}
705
6d0060f6
MM		 706static bool mptcp_ext_cache_refill(struct mptcp_sock *msk)
707{
4930f483
FW		 708 const struct sock *sk = (const struct sock *)msk;
709
6d0060f6 710 if (!msk->cached_ext)
4930f483 711 msk->cached_ext = __skb_ext_alloc(sk->sk_allocation);
6d0060f6
MM		 712
713 return !!msk->cached_ext;
714}
715
7a6a6cbc
PA		 716static struct sock *mptcp_subflow_recv_lookup(const struct mptcp_sock *msk)
717{
718 struct mptcp_subflow_context *subflow;
719 struct sock *sk = (struct sock *)msk;
720
721 sock_owned_by_me(sk);
722
723 mptcp_for_each_subflow(msk, subflow) {
724 if (subflow->data_avail)
725 return mptcp_subflow_tcp_sock(subflow);
726 }
727
728 return NULL;
729}
730
3f8e0aae
PA		 731static bool mptcp_skb_can_collapse_to(u64 write_seq,
732 const struct sk_buff *skb,
733 const struct mptcp_ext *mpext)
57040755
PA		 734{
735 if (!tcp_skb_can_collapse_to(skb))
736 return false;
737
738 /* can collapse only if MPTCP level sequence is in order */
3f8e0aae 739 return mpext && mpext->data_seq + mpext->data_len == write_seq;
57040755
PA		 740}
741
18b683bf
PA		 742static bool mptcp_frag_can_collapse_to(const struct mptcp_sock *msk,
743 const struct page_frag *pfrag,
744 const struct mptcp_data_frag *df)
745{
746 return df && pfrag->page == df->page &&
747 df->data_seq + df->data_len == msk->write_seq;
748}
749
d027236c
PA		 750static void dfrag_uncharge(struct sock *sk, int len)
751{
752 sk_mem_uncharge(sk, len);
7948f6cc 753 sk_wmem_queued_add(sk, -len);
d027236c
PA		 754}
755
756static void dfrag_clear(struct sock *sk, struct mptcp_data_frag *dfrag)
18b683bf 757{
d027236c
PA		 758 int len = dfrag->data_len + dfrag->overhead;
759
18b683bf 760 list_del(&dfrag->list);
d027236c 761 dfrag_uncharge(sk, len);
18b683bf
PA		 762 put_page(dfrag->page);
763}
764
63561a40
PA		 765static bool mptcp_is_writeable(struct mptcp_sock *msk)
766{
767 struct mptcp_subflow_context *subflow;
768
769 if (!sk_stream_is_writeable((struct sock *)msk))
770 return false;
771
772 mptcp_for_each_subflow(msk, subflow) {
773 if (sk_stream_is_writeable(subflow->tcp_sock))
774 return true;
775 }
776 return false;
777}
778
18b683bf
PA		 779static void mptcp_clean_una(struct sock *sk)
780{
781 struct mptcp_sock *msk = mptcp_sk(sk);
782 struct mptcp_data_frag *dtmp, *dfrag;
d027236c 783 bool cleaned = false;
e1ff9e82
DC		 784 u64 snd_una;
785
786 /* on fallback we just need to ignore snd_una, as this is really
787 * plain TCP
788 */
789 if (__mptcp_check_fallback(msk))
790 atomic64_set(&msk->snd_una, msk->write_seq);
791 snd_una = atomic64_read(&msk->snd_una);
18b683bf
PA		 792
793 list_for_each_entry_safe(dfrag, dtmp, &msk->rtx_queue, list) {
794 if (after64(dfrag->data_seq + dfrag->data_len, snd_una))
795 break;
796
d027236c
PA		 797 dfrag_clear(sk, dfrag);
798 cleaned = true;
799 }
800
7948f6cc
FW		 801 dfrag = mptcp_rtx_head(sk);
802 if (dfrag && after64(snd_una, dfrag->data_seq)) {
53eb4c38
PA		 803 u64 delta = snd_una - dfrag->data_seq;
804
805 if (WARN_ON_ONCE(delta > dfrag->data_len))
806 goto out;
7948f6cc
FW		 807
808 dfrag->data_seq += delta;
53eb4c38 809 dfrag->offset += delta;
7948f6cc
FW		 810 dfrag->data_len -= delta;
811
812 dfrag_uncharge(sk, delta);
813 cleaned = true;
814 }
815
53eb4c38 816out:
d027236c
PA		 817 if (cleaned) {
818 sk_mem_reclaim_partial(sk);
7948f6cc
FW		 819
820 /* Only wake up writers if a subflow is ready */
63561a40
PA		 821 if (mptcp_is_writeable(msk)) {
822 set_bit(MPTCP_SEND_SPACE, &mptcp_sk(sk)->flags);
823 smp_mb__after_atomic();
824
825 /* set SEND_SPACE before sk_stream_write_space clears
826 * NOSPACE
827 */
7948f6cc 828 sk_stream_write_space(sk);
63561a40 829 }
18b683bf
PA		 830 }
831}
832
833/* ensure we get enough memory for the frag hdr, beyond some minimal amount of
834 * data
835 */
836static bool mptcp_page_frag_refill(struct sock *sk, struct page_frag *pfrag)
837{
838 if (likely(skb_page_frag_refill(32U + sizeof(struct mptcp_data_frag),
839 pfrag, sk->sk_allocation)))
840 return true;
841
842 sk->sk_prot->enter_memory_pressure(sk);
843 sk_stream_moderate_sndbuf(sk);
844 return false;
845}
846
847static struct mptcp_data_frag *
848mptcp_carve_data_frag(const struct mptcp_sock *msk, struct page_frag *pfrag,
849 int orig_offset)
850{
851 int offset = ALIGN(orig_offset, sizeof(long));
852 struct mptcp_data_frag *dfrag;
853
854 dfrag = (struct mptcp_data_frag *)(page_to_virt(pfrag->page) + offset);
855 dfrag->data_len = 0;
856 dfrag->data_seq = msk->write_seq;
857 dfrag->overhead = offset - orig_offset + sizeof(struct mptcp_data_frag);
858 dfrag->offset = offset + sizeof(struct mptcp_data_frag);
859 dfrag->page = pfrag->page;
860
861 return dfrag;
862}
863
6d0060f6 864static int mptcp_sendmsg_frag(struct sock *sk, struct sock *ssk,
3f8e0aae
PA		 865 struct msghdr *msg, struct mptcp_data_frag *dfrag,
866 long *timeo, int *pmss_now,
57040755 867 int *ps_goal)
6d0060f6 868{
18b683bf
PA		 869 int mss_now, avail_size, size_goal, offset, ret, frag_truesize = 0;
870 bool dfrag_collapsed, can_collapse = false;
6d0060f6
MM		 871 struct mptcp_sock *msk = mptcp_sk(sk);
872 struct mptcp_ext *mpext = NULL;
3f8e0aae 873 bool retransmission = !!dfrag;
57040755 874 struct sk_buff *skb, *tail;
6d0060f6 875 struct page_frag *pfrag;
3f8e0aae
PA		 876 struct page *page;
877 u64 *write_seq;
6d0060f6
MM		 878 size_t psize;
879
880 /* use the mptcp page cache so that we can easily move the data
881 * from one substream to another, but do per subflow memory accounting
3f8e0aae
PA		 882 * Note: pfrag is used only !retransmission, but the compiler if
883 * fooled into a warning if we don't init here
6d0060f6
MM		 884 */
885 pfrag = sk_page_frag(sk);
3f8e0aae
PA		 886 if (!retransmission) {
887 write_seq = &msk->write_seq;
888 page = pfrag->page;
889 } else {
890 write_seq = &dfrag->data_seq;
891 page = dfrag->page;
892 }
6d0060f6
MM		 893
894 /* compute copy limit */
895 mss_now = tcp_send_mss(ssk, &size_goal, msg->msg_flags);
57040755
PA		 896 *pmss_now = mss_now;
897 *ps_goal = size_goal;
898 avail_size = size_goal;
899 skb = tcp_write_queue_tail(ssk);
900 if (skb) {
901 mpext = skb_ext_find(skb, SKB_EXT_MPTCP);
902
903 /* Limit the write to the size available in the
904 * current skb, if any, so that we create at most a new skb.
905 * Explicitly tells TCP internals to avoid collapsing on later
906 * queue management operation, to avoid breaking the ext <->
907 * SSN association set here
908 */
909 can_collapse = (size_goal - skb->len > 0) &&
3f8e0aae 910 mptcp_skb_can_collapse_to(*write_seq, skb, mpext);
57040755
PA		 911 if (!can_collapse)
912 TCP_SKB_CB(skb)->eor = 1;
913 else
914 avail_size = size_goal - skb->len;
915 }
18b683bf 916
3f8e0aae
PA		 917 if (!retransmission) {
918 /* reuse tail pfrag, if possible, or carve a new one from the
919 * page allocator
920 */
921 dfrag = mptcp_rtx_tail(sk);
922 offset = pfrag->offset;
923 dfrag_collapsed = mptcp_frag_can_collapse_to(msk, pfrag, dfrag);
924 if (!dfrag_collapsed) {
925 dfrag = mptcp_carve_data_frag(msk, pfrag, offset);
926 offset = dfrag->offset;
927 frag_truesize = dfrag->overhead;
928 }
929 psize = min_t(size_t, pfrag->size - offset, avail_size);
930
931 /* Copy to page */
932 pr_debug("left=%zu", msg_data_left(msg));
933 psize = copy_page_from_iter(pfrag->page, offset,
934 min_t(size_t, msg_data_left(msg),
935 psize),
936 &msg->msg_iter);
937 pr_debug("left=%zu", msg_data_left(msg));
938 if (!psize)
939 return -EINVAL;
940
35759383
FW		 941 if (!sk_wmem_schedule(sk, psize + dfrag->overhead)) {
942 iov_iter_revert(&msg->msg_iter, psize);
3f8e0aae 943 return -ENOMEM;
35759383 944 }
3f8e0aae 945 } else {
18b683bf 946 offset = dfrag->offset;
3f8e0aae 947 psize = min_t(size_t, dfrag->data_len, avail_size);
18b683bf 948 }
d027236c 949
57040755
PA		 950 /* tell the TCP stack to delay the push so that we can safely
951 * access the skb after the sendpages call
6d0060f6 952 */
3f8e0aae 953 ret = do_tcp_sendpages(ssk, page, offset, psize,
72511aab 954 msg->msg_flags | MSG_SENDPAGE_NOTLAST | MSG_DONTWAIT);
35759383 955 if (ret <= 0) {
b3b2854d
FW		 956 if (!retransmission)
957 iov_iter_revert(&msg->msg_iter, psize);
6d0060f6 958 return ret;
35759383 959 }
18b683bf
PA		 960
961 frag_truesize += ret;
3f8e0aae
PA		 962 if (!retransmission) {
963 if (unlikely(ret < psize))
964 iov_iter_revert(&msg->msg_iter, psize - ret);
6d0060f6 965
3f8e0aae
PA		 966 /* send successful, keep track of sent data for mptcp-level
967 * retransmission
968 */
969 dfrag->data_len += ret;
970 if (!dfrag_collapsed) {
971 get_page(dfrag->page);
972 list_add_tail(&dfrag->list, &msk->rtx_queue);
973 sk_wmem_queued_add(sk, frag_truesize);
974 } else {
975 sk_wmem_queued_add(sk, ret);
976 }
18b683bf 977
3f8e0aae
PA		 978 /* charge data on mptcp rtx queue to the master socket
979 * Note: we charge such data both to sk and ssk
980 */
981 sk->sk_forward_alloc -= frag_truesize;
982 }
d027236c 983
57040755
PA		 984 /* if the tail skb extension is still the cached one, collapsing
985 * really happened. Note: we can't check for 'same skb' as the sk_buff
986 * hdr on tail can be transmitted, freed and re-allocated by the
987 * do_tcp_sendpages() call
988 */
989 tail = tcp_write_queue_tail(ssk);
990 if (mpext && tail && mpext == skb_ext_find(tail, SKB_EXT_MPTCP)) {
991 WARN_ON_ONCE(!can_collapse);
992 mpext->data_len += ret;
993 goto out;
994 }
995
6d0060f6
MM		 996 skb = tcp_write_queue_tail(ssk);
997 mpext = __skb_ext_set(skb, SKB_EXT_MPTCP, msk->cached_ext);
998 msk->cached_ext = NULL;
999
1000 memset(mpext, 0, sizeof(*mpext));
3f8e0aae 1001 mpext->data_seq = *write_seq;
6d0060f6
MM		 1002 mpext->subflow_seq = mptcp_subflow_ctx(ssk)->rel_write_seq;
1003 mpext->data_len = ret;
1004 mpext->use_map = 1;
1005 mpext->dsn64 = 1;
1006
1007 pr_debug("data_seq=%llu subflow_seq=%u data_len=%u dsn64=%d",
1008 mpext->data_seq, mpext->subflow_seq, mpext->data_len,
1009 mpext->dsn64);
1010
57040755 1011out:
3f8e0aae
PA		 1012 if (!retransmission)
1013 pfrag->offset += frag_truesize;
721e9089 1014 WRITE_ONCE(*write_seq, *write_seq + ret);
6d0060f6
MM		 1015 mptcp_subflow_ctx(ssk)->rel_write_seq += ret;
1016
6d0060f6
MM		 1017 return ret;
1018}
1019
63561a40 1020static void mptcp_nospace(struct mptcp_sock *msk)
a0e17064 1021{
63561a40
PA		 1022 struct mptcp_subflow_context *subflow;
1023
a0e17064
FW		 1024 clear_bit(MPTCP_SEND_SPACE, &msk->flags);
1025 smp_mb__after_atomic(); /* msk->flags is changed by write_space cb */
1026
63561a40
PA		 1027 mptcp_for_each_subflow(msk, subflow) {
1028 struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
1029 struct socket *sock = READ_ONCE(ssk->sk_socket);
1030
1031 /* enables ssk->write_space() callbacks */
1032 if (sock)
1033 set_bit(SOCK_NOSPACE, &sock->flags);
1034 }
a0e17064
FW		 1035}
1036
d5f49190
PA		 1037static bool mptcp_subflow_active(struct mptcp_subflow_context *subflow)
1038{
1039 struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
1040
1041 /* can't send if JOIN hasn't completed yet (i.e. is usable for mptcp) */
1042 if (subflow->request_join && !subflow->fully_established)
1043 return false;
1044
1045 /* only send if our side has not closed yet */
1046 return ((1 << ssk->sk_state) & (TCPF_ESTABLISHED | TCPF_CLOSE_WAIT));
1047}
1048
1049#define MPTCP_SEND_BURST_SIZE ((1 << 16) - \
1050 sizeof(struct tcphdr) - \
1051 MAX_TCP_OPTION_SPACE - \
1052 sizeof(struct ipv6hdr) - \
1053 sizeof(struct frag_hdr))
1054
1055struct subflow_send_info {
1056 struct sock *ssk;
1057 u64 ratio;
1058};
1059
da51aef5
PA		 1060static struct sock *mptcp_subflow_get_send(struct mptcp_sock *msk,
1061 u32 *sndbuf)
f296234c 1062{
d5f49190 1063 struct subflow_send_info send_info[2];
f296234c 1064 struct mptcp_subflow_context *subflow;
d5f49190
PA		 1065 int i, nr_active = 0;
1066 struct sock *ssk;
1067 u64 ratio;
1068 u32 pace;
f296234c 1069
d5f49190 1070 sock_owned_by_me((struct sock *)msk);
f296234c 1071
da51aef5 1072 *sndbuf = 0;
149f7c71
FW		 1073 if (!mptcp_ext_cache_refill(msk))
1074 return NULL;
1075
d5f49190
PA		 1076 if (__mptcp_check_fallback(msk)) {
1077 if (!msk->first)
f296234c 1078 return NULL;
d5f49190
PA		 1079 *sndbuf = msk->first->sk_sndbuf;
1080 return sk_stream_memory_free(msk->first) ? msk->first : NULL;
1081 }
1082
1083 /* re-use last subflow, if the burst allow that */
1084 if (msk->last_snd && msk->snd_burst > 0 &&
1085 sk_stream_memory_free(msk->last_snd) &&
1086 mptcp_subflow_active(mptcp_subflow_ctx(msk->last_snd))) {
1087 mptcp_for_each_subflow(msk, subflow) {
1088 ssk = mptcp_subflow_tcp_sock(subflow);
1089 *sndbuf = max(tcp_sk(ssk)->snd_wnd, *sndbuf);
f296234c 1090 }
d5f49190
PA		 1091 return msk->last_snd;
1092 }
f296234c 1093
d5f49190
PA		 1094 /* pick the subflow with the lower wmem/wspace ratio */
1095 for (i = 0; i < 2; ++i) {
1096 send_info[i].ssk = NULL;
1097 send_info[i].ratio = -1;
1098 }
1099 mptcp_for_each_subflow(msk, subflow) {
1100 ssk = mptcp_subflow_tcp_sock(subflow);
1101 if (!mptcp_subflow_active(subflow))
1102 continue;
1103
1104 nr_active += !subflow->backup;
da51aef5 1105 *sndbuf = max(tcp_sk(ssk)->snd_wnd, *sndbuf);
d5f49190
PA		 1106 if (!sk_stream_memory_free(subflow->tcp_sock))
1107 continue;
f296234c 1108
d5f49190
PA		 1109 pace = READ_ONCE(ssk->sk_pacing_rate);
1110 if (!pace)
f296234c 1111 continue;
f296234c 1112
d5f49190
PA		 1113 ratio = div_u64((u64)READ_ONCE(ssk->sk_wmem_queued) << 32,
1114 pace);
1115 if (ratio < send_info[subflow->backup].ratio) {
1116 send_info[subflow->backup].ssk = ssk;
1117 send_info[subflow->backup].ratio = ratio;
1118 }
f296234c
PK		 1119 }
1120
d5f49190
PA		 1121 pr_debug("msk=%p nr_active=%d ssk=%p:%lld backup=%p:%lld",
1122 msk, nr_active, send_info[0].ssk, send_info[0].ratio,
1123 send_info[1].ssk, send_info[1].ratio);
1124
1125 /* pick the best backup if no other subflow is active */
1126 if (!nr_active)
1127 send_info[0].ssk = send_info[1].ssk;
1128
1129 if (send_info[0].ssk) {
1130 msk->last_snd = send_info[0].ssk;
1131 msk->snd_burst = min_t(int, MPTCP_SEND_BURST_SIZE,
1132 sk_stream_wspace(msk->last_snd));
1133 return msk->last_snd;
1134 }
1135 return NULL;
f296234c
PK		 1136}
1137
63561a40 1138static void ssk_check_wmem(struct mptcp_sock *msk)
1891c4a0 1139{
63561a40
PA		 1140 if (unlikely(!mptcp_is_writeable(msk)))
1141 mptcp_nospace(msk);
1891c4a0
FW		 1142}
1143
f870fa0b
MM		 1144static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
1145{
57040755 1146 int mss_now = 0, size_goal = 0, ret = 0;
f870fa0b 1147 struct mptcp_sock *msk = mptcp_sk(sk);
17091708 1148 struct page_frag *pfrag;
6d0060f6 1149 size_t copied = 0;
cec37a6e 1150 struct sock *ssk;
da51aef5 1151 u32 sndbuf;
72511aab 1152 bool tx_ok;
6d0060f6 1153 long timeo;
f870fa0b
MM		 1154
1155 if (msg->msg_flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL))
1156 return -EOPNOTSUPP;
1157
cec37a6e 1158 lock_sock(sk);
1954b860
MM		 1159
1160 timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
1161
1162 if ((1 << sk->sk_state) & ~(TCPF_ESTABLISHED | TCPF_CLOSE_WAIT)) {
1163 ret = sk_stream_wait_connect(sk, &timeo);
1164 if (ret)
1165 goto out;
1166 }
1167
17091708 1168 pfrag = sk_page_frag(sk);
72511aab 1169restart:
18b683bf
PA		 1170 mptcp_clean_una(sk);
1171
57baaf28
MM		 1172 if (sk->sk_err || (sk->sk_shutdown & SEND_SHUTDOWN)) {
1173 ret = -EPIPE;
1174 goto out;
1175 }
1176
ec3edaa7 1177 __mptcp_flush_join_list(msk);
da51aef5 1178 ssk = mptcp_subflow_get_send(msk, &sndbuf);
17091708
FW		 1179 while (!sk_stream_memory_free(sk) ||
1180 !ssk ||
1181 !mptcp_page_frag_refill(ssk, pfrag)) {
fb529e62
FW		 1182 if (ssk) {
1183 /* make sure retransmit timer is
1184 * running before we wait for memory.
1185 *
1186 * The retransmit timer might be needed
1187 * to make the peer send an up-to-date
1188 * MPTCP Ack.
1189 */
1190 mptcp_set_timeout(sk, ssk);
1191 if (!mptcp_timer_pending(sk))
1192 mptcp_reset_timer(sk);
1193 }
1194
63561a40 1195 mptcp_nospace(msk);
f296234c
PK		 1196 ret = sk_stream_wait_memory(sk, &timeo);
1197 if (ret)
1198 goto out;
1199
18b683bf
PA		 1200 mptcp_clean_una(sk);
1201
da51aef5 1202 ssk = mptcp_subflow_get_send(msk, &sndbuf);
f296234c
PK		 1203 if (list_empty(&msk->conn_list)) {
1204 ret = -ENOTCONN;
1205 goto out;
1206 }
cec37a6e
PK		 1207 }
1208
da51aef5
PA		 1209 /* do auto tuning */
1210 if (!(sk->sk_userlocks & SOCK_SNDBUF_LOCK) &&
1211 sndbuf > READ_ONCE(sk->sk_sndbuf))
1212 WRITE_ONCE(sk->sk_sndbuf, sndbuf);
1213
6d0060f6 1214 pr_debug("conn_list->subflow=%p", ssk);
cec37a6e 1215
6d0060f6 1216 lock_sock(ssk);
72511aab
FW		 1217 tx_ok = msg_data_left(msg);
1218 while (tx_ok) {
3f8e0aae 1219 ret = mptcp_sendmsg_frag(sk, ssk, msg, NULL, &timeo, &mss_now,
57040755 1220 &size_goal);
72511aab
FW		 1221 if (ret < 0) {
1222 if (ret == -EAGAIN && timeo > 0) {
1223 mptcp_set_timeout(sk, ssk);
1224 release_sock(ssk);
1225 goto restart;
1226 }
6d0060f6 1227 break;
72511aab 1228 }
6d0060f6 1229
d5f49190
PA		 1230 /* burst can be negative, we will try move to the next subflow
1231 * at selection time, if possible.
1232 */
1233 msk->snd_burst -= ret;
6d0060f6 1234 copied += ret;
fb529e62 1235
72511aab
FW		 1236 tx_ok = msg_data_left(msg);
1237 if (!tx_ok)
1238 break;
1239
149f7c71 1240 if (!sk_stream_memory_free(ssk) ||
17091708 1241 !mptcp_page_frag_refill(ssk, pfrag) ||
149f7c71 1242 !mptcp_ext_cache_refill(msk)) {
72511aab
FW		 1243 tcp_push(ssk, msg->msg_flags, mss_now,
1244 tcp_sk(ssk)->nonagle, size_goal);
1245 mptcp_set_timeout(sk, ssk);
1246 release_sock(ssk);
1247 goto restart;
1248 }
1249
fb529e62
FW		 1250 /* memory is charged to mptcp level socket as well, i.e.
1251 * if msg is very large, mptcp socket may run out of buffer
1252 * space. mptcp_clean_una() will release data that has
1253 * been acked at mptcp level in the mean time, so there is
1254 * a good chance we can continue sending data right away.
72511aab
FW		 1255 *
1256 * Normally, when the tcp subflow can accept more data, then
1257 * so can the MPTCP socket. However, we need to cope with
1258 * peers that might lag behind in their MPTCP-level
1259 * acknowledgements, i.e. data might have been acked at
1260 * tcp level only. So, we must also check the MPTCP socket
1261 * limits before we send more data.
fb529e62
FW		 1262 */
1263 if (unlikely(!sk_stream_memory_free(sk))) {
1264 tcp_push(ssk, msg->msg_flags, mss_now,
1265 tcp_sk(ssk)->nonagle, size_goal);
1266 mptcp_clean_una(sk);
1267 if (!sk_stream_memory_free(sk)) {
1268 /* can't send more for now, need to wait for
1269 * MPTCP-level ACKs from peer.
1270 *
1271 * Wakeup will happen via mptcp_clean_una().
1272 */
1273 mptcp_set_timeout(sk, ssk);
1274 release_sock(ssk);
1cec170d 1275 goto restart;
fb529e62
FW		 1276 }
1277 }
6d0060f6
MM		 1278 }
1279
b51f9b80 1280 mptcp_set_timeout(sk, ssk);
57040755 1281 if (copied) {
57040755
PA		 1282 tcp_push(ssk, msg->msg_flags, mss_now, tcp_sk(ssk)->nonagle,
1283 size_goal);
b51f9b80
PA		 1284
1285 /* start the timer, if it's not pending */
1286 if (!mptcp_timer_pending(sk))
1287 mptcp_reset_timer(sk);
57040755 1288 }
6d0060f6
MM		 1289
1290 release_sock(ssk);
1954b860 1291out:
63561a40 1292 ssk_check_wmem(msk);
cec37a6e 1293 release_sock(sk);
8555c6bf 1294 return copied ? : ret;
f870fa0b
MM		 1295}
1296
7a6a6cbc
PA		 1297static void mptcp_wait_data(struct sock *sk, long *timeo)
1298{
1299 DEFINE_WAIT_FUNC(wait, woken_wake_function);
1300 struct mptcp_sock *msk = mptcp_sk(sk);
1301
1302 add_wait_queue(sk_sleep(sk), &wait);
1303 sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk);
1304
1305 sk_wait_event(sk, timeo,
1306 test_and_clear_bit(MPTCP_DATA_READY, &msk->flags), &wait);
1307
1308 sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk);
1309 remove_wait_queue(sk_sleep(sk), &wait);
1310}
1311
6771bfd9
FW		 1312static int __mptcp_recvmsg_mskq(struct mptcp_sock *msk,
1313 struct msghdr *msg,
1314 size_t len)
1315{
1316 struct sock *sk = (struct sock *)msk;
1317 struct sk_buff *skb;
1318 int copied = 0;
1319
1320 while ((skb = skb_peek(&sk->sk_receive_queue)) != NULL) {
1321 u32 offset = MPTCP_SKB_CB(skb)->offset;
1322 u32 data_len = skb->len - offset;
1323 u32 count = min_t(size_t, len - copied, data_len);
1324 int err;
1325
1326 err = skb_copy_datagram_msg(skb, offset, msg, count);
1327 if (unlikely(err < 0)) {
1328 if (!copied)
1329 return err;
1330 break;
1331 }
1332
1333 copied += count;
1334
1335 if (count < data_len) {
1336 MPTCP_SKB_CB(skb)->offset += count;
1337 break;
1338 }
1339
1340 __skb_unlink(skb, &sk->sk_receive_queue);
1341 __kfree_skb(skb);
1342
1343 if (copied >= len)
1344 break;
1345 }
1346
1347 return copied;
1348}
1349
a6b118fe
FW		 1350/* receive buffer autotuning. See tcp_rcv_space_adjust for more information.
1351 *
1352 * Only difference: Use highest rtt estimate of the subflows in use.
1353 */
1354static void mptcp_rcv_space_adjust(struct mptcp_sock *msk, int copied)
1355{
1356 struct mptcp_subflow_context *subflow;
1357 struct sock *sk = (struct sock *)msk;
1358 u32 time, advmss = 1;
1359 u64 rtt_us, mstamp;
1360
1361 sock_owned_by_me(sk);
1362
1363 if (copied <= 0)
1364 return;
1365
1366 msk->rcvq_space.copied += copied;
1367
1368 mstamp = div_u64(tcp_clock_ns(), NSEC_PER_USEC);
1369 time = tcp_stamp_us_delta(mstamp, msk->rcvq_space.time);
1370
1371 rtt_us = msk->rcvq_space.rtt_us;
1372 if (rtt_us && time < (rtt_us >> 3))
1373 return;
1374
1375 rtt_us = 0;
1376 mptcp_for_each_subflow(msk, subflow) {
1377 const struct tcp_sock *tp;
1378 u64 sf_rtt_us;
1379 u32 sf_advmss;
1380
1381 tp = tcp_sk(mptcp_subflow_tcp_sock(subflow));
1382
1383 sf_rtt_us = READ_ONCE(tp->rcv_rtt_est.rtt_us);
1384 sf_advmss = READ_ONCE(tp->advmss);
1385
1386 rtt_us = max(sf_rtt_us, rtt_us);
1387 advmss = max(sf_advmss, advmss);
1388 }
1389
1390 msk->rcvq_space.rtt_us = rtt_us;
1391 if (time < (rtt_us >> 3) || rtt_us == 0)
1392 return;
1393
1394 if (msk->rcvq_space.copied <= msk->rcvq_space.space)
1395 goto new_measure;
1396
1397 if (sock_net(sk)->ipv4.sysctl_tcp_moderate_rcvbuf &&
1398 !(sk->sk_userlocks & SOCK_RCVBUF_LOCK)) {
1399 int rcvmem, rcvbuf;
1400 u64 rcvwin, grow;
1401
1402 rcvwin = ((u64)msk->rcvq_space.copied << 1) + 16 * advmss;
1403
1404 grow = rcvwin * (msk->rcvq_space.copied - msk->rcvq_space.space);
1405
1406 do_div(grow, msk->rcvq_space.space);
1407 rcvwin += (grow << 1);
1408
1409 rcvmem = SKB_TRUESIZE(advmss + MAX_TCP_HEADER);
1410 while (tcp_win_from_space(sk, rcvmem) < advmss)
1411 rcvmem += 128;
1412
1413 do_div(rcvwin, advmss);
1414 rcvbuf = min_t(u64, rcvwin * rcvmem,
1415 sock_net(sk)->ipv4.sysctl_tcp_rmem[2]);
1416
1417 if (rcvbuf > sk->sk_rcvbuf) {
1418 u32 window_clamp;
1419
1420 window_clamp = tcp_win_from_space(sk, rcvbuf);
1421 WRITE_ONCE(sk->sk_rcvbuf, rcvbuf);
1422
1423 /* Make subflows follow along. If we do not do this, we
1424 * get drops at subflow level if skbs can't be moved to
1425 * the mptcp rx queue fast enough (announced rcv_win can
1426 * exceed ssk->sk_rcvbuf).
1427 */
1428 mptcp_for_each_subflow(msk, subflow) {
1429 struct sock *ssk;
c76c6956 1430 bool slow;
a6b118fe
FW		 1431
1432 ssk = mptcp_subflow_tcp_sock(subflow);
c76c6956 1433 slow = lock_sock_fast(ssk);
a6b118fe
FW		 1434 WRITE_ONCE(ssk->sk_rcvbuf, rcvbuf);
1435 tcp_sk(ssk)->window_clamp = window_clamp;
c76c6956
PA		 1436 tcp_cleanup_rbuf(ssk, 1);
1437 unlock_sock_fast(ssk, slow);
a6b118fe
FW		 1438 }
1439 }
1440 }
1441
1442 msk->rcvq_space.space = msk->rcvq_space.copied;
1443new_measure:
1444 msk->rcvq_space.copied = 0;
1445 msk->rcvq_space.time = mstamp;
1446}
1447
6771bfd9
FW		 1448static bool __mptcp_move_skbs(struct mptcp_sock *msk)
1449{
1450 unsigned int moved = 0;
1451 bool done;
1452
d5f49190
PA		 1453 /* avoid looping forever below on racing close */
1454 if (((struct sock *)msk)->sk_state == TCP_CLOSE)
1455 return false;
1456
1457 __mptcp_flush_join_list(msk);
6771bfd9
FW		 1458 do {
1459 struct sock *ssk = mptcp_subflow_recv_lookup(msk);
1460
1461 if (!ssk)
1462 break;
1463
1464 lock_sock(ssk);
1465 done = __mptcp_move_skbs_from_subflow(msk, ssk, &moved);
1466 release_sock(ssk);
1467 } while (!done);
1468
ab174ad8
PA		 1469 if (mptcp_ofo_queue(msk) || moved > 0) {
1470 mptcp_check_data_fin((struct sock *)msk);
1471 return true;
1472 }
1473 return false;
6771bfd9
FW		 1474}
1475
f870fa0b
MM		 1476static int mptcp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len,
1477 int nonblock, int flags, int *addr_len)
1478{
1479 struct mptcp_sock *msk = mptcp_sk(sk);
cec37a6e 1480 int copied = 0;
7a6a6cbc
PA		 1481 int target;
1482 long timeo;
f870fa0b
MM		 1483
1484 if (msg->msg_flags & ~(MSG_WAITALL | MSG_DONTWAIT))
1485 return -EOPNOTSUPP;
1486
cec37a6e 1487 lock_sock(sk);
7a6a6cbc
PA		 1488 timeo = sock_rcvtimeo(sk, nonblock);
1489
1490 len = min_t(size_t, len, INT_MAX);
1491 target = sock_rcvlowat(sk, flags & MSG_WAITALL, len);
ec3edaa7 1492 __mptcp_flush_join_list(msk);
7a6a6cbc 1493
6771bfd9 1494 while (len > (size_t)copied) {
7a6a6cbc
PA		 1495 int bytes_read;
1496
6771bfd9
FW		 1497 bytes_read = __mptcp_recvmsg_mskq(msk, msg, len - copied);
1498 if (unlikely(bytes_read < 0)) {
1499 if (!copied)
1500 copied = bytes_read;
1501 goto out_err;
1502 }
7a6a6cbc 1503
6771bfd9 1504 copied += bytes_read;
7a6a6cbc 1505
6771bfd9
FW		 1506 if (skb_queue_empty(&sk->sk_receive_queue) &&
1507 __mptcp_move_skbs(msk))
1508 continue;
7a6a6cbc
PA		 1509
1510 /* only the master socket status is relevant here. The exit
1511 * conditions mirror closely tcp_recvmsg()
1512 */
1513 if (copied >= target)
1514 break;
1515
1516 if (copied) {
1517 if (sk->sk_err ||
1518 sk->sk_state == TCP_CLOSE ||
1519 (sk->sk_shutdown & RCV_SHUTDOWN) ||
1520 !timeo ||
1521 signal_pending(current))
1522 break;
1523 } else {
1524 if (sk->sk_err) {
1525 copied = sock_error(sk);
1526 break;
1527 }
1528
5969856a
PA		 1529 if (test_and_clear_bit(MPTCP_WORK_EOF, &msk->flags))
1530 mptcp_check_for_eof(msk);
1531
7a6a6cbc
PA		 1532 if (sk->sk_shutdown & RCV_SHUTDOWN)
1533 break;
1534
1535 if (sk->sk_state == TCP_CLOSE) {
1536 copied = -ENOTCONN;
1537 break;
1538 }
1539
1540 if (!timeo) {
1541 copied = -EAGAIN;
1542 break;
1543 }
1544
1545 if (signal_pending(current)) {
1546 copied = sock_intr_errno(timeo);
1547 break;
1548 }
1549 }
1550
1551 pr_debug("block timeout %ld", timeo);
7a6a6cbc 1552 mptcp_wait_data(sk, &timeo);
cec37a6e
PK		 1553 }
1554
6771bfd9
FW		 1555 if (skb_queue_empty(&sk->sk_receive_queue)) {
1556 /* entire backlog drained, clear DATA_READY. */
7a6a6cbc 1557 clear_bit(MPTCP_DATA_READY, &msk->flags);
cec37a6e 1558
6771bfd9
FW		 1559 /* .. race-breaker: ssk might have gotten new data
1560 * after last __mptcp_move_skbs() returned false.
7a6a6cbc 1561 */
6771bfd9 1562 if (unlikely(__mptcp_move_skbs(msk)))
7a6a6cbc 1563 set_bit(MPTCP_DATA_READY, &msk->flags);
6771bfd9
FW		 1564 } else if (unlikely(!test_bit(MPTCP_DATA_READY, &msk->flags))) {
1565 /* data to read but mptcp_wait_data() cleared DATA_READY */
1566 set_bit(MPTCP_DATA_READY, &msk->flags);
7a6a6cbc 1567 }
6771bfd9 1568out_err:
6719331c
PA		 1569 pr_debug("msk=%p data_ready=%d rx queue empty=%d copied=%d",
1570 msk, test_bit(MPTCP_DATA_READY, &msk->flags),
1571 skb_queue_empty(&sk->sk_receive_queue), copied);
a6b118fe
FW		 1572 mptcp_rcv_space_adjust(msk, copied);
1573
7a6a6cbc 1574 release_sock(sk);
cec37a6e
PK		 1575 return copied;
1576}
1577
b51f9b80
PA		 1578static void mptcp_retransmit_handler(struct sock *sk)
1579{
1580 struct mptcp_sock *msk = mptcp_sk(sk);
1581
c7529392 1582 if (atomic64_read(&msk->snd_una) == READ_ONCE(msk->write_seq)) {
b51f9b80 1583 mptcp_stop_timer(sk);
3b1d6210
PA		 1584 } else {
1585 set_bit(MPTCP_WORK_RTX, &msk->flags);
1586 if (schedule_work(&msk->work))
1587 sock_hold(sk);
1588 }
b51f9b80
PA		 1589}
1590
1591static void mptcp_retransmit_timer(struct timer_list *t)
1592{
1593 struct inet_connection_sock *icsk = from_timer(icsk, t,
1594 icsk_retransmit_timer);
1595 struct sock *sk = &icsk->icsk_inet.sk;
1596
1597 bh_lock_sock(sk);
1598 if (!sock_owned_by_user(sk)) {
1599 mptcp_retransmit_handler(sk);
1600 } else {
1601 /* delegate our work to tcp_release_cb() */
1602 if (!test_and_set_bit(TCP_WRITE_TIMER_DEFERRED,
1603 &sk->sk_tsq_flags))
1604 sock_hold(sk);
1605 }
1606 bh_unlock_sock(sk);
1607 sock_put(sk);
1608}
1609
3b1d6210
PA		 1610/* Find an idle subflow. Return NULL if there is unacked data at tcp
1611 * level.
1612 *
1613 * A backup subflow is returned only if that is the only kind available.
1614 */
1615static struct sock *mptcp_subflow_get_retrans(const struct mptcp_sock *msk)
1616{
1617 struct mptcp_subflow_context *subflow;
1618 struct sock *backup = NULL;
1619
1620 sock_owned_by_me((const struct sock *)msk);
1621
d5f49190
PA		 1622 if (__mptcp_check_fallback(msk))
1623 return msk->first;
1624
3b1d6210
PA		 1625 mptcp_for_each_subflow(msk, subflow) {
1626 struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
1627
d5f49190
PA		 1628 if (!mptcp_subflow_active(subflow))
1629 continue;
1630
3b1d6210
PA		 1631 /* still data outstanding at TCP level? Don't retransmit. */
1632 if (!tcp_write_queue_empty(ssk))
1633 return NULL;
1634
1635 if (subflow->backup) {
1636 if (!backup)
1637 backup = ssk;
1638 continue;
1639 }
1640
1641 return ssk;
1642 }
1643
1644 return backup;
1645}
1646
cec37a6e
PK		 1647/* subflow sockets can be either outgoing (connect) or incoming
1648 * (accept).
1649 *
1650 * Outgoing subflows use in-kernel sockets.
1651 * Incoming subflows do not have their own 'struct socket' allocated,
1652 * so we need to use tcp_close() after detaching them from the mptcp
1653 * parent socket.
1654 */
1655static void __mptcp_close_ssk(struct sock *sk, struct sock *ssk,
1656 struct mptcp_subflow_context *subflow,
1657 long timeout)
1658{
1659 struct socket *sock = READ_ONCE(ssk->sk_socket);
1660
1661 list_del(&subflow->node);
1662
1663 if (sock && sock != sk->sk_socket) {
1664 /* outgoing subflow */
1665 sock_release(sock);
1666 } else {
1667 /* incoming subflow */
1668 tcp_close(ssk, timeout);
1669 }
f870fa0b
MM		 1670}
1671
dc24f8b4
PA		 1672static unsigned int mptcp_sync_mss(struct sock *sk, u32 pmtu)
1673{
1674 return 0;
1675}
1676
b416268b
FW		 1677static void pm_work(struct mptcp_sock *msk)
1678{
1679 struct mptcp_pm_data *pm = &msk->pm;
1680
1681 spin_lock_bh(&msk->pm.lock);
1682
1683 pr_debug("msk=%p status=%x", msk, pm->status);
1684 if (pm->status & BIT(MPTCP_PM_ADD_ADDR_RECEIVED)) {
1685 pm->status &= ~BIT(MPTCP_PM_ADD_ADDR_RECEIVED);
1686 mptcp_pm_nl_add_addr_received(msk);
1687 }
1688 if (pm->status & BIT(MPTCP_PM_ESTABLISHED)) {
1689 pm->status &= ~BIT(MPTCP_PM_ESTABLISHED);
1690 mptcp_pm_nl_fully_established(msk);
1691 }
1692 if (pm->status & BIT(MPTCP_PM_SUBFLOW_ESTABLISHED)) {
1693 pm->status &= ~BIT(MPTCP_PM_SUBFLOW_ESTABLISHED);
1694 mptcp_pm_nl_subflow_established(msk);
1695 }
1696
1697 spin_unlock_bh(&msk->pm.lock);
1698}
1699
80992017
PA		 1700static void mptcp_worker(struct work_struct *work)
1701{
1702 struct mptcp_sock *msk = container_of(work, struct mptcp_sock, work);
3b1d6210 1703 struct sock *ssk, *sk = &msk->sk.icsk_inet.sk;
149f7c71 1704 int orig_len, orig_offset, mss_now = 0, size_goal = 0;
3b1d6210
PA		 1705 struct mptcp_data_frag *dfrag;
1706 u64 orig_write_seq;
1707 size_t copied = 0;
b3b2854d
FW		 1708 struct msghdr msg = {
1709 .msg_flags = MSG_DONTWAIT,
1710 };
3b1d6210 1711 long timeo = 0;
80992017
PA		 1712
1713 lock_sock(sk);
3b1d6210 1714 mptcp_clean_una(sk);
43b54c6e 1715 mptcp_check_data_fin_ack(sk);
ec3edaa7 1716 __mptcp_flush_join_list(msk);
6771bfd9 1717 __mptcp_move_skbs(msk);
3b1d6210 1718
b416268b
FW		 1719 if (msk->pm.status)
1720 pm_work(msk);
1721
59832e24
FW		 1722 if (test_and_clear_bit(MPTCP_WORK_EOF, &msk->flags))
1723 mptcp_check_for_eof(msk);
1724
43b54c6e
MM		 1725 mptcp_check_data_fin(sk);
1726
3b1d6210
PA		 1727 if (!test_and_clear_bit(MPTCP_WORK_RTX, &msk->flags))
1728 goto unlock;
1729
1730 dfrag = mptcp_rtx_head(sk);
1731 if (!dfrag)
1732 goto unlock;
1733
149f7c71
FW		 1734 if (!mptcp_ext_cache_refill(msk))
1735 goto reset_unlock;
1736
3b1d6210
PA		 1737 ssk = mptcp_subflow_get_retrans(msk);
1738 if (!ssk)
1739 goto reset_unlock;
1740
1741 lock_sock(ssk);
1742
3b1d6210
PA		 1743 orig_len = dfrag->data_len;
1744 orig_offset = dfrag->offset;
1745 orig_write_seq = dfrag->data_seq;
1746 while (dfrag->data_len > 0) {
149f7c71
FW		 1747 int ret = mptcp_sendmsg_frag(sk, ssk, &msg, dfrag, &timeo,
1748 &mss_now, &size_goal);
3b1d6210
PA		 1749 if (ret < 0)
1750 break;
1751
fc518953 1752 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_RETRANSSEGS);
3b1d6210
PA		 1753 copied += ret;
1754 dfrag->data_len -= ret;
1755 dfrag->offset += ret;
149f7c71
FW		 1756
1757 if (!mptcp_ext_cache_refill(msk))
1758 break;
3b1d6210
PA		 1759 }
1760 if (copied)
1761 tcp_push(ssk, msg.msg_flags, mss_now, tcp_sk(ssk)->nonagle,
1762 size_goal);
1763
1764 dfrag->data_seq = orig_write_seq;
1765 dfrag->offset = orig_offset;
1766 dfrag->data_len = orig_len;
1767
1768 mptcp_set_timeout(sk, ssk);
1769 release_sock(ssk);
1770
1771reset_unlock:
1772 if (!mptcp_timer_pending(sk))
1773 mptcp_reset_timer(sk);
1774
1775unlock:
80992017
PA		 1776 release_sock(sk);
1777 sock_put(sk);
1778}
1779
784325e9 1780static int __mptcp_init_sock(struct sock *sk)
f870fa0b 1781{
cec37a6e
PK		 1782 struct mptcp_sock *msk = mptcp_sk(sk);
1783
ec3edaa7
PK		 1784 spin_lock_init(&msk->join_list_lock);
1785
cec37a6e 1786 INIT_LIST_HEAD(&msk->conn_list);
ec3edaa7 1787 INIT_LIST_HEAD(&msk->join_list);
18b683bf 1788 INIT_LIST_HEAD(&msk->rtx_queue);
1891c4a0 1789 __set_bit(MPTCP_SEND_SPACE, &msk->flags);
80992017 1790 INIT_WORK(&msk->work, mptcp_worker);
ab174ad8 1791 msk->out_of_order_queue = RB_ROOT;
cec37a6e 1792
8ab183de 1793 msk->first = NULL;
dc24f8b4 1794 inet_csk(sk)->icsk_sync_mss = mptcp_sync_mss;
8ab183de 1795
1b1c7a0e
PK		 1796 mptcp_pm_data_init(msk);
1797
b51f9b80
PA		 1798 /* re-use the csk retrans timer for MPTCP-level retrans */
1799 timer_setup(&msk->sk.icsk_retransmit_timer, mptcp_retransmit_timer, 0);
1800
f870fa0b
MM		 1801 return 0;
1802}
1803
784325e9
MB		 1804static int mptcp_init_sock(struct sock *sk)
1805{
fc518953
FW		 1806 struct net *net = sock_net(sk);
1807 int ret;
18b683bf 1808
fc518953
FW		 1809 if (!mptcp_is_enabled(net))
1810 return -ENOPROTOOPT;
1811
1812 if (unlikely(!net->mib.mptcp_statistics) && !mptcp_mib_alloc(net))
1813 return -ENOMEM;
1814
1815 ret = __mptcp_init_sock(sk);
18b683bf
PA		 1816 if (ret)
1817 return ret;
1818
fa68018d
PA		 1819 ret = __mptcp_socket_create(mptcp_sk(sk));
1820 if (ret)
1821 return ret;
1822
d027236c 1823 sk_sockets_allocated_inc(sk);
a6b118fe 1824 sk->sk_rcvbuf = sock_net(sk)->ipv4.sysctl_tcp_rmem[1];
da51aef5 1825 sk->sk_sndbuf = sock_net(sk)->ipv4.sysctl_tcp_wmem[1];
d027236c 1826
18b683bf
PA		 1827 return 0;
1828}
1829
1830static void __mptcp_clear_xmit(struct sock *sk)
1831{
1832 struct mptcp_sock *msk = mptcp_sk(sk);
1833 struct mptcp_data_frag *dtmp, *dfrag;
1834
b51f9b80
PA		 1835 sk_stop_timer(sk, &msk->sk.icsk_retransmit_timer);
1836
18b683bf 1837 list_for_each_entry_safe(dfrag, dtmp, &msk->rtx_queue, list)
d027236c 1838 dfrag_clear(sk, dfrag);
784325e9
MB		 1839}
1840
80992017
PA		 1841static void mptcp_cancel_work(struct sock *sk)
1842{
1843 struct mptcp_sock *msk = mptcp_sk(sk);
1844
1845 if (cancel_work_sync(&msk->work))
1846 sock_put(sk);
1847}
1848
43b54c6e 1849static void mptcp_subflow_shutdown(struct sock *sk, struct sock *ssk, int how)
21498490
PK		 1850{
1851 lock_sock(ssk);
1852
1853 switch (ssk->sk_state) {
1854 case TCP_LISTEN:
1855 if (!(how & RCV_SHUTDOWN))
1856 break;
df561f66 1857 fallthrough;
21498490
PK		 1858 case TCP_SYN_SENT:
1859 tcp_disconnect(ssk, O_NONBLOCK);
1860 break;
1861 default:
43b54c6e
MM		 1862 if (__mptcp_check_fallback(mptcp_sk(sk))) {
1863 pr_debug("Fallback");
1864 ssk->sk_shutdown |= how;
1865 tcp_shutdown(ssk, how);
1866 } else {
1867 pr_debug("Sending DATA_FIN on subflow %p", ssk);
1868 mptcp_set_timeout(sk, ssk);
1869 tcp_send_ack(ssk);
1870 }
21498490
PK		 1871 break;
1872 }
1873
21498490
PK		 1874 release_sock(ssk);
1875}
1876
6920b851
MM		 1877static const unsigned char new_state[16] = {
1878 /* current state: new state: action: */
1879 [0 /* (Invalid) */] = TCP_CLOSE,
1880 [TCP_ESTABLISHED] = TCP_FIN_WAIT1 | TCP_ACTION_FIN,
1881 [TCP_SYN_SENT] = TCP_CLOSE,
1882 [TCP_SYN_RECV] = TCP_FIN_WAIT1 | TCP_ACTION_FIN,
1883 [TCP_FIN_WAIT1] = TCP_FIN_WAIT1,
1884 [TCP_FIN_WAIT2] = TCP_FIN_WAIT2,
1885 [TCP_TIME_WAIT] = TCP_CLOSE, /* should not happen ! */
1886 [TCP_CLOSE] = TCP_CLOSE,
1887 [TCP_CLOSE_WAIT] = TCP_LAST_ACK | TCP_ACTION_FIN,
1888 [TCP_LAST_ACK] = TCP_LAST_ACK,
1889 [TCP_LISTEN] = TCP_CLOSE,
1890 [TCP_CLOSING] = TCP_CLOSING,
1891 [TCP_NEW_SYN_RECV] = TCP_CLOSE, /* should not happen ! */
1892};
1893
1894static int mptcp_close_state(struct sock *sk)
1895{
1896 int next = (int)new_state[sk->sk_state];
1897 int ns = next & TCP_STATE_MASK;
1898
1899 inet_sk_state_store(sk, ns);
1900
1901 return next & TCP_ACTION_FIN;
1902}
1903
2c22c06c 1904static void mptcp_close(struct sock *sk, long timeout)
f870fa0b 1905{
cec37a6e 1906 struct mptcp_subflow_context *subflow, *tmp;
f870fa0b 1907 struct mptcp_sock *msk = mptcp_sk(sk);
b2c5b614 1908 LIST_HEAD(conn_list);
f870fa0b 1909
2c22c06c 1910 lock_sock(sk);
43b54c6e
MM		 1911 sk->sk_shutdown = SHUTDOWN_MASK;
1912
1913 if (sk->sk_state == TCP_LISTEN) {
1914 inet_sk_state_store(sk, TCP_CLOSE);
1915 goto cleanup;
1916 } else if (sk->sk_state == TCP_CLOSE) {
1917 goto cleanup;
1918 }
1919
1920 if (__mptcp_check_fallback(msk)) {
1921 goto update_state;
1922 } else if (mptcp_close_state(sk)) {
1923 pr_debug("Sending DATA_FIN sk=%p", sk);
1924 WRITE_ONCE(msk->write_seq, msk->write_seq + 1);
1925 WRITE_ONCE(msk->snd_data_fin_enable, 1);
1926
1927 mptcp_for_each_subflow(msk, subflow) {
1928 struct sock *tcp_sk = mptcp_subflow_tcp_sock(subflow);
1929
1930 mptcp_subflow_shutdown(sk, tcp_sk, SHUTDOWN_MASK);
1931 }
1932 }
2c22c06c 1933
43b54c6e
MM		 1934 sk_stream_wait_close(sk, timeout);
1935
1936update_state:
f870fa0b
MM		 1937 inet_sk_state_store(sk, TCP_CLOSE);
1938
43b54c6e 1939cleanup:
10f6d46c
PA		 1940 /* be sure to always acquire the join list lock, to sync vs
1941 * mptcp_finish_join().
1942 */
1943 spin_lock_bh(&msk->join_list_lock);
1944 list_splice_tail_init(&msk->join_list, &msk->conn_list);
1945 spin_unlock_bh(&msk->join_list_lock);
b2c5b614
FW		 1946 list_splice_init(&msk->conn_list, &conn_list);
1947
18b683bf
PA		 1948 __mptcp_clear_xmit(sk);
1949
b2c5b614
FW		 1950 release_sock(sk);
1951
1952 list_for_each_entry_safe(subflow, tmp, &conn_list, node) {
cec37a6e 1953 struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
cec37a6e 1954 __mptcp_close_ssk(sk, ssk, subflow, timeout);
f870fa0b
MM		 1955 }
1956
80992017
PA		 1957 mptcp_cancel_work(sk);
1958
6771bfd9
FW		 1959 __skb_queue_purge(&sk->sk_receive_queue);
1960
cec37a6e 1961 sk_common_release(sk);
f870fa0b
MM		 1962}
1963
cf7da0d6
PK		 1964static void mptcp_copy_inaddrs(struct sock *msk, const struct sock *ssk)
1965{
1966#if IS_ENABLED(CONFIG_MPTCP_IPV6)
1967 const struct ipv6_pinfo *ssk6 = inet6_sk(ssk);
1968 struct ipv6_pinfo *msk6 = inet6_sk(msk);
1969
1970 msk->sk_v6_daddr = ssk->sk_v6_daddr;
1971 msk->sk_v6_rcv_saddr = ssk->sk_v6_rcv_saddr;
1972
1973 if (msk6 && ssk6) {
1974 msk6->saddr = ssk6->saddr;
1975 msk6->flow_label = ssk6->flow_label;
1976 }
1977#endif
1978
1979 inet_sk(msk)->inet_num = inet_sk(ssk)->inet_num;
1980 inet_sk(msk)->inet_dport = inet_sk(ssk)->inet_dport;
1981 inet_sk(msk)->inet_sport = inet_sk(ssk)->inet_sport;
1982 inet_sk(msk)->inet_daddr = inet_sk(ssk)->inet_daddr;
1983 inet_sk(msk)->inet_saddr = inet_sk(ssk)->inet_saddr;
1984 inet_sk(msk)->inet_rcv_saddr = inet_sk(ssk)->inet_rcv_saddr;
1985}
1986
18b683bf
PA		 1987static int mptcp_disconnect(struct sock *sk, int flags)
1988{
42c556fe
FW		 1989 /* Should never be called.
1990 * inet_stream_connect() calls ->disconnect, but that
1991 * refers to the subflow socket, not the mptcp one.
1992 */
1993 WARN_ON_ONCE(1);
1994 return 0;
18b683bf
PA		 1995}
1996
b0519de8
FW		 1997#if IS_ENABLED(CONFIG_MPTCP_IPV6)
1998static struct ipv6_pinfo *mptcp_inet6_sk(const struct sock *sk)
1999{
2000 unsigned int offset = sizeof(struct mptcp6_sock) - sizeof(struct ipv6_pinfo);
2001
2002 return (struct ipv6_pinfo *)(((u8 *)sk) + offset);
2003}
2004#endif
2005
fca5c82c 2006struct sock *mptcp_sk_clone(const struct sock *sk,
cfde141e 2007 const struct mptcp_options_received *mp_opt,
fca5c82c 2008 struct request_sock *req)
b0519de8 2009{
58b09919 2010 struct mptcp_subflow_request_sock *subflow_req = mptcp_subflow_rsk(req);
b0519de8 2011 struct sock *nsk = sk_clone_lock(sk, GFP_ATOMIC);
58b09919
PA		 2012 struct mptcp_sock *msk;
2013 u64 ack_seq;
b0519de8
FW		 2014
2015 if (!nsk)
2016 return NULL;
2017
2018#if IS_ENABLED(CONFIG_MPTCP_IPV6)
2019 if (nsk->sk_family == AF_INET6)
2020 inet_sk(nsk)->pinet6 = mptcp_inet6_sk(nsk);
2021#endif
2022
58b09919
PA		 2023 __mptcp_init_sock(nsk);
2024
2025 msk = mptcp_sk(nsk);
2026 msk->local_key = subflow_req->local_key;
2027 msk->token = subflow_req->token;
2028 msk->subflow = NULL;
b93df08c 2029 WRITE_ONCE(msk->fully_established, false);
58b09919 2030
58b09919 2031 msk->write_seq = subflow_req->idsn + 1;
cc9d2566 2032 atomic64_set(&msk->snd_una, msk->write_seq);
cfde141e 2033 if (mp_opt->mp_capable) {
58b09919 2034 msk->can_ack = true;
cfde141e 2035 msk->remote_key = mp_opt->sndr_key;
58b09919
PA		 2036 mptcp_crypto_key_sha(msk->remote_key, NULL, &ack_seq);
2037 ack_seq++;
2038 msk->ack_seq = ack_seq;
2039 }
7f20d5fc 2040
5e20087d 2041 sock_reset_flag(nsk, SOCK_RCU_FREE);
7f20d5fc
PA		 2042 /* will be fully established after successful MPC subflow creation */
2043 inet_sk_state_store(nsk, TCP_SYN_RECV);
58b09919
PA		 2044 bh_unlock_sock(nsk);
2045
2046 /* keep a single reference */
2047 __sock_put(nsk);
b0519de8
FW		 2048 return nsk;
2049}
2050
a6b118fe
FW		 2051void mptcp_rcv_space_init(struct mptcp_sock *msk, const struct sock *ssk)
2052{
2053 const struct tcp_sock *tp = tcp_sk(ssk);
2054
2055 msk->rcvq_space.copied = 0;
2056 msk->rcvq_space.rtt_us = 0;
2057
2058 msk->rcvq_space.time = tp->tcp_mstamp;
2059
2060 /* initial rcv_space offering made to peer */
2061 msk->rcvq_space.space = min_t(u32, tp->rcv_wnd,
2062 TCP_INIT_CWND * tp->advmss);
2063 if (msk->rcvq_space.space == 0)
2064 msk->rcvq_space.space = TCP_INIT_CWND * TCP_MSS_DEFAULT;
2065}
2066
cf7da0d6
PK		 2067static struct sock *mptcp_accept(struct sock *sk, int flags, int *err,
2068 bool kern)
2069{
2070 struct mptcp_sock *msk = mptcp_sk(sk);
2071 struct socket *listener;
2072 struct sock *newsk;
2073
2074 listener = __mptcp_nmpc_socket(msk);
2075 if (WARN_ON_ONCE(!listener)) {
2076 *err = -EINVAL;
2077 return NULL;
2078 }
2079
2080 pr_debug("msk=%p, listener=%p", msk, mptcp_subflow_ctx(listener->sk));
2081 newsk = inet_csk_accept(listener->sk, flags, err, kern);
2082 if (!newsk)
2083 return NULL;
2084
2085 pr_debug("msk=%p, subflow is mptcp=%d", msk, sk_is_mptcp(newsk));
cf7da0d6
PK		 2086 if (sk_is_mptcp(newsk)) {
2087 struct mptcp_subflow_context *subflow;
2088 struct sock *new_mptcp_sock;
2089 struct sock *ssk = newsk;
2090
2091 subflow = mptcp_subflow_ctx(newsk);
58b09919 2092 new_mptcp_sock = subflow->conn;
cf7da0d6 2093
58b09919
PA		 2094 /* is_mptcp should be false if subflow->conn is missing, see
2095 * subflow_syn_recv_sock()
2096 */
2097 if (WARN_ON_ONCE(!new_mptcp_sock)) {
2098 tcp_sk(newsk)->is_mptcp = 0;
2099 return newsk;
cf7da0d6
PK		 2100 }
2101
58b09919
PA		 2102 /* acquire the 2nd reference for the owning socket */
2103 sock_hold(new_mptcp_sock);
cf7da0d6 2104
58b09919
PA		 2105 local_bh_disable();
2106 bh_lock_sock(new_mptcp_sock);
cf7da0d6 2107 msk = mptcp_sk(new_mptcp_sock);
8ab183de 2108 msk->first = newsk;
cf7da0d6
PK		 2109
2110 newsk = new_mptcp_sock;
2111 mptcp_copy_inaddrs(newsk, ssk);
2112 list_add(&subflow->node, &msk->conn_list);
2113
a6b118fe 2114 mptcp_rcv_space_init(msk, ssk);
cf7da0d6 2115 bh_unlock_sock(new_mptcp_sock);
fc518953
FW		 2116
2117 __MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_MPCAPABLEPASSIVEACK);
cf7da0d6 2118 local_bh_enable();
fc518953
FW		 2119 } else {
2120 MPTCP_INC_STATS(sock_net(sk),
2121 MPTCP_MIB_MPCAPABLEPASSIVEFALLBACK);
cf7da0d6
PK		 2122 }
2123
2124 return newsk;
2125}
2126
79c0949e
PK		 2127static void mptcp_destroy(struct sock *sk)
2128{
c9fd9c5f
FW		 2129 struct mptcp_sock *msk = mptcp_sk(sk);
2130
ab174ad8 2131 skb_rbtree_purge(&msk->out_of_order_queue);
2c5ebd00 2132 mptcp_token_destroy(msk);
c9fd9c5f
FW		 2133 if (msk->cached_ext)
2134 __skb_ext_put(msk->cached_ext);
d027236c
PA		 2135
2136 sk_sockets_allocated_dec(sk);
79c0949e
PK		 2137}
2138
fd1452d8 2139static int mptcp_setsockopt_sol_socket(struct mptcp_sock *msk, int optname,
a7b75c5a 2140 sockptr_t optval, unsigned int optlen)
fd1452d8
FW		 2141{
2142 struct sock *sk = (struct sock *)msk;
2143 struct socket *ssock;
2144 int ret;
2145
2146 switch (optname) {
2147 case SO_REUSEPORT:
2148 case SO_REUSEADDR:
2149 lock_sock(sk);
2150 ssock = __mptcp_nmpc_socket(msk);
2151 if (!ssock) {
2152 release_sock(sk);
2153 return -EINVAL;
2154 }
2155
a7b75c5a 2156 ret = sock_setsockopt(ssock, SOL_SOCKET, optname, optval, optlen);
fd1452d8
FW		 2157 if (ret == 0) {
2158 if (optname == SO_REUSEPORT)
2159 sk->sk_reuseport = ssock->sk->sk_reuseport;
2160 else if (optname == SO_REUSEADDR)
2161 sk->sk_reuse = ssock->sk->sk_reuse;
2162 }
2163 release_sock(sk);
2164 return ret;
2165 }
2166
a7b75c5a 2167 return sock_setsockopt(sk->sk_socket, SOL_SOCKET, optname, optval, optlen);
fd1452d8
FW		 2168}
2169
c9b95a13 2170static int mptcp_setsockopt_v6(struct mptcp_sock *msk, int optname,
a7b75c5a 2171 sockptr_t optval, unsigned int optlen)
c9b95a13
FW		 2172{
2173 struct sock *sk = (struct sock *)msk;
2174 int ret = -EOPNOTSUPP;
2175 struct socket *ssock;
2176
2177 switch (optname) {
2178 case IPV6_V6ONLY:
2179 lock_sock(sk);
2180 ssock = __mptcp_nmpc_socket(msk);
2181 if (!ssock) {
2182 release_sock(sk);
2183 return -EINVAL;
2184 }
2185
2186 ret = tcp_setsockopt(ssock->sk, SOL_IPV6, optname, optval, optlen);
2187 if (ret == 0)
2188 sk->sk_ipv6only = ssock->sk->sk_ipv6only;
2189
2190 release_sock(sk);
2191 break;
2192 }
2193
2194 return ret;
2195}
2196
717e79c8 2197static int mptcp_setsockopt(struct sock *sk, int level, int optname,
a7b75c5a 2198 sockptr_t optval, unsigned int optlen)
717e79c8
PK		 2199{
2200 struct mptcp_sock *msk = mptcp_sk(sk);
76660afb 2201 struct sock *ssk;
717e79c8
PK		 2202
2203 pr_debug("msk=%p", msk);
2204
83f0c10b 2205 if (level == SOL_SOCKET)
fd1452d8 2206 return mptcp_setsockopt_sol_socket(msk, optname, optval, optlen);
83f0c10b 2207
717e79c8 2208 /* @@ the meaning of setsockopt() when the socket is connected and
b6e4a1ae
MM		 2209 * there are multiple subflows is not yet defined. It is up to the
2210 * MPTCP-level socket to configure the subflows until the subflow
2211 * is in TCP fallback, when TCP socket options are passed through
2212 * to the one remaining subflow.
717e79c8
PK		 2213 */
2214 lock_sock(sk);
76660afb 2215 ssk = __mptcp_tcp_fallback(msk);
e154659b 2216 release_sock(sk);
76660afb
PA		 2217 if (ssk)
2218 return tcp_setsockopt(ssk, level, optname, optval, optlen);
50e741bb 2219
c9b95a13
FW		 2220 if (level == SOL_IPV6)
2221 return mptcp_setsockopt_v6(msk, optname, optval, optlen);
2222
b6e4a1ae 2223 return -EOPNOTSUPP;
717e79c8
PK		 2224}
2225
2226static int mptcp_getsockopt(struct sock *sk, int level, int optname,
50e741bb 2227 char __user *optval, int __user *option)
717e79c8
PK		 2228{
2229 struct mptcp_sock *msk = mptcp_sk(sk);
76660afb 2230 struct sock *ssk;
717e79c8
PK		 2231
2232 pr_debug("msk=%p", msk);
2233
b6e4a1ae
MM		 2234 /* @@ the meaning of setsockopt() when the socket is connected and
2235 * there are multiple subflows is not yet defined. It is up to the
2236 * MPTCP-level socket to configure the subflows until the subflow
2237 * is in TCP fallback, when socket options are passed through
2238 * to the one remaining subflow.
717e79c8
PK		 2239 */
2240 lock_sock(sk);
76660afb 2241 ssk = __mptcp_tcp_fallback(msk);
e154659b 2242 release_sock(sk);
76660afb
PA		 2243 if (ssk)
2244 return tcp_getsockopt(ssk, level, optname, optval, option);
50e741bb 2245
b6e4a1ae 2246 return -EOPNOTSUPP;
717e79c8
PK		 2247}
2248
b51f9b80
PA		 2249#define MPTCP_DEFERRED_ALL (TCPF_DELACK_TIMER_DEFERRED | \
2250 TCPF_WRITE_TIMER_DEFERRED)
14c441b5
PA		 2251
2252/* this is very alike tcp_release_cb() but we must handle differently a
2253 * different set of events
2254 */
2255static void mptcp_release_cb(struct sock *sk)
2256{
2257 unsigned long flags, nflags;
2258
2259 do {
2260 flags = sk->sk_tsq_flags;
2261 if (!(flags & MPTCP_DEFERRED_ALL))
2262 return;
2263 nflags = flags & ~MPTCP_DEFERRED_ALL;
2264 } while (cmpxchg(&sk->sk_tsq_flags, flags, nflags) != flags);
2265
b51f9b80
PA		 2266 sock_release_ownership(sk);
2267
14c441b5
PA		 2268 if (flags & TCPF_DELACK_TIMER_DEFERRED) {
2269 struct mptcp_sock *msk = mptcp_sk(sk);
2270 struct sock *ssk;
2271
2272 ssk = mptcp_subflow_recv_lookup(msk);
2273 if (!ssk || !schedule_work(&msk->work))
2274 __sock_put(sk);
2275 }
b51f9b80
PA		 2276
2277 if (flags & TCPF_WRITE_TIMER_DEFERRED) {
2278 mptcp_retransmit_handler(sk);
2279 __sock_put(sk);
2280 }
14c441b5
PA		 2281}
2282
2c5ebd00
PA		 2283static int mptcp_hash(struct sock *sk)
2284{
2285 /* should never be called,
2286 * we hash the TCP subflows not the master socket
2287 */
2288 WARN_ON_ONCE(1);
2289 return 0;
2290}
2291
2292static void mptcp_unhash(struct sock *sk)
2293{
2294 /* called from sk_common_release(), but nothing to do here */
2295}
2296
cec37a6e 2297static int mptcp_get_port(struct sock *sk, unsigned short snum)
f870fa0b
MM		 2298{
2299 struct mptcp_sock *msk = mptcp_sk(sk);
cec37a6e 2300 struct socket *ssock;
f870fa0b 2301
cec37a6e
PK		 2302 ssock = __mptcp_nmpc_socket(msk);
2303 pr_debug("msk=%p, subflow=%p", msk, ssock);
2304 if (WARN_ON_ONCE(!ssock))
2305 return -EINVAL;
f870fa0b 2306
cec37a6e
PK		 2307 return inet_csk_get_port(ssock->sk, snum);
2308}
f870fa0b 2309
cec37a6e
PK		 2310void mptcp_finish_connect(struct sock *ssk)
2311{
2312 struct mptcp_subflow_context *subflow;
2313 struct mptcp_sock *msk;
2314 struct sock *sk;
6d0060f6 2315 u64 ack_seq;
f870fa0b 2316
cec37a6e 2317 subflow = mptcp_subflow_ctx(ssk);
cec37a6e
PK		 2318 sk = subflow->conn;
2319 msk = mptcp_sk(sk);
2320
648ef4b8
MM		 2321 pr_debug("msk=%p, token=%u", sk, subflow->token);
2322
6d0060f6
MM		 2323 mptcp_crypto_key_sha(subflow->remote_key, NULL, &ack_seq);
2324 ack_seq++;
648ef4b8
MM		 2325 subflow->map_seq = ack_seq;
2326 subflow->map_subflow_seq = 1;
6d0060f6 2327
cec37a6e
PK		 2328 /* the socket is not connected yet, no msk/subflow ops can access/race
2329 * accessing the field below
2330 */
2331 WRITE_ONCE(msk->remote_key, subflow->remote_key);
2332 WRITE_ONCE(msk->local_key, subflow->local_key);
6d0060f6
MM		 2333 WRITE_ONCE(msk->write_seq, subflow->idsn + 1);
2334 WRITE_ONCE(msk->ack_seq, ack_seq);
d22f4988 2335 WRITE_ONCE(msk->can_ack, 1);
cc9d2566 2336 atomic64_set(&msk->snd_una, msk->write_seq);
1b1c7a0e
PK		 2337
2338 mptcp_pm_new_connection(msk, 0);
a6b118fe
FW		 2339
2340 mptcp_rcv_space_init(msk, ssk);
f870fa0b
MM		 2341}
2342
cf7da0d6
PK		 2343static void mptcp_sock_graft(struct sock *sk, struct socket *parent)
2344{
2345 write_lock_bh(&sk->sk_callback_lock);
2346 rcu_assign_pointer(sk->sk_wq, &parent->wq);
2347 sk_set_socket(sk, parent);
2348 sk->sk_uid = SOCK_INODE(parent)->i_uid;
2349 write_unlock_bh(&sk->sk_callback_lock);
2350}
2351
f296234c
PK		 2352bool mptcp_finish_join(struct sock *sk)
2353{
2354 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
2355 struct mptcp_sock *msk = mptcp_sk(subflow->conn);
2356 struct sock *parent = (void *)msk;
2357 struct socket *parent_sock;
ec3edaa7 2358 bool ret;
f296234c
PK		 2359
2360 pr_debug("msk=%p, subflow=%p", msk, subflow);
2361
2362 /* mptcp socket already closing? */
b93df08c 2363 if (!mptcp_is_fully_established(parent))
f296234c
PK		 2364 return false;
2365
2366 if (!msk->pm.server_side)
2367 return true;
2368
10f6d46c
PA		 2369 if (!mptcp_pm_allow_new_subflow(msk))
2370 return false;
2371
2372 /* active connections are already on conn_list, and we can't acquire
2373 * msk lock here.
2374 * use the join list lock as synchronization point and double-check
2375 * msk status to avoid racing with mptcp_close()
2376 */
2377 spin_lock_bh(&msk->join_list_lock);
2378 ret = inet_sk_state_load(parent) == TCP_ESTABLISHED;
2379 if (ret && !WARN_ON_ONCE(!list_empty(&subflow->node)))
2380 list_add_tail(&subflow->node, &msk->join_list);
2381 spin_unlock_bh(&msk->join_list_lock);
2382 if (!ret)
2383 return false;
2384
2385 /* attach to msk socket only after we are sure he will deal with us
2386 * at close time
2387 */
f296234c
PK		 2388 parent_sock = READ_ONCE(parent->sk_socket);
2389 if (parent_sock && !sk->sk_socket)
2390 mptcp_sock_graft(sk, parent_sock);
10f6d46c
PA		 2391 subflow->map_seq = msk->ack_seq;
2392 return true;
f296234c
PK		 2393}
2394
1891c4a0
FW		 2395static bool mptcp_memory_free(const struct sock *sk, int wake)
2396{
2397 struct mptcp_sock *msk = mptcp_sk(sk);
2398
2399 return wake ? test_bit(MPTCP_SEND_SPACE, &msk->flags) : true;
2400}
2401
f870fa0b
MM		 2402static struct proto mptcp_prot = {
2403 .name = "MPTCP",
2404 .owner = THIS_MODULE,
2405 .init = mptcp_init_sock,
18b683bf 2406 .disconnect = mptcp_disconnect,
f870fa0b 2407 .close = mptcp_close,
cf7da0d6 2408 .accept = mptcp_accept,
717e79c8
PK		 2409 .setsockopt = mptcp_setsockopt,
2410 .getsockopt = mptcp_getsockopt,
f870fa0b 2411 .shutdown = tcp_shutdown,
79c0949e 2412 .destroy = mptcp_destroy,
f870fa0b
MM		 2413 .sendmsg = mptcp_sendmsg,
2414 .recvmsg = mptcp_recvmsg,
14c441b5 2415 .release_cb = mptcp_release_cb,
2c5ebd00
PA		 2416 .hash = mptcp_hash,
2417 .unhash = mptcp_unhash,
cec37a6e 2418 .get_port = mptcp_get_port,
d027236c
PA		 2419 .sockets_allocated = &mptcp_sockets_allocated,
2420 .memory_allocated = &tcp_memory_allocated,
2421 .memory_pressure = &tcp_memory_pressure,
1891c4a0 2422 .stream_memory_free = mptcp_memory_free,
d027236c
PA		 2423 .sysctl_wmem_offset = offsetof(struct net, ipv4.sysctl_tcp_wmem),
2424 .sysctl_mem = sysctl_tcp_mem,
f870fa0b 2425 .obj_size = sizeof(struct mptcp_sock),
2c5ebd00 2426 .slab_flags = SLAB_TYPESAFE_BY_RCU,
f870fa0b
MM		 2427 .no_autobind = true,
2428};
2429
2303f994
PK		 2430static int mptcp_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
2431{
2432 struct mptcp_sock *msk = mptcp_sk(sock->sk);
2433 struct socket *ssock;
cf7da0d6 2434 int err;
2303f994
PK		 2435
2436 lock_sock(sock->sk);
fa68018d
PA		 2437 ssock = __mptcp_nmpc_socket(msk);
2438 if (!ssock) {
2439 err = -EINVAL;
2303f994
PK		 2440 goto unlock;
2441 }
2442
2443 err = ssock->ops->bind(ssock, uaddr, addr_len);
cf7da0d6
PK		 2444 if (!err)
2445 mptcp_copy_inaddrs(sock->sk, ssock->sk);
2303f994
PK		 2446
2447unlock:
2448 release_sock(sock->sk);
2449 return err;
2450}
2451
0235d075
PA		 2452static void mptcp_subflow_early_fallback(struct mptcp_sock *msk,
2453 struct mptcp_subflow_context *subflow)
2454{
2455 subflow->request_mptcp = 0;
2456 __mptcp_do_fallback(msk);
2457}
2458
2303f994
PK		 2459static int mptcp_stream_connect(struct socket *sock, struct sockaddr *uaddr,
2460 int addr_len, int flags)
2461{
2462 struct mptcp_sock *msk = mptcp_sk(sock->sk);
2c5ebd00 2463 struct mptcp_subflow_context *subflow;
2303f994
PK		 2464 struct socket *ssock;
2465 int err;
2466
2467 lock_sock(sock->sk);
41be81a8
PA		 2468 if (sock->state != SS_UNCONNECTED && msk->subflow) {
2469 /* pending connection or invalid state, let existing subflow
2470 * cope with that
2471 */
2472 ssock = msk->subflow;
2473 goto do_connect;
2474 }
2475
fa68018d
PA		 2476 ssock = __mptcp_nmpc_socket(msk);
2477 if (!ssock) {
2478 err = -EINVAL;
2303f994
PK		 2479 goto unlock;
2480 }
2481
fa68018d
PA		 2482 mptcp_token_destroy(msk);
2483 inet_sk_state_store(sock->sk, TCP_SYN_SENT);
2c5ebd00 2484 subflow = mptcp_subflow_ctx(ssock->sk);
cf7da0d6
PK		 2485#ifdef CONFIG_TCP_MD5SIG
2486 /* no MPTCP if MD5SIG is enabled on this socket or we may run out of
2487 * TCP option space.
2488 */
2489 if (rcu_access_pointer(tcp_sk(ssock->sk)->md5sig_info))
0235d075 2490 mptcp_subflow_early_fallback(msk, subflow);
cf7da0d6 2491#endif
2c5ebd00 2492 if (subflow->request_mptcp && mptcp_token_new_connect(ssock->sk))
0235d075 2493 mptcp_subflow_early_fallback(msk, subflow);
cf7da0d6 2494
41be81a8 2495do_connect:
2303f994 2496 err = ssock->ops->connect(ssock, uaddr, addr_len, flags);
41be81a8
PA		 2497 sock->state = ssock->state;
2498
2499 /* on successful connect, the msk state will be moved to established by
2500 * subflow_finish_connect()
2501 */
367fe04e 2502 if (!err || err == -EINPROGRESS)
41be81a8
PA		 2503 mptcp_copy_inaddrs(sock->sk, ssock->sk);
2504 else
2505 inet_sk_state_store(sock->sk, inet_sk_state_load(ssock->sk));
2303f994
PK		 2506
2507unlock:
2508 release_sock(sock->sk);
2509 return err;
2510}
2511
cf7da0d6
PK		 2512static int mptcp_listen(struct socket *sock, int backlog)
2513{
2514 struct mptcp_sock *msk = mptcp_sk(sock->sk);
2515 struct socket *ssock;
2516 int err;
2517
2518 pr_debug("msk=%p", msk);
2519
2520 lock_sock(sock->sk);
fa68018d
PA		 2521 ssock = __mptcp_nmpc_socket(msk);
2522 if (!ssock) {
2523 err = -EINVAL;
cf7da0d6
PK		 2524 goto unlock;
2525 }
2526
fa68018d
PA		 2527 mptcp_token_destroy(msk);
2528 inet_sk_state_store(sock->sk, TCP_LISTEN);
5e20087d
FW		 2529 sock_set_flag(sock->sk, SOCK_RCU_FREE);
2530
cf7da0d6
PK		 2531 err = ssock->ops->listen(ssock, backlog);
2532 inet_sk_state_store(sock->sk, inet_sk_state_load(ssock->sk));
2533 if (!err)
2534 mptcp_copy_inaddrs(sock->sk, ssock->sk);
2535
2536unlock:
2537 release_sock(sock->sk);
2538 return err;
2539}
2540
cf7da0d6
PK		 2541static int mptcp_stream_accept(struct socket *sock, struct socket *newsock,
2542 int flags, bool kern)
2543{
2544 struct mptcp_sock *msk = mptcp_sk(sock->sk);
2545 struct socket *ssock;
2546 int err;
2547
2548 pr_debug("msk=%p", msk);
2549
2550 lock_sock(sock->sk);
2551 if (sock->sk->sk_state != TCP_LISTEN)
2552 goto unlock_fail;
2553
2554 ssock = __mptcp_nmpc_socket(msk);
2555 if (!ssock)
2556 goto unlock_fail;
2557
8a05661b 2558 clear_bit(MPTCP_DATA_READY, &msk->flags);
cf7da0d6
PK		 2559 sock_hold(ssock->sk);
2560 release_sock(sock->sk);
2561
2562 err = ssock->ops->accept(sock, newsock, flags, kern);
d2f77c53 2563 if (err == 0 && !mptcp_is_tcpsk(newsock->sk)) {
cf7da0d6
PK		 2564 struct mptcp_sock *msk = mptcp_sk(newsock->sk);
2565 struct mptcp_subflow_context *subflow;
2566
2567 /* set ssk->sk_socket of accept()ed flows to mptcp socket.
2568 * This is needed so NOSPACE flag can be set from tcp stack.
2569 */
ec3edaa7 2570 __mptcp_flush_join_list(msk);
190f8b06 2571 mptcp_for_each_subflow(msk, subflow) {
cf7da0d6
PK		 2572 struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
2573
2574 if (!ssk->sk_socket)
2575 mptcp_sock_graft(ssk, newsock);
2576 }
cf7da0d6
PK		 2577 }
2578
8a05661b
PA		 2579 if (inet_csk_listen_poll(ssock->sk))
2580 set_bit(MPTCP_DATA_READY, &msk->flags);
cf7da0d6
PK		 2581 sock_put(ssock->sk);
2582 return err;
2583
2584unlock_fail:
2585 release_sock(sock->sk);
2586 return -EINVAL;
2587}
2588
8a05661b
PA		 2589static __poll_t mptcp_check_readable(struct mptcp_sock *msk)
2590{
2591 return test_bit(MPTCP_DATA_READY, &msk->flags) ? EPOLLIN | EPOLLRDNORM :
2592 0;
2593}
2594
2303f994
PK		 2595static __poll_t mptcp_poll(struct file *file, struct socket *sock,
2596 struct poll_table_struct *wait)
2597{
1891c4a0 2598 struct sock *sk = sock->sk;
8ab183de 2599 struct mptcp_sock *msk;
2303f994 2600 __poll_t mask = 0;
8a05661b 2601 int state;
2303f994 2602
1891c4a0 2603 msk = mptcp_sk(sk);
1891c4a0 2604 sock_poll_wait(file, sock, wait);
1891c4a0 2605
8a05661b 2606 state = inet_sk_state_load(sk);
6719331c 2607 pr_debug("msk=%p state=%d flags=%lx", msk, state, msk->flags);
8a05661b
PA		 2608 if (state == TCP_LISTEN)
2609 return mptcp_check_readable(msk);
2610
2611 if (state != TCP_SYN_SENT && state != TCP_SYN_RECV) {
2612 mask |= mptcp_check_readable(msk);
63561a40 2613 if (test_bit(MPTCP_SEND_SPACE, &msk->flags))
8a05661b
PA		 2614 mask |= EPOLLOUT | EPOLLWRNORM;
2615 }
1891c4a0
FW		 2616 if (sk->sk_shutdown & RCV_SHUTDOWN)
2617 mask |= EPOLLIN | EPOLLRDNORM | EPOLLRDHUP;
2618
2303f994
PK		 2619 return mask;
2620}
2621
21498490
PK		 2622static int mptcp_shutdown(struct socket *sock, int how)
2623{
2624 struct mptcp_sock *msk = mptcp_sk(sock->sk);
2625 struct mptcp_subflow_context *subflow;
2626 int ret = 0;
2627
2628 pr_debug("sk=%p, how=%d", msk, how);
2629
2630 lock_sock(sock->sk);
21498490
PK		 2631
2632 how++;
21498490
PK		 2633 if ((how & ~SHUTDOWN_MASK) || !how) {
2634 ret = -EINVAL;
2635 goto out_unlock;
2636 }
2637
2638 if (sock->state == SS_CONNECTING) {
2639 if ((1 << sock->sk->sk_state) &
2640 (TCPF_SYN_SENT | TCPF_SYN_RECV | TCPF_CLOSE))
2641 sock->state = SS_DISCONNECTING;
2642 else
2643 sock->state = SS_CONNECTED;
2644 }
2645
43b54c6e
MM		 2646 /* If we've already sent a FIN, or it's a closed state, skip this. */
2647 if (__mptcp_check_fallback(msk)) {
2648 if (how == SHUT_WR || how == SHUT_RDWR)
2649 inet_sk_state_store(sock->sk, TCP_FIN_WAIT1);
7279da61 2650
43b54c6e
MM		 2651 mptcp_for_each_subflow(msk, subflow) {
2652 struct sock *tcp_sk = mptcp_subflow_tcp_sock(subflow);
21498490 2653
43b54c6e
MM		 2654 mptcp_subflow_shutdown(sock->sk, tcp_sk, how);
2655 }
2656 } else if ((how & SEND_SHUTDOWN) &&
2657 ((1 << sock->sk->sk_state) &
2658 (TCPF_ESTABLISHED | TCPF_SYN_SENT |
2659 TCPF_SYN_RECV | TCPF_CLOSE_WAIT)) &&
2660 mptcp_close_state(sock->sk)) {
2661 __mptcp_flush_join_list(msk);
2662
2663 WRITE_ONCE(msk->write_seq, msk->write_seq + 1);
2664 WRITE_ONCE(msk->snd_data_fin_enable, 1);
2665
2666 mptcp_for_each_subflow(msk, subflow) {
2667 struct sock *tcp_sk = mptcp_subflow_tcp_sock(subflow);
2668
2669 mptcp_subflow_shutdown(sock->sk, tcp_sk, how);
2670 }
21498490
PK		 2671 }
2672
e1ff9e82
DC		 2673 /* Wake up anyone sleeping in poll. */
2674 sock->sk->sk_state_change(sock->sk);
2675
21498490
PK		 2676out_unlock:
2677 release_sock(sock->sk);
2678
2679 return ret;
2680}
2681
e42f1ac6
FW		 2682static const struct proto_ops mptcp_stream_ops = {
2683 .family = PF_INET,
2684 .owner = THIS_MODULE,
2685 .release = inet_release,
2686 .bind = mptcp_bind,
2687 .connect = mptcp_stream_connect,
2688 .socketpair = sock_no_socketpair,
2689 .accept = mptcp_stream_accept,
d2f77c53 2690 .getname = inet_getname,
e42f1ac6
FW		 2691 .poll = mptcp_poll,
2692 .ioctl = inet_ioctl,
2693 .gettstamp = sock_gettstamp,
2694 .listen = mptcp_listen,
2695 .shutdown = mptcp_shutdown,
2696 .setsockopt = sock_common_setsockopt,
2697 .getsockopt = sock_common_getsockopt,
2698 .sendmsg = inet_sendmsg,
2699 .recvmsg = inet_recvmsg,
2700 .mmap = sock_no_mmap,
2701 .sendpage = inet_sendpage,
e42f1ac6 2702};
2303f994 2703
f870fa0b
MM		 2704static struct inet_protosw mptcp_protosw = {
2705 .type = SOCK_STREAM,
2706 .protocol = IPPROTO_MPTCP,
2707 .prot = &mptcp_prot,
2303f994
PK		 2708 .ops = &mptcp_stream_ops,
2709 .flags = INET_PROTOSW_ICSK,
f870fa0b
MM		 2710};
2711
d39dceca 2712void __init mptcp_proto_init(void)
f870fa0b 2713{
2303f994 2714 mptcp_prot.h.hashinfo = tcp_prot.h.hashinfo;
2303f994 2715
d027236c
PA		 2716 if (percpu_counter_init(&mptcp_sockets_allocated, 0, GFP_KERNEL))
2717 panic("Failed to allocate MPTCP pcpu counter\n");
2718
2303f994 2719 mptcp_subflow_init();
1b1c7a0e 2720 mptcp_pm_init();
2c5ebd00 2721 mptcp_token_init();
2303f994 2722
f870fa0b
MM		 2723 if (proto_register(&mptcp_prot, 1) != 0)
2724 panic("Failed to register MPTCP proto.\n");
2725
2726 inet_register_protosw(&mptcp_protosw);
6771bfd9
FW		 2727
2728 BUILD_BUG_ON(sizeof(struct mptcp_skb_cb) > sizeof_field(struct sk_buff, cb));
f870fa0b
MM		 2729}
2730
2731#if IS_ENABLED(CONFIG_MPTCP_IPV6)
e42f1ac6
FW		 2732static const struct proto_ops mptcp_v6_stream_ops = {
2733 .family = PF_INET6,
2734 .owner = THIS_MODULE,
2735 .release = inet6_release,
2736 .bind = mptcp_bind,
2737 .connect = mptcp_stream_connect,
2738 .socketpair = sock_no_socketpair,
2739 .accept = mptcp_stream_accept,
d2f77c53 2740 .getname = inet6_getname,
e42f1ac6
FW		 2741 .poll = mptcp_poll,
2742 .ioctl = inet6_ioctl,
2743 .gettstamp = sock_gettstamp,
2744 .listen = mptcp_listen,
2745 .shutdown = mptcp_shutdown,
2746 .setsockopt = sock_common_setsockopt,
2747 .getsockopt = sock_common_getsockopt,
2748 .sendmsg = inet6_sendmsg,
2749 .recvmsg = inet6_recvmsg,
2750 .mmap = sock_no_mmap,
2751 .sendpage = inet_sendpage,
2752#ifdef CONFIG_COMPAT
3986912f 2753 .compat_ioctl = inet6_compat_ioctl,
e42f1ac6
FW		 2754#endif
2755};
2756
f870fa0b
MM		 2757static struct proto mptcp_v6_prot;
2758
79c0949e
PK		 2759static void mptcp_v6_destroy(struct sock *sk)
2760{
2761 mptcp_destroy(sk);
2762 inet6_destroy_sock(sk);
2763}
2764
f870fa0b
MM		 2765static struct inet_protosw mptcp_v6_protosw = {
2766 .type = SOCK_STREAM,
2767 .protocol = IPPROTO_MPTCP,
2768 .prot = &mptcp_v6_prot,
2303f994 2769 .ops = &mptcp_v6_stream_ops,
f870fa0b
MM		 2770 .flags = INET_PROTOSW_ICSK,
2771};
2772
d39dceca 2773int __init mptcp_proto_v6_init(void)
f870fa0b
MM		 2774{
2775 int err;
2776
2777 mptcp_v6_prot = mptcp_prot;
2778 strcpy(mptcp_v6_prot.name, "MPTCPv6");
2779 mptcp_v6_prot.slab = NULL;
79c0949e 2780 mptcp_v6_prot.destroy = mptcp_v6_destroy;
b0519de8 2781 mptcp_v6_prot.obj_size = sizeof(struct mptcp6_sock);
f870fa0b
MM		 2782
2783 err = proto_register(&mptcp_v6_prot, 1);
2784 if (err)
2785 return err;
2786
2787 err = inet6_register_protosw(&mptcp_v6_protosw);
2788 if (err)
2789 proto_unregister(&mptcp_v6_prot);
2790
2791 return err;
2792}
2793#endif
Linux 6.x block layer and io_uring tree(s)