projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
mptcp: fix memory accounting on allocation error
[linux-block.git] / net / mptcp / protocol.c
CommitLineData
f870fa0b
MM		 1// SPDX-License-Identifier: GPL-2.0
2/* Multipath TCP
3 *
4 * Copyright (c) 2017 - 2019, Intel Corporation.
5 */
6
7#define pr_fmt(fmt) "MPTCP: " fmt
8
9#include <linux/kernel.h>
10#include <linux/module.h>
11#include <linux/netdevice.h>
7a6a6cbc
PA		 12#include <linux/sched/signal.h>
13#include <linux/atomic.h>
ad98dd37 14#include <linux/igmp.h>
f870fa0b
MM		 15#include <net/sock.h>
16#include <net/inet_common.h>
17#include <net/inet_hashtables.h>
18#include <net/protocol.h>
19#include <net/tcp.h>
3721b9b6 20#include <net/tcp_states.h>
cf7da0d6
PK		 21#if IS_ENABLED(CONFIG_MPTCP_IPV6)
22#include <net/transp_v6.h>
ad98dd37 23#include <net/addrconf.h>
cf7da0d6 24#endif
f870fa0b 25#include <net/mptcp.h>
e16163b6 26#include <net/xfrm.h>
f870fa0b 27#include "protocol.h"
fc518953 28#include "mib.h"
f870fa0b 29
b0519de8
FW		 30#if IS_ENABLED(CONFIG_MPTCP_IPV6)
31struct mptcp6_sock {
32 struct mptcp_sock msk;
33 struct ipv6_pinfo np;
34};
35#endif
36
6771bfd9 37struct mptcp_skb_cb {
ab174ad8
PA		 38 u64 map_seq;
39 u64 end_seq;
6771bfd9
FW		 40 u32 offset;
41};
42
43#define MPTCP_SKB_CB(__skb) ((struct mptcp_skb_cb *)&((__skb)->cb[0]))
44
d027236c
PA		 45static struct percpu_counter mptcp_sockets_allocated;
46
e16163b6 47static void __mptcp_destroy_sock(struct sock *sk);
d9ca1de8 48static void __mptcp_check_send_data_fin(struct sock *sk);
e16163b6 49
b19bc294
PA		 50DEFINE_PER_CPU(struct mptcp_delegated_action, mptcp_delegated_actions);
51static struct net_device mptcp_napi_dev;
52
2303f994
PK		 53/* If msk has an initial subflow socket, and the MP_CAPABLE handshake has not
54 * completed yet or has failed, return the subflow socket.
55 * Otherwise return NULL.
56 */
1729cf18 57struct socket *__mptcp_nmpc_socket(const struct mptcp_sock *msk)
2303f994 58{
d22f4988 59 if (!msk->subflow || READ_ONCE(msk->can_ack))
2303f994
PK		 60 return NULL;
61
62 return msk->subflow;
63}
64
6f8a612a
FW		 65/* Returns end sequence number of the receiver's advertised window */
66static u64 mptcp_wnd_end(const struct mptcp_sock *msk)
67{
7439d687 68 return READ_ONCE(msk->wnd_end);
6f8a612a
FW		 69}
70
d2f77c53 71static bool mptcp_is_tcpsk(struct sock *sk)
0b4f33de
FW		 72{
73 struct socket *sock = sk->sk_socket;
74
0b4f33de
FW		 75 if (unlikely(sk->sk_prot == &tcp_prot)) {
76 /* we are being invoked after mptcp_accept() has
77 * accepted a non-mp-capable flow: sk is a tcp_sk,
78 * not an mptcp one.
79 *
80 * Hand the socket over to tcp so all further socket ops
81 * bypass mptcp.
82 */
83 sock->ops = &inet_stream_ops;
d2f77c53 84 return true;
0b4f33de
FW		 85#if IS_ENABLED(CONFIG_MPTCP_IPV6)
86 } else if (unlikely(sk->sk_prot == &tcpv6_prot)) {
87 sock->ops = &inet6_stream_ops;
d2f77c53 88 return true;
0b4f33de
FW		 89#endif
90 }
91
d2f77c53 92 return false;
0b4f33de
FW		 93}
94
76660afb 95static struct sock *__mptcp_tcp_fallback(struct mptcp_sock *msk)
cec37a6e 96{
cec37a6e
PK		 97 sock_owned_by_me((const struct sock *)msk);
98
e1ff9e82 99 if (likely(!__mptcp_check_fallback(msk)))
cec37a6e
PK		 100 return NULL;
101
76660afb 102 return msk->first;
cec37a6e
PK		 103}
104
fa68018d 105static int __mptcp_socket_create(struct mptcp_sock *msk)
2303f994
PK		 106{
107 struct mptcp_subflow_context *subflow;
108 struct sock *sk = (struct sock *)msk;
109 struct socket *ssock;
110 int err;
111
2303f994
PK		 112 err = mptcp_subflow_create_socket(sk, &ssock);
113 if (err)
fa68018d 114 return err;
2303f994 115
8ab183de 116 msk->first = ssock->sk;
2303f994
PK		 117 msk->subflow = ssock;
118 subflow = mptcp_subflow_ctx(ssock->sk);
cec37a6e 119 list_add(&subflow->node, &msk->conn_list);
e16163b6 120 sock_hold(ssock->sk);
2303f994 121 subflow->request_mptcp = 1;
866f26f2 122 mptcp_sock_graft(msk->first, sk->sk_socket);
e1ff9e82 123
fa68018d 124 return 0;
2303f994
PK		 125}
126
ab174ad8
PA		 127static void mptcp_drop(struct sock *sk, struct sk_buff *skb)
128{
129 sk_drops_add(sk, skb);
130 __kfree_skb(skb);
131}
132
8268ed4c
PA		 133static bool mptcp_try_coalesce(struct sock *sk, struct sk_buff *to,
134 struct sk_buff *from)
135{
136 bool fragstolen;
137 int delta;
138
139 if (MPTCP_SKB_CB(from)->offset ||
140 !skb_try_coalesce(to, from, &fragstolen, &delta))
141 return false;
142
06242e44
PA		 143 pr_debug("colesced seq %llx into %llx new len %d new end seq %llx",
144 MPTCP_SKB_CB(from)->map_seq, MPTCP_SKB_CB(to)->map_seq,
145 to->len, MPTCP_SKB_CB(from)->end_seq);
ab174ad8 146 MPTCP_SKB_CB(to)->end_seq = MPTCP_SKB_CB(from)->end_seq;
8268ed4c
PA		 147 kfree_skb_partial(from, fragstolen);
148 atomic_add(delta, &sk->sk_rmem_alloc);
149 sk_mem_charge(sk, delta);
150 return true;
151}
152
ab174ad8
PA		 153static bool mptcp_ooo_try_coalesce(struct mptcp_sock *msk, struct sk_buff *to,
154 struct sk_buff *from)
155{
156 if (MPTCP_SKB_CB(from)->map_seq != MPTCP_SKB_CB(to)->end_seq)
157 return false;
158
159 return mptcp_try_coalesce((struct sock *)msk, to, from);
160}
161
162/* "inspired" by tcp_data_queue_ofo(), main differences:
163 * - use mptcp seqs
164 * - don't cope with sacks
165 */
166static void mptcp_data_queue_ofo(struct mptcp_sock *msk, struct sk_buff *skb)
167{
168 struct sock *sk = (struct sock *)msk;
169 struct rb_node **p, *parent;
170 u64 seq, end_seq, max_seq;
171 struct sk_buff *skb1;
172
173 seq = MPTCP_SKB_CB(skb)->map_seq;
174 end_seq = MPTCP_SKB_CB(skb)->end_seq;
fa3fe2b1 175 max_seq = READ_ONCE(msk->rcv_wnd_sent);
ab174ad8 176
06242e44
PA		 177 pr_debug("msk=%p seq=%llx limit=%llx empty=%d", msk, seq, max_seq,
178 RB_EMPTY_ROOT(&msk->out_of_order_queue));
fa3fe2b1 179 if (after64(end_seq, max_seq)) {
ab174ad8
PA		 180 /* out of window */
181 mptcp_drop(sk, skb);
fa3fe2b1
FW		 182 pr_debug("oow by %lld, rcv_wnd_sent %llu\n",
183 (unsigned long long)end_seq - (unsigned long)max_seq,
184 (unsigned long long)msk->rcv_wnd_sent);
06242e44 185 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_NODSSWINDOW);
ab174ad8
PA		 186 return;
187 }
188
189 p = &msk->out_of_order_queue.rb_node;
06242e44 190 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_OFOQUEUE);
ab174ad8
PA		 191 if (RB_EMPTY_ROOT(&msk->out_of_order_queue)) {
192 rb_link_node(&skb->rbnode, NULL, p);
193 rb_insert_color(&skb->rbnode, &msk->out_of_order_queue);
194 msk->ooo_last_skb = skb;
195 goto end;
196 }
197
198 /* with 2 subflows, adding at end of ooo queue is quite likely
199 * Use of ooo_last_skb avoids the O(Log(N)) rbtree lookup.
200 */
06242e44
PA		 201 if (mptcp_ooo_try_coalesce(msk, msk->ooo_last_skb, skb)) {
202 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_OFOMERGE);
203 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_OFOQUEUETAIL);
ab174ad8 204 return;
06242e44 205 }
ab174ad8
PA		 206
207 /* Can avoid an rbtree lookup if we are adding skb after ooo_last_skb */
208 if (!before64(seq, MPTCP_SKB_CB(msk->ooo_last_skb)->end_seq)) {
06242e44 209 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_OFOQUEUETAIL);
ab174ad8
PA		 210 parent = &msk->ooo_last_skb->rbnode;
211 p = &parent->rb_right;
212 goto insert;
213 }
214
215 /* Find place to insert this segment. Handle overlaps on the way. */
216 parent = NULL;
217 while (*p) {
218 parent = *p;
219 skb1 = rb_to_skb(parent);
220 if (before64(seq, MPTCP_SKB_CB(skb1)->map_seq)) {
221 p = &parent->rb_left;
222 continue;
223 }
224 if (before64(seq, MPTCP_SKB_CB(skb1)->end_seq)) {
225 if (!after64(end_seq, MPTCP_SKB_CB(skb1)->end_seq)) {
226 /* All the bits are present. Drop. */
227 mptcp_drop(sk, skb);
06242e44 228 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_DUPDATA);
ab174ad8
PA		 229 return;
230 }
231 if (after64(seq, MPTCP_SKB_CB(skb1)->map_seq)) {
232 /* partial overlap:
233 * | skb |
234 * | skb1 |
235 * continue traversing
236 */
237 } else {
238 /* skb's seq == skb1's seq and skb covers skb1.
239 * Replace skb1 with skb.
240 */
241 rb_replace_node(&skb1->rbnode, &skb->rbnode,
242 &msk->out_of_order_queue);
243 mptcp_drop(sk, skb1);
06242e44 244 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_DUPDATA);
ab174ad8
PA		 245 goto merge_right;
246 }
247 } else if (mptcp_ooo_try_coalesce(msk, skb1, skb)) {
06242e44 248 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_OFOMERGE);
ab174ad8
PA		 249 return;
250 }
251 p = &parent->rb_right;
252 }
06242e44 253
ab174ad8
PA		 254insert:
255 /* Insert segment into RB tree. */
256 rb_link_node(&skb->rbnode, parent, p);
257 rb_insert_color(&skb->rbnode, &msk->out_of_order_queue);
258
259merge_right:
260 /* Remove other segments covered by skb. */
261 while ((skb1 = skb_rb_next(skb)) != NULL) {
262 if (before64(end_seq, MPTCP_SKB_CB(skb1)->end_seq))
263 break;
264 rb_erase(&skb1->rbnode, &msk->out_of_order_queue);
265 mptcp_drop(sk, skb1);
06242e44 266 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_DUPDATA);
ab174ad8
PA		 267 }
268 /* If there is no skb after us, we are the last_skb ! */
269 if (!skb1)
270 msk->ooo_last_skb = skb;
271
272end:
273 skb_condense(skb);
274 skb_set_owner_r(skb, sk);
275}
276
277static bool __mptcp_move_skb(struct mptcp_sock *msk, struct sock *ssk,
278 struct sk_buff *skb, unsigned int offset,
279 size_t copy_len)
6771bfd9 280{
ab174ad8 281 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk);
6771bfd9 282 struct sock *sk = (struct sock *)msk;
4e637c70 283 struct sk_buff *tail;
6771bfd9
FW		 284
285 __skb_unlink(skb, &ssk->sk_receive_queue);
6771bfd9 286
4e637c70
FW		 287 skb_ext_reset(skb);
288 skb_orphan(skb);
ab174ad8 289
9c3f94e1
PA		 290 /* try to fetch required memory from subflow */
291 if (!sk_rmem_schedule(sk, skb, skb->truesize)) {
292 if (ssk->sk_forward_alloc < skb->truesize)
293 goto drop;
294 __sk_mem_reclaim(ssk, skb->truesize);
295 if (!sk_rmem_schedule(sk, skb, skb->truesize))
296 goto drop;
297 }
298
ab174ad8
PA		 299 /* the skb map_seq accounts for the skb offset:
300 * mptcp_subflow_get_mapped_dsn() is based on the current tp->copied_seq
301 * value
302 */
303 MPTCP_SKB_CB(skb)->map_seq = mptcp_subflow_get_mapped_dsn(subflow);
304 MPTCP_SKB_CB(skb)->end_seq = MPTCP_SKB_CB(skb)->map_seq + copy_len;
8268ed4c 305 MPTCP_SKB_CB(skb)->offset = offset;
4e637c70 306
ab174ad8
PA		 307 if (MPTCP_SKB_CB(skb)->map_seq == msk->ack_seq) {
308 /* in sequence */
8b0308fe 309 WRITE_ONCE(msk->ack_seq, msk->ack_seq + copy_len);
ab174ad8
PA		 310 tail = skb_peek_tail(&sk->sk_receive_queue);
311 if (tail && mptcp_try_coalesce(sk, tail, skb))
312 return true;
4e637c70 313
ab174ad8
PA		 314 skb_set_owner_r(skb, sk);
315 __skb_queue_tail(&sk->sk_receive_queue, skb);
316 return true;
317 } else if (after64(MPTCP_SKB_CB(skb)->map_seq, msk->ack_seq)) {
318 mptcp_data_queue_ofo(msk, skb);
319 return false;
320 }
321
322 /* old data, keep it simple and drop the whole pkt, sender
323 * will retransmit as needed, if needed.
324 */
06242e44 325 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_DUPDATA);
9c3f94e1 326drop:
ab174ad8
PA		 327 mptcp_drop(sk, skb);
328 return false;
6771bfd9
FW		 329}
330
16a9a9da
MM		 331static void mptcp_stop_timer(struct sock *sk)
332{
333 struct inet_connection_sock *icsk = inet_csk(sk);
334
335 sk_stop_timer(sk, &icsk->icsk_retransmit_timer);
336 mptcp_sk(sk)->timer_ival = 0;
337}
338
e16163b6
PA		 339static void mptcp_close_wake_up(struct sock *sk)
340{
341 if (sock_flag(sk, SOCK_DEAD))
342 return;
343
344 sk->sk_state_change(sk);
345 if (sk->sk_shutdown == SHUTDOWN_MASK ||
346 sk->sk_state == TCP_CLOSE)
347 sk_wake_async(sk, SOCK_WAKE_WAITD, POLL_HUP);
348 else
349 sk_wake_async(sk, SOCK_WAKE_WAITD, POLL_IN);
350}
351
6e628cd3 352static bool mptcp_pending_data_fin_ack(struct sock *sk)
16a9a9da
MM		 353{
354 struct mptcp_sock *msk = mptcp_sk(sk);
355
6e628cd3
PA		 356 return !__mptcp_check_fallback(msk) &&
357 ((1 << sk->sk_state) &
358 (TCPF_FIN_WAIT1 | TCPF_CLOSING | TCPF_LAST_ACK)) &&
359 msk->write_seq == READ_ONCE(msk->snd_una);
360}
361
362static void mptcp_check_data_fin_ack(struct sock *sk)
363{
364 struct mptcp_sock *msk = mptcp_sk(sk);
16a9a9da
MM		 365
366 /* Look for an acknowledged DATA_FIN */
6e628cd3 367 if (mptcp_pending_data_fin_ack(sk)) {
16a9a9da
MM		 368 WRITE_ONCE(msk->snd_data_fin_enable, 0);
369
370 switch (sk->sk_state) {
371 case TCP_FIN_WAIT1:
372 inet_sk_state_store(sk, TCP_FIN_WAIT2);
16a9a9da
MM		 373 break;
374 case TCP_CLOSING:
16a9a9da
MM		 375 case TCP_LAST_ACK:
376 inet_sk_state_store(sk, TCP_CLOSE);
16a9a9da
MM		 377 break;
378 }
379
e16163b6 380 mptcp_close_wake_up(sk);
16a9a9da
MM		 381 }
382}
383
3721b9b6
MM		 384static bool mptcp_pending_data_fin(struct sock *sk, u64 *seq)
385{
386 struct mptcp_sock *msk = mptcp_sk(sk);
387
388 if (READ_ONCE(msk->rcv_data_fin) &&
389 ((1 << sk->sk_state) &
390 (TCPF_ESTABLISHED | TCPF_FIN_WAIT1 | TCPF_FIN_WAIT2))) {
391 u64 rcv_data_fin_seq = READ_ONCE(msk->rcv_data_fin_seq);
392
393 if (msk->ack_seq == rcv_data_fin_seq) {
394 if (seq)
395 *seq = rcv_data_fin_seq;
396
397 return true;
398 }
399 }
400
401 return false;
402}
403
404static void mptcp_set_timeout(const struct sock *sk, const struct sock *ssk)
405{
406 long tout = ssk && inet_csk(ssk)->icsk_pending ?
407 inet_csk(ssk)->icsk_timeout - jiffies : 0;
408
409 if (tout <= 0)
410 tout = mptcp_sk(sk)->timer_ival;
411 mptcp_sk(sk)->timer_ival = tout > 0 ? tout : TCP_RTO_MIN;
412}
413
ea4ca586
PA		 414static bool mptcp_subflow_active(struct mptcp_subflow_context *subflow)
415{
416 struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
417
418 /* can't send if JOIN hasn't completed yet (i.e. is usable for mptcp) */
419 if (subflow->request_join && !subflow->fully_established)
420 return false;
421
422 /* only send if our side has not closed yet */
423 return ((1 << ssk->sk_state) & (TCPF_ESTABLISHED | TCPF_CLOSE_WAIT));
424}
425
fd897679
PA		 426static bool tcp_can_send_ack(const struct sock *ssk)
427{
428 return !((1 << inet_sk_state_load(ssk)) &
20bc80b6 429 (TCPF_SYN_SENT | TCPF_SYN_RECV | TCPF_TIME_WAIT | TCPF_CLOSE | TCPF_LISTEN));
fd897679
PA		 430}
431
432static void mptcp_send_ack(struct mptcp_sock *msk)
7ed90803
PA		 433{
434 struct mptcp_subflow_context *subflow;
435
436 mptcp_for_each_subflow(msk, subflow) {
437 struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
438
fd897679
PA		 439 lock_sock(ssk);
440 if (tcp_can_send_ack(ssk))
ea4ca586 441 tcp_send_ack(ssk);
fd897679 442 release_sock(ssk);
ea4ca586 443 }
fd897679
PA		 444}
445
446static bool mptcp_subflow_cleanup_rbuf(struct sock *ssk)
447{
448 int ret;
449
450 lock_sock(ssk);
451 ret = tcp_can_send_ack(ssk);
452 if (ret)
453 tcp_cleanup_rbuf(ssk, 1);
454 release_sock(ssk);
455 return ret;
456}
457
458static void mptcp_cleanup_rbuf(struct mptcp_sock *msk)
459{
87952603 460 struct sock *ack_hint = READ_ONCE(msk->ack_hint);
e3859603 461 int old_space = READ_ONCE(msk->old_wspace);
fd897679 462 struct mptcp_subflow_context *subflow;
e3859603
PA		 463 struct sock *sk = (struct sock *)msk;
464 bool cleanup;
465
466 /* this is a simple superset of what tcp_cleanup_rbuf() implements
467 * so that we don't have to acquire the ssk socket lock most of the time
468 * to do actually nothing
469 */
470 cleanup = __mptcp_space(sk) - old_space >= max(0, old_space);
471 if (!cleanup)
472 return;
fd897679
PA		 473
474 /* if the hinted ssk is still active, try to use it */
87952603 475 if (likely(ack_hint)) {
fd897679
PA		 476 mptcp_for_each_subflow(msk, subflow) {
477 struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
478
87952603 479 if (ack_hint == ssk && mptcp_subflow_cleanup_rbuf(ssk))
fd897679
PA		 480 return;
481 }
7ed90803 482 }
fd897679
PA		 483
484 /* otherwise pick the first active subflow */
485 mptcp_for_each_subflow(msk, subflow)
486 if (mptcp_subflow_cleanup_rbuf(mptcp_subflow_tcp_sock(subflow)))
487 return;
7ed90803
PA		 488}
489
490static bool mptcp_check_data_fin(struct sock *sk)
3721b9b6
MM		 491{
492 struct mptcp_sock *msk = mptcp_sk(sk);
493 u64 rcv_data_fin_seq;
7ed90803 494 bool ret = false;
3721b9b6
MM		 495
496 if (__mptcp_check_fallback(msk) || !msk->first)
7ed90803 497 return ret;
3721b9b6
MM		 498
499 /* Need to ack a DATA_FIN received from a peer while this side
500 * of the connection is in ESTABLISHED, FIN_WAIT1, or FIN_WAIT2.
501 * msk->rcv_data_fin was set when parsing the incoming options
502 * at the subflow level and the msk lock was not held, so this
503 * is the first opportunity to act on the DATA_FIN and change
504 * the msk state.
505 *
506 * If we are caught up to the sequence number of the incoming
507 * DATA_FIN, send the DATA_ACK now and do state transition. If
508 * not caught up, do nothing and let the recv code send DATA_ACK
509 * when catching up.
510 */
511
512 if (mptcp_pending_data_fin(sk, &rcv_data_fin_seq)) {
917944da 513 WRITE_ONCE(msk->ack_seq, msk->ack_seq + 1);
3721b9b6
MM		 514 WRITE_ONCE(msk->rcv_data_fin, 0);
515
516 sk->sk_shutdown |= RCV_SHUTDOWN;
16a9a9da
MM		 517 smp_mb__before_atomic(); /* SHUTDOWN must be visible first */
518 set_bit(MPTCP_DATA_READY, &msk->flags);
3721b9b6
MM		 519
520 switch (sk->sk_state) {
521 case TCP_ESTABLISHED:
522 inet_sk_state_store(sk, TCP_CLOSE_WAIT);
523 break;
524 case TCP_FIN_WAIT1:
525 inet_sk_state_store(sk, TCP_CLOSING);
526 break;
527 case TCP_FIN_WAIT2:
528 inet_sk_state_store(sk, TCP_CLOSE);
3721b9b6
MM		 529 break;
530 default:
531 /* Other states not expected */
532 WARN_ON_ONCE(1);
533 break;
534 }
535
7ed90803 536 ret = true;
3721b9b6 537 mptcp_set_timeout(sk, NULL);
fd897679 538 mptcp_send_ack(msk);
e16163b6 539 mptcp_close_wake_up(sk);
3721b9b6 540 }
7ed90803 541 return ret;
3721b9b6
MM		 542}
543
6771bfd9
FW		 544static bool __mptcp_move_skbs_from_subflow(struct mptcp_sock *msk,
545 struct sock *ssk,
546 unsigned int *bytes)
547{
548 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk);
600911ff 549 struct sock *sk = (struct sock *)msk;
6771bfd9
FW		 550 unsigned int moved = 0;
551 bool more_data_avail;
552 struct tcp_sock *tp;
553 bool done = false;
13c7ba0c
FW		 554 int sk_rbuf;
555
556 sk_rbuf = READ_ONCE(sk->sk_rcvbuf);
557
558 if (!(sk->sk_userlocks & SOCK_RCVBUF_LOCK)) {
559 int ssk_rbuf = READ_ONCE(ssk->sk_rcvbuf);
560
561 if (unlikely(ssk_rbuf > sk_rbuf)) {
562 WRITE_ONCE(sk->sk_rcvbuf, ssk_rbuf);
563 sk_rbuf = ssk_rbuf;
564 }
565 }
600911ff 566
ab174ad8 567 pr_debug("msk=%p ssk=%p", msk, ssk);
6771bfd9
FW		 568 tp = tcp_sk(ssk);
569 do {
570 u32 map_remaining, offset;
571 u32 seq = tp->copied_seq;
572 struct sk_buff *skb;
573 bool fin;
574
575 /* try to move as much data as available */
576 map_remaining = subflow->map_data_len -
577 mptcp_subflow_get_map_offset(subflow);
578
579 skb = skb_peek(&ssk->sk_receive_queue);
d9fb8c50
PA		 580 if (!skb) {
581 /* if no data is found, a racing workqueue/recvmsg
582 * already processed the new data, stop here or we
583 * can enter an infinite loop
584 */
585 if (!moved)
586 done = true;
6771bfd9 587 break;
d9fb8c50 588 }
6771bfd9 589
e1ff9e82
DC		 590 if (__mptcp_check_fallback(msk)) {
591 /* if we are running under the workqueue, TCP could have
592 * collapsed skbs between dummy map creation and now
593 * be sure to adjust the size
594 */
595 map_remaining = skb->len;
596 subflow->map_data_len = skb->len;
597 }
598
6771bfd9
FW		 599 offset = seq - TCP_SKB_CB(skb)->seq;
600 fin = TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN;
601 if (fin) {
602 done = true;
603 seq++;
604 }
605
606 if (offset < skb->len) {
607 size_t len = skb->len - offset;
608
609 if (tp->urg_data)
610 done = true;
611
ab174ad8
PA		 612 if (__mptcp_move_skb(msk, ssk, skb, offset, len))
613 moved += len;
6771bfd9 614 seq += len;
6771bfd9
FW		 615
616 if (WARN_ON_ONCE(map_remaining < len))
617 break;
618 } else {
619 WARN_ON_ONCE(!fin);
620 sk_eat_skb(ssk, skb);
621 done = true;
622 }
623
624 WRITE_ONCE(tp->copied_seq, seq);
625 more_data_avail = mptcp_subflow_data_available(ssk);
600911ff 626
13c7ba0c 627 if (atomic_read(&sk->sk_rmem_alloc) > sk_rbuf) {
600911ff
FW		 628 done = true;
629 break;
630 }
6771bfd9 631 } while (more_data_avail);
87952603 632 WRITE_ONCE(msk->ack_hint, ssk);
6771bfd9 633
6719331c 634 *bytes += moved;
6771bfd9
FW		 635 return done;
636}
637
87952603 638static bool __mptcp_ofo_queue(struct mptcp_sock *msk)
ab174ad8
PA		 639{
640 struct sock *sk = (struct sock *)msk;
641 struct sk_buff *skb, *tail;
642 bool moved = false;
643 struct rb_node *p;
644 u64 end_seq;
645
646 p = rb_first(&msk->out_of_order_queue);
06242e44 647 pr_debug("msk=%p empty=%d", msk, RB_EMPTY_ROOT(&msk->out_of_order_queue));
ab174ad8
PA		 648 while (p) {
649 skb = rb_to_skb(p);
650 if (after64(MPTCP_SKB_CB(skb)->map_seq, msk->ack_seq))
651 break;
652
653 p = rb_next(p);
654 rb_erase(&skb->rbnode, &msk->out_of_order_queue);
655
656 if (unlikely(!after64(MPTCP_SKB_CB(skb)->end_seq,
657 msk->ack_seq))) {
658 mptcp_drop(sk, skb);
06242e44 659 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_DUPDATA);
ab174ad8
PA		 660 continue;
661 }
662
663 end_seq = MPTCP_SKB_CB(skb)->end_seq;
664 tail = skb_peek_tail(&sk->sk_receive_queue);
665 if (!tail || !mptcp_ooo_try_coalesce(msk, tail, skb)) {
666 int delta = msk->ack_seq - MPTCP_SKB_CB(skb)->map_seq;
667
668 /* skip overlapping data, if any */
06242e44
PA		 669 pr_debug("uncoalesced seq=%llx ack seq=%llx delta=%d",
670 MPTCP_SKB_CB(skb)->map_seq, msk->ack_seq,
671 delta);
ab174ad8
PA		 672 MPTCP_SKB_CB(skb)->offset += delta;
673 __skb_queue_tail(&sk->sk_receive_queue, skb);
674 }
675 msk->ack_seq = end_seq;
676 moved = true;
677 }
678 return moved;
679}
680
2e52213c
FW		 681/* In most cases we will be able to lock the mptcp socket. If its already
682 * owned, we need to defer to the work queue to avoid ABBA deadlock.
683 */
87952603 684static void move_skbs_to_msk(struct mptcp_sock *msk, struct sock *ssk)
2e52213c
FW		 685{
686 struct sock *sk = (struct sock *)msk;
687 unsigned int moved = 0;
688
87952603
PA		 689 if (inet_sk_state_load(sk) == TCP_CLOSE)
690 return;
ab174ad8 691
87952603 692 mptcp_data_lock(sk);
2e52213c 693
87952603
PA		 694 __mptcp_move_skbs_from_subflow(msk, ssk, &moved);
695 __mptcp_ofo_queue(msk);
2e52213c 696
87952603
PA		 697 /* If the moves have caught up with the DATA_FIN sequence number
698 * it's time to ack the DATA_FIN and change socket state, but
699 * this is not a good place to change state. Let the workqueue
700 * do it.
701 */
702 if (mptcp_pending_data_fin(sk, NULL))
703 mptcp_schedule_work(sk);
704 mptcp_data_unlock(sk);
2e52213c
FW		 705}
706
707void mptcp_data_ready(struct sock *sk, struct sock *ssk)
101f6f85 708{
6719331c 709 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk);
101f6f85 710 struct mptcp_sock *msk = mptcp_sk(sk);
13c7ba0c 711 int sk_rbuf, ssk_rbuf;
6719331c 712 bool wake;
101f6f85 713
d7b1bfd0
PA		 714 /* The peer can send data while we are shutting down this
715 * subflow at msk destruction time, but we must avoid enqueuing
716 * more data to the msk receive queue
717 */
718 if (unlikely(subflow->disposable))
719 return;
720
6719331c
PA		 721 /* move_skbs_to_msk below can legitly clear the data_avail flag,
722 * but we will need later to properly woke the reader, cache its
723 * value
724 */
725 wake = subflow->data_avail == MPTCP_SUBFLOW_DATA_AVAIL;
726 if (wake)
727 set_bit(MPTCP_DATA_READY, &msk->flags);
6771bfd9 728
13c7ba0c
FW		 729 ssk_rbuf = READ_ONCE(ssk->sk_rcvbuf);
730 sk_rbuf = READ_ONCE(sk->sk_rcvbuf);
731 if (unlikely(ssk_rbuf > sk_rbuf))
732 sk_rbuf = ssk_rbuf;
733
734 /* over limit? can't append more skbs to msk */
735 if (atomic_read(&sk->sk_rmem_alloc) > sk_rbuf)
2e52213c
FW		 736 goto wake;
737
ea4ca586 738 move_skbs_to_msk(msk, ssk);
600911ff 739
600911ff 740wake:
6719331c
PA		 741 if (wake)
742 sk->sk_data_ready(sk);
101f6f85
FW		 743}
744
84dfe367 745void __mptcp_flush_join_list(struct mptcp_sock *msk)
ec3edaa7 746{
5cf92bba
PA		 747 struct mptcp_subflow_context *subflow;
748
ec3edaa7
PK		 749 if (likely(list_empty(&msk->join_list)))
750 return;
751
752 spin_lock_bh(&msk->join_list_lock);
5cf92bba
PA		 753 list_for_each_entry(subflow, &msk->join_list, node)
754 mptcp_propagate_sndbuf((struct sock *)msk, mptcp_subflow_tcp_sock(subflow));
ec3edaa7
PK		 755 list_splice_tail_init(&msk->join_list, &msk->conn_list);
756 spin_unlock_bh(&msk->join_list_lock);
757}
758
b51f9b80
PA		 759static bool mptcp_timer_pending(struct sock *sk)
760{
761 return timer_pending(&inet_csk(sk)->icsk_retransmit_timer);
762}
763
764static void mptcp_reset_timer(struct sock *sk)
765{
766 struct inet_connection_sock *icsk = inet_csk(sk);
767 unsigned long tout;
768
e16163b6
PA		 769 /* prevent rescheduling on close */
770 if (unlikely(inet_sk_state_load(sk) == TCP_CLOSE))
771 return;
772
b51f9b80
PA		 773 /* should never be called with mptcp level timer cleared */
774 tout = READ_ONCE(mptcp_sk(sk)->timer_ival);
775 if (WARN_ON_ONCE(!tout))
776 tout = TCP_RTO_MIN;
777 sk_reset_timer(sk, &icsk->icsk_retransmit_timer, jiffies + tout);
778}
779
ba8f48f7
PA		 780bool mptcp_schedule_work(struct sock *sk)
781{
782 if (inet_sk_state_load(sk) != TCP_CLOSE &&
783 schedule_work(&mptcp_sk(sk)->work)) {
784 /* each subflow already holds a reference to the sk, and the
785 * workqueue is invoked by a subflow, so sk can't go away here.
786 */
787 sock_hold(sk);
788 return true;
789 }
790 return false;
791}
792
59832e24
FW		 793void mptcp_subflow_eof(struct sock *sk)
794{
ba8f48f7
PA		 795 if (!test_and_set_bit(MPTCP_WORK_EOF, &mptcp_sk(sk)->flags))
796 mptcp_schedule_work(sk);
59832e24
FW		 797}
798
5969856a
PA		 799static void mptcp_check_for_eof(struct mptcp_sock *msk)
800{
801 struct mptcp_subflow_context *subflow;
802 struct sock *sk = (struct sock *)msk;
803 int receivers = 0;
804
805 mptcp_for_each_subflow(msk, subflow)
806 receivers += !subflow->rx_eof;
e16163b6
PA		 807 if (receivers)
808 return;
5969856a 809
e16163b6 810 if (!(sk->sk_shutdown & RCV_SHUTDOWN)) {
5969856a
PA		 811 /* hopefully temporary hack: propagate shutdown status
812 * to msk, when all subflows agree on it
813 */
814 sk->sk_shutdown |= RCV_SHUTDOWN;
815
816 smp_mb__before_atomic(); /* SHUTDOWN must be visible first */
817 set_bit(MPTCP_DATA_READY, &msk->flags);
818 sk->sk_data_ready(sk);
819 }
e16163b6
PA		 820
821 switch (sk->sk_state) {
822 case TCP_ESTABLISHED:
823 inet_sk_state_store(sk, TCP_CLOSE_WAIT);
824 break;
825 case TCP_FIN_WAIT1:
26aa2314
PA		 826 inet_sk_state_store(sk, TCP_CLOSING);
827 break;
828 case TCP_FIN_WAIT2:
e16163b6
PA		 829 inet_sk_state_store(sk, TCP_CLOSE);
830 break;
831 default:
832 return;
833 }
834 mptcp_close_wake_up(sk);
5969856a
PA		 835}
836
7a6a6cbc
PA		 837static struct sock *mptcp_subflow_recv_lookup(const struct mptcp_sock *msk)
838{
839 struct mptcp_subflow_context *subflow;
840 struct sock *sk = (struct sock *)msk;
841
842 sock_owned_by_me(sk);
843
844 mptcp_for_each_subflow(msk, subflow) {
845 if (subflow->data_avail)
846 return mptcp_subflow_tcp_sock(subflow);
847 }
848
849 return NULL;
850}
851
3f8e0aae
PA		 852static bool mptcp_skb_can_collapse_to(u64 write_seq,
853 const struct sk_buff *skb,
854 const struct mptcp_ext *mpext)
57040755
PA		 855{
856 if (!tcp_skb_can_collapse_to(skb))
857 return false;
858
5a369ca6
PA		 859 /* can collapse only if MPTCP level sequence is in order and this
860 * mapping has not been xmitted yet
861 */
862 return mpext && mpext->data_seq + mpext->data_len == write_seq &&
863 !mpext->frozen;
57040755
PA		 864}
865
18b683bf
PA		 866static bool mptcp_frag_can_collapse_to(const struct mptcp_sock *msk,
867 const struct page_frag *pfrag,
868 const struct mptcp_data_frag *df)
869{
870 return df && pfrag->page == df->page &&
d9ca1de8 871 pfrag->size - pfrag->offset > 0 &&
18b683bf
PA		 872 df->data_seq + df->data_len == msk->write_seq;
873}
874
724cfd2e 875static int mptcp_wmem_with_overhead(struct sock *sk, int size)
e93da928 876{
724cfd2e
PA		 877 struct mptcp_sock *msk = mptcp_sk(sk);
878 int ret, skbs;
879
880 ret = size + ((sizeof(struct mptcp_data_frag) * size) >> PAGE_SHIFT);
881 skbs = (msk->tx_pending_data + size) / msk->size_goal_cache;
882 if (skbs < msk->skb_tx_cache.qlen)
883 return ret;
884
885 return ret + (skbs - msk->skb_tx_cache.qlen) * SKB_TRUESIZE(MAX_TCP_HEADER);
e93da928
PA		 886}
887
888static void __mptcp_wmem_reserve(struct sock *sk, int size)
889{
724cfd2e 890 int amount = mptcp_wmem_with_overhead(sk, size);
e93da928
PA		 891 struct mptcp_sock *msk = mptcp_sk(sk);
892
893 WARN_ON_ONCE(msk->wmem_reserved);
e7579d5d
DC		 894 if (WARN_ON_ONCE(amount < 0))
895 amount = 0;
896
e93da928
PA		 897 if (amount <= sk->sk_forward_alloc)
898 goto reserve;
899
900 /* under memory pressure try to reserve at most a single page
901 * otherwise try to reserve the full estimate and fallback
902 * to a single page before entering the error path
903 */
904 if ((tcp_under_memory_pressure(sk) && amount > PAGE_SIZE) ||
905 !sk_wmem_schedule(sk, amount)) {
906 if (amount <= PAGE_SIZE)
907 goto nomem;
908
909 amount = PAGE_SIZE;
910 if (!sk_wmem_schedule(sk, amount))
911 goto nomem;
912 }
913
914reserve:
915 msk->wmem_reserved = amount;
916 sk->sk_forward_alloc -= amount;
917 return;
918
919nomem:
920 /* we will wait for memory on next allocation */
921 msk->wmem_reserved = -1;
922}
923
924static void __mptcp_update_wmem(struct sock *sk)
925{
926 struct mptcp_sock *msk = mptcp_sk(sk);
927
928 if (!msk->wmem_reserved)
929 return;
930
931 if (msk->wmem_reserved < 0)
932 msk->wmem_reserved = 0;
933 if (msk->wmem_reserved > 0) {
934 sk->sk_forward_alloc += msk->wmem_reserved;
935 msk->wmem_reserved = 0;
936 }
937}
938
939static bool mptcp_wmem_alloc(struct sock *sk, int size)
940{
941 struct mptcp_sock *msk = mptcp_sk(sk);
942
943 /* check for pre-existing error condition */
944 if (msk->wmem_reserved < 0)
945 return false;
946
947 if (msk->wmem_reserved >= size)
948 goto account;
949
87952603
PA		 950 mptcp_data_lock(sk);
951 if (!sk_wmem_schedule(sk, size)) {
952 mptcp_data_unlock(sk);
e93da928 953 return false;
87952603 954 }
e93da928
PA		 955
956 sk->sk_forward_alloc -= size;
957 msk->wmem_reserved += size;
87952603 958 mptcp_data_unlock(sk);
e93da928
PA		 959
960account:
961 msk->wmem_reserved -= size;
962 return true;
963}
964
87952603
PA		 965static void mptcp_wmem_uncharge(struct sock *sk, int size)
966{
967 struct mptcp_sock *msk = mptcp_sk(sk);
968
969 if (msk->wmem_reserved < 0)
970 msk->wmem_reserved = 0;
971 msk->wmem_reserved += size;
972}
973
724cfd2e
PA		 974static void mptcp_mem_reclaim_partial(struct sock *sk)
975{
976 struct mptcp_sock *msk = mptcp_sk(sk);
977
978 /* if we are experiencing a transint allocation error,
979 * the forward allocation memory has been already
980 * released
981 */
982 if (msk->wmem_reserved < 0)
983 return;
984
985 mptcp_data_lock(sk);
986 sk->sk_forward_alloc += msk->wmem_reserved;
987 sk_mem_reclaim_partial(sk);
988 msk->wmem_reserved = sk->sk_forward_alloc;
989 sk->sk_forward_alloc = 0;
990 mptcp_data_unlock(sk);
991}
992
d027236c
PA		 993static void dfrag_uncharge(struct sock *sk, int len)
994{
995 sk_mem_uncharge(sk, len);
7948f6cc 996 sk_wmem_queued_add(sk, -len);
d027236c
PA		 997}
998
999static void dfrag_clear(struct sock *sk, struct mptcp_data_frag *dfrag)
18b683bf 1000{
d027236c
PA		 1001 int len = dfrag->data_len + dfrag->overhead;
1002
18b683bf 1003 list_del(&dfrag->list);
d027236c 1004 dfrag_uncharge(sk, len);
18b683bf
PA		 1005 put_page(dfrag->page);
1006}
1007
6e628cd3 1008static void __mptcp_clean_una(struct sock *sk)
18b683bf
PA		 1009{
1010 struct mptcp_sock *msk = mptcp_sk(sk);
1011 struct mptcp_data_frag *dtmp, *dfrag;
d027236c 1012 bool cleaned = false;
e1ff9e82
DC		 1013 u64 snd_una;
1014
1015 /* on fallback we just need to ignore snd_una, as this is really
1016 * plain TCP
1017 */
1018 if (__mptcp_check_fallback(msk))
7439d687 1019 msk->snd_una = READ_ONCE(msk->snd_nxt);
6f8a612a 1020
7439d687 1021 snd_una = msk->snd_una;
18b683bf
PA		 1022 list_for_each_entry_safe(dfrag, dtmp, &msk->rtx_queue, list) {
1023 if (after64(dfrag->data_seq + dfrag->data_len, snd_una))
1024 break;
1025
d9ca1de8
PA		 1026 if (WARN_ON_ONCE(dfrag == msk->first_pending))
1027 break;
d027236c
PA		 1028 dfrag_clear(sk, dfrag);
1029 cleaned = true;
1030 }
1031
7948f6cc
FW		 1032 dfrag = mptcp_rtx_head(sk);
1033 if (dfrag && after64(snd_una, dfrag->data_seq)) {
53eb4c38
PA		 1034 u64 delta = snd_una - dfrag->data_seq;
1035
d9ca1de8 1036 if (WARN_ON_ONCE(delta > dfrag->already_sent))
53eb4c38 1037 goto out;
7948f6cc
FW		 1038
1039 dfrag->data_seq += delta;
53eb4c38 1040 dfrag->offset += delta;
7948f6cc 1041 dfrag->data_len -= delta;
d9ca1de8 1042 dfrag->already_sent -= delta;
7948f6cc
FW		 1043
1044 dfrag_uncharge(sk, delta);
1045 cleaned = true;
1046 }
1047
53eb4c38 1048out:
6e628cd3
PA		 1049 if (cleaned) {
1050 if (tcp_under_memory_pressure(sk)) {
1051 __mptcp_update_wmem(sk);
1052 sk_mem_reclaim_partial(sk);
1053 }
6e628cd3 1054 }
95ed690e 1055
6e628cd3
PA		 1056 if (snd_una == READ_ONCE(msk->snd_nxt)) {
1057 if (msk->timer_ival)
1058 mptcp_stop_timer(sk);
1059 } else {
1060 mptcp_reset_timer(sk);
18b683bf
PA		 1061 }
1062}
1063
724cfd2e 1064static void mptcp_enter_memory_pressure(struct sock *sk)
18b683bf 1065{
d9ca1de8
PA		 1066 struct mptcp_subflow_context *subflow;
1067 struct mptcp_sock *msk = mptcp_sk(sk);
1068 bool first = true;
1069
18b683bf 1070 sk_stream_moderate_sndbuf(sk);
d9ca1de8
PA		 1071 mptcp_for_each_subflow(msk, subflow) {
1072 struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
1073
1074 if (first)
1075 tcp_enter_memory_pressure(ssk);
1076 sk_stream_moderate_sndbuf(ssk);
1077 first = false;
1078 }
724cfd2e
PA		 1079}
1080
1081/* ensure we get enough memory for the frag hdr, beyond some minimal amount of
1082 * data
1083 */
1084static bool mptcp_page_frag_refill(struct sock *sk, struct page_frag *pfrag)
1085{
1086 if (likely(skb_page_frag_refill(32U + sizeof(struct mptcp_data_frag),
1087 pfrag, sk->sk_allocation)))
1088 return true;
1089
1090 mptcp_enter_memory_pressure(sk);
18b683bf
PA		 1091 return false;
1092}
1093
1094static struct mptcp_data_frag *
1095mptcp_carve_data_frag(const struct mptcp_sock *msk, struct page_frag *pfrag,
1096 int orig_offset)
1097{
1098 int offset = ALIGN(orig_offset, sizeof(long));
1099 struct mptcp_data_frag *dfrag;
1100
1101 dfrag = (struct mptcp_data_frag *)(page_to_virt(pfrag->page) + offset);
1102 dfrag->data_len = 0;
1103 dfrag->data_seq = msk->write_seq;
1104 dfrag->overhead = offset - orig_offset + sizeof(struct mptcp_data_frag);
1105 dfrag->offset = offset + sizeof(struct mptcp_data_frag);
d9ca1de8 1106 dfrag->already_sent = 0;
18b683bf
PA		 1107 dfrag->page = pfrag->page;
1108
1109 return dfrag;
1110}
1111
caf971df
PA		 1112struct mptcp_sendmsg_info {
1113 int mss_now;
1114 int size_goal;
d9ca1de8
PA		 1115 u16 limit;
1116 u16 sent;
1117 unsigned int flags;
caf971df
PA		 1118};
1119
6f8a612a
FW		 1120static int mptcp_check_allowed_size(struct mptcp_sock *msk, u64 data_seq,
1121 int avail_size)
1122{
1123 u64 window_end = mptcp_wnd_end(msk);
1124
1125 if (__mptcp_check_fallback(msk))
1126 return avail_size;
1127
1128 if (!before64(data_seq + avail_size, window_end)) {
1129 u64 allowed_size = window_end - data_seq;
1130
1131 return min_t(unsigned int, allowed_size, avail_size);
1132 }
1133
1134 return avail_size;
1135}
1136
724cfd2e
PA		 1137static bool __mptcp_add_ext(struct sk_buff *skb, gfp_t gfp)
1138{
1139 struct skb_ext *mpext = __skb_ext_alloc(gfp);
1140
1141 if (!mpext)
1142 return false;
1143 __skb_ext_set(skb, SKB_EXT_MPTCP, mpext);
1144 return true;
1145}
1146
6e628cd3 1147static struct sk_buff *__mptcp_do_alloc_tx_skb(struct sock *sk, gfp_t gfp)
724cfd2e
PA		 1148{
1149 struct sk_buff *skb;
1150
6e628cd3 1151 skb = alloc_skb_fclone(MAX_TCP_HEADER, gfp);
724cfd2e 1152 if (likely(skb)) {
6e628cd3 1153 if (likely(__mptcp_add_ext(skb, gfp))) {
724cfd2e
PA		 1154 skb_reserve(skb, MAX_TCP_HEADER);
1155 skb->reserved_tailroom = skb->end - skb->tail;
1156 return skb;
1157 }
1158 __kfree_skb(skb);
1159 } else {
1160 mptcp_enter_memory_pressure(sk);
1161 }
1162 return NULL;
1163}
1164
1165static bool mptcp_tx_cache_refill(struct sock *sk, int size,
1166 struct sk_buff_head *skbs, int *total_ts)
1167{
1168 struct mptcp_sock *msk = mptcp_sk(sk);
1169 struct sk_buff *skb;
1170 int space_needed;
1171
1172 if (unlikely(tcp_under_memory_pressure(sk))) {
1173 mptcp_mem_reclaim_partial(sk);
1174
1175 /* under pressure pre-allocate at most a single skb */
1176 if (msk->skb_tx_cache.qlen)
1177 return true;
1178 space_needed = msk->size_goal_cache;
1179 } else {
1180 space_needed = msk->tx_pending_data + size -
1181 msk->skb_tx_cache.qlen * msk->size_goal_cache;
1182 }
1183
1184 while (space_needed > 0) {
6e628cd3 1185 skb = __mptcp_do_alloc_tx_skb(sk, sk->sk_allocation);
724cfd2e
PA		 1186 if (unlikely(!skb)) {
1187 /* under memory pressure, try to pass the caller a
1188 * single skb to allow forward progress
1189 */
1190 while (skbs->qlen > 1) {
1191 skb = __skb_dequeue_tail(skbs);
eaeef1ce 1192 *total_ts -= skb->truesize;
724cfd2e
PA		 1193 __kfree_skb(skb);
1194 }
1195 return skbs->qlen > 0;
1196 }
1197
1198 *total_ts += skb->truesize;
1199 __skb_queue_tail(skbs, skb);
1200 space_needed -= msk->size_goal_cache;
1201 }
1202 return true;
1203}
1204
6e628cd3 1205static bool __mptcp_alloc_tx_skb(struct sock *sk, struct sock *ssk, gfp_t gfp)
724cfd2e
PA		 1206{
1207 struct mptcp_sock *msk = mptcp_sk(sk);
1208 struct sk_buff *skb;
1209
1210 if (ssk->sk_tx_skb_cache) {
1211 skb = ssk->sk_tx_skb_cache;
1212 if (unlikely(!skb_ext_find(skb, SKB_EXT_MPTCP) &&
6e628cd3 1213 !__mptcp_add_ext(skb, gfp)))
724cfd2e
PA		 1214 return false;
1215 return true;
1216 }
1217
1218 skb = skb_peek(&msk->skb_tx_cache);
1219 if (skb) {
1220 if (likely(sk_wmem_schedule(ssk, skb->truesize))) {
1221 skb = __skb_dequeue(&msk->skb_tx_cache);
1222 if (WARN_ON_ONCE(!skb))
1223 return false;
1224
1225 mptcp_wmem_uncharge(sk, skb->truesize);
1226 ssk->sk_tx_skb_cache = skb;
1227 return true;
1228 }
1229
1230 /* over memory limit, no point to try to allocate a new skb */
1231 return false;
1232 }
1233
6e628cd3 1234 skb = __mptcp_do_alloc_tx_skb(sk, gfp);
724cfd2e
PA		 1235 if (!skb)
1236 return false;
1237
1238 if (likely(sk_wmem_schedule(ssk, skb->truesize))) {
1239 ssk->sk_tx_skb_cache = skb;
1240 return true;
1241 }
1242 kfree_skb(skb);
1243 return false;
1244}
1245
1246static bool mptcp_must_reclaim_memory(struct sock *sk, struct sock *ssk)
1247{
1248 return !ssk->sk_tx_skb_cache &&
1249 !skb_peek(&mptcp_sk(sk)->skb_tx_cache) &&
1250 tcp_under_memory_pressure(sk);
1251}
1252
1253static bool mptcp_alloc_tx_skb(struct sock *sk, struct sock *ssk)
1254{
1255 if (unlikely(mptcp_must_reclaim_memory(sk, ssk)))
1256 mptcp_mem_reclaim_partial(sk);
6e628cd3 1257 return __mptcp_alloc_tx_skb(sk, ssk, sk->sk_allocation);
724cfd2e
PA		 1258}
1259
6d0060f6 1260static int mptcp_sendmsg_frag(struct sock *sk, struct sock *ssk,
d9ca1de8 1261 struct mptcp_data_frag *dfrag,
caf971df 1262 struct mptcp_sendmsg_info *info)
6d0060f6 1263{
d9ca1de8 1264 u64 data_seq = dfrag->data_seq + info->sent;
6d0060f6 1265 struct mptcp_sock *msk = mptcp_sk(sk);
6f8a612a 1266 bool zero_window_probe = false;
6d0060f6 1267 struct mptcp_ext *mpext = NULL;
57040755 1268 struct sk_buff *skb, *tail;
d9ca1de8 1269 bool can_collapse = false;
15e6ca97 1270 int size_bias = 0;
d9ca1de8 1271 int avail_size;
724cfd2e 1272 size_t ret = 0;
6d0060f6 1273
d9ca1de8
PA		 1274 pr_debug("msk=%p ssk=%p sending dfrag at seq=%lld len=%d already sent=%d",
1275 msk, ssk, dfrag->data_seq, dfrag->data_len, info->sent);
1276
1277 /* compute send limit */
1278 info->mss_now = tcp_send_mss(ssk, &info->size_goal, info->flags);
caf971df 1279 avail_size = info->size_goal;
724cfd2e 1280 msk->size_goal_cache = info->size_goal;
57040755
PA		 1281 skb = tcp_write_queue_tail(ssk);
1282 if (skb) {
57040755
PA		 1283 /* Limit the write to the size available in the
1284 * current skb, if any, so that we create at most a new skb.
1285 * Explicitly tells TCP internals to avoid collapsing on later
1286 * queue management operation, to avoid breaking the ext <->
1287 * SSN association set here
1288 */
d9ca1de8 1289 mpext = skb_ext_find(skb, SKB_EXT_MPTCP);
caf971df 1290 can_collapse = (info->size_goal - skb->len > 0) &&
d9ca1de8 1291 mptcp_skb_can_collapse_to(data_seq, skb, mpext);
15e6ca97 1292 if (!can_collapse) {
57040755 1293 TCP_SKB_CB(skb)->eor = 1;
15e6ca97
PA		 1294 } else {
1295 size_bias = skb->len;
caf971df 1296 avail_size = info->size_goal - skb->len;
15e6ca97 1297 }
57040755 1298 }
18b683bf 1299
6f8a612a
FW		 1300 /* Zero window and all data acked? Probe. */
1301 avail_size = mptcp_check_allowed_size(msk, data_seq, avail_size);
1302 if (avail_size == 0) {
7439d687
PA		 1303 u64 snd_una = READ_ONCE(msk->snd_una);
1304
1305 if (skb || snd_una != msk->snd_nxt)
6f8a612a
FW		 1306 return 0;
1307 zero_window_probe = true;
7439d687 1308 data_seq = snd_una - 1;
6f8a612a
FW		 1309 avail_size = 1;
1310 }
1311
d9ca1de8
PA		 1312 if (WARN_ON_ONCE(info->sent > info->limit ||
1313 info->limit > dfrag->data_len))
1314 return 0;
d027236c 1315
d9ca1de8 1316 ret = info->limit - info->sent;
15e6ca97
PA		 1317 tail = tcp_build_frag(ssk, avail_size + size_bias, info->flags,
1318 dfrag->page, dfrag->offset + info->sent, &ret);
e2223995
PA		 1319 if (!tail) {
1320 tcp_remove_empty_skb(sk, tcp_write_queue_tail(ssk));
1321 return -ENOMEM;
35759383 1322 }
18b683bf 1323
e2223995 1324 /* if the tail skb is still the cached one, collapsing really happened.
57040755 1325 */
e2223995 1326 if (skb == tail) {
15e6ca97 1327 TCP_SKB_CB(tail)->tcp_flags &= ~TCPHDR_PSH;
57040755 1328 mpext->data_len += ret;
15e6ca97 1329 WARN_ON_ONCE(!can_collapse);
6f8a612a 1330 WARN_ON_ONCE(zero_window_probe);
57040755
PA		 1331 goto out;
1332 }
1333
724cfd2e
PA		 1334 mpext = skb_ext_find(tail, SKB_EXT_MPTCP);
1335 if (WARN_ON_ONCE(!mpext)) {
1336 /* should never reach here, stream corrupted */
1337 return -EINVAL;
1338 }
6d0060f6
MM		 1339
1340 memset(mpext, 0, sizeof(*mpext));
d9ca1de8 1341 mpext->data_seq = data_seq;
6d0060f6
MM		 1342 mpext->subflow_seq = mptcp_subflow_ctx(ssk)->rel_write_seq;
1343 mpext->data_len = ret;
1344 mpext->use_map = 1;
1345 mpext->dsn64 = 1;
1346
1347 pr_debug("data_seq=%llu subflow_seq=%u data_len=%u dsn64=%d",
1348 mpext->data_seq, mpext->subflow_seq, mpext->data_len,
1349 mpext->dsn64);
1350
6f8a612a
FW		 1351 if (zero_window_probe) {
1352 mptcp_subflow_ctx(ssk)->rel_write_seq += ret;
1353 mpext->frozen = 1;
1354 ret = 0;
1355 tcp_push_pending_frames(ssk);
1356 }
57040755 1357out:
6d0060f6 1358 mptcp_subflow_ctx(ssk)->rel_write_seq += ret;
6d0060f6
MM		 1359 return ret;
1360}
1361
d5f49190
PA		 1362#define MPTCP_SEND_BURST_SIZE ((1 << 16) - \
1363 sizeof(struct tcphdr) - \
1364 MAX_TCP_OPTION_SPACE - \
1365 sizeof(struct ipv6hdr) - \
1366 sizeof(struct frag_hdr))
1367
1368struct subflow_send_info {
1369 struct sock *ssk;
1370 u64 ratio;
1371};
1372
5cf92bba 1373static struct sock *mptcp_subflow_get_send(struct mptcp_sock *msk)
f296234c 1374{
d5f49190 1375 struct subflow_send_info send_info[2];
f296234c 1376 struct mptcp_subflow_context *subflow;
d5f49190
PA		 1377 int i, nr_active = 0;
1378 struct sock *ssk;
1379 u64 ratio;
1380 u32 pace;
f296234c 1381
d5f49190 1382 sock_owned_by_me((struct sock *)msk);
f296234c 1383
d5f49190
PA		 1384 if (__mptcp_check_fallback(msk)) {
1385 if (!msk->first)
f296234c 1386 return NULL;
d5f49190
PA		 1387 return sk_stream_memory_free(msk->first) ? msk->first : NULL;
1388 }
1389
1390 /* re-use last subflow, if the burst allow that */
1391 if (msk->last_snd && msk->snd_burst > 0 &&
1392 sk_stream_memory_free(msk->last_snd) &&
5cf92bba 1393 mptcp_subflow_active(mptcp_subflow_ctx(msk->last_snd)))
d5f49190 1394 return msk->last_snd;
f296234c 1395
d5f49190
PA		 1396 /* pick the subflow with the lower wmem/wspace ratio */
1397 for (i = 0; i < 2; ++i) {
1398 send_info[i].ssk = NULL;
1399 send_info[i].ratio = -1;
1400 }
1401 mptcp_for_each_subflow(msk, subflow) {
1402 ssk = mptcp_subflow_tcp_sock(subflow);
1403 if (!mptcp_subflow_active(subflow))
1404 continue;
1405
1406 nr_active += !subflow->backup;
ec369c3a 1407 if (!sk_stream_memory_free(subflow->tcp_sock) || !tcp_sk(ssk)->snd_wnd)
d5f49190 1408 continue;
f296234c 1409
d5f49190
PA		 1410 pace = READ_ONCE(ssk->sk_pacing_rate);
1411 if (!pace)
f296234c 1412 continue;
f296234c 1413
d5f49190
PA		 1414 ratio = div_u64((u64)READ_ONCE(ssk->sk_wmem_queued) << 32,
1415 pace);
1416 if (ratio < send_info[subflow->backup].ratio) {
1417 send_info[subflow->backup].ssk = ssk;
1418 send_info[subflow->backup].ratio = ratio;
1419 }
f296234c
PK		 1420 }
1421
d5f49190
PA		 1422 pr_debug("msk=%p nr_active=%d ssk=%p:%lld backup=%p:%lld",
1423 msk, nr_active, send_info[0].ssk, send_info[0].ratio,
1424 send_info[1].ssk, send_info[1].ratio);
1425
1426 /* pick the best backup if no other subflow is active */
1427 if (!nr_active)
1428 send_info[0].ssk = send_info[1].ssk;
1429
1430 if (send_info[0].ssk) {
1431 msk->last_snd = send_info[0].ssk;
1432 msk->snd_burst = min_t(int, MPTCP_SEND_BURST_SIZE,
ec369c3a 1433 tcp_sk(msk->last_snd)->snd_wnd);
d5f49190
PA		 1434 return msk->last_snd;
1435 }
5cf92bba 1436
d5f49190 1437 return NULL;
f296234c
PK		 1438}
1439
d9ca1de8
PA		 1440static void mptcp_push_release(struct sock *sk, struct sock *ssk,
1441 struct mptcp_sendmsg_info *info)
1442{
1443 mptcp_set_timeout(sk, ssk);
1444 tcp_push(ssk, 0, info->mss_now, tcp_sk(ssk)->nonagle, info->size_goal);
1445 release_sock(ssk);
1446}
1447
1448static void mptcp_push_pending(struct sock *sk, unsigned int flags)
f870fa0b 1449{
d9ca1de8 1450 struct sock *prev_ssk = NULL, *ssk = NULL;
f870fa0b 1451 struct mptcp_sock *msk = mptcp_sk(sk);
caf971df 1452 struct mptcp_sendmsg_info info = {
d9ca1de8 1453 .flags = flags,
caf971df 1454 };
d9ca1de8
PA		 1455 struct mptcp_data_frag *dfrag;
1456 int len, copied = 0;
d9ca1de8
PA		 1457
1458 while ((dfrag = mptcp_send_head(sk))) {
1459 info.sent = dfrag->already_sent;
1460 info.limit = dfrag->data_len;
1461 len = dfrag->data_len - dfrag->already_sent;
1462 while (len > 0) {
1463 int ret = 0;
1464
1465 prev_ssk = ssk;
1466 __mptcp_flush_join_list(msk);
5cf92bba 1467 ssk = mptcp_subflow_get_send(msk);
d9ca1de8
PA		 1468
1469 /* try to keep the subflow socket lock across
1470 * consecutive xmit on the same socket
1471 */
1472 if (ssk != prev_ssk && prev_ssk)
1473 mptcp_push_release(sk, prev_ssk, &info);
1474 if (!ssk)
1475 goto out;
1476
1477 if (ssk != prev_ssk || !prev_ssk)
1478 lock_sock(ssk);
1479
724cfd2e
PA		 1480 /* keep it simple and always provide a new skb for the
1481 * subflow, even if we will not use it when collapsing
1482 * on the pending one
1483 */
1484 if (!mptcp_alloc_tx_skb(sk, ssk)) {
1485 mptcp_push_release(sk, ssk, &info);
1486 goto out;
1487 }
1488
d9ca1de8
PA		 1489 ret = mptcp_sendmsg_frag(sk, ssk, dfrag, &info);
1490 if (ret <= 0) {
1491 mptcp_push_release(sk, ssk, &info);
1492 goto out;
1493 }
1494
1495 info.sent += ret;
1496 dfrag->already_sent += ret;
1497 msk->snd_nxt += ret;
1498 msk->snd_burst -= ret;
724cfd2e 1499 msk->tx_pending_data -= ret;
d9ca1de8
PA		 1500 copied += ret;
1501 len -= ret;
1502 }
1503 WRITE_ONCE(msk->first_pending, mptcp_send_next(sk));
1504 }
1505
1506 /* at this point we held the socket lock for the last subflow we used */
1507 if (ssk)
1508 mptcp_push_release(sk, ssk, &info);
1509
1510out:
b680a214
PA		 1511 if (copied) {
1512 /* start the timer, if it's not pending */
1513 if (!mptcp_timer_pending(sk))
1514 mptcp_reset_timer(sk);
d9ca1de8 1515 __mptcp_check_send_data_fin(sk);
b680a214 1516 }
d9ca1de8
PA		 1517}
1518
6e628cd3
PA		 1519static void __mptcp_subflow_push_pending(struct sock *sk, struct sock *ssk)
1520{
1521 struct mptcp_sock *msk = mptcp_sk(sk);
1522 struct mptcp_sendmsg_info info;
1523 struct mptcp_data_frag *dfrag;
b19bc294 1524 struct sock *xmit_ssk;
6e628cd3 1525 int len, copied = 0;
b19bc294 1526 bool first = true;
6e628cd3
PA		 1527
1528 info.flags = 0;
1529 while ((dfrag = mptcp_send_head(sk))) {
1530 info.sent = dfrag->already_sent;
1531 info.limit = dfrag->data_len;
1532 len = dfrag->data_len - dfrag->already_sent;
1533 while (len > 0) {
1534 int ret = 0;
1535
b19bc294
PA		 1536 /* the caller already invoked the packet scheduler,
1537 * check for a different subflow usage only after
1538 * spooling the first chunk of data
1539 */
1540 xmit_ssk = first ? ssk : mptcp_subflow_get_send(mptcp_sk(sk));
1541 if (!xmit_ssk)
1542 goto out;
1543 if (xmit_ssk != ssk) {
1544 mptcp_subflow_delegate(mptcp_subflow_ctx(xmit_ssk));
1545 goto out;
1546 }
1547
6e628cd3
PA		 1548 if (unlikely(mptcp_must_reclaim_memory(sk, ssk))) {
1549 __mptcp_update_wmem(sk);
1550 sk_mem_reclaim_partial(sk);
1551 }
1552 if (!__mptcp_alloc_tx_skb(sk, ssk, GFP_ATOMIC))
1553 goto out;
1554
1555 ret = mptcp_sendmsg_frag(sk, ssk, dfrag, &info);
1556 if (ret <= 0)
1557 goto out;
1558
1559 info.sent += ret;
1560 dfrag->already_sent += ret;
1561 msk->snd_nxt += ret;
1562 msk->snd_burst -= ret;
1563 msk->tx_pending_data -= ret;
1564 copied += ret;
1565 len -= ret;
b19bc294 1566 first = false;
6e628cd3
PA		 1567 }
1568 WRITE_ONCE(msk->first_pending, mptcp_send_next(sk));
1569 }
1570
1571out:
1572 /* __mptcp_alloc_tx_skb could have released some wmem and we are
1573 * not going to flush it via release_sock()
1574 */
1575 __mptcp_update_wmem(sk);
1576 if (copied) {
1577 mptcp_set_timeout(sk, ssk);
1578 tcp_push(ssk, 0, info.mss_now, tcp_sk(ssk)->nonagle,
1579 info.size_goal);
d09d818e
PA		 1580 if (!mptcp_timer_pending(sk))
1581 mptcp_reset_timer(sk);
1582
6e628cd3
PA		 1583 if (msk->snd_data_fin_enable &&
1584 msk->snd_nxt + 1 == msk->write_seq)
1585 mptcp_schedule_work(sk);
1586 }
1587}
1588
5cf92bba
PA		 1589static void mptcp_set_nospace(struct sock *sk)
1590{
1591 /* enable autotune */
1592 set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
1593
1594 /* will be cleared on avail space */
1595 set_bit(MPTCP_NOSPACE, &mptcp_sk(sk)->flags);
1596}
1597
d9ca1de8
PA		 1598static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
1599{
1600 struct mptcp_sock *msk = mptcp_sk(sk);
17091708 1601 struct page_frag *pfrag;
6d0060f6 1602 size_t copied = 0;
caf971df 1603 int ret = 0;
6d0060f6 1604 long timeo;
f870fa0b
MM		 1605
1606 if (msg->msg_flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL))
1607 return -EOPNOTSUPP;
1608
e7579d5d 1609 mptcp_lock_sock(sk, __mptcp_wmem_reserve(sk, min_t(size_t, 1 << 20, len)));
1954b860
MM		 1610
1611 timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
1612
1613 if ((1 << sk->sk_state) & ~(TCPF_ESTABLISHED | TCPF_CLOSE_WAIT)) {
1614 ret = sk_stream_wait_connect(sk, &timeo);
1615 if (ret)
1616 goto out;
1617 }
1618
17091708 1619 pfrag = sk_page_frag(sk);
18b683bf 1620
d9ca1de8 1621 while (msg_data_left(msg)) {
724cfd2e 1622 int total_ts, frag_truesize = 0;
d9ca1de8 1623 struct mptcp_data_frag *dfrag;
724cfd2e 1624 struct sk_buff_head skbs;
d9ca1de8
PA		 1625 bool dfrag_collapsed;
1626 size_t psize, offset;
18b683bf 1627
d9ca1de8
PA		 1628 if (sk->sk_err || (sk->sk_shutdown & SEND_SHUTDOWN)) {
1629 ret = -EPIPE;
f296234c
PK		 1630 goto out;
1631 }
da51aef5 1632
d9ca1de8
PA		 1633 /* reuse tail pfrag, if possible, or carve a new one from the
1634 * page allocator
1635 */
1636 dfrag = mptcp_pending_tail(sk);
1637 dfrag_collapsed = mptcp_frag_can_collapse_to(msk, pfrag, dfrag);
1638 if (!dfrag_collapsed) {
6e628cd3
PA		 1639 if (!sk_stream_memory_free(sk))
1640 goto wait_for_memory;
1641
d9ca1de8
PA		 1642 if (!mptcp_page_frag_refill(sk, pfrag))
1643 goto wait_for_memory;
1644
1645 dfrag = mptcp_carve_data_frag(msk, pfrag, pfrag->offset);
1646 frag_truesize = dfrag->overhead;
72511aab 1647 }
6d0060f6 1648
d9ca1de8
PA		 1649 /* we do not bound vs wspace, to allow a single packet.
1650 * memory accounting will prevent execessive memory usage
1651 * anyway
d5f49190 1652 */
d9ca1de8
PA		 1653 offset = dfrag->offset + dfrag->data_len;
1654 psize = pfrag->size - offset;
1655 psize = min_t(size_t, psize, msg_data_left(msg));
724cfd2e
PA		 1656 total_ts = psize + frag_truesize;
1657 __skb_queue_head_init(&skbs);
1658 if (!mptcp_tx_cache_refill(sk, psize, &skbs, &total_ts))
d9ca1de8
PA		 1659 goto wait_for_memory;
1660
724cfd2e
PA		 1661 if (!mptcp_wmem_alloc(sk, total_ts)) {
1662 __skb_queue_purge(&skbs);
1663 goto wait_for_memory;
1664 }
1665
1666 skb_queue_splice_tail(&skbs, &msk->skb_tx_cache);
d9ca1de8
PA		 1667 if (copy_page_from_iter(dfrag->page, offset, psize,
1668 &msg->msg_iter) != psize) {
87952603 1669 mptcp_wmem_uncharge(sk, psize + frag_truesize);
d9ca1de8
PA		 1670 ret = -EFAULT;
1671 goto out;
72511aab
FW		 1672 }
1673
d9ca1de8
PA		 1674 /* data successfully copied into the write queue */
1675 copied += psize;
1676 dfrag->data_len += psize;
1677 frag_truesize += psize;
1678 pfrag->offset += frag_truesize;
1679 WRITE_ONCE(msk->write_seq, msk->write_seq + psize);
13e16037 1680 msk->tx_pending_data += psize;
d9ca1de8
PA		 1681
1682 /* charge data on mptcp pending queue to the msk socket
1683 * Note: we charge such data both to sk and ssk
fb529e62 1684 */
d9ca1de8 1685 sk_wmem_queued_add(sk, frag_truesize);
d9ca1de8
PA		 1686 if (!dfrag_collapsed) {
1687 get_page(dfrag->page);
1688 list_add_tail(&dfrag->list, &msk->rtx_queue);
1689 if (!msk->first_pending)
1690 WRITE_ONCE(msk->first_pending, dfrag);
fb529e62 1691 }
d9ca1de8
PA		 1692 pr_debug("msk=%p dfrag at seq=%lld len=%d sent=%d new=%d", msk,
1693 dfrag->data_seq, dfrag->data_len, dfrag->already_sent,
1694 !dfrag_collapsed);
6d0060f6 1695
d9ca1de8 1696 continue;
b51f9b80 1697
d9ca1de8 1698wait_for_memory:
5cf92bba 1699 mptcp_set_nospace(sk);
6e628cd3 1700 mptcp_push_pending(sk, msg->msg_flags);
d9ca1de8
PA		 1701 ret = sk_stream_wait_memory(sk, &timeo);
1702 if (ret)
1703 goto out;
57040755 1704 }
6d0060f6 1705
13e16037 1706 if (copied)
d9ca1de8
PA		 1707 mptcp_push_pending(sk, msg->msg_flags);
1708
1954b860 1709out:
cec37a6e 1710 release_sock(sk);
8555c6bf 1711 return copied ? : ret;
f870fa0b
MM		 1712}
1713
7a6a6cbc
PA		 1714static void mptcp_wait_data(struct sock *sk, long *timeo)
1715{
1716 DEFINE_WAIT_FUNC(wait, woken_wake_function);
1717 struct mptcp_sock *msk = mptcp_sk(sk);
1718
1719 add_wait_queue(sk_sleep(sk), &wait);
1720 sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk);
1721
1722 sk_wait_event(sk, timeo,
1723 test_and_clear_bit(MPTCP_DATA_READY, &msk->flags), &wait);
1724
1725 sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk);
1726 remove_wait_queue(sk_sleep(sk), &wait);
1727}
1728
6771bfd9
FW		 1729static int __mptcp_recvmsg_mskq(struct mptcp_sock *msk,
1730 struct msghdr *msg,
1731 size_t len)
1732{
6771bfd9
FW		 1733 struct sk_buff *skb;
1734 int copied = 0;
1735
87952603 1736 while ((skb = skb_peek(&msk->receive_queue)) != NULL) {
6771bfd9
FW		 1737 u32 offset = MPTCP_SKB_CB(skb)->offset;
1738 u32 data_len = skb->len - offset;
1739 u32 count = min_t(size_t, len - copied, data_len);
1740 int err;
1741
1742 err = skb_copy_datagram_msg(skb, offset, msg, count);
1743 if (unlikely(err < 0)) {
1744 if (!copied)
1745 return err;
1746 break;
1747 }
1748
1749 copied += count;
1750
1751 if (count < data_len) {
1752 MPTCP_SKB_CB(skb)->offset += count;
1753 break;
1754 }
1755
87952603
PA		 1756 /* we will bulk release the skb memory later */
1757 skb->destructor = NULL;
1758 msk->rmem_released += skb->truesize;
1759 __skb_unlink(skb, &msk->receive_queue);
6771bfd9
FW		 1760 __kfree_skb(skb);
1761
1762 if (copied >= len)
1763 break;
1764 }
1765
1766 return copied;
1767}
1768
a6b118fe
FW		 1769/* receive buffer autotuning. See tcp_rcv_space_adjust for more information.
1770 *
1771 * Only difference: Use highest rtt estimate of the subflows in use.
1772 */
1773static void mptcp_rcv_space_adjust(struct mptcp_sock *msk, int copied)
1774{
1775 struct mptcp_subflow_context *subflow;
1776 struct sock *sk = (struct sock *)msk;
1777 u32 time, advmss = 1;
1778 u64 rtt_us, mstamp;
1779
1780 sock_owned_by_me(sk);
1781
1782 if (copied <= 0)
1783 return;
1784
1785 msk->rcvq_space.copied += copied;
1786
1787 mstamp = div_u64(tcp_clock_ns(), NSEC_PER_USEC);
1788 time = tcp_stamp_us_delta(mstamp, msk->rcvq_space.time);
1789
1790 rtt_us = msk->rcvq_space.rtt_us;
1791 if (rtt_us && time < (rtt_us >> 3))
1792 return;
1793
1794 rtt_us = 0;
1795 mptcp_for_each_subflow(msk, subflow) {
1796 const struct tcp_sock *tp;
1797 u64 sf_rtt_us;
1798 u32 sf_advmss;
1799
1800 tp = tcp_sk(mptcp_subflow_tcp_sock(subflow));
1801
1802 sf_rtt_us = READ_ONCE(tp->rcv_rtt_est.rtt_us);
1803 sf_advmss = READ_ONCE(tp->advmss);
1804
1805 rtt_us = max(sf_rtt_us, rtt_us);
1806 advmss = max(sf_advmss, advmss);
1807 }
1808
1809 msk->rcvq_space.rtt_us = rtt_us;
1810 if (time < (rtt_us >> 3) || rtt_us == 0)
1811 return;
1812
1813 if (msk->rcvq_space.copied <= msk->rcvq_space.space)
1814 goto new_measure;
1815
1816 if (sock_net(sk)->ipv4.sysctl_tcp_moderate_rcvbuf &&
1817 !(sk->sk_userlocks & SOCK_RCVBUF_LOCK)) {
1818 int rcvmem, rcvbuf;
1819 u64 rcvwin, grow;
1820
1821 rcvwin = ((u64)msk->rcvq_space.copied << 1) + 16 * advmss;
1822
1823 grow = rcvwin * (msk->rcvq_space.copied - msk->rcvq_space.space);
1824
1825 do_div(grow, msk->rcvq_space.space);
1826 rcvwin += (grow << 1);
1827
1828 rcvmem = SKB_TRUESIZE(advmss + MAX_TCP_HEADER);
1829 while (tcp_win_from_space(sk, rcvmem) < advmss)
1830 rcvmem += 128;
1831
1832 do_div(rcvwin, advmss);
1833 rcvbuf = min_t(u64, rcvwin * rcvmem,
1834 sock_net(sk)->ipv4.sysctl_tcp_rmem[2]);
1835
1836 if (rcvbuf > sk->sk_rcvbuf) {
1837 u32 window_clamp;
1838
1839 window_clamp = tcp_win_from_space(sk, rcvbuf);
1840 WRITE_ONCE(sk->sk_rcvbuf, rcvbuf);
1841
1842 /* Make subflows follow along. If we do not do this, we
1843 * get drops at subflow level if skbs can't be moved to
1844 * the mptcp rx queue fast enough (announced rcv_win can
1845 * exceed ssk->sk_rcvbuf).
1846 */
1847 mptcp_for_each_subflow(msk, subflow) {
1848 struct sock *ssk;
c76c6956 1849 bool slow;
a6b118fe
FW		 1850
1851 ssk = mptcp_subflow_tcp_sock(subflow);
c76c6956 1852 slow = lock_sock_fast(ssk);
a6b118fe
FW		 1853 WRITE_ONCE(ssk->sk_rcvbuf, rcvbuf);
1854 tcp_sk(ssk)->window_clamp = window_clamp;
c76c6956
PA		 1855 tcp_cleanup_rbuf(ssk, 1);
1856 unlock_sock_fast(ssk, slow);
a6b118fe
FW		 1857 }
1858 }
1859 }
1860
1861 msk->rcvq_space.space = msk->rcvq_space.copied;
1862new_measure:
1863 msk->rcvq_space.copied = 0;
1864 msk->rcvq_space.time = mstamp;
1865}
1866
87952603
PA		 1867static void __mptcp_update_rmem(struct sock *sk)
1868{
1869 struct mptcp_sock *msk = mptcp_sk(sk);
1870
1871 if (!msk->rmem_released)
1872 return;
1873
1874 atomic_sub(msk->rmem_released, &sk->sk_rmem_alloc);
1875 sk_mem_uncharge(sk, msk->rmem_released);
1876 msk->rmem_released = 0;
1877}
1878
1879static void __mptcp_splice_receive_queue(struct sock *sk)
1880{
1881 struct mptcp_sock *msk = mptcp_sk(sk);
1882
1883 skb_queue_splice_tail_init(&sk->sk_receive_queue, &msk->receive_queue);
1884}
1885
e3859603 1886static bool __mptcp_move_skbs(struct mptcp_sock *msk)
6771bfd9 1887{
87952603 1888 struct sock *sk = (struct sock *)msk;
6771bfd9 1889 unsigned int moved = 0;
87952603 1890 bool ret, done;
d5f49190
PA		 1891
1892 __mptcp_flush_join_list(msk);
6771bfd9
FW		 1893 do {
1894 struct sock *ssk = mptcp_subflow_recv_lookup(msk);
65f49fe7 1895 bool slowpath;
6771bfd9 1896
87952603
PA		 1897 /* we can have data pending in the subflows only if the msk
1898 * receive buffer was full at subflow_data_ready() time,
1899 * that is an unlikely slow path.
1900 */
1901 if (likely(!ssk))
6771bfd9
FW		 1902 break;
1903
65f49fe7 1904 slowpath = lock_sock_fast(ssk);
87952603 1905 mptcp_data_lock(sk);
e3859603 1906 __mptcp_update_rmem(sk);
6771bfd9 1907 done = __mptcp_move_skbs_from_subflow(msk, ssk, &moved);
87952603 1908 mptcp_data_unlock(sk);
e3859603 1909 tcp_cleanup_rbuf(ssk, moved);
65f49fe7 1910 unlock_sock_fast(ssk, slowpath);
6771bfd9
FW		 1911 } while (!done);
1912
87952603
PA		 1913 /* acquire the data lock only if some input data is pending */
1914 ret = moved > 0;
1915 if (!RB_EMPTY_ROOT(&msk->out_of_order_queue) ||
1916 !skb_queue_empty_lockless(&sk->sk_receive_queue)) {
1917 mptcp_data_lock(sk);
1918 __mptcp_update_rmem(sk);
1919 ret |= __mptcp_ofo_queue(msk);
1920 __mptcp_splice_receive_queue(sk);
1921 mptcp_data_unlock(sk);
e3859603 1922 mptcp_cleanup_rbuf(msk);
ab174ad8 1923 }
87952603
PA		 1924 if (ret)
1925 mptcp_check_data_fin((struct sock *)msk);
1926 return !skb_queue_empty(&msk->receive_queue);
6771bfd9
FW		 1927}
1928
f870fa0b
MM		 1929static int mptcp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len,
1930 int nonblock, int flags, int *addr_len)
1931{
1932 struct mptcp_sock *msk = mptcp_sk(sk);
cec37a6e 1933 int copied = 0;
7a6a6cbc
PA		 1934 int target;
1935 long timeo;
f870fa0b
MM		 1936
1937 if (msg->msg_flags & ~(MSG_WAITALL | MSG_DONTWAIT))
1938 return -EOPNOTSUPP;
1939
87952603 1940 mptcp_lock_sock(sk, __mptcp_splice_receive_queue(sk));
fd897679
PA		 1941 if (unlikely(sk->sk_state == TCP_LISTEN)) {
1942 copied = -ENOTCONN;
1943 goto out_err;
1944 }
1945
7a6a6cbc
PA		 1946 timeo = sock_rcvtimeo(sk, nonblock);
1947
1948 len = min_t(size_t, len, INT_MAX);
1949 target = sock_rcvlowat(sk, flags & MSG_WAITALL, len);
1950
05e3ecea 1951 while (copied < len) {
e3859603 1952 int bytes_read;
7a6a6cbc 1953
6771bfd9
FW		 1954 bytes_read = __mptcp_recvmsg_mskq(msk, msg, len - copied);
1955 if (unlikely(bytes_read < 0)) {
1956 if (!copied)
1957 copied = bytes_read;
1958 goto out_err;
1959 }
7a6a6cbc 1960
6771bfd9 1961 copied += bytes_read;
7a6a6cbc 1962
ea4ca586 1963 /* be sure to advertise window change */
e3859603
PA		 1964 mptcp_cleanup_rbuf(msk);
1965
1966 if (skb_queue_empty(&msk->receive_queue) && __mptcp_move_skbs(msk))
1967 continue;
ea4ca586 1968
7a6a6cbc
PA		 1969 /* only the master socket status is relevant here. The exit
1970 * conditions mirror closely tcp_recvmsg()
1971 */
1972 if (copied >= target)
1973 break;
1974
1975 if (copied) {
1976 if (sk->sk_err ||
1977 sk->sk_state == TCP_CLOSE ||
1978 (sk->sk_shutdown & RCV_SHUTDOWN) ||
1979 !timeo ||
1980 signal_pending(current))
1981 break;
1982 } else {
1983 if (sk->sk_err) {
1984 copied = sock_error(sk);
1985 break;
1986 }
1987
5969856a
PA		 1988 if (test_and_clear_bit(MPTCP_WORK_EOF, &msk->flags))
1989 mptcp_check_for_eof(msk);
1990
87952603
PA		 1991 if (sk->sk_shutdown & RCV_SHUTDOWN) {
1992 /* race breaker: the shutdown could be after the
1993 * previous receive queue check
1994 */
e3859603 1995 if (__mptcp_move_skbs(msk))
87952603 1996 continue;
7a6a6cbc 1997 break;
87952603 1998 }
7a6a6cbc
PA		 1999
2000 if (sk->sk_state == TCP_CLOSE) {
2001 copied = -ENOTCONN;
2002 break;
2003 }
2004
2005 if (!timeo) {
2006 copied = -EAGAIN;
2007 break;
2008 }
2009
2010 if (signal_pending(current)) {
2011 copied = sock_intr_errno(timeo);
2012 break;
2013 }
2014 }
2015
2016 pr_debug("block timeout %ld", timeo);
7a6a6cbc 2017 mptcp_wait_data(sk, &timeo);
cec37a6e
PK		 2018 }
2019
87952603
PA		 2020 if (skb_queue_empty_lockless(&sk->sk_receive_queue) &&
2021 skb_queue_empty(&msk->receive_queue)) {
6771bfd9 2022 /* entire backlog drained, clear DATA_READY. */
7a6a6cbc 2023 clear_bit(MPTCP_DATA_READY, &msk->flags);
cec37a6e 2024
6771bfd9
FW		 2025 /* .. race-breaker: ssk might have gotten new data
2026 * after last __mptcp_move_skbs() returned false.
7a6a6cbc 2027 */
e3859603 2028 if (unlikely(__mptcp_move_skbs(msk)))
7a6a6cbc 2029 set_bit(MPTCP_DATA_READY, &msk->flags);
6771bfd9
FW		 2030 } else if (unlikely(!test_bit(MPTCP_DATA_READY, &msk->flags))) {
2031 /* data to read but mptcp_wait_data() cleared DATA_READY */
2032 set_bit(MPTCP_DATA_READY, &msk->flags);
7a6a6cbc 2033 }
6771bfd9 2034out_err:
6719331c
PA		 2035 pr_debug("msk=%p data_ready=%d rx queue empty=%d copied=%d",
2036 msk, test_bit(MPTCP_DATA_READY, &msk->flags),
87952603 2037 skb_queue_empty_lockless(&sk->sk_receive_queue), copied);
a6b118fe
FW		 2038 mptcp_rcv_space_adjust(msk, copied);
2039
7a6a6cbc 2040 release_sock(sk);
cec37a6e
PK		 2041 return copied;
2042}
2043
b51f9b80
PA		 2044static void mptcp_retransmit_handler(struct sock *sk)
2045{
2046 struct mptcp_sock *msk = mptcp_sk(sk);
2047
7439d687
PA		 2048 set_bit(MPTCP_WORK_RTX, &msk->flags);
2049 mptcp_schedule_work(sk);
b51f9b80
PA		 2050}
2051
2052static void mptcp_retransmit_timer(struct timer_list *t)
2053{
2054 struct inet_connection_sock *icsk = from_timer(icsk, t,
2055 icsk_retransmit_timer);
2056 struct sock *sk = &icsk->icsk_inet.sk;
2057
2058 bh_lock_sock(sk);
2059 if (!sock_owned_by_user(sk)) {
2060 mptcp_retransmit_handler(sk);
2061 } else {
2062 /* delegate our work to tcp_release_cb() */
2063 if (!test_and_set_bit(TCP_WRITE_TIMER_DEFERRED,
2064 &sk->sk_tsq_flags))
2065 sock_hold(sk);
2066 }
2067 bh_unlock_sock(sk);
2068 sock_put(sk);
2069}
2070
e16163b6
PA		 2071static void mptcp_timeout_timer(struct timer_list *t)
2072{
2073 struct sock *sk = from_timer(sk, t, sk_timer);
2074
2075 mptcp_schedule_work(sk);
b6d69fc8 2076 sock_put(sk);
e16163b6
PA		 2077}
2078
3b1d6210
PA		 2079/* Find an idle subflow. Return NULL if there is unacked data at tcp
2080 * level.
2081 *
2082 * A backup subflow is returned only if that is the only kind available.
2083 */
2084static struct sock *mptcp_subflow_get_retrans(const struct mptcp_sock *msk)
2085{
2086 struct mptcp_subflow_context *subflow;
2087 struct sock *backup = NULL;
2088
2089 sock_owned_by_me((const struct sock *)msk);
2090
d5f49190 2091 if (__mptcp_check_fallback(msk))
d9ca1de8 2092 return NULL;
d5f49190 2093
3b1d6210
PA		 2094 mptcp_for_each_subflow(msk, subflow) {
2095 struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
2096
d5f49190
PA		 2097 if (!mptcp_subflow_active(subflow))
2098 continue;
2099
3b1d6210 2100 /* still data outstanding at TCP level? Don't retransmit. */
860975c6
FW		 2101 if (!tcp_write_queue_empty(ssk)) {
2102 if (inet_csk(ssk)->icsk_ca_state >= TCP_CA_Loss)
2103 continue;
3b1d6210 2104 return NULL;
860975c6 2105 }
3b1d6210
PA		 2106
2107 if (subflow->backup) {
2108 if (!backup)
2109 backup = ssk;
2110 continue;
2111 }
2112
2113 return ssk;
2114 }
2115
2116 return backup;
2117}
2118
cec37a6e
PK		 2119/* subflow sockets can be either outgoing (connect) or incoming
2120 * (accept).
2121 *
2122 * Outgoing subflows use in-kernel sockets.
2123 * Incoming subflows do not have their own 'struct socket' allocated,
2124 * so we need to use tcp_close() after detaching them from the mptcp
2125 * parent socket.
2126 */
a141e02e
FW		 2127static void __mptcp_close_ssk(struct sock *sk, struct sock *ssk,
2128 struct mptcp_subflow_context *subflow)
cec37a6e 2129{
e0be4931
FW		 2130 struct mptcp_sock *msk = mptcp_sk(sk);
2131
cec37a6e
PK		 2132 list_del(&subflow->node);
2133
3f8b2667 2134 lock_sock_nested(ssk, SINGLE_DEPTH_NESTING);
e16163b6
PA		 2135
2136 /* if we are invoked by the msk cleanup code, the subflow is
2137 * already orphaned
2138 */
866f26f2 2139 if (ssk->sk_socket)
e16163b6 2140 sock_orphan(ssk);
e16163b6 2141
d7b1bfd0
PA		 2142 subflow->disposable = 1;
2143
e16163b6
PA		 2144 /* if ssk hit tcp_done(), tcp_cleanup_ulp() cleared the related ops
2145 * the ssk has been already destroyed, we just need to release the
2146 * reference owned by msk;
2147 */
2148 if (!inet_csk(ssk)->icsk_ulp_ops) {
2149 kfree_rcu(subflow, rcu);
cec37a6e 2150 } else {
d7b1bfd0 2151 /* otherwise tcp will dispose of the ssk and subflow ctx */
e16163b6
PA		 2152 __tcp_close(ssk, 0);
2153
2154 /* close acquired an extra ref */
2155 __sock_put(ssk);
cec37a6e 2156 }
e16163b6 2157 release_sock(ssk);
e16163b6
PA		 2158
2159 sock_put(ssk);
e0be4931
FW		 2160
2161 if (ssk == msk->last_snd)
2162 msk->last_snd = NULL;
f870fa0b
MM		 2163}
2164
a141e02e
FW		 2165void mptcp_close_ssk(struct sock *sk, struct sock *ssk,
2166 struct mptcp_subflow_context *subflow)
2167{
b911c97c
FW		 2168 if (sk->sk_state == TCP_ESTABLISHED)
2169 mptcp_event(MPTCP_EVENT_SUB_CLOSED, mptcp_sk(sk), ssk, GFP_KERNEL);
a141e02e
FW		 2170 __mptcp_close_ssk(sk, ssk, subflow);
2171}
2172
dc24f8b4
PA		 2173static unsigned int mptcp_sync_mss(struct sock *sk, u32 pmtu)
2174{
2175 return 0;
2176}
2177
0e4f35d7
PA		 2178static void __mptcp_close_subflow(struct mptcp_sock *msk)
2179{
2180 struct mptcp_subflow_context *subflow, *tmp;
2181
3abc05d9
FW		 2182 might_sleep();
2183
0e4f35d7
PA		 2184 list_for_each_entry_safe(subflow, tmp, &msk->conn_list, node) {
2185 struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
2186
2187 if (inet_sk_state_load(ssk) != TCP_CLOSE)
2188 continue;
2189
40947e13
FW		 2190 /* 'subflow_data_ready' will re-sched once rx queue is empty */
2191 if (!skb_queue_empty_lockless(&ssk->sk_receive_queue))
2192 continue;
2193
a141e02e 2194 mptcp_close_ssk((struct sock *)msk, ssk, subflow);
0e4f35d7
PA		 2195 }
2196}
2197
e16163b6
PA		 2198static bool mptcp_check_close_timeout(const struct sock *sk)
2199{
2200 s32 delta = tcp_jiffies32 - inet_csk(sk)->icsk_mtup.probe_timestamp;
2201 struct mptcp_subflow_context *subflow;
2202
2203 if (delta >= TCP_TIMEWAIT_LEN)
2204 return true;
2205
2206 /* if all subflows are in closed status don't bother with additional
2207 * timeout
2208 */
2209 mptcp_for_each_subflow(mptcp_sk(sk), subflow) {
2210 if (inet_sk_state_load(mptcp_subflow_tcp_sock(subflow)) !=
2211 TCP_CLOSE)
2212 return false;
2213 }
2214 return true;
2215}
2216
50c504a2
FW		 2217static void mptcp_check_fastclose(struct mptcp_sock *msk)
2218{
2219 struct mptcp_subflow_context *subflow, *tmp;
2220 struct sock *sk = &msk->sk.icsk_inet.sk;
2221
2222 if (likely(!READ_ONCE(msk->rcv_fastclose)))
2223 return;
2224
2225 mptcp_token_destroy(msk);
2226
2227 list_for_each_entry_safe(subflow, tmp, &msk->conn_list, node) {
2228 struct sock *tcp_sk = mptcp_subflow_tcp_sock(subflow);
2229
2230 lock_sock(tcp_sk);
2231 if (tcp_sk->sk_state != TCP_CLOSE) {
2232 tcp_send_active_reset(tcp_sk, GFP_ATOMIC);
2233 tcp_set_state(tcp_sk, TCP_CLOSE);
2234 }
2235 release_sock(tcp_sk);
2236 }
2237
2238 inet_sk_state_store(sk, TCP_CLOSE);
2239 sk->sk_shutdown = SHUTDOWN_MASK;
2240 smp_mb__before_atomic(); /* SHUTDOWN must be visible first */
2241 set_bit(MPTCP_DATA_READY, &msk->flags);
2242 set_bit(MPTCP_WORK_CLOSE_SUBFLOW, &msk->flags);
2243
2244 mptcp_close_wake_up(sk);
2245}
2246
80992017
PA		 2247static void mptcp_worker(struct work_struct *work)
2248{
2249 struct mptcp_sock *msk = container_of(work, struct mptcp_sock, work);
3b1d6210 2250 struct sock *ssk, *sk = &msk->sk.icsk_inet.sk;
caf971df 2251 struct mptcp_sendmsg_info info = {};
3b1d6210 2252 struct mptcp_data_frag *dfrag;
3b1d6210 2253 size_t copied = 0;
e16163b6 2254 int state, ret;
80992017
PA		 2255
2256 lock_sock(sk);
e16163b6
PA		 2257 state = sk->sk_state;
2258 if (unlikely(state == TCP_CLOSE))
2259 goto unlock;
2260
43b54c6e 2261 mptcp_check_data_fin_ack(sk);
ec3edaa7 2262 __mptcp_flush_join_list(msk);
50c504a2
FW		 2263
2264 mptcp_check_fastclose(msk);
2265
b416268b 2266 if (msk->pm.status)
e9801430 2267 mptcp_pm_nl_work(msk);
b416268b 2268
59832e24
FW		 2269 if (test_and_clear_bit(MPTCP_WORK_EOF, &msk->flags))
2270 mptcp_check_for_eof(msk);
2271
6e628cd3 2272 __mptcp_check_send_data_fin(sk);
43b54c6e
MM		 2273 mptcp_check_data_fin(sk);
2274
341c6524
PA		 2275 /* There is no point in keeping around an orphaned sk timedout or
2276 * closed, but we need the msk around to reply to incoming DATA_FIN,
2277 * even if it is orphaned and in FIN_WAIT2 state
e16163b6
PA		 2278 */
2279 if (sock_flag(sk, SOCK_DEAD) &&
341c6524 2280 (mptcp_check_close_timeout(sk) || sk->sk_state == TCP_CLOSE)) {
e16163b6
PA		 2281 inet_sk_state_store(sk, TCP_CLOSE);
2282 __mptcp_destroy_sock(sk);
2283 goto unlock;
2284 }
2285
b263b0d7
FW		 2286 if (test_and_clear_bit(MPTCP_WORK_CLOSE_SUBFLOW, &msk->flags))
2287 __mptcp_close_subflow(msk);
2288
3b1d6210
PA		 2289 if (!test_and_clear_bit(MPTCP_WORK_RTX, &msk->flags))
2290 goto unlock;
2291
64b9cea7 2292 __mptcp_clean_una(sk);
3b1d6210
PA		 2293 dfrag = mptcp_rtx_head(sk);
2294 if (!dfrag)
2295 goto unlock;
2296
2297 ssk = mptcp_subflow_get_retrans(msk);
2298 if (!ssk)
2299 goto reset_unlock;
2300
2301 lock_sock(ssk);
2302
d9ca1de8
PA		 2303 /* limit retransmission to the bytes already sent on some subflows */
2304 info.sent = 0;
2305 info.limit = dfrag->already_sent;
2306 while (info.sent < dfrag->already_sent) {
724cfd2e
PA		 2307 if (!mptcp_alloc_tx_skb(sk, ssk))
2308 break;
2309
d9ca1de8 2310 ret = mptcp_sendmsg_frag(sk, ssk, dfrag, &info);
6f8a612a 2311 if (ret <= 0)
3b1d6210
PA		 2312 break;
2313
fc518953 2314 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_RETRANSSEGS);
3b1d6210 2315 copied += ret;
d9ca1de8 2316 info.sent += ret;
3b1d6210
PA		 2317 }
2318 if (copied)
caf971df
PA		 2319 tcp_push(ssk, 0, info.mss_now, tcp_sk(ssk)->nonagle,
2320 info.size_goal);
3b1d6210 2321
3b1d6210
PA		 2322 mptcp_set_timeout(sk, ssk);
2323 release_sock(ssk);
2324
2325reset_unlock:
2326 if (!mptcp_timer_pending(sk))
2327 mptcp_reset_timer(sk);
2328
2329unlock:
80992017
PA		 2330 release_sock(sk);
2331 sock_put(sk);
2332}
2333
784325e9 2334static int __mptcp_init_sock(struct sock *sk)
f870fa0b 2335{
cec37a6e
PK		 2336 struct mptcp_sock *msk = mptcp_sk(sk);
2337
ec3edaa7
PK		 2338 spin_lock_init(&msk->join_list_lock);
2339
cec37a6e 2340 INIT_LIST_HEAD(&msk->conn_list);
ec3edaa7 2341 INIT_LIST_HEAD(&msk->join_list);
18b683bf 2342 INIT_LIST_HEAD(&msk->rtx_queue);
80992017 2343 INIT_WORK(&msk->work, mptcp_worker);
87952603 2344 __skb_queue_head_init(&msk->receive_queue);
724cfd2e 2345 __skb_queue_head_init(&msk->skb_tx_cache);
ab174ad8 2346 msk->out_of_order_queue = RB_ROOT;
f0e6a4cf 2347 msk->first_pending = NULL;
e93da928 2348 msk->wmem_reserved = 0;
87952603 2349 msk->rmem_released = 0;
724cfd2e
PA		 2350 msk->tx_pending_data = 0;
2351 msk->size_goal_cache = TCP_BASE_MSS;
cec37a6e 2352
ea4ca586 2353 msk->ack_hint = NULL;
8ab183de 2354 msk->first = NULL;
dc24f8b4 2355 inet_csk(sk)->icsk_sync_mss = mptcp_sync_mss;
8ab183de 2356
1b1c7a0e
PK		 2357 mptcp_pm_data_init(msk);
2358
b51f9b80
PA		 2359 /* re-use the csk retrans timer for MPTCP-level retrans */
2360 timer_setup(&msk->sk.icsk_retransmit_timer, mptcp_retransmit_timer, 0);
e16163b6 2361 timer_setup(&sk->sk_timer, mptcp_timeout_timer, 0);
f870fa0b
MM		 2362 return 0;
2363}
2364
784325e9
MB		 2365static int mptcp_init_sock(struct sock *sk)
2366{
fc518953
FW		 2367 struct net *net = sock_net(sk);
2368 int ret;
18b683bf 2369
b6c08380
GT		 2370 ret = __mptcp_init_sock(sk);
2371 if (ret)
2372 return ret;
2373
fc518953
FW		 2374 if (!mptcp_is_enabled(net))
2375 return -ENOPROTOOPT;
2376
2377 if (unlikely(!net->mib.mptcp_statistics) && !mptcp_mib_alloc(net))
2378 return -ENOMEM;
2379
fa68018d
PA		 2380 ret = __mptcp_socket_create(mptcp_sk(sk));
2381 if (ret)
2382 return ret;
2383
d027236c 2384 sk_sockets_allocated_inc(sk);
a6b118fe 2385 sk->sk_rcvbuf = sock_net(sk)->ipv4.sysctl_tcp_rmem[1];
da51aef5 2386 sk->sk_sndbuf = sock_net(sk)->ipv4.sysctl_tcp_wmem[1];
d027236c 2387
18b683bf
PA		 2388 return 0;
2389}
2390
2391static void __mptcp_clear_xmit(struct sock *sk)
2392{
2393 struct mptcp_sock *msk = mptcp_sk(sk);
2394 struct mptcp_data_frag *dtmp, *dfrag;
724cfd2e 2395 struct sk_buff *skb;
18b683bf 2396
d9ca1de8 2397 WRITE_ONCE(msk->first_pending, NULL);
18b683bf 2398 list_for_each_entry_safe(dfrag, dtmp, &msk->rtx_queue, list)
d027236c 2399 dfrag_clear(sk, dfrag);
724cfd2e
PA		 2400 while ((skb = __skb_dequeue(&msk->skb_tx_cache)) != NULL) {
2401 sk->sk_forward_alloc += skb->truesize;
2402 kfree_skb(skb);
2403 }
784325e9
MB		 2404}
2405
80992017
PA		 2406static void mptcp_cancel_work(struct sock *sk)
2407{
2408 struct mptcp_sock *msk = mptcp_sk(sk);
2409
b2771d24 2410 if (cancel_work_sync(&msk->work))
e16163b6 2411 __sock_put(sk);
80992017
PA		 2412}
2413
d0876b22 2414void mptcp_subflow_shutdown(struct sock *sk, struct sock *ssk, int how)
21498490
PK		 2415{
2416 lock_sock(ssk);
2417
2418 switch (ssk->sk_state) {
2419 case TCP_LISTEN:
2420 if (!(how & RCV_SHUTDOWN))
2421 break;
df561f66 2422 fallthrough;
21498490
PK		 2423 case TCP_SYN_SENT:
2424 tcp_disconnect(ssk, O_NONBLOCK);
2425 break;
2426 default:
43b54c6e
MM		 2427 if (__mptcp_check_fallback(mptcp_sk(sk))) {
2428 pr_debug("Fallback");
2429 ssk->sk_shutdown |= how;
2430 tcp_shutdown(ssk, how);
2431 } else {
2432 pr_debug("Sending DATA_FIN on subflow %p", ssk);
2433 mptcp_set_timeout(sk, ssk);
2434 tcp_send_ack(ssk);
2435 }
21498490
PK		 2436 break;
2437 }
2438
21498490
PK		 2439 release_sock(ssk);
2440}
2441
6920b851
MM		 2442static const unsigned char new_state[16] = {
2443 /* current state: new state: action: */
2444 [0 /* (Invalid) */] = TCP_CLOSE,
2445 [TCP_ESTABLISHED] = TCP_FIN_WAIT1 | TCP_ACTION_FIN,
2446 [TCP_SYN_SENT] = TCP_CLOSE,
2447 [TCP_SYN_RECV] = TCP_FIN_WAIT1 | TCP_ACTION_FIN,
2448 [TCP_FIN_WAIT1] = TCP_FIN_WAIT1,
2449 [TCP_FIN_WAIT2] = TCP_FIN_WAIT2,
2450 [TCP_TIME_WAIT] = TCP_CLOSE, /* should not happen ! */
2451 [TCP_CLOSE] = TCP_CLOSE,
2452 [TCP_CLOSE_WAIT] = TCP_LAST_ACK | TCP_ACTION_FIN,
2453 [TCP_LAST_ACK] = TCP_LAST_ACK,
2454 [TCP_LISTEN] = TCP_CLOSE,
2455 [TCP_CLOSING] = TCP_CLOSING,
2456 [TCP_NEW_SYN_RECV] = TCP_CLOSE, /* should not happen ! */
2457};
2458
2459static int mptcp_close_state(struct sock *sk)
2460{
2461 int next = (int)new_state[sk->sk_state];
2462 int ns = next & TCP_STATE_MASK;
2463
2464 inet_sk_state_store(sk, ns);
2465
2466 return next & TCP_ACTION_FIN;
2467}
2468
e16163b6 2469static void __mptcp_check_send_data_fin(struct sock *sk)
f870fa0b 2470{
e16163b6 2471 struct mptcp_subflow_context *subflow;
f870fa0b
MM		 2472 struct mptcp_sock *msk = mptcp_sk(sk);
2473
e16163b6
PA		 2474 pr_debug("msk=%p snd_data_fin_enable=%d pending=%d snd_nxt=%llu write_seq=%llu",
2475 msk, msk->snd_data_fin_enable, !!mptcp_send_head(sk),
2476 msk->snd_nxt, msk->write_seq);
43b54c6e 2477
e16163b6
PA		 2478 /* we still need to enqueue subflows or not really shutting down,
2479 * skip this
2480 */
2481 if (!msk->snd_data_fin_enable || msk->snd_nxt + 1 != msk->write_seq ||
2482 mptcp_send_head(sk))
2483 return;
2484
2485 WRITE_ONCE(msk->snd_nxt, msk->write_seq);
2486
26aa2314
PA		 2487 /* fallback socket will not get data_fin/ack, can move to the next
2488 * state now
2489 */
2490 if (__mptcp_check_fallback(msk)) {
2491 if ((1 << sk->sk_state) & (TCPF_CLOSING | TCPF_LAST_ACK)) {
2492 inet_sk_state_store(sk, TCP_CLOSE);
2493 mptcp_close_wake_up(sk);
2494 } else if (sk->sk_state == TCP_FIN_WAIT1) {
2495 inet_sk_state_store(sk, TCP_FIN_WAIT2);
2496 }
43b54c6e
MM		 2497 }
2498
e16163b6
PA		 2499 __mptcp_flush_join_list(msk);
2500 mptcp_for_each_subflow(msk, subflow) {
2501 struct sock *tcp_sk = mptcp_subflow_tcp_sock(subflow);
43b54c6e 2502
e16163b6 2503 mptcp_subflow_shutdown(sk, tcp_sk, SEND_SHUTDOWN);
43b54c6e 2504 }
e16163b6 2505}
2c22c06c 2506
e16163b6
PA		 2507static void __mptcp_wr_shutdown(struct sock *sk)
2508{
2509 struct mptcp_sock *msk = mptcp_sk(sk);
43b54c6e 2510
e16163b6
PA		 2511 pr_debug("msk=%p snd_data_fin_enable=%d shutdown=%x state=%d pending=%d",
2512 msk, msk->snd_data_fin_enable, sk->sk_shutdown, sk->sk_state,
2513 !!mptcp_send_head(sk));
2514
2515 /* will be ignored by fallback sockets */
2516 WRITE_ONCE(msk->write_seq, msk->write_seq + 1);
2517 WRITE_ONCE(msk->snd_data_fin_enable, 1);
2518
2519 __mptcp_check_send_data_fin(sk);
2520}
2521
2522static void __mptcp_destroy_sock(struct sock *sk)
2523{
2524 struct mptcp_subflow_context *subflow, *tmp;
2525 struct mptcp_sock *msk = mptcp_sk(sk);
2526 LIST_HEAD(conn_list);
2527
2528 pr_debug("msk=%p", msk);
f870fa0b 2529
3abc05d9
FW		 2530 might_sleep();
2531
866f26f2
PA		 2532 /* dispose the ancillatory tcp socket, if any */
2533 if (msk->subflow) {
2534 iput(SOCK_INODE(msk->subflow));
2535 msk->subflow = NULL;
2536 }
2537
10f6d46c
PA		 2538 /* be sure to always acquire the join list lock, to sync vs
2539 * mptcp_finish_join().
2540 */
2541 spin_lock_bh(&msk->join_list_lock);
2542 list_splice_tail_init(&msk->join_list, &msk->conn_list);
2543 spin_unlock_bh(&msk->join_list_lock);
b2c5b614
FW		 2544 list_splice_init(&msk->conn_list, &conn_list);
2545
6e628cd3 2546 sk_stop_timer(sk, &msk->sk.icsk_retransmit_timer);
e16163b6
PA		 2547 sk_stop_timer(sk, &sk->sk_timer);
2548 msk->pm.status = 0;
b2c5b614
FW		 2549
2550 list_for_each_entry_safe(subflow, tmp, &conn_list, node) {
cec37a6e 2551 struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
e16163b6 2552 __mptcp_close_ssk(sk, ssk, subflow);
f870fa0b
MM		 2553 }
2554
e16163b6 2555 sk->sk_prot->destroy(sk);
80992017 2556
e93da928 2557 WARN_ON_ONCE(msk->wmem_reserved);
87952603 2558 WARN_ON_ONCE(msk->rmem_released);
e16163b6
PA		 2559 sk_stream_kill_queues(sk);
2560 xfrm_sk_free_policy(sk);
2561 sk_refcnt_debug_release(sk);
2562 sock_put(sk);
2563}
2564
2565static void mptcp_close(struct sock *sk, long timeout)
2566{
2567 struct mptcp_subflow_context *subflow;
2568 bool do_cancel_work = false;
2569
2570 lock_sock(sk);
2571 sk->sk_shutdown = SHUTDOWN_MASK;
2572
2573 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) {
2574 inet_sk_state_store(sk, TCP_CLOSE);
2575 goto cleanup;
2576 }
6771bfd9 2577
e16163b6
PA		 2578 if (mptcp_close_state(sk))
2579 __mptcp_wr_shutdown(sk);
2580
2581 sk_stream_wait_close(sk, timeout);
2582
2583cleanup:
2584 /* orphan all the subflows */
2585 inet_csk(sk)->icsk_mtup.probe_timestamp = tcp_jiffies32;
2586 list_for_each_entry(subflow, &mptcp_sk(sk)->conn_list, node) {
2587 struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
866f26f2 2588 bool slow = lock_sock_fast(ssk);
e16163b6 2589
e16163b6
PA		 2590 sock_orphan(ssk);
2591 unlock_sock_fast(ssk, slow);
e16163b6
PA		 2592 }
2593 sock_orphan(sk);
2594
2595 sock_hold(sk);
2596 pr_debug("msk=%p state=%d", sk, sk->sk_state);
2597 if (sk->sk_state == TCP_CLOSE) {
2598 __mptcp_destroy_sock(sk);
2599 do_cancel_work = true;
2600 } else {
2601 sk_reset_timer(sk, &sk->sk_timer, jiffies + TCP_TIMEWAIT_LEN);
2602 }
2603 release_sock(sk);
2604 if (do_cancel_work)
2605 mptcp_cancel_work(sk);
b911c97c
FW		 2606
2607 if (mptcp_sk(sk)->token)
2608 mptcp_event(MPTCP_EVENT_CLOSED, mptcp_sk(sk), NULL, GFP_KERNEL);
2609
e16163b6 2610 sock_put(sk);
f870fa0b
MM		 2611}
2612
cf7da0d6
PK		 2613static void mptcp_copy_inaddrs(struct sock *msk, const struct sock *ssk)
2614{
2615#if IS_ENABLED(CONFIG_MPTCP_IPV6)
2616 const struct ipv6_pinfo *ssk6 = inet6_sk(ssk);
2617 struct ipv6_pinfo *msk6 = inet6_sk(msk);
2618
2619 msk->sk_v6_daddr = ssk->sk_v6_daddr;
2620 msk->sk_v6_rcv_saddr = ssk->sk_v6_rcv_saddr;
2621
2622 if (msk6 && ssk6) {
2623 msk6->saddr = ssk6->saddr;
2624 msk6->flow_label = ssk6->flow_label;
2625 }
2626#endif
2627
2628 inet_sk(msk)->inet_num = inet_sk(ssk)->inet_num;
2629 inet_sk(msk)->inet_dport = inet_sk(ssk)->inet_dport;
2630 inet_sk(msk)->inet_sport = inet_sk(ssk)->inet_sport;
2631 inet_sk(msk)->inet_daddr = inet_sk(ssk)->inet_daddr;
2632 inet_sk(msk)->inet_saddr = inet_sk(ssk)->inet_saddr;
2633 inet_sk(msk)->inet_rcv_saddr = inet_sk(ssk)->inet_rcv_saddr;
2634}
2635
18b683bf
PA		 2636static int mptcp_disconnect(struct sock *sk, int flags)
2637{
76e2a55d
PA		 2638 struct mptcp_subflow_context *subflow;
2639 struct mptcp_sock *msk = mptcp_sk(sk);
2640
2641 __mptcp_flush_join_list(msk);
13a9499e
PA		 2642 mptcp_for_each_subflow(msk, subflow) {
2643 struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
2644
2645 lock_sock(ssk);
2646 tcp_disconnect(ssk, flags);
2647 release_sock(ssk);
2648 }
42c556fe 2649 return 0;
18b683bf
PA		 2650}
2651
b0519de8
FW		 2652#if IS_ENABLED(CONFIG_MPTCP_IPV6)
2653static struct ipv6_pinfo *mptcp_inet6_sk(const struct sock *sk)
2654{
2655 unsigned int offset = sizeof(struct mptcp6_sock) - sizeof(struct ipv6_pinfo);
2656
2657 return (struct ipv6_pinfo *)(((u8 *)sk) + offset);
2658}
2659#endif
2660
fca5c82c 2661struct sock *mptcp_sk_clone(const struct sock *sk,
cfde141e 2662 const struct mptcp_options_received *mp_opt,
fca5c82c 2663 struct request_sock *req)
b0519de8 2664{
58b09919 2665 struct mptcp_subflow_request_sock *subflow_req = mptcp_subflow_rsk(req);
b0519de8 2666 struct sock *nsk = sk_clone_lock(sk, GFP_ATOMIC);
58b09919
PA		 2667 struct mptcp_sock *msk;
2668 u64 ack_seq;
b0519de8
FW		 2669
2670 if (!nsk)
2671 return NULL;
2672
2673#if IS_ENABLED(CONFIG_MPTCP_IPV6)
2674 if (nsk->sk_family == AF_INET6)
2675 inet_sk(nsk)->pinet6 = mptcp_inet6_sk(nsk);
2676#endif
2677
58b09919
PA		 2678 __mptcp_init_sock(nsk);
2679
2680 msk = mptcp_sk(nsk);
2681 msk->local_key = subflow_req->local_key;
2682 msk->token = subflow_req->token;
2683 msk->subflow = NULL;
b93df08c 2684 WRITE_ONCE(msk->fully_established, false);
58b09919 2685
58b09919 2686 msk->write_seq = subflow_req->idsn + 1;
eaa2ffab 2687 msk->snd_nxt = msk->write_seq;
7439d687
PA		 2688 msk->snd_una = msk->write_seq;
2689 msk->wnd_end = msk->snd_nxt + req->rsk_rcv_wnd;
6f8a612a 2690
cfde141e 2691 if (mp_opt->mp_capable) {
58b09919 2692 msk->can_ack = true;
cfde141e 2693 msk->remote_key = mp_opt->sndr_key;
58b09919
PA		 2694 mptcp_crypto_key_sha(msk->remote_key, NULL, &ack_seq);
2695 ack_seq++;
917944da 2696 WRITE_ONCE(msk->ack_seq, ack_seq);
fa3fe2b1 2697 WRITE_ONCE(msk->rcv_wnd_sent, ack_seq);
58b09919 2698 }
7f20d5fc 2699
5e20087d 2700 sock_reset_flag(nsk, SOCK_RCU_FREE);
7f20d5fc
PA		 2701 /* will be fully established after successful MPC subflow creation */
2702 inet_sk_state_store(nsk, TCP_SYN_RECV);
0c148460
PA		 2703
2704 security_inet_csk_clone(nsk, req);
58b09919
PA		 2705 bh_unlock_sock(nsk);
2706
2707 /* keep a single reference */
2708 __sock_put(nsk);
b0519de8
FW		 2709 return nsk;
2710}
2711
a6b118fe
FW		 2712void mptcp_rcv_space_init(struct mptcp_sock *msk, const struct sock *ssk)
2713{
2714 const struct tcp_sock *tp = tcp_sk(ssk);
2715
2716 msk->rcvq_space.copied = 0;
2717 msk->rcvq_space.rtt_us = 0;
2718
2719 msk->rcvq_space.time = tp->tcp_mstamp;
2720
2721 /* initial rcv_space offering made to peer */
2722 msk->rcvq_space.space = min_t(u32, tp->rcv_wnd,
2723 TCP_INIT_CWND * tp->advmss);
2724 if (msk->rcvq_space.space == 0)
2725 msk->rcvq_space.space = TCP_INIT_CWND * TCP_MSS_DEFAULT;
6f8a612a 2726
7439d687 2727 WRITE_ONCE(msk->wnd_end, msk->snd_nxt + tcp_sk(ssk)->snd_wnd);
a6b118fe
FW		 2728}
2729
cf7da0d6
PK		 2730static struct sock *mptcp_accept(struct sock *sk, int flags, int *err,
2731 bool kern)
2732{
2733 struct mptcp_sock *msk = mptcp_sk(sk);
2734 struct socket *listener;
2735 struct sock *newsk;
2736
2737 listener = __mptcp_nmpc_socket(msk);
2738 if (WARN_ON_ONCE(!listener)) {
2739 *err = -EINVAL;
2740 return NULL;
2741 }
2742
2743 pr_debug("msk=%p, listener=%p", msk, mptcp_subflow_ctx(listener->sk));
2744 newsk = inet_csk_accept(listener->sk, flags, err, kern);
2745 if (!newsk)
2746 return NULL;
2747
2748 pr_debug("msk=%p, subflow is mptcp=%d", msk, sk_is_mptcp(newsk));
cf7da0d6
PK		 2749 if (sk_is_mptcp(newsk)) {
2750 struct mptcp_subflow_context *subflow;
2751 struct sock *new_mptcp_sock;
cf7da0d6
PK		 2752
2753 subflow = mptcp_subflow_ctx(newsk);
58b09919 2754 new_mptcp_sock = subflow->conn;
cf7da0d6 2755
58b09919
PA		 2756 /* is_mptcp should be false if subflow->conn is missing, see
2757 * subflow_syn_recv_sock()
2758 */
2759 if (WARN_ON_ONCE(!new_mptcp_sock)) {
2760 tcp_sk(newsk)->is_mptcp = 0;
2761 return newsk;
cf7da0d6
PK		 2762 }
2763
58b09919
PA		 2764 /* acquire the 2nd reference for the owning socket */
2765 sock_hold(new_mptcp_sock);
cf7da0d6 2766 newsk = new_mptcp_sock;
0397c6d8 2767 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_MPCAPABLEPASSIVEACK);
fc518953
FW		 2768 } else {
2769 MPTCP_INC_STATS(sock_net(sk),
2770 MPTCP_MIB_MPCAPABLEPASSIVEFALLBACK);
cf7da0d6
PK		 2771 }
2772
2773 return newsk;
2774}
2775
5c8c1640
GT		 2776void mptcp_destroy_common(struct mptcp_sock *msk)
2777{
87952603
PA		 2778 struct sock *sk = (struct sock *)msk;
2779
6e628cd3
PA		 2780 __mptcp_clear_xmit(sk);
2781
87952603
PA		 2782 /* move to sk_receive_queue, sk_stream_kill_queues will purge it */
2783 skb_queue_splice_tail_init(&msk->receive_queue, &sk->sk_receive_queue);
2784
5c8c1640
GT		 2785 skb_rbtree_purge(&msk->out_of_order_queue);
2786 mptcp_token_destroy(msk);
2787 mptcp_pm_free_anno_list(msk);
2788}
2789
79c0949e
PK		 2790static void mptcp_destroy(struct sock *sk)
2791{
c9fd9c5f
FW		 2792 struct mptcp_sock *msk = mptcp_sk(sk);
2793
5c8c1640 2794 mptcp_destroy_common(msk);
d027236c 2795 sk_sockets_allocated_dec(sk);
79c0949e
PK		 2796}
2797
fd1452d8 2798static int mptcp_setsockopt_sol_socket(struct mptcp_sock *msk, int optname,
a7b75c5a 2799 sockptr_t optval, unsigned int optlen)
fd1452d8
FW		 2800{
2801 struct sock *sk = (struct sock *)msk;
2802 struct socket *ssock;
2803 int ret;
2804
2805 switch (optname) {
2806 case SO_REUSEPORT:
2807 case SO_REUSEADDR:
2808 lock_sock(sk);
2809 ssock = __mptcp_nmpc_socket(msk);
2810 if (!ssock) {
2811 release_sock(sk);
2812 return -EINVAL;
2813 }
2814
a7b75c5a 2815 ret = sock_setsockopt(ssock, SOL_SOCKET, optname, optval, optlen);
fd1452d8
FW		 2816 if (ret == 0) {
2817 if (optname == SO_REUSEPORT)
2818 sk->sk_reuseport = ssock->sk->sk_reuseport;
2819 else if (optname == SO_REUSEADDR)
2820 sk->sk_reuse = ssock->sk->sk_reuse;
2821 }
2822 release_sock(sk);
2823 return ret;
2824 }
2825
a7b75c5a 2826 return sock_setsockopt(sk->sk_socket, SOL_SOCKET, optname, optval, optlen);
fd1452d8
FW		 2827}
2828
c9b95a13 2829static int mptcp_setsockopt_v6(struct mptcp_sock *msk, int optname,
a7b75c5a 2830 sockptr_t optval, unsigned int optlen)
c9b95a13
FW		 2831{
2832 struct sock *sk = (struct sock *)msk;
2833 int ret = -EOPNOTSUPP;
2834 struct socket *ssock;
2835
2836 switch (optname) {
2837 case IPV6_V6ONLY:
2838 lock_sock(sk);
2839 ssock = __mptcp_nmpc_socket(msk);
2840 if (!ssock) {
2841 release_sock(sk);
2842 return -EINVAL;
2843 }
2844
2845 ret = tcp_setsockopt(ssock->sk, SOL_IPV6, optname, optval, optlen);
2846 if (ret == 0)
2847 sk->sk_ipv6only = ssock->sk->sk_ipv6only;
2848
2849 release_sock(sk);
2850 break;
2851 }
2852
2853 return ret;
2854}
2855
717e79c8 2856static int mptcp_setsockopt(struct sock *sk, int level, int optname,
a7b75c5a 2857 sockptr_t optval, unsigned int optlen)
717e79c8
PK		 2858{
2859 struct mptcp_sock *msk = mptcp_sk(sk);
76660afb 2860 struct sock *ssk;
717e79c8
PK		 2861
2862 pr_debug("msk=%p", msk);
2863
83f0c10b 2864 if (level == SOL_SOCKET)
fd1452d8 2865 return mptcp_setsockopt_sol_socket(msk, optname, optval, optlen);
83f0c10b 2866
717e79c8 2867 /* @@ the meaning of setsockopt() when the socket is connected and
b6e4a1ae
MM		 2868 * there are multiple subflows is not yet defined. It is up to the
2869 * MPTCP-level socket to configure the subflows until the subflow
2870 * is in TCP fallback, when TCP socket options are passed through
2871 * to the one remaining subflow.
717e79c8
PK		 2872 */
2873 lock_sock(sk);
76660afb 2874 ssk = __mptcp_tcp_fallback(msk);
e154659b 2875 release_sock(sk);
76660afb
PA		 2876 if (ssk)
2877 return tcp_setsockopt(ssk, level, optname, optval, optlen);
50e741bb 2878
c9b95a13
FW		 2879 if (level == SOL_IPV6)
2880 return mptcp_setsockopt_v6(msk, optname, optval, optlen);
2881
b6e4a1ae 2882 return -EOPNOTSUPP;
717e79c8
PK		 2883}
2884
2885static int mptcp_getsockopt(struct sock *sk, int level, int optname,
50e741bb 2886 char __user *optval, int __user *option)
717e79c8
PK		 2887{
2888 struct mptcp_sock *msk = mptcp_sk(sk);
76660afb 2889 struct sock *ssk;
717e79c8
PK		 2890
2891 pr_debug("msk=%p", msk);
2892
b6e4a1ae
MM		 2893 /* @@ the meaning of setsockopt() when the socket is connected and
2894 * there are multiple subflows is not yet defined. It is up to the
2895 * MPTCP-level socket to configure the subflows until the subflow
2896 * is in TCP fallback, when socket options are passed through
2897 * to the one remaining subflow.
717e79c8
PK		 2898 */
2899 lock_sock(sk);
76660afb 2900 ssk = __mptcp_tcp_fallback(msk);
e154659b 2901 release_sock(sk);
76660afb
PA		 2902 if (ssk)
2903 return tcp_getsockopt(ssk, level, optname, optval, option);
50e741bb 2904
b6e4a1ae 2905 return -EOPNOTSUPP;
717e79c8
PK		 2906}
2907
6e628cd3
PA		 2908void __mptcp_data_acked(struct sock *sk)
2909{
2910 if (!sock_owned_by_user(sk))
2911 __mptcp_clean_una(sk);
2912 else
2913 set_bit(MPTCP_CLEAN_UNA, &mptcp_sk(sk)->flags);
2914
2915 if (mptcp_pending_data_fin_ack(sk))
2916 mptcp_schedule_work(sk);
2917}
2918
219d0499 2919void __mptcp_check_push(struct sock *sk, struct sock *ssk)
6e628cd3
PA		 2920{
2921 if (!mptcp_send_head(sk))
2922 return;
2923
40dc9416 2924 if (!sock_owned_by_user(sk)) {
b19bc294
PA		 2925 struct sock *xmit_ssk = mptcp_subflow_get_send(mptcp_sk(sk));
2926
2927 if (xmit_ssk == ssk)
40dc9416 2928 __mptcp_subflow_push_pending(sk, ssk);
b19bc294
PA		 2929 else if (xmit_ssk)
2930 mptcp_subflow_delegate(mptcp_subflow_ctx(xmit_ssk));
40dc9416 2931 } else {
6e628cd3 2932 set_bit(MPTCP_PUSH_PENDING, &mptcp_sk(sk)->flags);
40dc9416 2933 }
6e628cd3
PA		 2934}
2935
ea4ca586 2936#define MPTCP_DEFERRED_ALL (TCPF_WRITE_TIMER_DEFERRED)
14c441b5 2937
e93da928 2938/* processes deferred events and flush wmem */
14c441b5
PA		 2939static void mptcp_release_cb(struct sock *sk)
2940{
2941 unsigned long flags, nflags;
2942
6e628cd3
PA		 2943 /* push_pending may touch wmem_reserved, do it before the later
2944 * cleanup
2945 */
2946 if (test_and_clear_bit(MPTCP_CLEAN_UNA, &mptcp_sk(sk)->flags))
2947 __mptcp_clean_una(sk);
2948 if (test_and_clear_bit(MPTCP_PUSH_PENDING, &mptcp_sk(sk)->flags)) {
2949 /* mptcp_push_pending() acquires the subflow socket lock
2950 *
2951 * 1) can't be invoked in atomic scope
2952 * 2) must avoid ABBA deadlock with msk socket spinlock: the RX
2953 * datapath acquires the msk socket spinlock while helding
2954 * the subflow socket lock
2955 */
2956
2957 spin_unlock_bh(&sk->sk_lock.slock);
2958 mptcp_push_pending(sk, 0);
2959 spin_lock_bh(&sk->sk_lock.slock);
2960 }
15cc1045
PA		 2961 if (test_and_clear_bit(MPTCP_ERROR_REPORT, &mptcp_sk(sk)->flags))
2962 __mptcp_error_report(sk);
6e628cd3 2963
e93da928
PA		 2964 /* clear any wmem reservation and errors */
2965 __mptcp_update_wmem(sk);
87952603 2966 __mptcp_update_rmem(sk);
e93da928 2967
14c441b5
PA		 2968 do {
2969 flags = sk->sk_tsq_flags;
2970 if (!(flags & MPTCP_DEFERRED_ALL))
2971 return;
2972 nflags = flags & ~MPTCP_DEFERRED_ALL;
2973 } while (cmpxchg(&sk->sk_tsq_flags, flags, nflags) != flags);
2974
b51f9b80
PA		 2975 sock_release_ownership(sk);
2976
b51f9b80
PA		 2977 if (flags & TCPF_WRITE_TIMER_DEFERRED) {
2978 mptcp_retransmit_handler(sk);
2979 __sock_put(sk);
2980 }
14c441b5
PA		 2981}
2982
b19bc294
PA		 2983void mptcp_subflow_process_delegated(struct sock *ssk)
2984{
2985 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk);
2986 struct sock *sk = subflow->conn;
2987
2988 mptcp_data_lock(sk);
2989 if (!sock_owned_by_user(sk))
2990 __mptcp_subflow_push_pending(sk, ssk);
2991 else
2992 set_bit(MPTCP_PUSH_PENDING, &mptcp_sk(sk)->flags);
2993 mptcp_data_unlock(sk);
2994 mptcp_subflow_delegated_done(subflow);
2995}
2996
2c5ebd00
PA		 2997static int mptcp_hash(struct sock *sk)
2998{
2999 /* should never be called,
3000 * we hash the TCP subflows not the master socket
3001 */
3002 WARN_ON_ONCE(1);
3003 return 0;
3004}
3005
3006static void mptcp_unhash(struct sock *sk)
3007{
3008 /* called from sk_common_release(), but nothing to do here */
3009}
3010
cec37a6e 3011static int mptcp_get_port(struct sock *sk, unsigned short snum)
f870fa0b
MM		 3012{
3013 struct mptcp_sock *msk = mptcp_sk(sk);
cec37a6e 3014 struct socket *ssock;
f870fa0b 3015
cec37a6e
PK		 3016 ssock = __mptcp_nmpc_socket(msk);
3017 pr_debug("msk=%p, subflow=%p", msk, ssock);
3018 if (WARN_ON_ONCE(!ssock))
3019 return -EINVAL;
f870fa0b 3020
cec37a6e
PK		 3021 return inet_csk_get_port(ssock->sk, snum);
3022}
f870fa0b 3023
cec37a6e
PK		 3024void mptcp_finish_connect(struct sock *ssk)
3025{
3026 struct mptcp_subflow_context *subflow;
3027 struct mptcp_sock *msk;
3028 struct sock *sk;
6d0060f6 3029 u64 ack_seq;
f870fa0b 3030
cec37a6e 3031 subflow = mptcp_subflow_ctx(ssk);
cec37a6e
PK		 3032 sk = subflow->conn;
3033 msk = mptcp_sk(sk);
3034
648ef4b8
MM		 3035 pr_debug("msk=%p, token=%u", sk, subflow->token);
3036
6d0060f6
MM		 3037 mptcp_crypto_key_sha(subflow->remote_key, NULL, &ack_seq);
3038 ack_seq++;
648ef4b8
MM		 3039 subflow->map_seq = ack_seq;
3040 subflow->map_subflow_seq = 1;
6d0060f6 3041
cec37a6e
PK		 3042 /* the socket is not connected yet, no msk/subflow ops can access/race
3043 * accessing the field below
3044 */
3045 WRITE_ONCE(msk->remote_key, subflow->remote_key);
3046 WRITE_ONCE(msk->local_key, subflow->local_key);
6d0060f6 3047 WRITE_ONCE(msk->write_seq, subflow->idsn + 1);
eaa2ffab 3048 WRITE_ONCE(msk->snd_nxt, msk->write_seq);
6d0060f6 3049 WRITE_ONCE(msk->ack_seq, ack_seq);
fa3fe2b1 3050 WRITE_ONCE(msk->rcv_wnd_sent, ack_seq);
d22f4988 3051 WRITE_ONCE(msk->can_ack, 1);
7439d687 3052 WRITE_ONCE(msk->snd_una, msk->write_seq);
1b1c7a0e 3053
6c714f1b 3054 mptcp_pm_new_connection(msk, ssk, 0);
a6b118fe
FW		 3055
3056 mptcp_rcv_space_init(msk, ssk);
f870fa0b
MM		 3057}
3058
866f26f2 3059void mptcp_sock_graft(struct sock *sk, struct socket *parent)
cf7da0d6
PK		 3060{
3061 write_lock_bh(&sk->sk_callback_lock);
3062 rcu_assign_pointer(sk->sk_wq, &parent->wq);
3063 sk_set_socket(sk, parent);
3064 sk->sk_uid = SOCK_INODE(parent)->i_uid;
3065 write_unlock_bh(&sk->sk_callback_lock);
3066}
3067
e16163b6 3068bool mptcp_finish_join(struct sock *ssk)
f296234c 3069{
e16163b6 3070 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk);
f296234c
PK		 3071 struct mptcp_sock *msk = mptcp_sk(subflow->conn);
3072 struct sock *parent = (void *)msk;
3073 struct socket *parent_sock;
ec3edaa7 3074 bool ret;
f296234c
PK		 3075
3076 pr_debug("msk=%p, subflow=%p", msk, subflow);
3077
3078 /* mptcp socket already closing? */
b93df08c 3079 if (!mptcp_is_fully_established(parent))
f296234c
PK		 3080 return false;
3081
3082 if (!msk->pm.server_side)
b911c97c 3083 goto out;
f296234c 3084
10f6d46c
PA		 3085 if (!mptcp_pm_allow_new_subflow(msk))
3086 return false;
3087
3088 /* active connections are already on conn_list, and we can't acquire
3089 * msk lock here.
3090 * use the join list lock as synchronization point and double-check
e16163b6 3091 * msk status to avoid racing with __mptcp_destroy_sock()
10f6d46c
PA		 3092 */
3093 spin_lock_bh(&msk->join_list_lock);
3094 ret = inet_sk_state_load(parent) == TCP_ESTABLISHED;
e16163b6 3095 if (ret && !WARN_ON_ONCE(!list_empty(&subflow->node))) {
10f6d46c 3096 list_add_tail(&subflow->node, &msk->join_list);
e16163b6
PA		 3097 sock_hold(ssk);
3098 }
10f6d46c
PA		 3099 spin_unlock_bh(&msk->join_list_lock);
3100 if (!ret)
3101 return false;
3102
3103 /* attach to msk socket only after we are sure he will deal with us
3104 * at close time
3105 */
f296234c 3106 parent_sock = READ_ONCE(parent->sk_socket);
e16163b6
PA		 3107 if (parent_sock && !ssk->sk_socket)
3108 mptcp_sock_graft(ssk, parent_sock);
917944da 3109 subflow->map_seq = READ_ONCE(msk->ack_seq);
b911c97c
FW		 3110out:
3111 mptcp_event(MPTCP_EVENT_SUB_ESTABLISHED, msk, ssk, GFP_ATOMIC);
10f6d46c 3112 return true;
f296234c
PK		 3113}
3114
76e2a55d
PA		 3115static void mptcp_shutdown(struct sock *sk, int how)
3116{
3117 pr_debug("sk=%p, how=%d", sk, how);
3118
3119 if ((how & SEND_SHUTDOWN) && mptcp_close_state(sk))
3120 __mptcp_wr_shutdown(sk);
3121}
3122
f870fa0b
MM		 3123static struct proto mptcp_prot = {
3124 .name = "MPTCP",
3125 .owner = THIS_MODULE,
3126 .init = mptcp_init_sock,
18b683bf 3127 .disconnect = mptcp_disconnect,
f870fa0b 3128 .close = mptcp_close,
cf7da0d6 3129 .accept = mptcp_accept,
717e79c8
PK		 3130 .setsockopt = mptcp_setsockopt,
3131 .getsockopt = mptcp_getsockopt,
76e2a55d 3132 .shutdown = mptcp_shutdown,
79c0949e 3133 .destroy = mptcp_destroy,
f870fa0b
MM		 3134 .sendmsg = mptcp_sendmsg,
3135 .recvmsg = mptcp_recvmsg,
14c441b5 3136 .release_cb = mptcp_release_cb,
2c5ebd00
PA		 3137 .hash = mptcp_hash,
3138 .unhash = mptcp_unhash,
cec37a6e 3139 .get_port = mptcp_get_port,
d027236c
PA		 3140 .sockets_allocated = &mptcp_sockets_allocated,
3141 .memory_allocated = &tcp_memory_allocated,
3142 .memory_pressure = &tcp_memory_pressure,
d027236c 3143 .sysctl_wmem_offset = offsetof(struct net, ipv4.sysctl_tcp_wmem),
989ef49b 3144 .sysctl_rmem_offset = offsetof(struct net, ipv4.sysctl_tcp_rmem),
d027236c 3145 .sysctl_mem = sysctl_tcp_mem,
f870fa0b 3146 .obj_size = sizeof(struct mptcp_sock),
2c5ebd00 3147 .slab_flags = SLAB_TYPESAFE_BY_RCU,
f870fa0b
MM		 3148 .no_autobind = true,
3149};
3150
2303f994
PK		 3151static int mptcp_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
3152{
3153 struct mptcp_sock *msk = mptcp_sk(sock->sk);
3154 struct socket *ssock;
cf7da0d6 3155 int err;
2303f994
PK		 3156
3157 lock_sock(sock->sk);
fa68018d
PA		 3158 ssock = __mptcp_nmpc_socket(msk);
3159 if (!ssock) {
3160 err = -EINVAL;
2303f994
PK		 3161 goto unlock;
3162 }
3163
3164 err = ssock->ops->bind(ssock, uaddr, addr_len);
cf7da0d6
PK		 3165 if (!err)
3166 mptcp_copy_inaddrs(sock->sk, ssock->sk);
2303f994
PK		 3167
3168unlock:
3169 release_sock(sock->sk);
3170 return err;
3171}
3172
0235d075
PA		 3173static void mptcp_subflow_early_fallback(struct mptcp_sock *msk,
3174 struct mptcp_subflow_context *subflow)
3175{
3176 subflow->request_mptcp = 0;
3177 __mptcp_do_fallback(msk);
3178}
3179
2303f994
PK		 3180static int mptcp_stream_connect(struct socket *sock, struct sockaddr *uaddr,
3181 int addr_len, int flags)
3182{
3183 struct mptcp_sock *msk = mptcp_sk(sock->sk);
2c5ebd00 3184 struct mptcp_subflow_context *subflow;
2303f994
PK		 3185 struct socket *ssock;
3186 int err;
3187
3188 lock_sock(sock->sk);
41be81a8
PA		 3189 if (sock->state != SS_UNCONNECTED && msk->subflow) {
3190 /* pending connection or invalid state, let existing subflow
3191 * cope with that
3192 */
3193 ssock = msk->subflow;
3194 goto do_connect;
3195 }
3196
fa68018d
PA		 3197 ssock = __mptcp_nmpc_socket(msk);
3198 if (!ssock) {
3199 err = -EINVAL;
2303f994
PK		 3200 goto unlock;
3201 }
3202
fa68018d
PA		 3203 mptcp_token_destroy(msk);
3204 inet_sk_state_store(sock->sk, TCP_SYN_SENT);
2c5ebd00 3205 subflow = mptcp_subflow_ctx(ssock->sk);
cf7da0d6
PK		 3206#ifdef CONFIG_TCP_MD5SIG
3207 /* no MPTCP if MD5SIG is enabled on this socket or we may run out of
3208 * TCP option space.
3209 */
3210 if (rcu_access_pointer(tcp_sk(ssock->sk)->md5sig_info))
0235d075 3211 mptcp_subflow_early_fallback(msk, subflow);
cf7da0d6 3212#endif
2c5ebd00 3213 if (subflow->request_mptcp && mptcp_token_new_connect(ssock->sk))
0235d075 3214 mptcp_subflow_early_fallback(msk, subflow);
cf7da0d6 3215
41be81a8 3216do_connect:
2303f994 3217 err = ssock->ops->connect(ssock, uaddr, addr_len, flags);
41be81a8
PA		 3218 sock->state = ssock->state;
3219
3220 /* on successful connect, the msk state will be moved to established by
3221 * subflow_finish_connect()
3222 */
367fe04e 3223 if (!err || err == -EINPROGRESS)
41be81a8
PA		 3224 mptcp_copy_inaddrs(sock->sk, ssock->sk);
3225 else
3226 inet_sk_state_store(sock->sk, inet_sk_state_load(ssock->sk));
2303f994
PK		 3227
3228unlock:
3229 release_sock(sock->sk);
3230 return err;
3231}
3232
cf7da0d6
PK		 3233static int mptcp_listen(struct socket *sock, int backlog)
3234{
3235 struct mptcp_sock *msk = mptcp_sk(sock->sk);
3236 struct socket *ssock;
3237 int err;
3238
3239 pr_debug("msk=%p", msk);
3240
3241 lock_sock(sock->sk);
fa68018d
PA		 3242 ssock = __mptcp_nmpc_socket(msk);
3243 if (!ssock) {
3244 err = -EINVAL;
cf7da0d6
PK		 3245 goto unlock;
3246 }
3247
fa68018d
PA		 3248 mptcp_token_destroy(msk);
3249 inet_sk_state_store(sock->sk, TCP_LISTEN);
5e20087d
FW		 3250 sock_set_flag(sock->sk, SOCK_RCU_FREE);
3251
cf7da0d6
PK		 3252 err = ssock->ops->listen(ssock, backlog);
3253 inet_sk_state_store(sock->sk, inet_sk_state_load(ssock->sk));
3254 if (!err)
3255 mptcp_copy_inaddrs(sock->sk, ssock->sk);
3256
3257unlock:
3258 release_sock(sock->sk);
3259 return err;
3260}
3261
cf7da0d6
PK		 3262static int mptcp_stream_accept(struct socket *sock, struct socket *newsock,
3263 int flags, bool kern)
3264{
3265 struct mptcp_sock *msk = mptcp_sk(sock->sk);
3266 struct socket *ssock;
3267 int err;
3268
3269 pr_debug("msk=%p", msk);
3270
3271 lock_sock(sock->sk);
3272 if (sock->sk->sk_state != TCP_LISTEN)
3273 goto unlock_fail;
3274
3275 ssock = __mptcp_nmpc_socket(msk);
3276 if (!ssock)
3277 goto unlock_fail;
3278
8a05661b 3279 clear_bit(MPTCP_DATA_READY, &msk->flags);
cf7da0d6
PK		 3280 sock_hold(ssock->sk);
3281 release_sock(sock->sk);
3282
3283 err = ssock->ops->accept(sock, newsock, flags, kern);
d2f77c53 3284 if (err == 0 && !mptcp_is_tcpsk(newsock->sk)) {
cf7da0d6
PK		 3285 struct mptcp_sock *msk = mptcp_sk(newsock->sk);
3286 struct mptcp_subflow_context *subflow;
0397c6d8 3287 struct sock *newsk = newsock->sk;
0397c6d8 3288
4d54cc32 3289 lock_sock(newsk);
5b950ff4
PA		 3290
3291 /* PM/worker can now acquire the first subflow socket
3292 * lock without racing with listener queue cleanup,
3293 * we can notify it, if needed.
3294 */
3295 subflow = mptcp_subflow_ctx(msk->first);
3296 list_add(&subflow->node, &msk->conn_list);
3297 sock_hold(msk->first);
3298 if (mptcp_is_fully_established(newsk))
6c714f1b 3299 mptcp_pm_fully_established(msk, msk->first, GFP_KERNEL);
5b950ff4 3300
0397c6d8
PA		 3301 mptcp_copy_inaddrs(newsk, msk->first);
3302 mptcp_rcv_space_init(msk, msk->first);
5cf92bba 3303 mptcp_propagate_sndbuf(newsk, msk->first);
cf7da0d6
PK		 3304
3305 /* set ssk->sk_socket of accept()ed flows to mptcp socket.
3306 * This is needed so NOSPACE flag can be set from tcp stack.
3307 */
ec3edaa7 3308 __mptcp_flush_join_list(msk);
190f8b06 3309 mptcp_for_each_subflow(msk, subflow) {
cf7da0d6
PK		 3310 struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
3311
3312 if (!ssk->sk_socket)
3313 mptcp_sock_graft(ssk, newsock);
3314 }
4d54cc32 3315 release_sock(newsk);
cf7da0d6
PK		 3316 }
3317
8a05661b
PA		 3318 if (inet_csk_listen_poll(ssock->sk))
3319 set_bit(MPTCP_DATA_READY, &msk->flags);
cf7da0d6
PK		 3320 sock_put(ssock->sk);
3321 return err;
3322
3323unlock_fail:
3324 release_sock(sock->sk);
3325 return -EINVAL;
3326}
3327
8a05661b
PA		 3328static __poll_t mptcp_check_readable(struct mptcp_sock *msk)
3329{
3330 return test_bit(MPTCP_DATA_READY, &msk->flags) ? EPOLLIN | EPOLLRDNORM :
3331 0;
3332}
3333
8edf0864
FW		 3334static __poll_t mptcp_check_writeable(struct mptcp_sock *msk)
3335{
3336 struct sock *sk = (struct sock *)msk;
8edf0864
FW		 3337
3338 if (unlikely(sk->sk_shutdown & SEND_SHUTDOWN))
dd913410 3339 return EPOLLOUT | EPOLLWRNORM;
8edf0864
FW		 3340
3341 if (sk_stream_is_writeable(sk))
3342 return EPOLLOUT | EPOLLWRNORM;
3343
5cf92bba 3344 mptcp_set_nospace(sk);
6e628cd3
PA		 3345 smp_mb__after_atomic(); /* msk->flags is changed by write_space cb */
3346 if (sk_stream_is_writeable(sk))
3347 return EPOLLOUT | EPOLLWRNORM;
8edf0864 3348
6e628cd3 3349 return 0;
8edf0864
FW		 3350}
3351
2303f994
PK		 3352static __poll_t mptcp_poll(struct file *file, struct socket *sock,
3353 struct poll_table_struct *wait)
3354{
1891c4a0 3355 struct sock *sk = sock->sk;
8ab183de 3356 struct mptcp_sock *msk;
2303f994 3357 __poll_t mask = 0;
8a05661b 3358 int state;
2303f994 3359
1891c4a0 3360 msk = mptcp_sk(sk);
1891c4a0 3361 sock_poll_wait(file, sock, wait);
1891c4a0 3362
8a05661b 3363 state = inet_sk_state_load(sk);
6719331c 3364 pr_debug("msk=%p state=%d flags=%lx", msk, state, msk->flags);
8a05661b
PA		 3365 if (state == TCP_LISTEN)
3366 return mptcp_check_readable(msk);
3367
3368 if (state != TCP_SYN_SENT && state != TCP_SYN_RECV) {
3369 mask |= mptcp_check_readable(msk);
8edf0864 3370 mask |= mptcp_check_writeable(msk);
8a05661b 3371 }
dd913410
PA		 3372 if (sk->sk_shutdown == SHUTDOWN_MASK || state == TCP_CLOSE)
3373 mask |= EPOLLHUP;
1891c4a0
FW		 3374 if (sk->sk_shutdown & RCV_SHUTDOWN)
3375 mask |= EPOLLIN | EPOLLRDNORM | EPOLLRDHUP;
3376
15cc1045
PA		 3377 /* This barrier is coupled with smp_wmb() in tcp_reset() */
3378 smp_rmb();
3379 if (sk->sk_err)
3380 mask |= EPOLLERR;
3381
2303f994
PK		 3382 return mask;
3383}
3384
ad98dd37
FW		 3385static int mptcp_release(struct socket *sock)
3386{
3387 struct mptcp_subflow_context *subflow;
3388 struct sock *sk = sock->sk;
3389 struct mptcp_sock *msk;
3390
3391 if (!sk)
3392 return 0;
3393
3394 lock_sock(sk);
3395
3396 msk = mptcp_sk(sk);
3397
3398 mptcp_for_each_subflow(msk, subflow) {
3399 struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
3400
3401 ip_mc_drop_socket(ssk);
3402 }
3403
3404 release_sock(sk);
3405
3406 return inet_release(sock);
3407}
3408
e42f1ac6
FW		 3409static const struct proto_ops mptcp_stream_ops = {
3410 .family = PF_INET,
3411 .owner = THIS_MODULE,
ad98dd37 3412 .release = mptcp_release,
e42f1ac6
FW		 3413 .bind = mptcp_bind,
3414 .connect = mptcp_stream_connect,
3415 .socketpair = sock_no_socketpair,
3416 .accept = mptcp_stream_accept,
d2f77c53 3417 .getname = inet_getname,
e42f1ac6
FW		 3418 .poll = mptcp_poll,
3419 .ioctl = inet_ioctl,
3420 .gettstamp = sock_gettstamp,
3421 .listen = mptcp_listen,
76e2a55d 3422 .shutdown = inet_shutdown,
e42f1ac6
FW		 3423 .setsockopt = sock_common_setsockopt,
3424 .getsockopt = sock_common_getsockopt,
3425 .sendmsg = inet_sendmsg,
3426 .recvmsg = inet_recvmsg,
3427 .mmap = sock_no_mmap,
3428 .sendpage = inet_sendpage,
e42f1ac6 3429};
2303f994 3430
f870fa0b
MM		 3431static struct inet_protosw mptcp_protosw = {
3432 .type = SOCK_STREAM,
3433 .protocol = IPPROTO_MPTCP,
3434 .prot = &mptcp_prot,
2303f994
PK		 3435 .ops = &mptcp_stream_ops,
3436 .flags = INET_PROTOSW_ICSK,
f870fa0b
MM		 3437};
3438
b19bc294
PA		 3439static int mptcp_napi_poll(struct napi_struct *napi, int budget)
3440{
3441 struct mptcp_delegated_action *delegated;
3442 struct mptcp_subflow_context *subflow;
3443 int work_done = 0;
3444
3445 delegated = container_of(napi, struct mptcp_delegated_action, napi);
3446 while ((subflow = mptcp_subflow_delegated_next(delegated)) != NULL) {
3447 struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
3448
3449 bh_lock_sock_nested(ssk);
3450 if (!sock_owned_by_user(ssk) &&
3451 mptcp_subflow_has_delegated_action(subflow))
3452 mptcp_subflow_process_delegated(ssk);
3453 /* ... elsewhere tcp_release_cb_override already processed
3454 * the action or will do at next release_sock().
3455 * In both case must dequeue the subflow here - on the same
3456 * CPU that scheduled it.
3457 */
3458 bh_unlock_sock(ssk);
3459 sock_put(ssk);
3460
3461 if (++work_done == budget)
3462 return budget;
3463 }
3464
3465 /* always provide a 0 'work_done' argument, so that napi_complete_done
3466 * will not try accessing the NULL napi->dev ptr
3467 */
3468 napi_complete_done(napi, 0);
3469 return work_done;
3470}
3471
d39dceca 3472void __init mptcp_proto_init(void)
f870fa0b 3473{
b19bc294
PA		 3474 struct mptcp_delegated_action *delegated;
3475 int cpu;
3476
2303f994 3477 mptcp_prot.h.hashinfo = tcp_prot.h.hashinfo;
2303f994 3478
d027236c
PA		 3479 if (percpu_counter_init(&mptcp_sockets_allocated, 0, GFP_KERNEL))
3480 panic("Failed to allocate MPTCP pcpu counter\n");
3481
b19bc294
PA		 3482 init_dummy_netdev(&mptcp_napi_dev);
3483 for_each_possible_cpu(cpu) {
3484 delegated = per_cpu_ptr(&mptcp_delegated_actions, cpu);
3485 INIT_LIST_HEAD(&delegated->head);
3486 netif_tx_napi_add(&mptcp_napi_dev, &delegated->napi, mptcp_napi_poll,
3487 NAPI_POLL_WEIGHT);
3488 napi_enable(&delegated->napi);
3489 }
3490
2303f994 3491 mptcp_subflow_init();
1b1c7a0e 3492 mptcp_pm_init();
2c5ebd00 3493 mptcp_token_init();
2303f994 3494
f870fa0b
MM		 3495 if (proto_register(&mptcp_prot, 1) != 0)
3496 panic("Failed to register MPTCP proto.\n");
3497
3498 inet_register_protosw(&mptcp_protosw);
6771bfd9
FW		 3499
3500 BUILD_BUG_ON(sizeof(struct mptcp_skb_cb) > sizeof_field(struct sk_buff, cb));
f870fa0b
MM		 3501}
3502
3503#if IS_ENABLED(CONFIG_MPTCP_IPV6)
ad98dd37
FW		 3504static int mptcp6_release(struct socket *sock)
3505{
3506 struct mptcp_subflow_context *subflow;
3507 struct mptcp_sock *msk;
3508 struct sock *sk = sock->sk;
3509
3510 if (!sk)
3511 return 0;
3512
3513 lock_sock(sk);
3514
3515 msk = mptcp_sk(sk);
3516
3517 mptcp_for_each_subflow(msk, subflow) {
3518 struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
3519
3520 ip_mc_drop_socket(ssk);
3521 ipv6_sock_mc_close(ssk);
3522 ipv6_sock_ac_close(ssk);
3523 }
3524
3525 release_sock(sk);
3526 return inet6_release(sock);
3527}
3528
e42f1ac6
FW		 3529static const struct proto_ops mptcp_v6_stream_ops = {
3530 .family = PF_INET6,
3531 .owner = THIS_MODULE,
ad98dd37 3532 .release = mptcp6_release,
e42f1ac6
FW		 3533 .bind = mptcp_bind,
3534 .connect = mptcp_stream_connect,
3535 .socketpair = sock_no_socketpair,
3536 .accept = mptcp_stream_accept,
d2f77c53 3537 .getname = inet6_getname,
e42f1ac6
FW		 3538 .poll = mptcp_poll,
3539 .ioctl = inet6_ioctl,
3540 .gettstamp = sock_gettstamp,
3541 .listen = mptcp_listen,
76e2a55d 3542 .shutdown = inet_shutdown,
e42f1ac6
FW		 3543 .setsockopt = sock_common_setsockopt,
3544 .getsockopt = sock_common_getsockopt,
3545 .sendmsg = inet6_sendmsg,
3546 .recvmsg = inet6_recvmsg,
3547 .mmap = sock_no_mmap,
3548 .sendpage = inet_sendpage,
3549#ifdef CONFIG_COMPAT
3986912f 3550 .compat_ioctl = inet6_compat_ioctl,
e42f1ac6
FW		 3551#endif
3552};
3553
f870fa0b
MM		 3554static struct proto mptcp_v6_prot;
3555
79c0949e
PK		 3556static void mptcp_v6_destroy(struct sock *sk)
3557{
3558 mptcp_destroy(sk);
3559 inet6_destroy_sock(sk);
3560}
3561
f870fa0b
MM		 3562static struct inet_protosw mptcp_v6_protosw = {
3563 .type = SOCK_STREAM,
3564 .protocol = IPPROTO_MPTCP,
3565 .prot = &mptcp_v6_prot,
2303f994 3566 .ops = &mptcp_v6_stream_ops,
f870fa0b
MM		 3567 .flags = INET_PROTOSW_ICSK,
3568};
3569
d39dceca 3570int __init mptcp_proto_v6_init(void)
f870fa0b
MM		 3571{
3572 int err;
3573
3574 mptcp_v6_prot = mptcp_prot;
3575 strcpy(mptcp_v6_prot.name, "MPTCPv6");
3576 mptcp_v6_prot.slab = NULL;
79c0949e 3577 mptcp_v6_prot.destroy = mptcp_v6_destroy;
b0519de8 3578 mptcp_v6_prot.obj_size = sizeof(struct mptcp6_sock);
f870fa0b
MM		 3579
3580 err = proto_register(&mptcp_v6_prot, 1);
3581 if (err)
3582 return err;
3583
3584 err = inet6_register_protosw(&mptcp_v6_protosw);
3585 if (err)
3586 proto_unregister(&mptcp_v6_prot);
3587
3588 return err;
3589}
3590#endif
Linux 6.x block layer and io_uring tree(s)