1// SPDX-License-Identifier: GPL-2.0 2/* Multipath TCP 3 * 4 * Copyright (c) 2017 - 2019, Intel Corporation. 5 */ 6 7#define pr_fmt(fmt) "MPTCP: " fmt 8 9#include <linux/kernel.h> 10#include <linux/module.h> 11#include <linux/netdevice.h> 12#include <linux/sched/signal.h> 13#include <linux/atomic.h> 14#include <net/sock.h> 15#include <net/inet_common.h> 16#include <net/inet_hashtables.h> 17#include <net/protocol.h> 18#include <net/tcp.h> 19#include <net/tcp_states.h> 20#if IS_ENABLED(CONFIG_MPTCP_IPV6) 21#include <net/transp_v6.h> 22#endif 23#include <net/mptcp.h> 24#include "protocol.h" 25#include "mib.h" 26 27#if IS_ENABLED(CONFIG_MPTCP_IPV6) 28struct mptcp6_sock { 29 struct mptcp_sock msk; 30 struct ipv6_pinfo np; 31}; 32#endif 33 34struct mptcp_skb_cb { 35 u64 map_seq; 36 u64 end_seq; 37 u32 offset; 38}; 39 40#define MPTCP_SKB_CB(__skb) ((struct mptcp_skb_cb *)&((__skb)->cb[0])) 41 42static struct percpu_counter mptcp_sockets_allocated; 43 44/* If msk has an initial subflow socket, and the MP_CAPABLE handshake has not 45 * completed yet or has failed, return the subflow socket. 46 * Otherwise return NULL. 47 */ 48static struct socket *__mptcp_nmpc_socket(const struct mptcp_sock *msk) 49{ 50 if (!msk->subflow || READ_ONCE(msk->can_ack)) 51 return NULL; 52 53 return msk->subflow; 54} 55 56static bool mptcp_is_tcpsk(struct sock *sk) 57{ 58 struct socket *sock = sk->sk_socket; 59 60 if (unlikely(sk->sk_prot == &tcp_prot)) { 61 /* we are being invoked after mptcp_accept() has 62 * accepted a non-mp-capable flow: sk is a tcp_sk, 63 * not an mptcp one. 64 * 65 * Hand the socket over to tcp so all further socket ops 66 * bypass mptcp. 67 */ 68 sock->ops = &inet_stream_ops; 69 return true; 70#if IS_ENABLED(CONFIG_MPTCP_IPV6) 71 } else if (unlikely(sk->sk_prot == &tcpv6_prot)) { 72 sock->ops = &inet6_stream_ops; 73 return true; 74#endif 75 } 76 77 return false; 78} 79 80static struct sock *__mptcp_tcp_fallback(struct mptcp_sock *msk) 81{ 82 sock_owned_by_me((const struct sock *)msk); 83 84 if (likely(!__mptcp_check_fallback(msk))) 85 return NULL; 86 87 return msk->first; 88} 89 90static int __mptcp_socket_create(struct mptcp_sock *msk) 91{ 92 struct mptcp_subflow_context *subflow; 93 struct sock *sk = (struct sock *)msk; 94 struct socket *ssock; 95 int err; 96 97 err = mptcp_subflow_create_socket(sk, &ssock); 98 if (err) 99 return err; 100 101 msk->first = ssock->sk; 102 msk->subflow = ssock; 103 subflow = mptcp_subflow_ctx(ssock->sk); 104 list_add(&subflow->node, &msk->conn_list); 105 subflow->request_mptcp = 1; 106 107 /* accept() will wait on first subflow sk_wq, and we always wakes up 108 * via msk->sk_socket 109 */ 110 RCU_INIT_POINTER(msk->first->sk_wq, &sk->sk_socket->wq); 111 112 return 0; 113} 114 115static void mptcp_drop(struct sock *sk, struct sk_buff *skb) 116{ 117 sk_drops_add(sk, skb); 118 __kfree_skb(skb); 119} 120 121static bool mptcp_try_coalesce(struct sock *sk, struct sk_buff *to, 122 struct sk_buff *from) 123{ 124 bool fragstolen; 125 int delta; 126 127 if (MPTCP_SKB_CB(from)->offset || 128 !skb_try_coalesce(to, from, &fragstolen, &delta)) 129 return false; 130 131 pr_debug("colesced seq %llx into %llx new len %d new end seq %llx", 132 MPTCP_SKB_CB(from)->map_seq, MPTCP_SKB_CB(to)->map_seq, 133 to->len, MPTCP_SKB_CB(from)->end_seq); 134 MPTCP_SKB_CB(to)->end_seq = MPTCP_SKB_CB(from)->end_seq; 135 kfree_skb_partial(from, fragstolen); 136 atomic_add(delta, &sk->sk_rmem_alloc); 137 sk_mem_charge(sk, delta); 138 return true; 139} 140 141static bool mptcp_ooo_try_coalesce(struct mptcp_sock *msk, struct sk_buff *to, 142 struct sk_buff *from) 143{ 144 if (MPTCP_SKB_CB(from)->map_seq != MPTCP_SKB_CB(to)->end_seq) 145 return false; 146 147 return mptcp_try_coalesce((struct sock *)msk, to, from); 148} 149 150/* "inspired" by tcp_data_queue_ofo(), main differences: 151 * - use mptcp seqs 152 * - don't cope with sacks 153 */ 154static void mptcp_data_queue_ofo(struct mptcp_sock *msk, struct sk_buff *skb) 155{ 156 struct sock *sk = (struct sock *)msk; 157 struct rb_node **p, *parent; 158 u64 seq, end_seq, max_seq; 159 struct sk_buff *skb1; 160 int space; 161 162 seq = MPTCP_SKB_CB(skb)->map_seq; 163 end_seq = MPTCP_SKB_CB(skb)->end_seq; 164 space = tcp_space(sk); 165 max_seq = space > 0 ? space + msk->ack_seq : msk->ack_seq; 166 167 pr_debug("msk=%p seq=%llx limit=%llx empty=%d", msk, seq, max_seq, 168 RB_EMPTY_ROOT(&msk->out_of_order_queue)); 169 if (after64(seq, max_seq)) { 170 /* out of window */ 171 mptcp_drop(sk, skb); 172 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_NODSSWINDOW); 173 return; 174 } 175 176 p = &msk->out_of_order_queue.rb_node; 177 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_OFOQUEUE); 178 if (RB_EMPTY_ROOT(&msk->out_of_order_queue)) { 179 rb_link_node(&skb->rbnode, NULL, p); 180 rb_insert_color(&skb->rbnode, &msk->out_of_order_queue); 181 msk->ooo_last_skb = skb; 182 goto end; 183 } 184 185 /* with 2 subflows, adding at end of ooo queue is quite likely 186 * Use of ooo_last_skb avoids the O(Log(N)) rbtree lookup. 187 */ 188 if (mptcp_ooo_try_coalesce(msk, msk->ooo_last_skb, skb)) { 189 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_OFOMERGE); 190 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_OFOQUEUETAIL); 191 return; 192 } 193 194 /* Can avoid an rbtree lookup if we are adding skb after ooo_last_skb */ 195 if (!before64(seq, MPTCP_SKB_CB(msk->ooo_last_skb)->end_seq)) { 196 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_OFOQUEUETAIL); 197 parent = &msk->ooo_last_skb->rbnode; 198 p = &parent->rb_right; 199 goto insert; 200 } 201 202 /* Find place to insert this segment. Handle overlaps on the way. */ 203 parent = NULL; 204 while (*p) { 205 parent = *p; 206 skb1 = rb_to_skb(parent); 207 if (before64(seq, MPTCP_SKB_CB(skb1)->map_seq)) { 208 p = &parent->rb_left; 209 continue; 210 } 211 if (before64(seq, MPTCP_SKB_CB(skb1)->end_seq)) { 212 if (!after64(end_seq, MPTCP_SKB_CB(skb1)->end_seq)) { 213 /* All the bits are present. Drop. */ 214 mptcp_drop(sk, skb); 215 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_DUPDATA); 216 return; 217 } 218 if (after64(seq, MPTCP_SKB_CB(skb1)->map_seq)) { 219 /* partial overlap: 220 * | skb | 221 * | skb1 | 222 * continue traversing 223 */ 224 } else { 225 /* skb's seq == skb1's seq and skb covers skb1. 226 * Replace skb1 with skb. 227 */ 228 rb_replace_node(&skb1->rbnode, &skb->rbnode, 229 &msk->out_of_order_queue); 230 mptcp_drop(sk, skb1); 231 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_DUPDATA); 232 goto merge_right; 233 } 234 } else if (mptcp_ooo_try_coalesce(msk, skb1, skb)) { 235 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_OFOMERGE); 236 return; 237 } 238 p = &parent->rb_right; 239 } 240 241insert: 242 /* Insert segment into RB tree. */ 243 rb_link_node(&skb->rbnode, parent, p); 244 rb_insert_color(&skb->rbnode, &msk->out_of_order_queue); 245 246merge_right: 247 /* Remove other segments covered by skb. */ 248 while ((skb1 = skb_rb_next(skb)) != NULL) { 249 if (before64(end_seq, MPTCP_SKB_CB(skb1)->end_seq)) 250 break; 251 rb_erase(&skb1->rbnode, &msk->out_of_order_queue); 252 mptcp_drop(sk, skb1); 253 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_DUPDATA); 254 } 255 /* If there is no skb after us, we are the last_skb ! */ 256 if (!skb1) 257 msk->ooo_last_skb = skb; 258 259end: 260 skb_condense(skb); 261 skb_set_owner_r(skb, sk); 262} 263 264static bool __mptcp_move_skb(struct mptcp_sock *msk, struct sock *ssk, 265 struct sk_buff *skb, unsigned int offset, 266 size_t copy_len) 267{ 268 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk); 269 struct sock *sk = (struct sock *)msk; 270 struct sk_buff *tail; 271 272 __skb_unlink(skb, &ssk->sk_receive_queue); 273 274 skb_ext_reset(skb); 275 skb_orphan(skb); 276 277 /* try to fetch required memory from subflow */ 278 if (!sk_rmem_schedule(sk, skb, skb->truesize)) { 279 int amount = sk_mem_pages(skb->truesize) << SK_MEM_QUANTUM_SHIFT; 280 281 if (ssk->sk_forward_alloc < amount) 282 goto drop; 283 284 ssk->sk_forward_alloc -= amount; 285 sk->sk_forward_alloc += amount; 286 } 287 288 /* the skb map_seq accounts for the skb offset: 289 * mptcp_subflow_get_mapped_dsn() is based on the current tp->copied_seq 290 * value 291 */ 292 MPTCP_SKB_CB(skb)->map_seq = mptcp_subflow_get_mapped_dsn(subflow); 293 MPTCP_SKB_CB(skb)->end_seq = MPTCP_SKB_CB(skb)->map_seq + copy_len; 294 MPTCP_SKB_CB(skb)->offset = offset; 295 296 if (MPTCP_SKB_CB(skb)->map_seq == msk->ack_seq) { 297 /* in sequence */ 298 WRITE_ONCE(msk->ack_seq, msk->ack_seq + copy_len); 299 tail = skb_peek_tail(&sk->sk_receive_queue); 300 if (tail && mptcp_try_coalesce(sk, tail, skb)) 301 return true; 302 303 skb_set_owner_r(skb, sk); 304 __skb_queue_tail(&sk->sk_receive_queue, skb); 305 return true; 306 } else if (after64(MPTCP_SKB_CB(skb)->map_seq, msk->ack_seq)) { 307 mptcp_data_queue_ofo(msk, skb); 308 return false; 309 } 310 311 /* old data, keep it simple and drop the whole pkt, sender 312 * will retransmit as needed, if needed. 313 */ 314 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_DUPDATA); 315drop: 316 mptcp_drop(sk, skb); 317 return false; 318} 319 320static void mptcp_stop_timer(struct sock *sk) 321{ 322 struct inet_connection_sock *icsk = inet_csk(sk); 323 324 sk_stop_timer(sk, &icsk->icsk_retransmit_timer); 325 mptcp_sk(sk)->timer_ival = 0; 326} 327 328static void mptcp_check_data_fin_ack(struct sock *sk) 329{ 330 struct mptcp_sock *msk = mptcp_sk(sk); 331 332 if (__mptcp_check_fallback(msk)) 333 return; 334 335 /* Look for an acknowledged DATA_FIN */ 336 if (((1 << sk->sk_state) & 337 (TCPF_FIN_WAIT1 | TCPF_CLOSING | TCPF_LAST_ACK)) && 338 msk->write_seq == atomic64_read(&msk->snd_una)) { 339 mptcp_stop_timer(sk); 340 341 WRITE_ONCE(msk->snd_data_fin_enable, 0); 342 343 switch (sk->sk_state) { 344 case TCP_FIN_WAIT1: 345 inet_sk_state_store(sk, TCP_FIN_WAIT2); 346 sk->sk_state_change(sk); 347 break; 348 case TCP_CLOSING: 349 case TCP_LAST_ACK: 350 inet_sk_state_store(sk, TCP_CLOSE); 351 sk->sk_state_change(sk); 352 break; 353 } 354 355 if (sk->sk_shutdown == SHUTDOWN_MASK || 356 sk->sk_state == TCP_CLOSE) 357 sk_wake_async(sk, SOCK_WAKE_WAITD, POLL_HUP); 358 else 359 sk_wake_async(sk, SOCK_WAKE_WAITD, POLL_IN); 360 } 361} 362 363static bool mptcp_pending_data_fin(struct sock *sk, u64 *seq) 364{ 365 struct mptcp_sock *msk = mptcp_sk(sk); 366 367 if (READ_ONCE(msk->rcv_data_fin) && 368 ((1 << sk->sk_state) & 369 (TCPF_ESTABLISHED | TCPF_FIN_WAIT1 | TCPF_FIN_WAIT2))) { 370 u64 rcv_data_fin_seq = READ_ONCE(msk->rcv_data_fin_seq); 371 372 if (msk->ack_seq == rcv_data_fin_seq) { 373 if (seq) 374 *seq = rcv_data_fin_seq; 375 376 return true; 377 } 378 } 379 380 return false; 381} 382 383static void mptcp_set_timeout(const struct sock *sk, const struct sock *ssk) 384{ 385 long tout = ssk && inet_csk(ssk)->icsk_pending ? 386 inet_csk(ssk)->icsk_timeout - jiffies : 0; 387 388 if (tout <= 0) 389 tout = mptcp_sk(sk)->timer_ival; 390 mptcp_sk(sk)->timer_ival = tout > 0 ? tout : TCP_RTO_MIN; 391} 392 393static void mptcp_check_data_fin(struct sock *sk) 394{ 395 struct mptcp_sock *msk = mptcp_sk(sk); 396 u64 rcv_data_fin_seq; 397 398 if (__mptcp_check_fallback(msk) || !msk->first) 399 return; 400 401 /* Need to ack a DATA_FIN received from a peer while this side 402 * of the connection is in ESTABLISHED, FIN_WAIT1, or FIN_WAIT2. 403 * msk->rcv_data_fin was set when parsing the incoming options 404 * at the subflow level and the msk lock was not held, so this 405 * is the first opportunity to act on the DATA_FIN and change 406 * the msk state. 407 * 408 * If we are caught up to the sequence number of the incoming 409 * DATA_FIN, send the DATA_ACK now and do state transition. If 410 * not caught up, do nothing and let the recv code send DATA_ACK 411 * when catching up. 412 */ 413 414 if (mptcp_pending_data_fin(sk, &rcv_data_fin_seq)) { 415 struct mptcp_subflow_context *subflow; 416 417 WRITE_ONCE(msk->ack_seq, msk->ack_seq + 1); 418 WRITE_ONCE(msk->rcv_data_fin, 0); 419 420 sk->sk_shutdown |= RCV_SHUTDOWN; 421 smp_mb__before_atomic(); /* SHUTDOWN must be visible first */ 422 set_bit(MPTCP_DATA_READY, &msk->flags); 423 424 switch (sk->sk_state) { 425 case TCP_ESTABLISHED: 426 inet_sk_state_store(sk, TCP_CLOSE_WAIT); 427 break; 428 case TCP_FIN_WAIT1: 429 inet_sk_state_store(sk, TCP_CLOSING); 430 break; 431 case TCP_FIN_WAIT2: 432 inet_sk_state_store(sk, TCP_CLOSE); 433 // @@ Close subflows now? 434 break; 435 default: 436 /* Other states not expected */ 437 WARN_ON_ONCE(1); 438 break; 439 } 440 441 mptcp_set_timeout(sk, NULL); 442 mptcp_for_each_subflow(msk, subflow) { 443 struct sock *ssk = mptcp_subflow_tcp_sock(subflow); 444 445 lock_sock(ssk); 446 tcp_send_ack(ssk); 447 release_sock(ssk); 448 } 449 450 sk->sk_state_change(sk); 451 452 if (sk->sk_shutdown == SHUTDOWN_MASK || 453 sk->sk_state == TCP_CLOSE) 454 sk_wake_async(sk, SOCK_WAKE_WAITD, POLL_HUP); 455 else 456 sk_wake_async(sk, SOCK_WAKE_WAITD, POLL_IN); 457 } 458} 459 460static bool __mptcp_move_skbs_from_subflow(struct mptcp_sock *msk, 461 struct sock *ssk, 462 unsigned int *bytes) 463{ 464 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk); 465 struct sock *sk = (struct sock *)msk; 466 unsigned int moved = 0; 467 bool more_data_avail; 468 struct tcp_sock *tp; 469 u32 old_copied_seq; 470 bool done = false; 471 472 pr_debug("msk=%p ssk=%p", msk, ssk); 473 tp = tcp_sk(ssk); 474 old_copied_seq = tp->copied_seq; 475 do { 476 u32 map_remaining, offset; 477 u32 seq = tp->copied_seq; 478 struct sk_buff *skb; 479 bool fin; 480 481 /* try to move as much data as available */ 482 map_remaining = subflow->map_data_len - 483 mptcp_subflow_get_map_offset(subflow); 484 485 skb = skb_peek(&ssk->sk_receive_queue); 486 if (!skb) { 487 /* if no data is found, a racing workqueue/recvmsg 488 * already processed the new data, stop here or we 489 * can enter an infinite loop 490 */ 491 if (!moved) 492 done = true; 493 break; 494 } 495 496 if (__mptcp_check_fallback(msk)) { 497 /* if we are running under the workqueue, TCP could have 498 * collapsed skbs between dummy map creation and now 499 * be sure to adjust the size 500 */ 501 map_remaining = skb->len; 502 subflow->map_data_len = skb->len; 503 } 504 505 offset = seq - TCP_SKB_CB(skb)->seq; 506 fin = TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN; 507 if (fin) { 508 done = true; 509 seq++; 510 } 511 512 if (offset < skb->len) { 513 size_t len = skb->len - offset; 514 515 if (tp->urg_data) 516 done = true; 517 518 if (__mptcp_move_skb(msk, ssk, skb, offset, len)) 519 moved += len; 520 seq += len; 521 522 if (WARN_ON_ONCE(map_remaining < len)) 523 break; 524 } else { 525 WARN_ON_ONCE(!fin); 526 sk_eat_skb(ssk, skb); 527 done = true; 528 } 529 530 WRITE_ONCE(tp->copied_seq, seq); 531 more_data_avail = mptcp_subflow_data_available(ssk); 532 533 if (atomic_read(&sk->sk_rmem_alloc) > READ_ONCE(sk->sk_rcvbuf)) { 534 done = true; 535 break; 536 } 537 } while (more_data_avail); 538 539 *bytes += moved; 540 if (tp->copied_seq != old_copied_seq) 541 tcp_cleanup_rbuf(ssk, 1); 542 543 return done; 544} 545 546static bool mptcp_ofo_queue(struct mptcp_sock *msk) 547{ 548 struct sock *sk = (struct sock *)msk; 549 struct sk_buff *skb, *tail; 550 bool moved = false; 551 struct rb_node *p; 552 u64 end_seq; 553 554 p = rb_first(&msk->out_of_order_queue); 555 pr_debug("msk=%p empty=%d", msk, RB_EMPTY_ROOT(&msk->out_of_order_queue)); 556 while (p) { 557 skb = rb_to_skb(p); 558 if (after64(MPTCP_SKB_CB(skb)->map_seq, msk->ack_seq)) 559 break; 560 561 p = rb_next(p); 562 rb_erase(&skb->rbnode, &msk->out_of_order_queue); 563 564 if (unlikely(!after64(MPTCP_SKB_CB(skb)->end_seq, 565 msk->ack_seq))) { 566 mptcp_drop(sk, skb); 567 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_DUPDATA); 568 continue; 569 } 570 571 end_seq = MPTCP_SKB_CB(skb)->end_seq; 572 tail = skb_peek_tail(&sk->sk_receive_queue); 573 if (!tail || !mptcp_ooo_try_coalesce(msk, tail, skb)) { 574 int delta = msk->ack_seq - MPTCP_SKB_CB(skb)->map_seq; 575 576 /* skip overlapping data, if any */ 577 pr_debug("uncoalesced seq=%llx ack seq=%llx delta=%d", 578 MPTCP_SKB_CB(skb)->map_seq, msk->ack_seq, 579 delta); 580 MPTCP_SKB_CB(skb)->offset += delta; 581 __skb_queue_tail(&sk->sk_receive_queue, skb); 582 } 583 msk->ack_seq = end_seq; 584 moved = true; 585 } 586 return moved; 587} 588 589/* In most cases we will be able to lock the mptcp socket. If its already 590 * owned, we need to defer to the work queue to avoid ABBA deadlock. 591 */ 592static bool move_skbs_to_msk(struct mptcp_sock *msk, struct sock *ssk) 593{ 594 struct sock *sk = (struct sock *)msk; 595 unsigned int moved = 0; 596 597 if (READ_ONCE(sk->sk_lock.owned)) 598 return false; 599 600 if (unlikely(!spin_trylock_bh(&sk->sk_lock.slock))) 601 return false; 602 603 /* must re-check after taking the lock */ 604 if (!READ_ONCE(sk->sk_lock.owned)) { 605 __mptcp_move_skbs_from_subflow(msk, ssk, &moved); 606 mptcp_ofo_queue(msk); 607 608 /* If the moves have caught up with the DATA_FIN sequence number 609 * it's time to ack the DATA_FIN and change socket state, but 610 * this is not a good place to change state. Let the workqueue 611 * do it. 612 */ 613 if (mptcp_pending_data_fin(sk, NULL) && 614 schedule_work(&msk->work)) 615 sock_hold(sk); 616 } 617 618 spin_unlock_bh(&sk->sk_lock.slock); 619 620 return moved > 0; 621} 622 623void mptcp_data_ready(struct sock *sk, struct sock *ssk) 624{ 625 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk); 626 struct mptcp_sock *msk = mptcp_sk(sk); 627 bool wake; 628 629 /* move_skbs_to_msk below can legitly clear the data_avail flag, 630 * but we will need later to properly woke the reader, cache its 631 * value 632 */ 633 wake = subflow->data_avail == MPTCP_SUBFLOW_DATA_AVAIL; 634 if (wake) 635 set_bit(MPTCP_DATA_READY, &msk->flags); 636 637 if (atomic_read(&sk->sk_rmem_alloc) < READ_ONCE(sk->sk_rcvbuf) && 638 move_skbs_to_msk(msk, ssk)) 639 goto wake; 640 641 /* don't schedule if mptcp sk is (still) over limit */ 642 if (atomic_read(&sk->sk_rmem_alloc) > READ_ONCE(sk->sk_rcvbuf)) 643 goto wake; 644 645 /* mptcp socket is owned, release_cb should retry */ 646 if (!test_and_set_bit(TCP_DELACK_TIMER_DEFERRED, 647 &sk->sk_tsq_flags)) { 648 sock_hold(sk); 649 650 /* need to try again, its possible release_cb() has already 651 * been called after the test_and_set_bit() above. 652 */ 653 move_skbs_to_msk(msk, ssk); 654 } 655wake: 656 if (wake) 657 sk->sk_data_ready(sk); 658} 659 660static void __mptcp_flush_join_list(struct mptcp_sock *msk) 661{ 662 if (likely(list_empty(&msk->join_list))) 663 return; 664 665 spin_lock_bh(&msk->join_list_lock); 666 list_splice_tail_init(&msk->join_list, &msk->conn_list); 667 spin_unlock_bh(&msk->join_list_lock); 668} 669 670static bool mptcp_timer_pending(struct sock *sk) 671{ 672 return timer_pending(&inet_csk(sk)->icsk_retransmit_timer); 673} 674 675static void mptcp_reset_timer(struct sock *sk) 676{ 677 struct inet_connection_sock *icsk = inet_csk(sk); 678 unsigned long tout; 679 680 /* should never be called with mptcp level timer cleared */ 681 tout = READ_ONCE(mptcp_sk(sk)->timer_ival); 682 if (WARN_ON_ONCE(!tout)) 683 tout = TCP_RTO_MIN; 684 sk_reset_timer(sk, &icsk->icsk_retransmit_timer, jiffies + tout); 685} 686 687void mptcp_data_acked(struct sock *sk) 688{ 689 mptcp_reset_timer(sk); 690 691 if ((!test_bit(MPTCP_SEND_SPACE, &mptcp_sk(sk)->flags) || 692 (inet_sk_state_load(sk) != TCP_ESTABLISHED)) && 693 schedule_work(&mptcp_sk(sk)->work)) 694 sock_hold(sk); 695} 696 697void mptcp_subflow_eof(struct sock *sk) 698{ 699 struct mptcp_sock *msk = mptcp_sk(sk); 700 701 if (!test_and_set_bit(MPTCP_WORK_EOF, &msk->flags) && 702 schedule_work(&msk->work)) 703 sock_hold(sk); 704} 705 706static void mptcp_check_for_eof(struct mptcp_sock *msk) 707{ 708 struct mptcp_subflow_context *subflow; 709 struct sock *sk = (struct sock *)msk; 710 int receivers = 0; 711 712 mptcp_for_each_subflow(msk, subflow) 713 receivers += !subflow->rx_eof; 714 715 if (!receivers && !(sk->sk_shutdown & RCV_SHUTDOWN)) { 716 /* hopefully temporary hack: propagate shutdown status 717 * to msk, when all subflows agree on it 718 */ 719 sk->sk_shutdown |= RCV_SHUTDOWN; 720 721 smp_mb__before_atomic(); /* SHUTDOWN must be visible first */ 722 set_bit(MPTCP_DATA_READY, &msk->flags); 723 sk->sk_data_ready(sk); 724 } 725} 726 727static bool mptcp_ext_cache_refill(struct mptcp_sock *msk) 728{ 729 const struct sock *sk = (const struct sock *)msk; 730 731 if (!msk->cached_ext) 732 msk->cached_ext = __skb_ext_alloc(sk->sk_allocation); 733 734 return !!msk->cached_ext; 735} 736 737static struct sock *mptcp_subflow_recv_lookup(const struct mptcp_sock *msk) 738{ 739 struct mptcp_subflow_context *subflow; 740 struct sock *sk = (struct sock *)msk; 741 742 sock_owned_by_me(sk); 743 744 mptcp_for_each_subflow(msk, subflow) { 745 if (subflow->data_avail) 746 return mptcp_subflow_tcp_sock(subflow); 747 } 748 749 return NULL; 750} 751 752static bool mptcp_skb_can_collapse_to(u64 write_seq, 753 const struct sk_buff *skb, 754 const struct mptcp_ext *mpext) 755{ 756 if (!tcp_skb_can_collapse_to(skb)) 757 return false; 758 759 /* can collapse only if MPTCP level sequence is in order */ 760 return mpext && mpext->data_seq + mpext->data_len == write_seq; 761} 762 763/* we can append data to the given data frag if: 764 * - there is space available in the backing page_frag 765 * - the data frag tail matches the current page_frag free offset 766 * - the data frag end sequence number matches the current write seq 767 */ 768static bool mptcp_frag_can_collapse_to(const struct mptcp_sock *msk, 769 const struct page_frag *pfrag, 770 const struct mptcp_data_frag *df) 771{ 772 return df && pfrag->page == df->page && 773 pfrag->offset == (df->offset + df->data_len) && 774 df->data_seq + df->data_len == msk->write_seq; 775} 776 777static void dfrag_uncharge(struct sock *sk, int len) 778{ 779 sk_mem_uncharge(sk, len); 780 sk_wmem_queued_add(sk, -len); 781} 782 783static void dfrag_clear(struct sock *sk, struct mptcp_data_frag *dfrag) 784{ 785 int len = dfrag->data_len + dfrag->overhead; 786 787 list_del(&dfrag->list); 788 dfrag_uncharge(sk, len); 789 put_page(dfrag->page); 790} 791 792static bool mptcp_is_writeable(struct mptcp_sock *msk) 793{ 794 struct mptcp_subflow_context *subflow; 795 796 if (!sk_stream_is_writeable((struct sock *)msk)) 797 return false; 798 799 mptcp_for_each_subflow(msk, subflow) { 800 if (sk_stream_is_writeable(subflow->tcp_sock)) 801 return true; 802 } 803 return false; 804} 805 806static void mptcp_clean_una(struct sock *sk) 807{ 808 struct mptcp_sock *msk = mptcp_sk(sk); 809 struct mptcp_data_frag *dtmp, *dfrag; 810 bool cleaned = false; 811 u64 snd_una; 812 813 /* on fallback we just need to ignore snd_una, as this is really 814 * plain TCP 815 */ 816 if (__mptcp_check_fallback(msk)) 817 atomic64_set(&msk->snd_una, msk->write_seq); 818 snd_una = atomic64_read(&msk->snd_una); 819 820 list_for_each_entry_safe(dfrag, dtmp, &msk->rtx_queue, list) { 821 if (after64(dfrag->data_seq + dfrag->data_len, snd_una)) 822 break; 823 824 dfrag_clear(sk, dfrag); 825 cleaned = true; 826 } 827 828 dfrag = mptcp_rtx_head(sk); 829 if (dfrag && after64(snd_una, dfrag->data_seq)) { 830 u64 delta = snd_una - dfrag->data_seq; 831 832 if (WARN_ON_ONCE(delta > dfrag->data_len)) 833 goto out; 834 835 dfrag->data_seq += delta; 836 dfrag->offset += delta; 837 dfrag->data_len -= delta; 838 839 dfrag_uncharge(sk, delta); 840 cleaned = true; 841 } 842 843out: 844 if (cleaned) { 845 sk_mem_reclaim_partial(sk); 846 847 /* Only wake up writers if a subflow is ready */ 848 if (mptcp_is_writeable(msk)) { 849 set_bit(MPTCP_SEND_SPACE, &mptcp_sk(sk)->flags); 850 smp_mb__after_atomic(); 851 852 /* set SEND_SPACE before sk_stream_write_space clears 853 * NOSPACE 854 */ 855 sk_stream_write_space(sk); 856 } 857 } 858} 859 860/* ensure we get enough memory for the frag hdr, beyond some minimal amount of 861 * data 862 */ 863static bool mptcp_page_frag_refill(struct sock *sk, struct page_frag *pfrag) 864{ 865 if (likely(skb_page_frag_refill(32U + sizeof(struct mptcp_data_frag), 866 pfrag, sk->sk_allocation))) 867 return true; 868 869 sk->sk_prot->enter_memory_pressure(sk); 870 sk_stream_moderate_sndbuf(sk); 871 return false; 872} 873 874static struct mptcp_data_frag * 875mptcp_carve_data_frag(const struct mptcp_sock *msk, struct page_frag *pfrag, 876 int orig_offset) 877{ 878 int offset = ALIGN(orig_offset, sizeof(long)); 879 struct mptcp_data_frag *dfrag; 880 881 dfrag = (struct mptcp_data_frag *)(page_to_virt(pfrag->page) + offset); 882 dfrag->data_len = 0; 883 dfrag->data_seq = msk->write_seq; 884 dfrag->overhead = offset - orig_offset + sizeof(struct mptcp_data_frag); 885 dfrag->offset = offset + sizeof(struct mptcp_data_frag); 886 dfrag->page = pfrag->page; 887 888 return dfrag; 889} 890 891static int mptcp_sendmsg_frag(struct sock *sk, struct sock *ssk, 892 struct msghdr *msg, struct mptcp_data_frag *dfrag, 893 long *timeo, int *pmss_now, 894 int *ps_goal) 895{ 896 int mss_now, avail_size, size_goal, offset, ret, frag_truesize = 0; 897 bool dfrag_collapsed, can_collapse = false; 898 struct mptcp_sock *msk = mptcp_sk(sk); 899 struct mptcp_ext *mpext = NULL; 900 bool retransmission = !!dfrag; 901 struct sk_buff *skb, *tail; 902 struct page_frag *pfrag; 903 struct page *page; 904 u64 *write_seq; 905 size_t psize; 906 907 /* use the mptcp page cache so that we can easily move the data 908 * from one substream to another, but do per subflow memory accounting 909 * Note: pfrag is used only !retransmission, but the compiler if 910 * fooled into a warning if we don't init here 911 */ 912 pfrag = sk_page_frag(sk); 913 if (!retransmission) { 914 write_seq = &msk->write_seq; 915 page = pfrag->page; 916 } else { 917 write_seq = &dfrag->data_seq; 918 page = dfrag->page; 919 } 920 921 /* compute copy limit */ 922 mss_now = tcp_send_mss(ssk, &size_goal, msg->msg_flags); 923 *pmss_now = mss_now; 924 *ps_goal = size_goal; 925 avail_size = size_goal; 926 skb = tcp_write_queue_tail(ssk); 927 if (skb) { 928 mpext = skb_ext_find(skb, SKB_EXT_MPTCP); 929 930 /* Limit the write to the size available in the 931 * current skb, if any, so that we create at most a new skb. 932 * Explicitly tells TCP internals to avoid collapsing on later 933 * queue management operation, to avoid breaking the ext <-> 934 * SSN association set here 935 */ 936 can_collapse = (size_goal - skb->len > 0) && 937 mptcp_skb_can_collapse_to(*write_seq, skb, mpext); 938 if (!can_collapse) 939 TCP_SKB_CB(skb)->eor = 1; 940 else 941 avail_size = size_goal - skb->len; 942 } 943 944 if (!retransmission) { 945 /* reuse tail pfrag, if possible, or carve a new one from the 946 * page allocator 947 */ 948 dfrag = mptcp_rtx_tail(sk); 949 offset = pfrag->offset; 950 dfrag_collapsed = mptcp_frag_can_collapse_to(msk, pfrag, dfrag); 951 if (!dfrag_collapsed) { 952 dfrag = mptcp_carve_data_frag(msk, pfrag, offset); 953 offset = dfrag->offset; 954 frag_truesize = dfrag->overhead; 955 } 956 psize = min_t(size_t, pfrag->size - offset, avail_size); 957 958 /* Copy to page */ 959 pr_debug("left=%zu", msg_data_left(msg)); 960 psize = copy_page_from_iter(pfrag->page, offset, 961 min_t(size_t, msg_data_left(msg), 962 psize), 963 &msg->msg_iter); 964 pr_debug("left=%zu", msg_data_left(msg)); 965 if (!psize) 966 return -EINVAL; 967 968 if (!sk_wmem_schedule(sk, psize + dfrag->overhead)) { 969 iov_iter_revert(&msg->msg_iter, psize); 970 return -ENOMEM; 971 } 972 } else { 973 offset = dfrag->offset; 974 psize = min_t(size_t, dfrag->data_len, avail_size); 975 } 976 977 /* tell the TCP stack to delay the push so that we can safely 978 * access the skb after the sendpages call 979 */ 980 ret = do_tcp_sendpages(ssk, page, offset, psize, 981 msg->msg_flags | MSG_SENDPAGE_NOTLAST | MSG_DONTWAIT); 982 if (ret <= 0) { 983 if (!retransmission) 984 iov_iter_revert(&msg->msg_iter, psize); 985 return ret; 986 } 987 988 frag_truesize += ret; 989 if (!retransmission) { 990 if (unlikely(ret < psize)) 991 iov_iter_revert(&msg->msg_iter, psize - ret); 992 993 /* send successful, keep track of sent data for mptcp-level 994 * retransmission 995 */ 996 dfrag->data_len += ret; 997 if (!dfrag_collapsed) { 998 get_page(dfrag->page); 999 list_add_tail(&dfrag->list, &msk->rtx_queue); 1000 sk_wmem_queued_add(sk, frag_truesize); 1001 } else { 1002 sk_wmem_queued_add(sk, ret); 1003 } 1004 1005 /* charge data on mptcp rtx queue to the master socket 1006 * Note: we charge such data both to sk and ssk 1007 */ 1008 sk->sk_forward_alloc -= frag_truesize; 1009 } 1010 1011 /* if the tail skb extension is still the cached one, collapsing 1012 * really happened. Note: we can't check for 'same skb' as the sk_buff 1013 * hdr on tail can be transmitted, freed and re-allocated by the 1014 * do_tcp_sendpages() call 1015 */ 1016 tail = tcp_write_queue_tail(ssk); 1017 if (mpext && tail && mpext == skb_ext_find(tail, SKB_EXT_MPTCP)) { 1018 WARN_ON_ONCE(!can_collapse); 1019 mpext->data_len += ret; 1020 goto out; 1021 } 1022 1023 skb = tcp_write_queue_tail(ssk); 1024 mpext = __skb_ext_set(skb, SKB_EXT_MPTCP, msk->cached_ext); 1025 msk->cached_ext = NULL; 1026 1027 memset(mpext, 0, sizeof(*mpext)); 1028 mpext->data_seq = *write_seq; 1029 mpext->subflow_seq = mptcp_subflow_ctx(ssk)->rel_write_seq; 1030 mpext->data_len = ret; 1031 mpext->use_map = 1; 1032 mpext->dsn64 = 1; 1033 1034 pr_debug("data_seq=%llu subflow_seq=%u data_len=%u dsn64=%d", 1035 mpext->data_seq, mpext->subflow_seq, mpext->data_len, 1036 mpext->dsn64); 1037 1038out: 1039 if (!retransmission) 1040 pfrag->offset += frag_truesize; 1041 WRITE_ONCE(*write_seq, *write_seq + ret); 1042 mptcp_subflow_ctx(ssk)->rel_write_seq += ret; 1043 1044 return ret; 1045} 1046 1047static void mptcp_nospace(struct mptcp_sock *msk) 1048{ 1049 struct mptcp_subflow_context *subflow; 1050 1051 clear_bit(MPTCP_SEND_SPACE, &msk->flags); 1052 smp_mb__after_atomic(); /* msk->flags is changed by write_space cb */ 1053 1054 mptcp_for_each_subflow(msk, subflow) { 1055 struct sock *ssk = mptcp_subflow_tcp_sock(subflow); 1056 struct socket *sock = READ_ONCE(ssk->sk_socket); 1057 1058 /* enables ssk->write_space() callbacks */ 1059 if (sock) 1060 set_bit(SOCK_NOSPACE, &sock->flags); 1061 } 1062} 1063 1064static bool mptcp_subflow_active(struct mptcp_subflow_context *subflow) 1065{ 1066 struct sock *ssk = mptcp_subflow_tcp_sock(subflow); 1067 1068 /* can't send if JOIN hasn't completed yet (i.e. is usable for mptcp) */ 1069 if (subflow->request_join && !subflow->fully_established) 1070 return false; 1071 1072 /* only send if our side has not closed yet */ 1073 return ((1 << ssk->sk_state) & (TCPF_ESTABLISHED | TCPF_CLOSE_WAIT)); 1074} 1075 1076#define MPTCP_SEND_BURST_SIZE ((1 << 16) - \ 1077 sizeof(struct tcphdr) - \ 1078 MAX_TCP_OPTION_SPACE - \ 1079 sizeof(struct ipv6hdr) - \ 1080 sizeof(struct frag_hdr)) 1081 1082struct subflow_send_info { 1083 struct sock *ssk; 1084 u64 ratio; 1085}; 1086 1087static struct sock *mptcp_subflow_get_send(struct mptcp_sock *msk, 1088 u32 *sndbuf) 1089{ 1090 struct subflow_send_info send_info[2]; 1091 struct mptcp_subflow_context *subflow; 1092 int i, nr_active = 0; 1093 struct sock *ssk; 1094 u64 ratio; 1095 u32 pace; 1096 1097 sock_owned_by_me((struct sock *)msk); 1098 1099 *sndbuf = 0; 1100 if (!mptcp_ext_cache_refill(msk)) 1101 return NULL; 1102 1103 if (__mptcp_check_fallback(msk)) { 1104 if (!msk->first) 1105 return NULL; 1106 *sndbuf = msk->first->sk_sndbuf; 1107 return sk_stream_memory_free(msk->first) ? msk->first : NULL; 1108 } 1109 1110 /* re-use last subflow, if the burst allow that */ 1111 if (msk->last_snd && msk->snd_burst > 0 && 1112 sk_stream_memory_free(msk->last_snd) && 1113 mptcp_subflow_active(mptcp_subflow_ctx(msk->last_snd))) { 1114 mptcp_for_each_subflow(msk, subflow) { 1115 ssk = mptcp_subflow_tcp_sock(subflow); 1116 *sndbuf = max(tcp_sk(ssk)->snd_wnd, *sndbuf); 1117 } 1118 return msk->last_snd; 1119 } 1120 1121 /* pick the subflow with the lower wmem/wspace ratio */ 1122 for (i = 0; i < 2; ++i) { 1123 send_info[i].ssk = NULL; 1124 send_info[i].ratio = -1; 1125 } 1126 mptcp_for_each_subflow(msk, subflow) { 1127 ssk = mptcp_subflow_tcp_sock(subflow); 1128 if (!mptcp_subflow_active(subflow)) 1129 continue; 1130 1131 nr_active += !subflow->backup; 1132 *sndbuf = max(tcp_sk(ssk)->snd_wnd, *sndbuf); 1133 if (!sk_stream_memory_free(subflow->tcp_sock)) 1134 continue; 1135 1136 pace = READ_ONCE(ssk->sk_pacing_rate); 1137 if (!pace) 1138 continue; 1139 1140 ratio = div_u64((u64)READ_ONCE(ssk->sk_wmem_queued) << 32, 1141 pace); 1142 if (ratio < send_info[subflow->backup].ratio) { 1143 send_info[subflow->backup].ssk = ssk; 1144 send_info[subflow->backup].ratio = ratio; 1145 } 1146 } 1147 1148 pr_debug("msk=%p nr_active=%d ssk=%p:%lld backup=%p:%lld", 1149 msk, nr_active, send_info[0].ssk, send_info[0].ratio, 1150 send_info[1].ssk, send_info[1].ratio); 1151 1152 /* pick the best backup if no other subflow is active */ 1153 if (!nr_active) 1154 send_info[0].ssk = send_info[1].ssk; 1155 1156 if (send_info[0].ssk) { 1157 msk->last_snd = send_info[0].ssk; 1158 msk->snd_burst = min_t(int, MPTCP_SEND_BURST_SIZE, 1159 sk_stream_wspace(msk->last_snd)); 1160 return msk->last_snd; 1161 } 1162 return NULL; 1163} 1164 1165static void ssk_check_wmem(struct mptcp_sock *msk) 1166{ 1167 if (unlikely(!mptcp_is_writeable(msk))) 1168 mptcp_nospace(msk); 1169} 1170 1171static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) 1172{ 1173 int mss_now = 0, size_goal = 0, ret = 0; 1174 struct mptcp_sock *msk = mptcp_sk(sk); 1175 struct page_frag *pfrag; 1176 size_t copied = 0; 1177 struct sock *ssk; 1178 u32 sndbuf; 1179 bool tx_ok; 1180 long timeo; 1181 1182 if (msg->msg_flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL)) 1183 return -EOPNOTSUPP; 1184 1185 lock_sock(sk); 1186 1187 timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT); 1188 1189 if ((1 << sk->sk_state) & ~(TCPF_ESTABLISHED | TCPF_CLOSE_WAIT)) { 1190 ret = sk_stream_wait_connect(sk, &timeo); 1191 if (ret) 1192 goto out; 1193 } 1194 1195 pfrag = sk_page_frag(sk); 1196restart: 1197 mptcp_clean_una(sk); 1198 1199 if (sk->sk_err || (sk->sk_shutdown & SEND_SHUTDOWN)) { 1200 ret = -EPIPE; 1201 goto out; 1202 } 1203 1204 __mptcp_flush_join_list(msk); 1205 ssk = mptcp_subflow_get_send(msk, &sndbuf); 1206 while (!sk_stream_memory_free(sk) || 1207 !ssk || 1208 !mptcp_page_frag_refill(ssk, pfrag)) { 1209 if (ssk) { 1210 /* make sure retransmit timer is 1211 * running before we wait for memory. 1212 * 1213 * The retransmit timer might be needed 1214 * to make the peer send an up-to-date 1215 * MPTCP Ack. 1216 */ 1217 mptcp_set_timeout(sk, ssk); 1218 if (!mptcp_timer_pending(sk)) 1219 mptcp_reset_timer(sk); 1220 } 1221 1222 mptcp_nospace(msk); 1223 ret = sk_stream_wait_memory(sk, &timeo); 1224 if (ret) 1225 goto out; 1226 1227 mptcp_clean_una(sk); 1228 1229 ssk = mptcp_subflow_get_send(msk, &sndbuf); 1230 if (list_empty(&msk->conn_list)) { 1231 ret = -ENOTCONN; 1232 goto out; 1233 } 1234 } 1235 1236 /* do auto tuning */ 1237 if (!(sk->sk_userlocks & SOCK_SNDBUF_LOCK) && 1238 sndbuf > READ_ONCE(sk->sk_sndbuf)) 1239 WRITE_ONCE(sk->sk_sndbuf, sndbuf); 1240 1241 pr_debug("conn_list->subflow=%p", ssk); 1242 1243 lock_sock(ssk); 1244 tx_ok = msg_data_left(msg); 1245 while (tx_ok) { 1246 ret = mptcp_sendmsg_frag(sk, ssk, msg, NULL, &timeo, &mss_now, 1247 &size_goal); 1248 if (ret < 0) { 1249 if (ret == -EAGAIN && timeo > 0) { 1250 mptcp_set_timeout(sk, ssk); 1251 release_sock(ssk); 1252 goto restart; 1253 } 1254 break; 1255 } 1256 1257 /* burst can be negative, we will try move to the next subflow 1258 * at selection time, if possible. 1259 */ 1260 msk->snd_burst -= ret; 1261 copied += ret; 1262 1263 tx_ok = msg_data_left(msg); 1264 if (!tx_ok) 1265 break; 1266 1267 if (!sk_stream_memory_free(ssk) || 1268 !mptcp_page_frag_refill(ssk, pfrag) || 1269 !mptcp_ext_cache_refill(msk)) { 1270 tcp_push(ssk, msg->msg_flags, mss_now, 1271 tcp_sk(ssk)->nonagle, size_goal); 1272 mptcp_set_timeout(sk, ssk); 1273 release_sock(ssk); 1274 goto restart; 1275 } 1276 1277 /* memory is charged to mptcp level socket as well, i.e. 1278 * if msg is very large, mptcp socket may run out of buffer 1279 * space. mptcp_clean_una() will release data that has 1280 * been acked at mptcp level in the mean time, so there is 1281 * a good chance we can continue sending data right away. 1282 * 1283 * Normally, when the tcp subflow can accept more data, then 1284 * so can the MPTCP socket. However, we need to cope with 1285 * peers that might lag behind in their MPTCP-level 1286 * acknowledgements, i.e. data might have been acked at 1287 * tcp level only. So, we must also check the MPTCP socket 1288 * limits before we send more data. 1289 */ 1290 if (unlikely(!sk_stream_memory_free(sk))) { 1291 tcp_push(ssk, msg->msg_flags, mss_now, 1292 tcp_sk(ssk)->nonagle, size_goal); 1293 mptcp_clean_una(sk); 1294 if (!sk_stream_memory_free(sk)) { 1295 /* can't send more for now, need to wait for 1296 * MPTCP-level ACKs from peer. 1297 * 1298 * Wakeup will happen via mptcp_clean_una(). 1299 */ 1300 mptcp_set_timeout(sk, ssk); 1301 release_sock(ssk); 1302 goto restart; 1303 } 1304 } 1305 } 1306 1307 mptcp_set_timeout(sk, ssk); 1308 if (copied) { 1309 tcp_push(ssk, msg->msg_flags, mss_now, tcp_sk(ssk)->nonagle, 1310 size_goal); 1311 1312 /* start the timer, if it's not pending */ 1313 if (!mptcp_timer_pending(sk)) 1314 mptcp_reset_timer(sk); 1315 } 1316 1317 release_sock(ssk); 1318out: 1319 ssk_check_wmem(msk); 1320 release_sock(sk); 1321 return copied ? : ret; 1322} 1323 1324static void mptcp_wait_data(struct sock *sk, long *timeo) 1325{ 1326 DEFINE_WAIT_FUNC(wait, woken_wake_function); 1327 struct mptcp_sock *msk = mptcp_sk(sk); 1328 1329 add_wait_queue(sk_sleep(sk), &wait); 1330 sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk); 1331 1332 sk_wait_event(sk, timeo, 1333 test_and_clear_bit(MPTCP_DATA_READY, &msk->flags), &wait); 1334 1335 sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk); 1336 remove_wait_queue(sk_sleep(sk), &wait); 1337} 1338 1339static int __mptcp_recvmsg_mskq(struct mptcp_sock *msk, 1340 struct msghdr *msg, 1341 size_t len) 1342{ 1343 struct sock *sk = (struct sock *)msk; 1344 struct sk_buff *skb; 1345 int copied = 0; 1346 1347 while ((skb = skb_peek(&sk->sk_receive_queue)) != NULL) { 1348 u32 offset = MPTCP_SKB_CB(skb)->offset; 1349 u32 data_len = skb->len - offset; 1350 u32 count = min_t(size_t, len - copied, data_len); 1351 int err; 1352 1353 err = skb_copy_datagram_msg(skb, offset, msg, count); 1354 if (unlikely(err < 0)) { 1355 if (!copied) 1356 return err; 1357 break; 1358 } 1359 1360 copied += count; 1361 1362 if (count < data_len) { 1363 MPTCP_SKB_CB(skb)->offset += count; 1364 break; 1365 } 1366 1367 __skb_unlink(skb, &sk->sk_receive_queue); 1368 __kfree_skb(skb); 1369 1370 if (copied >= len) 1371 break; 1372 } 1373 1374 return copied; 1375} 1376 1377/* receive buffer autotuning. See tcp_rcv_space_adjust for more information. 1378 * 1379 * Only difference: Use highest rtt estimate of the subflows in use. 1380 */ 1381static void mptcp_rcv_space_adjust(struct mptcp_sock *msk, int copied) 1382{ 1383 struct mptcp_subflow_context *subflow; 1384 struct sock *sk = (struct sock *)msk; 1385 u32 time, advmss = 1; 1386 u64 rtt_us, mstamp; 1387 1388 sock_owned_by_me(sk); 1389 1390 if (copied <= 0) 1391 return; 1392 1393 msk->rcvq_space.copied += copied; 1394 1395 mstamp = div_u64(tcp_clock_ns(), NSEC_PER_USEC); 1396 time = tcp_stamp_us_delta(mstamp, msk->rcvq_space.time); 1397 1398 rtt_us = msk->rcvq_space.rtt_us; 1399 if (rtt_us && time < (rtt_us >> 3)) 1400 return; 1401 1402 rtt_us = 0; 1403 mptcp_for_each_subflow(msk, subflow) { 1404 const struct tcp_sock *tp; 1405 u64 sf_rtt_us; 1406 u32 sf_advmss; 1407 1408 tp = tcp_sk(mptcp_subflow_tcp_sock(subflow)); 1409 1410 sf_rtt_us = READ_ONCE(tp->rcv_rtt_est.rtt_us); 1411 sf_advmss = READ_ONCE(tp->advmss); 1412 1413 rtt_us = max(sf_rtt_us, rtt_us); 1414 advmss = max(sf_advmss, advmss); 1415 } 1416 1417 msk->rcvq_space.rtt_us = rtt_us; 1418 if (time < (rtt_us >> 3) || rtt_us == 0) 1419 return; 1420 1421 if (msk->rcvq_space.copied <= msk->rcvq_space.space) 1422 goto new_measure; 1423 1424 if (READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_moderate_rcvbuf) && 1425 !(sk->sk_userlocks & SOCK_RCVBUF_LOCK)) { 1426 int rcvmem, rcvbuf; 1427 u64 rcvwin, grow; 1428 1429 rcvwin = ((u64)msk->rcvq_space.copied << 1) + 16 * advmss; 1430 1431 grow = rcvwin * (msk->rcvq_space.copied - msk->rcvq_space.space); 1432 1433 do_div(grow, msk->rcvq_space.space); 1434 rcvwin += (grow << 1); 1435 1436 rcvmem = SKB_TRUESIZE(advmss + MAX_TCP_HEADER); 1437 while (tcp_win_from_space(sk, rcvmem) < advmss) 1438 rcvmem += 128; 1439 1440 do_div(rcvwin, advmss); 1441 rcvbuf = min_t(u64, rcvwin * rcvmem, 1442 READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_rmem[2])); 1443 1444 if (rcvbuf > sk->sk_rcvbuf) { 1445 u32 window_clamp; 1446 1447 window_clamp = tcp_win_from_space(sk, rcvbuf); 1448 WRITE_ONCE(sk->sk_rcvbuf, rcvbuf); 1449 1450 /* Make subflows follow along. If we do not do this, we 1451 * get drops at subflow level if skbs can't be moved to 1452 * the mptcp rx queue fast enough (announced rcv_win can 1453 * exceed ssk->sk_rcvbuf). 1454 */ 1455 mptcp_for_each_subflow(msk, subflow) { 1456 struct sock *ssk; 1457 bool slow; 1458 1459 ssk = mptcp_subflow_tcp_sock(subflow); 1460 slow = lock_sock_fast(ssk); 1461 WRITE_ONCE(ssk->sk_rcvbuf, rcvbuf); 1462 tcp_sk(ssk)->window_clamp = window_clamp; 1463 tcp_cleanup_rbuf(ssk, 1); 1464 unlock_sock_fast(ssk, slow); 1465 } 1466 } 1467 } 1468 1469 msk->rcvq_space.space = msk->rcvq_space.copied; 1470new_measure: 1471 msk->rcvq_space.copied = 0; 1472 msk->rcvq_space.time = mstamp; 1473} 1474 1475static bool __mptcp_move_skbs(struct mptcp_sock *msk) 1476{ 1477 unsigned int moved = 0; 1478 bool done; 1479 1480 /* avoid looping forever below on racing close */ 1481 if (((struct sock *)msk)->sk_state == TCP_CLOSE) 1482 return false; 1483 1484 __mptcp_flush_join_list(msk); 1485 do { 1486 struct sock *ssk = mptcp_subflow_recv_lookup(msk); 1487 1488 if (!ssk) 1489 break; 1490 1491 lock_sock(ssk); 1492 done = __mptcp_move_skbs_from_subflow(msk, ssk, &moved); 1493 release_sock(ssk); 1494 } while (!done); 1495 1496 if (mptcp_ofo_queue(msk) || moved > 0) { 1497 mptcp_check_data_fin((struct sock *)msk); 1498 return true; 1499 } 1500 return false; 1501} 1502 1503static int mptcp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, 1504 int nonblock, int flags, int *addr_len) 1505{ 1506 struct mptcp_sock *msk = mptcp_sk(sk); 1507 int copied = 0; 1508 int target; 1509 long timeo; 1510 1511 if (msg->msg_flags & ~(MSG_WAITALL | MSG_DONTWAIT)) 1512 return -EOPNOTSUPP; 1513 1514 lock_sock(sk); 1515 timeo = sock_rcvtimeo(sk, nonblock); 1516 1517 len = min_t(size_t, len, INT_MAX); 1518 target = sock_rcvlowat(sk, flags & MSG_WAITALL, len); 1519 __mptcp_flush_join_list(msk); 1520 1521 while (len > (size_t)copied) { 1522 int bytes_read; 1523 1524 bytes_read = __mptcp_recvmsg_mskq(msk, msg, len - copied); 1525 if (unlikely(bytes_read < 0)) { 1526 if (!copied) 1527 copied = bytes_read; 1528 goto out_err; 1529 } 1530 1531 copied += bytes_read; 1532 1533 if (skb_queue_empty(&sk->sk_receive_queue) && 1534 __mptcp_move_skbs(msk)) 1535 continue; 1536 1537 /* only the master socket status is relevant here. The exit 1538 * conditions mirror closely tcp_recvmsg() 1539 */ 1540 if (copied >= target) 1541 break; 1542 1543 if (copied) { 1544 if (sk->sk_err || 1545 sk->sk_state == TCP_CLOSE || 1546 (sk->sk_shutdown & RCV_SHUTDOWN) || 1547 !timeo || 1548 signal_pending(current)) 1549 break; 1550 } else { 1551 if (sk->sk_err) { 1552 copied = sock_error(sk); 1553 break; 1554 } 1555 1556 if (test_and_clear_bit(MPTCP_WORK_EOF, &msk->flags)) 1557 mptcp_check_for_eof(msk); 1558 1559 if (sk->sk_shutdown & RCV_SHUTDOWN) 1560 break; 1561 1562 if (sk->sk_state == TCP_CLOSE) { 1563 copied = -ENOTCONN; 1564 break; 1565 } 1566 1567 if (!timeo) { 1568 copied = -EAGAIN; 1569 break; 1570 } 1571 1572 if (signal_pending(current)) { 1573 copied = sock_intr_errno(timeo); 1574 break; 1575 } 1576 } 1577 1578 pr_debug("block timeout %ld", timeo); 1579 mptcp_wait_data(sk, &timeo); 1580 } 1581 1582 if (skb_queue_empty(&sk->sk_receive_queue)) { 1583 /* entire backlog drained, clear DATA_READY. */ 1584 clear_bit(MPTCP_DATA_READY, &msk->flags); 1585 1586 /* .. race-breaker: ssk might have gotten new data 1587 * after last __mptcp_move_skbs() returned false. 1588 */ 1589 if (unlikely(__mptcp_move_skbs(msk))) 1590 set_bit(MPTCP_DATA_READY, &msk->flags); 1591 } else if (unlikely(!test_bit(MPTCP_DATA_READY, &msk->flags))) { 1592 /* data to read but mptcp_wait_data() cleared DATA_READY */ 1593 set_bit(MPTCP_DATA_READY, &msk->flags); 1594 } 1595out_err: 1596 pr_debug("msk=%p data_ready=%d rx queue empty=%d copied=%d", 1597 msk, test_bit(MPTCP_DATA_READY, &msk->flags), 1598 skb_queue_empty(&sk->sk_receive_queue), copied); 1599 mptcp_rcv_space_adjust(msk, copied); 1600 1601 release_sock(sk); 1602 return copied; 1603} 1604 1605static void mptcp_retransmit_handler(struct sock *sk) 1606{ 1607 struct mptcp_sock *msk = mptcp_sk(sk); 1608 1609 if (atomic64_read(&msk->snd_una) == READ_ONCE(msk->write_seq)) { 1610 mptcp_stop_timer(sk); 1611 } else { 1612 set_bit(MPTCP_WORK_RTX, &msk->flags); 1613 if (schedule_work(&msk->work)) 1614 sock_hold(sk); 1615 } 1616} 1617 1618static void mptcp_retransmit_timer(struct timer_list *t) 1619{ 1620 struct inet_connection_sock *icsk = from_timer(icsk, t, 1621 icsk_retransmit_timer); 1622 struct sock *sk = &icsk->icsk_inet.sk; 1623 1624 bh_lock_sock(sk); 1625 if (!sock_owned_by_user(sk)) { 1626 mptcp_retransmit_handler(sk); 1627 } else { 1628 /* delegate our work to tcp_release_cb() */ 1629 if (!test_and_set_bit(TCP_WRITE_TIMER_DEFERRED, 1630 &sk->sk_tsq_flags)) 1631 sock_hold(sk); 1632 } 1633 bh_unlock_sock(sk); 1634 sock_put(sk); 1635} 1636 1637/* Find an idle subflow. Return NULL if there is unacked data at tcp 1638 * level. 1639 * 1640 * A backup subflow is returned only if that is the only kind available. 1641 */ 1642static struct sock *mptcp_subflow_get_retrans(const struct mptcp_sock *msk) 1643{ 1644 struct mptcp_subflow_context *subflow; 1645 struct sock *backup = NULL; 1646 1647 sock_owned_by_me((const struct sock *)msk); 1648 1649 if (__mptcp_check_fallback(msk)) 1650 return msk->first; 1651 1652 mptcp_for_each_subflow(msk, subflow) { 1653 struct sock *ssk = mptcp_subflow_tcp_sock(subflow); 1654 1655 if (!mptcp_subflow_active(subflow)) 1656 continue; 1657 1658 /* still data outstanding at TCP level? Don't retransmit. */ 1659 if (!tcp_write_queue_empty(ssk)) { 1660 if (inet_csk(ssk)->icsk_ca_state >= TCP_CA_Loss) 1661 continue; 1662 return NULL; 1663 } 1664 1665 if (subflow->backup) { 1666 if (!backup) 1667 backup = ssk; 1668 continue; 1669 } 1670 1671 return ssk; 1672 } 1673 1674 return backup; 1675} 1676 1677/* subflow sockets can be either outgoing (connect) or incoming 1678 * (accept). 1679 * 1680 * Outgoing subflows use in-kernel sockets. 1681 * Incoming subflows do not have their own 'struct socket' allocated, 1682 * so we need to use tcp_close() after detaching them from the mptcp 1683 * parent socket. 1684 */ 1685void __mptcp_close_ssk(struct sock *sk, struct sock *ssk, 1686 struct mptcp_subflow_context *subflow, 1687 long timeout) 1688{ 1689 struct socket *sock = READ_ONCE(ssk->sk_socket); 1690 1691 list_del(&subflow->node); 1692 1693 if (sock && sock != sk->sk_socket) { 1694 /* outgoing subflow */ 1695 sock_release(sock); 1696 } else { 1697 /* incoming subflow */ 1698 tcp_close(ssk, timeout); 1699 } 1700} 1701 1702static unsigned int mptcp_sync_mss(struct sock *sk, u32 pmtu) 1703{ 1704 return 0; 1705} 1706 1707static void pm_work(struct mptcp_sock *msk) 1708{ 1709 struct mptcp_pm_data *pm = &msk->pm; 1710 1711 spin_lock_bh(&msk->pm.lock); 1712 1713 pr_debug("msk=%p status=%x", msk, pm->status); 1714 if (pm->status & BIT(MPTCP_PM_ADD_ADDR_RECEIVED)) { 1715 pm->status &= ~BIT(MPTCP_PM_ADD_ADDR_RECEIVED); 1716 mptcp_pm_nl_add_addr_received(msk); 1717 } 1718 if (pm->status & BIT(MPTCP_PM_RM_ADDR_RECEIVED)) { 1719 pm->status &= ~BIT(MPTCP_PM_RM_ADDR_RECEIVED); 1720 mptcp_pm_nl_rm_addr_received(msk); 1721 } 1722 if (pm->status & BIT(MPTCP_PM_ESTABLISHED)) { 1723 pm->status &= ~BIT(MPTCP_PM_ESTABLISHED); 1724 mptcp_pm_nl_fully_established(msk); 1725 } 1726 if (pm->status & BIT(MPTCP_PM_SUBFLOW_ESTABLISHED)) { 1727 pm->status &= ~BIT(MPTCP_PM_SUBFLOW_ESTABLISHED); 1728 mptcp_pm_nl_subflow_established(msk); 1729 } 1730 1731 spin_unlock_bh(&msk->pm.lock); 1732} 1733 1734static void __mptcp_close_subflow(struct mptcp_sock *msk) 1735{ 1736 struct mptcp_subflow_context *subflow, *tmp; 1737 1738 list_for_each_entry_safe(subflow, tmp, &msk->conn_list, node) { 1739 struct sock *ssk = mptcp_subflow_tcp_sock(subflow); 1740 1741 if (inet_sk_state_load(ssk) != TCP_CLOSE) 1742 continue; 1743 1744 __mptcp_close_ssk((struct sock *)msk, ssk, subflow, 0); 1745 } 1746} 1747 1748static void mptcp_worker(struct work_struct *work) 1749{ 1750 struct mptcp_sock *msk = container_of(work, struct mptcp_sock, work); 1751 struct sock *ssk, *sk = &msk->sk.icsk_inet.sk; 1752 int orig_len, orig_offset, mss_now = 0, size_goal = 0; 1753 struct mptcp_data_frag *dfrag; 1754 u64 orig_write_seq; 1755 size_t copied = 0; 1756 struct msghdr msg = { 1757 .msg_flags = MSG_DONTWAIT, 1758 }; 1759 long timeo = 0; 1760 1761 lock_sock(sk); 1762 mptcp_clean_una(sk); 1763 mptcp_check_data_fin_ack(sk); 1764 __mptcp_flush_join_list(msk); 1765 if (test_and_clear_bit(MPTCP_WORK_CLOSE_SUBFLOW, &msk->flags)) 1766 __mptcp_close_subflow(msk); 1767 1768 __mptcp_move_skbs(msk); 1769 1770 if (msk->pm.status) 1771 pm_work(msk); 1772 1773 if (test_and_clear_bit(MPTCP_WORK_EOF, &msk->flags)) 1774 mptcp_check_for_eof(msk); 1775 1776 mptcp_check_data_fin(sk); 1777 1778 if (!test_and_clear_bit(MPTCP_WORK_RTX, &msk->flags)) 1779 goto unlock; 1780 1781 dfrag = mptcp_rtx_head(sk); 1782 if (!dfrag) 1783 goto unlock; 1784 1785 if (!mptcp_ext_cache_refill(msk)) 1786 goto reset_unlock; 1787 1788 ssk = mptcp_subflow_get_retrans(msk); 1789 if (!ssk) 1790 goto reset_unlock; 1791 1792 lock_sock(ssk); 1793 1794 orig_len = dfrag->data_len; 1795 orig_offset = dfrag->offset; 1796 orig_write_seq = dfrag->data_seq; 1797 while (dfrag->data_len > 0) { 1798 int ret = mptcp_sendmsg_frag(sk, ssk, &msg, dfrag, &timeo, 1799 &mss_now, &size_goal); 1800 if (ret < 0) 1801 break; 1802 1803 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_RETRANSSEGS); 1804 copied += ret; 1805 dfrag->data_len -= ret; 1806 dfrag->offset += ret; 1807 1808 if (!mptcp_ext_cache_refill(msk)) 1809 break; 1810 } 1811 if (copied) 1812 tcp_push(ssk, msg.msg_flags, mss_now, tcp_sk(ssk)->nonagle, 1813 size_goal); 1814 1815 dfrag->data_seq = orig_write_seq; 1816 dfrag->offset = orig_offset; 1817 dfrag->data_len = orig_len; 1818 1819 mptcp_set_timeout(sk, ssk); 1820 release_sock(ssk); 1821 1822reset_unlock: 1823 if (!mptcp_timer_pending(sk)) 1824 mptcp_reset_timer(sk); 1825 1826unlock: 1827 release_sock(sk); 1828 sock_put(sk); 1829} 1830 1831static int __mptcp_init_sock(struct sock *sk) 1832{ 1833 struct mptcp_sock *msk = mptcp_sk(sk); 1834 1835 spin_lock_init(&msk->join_list_lock); 1836 1837 INIT_LIST_HEAD(&msk->conn_list); 1838 INIT_LIST_HEAD(&msk->join_list); 1839 INIT_LIST_HEAD(&msk->rtx_queue); 1840 __set_bit(MPTCP_SEND_SPACE, &msk->flags); 1841 INIT_WORK(&msk->work, mptcp_worker); 1842 msk->out_of_order_queue = RB_ROOT; 1843 1844 msk->first = NULL; 1845 inet_csk(sk)->icsk_sync_mss = mptcp_sync_mss; 1846 1847 mptcp_pm_data_init(msk); 1848 1849 /* re-use the csk retrans timer for MPTCP-level retrans */ 1850 timer_setup(&msk->sk.icsk_retransmit_timer, mptcp_retransmit_timer, 0); 1851 1852 return 0; 1853} 1854 1855static int mptcp_init_sock(struct sock *sk) 1856{ 1857 struct net *net = sock_net(sk); 1858 int ret; 1859 1860 ret = __mptcp_init_sock(sk); 1861 if (ret) 1862 return ret; 1863 1864 if (!mptcp_is_enabled(net)) 1865 return -ENOPROTOOPT; 1866 1867 if (unlikely(!net->mib.mptcp_statistics) && !mptcp_mib_alloc(net)) 1868 return -ENOMEM; 1869 1870 ret = __mptcp_socket_create(mptcp_sk(sk)); 1871 if (ret) 1872 return ret; 1873 1874 sk_sockets_allocated_inc(sk); 1875 sk->sk_rcvbuf = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_rmem[1]); 1876 sk->sk_sndbuf = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_wmem[1]); 1877 1878 return 0; 1879} 1880 1881static void __mptcp_clear_xmit(struct sock *sk) 1882{ 1883 struct mptcp_sock *msk = mptcp_sk(sk); 1884 struct mptcp_data_frag *dtmp, *dfrag; 1885 1886 sk_stop_timer(sk, &msk->sk.icsk_retransmit_timer); 1887 1888 list_for_each_entry_safe(dfrag, dtmp, &msk->rtx_queue, list) 1889 dfrag_clear(sk, dfrag); 1890} 1891 1892static void mptcp_cancel_work(struct sock *sk) 1893{ 1894 struct mptcp_sock *msk = mptcp_sk(sk); 1895 1896 if (cancel_work_sync(&msk->work)) 1897 sock_put(sk); 1898} 1899 1900void mptcp_subflow_shutdown(struct sock *sk, struct sock *ssk, int how) 1901{ 1902 lock_sock(ssk); 1903 1904 switch (ssk->sk_state) { 1905 case TCP_LISTEN: 1906 if (!(how & RCV_SHUTDOWN)) 1907 break; 1908 fallthrough; 1909 case TCP_SYN_SENT: 1910 tcp_disconnect(ssk, O_NONBLOCK); 1911 break; 1912 default: 1913 if (__mptcp_check_fallback(mptcp_sk(sk))) { 1914 pr_debug("Fallback"); 1915 ssk->sk_shutdown |= how; 1916 tcp_shutdown(ssk, how); 1917 } else { 1918 pr_debug("Sending DATA_FIN on subflow %p", ssk); 1919 mptcp_set_timeout(sk, ssk); 1920 tcp_send_ack(ssk); 1921 } 1922 break; 1923 } 1924 1925 release_sock(ssk); 1926} 1927 1928static const unsigned char new_state[16] = { 1929 /* current state: new state: action: */ 1930 [0 /* (Invalid) */] = TCP_CLOSE, 1931 [TCP_ESTABLISHED] = TCP_FIN_WAIT1 | TCP_ACTION_FIN, 1932 [TCP_SYN_SENT] = TCP_CLOSE, 1933 [TCP_SYN_RECV] = TCP_FIN_WAIT1 | TCP_ACTION_FIN, 1934 [TCP_FIN_WAIT1] = TCP_FIN_WAIT1, 1935 [TCP_FIN_WAIT2] = TCP_FIN_WAIT2, 1936 [TCP_TIME_WAIT] = TCP_CLOSE, /* should not happen ! */ 1937 [TCP_CLOSE] = TCP_CLOSE, 1938 [TCP_CLOSE_WAIT] = TCP_LAST_ACK | TCP_ACTION_FIN, 1939 [TCP_LAST_ACK] = TCP_LAST_ACK, 1940 [TCP_LISTEN] = TCP_CLOSE, 1941 [TCP_CLOSING] = TCP_CLOSING, 1942 [TCP_NEW_SYN_RECV] = TCP_CLOSE, /* should not happen ! */ 1943}; 1944 1945static int mptcp_close_state(struct sock *sk) 1946{ 1947 int next = (int)new_state[sk->sk_state]; 1948 int ns = next & TCP_STATE_MASK; 1949 1950 inet_sk_state_store(sk, ns); 1951 1952 return next & TCP_ACTION_FIN; 1953} 1954 1955static void mptcp_close(struct sock *sk, long timeout) 1956{ 1957 struct mptcp_subflow_context *subflow, *tmp; 1958 struct mptcp_sock *msk = mptcp_sk(sk); 1959 LIST_HEAD(conn_list); 1960 1961 lock_sock(sk); 1962 sk->sk_shutdown = SHUTDOWN_MASK; 1963 1964 if (sk->sk_state == TCP_LISTEN) { 1965 inet_sk_state_store(sk, TCP_CLOSE); 1966 goto cleanup; 1967 } else if (sk->sk_state == TCP_CLOSE) { 1968 goto cleanup; 1969 } 1970 1971 if (__mptcp_check_fallback(msk)) { 1972 goto update_state; 1973 } else if (mptcp_close_state(sk)) { 1974 pr_debug("Sending DATA_FIN sk=%p", sk); 1975 WRITE_ONCE(msk->write_seq, msk->write_seq + 1); 1976 WRITE_ONCE(msk->snd_data_fin_enable, 1); 1977 1978 mptcp_for_each_subflow(msk, subflow) { 1979 struct sock *tcp_sk = mptcp_subflow_tcp_sock(subflow); 1980 1981 mptcp_subflow_shutdown(sk, tcp_sk, SHUTDOWN_MASK); 1982 } 1983 } 1984 1985 sk_stream_wait_close(sk, timeout); 1986 1987update_state: 1988 inet_sk_state_store(sk, TCP_CLOSE); 1989 1990cleanup: 1991 /* be sure to always acquire the join list lock, to sync vs 1992 * mptcp_finish_join(). 1993 */ 1994 spin_lock_bh(&msk->join_list_lock); 1995 list_splice_tail_init(&msk->join_list, &msk->conn_list); 1996 spin_unlock_bh(&msk->join_list_lock); 1997 list_splice_init(&msk->conn_list, &conn_list); 1998 1999 __mptcp_clear_xmit(sk); 2000 2001 release_sock(sk); 2002 2003 list_for_each_entry_safe(subflow, tmp, &conn_list, node) { 2004 struct sock *ssk = mptcp_subflow_tcp_sock(subflow); 2005 __mptcp_close_ssk(sk, ssk, subflow, timeout); 2006 } 2007 2008 mptcp_cancel_work(sk); 2009 2010 __skb_queue_purge(&sk->sk_receive_queue); 2011 2012 sk_common_release(sk); 2013} 2014 2015static void mptcp_copy_inaddrs(struct sock *msk, const struct sock *ssk) 2016{ 2017#if IS_ENABLED(CONFIG_MPTCP_IPV6) 2018 const struct ipv6_pinfo *ssk6 = inet6_sk(ssk); 2019 struct ipv6_pinfo *msk6 = inet6_sk(msk); 2020 2021 msk->sk_v6_daddr = ssk->sk_v6_daddr; 2022 msk->sk_v6_rcv_saddr = ssk->sk_v6_rcv_saddr; 2023 2024 if (msk6 && ssk6) { 2025 msk6->saddr = ssk6->saddr; 2026 msk6->flow_label = ssk6->flow_label; 2027 } 2028#endif 2029 2030 inet_sk(msk)->inet_num = inet_sk(ssk)->inet_num; 2031 inet_sk(msk)->inet_dport = inet_sk(ssk)->inet_dport; 2032 inet_sk(msk)->inet_sport = inet_sk(ssk)->inet_sport; 2033 inet_sk(msk)->inet_daddr = inet_sk(ssk)->inet_daddr; 2034 inet_sk(msk)->inet_saddr = inet_sk(ssk)->inet_saddr; 2035 inet_sk(msk)->inet_rcv_saddr = inet_sk(ssk)->inet_rcv_saddr; 2036} 2037 2038static int mptcp_disconnect(struct sock *sk, int flags) 2039{ 2040 /* Should never be called. 2041 * inet_stream_connect() calls ->disconnect, but that 2042 * refers to the subflow socket, not the mptcp one. 2043 */ 2044 WARN_ON_ONCE(1); 2045 return 0; 2046} 2047 2048#if IS_ENABLED(CONFIG_MPTCP_IPV6) 2049static struct ipv6_pinfo *mptcp_inet6_sk(const struct sock *sk) 2050{ 2051 unsigned int offset = sizeof(struct mptcp6_sock) - sizeof(struct ipv6_pinfo); 2052 2053 return (struct ipv6_pinfo *)(((u8 *)sk) + offset); 2054} 2055#endif 2056 2057struct sock *mptcp_sk_clone(const struct sock *sk, 2058 const struct mptcp_options_received *mp_opt, 2059 struct request_sock *req) 2060{ 2061 struct mptcp_subflow_request_sock *subflow_req = mptcp_subflow_rsk(req); 2062 struct sock *nsk = sk_clone_lock(sk, GFP_ATOMIC); 2063 struct mptcp_sock *msk; 2064 u64 ack_seq; 2065 2066 if (!nsk) 2067 return NULL; 2068 2069#if IS_ENABLED(CONFIG_MPTCP_IPV6) 2070 if (nsk->sk_family == AF_INET6) 2071 inet_sk(nsk)->pinet6 = mptcp_inet6_sk(nsk); 2072#endif 2073 2074 __mptcp_init_sock(nsk); 2075 2076 msk = mptcp_sk(nsk); 2077 msk->local_key = subflow_req->local_key; 2078 msk->token = subflow_req->token; 2079 msk->subflow = NULL; 2080 WRITE_ONCE(msk->fully_established, false); 2081 2082 msk->write_seq = subflow_req->idsn + 1; 2083 atomic64_set(&msk->snd_una, msk->write_seq); 2084 if (mp_opt->mp_capable) { 2085 msk->can_ack = true; 2086 msk->remote_key = mp_opt->sndr_key; 2087 mptcp_crypto_key_sha(msk->remote_key, NULL, &ack_seq); 2088 ack_seq++; 2089 WRITE_ONCE(msk->ack_seq, ack_seq); 2090 } 2091 2092 sock_reset_flag(nsk, SOCK_RCU_FREE); 2093 /* will be fully established after successful MPC subflow creation */ 2094 inet_sk_state_store(nsk, TCP_SYN_RECV); 2095 2096 security_inet_csk_clone(nsk, req); 2097 bh_unlock_sock(nsk); 2098 2099 /* keep a single reference */ 2100 __sock_put(nsk); 2101 return nsk; 2102} 2103 2104void mptcp_rcv_space_init(struct mptcp_sock *msk, const struct sock *ssk) 2105{ 2106 const struct tcp_sock *tp = tcp_sk(ssk); 2107 2108 msk->rcvq_space.copied = 0; 2109 msk->rcvq_space.rtt_us = 0; 2110 2111 msk->rcvq_space.time = tp->tcp_mstamp; 2112 2113 /* initial rcv_space offering made to peer */ 2114 msk->rcvq_space.space = min_t(u32, tp->rcv_wnd, 2115 TCP_INIT_CWND * tp->advmss); 2116 if (msk->rcvq_space.space == 0) 2117 msk->rcvq_space.space = TCP_INIT_CWND * TCP_MSS_DEFAULT; 2118} 2119 2120static struct sock *mptcp_accept(struct sock *sk, int flags, int *err, 2121 bool kern) 2122{ 2123 struct mptcp_sock *msk = mptcp_sk(sk); 2124 struct socket *listener; 2125 struct sock *newsk; 2126 2127 listener = __mptcp_nmpc_socket(msk); 2128 if (WARN_ON_ONCE(!listener)) { 2129 *err = -EINVAL; 2130 return NULL; 2131 } 2132 2133 pr_debug("msk=%p, listener=%p", msk, mptcp_subflow_ctx(listener->sk)); 2134 newsk = inet_csk_accept(listener->sk, flags, err, kern); 2135 if (!newsk) 2136 return NULL; 2137 2138 pr_debug("msk=%p, subflow is mptcp=%d", msk, sk_is_mptcp(newsk)); 2139 if (sk_is_mptcp(newsk)) { 2140 struct mptcp_subflow_context *subflow; 2141 struct sock *new_mptcp_sock; 2142 struct sock *ssk = newsk; 2143 2144 subflow = mptcp_subflow_ctx(newsk); 2145 new_mptcp_sock = subflow->conn; 2146 2147 /* is_mptcp should be false if subflow->conn is missing, see 2148 * subflow_syn_recv_sock() 2149 */ 2150 if (WARN_ON_ONCE(!new_mptcp_sock)) { 2151 tcp_sk(newsk)->is_mptcp = 0; 2152 goto out; 2153 } 2154 2155 /* acquire the 2nd reference for the owning socket */ 2156 sock_hold(new_mptcp_sock); 2157 2158 local_bh_disable(); 2159 bh_lock_sock(new_mptcp_sock); 2160 msk = mptcp_sk(new_mptcp_sock); 2161 msk->first = newsk; 2162 2163 newsk = new_mptcp_sock; 2164 mptcp_copy_inaddrs(newsk, ssk); 2165 list_add(&subflow->node, &msk->conn_list); 2166 2167 mptcp_rcv_space_init(msk, ssk); 2168 bh_unlock_sock(new_mptcp_sock); 2169 2170 __MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_MPCAPABLEPASSIVEACK); 2171 local_bh_enable(); 2172 } else { 2173 MPTCP_INC_STATS(sock_net(sk), 2174 MPTCP_MIB_MPCAPABLEPASSIVEFALLBACK); 2175 } 2176 2177out: 2178 newsk->sk_kern_sock = kern; 2179 return newsk; 2180} 2181 2182void mptcp_destroy_common(struct mptcp_sock *msk) 2183{ 2184 skb_rbtree_purge(&msk->out_of_order_queue); 2185 mptcp_token_destroy(msk); 2186 mptcp_pm_free_anno_list(msk); 2187} 2188 2189static void mptcp_destroy(struct sock *sk) 2190{ 2191 struct mptcp_sock *msk = mptcp_sk(sk); 2192 2193 if (msk->cached_ext) 2194 __skb_ext_put(msk->cached_ext); 2195 2196 mptcp_destroy_common(msk); 2197 sk_sockets_allocated_dec(sk); 2198} 2199 2200static int mptcp_setsockopt_sol_socket(struct mptcp_sock *msk, int optname, 2201 sockptr_t optval, unsigned int optlen) 2202{ 2203 struct sock *sk = (struct sock *)msk; 2204 struct socket *ssock; 2205 int ret; 2206 2207 switch (optname) { 2208 case SO_REUSEPORT: 2209 case SO_REUSEADDR: 2210 lock_sock(sk); 2211 ssock = __mptcp_nmpc_socket(msk); 2212 if (!ssock) { 2213 release_sock(sk); 2214 return -EINVAL; 2215 } 2216 2217 ret = sock_setsockopt(ssock, SOL_SOCKET, optname, optval, optlen); 2218 if (ret == 0) { 2219 if (optname == SO_REUSEPORT) 2220 sk->sk_reuseport = ssock->sk->sk_reuseport; 2221 else if (optname == SO_REUSEADDR) 2222 sk->sk_reuse = ssock->sk->sk_reuse; 2223 } 2224 release_sock(sk); 2225 return ret; 2226 } 2227 2228 return sock_setsockopt(sk->sk_socket, SOL_SOCKET, optname, optval, optlen); 2229} 2230 2231static int mptcp_setsockopt_v6(struct mptcp_sock *msk, int optname, 2232 sockptr_t optval, unsigned int optlen) 2233{ 2234 struct sock *sk = (struct sock *)msk; 2235 int ret = -EOPNOTSUPP; 2236 struct socket *ssock; 2237 2238 switch (optname) { 2239 case IPV6_V6ONLY: 2240 lock_sock(sk); 2241 ssock = __mptcp_nmpc_socket(msk); 2242 if (!ssock) { 2243 release_sock(sk); 2244 return -EINVAL; 2245 } 2246 2247 ret = tcp_setsockopt(ssock->sk, SOL_IPV6, optname, optval, optlen); 2248 if (ret == 0) 2249 sk->sk_ipv6only = ssock->sk->sk_ipv6only; 2250 2251 release_sock(sk); 2252 break; 2253 } 2254 2255 return ret; 2256} 2257 2258static bool mptcp_unsupported(int level, int optname) 2259{ 2260 if (level == SOL_IP) { 2261 switch (optname) { 2262 case IP_ADD_MEMBERSHIP: 2263 case IP_ADD_SOURCE_MEMBERSHIP: 2264 case IP_DROP_MEMBERSHIP: 2265 case IP_DROP_SOURCE_MEMBERSHIP: 2266 case IP_BLOCK_SOURCE: 2267 case IP_UNBLOCK_SOURCE: 2268 case MCAST_JOIN_GROUP: 2269 case MCAST_LEAVE_GROUP: 2270 case MCAST_JOIN_SOURCE_GROUP: 2271 case MCAST_LEAVE_SOURCE_GROUP: 2272 case MCAST_BLOCK_SOURCE: 2273 case MCAST_UNBLOCK_SOURCE: 2274 case MCAST_MSFILTER: 2275 return true; 2276 } 2277 return false; 2278 } 2279 if (level == SOL_IPV6) { 2280 switch (optname) { 2281 case IPV6_ADDRFORM: 2282 case IPV6_ADD_MEMBERSHIP: 2283 case IPV6_DROP_MEMBERSHIP: 2284 case IPV6_JOIN_ANYCAST: 2285 case IPV6_LEAVE_ANYCAST: 2286 case MCAST_JOIN_GROUP: 2287 case MCAST_LEAVE_GROUP: 2288 case MCAST_JOIN_SOURCE_GROUP: 2289 case MCAST_LEAVE_SOURCE_GROUP: 2290 case MCAST_BLOCK_SOURCE: 2291 case MCAST_UNBLOCK_SOURCE: 2292 case MCAST_MSFILTER: 2293 return true; 2294 } 2295 return false; 2296 } 2297 return false; 2298} 2299 2300static int mptcp_setsockopt(struct sock *sk, int level, int optname, 2301 sockptr_t optval, unsigned int optlen) 2302{ 2303 struct mptcp_sock *msk = mptcp_sk(sk); 2304 struct sock *ssk; 2305 2306 pr_debug("msk=%p", msk); 2307 2308 if (mptcp_unsupported(level, optname)) 2309 return -ENOPROTOOPT; 2310 2311 if (level == SOL_SOCKET) 2312 return mptcp_setsockopt_sol_socket(msk, optname, optval, optlen); 2313 2314 /* @@ the meaning of setsockopt() when the socket is connected and 2315 * there are multiple subflows is not yet defined. It is up to the 2316 * MPTCP-level socket to configure the subflows until the subflow 2317 * is in TCP fallback, when TCP socket options are passed through 2318 * to the one remaining subflow. 2319 */ 2320 lock_sock(sk); 2321 ssk = __mptcp_tcp_fallback(msk); 2322 release_sock(sk); 2323 if (ssk) 2324 return tcp_setsockopt(ssk, level, optname, optval, optlen); 2325 2326 if (level == SOL_IPV6) 2327 return mptcp_setsockopt_v6(msk, optname, optval, optlen); 2328 2329 return -EOPNOTSUPP; 2330} 2331 2332static int mptcp_getsockopt(struct sock *sk, int level, int optname, 2333 char __user *optval, int __user *option) 2334{ 2335 struct mptcp_sock *msk = mptcp_sk(sk); 2336 struct sock *ssk; 2337 2338 pr_debug("msk=%p", msk); 2339 2340 /* @@ the meaning of setsockopt() when the socket is connected and 2341 * there are multiple subflows is not yet defined. It is up to the 2342 * MPTCP-level socket to configure the subflows until the subflow 2343 * is in TCP fallback, when socket options are passed through 2344 * to the one remaining subflow. 2345 */ 2346 lock_sock(sk); 2347 ssk = __mptcp_tcp_fallback(msk); 2348 release_sock(sk); 2349 if (ssk) 2350 return tcp_getsockopt(ssk, level, optname, optval, option); 2351 2352 return -EOPNOTSUPP; 2353} 2354 2355#define MPTCP_DEFERRED_ALL (TCPF_DELACK_TIMER_DEFERRED | \ 2356 TCPF_WRITE_TIMER_DEFERRED) 2357 2358/* this is very alike tcp_release_cb() but we must handle differently a 2359 * different set of events 2360 */ 2361static void mptcp_release_cb(struct sock *sk) 2362{ 2363 unsigned long flags, nflags; 2364 2365 do { 2366 flags = sk->sk_tsq_flags; 2367 if (!(flags & MPTCP_DEFERRED_ALL)) 2368 return; 2369 nflags = flags & ~MPTCP_DEFERRED_ALL; 2370 } while (cmpxchg(&sk->sk_tsq_flags, flags, nflags) != flags); 2371 2372 sock_release_ownership(sk); 2373 2374 if (flags & TCPF_DELACK_TIMER_DEFERRED) { 2375 struct mptcp_sock *msk = mptcp_sk(sk); 2376 struct sock *ssk; 2377 2378 ssk = mptcp_subflow_recv_lookup(msk); 2379 if (!ssk || !schedule_work(&msk->work)) 2380 __sock_put(sk); 2381 } 2382 2383 if (flags & TCPF_WRITE_TIMER_DEFERRED) { 2384 mptcp_retransmit_handler(sk); 2385 __sock_put(sk); 2386 } 2387} 2388 2389static int mptcp_hash(struct sock *sk) 2390{ 2391 /* should never be called, 2392 * we hash the TCP subflows not the master socket 2393 */ 2394 WARN_ON_ONCE(1); 2395 return 0; 2396} 2397 2398static void mptcp_unhash(struct sock *sk) 2399{ 2400 /* called from sk_common_release(), but nothing to do here */ 2401} 2402 2403static int mptcp_get_port(struct sock *sk, unsigned short snum) 2404{ 2405 struct mptcp_sock *msk = mptcp_sk(sk); 2406 struct socket *ssock; 2407 2408 ssock = __mptcp_nmpc_socket(msk); 2409 pr_debug("msk=%p, subflow=%p", msk, ssock); 2410 if (WARN_ON_ONCE(!ssock)) 2411 return -EINVAL; 2412 2413 return inet_csk_get_port(ssock->sk, snum); 2414} 2415 2416void mptcp_finish_connect(struct sock *ssk) 2417{ 2418 struct mptcp_subflow_context *subflow; 2419 struct mptcp_sock *msk; 2420 struct sock *sk; 2421 u64 ack_seq; 2422 2423 subflow = mptcp_subflow_ctx(ssk); 2424 sk = subflow->conn; 2425 msk = mptcp_sk(sk); 2426 2427 pr_debug("msk=%p, token=%u", sk, subflow->token); 2428 2429 mptcp_crypto_key_sha(subflow->remote_key, NULL, &ack_seq); 2430 ack_seq++; 2431 subflow->map_seq = ack_seq; 2432 subflow->map_subflow_seq = 1; 2433 2434 /* the socket is not connected yet, no msk/subflow ops can access/race 2435 * accessing the field below 2436 */ 2437 WRITE_ONCE(msk->remote_key, subflow->remote_key); 2438 WRITE_ONCE(msk->local_key, subflow->local_key); 2439 WRITE_ONCE(msk->write_seq, subflow->idsn + 1); 2440 WRITE_ONCE(msk->ack_seq, ack_seq); 2441 WRITE_ONCE(msk->can_ack, 1); 2442 atomic64_set(&msk->snd_una, msk->write_seq); 2443 2444 mptcp_pm_new_connection(msk, 0); 2445 2446 mptcp_rcv_space_init(msk, ssk); 2447} 2448 2449static void mptcp_sock_graft(struct sock *sk, struct socket *parent) 2450{ 2451 write_lock_bh(&sk->sk_callback_lock); 2452 rcu_assign_pointer(sk->sk_wq, &parent->wq); 2453 sk_set_socket(sk, parent); 2454 sk->sk_uid = SOCK_INODE(parent)->i_uid; 2455 write_unlock_bh(&sk->sk_callback_lock); 2456} 2457 2458bool mptcp_finish_join(struct sock *sk) 2459{ 2460 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); 2461 struct mptcp_sock *msk = mptcp_sk(subflow->conn); 2462 struct sock *parent = (void *)msk; 2463 struct socket *parent_sock; 2464 bool ret; 2465 2466 pr_debug("msk=%p, subflow=%p", msk, subflow); 2467 2468 /* mptcp socket already closing? */ 2469 if (!mptcp_is_fully_established(parent)) 2470 return false; 2471 2472 if (!msk->pm.server_side) 2473 return true; 2474 2475 if (!mptcp_pm_allow_new_subflow(msk)) 2476 return false; 2477 2478 /* active connections are already on conn_list, and we can't acquire 2479 * msk lock here. 2480 * use the join list lock as synchronization point and double-check 2481 * msk status to avoid racing with mptcp_close() 2482 */ 2483 spin_lock_bh(&msk->join_list_lock); 2484 ret = inet_sk_state_load(parent) == TCP_ESTABLISHED; 2485 if (ret && !WARN_ON_ONCE(!list_empty(&subflow->node))) 2486 list_add_tail(&subflow->node, &msk->join_list); 2487 spin_unlock_bh(&msk->join_list_lock); 2488 if (!ret) 2489 return false; 2490 2491 /* attach to msk socket only after we are sure he will deal with us 2492 * at close time 2493 */ 2494 parent_sock = READ_ONCE(parent->sk_socket); 2495 if (parent_sock && !sk->sk_socket) 2496 mptcp_sock_graft(sk, parent_sock); 2497 subflow->map_seq = READ_ONCE(msk->ack_seq); 2498 return true; 2499} 2500 2501static bool mptcp_memory_free(const struct sock *sk, int wake) 2502{ 2503 struct mptcp_sock *msk = mptcp_sk(sk); 2504 2505 return wake ? test_bit(MPTCP_SEND_SPACE, &msk->flags) : true; 2506} 2507 2508static struct proto mptcp_prot = { 2509 .name = "MPTCP", 2510 .owner = THIS_MODULE, 2511 .init = mptcp_init_sock, 2512 .disconnect = mptcp_disconnect, 2513 .close = mptcp_close, 2514 .accept = mptcp_accept, 2515 .setsockopt = mptcp_setsockopt, 2516 .getsockopt = mptcp_getsockopt, 2517 .shutdown = tcp_shutdown, 2518 .destroy = mptcp_destroy, 2519 .sendmsg = mptcp_sendmsg, 2520 .recvmsg = mptcp_recvmsg, 2521 .release_cb = mptcp_release_cb, 2522 .hash = mptcp_hash, 2523 .unhash = mptcp_unhash, 2524 .get_port = mptcp_get_port, 2525 .sockets_allocated = &mptcp_sockets_allocated, 2526 .memory_allocated = &tcp_memory_allocated, 2527 .memory_pressure = &tcp_memory_pressure, 2528 .stream_memory_free = mptcp_memory_free, 2529 .sysctl_wmem_offset = offsetof(struct net, ipv4.sysctl_tcp_wmem), 2530 .sysctl_rmem_offset = offsetof(struct net, ipv4.sysctl_tcp_rmem), 2531 .sysctl_mem = sysctl_tcp_mem, 2532 .obj_size = sizeof(struct mptcp_sock), 2533 .slab_flags = SLAB_TYPESAFE_BY_RCU, 2534 .no_autobind = true, 2535}; 2536 2537static int mptcp_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) 2538{ 2539 struct mptcp_sock *msk = mptcp_sk(sock->sk); 2540 struct socket *ssock; 2541 int err; 2542 2543 lock_sock(sock->sk); 2544 ssock = __mptcp_nmpc_socket(msk); 2545 if (!ssock) { 2546 err = -EINVAL; 2547 goto unlock; 2548 } 2549 2550 err = ssock->ops->bind(ssock, uaddr, addr_len); 2551 if (!err) 2552 mptcp_copy_inaddrs(sock->sk, ssock->sk); 2553 2554unlock: 2555 release_sock(sock->sk); 2556 return err; 2557} 2558 2559static void mptcp_subflow_early_fallback(struct mptcp_sock *msk, 2560 struct mptcp_subflow_context *subflow) 2561{ 2562 subflow->request_mptcp = 0; 2563 __mptcp_do_fallback(msk); 2564} 2565 2566static int mptcp_stream_connect(struct socket *sock, struct sockaddr *uaddr, 2567 int addr_len, int flags) 2568{ 2569 struct mptcp_sock *msk = mptcp_sk(sock->sk); 2570 struct mptcp_subflow_context *subflow; 2571 struct socket *ssock; 2572 int err; 2573 2574 lock_sock(sock->sk); 2575 if (sock->state != SS_UNCONNECTED && msk->subflow) { 2576 /* pending connection or invalid state, let existing subflow 2577 * cope with that 2578 */ 2579 ssock = msk->subflow; 2580 goto do_connect; 2581 } 2582 2583 ssock = __mptcp_nmpc_socket(msk); 2584 if (!ssock) { 2585 err = -EINVAL; 2586 goto unlock; 2587 } 2588 2589 mptcp_token_destroy(msk); 2590 inet_sk_state_store(sock->sk, TCP_SYN_SENT); 2591 subflow = mptcp_subflow_ctx(ssock->sk); 2592#ifdef CONFIG_TCP_MD5SIG 2593 /* no MPTCP if MD5SIG is enabled on this socket or we may run out of 2594 * TCP option space. 2595 */ 2596 if (rcu_access_pointer(tcp_sk(ssock->sk)->md5sig_info)) 2597 mptcp_subflow_early_fallback(msk, subflow); 2598#endif 2599 if (subflow->request_mptcp && mptcp_token_new_connect(ssock->sk)) 2600 mptcp_subflow_early_fallback(msk, subflow); 2601 2602do_connect: 2603 err = ssock->ops->connect(ssock, uaddr, addr_len, flags); 2604 sock->state = ssock->state; 2605 2606 /* on successful connect, the msk state will be moved to established by 2607 * subflow_finish_connect() 2608 */ 2609 if (!err || err == -EINPROGRESS) 2610 mptcp_copy_inaddrs(sock->sk, ssock->sk); 2611 else 2612 inet_sk_state_store(sock->sk, inet_sk_state_load(ssock->sk)); 2613 2614unlock: 2615 release_sock(sock->sk); 2616 return err; 2617} 2618 2619static int mptcp_listen(struct socket *sock, int backlog) 2620{ 2621 struct mptcp_sock *msk = mptcp_sk(sock->sk); 2622 struct socket *ssock; 2623 int err; 2624 2625 pr_debug("msk=%p", msk); 2626 2627 lock_sock(sock->sk); 2628 ssock = __mptcp_nmpc_socket(msk); 2629 if (!ssock) { 2630 err = -EINVAL; 2631 goto unlock; 2632 } 2633 2634 mptcp_token_destroy(msk); 2635 inet_sk_state_store(sock->sk, TCP_LISTEN); 2636 sock_set_flag(sock->sk, SOCK_RCU_FREE); 2637 2638 err = ssock->ops->listen(ssock, backlog); 2639 inet_sk_state_store(sock->sk, inet_sk_state_load(ssock->sk)); 2640 if (!err) 2641 mptcp_copy_inaddrs(sock->sk, ssock->sk); 2642 2643unlock: 2644 release_sock(sock->sk); 2645 return err; 2646} 2647 2648static int mptcp_stream_accept(struct socket *sock, struct socket *newsock, 2649 int flags, bool kern) 2650{ 2651 struct mptcp_sock *msk = mptcp_sk(sock->sk); 2652 struct socket *ssock; 2653 int err; 2654 2655 pr_debug("msk=%p", msk); 2656 2657 lock_sock(sock->sk); 2658 if (sock->sk->sk_state != TCP_LISTEN) 2659 goto unlock_fail; 2660 2661 ssock = __mptcp_nmpc_socket(msk); 2662 if (!ssock) 2663 goto unlock_fail; 2664 2665 clear_bit(MPTCP_DATA_READY, &msk->flags); 2666 sock_hold(ssock->sk); 2667 release_sock(sock->sk); 2668 2669 err = ssock->ops->accept(sock, newsock, flags, kern); 2670 if (err == 0 && !mptcp_is_tcpsk(newsock->sk)) { 2671 struct mptcp_sock *msk = mptcp_sk(newsock->sk); 2672 struct mptcp_subflow_context *subflow; 2673 2674 /* set ssk->sk_socket of accept()ed flows to mptcp socket. 2675 * This is needed so NOSPACE flag can be set from tcp stack. 2676 */ 2677 __mptcp_flush_join_list(msk); 2678 mptcp_for_each_subflow(msk, subflow) { 2679 struct sock *ssk = mptcp_subflow_tcp_sock(subflow); 2680 2681 if (!ssk->sk_socket) 2682 mptcp_sock_graft(ssk, newsock); 2683 } 2684 } 2685 2686 if (inet_csk_listen_poll(ssock->sk)) 2687 set_bit(MPTCP_DATA_READY, &msk->flags); 2688 sock_put(ssock->sk); 2689 return err; 2690 2691unlock_fail: 2692 release_sock(sock->sk); 2693 return -EINVAL; 2694} 2695 2696static __poll_t mptcp_check_readable(struct mptcp_sock *msk) 2697{ 2698 return test_bit(MPTCP_DATA_READY, &msk->flags) ? EPOLLIN | EPOLLRDNORM : 2699 0; 2700} 2701 2702static __poll_t mptcp_poll(struct file *file, struct socket *sock, 2703 struct poll_table_struct *wait) 2704{ 2705 struct sock *sk = sock->sk; 2706 struct mptcp_sock *msk; 2707 __poll_t mask = 0; 2708 int state; 2709 2710 msk = mptcp_sk(sk); 2711 sock_poll_wait(file, sock, wait); 2712 2713 state = inet_sk_state_load(sk); 2714 pr_debug("msk=%p state=%d flags=%lx", msk, state, msk->flags); 2715 if (state == TCP_LISTEN) 2716 return mptcp_check_readable(msk); 2717 2718 if (state != TCP_SYN_SENT && state != TCP_SYN_RECV) { 2719 mask |= mptcp_check_readable(msk); 2720 if (test_bit(MPTCP_SEND_SPACE, &msk->flags)) 2721 mask |= EPOLLOUT | EPOLLWRNORM; 2722 } 2723 if (sk->sk_shutdown & RCV_SHUTDOWN) 2724 mask |= EPOLLIN | EPOLLRDNORM | EPOLLRDHUP; 2725 2726 return mask; 2727} 2728 2729static int mptcp_shutdown(struct socket *sock, int how) 2730{ 2731 struct mptcp_sock *msk = mptcp_sk(sock->sk); 2732 struct mptcp_subflow_context *subflow; 2733 int ret = 0; 2734 2735 pr_debug("sk=%p, how=%d", msk, how); 2736 2737 lock_sock(sock->sk); 2738 2739 how++; 2740 if ((how & ~SHUTDOWN_MASK) || !how) { 2741 ret = -EINVAL; 2742 goto out_unlock; 2743 } 2744 2745 if (sock->state == SS_CONNECTING) { 2746 if ((1 << sock->sk->sk_state) & 2747 (TCPF_SYN_SENT | TCPF_SYN_RECV | TCPF_CLOSE)) 2748 sock->state = SS_DISCONNECTING; 2749 else 2750 sock->state = SS_CONNECTED; 2751 } 2752 2753 /* If we've already sent a FIN, or it's a closed state, skip this. */ 2754 if (__mptcp_check_fallback(msk)) { 2755 if (how == SHUT_WR || how == SHUT_RDWR) 2756 inet_sk_state_store(sock->sk, TCP_FIN_WAIT1); 2757 2758 mptcp_for_each_subflow(msk, subflow) { 2759 struct sock *tcp_sk = mptcp_subflow_tcp_sock(subflow); 2760 2761 mptcp_subflow_shutdown(sock->sk, tcp_sk, how); 2762 } 2763 } else if ((how & SEND_SHUTDOWN) && 2764 ((1 << sock->sk->sk_state) & 2765 (TCPF_ESTABLISHED | TCPF_SYN_SENT | 2766 TCPF_SYN_RECV | TCPF_CLOSE_WAIT)) && 2767 mptcp_close_state(sock->sk)) { 2768 __mptcp_flush_join_list(msk); 2769 2770 WRITE_ONCE(msk->write_seq, msk->write_seq + 1); 2771 WRITE_ONCE(msk->snd_data_fin_enable, 1); 2772 2773 mptcp_for_each_subflow(msk, subflow) { 2774 struct sock *tcp_sk = mptcp_subflow_tcp_sock(subflow); 2775 2776 mptcp_subflow_shutdown(sock->sk, tcp_sk, how); 2777 } 2778 } 2779 2780 /* Wake up anyone sleeping in poll. */ 2781 sock->sk->sk_state_change(sock->sk); 2782 2783out_unlock: 2784 release_sock(sock->sk); 2785 2786 return ret; 2787} 2788 2789static const struct proto_ops mptcp_stream_ops = { 2790 .family = PF_INET, 2791 .owner = THIS_MODULE, 2792 .release = inet_release, 2793 .bind = mptcp_bind, 2794 .connect = mptcp_stream_connect, 2795 .socketpair = sock_no_socketpair, 2796 .accept = mptcp_stream_accept, 2797 .getname = inet_getname, 2798 .poll = mptcp_poll, 2799 .ioctl = inet_ioctl, 2800 .gettstamp = sock_gettstamp, 2801 .listen = mptcp_listen, 2802 .shutdown = mptcp_shutdown, 2803 .setsockopt = sock_common_setsockopt, 2804 .getsockopt = sock_common_getsockopt, 2805 .sendmsg = inet_sendmsg, 2806 .recvmsg = inet_recvmsg, 2807 .mmap = sock_no_mmap, 2808 .sendpage = inet_sendpage, 2809}; 2810 2811static struct inet_protosw mptcp_protosw = { 2812 .type = SOCK_STREAM, 2813 .protocol = IPPROTO_MPTCP, 2814 .prot = &mptcp_prot, 2815 .ops = &mptcp_stream_ops, 2816 .flags = INET_PROTOSW_ICSK, 2817}; 2818 2819void __init mptcp_proto_init(void) 2820{ 2821 mptcp_prot.h.hashinfo = tcp_prot.h.hashinfo; 2822 2823 if (percpu_counter_init(&mptcp_sockets_allocated, 0, GFP_KERNEL)) 2824 panic("Failed to allocate MPTCP pcpu counter\n"); 2825 2826 mptcp_subflow_init(); 2827 mptcp_pm_init(); 2828 mptcp_token_init(); 2829 2830 if (proto_register(&mptcp_prot, 1) != 0) 2831 panic("Failed to register MPTCP proto.\n"); 2832 2833 inet_register_protosw(&mptcp_protosw); 2834 2835 BUILD_BUG_ON(sizeof(struct mptcp_skb_cb) > sizeof_field(struct sk_buff, cb)); 2836} 2837 2838#if IS_ENABLED(CONFIG_MPTCP_IPV6) 2839static const struct proto_ops mptcp_v6_stream_ops = { 2840 .family = PF_INET6, 2841 .owner = THIS_MODULE, 2842 .release = inet6_release, 2843 .bind = mptcp_bind, 2844 .connect = mptcp_stream_connect, 2845 .socketpair = sock_no_socketpair, 2846 .accept = mptcp_stream_accept, 2847 .getname = inet6_getname, 2848 .poll = mptcp_poll, 2849 .ioctl = inet6_ioctl, 2850 .gettstamp = sock_gettstamp, 2851 .listen = mptcp_listen, 2852 .shutdown = mptcp_shutdown, 2853 .setsockopt = sock_common_setsockopt, 2854 .getsockopt = sock_common_getsockopt, 2855 .sendmsg = inet6_sendmsg, 2856 .recvmsg = inet6_recvmsg, 2857 .mmap = sock_no_mmap, 2858 .sendpage = inet_sendpage, 2859#ifdef CONFIG_COMPAT 2860 .compat_ioctl = inet6_compat_ioctl, 2861#endif 2862}; 2863 2864static struct proto mptcp_v6_prot; 2865 2866static struct inet_protosw mptcp_v6_protosw = { 2867 .type = SOCK_STREAM, 2868 .protocol = IPPROTO_MPTCP, 2869 .prot = &mptcp_v6_prot, 2870 .ops = &mptcp_v6_stream_ops, 2871 .flags = INET_PROTOSW_ICSK, 2872}; 2873 2874int __init mptcp_proto_v6_init(void) 2875{ 2876 int err; 2877 2878 mptcp_v6_prot = mptcp_prot; 2879 strcpy(mptcp_v6_prot.name, "MPTCPv6"); 2880 mptcp_v6_prot.slab = NULL; 2881 mptcp_v6_prot.obj_size = sizeof(struct mptcp6_sock); 2882 2883 err = proto_register(&mptcp_v6_prot, 1); 2884 if (err) 2885 return err; 2886 2887 err = inet6_register_protosw(&mptcp_v6_protosw); 2888 if (err) 2889 proto_unregister(&mptcp_v6_prot); 2890 2891 return err; 2892} 2893#endif 2894