1 // SPDX-License-Identifier: GPL-2.0 2 /* Multipath TCP 3 * 4 * Copyright (c) 2017 - 2019, Intel Corporation. 5 */ 6 7 #define pr_fmt(fmt) "MPTCP: " fmt 8 9 #include <linux/kernel.h> 10 #include <linux/module.h> 11 #include <linux/netdevice.h> 12 #include <linux/sched/signal.h> 13 #include <linux/atomic.h> 14 #include <net/sock.h> 15 #include <net/inet_common.h> 16 #include <net/inet_hashtables.h> 17 #include <net/protocol.h> 18 #include <net/tcp.h> 19 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 20 #include <net/transp_v6.h> 21 #endif 22 #include <net/mptcp.h> 23 #include "protocol.h" 24 #include "mib.h" 25 26 #define MPTCP_SAME_STATE TCP_MAX_STATES 27 28 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 29 struct mptcp6_sock { 30 struct mptcp_sock msk; 31 struct ipv6_pinfo np; 32 }; 33 #endif 34 35 struct mptcp_skb_cb { 36 u32 offset; 37 }; 38 39 #define MPTCP_SKB_CB(__skb) ((struct mptcp_skb_cb *)&((__skb)->cb[0])) 40 41 static struct percpu_counter mptcp_sockets_allocated; 42 43 /* If msk has an initial subflow socket, and the MP_CAPABLE handshake has not 44 * completed yet or has failed, return the subflow socket. 45 * Otherwise return NULL. 46 */ 47 static struct socket *__mptcp_nmpc_socket(const struct mptcp_sock *msk) 48 { 49 if (!msk->subflow || READ_ONCE(msk->can_ack)) 50 return NULL; 51 52 return msk->subflow; 53 } 54 55 static bool __mptcp_needs_tcp_fallback(const struct mptcp_sock *msk) 56 { 57 return msk->first && !sk_is_mptcp(msk->first); 58 } 59 60 static struct socket *__mptcp_tcp_fallback(struct mptcp_sock *msk) 61 { 62 sock_owned_by_me((const struct sock *)msk); 63 64 if (likely(!__mptcp_needs_tcp_fallback(msk))) 65 return NULL; 66 67 if (msk->subflow) { 68 release_sock((struct sock *)msk); 69 return msk->subflow; 70 } 71 72 return NULL; 73 } 74 75 static bool __mptcp_can_create_subflow(const struct mptcp_sock *msk) 76 { 77 return !msk->first; 78 } 79 80 static struct socket *__mptcp_socket_create(struct mptcp_sock *msk, int state) 81 { 82 struct mptcp_subflow_context *subflow; 83 struct sock *sk = (struct sock *)msk; 84 struct socket *ssock; 85 int err; 86 87 ssock = __mptcp_nmpc_socket(msk); 88 if (ssock) 89 goto set_state; 90 91 if (!__mptcp_can_create_subflow(msk)) 92 return ERR_PTR(-EINVAL); 93 94 err = mptcp_subflow_create_socket(sk, &ssock); 95 if (err) 96 return ERR_PTR(err); 97 98 msk->first = ssock->sk; 99 msk->subflow = ssock; 100 subflow = mptcp_subflow_ctx(ssock->sk); 101 list_add(&subflow->node, &msk->conn_list); 102 subflow->request_mptcp = 1; 103 104 set_state: 105 if (state != MPTCP_SAME_STATE) 106 inet_sk_state_store(sk, state); 107 return ssock; 108 } 109 110 static void __mptcp_move_skb(struct mptcp_sock *msk, struct sock *ssk, 111 struct sk_buff *skb, 112 unsigned int offset, size_t copy_len) 113 { 114 struct sock *sk = (struct sock *)msk; 115 116 __skb_unlink(skb, &ssk->sk_receive_queue); 117 skb_set_owner_r(skb, sk); 118 __skb_queue_tail(&sk->sk_receive_queue, skb); 119 120 msk->ack_seq += copy_len; 121 MPTCP_SKB_CB(skb)->offset = offset; 122 } 123 124 static bool __mptcp_move_skbs_from_subflow(struct mptcp_sock *msk, 125 struct sock *ssk, 126 unsigned int *bytes) 127 { 128 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk); 129 struct sock *sk = (struct sock *)msk; 130 unsigned int moved = 0; 131 bool more_data_avail; 132 struct tcp_sock *tp; 133 bool done = false; 134 135 if (!(sk->sk_userlocks & SOCK_RCVBUF_LOCK)) { 136 int rcvbuf = max(ssk->sk_rcvbuf, sk->sk_rcvbuf); 137 138 if (rcvbuf > sk->sk_rcvbuf) 139 sk->sk_rcvbuf = rcvbuf; 140 } 141 142 tp = tcp_sk(ssk); 143 do { 144 u32 map_remaining, offset; 145 u32 seq = tp->copied_seq; 146 struct sk_buff *skb; 147 bool fin; 148 149 /* try to move as much data as available */ 150 map_remaining = subflow->map_data_len - 151 mptcp_subflow_get_map_offset(subflow); 152 153 skb = skb_peek(&ssk->sk_receive_queue); 154 if (!skb) 155 break; 156 157 offset = seq - TCP_SKB_CB(skb)->seq; 158 fin = TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN; 159 if (fin) { 160 done = true; 161 seq++; 162 } 163 164 if (offset < skb->len) { 165 size_t len = skb->len - offset; 166 167 if (tp->urg_data) 168 done = true; 169 170 __mptcp_move_skb(msk, ssk, skb, offset, len); 171 seq += len; 172 moved += len; 173 174 if (WARN_ON_ONCE(map_remaining < len)) 175 break; 176 } else { 177 WARN_ON_ONCE(!fin); 178 sk_eat_skb(ssk, skb); 179 done = true; 180 } 181 182 WRITE_ONCE(tp->copied_seq, seq); 183 more_data_avail = mptcp_subflow_data_available(ssk); 184 185 if (atomic_read(&sk->sk_rmem_alloc) > READ_ONCE(sk->sk_rcvbuf)) { 186 done = true; 187 break; 188 } 189 } while (more_data_avail); 190 191 *bytes = moved; 192 193 return done; 194 } 195 196 /* In most cases we will be able to lock the mptcp socket. If its already 197 * owned, we need to defer to the work queue to avoid ABBA deadlock. 198 */ 199 static bool move_skbs_to_msk(struct mptcp_sock *msk, struct sock *ssk) 200 { 201 struct sock *sk = (struct sock *)msk; 202 unsigned int moved = 0; 203 204 if (READ_ONCE(sk->sk_lock.owned)) 205 return false; 206 207 if (unlikely(!spin_trylock_bh(&sk->sk_lock.slock))) 208 return false; 209 210 /* must re-check after taking the lock */ 211 if (!READ_ONCE(sk->sk_lock.owned)) 212 __mptcp_move_skbs_from_subflow(msk, ssk, &moved); 213 214 spin_unlock_bh(&sk->sk_lock.slock); 215 216 return moved > 0; 217 } 218 219 void mptcp_data_ready(struct sock *sk, struct sock *ssk) 220 { 221 struct mptcp_sock *msk = mptcp_sk(sk); 222 223 set_bit(MPTCP_DATA_READY, &msk->flags); 224 225 if (atomic_read(&sk->sk_rmem_alloc) < READ_ONCE(sk->sk_rcvbuf) && 226 move_skbs_to_msk(msk, ssk)) 227 goto wake; 228 229 /* don't schedule if mptcp sk is (still) over limit */ 230 if (atomic_read(&sk->sk_rmem_alloc) > READ_ONCE(sk->sk_rcvbuf)) 231 goto wake; 232 233 /* mptcp socket is owned, release_cb should retry */ 234 if (!test_and_set_bit(TCP_DELACK_TIMER_DEFERRED, 235 &sk->sk_tsq_flags)) { 236 sock_hold(sk); 237 238 /* need to try again, its possible release_cb() has already 239 * been called after the test_and_set_bit() above. 240 */ 241 move_skbs_to_msk(msk, ssk); 242 } 243 wake: 244 sk->sk_data_ready(sk); 245 } 246 247 static void __mptcp_flush_join_list(struct mptcp_sock *msk) 248 { 249 if (likely(list_empty(&msk->join_list))) 250 return; 251 252 spin_lock_bh(&msk->join_list_lock); 253 list_splice_tail_init(&msk->join_list, &msk->conn_list); 254 spin_unlock_bh(&msk->join_list_lock); 255 } 256 257 static void mptcp_set_timeout(const struct sock *sk, const struct sock *ssk) 258 { 259 long tout = ssk && inet_csk(ssk)->icsk_pending ? 260 inet_csk(ssk)->icsk_timeout - jiffies : 0; 261 262 if (tout <= 0) 263 tout = mptcp_sk(sk)->timer_ival; 264 mptcp_sk(sk)->timer_ival = tout > 0 ? tout : TCP_RTO_MIN; 265 } 266 267 static bool mptcp_timer_pending(struct sock *sk) 268 { 269 return timer_pending(&inet_csk(sk)->icsk_retransmit_timer); 270 } 271 272 static void mptcp_reset_timer(struct sock *sk) 273 { 274 struct inet_connection_sock *icsk = inet_csk(sk); 275 unsigned long tout; 276 277 /* should never be called with mptcp level timer cleared */ 278 tout = READ_ONCE(mptcp_sk(sk)->timer_ival); 279 if (WARN_ON_ONCE(!tout)) 280 tout = TCP_RTO_MIN; 281 sk_reset_timer(sk, &icsk->icsk_retransmit_timer, jiffies + tout); 282 } 283 284 void mptcp_data_acked(struct sock *sk) 285 { 286 mptcp_reset_timer(sk); 287 288 if (!sk_stream_is_writeable(sk) && 289 schedule_work(&mptcp_sk(sk)->work)) 290 sock_hold(sk); 291 } 292 293 static void mptcp_stop_timer(struct sock *sk) 294 { 295 struct inet_connection_sock *icsk = inet_csk(sk); 296 297 sk_stop_timer(sk, &icsk->icsk_retransmit_timer); 298 mptcp_sk(sk)->timer_ival = 0; 299 } 300 301 static bool mptcp_ext_cache_refill(struct mptcp_sock *msk) 302 { 303 if (!msk->cached_ext) 304 msk->cached_ext = __skb_ext_alloc(); 305 306 return !!msk->cached_ext; 307 } 308 309 static struct sock *mptcp_subflow_recv_lookup(const struct mptcp_sock *msk) 310 { 311 struct mptcp_subflow_context *subflow; 312 struct sock *sk = (struct sock *)msk; 313 314 sock_owned_by_me(sk); 315 316 mptcp_for_each_subflow(msk, subflow) { 317 if (subflow->data_avail) 318 return mptcp_subflow_tcp_sock(subflow); 319 } 320 321 return NULL; 322 } 323 324 static bool mptcp_skb_can_collapse_to(u64 write_seq, 325 const struct sk_buff *skb, 326 const struct mptcp_ext *mpext) 327 { 328 if (!tcp_skb_can_collapse_to(skb)) 329 return false; 330 331 /* can collapse only if MPTCP level sequence is in order */ 332 return mpext && mpext->data_seq + mpext->data_len == write_seq; 333 } 334 335 static bool mptcp_frag_can_collapse_to(const struct mptcp_sock *msk, 336 const struct page_frag *pfrag, 337 const struct mptcp_data_frag *df) 338 { 339 return df && pfrag->page == df->page && 340 df->data_seq + df->data_len == msk->write_seq; 341 } 342 343 static void dfrag_uncharge(struct sock *sk, int len) 344 { 345 sk_mem_uncharge(sk, len); 346 sk_wmem_queued_add(sk, -len); 347 } 348 349 static void dfrag_clear(struct sock *sk, struct mptcp_data_frag *dfrag) 350 { 351 int len = dfrag->data_len + dfrag->overhead; 352 353 list_del(&dfrag->list); 354 dfrag_uncharge(sk, len); 355 put_page(dfrag->page); 356 } 357 358 static void mptcp_clean_una(struct sock *sk) 359 { 360 struct mptcp_sock *msk = mptcp_sk(sk); 361 struct mptcp_data_frag *dtmp, *dfrag; 362 u64 snd_una = atomic64_read(&msk->snd_una); 363 bool cleaned = false; 364 365 list_for_each_entry_safe(dfrag, dtmp, &msk->rtx_queue, list) { 366 if (after64(dfrag->data_seq + dfrag->data_len, snd_una)) 367 break; 368 369 dfrag_clear(sk, dfrag); 370 cleaned = true; 371 } 372 373 dfrag = mptcp_rtx_head(sk); 374 if (dfrag && after64(snd_una, dfrag->data_seq)) { 375 u64 delta = dfrag->data_seq + dfrag->data_len - snd_una; 376 377 dfrag->data_seq += delta; 378 dfrag->data_len -= delta; 379 380 dfrag_uncharge(sk, delta); 381 cleaned = true; 382 } 383 384 if (cleaned) { 385 sk_mem_reclaim_partial(sk); 386 387 /* Only wake up writers if a subflow is ready */ 388 if (test_bit(MPTCP_SEND_SPACE, &msk->flags)) 389 sk_stream_write_space(sk); 390 } 391 } 392 393 /* ensure we get enough memory for the frag hdr, beyond some minimal amount of 394 * data 395 */ 396 static bool mptcp_page_frag_refill(struct sock *sk, struct page_frag *pfrag) 397 { 398 if (likely(skb_page_frag_refill(32U + sizeof(struct mptcp_data_frag), 399 pfrag, sk->sk_allocation))) 400 return true; 401 402 sk->sk_prot->enter_memory_pressure(sk); 403 sk_stream_moderate_sndbuf(sk); 404 return false; 405 } 406 407 static struct mptcp_data_frag * 408 mptcp_carve_data_frag(const struct mptcp_sock *msk, struct page_frag *pfrag, 409 int orig_offset) 410 { 411 int offset = ALIGN(orig_offset, sizeof(long)); 412 struct mptcp_data_frag *dfrag; 413 414 dfrag = (struct mptcp_data_frag *)(page_to_virt(pfrag->page) + offset); 415 dfrag->data_len = 0; 416 dfrag->data_seq = msk->write_seq; 417 dfrag->overhead = offset - orig_offset + sizeof(struct mptcp_data_frag); 418 dfrag->offset = offset + sizeof(struct mptcp_data_frag); 419 dfrag->page = pfrag->page; 420 421 return dfrag; 422 } 423 424 static int mptcp_sendmsg_frag(struct sock *sk, struct sock *ssk, 425 struct msghdr *msg, struct mptcp_data_frag *dfrag, 426 long *timeo, int *pmss_now, 427 int *ps_goal) 428 { 429 int mss_now, avail_size, size_goal, offset, ret, frag_truesize = 0; 430 bool dfrag_collapsed, can_collapse = false; 431 struct mptcp_sock *msk = mptcp_sk(sk); 432 struct mptcp_ext *mpext = NULL; 433 bool retransmission = !!dfrag; 434 struct sk_buff *skb, *tail; 435 struct page_frag *pfrag; 436 struct page *page; 437 u64 *write_seq; 438 size_t psize; 439 440 /* use the mptcp page cache so that we can easily move the data 441 * from one substream to another, but do per subflow memory accounting 442 * Note: pfrag is used only !retransmission, but the compiler if 443 * fooled into a warning if we don't init here 444 */ 445 pfrag = sk_page_frag(sk); 446 while ((!retransmission && !mptcp_page_frag_refill(ssk, pfrag)) || 447 !mptcp_ext_cache_refill(msk)) { 448 ret = sk_stream_wait_memory(ssk, timeo); 449 if (ret) 450 return ret; 451 452 /* if sk_stream_wait_memory() sleeps snd_una can change 453 * significantly, refresh the rtx queue 454 */ 455 mptcp_clean_una(sk); 456 457 if (unlikely(__mptcp_needs_tcp_fallback(msk))) 458 return 0; 459 } 460 if (!retransmission) { 461 write_seq = &msk->write_seq; 462 page = pfrag->page; 463 } else { 464 write_seq = &dfrag->data_seq; 465 page = dfrag->page; 466 } 467 468 /* compute copy limit */ 469 mss_now = tcp_send_mss(ssk, &size_goal, msg->msg_flags); 470 *pmss_now = mss_now; 471 *ps_goal = size_goal; 472 avail_size = size_goal; 473 skb = tcp_write_queue_tail(ssk); 474 if (skb) { 475 mpext = skb_ext_find(skb, SKB_EXT_MPTCP); 476 477 /* Limit the write to the size available in the 478 * current skb, if any, so that we create at most a new skb. 479 * Explicitly tells TCP internals to avoid collapsing on later 480 * queue management operation, to avoid breaking the ext <-> 481 * SSN association set here 482 */ 483 can_collapse = (size_goal - skb->len > 0) && 484 mptcp_skb_can_collapse_to(*write_seq, skb, mpext); 485 if (!can_collapse) 486 TCP_SKB_CB(skb)->eor = 1; 487 else 488 avail_size = size_goal - skb->len; 489 } 490 491 if (!retransmission) { 492 /* reuse tail pfrag, if possible, or carve a new one from the 493 * page allocator 494 */ 495 dfrag = mptcp_rtx_tail(sk); 496 offset = pfrag->offset; 497 dfrag_collapsed = mptcp_frag_can_collapse_to(msk, pfrag, dfrag); 498 if (!dfrag_collapsed) { 499 dfrag = mptcp_carve_data_frag(msk, pfrag, offset); 500 offset = dfrag->offset; 501 frag_truesize = dfrag->overhead; 502 } 503 psize = min_t(size_t, pfrag->size - offset, avail_size); 504 505 /* Copy to page */ 506 pr_debug("left=%zu", msg_data_left(msg)); 507 psize = copy_page_from_iter(pfrag->page, offset, 508 min_t(size_t, msg_data_left(msg), 509 psize), 510 &msg->msg_iter); 511 pr_debug("left=%zu", msg_data_left(msg)); 512 if (!psize) 513 return -EINVAL; 514 515 if (!sk_wmem_schedule(sk, psize + dfrag->overhead)) 516 return -ENOMEM; 517 } else { 518 offset = dfrag->offset; 519 psize = min_t(size_t, dfrag->data_len, avail_size); 520 } 521 522 /* tell the TCP stack to delay the push so that we can safely 523 * access the skb after the sendpages call 524 */ 525 ret = do_tcp_sendpages(ssk, page, offset, psize, 526 msg->msg_flags | MSG_SENDPAGE_NOTLAST); 527 if (ret <= 0) 528 return ret; 529 530 frag_truesize += ret; 531 if (!retransmission) { 532 if (unlikely(ret < psize)) 533 iov_iter_revert(&msg->msg_iter, psize - ret); 534 535 /* send successful, keep track of sent data for mptcp-level 536 * retransmission 537 */ 538 dfrag->data_len += ret; 539 if (!dfrag_collapsed) { 540 get_page(dfrag->page); 541 list_add_tail(&dfrag->list, &msk->rtx_queue); 542 sk_wmem_queued_add(sk, frag_truesize); 543 } else { 544 sk_wmem_queued_add(sk, ret); 545 } 546 547 /* charge data on mptcp rtx queue to the master socket 548 * Note: we charge such data both to sk and ssk 549 */ 550 sk->sk_forward_alloc -= frag_truesize; 551 } 552 553 /* if the tail skb extension is still the cached one, collapsing 554 * really happened. Note: we can't check for 'same skb' as the sk_buff 555 * hdr on tail can be transmitted, freed and re-allocated by the 556 * do_tcp_sendpages() call 557 */ 558 tail = tcp_write_queue_tail(ssk); 559 if (mpext && tail && mpext == skb_ext_find(tail, SKB_EXT_MPTCP)) { 560 WARN_ON_ONCE(!can_collapse); 561 mpext->data_len += ret; 562 goto out; 563 } 564 565 skb = tcp_write_queue_tail(ssk); 566 mpext = __skb_ext_set(skb, SKB_EXT_MPTCP, msk->cached_ext); 567 msk->cached_ext = NULL; 568 569 memset(mpext, 0, sizeof(*mpext)); 570 mpext->data_seq = *write_seq; 571 mpext->subflow_seq = mptcp_subflow_ctx(ssk)->rel_write_seq; 572 mpext->data_len = ret; 573 mpext->use_map = 1; 574 mpext->dsn64 = 1; 575 576 pr_debug("data_seq=%llu subflow_seq=%u data_len=%u dsn64=%d", 577 mpext->data_seq, mpext->subflow_seq, mpext->data_len, 578 mpext->dsn64); 579 580 out: 581 if (!retransmission) 582 pfrag->offset += frag_truesize; 583 *write_seq += ret; 584 mptcp_subflow_ctx(ssk)->rel_write_seq += ret; 585 586 return ret; 587 } 588 589 static struct sock *mptcp_subflow_get_send(struct mptcp_sock *msk) 590 { 591 struct mptcp_subflow_context *subflow; 592 struct sock *backup = NULL; 593 594 sock_owned_by_me((const struct sock *)msk); 595 596 mptcp_for_each_subflow(msk, subflow) { 597 struct sock *ssk = mptcp_subflow_tcp_sock(subflow); 598 599 if (!sk_stream_memory_free(ssk)) { 600 struct socket *sock = ssk->sk_socket; 601 602 if (sock) { 603 clear_bit(MPTCP_SEND_SPACE, &msk->flags); 604 smp_mb__after_atomic(); 605 606 /* enables sk->write_space() callbacks */ 607 set_bit(SOCK_NOSPACE, &sock->flags); 608 } 609 610 return NULL; 611 } 612 613 if (subflow->backup) { 614 if (!backup) 615 backup = ssk; 616 617 continue; 618 } 619 620 return ssk; 621 } 622 623 return backup; 624 } 625 626 static void ssk_check_wmem(struct mptcp_sock *msk, struct sock *ssk) 627 { 628 struct socket *sock; 629 630 if (likely(sk_stream_is_writeable(ssk))) 631 return; 632 633 sock = READ_ONCE(ssk->sk_socket); 634 635 if (sock) { 636 clear_bit(MPTCP_SEND_SPACE, &msk->flags); 637 smp_mb__after_atomic(); 638 /* set NOSPACE only after clearing SEND_SPACE flag */ 639 set_bit(SOCK_NOSPACE, &sock->flags); 640 } 641 } 642 643 static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) 644 { 645 int mss_now = 0, size_goal = 0, ret = 0; 646 struct mptcp_sock *msk = mptcp_sk(sk); 647 struct socket *ssock; 648 size_t copied = 0; 649 struct sock *ssk; 650 long timeo; 651 652 if (msg->msg_flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL)) 653 return -EOPNOTSUPP; 654 655 lock_sock(sk); 656 657 timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT); 658 659 if ((1 << sk->sk_state) & ~(TCPF_ESTABLISHED | TCPF_CLOSE_WAIT)) { 660 ret = sk_stream_wait_connect(sk, &timeo); 661 if (ret) 662 goto out; 663 } 664 665 ssock = __mptcp_tcp_fallback(msk); 666 if (unlikely(ssock)) { 667 fallback: 668 pr_debug("fallback passthrough"); 669 ret = sock_sendmsg(ssock, msg); 670 return ret >= 0 ? ret + copied : (copied ? copied : ret); 671 } 672 673 mptcp_clean_una(sk); 674 675 __mptcp_flush_join_list(msk); 676 ssk = mptcp_subflow_get_send(msk); 677 while (!sk_stream_memory_free(sk) || !ssk) { 678 ret = sk_stream_wait_memory(sk, &timeo); 679 if (ret) 680 goto out; 681 682 mptcp_clean_una(sk); 683 684 ssk = mptcp_subflow_get_send(msk); 685 if (list_empty(&msk->conn_list)) { 686 ret = -ENOTCONN; 687 goto out; 688 } 689 } 690 691 pr_debug("conn_list->subflow=%p", ssk); 692 693 lock_sock(ssk); 694 while (msg_data_left(msg)) { 695 ret = mptcp_sendmsg_frag(sk, ssk, msg, NULL, &timeo, &mss_now, 696 &size_goal); 697 if (ret < 0) 698 break; 699 if (ret == 0 && unlikely(__mptcp_needs_tcp_fallback(msk))) { 700 release_sock(ssk); 701 ssock = __mptcp_tcp_fallback(msk); 702 goto fallback; 703 } 704 705 copied += ret; 706 } 707 708 mptcp_set_timeout(sk, ssk); 709 if (copied) { 710 ret = copied; 711 tcp_push(ssk, msg->msg_flags, mss_now, tcp_sk(ssk)->nonagle, 712 size_goal); 713 714 /* start the timer, if it's not pending */ 715 if (!mptcp_timer_pending(sk)) 716 mptcp_reset_timer(sk); 717 } 718 719 ssk_check_wmem(msk, ssk); 720 release_sock(ssk); 721 out: 722 release_sock(sk); 723 return ret; 724 } 725 726 static void mptcp_wait_data(struct sock *sk, long *timeo) 727 { 728 DEFINE_WAIT_FUNC(wait, woken_wake_function); 729 struct mptcp_sock *msk = mptcp_sk(sk); 730 731 add_wait_queue(sk_sleep(sk), &wait); 732 sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk); 733 734 sk_wait_event(sk, timeo, 735 test_and_clear_bit(MPTCP_DATA_READY, &msk->flags), &wait); 736 737 sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk); 738 remove_wait_queue(sk_sleep(sk), &wait); 739 } 740 741 static int __mptcp_recvmsg_mskq(struct mptcp_sock *msk, 742 struct msghdr *msg, 743 size_t len) 744 { 745 struct sock *sk = (struct sock *)msk; 746 struct sk_buff *skb; 747 int copied = 0; 748 749 while ((skb = skb_peek(&sk->sk_receive_queue)) != NULL) { 750 u32 offset = MPTCP_SKB_CB(skb)->offset; 751 u32 data_len = skb->len - offset; 752 u32 count = min_t(size_t, len - copied, data_len); 753 int err; 754 755 err = skb_copy_datagram_msg(skb, offset, msg, count); 756 if (unlikely(err < 0)) { 757 if (!copied) 758 return err; 759 break; 760 } 761 762 copied += count; 763 764 if (count < data_len) { 765 MPTCP_SKB_CB(skb)->offset += count; 766 break; 767 } 768 769 __skb_unlink(skb, &sk->sk_receive_queue); 770 __kfree_skb(skb); 771 772 if (copied >= len) 773 break; 774 } 775 776 return copied; 777 } 778 779 static bool __mptcp_move_skbs(struct mptcp_sock *msk) 780 { 781 unsigned int moved = 0; 782 bool done; 783 784 do { 785 struct sock *ssk = mptcp_subflow_recv_lookup(msk); 786 787 if (!ssk) 788 break; 789 790 lock_sock(ssk); 791 done = __mptcp_move_skbs_from_subflow(msk, ssk, &moved); 792 release_sock(ssk); 793 } while (!done); 794 795 return moved > 0; 796 } 797 798 static int mptcp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, 799 int nonblock, int flags, int *addr_len) 800 { 801 struct mptcp_sock *msk = mptcp_sk(sk); 802 struct socket *ssock; 803 int copied = 0; 804 int target; 805 long timeo; 806 807 if (msg->msg_flags & ~(MSG_WAITALL | MSG_DONTWAIT)) 808 return -EOPNOTSUPP; 809 810 lock_sock(sk); 811 ssock = __mptcp_tcp_fallback(msk); 812 if (unlikely(ssock)) { 813 fallback: 814 pr_debug("fallback-read subflow=%p", 815 mptcp_subflow_ctx(ssock->sk)); 816 copied = sock_recvmsg(ssock, msg, flags); 817 return copied; 818 } 819 820 timeo = sock_rcvtimeo(sk, nonblock); 821 822 len = min_t(size_t, len, INT_MAX); 823 target = sock_rcvlowat(sk, flags & MSG_WAITALL, len); 824 __mptcp_flush_join_list(msk); 825 826 while (len > (size_t)copied) { 827 int bytes_read; 828 829 bytes_read = __mptcp_recvmsg_mskq(msk, msg, len - copied); 830 if (unlikely(bytes_read < 0)) { 831 if (!copied) 832 copied = bytes_read; 833 goto out_err; 834 } 835 836 copied += bytes_read; 837 838 if (skb_queue_empty(&sk->sk_receive_queue) && 839 __mptcp_move_skbs(msk)) 840 continue; 841 842 /* only the master socket status is relevant here. The exit 843 * conditions mirror closely tcp_recvmsg() 844 */ 845 if (copied >= target) 846 break; 847 848 if (copied) { 849 if (sk->sk_err || 850 sk->sk_state == TCP_CLOSE || 851 (sk->sk_shutdown & RCV_SHUTDOWN) || 852 !timeo || 853 signal_pending(current)) 854 break; 855 } else { 856 if (sk->sk_err) { 857 copied = sock_error(sk); 858 break; 859 } 860 861 if (sk->sk_shutdown & RCV_SHUTDOWN) 862 break; 863 864 if (sk->sk_state == TCP_CLOSE) { 865 copied = -ENOTCONN; 866 break; 867 } 868 869 if (!timeo) { 870 copied = -EAGAIN; 871 break; 872 } 873 874 if (signal_pending(current)) { 875 copied = sock_intr_errno(timeo); 876 break; 877 } 878 } 879 880 pr_debug("block timeout %ld", timeo); 881 mptcp_wait_data(sk, &timeo); 882 if (unlikely(__mptcp_tcp_fallback(msk))) 883 goto fallback; 884 } 885 886 if (skb_queue_empty(&sk->sk_receive_queue)) { 887 /* entire backlog drained, clear DATA_READY. */ 888 clear_bit(MPTCP_DATA_READY, &msk->flags); 889 890 /* .. race-breaker: ssk might have gotten new data 891 * after last __mptcp_move_skbs() returned false. 892 */ 893 if (unlikely(__mptcp_move_skbs(msk))) 894 set_bit(MPTCP_DATA_READY, &msk->flags); 895 } else if (unlikely(!test_bit(MPTCP_DATA_READY, &msk->flags))) { 896 /* data to read but mptcp_wait_data() cleared DATA_READY */ 897 set_bit(MPTCP_DATA_READY, &msk->flags); 898 } 899 out_err: 900 release_sock(sk); 901 return copied; 902 } 903 904 static void mptcp_retransmit_handler(struct sock *sk) 905 { 906 struct mptcp_sock *msk = mptcp_sk(sk); 907 908 if (atomic64_read(&msk->snd_una) == msk->write_seq) { 909 mptcp_stop_timer(sk); 910 } else { 911 set_bit(MPTCP_WORK_RTX, &msk->flags); 912 if (schedule_work(&msk->work)) 913 sock_hold(sk); 914 } 915 } 916 917 static void mptcp_retransmit_timer(struct timer_list *t) 918 { 919 struct inet_connection_sock *icsk = from_timer(icsk, t, 920 icsk_retransmit_timer); 921 struct sock *sk = &icsk->icsk_inet.sk; 922 923 bh_lock_sock(sk); 924 if (!sock_owned_by_user(sk)) { 925 mptcp_retransmit_handler(sk); 926 } else { 927 /* delegate our work to tcp_release_cb() */ 928 if (!test_and_set_bit(TCP_WRITE_TIMER_DEFERRED, 929 &sk->sk_tsq_flags)) 930 sock_hold(sk); 931 } 932 bh_unlock_sock(sk); 933 sock_put(sk); 934 } 935 936 /* Find an idle subflow. Return NULL if there is unacked data at tcp 937 * level. 938 * 939 * A backup subflow is returned only if that is the only kind available. 940 */ 941 static struct sock *mptcp_subflow_get_retrans(const struct mptcp_sock *msk) 942 { 943 struct mptcp_subflow_context *subflow; 944 struct sock *backup = NULL; 945 946 sock_owned_by_me((const struct sock *)msk); 947 948 mptcp_for_each_subflow(msk, subflow) { 949 struct sock *ssk = mptcp_subflow_tcp_sock(subflow); 950 951 /* still data outstanding at TCP level? Don't retransmit. */ 952 if (!tcp_write_queue_empty(ssk)) 953 return NULL; 954 955 if (subflow->backup) { 956 if (!backup) 957 backup = ssk; 958 continue; 959 } 960 961 return ssk; 962 } 963 964 return backup; 965 } 966 967 /* subflow sockets can be either outgoing (connect) or incoming 968 * (accept). 969 * 970 * Outgoing subflows use in-kernel sockets. 971 * Incoming subflows do not have their own 'struct socket' allocated, 972 * so we need to use tcp_close() after detaching them from the mptcp 973 * parent socket. 974 */ 975 static void __mptcp_close_ssk(struct sock *sk, struct sock *ssk, 976 struct mptcp_subflow_context *subflow, 977 long timeout) 978 { 979 struct socket *sock = READ_ONCE(ssk->sk_socket); 980 981 list_del(&subflow->node); 982 983 if (sock && sock != sk->sk_socket) { 984 /* outgoing subflow */ 985 sock_release(sock); 986 } else { 987 /* incoming subflow */ 988 tcp_close(ssk, timeout); 989 } 990 } 991 992 static unsigned int mptcp_sync_mss(struct sock *sk, u32 pmtu) 993 { 994 return 0; 995 } 996 997 static void mptcp_worker(struct work_struct *work) 998 { 999 struct mptcp_sock *msk = container_of(work, struct mptcp_sock, work); 1000 struct sock *ssk, *sk = &msk->sk.icsk_inet.sk; 1001 int orig_len, orig_offset, ret, mss_now = 0, size_goal = 0; 1002 struct mptcp_data_frag *dfrag; 1003 u64 orig_write_seq; 1004 size_t copied = 0; 1005 struct msghdr msg; 1006 long timeo = 0; 1007 1008 lock_sock(sk); 1009 mptcp_clean_una(sk); 1010 __mptcp_flush_join_list(msk); 1011 __mptcp_move_skbs(msk); 1012 1013 if (!test_and_clear_bit(MPTCP_WORK_RTX, &msk->flags)) 1014 goto unlock; 1015 1016 dfrag = mptcp_rtx_head(sk); 1017 if (!dfrag) 1018 goto unlock; 1019 1020 ssk = mptcp_subflow_get_retrans(msk); 1021 if (!ssk) 1022 goto reset_unlock; 1023 1024 lock_sock(ssk); 1025 1026 msg.msg_flags = MSG_DONTWAIT; 1027 orig_len = dfrag->data_len; 1028 orig_offset = dfrag->offset; 1029 orig_write_seq = dfrag->data_seq; 1030 while (dfrag->data_len > 0) { 1031 ret = mptcp_sendmsg_frag(sk, ssk, &msg, dfrag, &timeo, &mss_now, 1032 &size_goal); 1033 if (ret < 0) 1034 break; 1035 1036 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_RETRANSSEGS); 1037 copied += ret; 1038 dfrag->data_len -= ret; 1039 dfrag->offset += ret; 1040 } 1041 if (copied) 1042 tcp_push(ssk, msg.msg_flags, mss_now, tcp_sk(ssk)->nonagle, 1043 size_goal); 1044 1045 dfrag->data_seq = orig_write_seq; 1046 dfrag->offset = orig_offset; 1047 dfrag->data_len = orig_len; 1048 1049 mptcp_set_timeout(sk, ssk); 1050 release_sock(ssk); 1051 1052 reset_unlock: 1053 if (!mptcp_timer_pending(sk)) 1054 mptcp_reset_timer(sk); 1055 1056 unlock: 1057 release_sock(sk); 1058 sock_put(sk); 1059 } 1060 1061 static int __mptcp_init_sock(struct sock *sk) 1062 { 1063 struct mptcp_sock *msk = mptcp_sk(sk); 1064 1065 spin_lock_init(&msk->join_list_lock); 1066 1067 INIT_LIST_HEAD(&msk->conn_list); 1068 INIT_LIST_HEAD(&msk->join_list); 1069 INIT_LIST_HEAD(&msk->rtx_queue); 1070 __set_bit(MPTCP_SEND_SPACE, &msk->flags); 1071 INIT_WORK(&msk->work, mptcp_worker); 1072 1073 msk->first = NULL; 1074 inet_csk(sk)->icsk_sync_mss = mptcp_sync_mss; 1075 1076 mptcp_pm_data_init(msk); 1077 1078 /* re-use the csk retrans timer for MPTCP-level retrans */ 1079 timer_setup(&msk->sk.icsk_retransmit_timer, mptcp_retransmit_timer, 0); 1080 1081 return 0; 1082 } 1083 1084 static int mptcp_init_sock(struct sock *sk) 1085 { 1086 struct net *net = sock_net(sk); 1087 int ret; 1088 1089 if (!mptcp_is_enabled(net)) 1090 return -ENOPROTOOPT; 1091 1092 if (unlikely(!net->mib.mptcp_statistics) && !mptcp_mib_alloc(net)) 1093 return -ENOMEM; 1094 1095 ret = __mptcp_init_sock(sk); 1096 if (ret) 1097 return ret; 1098 1099 sk_sockets_allocated_inc(sk); 1100 sk->sk_sndbuf = sock_net(sk)->ipv4.sysctl_tcp_wmem[2]; 1101 1102 return 0; 1103 } 1104 1105 static void __mptcp_clear_xmit(struct sock *sk) 1106 { 1107 struct mptcp_sock *msk = mptcp_sk(sk); 1108 struct mptcp_data_frag *dtmp, *dfrag; 1109 1110 sk_stop_timer(sk, &msk->sk.icsk_retransmit_timer); 1111 1112 list_for_each_entry_safe(dfrag, dtmp, &msk->rtx_queue, list) 1113 dfrag_clear(sk, dfrag); 1114 } 1115 1116 static void mptcp_cancel_work(struct sock *sk) 1117 { 1118 struct mptcp_sock *msk = mptcp_sk(sk); 1119 1120 if (cancel_work_sync(&msk->work)) 1121 sock_put(sk); 1122 } 1123 1124 static void mptcp_subflow_shutdown(struct sock *ssk, int how, 1125 bool data_fin_tx_enable, u64 data_fin_tx_seq) 1126 { 1127 lock_sock(ssk); 1128 1129 switch (ssk->sk_state) { 1130 case TCP_LISTEN: 1131 if (!(how & RCV_SHUTDOWN)) 1132 break; 1133 /* fall through */ 1134 case TCP_SYN_SENT: 1135 tcp_disconnect(ssk, O_NONBLOCK); 1136 break; 1137 default: 1138 if (data_fin_tx_enable) { 1139 struct mptcp_subflow_context *subflow; 1140 1141 subflow = mptcp_subflow_ctx(ssk); 1142 subflow->data_fin_tx_seq = data_fin_tx_seq; 1143 subflow->data_fin_tx_enable = 1; 1144 } 1145 1146 ssk->sk_shutdown |= how; 1147 tcp_shutdown(ssk, how); 1148 break; 1149 } 1150 1151 /* Wake up anyone sleeping in poll. */ 1152 ssk->sk_state_change(ssk); 1153 release_sock(ssk); 1154 } 1155 1156 /* Called with msk lock held, releases such lock before returning */ 1157 static void mptcp_close(struct sock *sk, long timeout) 1158 { 1159 struct mptcp_subflow_context *subflow, *tmp; 1160 struct mptcp_sock *msk = mptcp_sk(sk); 1161 LIST_HEAD(conn_list); 1162 u64 data_fin_tx_seq; 1163 1164 lock_sock(sk); 1165 1166 mptcp_token_destroy(msk->token); 1167 inet_sk_state_store(sk, TCP_CLOSE); 1168 1169 __mptcp_flush_join_list(msk); 1170 1171 list_splice_init(&msk->conn_list, &conn_list); 1172 1173 data_fin_tx_seq = msk->write_seq; 1174 1175 __mptcp_clear_xmit(sk); 1176 1177 release_sock(sk); 1178 1179 list_for_each_entry_safe(subflow, tmp, &conn_list, node) { 1180 struct sock *ssk = mptcp_subflow_tcp_sock(subflow); 1181 1182 subflow->data_fin_tx_seq = data_fin_tx_seq; 1183 subflow->data_fin_tx_enable = 1; 1184 __mptcp_close_ssk(sk, ssk, subflow, timeout); 1185 } 1186 1187 mptcp_cancel_work(sk); 1188 mptcp_pm_close(msk); 1189 1190 __skb_queue_purge(&sk->sk_receive_queue); 1191 1192 sk_common_release(sk); 1193 } 1194 1195 static void mptcp_copy_inaddrs(struct sock *msk, const struct sock *ssk) 1196 { 1197 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 1198 const struct ipv6_pinfo *ssk6 = inet6_sk(ssk); 1199 struct ipv6_pinfo *msk6 = inet6_sk(msk); 1200 1201 msk->sk_v6_daddr = ssk->sk_v6_daddr; 1202 msk->sk_v6_rcv_saddr = ssk->sk_v6_rcv_saddr; 1203 1204 if (msk6 && ssk6) { 1205 msk6->saddr = ssk6->saddr; 1206 msk6->flow_label = ssk6->flow_label; 1207 } 1208 #endif 1209 1210 inet_sk(msk)->inet_num = inet_sk(ssk)->inet_num; 1211 inet_sk(msk)->inet_dport = inet_sk(ssk)->inet_dport; 1212 inet_sk(msk)->inet_sport = inet_sk(ssk)->inet_sport; 1213 inet_sk(msk)->inet_daddr = inet_sk(ssk)->inet_daddr; 1214 inet_sk(msk)->inet_saddr = inet_sk(ssk)->inet_saddr; 1215 inet_sk(msk)->inet_rcv_saddr = inet_sk(ssk)->inet_rcv_saddr; 1216 } 1217 1218 static int mptcp_disconnect(struct sock *sk, int flags) 1219 { 1220 lock_sock(sk); 1221 __mptcp_clear_xmit(sk); 1222 release_sock(sk); 1223 mptcp_cancel_work(sk); 1224 return tcp_disconnect(sk, flags); 1225 } 1226 1227 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 1228 static struct ipv6_pinfo *mptcp_inet6_sk(const struct sock *sk) 1229 { 1230 unsigned int offset = sizeof(struct mptcp6_sock) - sizeof(struct ipv6_pinfo); 1231 1232 return (struct ipv6_pinfo *)(((u8 *)sk) + offset); 1233 } 1234 #endif 1235 1236 struct sock *mptcp_sk_clone(const struct sock *sk, struct request_sock *req) 1237 { 1238 struct mptcp_subflow_request_sock *subflow_req = mptcp_subflow_rsk(req); 1239 struct sock *nsk = sk_clone_lock(sk, GFP_ATOMIC); 1240 struct mptcp_sock *msk; 1241 u64 ack_seq; 1242 1243 if (!nsk) 1244 return NULL; 1245 1246 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 1247 if (nsk->sk_family == AF_INET6) 1248 inet_sk(nsk)->pinet6 = mptcp_inet6_sk(nsk); 1249 #endif 1250 1251 __mptcp_init_sock(nsk); 1252 1253 msk = mptcp_sk(nsk); 1254 msk->local_key = subflow_req->local_key; 1255 msk->token = subflow_req->token; 1256 msk->subflow = NULL; 1257 1258 if (unlikely(mptcp_token_new_accept(subflow_req->token, nsk))) { 1259 bh_unlock_sock(nsk); 1260 1261 /* we can't call into mptcp_close() here - possible BH context 1262 * free the sock directly 1263 */ 1264 nsk->sk_prot->destroy(nsk); 1265 sk_free(nsk); 1266 return NULL; 1267 } 1268 1269 msk->write_seq = subflow_req->idsn + 1; 1270 atomic64_set(&msk->snd_una, msk->write_seq); 1271 if (subflow_req->remote_key_valid) { 1272 msk->can_ack = true; 1273 msk->remote_key = subflow_req->remote_key; 1274 mptcp_crypto_key_sha(msk->remote_key, NULL, &ack_seq); 1275 ack_seq++; 1276 msk->ack_seq = ack_seq; 1277 } 1278 1279 /* will be fully established after successful MPC subflow creation */ 1280 inet_sk_state_store(nsk, TCP_SYN_RECV); 1281 bh_unlock_sock(nsk); 1282 1283 /* keep a single reference */ 1284 __sock_put(nsk); 1285 return nsk; 1286 } 1287 1288 static struct sock *mptcp_accept(struct sock *sk, int flags, int *err, 1289 bool kern) 1290 { 1291 struct mptcp_sock *msk = mptcp_sk(sk); 1292 struct socket *listener; 1293 struct sock *newsk; 1294 1295 listener = __mptcp_nmpc_socket(msk); 1296 if (WARN_ON_ONCE(!listener)) { 1297 *err = -EINVAL; 1298 return NULL; 1299 } 1300 1301 pr_debug("msk=%p, listener=%p", msk, mptcp_subflow_ctx(listener->sk)); 1302 newsk = inet_csk_accept(listener->sk, flags, err, kern); 1303 if (!newsk) 1304 return NULL; 1305 1306 pr_debug("msk=%p, subflow is mptcp=%d", msk, sk_is_mptcp(newsk)); 1307 1308 if (sk_is_mptcp(newsk)) { 1309 struct mptcp_subflow_context *subflow; 1310 struct sock *new_mptcp_sock; 1311 struct sock *ssk = newsk; 1312 1313 subflow = mptcp_subflow_ctx(newsk); 1314 new_mptcp_sock = subflow->conn; 1315 1316 /* is_mptcp should be false if subflow->conn is missing, see 1317 * subflow_syn_recv_sock() 1318 */ 1319 if (WARN_ON_ONCE(!new_mptcp_sock)) { 1320 tcp_sk(newsk)->is_mptcp = 0; 1321 return newsk; 1322 } 1323 1324 /* acquire the 2nd reference for the owning socket */ 1325 sock_hold(new_mptcp_sock); 1326 1327 local_bh_disable(); 1328 bh_lock_sock(new_mptcp_sock); 1329 msk = mptcp_sk(new_mptcp_sock); 1330 msk->first = newsk; 1331 1332 newsk = new_mptcp_sock; 1333 mptcp_copy_inaddrs(newsk, ssk); 1334 list_add(&subflow->node, &msk->conn_list); 1335 1336 bh_unlock_sock(new_mptcp_sock); 1337 1338 __MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_MPCAPABLEPASSIVEACK); 1339 local_bh_enable(); 1340 } else { 1341 MPTCP_INC_STATS(sock_net(sk), 1342 MPTCP_MIB_MPCAPABLEPASSIVEFALLBACK); 1343 } 1344 1345 return newsk; 1346 } 1347 1348 static void mptcp_destroy(struct sock *sk) 1349 { 1350 struct mptcp_sock *msk = mptcp_sk(sk); 1351 1352 if (msk->cached_ext) 1353 __skb_ext_put(msk->cached_ext); 1354 1355 sk_sockets_allocated_dec(sk); 1356 } 1357 1358 static int mptcp_setsockopt(struct sock *sk, int level, int optname, 1359 char __user *optval, unsigned int optlen) 1360 { 1361 struct mptcp_sock *msk = mptcp_sk(sk); 1362 struct socket *ssock; 1363 1364 pr_debug("msk=%p", msk); 1365 1366 /* @@ the meaning of setsockopt() when the socket is connected and 1367 * there are multiple subflows is not yet defined. It is up to the 1368 * MPTCP-level socket to configure the subflows until the subflow 1369 * is in TCP fallback, when TCP socket options are passed through 1370 * to the one remaining subflow. 1371 */ 1372 lock_sock(sk); 1373 ssock = __mptcp_tcp_fallback(msk); 1374 if (ssock) 1375 return tcp_setsockopt(ssock->sk, level, optname, optval, 1376 optlen); 1377 1378 release_sock(sk); 1379 1380 return -EOPNOTSUPP; 1381 } 1382 1383 static int mptcp_getsockopt(struct sock *sk, int level, int optname, 1384 char __user *optval, int __user *option) 1385 { 1386 struct mptcp_sock *msk = mptcp_sk(sk); 1387 struct socket *ssock; 1388 1389 pr_debug("msk=%p", msk); 1390 1391 /* @@ the meaning of setsockopt() when the socket is connected and 1392 * there are multiple subflows is not yet defined. It is up to the 1393 * MPTCP-level socket to configure the subflows until the subflow 1394 * is in TCP fallback, when socket options are passed through 1395 * to the one remaining subflow. 1396 */ 1397 lock_sock(sk); 1398 ssock = __mptcp_tcp_fallback(msk); 1399 if (ssock) 1400 return tcp_getsockopt(ssock->sk, level, optname, optval, 1401 option); 1402 1403 release_sock(sk); 1404 1405 return -EOPNOTSUPP; 1406 } 1407 1408 #define MPTCP_DEFERRED_ALL (TCPF_DELACK_TIMER_DEFERRED | \ 1409 TCPF_WRITE_TIMER_DEFERRED) 1410 1411 /* this is very alike tcp_release_cb() but we must handle differently a 1412 * different set of events 1413 */ 1414 static void mptcp_release_cb(struct sock *sk) 1415 { 1416 unsigned long flags, nflags; 1417 1418 do { 1419 flags = sk->sk_tsq_flags; 1420 if (!(flags & MPTCP_DEFERRED_ALL)) 1421 return; 1422 nflags = flags & ~MPTCP_DEFERRED_ALL; 1423 } while (cmpxchg(&sk->sk_tsq_flags, flags, nflags) != flags); 1424 1425 sock_release_ownership(sk); 1426 1427 if (flags & TCPF_DELACK_TIMER_DEFERRED) { 1428 struct mptcp_sock *msk = mptcp_sk(sk); 1429 struct sock *ssk; 1430 1431 ssk = mptcp_subflow_recv_lookup(msk); 1432 if (!ssk || !schedule_work(&msk->work)) 1433 __sock_put(sk); 1434 } 1435 1436 if (flags & TCPF_WRITE_TIMER_DEFERRED) { 1437 mptcp_retransmit_handler(sk); 1438 __sock_put(sk); 1439 } 1440 } 1441 1442 static int mptcp_get_port(struct sock *sk, unsigned short snum) 1443 { 1444 struct mptcp_sock *msk = mptcp_sk(sk); 1445 struct socket *ssock; 1446 1447 ssock = __mptcp_nmpc_socket(msk); 1448 pr_debug("msk=%p, subflow=%p", msk, ssock); 1449 if (WARN_ON_ONCE(!ssock)) 1450 return -EINVAL; 1451 1452 return inet_csk_get_port(ssock->sk, snum); 1453 } 1454 1455 void mptcp_finish_connect(struct sock *ssk) 1456 { 1457 struct mptcp_subflow_context *subflow; 1458 struct mptcp_sock *msk; 1459 struct sock *sk; 1460 u64 ack_seq; 1461 1462 subflow = mptcp_subflow_ctx(ssk); 1463 sk = subflow->conn; 1464 msk = mptcp_sk(sk); 1465 1466 if (!subflow->mp_capable) { 1467 MPTCP_INC_STATS(sock_net(sk), 1468 MPTCP_MIB_MPCAPABLEACTIVEFALLBACK); 1469 return; 1470 } 1471 1472 pr_debug("msk=%p, token=%u", sk, subflow->token); 1473 1474 mptcp_crypto_key_sha(subflow->remote_key, NULL, &ack_seq); 1475 ack_seq++; 1476 subflow->map_seq = ack_seq; 1477 subflow->map_subflow_seq = 1; 1478 subflow->rel_write_seq = 1; 1479 1480 /* the socket is not connected yet, no msk/subflow ops can access/race 1481 * accessing the field below 1482 */ 1483 WRITE_ONCE(msk->remote_key, subflow->remote_key); 1484 WRITE_ONCE(msk->local_key, subflow->local_key); 1485 WRITE_ONCE(msk->token, subflow->token); 1486 WRITE_ONCE(msk->write_seq, subflow->idsn + 1); 1487 WRITE_ONCE(msk->ack_seq, ack_seq); 1488 WRITE_ONCE(msk->can_ack, 1); 1489 atomic64_set(&msk->snd_una, msk->write_seq); 1490 1491 mptcp_pm_new_connection(msk, 0); 1492 } 1493 1494 static void mptcp_sock_graft(struct sock *sk, struct socket *parent) 1495 { 1496 write_lock_bh(&sk->sk_callback_lock); 1497 rcu_assign_pointer(sk->sk_wq, &parent->wq); 1498 sk_set_socket(sk, parent); 1499 sk->sk_uid = SOCK_INODE(parent)->i_uid; 1500 write_unlock_bh(&sk->sk_callback_lock); 1501 } 1502 1503 bool mptcp_finish_join(struct sock *sk) 1504 { 1505 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); 1506 struct mptcp_sock *msk = mptcp_sk(subflow->conn); 1507 struct sock *parent = (void *)msk; 1508 struct socket *parent_sock; 1509 bool ret; 1510 1511 pr_debug("msk=%p, subflow=%p", msk, subflow); 1512 1513 /* mptcp socket already closing? */ 1514 if (inet_sk_state_load(parent) != TCP_ESTABLISHED) 1515 return false; 1516 1517 if (!msk->pm.server_side) 1518 return true; 1519 1520 /* passive connection, attach to msk socket */ 1521 parent_sock = READ_ONCE(parent->sk_socket); 1522 if (parent_sock && !sk->sk_socket) 1523 mptcp_sock_graft(sk, parent_sock); 1524 1525 ret = mptcp_pm_allow_new_subflow(msk); 1526 if (ret) { 1527 /* active connections are already on conn_list */ 1528 spin_lock_bh(&msk->join_list_lock); 1529 if (!WARN_ON_ONCE(!list_empty(&subflow->node))) 1530 list_add_tail(&subflow->node, &msk->join_list); 1531 spin_unlock_bh(&msk->join_list_lock); 1532 } 1533 return ret; 1534 } 1535 1536 bool mptcp_sk_is_subflow(const struct sock *sk) 1537 { 1538 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); 1539 1540 return subflow->mp_join == 1; 1541 } 1542 1543 static bool mptcp_memory_free(const struct sock *sk, int wake) 1544 { 1545 struct mptcp_sock *msk = mptcp_sk(sk); 1546 1547 return wake ? test_bit(MPTCP_SEND_SPACE, &msk->flags) : true; 1548 } 1549 1550 static struct proto mptcp_prot = { 1551 .name = "MPTCP", 1552 .owner = THIS_MODULE, 1553 .init = mptcp_init_sock, 1554 .disconnect = mptcp_disconnect, 1555 .close = mptcp_close, 1556 .accept = mptcp_accept, 1557 .setsockopt = mptcp_setsockopt, 1558 .getsockopt = mptcp_getsockopt, 1559 .shutdown = tcp_shutdown, 1560 .destroy = mptcp_destroy, 1561 .sendmsg = mptcp_sendmsg, 1562 .recvmsg = mptcp_recvmsg, 1563 .release_cb = mptcp_release_cb, 1564 .hash = inet_hash, 1565 .unhash = inet_unhash, 1566 .get_port = mptcp_get_port, 1567 .sockets_allocated = &mptcp_sockets_allocated, 1568 .memory_allocated = &tcp_memory_allocated, 1569 .memory_pressure = &tcp_memory_pressure, 1570 .stream_memory_free = mptcp_memory_free, 1571 .sysctl_wmem_offset = offsetof(struct net, ipv4.sysctl_tcp_wmem), 1572 .sysctl_mem = sysctl_tcp_mem, 1573 .obj_size = sizeof(struct mptcp_sock), 1574 .no_autobind = true, 1575 }; 1576 1577 static int mptcp_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) 1578 { 1579 struct mptcp_sock *msk = mptcp_sk(sock->sk); 1580 struct socket *ssock; 1581 int err; 1582 1583 lock_sock(sock->sk); 1584 ssock = __mptcp_socket_create(msk, MPTCP_SAME_STATE); 1585 if (IS_ERR(ssock)) { 1586 err = PTR_ERR(ssock); 1587 goto unlock; 1588 } 1589 1590 err = ssock->ops->bind(ssock, uaddr, addr_len); 1591 if (!err) 1592 mptcp_copy_inaddrs(sock->sk, ssock->sk); 1593 1594 unlock: 1595 release_sock(sock->sk); 1596 return err; 1597 } 1598 1599 static int mptcp_stream_connect(struct socket *sock, struct sockaddr *uaddr, 1600 int addr_len, int flags) 1601 { 1602 struct mptcp_sock *msk = mptcp_sk(sock->sk); 1603 struct socket *ssock; 1604 int err; 1605 1606 lock_sock(sock->sk); 1607 ssock = __mptcp_socket_create(msk, TCP_SYN_SENT); 1608 if (IS_ERR(ssock)) { 1609 err = PTR_ERR(ssock); 1610 goto unlock; 1611 } 1612 1613 #ifdef CONFIG_TCP_MD5SIG 1614 /* no MPTCP if MD5SIG is enabled on this socket or we may run out of 1615 * TCP option space. 1616 */ 1617 if (rcu_access_pointer(tcp_sk(ssock->sk)->md5sig_info)) 1618 mptcp_subflow_ctx(ssock->sk)->request_mptcp = 0; 1619 #endif 1620 1621 err = ssock->ops->connect(ssock, uaddr, addr_len, flags); 1622 inet_sk_state_store(sock->sk, inet_sk_state_load(ssock->sk)); 1623 mptcp_copy_inaddrs(sock->sk, ssock->sk); 1624 1625 unlock: 1626 release_sock(sock->sk); 1627 return err; 1628 } 1629 1630 static int mptcp_v4_getname(struct socket *sock, struct sockaddr *uaddr, 1631 int peer) 1632 { 1633 if (sock->sk->sk_prot == &tcp_prot) { 1634 /* we are being invoked from __sys_accept4, after 1635 * mptcp_accept() has just accepted a non-mp-capable 1636 * flow: sk is a tcp_sk, not an mptcp one. 1637 * 1638 * Hand the socket over to tcp so all further socket ops 1639 * bypass mptcp. 1640 */ 1641 sock->ops = &inet_stream_ops; 1642 } 1643 1644 return inet_getname(sock, uaddr, peer); 1645 } 1646 1647 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 1648 static int mptcp_v6_getname(struct socket *sock, struct sockaddr *uaddr, 1649 int peer) 1650 { 1651 if (sock->sk->sk_prot == &tcpv6_prot) { 1652 /* we are being invoked from __sys_accept4 after 1653 * mptcp_accept() has accepted a non-mp-capable 1654 * subflow: sk is a tcp_sk, not mptcp. 1655 * 1656 * Hand the socket over to tcp so all further 1657 * socket ops bypass mptcp. 1658 */ 1659 sock->ops = &inet6_stream_ops; 1660 } 1661 1662 return inet6_getname(sock, uaddr, peer); 1663 } 1664 #endif 1665 1666 static int mptcp_listen(struct socket *sock, int backlog) 1667 { 1668 struct mptcp_sock *msk = mptcp_sk(sock->sk); 1669 struct socket *ssock; 1670 int err; 1671 1672 pr_debug("msk=%p", msk); 1673 1674 lock_sock(sock->sk); 1675 ssock = __mptcp_socket_create(msk, TCP_LISTEN); 1676 if (IS_ERR(ssock)) { 1677 err = PTR_ERR(ssock); 1678 goto unlock; 1679 } 1680 1681 err = ssock->ops->listen(ssock, backlog); 1682 inet_sk_state_store(sock->sk, inet_sk_state_load(ssock->sk)); 1683 if (!err) 1684 mptcp_copy_inaddrs(sock->sk, ssock->sk); 1685 1686 unlock: 1687 release_sock(sock->sk); 1688 return err; 1689 } 1690 1691 static bool is_tcp_proto(const struct proto *p) 1692 { 1693 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 1694 return p == &tcp_prot || p == &tcpv6_prot; 1695 #else 1696 return p == &tcp_prot; 1697 #endif 1698 } 1699 1700 static int mptcp_stream_accept(struct socket *sock, struct socket *newsock, 1701 int flags, bool kern) 1702 { 1703 struct mptcp_sock *msk = mptcp_sk(sock->sk); 1704 struct socket *ssock; 1705 int err; 1706 1707 pr_debug("msk=%p", msk); 1708 1709 lock_sock(sock->sk); 1710 if (sock->sk->sk_state != TCP_LISTEN) 1711 goto unlock_fail; 1712 1713 ssock = __mptcp_nmpc_socket(msk); 1714 if (!ssock) 1715 goto unlock_fail; 1716 1717 sock_hold(ssock->sk); 1718 release_sock(sock->sk); 1719 1720 err = ssock->ops->accept(sock, newsock, flags, kern); 1721 if (err == 0 && !is_tcp_proto(newsock->sk->sk_prot)) { 1722 struct mptcp_sock *msk = mptcp_sk(newsock->sk); 1723 struct mptcp_subflow_context *subflow; 1724 1725 /* set ssk->sk_socket of accept()ed flows to mptcp socket. 1726 * This is needed so NOSPACE flag can be set from tcp stack. 1727 */ 1728 __mptcp_flush_join_list(msk); 1729 list_for_each_entry(subflow, &msk->conn_list, node) { 1730 struct sock *ssk = mptcp_subflow_tcp_sock(subflow); 1731 1732 if (!ssk->sk_socket) 1733 mptcp_sock_graft(ssk, newsock); 1734 } 1735 } 1736 1737 sock_put(ssock->sk); 1738 return err; 1739 1740 unlock_fail: 1741 release_sock(sock->sk); 1742 return -EINVAL; 1743 } 1744 1745 static __poll_t mptcp_poll(struct file *file, struct socket *sock, 1746 struct poll_table_struct *wait) 1747 { 1748 struct sock *sk = sock->sk; 1749 struct mptcp_sock *msk; 1750 struct socket *ssock; 1751 __poll_t mask = 0; 1752 1753 msk = mptcp_sk(sk); 1754 lock_sock(sk); 1755 ssock = __mptcp_nmpc_socket(msk); 1756 if (ssock) { 1757 mask = ssock->ops->poll(file, ssock, wait); 1758 release_sock(sk); 1759 return mask; 1760 } 1761 1762 release_sock(sk); 1763 sock_poll_wait(file, sock, wait); 1764 lock_sock(sk); 1765 ssock = __mptcp_tcp_fallback(msk); 1766 if (unlikely(ssock)) 1767 return ssock->ops->poll(file, ssock, NULL); 1768 1769 if (test_bit(MPTCP_DATA_READY, &msk->flags)) 1770 mask = EPOLLIN | EPOLLRDNORM; 1771 if (sk_stream_is_writeable(sk) && 1772 test_bit(MPTCP_SEND_SPACE, &msk->flags)) 1773 mask |= EPOLLOUT | EPOLLWRNORM; 1774 if (sk->sk_shutdown & RCV_SHUTDOWN) 1775 mask |= EPOLLIN | EPOLLRDNORM | EPOLLRDHUP; 1776 1777 release_sock(sk); 1778 1779 return mask; 1780 } 1781 1782 static int mptcp_shutdown(struct socket *sock, int how) 1783 { 1784 struct mptcp_sock *msk = mptcp_sk(sock->sk); 1785 struct mptcp_subflow_context *subflow; 1786 int ret = 0; 1787 1788 pr_debug("sk=%p, how=%d", msk, how); 1789 1790 lock_sock(sock->sk); 1791 1792 if (how == SHUT_WR || how == SHUT_RDWR) 1793 inet_sk_state_store(sock->sk, TCP_FIN_WAIT1); 1794 1795 how++; 1796 1797 if ((how & ~SHUTDOWN_MASK) || !how) { 1798 ret = -EINVAL; 1799 goto out_unlock; 1800 } 1801 1802 if (sock->state == SS_CONNECTING) { 1803 if ((1 << sock->sk->sk_state) & 1804 (TCPF_SYN_SENT | TCPF_SYN_RECV | TCPF_CLOSE)) 1805 sock->state = SS_DISCONNECTING; 1806 else 1807 sock->state = SS_CONNECTED; 1808 } 1809 1810 __mptcp_flush_join_list(msk); 1811 mptcp_for_each_subflow(msk, subflow) { 1812 struct sock *tcp_sk = mptcp_subflow_tcp_sock(subflow); 1813 1814 mptcp_subflow_shutdown(tcp_sk, how, 1, msk->write_seq); 1815 } 1816 1817 out_unlock: 1818 release_sock(sock->sk); 1819 1820 return ret; 1821 } 1822 1823 static const struct proto_ops mptcp_stream_ops = { 1824 .family = PF_INET, 1825 .owner = THIS_MODULE, 1826 .release = inet_release, 1827 .bind = mptcp_bind, 1828 .connect = mptcp_stream_connect, 1829 .socketpair = sock_no_socketpair, 1830 .accept = mptcp_stream_accept, 1831 .getname = mptcp_v4_getname, 1832 .poll = mptcp_poll, 1833 .ioctl = inet_ioctl, 1834 .gettstamp = sock_gettstamp, 1835 .listen = mptcp_listen, 1836 .shutdown = mptcp_shutdown, 1837 .setsockopt = sock_common_setsockopt, 1838 .getsockopt = sock_common_getsockopt, 1839 .sendmsg = inet_sendmsg, 1840 .recvmsg = inet_recvmsg, 1841 .mmap = sock_no_mmap, 1842 .sendpage = inet_sendpage, 1843 #ifdef CONFIG_COMPAT 1844 .compat_setsockopt = compat_sock_common_setsockopt, 1845 .compat_getsockopt = compat_sock_common_getsockopt, 1846 #endif 1847 }; 1848 1849 static struct inet_protosw mptcp_protosw = { 1850 .type = SOCK_STREAM, 1851 .protocol = IPPROTO_MPTCP, 1852 .prot = &mptcp_prot, 1853 .ops = &mptcp_stream_ops, 1854 .flags = INET_PROTOSW_ICSK, 1855 }; 1856 1857 void mptcp_proto_init(void) 1858 { 1859 mptcp_prot.h.hashinfo = tcp_prot.h.hashinfo; 1860 1861 if (percpu_counter_init(&mptcp_sockets_allocated, 0, GFP_KERNEL)) 1862 panic("Failed to allocate MPTCP pcpu counter\n"); 1863 1864 mptcp_subflow_init(); 1865 mptcp_pm_init(); 1866 1867 if (proto_register(&mptcp_prot, 1) != 0) 1868 panic("Failed to register MPTCP proto.\n"); 1869 1870 inet_register_protosw(&mptcp_protosw); 1871 1872 BUILD_BUG_ON(sizeof(struct mptcp_skb_cb) > sizeof_field(struct sk_buff, cb)); 1873 } 1874 1875 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 1876 static const struct proto_ops mptcp_v6_stream_ops = { 1877 .family = PF_INET6, 1878 .owner = THIS_MODULE, 1879 .release = inet6_release, 1880 .bind = mptcp_bind, 1881 .connect = mptcp_stream_connect, 1882 .socketpair = sock_no_socketpair, 1883 .accept = mptcp_stream_accept, 1884 .getname = mptcp_v6_getname, 1885 .poll = mptcp_poll, 1886 .ioctl = inet6_ioctl, 1887 .gettstamp = sock_gettstamp, 1888 .listen = mptcp_listen, 1889 .shutdown = mptcp_shutdown, 1890 .setsockopt = sock_common_setsockopt, 1891 .getsockopt = sock_common_getsockopt, 1892 .sendmsg = inet6_sendmsg, 1893 .recvmsg = inet6_recvmsg, 1894 .mmap = sock_no_mmap, 1895 .sendpage = inet_sendpage, 1896 #ifdef CONFIG_COMPAT 1897 .compat_setsockopt = compat_sock_common_setsockopt, 1898 .compat_getsockopt = compat_sock_common_getsockopt, 1899 #endif 1900 }; 1901 1902 static struct proto mptcp_v6_prot; 1903 1904 static void mptcp_v6_destroy(struct sock *sk) 1905 { 1906 mptcp_destroy(sk); 1907 inet6_destroy_sock(sk); 1908 } 1909 1910 static struct inet_protosw mptcp_v6_protosw = { 1911 .type = SOCK_STREAM, 1912 .protocol = IPPROTO_MPTCP, 1913 .prot = &mptcp_v6_prot, 1914 .ops = &mptcp_v6_stream_ops, 1915 .flags = INET_PROTOSW_ICSK, 1916 }; 1917 1918 int mptcp_proto_v6_init(void) 1919 { 1920 int err; 1921 1922 mptcp_v6_prot = mptcp_prot; 1923 strcpy(mptcp_v6_prot.name, "MPTCPv6"); 1924 mptcp_v6_prot.slab = NULL; 1925 mptcp_v6_prot.destroy = mptcp_v6_destroy; 1926 mptcp_v6_prot.obj_size = sizeof(struct mptcp6_sock); 1927 1928 err = proto_register(&mptcp_v6_prot, 1); 1929 if (err) 1930 return err; 1931 1932 err = inet6_register_protosw(&mptcp_v6_protosw); 1933 if (err) 1934 proto_unregister(&mptcp_v6_prot); 1935 1936 return err; 1937 } 1938 #endif 1939