1 // SPDX-License-Identifier: GPL-2.0 2 /* Multipath TCP 3 * 4 * Copyright (c) 2017 - 2019, Intel Corporation. 5 */ 6 7 #define pr_fmt(fmt) "MPTCP: " fmt 8 9 #include <linux/kernel.h> 10 #include <linux/module.h> 11 #include <linux/netdevice.h> 12 #include <linux/sched/signal.h> 13 #include <linux/atomic.h> 14 #include <net/sock.h> 15 #include <net/inet_common.h> 16 #include <net/inet_hashtables.h> 17 #include <net/protocol.h> 18 #include <net/tcp.h> 19 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 20 #include <net/transp_v6.h> 21 #endif 22 #include <net/mptcp.h> 23 #include "protocol.h" 24 #include "mib.h" 25 26 #define MPTCP_SAME_STATE TCP_MAX_STATES 27 28 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 29 struct mptcp6_sock { 30 struct mptcp_sock msk; 31 struct ipv6_pinfo np; 32 }; 33 #endif 34 35 struct mptcp_skb_cb { 36 u32 offset; 37 }; 38 39 #define MPTCP_SKB_CB(__skb) ((struct mptcp_skb_cb *)&((__skb)->cb[0])) 40 41 static struct percpu_counter mptcp_sockets_allocated; 42 43 /* If msk has an initial subflow socket, and the MP_CAPABLE handshake has not 44 * completed yet or has failed, return the subflow socket. 45 * Otherwise return NULL. 46 */ 47 static struct socket *__mptcp_nmpc_socket(const struct mptcp_sock *msk) 48 { 49 if (!msk->subflow || READ_ONCE(msk->can_ack)) 50 return NULL; 51 52 return msk->subflow; 53 } 54 55 static bool __mptcp_needs_tcp_fallback(const struct mptcp_sock *msk) 56 { 57 return msk->first && !sk_is_mptcp(msk->first); 58 } 59 60 static struct socket *mptcp_is_tcpsk(struct sock *sk) 61 { 62 struct socket *sock = sk->sk_socket; 63 64 if (sock->sk != sk) 65 return NULL; 66 67 if (unlikely(sk->sk_prot == &tcp_prot)) { 68 /* we are being invoked after mptcp_accept() has 69 * accepted a non-mp-capable flow: sk is a tcp_sk, 70 * not an mptcp one. 71 * 72 * Hand the socket over to tcp so all further socket ops 73 * bypass mptcp. 74 */ 75 sock->ops = &inet_stream_ops; 76 return sock; 77 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 78 } else if (unlikely(sk->sk_prot == &tcpv6_prot)) { 79 sock->ops = &inet6_stream_ops; 80 return sock; 81 #endif 82 } 83 84 return NULL; 85 } 86 87 static struct socket *__mptcp_tcp_fallback(struct mptcp_sock *msk) 88 { 89 struct socket *sock; 90 91 sock_owned_by_me((const struct sock *)msk); 92 93 sock = mptcp_is_tcpsk((struct sock *)msk); 94 if (unlikely(sock)) 95 return sock; 96 97 if (likely(!__mptcp_needs_tcp_fallback(msk))) 98 return NULL; 99 100 if (msk->subflow) { 101 release_sock((struct sock *)msk); 102 return msk->subflow; 103 } 104 105 return NULL; 106 } 107 108 static bool __mptcp_can_create_subflow(const struct mptcp_sock *msk) 109 { 110 return !msk->first; 111 } 112 113 static struct socket *__mptcp_socket_create(struct mptcp_sock *msk, int state) 114 { 115 struct mptcp_subflow_context *subflow; 116 struct sock *sk = (struct sock *)msk; 117 struct socket *ssock; 118 int err; 119 120 ssock = __mptcp_tcp_fallback(msk); 121 if (unlikely(ssock)) 122 return ssock; 123 124 ssock = __mptcp_nmpc_socket(msk); 125 if (ssock) 126 goto set_state; 127 128 if (!__mptcp_can_create_subflow(msk)) 129 return ERR_PTR(-EINVAL); 130 131 err = mptcp_subflow_create_socket(sk, &ssock); 132 if (err) 133 return ERR_PTR(err); 134 135 msk->first = ssock->sk; 136 msk->subflow = ssock; 137 subflow = mptcp_subflow_ctx(ssock->sk); 138 list_add(&subflow->node, &msk->conn_list); 139 subflow->request_mptcp = 1; 140 141 set_state: 142 if (state != MPTCP_SAME_STATE) 143 inet_sk_state_store(sk, state); 144 return ssock; 145 } 146 147 static void __mptcp_move_skb(struct mptcp_sock *msk, struct sock *ssk, 148 struct sk_buff *skb, 149 unsigned int offset, size_t copy_len) 150 { 151 struct sock *sk = (struct sock *)msk; 152 153 __skb_unlink(skb, &ssk->sk_receive_queue); 154 skb_set_owner_r(skb, sk); 155 __skb_queue_tail(&sk->sk_receive_queue, skb); 156 157 msk->ack_seq += copy_len; 158 MPTCP_SKB_CB(skb)->offset = offset; 159 } 160 161 /* both sockets must be locked */ 162 static bool mptcp_subflow_dsn_valid(const struct mptcp_sock *msk, 163 struct sock *ssk) 164 { 165 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk); 166 u64 dsn = mptcp_subflow_get_mapped_dsn(subflow); 167 168 /* revalidate data sequence number. 169 * 170 * mptcp_subflow_data_available() is usually called 171 * without msk lock. Its unlikely (but possible) 172 * that msk->ack_seq has been advanced since the last 173 * call found in-sequence data. 174 */ 175 if (likely(dsn == msk->ack_seq)) 176 return true; 177 178 subflow->data_avail = 0; 179 return mptcp_subflow_data_available(ssk); 180 } 181 182 static bool __mptcp_move_skbs_from_subflow(struct mptcp_sock *msk, 183 struct sock *ssk, 184 unsigned int *bytes) 185 { 186 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk); 187 struct sock *sk = (struct sock *)msk; 188 unsigned int moved = 0; 189 bool more_data_avail; 190 struct tcp_sock *tp; 191 bool done = false; 192 193 if (!mptcp_subflow_dsn_valid(msk, ssk)) { 194 *bytes = 0; 195 return false; 196 } 197 198 if (!(sk->sk_userlocks & SOCK_RCVBUF_LOCK)) { 199 int rcvbuf = max(ssk->sk_rcvbuf, sk->sk_rcvbuf); 200 201 if (rcvbuf > sk->sk_rcvbuf) 202 sk->sk_rcvbuf = rcvbuf; 203 } 204 205 tp = tcp_sk(ssk); 206 do { 207 u32 map_remaining, offset; 208 u32 seq = tp->copied_seq; 209 struct sk_buff *skb; 210 bool fin; 211 212 /* try to move as much data as available */ 213 map_remaining = subflow->map_data_len - 214 mptcp_subflow_get_map_offset(subflow); 215 216 skb = skb_peek(&ssk->sk_receive_queue); 217 if (!skb) 218 break; 219 220 offset = seq - TCP_SKB_CB(skb)->seq; 221 fin = TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN; 222 if (fin) { 223 done = true; 224 seq++; 225 } 226 227 if (offset < skb->len) { 228 size_t len = skb->len - offset; 229 230 if (tp->urg_data) 231 done = true; 232 233 __mptcp_move_skb(msk, ssk, skb, offset, len); 234 seq += len; 235 moved += len; 236 237 if (WARN_ON_ONCE(map_remaining < len)) 238 break; 239 } else { 240 WARN_ON_ONCE(!fin); 241 sk_eat_skb(ssk, skb); 242 done = true; 243 } 244 245 WRITE_ONCE(tp->copied_seq, seq); 246 more_data_avail = mptcp_subflow_data_available(ssk); 247 248 if (atomic_read(&sk->sk_rmem_alloc) > READ_ONCE(sk->sk_rcvbuf)) { 249 done = true; 250 break; 251 } 252 } while (more_data_avail); 253 254 *bytes = moved; 255 256 return done; 257 } 258 259 /* In most cases we will be able to lock the mptcp socket. If its already 260 * owned, we need to defer to the work queue to avoid ABBA deadlock. 261 */ 262 static bool move_skbs_to_msk(struct mptcp_sock *msk, struct sock *ssk) 263 { 264 struct sock *sk = (struct sock *)msk; 265 unsigned int moved = 0; 266 267 if (READ_ONCE(sk->sk_lock.owned)) 268 return false; 269 270 if (unlikely(!spin_trylock_bh(&sk->sk_lock.slock))) 271 return false; 272 273 /* must re-check after taking the lock */ 274 if (!READ_ONCE(sk->sk_lock.owned)) 275 __mptcp_move_skbs_from_subflow(msk, ssk, &moved); 276 277 spin_unlock_bh(&sk->sk_lock.slock); 278 279 return moved > 0; 280 } 281 282 void mptcp_data_ready(struct sock *sk, struct sock *ssk) 283 { 284 struct mptcp_sock *msk = mptcp_sk(sk); 285 286 set_bit(MPTCP_DATA_READY, &msk->flags); 287 288 if (atomic_read(&sk->sk_rmem_alloc) < READ_ONCE(sk->sk_rcvbuf) && 289 move_skbs_to_msk(msk, ssk)) 290 goto wake; 291 292 /* don't schedule if mptcp sk is (still) over limit */ 293 if (atomic_read(&sk->sk_rmem_alloc) > READ_ONCE(sk->sk_rcvbuf)) 294 goto wake; 295 296 /* mptcp socket is owned, release_cb should retry */ 297 if (!test_and_set_bit(TCP_DELACK_TIMER_DEFERRED, 298 &sk->sk_tsq_flags)) { 299 sock_hold(sk); 300 301 /* need to try again, its possible release_cb() has already 302 * been called after the test_and_set_bit() above. 303 */ 304 move_skbs_to_msk(msk, ssk); 305 } 306 wake: 307 sk->sk_data_ready(sk); 308 } 309 310 static void __mptcp_flush_join_list(struct mptcp_sock *msk) 311 { 312 if (likely(list_empty(&msk->join_list))) 313 return; 314 315 spin_lock_bh(&msk->join_list_lock); 316 list_splice_tail_init(&msk->join_list, &msk->conn_list); 317 spin_unlock_bh(&msk->join_list_lock); 318 } 319 320 static void mptcp_set_timeout(const struct sock *sk, const struct sock *ssk) 321 { 322 long tout = ssk && inet_csk(ssk)->icsk_pending ? 323 inet_csk(ssk)->icsk_timeout - jiffies : 0; 324 325 if (tout <= 0) 326 tout = mptcp_sk(sk)->timer_ival; 327 mptcp_sk(sk)->timer_ival = tout > 0 ? tout : TCP_RTO_MIN; 328 } 329 330 static bool mptcp_timer_pending(struct sock *sk) 331 { 332 return timer_pending(&inet_csk(sk)->icsk_retransmit_timer); 333 } 334 335 static void mptcp_reset_timer(struct sock *sk) 336 { 337 struct inet_connection_sock *icsk = inet_csk(sk); 338 unsigned long tout; 339 340 /* should never be called with mptcp level timer cleared */ 341 tout = READ_ONCE(mptcp_sk(sk)->timer_ival); 342 if (WARN_ON_ONCE(!tout)) 343 tout = TCP_RTO_MIN; 344 sk_reset_timer(sk, &icsk->icsk_retransmit_timer, jiffies + tout); 345 } 346 347 void mptcp_data_acked(struct sock *sk) 348 { 349 mptcp_reset_timer(sk); 350 351 if (!sk_stream_is_writeable(sk) && 352 schedule_work(&mptcp_sk(sk)->work)) 353 sock_hold(sk); 354 } 355 356 void mptcp_subflow_eof(struct sock *sk) 357 { 358 struct mptcp_sock *msk = mptcp_sk(sk); 359 360 if (!test_and_set_bit(MPTCP_WORK_EOF, &msk->flags) && 361 schedule_work(&msk->work)) 362 sock_hold(sk); 363 } 364 365 static void mptcp_stop_timer(struct sock *sk) 366 { 367 struct inet_connection_sock *icsk = inet_csk(sk); 368 369 sk_stop_timer(sk, &icsk->icsk_retransmit_timer); 370 mptcp_sk(sk)->timer_ival = 0; 371 } 372 373 static bool mptcp_ext_cache_refill(struct mptcp_sock *msk) 374 { 375 if (!msk->cached_ext) 376 msk->cached_ext = __skb_ext_alloc(); 377 378 return !!msk->cached_ext; 379 } 380 381 static struct sock *mptcp_subflow_recv_lookup(const struct mptcp_sock *msk) 382 { 383 struct mptcp_subflow_context *subflow; 384 struct sock *sk = (struct sock *)msk; 385 386 sock_owned_by_me(sk); 387 388 mptcp_for_each_subflow(msk, subflow) { 389 if (subflow->data_avail) 390 return mptcp_subflow_tcp_sock(subflow); 391 } 392 393 return NULL; 394 } 395 396 static bool mptcp_skb_can_collapse_to(u64 write_seq, 397 const struct sk_buff *skb, 398 const struct mptcp_ext *mpext) 399 { 400 if (!tcp_skb_can_collapse_to(skb)) 401 return false; 402 403 /* can collapse only if MPTCP level sequence is in order */ 404 return mpext && mpext->data_seq + mpext->data_len == write_seq; 405 } 406 407 static bool mptcp_frag_can_collapse_to(const struct mptcp_sock *msk, 408 const struct page_frag *pfrag, 409 const struct mptcp_data_frag *df) 410 { 411 return df && pfrag->page == df->page && 412 df->data_seq + df->data_len == msk->write_seq; 413 } 414 415 static void dfrag_uncharge(struct sock *sk, int len) 416 { 417 sk_mem_uncharge(sk, len); 418 sk_wmem_queued_add(sk, -len); 419 } 420 421 static void dfrag_clear(struct sock *sk, struct mptcp_data_frag *dfrag) 422 { 423 int len = dfrag->data_len + dfrag->overhead; 424 425 list_del(&dfrag->list); 426 dfrag_uncharge(sk, len); 427 put_page(dfrag->page); 428 } 429 430 static void mptcp_clean_una(struct sock *sk) 431 { 432 struct mptcp_sock *msk = mptcp_sk(sk); 433 struct mptcp_data_frag *dtmp, *dfrag; 434 u64 snd_una = atomic64_read(&msk->snd_una); 435 bool cleaned = false; 436 437 list_for_each_entry_safe(dfrag, dtmp, &msk->rtx_queue, list) { 438 if (after64(dfrag->data_seq + dfrag->data_len, snd_una)) 439 break; 440 441 dfrag_clear(sk, dfrag); 442 cleaned = true; 443 } 444 445 dfrag = mptcp_rtx_head(sk); 446 if (dfrag && after64(snd_una, dfrag->data_seq)) { 447 u64 delta = dfrag->data_seq + dfrag->data_len - snd_una; 448 449 dfrag->data_seq += delta; 450 dfrag->data_len -= delta; 451 452 dfrag_uncharge(sk, delta); 453 cleaned = true; 454 } 455 456 if (cleaned) { 457 sk_mem_reclaim_partial(sk); 458 459 /* Only wake up writers if a subflow is ready */ 460 if (test_bit(MPTCP_SEND_SPACE, &msk->flags)) 461 sk_stream_write_space(sk); 462 } 463 } 464 465 /* ensure we get enough memory for the frag hdr, beyond some minimal amount of 466 * data 467 */ 468 static bool mptcp_page_frag_refill(struct sock *sk, struct page_frag *pfrag) 469 { 470 if (likely(skb_page_frag_refill(32U + sizeof(struct mptcp_data_frag), 471 pfrag, sk->sk_allocation))) 472 return true; 473 474 sk->sk_prot->enter_memory_pressure(sk); 475 sk_stream_moderate_sndbuf(sk); 476 return false; 477 } 478 479 static struct mptcp_data_frag * 480 mptcp_carve_data_frag(const struct mptcp_sock *msk, struct page_frag *pfrag, 481 int orig_offset) 482 { 483 int offset = ALIGN(orig_offset, sizeof(long)); 484 struct mptcp_data_frag *dfrag; 485 486 dfrag = (struct mptcp_data_frag *)(page_to_virt(pfrag->page) + offset); 487 dfrag->data_len = 0; 488 dfrag->data_seq = msk->write_seq; 489 dfrag->overhead = offset - orig_offset + sizeof(struct mptcp_data_frag); 490 dfrag->offset = offset + sizeof(struct mptcp_data_frag); 491 dfrag->page = pfrag->page; 492 493 return dfrag; 494 } 495 496 static int mptcp_sendmsg_frag(struct sock *sk, struct sock *ssk, 497 struct msghdr *msg, struct mptcp_data_frag *dfrag, 498 long *timeo, int *pmss_now, 499 int *ps_goal) 500 { 501 int mss_now, avail_size, size_goal, offset, ret, frag_truesize = 0; 502 bool dfrag_collapsed, can_collapse = false; 503 struct mptcp_sock *msk = mptcp_sk(sk); 504 struct mptcp_ext *mpext = NULL; 505 bool retransmission = !!dfrag; 506 struct sk_buff *skb, *tail; 507 struct page_frag *pfrag; 508 struct page *page; 509 u64 *write_seq; 510 size_t psize; 511 512 /* use the mptcp page cache so that we can easily move the data 513 * from one substream to another, but do per subflow memory accounting 514 * Note: pfrag is used only !retransmission, but the compiler if 515 * fooled into a warning if we don't init here 516 */ 517 pfrag = sk_page_frag(sk); 518 while ((!retransmission && !mptcp_page_frag_refill(ssk, pfrag)) || 519 !mptcp_ext_cache_refill(msk)) { 520 ret = sk_stream_wait_memory(ssk, timeo); 521 if (ret) 522 return ret; 523 524 /* if sk_stream_wait_memory() sleeps snd_una can change 525 * significantly, refresh the rtx queue 526 */ 527 mptcp_clean_una(sk); 528 529 if (unlikely(__mptcp_needs_tcp_fallback(msk))) 530 return 0; 531 } 532 if (!retransmission) { 533 write_seq = &msk->write_seq; 534 page = pfrag->page; 535 } else { 536 write_seq = &dfrag->data_seq; 537 page = dfrag->page; 538 } 539 540 /* compute copy limit */ 541 mss_now = tcp_send_mss(ssk, &size_goal, msg->msg_flags); 542 *pmss_now = mss_now; 543 *ps_goal = size_goal; 544 avail_size = size_goal; 545 skb = tcp_write_queue_tail(ssk); 546 if (skb) { 547 mpext = skb_ext_find(skb, SKB_EXT_MPTCP); 548 549 /* Limit the write to the size available in the 550 * current skb, if any, so that we create at most a new skb. 551 * Explicitly tells TCP internals to avoid collapsing on later 552 * queue management operation, to avoid breaking the ext <-> 553 * SSN association set here 554 */ 555 can_collapse = (size_goal - skb->len > 0) && 556 mptcp_skb_can_collapse_to(*write_seq, skb, mpext); 557 if (!can_collapse) 558 TCP_SKB_CB(skb)->eor = 1; 559 else 560 avail_size = size_goal - skb->len; 561 } 562 563 if (!retransmission) { 564 /* reuse tail pfrag, if possible, or carve a new one from the 565 * page allocator 566 */ 567 dfrag = mptcp_rtx_tail(sk); 568 offset = pfrag->offset; 569 dfrag_collapsed = mptcp_frag_can_collapse_to(msk, pfrag, dfrag); 570 if (!dfrag_collapsed) { 571 dfrag = mptcp_carve_data_frag(msk, pfrag, offset); 572 offset = dfrag->offset; 573 frag_truesize = dfrag->overhead; 574 } 575 psize = min_t(size_t, pfrag->size - offset, avail_size); 576 577 /* Copy to page */ 578 pr_debug("left=%zu", msg_data_left(msg)); 579 psize = copy_page_from_iter(pfrag->page, offset, 580 min_t(size_t, msg_data_left(msg), 581 psize), 582 &msg->msg_iter); 583 pr_debug("left=%zu", msg_data_left(msg)); 584 if (!psize) 585 return -EINVAL; 586 587 if (!sk_wmem_schedule(sk, psize + dfrag->overhead)) 588 return -ENOMEM; 589 } else { 590 offset = dfrag->offset; 591 psize = min_t(size_t, dfrag->data_len, avail_size); 592 } 593 594 /* tell the TCP stack to delay the push so that we can safely 595 * access the skb after the sendpages call 596 */ 597 ret = do_tcp_sendpages(ssk, page, offset, psize, 598 msg->msg_flags | MSG_SENDPAGE_NOTLAST); 599 if (ret <= 0) 600 return ret; 601 602 frag_truesize += ret; 603 if (!retransmission) { 604 if (unlikely(ret < psize)) 605 iov_iter_revert(&msg->msg_iter, psize - ret); 606 607 /* send successful, keep track of sent data for mptcp-level 608 * retransmission 609 */ 610 dfrag->data_len += ret; 611 if (!dfrag_collapsed) { 612 get_page(dfrag->page); 613 list_add_tail(&dfrag->list, &msk->rtx_queue); 614 sk_wmem_queued_add(sk, frag_truesize); 615 } else { 616 sk_wmem_queued_add(sk, ret); 617 } 618 619 /* charge data on mptcp rtx queue to the master socket 620 * Note: we charge such data both to sk and ssk 621 */ 622 sk->sk_forward_alloc -= frag_truesize; 623 } 624 625 /* if the tail skb extension is still the cached one, collapsing 626 * really happened. Note: we can't check for 'same skb' as the sk_buff 627 * hdr on tail can be transmitted, freed and re-allocated by the 628 * do_tcp_sendpages() call 629 */ 630 tail = tcp_write_queue_tail(ssk); 631 if (mpext && tail && mpext == skb_ext_find(tail, SKB_EXT_MPTCP)) { 632 WARN_ON_ONCE(!can_collapse); 633 mpext->data_len += ret; 634 goto out; 635 } 636 637 skb = tcp_write_queue_tail(ssk); 638 mpext = __skb_ext_set(skb, SKB_EXT_MPTCP, msk->cached_ext); 639 msk->cached_ext = NULL; 640 641 memset(mpext, 0, sizeof(*mpext)); 642 mpext->data_seq = *write_seq; 643 mpext->subflow_seq = mptcp_subflow_ctx(ssk)->rel_write_seq; 644 mpext->data_len = ret; 645 mpext->use_map = 1; 646 mpext->dsn64 = 1; 647 648 pr_debug("data_seq=%llu subflow_seq=%u data_len=%u dsn64=%d", 649 mpext->data_seq, mpext->subflow_seq, mpext->data_len, 650 mpext->dsn64); 651 652 out: 653 if (!retransmission) 654 pfrag->offset += frag_truesize; 655 *write_seq += ret; 656 mptcp_subflow_ctx(ssk)->rel_write_seq += ret; 657 658 return ret; 659 } 660 661 static struct sock *mptcp_subflow_get_send(struct mptcp_sock *msk) 662 { 663 struct mptcp_subflow_context *subflow; 664 struct sock *backup = NULL; 665 666 sock_owned_by_me((const struct sock *)msk); 667 668 mptcp_for_each_subflow(msk, subflow) { 669 struct sock *ssk = mptcp_subflow_tcp_sock(subflow); 670 671 if (!sk_stream_memory_free(ssk)) { 672 struct socket *sock = ssk->sk_socket; 673 674 if (sock) { 675 clear_bit(MPTCP_SEND_SPACE, &msk->flags); 676 smp_mb__after_atomic(); 677 678 /* enables sk->write_space() callbacks */ 679 set_bit(SOCK_NOSPACE, &sock->flags); 680 } 681 682 return NULL; 683 } 684 685 if (subflow->backup) { 686 if (!backup) 687 backup = ssk; 688 689 continue; 690 } 691 692 return ssk; 693 } 694 695 return backup; 696 } 697 698 static void ssk_check_wmem(struct mptcp_sock *msk, struct sock *ssk) 699 { 700 struct socket *sock; 701 702 if (likely(sk_stream_is_writeable(ssk))) 703 return; 704 705 sock = READ_ONCE(ssk->sk_socket); 706 707 if (sock) { 708 clear_bit(MPTCP_SEND_SPACE, &msk->flags); 709 smp_mb__after_atomic(); 710 /* set NOSPACE only after clearing SEND_SPACE flag */ 711 set_bit(SOCK_NOSPACE, &sock->flags); 712 } 713 } 714 715 static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) 716 { 717 int mss_now = 0, size_goal = 0, ret = 0; 718 struct mptcp_sock *msk = mptcp_sk(sk); 719 struct socket *ssock; 720 size_t copied = 0; 721 struct sock *ssk; 722 long timeo; 723 724 if (msg->msg_flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL)) 725 return -EOPNOTSUPP; 726 727 lock_sock(sk); 728 729 timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT); 730 731 if ((1 << sk->sk_state) & ~(TCPF_ESTABLISHED | TCPF_CLOSE_WAIT)) { 732 ret = sk_stream_wait_connect(sk, &timeo); 733 if (ret) 734 goto out; 735 } 736 737 ssock = __mptcp_tcp_fallback(msk); 738 if (unlikely(ssock)) { 739 fallback: 740 pr_debug("fallback passthrough"); 741 ret = sock_sendmsg(ssock, msg); 742 return ret >= 0 ? ret + copied : (copied ? copied : ret); 743 } 744 745 mptcp_clean_una(sk); 746 747 __mptcp_flush_join_list(msk); 748 ssk = mptcp_subflow_get_send(msk); 749 while (!sk_stream_memory_free(sk) || !ssk) { 750 ret = sk_stream_wait_memory(sk, &timeo); 751 if (ret) 752 goto out; 753 754 mptcp_clean_una(sk); 755 756 ssk = mptcp_subflow_get_send(msk); 757 if (list_empty(&msk->conn_list)) { 758 ret = -ENOTCONN; 759 goto out; 760 } 761 } 762 763 pr_debug("conn_list->subflow=%p", ssk); 764 765 lock_sock(ssk); 766 while (msg_data_left(msg)) { 767 ret = mptcp_sendmsg_frag(sk, ssk, msg, NULL, &timeo, &mss_now, 768 &size_goal); 769 if (ret < 0) 770 break; 771 if (ret == 0 && unlikely(__mptcp_needs_tcp_fallback(msk))) { 772 release_sock(ssk); 773 ssock = __mptcp_tcp_fallback(msk); 774 goto fallback; 775 } 776 777 copied += ret; 778 } 779 780 mptcp_set_timeout(sk, ssk); 781 if (copied) { 782 ret = copied; 783 tcp_push(ssk, msg->msg_flags, mss_now, tcp_sk(ssk)->nonagle, 784 size_goal); 785 786 /* start the timer, if it's not pending */ 787 if (!mptcp_timer_pending(sk)) 788 mptcp_reset_timer(sk); 789 } 790 791 ssk_check_wmem(msk, ssk); 792 release_sock(ssk); 793 out: 794 release_sock(sk); 795 return ret; 796 } 797 798 static void mptcp_wait_data(struct sock *sk, long *timeo) 799 { 800 DEFINE_WAIT_FUNC(wait, woken_wake_function); 801 struct mptcp_sock *msk = mptcp_sk(sk); 802 803 add_wait_queue(sk_sleep(sk), &wait); 804 sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk); 805 806 sk_wait_event(sk, timeo, 807 test_and_clear_bit(MPTCP_DATA_READY, &msk->flags), &wait); 808 809 sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk); 810 remove_wait_queue(sk_sleep(sk), &wait); 811 } 812 813 static int __mptcp_recvmsg_mskq(struct mptcp_sock *msk, 814 struct msghdr *msg, 815 size_t len) 816 { 817 struct sock *sk = (struct sock *)msk; 818 struct sk_buff *skb; 819 int copied = 0; 820 821 while ((skb = skb_peek(&sk->sk_receive_queue)) != NULL) { 822 u32 offset = MPTCP_SKB_CB(skb)->offset; 823 u32 data_len = skb->len - offset; 824 u32 count = min_t(size_t, len - copied, data_len); 825 int err; 826 827 err = skb_copy_datagram_msg(skb, offset, msg, count); 828 if (unlikely(err < 0)) { 829 if (!copied) 830 return err; 831 break; 832 } 833 834 copied += count; 835 836 if (count < data_len) { 837 MPTCP_SKB_CB(skb)->offset += count; 838 break; 839 } 840 841 __skb_unlink(skb, &sk->sk_receive_queue); 842 __kfree_skb(skb); 843 844 if (copied >= len) 845 break; 846 } 847 848 return copied; 849 } 850 851 static bool __mptcp_move_skbs(struct mptcp_sock *msk) 852 { 853 unsigned int moved = 0; 854 bool done; 855 856 do { 857 struct sock *ssk = mptcp_subflow_recv_lookup(msk); 858 859 if (!ssk) 860 break; 861 862 lock_sock(ssk); 863 done = __mptcp_move_skbs_from_subflow(msk, ssk, &moved); 864 release_sock(ssk); 865 } while (!done); 866 867 return moved > 0; 868 } 869 870 static int mptcp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, 871 int nonblock, int flags, int *addr_len) 872 { 873 struct mptcp_sock *msk = mptcp_sk(sk); 874 struct socket *ssock; 875 int copied = 0; 876 int target; 877 long timeo; 878 879 if (msg->msg_flags & ~(MSG_WAITALL | MSG_DONTWAIT)) 880 return -EOPNOTSUPP; 881 882 lock_sock(sk); 883 ssock = __mptcp_tcp_fallback(msk); 884 if (unlikely(ssock)) { 885 fallback: 886 pr_debug("fallback-read subflow=%p", 887 mptcp_subflow_ctx(ssock->sk)); 888 copied = sock_recvmsg(ssock, msg, flags); 889 return copied; 890 } 891 892 timeo = sock_rcvtimeo(sk, nonblock); 893 894 len = min_t(size_t, len, INT_MAX); 895 target = sock_rcvlowat(sk, flags & MSG_WAITALL, len); 896 __mptcp_flush_join_list(msk); 897 898 while (len > (size_t)copied) { 899 int bytes_read; 900 901 bytes_read = __mptcp_recvmsg_mskq(msk, msg, len - copied); 902 if (unlikely(bytes_read < 0)) { 903 if (!copied) 904 copied = bytes_read; 905 goto out_err; 906 } 907 908 copied += bytes_read; 909 910 if (skb_queue_empty(&sk->sk_receive_queue) && 911 __mptcp_move_skbs(msk)) 912 continue; 913 914 /* only the master socket status is relevant here. The exit 915 * conditions mirror closely tcp_recvmsg() 916 */ 917 if (copied >= target) 918 break; 919 920 if (copied) { 921 if (sk->sk_err || 922 sk->sk_state == TCP_CLOSE || 923 (sk->sk_shutdown & RCV_SHUTDOWN) || 924 !timeo || 925 signal_pending(current)) 926 break; 927 } else { 928 if (sk->sk_err) { 929 copied = sock_error(sk); 930 break; 931 } 932 933 if (sk->sk_shutdown & RCV_SHUTDOWN) 934 break; 935 936 if (sk->sk_state == TCP_CLOSE) { 937 copied = -ENOTCONN; 938 break; 939 } 940 941 if (!timeo) { 942 copied = -EAGAIN; 943 break; 944 } 945 946 if (signal_pending(current)) { 947 copied = sock_intr_errno(timeo); 948 break; 949 } 950 } 951 952 pr_debug("block timeout %ld", timeo); 953 mptcp_wait_data(sk, &timeo); 954 if (unlikely(__mptcp_tcp_fallback(msk))) 955 goto fallback; 956 } 957 958 if (skb_queue_empty(&sk->sk_receive_queue)) { 959 /* entire backlog drained, clear DATA_READY. */ 960 clear_bit(MPTCP_DATA_READY, &msk->flags); 961 962 /* .. race-breaker: ssk might have gotten new data 963 * after last __mptcp_move_skbs() returned false. 964 */ 965 if (unlikely(__mptcp_move_skbs(msk))) 966 set_bit(MPTCP_DATA_READY, &msk->flags); 967 } else if (unlikely(!test_bit(MPTCP_DATA_READY, &msk->flags))) { 968 /* data to read but mptcp_wait_data() cleared DATA_READY */ 969 set_bit(MPTCP_DATA_READY, &msk->flags); 970 } 971 out_err: 972 release_sock(sk); 973 return copied; 974 } 975 976 static void mptcp_retransmit_handler(struct sock *sk) 977 { 978 struct mptcp_sock *msk = mptcp_sk(sk); 979 980 if (atomic64_read(&msk->snd_una) == msk->write_seq) { 981 mptcp_stop_timer(sk); 982 } else { 983 set_bit(MPTCP_WORK_RTX, &msk->flags); 984 if (schedule_work(&msk->work)) 985 sock_hold(sk); 986 } 987 } 988 989 static void mptcp_retransmit_timer(struct timer_list *t) 990 { 991 struct inet_connection_sock *icsk = from_timer(icsk, t, 992 icsk_retransmit_timer); 993 struct sock *sk = &icsk->icsk_inet.sk; 994 995 bh_lock_sock(sk); 996 if (!sock_owned_by_user(sk)) { 997 mptcp_retransmit_handler(sk); 998 } else { 999 /* delegate our work to tcp_release_cb() */ 1000 if (!test_and_set_bit(TCP_WRITE_TIMER_DEFERRED, 1001 &sk->sk_tsq_flags)) 1002 sock_hold(sk); 1003 } 1004 bh_unlock_sock(sk); 1005 sock_put(sk); 1006 } 1007 1008 /* Find an idle subflow. Return NULL if there is unacked data at tcp 1009 * level. 1010 * 1011 * A backup subflow is returned only if that is the only kind available. 1012 */ 1013 static struct sock *mptcp_subflow_get_retrans(const struct mptcp_sock *msk) 1014 { 1015 struct mptcp_subflow_context *subflow; 1016 struct sock *backup = NULL; 1017 1018 sock_owned_by_me((const struct sock *)msk); 1019 1020 mptcp_for_each_subflow(msk, subflow) { 1021 struct sock *ssk = mptcp_subflow_tcp_sock(subflow); 1022 1023 /* still data outstanding at TCP level? Don't retransmit. */ 1024 if (!tcp_write_queue_empty(ssk)) 1025 return NULL; 1026 1027 if (subflow->backup) { 1028 if (!backup) 1029 backup = ssk; 1030 continue; 1031 } 1032 1033 return ssk; 1034 } 1035 1036 return backup; 1037 } 1038 1039 /* subflow sockets can be either outgoing (connect) or incoming 1040 * (accept). 1041 * 1042 * Outgoing subflows use in-kernel sockets. 1043 * Incoming subflows do not have their own 'struct socket' allocated, 1044 * so we need to use tcp_close() after detaching them from the mptcp 1045 * parent socket. 1046 */ 1047 static void __mptcp_close_ssk(struct sock *sk, struct sock *ssk, 1048 struct mptcp_subflow_context *subflow, 1049 long timeout) 1050 { 1051 struct socket *sock = READ_ONCE(ssk->sk_socket); 1052 1053 list_del(&subflow->node); 1054 1055 if (sock && sock != sk->sk_socket) { 1056 /* outgoing subflow */ 1057 sock_release(sock); 1058 } else { 1059 /* incoming subflow */ 1060 tcp_close(ssk, timeout); 1061 } 1062 } 1063 1064 static unsigned int mptcp_sync_mss(struct sock *sk, u32 pmtu) 1065 { 1066 return 0; 1067 } 1068 1069 static void mptcp_check_for_eof(struct mptcp_sock *msk) 1070 { 1071 struct mptcp_subflow_context *subflow; 1072 struct sock *sk = (struct sock *)msk; 1073 int receivers = 0; 1074 1075 mptcp_for_each_subflow(msk, subflow) 1076 receivers += !subflow->rx_eof; 1077 1078 if (!receivers && !(sk->sk_shutdown & RCV_SHUTDOWN)) { 1079 /* hopefully temporary hack: propagate shutdown status 1080 * to msk, when all subflows agree on it 1081 */ 1082 sk->sk_shutdown |= RCV_SHUTDOWN; 1083 1084 smp_mb__before_atomic(); /* SHUTDOWN must be visible first */ 1085 set_bit(MPTCP_DATA_READY, &msk->flags); 1086 sk->sk_data_ready(sk); 1087 } 1088 } 1089 1090 static void mptcp_worker(struct work_struct *work) 1091 { 1092 struct mptcp_sock *msk = container_of(work, struct mptcp_sock, work); 1093 struct sock *ssk, *sk = &msk->sk.icsk_inet.sk; 1094 int orig_len, orig_offset, ret, mss_now = 0, size_goal = 0; 1095 struct mptcp_data_frag *dfrag; 1096 u64 orig_write_seq; 1097 size_t copied = 0; 1098 struct msghdr msg; 1099 long timeo = 0; 1100 1101 lock_sock(sk); 1102 mptcp_clean_una(sk); 1103 __mptcp_flush_join_list(msk); 1104 __mptcp_move_skbs(msk); 1105 1106 if (test_and_clear_bit(MPTCP_WORK_EOF, &msk->flags)) 1107 mptcp_check_for_eof(msk); 1108 1109 if (!test_and_clear_bit(MPTCP_WORK_RTX, &msk->flags)) 1110 goto unlock; 1111 1112 dfrag = mptcp_rtx_head(sk); 1113 if (!dfrag) 1114 goto unlock; 1115 1116 ssk = mptcp_subflow_get_retrans(msk); 1117 if (!ssk) 1118 goto reset_unlock; 1119 1120 lock_sock(ssk); 1121 1122 msg.msg_flags = MSG_DONTWAIT; 1123 orig_len = dfrag->data_len; 1124 orig_offset = dfrag->offset; 1125 orig_write_seq = dfrag->data_seq; 1126 while (dfrag->data_len > 0) { 1127 ret = mptcp_sendmsg_frag(sk, ssk, &msg, dfrag, &timeo, &mss_now, 1128 &size_goal); 1129 if (ret < 0) 1130 break; 1131 1132 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_RETRANSSEGS); 1133 copied += ret; 1134 dfrag->data_len -= ret; 1135 dfrag->offset += ret; 1136 } 1137 if (copied) 1138 tcp_push(ssk, msg.msg_flags, mss_now, tcp_sk(ssk)->nonagle, 1139 size_goal); 1140 1141 dfrag->data_seq = orig_write_seq; 1142 dfrag->offset = orig_offset; 1143 dfrag->data_len = orig_len; 1144 1145 mptcp_set_timeout(sk, ssk); 1146 release_sock(ssk); 1147 1148 reset_unlock: 1149 if (!mptcp_timer_pending(sk)) 1150 mptcp_reset_timer(sk); 1151 1152 unlock: 1153 release_sock(sk); 1154 sock_put(sk); 1155 } 1156 1157 static int __mptcp_init_sock(struct sock *sk) 1158 { 1159 struct mptcp_sock *msk = mptcp_sk(sk); 1160 1161 spin_lock_init(&msk->join_list_lock); 1162 1163 INIT_LIST_HEAD(&msk->conn_list); 1164 INIT_LIST_HEAD(&msk->join_list); 1165 INIT_LIST_HEAD(&msk->rtx_queue); 1166 __set_bit(MPTCP_SEND_SPACE, &msk->flags); 1167 INIT_WORK(&msk->work, mptcp_worker); 1168 1169 msk->first = NULL; 1170 inet_csk(sk)->icsk_sync_mss = mptcp_sync_mss; 1171 1172 mptcp_pm_data_init(msk); 1173 1174 /* re-use the csk retrans timer for MPTCP-level retrans */ 1175 timer_setup(&msk->sk.icsk_retransmit_timer, mptcp_retransmit_timer, 0); 1176 1177 return 0; 1178 } 1179 1180 static int mptcp_init_sock(struct sock *sk) 1181 { 1182 struct net *net = sock_net(sk); 1183 int ret; 1184 1185 if (!mptcp_is_enabled(net)) 1186 return -ENOPROTOOPT; 1187 1188 if (unlikely(!net->mib.mptcp_statistics) && !mptcp_mib_alloc(net)) 1189 return -ENOMEM; 1190 1191 ret = __mptcp_init_sock(sk); 1192 if (ret) 1193 return ret; 1194 1195 sk_sockets_allocated_inc(sk); 1196 sk->sk_sndbuf = sock_net(sk)->ipv4.sysctl_tcp_wmem[2]; 1197 1198 return 0; 1199 } 1200 1201 static void __mptcp_clear_xmit(struct sock *sk) 1202 { 1203 struct mptcp_sock *msk = mptcp_sk(sk); 1204 struct mptcp_data_frag *dtmp, *dfrag; 1205 1206 sk_stop_timer(sk, &msk->sk.icsk_retransmit_timer); 1207 1208 list_for_each_entry_safe(dfrag, dtmp, &msk->rtx_queue, list) 1209 dfrag_clear(sk, dfrag); 1210 } 1211 1212 static void mptcp_cancel_work(struct sock *sk) 1213 { 1214 struct mptcp_sock *msk = mptcp_sk(sk); 1215 1216 if (cancel_work_sync(&msk->work)) 1217 sock_put(sk); 1218 } 1219 1220 static void mptcp_subflow_shutdown(struct sock *ssk, int how, 1221 bool data_fin_tx_enable, u64 data_fin_tx_seq) 1222 { 1223 lock_sock(ssk); 1224 1225 switch (ssk->sk_state) { 1226 case TCP_LISTEN: 1227 if (!(how & RCV_SHUTDOWN)) 1228 break; 1229 /* fall through */ 1230 case TCP_SYN_SENT: 1231 tcp_disconnect(ssk, O_NONBLOCK); 1232 break; 1233 default: 1234 if (data_fin_tx_enable) { 1235 struct mptcp_subflow_context *subflow; 1236 1237 subflow = mptcp_subflow_ctx(ssk); 1238 subflow->data_fin_tx_seq = data_fin_tx_seq; 1239 subflow->data_fin_tx_enable = 1; 1240 } 1241 1242 ssk->sk_shutdown |= how; 1243 tcp_shutdown(ssk, how); 1244 break; 1245 } 1246 1247 /* Wake up anyone sleeping in poll. */ 1248 ssk->sk_state_change(ssk); 1249 release_sock(ssk); 1250 } 1251 1252 /* Called with msk lock held, releases such lock before returning */ 1253 static void mptcp_close(struct sock *sk, long timeout) 1254 { 1255 struct mptcp_subflow_context *subflow, *tmp; 1256 struct mptcp_sock *msk = mptcp_sk(sk); 1257 LIST_HEAD(conn_list); 1258 u64 data_fin_tx_seq; 1259 1260 lock_sock(sk); 1261 1262 mptcp_token_destroy(msk->token); 1263 inet_sk_state_store(sk, TCP_CLOSE); 1264 1265 __mptcp_flush_join_list(msk); 1266 1267 list_splice_init(&msk->conn_list, &conn_list); 1268 1269 data_fin_tx_seq = msk->write_seq; 1270 1271 __mptcp_clear_xmit(sk); 1272 1273 release_sock(sk); 1274 1275 list_for_each_entry_safe(subflow, tmp, &conn_list, node) { 1276 struct sock *ssk = mptcp_subflow_tcp_sock(subflow); 1277 1278 subflow->data_fin_tx_seq = data_fin_tx_seq; 1279 subflow->data_fin_tx_enable = 1; 1280 __mptcp_close_ssk(sk, ssk, subflow, timeout); 1281 } 1282 1283 mptcp_cancel_work(sk); 1284 mptcp_pm_close(msk); 1285 1286 __skb_queue_purge(&sk->sk_receive_queue); 1287 1288 sk_common_release(sk); 1289 } 1290 1291 static void mptcp_copy_inaddrs(struct sock *msk, const struct sock *ssk) 1292 { 1293 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 1294 const struct ipv6_pinfo *ssk6 = inet6_sk(ssk); 1295 struct ipv6_pinfo *msk6 = inet6_sk(msk); 1296 1297 msk->sk_v6_daddr = ssk->sk_v6_daddr; 1298 msk->sk_v6_rcv_saddr = ssk->sk_v6_rcv_saddr; 1299 1300 if (msk6 && ssk6) { 1301 msk6->saddr = ssk6->saddr; 1302 msk6->flow_label = ssk6->flow_label; 1303 } 1304 #endif 1305 1306 inet_sk(msk)->inet_num = inet_sk(ssk)->inet_num; 1307 inet_sk(msk)->inet_dport = inet_sk(ssk)->inet_dport; 1308 inet_sk(msk)->inet_sport = inet_sk(ssk)->inet_sport; 1309 inet_sk(msk)->inet_daddr = inet_sk(ssk)->inet_daddr; 1310 inet_sk(msk)->inet_saddr = inet_sk(ssk)->inet_saddr; 1311 inet_sk(msk)->inet_rcv_saddr = inet_sk(ssk)->inet_rcv_saddr; 1312 } 1313 1314 static int mptcp_disconnect(struct sock *sk, int flags) 1315 { 1316 lock_sock(sk); 1317 __mptcp_clear_xmit(sk); 1318 release_sock(sk); 1319 mptcp_cancel_work(sk); 1320 return tcp_disconnect(sk, flags); 1321 } 1322 1323 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 1324 static struct ipv6_pinfo *mptcp_inet6_sk(const struct sock *sk) 1325 { 1326 unsigned int offset = sizeof(struct mptcp6_sock) - sizeof(struct ipv6_pinfo); 1327 1328 return (struct ipv6_pinfo *)(((u8 *)sk) + offset); 1329 } 1330 #endif 1331 1332 struct sock *mptcp_sk_clone(const struct sock *sk, struct request_sock *req) 1333 { 1334 struct mptcp_subflow_request_sock *subflow_req = mptcp_subflow_rsk(req); 1335 struct sock *nsk = sk_clone_lock(sk, GFP_ATOMIC); 1336 struct mptcp_sock *msk; 1337 u64 ack_seq; 1338 1339 if (!nsk) 1340 return NULL; 1341 1342 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 1343 if (nsk->sk_family == AF_INET6) 1344 inet_sk(nsk)->pinet6 = mptcp_inet6_sk(nsk); 1345 #endif 1346 1347 __mptcp_init_sock(nsk); 1348 1349 msk = mptcp_sk(nsk); 1350 msk->local_key = subflow_req->local_key; 1351 msk->token = subflow_req->token; 1352 msk->subflow = NULL; 1353 1354 if (unlikely(mptcp_token_new_accept(subflow_req->token, nsk))) { 1355 bh_unlock_sock(nsk); 1356 1357 /* we can't call into mptcp_close() here - possible BH context 1358 * free the sock directly 1359 */ 1360 nsk->sk_prot->destroy(nsk); 1361 sk_free(nsk); 1362 return NULL; 1363 } 1364 1365 msk->write_seq = subflow_req->idsn + 1; 1366 atomic64_set(&msk->snd_una, msk->write_seq); 1367 if (subflow_req->remote_key_valid) { 1368 msk->can_ack = true; 1369 msk->remote_key = subflow_req->remote_key; 1370 mptcp_crypto_key_sha(msk->remote_key, NULL, &ack_seq); 1371 ack_seq++; 1372 msk->ack_seq = ack_seq; 1373 } 1374 1375 /* will be fully established after successful MPC subflow creation */ 1376 inet_sk_state_store(nsk, TCP_SYN_RECV); 1377 bh_unlock_sock(nsk); 1378 1379 /* keep a single reference */ 1380 __sock_put(nsk); 1381 return nsk; 1382 } 1383 1384 static struct sock *mptcp_accept(struct sock *sk, int flags, int *err, 1385 bool kern) 1386 { 1387 struct mptcp_sock *msk = mptcp_sk(sk); 1388 struct socket *listener; 1389 struct sock *newsk; 1390 1391 listener = __mptcp_nmpc_socket(msk); 1392 if (WARN_ON_ONCE(!listener)) { 1393 *err = -EINVAL; 1394 return NULL; 1395 } 1396 1397 pr_debug("msk=%p, listener=%p", msk, mptcp_subflow_ctx(listener->sk)); 1398 newsk = inet_csk_accept(listener->sk, flags, err, kern); 1399 if (!newsk) 1400 return NULL; 1401 1402 pr_debug("msk=%p, subflow is mptcp=%d", msk, sk_is_mptcp(newsk)); 1403 1404 if (sk_is_mptcp(newsk)) { 1405 struct mptcp_subflow_context *subflow; 1406 struct sock *new_mptcp_sock; 1407 struct sock *ssk = newsk; 1408 1409 subflow = mptcp_subflow_ctx(newsk); 1410 new_mptcp_sock = subflow->conn; 1411 1412 /* is_mptcp should be false if subflow->conn is missing, see 1413 * subflow_syn_recv_sock() 1414 */ 1415 if (WARN_ON_ONCE(!new_mptcp_sock)) { 1416 tcp_sk(newsk)->is_mptcp = 0; 1417 return newsk; 1418 } 1419 1420 /* acquire the 2nd reference for the owning socket */ 1421 sock_hold(new_mptcp_sock); 1422 1423 local_bh_disable(); 1424 bh_lock_sock(new_mptcp_sock); 1425 msk = mptcp_sk(new_mptcp_sock); 1426 msk->first = newsk; 1427 1428 newsk = new_mptcp_sock; 1429 mptcp_copy_inaddrs(newsk, ssk); 1430 list_add(&subflow->node, &msk->conn_list); 1431 1432 bh_unlock_sock(new_mptcp_sock); 1433 1434 __MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_MPCAPABLEPASSIVEACK); 1435 local_bh_enable(); 1436 } else { 1437 MPTCP_INC_STATS(sock_net(sk), 1438 MPTCP_MIB_MPCAPABLEPASSIVEFALLBACK); 1439 } 1440 1441 return newsk; 1442 } 1443 1444 static void mptcp_destroy(struct sock *sk) 1445 { 1446 struct mptcp_sock *msk = mptcp_sk(sk); 1447 1448 if (msk->cached_ext) 1449 __skb_ext_put(msk->cached_ext); 1450 1451 sk_sockets_allocated_dec(sk); 1452 } 1453 1454 static int mptcp_setsockopt(struct sock *sk, int level, int optname, 1455 char __user *optval, unsigned int optlen) 1456 { 1457 struct mptcp_sock *msk = mptcp_sk(sk); 1458 struct socket *ssock; 1459 1460 pr_debug("msk=%p", msk); 1461 1462 /* @@ the meaning of setsockopt() when the socket is connected and 1463 * there are multiple subflows is not yet defined. It is up to the 1464 * MPTCP-level socket to configure the subflows until the subflow 1465 * is in TCP fallback, when TCP socket options are passed through 1466 * to the one remaining subflow. 1467 */ 1468 lock_sock(sk); 1469 ssock = __mptcp_tcp_fallback(msk); 1470 if (ssock) 1471 return tcp_setsockopt(ssock->sk, level, optname, optval, 1472 optlen); 1473 1474 release_sock(sk); 1475 1476 return -EOPNOTSUPP; 1477 } 1478 1479 static int mptcp_getsockopt(struct sock *sk, int level, int optname, 1480 char __user *optval, int __user *option) 1481 { 1482 struct mptcp_sock *msk = mptcp_sk(sk); 1483 struct socket *ssock; 1484 1485 pr_debug("msk=%p", msk); 1486 1487 /* @@ the meaning of setsockopt() when the socket is connected and 1488 * there are multiple subflows is not yet defined. It is up to the 1489 * MPTCP-level socket to configure the subflows until the subflow 1490 * is in TCP fallback, when socket options are passed through 1491 * to the one remaining subflow. 1492 */ 1493 lock_sock(sk); 1494 ssock = __mptcp_tcp_fallback(msk); 1495 if (ssock) 1496 return tcp_getsockopt(ssock->sk, level, optname, optval, 1497 option); 1498 1499 release_sock(sk); 1500 1501 return -EOPNOTSUPP; 1502 } 1503 1504 #define MPTCP_DEFERRED_ALL (TCPF_DELACK_TIMER_DEFERRED | \ 1505 TCPF_WRITE_TIMER_DEFERRED) 1506 1507 /* this is very alike tcp_release_cb() but we must handle differently a 1508 * different set of events 1509 */ 1510 static void mptcp_release_cb(struct sock *sk) 1511 { 1512 unsigned long flags, nflags; 1513 1514 do { 1515 flags = sk->sk_tsq_flags; 1516 if (!(flags & MPTCP_DEFERRED_ALL)) 1517 return; 1518 nflags = flags & ~MPTCP_DEFERRED_ALL; 1519 } while (cmpxchg(&sk->sk_tsq_flags, flags, nflags) != flags); 1520 1521 sock_release_ownership(sk); 1522 1523 if (flags & TCPF_DELACK_TIMER_DEFERRED) { 1524 struct mptcp_sock *msk = mptcp_sk(sk); 1525 struct sock *ssk; 1526 1527 ssk = mptcp_subflow_recv_lookup(msk); 1528 if (!ssk || !schedule_work(&msk->work)) 1529 __sock_put(sk); 1530 } 1531 1532 if (flags & TCPF_WRITE_TIMER_DEFERRED) { 1533 mptcp_retransmit_handler(sk); 1534 __sock_put(sk); 1535 } 1536 } 1537 1538 static int mptcp_get_port(struct sock *sk, unsigned short snum) 1539 { 1540 struct mptcp_sock *msk = mptcp_sk(sk); 1541 struct socket *ssock; 1542 1543 ssock = __mptcp_nmpc_socket(msk); 1544 pr_debug("msk=%p, subflow=%p", msk, ssock); 1545 if (WARN_ON_ONCE(!ssock)) 1546 return -EINVAL; 1547 1548 return inet_csk_get_port(ssock->sk, snum); 1549 } 1550 1551 void mptcp_finish_connect(struct sock *ssk) 1552 { 1553 struct mptcp_subflow_context *subflow; 1554 struct mptcp_sock *msk; 1555 struct sock *sk; 1556 u64 ack_seq; 1557 1558 subflow = mptcp_subflow_ctx(ssk); 1559 sk = subflow->conn; 1560 msk = mptcp_sk(sk); 1561 1562 if (!subflow->mp_capable) { 1563 MPTCP_INC_STATS(sock_net(sk), 1564 MPTCP_MIB_MPCAPABLEACTIVEFALLBACK); 1565 return; 1566 } 1567 1568 pr_debug("msk=%p, token=%u", sk, subflow->token); 1569 1570 mptcp_crypto_key_sha(subflow->remote_key, NULL, &ack_seq); 1571 ack_seq++; 1572 subflow->map_seq = ack_seq; 1573 subflow->map_subflow_seq = 1; 1574 subflow->rel_write_seq = 1; 1575 1576 /* the socket is not connected yet, no msk/subflow ops can access/race 1577 * accessing the field below 1578 */ 1579 WRITE_ONCE(msk->remote_key, subflow->remote_key); 1580 WRITE_ONCE(msk->local_key, subflow->local_key); 1581 WRITE_ONCE(msk->token, subflow->token); 1582 WRITE_ONCE(msk->write_seq, subflow->idsn + 1); 1583 WRITE_ONCE(msk->ack_seq, ack_seq); 1584 WRITE_ONCE(msk->can_ack, 1); 1585 atomic64_set(&msk->snd_una, msk->write_seq); 1586 1587 mptcp_pm_new_connection(msk, 0); 1588 } 1589 1590 static void mptcp_sock_graft(struct sock *sk, struct socket *parent) 1591 { 1592 write_lock_bh(&sk->sk_callback_lock); 1593 rcu_assign_pointer(sk->sk_wq, &parent->wq); 1594 sk_set_socket(sk, parent); 1595 sk->sk_uid = SOCK_INODE(parent)->i_uid; 1596 write_unlock_bh(&sk->sk_callback_lock); 1597 } 1598 1599 bool mptcp_finish_join(struct sock *sk) 1600 { 1601 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); 1602 struct mptcp_sock *msk = mptcp_sk(subflow->conn); 1603 struct sock *parent = (void *)msk; 1604 struct socket *parent_sock; 1605 bool ret; 1606 1607 pr_debug("msk=%p, subflow=%p", msk, subflow); 1608 1609 /* mptcp socket already closing? */ 1610 if (inet_sk_state_load(parent) != TCP_ESTABLISHED) 1611 return false; 1612 1613 if (!msk->pm.server_side) 1614 return true; 1615 1616 /* passive connection, attach to msk socket */ 1617 parent_sock = READ_ONCE(parent->sk_socket); 1618 if (parent_sock && !sk->sk_socket) 1619 mptcp_sock_graft(sk, parent_sock); 1620 1621 ret = mptcp_pm_allow_new_subflow(msk); 1622 if (ret) { 1623 /* active connections are already on conn_list */ 1624 spin_lock_bh(&msk->join_list_lock); 1625 if (!WARN_ON_ONCE(!list_empty(&subflow->node))) 1626 list_add_tail(&subflow->node, &msk->join_list); 1627 spin_unlock_bh(&msk->join_list_lock); 1628 } 1629 return ret; 1630 } 1631 1632 bool mptcp_sk_is_subflow(const struct sock *sk) 1633 { 1634 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); 1635 1636 return subflow->mp_join == 1; 1637 } 1638 1639 static bool mptcp_memory_free(const struct sock *sk, int wake) 1640 { 1641 struct mptcp_sock *msk = mptcp_sk(sk); 1642 1643 return wake ? test_bit(MPTCP_SEND_SPACE, &msk->flags) : true; 1644 } 1645 1646 static struct proto mptcp_prot = { 1647 .name = "MPTCP", 1648 .owner = THIS_MODULE, 1649 .init = mptcp_init_sock, 1650 .disconnect = mptcp_disconnect, 1651 .close = mptcp_close, 1652 .accept = mptcp_accept, 1653 .setsockopt = mptcp_setsockopt, 1654 .getsockopt = mptcp_getsockopt, 1655 .shutdown = tcp_shutdown, 1656 .destroy = mptcp_destroy, 1657 .sendmsg = mptcp_sendmsg, 1658 .recvmsg = mptcp_recvmsg, 1659 .release_cb = mptcp_release_cb, 1660 .hash = inet_hash, 1661 .unhash = inet_unhash, 1662 .get_port = mptcp_get_port, 1663 .sockets_allocated = &mptcp_sockets_allocated, 1664 .memory_allocated = &tcp_memory_allocated, 1665 .memory_pressure = &tcp_memory_pressure, 1666 .stream_memory_free = mptcp_memory_free, 1667 .sysctl_wmem_offset = offsetof(struct net, ipv4.sysctl_tcp_wmem), 1668 .sysctl_mem = sysctl_tcp_mem, 1669 .obj_size = sizeof(struct mptcp_sock), 1670 .no_autobind = true, 1671 }; 1672 1673 static int mptcp_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) 1674 { 1675 struct mptcp_sock *msk = mptcp_sk(sock->sk); 1676 struct socket *ssock; 1677 int err; 1678 1679 lock_sock(sock->sk); 1680 ssock = __mptcp_socket_create(msk, MPTCP_SAME_STATE); 1681 if (IS_ERR(ssock)) { 1682 err = PTR_ERR(ssock); 1683 goto unlock; 1684 } 1685 1686 err = ssock->ops->bind(ssock, uaddr, addr_len); 1687 if (!err) 1688 mptcp_copy_inaddrs(sock->sk, ssock->sk); 1689 1690 unlock: 1691 release_sock(sock->sk); 1692 return err; 1693 } 1694 1695 static int mptcp_stream_connect(struct socket *sock, struct sockaddr *uaddr, 1696 int addr_len, int flags) 1697 { 1698 struct mptcp_sock *msk = mptcp_sk(sock->sk); 1699 struct socket *ssock; 1700 int err; 1701 1702 lock_sock(sock->sk); 1703 ssock = __mptcp_socket_create(msk, TCP_SYN_SENT); 1704 if (IS_ERR(ssock)) { 1705 err = PTR_ERR(ssock); 1706 goto unlock; 1707 } 1708 1709 #ifdef CONFIG_TCP_MD5SIG 1710 /* no MPTCP if MD5SIG is enabled on this socket or we may run out of 1711 * TCP option space. 1712 */ 1713 if (rcu_access_pointer(tcp_sk(ssock->sk)->md5sig_info)) 1714 mptcp_subflow_ctx(ssock->sk)->request_mptcp = 0; 1715 #endif 1716 1717 err = ssock->ops->connect(ssock, uaddr, addr_len, flags); 1718 inet_sk_state_store(sock->sk, inet_sk_state_load(ssock->sk)); 1719 mptcp_copy_inaddrs(sock->sk, ssock->sk); 1720 1721 unlock: 1722 release_sock(sock->sk); 1723 return err; 1724 } 1725 1726 static int mptcp_v4_getname(struct socket *sock, struct sockaddr *uaddr, 1727 int peer) 1728 { 1729 if (sock->sk->sk_prot == &tcp_prot) { 1730 /* we are being invoked from __sys_accept4, after 1731 * mptcp_accept() has just accepted a non-mp-capable 1732 * flow: sk is a tcp_sk, not an mptcp one. 1733 * 1734 * Hand the socket over to tcp so all further socket ops 1735 * bypass mptcp. 1736 */ 1737 sock->ops = &inet_stream_ops; 1738 } 1739 1740 return inet_getname(sock, uaddr, peer); 1741 } 1742 1743 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 1744 static int mptcp_v6_getname(struct socket *sock, struct sockaddr *uaddr, 1745 int peer) 1746 { 1747 if (sock->sk->sk_prot == &tcpv6_prot) { 1748 /* we are being invoked from __sys_accept4 after 1749 * mptcp_accept() has accepted a non-mp-capable 1750 * subflow: sk is a tcp_sk, not mptcp. 1751 * 1752 * Hand the socket over to tcp so all further 1753 * socket ops bypass mptcp. 1754 */ 1755 sock->ops = &inet6_stream_ops; 1756 } 1757 1758 return inet6_getname(sock, uaddr, peer); 1759 } 1760 #endif 1761 1762 static int mptcp_listen(struct socket *sock, int backlog) 1763 { 1764 struct mptcp_sock *msk = mptcp_sk(sock->sk); 1765 struct socket *ssock; 1766 int err; 1767 1768 pr_debug("msk=%p", msk); 1769 1770 lock_sock(sock->sk); 1771 ssock = __mptcp_socket_create(msk, TCP_LISTEN); 1772 if (IS_ERR(ssock)) { 1773 err = PTR_ERR(ssock); 1774 goto unlock; 1775 } 1776 1777 err = ssock->ops->listen(ssock, backlog); 1778 inet_sk_state_store(sock->sk, inet_sk_state_load(ssock->sk)); 1779 if (!err) 1780 mptcp_copy_inaddrs(sock->sk, ssock->sk); 1781 1782 unlock: 1783 release_sock(sock->sk); 1784 return err; 1785 } 1786 1787 static bool is_tcp_proto(const struct proto *p) 1788 { 1789 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 1790 return p == &tcp_prot || p == &tcpv6_prot; 1791 #else 1792 return p == &tcp_prot; 1793 #endif 1794 } 1795 1796 static int mptcp_stream_accept(struct socket *sock, struct socket *newsock, 1797 int flags, bool kern) 1798 { 1799 struct mptcp_sock *msk = mptcp_sk(sock->sk); 1800 struct socket *ssock; 1801 int err; 1802 1803 pr_debug("msk=%p", msk); 1804 1805 lock_sock(sock->sk); 1806 if (sock->sk->sk_state != TCP_LISTEN) 1807 goto unlock_fail; 1808 1809 ssock = __mptcp_nmpc_socket(msk); 1810 if (!ssock) 1811 goto unlock_fail; 1812 1813 sock_hold(ssock->sk); 1814 release_sock(sock->sk); 1815 1816 err = ssock->ops->accept(sock, newsock, flags, kern); 1817 if (err == 0 && !is_tcp_proto(newsock->sk->sk_prot)) { 1818 struct mptcp_sock *msk = mptcp_sk(newsock->sk); 1819 struct mptcp_subflow_context *subflow; 1820 1821 /* set ssk->sk_socket of accept()ed flows to mptcp socket. 1822 * This is needed so NOSPACE flag can be set from tcp stack. 1823 */ 1824 __mptcp_flush_join_list(msk); 1825 list_for_each_entry(subflow, &msk->conn_list, node) { 1826 struct sock *ssk = mptcp_subflow_tcp_sock(subflow); 1827 1828 if (!ssk->sk_socket) 1829 mptcp_sock_graft(ssk, newsock); 1830 } 1831 } 1832 1833 sock_put(ssock->sk); 1834 return err; 1835 1836 unlock_fail: 1837 release_sock(sock->sk); 1838 return -EINVAL; 1839 } 1840 1841 static __poll_t mptcp_poll(struct file *file, struct socket *sock, 1842 struct poll_table_struct *wait) 1843 { 1844 struct sock *sk = sock->sk; 1845 struct mptcp_sock *msk; 1846 struct socket *ssock; 1847 __poll_t mask = 0; 1848 1849 msk = mptcp_sk(sk); 1850 lock_sock(sk); 1851 ssock = __mptcp_tcp_fallback(msk); 1852 if (!ssock) 1853 ssock = __mptcp_nmpc_socket(msk); 1854 if (ssock) { 1855 mask = ssock->ops->poll(file, ssock, wait); 1856 release_sock(sk); 1857 return mask; 1858 } 1859 1860 release_sock(sk); 1861 sock_poll_wait(file, sock, wait); 1862 lock_sock(sk); 1863 1864 if (test_bit(MPTCP_DATA_READY, &msk->flags)) 1865 mask = EPOLLIN | EPOLLRDNORM; 1866 if (sk_stream_is_writeable(sk) && 1867 test_bit(MPTCP_SEND_SPACE, &msk->flags)) 1868 mask |= EPOLLOUT | EPOLLWRNORM; 1869 if (sk->sk_shutdown & RCV_SHUTDOWN) 1870 mask |= EPOLLIN | EPOLLRDNORM | EPOLLRDHUP; 1871 1872 release_sock(sk); 1873 1874 return mask; 1875 } 1876 1877 static int mptcp_shutdown(struct socket *sock, int how) 1878 { 1879 struct mptcp_sock *msk = mptcp_sk(sock->sk); 1880 struct mptcp_subflow_context *subflow; 1881 struct socket *ssock; 1882 int ret = 0; 1883 1884 pr_debug("sk=%p, how=%d", msk, how); 1885 1886 lock_sock(sock->sk); 1887 ssock = __mptcp_tcp_fallback(msk); 1888 if (ssock) { 1889 release_sock(sock->sk); 1890 return inet_shutdown(ssock, how); 1891 } 1892 1893 if (how == SHUT_WR || how == SHUT_RDWR) 1894 inet_sk_state_store(sock->sk, TCP_FIN_WAIT1); 1895 1896 how++; 1897 1898 if ((how & ~SHUTDOWN_MASK) || !how) { 1899 ret = -EINVAL; 1900 goto out_unlock; 1901 } 1902 1903 if (sock->state == SS_CONNECTING) { 1904 if ((1 << sock->sk->sk_state) & 1905 (TCPF_SYN_SENT | TCPF_SYN_RECV | TCPF_CLOSE)) 1906 sock->state = SS_DISCONNECTING; 1907 else 1908 sock->state = SS_CONNECTED; 1909 } 1910 1911 __mptcp_flush_join_list(msk); 1912 mptcp_for_each_subflow(msk, subflow) { 1913 struct sock *tcp_sk = mptcp_subflow_tcp_sock(subflow); 1914 1915 mptcp_subflow_shutdown(tcp_sk, how, 1, msk->write_seq); 1916 } 1917 1918 out_unlock: 1919 release_sock(sock->sk); 1920 1921 return ret; 1922 } 1923 1924 static const struct proto_ops mptcp_stream_ops = { 1925 .family = PF_INET, 1926 .owner = THIS_MODULE, 1927 .release = inet_release, 1928 .bind = mptcp_bind, 1929 .connect = mptcp_stream_connect, 1930 .socketpair = sock_no_socketpair, 1931 .accept = mptcp_stream_accept, 1932 .getname = mptcp_v4_getname, 1933 .poll = mptcp_poll, 1934 .ioctl = inet_ioctl, 1935 .gettstamp = sock_gettstamp, 1936 .listen = mptcp_listen, 1937 .shutdown = mptcp_shutdown, 1938 .setsockopt = sock_common_setsockopt, 1939 .getsockopt = sock_common_getsockopt, 1940 .sendmsg = inet_sendmsg, 1941 .recvmsg = inet_recvmsg, 1942 .mmap = sock_no_mmap, 1943 .sendpage = inet_sendpage, 1944 #ifdef CONFIG_COMPAT 1945 .compat_setsockopt = compat_sock_common_setsockopt, 1946 .compat_getsockopt = compat_sock_common_getsockopt, 1947 #endif 1948 }; 1949 1950 static struct inet_protosw mptcp_protosw = { 1951 .type = SOCK_STREAM, 1952 .protocol = IPPROTO_MPTCP, 1953 .prot = &mptcp_prot, 1954 .ops = &mptcp_stream_ops, 1955 .flags = INET_PROTOSW_ICSK, 1956 }; 1957 1958 void mptcp_proto_init(void) 1959 { 1960 mptcp_prot.h.hashinfo = tcp_prot.h.hashinfo; 1961 1962 if (percpu_counter_init(&mptcp_sockets_allocated, 0, GFP_KERNEL)) 1963 panic("Failed to allocate MPTCP pcpu counter\n"); 1964 1965 mptcp_subflow_init(); 1966 mptcp_pm_init(); 1967 1968 if (proto_register(&mptcp_prot, 1) != 0) 1969 panic("Failed to register MPTCP proto.\n"); 1970 1971 inet_register_protosw(&mptcp_protosw); 1972 1973 BUILD_BUG_ON(sizeof(struct mptcp_skb_cb) > sizeof_field(struct sk_buff, cb)); 1974 } 1975 1976 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 1977 static const struct proto_ops mptcp_v6_stream_ops = { 1978 .family = PF_INET6, 1979 .owner = THIS_MODULE, 1980 .release = inet6_release, 1981 .bind = mptcp_bind, 1982 .connect = mptcp_stream_connect, 1983 .socketpair = sock_no_socketpair, 1984 .accept = mptcp_stream_accept, 1985 .getname = mptcp_v6_getname, 1986 .poll = mptcp_poll, 1987 .ioctl = inet6_ioctl, 1988 .gettstamp = sock_gettstamp, 1989 .listen = mptcp_listen, 1990 .shutdown = mptcp_shutdown, 1991 .setsockopt = sock_common_setsockopt, 1992 .getsockopt = sock_common_getsockopt, 1993 .sendmsg = inet6_sendmsg, 1994 .recvmsg = inet6_recvmsg, 1995 .mmap = sock_no_mmap, 1996 .sendpage = inet_sendpage, 1997 #ifdef CONFIG_COMPAT 1998 .compat_setsockopt = compat_sock_common_setsockopt, 1999 .compat_getsockopt = compat_sock_common_getsockopt, 2000 #endif 2001 }; 2002 2003 static struct proto mptcp_v6_prot; 2004 2005 static void mptcp_v6_destroy(struct sock *sk) 2006 { 2007 mptcp_destroy(sk); 2008 inet6_destroy_sock(sk); 2009 } 2010 2011 static struct inet_protosw mptcp_v6_protosw = { 2012 .type = SOCK_STREAM, 2013 .protocol = IPPROTO_MPTCP, 2014 .prot = &mptcp_v6_prot, 2015 .ops = &mptcp_v6_stream_ops, 2016 .flags = INET_PROTOSW_ICSK, 2017 }; 2018 2019 int mptcp_proto_v6_init(void) 2020 { 2021 int err; 2022 2023 mptcp_v6_prot = mptcp_prot; 2024 strcpy(mptcp_v6_prot.name, "MPTCPv6"); 2025 mptcp_v6_prot.slab = NULL; 2026 mptcp_v6_prot.destroy = mptcp_v6_destroy; 2027 mptcp_v6_prot.obj_size = sizeof(struct mptcp6_sock); 2028 2029 err = proto_register(&mptcp_v6_prot, 1); 2030 if (err) 2031 return err; 2032 2033 err = inet6_register_protosw(&mptcp_v6_protosw); 2034 if (err) 2035 proto_unregister(&mptcp_v6_prot); 2036 2037 return err; 2038 } 2039 #endif 2040