1 // SPDX-License-Identifier: GPL-2.0 2 /* Multipath TCP 3 * 4 * Copyright (c) 2017 - 2019, Intel Corporation. 5 */ 6 7 #define pr_fmt(fmt) "MPTCP: " fmt 8 9 #include <linux/kernel.h> 10 #include <linux/module.h> 11 #include <linux/netdevice.h> 12 #include <linux/sched/signal.h> 13 #include <linux/atomic.h> 14 #include <net/sock.h> 15 #include <net/inet_common.h> 16 #include <net/inet_hashtables.h> 17 #include <net/protocol.h> 18 #include <net/tcp.h> 19 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 20 #include <net/transp_v6.h> 21 #endif 22 #include <net/mptcp.h> 23 #include "protocol.h" 24 #include "mib.h" 25 26 #define MPTCP_SAME_STATE TCP_MAX_STATES 27 28 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 29 struct mptcp6_sock { 30 struct mptcp_sock msk; 31 struct ipv6_pinfo np; 32 }; 33 #endif 34 35 struct mptcp_skb_cb { 36 u32 offset; 37 }; 38 39 #define MPTCP_SKB_CB(__skb) ((struct mptcp_skb_cb *)&((__skb)->cb[0])) 40 41 static struct percpu_counter mptcp_sockets_allocated; 42 43 /* If msk has an initial subflow socket, and the MP_CAPABLE handshake has not 44 * completed yet or has failed, return the subflow socket. 45 * Otherwise return NULL. 46 */ 47 static struct socket *__mptcp_nmpc_socket(const struct mptcp_sock *msk) 48 { 49 if (!msk->subflow || READ_ONCE(msk->can_ack)) 50 return NULL; 51 52 return msk->subflow; 53 } 54 55 static bool __mptcp_needs_tcp_fallback(const struct mptcp_sock *msk) 56 { 57 return msk->first && !sk_is_mptcp(msk->first); 58 } 59 60 static struct socket *mptcp_is_tcpsk(struct sock *sk) 61 { 62 struct socket *sock = sk->sk_socket; 63 64 if (sock->sk != sk) 65 return NULL; 66 67 if (unlikely(sk->sk_prot == &tcp_prot)) { 68 /* we are being invoked after mptcp_accept() has 69 * accepted a non-mp-capable flow: sk is a tcp_sk, 70 * not an mptcp one. 71 * 72 * Hand the socket over to tcp so all further socket ops 73 * bypass mptcp. 74 */ 75 sock->ops = &inet_stream_ops; 76 return sock; 77 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 78 } else if (unlikely(sk->sk_prot == &tcpv6_prot)) { 79 sock->ops = &inet6_stream_ops; 80 return sock; 81 #endif 82 } 83 84 return NULL; 85 } 86 87 static struct socket *__mptcp_tcp_fallback(struct mptcp_sock *msk) 88 { 89 struct socket *sock; 90 91 sock_owned_by_me((const struct sock *)msk); 92 93 sock = mptcp_is_tcpsk((struct sock *)msk); 94 if (unlikely(sock)) 95 return sock; 96 97 if (likely(!__mptcp_needs_tcp_fallback(msk))) 98 return NULL; 99 100 return msk->subflow; 101 } 102 103 static bool __mptcp_can_create_subflow(const struct mptcp_sock *msk) 104 { 105 return !msk->first; 106 } 107 108 static struct socket *__mptcp_socket_create(struct mptcp_sock *msk, int state) 109 { 110 struct mptcp_subflow_context *subflow; 111 struct sock *sk = (struct sock *)msk; 112 struct socket *ssock; 113 int err; 114 115 ssock = __mptcp_tcp_fallback(msk); 116 if (unlikely(ssock)) 117 return ssock; 118 119 ssock = __mptcp_nmpc_socket(msk); 120 if (ssock) 121 goto set_state; 122 123 if (!__mptcp_can_create_subflow(msk)) 124 return ERR_PTR(-EINVAL); 125 126 err = mptcp_subflow_create_socket(sk, &ssock); 127 if (err) 128 return ERR_PTR(err); 129 130 msk->first = ssock->sk; 131 msk->subflow = ssock; 132 subflow = mptcp_subflow_ctx(ssock->sk); 133 list_add(&subflow->node, &msk->conn_list); 134 subflow->request_mptcp = 1; 135 136 set_state: 137 if (state != MPTCP_SAME_STATE) 138 inet_sk_state_store(sk, state); 139 return ssock; 140 } 141 142 static void __mptcp_move_skb(struct mptcp_sock *msk, struct sock *ssk, 143 struct sk_buff *skb, 144 unsigned int offset, size_t copy_len) 145 { 146 struct sock *sk = (struct sock *)msk; 147 148 __skb_unlink(skb, &ssk->sk_receive_queue); 149 skb_set_owner_r(skb, sk); 150 __skb_queue_tail(&sk->sk_receive_queue, skb); 151 152 msk->ack_seq += copy_len; 153 MPTCP_SKB_CB(skb)->offset = offset; 154 } 155 156 /* both sockets must be locked */ 157 static bool mptcp_subflow_dsn_valid(const struct mptcp_sock *msk, 158 struct sock *ssk) 159 { 160 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk); 161 u64 dsn = mptcp_subflow_get_mapped_dsn(subflow); 162 163 /* revalidate data sequence number. 164 * 165 * mptcp_subflow_data_available() is usually called 166 * without msk lock. Its unlikely (but possible) 167 * that msk->ack_seq has been advanced since the last 168 * call found in-sequence data. 169 */ 170 if (likely(dsn == msk->ack_seq)) 171 return true; 172 173 subflow->data_avail = 0; 174 return mptcp_subflow_data_available(ssk); 175 } 176 177 static bool __mptcp_move_skbs_from_subflow(struct mptcp_sock *msk, 178 struct sock *ssk, 179 unsigned int *bytes) 180 { 181 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk); 182 struct sock *sk = (struct sock *)msk; 183 unsigned int moved = 0; 184 bool more_data_avail; 185 struct tcp_sock *tp; 186 bool done = false; 187 188 if (!mptcp_subflow_dsn_valid(msk, ssk)) { 189 *bytes = 0; 190 return false; 191 } 192 193 if (!(sk->sk_userlocks & SOCK_RCVBUF_LOCK)) { 194 int rcvbuf = max(ssk->sk_rcvbuf, sk->sk_rcvbuf); 195 196 if (rcvbuf > sk->sk_rcvbuf) 197 sk->sk_rcvbuf = rcvbuf; 198 } 199 200 tp = tcp_sk(ssk); 201 do { 202 u32 map_remaining, offset; 203 u32 seq = tp->copied_seq; 204 struct sk_buff *skb; 205 bool fin; 206 207 /* try to move as much data as available */ 208 map_remaining = subflow->map_data_len - 209 mptcp_subflow_get_map_offset(subflow); 210 211 skb = skb_peek(&ssk->sk_receive_queue); 212 if (!skb) 213 break; 214 215 offset = seq - TCP_SKB_CB(skb)->seq; 216 fin = TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN; 217 if (fin) { 218 done = true; 219 seq++; 220 } 221 222 if (offset < skb->len) { 223 size_t len = skb->len - offset; 224 225 if (tp->urg_data) 226 done = true; 227 228 __mptcp_move_skb(msk, ssk, skb, offset, len); 229 seq += len; 230 moved += len; 231 232 if (WARN_ON_ONCE(map_remaining < len)) 233 break; 234 } else { 235 WARN_ON_ONCE(!fin); 236 sk_eat_skb(ssk, skb); 237 done = true; 238 } 239 240 WRITE_ONCE(tp->copied_seq, seq); 241 more_data_avail = mptcp_subflow_data_available(ssk); 242 243 if (atomic_read(&sk->sk_rmem_alloc) > READ_ONCE(sk->sk_rcvbuf)) { 244 done = true; 245 break; 246 } 247 } while (more_data_avail); 248 249 *bytes = moved; 250 251 return done; 252 } 253 254 /* In most cases we will be able to lock the mptcp socket. If its already 255 * owned, we need to defer to the work queue to avoid ABBA deadlock. 256 */ 257 static bool move_skbs_to_msk(struct mptcp_sock *msk, struct sock *ssk) 258 { 259 struct sock *sk = (struct sock *)msk; 260 unsigned int moved = 0; 261 262 if (READ_ONCE(sk->sk_lock.owned)) 263 return false; 264 265 if (unlikely(!spin_trylock_bh(&sk->sk_lock.slock))) 266 return false; 267 268 /* must re-check after taking the lock */ 269 if (!READ_ONCE(sk->sk_lock.owned)) 270 __mptcp_move_skbs_from_subflow(msk, ssk, &moved); 271 272 spin_unlock_bh(&sk->sk_lock.slock); 273 274 return moved > 0; 275 } 276 277 void mptcp_data_ready(struct sock *sk, struct sock *ssk) 278 { 279 struct mptcp_sock *msk = mptcp_sk(sk); 280 281 set_bit(MPTCP_DATA_READY, &msk->flags); 282 283 if (atomic_read(&sk->sk_rmem_alloc) < READ_ONCE(sk->sk_rcvbuf) && 284 move_skbs_to_msk(msk, ssk)) 285 goto wake; 286 287 /* don't schedule if mptcp sk is (still) over limit */ 288 if (atomic_read(&sk->sk_rmem_alloc) > READ_ONCE(sk->sk_rcvbuf)) 289 goto wake; 290 291 /* mptcp socket is owned, release_cb should retry */ 292 if (!test_and_set_bit(TCP_DELACK_TIMER_DEFERRED, 293 &sk->sk_tsq_flags)) { 294 sock_hold(sk); 295 296 /* need to try again, its possible release_cb() has already 297 * been called after the test_and_set_bit() above. 298 */ 299 move_skbs_to_msk(msk, ssk); 300 } 301 wake: 302 sk->sk_data_ready(sk); 303 } 304 305 static void __mptcp_flush_join_list(struct mptcp_sock *msk) 306 { 307 if (likely(list_empty(&msk->join_list))) 308 return; 309 310 spin_lock_bh(&msk->join_list_lock); 311 list_splice_tail_init(&msk->join_list, &msk->conn_list); 312 spin_unlock_bh(&msk->join_list_lock); 313 } 314 315 static void mptcp_set_timeout(const struct sock *sk, const struct sock *ssk) 316 { 317 long tout = ssk && inet_csk(ssk)->icsk_pending ? 318 inet_csk(ssk)->icsk_timeout - jiffies : 0; 319 320 if (tout <= 0) 321 tout = mptcp_sk(sk)->timer_ival; 322 mptcp_sk(sk)->timer_ival = tout > 0 ? tout : TCP_RTO_MIN; 323 } 324 325 static bool mptcp_timer_pending(struct sock *sk) 326 { 327 return timer_pending(&inet_csk(sk)->icsk_retransmit_timer); 328 } 329 330 static void mptcp_reset_timer(struct sock *sk) 331 { 332 struct inet_connection_sock *icsk = inet_csk(sk); 333 unsigned long tout; 334 335 /* should never be called with mptcp level timer cleared */ 336 tout = READ_ONCE(mptcp_sk(sk)->timer_ival); 337 if (WARN_ON_ONCE(!tout)) 338 tout = TCP_RTO_MIN; 339 sk_reset_timer(sk, &icsk->icsk_retransmit_timer, jiffies + tout); 340 } 341 342 void mptcp_data_acked(struct sock *sk) 343 { 344 mptcp_reset_timer(sk); 345 346 if (!sk_stream_is_writeable(sk) && 347 schedule_work(&mptcp_sk(sk)->work)) 348 sock_hold(sk); 349 } 350 351 void mptcp_subflow_eof(struct sock *sk) 352 { 353 struct mptcp_sock *msk = mptcp_sk(sk); 354 355 if (!test_and_set_bit(MPTCP_WORK_EOF, &msk->flags) && 356 schedule_work(&msk->work)) 357 sock_hold(sk); 358 } 359 360 static void mptcp_stop_timer(struct sock *sk) 361 { 362 struct inet_connection_sock *icsk = inet_csk(sk); 363 364 sk_stop_timer(sk, &icsk->icsk_retransmit_timer); 365 mptcp_sk(sk)->timer_ival = 0; 366 } 367 368 static bool mptcp_ext_cache_refill(struct mptcp_sock *msk) 369 { 370 if (!msk->cached_ext) 371 msk->cached_ext = __skb_ext_alloc(); 372 373 return !!msk->cached_ext; 374 } 375 376 static struct sock *mptcp_subflow_recv_lookup(const struct mptcp_sock *msk) 377 { 378 struct mptcp_subflow_context *subflow; 379 struct sock *sk = (struct sock *)msk; 380 381 sock_owned_by_me(sk); 382 383 mptcp_for_each_subflow(msk, subflow) { 384 if (subflow->data_avail) 385 return mptcp_subflow_tcp_sock(subflow); 386 } 387 388 return NULL; 389 } 390 391 static bool mptcp_skb_can_collapse_to(u64 write_seq, 392 const struct sk_buff *skb, 393 const struct mptcp_ext *mpext) 394 { 395 if (!tcp_skb_can_collapse_to(skb)) 396 return false; 397 398 /* can collapse only if MPTCP level sequence is in order */ 399 return mpext && mpext->data_seq + mpext->data_len == write_seq; 400 } 401 402 static bool mptcp_frag_can_collapse_to(const struct mptcp_sock *msk, 403 const struct page_frag *pfrag, 404 const struct mptcp_data_frag *df) 405 { 406 return df && pfrag->page == df->page && 407 df->data_seq + df->data_len == msk->write_seq; 408 } 409 410 static void dfrag_uncharge(struct sock *sk, int len) 411 { 412 sk_mem_uncharge(sk, len); 413 sk_wmem_queued_add(sk, -len); 414 } 415 416 static void dfrag_clear(struct sock *sk, struct mptcp_data_frag *dfrag) 417 { 418 int len = dfrag->data_len + dfrag->overhead; 419 420 list_del(&dfrag->list); 421 dfrag_uncharge(sk, len); 422 put_page(dfrag->page); 423 } 424 425 static void mptcp_clean_una(struct sock *sk) 426 { 427 struct mptcp_sock *msk = mptcp_sk(sk); 428 struct mptcp_data_frag *dtmp, *dfrag; 429 u64 snd_una = atomic64_read(&msk->snd_una); 430 bool cleaned = false; 431 432 list_for_each_entry_safe(dfrag, dtmp, &msk->rtx_queue, list) { 433 if (after64(dfrag->data_seq + dfrag->data_len, snd_una)) 434 break; 435 436 dfrag_clear(sk, dfrag); 437 cleaned = true; 438 } 439 440 dfrag = mptcp_rtx_head(sk); 441 if (dfrag && after64(snd_una, dfrag->data_seq)) { 442 u64 delta = dfrag->data_seq + dfrag->data_len - snd_una; 443 444 dfrag->data_seq += delta; 445 dfrag->data_len -= delta; 446 447 dfrag_uncharge(sk, delta); 448 cleaned = true; 449 } 450 451 if (cleaned) { 452 sk_mem_reclaim_partial(sk); 453 454 /* Only wake up writers if a subflow is ready */ 455 if (test_bit(MPTCP_SEND_SPACE, &msk->flags)) 456 sk_stream_write_space(sk); 457 } 458 } 459 460 /* ensure we get enough memory for the frag hdr, beyond some minimal amount of 461 * data 462 */ 463 static bool mptcp_page_frag_refill(struct sock *sk, struct page_frag *pfrag) 464 { 465 if (likely(skb_page_frag_refill(32U + sizeof(struct mptcp_data_frag), 466 pfrag, sk->sk_allocation))) 467 return true; 468 469 sk->sk_prot->enter_memory_pressure(sk); 470 sk_stream_moderate_sndbuf(sk); 471 return false; 472 } 473 474 static struct mptcp_data_frag * 475 mptcp_carve_data_frag(const struct mptcp_sock *msk, struct page_frag *pfrag, 476 int orig_offset) 477 { 478 int offset = ALIGN(orig_offset, sizeof(long)); 479 struct mptcp_data_frag *dfrag; 480 481 dfrag = (struct mptcp_data_frag *)(page_to_virt(pfrag->page) + offset); 482 dfrag->data_len = 0; 483 dfrag->data_seq = msk->write_seq; 484 dfrag->overhead = offset - orig_offset + sizeof(struct mptcp_data_frag); 485 dfrag->offset = offset + sizeof(struct mptcp_data_frag); 486 dfrag->page = pfrag->page; 487 488 return dfrag; 489 } 490 491 static int mptcp_sendmsg_frag(struct sock *sk, struct sock *ssk, 492 struct msghdr *msg, struct mptcp_data_frag *dfrag, 493 long *timeo, int *pmss_now, 494 int *ps_goal) 495 { 496 int mss_now, avail_size, size_goal, offset, ret, frag_truesize = 0; 497 bool dfrag_collapsed, can_collapse = false; 498 struct mptcp_sock *msk = mptcp_sk(sk); 499 struct mptcp_ext *mpext = NULL; 500 bool retransmission = !!dfrag; 501 struct sk_buff *skb, *tail; 502 struct page_frag *pfrag; 503 struct page *page; 504 u64 *write_seq; 505 size_t psize; 506 507 /* use the mptcp page cache so that we can easily move the data 508 * from one substream to another, but do per subflow memory accounting 509 * Note: pfrag is used only !retransmission, but the compiler if 510 * fooled into a warning if we don't init here 511 */ 512 pfrag = sk_page_frag(sk); 513 while ((!retransmission && !mptcp_page_frag_refill(ssk, pfrag)) || 514 !mptcp_ext_cache_refill(msk)) { 515 ret = sk_stream_wait_memory(ssk, timeo); 516 if (ret) 517 return ret; 518 519 /* if sk_stream_wait_memory() sleeps snd_una can change 520 * significantly, refresh the rtx queue 521 */ 522 mptcp_clean_una(sk); 523 524 if (unlikely(__mptcp_needs_tcp_fallback(msk))) 525 return 0; 526 } 527 if (!retransmission) { 528 write_seq = &msk->write_seq; 529 page = pfrag->page; 530 } else { 531 write_seq = &dfrag->data_seq; 532 page = dfrag->page; 533 } 534 535 /* compute copy limit */ 536 mss_now = tcp_send_mss(ssk, &size_goal, msg->msg_flags); 537 *pmss_now = mss_now; 538 *ps_goal = size_goal; 539 avail_size = size_goal; 540 skb = tcp_write_queue_tail(ssk); 541 if (skb) { 542 mpext = skb_ext_find(skb, SKB_EXT_MPTCP); 543 544 /* Limit the write to the size available in the 545 * current skb, if any, so that we create at most a new skb. 546 * Explicitly tells TCP internals to avoid collapsing on later 547 * queue management operation, to avoid breaking the ext <-> 548 * SSN association set here 549 */ 550 can_collapse = (size_goal - skb->len > 0) && 551 mptcp_skb_can_collapse_to(*write_seq, skb, mpext); 552 if (!can_collapse) 553 TCP_SKB_CB(skb)->eor = 1; 554 else 555 avail_size = size_goal - skb->len; 556 } 557 558 if (!retransmission) { 559 /* reuse tail pfrag, if possible, or carve a new one from the 560 * page allocator 561 */ 562 dfrag = mptcp_rtx_tail(sk); 563 offset = pfrag->offset; 564 dfrag_collapsed = mptcp_frag_can_collapse_to(msk, pfrag, dfrag); 565 if (!dfrag_collapsed) { 566 dfrag = mptcp_carve_data_frag(msk, pfrag, offset); 567 offset = dfrag->offset; 568 frag_truesize = dfrag->overhead; 569 } 570 psize = min_t(size_t, pfrag->size - offset, avail_size); 571 572 /* Copy to page */ 573 pr_debug("left=%zu", msg_data_left(msg)); 574 psize = copy_page_from_iter(pfrag->page, offset, 575 min_t(size_t, msg_data_left(msg), 576 psize), 577 &msg->msg_iter); 578 pr_debug("left=%zu", msg_data_left(msg)); 579 if (!psize) 580 return -EINVAL; 581 582 if (!sk_wmem_schedule(sk, psize + dfrag->overhead)) 583 return -ENOMEM; 584 } else { 585 offset = dfrag->offset; 586 psize = min_t(size_t, dfrag->data_len, avail_size); 587 } 588 589 /* tell the TCP stack to delay the push so that we can safely 590 * access the skb after the sendpages call 591 */ 592 ret = do_tcp_sendpages(ssk, page, offset, psize, 593 msg->msg_flags | MSG_SENDPAGE_NOTLAST); 594 if (ret <= 0) 595 return ret; 596 597 frag_truesize += ret; 598 if (!retransmission) { 599 if (unlikely(ret < psize)) 600 iov_iter_revert(&msg->msg_iter, psize - ret); 601 602 /* send successful, keep track of sent data for mptcp-level 603 * retransmission 604 */ 605 dfrag->data_len += ret; 606 if (!dfrag_collapsed) { 607 get_page(dfrag->page); 608 list_add_tail(&dfrag->list, &msk->rtx_queue); 609 sk_wmem_queued_add(sk, frag_truesize); 610 } else { 611 sk_wmem_queued_add(sk, ret); 612 } 613 614 /* charge data on mptcp rtx queue to the master socket 615 * Note: we charge such data both to sk and ssk 616 */ 617 sk->sk_forward_alloc -= frag_truesize; 618 } 619 620 /* if the tail skb extension is still the cached one, collapsing 621 * really happened. Note: we can't check for 'same skb' as the sk_buff 622 * hdr on tail can be transmitted, freed and re-allocated by the 623 * do_tcp_sendpages() call 624 */ 625 tail = tcp_write_queue_tail(ssk); 626 if (mpext && tail && mpext == skb_ext_find(tail, SKB_EXT_MPTCP)) { 627 WARN_ON_ONCE(!can_collapse); 628 mpext->data_len += ret; 629 goto out; 630 } 631 632 skb = tcp_write_queue_tail(ssk); 633 mpext = __skb_ext_set(skb, SKB_EXT_MPTCP, msk->cached_ext); 634 msk->cached_ext = NULL; 635 636 memset(mpext, 0, sizeof(*mpext)); 637 mpext->data_seq = *write_seq; 638 mpext->subflow_seq = mptcp_subflow_ctx(ssk)->rel_write_seq; 639 mpext->data_len = ret; 640 mpext->use_map = 1; 641 mpext->dsn64 = 1; 642 643 pr_debug("data_seq=%llu subflow_seq=%u data_len=%u dsn64=%d", 644 mpext->data_seq, mpext->subflow_seq, mpext->data_len, 645 mpext->dsn64); 646 647 out: 648 if (!retransmission) 649 pfrag->offset += frag_truesize; 650 *write_seq += ret; 651 mptcp_subflow_ctx(ssk)->rel_write_seq += ret; 652 653 return ret; 654 } 655 656 static struct sock *mptcp_subflow_get_send(struct mptcp_sock *msk) 657 { 658 struct mptcp_subflow_context *subflow; 659 struct sock *backup = NULL; 660 661 sock_owned_by_me((const struct sock *)msk); 662 663 mptcp_for_each_subflow(msk, subflow) { 664 struct sock *ssk = mptcp_subflow_tcp_sock(subflow); 665 666 if (!sk_stream_memory_free(ssk)) { 667 struct socket *sock = ssk->sk_socket; 668 669 if (sock) { 670 clear_bit(MPTCP_SEND_SPACE, &msk->flags); 671 smp_mb__after_atomic(); 672 673 /* enables sk->write_space() callbacks */ 674 set_bit(SOCK_NOSPACE, &sock->flags); 675 } 676 677 return NULL; 678 } 679 680 if (subflow->backup) { 681 if (!backup) 682 backup = ssk; 683 684 continue; 685 } 686 687 return ssk; 688 } 689 690 return backup; 691 } 692 693 static void ssk_check_wmem(struct mptcp_sock *msk, struct sock *ssk) 694 { 695 struct socket *sock; 696 697 if (likely(sk_stream_is_writeable(ssk))) 698 return; 699 700 sock = READ_ONCE(ssk->sk_socket); 701 702 if (sock) { 703 clear_bit(MPTCP_SEND_SPACE, &msk->flags); 704 smp_mb__after_atomic(); 705 /* set NOSPACE only after clearing SEND_SPACE flag */ 706 set_bit(SOCK_NOSPACE, &sock->flags); 707 } 708 } 709 710 static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) 711 { 712 int mss_now = 0, size_goal = 0, ret = 0; 713 struct mptcp_sock *msk = mptcp_sk(sk); 714 struct socket *ssock; 715 size_t copied = 0; 716 struct sock *ssk; 717 long timeo; 718 719 if (msg->msg_flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL)) 720 return -EOPNOTSUPP; 721 722 lock_sock(sk); 723 724 timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT); 725 726 if ((1 << sk->sk_state) & ~(TCPF_ESTABLISHED | TCPF_CLOSE_WAIT)) { 727 ret = sk_stream_wait_connect(sk, &timeo); 728 if (ret) 729 goto out; 730 } 731 732 fallback: 733 ssock = __mptcp_tcp_fallback(msk); 734 if (unlikely(ssock)) { 735 release_sock(sk); 736 pr_debug("fallback passthrough"); 737 ret = sock_sendmsg(ssock, msg); 738 return ret >= 0 ? ret + copied : (copied ? copied : ret); 739 } 740 741 mptcp_clean_una(sk); 742 743 __mptcp_flush_join_list(msk); 744 ssk = mptcp_subflow_get_send(msk); 745 while (!sk_stream_memory_free(sk) || !ssk) { 746 ret = sk_stream_wait_memory(sk, &timeo); 747 if (ret) 748 goto out; 749 750 mptcp_clean_una(sk); 751 752 ssk = mptcp_subflow_get_send(msk); 753 if (list_empty(&msk->conn_list)) { 754 ret = -ENOTCONN; 755 goto out; 756 } 757 } 758 759 pr_debug("conn_list->subflow=%p", ssk); 760 761 lock_sock(ssk); 762 while (msg_data_left(msg)) { 763 ret = mptcp_sendmsg_frag(sk, ssk, msg, NULL, &timeo, &mss_now, 764 &size_goal); 765 if (ret < 0) 766 break; 767 if (ret == 0 && unlikely(__mptcp_needs_tcp_fallback(msk))) { 768 /* Can happen for passive sockets: 769 * 3WHS negotiated MPTCP, but first packet after is 770 * plain TCP (e.g. due to middlebox filtering unknown 771 * options). 772 * 773 * Fall back to TCP. 774 */ 775 release_sock(ssk); 776 goto fallback; 777 } 778 779 copied += ret; 780 } 781 782 mptcp_set_timeout(sk, ssk); 783 if (copied) { 784 ret = copied; 785 tcp_push(ssk, msg->msg_flags, mss_now, tcp_sk(ssk)->nonagle, 786 size_goal); 787 788 /* start the timer, if it's not pending */ 789 if (!mptcp_timer_pending(sk)) 790 mptcp_reset_timer(sk); 791 } 792 793 ssk_check_wmem(msk, ssk); 794 release_sock(ssk); 795 out: 796 release_sock(sk); 797 return ret; 798 } 799 800 static void mptcp_wait_data(struct sock *sk, long *timeo) 801 { 802 DEFINE_WAIT_FUNC(wait, woken_wake_function); 803 struct mptcp_sock *msk = mptcp_sk(sk); 804 805 add_wait_queue(sk_sleep(sk), &wait); 806 sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk); 807 808 sk_wait_event(sk, timeo, 809 test_and_clear_bit(MPTCP_DATA_READY, &msk->flags), &wait); 810 811 sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk); 812 remove_wait_queue(sk_sleep(sk), &wait); 813 } 814 815 static int __mptcp_recvmsg_mskq(struct mptcp_sock *msk, 816 struct msghdr *msg, 817 size_t len) 818 { 819 struct sock *sk = (struct sock *)msk; 820 struct sk_buff *skb; 821 int copied = 0; 822 823 while ((skb = skb_peek(&sk->sk_receive_queue)) != NULL) { 824 u32 offset = MPTCP_SKB_CB(skb)->offset; 825 u32 data_len = skb->len - offset; 826 u32 count = min_t(size_t, len - copied, data_len); 827 int err; 828 829 err = skb_copy_datagram_msg(skb, offset, msg, count); 830 if (unlikely(err < 0)) { 831 if (!copied) 832 return err; 833 break; 834 } 835 836 copied += count; 837 838 if (count < data_len) { 839 MPTCP_SKB_CB(skb)->offset += count; 840 break; 841 } 842 843 __skb_unlink(skb, &sk->sk_receive_queue); 844 __kfree_skb(skb); 845 846 if (copied >= len) 847 break; 848 } 849 850 return copied; 851 } 852 853 static bool __mptcp_move_skbs(struct mptcp_sock *msk) 854 { 855 unsigned int moved = 0; 856 bool done; 857 858 do { 859 struct sock *ssk = mptcp_subflow_recv_lookup(msk); 860 861 if (!ssk) 862 break; 863 864 lock_sock(ssk); 865 done = __mptcp_move_skbs_from_subflow(msk, ssk, &moved); 866 release_sock(ssk); 867 } while (!done); 868 869 return moved > 0; 870 } 871 872 static int mptcp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, 873 int nonblock, int flags, int *addr_len) 874 { 875 struct mptcp_sock *msk = mptcp_sk(sk); 876 struct socket *ssock; 877 int copied = 0; 878 int target; 879 long timeo; 880 881 if (msg->msg_flags & ~(MSG_WAITALL | MSG_DONTWAIT)) 882 return -EOPNOTSUPP; 883 884 lock_sock(sk); 885 ssock = __mptcp_tcp_fallback(msk); 886 if (unlikely(ssock)) { 887 fallback: 888 release_sock(sk); 889 pr_debug("fallback-read subflow=%p", 890 mptcp_subflow_ctx(ssock->sk)); 891 copied = sock_recvmsg(ssock, msg, flags); 892 return copied; 893 } 894 895 timeo = sock_rcvtimeo(sk, nonblock); 896 897 len = min_t(size_t, len, INT_MAX); 898 target = sock_rcvlowat(sk, flags & MSG_WAITALL, len); 899 __mptcp_flush_join_list(msk); 900 901 while (len > (size_t)copied) { 902 int bytes_read; 903 904 bytes_read = __mptcp_recvmsg_mskq(msk, msg, len - copied); 905 if (unlikely(bytes_read < 0)) { 906 if (!copied) 907 copied = bytes_read; 908 goto out_err; 909 } 910 911 copied += bytes_read; 912 913 if (skb_queue_empty(&sk->sk_receive_queue) && 914 __mptcp_move_skbs(msk)) 915 continue; 916 917 /* only the master socket status is relevant here. The exit 918 * conditions mirror closely tcp_recvmsg() 919 */ 920 if (copied >= target) 921 break; 922 923 if (copied) { 924 if (sk->sk_err || 925 sk->sk_state == TCP_CLOSE || 926 (sk->sk_shutdown & RCV_SHUTDOWN) || 927 !timeo || 928 signal_pending(current)) 929 break; 930 } else { 931 if (sk->sk_err) { 932 copied = sock_error(sk); 933 break; 934 } 935 936 if (sk->sk_shutdown & RCV_SHUTDOWN) 937 break; 938 939 if (sk->sk_state == TCP_CLOSE) { 940 copied = -ENOTCONN; 941 break; 942 } 943 944 if (!timeo) { 945 copied = -EAGAIN; 946 break; 947 } 948 949 if (signal_pending(current)) { 950 copied = sock_intr_errno(timeo); 951 break; 952 } 953 } 954 955 pr_debug("block timeout %ld", timeo); 956 mptcp_wait_data(sk, &timeo); 957 if (unlikely(__mptcp_tcp_fallback(msk))) 958 goto fallback; 959 } 960 961 if (skb_queue_empty(&sk->sk_receive_queue)) { 962 /* entire backlog drained, clear DATA_READY. */ 963 clear_bit(MPTCP_DATA_READY, &msk->flags); 964 965 /* .. race-breaker: ssk might have gotten new data 966 * after last __mptcp_move_skbs() returned false. 967 */ 968 if (unlikely(__mptcp_move_skbs(msk))) 969 set_bit(MPTCP_DATA_READY, &msk->flags); 970 } else if (unlikely(!test_bit(MPTCP_DATA_READY, &msk->flags))) { 971 /* data to read but mptcp_wait_data() cleared DATA_READY */ 972 set_bit(MPTCP_DATA_READY, &msk->flags); 973 } 974 out_err: 975 release_sock(sk); 976 return copied; 977 } 978 979 static void mptcp_retransmit_handler(struct sock *sk) 980 { 981 struct mptcp_sock *msk = mptcp_sk(sk); 982 983 if (atomic64_read(&msk->snd_una) == msk->write_seq) { 984 mptcp_stop_timer(sk); 985 } else { 986 set_bit(MPTCP_WORK_RTX, &msk->flags); 987 if (schedule_work(&msk->work)) 988 sock_hold(sk); 989 } 990 } 991 992 static void mptcp_retransmit_timer(struct timer_list *t) 993 { 994 struct inet_connection_sock *icsk = from_timer(icsk, t, 995 icsk_retransmit_timer); 996 struct sock *sk = &icsk->icsk_inet.sk; 997 998 bh_lock_sock(sk); 999 if (!sock_owned_by_user(sk)) { 1000 mptcp_retransmit_handler(sk); 1001 } else { 1002 /* delegate our work to tcp_release_cb() */ 1003 if (!test_and_set_bit(TCP_WRITE_TIMER_DEFERRED, 1004 &sk->sk_tsq_flags)) 1005 sock_hold(sk); 1006 } 1007 bh_unlock_sock(sk); 1008 sock_put(sk); 1009 } 1010 1011 /* Find an idle subflow. Return NULL if there is unacked data at tcp 1012 * level. 1013 * 1014 * A backup subflow is returned only if that is the only kind available. 1015 */ 1016 static struct sock *mptcp_subflow_get_retrans(const struct mptcp_sock *msk) 1017 { 1018 struct mptcp_subflow_context *subflow; 1019 struct sock *backup = NULL; 1020 1021 sock_owned_by_me((const struct sock *)msk); 1022 1023 mptcp_for_each_subflow(msk, subflow) { 1024 struct sock *ssk = mptcp_subflow_tcp_sock(subflow); 1025 1026 /* still data outstanding at TCP level? Don't retransmit. */ 1027 if (!tcp_write_queue_empty(ssk)) 1028 return NULL; 1029 1030 if (subflow->backup) { 1031 if (!backup) 1032 backup = ssk; 1033 continue; 1034 } 1035 1036 return ssk; 1037 } 1038 1039 return backup; 1040 } 1041 1042 /* subflow sockets can be either outgoing (connect) or incoming 1043 * (accept). 1044 * 1045 * Outgoing subflows use in-kernel sockets. 1046 * Incoming subflows do not have their own 'struct socket' allocated, 1047 * so we need to use tcp_close() after detaching them from the mptcp 1048 * parent socket. 1049 */ 1050 static void __mptcp_close_ssk(struct sock *sk, struct sock *ssk, 1051 struct mptcp_subflow_context *subflow, 1052 long timeout) 1053 { 1054 struct socket *sock = READ_ONCE(ssk->sk_socket); 1055 1056 list_del(&subflow->node); 1057 1058 if (sock && sock != sk->sk_socket) { 1059 /* outgoing subflow */ 1060 sock_release(sock); 1061 } else { 1062 /* incoming subflow */ 1063 tcp_close(ssk, timeout); 1064 } 1065 } 1066 1067 static unsigned int mptcp_sync_mss(struct sock *sk, u32 pmtu) 1068 { 1069 return 0; 1070 } 1071 1072 static void mptcp_check_for_eof(struct mptcp_sock *msk) 1073 { 1074 struct mptcp_subflow_context *subflow; 1075 struct sock *sk = (struct sock *)msk; 1076 int receivers = 0; 1077 1078 mptcp_for_each_subflow(msk, subflow) 1079 receivers += !subflow->rx_eof; 1080 1081 if (!receivers && !(sk->sk_shutdown & RCV_SHUTDOWN)) { 1082 /* hopefully temporary hack: propagate shutdown status 1083 * to msk, when all subflows agree on it 1084 */ 1085 sk->sk_shutdown |= RCV_SHUTDOWN; 1086 1087 smp_mb__before_atomic(); /* SHUTDOWN must be visible first */ 1088 set_bit(MPTCP_DATA_READY, &msk->flags); 1089 sk->sk_data_ready(sk); 1090 } 1091 } 1092 1093 static void mptcp_worker(struct work_struct *work) 1094 { 1095 struct mptcp_sock *msk = container_of(work, struct mptcp_sock, work); 1096 struct sock *ssk, *sk = &msk->sk.icsk_inet.sk; 1097 int orig_len, orig_offset, ret, mss_now = 0, size_goal = 0; 1098 struct mptcp_data_frag *dfrag; 1099 u64 orig_write_seq; 1100 size_t copied = 0; 1101 struct msghdr msg; 1102 long timeo = 0; 1103 1104 lock_sock(sk); 1105 mptcp_clean_una(sk); 1106 __mptcp_flush_join_list(msk); 1107 __mptcp_move_skbs(msk); 1108 1109 if (test_and_clear_bit(MPTCP_WORK_EOF, &msk->flags)) 1110 mptcp_check_for_eof(msk); 1111 1112 if (!test_and_clear_bit(MPTCP_WORK_RTX, &msk->flags)) 1113 goto unlock; 1114 1115 dfrag = mptcp_rtx_head(sk); 1116 if (!dfrag) 1117 goto unlock; 1118 1119 ssk = mptcp_subflow_get_retrans(msk); 1120 if (!ssk) 1121 goto reset_unlock; 1122 1123 lock_sock(ssk); 1124 1125 msg.msg_flags = MSG_DONTWAIT; 1126 orig_len = dfrag->data_len; 1127 orig_offset = dfrag->offset; 1128 orig_write_seq = dfrag->data_seq; 1129 while (dfrag->data_len > 0) { 1130 ret = mptcp_sendmsg_frag(sk, ssk, &msg, dfrag, &timeo, &mss_now, 1131 &size_goal); 1132 if (ret < 0) 1133 break; 1134 1135 MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_RETRANSSEGS); 1136 copied += ret; 1137 dfrag->data_len -= ret; 1138 dfrag->offset += ret; 1139 } 1140 if (copied) 1141 tcp_push(ssk, msg.msg_flags, mss_now, tcp_sk(ssk)->nonagle, 1142 size_goal); 1143 1144 dfrag->data_seq = orig_write_seq; 1145 dfrag->offset = orig_offset; 1146 dfrag->data_len = orig_len; 1147 1148 mptcp_set_timeout(sk, ssk); 1149 release_sock(ssk); 1150 1151 reset_unlock: 1152 if (!mptcp_timer_pending(sk)) 1153 mptcp_reset_timer(sk); 1154 1155 unlock: 1156 release_sock(sk); 1157 sock_put(sk); 1158 } 1159 1160 static int __mptcp_init_sock(struct sock *sk) 1161 { 1162 struct mptcp_sock *msk = mptcp_sk(sk); 1163 1164 spin_lock_init(&msk->join_list_lock); 1165 1166 INIT_LIST_HEAD(&msk->conn_list); 1167 INIT_LIST_HEAD(&msk->join_list); 1168 INIT_LIST_HEAD(&msk->rtx_queue); 1169 __set_bit(MPTCP_SEND_SPACE, &msk->flags); 1170 INIT_WORK(&msk->work, mptcp_worker); 1171 1172 msk->first = NULL; 1173 inet_csk(sk)->icsk_sync_mss = mptcp_sync_mss; 1174 1175 mptcp_pm_data_init(msk); 1176 1177 /* re-use the csk retrans timer for MPTCP-level retrans */ 1178 timer_setup(&msk->sk.icsk_retransmit_timer, mptcp_retransmit_timer, 0); 1179 1180 return 0; 1181 } 1182 1183 static int mptcp_init_sock(struct sock *sk) 1184 { 1185 struct net *net = sock_net(sk); 1186 int ret; 1187 1188 if (!mptcp_is_enabled(net)) 1189 return -ENOPROTOOPT; 1190 1191 if (unlikely(!net->mib.mptcp_statistics) && !mptcp_mib_alloc(net)) 1192 return -ENOMEM; 1193 1194 ret = __mptcp_init_sock(sk); 1195 if (ret) 1196 return ret; 1197 1198 sk_sockets_allocated_inc(sk); 1199 sk->sk_sndbuf = sock_net(sk)->ipv4.sysctl_tcp_wmem[2]; 1200 1201 return 0; 1202 } 1203 1204 static void __mptcp_clear_xmit(struct sock *sk) 1205 { 1206 struct mptcp_sock *msk = mptcp_sk(sk); 1207 struct mptcp_data_frag *dtmp, *dfrag; 1208 1209 sk_stop_timer(sk, &msk->sk.icsk_retransmit_timer); 1210 1211 list_for_each_entry_safe(dfrag, dtmp, &msk->rtx_queue, list) 1212 dfrag_clear(sk, dfrag); 1213 } 1214 1215 static void mptcp_cancel_work(struct sock *sk) 1216 { 1217 struct mptcp_sock *msk = mptcp_sk(sk); 1218 1219 if (cancel_work_sync(&msk->work)) 1220 sock_put(sk); 1221 } 1222 1223 static void mptcp_subflow_shutdown(struct sock *ssk, int how, 1224 bool data_fin_tx_enable, u64 data_fin_tx_seq) 1225 { 1226 lock_sock(ssk); 1227 1228 switch (ssk->sk_state) { 1229 case TCP_LISTEN: 1230 if (!(how & RCV_SHUTDOWN)) 1231 break; 1232 /* fall through */ 1233 case TCP_SYN_SENT: 1234 tcp_disconnect(ssk, O_NONBLOCK); 1235 break; 1236 default: 1237 if (data_fin_tx_enable) { 1238 struct mptcp_subflow_context *subflow; 1239 1240 subflow = mptcp_subflow_ctx(ssk); 1241 subflow->data_fin_tx_seq = data_fin_tx_seq; 1242 subflow->data_fin_tx_enable = 1; 1243 } 1244 1245 ssk->sk_shutdown |= how; 1246 tcp_shutdown(ssk, how); 1247 break; 1248 } 1249 1250 /* Wake up anyone sleeping in poll. */ 1251 ssk->sk_state_change(ssk); 1252 release_sock(ssk); 1253 } 1254 1255 /* Called with msk lock held, releases such lock before returning */ 1256 static void mptcp_close(struct sock *sk, long timeout) 1257 { 1258 struct mptcp_subflow_context *subflow, *tmp; 1259 struct mptcp_sock *msk = mptcp_sk(sk); 1260 LIST_HEAD(conn_list); 1261 u64 data_fin_tx_seq; 1262 1263 lock_sock(sk); 1264 1265 mptcp_token_destroy(msk->token); 1266 inet_sk_state_store(sk, TCP_CLOSE); 1267 1268 __mptcp_flush_join_list(msk); 1269 1270 list_splice_init(&msk->conn_list, &conn_list); 1271 1272 data_fin_tx_seq = msk->write_seq; 1273 1274 __mptcp_clear_xmit(sk); 1275 1276 release_sock(sk); 1277 1278 list_for_each_entry_safe(subflow, tmp, &conn_list, node) { 1279 struct sock *ssk = mptcp_subflow_tcp_sock(subflow); 1280 1281 subflow->data_fin_tx_seq = data_fin_tx_seq; 1282 subflow->data_fin_tx_enable = 1; 1283 __mptcp_close_ssk(sk, ssk, subflow, timeout); 1284 } 1285 1286 mptcp_cancel_work(sk); 1287 mptcp_pm_close(msk); 1288 1289 __skb_queue_purge(&sk->sk_receive_queue); 1290 1291 sk_common_release(sk); 1292 } 1293 1294 static void mptcp_copy_inaddrs(struct sock *msk, const struct sock *ssk) 1295 { 1296 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 1297 const struct ipv6_pinfo *ssk6 = inet6_sk(ssk); 1298 struct ipv6_pinfo *msk6 = inet6_sk(msk); 1299 1300 msk->sk_v6_daddr = ssk->sk_v6_daddr; 1301 msk->sk_v6_rcv_saddr = ssk->sk_v6_rcv_saddr; 1302 1303 if (msk6 && ssk6) { 1304 msk6->saddr = ssk6->saddr; 1305 msk6->flow_label = ssk6->flow_label; 1306 } 1307 #endif 1308 1309 inet_sk(msk)->inet_num = inet_sk(ssk)->inet_num; 1310 inet_sk(msk)->inet_dport = inet_sk(ssk)->inet_dport; 1311 inet_sk(msk)->inet_sport = inet_sk(ssk)->inet_sport; 1312 inet_sk(msk)->inet_daddr = inet_sk(ssk)->inet_daddr; 1313 inet_sk(msk)->inet_saddr = inet_sk(ssk)->inet_saddr; 1314 inet_sk(msk)->inet_rcv_saddr = inet_sk(ssk)->inet_rcv_saddr; 1315 } 1316 1317 static int mptcp_disconnect(struct sock *sk, int flags) 1318 { 1319 lock_sock(sk); 1320 __mptcp_clear_xmit(sk); 1321 release_sock(sk); 1322 mptcp_cancel_work(sk); 1323 return tcp_disconnect(sk, flags); 1324 } 1325 1326 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 1327 static struct ipv6_pinfo *mptcp_inet6_sk(const struct sock *sk) 1328 { 1329 unsigned int offset = sizeof(struct mptcp6_sock) - sizeof(struct ipv6_pinfo); 1330 1331 return (struct ipv6_pinfo *)(((u8 *)sk) + offset); 1332 } 1333 #endif 1334 1335 struct sock *mptcp_sk_clone(const struct sock *sk, struct request_sock *req) 1336 { 1337 struct mptcp_subflow_request_sock *subflow_req = mptcp_subflow_rsk(req); 1338 struct sock *nsk = sk_clone_lock(sk, GFP_ATOMIC); 1339 struct mptcp_sock *msk; 1340 u64 ack_seq; 1341 1342 if (!nsk) 1343 return NULL; 1344 1345 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 1346 if (nsk->sk_family == AF_INET6) 1347 inet_sk(nsk)->pinet6 = mptcp_inet6_sk(nsk); 1348 #endif 1349 1350 __mptcp_init_sock(nsk); 1351 1352 msk = mptcp_sk(nsk); 1353 msk->local_key = subflow_req->local_key; 1354 msk->token = subflow_req->token; 1355 msk->subflow = NULL; 1356 1357 if (unlikely(mptcp_token_new_accept(subflow_req->token, nsk))) { 1358 bh_unlock_sock(nsk); 1359 1360 /* we can't call into mptcp_close() here - possible BH context 1361 * free the sock directly 1362 */ 1363 nsk->sk_prot->destroy(nsk); 1364 sk_free(nsk); 1365 return NULL; 1366 } 1367 1368 msk->write_seq = subflow_req->idsn + 1; 1369 atomic64_set(&msk->snd_una, msk->write_seq); 1370 if (subflow_req->remote_key_valid) { 1371 msk->can_ack = true; 1372 msk->remote_key = subflow_req->remote_key; 1373 mptcp_crypto_key_sha(msk->remote_key, NULL, &ack_seq); 1374 ack_seq++; 1375 msk->ack_seq = ack_seq; 1376 } 1377 1378 /* will be fully established after successful MPC subflow creation */ 1379 inet_sk_state_store(nsk, TCP_SYN_RECV); 1380 bh_unlock_sock(nsk); 1381 1382 /* keep a single reference */ 1383 __sock_put(nsk); 1384 return nsk; 1385 } 1386 1387 static struct sock *mptcp_accept(struct sock *sk, int flags, int *err, 1388 bool kern) 1389 { 1390 struct mptcp_sock *msk = mptcp_sk(sk); 1391 struct socket *listener; 1392 struct sock *newsk; 1393 1394 listener = __mptcp_nmpc_socket(msk); 1395 if (WARN_ON_ONCE(!listener)) { 1396 *err = -EINVAL; 1397 return NULL; 1398 } 1399 1400 pr_debug("msk=%p, listener=%p", msk, mptcp_subflow_ctx(listener->sk)); 1401 newsk = inet_csk_accept(listener->sk, flags, err, kern); 1402 if (!newsk) 1403 return NULL; 1404 1405 pr_debug("msk=%p, subflow is mptcp=%d", msk, sk_is_mptcp(newsk)); 1406 1407 if (sk_is_mptcp(newsk)) { 1408 struct mptcp_subflow_context *subflow; 1409 struct sock *new_mptcp_sock; 1410 struct sock *ssk = newsk; 1411 1412 subflow = mptcp_subflow_ctx(newsk); 1413 new_mptcp_sock = subflow->conn; 1414 1415 /* is_mptcp should be false if subflow->conn is missing, see 1416 * subflow_syn_recv_sock() 1417 */ 1418 if (WARN_ON_ONCE(!new_mptcp_sock)) { 1419 tcp_sk(newsk)->is_mptcp = 0; 1420 return newsk; 1421 } 1422 1423 /* acquire the 2nd reference for the owning socket */ 1424 sock_hold(new_mptcp_sock); 1425 1426 local_bh_disable(); 1427 bh_lock_sock(new_mptcp_sock); 1428 msk = mptcp_sk(new_mptcp_sock); 1429 msk->first = newsk; 1430 1431 newsk = new_mptcp_sock; 1432 mptcp_copy_inaddrs(newsk, ssk); 1433 list_add(&subflow->node, &msk->conn_list); 1434 1435 bh_unlock_sock(new_mptcp_sock); 1436 1437 __MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_MPCAPABLEPASSIVEACK); 1438 local_bh_enable(); 1439 } else { 1440 MPTCP_INC_STATS(sock_net(sk), 1441 MPTCP_MIB_MPCAPABLEPASSIVEFALLBACK); 1442 } 1443 1444 return newsk; 1445 } 1446 1447 static void mptcp_destroy(struct sock *sk) 1448 { 1449 struct mptcp_sock *msk = mptcp_sk(sk); 1450 1451 if (msk->cached_ext) 1452 __skb_ext_put(msk->cached_ext); 1453 1454 sk_sockets_allocated_dec(sk); 1455 } 1456 1457 static int mptcp_setsockopt(struct sock *sk, int level, int optname, 1458 char __user *optval, unsigned int optlen) 1459 { 1460 struct mptcp_sock *msk = mptcp_sk(sk); 1461 struct socket *ssock; 1462 1463 pr_debug("msk=%p", msk); 1464 1465 /* @@ the meaning of setsockopt() when the socket is connected and 1466 * there are multiple subflows is not yet defined. It is up to the 1467 * MPTCP-level socket to configure the subflows until the subflow 1468 * is in TCP fallback, when TCP socket options are passed through 1469 * to the one remaining subflow. 1470 */ 1471 lock_sock(sk); 1472 ssock = __mptcp_tcp_fallback(msk); 1473 release_sock(sk); 1474 if (ssock) 1475 return tcp_setsockopt(ssock->sk, level, optname, optval, 1476 optlen); 1477 1478 return -EOPNOTSUPP; 1479 } 1480 1481 static int mptcp_getsockopt(struct sock *sk, int level, int optname, 1482 char __user *optval, int __user *option) 1483 { 1484 struct mptcp_sock *msk = mptcp_sk(sk); 1485 struct socket *ssock; 1486 1487 pr_debug("msk=%p", msk); 1488 1489 /* @@ the meaning of setsockopt() when the socket is connected and 1490 * there are multiple subflows is not yet defined. It is up to the 1491 * MPTCP-level socket to configure the subflows until the subflow 1492 * is in TCP fallback, when socket options are passed through 1493 * to the one remaining subflow. 1494 */ 1495 lock_sock(sk); 1496 ssock = __mptcp_tcp_fallback(msk); 1497 release_sock(sk); 1498 if (ssock) 1499 return tcp_getsockopt(ssock->sk, level, optname, optval, 1500 option); 1501 1502 return -EOPNOTSUPP; 1503 } 1504 1505 #define MPTCP_DEFERRED_ALL (TCPF_DELACK_TIMER_DEFERRED | \ 1506 TCPF_WRITE_TIMER_DEFERRED) 1507 1508 /* this is very alike tcp_release_cb() but we must handle differently a 1509 * different set of events 1510 */ 1511 static void mptcp_release_cb(struct sock *sk) 1512 { 1513 unsigned long flags, nflags; 1514 1515 do { 1516 flags = sk->sk_tsq_flags; 1517 if (!(flags & MPTCP_DEFERRED_ALL)) 1518 return; 1519 nflags = flags & ~MPTCP_DEFERRED_ALL; 1520 } while (cmpxchg(&sk->sk_tsq_flags, flags, nflags) != flags); 1521 1522 sock_release_ownership(sk); 1523 1524 if (flags & TCPF_DELACK_TIMER_DEFERRED) { 1525 struct mptcp_sock *msk = mptcp_sk(sk); 1526 struct sock *ssk; 1527 1528 ssk = mptcp_subflow_recv_lookup(msk); 1529 if (!ssk || !schedule_work(&msk->work)) 1530 __sock_put(sk); 1531 } 1532 1533 if (flags & TCPF_WRITE_TIMER_DEFERRED) { 1534 mptcp_retransmit_handler(sk); 1535 __sock_put(sk); 1536 } 1537 } 1538 1539 static int mptcp_get_port(struct sock *sk, unsigned short snum) 1540 { 1541 struct mptcp_sock *msk = mptcp_sk(sk); 1542 struct socket *ssock; 1543 1544 ssock = __mptcp_nmpc_socket(msk); 1545 pr_debug("msk=%p, subflow=%p", msk, ssock); 1546 if (WARN_ON_ONCE(!ssock)) 1547 return -EINVAL; 1548 1549 return inet_csk_get_port(ssock->sk, snum); 1550 } 1551 1552 void mptcp_finish_connect(struct sock *ssk) 1553 { 1554 struct mptcp_subflow_context *subflow; 1555 struct mptcp_sock *msk; 1556 struct sock *sk; 1557 u64 ack_seq; 1558 1559 subflow = mptcp_subflow_ctx(ssk); 1560 sk = subflow->conn; 1561 msk = mptcp_sk(sk); 1562 1563 if (!subflow->mp_capable) { 1564 MPTCP_INC_STATS(sock_net(sk), 1565 MPTCP_MIB_MPCAPABLEACTIVEFALLBACK); 1566 return; 1567 } 1568 1569 pr_debug("msk=%p, token=%u", sk, subflow->token); 1570 1571 mptcp_crypto_key_sha(subflow->remote_key, NULL, &ack_seq); 1572 ack_seq++; 1573 subflow->map_seq = ack_seq; 1574 subflow->map_subflow_seq = 1; 1575 subflow->rel_write_seq = 1; 1576 1577 /* the socket is not connected yet, no msk/subflow ops can access/race 1578 * accessing the field below 1579 */ 1580 WRITE_ONCE(msk->remote_key, subflow->remote_key); 1581 WRITE_ONCE(msk->local_key, subflow->local_key); 1582 WRITE_ONCE(msk->token, subflow->token); 1583 WRITE_ONCE(msk->write_seq, subflow->idsn + 1); 1584 WRITE_ONCE(msk->ack_seq, ack_seq); 1585 WRITE_ONCE(msk->can_ack, 1); 1586 atomic64_set(&msk->snd_una, msk->write_seq); 1587 1588 mptcp_pm_new_connection(msk, 0); 1589 } 1590 1591 static void mptcp_sock_graft(struct sock *sk, struct socket *parent) 1592 { 1593 write_lock_bh(&sk->sk_callback_lock); 1594 rcu_assign_pointer(sk->sk_wq, &parent->wq); 1595 sk_set_socket(sk, parent); 1596 sk->sk_uid = SOCK_INODE(parent)->i_uid; 1597 write_unlock_bh(&sk->sk_callback_lock); 1598 } 1599 1600 bool mptcp_finish_join(struct sock *sk) 1601 { 1602 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); 1603 struct mptcp_sock *msk = mptcp_sk(subflow->conn); 1604 struct sock *parent = (void *)msk; 1605 struct socket *parent_sock; 1606 bool ret; 1607 1608 pr_debug("msk=%p, subflow=%p", msk, subflow); 1609 1610 /* mptcp socket already closing? */ 1611 if (inet_sk_state_load(parent) != TCP_ESTABLISHED) 1612 return false; 1613 1614 if (!msk->pm.server_side) 1615 return true; 1616 1617 /* passive connection, attach to msk socket */ 1618 parent_sock = READ_ONCE(parent->sk_socket); 1619 if (parent_sock && !sk->sk_socket) 1620 mptcp_sock_graft(sk, parent_sock); 1621 1622 ret = mptcp_pm_allow_new_subflow(msk); 1623 if (ret) { 1624 /* active connections are already on conn_list */ 1625 spin_lock_bh(&msk->join_list_lock); 1626 if (!WARN_ON_ONCE(!list_empty(&subflow->node))) 1627 list_add_tail(&subflow->node, &msk->join_list); 1628 spin_unlock_bh(&msk->join_list_lock); 1629 } 1630 return ret; 1631 } 1632 1633 bool mptcp_sk_is_subflow(const struct sock *sk) 1634 { 1635 struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); 1636 1637 return subflow->mp_join == 1; 1638 } 1639 1640 static bool mptcp_memory_free(const struct sock *sk, int wake) 1641 { 1642 struct mptcp_sock *msk = mptcp_sk(sk); 1643 1644 return wake ? test_bit(MPTCP_SEND_SPACE, &msk->flags) : true; 1645 } 1646 1647 static struct proto mptcp_prot = { 1648 .name = "MPTCP", 1649 .owner = THIS_MODULE, 1650 .init = mptcp_init_sock, 1651 .disconnect = mptcp_disconnect, 1652 .close = mptcp_close, 1653 .accept = mptcp_accept, 1654 .setsockopt = mptcp_setsockopt, 1655 .getsockopt = mptcp_getsockopt, 1656 .shutdown = tcp_shutdown, 1657 .destroy = mptcp_destroy, 1658 .sendmsg = mptcp_sendmsg, 1659 .recvmsg = mptcp_recvmsg, 1660 .release_cb = mptcp_release_cb, 1661 .hash = inet_hash, 1662 .unhash = inet_unhash, 1663 .get_port = mptcp_get_port, 1664 .sockets_allocated = &mptcp_sockets_allocated, 1665 .memory_allocated = &tcp_memory_allocated, 1666 .memory_pressure = &tcp_memory_pressure, 1667 .stream_memory_free = mptcp_memory_free, 1668 .sysctl_wmem_offset = offsetof(struct net, ipv4.sysctl_tcp_wmem), 1669 .sysctl_mem = sysctl_tcp_mem, 1670 .obj_size = sizeof(struct mptcp_sock), 1671 .no_autobind = true, 1672 }; 1673 1674 static int mptcp_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) 1675 { 1676 struct mptcp_sock *msk = mptcp_sk(sock->sk); 1677 struct socket *ssock; 1678 int err; 1679 1680 lock_sock(sock->sk); 1681 ssock = __mptcp_socket_create(msk, MPTCP_SAME_STATE); 1682 if (IS_ERR(ssock)) { 1683 err = PTR_ERR(ssock); 1684 goto unlock; 1685 } 1686 1687 err = ssock->ops->bind(ssock, uaddr, addr_len); 1688 if (!err) 1689 mptcp_copy_inaddrs(sock->sk, ssock->sk); 1690 1691 unlock: 1692 release_sock(sock->sk); 1693 return err; 1694 } 1695 1696 static int mptcp_stream_connect(struct socket *sock, struct sockaddr *uaddr, 1697 int addr_len, int flags) 1698 { 1699 struct mptcp_sock *msk = mptcp_sk(sock->sk); 1700 struct socket *ssock; 1701 int err; 1702 1703 lock_sock(sock->sk); 1704 ssock = __mptcp_socket_create(msk, TCP_SYN_SENT); 1705 if (IS_ERR(ssock)) { 1706 err = PTR_ERR(ssock); 1707 goto unlock; 1708 } 1709 1710 #ifdef CONFIG_TCP_MD5SIG 1711 /* no MPTCP if MD5SIG is enabled on this socket or we may run out of 1712 * TCP option space. 1713 */ 1714 if (rcu_access_pointer(tcp_sk(ssock->sk)->md5sig_info)) 1715 mptcp_subflow_ctx(ssock->sk)->request_mptcp = 0; 1716 #endif 1717 1718 err = ssock->ops->connect(ssock, uaddr, addr_len, flags); 1719 inet_sk_state_store(sock->sk, inet_sk_state_load(ssock->sk)); 1720 mptcp_copy_inaddrs(sock->sk, ssock->sk); 1721 1722 unlock: 1723 release_sock(sock->sk); 1724 return err; 1725 } 1726 1727 static int mptcp_v4_getname(struct socket *sock, struct sockaddr *uaddr, 1728 int peer) 1729 { 1730 if (sock->sk->sk_prot == &tcp_prot) { 1731 /* we are being invoked from __sys_accept4, after 1732 * mptcp_accept() has just accepted a non-mp-capable 1733 * flow: sk is a tcp_sk, not an mptcp one. 1734 * 1735 * Hand the socket over to tcp so all further socket ops 1736 * bypass mptcp. 1737 */ 1738 sock->ops = &inet_stream_ops; 1739 } 1740 1741 return inet_getname(sock, uaddr, peer); 1742 } 1743 1744 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 1745 static int mptcp_v6_getname(struct socket *sock, struct sockaddr *uaddr, 1746 int peer) 1747 { 1748 if (sock->sk->sk_prot == &tcpv6_prot) { 1749 /* we are being invoked from __sys_accept4 after 1750 * mptcp_accept() has accepted a non-mp-capable 1751 * subflow: sk is a tcp_sk, not mptcp. 1752 * 1753 * Hand the socket over to tcp so all further 1754 * socket ops bypass mptcp. 1755 */ 1756 sock->ops = &inet6_stream_ops; 1757 } 1758 1759 return inet6_getname(sock, uaddr, peer); 1760 } 1761 #endif 1762 1763 static int mptcp_listen(struct socket *sock, int backlog) 1764 { 1765 struct mptcp_sock *msk = mptcp_sk(sock->sk); 1766 struct socket *ssock; 1767 int err; 1768 1769 pr_debug("msk=%p", msk); 1770 1771 lock_sock(sock->sk); 1772 ssock = __mptcp_socket_create(msk, TCP_LISTEN); 1773 if (IS_ERR(ssock)) { 1774 err = PTR_ERR(ssock); 1775 goto unlock; 1776 } 1777 1778 err = ssock->ops->listen(ssock, backlog); 1779 inet_sk_state_store(sock->sk, inet_sk_state_load(ssock->sk)); 1780 if (!err) 1781 mptcp_copy_inaddrs(sock->sk, ssock->sk); 1782 1783 unlock: 1784 release_sock(sock->sk); 1785 return err; 1786 } 1787 1788 static bool is_tcp_proto(const struct proto *p) 1789 { 1790 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 1791 return p == &tcp_prot || p == &tcpv6_prot; 1792 #else 1793 return p == &tcp_prot; 1794 #endif 1795 } 1796 1797 static int mptcp_stream_accept(struct socket *sock, struct socket *newsock, 1798 int flags, bool kern) 1799 { 1800 struct mptcp_sock *msk = mptcp_sk(sock->sk); 1801 struct socket *ssock; 1802 int err; 1803 1804 pr_debug("msk=%p", msk); 1805 1806 lock_sock(sock->sk); 1807 if (sock->sk->sk_state != TCP_LISTEN) 1808 goto unlock_fail; 1809 1810 ssock = __mptcp_nmpc_socket(msk); 1811 if (!ssock) 1812 goto unlock_fail; 1813 1814 sock_hold(ssock->sk); 1815 release_sock(sock->sk); 1816 1817 err = ssock->ops->accept(sock, newsock, flags, kern); 1818 if (err == 0 && !is_tcp_proto(newsock->sk->sk_prot)) { 1819 struct mptcp_sock *msk = mptcp_sk(newsock->sk); 1820 struct mptcp_subflow_context *subflow; 1821 1822 /* set ssk->sk_socket of accept()ed flows to mptcp socket. 1823 * This is needed so NOSPACE flag can be set from tcp stack. 1824 */ 1825 __mptcp_flush_join_list(msk); 1826 list_for_each_entry(subflow, &msk->conn_list, node) { 1827 struct sock *ssk = mptcp_subflow_tcp_sock(subflow); 1828 1829 if (!ssk->sk_socket) 1830 mptcp_sock_graft(ssk, newsock); 1831 } 1832 } 1833 1834 sock_put(ssock->sk); 1835 return err; 1836 1837 unlock_fail: 1838 release_sock(sock->sk); 1839 return -EINVAL; 1840 } 1841 1842 static __poll_t mptcp_poll(struct file *file, struct socket *sock, 1843 struct poll_table_struct *wait) 1844 { 1845 struct sock *sk = sock->sk; 1846 struct mptcp_sock *msk; 1847 struct socket *ssock; 1848 __poll_t mask = 0; 1849 1850 msk = mptcp_sk(sk); 1851 lock_sock(sk); 1852 ssock = __mptcp_tcp_fallback(msk); 1853 if (!ssock) 1854 ssock = __mptcp_nmpc_socket(msk); 1855 if (ssock) { 1856 mask = ssock->ops->poll(file, ssock, wait); 1857 release_sock(sk); 1858 return mask; 1859 } 1860 1861 release_sock(sk); 1862 sock_poll_wait(file, sock, wait); 1863 lock_sock(sk); 1864 1865 if (test_bit(MPTCP_DATA_READY, &msk->flags)) 1866 mask = EPOLLIN | EPOLLRDNORM; 1867 if (sk_stream_is_writeable(sk) && 1868 test_bit(MPTCP_SEND_SPACE, &msk->flags)) 1869 mask |= EPOLLOUT | EPOLLWRNORM; 1870 if (sk->sk_shutdown & RCV_SHUTDOWN) 1871 mask |= EPOLLIN | EPOLLRDNORM | EPOLLRDHUP; 1872 1873 release_sock(sk); 1874 1875 return mask; 1876 } 1877 1878 static int mptcp_shutdown(struct socket *sock, int how) 1879 { 1880 struct mptcp_sock *msk = mptcp_sk(sock->sk); 1881 struct mptcp_subflow_context *subflow; 1882 struct socket *ssock; 1883 int ret = 0; 1884 1885 pr_debug("sk=%p, how=%d", msk, how); 1886 1887 lock_sock(sock->sk); 1888 ssock = __mptcp_tcp_fallback(msk); 1889 if (ssock) { 1890 release_sock(sock->sk); 1891 return inet_shutdown(ssock, how); 1892 } 1893 1894 if (how == SHUT_WR || how == SHUT_RDWR) 1895 inet_sk_state_store(sock->sk, TCP_FIN_WAIT1); 1896 1897 how++; 1898 1899 if ((how & ~SHUTDOWN_MASK) || !how) { 1900 ret = -EINVAL; 1901 goto out_unlock; 1902 } 1903 1904 if (sock->state == SS_CONNECTING) { 1905 if ((1 << sock->sk->sk_state) & 1906 (TCPF_SYN_SENT | TCPF_SYN_RECV | TCPF_CLOSE)) 1907 sock->state = SS_DISCONNECTING; 1908 else 1909 sock->state = SS_CONNECTED; 1910 } 1911 1912 __mptcp_flush_join_list(msk); 1913 mptcp_for_each_subflow(msk, subflow) { 1914 struct sock *tcp_sk = mptcp_subflow_tcp_sock(subflow); 1915 1916 mptcp_subflow_shutdown(tcp_sk, how, 1, msk->write_seq); 1917 } 1918 1919 out_unlock: 1920 release_sock(sock->sk); 1921 1922 return ret; 1923 } 1924 1925 static const struct proto_ops mptcp_stream_ops = { 1926 .family = PF_INET, 1927 .owner = THIS_MODULE, 1928 .release = inet_release, 1929 .bind = mptcp_bind, 1930 .connect = mptcp_stream_connect, 1931 .socketpair = sock_no_socketpair, 1932 .accept = mptcp_stream_accept, 1933 .getname = mptcp_v4_getname, 1934 .poll = mptcp_poll, 1935 .ioctl = inet_ioctl, 1936 .gettstamp = sock_gettstamp, 1937 .listen = mptcp_listen, 1938 .shutdown = mptcp_shutdown, 1939 .setsockopt = sock_common_setsockopt, 1940 .getsockopt = sock_common_getsockopt, 1941 .sendmsg = inet_sendmsg, 1942 .recvmsg = inet_recvmsg, 1943 .mmap = sock_no_mmap, 1944 .sendpage = inet_sendpage, 1945 #ifdef CONFIG_COMPAT 1946 .compat_setsockopt = compat_sock_common_setsockopt, 1947 .compat_getsockopt = compat_sock_common_getsockopt, 1948 #endif 1949 }; 1950 1951 static struct inet_protosw mptcp_protosw = { 1952 .type = SOCK_STREAM, 1953 .protocol = IPPROTO_MPTCP, 1954 .prot = &mptcp_prot, 1955 .ops = &mptcp_stream_ops, 1956 .flags = INET_PROTOSW_ICSK, 1957 }; 1958 1959 void mptcp_proto_init(void) 1960 { 1961 mptcp_prot.h.hashinfo = tcp_prot.h.hashinfo; 1962 1963 if (percpu_counter_init(&mptcp_sockets_allocated, 0, GFP_KERNEL)) 1964 panic("Failed to allocate MPTCP pcpu counter\n"); 1965 1966 mptcp_subflow_init(); 1967 mptcp_pm_init(); 1968 1969 if (proto_register(&mptcp_prot, 1) != 0) 1970 panic("Failed to register MPTCP proto.\n"); 1971 1972 inet_register_protosw(&mptcp_protosw); 1973 1974 BUILD_BUG_ON(sizeof(struct mptcp_skb_cb) > sizeof_field(struct sk_buff, cb)); 1975 } 1976 1977 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 1978 static const struct proto_ops mptcp_v6_stream_ops = { 1979 .family = PF_INET6, 1980 .owner = THIS_MODULE, 1981 .release = inet6_release, 1982 .bind = mptcp_bind, 1983 .connect = mptcp_stream_connect, 1984 .socketpair = sock_no_socketpair, 1985 .accept = mptcp_stream_accept, 1986 .getname = mptcp_v6_getname, 1987 .poll = mptcp_poll, 1988 .ioctl = inet6_ioctl, 1989 .gettstamp = sock_gettstamp, 1990 .listen = mptcp_listen, 1991 .shutdown = mptcp_shutdown, 1992 .setsockopt = sock_common_setsockopt, 1993 .getsockopt = sock_common_getsockopt, 1994 .sendmsg = inet6_sendmsg, 1995 .recvmsg = inet6_recvmsg, 1996 .mmap = sock_no_mmap, 1997 .sendpage = inet_sendpage, 1998 #ifdef CONFIG_COMPAT 1999 .compat_setsockopt = compat_sock_common_setsockopt, 2000 .compat_getsockopt = compat_sock_common_getsockopt, 2001 #endif 2002 }; 2003 2004 static struct proto mptcp_v6_prot; 2005 2006 static void mptcp_v6_destroy(struct sock *sk) 2007 { 2008 mptcp_destroy(sk); 2009 inet6_destroy_sock(sk); 2010 } 2011 2012 static struct inet_protosw mptcp_v6_protosw = { 2013 .type = SOCK_STREAM, 2014 .protocol = IPPROTO_MPTCP, 2015 .prot = &mptcp_v6_prot, 2016 .ops = &mptcp_v6_stream_ops, 2017 .flags = INET_PROTOSW_ICSK, 2018 }; 2019 2020 int mptcp_proto_v6_init(void) 2021 { 2022 int err; 2023 2024 mptcp_v6_prot = mptcp_prot; 2025 strcpy(mptcp_v6_prot.name, "MPTCPv6"); 2026 mptcp_v6_prot.slab = NULL; 2027 mptcp_v6_prot.destroy = mptcp_v6_destroy; 2028 mptcp_v6_prot.obj_size = sizeof(struct mptcp6_sock); 2029 2030 err = proto_register(&mptcp_v6_prot, 1); 2031 if (err) 2032 return err; 2033 2034 err = inet6_register_protosw(&mptcp_v6_protosw); 2035 if (err) 2036 proto_unregister(&mptcp_v6_prot); 2037 2038 return err; 2039 } 2040 #endif 2041