1 // SPDX-License-Identifier: GPL-2.0 2 /* Multipath TCP 3 * 4 * Copyright (c) 2017 - 2019, Intel Corporation. 5 */ 6 7 #define pr_fmt(fmt) "MPTCP: " fmt 8 9 #include <linux/kernel.h> 10 #include <linux/module.h> 11 #include <linux/netdevice.h> 12 #include <linux/sched/signal.h> 13 #include <linux/atomic.h> 14 #include <net/sock.h> 15 #include <net/inet_common.h> 16 #include <net/inet_hashtables.h> 17 #include <net/protocol.h> 18 #include <net/tcp.h> 19 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 20 #include <net/transp_v6.h> 21 #endif 22 #include <net/mptcp.h> 23 #include "protocol.h" 24 25 #define MPTCP_SAME_STATE TCP_MAX_STATES 26 27 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 28 struct mptcp6_sock { 29 struct mptcp_sock msk; 30 struct ipv6_pinfo np; 31 }; 32 #endif 33 34 /* If msk has an initial subflow socket, and the MP_CAPABLE handshake has not 35 * completed yet or has failed, return the subflow socket. 36 * Otherwise return NULL. 37 */ 38 static struct socket *__mptcp_nmpc_socket(const struct mptcp_sock *msk) 39 { 40 if (!msk->subflow || READ_ONCE(msk->can_ack)) 41 return NULL; 42 43 return msk->subflow; 44 } 45 46 static bool __mptcp_needs_tcp_fallback(const struct mptcp_sock *msk) 47 { 48 return msk->first && !sk_is_mptcp(msk->first); 49 } 50 51 static struct socket *__mptcp_tcp_fallback(struct mptcp_sock *msk) 52 { 53 sock_owned_by_me((const struct sock *)msk); 54 55 if (likely(!__mptcp_needs_tcp_fallback(msk))) 56 return NULL; 57 58 if (msk->subflow) { 59 release_sock((struct sock *)msk); 60 return msk->subflow; 61 } 62 63 return NULL; 64 } 65 66 static bool __mptcp_can_create_subflow(const struct mptcp_sock *msk) 67 { 68 return !msk->first; 69 } 70 71 static struct socket *__mptcp_socket_create(struct mptcp_sock *msk, int state) 72 { 73 struct mptcp_subflow_context *subflow; 74 struct sock *sk = (struct sock *)msk; 75 struct socket *ssock; 76 int err; 77 78 ssock = __mptcp_nmpc_socket(msk); 79 if (ssock) 80 goto set_state; 81 82 if (!__mptcp_can_create_subflow(msk)) 83 return ERR_PTR(-EINVAL); 84 85 err = mptcp_subflow_create_socket(sk, &ssock); 86 if (err) 87 return ERR_PTR(err); 88 89 msk->first = ssock->sk; 90 msk->subflow = ssock; 91 subflow = mptcp_subflow_ctx(ssock->sk); 92 list_add(&subflow->node, &msk->conn_list); 93 subflow->request_mptcp = 1; 94 95 set_state: 96 if (state != MPTCP_SAME_STATE) 97 inet_sk_state_store(sk, state); 98 return ssock; 99 } 100 101 static struct sock *mptcp_subflow_get(const struct mptcp_sock *msk) 102 { 103 struct mptcp_subflow_context *subflow; 104 105 sock_owned_by_me((const struct sock *)msk); 106 107 mptcp_for_each_subflow(msk, subflow) { 108 return mptcp_subflow_tcp_sock(subflow); 109 } 110 111 return NULL; 112 } 113 114 static bool mptcp_ext_cache_refill(struct mptcp_sock *msk) 115 { 116 if (!msk->cached_ext) 117 msk->cached_ext = __skb_ext_alloc(); 118 119 return !!msk->cached_ext; 120 } 121 122 static struct sock *mptcp_subflow_recv_lookup(const struct mptcp_sock *msk) 123 { 124 struct mptcp_subflow_context *subflow; 125 struct sock *sk = (struct sock *)msk; 126 127 sock_owned_by_me(sk); 128 129 mptcp_for_each_subflow(msk, subflow) { 130 if (subflow->data_avail) 131 return mptcp_subflow_tcp_sock(subflow); 132 } 133 134 return NULL; 135 } 136 137 static inline bool mptcp_skb_can_collapse_to(const struct mptcp_sock *msk, 138 const struct sk_buff *skb, 139 const struct mptcp_ext *mpext) 140 { 141 if (!tcp_skb_can_collapse_to(skb)) 142 return false; 143 144 /* can collapse only if MPTCP level sequence is in order */ 145 return mpext && mpext->data_seq + mpext->data_len == msk->write_seq; 146 } 147 148 static int mptcp_sendmsg_frag(struct sock *sk, struct sock *ssk, 149 struct msghdr *msg, long *timeo, int *pmss_now, 150 int *ps_goal) 151 { 152 int mss_now, avail_size, size_goal, ret; 153 struct mptcp_sock *msk = mptcp_sk(sk); 154 struct mptcp_ext *mpext = NULL; 155 struct sk_buff *skb, *tail; 156 bool can_collapse = false; 157 struct page_frag *pfrag; 158 size_t psize; 159 160 /* use the mptcp page cache so that we can easily move the data 161 * from one substream to another, but do per subflow memory accounting 162 */ 163 pfrag = sk_page_frag(sk); 164 while (!sk_page_frag_refill(ssk, pfrag) || 165 !mptcp_ext_cache_refill(msk)) { 166 ret = sk_stream_wait_memory(ssk, timeo); 167 if (ret) 168 return ret; 169 if (unlikely(__mptcp_needs_tcp_fallback(msk))) 170 return 0; 171 } 172 173 /* compute copy limit */ 174 mss_now = tcp_send_mss(ssk, &size_goal, msg->msg_flags); 175 *pmss_now = mss_now; 176 *ps_goal = size_goal; 177 avail_size = size_goal; 178 skb = tcp_write_queue_tail(ssk); 179 if (skb) { 180 mpext = skb_ext_find(skb, SKB_EXT_MPTCP); 181 182 /* Limit the write to the size available in the 183 * current skb, if any, so that we create at most a new skb. 184 * Explicitly tells TCP internals to avoid collapsing on later 185 * queue management operation, to avoid breaking the ext <-> 186 * SSN association set here 187 */ 188 can_collapse = (size_goal - skb->len > 0) && 189 mptcp_skb_can_collapse_to(msk, skb, mpext); 190 if (!can_collapse) 191 TCP_SKB_CB(skb)->eor = 1; 192 else 193 avail_size = size_goal - skb->len; 194 } 195 psize = min_t(size_t, pfrag->size - pfrag->offset, avail_size); 196 197 /* Copy to page */ 198 pr_debug("left=%zu", msg_data_left(msg)); 199 psize = copy_page_from_iter(pfrag->page, pfrag->offset, 200 min_t(size_t, msg_data_left(msg), psize), 201 &msg->msg_iter); 202 pr_debug("left=%zu", msg_data_left(msg)); 203 if (!psize) 204 return -EINVAL; 205 206 /* tell the TCP stack to delay the push so that we can safely 207 * access the skb after the sendpages call 208 */ 209 ret = do_tcp_sendpages(ssk, pfrag->page, pfrag->offset, psize, 210 msg->msg_flags | MSG_SENDPAGE_NOTLAST); 211 if (ret <= 0) 212 return ret; 213 if (unlikely(ret < psize)) 214 iov_iter_revert(&msg->msg_iter, psize - ret); 215 216 /* if the tail skb extension is still the cached one, collapsing 217 * really happened. Note: we can't check for 'same skb' as the sk_buff 218 * hdr on tail can be transmitted, freed and re-allocated by the 219 * do_tcp_sendpages() call 220 */ 221 tail = tcp_write_queue_tail(ssk); 222 if (mpext && tail && mpext == skb_ext_find(tail, SKB_EXT_MPTCP)) { 223 WARN_ON_ONCE(!can_collapse); 224 mpext->data_len += ret; 225 goto out; 226 } 227 228 skb = tcp_write_queue_tail(ssk); 229 mpext = __skb_ext_set(skb, SKB_EXT_MPTCP, msk->cached_ext); 230 msk->cached_ext = NULL; 231 232 memset(mpext, 0, sizeof(*mpext)); 233 mpext->data_seq = msk->write_seq; 234 mpext->subflow_seq = mptcp_subflow_ctx(ssk)->rel_write_seq; 235 mpext->data_len = ret; 236 mpext->use_map = 1; 237 mpext->dsn64 = 1; 238 239 pr_debug("data_seq=%llu subflow_seq=%u data_len=%u dsn64=%d", 240 mpext->data_seq, mpext->subflow_seq, mpext->data_len, 241 mpext->dsn64); 242 243 out: 244 pfrag->offset += ret; 245 msk->write_seq += ret; 246 mptcp_subflow_ctx(ssk)->rel_write_seq += ret; 247 248 return ret; 249 } 250 251 static void ssk_check_wmem(struct mptcp_sock *msk, struct sock *ssk) 252 { 253 struct socket *sock; 254 255 if (likely(sk_stream_is_writeable(ssk))) 256 return; 257 258 sock = READ_ONCE(ssk->sk_socket); 259 260 if (sock) { 261 clear_bit(MPTCP_SEND_SPACE, &msk->flags); 262 smp_mb__after_atomic(); 263 /* set NOSPACE only after clearing SEND_SPACE flag */ 264 set_bit(SOCK_NOSPACE, &sock->flags); 265 } 266 } 267 268 static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) 269 { 270 int mss_now = 0, size_goal = 0, ret = 0; 271 struct mptcp_sock *msk = mptcp_sk(sk); 272 struct socket *ssock; 273 size_t copied = 0; 274 struct sock *ssk; 275 long timeo; 276 277 if (msg->msg_flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL)) 278 return -EOPNOTSUPP; 279 280 lock_sock(sk); 281 ssock = __mptcp_tcp_fallback(msk); 282 if (unlikely(ssock)) { 283 fallback: 284 pr_debug("fallback passthrough"); 285 ret = sock_sendmsg(ssock, msg); 286 return ret >= 0 ? ret + copied : (copied ? copied : ret); 287 } 288 289 timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT); 290 291 ssk = mptcp_subflow_get(msk); 292 if (!ssk) { 293 release_sock(sk); 294 return -ENOTCONN; 295 } 296 297 pr_debug("conn_list->subflow=%p", ssk); 298 299 lock_sock(ssk); 300 while (msg_data_left(msg)) { 301 ret = mptcp_sendmsg_frag(sk, ssk, msg, &timeo, &mss_now, 302 &size_goal); 303 if (ret < 0) 304 break; 305 if (ret == 0 && unlikely(__mptcp_needs_tcp_fallback(msk))) { 306 release_sock(ssk); 307 ssock = __mptcp_tcp_fallback(msk); 308 goto fallback; 309 } 310 311 copied += ret; 312 } 313 314 if (copied) { 315 ret = copied; 316 tcp_push(ssk, msg->msg_flags, mss_now, tcp_sk(ssk)->nonagle, 317 size_goal); 318 } 319 320 ssk_check_wmem(msk, ssk); 321 release_sock(ssk); 322 release_sock(sk); 323 return ret; 324 } 325 326 int mptcp_read_actor(read_descriptor_t *desc, struct sk_buff *skb, 327 unsigned int offset, size_t len) 328 { 329 struct mptcp_read_arg *arg = desc->arg.data; 330 size_t copy_len; 331 332 copy_len = min(desc->count, len); 333 334 if (likely(arg->msg)) { 335 int err; 336 337 err = skb_copy_datagram_msg(skb, offset, arg->msg, copy_len); 338 if (err) { 339 pr_debug("error path"); 340 desc->error = err; 341 return err; 342 } 343 } else { 344 pr_debug("Flushing skb payload"); 345 } 346 347 desc->count -= copy_len; 348 349 pr_debug("consumed %zu bytes, %zu left", copy_len, desc->count); 350 return copy_len; 351 } 352 353 static void mptcp_wait_data(struct sock *sk, long *timeo) 354 { 355 DEFINE_WAIT_FUNC(wait, woken_wake_function); 356 struct mptcp_sock *msk = mptcp_sk(sk); 357 358 add_wait_queue(sk_sleep(sk), &wait); 359 sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk); 360 361 sk_wait_event(sk, timeo, 362 test_and_clear_bit(MPTCP_DATA_READY, &msk->flags), &wait); 363 364 sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk); 365 remove_wait_queue(sk_sleep(sk), &wait); 366 } 367 368 static int mptcp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, 369 int nonblock, int flags, int *addr_len) 370 { 371 struct mptcp_sock *msk = mptcp_sk(sk); 372 struct mptcp_subflow_context *subflow; 373 bool more_data_avail = false; 374 struct mptcp_read_arg arg; 375 read_descriptor_t desc; 376 bool wait_data = false; 377 struct socket *ssock; 378 struct tcp_sock *tp; 379 bool done = false; 380 struct sock *ssk; 381 int copied = 0; 382 int target; 383 long timeo; 384 385 if (msg->msg_flags & ~(MSG_WAITALL | MSG_DONTWAIT)) 386 return -EOPNOTSUPP; 387 388 lock_sock(sk); 389 ssock = __mptcp_tcp_fallback(msk); 390 if (unlikely(ssock)) { 391 fallback: 392 pr_debug("fallback-read subflow=%p", 393 mptcp_subflow_ctx(ssock->sk)); 394 copied = sock_recvmsg(ssock, msg, flags); 395 return copied; 396 } 397 398 arg.msg = msg; 399 desc.arg.data = &arg; 400 desc.error = 0; 401 402 timeo = sock_rcvtimeo(sk, nonblock); 403 404 len = min_t(size_t, len, INT_MAX); 405 target = sock_rcvlowat(sk, flags & MSG_WAITALL, len); 406 407 while (!done) { 408 u32 map_remaining; 409 int bytes_read; 410 411 ssk = mptcp_subflow_recv_lookup(msk); 412 pr_debug("msk=%p ssk=%p", msk, ssk); 413 if (!ssk) 414 goto wait_for_data; 415 416 subflow = mptcp_subflow_ctx(ssk); 417 tp = tcp_sk(ssk); 418 419 lock_sock(ssk); 420 do { 421 /* try to read as much data as available */ 422 map_remaining = subflow->map_data_len - 423 mptcp_subflow_get_map_offset(subflow); 424 desc.count = min_t(size_t, len - copied, map_remaining); 425 pr_debug("reading %zu bytes, copied %d", desc.count, 426 copied); 427 bytes_read = tcp_read_sock(ssk, &desc, 428 mptcp_read_actor); 429 if (bytes_read < 0) { 430 if (!copied) 431 copied = bytes_read; 432 done = true; 433 goto next; 434 } 435 436 pr_debug("msk ack_seq=%llx -> %llx", msk->ack_seq, 437 msk->ack_seq + bytes_read); 438 msk->ack_seq += bytes_read; 439 copied += bytes_read; 440 if (copied >= len) { 441 done = true; 442 goto next; 443 } 444 if (tp->urg_data && tp->urg_seq == tp->copied_seq) { 445 pr_err("Urgent data present, cannot proceed"); 446 done = true; 447 goto next; 448 } 449 next: 450 more_data_avail = mptcp_subflow_data_available(ssk); 451 } while (more_data_avail && !done); 452 release_sock(ssk); 453 continue; 454 455 wait_for_data: 456 more_data_avail = false; 457 458 /* only the master socket status is relevant here. The exit 459 * conditions mirror closely tcp_recvmsg() 460 */ 461 if (copied >= target) 462 break; 463 464 if (copied) { 465 if (sk->sk_err || 466 sk->sk_state == TCP_CLOSE || 467 (sk->sk_shutdown & RCV_SHUTDOWN) || 468 !timeo || 469 signal_pending(current)) 470 break; 471 } else { 472 if (sk->sk_err) { 473 copied = sock_error(sk); 474 break; 475 } 476 477 if (sk->sk_shutdown & RCV_SHUTDOWN) 478 break; 479 480 if (sk->sk_state == TCP_CLOSE) { 481 copied = -ENOTCONN; 482 break; 483 } 484 485 if (!timeo) { 486 copied = -EAGAIN; 487 break; 488 } 489 490 if (signal_pending(current)) { 491 copied = sock_intr_errno(timeo); 492 break; 493 } 494 } 495 496 pr_debug("block timeout %ld", timeo); 497 wait_data = true; 498 mptcp_wait_data(sk, &timeo); 499 if (unlikely(__mptcp_tcp_fallback(msk))) 500 goto fallback; 501 } 502 503 if (more_data_avail) { 504 if (!test_bit(MPTCP_DATA_READY, &msk->flags)) 505 set_bit(MPTCP_DATA_READY, &msk->flags); 506 } else if (!wait_data) { 507 clear_bit(MPTCP_DATA_READY, &msk->flags); 508 509 /* .. race-breaker: ssk might get new data after last 510 * data_available() returns false. 511 */ 512 ssk = mptcp_subflow_recv_lookup(msk); 513 if (unlikely(ssk)) 514 set_bit(MPTCP_DATA_READY, &msk->flags); 515 } 516 517 release_sock(sk); 518 return copied; 519 } 520 521 /* subflow sockets can be either outgoing (connect) or incoming 522 * (accept). 523 * 524 * Outgoing subflows use in-kernel sockets. 525 * Incoming subflows do not have their own 'struct socket' allocated, 526 * so we need to use tcp_close() after detaching them from the mptcp 527 * parent socket. 528 */ 529 static void __mptcp_close_ssk(struct sock *sk, struct sock *ssk, 530 struct mptcp_subflow_context *subflow, 531 long timeout) 532 { 533 struct socket *sock = READ_ONCE(ssk->sk_socket); 534 535 list_del(&subflow->node); 536 537 if (sock && sock != sk->sk_socket) { 538 /* outgoing subflow */ 539 sock_release(sock); 540 } else { 541 /* incoming subflow */ 542 tcp_close(ssk, timeout); 543 } 544 } 545 546 static unsigned int mptcp_sync_mss(struct sock *sk, u32 pmtu) 547 { 548 return 0; 549 } 550 551 static int __mptcp_init_sock(struct sock *sk) 552 { 553 struct mptcp_sock *msk = mptcp_sk(sk); 554 555 INIT_LIST_HEAD(&msk->conn_list); 556 __set_bit(MPTCP_SEND_SPACE, &msk->flags); 557 558 msk->first = NULL; 559 inet_csk(sk)->icsk_sync_mss = mptcp_sync_mss; 560 561 return 0; 562 } 563 564 static int mptcp_init_sock(struct sock *sk) 565 { 566 if (!mptcp_is_enabled(sock_net(sk))) 567 return -ENOPROTOOPT; 568 569 return __mptcp_init_sock(sk); 570 } 571 572 static void mptcp_subflow_shutdown(struct sock *ssk, int how) 573 { 574 lock_sock(ssk); 575 576 switch (ssk->sk_state) { 577 case TCP_LISTEN: 578 if (!(how & RCV_SHUTDOWN)) 579 break; 580 /* fall through */ 581 case TCP_SYN_SENT: 582 tcp_disconnect(ssk, O_NONBLOCK); 583 break; 584 default: 585 ssk->sk_shutdown |= how; 586 tcp_shutdown(ssk, how); 587 break; 588 } 589 590 /* Wake up anyone sleeping in poll. */ 591 ssk->sk_state_change(ssk); 592 release_sock(ssk); 593 } 594 595 /* Called with msk lock held, releases such lock before returning */ 596 static void mptcp_close(struct sock *sk, long timeout) 597 { 598 struct mptcp_subflow_context *subflow, *tmp; 599 struct mptcp_sock *msk = mptcp_sk(sk); 600 LIST_HEAD(conn_list); 601 602 lock_sock(sk); 603 604 mptcp_token_destroy(msk->token); 605 inet_sk_state_store(sk, TCP_CLOSE); 606 607 list_splice_init(&msk->conn_list, &conn_list); 608 609 release_sock(sk); 610 611 list_for_each_entry_safe(subflow, tmp, &conn_list, node) { 612 struct sock *ssk = mptcp_subflow_tcp_sock(subflow); 613 614 __mptcp_close_ssk(sk, ssk, subflow, timeout); 615 } 616 617 sk_common_release(sk); 618 } 619 620 static void mptcp_copy_inaddrs(struct sock *msk, const struct sock *ssk) 621 { 622 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 623 const struct ipv6_pinfo *ssk6 = inet6_sk(ssk); 624 struct ipv6_pinfo *msk6 = inet6_sk(msk); 625 626 msk->sk_v6_daddr = ssk->sk_v6_daddr; 627 msk->sk_v6_rcv_saddr = ssk->sk_v6_rcv_saddr; 628 629 if (msk6 && ssk6) { 630 msk6->saddr = ssk6->saddr; 631 msk6->flow_label = ssk6->flow_label; 632 } 633 #endif 634 635 inet_sk(msk)->inet_num = inet_sk(ssk)->inet_num; 636 inet_sk(msk)->inet_dport = inet_sk(ssk)->inet_dport; 637 inet_sk(msk)->inet_sport = inet_sk(ssk)->inet_sport; 638 inet_sk(msk)->inet_daddr = inet_sk(ssk)->inet_daddr; 639 inet_sk(msk)->inet_saddr = inet_sk(ssk)->inet_saddr; 640 inet_sk(msk)->inet_rcv_saddr = inet_sk(ssk)->inet_rcv_saddr; 641 } 642 643 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 644 static struct ipv6_pinfo *mptcp_inet6_sk(const struct sock *sk) 645 { 646 unsigned int offset = sizeof(struct mptcp6_sock) - sizeof(struct ipv6_pinfo); 647 648 return (struct ipv6_pinfo *)(((u8 *)sk) + offset); 649 } 650 #endif 651 652 static struct sock *mptcp_sk_clone_lock(const struct sock *sk) 653 { 654 struct sock *nsk = sk_clone_lock(sk, GFP_ATOMIC); 655 656 if (!nsk) 657 return NULL; 658 659 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 660 if (nsk->sk_family == AF_INET6) 661 inet_sk(nsk)->pinet6 = mptcp_inet6_sk(nsk); 662 #endif 663 664 return nsk; 665 } 666 667 static struct sock *mptcp_accept(struct sock *sk, int flags, int *err, 668 bool kern) 669 { 670 struct mptcp_sock *msk = mptcp_sk(sk); 671 struct socket *listener; 672 struct sock *newsk; 673 674 listener = __mptcp_nmpc_socket(msk); 675 if (WARN_ON_ONCE(!listener)) { 676 *err = -EINVAL; 677 return NULL; 678 } 679 680 pr_debug("msk=%p, listener=%p", msk, mptcp_subflow_ctx(listener->sk)); 681 newsk = inet_csk_accept(listener->sk, flags, err, kern); 682 if (!newsk) 683 return NULL; 684 685 pr_debug("msk=%p, subflow is mptcp=%d", msk, sk_is_mptcp(newsk)); 686 687 if (sk_is_mptcp(newsk)) { 688 struct mptcp_subflow_context *subflow; 689 struct sock *new_mptcp_sock; 690 struct sock *ssk = newsk; 691 u64 ack_seq; 692 693 subflow = mptcp_subflow_ctx(newsk); 694 lock_sock(sk); 695 696 local_bh_disable(); 697 new_mptcp_sock = mptcp_sk_clone_lock(sk); 698 if (!new_mptcp_sock) { 699 *err = -ENOBUFS; 700 local_bh_enable(); 701 release_sock(sk); 702 mptcp_subflow_shutdown(newsk, SHUT_RDWR + 1); 703 tcp_close(newsk, 0); 704 return NULL; 705 } 706 707 __mptcp_init_sock(new_mptcp_sock); 708 709 msk = mptcp_sk(new_mptcp_sock); 710 msk->local_key = subflow->local_key; 711 msk->token = subflow->token; 712 msk->subflow = NULL; 713 msk->first = newsk; 714 715 mptcp_token_update_accept(newsk, new_mptcp_sock); 716 717 msk->write_seq = subflow->idsn + 1; 718 if (subflow->can_ack) { 719 msk->can_ack = true; 720 msk->remote_key = subflow->remote_key; 721 mptcp_crypto_key_sha(msk->remote_key, NULL, &ack_seq); 722 ack_seq++; 723 msk->ack_seq = ack_seq; 724 } 725 newsk = new_mptcp_sock; 726 mptcp_copy_inaddrs(newsk, ssk); 727 list_add(&subflow->node, &msk->conn_list); 728 729 /* will be fully established at mptcp_stream_accept() 730 * completion. 731 */ 732 inet_sk_state_store(new_mptcp_sock, TCP_SYN_RECV); 733 bh_unlock_sock(new_mptcp_sock); 734 local_bh_enable(); 735 release_sock(sk); 736 737 /* the subflow can already receive packet, avoid racing with 738 * the receive path and process the pending ones 739 */ 740 lock_sock(ssk); 741 subflow->rel_write_seq = 1; 742 subflow->tcp_sock = ssk; 743 subflow->conn = new_mptcp_sock; 744 if (unlikely(!skb_queue_empty(&ssk->sk_receive_queue))) 745 mptcp_subflow_data_available(ssk); 746 release_sock(ssk); 747 } 748 749 return newsk; 750 } 751 752 static void mptcp_destroy(struct sock *sk) 753 { 754 struct mptcp_sock *msk = mptcp_sk(sk); 755 756 if (msk->cached_ext) 757 __skb_ext_put(msk->cached_ext); 758 } 759 760 static int mptcp_setsockopt(struct sock *sk, int level, int optname, 761 char __user *optval, unsigned int optlen) 762 { 763 struct mptcp_sock *msk = mptcp_sk(sk); 764 struct socket *ssock; 765 766 pr_debug("msk=%p", msk); 767 768 /* @@ the meaning of setsockopt() when the socket is connected and 769 * there are multiple subflows is not yet defined. It is up to the 770 * MPTCP-level socket to configure the subflows until the subflow 771 * is in TCP fallback, when TCP socket options are passed through 772 * to the one remaining subflow. 773 */ 774 lock_sock(sk); 775 ssock = __mptcp_tcp_fallback(msk); 776 if (ssock) 777 return tcp_setsockopt(ssock->sk, level, optname, optval, 778 optlen); 779 780 release_sock(sk); 781 782 return -EOPNOTSUPP; 783 } 784 785 static int mptcp_getsockopt(struct sock *sk, int level, int optname, 786 char __user *optval, int __user *option) 787 { 788 struct mptcp_sock *msk = mptcp_sk(sk); 789 struct socket *ssock; 790 791 pr_debug("msk=%p", msk); 792 793 /* @@ the meaning of setsockopt() when the socket is connected and 794 * there are multiple subflows is not yet defined. It is up to the 795 * MPTCP-level socket to configure the subflows until the subflow 796 * is in TCP fallback, when socket options are passed through 797 * to the one remaining subflow. 798 */ 799 lock_sock(sk); 800 ssock = __mptcp_tcp_fallback(msk); 801 if (ssock) 802 return tcp_getsockopt(ssock->sk, level, optname, optval, 803 option); 804 805 release_sock(sk); 806 807 return -EOPNOTSUPP; 808 } 809 810 static int mptcp_get_port(struct sock *sk, unsigned short snum) 811 { 812 struct mptcp_sock *msk = mptcp_sk(sk); 813 struct socket *ssock; 814 815 ssock = __mptcp_nmpc_socket(msk); 816 pr_debug("msk=%p, subflow=%p", msk, ssock); 817 if (WARN_ON_ONCE(!ssock)) 818 return -EINVAL; 819 820 return inet_csk_get_port(ssock->sk, snum); 821 } 822 823 void mptcp_finish_connect(struct sock *ssk) 824 { 825 struct mptcp_subflow_context *subflow; 826 struct mptcp_sock *msk; 827 struct sock *sk; 828 u64 ack_seq; 829 830 subflow = mptcp_subflow_ctx(ssk); 831 832 if (!subflow->mp_capable) 833 return; 834 835 sk = subflow->conn; 836 msk = mptcp_sk(sk); 837 838 pr_debug("msk=%p, token=%u", sk, subflow->token); 839 840 mptcp_crypto_key_sha(subflow->remote_key, NULL, &ack_seq); 841 ack_seq++; 842 subflow->map_seq = ack_seq; 843 subflow->map_subflow_seq = 1; 844 subflow->rel_write_seq = 1; 845 846 /* the socket is not connected yet, no msk/subflow ops can access/race 847 * accessing the field below 848 */ 849 WRITE_ONCE(msk->remote_key, subflow->remote_key); 850 WRITE_ONCE(msk->local_key, subflow->local_key); 851 WRITE_ONCE(msk->token, subflow->token); 852 WRITE_ONCE(msk->write_seq, subflow->idsn + 1); 853 WRITE_ONCE(msk->ack_seq, ack_seq); 854 WRITE_ONCE(msk->can_ack, 1); 855 } 856 857 static void mptcp_sock_graft(struct sock *sk, struct socket *parent) 858 { 859 write_lock_bh(&sk->sk_callback_lock); 860 rcu_assign_pointer(sk->sk_wq, &parent->wq); 861 sk_set_socket(sk, parent); 862 sk->sk_uid = SOCK_INODE(parent)->i_uid; 863 write_unlock_bh(&sk->sk_callback_lock); 864 } 865 866 static bool mptcp_memory_free(const struct sock *sk, int wake) 867 { 868 struct mptcp_sock *msk = mptcp_sk(sk); 869 870 return wake ? test_bit(MPTCP_SEND_SPACE, &msk->flags) : true; 871 } 872 873 static struct proto mptcp_prot = { 874 .name = "MPTCP", 875 .owner = THIS_MODULE, 876 .init = mptcp_init_sock, 877 .close = mptcp_close, 878 .accept = mptcp_accept, 879 .setsockopt = mptcp_setsockopt, 880 .getsockopt = mptcp_getsockopt, 881 .shutdown = tcp_shutdown, 882 .destroy = mptcp_destroy, 883 .sendmsg = mptcp_sendmsg, 884 .recvmsg = mptcp_recvmsg, 885 .hash = inet_hash, 886 .unhash = inet_unhash, 887 .get_port = mptcp_get_port, 888 .stream_memory_free = mptcp_memory_free, 889 .obj_size = sizeof(struct mptcp_sock), 890 .no_autobind = true, 891 }; 892 893 static int mptcp_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) 894 { 895 struct mptcp_sock *msk = mptcp_sk(sock->sk); 896 struct socket *ssock; 897 int err; 898 899 lock_sock(sock->sk); 900 ssock = __mptcp_socket_create(msk, MPTCP_SAME_STATE); 901 if (IS_ERR(ssock)) { 902 err = PTR_ERR(ssock); 903 goto unlock; 904 } 905 906 err = ssock->ops->bind(ssock, uaddr, addr_len); 907 if (!err) 908 mptcp_copy_inaddrs(sock->sk, ssock->sk); 909 910 unlock: 911 release_sock(sock->sk); 912 return err; 913 } 914 915 static int mptcp_stream_connect(struct socket *sock, struct sockaddr *uaddr, 916 int addr_len, int flags) 917 { 918 struct mptcp_sock *msk = mptcp_sk(sock->sk); 919 struct socket *ssock; 920 int err; 921 922 lock_sock(sock->sk); 923 ssock = __mptcp_socket_create(msk, TCP_SYN_SENT); 924 if (IS_ERR(ssock)) { 925 err = PTR_ERR(ssock); 926 goto unlock; 927 } 928 929 #ifdef CONFIG_TCP_MD5SIG 930 /* no MPTCP if MD5SIG is enabled on this socket or we may run out of 931 * TCP option space. 932 */ 933 if (rcu_access_pointer(tcp_sk(ssock->sk)->md5sig_info)) 934 mptcp_subflow_ctx(ssock->sk)->request_mptcp = 0; 935 #endif 936 937 err = ssock->ops->connect(ssock, uaddr, addr_len, flags); 938 inet_sk_state_store(sock->sk, inet_sk_state_load(ssock->sk)); 939 mptcp_copy_inaddrs(sock->sk, ssock->sk); 940 941 unlock: 942 release_sock(sock->sk); 943 return err; 944 } 945 946 static int mptcp_v4_getname(struct socket *sock, struct sockaddr *uaddr, 947 int peer) 948 { 949 if (sock->sk->sk_prot == &tcp_prot) { 950 /* we are being invoked from __sys_accept4, after 951 * mptcp_accept() has just accepted a non-mp-capable 952 * flow: sk is a tcp_sk, not an mptcp one. 953 * 954 * Hand the socket over to tcp so all further socket ops 955 * bypass mptcp. 956 */ 957 sock->ops = &inet_stream_ops; 958 } 959 960 return inet_getname(sock, uaddr, peer); 961 } 962 963 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 964 static int mptcp_v6_getname(struct socket *sock, struct sockaddr *uaddr, 965 int peer) 966 { 967 if (sock->sk->sk_prot == &tcpv6_prot) { 968 /* we are being invoked from __sys_accept4 after 969 * mptcp_accept() has accepted a non-mp-capable 970 * subflow: sk is a tcp_sk, not mptcp. 971 * 972 * Hand the socket over to tcp so all further 973 * socket ops bypass mptcp. 974 */ 975 sock->ops = &inet6_stream_ops; 976 } 977 978 return inet6_getname(sock, uaddr, peer); 979 } 980 #endif 981 982 static int mptcp_listen(struct socket *sock, int backlog) 983 { 984 struct mptcp_sock *msk = mptcp_sk(sock->sk); 985 struct socket *ssock; 986 int err; 987 988 pr_debug("msk=%p", msk); 989 990 lock_sock(sock->sk); 991 ssock = __mptcp_socket_create(msk, TCP_LISTEN); 992 if (IS_ERR(ssock)) { 993 err = PTR_ERR(ssock); 994 goto unlock; 995 } 996 997 err = ssock->ops->listen(ssock, backlog); 998 inet_sk_state_store(sock->sk, inet_sk_state_load(ssock->sk)); 999 if (!err) 1000 mptcp_copy_inaddrs(sock->sk, ssock->sk); 1001 1002 unlock: 1003 release_sock(sock->sk); 1004 return err; 1005 } 1006 1007 static bool is_tcp_proto(const struct proto *p) 1008 { 1009 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 1010 return p == &tcp_prot || p == &tcpv6_prot; 1011 #else 1012 return p == &tcp_prot; 1013 #endif 1014 } 1015 1016 static int mptcp_stream_accept(struct socket *sock, struct socket *newsock, 1017 int flags, bool kern) 1018 { 1019 struct mptcp_sock *msk = mptcp_sk(sock->sk); 1020 struct socket *ssock; 1021 int err; 1022 1023 pr_debug("msk=%p", msk); 1024 1025 lock_sock(sock->sk); 1026 if (sock->sk->sk_state != TCP_LISTEN) 1027 goto unlock_fail; 1028 1029 ssock = __mptcp_nmpc_socket(msk); 1030 if (!ssock) 1031 goto unlock_fail; 1032 1033 sock_hold(ssock->sk); 1034 release_sock(sock->sk); 1035 1036 err = ssock->ops->accept(sock, newsock, flags, kern); 1037 if (err == 0 && !is_tcp_proto(newsock->sk->sk_prot)) { 1038 struct mptcp_sock *msk = mptcp_sk(newsock->sk); 1039 struct mptcp_subflow_context *subflow; 1040 1041 /* set ssk->sk_socket of accept()ed flows to mptcp socket. 1042 * This is needed so NOSPACE flag can be set from tcp stack. 1043 */ 1044 list_for_each_entry(subflow, &msk->conn_list, node) { 1045 struct sock *ssk = mptcp_subflow_tcp_sock(subflow); 1046 1047 if (!ssk->sk_socket) 1048 mptcp_sock_graft(ssk, newsock); 1049 } 1050 1051 inet_sk_state_store(newsock->sk, TCP_ESTABLISHED); 1052 } 1053 1054 sock_put(ssock->sk); 1055 return err; 1056 1057 unlock_fail: 1058 release_sock(sock->sk); 1059 return -EINVAL; 1060 } 1061 1062 static __poll_t mptcp_poll(struct file *file, struct socket *sock, 1063 struct poll_table_struct *wait) 1064 { 1065 struct sock *sk = sock->sk; 1066 struct mptcp_sock *msk; 1067 struct socket *ssock; 1068 __poll_t mask = 0; 1069 1070 msk = mptcp_sk(sk); 1071 lock_sock(sk); 1072 ssock = __mptcp_nmpc_socket(msk); 1073 if (ssock) { 1074 mask = ssock->ops->poll(file, ssock, wait); 1075 release_sock(sk); 1076 return mask; 1077 } 1078 1079 release_sock(sk); 1080 sock_poll_wait(file, sock, wait); 1081 lock_sock(sk); 1082 ssock = __mptcp_tcp_fallback(msk); 1083 if (unlikely(ssock)) 1084 return ssock->ops->poll(file, ssock, NULL); 1085 1086 if (test_bit(MPTCP_DATA_READY, &msk->flags)) 1087 mask = EPOLLIN | EPOLLRDNORM; 1088 if (sk_stream_is_writeable(sk) && 1089 test_bit(MPTCP_SEND_SPACE, &msk->flags)) 1090 mask |= EPOLLOUT | EPOLLWRNORM; 1091 if (sk->sk_shutdown & RCV_SHUTDOWN) 1092 mask |= EPOLLIN | EPOLLRDNORM | EPOLLRDHUP; 1093 1094 release_sock(sk); 1095 1096 return mask; 1097 } 1098 1099 static int mptcp_shutdown(struct socket *sock, int how) 1100 { 1101 struct mptcp_sock *msk = mptcp_sk(sock->sk); 1102 struct mptcp_subflow_context *subflow; 1103 int ret = 0; 1104 1105 pr_debug("sk=%p, how=%d", msk, how); 1106 1107 lock_sock(sock->sk); 1108 1109 if (how == SHUT_WR || how == SHUT_RDWR) 1110 inet_sk_state_store(sock->sk, TCP_FIN_WAIT1); 1111 1112 how++; 1113 1114 if ((how & ~SHUTDOWN_MASK) || !how) { 1115 ret = -EINVAL; 1116 goto out_unlock; 1117 } 1118 1119 if (sock->state == SS_CONNECTING) { 1120 if ((1 << sock->sk->sk_state) & 1121 (TCPF_SYN_SENT | TCPF_SYN_RECV | TCPF_CLOSE)) 1122 sock->state = SS_DISCONNECTING; 1123 else 1124 sock->state = SS_CONNECTED; 1125 } 1126 1127 mptcp_for_each_subflow(msk, subflow) { 1128 struct sock *tcp_sk = mptcp_subflow_tcp_sock(subflow); 1129 1130 mptcp_subflow_shutdown(tcp_sk, how); 1131 } 1132 1133 out_unlock: 1134 release_sock(sock->sk); 1135 1136 return ret; 1137 } 1138 1139 static const struct proto_ops mptcp_stream_ops = { 1140 .family = PF_INET, 1141 .owner = THIS_MODULE, 1142 .release = inet_release, 1143 .bind = mptcp_bind, 1144 .connect = mptcp_stream_connect, 1145 .socketpair = sock_no_socketpair, 1146 .accept = mptcp_stream_accept, 1147 .getname = mptcp_v4_getname, 1148 .poll = mptcp_poll, 1149 .ioctl = inet_ioctl, 1150 .gettstamp = sock_gettstamp, 1151 .listen = mptcp_listen, 1152 .shutdown = mptcp_shutdown, 1153 .setsockopt = sock_common_setsockopt, 1154 .getsockopt = sock_common_getsockopt, 1155 .sendmsg = inet_sendmsg, 1156 .recvmsg = inet_recvmsg, 1157 .mmap = sock_no_mmap, 1158 .sendpage = inet_sendpage, 1159 #ifdef CONFIG_COMPAT 1160 .compat_setsockopt = compat_sock_common_setsockopt, 1161 .compat_getsockopt = compat_sock_common_getsockopt, 1162 #endif 1163 }; 1164 1165 static struct inet_protosw mptcp_protosw = { 1166 .type = SOCK_STREAM, 1167 .protocol = IPPROTO_MPTCP, 1168 .prot = &mptcp_prot, 1169 .ops = &mptcp_stream_ops, 1170 .flags = INET_PROTOSW_ICSK, 1171 }; 1172 1173 void mptcp_proto_init(void) 1174 { 1175 mptcp_prot.h.hashinfo = tcp_prot.h.hashinfo; 1176 1177 mptcp_subflow_init(); 1178 1179 if (proto_register(&mptcp_prot, 1) != 0) 1180 panic("Failed to register MPTCP proto.\n"); 1181 1182 inet_register_protosw(&mptcp_protosw); 1183 } 1184 1185 #if IS_ENABLED(CONFIG_MPTCP_IPV6) 1186 static const struct proto_ops mptcp_v6_stream_ops = { 1187 .family = PF_INET6, 1188 .owner = THIS_MODULE, 1189 .release = inet6_release, 1190 .bind = mptcp_bind, 1191 .connect = mptcp_stream_connect, 1192 .socketpair = sock_no_socketpair, 1193 .accept = mptcp_stream_accept, 1194 .getname = mptcp_v6_getname, 1195 .poll = mptcp_poll, 1196 .ioctl = inet6_ioctl, 1197 .gettstamp = sock_gettstamp, 1198 .listen = mptcp_listen, 1199 .shutdown = mptcp_shutdown, 1200 .setsockopt = sock_common_setsockopt, 1201 .getsockopt = sock_common_getsockopt, 1202 .sendmsg = inet6_sendmsg, 1203 .recvmsg = inet6_recvmsg, 1204 .mmap = sock_no_mmap, 1205 .sendpage = inet_sendpage, 1206 #ifdef CONFIG_COMPAT 1207 .compat_setsockopt = compat_sock_common_setsockopt, 1208 .compat_getsockopt = compat_sock_common_getsockopt, 1209 #endif 1210 }; 1211 1212 static struct proto mptcp_v6_prot; 1213 1214 static void mptcp_v6_destroy(struct sock *sk) 1215 { 1216 mptcp_destroy(sk); 1217 inet6_destroy_sock(sk); 1218 } 1219 1220 static struct inet_protosw mptcp_v6_protosw = { 1221 .type = SOCK_STREAM, 1222 .protocol = IPPROTO_MPTCP, 1223 .prot = &mptcp_v6_prot, 1224 .ops = &mptcp_v6_stream_ops, 1225 .flags = INET_PROTOSW_ICSK, 1226 }; 1227 1228 int mptcp_proto_v6_init(void) 1229 { 1230 int err; 1231 1232 mptcp_v6_prot = mptcp_prot; 1233 strcpy(mptcp_v6_prot.name, "MPTCPv6"); 1234 mptcp_v6_prot.slab = NULL; 1235 mptcp_v6_prot.destroy = mptcp_v6_destroy; 1236 mptcp_v6_prot.obj_size = sizeof(struct mptcp6_sock); 1237 1238 err = proto_register(&mptcp_v6_prot, 1); 1239 if (err) 1240 return err; 1241 1242 err = inet6_register_protosw(&mptcp_v6_protosw); 1243 if (err) 1244 proto_unregister(&mptcp_v6_prot); 1245 1246 return err; 1247 } 1248 #endif 1249