xref: /openbmc/linux/net/rxrpc/recvmsg.c (revision 805b21b9) 
1 /* RxRPC recvmsg() implementation
2  *
3  * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
4  * Written by David Howells (dhowells@redhat.com)
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version
9  * 2 of the License, or (at your option) any later version.
10  */
11 
12 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
13 
14 #include <linux/net.h>
15 #include <linux/skbuff.h>
16 #include <linux/export.h>
17 #include <net/sock.h>
18 #include <net/af_rxrpc.h>
19 #include "ar-internal.h"
20 
21 /*
22  * Post a call for attention by the socket or kernel service.  Further
23  * notifications are suppressed by putting recvmsg_link on a dummy queue.
24  */
25 void rxrpc_notify_socket(struct rxrpc_call *call)
26 {
27 	struct rxrpc_sock *rx;
28 	struct sock *sk;
29 
30 	_enter("%d", call->debug_id);
31 
32 	if (!list_empty(&call->recvmsg_link))
33 		return;
34 
35 	rcu_read_lock();
36 
37 	rx = rcu_dereference(call->socket);
38 	sk = &rx->sk;
39 	if (rx && sk->sk_state < RXRPC_CLOSE) {
40 		if (call->notify_rx) {
41 			call->notify_rx(sk, call, call->user_call_ID);
42 		} else {
43 			write_lock_bh(&rx->recvmsg_lock);
44 			if (list_empty(&call->recvmsg_link)) {
45 				rxrpc_get_call(call, rxrpc_call_got);
46 				list_add_tail(&call->recvmsg_link, &rx->recvmsg_q);
47 			}
48 			write_unlock_bh(&rx->recvmsg_lock);
49 
50 			if (!sock_flag(sk, SOCK_DEAD)) {
51 				_debug("call %ps", sk->sk_data_ready);
52 				sk->sk_data_ready(sk);
53 			}
54 		}
55 	}
56 
57 	rcu_read_unlock();
58 	_leave("");
59 }
60 
61 /*
62  * Pass a call terminating message to userspace.
63  */
64 static int rxrpc_recvmsg_term(struct rxrpc_call *call, struct msghdr *msg)
65 {
66 	u32 tmp = 0;
67 	int ret;
68 
69 	switch (call->completion) {
70 	case RXRPC_CALL_SUCCEEDED:
71 		ret = 0;
72 		if (rxrpc_is_service_call(call))
73 			ret = put_cmsg(msg, SOL_RXRPC, RXRPC_ACK, 0, &tmp);
74 		break;
75 	case RXRPC_CALL_REMOTELY_ABORTED:
76 		tmp = call->abort_code;
77 		ret = put_cmsg(msg, SOL_RXRPC, RXRPC_ABORT, 4, &tmp);
78 		break;
79 	case RXRPC_CALL_LOCALLY_ABORTED:
80 		tmp = call->abort_code;
81 		ret = put_cmsg(msg, SOL_RXRPC, RXRPC_ABORT, 4, &tmp);
82 		break;
83 	case RXRPC_CALL_NETWORK_ERROR:
84 		tmp = call->error;
85 		ret = put_cmsg(msg, SOL_RXRPC, RXRPC_NET_ERROR, 4, &tmp);
86 		break;
87 	case RXRPC_CALL_LOCAL_ERROR:
88 		tmp = call->error;
89 		ret = put_cmsg(msg, SOL_RXRPC, RXRPC_LOCAL_ERROR, 4, &tmp);
90 		break;
91 	default:
92 		pr_err("Invalid terminal call state %u\n", call->state);
93 		BUG();
94 		break;
95 	}
96 
97 	trace_rxrpc_recvmsg(call, rxrpc_recvmsg_terminal, call->rx_hard_ack,
98 			    call->rx_pkt_offset, call->rx_pkt_len, ret);
99 	return ret;
100 }
101 
102 /*
103  * Pass back notification of a new call.  The call is added to the
104  * to-be-accepted list.  This means that the next call to be accepted might not
105  * be the last call seen awaiting acceptance, but unless we leave this on the
106  * front of the queue and block all other messages until someone gives us a
107  * user_ID for it, there's not a lot we can do.
108  */
109 static int rxrpc_recvmsg_new_call(struct rxrpc_sock *rx,
110 				  struct rxrpc_call *call,
111 				  struct msghdr *msg, int flags)
112 {
113 	int tmp = 0, ret;
114 
115 	ret = put_cmsg(msg, SOL_RXRPC, RXRPC_NEW_CALL, 0, &tmp);
116 
117 	if (ret == 0 && !(flags & MSG_PEEK)) {
118 		_debug("to be accepted");
119 		write_lock_bh(&rx->recvmsg_lock);
120 		list_del_init(&call->recvmsg_link);
121 		write_unlock_bh(&rx->recvmsg_lock);
122 
123 		rxrpc_get_call(call, rxrpc_call_got);
124 		write_lock(&rx->call_lock);
125 		list_add_tail(&call->accept_link, &rx->to_be_accepted);
126 		write_unlock(&rx->call_lock);
127 	}
128 
129 	trace_rxrpc_recvmsg(call, rxrpc_recvmsg_to_be_accepted, 1, 0, 0, ret);
130 	return ret;
131 }
132 
133 /*
134  * End the packet reception phase.
135  */
136 static void rxrpc_end_rx_phase(struct rxrpc_call *call)
137 {
138 	_enter("%d,%s", call->debug_id, rxrpc_call_states[call->state]);
139 
140 	trace_rxrpc_receive(call, rxrpc_receive_end, 0, call->rx_top);
141 	ASSERTCMP(call->rx_hard_ack, ==, call->rx_top);
142 
143 	if (call->state == RXRPC_CALL_CLIENT_RECV_REPLY) {
144 		rxrpc_propose_ACK(call, RXRPC_ACK_IDLE, 0, 0, true, false,
145 				  rxrpc_propose_ack_terminal_ack);
146 		rxrpc_send_call_packet(call, RXRPC_PACKET_TYPE_ACK);
147 	}
148 
149 	write_lock_bh(&call->state_lock);
150 
151 	switch (call->state) {
152 	case RXRPC_CALL_CLIENT_RECV_REPLY:
153 		__rxrpc_call_completed(call);
154 		break;
155 
156 	case RXRPC_CALL_SERVER_RECV_REQUEST:
157 		call->tx_phase = true;
158 		call->state = RXRPC_CALL_SERVER_ACK_REQUEST;
159 		break;
160 	default:
161 		break;
162 	}
163 
164 	write_unlock_bh(&call->state_lock);
165 }
166 
167 /*
168  * Discard a packet we've used up and advance the Rx window by one.
169  */
170 static void rxrpc_rotate_rx_window(struct rxrpc_call *call)
171 {
172 	struct rxrpc_skb_priv *sp;
173 	struct sk_buff *skb;
174 	rxrpc_serial_t serial;
175 	rxrpc_seq_t hard_ack, top;
176 	u8 flags;
177 	int ix;
178 
179 	_enter("%d", call->debug_id);
180 
181 	hard_ack = call->rx_hard_ack;
182 	top = smp_load_acquire(&call->rx_top);
183 	ASSERT(before(hard_ack, top));
184 
185 	hard_ack++;
186 	ix = hard_ack & RXRPC_RXTX_BUFF_MASK;
187 	skb = call->rxtx_buffer[ix];
188 	rxrpc_see_skb(skb, rxrpc_skb_rx_rotated);
189 	sp = rxrpc_skb(skb);
190 	flags = sp->hdr.flags;
191 	serial = sp->hdr.serial;
192 	if (call->rxtx_annotations[ix] & RXRPC_RX_ANNO_JUMBO)
193 		serial += (call->rxtx_annotations[ix] & RXRPC_RX_ANNO_JUMBO) - 1;
194 
195 	call->rxtx_buffer[ix] = NULL;
196 	call->rxtx_annotations[ix] = 0;
197 	/* Barrier against rxrpc_input_data(). */
198 	smp_store_release(&call->rx_hard_ack, hard_ack);
199 
200 	rxrpc_free_skb(skb, rxrpc_skb_rx_freed);
201 
202 	_debug("%u,%u,%02x", hard_ack, top, flags);
203 	trace_rxrpc_receive(call, rxrpc_receive_rotate, serial, hard_ack);
204 	if (flags & RXRPC_LAST_PACKET) {
205 		rxrpc_end_rx_phase(call);
206 	} else {
207 		/* Check to see if there's an ACK that needs sending. */
208 		if (after_eq(hard_ack, call->ackr_consumed + 2) ||
209 		    after_eq(top, call->ackr_seen + 2) ||
210 		    (hard_ack == top && after(hard_ack, call->ackr_consumed)))
211 			rxrpc_propose_ACK(call, RXRPC_ACK_DELAY, 0, serial,
212 					  true, false,
213 					  rxrpc_propose_ack_rotate_rx);
214 		if (call->ackr_reason)
215 			rxrpc_send_call_packet(call, RXRPC_PACKET_TYPE_ACK);
216 	}
217 }
218 
219 /*
220  * Decrypt and verify a (sub)packet.  The packet's length may be changed due to
221  * padding, but if this is the case, the packet length will be resident in the
222  * socket buffer.  Note that we can't modify the master skb info as the skb may
223  * be the home to multiple subpackets.
224  */
225 static int rxrpc_verify_packet(struct rxrpc_call *call, struct sk_buff *skb,
226 			       u8 annotation,
227 			       unsigned int offset, unsigned int len)
228 {
229 	struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
230 	rxrpc_seq_t seq = sp->hdr.seq;
231 	u16 cksum = sp->hdr.cksum;
232 
233 	_enter("");
234 
235 	/* For all but the head jumbo subpacket, the security checksum is in a
236 	 * jumbo header immediately prior to the data.
237 	 */
238 	if ((annotation & RXRPC_RX_ANNO_JUMBO) > 1) {
239 		__be16 tmp;
240 		if (skb_copy_bits(skb, offset - 2, &tmp, 2) < 0)
241 			BUG();
242 		cksum = ntohs(tmp);
243 		seq += (annotation & RXRPC_RX_ANNO_JUMBO) - 1;
244 	}
245 
246 	return call->conn->security->verify_packet(call, skb, offset, len,
247 						   seq, cksum);
248 }
249 
250 /*
251  * Locate the data within a packet.  This is complicated by:
252  *
253  * (1) An skb may contain a jumbo packet - so we have to find the appropriate
254  *     subpacket.
255  *
256  * (2) The (sub)packets may be encrypted and, if so, the encrypted portion
257  *     contains an extra header which includes the true length of the data,
258  *     excluding any encrypted padding.
259  */
260 static int rxrpc_locate_data(struct rxrpc_call *call, struct sk_buff *skb,
261 			     u8 *_annotation,
262 			     unsigned int *_offset, unsigned int *_len)
263 {
264 	struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
265 	unsigned int offset = *_offset;
266 	unsigned int len = *_len;
267 	int ret;
268 	u8 annotation = *_annotation;
269 
270 	/* Locate the subpacket */
271 	offset = sp->offset;
272 	len = skb->len - sp->offset;
273 	if ((annotation & RXRPC_RX_ANNO_JUMBO) > 0) {
274 		offset += (((annotation & RXRPC_RX_ANNO_JUMBO) - 1) *
275 			   RXRPC_JUMBO_SUBPKTLEN);
276 		len = (annotation & RXRPC_RX_ANNO_JLAST) ?
277 			skb->len - offset : RXRPC_JUMBO_SUBPKTLEN;
278 	}
279 
280 	if (!(annotation & RXRPC_RX_ANNO_VERIFIED)) {
281 		ret = rxrpc_verify_packet(call, skb, annotation, offset, len);
282 		if (ret < 0)
283 			return ret;
284 		*_annotation |= RXRPC_RX_ANNO_VERIFIED;
285 	}
286 
287 	*_offset = offset;
288 	*_len = len;
289 	call->conn->security->locate_data(call, skb, _offset, _len);
290 	return 0;
291 }
292 
293 /*
294  * Deliver messages to a call.  This keeps processing packets until the buffer
295  * is filled and we find either more DATA (returns 0) or the end of the DATA
296  * (returns 1).  If more packets are required, it returns -EAGAIN.
297  */
298 static int rxrpc_recvmsg_data(struct socket *sock, struct rxrpc_call *call,
299 			      struct msghdr *msg, struct iov_iter *iter,
300 			      size_t len, int flags, size_t *_offset)
301 {
302 	struct rxrpc_skb_priv *sp;
303 	struct sk_buff *skb;
304 	rxrpc_seq_t hard_ack, top, seq;
305 	size_t remain;
306 	bool last;
307 	unsigned int rx_pkt_offset, rx_pkt_len;
308 	int ix, copy, ret = -EAGAIN, ret2;
309 
310 	rx_pkt_offset = call->rx_pkt_offset;
311 	rx_pkt_len = call->rx_pkt_len;
312 
313 	if (call->state >= RXRPC_CALL_SERVER_ACK_REQUEST) {
314 		seq = call->rx_hard_ack;
315 		ret = 1;
316 		goto done;
317 	}
318 
319 	/* Barriers against rxrpc_input_data(). */
320 	hard_ack = call->rx_hard_ack;
321 	top = smp_load_acquire(&call->rx_top);
322 	for (seq = hard_ack + 1; before_eq(seq, top); seq++) {
323 		ix = seq & RXRPC_RXTX_BUFF_MASK;
324 		skb = call->rxtx_buffer[ix];
325 		if (!skb) {
326 			trace_rxrpc_recvmsg(call, rxrpc_recvmsg_hole, seq,
327 					    rx_pkt_offset, rx_pkt_len, 0);
328 			break;
329 		}
330 		smp_rmb();
331 		rxrpc_see_skb(skb, rxrpc_skb_rx_seen);
332 		sp = rxrpc_skb(skb);
333 
334 		if (!(flags & MSG_PEEK))
335 			trace_rxrpc_receive(call, rxrpc_receive_front,
336 					    sp->hdr.serial, seq);
337 
338 		if (msg)
339 			sock_recv_timestamp(msg, sock->sk, skb);
340 
341 		if (rx_pkt_offset == 0) {
342 			ret2 = rxrpc_locate_data(call, skb,
343 						 &call->rxtx_annotations[ix],
344 						 &rx_pkt_offset, &rx_pkt_len);
345 			trace_rxrpc_recvmsg(call, rxrpc_recvmsg_next, seq,
346 					    rx_pkt_offset, rx_pkt_len, ret2);
347 			if (ret2 < 0) {
348 				ret = ret2;
349 				goto out;
350 			}
351 		} else {
352 			trace_rxrpc_recvmsg(call, rxrpc_recvmsg_cont, seq,
353 					    rx_pkt_offset, rx_pkt_len, 0);
354 		}
355 
356 		/* We have to handle short, empty and used-up DATA packets. */
357 		remain = len - *_offset;
358 		copy = rx_pkt_len;
359 		if (copy > remain)
360 			copy = remain;
361 		if (copy > 0) {
362 			ret2 = skb_copy_datagram_iter(skb, rx_pkt_offset, iter,
363 						      copy);
364 			if (ret2 < 0) {
365 				ret = ret2;
366 				goto out;
367 			}
368 
369 			/* handle piecemeal consumption of data packets */
370 			rx_pkt_offset += copy;
371 			rx_pkt_len -= copy;
372 			*_offset += copy;
373 		}
374 
375 		if (rx_pkt_len > 0) {
376 			trace_rxrpc_recvmsg(call, rxrpc_recvmsg_full, seq,
377 					    rx_pkt_offset, rx_pkt_len, 0);
378 			ASSERTCMP(*_offset, ==, len);
379 			ret = 0;
380 			break;
381 		}
382 
383 		/* The whole packet has been transferred. */
384 		last = sp->hdr.flags & RXRPC_LAST_PACKET;
385 		if (!(flags & MSG_PEEK))
386 			rxrpc_rotate_rx_window(call);
387 		rx_pkt_offset = 0;
388 		rx_pkt_len = 0;
389 
390 		if (last) {
391 			ASSERTCMP(seq, ==, READ_ONCE(call->rx_top));
392 			ret = 1;
393 			goto out;
394 		}
395 	}
396 
397 out:
398 	if (!(flags & MSG_PEEK)) {
399 		call->rx_pkt_offset = rx_pkt_offset;
400 		call->rx_pkt_len = rx_pkt_len;
401 	}
402 done:
403 	trace_rxrpc_recvmsg(call, rxrpc_recvmsg_data_return, seq,
404 			    rx_pkt_offset, rx_pkt_len, ret);
405 	return ret;
406 }
407 
408 /*
409  * Receive a message from an RxRPC socket
410  * - we need to be careful about two or more threads calling recvmsg
411  *   simultaneously
412  */
413 int rxrpc_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
414 		  int flags)
415 {
416 	struct rxrpc_call *call;
417 	struct rxrpc_sock *rx = rxrpc_sk(sock->sk);
418 	struct list_head *l;
419 	size_t copied = 0;
420 	long timeo;
421 	int ret;
422 
423 	DEFINE_WAIT(wait);
424 
425 	trace_rxrpc_recvmsg(NULL, rxrpc_recvmsg_enter, 0, 0, 0, 0);
426 
427 	if (flags & (MSG_OOB | MSG_TRUNC))
428 		return -EOPNOTSUPP;
429 
430 	timeo = sock_rcvtimeo(&rx->sk, flags & MSG_DONTWAIT);
431 
432 try_again:
433 	lock_sock(&rx->sk);
434 
435 	/* Return immediately if a client socket has no outstanding calls */
436 	if (RB_EMPTY_ROOT(&rx->calls) &&
437 	    list_empty(&rx->recvmsg_q) &&
438 	    rx->sk.sk_state != RXRPC_SERVER_LISTENING) {
439 		release_sock(&rx->sk);
440 		return -ENODATA;
441 	}
442 
443 	if (list_empty(&rx->recvmsg_q)) {
444 		ret = -EWOULDBLOCK;
445 		if (timeo == 0) {
446 			call = NULL;
447 			goto error_no_call;
448 		}
449 
450 		release_sock(&rx->sk);
451 
452 		/* Wait for something to happen */
453 		prepare_to_wait_exclusive(sk_sleep(&rx->sk), &wait,
454 					  TASK_INTERRUPTIBLE);
455 		ret = sock_error(&rx->sk);
456 		if (ret)
457 			goto wait_error;
458 
459 		if (list_empty(&rx->recvmsg_q)) {
460 			if (signal_pending(current))
461 				goto wait_interrupted;
462 			trace_rxrpc_recvmsg(NULL, rxrpc_recvmsg_wait,
463 					    0, 0, 0, 0);
464 			timeo = schedule_timeout(timeo);
465 		}
466 		finish_wait(sk_sleep(&rx->sk), &wait);
467 		goto try_again;
468 	}
469 
470 	/* Find the next call and dequeue it if we're not just peeking.  If we
471 	 * do dequeue it, that comes with a ref that we will need to release.
472 	 */
473 	write_lock_bh(&rx->recvmsg_lock);
474 	l = rx->recvmsg_q.next;
475 	call = list_entry(l, struct rxrpc_call, recvmsg_link);
476 	if (!(flags & MSG_PEEK))
477 		list_del_init(&call->recvmsg_link);
478 	else
479 		rxrpc_get_call(call, rxrpc_call_got);
480 	write_unlock_bh(&rx->recvmsg_lock);
481 
482 	trace_rxrpc_recvmsg(call, rxrpc_recvmsg_dequeue, 0, 0, 0, 0);
483 
484 	if (test_bit(RXRPC_CALL_RELEASED, &call->flags))
485 		BUG();
486 
487 	if (test_bit(RXRPC_CALL_HAS_USERID, &call->flags)) {
488 		if (flags & MSG_CMSG_COMPAT) {
489 			unsigned int id32 = call->user_call_ID;
490 
491 			ret = put_cmsg(msg, SOL_RXRPC, RXRPC_USER_CALL_ID,
492 				       sizeof(unsigned int), &id32);
493 		} else {
494 			ret = put_cmsg(msg, SOL_RXRPC, RXRPC_USER_CALL_ID,
495 				       sizeof(unsigned long),
496 				       &call->user_call_ID);
497 		}
498 		if (ret < 0)
499 			goto error;
500 	}
501 
502 	if (msg->msg_name) {
503 		size_t len = sizeof(call->conn->params.peer->srx);
504 		memcpy(msg->msg_name, &call->conn->params.peer->srx, len);
505 		msg->msg_namelen = len;
506 	}
507 
508 	switch (call->state) {
509 	case RXRPC_CALL_SERVER_ACCEPTING:
510 		ret = rxrpc_recvmsg_new_call(rx, call, msg, flags);
511 		break;
512 	case RXRPC_CALL_CLIENT_RECV_REPLY:
513 	case RXRPC_CALL_SERVER_RECV_REQUEST:
514 	case RXRPC_CALL_SERVER_ACK_REQUEST:
515 		ret = rxrpc_recvmsg_data(sock, call, msg, &msg->msg_iter, len,
516 					 flags, &copied);
517 		if (ret == -EAGAIN)
518 			ret = 0;
519 
520 		if (after(call->rx_top, call->rx_hard_ack) &&
521 		    call->rxtx_buffer[(call->rx_hard_ack + 1) & RXRPC_RXTX_BUFF_MASK])
522 			rxrpc_notify_socket(call);
523 		break;
524 	default:
525 		ret = 0;
526 		break;
527 	}
528 
529 	if (ret < 0)
530 		goto error;
531 
532 	if (call->state == RXRPC_CALL_COMPLETE) {
533 		ret = rxrpc_recvmsg_term(call, msg);
534 		if (ret < 0)
535 			goto error;
536 		if (!(flags & MSG_PEEK))
537 			rxrpc_release_call(rx, call);
538 		msg->msg_flags |= MSG_EOR;
539 		ret = 1;
540 	}
541 
542 	if (ret == 0)
543 		msg->msg_flags |= MSG_MORE;
544 	else
545 		msg->msg_flags &= ~MSG_MORE;
546 	ret = copied;
547 
548 error:
549 	rxrpc_put_call(call, rxrpc_call_put);
550 error_no_call:
551 	release_sock(&rx->sk);
552 	trace_rxrpc_recvmsg(call, rxrpc_recvmsg_return, 0, 0, 0, ret);
553 	return ret;
554 
555 wait_interrupted:
556 	ret = sock_intr_errno(timeo);
557 wait_error:
558 	finish_wait(sk_sleep(&rx->sk), &wait);
559 	call = NULL;
560 	goto error_no_call;
561 }
562 
563 /**
564  * rxrpc_kernel_recv_data - Allow a kernel service to receive data/info
565  * @sock: The socket that the call exists on
566  * @call: The call to send data through
567  * @buf: The buffer to receive into
568  * @size: The size of the buffer, including data already read
569  * @_offset: The running offset into the buffer.
570  * @want_more: True if more data is expected to be read
571  * @_abort: Where the abort code is stored if -ECONNABORTED is returned
572  *
573  * Allow a kernel service to receive data and pick up information about the
574  * state of a call.  Returns 0 if got what was asked for and there's more
575  * available, 1 if we got what was asked for and we're at the end of the data
576  * and -EAGAIN if we need more data.
577  *
578  * Note that we may return -EAGAIN to drain empty packets at the end of the
579  * data, even if we've already copied over the requested data.
580  *
581  * This function adds the amount it transfers to *_offset, so this should be
582  * precleared as appropriate.  Note that the amount remaining in the buffer is
583  * taken to be size - *_offset.
584  *
585  * *_abort should also be initialised to 0.
586  */
587 int rxrpc_kernel_recv_data(struct socket *sock, struct rxrpc_call *call,
588 			   void *buf, size_t size, size_t *_offset,
589 			   bool want_more, u32 *_abort)
590 {
591 	struct iov_iter iter;
592 	struct kvec iov;
593 	int ret;
594 
595 	_enter("{%d,%s},%zu/%zu,%d",
596 	       call->debug_id, rxrpc_call_states[call->state],
597 	       *_offset, size, want_more);
598 
599 	ASSERTCMP(*_offset, <=, size);
600 	ASSERTCMP(call->state, !=, RXRPC_CALL_SERVER_ACCEPTING);
601 
602 	iov.iov_base = buf + *_offset;
603 	iov.iov_len = size - *_offset;
604 	iov_iter_kvec(&iter, ITER_KVEC | READ, &iov, 1, size - *_offset);
605 
606 	lock_sock(sock->sk);
607 
608 	switch (call->state) {
609 	case RXRPC_CALL_CLIENT_RECV_REPLY:
610 	case RXRPC_CALL_SERVER_RECV_REQUEST:
611 	case RXRPC_CALL_SERVER_ACK_REQUEST:
612 		ret = rxrpc_recvmsg_data(sock, call, NULL, &iter, size, 0,
613 					 _offset);
614 		if (ret < 0)
615 			goto out;
616 
617 		/* We can only reach here with a partially full buffer if we
618 		 * have reached the end of the data.  We must otherwise have a
619 		 * full buffer or have been given -EAGAIN.
620 		 */
621 		if (ret == 1) {
622 			if (*_offset < size)
623 				goto short_data;
624 			if (!want_more)
625 				goto read_phase_complete;
626 			ret = 0;
627 			goto out;
628 		}
629 
630 		if (!want_more)
631 			goto excess_data;
632 		goto out;
633 
634 	case RXRPC_CALL_COMPLETE:
635 		goto call_complete;
636 
637 	default:
638 		ret = -EINPROGRESS;
639 		goto out;
640 	}
641 
642 read_phase_complete:
643 	ret = 1;
644 out:
645 	release_sock(sock->sk);
646 	_leave(" = %d [%zu,%d]", ret, *_offset, *_abort);
647 	return ret;
648 
649 short_data:
650 	ret = -EBADMSG;
651 	goto out;
652 excess_data:
653 	ret = -EMSGSIZE;
654 	goto out;
655 call_complete:
656 	*_abort = call->abort_code;
657 	ret = call->error;
658 	if (call->completion == RXRPC_CALL_SUCCEEDED) {
659 		ret = 1;
660 		if (size > 0)
661 			ret = -ECONNRESET;
662 	}
663 	goto out;
664 }
665 EXPORT_SYMBOL(rxrpc_kernel_recv_data);
666