xref: /openbmc/linux/net/rxrpc/recvmsg.c (revision cf69207a) 
1 /* RxRPC recvmsg() implementation
2  *
3  * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
4  * Written by David Howells (dhowells@redhat.com)
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version
9  * 2 of the License, or (at your option) any later version.
10  */
11 
12 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
13 
14 #include <linux/net.h>
15 #include <linux/skbuff.h>
16 #include <linux/export.h>
17 #include <net/sock.h>
18 #include <net/af_rxrpc.h>
19 #include "ar-internal.h"
20 
21 /*
22  * Post a call for attention by the socket or kernel service.  Further
23  * notifications are suppressed by putting recvmsg_link on a dummy queue.
24  */
25 void rxrpc_notify_socket(struct rxrpc_call *call)
26 {
27 	struct rxrpc_sock *rx;
28 	struct sock *sk;
29 
30 	_enter("%d", call->debug_id);
31 
32 	if (!list_empty(&call->recvmsg_link))
33 		return;
34 
35 	rcu_read_lock();
36 
37 	rx = rcu_dereference(call->socket);
38 	sk = &rx->sk;
39 	if (rx && sk->sk_state < RXRPC_CLOSE) {
40 		if (call->notify_rx) {
41 			call->notify_rx(sk, call, call->user_call_ID);
42 		} else {
43 			write_lock_bh(&rx->recvmsg_lock);
44 			if (list_empty(&call->recvmsg_link)) {
45 				rxrpc_get_call(call, rxrpc_call_got);
46 				list_add_tail(&call->recvmsg_link, &rx->recvmsg_q);
47 			}
48 			write_unlock_bh(&rx->recvmsg_lock);
49 
50 			if (!sock_flag(sk, SOCK_DEAD)) {
51 				_debug("call %ps", sk->sk_data_ready);
52 				sk->sk_data_ready(sk);
53 			}
54 		}
55 	}
56 
57 	rcu_read_unlock();
58 	_leave("");
59 }
60 
61 /*
62  * Pass a call terminating message to userspace.
63  */
64 static int rxrpc_recvmsg_term(struct rxrpc_call *call, struct msghdr *msg)
65 {
66 	u32 tmp = 0;
67 	int ret;
68 
69 	switch (call->completion) {
70 	case RXRPC_CALL_SUCCEEDED:
71 		ret = 0;
72 		if (rxrpc_is_service_call(call))
73 			ret = put_cmsg(msg, SOL_RXRPC, RXRPC_ACK, 0, &tmp);
74 		break;
75 	case RXRPC_CALL_REMOTELY_ABORTED:
76 		tmp = call->abort_code;
77 		ret = put_cmsg(msg, SOL_RXRPC, RXRPC_ABORT, 4, &tmp);
78 		break;
79 	case RXRPC_CALL_LOCALLY_ABORTED:
80 		tmp = call->abort_code;
81 		ret = put_cmsg(msg, SOL_RXRPC, RXRPC_ABORT, 4, &tmp);
82 		break;
83 	case RXRPC_CALL_NETWORK_ERROR:
84 		tmp = call->error;
85 		ret = put_cmsg(msg, SOL_RXRPC, RXRPC_NET_ERROR, 4, &tmp);
86 		break;
87 	case RXRPC_CALL_LOCAL_ERROR:
88 		tmp = call->error;
89 		ret = put_cmsg(msg, SOL_RXRPC, RXRPC_LOCAL_ERROR, 4, &tmp);
90 		break;
91 	default:
92 		pr_err("Invalid terminal call state %u\n", call->state);
93 		BUG();
94 		break;
95 	}
96 
97 	trace_rxrpc_recvmsg(call, rxrpc_recvmsg_terminal, call->rx_hard_ack,
98 			    call->rx_pkt_offset, call->rx_pkt_len, ret);
99 	return ret;
100 }
101 
102 /*
103  * Pass back notification of a new call.  The call is added to the
104  * to-be-accepted list.  This means that the next call to be accepted might not
105  * be the last call seen awaiting acceptance, but unless we leave this on the
106  * front of the queue and block all other messages until someone gives us a
107  * user_ID for it, there's not a lot we can do.
108  */
109 static int rxrpc_recvmsg_new_call(struct rxrpc_sock *rx,
110 				  struct rxrpc_call *call,
111 				  struct msghdr *msg, int flags)
112 {
113 	int tmp = 0, ret;
114 
115 	ret = put_cmsg(msg, SOL_RXRPC, RXRPC_NEW_CALL, 0, &tmp);
116 
117 	if (ret == 0 && !(flags & MSG_PEEK)) {
118 		_debug("to be accepted");
119 		write_lock_bh(&rx->recvmsg_lock);
120 		list_del_init(&call->recvmsg_link);
121 		write_unlock_bh(&rx->recvmsg_lock);
122 
123 		rxrpc_get_call(call, rxrpc_call_got);
124 		write_lock(&rx->call_lock);
125 		list_add_tail(&call->accept_link, &rx->to_be_accepted);
126 		write_unlock(&rx->call_lock);
127 	}
128 
129 	trace_rxrpc_recvmsg(call, rxrpc_recvmsg_to_be_accepted, 1, 0, 0, ret);
130 	return ret;
131 }
132 
133 /*
134  * End the packet reception phase.
135  */
136 static void rxrpc_end_rx_phase(struct rxrpc_call *call, rxrpc_serial_t serial)
137 {
138 	_enter("%d,%s", call->debug_id, rxrpc_call_states[call->state]);
139 
140 	trace_rxrpc_receive(call, rxrpc_receive_end, 0, call->rx_top);
141 	ASSERTCMP(call->rx_hard_ack, ==, call->rx_top);
142 
143 	if (call->state == RXRPC_CALL_CLIENT_RECV_REPLY) {
144 		rxrpc_propose_ACK(call, RXRPC_ACK_IDLE, 0, serial, true, false,
145 				  rxrpc_propose_ack_terminal_ack);
146 		rxrpc_send_ack_packet(call, false);
147 	}
148 
149 	write_lock_bh(&call->state_lock);
150 
151 	switch (call->state) {
152 	case RXRPC_CALL_CLIENT_RECV_REPLY:
153 		__rxrpc_call_completed(call);
154 		break;
155 
156 	case RXRPC_CALL_SERVER_RECV_REQUEST:
157 		call->tx_phase = true;
158 		call->state = RXRPC_CALL_SERVER_ACK_REQUEST;
159 		break;
160 	default:
161 		break;
162 	}
163 
164 	write_unlock_bh(&call->state_lock);
165 }
166 
167 /*
168  * Discard a packet we've used up and advance the Rx window by one.
169  */
170 static void rxrpc_rotate_rx_window(struct rxrpc_call *call)
171 {
172 	struct rxrpc_skb_priv *sp;
173 	struct sk_buff *skb;
174 	rxrpc_serial_t serial;
175 	rxrpc_seq_t hard_ack, top;
176 	u8 flags;
177 	int ix;
178 
179 	_enter("%d", call->debug_id);
180 
181 	hard_ack = call->rx_hard_ack;
182 	top = smp_load_acquire(&call->rx_top);
183 	ASSERT(before(hard_ack, top));
184 
185 	hard_ack++;
186 	ix = hard_ack & RXRPC_RXTX_BUFF_MASK;
187 	skb = call->rxtx_buffer[ix];
188 	rxrpc_see_skb(skb, rxrpc_skb_rx_rotated);
189 	sp = rxrpc_skb(skb);
190 	flags = sp->hdr.flags;
191 	serial = sp->hdr.serial;
192 	if (call->rxtx_annotations[ix] & RXRPC_RX_ANNO_JUMBO)
193 		serial += (call->rxtx_annotations[ix] & RXRPC_RX_ANNO_JUMBO) - 1;
194 
195 	call->rxtx_buffer[ix] = NULL;
196 	call->rxtx_annotations[ix] = 0;
197 	/* Barrier against rxrpc_input_data(). */
198 	smp_store_release(&call->rx_hard_ack, hard_ack);
199 
200 	rxrpc_free_skb(skb, rxrpc_skb_rx_freed);
201 
202 	_debug("%u,%u,%02x", hard_ack, top, flags);
203 	trace_rxrpc_receive(call, rxrpc_receive_rotate, serial, hard_ack);
204 	if (flags & RXRPC_LAST_PACKET) {
205 		rxrpc_end_rx_phase(call, serial);
206 	} else {
207 		/* Check to see if there's an ACK that needs sending. */
208 		if (after_eq(hard_ack, call->ackr_consumed + 2) ||
209 		    after_eq(top, call->ackr_seen + 2) ||
210 		    (hard_ack == top && after(hard_ack, call->ackr_consumed)))
211 			rxrpc_propose_ACK(call, RXRPC_ACK_DELAY, 0, serial,
212 					  true, false,
213 					  rxrpc_propose_ack_rotate_rx);
214 		if (call->ackr_reason)
215 			rxrpc_send_ack_packet(call, false);
216 	}
217 }
218 
219 /*
220  * Decrypt and verify a (sub)packet.  The packet's length may be changed due to
221  * padding, but if this is the case, the packet length will be resident in the
222  * socket buffer.  Note that we can't modify the master skb info as the skb may
223  * be the home to multiple subpackets.
224  */
225 static int rxrpc_verify_packet(struct rxrpc_call *call, struct sk_buff *skb,
226 			       u8 annotation,
227 			       unsigned int offset, unsigned int len)
228 {
229 	struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
230 	rxrpc_seq_t seq = sp->hdr.seq;
231 	u16 cksum = sp->hdr.cksum;
232 
233 	_enter("");
234 
235 	/* For all but the head jumbo subpacket, the security checksum is in a
236 	 * jumbo header immediately prior to the data.
237 	 */
238 	if ((annotation & RXRPC_RX_ANNO_JUMBO) > 1) {
239 		__be16 tmp;
240 		if (skb_copy_bits(skb, offset - 2, &tmp, 2) < 0)
241 			BUG();
242 		cksum = ntohs(tmp);
243 		seq += (annotation & RXRPC_RX_ANNO_JUMBO) - 1;
244 	}
245 
246 	return call->conn->security->verify_packet(call, skb, offset, len,
247 						   seq, cksum);
248 }
249 
250 /*
251  * Locate the data within a packet.  This is complicated by:
252  *
253  * (1) An skb may contain a jumbo packet - so we have to find the appropriate
254  *     subpacket.
255  *
256  * (2) The (sub)packets may be encrypted and, if so, the encrypted portion
257  *     contains an extra header which includes the true length of the data,
258  *     excluding any encrypted padding.
259  */
260 static int rxrpc_locate_data(struct rxrpc_call *call, struct sk_buff *skb,
261 			     u8 *_annotation,
262 			     unsigned int *_offset, unsigned int *_len)
263 {
264 	unsigned int offset = sizeof(struct rxrpc_wire_header);
265 	unsigned int len = *_len;
266 	int ret;
267 	u8 annotation = *_annotation;
268 
269 	/* Locate the subpacket */
270 	len = skb->len - offset;
271 	if ((annotation & RXRPC_RX_ANNO_JUMBO) > 0) {
272 		offset += (((annotation & RXRPC_RX_ANNO_JUMBO) - 1) *
273 			   RXRPC_JUMBO_SUBPKTLEN);
274 		len = (annotation & RXRPC_RX_ANNO_JLAST) ?
275 			skb->len - offset : RXRPC_JUMBO_SUBPKTLEN;
276 	}
277 
278 	if (!(annotation & RXRPC_RX_ANNO_VERIFIED)) {
279 		ret = rxrpc_verify_packet(call, skb, annotation, offset, len);
280 		if (ret < 0)
281 			return ret;
282 		*_annotation |= RXRPC_RX_ANNO_VERIFIED;
283 	}
284 
285 	*_offset = offset;
286 	*_len = len;
287 	call->conn->security->locate_data(call, skb, _offset, _len);
288 	return 0;
289 }
290 
291 /*
292  * Deliver messages to a call.  This keeps processing packets until the buffer
293  * is filled and we find either more DATA (returns 0) or the end of the DATA
294  * (returns 1).  If more packets are required, it returns -EAGAIN.
295  */
296 static int rxrpc_recvmsg_data(struct socket *sock, struct rxrpc_call *call,
297 			      struct msghdr *msg, struct iov_iter *iter,
298 			      size_t len, int flags, size_t *_offset)
299 {
300 	struct rxrpc_skb_priv *sp;
301 	struct sk_buff *skb;
302 	rxrpc_seq_t hard_ack, top, seq;
303 	size_t remain;
304 	bool last;
305 	unsigned int rx_pkt_offset, rx_pkt_len;
306 	int ix, copy, ret = -EAGAIN, ret2;
307 
308 	rx_pkt_offset = call->rx_pkt_offset;
309 	rx_pkt_len = call->rx_pkt_len;
310 
311 	if (call->state >= RXRPC_CALL_SERVER_ACK_REQUEST) {
312 		seq = call->rx_hard_ack;
313 		ret = 1;
314 		goto done;
315 	}
316 
317 	/* Barriers against rxrpc_input_data(). */
318 	hard_ack = call->rx_hard_ack;
319 	top = smp_load_acquire(&call->rx_top);
320 	for (seq = hard_ack + 1; before_eq(seq, top); seq++) {
321 		ix = seq & RXRPC_RXTX_BUFF_MASK;
322 		skb = call->rxtx_buffer[ix];
323 		if (!skb) {
324 			trace_rxrpc_recvmsg(call, rxrpc_recvmsg_hole, seq,
325 					    rx_pkt_offset, rx_pkt_len, 0);
326 			break;
327 		}
328 		smp_rmb();
329 		rxrpc_see_skb(skb, rxrpc_skb_rx_seen);
330 		sp = rxrpc_skb(skb);
331 
332 		if (!(flags & MSG_PEEK))
333 			trace_rxrpc_receive(call, rxrpc_receive_front,
334 					    sp->hdr.serial, seq);
335 
336 		if (msg)
337 			sock_recv_timestamp(msg, sock->sk, skb);
338 
339 		if (rx_pkt_offset == 0) {
340 			ret2 = rxrpc_locate_data(call, skb,
341 						 &call->rxtx_annotations[ix],
342 						 &rx_pkt_offset, &rx_pkt_len);
343 			trace_rxrpc_recvmsg(call, rxrpc_recvmsg_next, seq,
344 					    rx_pkt_offset, rx_pkt_len, ret2);
345 			if (ret2 < 0) {
346 				ret = ret2;
347 				goto out;
348 			}
349 		} else {
350 			trace_rxrpc_recvmsg(call, rxrpc_recvmsg_cont, seq,
351 					    rx_pkt_offset, rx_pkt_len, 0);
352 		}
353 
354 		/* We have to handle short, empty and used-up DATA packets. */
355 		remain = len - *_offset;
356 		copy = rx_pkt_len;
357 		if (copy > remain)
358 			copy = remain;
359 		if (copy > 0) {
360 			ret2 = skb_copy_datagram_iter(skb, rx_pkt_offset, iter,
361 						      copy);
362 			if (ret2 < 0) {
363 				ret = ret2;
364 				goto out;
365 			}
366 
367 			/* handle piecemeal consumption of data packets */
368 			rx_pkt_offset += copy;
369 			rx_pkt_len -= copy;
370 			*_offset += copy;
371 		}
372 
373 		if (rx_pkt_len > 0) {
374 			trace_rxrpc_recvmsg(call, rxrpc_recvmsg_full, seq,
375 					    rx_pkt_offset, rx_pkt_len, 0);
376 			ASSERTCMP(*_offset, ==, len);
377 			ret = 0;
378 			break;
379 		}
380 
381 		/* The whole packet has been transferred. */
382 		last = sp->hdr.flags & RXRPC_LAST_PACKET;
383 		if (!(flags & MSG_PEEK))
384 			rxrpc_rotate_rx_window(call);
385 		rx_pkt_offset = 0;
386 		rx_pkt_len = 0;
387 
388 		if (last) {
389 			ASSERTCMP(seq, ==, READ_ONCE(call->rx_top));
390 			ret = 1;
391 			goto out;
392 		}
393 	}
394 
395 out:
396 	if (!(flags & MSG_PEEK)) {
397 		call->rx_pkt_offset = rx_pkt_offset;
398 		call->rx_pkt_len = rx_pkt_len;
399 	}
400 done:
401 	trace_rxrpc_recvmsg(call, rxrpc_recvmsg_data_return, seq,
402 			    rx_pkt_offset, rx_pkt_len, ret);
403 	return ret;
404 }
405 
406 /*
407  * Receive a message from an RxRPC socket
408  * - we need to be careful about two or more threads calling recvmsg
409  *   simultaneously
410  */
411 int rxrpc_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
412 		  int flags)
413 {
414 	struct rxrpc_call *call;
415 	struct rxrpc_sock *rx = rxrpc_sk(sock->sk);
416 	struct list_head *l;
417 	size_t copied = 0;
418 	long timeo;
419 	int ret;
420 
421 	DEFINE_WAIT(wait);
422 
423 	trace_rxrpc_recvmsg(NULL, rxrpc_recvmsg_enter, 0, 0, 0, 0);
424 
425 	if (flags & (MSG_OOB | MSG_TRUNC))
426 		return -EOPNOTSUPP;
427 
428 	timeo = sock_rcvtimeo(&rx->sk, flags & MSG_DONTWAIT);
429 
430 try_again:
431 	lock_sock(&rx->sk);
432 
433 	/* Return immediately if a client socket has no outstanding calls */
434 	if (RB_EMPTY_ROOT(&rx->calls) &&
435 	    list_empty(&rx->recvmsg_q) &&
436 	    rx->sk.sk_state != RXRPC_SERVER_LISTENING) {
437 		release_sock(&rx->sk);
438 		return -ENODATA;
439 	}
440 
441 	if (list_empty(&rx->recvmsg_q)) {
442 		ret = -EWOULDBLOCK;
443 		if (timeo == 0) {
444 			call = NULL;
445 			goto error_no_call;
446 		}
447 
448 		release_sock(&rx->sk);
449 
450 		/* Wait for something to happen */
451 		prepare_to_wait_exclusive(sk_sleep(&rx->sk), &wait,
452 					  TASK_INTERRUPTIBLE);
453 		ret = sock_error(&rx->sk);
454 		if (ret)
455 			goto wait_error;
456 
457 		if (list_empty(&rx->recvmsg_q)) {
458 			if (signal_pending(current))
459 				goto wait_interrupted;
460 			trace_rxrpc_recvmsg(NULL, rxrpc_recvmsg_wait,
461 					    0, 0, 0, 0);
462 			timeo = schedule_timeout(timeo);
463 		}
464 		finish_wait(sk_sleep(&rx->sk), &wait);
465 		goto try_again;
466 	}
467 
468 	/* Find the next call and dequeue it if we're not just peeking.  If we
469 	 * do dequeue it, that comes with a ref that we will need to release.
470 	 */
471 	write_lock_bh(&rx->recvmsg_lock);
472 	l = rx->recvmsg_q.next;
473 	call = list_entry(l, struct rxrpc_call, recvmsg_link);
474 	if (!(flags & MSG_PEEK))
475 		list_del_init(&call->recvmsg_link);
476 	else
477 		rxrpc_get_call(call, rxrpc_call_got);
478 	write_unlock_bh(&rx->recvmsg_lock);
479 
480 	trace_rxrpc_recvmsg(call, rxrpc_recvmsg_dequeue, 0, 0, 0, 0);
481 
482 	if (test_bit(RXRPC_CALL_RELEASED, &call->flags))
483 		BUG();
484 
485 	if (test_bit(RXRPC_CALL_HAS_USERID, &call->flags)) {
486 		if (flags & MSG_CMSG_COMPAT) {
487 			unsigned int id32 = call->user_call_ID;
488 
489 			ret = put_cmsg(msg, SOL_RXRPC, RXRPC_USER_CALL_ID,
490 				       sizeof(unsigned int), &id32);
491 		} else {
492 			ret = put_cmsg(msg, SOL_RXRPC, RXRPC_USER_CALL_ID,
493 				       sizeof(unsigned long),
494 				       &call->user_call_ID);
495 		}
496 		if (ret < 0)
497 			goto error;
498 	}
499 
500 	if (msg->msg_name) {
501 		size_t len = sizeof(call->conn->params.peer->srx);
502 		memcpy(msg->msg_name, &call->conn->params.peer->srx, len);
503 		msg->msg_namelen = len;
504 	}
505 
506 	switch (call->state) {
507 	case RXRPC_CALL_SERVER_ACCEPTING:
508 		ret = rxrpc_recvmsg_new_call(rx, call, msg, flags);
509 		break;
510 	case RXRPC_CALL_CLIENT_RECV_REPLY:
511 	case RXRPC_CALL_SERVER_RECV_REQUEST:
512 	case RXRPC_CALL_SERVER_ACK_REQUEST:
513 		ret = rxrpc_recvmsg_data(sock, call, msg, &msg->msg_iter, len,
514 					 flags, &copied);
515 		if (ret == -EAGAIN)
516 			ret = 0;
517 
518 		if (after(call->rx_top, call->rx_hard_ack) &&
519 		    call->rxtx_buffer[(call->rx_hard_ack + 1) & RXRPC_RXTX_BUFF_MASK])
520 			rxrpc_notify_socket(call);
521 		break;
522 	default:
523 		ret = 0;
524 		break;
525 	}
526 
527 	if (ret < 0)
528 		goto error;
529 
530 	if (call->state == RXRPC_CALL_COMPLETE) {
531 		ret = rxrpc_recvmsg_term(call, msg);
532 		if (ret < 0)
533 			goto error;
534 		if (!(flags & MSG_PEEK))
535 			rxrpc_release_call(rx, call);
536 		msg->msg_flags |= MSG_EOR;
537 		ret = 1;
538 	}
539 
540 	if (ret == 0)
541 		msg->msg_flags |= MSG_MORE;
542 	else
543 		msg->msg_flags &= ~MSG_MORE;
544 	ret = copied;
545 
546 error:
547 	rxrpc_put_call(call, rxrpc_call_put);
548 error_no_call:
549 	release_sock(&rx->sk);
550 	trace_rxrpc_recvmsg(call, rxrpc_recvmsg_return, 0, 0, 0, ret);
551 	return ret;
552 
553 wait_interrupted:
554 	ret = sock_intr_errno(timeo);
555 wait_error:
556 	finish_wait(sk_sleep(&rx->sk), &wait);
557 	call = NULL;
558 	goto error_no_call;
559 }
560 
561 /**
562  * rxrpc_kernel_recv_data - Allow a kernel service to receive data/info
563  * @sock: The socket that the call exists on
564  * @call: The call to send data through
565  * @buf: The buffer to receive into
566  * @size: The size of the buffer, including data already read
567  * @_offset: The running offset into the buffer.
568  * @want_more: True if more data is expected to be read
569  * @_abort: Where the abort code is stored if -ECONNABORTED is returned
570  *
571  * Allow a kernel service to receive data and pick up information about the
572  * state of a call.  Returns 0 if got what was asked for and there's more
573  * available, 1 if we got what was asked for and we're at the end of the data
574  * and -EAGAIN if we need more data.
575  *
576  * Note that we may return -EAGAIN to drain empty packets at the end of the
577  * data, even if we've already copied over the requested data.
578  *
579  * This function adds the amount it transfers to *_offset, so this should be
580  * precleared as appropriate.  Note that the amount remaining in the buffer is
581  * taken to be size - *_offset.
582  *
583  * *_abort should also be initialised to 0.
584  */
585 int rxrpc_kernel_recv_data(struct socket *sock, struct rxrpc_call *call,
586 			   void *buf, size_t size, size_t *_offset,
587 			   bool want_more, u32 *_abort)
588 {
589 	struct iov_iter iter;
590 	struct kvec iov;
591 	int ret;
592 
593 	_enter("{%d,%s},%zu/%zu,%d",
594 	       call->debug_id, rxrpc_call_states[call->state],
595 	       *_offset, size, want_more);
596 
597 	ASSERTCMP(*_offset, <=, size);
598 	ASSERTCMP(call->state, !=, RXRPC_CALL_SERVER_ACCEPTING);
599 
600 	iov.iov_base = buf + *_offset;
601 	iov.iov_len = size - *_offset;
602 	iov_iter_kvec(&iter, ITER_KVEC | READ, &iov, 1, size - *_offset);
603 
604 	lock_sock(sock->sk);
605 
606 	switch (call->state) {
607 	case RXRPC_CALL_CLIENT_RECV_REPLY:
608 	case RXRPC_CALL_SERVER_RECV_REQUEST:
609 	case RXRPC_CALL_SERVER_ACK_REQUEST:
610 		ret = rxrpc_recvmsg_data(sock, call, NULL, &iter, size, 0,
611 					 _offset);
612 		if (ret < 0)
613 			goto out;
614 
615 		/* We can only reach here with a partially full buffer if we
616 		 * have reached the end of the data.  We must otherwise have a
617 		 * full buffer or have been given -EAGAIN.
618 		 */
619 		if (ret == 1) {
620 			if (*_offset < size)
621 				goto short_data;
622 			if (!want_more)
623 				goto read_phase_complete;
624 			ret = 0;
625 			goto out;
626 		}
627 
628 		if (!want_more)
629 			goto excess_data;
630 		goto out;
631 
632 	case RXRPC_CALL_COMPLETE:
633 		goto call_complete;
634 
635 	default:
636 		ret = -EINPROGRESS;
637 		goto out;
638 	}
639 
640 read_phase_complete:
641 	ret = 1;
642 out:
643 	release_sock(sock->sk);
644 	_leave(" = %d [%zu,%d]", ret, *_offset, *_abort);
645 	return ret;
646 
647 short_data:
648 	ret = -EBADMSG;
649 	goto out;
650 excess_data:
651 	ret = -EMSGSIZE;
652 	goto out;
653 call_complete:
654 	*_abort = call->abort_code;
655 	ret = -call->error;
656 	if (call->completion == RXRPC_CALL_SUCCEEDED) {
657 		ret = 1;
658 		if (size > 0)
659 			ret = -ECONNRESET;
660 	}
661 	goto out;
662 }
663 EXPORT_SYMBOL(rxrpc_kernel_recv_data);
664