xref: /openbmc/linux/net/rxrpc/recvmsg.c (revision d7e15835) 
1 /* RxRPC recvmsg() implementation
2  *
3  * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
4  * Written by David Howells (dhowells@redhat.com)
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version
9  * 2 of the License, or (at your option) any later version.
10  */
11 
12 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
13 
14 #include <linux/net.h>
15 #include <linux/skbuff.h>
16 #include <linux/export.h>
17 #include <net/sock.h>
18 #include <net/af_rxrpc.h>
19 #include "ar-internal.h"
20 
21 /*
22  * Post a call for attention by the socket or kernel service.  Further
23  * notifications are suppressed by putting recvmsg_link on a dummy queue.
24  */
25 void rxrpc_notify_socket(struct rxrpc_call *call)
26 {
27 	struct rxrpc_sock *rx;
28 	struct sock *sk;
29 
30 	_enter("%d", call->debug_id);
31 
32 	if (!list_empty(&call->recvmsg_link))
33 		return;
34 
35 	rcu_read_lock();
36 
37 	rx = rcu_dereference(call->socket);
38 	sk = &rx->sk;
39 	if (rx && sk->sk_state < RXRPC_CLOSE) {
40 		if (call->notify_rx) {
41 			call->notify_rx(sk, call, call->user_call_ID);
42 		} else {
43 			write_lock_bh(&rx->recvmsg_lock);
44 			if (list_empty(&call->recvmsg_link)) {
45 				rxrpc_get_call(call, rxrpc_call_got);
46 				list_add_tail(&call->recvmsg_link, &rx->recvmsg_q);
47 			}
48 			write_unlock_bh(&rx->recvmsg_lock);
49 
50 			if (!sock_flag(sk, SOCK_DEAD)) {
51 				_debug("call %ps", sk->sk_data_ready);
52 				sk->sk_data_ready(sk);
53 			}
54 		}
55 	}
56 
57 	rcu_read_unlock();
58 	_leave("");
59 }
60 
61 /*
62  * Pass a call terminating message to userspace.
63  */
64 static int rxrpc_recvmsg_term(struct rxrpc_call *call, struct msghdr *msg)
65 {
66 	u32 tmp = 0;
67 	int ret;
68 
69 	switch (call->completion) {
70 	case RXRPC_CALL_SUCCEEDED:
71 		ret = 0;
72 		if (rxrpc_is_service_call(call))
73 			ret = put_cmsg(msg, SOL_RXRPC, RXRPC_ACK, 0, &tmp);
74 		break;
75 	case RXRPC_CALL_REMOTELY_ABORTED:
76 		tmp = call->abort_code;
77 		ret = put_cmsg(msg, SOL_RXRPC, RXRPC_ABORT, 4, &tmp);
78 		break;
79 	case RXRPC_CALL_LOCALLY_ABORTED:
80 		tmp = call->abort_code;
81 		ret = put_cmsg(msg, SOL_RXRPC, RXRPC_ABORT, 4, &tmp);
82 		break;
83 	case RXRPC_CALL_NETWORK_ERROR:
84 		tmp = call->error;
85 		ret = put_cmsg(msg, SOL_RXRPC, RXRPC_NET_ERROR, 4, &tmp);
86 		break;
87 	case RXRPC_CALL_LOCAL_ERROR:
88 		tmp = call->error;
89 		ret = put_cmsg(msg, SOL_RXRPC, RXRPC_LOCAL_ERROR, 4, &tmp);
90 		break;
91 	default:
92 		pr_err("Invalid terminal call state %u\n", call->state);
93 		BUG();
94 		break;
95 	}
96 
97 	trace_rxrpc_recvmsg(call, rxrpc_recvmsg_terminal, call->rx_hard_ack,
98 			    call->rx_pkt_offset, call->rx_pkt_len, ret);
99 	return ret;
100 }
101 
102 /*
103  * Pass back notification of a new call.  The call is added to the
104  * to-be-accepted list.  This means that the next call to be accepted might not
105  * be the last call seen awaiting acceptance, but unless we leave this on the
106  * front of the queue and block all other messages until someone gives us a
107  * user_ID for it, there's not a lot we can do.
108  */
109 static int rxrpc_recvmsg_new_call(struct rxrpc_sock *rx,
110 				  struct rxrpc_call *call,
111 				  struct msghdr *msg, int flags)
112 {
113 	int tmp = 0, ret;
114 
115 	ret = put_cmsg(msg, SOL_RXRPC, RXRPC_NEW_CALL, 0, &tmp);
116 
117 	if (ret == 0 && !(flags & MSG_PEEK)) {
118 		_debug("to be accepted");
119 		write_lock_bh(&rx->recvmsg_lock);
120 		list_del_init(&call->recvmsg_link);
121 		write_unlock_bh(&rx->recvmsg_lock);
122 
123 		rxrpc_get_call(call, rxrpc_call_got);
124 		write_lock(&rx->call_lock);
125 		list_add_tail(&call->accept_link, &rx->to_be_accepted);
126 		write_unlock(&rx->call_lock);
127 	}
128 
129 	trace_rxrpc_recvmsg(call, rxrpc_recvmsg_to_be_accepted, 1, 0, 0, ret);
130 	return ret;
131 }
132 
133 /*
134  * End the packet reception phase.
135  */
136 static void rxrpc_end_rx_phase(struct rxrpc_call *call, rxrpc_serial_t serial)
137 {
138 	_enter("%d,%s", call->debug_id, rxrpc_call_states[call->state]);
139 
140 	trace_rxrpc_receive(call, rxrpc_receive_end, 0, call->rx_top);
141 	ASSERTCMP(call->rx_hard_ack, ==, call->rx_top);
142 
143 	if (call->state == RXRPC_CALL_CLIENT_RECV_REPLY) {
144 		rxrpc_propose_ACK(call, RXRPC_ACK_IDLE, 0, serial, true, false,
145 				  rxrpc_propose_ack_terminal_ack);
146 		rxrpc_send_ack_packet(call, false);
147 	}
148 
149 	write_lock_bh(&call->state_lock);
150 
151 	switch (call->state) {
152 	case RXRPC_CALL_CLIENT_RECV_REPLY:
153 		__rxrpc_call_completed(call);
154 		write_unlock_bh(&call->state_lock);
155 		break;
156 
157 	case RXRPC_CALL_SERVER_RECV_REQUEST:
158 		call->tx_phase = true;
159 		call->state = RXRPC_CALL_SERVER_ACK_REQUEST;
160 		call->ack_at = call->expire_at;
161 		write_unlock_bh(&call->state_lock);
162 		rxrpc_propose_ACK(call, RXRPC_ACK_DELAY, 0, serial, false, true,
163 				  rxrpc_propose_ack_processing_op);
164 		break;
165 	default:
166 		write_unlock_bh(&call->state_lock);
167 		break;
168 	}
169 }
170 
171 /*
172  * Discard a packet we've used up and advance the Rx window by one.
173  */
174 static void rxrpc_rotate_rx_window(struct rxrpc_call *call)
175 {
176 	struct rxrpc_skb_priv *sp;
177 	struct sk_buff *skb;
178 	rxrpc_serial_t serial;
179 	rxrpc_seq_t hard_ack, top;
180 	u8 flags;
181 	int ix;
182 
183 	_enter("%d", call->debug_id);
184 
185 	hard_ack = call->rx_hard_ack;
186 	top = smp_load_acquire(&call->rx_top);
187 	ASSERT(before(hard_ack, top));
188 
189 	hard_ack++;
190 	ix = hard_ack & RXRPC_RXTX_BUFF_MASK;
191 	skb = call->rxtx_buffer[ix];
192 	rxrpc_see_skb(skb, rxrpc_skb_rx_rotated);
193 	sp = rxrpc_skb(skb);
194 	flags = sp->hdr.flags;
195 	serial = sp->hdr.serial;
196 	if (call->rxtx_annotations[ix] & RXRPC_RX_ANNO_JUMBO)
197 		serial += (call->rxtx_annotations[ix] & RXRPC_RX_ANNO_JUMBO) - 1;
198 
199 	call->rxtx_buffer[ix] = NULL;
200 	call->rxtx_annotations[ix] = 0;
201 	/* Barrier against rxrpc_input_data(). */
202 	smp_store_release(&call->rx_hard_ack, hard_ack);
203 
204 	rxrpc_free_skb(skb, rxrpc_skb_rx_freed);
205 
206 	_debug("%u,%u,%02x", hard_ack, top, flags);
207 	trace_rxrpc_receive(call, rxrpc_receive_rotate, serial, hard_ack);
208 	if (flags & RXRPC_LAST_PACKET) {
209 		rxrpc_end_rx_phase(call, serial);
210 	} else {
211 		/* Check to see if there's an ACK that needs sending. */
212 		if (after_eq(hard_ack, call->ackr_consumed + 2) ||
213 		    after_eq(top, call->ackr_seen + 2) ||
214 		    (hard_ack == top && after(hard_ack, call->ackr_consumed)))
215 			rxrpc_propose_ACK(call, RXRPC_ACK_DELAY, 0, serial,
216 					  true, false,
217 					  rxrpc_propose_ack_rotate_rx);
218 		if (call->ackr_reason)
219 			rxrpc_send_ack_packet(call, false);
220 	}
221 }
222 
223 /*
224  * Decrypt and verify a (sub)packet.  The packet's length may be changed due to
225  * padding, but if this is the case, the packet length will be resident in the
226  * socket buffer.  Note that we can't modify the master skb info as the skb may
227  * be the home to multiple subpackets.
228  */
229 static int rxrpc_verify_packet(struct rxrpc_call *call, struct sk_buff *skb,
230 			       u8 annotation,
231 			       unsigned int offset, unsigned int len)
232 {
233 	struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
234 	rxrpc_seq_t seq = sp->hdr.seq;
235 	u16 cksum = sp->hdr.cksum;
236 
237 	_enter("");
238 
239 	/* For all but the head jumbo subpacket, the security checksum is in a
240 	 * jumbo header immediately prior to the data.
241 	 */
242 	if ((annotation & RXRPC_RX_ANNO_JUMBO) > 1) {
243 		__be16 tmp;
244 		if (skb_copy_bits(skb, offset - 2, &tmp, 2) < 0)
245 			BUG();
246 		cksum = ntohs(tmp);
247 		seq += (annotation & RXRPC_RX_ANNO_JUMBO) - 1;
248 	}
249 
250 	return call->conn->security->verify_packet(call, skb, offset, len,
251 						   seq, cksum);
252 }
253 
254 /*
255  * Locate the data within a packet.  This is complicated by:
256  *
257  * (1) An skb may contain a jumbo packet - so we have to find the appropriate
258  *     subpacket.
259  *
260  * (2) The (sub)packets may be encrypted and, if so, the encrypted portion
261  *     contains an extra header which includes the true length of the data,
262  *     excluding any encrypted padding.
263  */
264 static int rxrpc_locate_data(struct rxrpc_call *call, struct sk_buff *skb,
265 			     u8 *_annotation,
266 			     unsigned int *_offset, unsigned int *_len)
267 {
268 	unsigned int offset = sizeof(struct rxrpc_wire_header);
269 	unsigned int len = *_len;
270 	int ret;
271 	u8 annotation = *_annotation;
272 
273 	/* Locate the subpacket */
274 	len = skb->len - offset;
275 	if ((annotation & RXRPC_RX_ANNO_JUMBO) > 0) {
276 		offset += (((annotation & RXRPC_RX_ANNO_JUMBO) - 1) *
277 			   RXRPC_JUMBO_SUBPKTLEN);
278 		len = (annotation & RXRPC_RX_ANNO_JLAST) ?
279 			skb->len - offset : RXRPC_JUMBO_SUBPKTLEN;
280 	}
281 
282 	if (!(annotation & RXRPC_RX_ANNO_VERIFIED)) {
283 		ret = rxrpc_verify_packet(call, skb, annotation, offset, len);
284 		if (ret < 0)
285 			return ret;
286 		*_annotation |= RXRPC_RX_ANNO_VERIFIED;
287 	}
288 
289 	*_offset = offset;
290 	*_len = len;
291 	call->conn->security->locate_data(call, skb, _offset, _len);
292 	return 0;
293 }
294 
295 /*
296  * Deliver messages to a call.  This keeps processing packets until the buffer
297  * is filled and we find either more DATA (returns 0) or the end of the DATA
298  * (returns 1).  If more packets are required, it returns -EAGAIN.
299  */
300 static int rxrpc_recvmsg_data(struct socket *sock, struct rxrpc_call *call,
301 			      struct msghdr *msg, struct iov_iter *iter,
302 			      size_t len, int flags, size_t *_offset)
303 {
304 	struct rxrpc_skb_priv *sp;
305 	struct sk_buff *skb;
306 	rxrpc_seq_t hard_ack, top, seq;
307 	size_t remain;
308 	bool last;
309 	unsigned int rx_pkt_offset, rx_pkt_len;
310 	int ix, copy, ret = -EAGAIN, ret2;
311 
312 	rx_pkt_offset = call->rx_pkt_offset;
313 	rx_pkt_len = call->rx_pkt_len;
314 
315 	if (call->state >= RXRPC_CALL_SERVER_ACK_REQUEST) {
316 		seq = call->rx_hard_ack;
317 		ret = 1;
318 		goto done;
319 	}
320 
321 	/* Barriers against rxrpc_input_data(). */
322 	hard_ack = call->rx_hard_ack;
323 	seq = hard_ack + 1;
324 	while (top = smp_load_acquire(&call->rx_top),
325 	       before_eq(seq, top)
326 	       ) {
327 		ix = seq & RXRPC_RXTX_BUFF_MASK;
328 		skb = call->rxtx_buffer[ix];
329 		if (!skb) {
330 			trace_rxrpc_recvmsg(call, rxrpc_recvmsg_hole, seq,
331 					    rx_pkt_offset, rx_pkt_len, 0);
332 			break;
333 		}
334 		smp_rmb();
335 		rxrpc_see_skb(skb, rxrpc_skb_rx_seen);
336 		sp = rxrpc_skb(skb);
337 
338 		if (!(flags & MSG_PEEK))
339 			trace_rxrpc_receive(call, rxrpc_receive_front,
340 					    sp->hdr.serial, seq);
341 
342 		if (msg)
343 			sock_recv_timestamp(msg, sock->sk, skb);
344 
345 		if (rx_pkt_offset == 0) {
346 			ret2 = rxrpc_locate_data(call, skb,
347 						 &call->rxtx_annotations[ix],
348 						 &rx_pkt_offset, &rx_pkt_len);
349 			trace_rxrpc_recvmsg(call, rxrpc_recvmsg_next, seq,
350 					    rx_pkt_offset, rx_pkt_len, ret2);
351 			if (ret2 < 0) {
352 				ret = ret2;
353 				goto out;
354 			}
355 		} else {
356 			trace_rxrpc_recvmsg(call, rxrpc_recvmsg_cont, seq,
357 					    rx_pkt_offset, rx_pkt_len, 0);
358 		}
359 
360 		/* We have to handle short, empty and used-up DATA packets. */
361 		remain = len - *_offset;
362 		copy = rx_pkt_len;
363 		if (copy > remain)
364 			copy = remain;
365 		if (copy > 0) {
366 			ret2 = skb_copy_datagram_iter(skb, rx_pkt_offset, iter,
367 						      copy);
368 			if (ret2 < 0) {
369 				ret = ret2;
370 				goto out;
371 			}
372 
373 			/* handle piecemeal consumption of data packets */
374 			rx_pkt_offset += copy;
375 			rx_pkt_len -= copy;
376 			*_offset += copy;
377 		}
378 
379 		if (rx_pkt_len > 0) {
380 			trace_rxrpc_recvmsg(call, rxrpc_recvmsg_full, seq,
381 					    rx_pkt_offset, rx_pkt_len, 0);
382 			ASSERTCMP(*_offset, ==, len);
383 			ret = 0;
384 			break;
385 		}
386 
387 		/* The whole packet has been transferred. */
388 		last = sp->hdr.flags & RXRPC_LAST_PACKET;
389 		if (!(flags & MSG_PEEK))
390 			rxrpc_rotate_rx_window(call);
391 		rx_pkt_offset = 0;
392 		rx_pkt_len = 0;
393 
394 		if (last) {
395 			ASSERTCMP(seq, ==, READ_ONCE(call->rx_top));
396 			ret = 1;
397 			goto out;
398 		}
399 
400 		seq++;
401 	}
402 
403 out:
404 	if (!(flags & MSG_PEEK)) {
405 		call->rx_pkt_offset = rx_pkt_offset;
406 		call->rx_pkt_len = rx_pkt_len;
407 	}
408 done:
409 	trace_rxrpc_recvmsg(call, rxrpc_recvmsg_data_return, seq,
410 			    rx_pkt_offset, rx_pkt_len, ret);
411 	return ret;
412 }
413 
414 /*
415  * Receive a message from an RxRPC socket
416  * - we need to be careful about two or more threads calling recvmsg
417  *   simultaneously
418  */
419 int rxrpc_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
420 		  int flags)
421 {
422 	struct rxrpc_call *call;
423 	struct rxrpc_sock *rx = rxrpc_sk(sock->sk);
424 	struct list_head *l;
425 	size_t copied = 0;
426 	long timeo;
427 	int ret;
428 
429 	DEFINE_WAIT(wait);
430 
431 	trace_rxrpc_recvmsg(NULL, rxrpc_recvmsg_enter, 0, 0, 0, 0);
432 
433 	if (flags & (MSG_OOB | MSG_TRUNC))
434 		return -EOPNOTSUPP;
435 
436 	timeo = sock_rcvtimeo(&rx->sk, flags & MSG_DONTWAIT);
437 
438 try_again:
439 	lock_sock(&rx->sk);
440 
441 	/* Return immediately if a client socket has no outstanding calls */
442 	if (RB_EMPTY_ROOT(&rx->calls) &&
443 	    list_empty(&rx->recvmsg_q) &&
444 	    rx->sk.sk_state != RXRPC_SERVER_LISTENING) {
445 		release_sock(&rx->sk);
446 		return -ENODATA;
447 	}
448 
449 	if (list_empty(&rx->recvmsg_q)) {
450 		ret = -EWOULDBLOCK;
451 		if (timeo == 0) {
452 			call = NULL;
453 			goto error_no_call;
454 		}
455 
456 		release_sock(&rx->sk);
457 
458 		/* Wait for something to happen */
459 		prepare_to_wait_exclusive(sk_sleep(&rx->sk), &wait,
460 					  TASK_INTERRUPTIBLE);
461 		ret = sock_error(&rx->sk);
462 		if (ret)
463 			goto wait_error;
464 
465 		if (list_empty(&rx->recvmsg_q)) {
466 			if (signal_pending(current))
467 				goto wait_interrupted;
468 			trace_rxrpc_recvmsg(NULL, rxrpc_recvmsg_wait,
469 					    0, 0, 0, 0);
470 			timeo = schedule_timeout(timeo);
471 		}
472 		finish_wait(sk_sleep(&rx->sk), &wait);
473 		goto try_again;
474 	}
475 
476 	/* Find the next call and dequeue it if we're not just peeking.  If we
477 	 * do dequeue it, that comes with a ref that we will need to release.
478 	 */
479 	write_lock_bh(&rx->recvmsg_lock);
480 	l = rx->recvmsg_q.next;
481 	call = list_entry(l, struct rxrpc_call, recvmsg_link);
482 	if (!(flags & MSG_PEEK))
483 		list_del_init(&call->recvmsg_link);
484 	else
485 		rxrpc_get_call(call, rxrpc_call_got);
486 	write_unlock_bh(&rx->recvmsg_lock);
487 
488 	trace_rxrpc_recvmsg(call, rxrpc_recvmsg_dequeue, 0, 0, 0, 0);
489 
490 	if (test_bit(RXRPC_CALL_RELEASED, &call->flags))
491 		BUG();
492 
493 	if (test_bit(RXRPC_CALL_HAS_USERID, &call->flags)) {
494 		if (flags & MSG_CMSG_COMPAT) {
495 			unsigned int id32 = call->user_call_ID;
496 
497 			ret = put_cmsg(msg, SOL_RXRPC, RXRPC_USER_CALL_ID,
498 				       sizeof(unsigned int), &id32);
499 		} else {
500 			ret = put_cmsg(msg, SOL_RXRPC, RXRPC_USER_CALL_ID,
501 				       sizeof(unsigned long),
502 				       &call->user_call_ID);
503 		}
504 		if (ret < 0)
505 			goto error;
506 	}
507 
508 	if (msg->msg_name) {
509 		size_t len = sizeof(call->conn->params.peer->srx);
510 		memcpy(msg->msg_name, &call->conn->params.peer->srx, len);
511 		msg->msg_namelen = len;
512 	}
513 
514 	switch (call->state) {
515 	case RXRPC_CALL_SERVER_ACCEPTING:
516 		ret = rxrpc_recvmsg_new_call(rx, call, msg, flags);
517 		break;
518 	case RXRPC_CALL_CLIENT_RECV_REPLY:
519 	case RXRPC_CALL_SERVER_RECV_REQUEST:
520 	case RXRPC_CALL_SERVER_ACK_REQUEST:
521 		ret = rxrpc_recvmsg_data(sock, call, msg, &msg->msg_iter, len,
522 					 flags, &copied);
523 		if (ret == -EAGAIN)
524 			ret = 0;
525 
526 		if (after(call->rx_top, call->rx_hard_ack) &&
527 		    call->rxtx_buffer[(call->rx_hard_ack + 1) & RXRPC_RXTX_BUFF_MASK])
528 			rxrpc_notify_socket(call);
529 		break;
530 	default:
531 		ret = 0;
532 		break;
533 	}
534 
535 	if (ret < 0)
536 		goto error;
537 
538 	if (call->state == RXRPC_CALL_COMPLETE) {
539 		ret = rxrpc_recvmsg_term(call, msg);
540 		if (ret < 0)
541 			goto error;
542 		if (!(flags & MSG_PEEK))
543 			rxrpc_release_call(rx, call);
544 		msg->msg_flags |= MSG_EOR;
545 		ret = 1;
546 	}
547 
548 	if (ret == 0)
549 		msg->msg_flags |= MSG_MORE;
550 	else
551 		msg->msg_flags &= ~MSG_MORE;
552 	ret = copied;
553 
554 error:
555 	rxrpc_put_call(call, rxrpc_call_put);
556 error_no_call:
557 	release_sock(&rx->sk);
558 	trace_rxrpc_recvmsg(call, rxrpc_recvmsg_return, 0, 0, 0, ret);
559 	return ret;
560 
561 wait_interrupted:
562 	ret = sock_intr_errno(timeo);
563 wait_error:
564 	finish_wait(sk_sleep(&rx->sk), &wait);
565 	call = NULL;
566 	goto error_no_call;
567 }
568 
569 /**
570  * rxrpc_kernel_recv_data - Allow a kernel service to receive data/info
571  * @sock: The socket that the call exists on
572  * @call: The call to send data through
573  * @buf: The buffer to receive into
574  * @size: The size of the buffer, including data already read
575  * @_offset: The running offset into the buffer.
576  * @want_more: True if more data is expected to be read
577  * @_abort: Where the abort code is stored if -ECONNABORTED is returned
578  *
579  * Allow a kernel service to receive data and pick up information about the
580  * state of a call.  Returns 0 if got what was asked for and there's more
581  * available, 1 if we got what was asked for and we're at the end of the data
582  * and -EAGAIN if we need more data.
583  *
584  * Note that we may return -EAGAIN to drain empty packets at the end of the
585  * data, even if we've already copied over the requested data.
586  *
587  * This function adds the amount it transfers to *_offset, so this should be
588  * precleared as appropriate.  Note that the amount remaining in the buffer is
589  * taken to be size - *_offset.
590  *
591  * *_abort should also be initialised to 0.
592  */
593 int rxrpc_kernel_recv_data(struct socket *sock, struct rxrpc_call *call,
594 			   void *buf, size_t size, size_t *_offset,
595 			   bool want_more, u32 *_abort)
596 {
597 	struct iov_iter iter;
598 	struct kvec iov;
599 	int ret;
600 
601 	_enter("{%d,%s},%zu/%zu,%d",
602 	       call->debug_id, rxrpc_call_states[call->state],
603 	       *_offset, size, want_more);
604 
605 	ASSERTCMP(*_offset, <=, size);
606 	ASSERTCMP(call->state, !=, RXRPC_CALL_SERVER_ACCEPTING);
607 
608 	iov.iov_base = buf + *_offset;
609 	iov.iov_len = size - *_offset;
610 	iov_iter_kvec(&iter, ITER_KVEC | READ, &iov, 1, size - *_offset);
611 
612 	lock_sock(sock->sk);
613 
614 	switch (call->state) {
615 	case RXRPC_CALL_CLIENT_RECV_REPLY:
616 	case RXRPC_CALL_SERVER_RECV_REQUEST:
617 	case RXRPC_CALL_SERVER_ACK_REQUEST:
618 		ret = rxrpc_recvmsg_data(sock, call, NULL, &iter, size, 0,
619 					 _offset);
620 		if (ret < 0)
621 			goto out;
622 
623 		/* We can only reach here with a partially full buffer if we
624 		 * have reached the end of the data.  We must otherwise have a
625 		 * full buffer or have been given -EAGAIN.
626 		 */
627 		if (ret == 1) {
628 			if (*_offset < size)
629 				goto short_data;
630 			if (!want_more)
631 				goto read_phase_complete;
632 			ret = 0;
633 			goto out;
634 		}
635 
636 		if (!want_more)
637 			goto excess_data;
638 		goto out;
639 
640 	case RXRPC_CALL_COMPLETE:
641 		goto call_complete;
642 
643 	default:
644 		ret = -EINPROGRESS;
645 		goto out;
646 	}
647 
648 read_phase_complete:
649 	ret = 1;
650 out:
651 	release_sock(sock->sk);
652 	_leave(" = %d [%zu,%d]", ret, *_offset, *_abort);
653 	return ret;
654 
655 short_data:
656 	ret = -EBADMSG;
657 	goto out;
658 excess_data:
659 	ret = -EMSGSIZE;
660 	goto out;
661 call_complete:
662 	*_abort = call->abort_code;
663 	ret = -call->error;
664 	if (call->completion == RXRPC_CALL_SUCCEEDED) {
665 		ret = 1;
666 		if (size > 0)
667 			ret = -ECONNRESET;
668 	}
669 	goto out;
670 }
671 EXPORT_SYMBOL(rxrpc_kernel_recv_data);
672