Головна сторінка Огляд Довідка
Увійти
samsung-sm8650
/
android_kernel_samsung_sm8650_ksu
2
0
Відгалуження 0
Файли Проблеми 0 Запити на злиття 0 Wiki
Дерево: 5c86c450e2
Гілки Теги
android_kernel_...
/
net
/
mptcp
/
subflow.c

subflow.c 55 KB
Історія Запис

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986 
  1. // SPDX-License-Identifier: GPL-2.0
    2. 

  2. /* Multipath TCP
    3. 

  3.  *
    4. 

  4.  * Copyright (c) 2017 - 2019, Intel Corporation.
    5. 

  5.  */
    6. 

  6. 

  7. #define pr_fmt(fmt) "MPTCP: " fmt
    8. 

  8. 

  9. #include <linux/kernel.h>
    10. 

  10. #include <linux/module.h>
    11. 

  11. #include <linux/netdevice.h>
    12. 

  12. #include <crypto/algapi.h>
    13. 

  13. #include <crypto/sha2.h>
    14. 

  14. #include <net/sock.h>
    15. 

  15. #include <net/inet_common.h>
    16. 

  16. #include <net/inet_hashtables.h>
    17. 

  17. #include <net/protocol.h>
    18. 

  18. #include <net/tcp.h>
    19. 

  19. #if IS_ENABLED(CONFIG_MPTCP_IPV6)
    20. 

  20. #include <net/ip6_route.h>
    21. 

  21. #include <net/transp_v6.h>
    22. 

  22. #endif
    23. 

  23. #include <net/mptcp.h>
    24. 

  24. #include <uapi/linux/mptcp.h>
    25. 

  25. #include "protocol.h"
    26. 

  26. #include "mib.h"
    27. 

  27. 

  28. #include <trace/events/mptcp.h>
    29. 

  29. 

  30. static void mptcp_subflow_ops_undo_override(struct sock *ssk);
    31. 

  31. 

  32. static void SUBFLOW_REQ_INC_STATS(struct request_sock *req,
    33. 

  33. 				  enum linux_mptcp_mib_field field)
    34. 

  34. {
    35. 

  35. 	MPTCP_INC_STATS(sock_net(req_to_sk(req)), field);
    36. 

  36. }
    37. 

  37. 

  38. static void subflow_req_destructor(struct request_sock *req)
    39. 

  39. {
    40. 

  40. 	struct mptcp_subflow_request_sock *subflow_req = mptcp_subflow_rsk(req);
    41. 

  41. 

  42. 	pr_debug("subflow_req=%p", subflow_req);
    43. 

  43. 

  44. 	if (subflow_req->msk)
    45. 

  45. 		sock_put((struct sock *)subflow_req->msk);
    46. 

  46. 

  47. 	mptcp_token_destroy_request(req);
    48. 

  48. }
    49. 

  49. 

  50. static void subflow_generate_hmac(u64 key1, u64 key2, u32 nonce1, u32 nonce2,
    51. 

  51. 				  void *hmac)
    52. 

  52. {
    53. 

  53. 	u8 msg[8];
    54. 

  54. 

  55. 	put_unaligned_be32(nonce1, &msg[0]);
    56. 

  56. 	put_unaligned_be32(nonce2, &msg[4]);
    57. 

  57. 

  58. 	mptcp_crypto_hmac_sha(key1, key2, msg, 8, hmac);
    59. 

  59. }
    60. 

  60. 

  61. static bool mptcp_can_accept_new_subflow(const struct mptcp_sock *msk)
    62. 

  62. {
    63. 

  63. 	return mptcp_is_fully_established((void *)msk) &&
    64. 

  64. 		((mptcp_pm_is_userspace(msk) &&
    65. 

  65. 		  mptcp_userspace_pm_active(msk)) ||
    66. 

  66. 		 READ_ONCE(msk->pm.accept_subflow));
    67. 

  67. }
    68. 

  68. 

  69. /* validate received token and create truncated hmac and nonce for SYN-ACK */
    70. 

  70. static void subflow_req_create_thmac(struct mptcp_subflow_request_sock *subflow_req)
    71. 

  71. {
    72. 

  72. 	struct mptcp_sock *msk = subflow_req->msk;
    73. 

  73. 	u8 hmac[SHA256_DIGEST_SIZE];
    74. 

  74. 

  75. 	get_random_bytes(&subflow_req->local_nonce, sizeof(u32));
    76. 

  76. 

  77. 	subflow_generate_hmac(msk->local_key, msk->remote_key,
    78. 

  78. 			      subflow_req->local_nonce,
    79. 

  79. 			      subflow_req->remote_nonce, hmac);
    80. 

  80. 

  81. 	subflow_req->thmac = get_unaligned_be64(hmac);
    82. 

  82. }
    83. 

  83. 

  84. static struct mptcp_sock *subflow_token_join_request(struct request_sock *req)
    85. 

  85. {
    86. 

  86. 	struct mptcp_subflow_request_sock *subflow_req = mptcp_subflow_rsk(req);
    87. 

  87. 	struct mptcp_sock *msk;
    88. 

  88. 	int local_id;
    89. 

  89. 

  90. 	msk = mptcp_token_get_sock(sock_net(req_to_sk(req)), subflow_req->token);
    91. 

  91. 	if (!msk) {
    92. 

  92. 		SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_JOINNOTOKEN);
    93. 

  93. 		return NULL;
    94. 

  94. 	}
    95. 

  95. 

  96. 	local_id = mptcp_pm_get_local_id(msk, (struct sock_common *)req);
    97. 

  97. 	if (local_id < 0) {
    98. 

  98. 		sock_put((struct sock *)msk);
    99. 

  99. 		return NULL;
    100. 

  100. 	}
    101. 

  101. 	subflow_req->local_id = local_id;
    102. 

  102. 

  103. 	return msk;
    104. 

  104. }
    105. 

  105. 

  106. static void subflow_init_req(struct request_sock *req, const struct sock *sk_listener)
    107. 

  107. {
    108. 

  108. 	struct mptcp_subflow_request_sock *subflow_req = mptcp_subflow_rsk(req);
    109. 

  109. 

  110. 	subflow_req->mp_capable = 0;
    111. 

  111. 	subflow_req->mp_join = 0;
    112. 

  112. 	subflow_req->csum_reqd = mptcp_is_checksum_enabled(sock_net(sk_listener));
    113. 

  113. 	subflow_req->allow_join_id0 = mptcp_allow_join_id0(sock_net(sk_listener));
    114. 

  114. 	subflow_req->msk = NULL;
    115. 

  115. 	mptcp_token_init_request(req);
    116. 

  116. }
    117. 

  117. 

  118. static bool subflow_use_different_sport(struct mptcp_sock *msk, const struct sock *sk)
    119. 

  119. {
    120. 

  120. 	return inet_sk(sk)->inet_sport != inet_sk((struct sock *)msk)->inet_sport;
    121. 

  121. }
    122. 

  122. 

  123. static void subflow_add_reset_reason(struct sk_buff *skb, u8 reason)
    124. 

  124. {
    125. 

  125. 	struct mptcp_ext *mpext = skb_ext_add(skb, SKB_EXT_MPTCP);
    126. 

  126. 

  127. 	if (mpext) {
    128. 

  128. 		memset(mpext, 0, sizeof(*mpext));
    129. 

  129. 		mpext->reset_reason = reason;
    130. 

  130. 	}
    131. 

  131. }
    132. 

  132. 

  133. /* Init mptcp request socket.
    134. 

  134.  *
    135. 

  135.  * Returns an error code if a JOIN has failed and a TCP reset
    136. 

  136.  * should be sent.
    137. 

  137.  */
    138. 

  138. static int subflow_check_req(struct request_sock *req,
    139. 

  139. 			     const struct sock *sk_listener,
    140. 

  140. 			     struct sk_buff *skb)
    141. 

  141. {
    142. 

  142. 	struct mptcp_subflow_context *listener = mptcp_subflow_ctx(sk_listener);
    143. 

  143. 	struct mptcp_subflow_request_sock *subflow_req = mptcp_subflow_rsk(req);
    144. 

  144. 	struct mptcp_options_received mp_opt;
    145. 

  145. 	bool opt_mp_capable, opt_mp_join;
    146. 

  146. 

  147. 	pr_debug("subflow_req=%p, listener=%p", subflow_req, listener);
    148. 

  148. 

  149. #ifdef CONFIG_TCP_MD5SIG
    150. 

  150. 	/* no MPTCP if MD5SIG is enabled on this socket or we may run out of
    151. 

  151. 	 * TCP option space.
    152. 

  152. 	 */
    153. 

  153. 	if (rcu_access_pointer(tcp_sk(sk_listener)->md5sig_info))
    154. 

  154. 		return -EINVAL;
    155. 

  155. #endif
    156. 

  156. 

  157. 	mptcp_get_options(skb, &mp_opt);
    158. 

  158. 

  159. 	opt_mp_capable = !!(mp_opt.suboptions & OPTIONS_MPTCP_MPC);
    160. 

  160. 	opt_mp_join = !!(mp_opt.suboptions & OPTIONS_MPTCP_MPJ);
    161. 

  161. 	if (opt_mp_capable) {
    162. 

  162. 		SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_MPCAPABLEPASSIVE);
    163. 

  163. 

  164. 		if (opt_mp_join)
    165. 

  165. 			return 0;
    166. 

  166. 	} else if (opt_mp_join) {
    167. 

  167. 		SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_JOINSYNRX);
    168. 

  168. 	}
    169. 

  169. 

  170. 	if (opt_mp_capable && listener->request_mptcp) {
    171. 

  171. 		int err, retries = MPTCP_TOKEN_MAX_RETRIES;
    172. 

  172. 

  173. 		subflow_req->ssn_offset = TCP_SKB_CB(skb)->seq;
    174. 

  174. again:
    175. 

  175. 		do {
    176. 

  176. 			get_random_bytes(&subflow_req->local_key, sizeof(subflow_req->local_key));
    177. 

  177. 		} while (subflow_req->local_key == 0);
    178. 

  178. 

  179. 		if (unlikely(req->syncookie)) {
    180. 

  180. 			mptcp_crypto_key_sha(subflow_req->local_key,
    181. 

  181. 					     &subflow_req->token,
    182. 

  182. 					     &subflow_req->idsn);
    183. 

  183. 			if (mptcp_token_exists(subflow_req->token)) {
    184. 

  184. 				if (retries-- > 0)
    185. 

  185. 					goto again;
    186. 

  186. 				SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_TOKENFALLBACKINIT);
    187. 

  187. 			} else {
    188. 

  188. 				subflow_req->mp_capable = 1;
    189. 

  189. 			}
    190. 

  190. 			return 0;
    191. 

  191. 		}
    192. 

  192. 

  193. 		err = mptcp_token_new_request(req);
    194. 

  194. 		if (err == 0)
    195. 

  195. 			subflow_req->mp_capable = 1;
    196. 

  196. 		else if (retries-- > 0)
    197. 

  197. 			goto again;
    198. 

  198. 		else
    199. 

  199. 			SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_TOKENFALLBACKINIT);
    200. 

  200. 

  201. 	} else if (opt_mp_join && listener->request_mptcp) {
    202. 

  202. 		subflow_req->ssn_offset = TCP_SKB_CB(skb)->seq;
    203. 

  203. 		subflow_req->mp_join = 1;
    204. 

  204. 		subflow_req->backup = mp_opt.backup;
    205. 

  205. 		subflow_req->remote_id = mp_opt.join_id;
    206. 

  206. 		subflow_req->token = mp_opt.token;
    207. 

  207. 		subflow_req->remote_nonce = mp_opt.nonce;
    208. 

  208. 		subflow_req->msk = subflow_token_join_request(req);
    209. 

  209. 

  210. 		/* Can't fall back to TCP in this case. */
    211. 

  211. 		if (!subflow_req->msk) {
    212. 

  212. 			subflow_add_reset_reason(skb, MPTCP_RST_EMPTCP);
    213. 

  213. 			return -EPERM;
    214. 

  214. 		}
    215. 

  215. 

  216. 		if (subflow_use_different_sport(subflow_req->msk, sk_listener)) {
    217. 

  217. 			pr_debug("syn inet_sport=%d %d",
    218. 

  218. 				 ntohs(inet_sk(sk_listener)->inet_sport),
    219. 

  219. 				 ntohs(inet_sk((struct sock *)subflow_req->msk)->inet_sport));
    220. 

  220. 			if (!mptcp_pm_sport_in_anno_list(subflow_req->msk, sk_listener)) {
    221. 

  221. 				SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_MISMATCHPORTSYNRX);
    222. 

  222. 				return -EPERM;
    223. 

  223. 			}
    224. 

  224. 			SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_JOINPORTSYNRX);
    225. 

  225. 		}
    226. 

  226. 

  227. 		subflow_req_create_thmac(subflow_req);
    228. 

  228. 

  229. 		if (unlikely(req->syncookie)) {
    230. 

  230. 			if (mptcp_can_accept_new_subflow(subflow_req->msk))
    231. 

  231. 				subflow_init_req_cookie_join_save(subflow_req, skb);
    232. 

  232. 			else
    233. 

  233. 				return -EPERM;
    234. 

  234. 		}
    235. 

  235. 

  236. 		pr_debug("token=%u, remote_nonce=%u msk=%p", subflow_req->token,
    237. 

  237. 			 subflow_req->remote_nonce, subflow_req->msk);
    238. 

  238. 	}
    239. 

  239. 

  240. 	return 0;
    241. 

  241. }
    242. 

  242. 

  243. int mptcp_subflow_init_cookie_req(struct request_sock *req,
    244. 

  244. 				  const struct sock *sk_listener,
    245. 

  245. 				  struct sk_buff *skb)
    246. 

  246. {
    247. 

  247. 	struct mptcp_subflow_context *listener = mptcp_subflow_ctx(sk_listener);
    248. 

  248. 	struct mptcp_subflow_request_sock *subflow_req = mptcp_subflow_rsk(req);
    249. 

  249. 	struct mptcp_options_received mp_opt;
    250. 

  250. 	bool opt_mp_capable, opt_mp_join;
    251. 

  251. 	int err;
    252. 

  252. 

  253. 	subflow_init_req(req, sk_listener);
    254. 

  254. 	mptcp_get_options(skb, &mp_opt);
    255. 

  255. 

  256. 	opt_mp_capable = !!(mp_opt.suboptions & OPTIONS_MPTCP_MPC);
    257. 

  257. 	opt_mp_join = !!(mp_opt.suboptions & OPTIONS_MPTCP_MPJ);
    258. 

  258. 	if (opt_mp_capable && opt_mp_join)
    259. 

  259. 		return -EINVAL;
    260. 

  260. 

  261. 	if (opt_mp_capable && listener->request_mptcp) {
    262. 

  262. 		if (mp_opt.sndr_key == 0)
    263. 

  263. 			return -EINVAL;
    264. 

  264. 

  265. 		subflow_req->local_key = mp_opt.rcvr_key;
    266. 

  266. 		err = mptcp_token_new_request(req);
    267. 

  267. 		if (err)
    268. 

  268. 			return err;
    269. 

  269. 

  270. 		subflow_req->mp_capable = 1;
    271. 

  271. 		subflow_req->ssn_offset = TCP_SKB_CB(skb)->seq - 1;
    272. 

  272. 	} else if (opt_mp_join && listener->request_mptcp) {
    273. 

  273. 		if (!mptcp_token_join_cookie_init_state(subflow_req, skb))
    274. 

  274. 			return -EINVAL;
    275. 

  275. 

  276. 		subflow_req->mp_join = 1;
    277. 

  277. 		subflow_req->ssn_offset = TCP_SKB_CB(skb)->seq - 1;
    278. 

  278. 	}
    279. 

  279. 

  280. 	return 0;
    281. 

  281. }
    282. 

  282. EXPORT_SYMBOL_GPL(mptcp_subflow_init_cookie_req);
    283. 

  283. 

  284. static struct dst_entry *subflow_v4_route_req(const struct sock *sk,
    285. 

  285. 					      struct sk_buff *skb,
    286. 

  286. 					      struct flowi *fl,
    287. 

  287. 					      struct request_sock *req)
    288. 

  288. {
    289. 

  289. 	struct dst_entry *dst;
    290. 

  290. 	int err;
    291. 

  291. 

  292. 	tcp_rsk(req)->is_mptcp = 1;
    293. 

  293. 	subflow_init_req(req, sk);
    294. 

  294. 

  295. 	dst = tcp_request_sock_ipv4_ops.route_req(sk, skb, fl, req);
    296. 

  296. 	if (!dst)
    297. 

  297. 		return NULL;
    298. 

  298. 

  299. 	err = subflow_check_req(req, sk, skb);
    300. 

  300. 	if (err == 0)
    301. 

  301. 		return dst;
    302. 

  302. 

  303. 	dst_release(dst);
    304. 

  304. 	if (!req->syncookie)
    305. 

  305. 		tcp_request_sock_ops.send_reset(sk, skb);
    306. 

  306. 	return NULL;
    307. 

  307. }
    308. 

  308. 

  309. #if IS_ENABLED(CONFIG_MPTCP_IPV6)
    310. 

  310. static struct dst_entry *subflow_v6_route_req(const struct sock *sk,
    311. 

  311. 					      struct sk_buff *skb,
    312. 

  312. 					      struct flowi *fl,
    313. 

  313. 					      struct request_sock *req)
    314. 

  314. {
    315. 

  315. 	struct dst_entry *dst;
    316. 

  316. 	int err;
    317. 

  317. 

  318. 	tcp_rsk(req)->is_mptcp = 1;
    319. 

  319. 	subflow_init_req(req, sk);
    320. 

  320. 

  321. 	dst = tcp_request_sock_ipv6_ops.route_req(sk, skb, fl, req);
    322. 

  322. 	if (!dst)
    323. 

  323. 		return NULL;
    324. 

  324. 

  325. 	err = subflow_check_req(req, sk, skb);
    326. 

  326. 	if (err == 0)
    327. 

  327. 		return dst;
    328. 

  328. 

  329. 	dst_release(dst);
    330. 

  330. 	if (!req->syncookie)
    331. 

  331. 		tcp6_request_sock_ops.send_reset(sk, skb);
    332. 

  332. 	return NULL;
    333. 

  333. }
    334. 

  334. #endif
    335. 

  335. 

  336. /* validate received truncated hmac and create hmac for third ACK */
    337. 

  337. static bool subflow_thmac_valid(struct mptcp_subflow_context *subflow)
    338. 

  338. {
    339. 

  339. 	u8 hmac[SHA256_DIGEST_SIZE];
    340. 

  340. 	u64 thmac;
    341. 

  341. 

  342. 	subflow_generate_hmac(subflow->remote_key, subflow->local_key,
    343. 

  343. 			      subflow->remote_nonce, subflow->local_nonce,
    344. 

  344. 			      hmac);
    345. 

  345. 

  346. 	thmac = get_unaligned_be64(hmac);
    347. 

  347. 	pr_debug("subflow=%p, token=%u, thmac=%llu, subflow->thmac=%llu\n",
    348. 

  348. 		 subflow, subflow->token, thmac, subflow->thmac);
    349. 

  349. 

  350. 	return thmac == subflow->thmac;
    351. 

  351. }
    352. 

  352. 

  353. void mptcp_subflow_reset(struct sock *ssk)
    354. 

  354. {
    355. 

  355. 	struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk);
    356. 

  356. 	struct sock *sk = subflow->conn;
    357. 

  357. 

  358. 	/* mptcp_mp_fail_no_response() can reach here on an already closed
    359. 

  359. 	 * socket
    360. 

  360. 	 */
    361. 

  361. 	if (ssk->sk_state == TCP_CLOSE)
    362. 

  362. 		return;
    363. 

  363. 

  364. 	/* must hold: tcp_done() could drop last reference on parent */
    365. 

  365. 	sock_hold(sk);
    366. 

  366. 

  367. 	tcp_send_active_reset(ssk, GFP_ATOMIC);
    368. 

  368. 	tcp_done(ssk);
    369. 

  369. 	if (!test_and_set_bit(MPTCP_WORK_CLOSE_SUBFLOW, &mptcp_sk(sk)->flags))
    370. 

  370. 		mptcp_schedule_work(sk);
    371. 

  371. 

  372. 	sock_put(sk);
    373. 

  373. }
    374. 

  374. 

  375. static bool subflow_use_different_dport(struct mptcp_sock *msk, const struct sock *sk)
    376. 

  376. {
    377. 

  377. 	return inet_sk(sk)->inet_dport != inet_sk((struct sock *)msk)->inet_dport;
    378. 

  378. }
    379. 

  379. 

  380. void __mptcp_set_connected(struct sock *sk)
    381. 

  381. {
    382. 

  382. 	if (sk->sk_state == TCP_SYN_SENT) {
    383. 

  383. 		inet_sk_state_store(sk, TCP_ESTABLISHED);
    384. 

  384. 		sk->sk_state_change(sk);
    385. 

  385. 	}
    386. 

  386. }
    387. 

  387. 

  388. static void mptcp_set_connected(struct sock *sk)
    389. 

  389. {
    390. 

  390. 	mptcp_data_lock(sk);
    391. 

  391. 	if (!sock_owned_by_user(sk))
    392. 

  392. 		__mptcp_set_connected(sk);
    393. 

  393. 	else
    394. 

  394. 		__set_bit(MPTCP_CONNECTED, &mptcp_sk(sk)->cb_flags);
    395. 

  395. 	mptcp_data_unlock(sk);
    396. 

  396. }
    397. 

  397. 

  398. static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb)
    399. 

  399. {
    400. 

  400. 	struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
    401. 

  401. 	struct mptcp_options_received mp_opt;
    402. 

  402. 	struct sock *parent = subflow->conn;
    403. 

  403. 

  404. 	subflow->icsk_af_ops->sk_rx_dst_set(sk, skb);
    405. 

  405. 

  406. 	/* be sure no special action on any packet other than syn-ack */
    407. 

  407. 	if (subflow->conn_finished)
    408. 

  408. 		return;
    409. 

  409. 

  410. 	mptcp_propagate_sndbuf(parent, sk);
    411. 

  411. 	subflow->rel_write_seq = 1;
    412. 

  412. 	subflow->conn_finished = 1;
    413. 

  413. 	subflow->ssn_offset = TCP_SKB_CB(skb)->seq;
    414. 

  414. 	pr_debug("subflow=%p synack seq=%x", subflow, subflow->ssn_offset);
    415. 

  415. 

  416. 	mptcp_get_options(skb, &mp_opt);
    417. 

  417. 	if (subflow->request_mptcp) {
    418. 

  418. 		if (!(mp_opt.suboptions & OPTIONS_MPTCP_MPC)) {
    419. 

  419. 			MPTCP_INC_STATS(sock_net(sk),
    420. 

  420. 					MPTCP_MIB_MPCAPABLEACTIVEFALLBACK);
    421. 

  421. 			mptcp_do_fallback(sk);
    422. 

  422. 			pr_fallback(mptcp_sk(subflow->conn));
    423. 

  423. 			goto fallback;
    424. 

  424. 		}
    425. 

  425. 

  426. 		if (mp_opt.suboptions & OPTION_MPTCP_CSUMREQD)
    427. 

  427. 			WRITE_ONCE(mptcp_sk(parent)->csum_enabled, true);
    428. 

  428. 		if (mp_opt.deny_join_id0)
    429. 

  429. 			WRITE_ONCE(mptcp_sk(parent)->pm.remote_deny_join_id0, true);
    430. 

  430. 		subflow->mp_capable = 1;
    431. 

  431. 		subflow->can_ack = 1;
    432. 

  432. 		subflow->remote_key = mp_opt.sndr_key;
    433. 

  433. 		pr_debug("subflow=%p, remote_key=%llu", subflow,
    434. 

  434. 			 subflow->remote_key);
    435. 

  435. 		MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_MPCAPABLEACTIVEACK);
    436. 

  436. 		mptcp_finish_connect(sk);
    437. 

  437. 		mptcp_set_connected(parent);
    438. 

  438. 	} else if (subflow->request_join) {
    439. 

  439. 		u8 hmac[SHA256_DIGEST_SIZE];
    440. 

  440. 

  441. 		if (!(mp_opt.suboptions & OPTIONS_MPTCP_MPJ)) {
    442. 

  442. 			subflow->reset_reason = MPTCP_RST_EMPTCP;
    443. 

  443. 			goto do_reset;
    444. 

  444. 		}
    445. 

  445. 

  446. 		subflow->backup = mp_opt.backup;
    447. 

  447. 		subflow->thmac = mp_opt.thmac;
    448. 

  448. 		subflow->remote_nonce = mp_opt.nonce;
    449. 

  449. 		subflow->remote_id = mp_opt.join_id;
    450. 

  450. 		pr_debug("subflow=%p, thmac=%llu, remote_nonce=%u backup=%d",
    451. 

  451. 			 subflow, subflow->thmac, subflow->remote_nonce,
    452. 

  452. 			 subflow->backup);
    453. 

  453. 

  454. 		if (!subflow_thmac_valid(subflow)) {
    455. 

  455. 			MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_JOINACKMAC);
    456. 

  456. 			subflow->reset_reason = MPTCP_RST_EMPTCP;
    457. 

  457. 			goto do_reset;
    458. 

  458. 		}
    459. 

  459. 

  460. 		if (!mptcp_finish_join(sk))
    461. 

  461. 			goto do_reset;
    462. 

  462. 

  463. 		subflow_generate_hmac(subflow->local_key, subflow->remote_key,
    464. 

  464. 				      subflow->local_nonce,
    465. 

  465. 				      subflow->remote_nonce,
    466. 

  466. 				      hmac);
    467. 

  467. 		memcpy(subflow->hmac, hmac, MPTCPOPT_HMAC_LEN);
    468. 

  468. 

  469. 		subflow->mp_join = 1;
    470. 

  470. 		MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_JOINSYNACKRX);
    471. 

  471. 

  472. 		if (subflow_use_different_dport(mptcp_sk(parent), sk)) {
    473. 

  473. 			pr_debug("synack inet_dport=%d %d",
    474. 

  474. 				 ntohs(inet_sk(sk)->inet_dport),
    475. 

  475. 				 ntohs(inet_sk(parent)->inet_dport));
    476. 

  476. 			MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_JOINPORTSYNACKRX);
    477. 

  477. 		}
    478. 

  478. 	} else if (mptcp_check_fallback(sk)) {
    479. 

  479. fallback:
    480. 

  480. 		mptcp_rcv_space_init(mptcp_sk(parent), sk);
    481. 

  481. 		mptcp_set_connected(parent);
    482. 

  482. 	}
    483. 

  483. 	return;
    484. 

  484. 

  485. do_reset:
    486. 

  486. 	subflow->reset_transient = 0;
    487. 

  487. 	mptcp_subflow_reset(sk);
    488. 

  488. }
    489. 

  489. 

  490. static void subflow_set_local_id(struct mptcp_subflow_context *subflow, int local_id)
    491. 

  491. {
    492. 

  492. 	subflow->local_id = local_id;
    493. 

  493. 	subflow->local_id_valid = 1;
    494. 

  494. }
    495. 

  495. 

  496. static int subflow_chk_local_id(struct sock *sk)
    497. 

  497. {
    498. 

  498. 	struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
    499. 

  499. 	struct mptcp_sock *msk = mptcp_sk(subflow->conn);
    500. 

  500. 	int err;
    501. 

  501. 

  502. 	if (likely(subflow->local_id_valid))
    503. 

  503. 		return 0;
    504. 

  504. 

  505. 	err = mptcp_pm_get_local_id(msk, (struct sock_common *)sk);
    506. 

  506. 	if (err < 0)
    507. 

  507. 		return err;
    508. 

  508. 

  509. 	subflow_set_local_id(subflow, err);
    510. 

  510. 	return 0;
    511. 

  511. }
    512. 

  512. 

  513. static int subflow_rebuild_header(struct sock *sk)
    514. 

  514. {
    515. 

  515. 	int err = subflow_chk_local_id(sk);
    516. 

  516. 

  517. 	if (unlikely(err < 0))
    518. 

  518. 		return err;
    519. 

  519. 

  520. 	return inet_sk_rebuild_header(sk);
    521. 

  521. }
    522. 

  522. 

  523. #if IS_ENABLED(CONFIG_MPTCP_IPV6)
    524. 

  524. static int subflow_v6_rebuild_header(struct sock *sk)
    525. 

  525. {
    526. 

  526. 	int err = subflow_chk_local_id(sk);
    527. 

  527. 

  528. 	if (unlikely(err < 0))
    529. 

  529. 		return err;
    530. 

  530. 

  531. 	return inet6_sk_rebuild_header(sk);
    532. 

  532. }
    533. 

  533. #endif
    534. 

  534. 

  535. static struct request_sock_ops mptcp_subflow_v4_request_sock_ops __ro_after_init;
    536. 

  536. static struct tcp_request_sock_ops subflow_request_sock_ipv4_ops __ro_after_init;
    537. 

  537. 

  538. static int subflow_v4_conn_request(struct sock *sk, struct sk_buff *skb)
    539. 

  539. {
    540. 

  540. 	struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
    541. 

  541. 

  542. 	pr_debug("subflow=%p", subflow);
    543. 

  543. 

  544. 	/* Never answer to SYNs sent to broadcast or multicast */
    545. 

  545. 	if (skb_rtable(skb)->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST))
    546. 

  546. 		goto drop;
    547. 

  547. 

  548. 	return tcp_conn_request(&mptcp_subflow_v4_request_sock_ops,
    549. 

  549. 				&subflow_request_sock_ipv4_ops,
    550. 

  550. 				sk, skb);
    551. 

  551. drop:
    552. 

  552. 	tcp_listendrop(sk);
    553. 

  553. 	return 0;
    554. 

  554. }
    555. 

  555. 

  556. static void subflow_v4_req_destructor(struct request_sock *req)
    557. 

  557. {
    558. 

  558. 	subflow_req_destructor(req);
    559. 

  559. 	tcp_request_sock_ops.destructor(req);
    560. 

  560. }
    561. 

  561. 

  562. #if IS_ENABLED(CONFIG_MPTCP_IPV6)
    563. 

  563. static struct request_sock_ops mptcp_subflow_v6_request_sock_ops __ro_after_init;
    564. 

  564. static struct tcp_request_sock_ops subflow_request_sock_ipv6_ops __ro_after_init;
    565. 

  565. static struct inet_connection_sock_af_ops subflow_v6_specific __ro_after_init;
    566. 

  566. static struct inet_connection_sock_af_ops subflow_v6m_specific __ro_after_init;
    567. 

  567. static struct proto tcpv6_prot_override __ro_after_init;
    568. 

  568. 

  569. static int subflow_v6_conn_request(struct sock *sk, struct sk_buff *skb)
    570. 

  570. {
    571. 

  571. 	struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
    572. 

  572. 

  573. 	pr_debug("subflow=%p", subflow);
    574. 

  574. 

  575. 	if (skb->protocol == htons(ETH_P_IP))
    576. 

  576. 		return subflow_v4_conn_request(sk, skb);
    577. 

  577. 

  578. 	if (!ipv6_unicast_destination(skb))
    579. 

  579. 		goto drop;
    580. 

  580. 

  581. 	if (ipv6_addr_v4mapped(&ipv6_hdr(skb)->saddr)) {
    582. 

  582. 		__IP6_INC_STATS(sock_net(sk), NULL, IPSTATS_MIB_INHDRERRORS);
    583. 

  583. 		return 0;
    584. 

  584. 	}
    585. 

  585. 

  586. 	return tcp_conn_request(&mptcp_subflow_v6_request_sock_ops,
    587. 

  587. 				&subflow_request_sock_ipv6_ops, sk, skb);
    588. 

  588. 

  589. drop:
    590. 

  590. 	tcp_listendrop(sk);
    591. 

  591. 	return 0; /* don't send reset */
    592. 

  592. }
    593. 

  593. 

  594. static void subflow_v6_req_destructor(struct request_sock *req)
    595. 

  595. {
    596. 

  596. 	subflow_req_destructor(req);
    597. 

  597. 	tcp6_request_sock_ops.destructor(req);
    598. 

  598. }
    599. 

  599. #endif
    600. 

  600. 

  601. struct request_sock *mptcp_subflow_reqsk_alloc(const struct request_sock_ops *ops,
    602. 

  602. 					       struct sock *sk_listener,
    603. 

  603. 					       bool attach_listener)
    604. 

  604. {
    605. 

  605. 	if (ops->family == AF_INET)
    606. 

  606. 		ops = &mptcp_subflow_v4_request_sock_ops;
    607. 

  607. #if IS_ENABLED(CONFIG_MPTCP_IPV6)
    608. 

  608. 	else if (ops->family == AF_INET6)
    609. 

  609. 		ops = &mptcp_subflow_v6_request_sock_ops;
    610. 

  610. #endif
    611. 

  611. 

  612. 	return inet_reqsk_alloc(ops, sk_listener, attach_listener);
    613. 

  613. }
    614. 

  614. EXPORT_SYMBOL(mptcp_subflow_reqsk_alloc);
    615. 

  615. 

  616. /* validate hmac received in third ACK */
    617. 

  617. static bool subflow_hmac_valid(const struct request_sock *req,
    618. 

  618. 			       const struct mptcp_options_received *mp_opt)
    619. 

  619. {
    620. 

  620. 	const struct mptcp_subflow_request_sock *subflow_req;
    621. 

  621. 	u8 hmac[SHA256_DIGEST_SIZE];
    622. 

  622. 	struct mptcp_sock *msk;
    623. 

  623. 

  624. 	subflow_req = mptcp_subflow_rsk(req);
    625. 

  625. 	msk = subflow_req->msk;
    626. 

  626. 	if (!msk)
    627. 

  627. 		return false;
    628. 

  628. 

  629. 	subflow_generate_hmac(msk->remote_key, msk->local_key,
    630. 

  630. 			      subflow_req->remote_nonce,
    631. 

  631. 			      subflow_req->local_nonce, hmac);
    632. 

  632. 

  633. 	return !crypto_memneq(hmac, mp_opt->hmac, MPTCPOPT_HMAC_LEN);
    634. 

  634. }
    635. 

  635. 

  636. static void subflow_ulp_fallback(struct sock *sk,
    637. 

  637. 				 struct mptcp_subflow_context *old_ctx)
    638. 

  638. {
    639. 

  639. 	struct inet_connection_sock *icsk = inet_csk(sk);
    640. 

  640. 

  641. 	mptcp_subflow_tcp_fallback(sk, old_ctx);
    642. 

  642. 	icsk->icsk_ulp_ops = NULL;
    643. 

  643. 	rcu_assign_pointer(icsk->icsk_ulp_data, NULL);
    644. 

  644. 	tcp_sk(sk)->is_mptcp = 0;
    645. 

  645. 

  646. 	mptcp_subflow_ops_undo_override(sk);
    647. 

  647. }
    648. 

  648. 

  649. void mptcp_subflow_drop_ctx(struct sock *ssk)
    650. 

  650. {
    651. 

  651. 	struct mptcp_subflow_context *ctx = mptcp_subflow_ctx(ssk);
    652. 

  652. 

  653. 	if (!ctx)
    654. 

  654. 		return;
    655. 

  655. 

  656. 	list_del(&mptcp_subflow_ctx(ssk)->node);
    657. 

  657. 	if (inet_csk(ssk)->icsk_ulp_ops) {
    658. 

  658. 		subflow_ulp_fallback(ssk, ctx);
    659. 

  659. 		if (ctx->conn)
    660. 

  660. 			sock_put(ctx->conn);
    661. 

  661. 	}
    662. 

  662. 

  663. 	kfree_rcu(ctx, rcu);
    664. 

  664. }
    665. 

  665. 

  666. void mptcp_subflow_fully_established(struct mptcp_subflow_context *subflow,
    667. 

  667. 				     struct mptcp_options_received *mp_opt)
    668. 

  668. {
    669. 

  669. 	struct mptcp_sock *msk = mptcp_sk(subflow->conn);
    670. 

  670. 

  671. 	subflow->remote_key = mp_opt->sndr_key;
    672. 

  672. 	subflow->fully_established = 1;
    673. 

  673. 	subflow->can_ack = 1;
    674. 

  674. 	WRITE_ONCE(msk->fully_established, true);
    675. 

  675. }
    676. 

  676. 

  677. static struct sock *subflow_syn_recv_sock(const struct sock *sk,
    678. 

  678. 					  struct sk_buff *skb,
    679. 

  679. 					  struct request_sock *req,
    680. 

  680. 					  struct dst_entry *dst,
    681. 

  681. 					  struct request_sock *req_unhash,
    682. 

  682. 					  bool *own_req)
    683. 

  683. {
    684. 

  684. 	struct mptcp_subflow_context *listener = mptcp_subflow_ctx(sk);
    685. 

  685. 	struct mptcp_subflow_request_sock *subflow_req;
    686. 

  686. 	struct mptcp_options_received mp_opt;
    687. 

  687. 	bool fallback, fallback_is_fatal;
    688. 

  688. 	struct mptcp_sock *owner;
    689. 

  689. 	struct sock *child;
    690. 

  690. 

  691. 	pr_debug("listener=%p, req=%p, conn=%p", listener, req, listener->conn);
    692. 

  692. 

  693. 	/* After child creation we must look for MPC even when options
    694. 

  694. 	 * are not parsed
    695. 

  695. 	 */
    696. 

  696. 	mp_opt.suboptions = 0;
    697. 

  697. 

  698. 	/* hopefully temporary handling for MP_JOIN+syncookie */
    699. 

  699. 	subflow_req = mptcp_subflow_rsk(req);
    700. 

  700. 	fallback_is_fatal = tcp_rsk(req)->is_mptcp && subflow_req->mp_join;
    701. 

  701. 	fallback = !tcp_rsk(req)->is_mptcp;
    702. 

  702. 	if (fallback)
    703. 

  703. 		goto create_child;
    704. 

  704. 

  705. 	/* if the sk is MP_CAPABLE, we try to fetch the client key */
    706. 

  706. 	if (subflow_req->mp_capable) {
    707. 

  707. 		/* we can receive and accept an in-window, out-of-order pkt,
    708. 

  708. 		 * which may not carry the MP_CAPABLE opt even on mptcp enabled
    709. 

  709. 		 * paths: always try to extract the peer key, and fallback
    710. 

  710. 		 * for packets missing it.
    711. 

  711. 		 * Even OoO DSS packets coming legitly after dropped or
    712. 

  712. 		 * reordered MPC will cause fallback, but we don't have other
    713. 

  713. 		 * options.
    714. 

  714. 		 */
    715. 

  715. 		mptcp_get_options(skb, &mp_opt);
    716. 

  716. 		if (!(mp_opt.suboptions & OPTIONS_MPTCP_MPC))
    717. 

  717. 			fallback = true;
    718. 

  718. 

  719. 	} else if (subflow_req->mp_join) {
    720. 

  720. 		mptcp_get_options(skb, &mp_opt);
    721. 

  721. 		if (!(mp_opt.suboptions & OPTIONS_MPTCP_MPJ) ||
    722. 

  722. 		    !subflow_hmac_valid(req, &mp_opt) ||
    723. 

  723. 		    !mptcp_can_accept_new_subflow(subflow_req->msk)) {
    724. 

  724. 			SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_JOINACKMAC);
    725. 

  725. 			fallback = true;
    726. 

  726. 		}
    727. 

  727. 	}
    728. 

  728. 

  729. create_child:
    730. 

  730. 	child = listener->icsk_af_ops->syn_recv_sock(sk, skb, req, dst,
    731. 

  731. 						     req_unhash, own_req);
    732. 

  732. 

  733. 	if (child && *own_req) {
    734. 

  734. 		struct mptcp_subflow_context *ctx = mptcp_subflow_ctx(child);
    735. 

  735. 

  736. 		tcp_rsk(req)->drop_req = false;
    737. 

  737. 

  738. 		/* we need to fallback on ctx allocation failure and on pre-reqs
    739. 

  739. 		 * checking above. In the latter scenario we additionally need
    740. 

  740. 		 * to reset the context to non MPTCP status.
    741. 

  741. 		 */
    742. 

  742. 		if (!ctx || fallback) {
    743. 

  743. 			if (fallback_is_fatal) {
    744. 

  744. 				subflow_add_reset_reason(skb, MPTCP_RST_EMPTCP);
    745. 

  745. 				goto dispose_child;
    746. 

  746. 			}
    747. 

  747. 			goto fallback;
    748. 

  748. 		}
    749. 

  749. 

  750. 		/* ssk inherits options of listener sk */
    751. 

  751. 		ctx->setsockopt_seq = listener->setsockopt_seq;
    752. 

  752. 

  753. 		if (ctx->mp_capable) {
    754. 

  754. 			ctx->conn = mptcp_sk_clone_init(listener->conn, &mp_opt, child, req);
    755. 

  755. 			if (!ctx->conn)
    756. 

  756. 				goto fallback;
    757. 

  757. 

  758. 			owner = mptcp_sk(ctx->conn);
    759. 

  759. 			mptcp_pm_new_connection(owner, child, 1);
    760. 

  760. 

  761. 			/* with OoO packets we can reach here without ingress
    762. 

  762. 			 * mpc option
    763. 

  763. 			 */
    764. 

  764. 			if (mp_opt.suboptions & OPTIONS_MPTCP_MPC) {
    765. 

  765. 				mptcp_subflow_fully_established(ctx, &mp_opt);
    766. 

  766. 				mptcp_pm_fully_established(owner, child, GFP_ATOMIC);
    767. 

  767. 				ctx->pm_notified = 1;
    768. 

  768. 			}
    769. 

  769. 		} else if (ctx->mp_join) {
    770. 

  770. 			owner = subflow_req->msk;
    771. 

  771. 			if (!owner) {
    772. 

  772. 				subflow_add_reset_reason(skb, MPTCP_RST_EPROHIBIT);
    773. 

  773. 				goto dispose_child;
    774. 

  774. 			}
    775. 

  775. 

  776. 			/* move the msk reference ownership to the subflow */
    777. 

  777. 			subflow_req->msk = NULL;
    778. 

  778. 			ctx->conn = (struct sock *)owner;
    779. 

  779. 

  780. 			if (subflow_use_different_sport(owner, sk)) {
    781. 

  781. 				pr_debug("ack inet_sport=%d %d",
    782. 

  782. 					 ntohs(inet_sk(sk)->inet_sport),
    783. 

  783. 					 ntohs(inet_sk((struct sock *)owner)->inet_sport));
    784. 

  784. 				if (!mptcp_pm_sport_in_anno_list(owner, sk)) {
    785. 

  785. 					SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_MISMATCHPORTACKRX);
    786. 

  786. 					goto dispose_child;
    787. 

  787. 				}
    788. 

  788. 				SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_JOINPORTACKRX);
    789. 

  789. 			}
    790. 

  790. 

  791. 			if (!mptcp_finish_join(child))
    792. 

  792. 				goto dispose_child;
    793. 

  793. 

  794. 			SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_JOINACKRX);
    795. 

  795. 			tcp_rsk(req)->drop_req = true;
    796. 

  796. 		}
    797. 

  797. 	}
    798. 

  798. 

  799. 	/* check for expected invariant - should never trigger, just help
    800. 

  800. 	 * catching eariler subtle bugs
    801. 

  801. 	 */
    802. 

  802. 	WARN_ON_ONCE(child && *own_req && tcp_sk(child)->is_mptcp &&
    803. 

  803. 		     (!mptcp_subflow_ctx(child) ||
    804. 

  804. 		      !mptcp_subflow_ctx(child)->conn));
    805. 

  805. 	return child;
    806. 

  806. 

  807. dispose_child:
    808. 

  808. 	mptcp_subflow_drop_ctx(child);
    809. 

  809. 	tcp_rsk(req)->drop_req = true;
    810. 

  810. 	inet_csk_prepare_for_destroy_sock(child);
    811. 

  811. 	tcp_done(child);
    812. 

  812. 	req->rsk_ops->send_reset(sk, skb);
    813. 

  813. 

  814. 	/* The last child reference will be released by the caller */
    815. 

  815. 	return child;
    816. 

  816. 

  817. fallback:
    818. 

  818. 	mptcp_subflow_drop_ctx(child);
    819. 

  819. 	return child;
    820. 

  820. }
    821. 

  821. 

  822. static struct inet_connection_sock_af_ops subflow_specific __ro_after_init;
    823. 

  823. static struct proto tcp_prot_override __ro_after_init;
    824. 

  824. 

  825. enum mapping_status {
    826. 

  826. 	MAPPING_OK,
    827. 

  827. 	MAPPING_INVALID,
    828. 

  828. 	MAPPING_EMPTY,
    829. 

  829. 	MAPPING_DATA_FIN,
    830. 

  830. 	MAPPING_DUMMY,
    831. 

  831. 	MAPPING_BAD_CSUM
    832. 

  832. };
    833. 

  833. 

  834. static void dbg_bad_map(struct mptcp_subflow_context *subflow, u32 ssn)
    835. 

  835. {
    836. 

  836. 	pr_debug("Bad mapping: ssn=%d map_seq=%d map_data_len=%d",
    837. 

  837. 		 ssn, subflow->map_subflow_seq, subflow->map_data_len);
    838. 

  838. }
    839. 

  839. 

  840. static bool skb_is_fully_mapped(struct sock *ssk, struct sk_buff *skb)
    841. 

  841. {
    842. 

  842. 	struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk);
    843. 

  843. 	unsigned int skb_consumed;
    844. 

  844. 

  845. 	skb_consumed = tcp_sk(ssk)->copied_seq - TCP_SKB_CB(skb)->seq;
    846. 

  846. 	if (WARN_ON_ONCE(skb_consumed >= skb->len))
    847. 

  847. 		return true;
    848. 

  848. 

  849. 	return skb->len - skb_consumed <= subflow->map_data_len -
    850. 

  850. 					  mptcp_subflow_get_map_offset(subflow);
    851. 

  851. }
    852. 

  852. 

  853. static bool validate_mapping(struct sock *ssk, struct sk_buff *skb)
    854. 

  854. {
    855. 

  855. 	struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk);
    856. 

  856. 	u32 ssn = tcp_sk(ssk)->copied_seq - subflow->ssn_offset;
    857. 

  857. 

  858. 	if (unlikely(before(ssn, subflow->map_subflow_seq))) {
    859. 

  859. 		/* Mapping covers data later in the subflow stream,
    860. 

  860. 		 * currently unsupported.
    861. 

  861. 		 */
    862. 

  862. 		dbg_bad_map(subflow, ssn);
    863. 

  863. 		return false;
    864. 

  864. 	}
    865. 

  865. 	if (unlikely(!before(ssn, subflow->map_subflow_seq +
    866. 

  866. 				  subflow->map_data_len))) {
    867. 

  867. 		/* Mapping does covers past subflow data, invalid */
    868. 

  868. 		dbg_bad_map(subflow, ssn);
    869. 

  869. 		return false;
    870. 

  870. 	}
    871. 

  871. 	return true;
    872. 

  872. }
    873. 

  873. 

  874. static enum mapping_status validate_data_csum(struct sock *ssk, struct sk_buff *skb,
    875. 

  875. 					      bool csum_reqd)
    876. 

  876. {
    877. 

  877. 	struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk);
    878. 

  878. 	u32 offset, seq, delta;
    879. 

  879. 	__sum16 csum;
    880. 

  880. 	int len;
    881. 

  881. 

  882. 	if (!csum_reqd)
    883. 

  883. 		return MAPPING_OK;
    884. 

  884. 

  885. 	/* mapping already validated on previous traversal */
    886. 

  886. 	if (subflow->map_csum_len == subflow->map_data_len)
    887. 

  887. 		return MAPPING_OK;
    888. 

  888. 

  889. 	/* traverse the receive queue, ensuring it contains a full
    890. 

  890. 	 * DSS mapping and accumulating the related csum.
    891. 

  891. 	 * Preserve the accoumlate csum across multiple calls, to compute
    892. 

  892. 	 * the csum only once
    893. 

  893. 	 */
    894. 

  894. 	delta = subflow->map_data_len - subflow->map_csum_len;
    895. 

  895. 	for (;;) {
    896. 

  896. 		seq = tcp_sk(ssk)->copied_seq + subflow->map_csum_len;
    897. 

  897. 		offset = seq - TCP_SKB_CB(skb)->seq;
    898. 

  898. 

  899. 		/* if the current skb has not been accounted yet, csum its contents
    900. 

  900. 		 * up to the amount covered by the current DSS
    901. 

  901. 		 */
    902. 

  902. 		if (offset < skb->len) {
    903. 

  903. 			__wsum csum;
    904. 

  904. 

  905. 			len = min(skb->len - offset, delta);
    906. 

  906. 			csum = skb_checksum(skb, offset, len, 0);
    907. 

  907. 			subflow->map_data_csum = csum_block_add(subflow->map_data_csum, csum,
    908. 

  908. 								subflow->map_csum_len);
    909. 

  909. 

  910. 			delta -= len;
    911. 

  911. 			subflow->map_csum_len += len;
    912. 

  912. 		}
    913. 

  913. 		if (delta == 0)
    914. 

  914. 			break;
    915. 

  915. 

  916. 		if (skb_queue_is_last(&ssk->sk_receive_queue, skb)) {
    917. 

  917. 			/* if this subflow is closed, the partial mapping
    918. 

  918. 			 * will be never completed; flush the pending skbs, so
    919. 

  919. 			 * that subflow_sched_work_if_closed() can kick in
    920. 

  920. 			 */
    921. 

  921. 			if (unlikely(ssk->sk_state == TCP_CLOSE))
    922. 

  922. 				while ((skb = skb_peek(&ssk->sk_receive_queue)))
    923. 

  923. 					sk_eat_skb(ssk, skb);
    924. 

  924. 

  925. 			/* not enough data to validate the csum */
    926. 

  926. 			return MAPPING_EMPTY;
    927. 

  927. 		}
    928. 

  928. 

  929. 		/* the DSS mapping for next skbs will be validated later,
    930. 

  930. 		 * when a get_mapping_status call will process such skb
    931. 

  931. 		 */
    932. 

  932. 		skb = skb->next;
    933. 

  933. 	}
    934. 

  934. 

  935. 	/* note that 'map_data_len' accounts only for the carried data, does
    936. 

  936. 	 * not include the eventual seq increment due to the data fin,
    937. 

  937. 	 * while the pseudo header requires the original DSS data len,
    938. 

  938. 	 * including that
    939. 

  939. 	 */
    940. 

  940. 	csum = __mptcp_make_csum(subflow->map_seq,
    941. 

  941. 				 subflow->map_subflow_seq,
    942. 

  942. 				 subflow->map_data_len + subflow->map_data_fin,
    943. 

  943. 				 subflow->map_data_csum);
    944. 

  944. 	if (unlikely(csum)) {
    945. 

  945. 		MPTCP_INC_STATS(sock_net(ssk), MPTCP_MIB_DATACSUMERR);
    946. 

  946. 		return MAPPING_BAD_CSUM;
    947. 

  947. 	}
    948. 

  948. 

  949. 	subflow->valid_csum_seen = 1;
    950. 

  950. 	return MAPPING_OK;
    951. 

  951. }
    952. 

  952. 

  953. static enum mapping_status get_mapping_status(struct sock *ssk,
    954. 

  954. 					      struct mptcp_sock *msk)
    955. 

  955. {
    956. 

  956. 	struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk);
    957. 

  957. 	bool csum_reqd = READ_ONCE(msk->csum_enabled);
    958. 

  958. 	struct mptcp_ext *mpext;
    959. 

  959. 	struct sk_buff *skb;
    960. 

  960. 	u16 data_len;
    961. 

  961. 	u64 map_seq;
    962. 

  962. 

  963. 	skb = skb_peek(&ssk->sk_receive_queue);
    964. 

  964. 	if (!skb)
    965. 

  965. 		return MAPPING_EMPTY;
    966. 

  966. 

  967. 	if (mptcp_check_fallback(ssk))
    968. 

  968. 		return MAPPING_DUMMY;
    969. 

  969. 

  970. 	mpext = mptcp_get_ext(skb);
    971. 

  971. 	if (!mpext || !mpext->use_map) {
    972. 

  972. 		if (!subflow->map_valid && !skb->len) {
    973. 

  973. 			/* the TCP stack deliver 0 len FIN pkt to the receive
    974. 

  974. 			 * queue, that is the only 0len pkts ever expected here,
    975. 

  975. 			 * and we can admit no mapping only for 0 len pkts
    976. 

  976. 			 */
    977. 

  977. 			if (!(TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN))
    978. 

  978. 				WARN_ONCE(1, "0len seq %d:%d flags %x",
    979. 

  979. 					  TCP_SKB_CB(skb)->seq,
    980. 

  980. 					  TCP_SKB_CB(skb)->end_seq,
    981. 

  981. 					  TCP_SKB_CB(skb)->tcp_flags);
    982. 

  982. 			sk_eat_skb(ssk, skb);
    983. 

  983. 			return MAPPING_EMPTY;
    984. 

  984. 		}
    985. 

  985. 

  986. 		if (!subflow->map_valid)
    987. 

  987. 			return MAPPING_INVALID;
    988. 

  988. 

  989. 		goto validate_seq;
    990. 

  990. 	}
    991. 

  991. 

  992. 	trace_get_mapping_status(mpext);
    993. 

  993. 

  994. 	data_len = mpext->data_len;
    995. 

  995. 	if (data_len == 0) {
    996. 

  996. 		pr_debug("infinite mapping received");
    997. 

  997. 		MPTCP_INC_STATS(sock_net(ssk), MPTCP_MIB_INFINITEMAPRX);
    998. 

  998. 		subflow->map_data_len = 0;
    999. 

  999. 		return MAPPING_INVALID;
    1000. 

  1000. 	}
    1001. 

  1001. 

  1002. 	if (mpext->data_fin == 1) {
    1003. 

  1003. 		if (data_len == 1) {
    1004. 

  1004. 			bool updated = mptcp_update_rcv_data_fin(msk, mpext->data_seq,
    1005. 

  1005. 								 mpext->dsn64);
    1006. 

  1006. 			pr_debug("DATA_FIN with no payload seq=%llu", mpext->data_seq);
    1007. 

  1007. 			if (subflow->map_valid) {
    1008. 

  1008. 				/* A DATA_FIN might arrive in a DSS
    1009. 

  1009. 				 * option before the previous mapping
    1010. 

  1010. 				 * has been fully consumed. Continue
    1011. 

  1011. 				 * handling the existing mapping.
    1012. 

  1012. 				 */
    1013. 

  1013. 				skb_ext_del(skb, SKB_EXT_MPTCP);
    1014. 

  1014. 				return MAPPING_OK;
    1015. 

  1015. 			} else {
    1016. 

  1016. 				if (updated)
    1017. 

  1017. 					mptcp_schedule_work((struct sock *)msk);
    1018. 

  1018. 

  1019. 				return MAPPING_DATA_FIN;
    1020. 

  1020. 			}
    1021. 

  1021. 		} else {
    1022. 

  1022. 			u64 data_fin_seq = mpext->data_seq + data_len - 1;
    1023. 

  1023. 

  1024. 			/* If mpext->data_seq is a 32-bit value, data_fin_seq
    1025. 

  1025. 			 * must also be limited to 32 bits.
    1026. 

  1026. 			 */
    1027. 

  1027. 			if (!mpext->dsn64)
    1028. 

  1028. 				data_fin_seq &= GENMASK_ULL(31, 0);
    1029. 

  1029. 

  1030. 			mptcp_update_rcv_data_fin(msk, data_fin_seq, mpext->dsn64);
    1031. 

  1031. 			pr_debug("DATA_FIN with mapping seq=%llu dsn64=%d",
    1032. 

  1032. 				 data_fin_seq, mpext->dsn64);
    1033. 

  1033. 		}
    1034. 

  1034. 

  1035. 		/* Adjust for DATA_FIN using 1 byte of sequence space */
    1036. 

  1036. 		data_len--;
    1037. 

  1037. 	}
    1038. 

  1038. 

  1039. 	map_seq = mptcp_expand_seq(READ_ONCE(msk->ack_seq), mpext->data_seq, mpext->dsn64);
    1040. 

  1040. 	WRITE_ONCE(mptcp_sk(subflow->conn)->use_64bit_ack, !!mpext->dsn64);
    1041. 

  1041. 

  1042. 	if (subflow->map_valid) {
    1043. 

  1043. 		/* Allow replacing only with an identical map */
    1044. 

  1044. 		if (subflow->map_seq == map_seq &&
    1045. 

  1045. 		    subflow->map_subflow_seq == mpext->subflow_seq &&
    1046. 

  1046. 		    subflow->map_data_len == data_len &&
    1047. 

  1047. 		    subflow->map_csum_reqd == mpext->csum_reqd) {
    1048. 

  1048. 			skb_ext_del(skb, SKB_EXT_MPTCP);
    1049. 

  1049. 			goto validate_csum;
    1050. 

  1050. 		}
    1051. 

  1051. 

  1052. 		/* If this skb data are fully covered by the current mapping,
    1053. 

  1053. 		 * the new map would need caching, which is not supported
    1054. 

  1054. 		 */
    1055. 

  1055. 		if (skb_is_fully_mapped(ssk, skb)) {
    1056. 

  1056. 			MPTCP_INC_STATS(sock_net(ssk), MPTCP_MIB_DSSNOMATCH);
    1057. 

  1057. 			return MAPPING_INVALID;
    1058. 

  1058. 		}
    1059. 

  1059. 

  1060. 		/* will validate the next map after consuming the current one */
    1061. 

  1061. 		goto validate_csum;
    1062. 

  1062. 	}
    1063. 

  1063. 

  1064. 	subflow->map_seq = map_seq;
    1065. 

  1065. 	subflow->map_subflow_seq = mpext->subflow_seq;
    1066. 

  1066. 	subflow->map_data_len = data_len;
    1067. 

  1067. 	subflow->map_valid = 1;
    1068. 

  1068. 	subflow->map_data_fin = mpext->data_fin;
    1069. 

  1069. 	subflow->mpc_map = mpext->mpc_map;
    1070. 

  1070. 	subflow->map_csum_reqd = mpext->csum_reqd;
    1071. 

  1071. 	subflow->map_csum_len = 0;
    1072. 

  1072. 	subflow->map_data_csum = csum_unfold(mpext->csum);
    1073. 

  1073. 

  1074. 	/* Cfr RFC 8684 Section 3.3.0 */
    1075. 

  1075. 	if (unlikely(subflow->map_csum_reqd != csum_reqd))
    1076. 

  1076. 		return MAPPING_INVALID;
    1077. 

  1077. 

  1078. 	pr_debug("new map seq=%llu subflow_seq=%u data_len=%u csum=%d:%u",
    1079. 

  1079. 		 subflow->map_seq, subflow->map_subflow_seq,
    1080. 

  1080. 		 subflow->map_data_len, subflow->map_csum_reqd,
    1081. 

  1081. 		 subflow->map_data_csum);
    1082. 

  1082. 

  1083. validate_seq:
    1084. 

  1084. 	/* we revalidate valid mapping on new skb, because we must ensure
    1085. 

  1085. 	 * the current skb is completely covered by the available mapping
    1086. 

  1086. 	 */
    1087. 

  1087. 	if (!validate_mapping(ssk, skb)) {
    1088. 

  1088. 		MPTCP_INC_STATS(sock_net(ssk), MPTCP_MIB_DSSTCPMISMATCH);
    1089. 

  1089. 		return MAPPING_INVALID;
    1090. 

  1090. 	}
    1091. 

  1091. 

  1092. 	skb_ext_del(skb, SKB_EXT_MPTCP);
    1093. 

  1093. 

  1094. validate_csum:
    1095. 

  1095. 	return validate_data_csum(ssk, skb, csum_reqd);
    1096. 

  1096. }
    1097. 

  1097. 

  1098. static void mptcp_subflow_discard_data(struct sock *ssk, struct sk_buff *skb,
    1099. 

  1099. 				       u64 limit)
    1100. 

  1100. {
    1101. 

  1101. 	struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk);
    1102. 

  1102. 	bool fin = TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN;
    1103. 

  1103. 	u32 incr;
    1104. 

  1104. 

  1105. 	incr = limit >= skb->len ? skb->len + fin : limit;
    1106. 

  1106. 

  1107. 	pr_debug("discarding=%d len=%d seq=%d", incr, skb->len,
    1108. 

  1108. 		 subflow->map_subflow_seq);
    1109. 

  1109. 	MPTCP_INC_STATS(sock_net(ssk), MPTCP_MIB_DUPDATA);
    1110. 

  1110. 	tcp_sk(ssk)->copied_seq += incr;
    1111. 

  1111. 	if (!before(tcp_sk(ssk)->copied_seq, TCP_SKB_CB(skb)->end_seq))
    1112. 

  1112. 		sk_eat_skb(ssk, skb);
    1113. 

  1113. 	if (mptcp_subflow_get_map_offset(subflow) >= subflow->map_data_len)
    1114. 

  1114. 		subflow->map_valid = 0;
    1115. 

  1115. }
    1116. 

  1116. 

  1117. /* sched mptcp worker to remove the subflow if no more data is pending */
    1118. 

  1118. static void subflow_sched_work_if_closed(struct mptcp_sock *msk, struct sock *ssk)
    1119. 

  1119. {
    1120. 

  1120. 	if (likely(ssk->sk_state != TCP_CLOSE))
    1121. 

  1121. 		return;
    1122. 

  1122. 

  1123. 	if (skb_queue_empty(&ssk->sk_receive_queue) &&
    1124. 

  1124. 	    !test_and_set_bit(MPTCP_WORK_CLOSE_SUBFLOW, &msk->flags))
    1125. 

  1125. 		mptcp_schedule_work((struct sock *)msk);
    1126. 

  1126. }
    1127. 

  1127. 

  1128. static bool subflow_can_fallback(struct mptcp_subflow_context *subflow)
    1129. 

  1129. {
    1130. 

  1130. 	struct mptcp_sock *msk = mptcp_sk(subflow->conn);
    1131. 

  1131. 

  1132. 	if (subflow->mp_join)
    1133. 

  1133. 		return false;
    1134. 

  1134. 	else if (READ_ONCE(msk->csum_enabled))
    1135. 

  1135. 		return !subflow->valid_csum_seen;
    1136. 

  1136. 	else
    1137. 

  1137. 		return !subflow->fully_established;
    1138. 

  1138. }
    1139. 

  1139. 

  1140. static void mptcp_subflow_fail(struct mptcp_sock *msk, struct sock *ssk)
    1141. 

  1141. {
    1142. 

  1142. 	struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk);
    1143. 

  1143. 	unsigned long fail_tout;
    1144. 

  1144. 

  1145. 	/* greceful failure can happen only on the MPC subflow */
    1146. 

  1146. 	if (WARN_ON_ONCE(ssk != READ_ONCE(msk->first)))
    1147. 

  1147. 		return;
    1148. 

  1148. 

  1149. 	/* since the close timeout take precedence on the fail one,
    1150. 

  1150. 	 * no need to start the latter when the first is already set
    1151. 

  1151. 	 */
    1152. 

  1152. 	if (sock_flag((struct sock *)msk, SOCK_DEAD))
    1153. 

  1153. 		return;
    1154. 

  1154. 

  1155. 	/* we don't need extreme accuracy here, use a zero fail_tout as special
    1156. 

  1156. 	 * value meaning no fail timeout at all;
    1157. 

  1157. 	 */
    1158. 

  1158. 	fail_tout = jiffies + TCP_RTO_MAX;
    1159. 

  1159. 	if (!fail_tout)
    1160. 

  1160. 		fail_tout = 1;
    1161. 

  1161. 	WRITE_ONCE(subflow->fail_tout, fail_tout);
    1162. 

  1162. 	tcp_send_ack(ssk);
    1163. 

  1163. 

  1164. 	mptcp_reset_tout_timer(msk, subflow->fail_tout);
    1165. 

  1165. }
    1166. 

  1166. 

  1167. static bool subflow_check_data_avail(struct sock *ssk)
    1168. 

  1168. {
    1169. 

  1169. 	struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk);
    1170. 

  1170. 	enum mapping_status status;
    1171. 

  1171. 	struct mptcp_sock *msk;
    1172. 

  1172. 	struct sk_buff *skb;
    1173. 

  1173. 

  1174. 	if (!skb_peek(&ssk->sk_receive_queue))
    1175. 

  1175. 		WRITE_ONCE(subflow->data_avail, MPTCP_SUBFLOW_NODATA);
    1176. 

  1176. 	if (subflow->data_avail)
    1177. 

  1177. 		return true;
    1178. 

  1178. 

  1179. 	msk = mptcp_sk(subflow->conn);
    1180. 

  1180. 	for (;;) {
    1181. 

  1181. 		u64 ack_seq;
    1182. 

  1182. 		u64 old_ack;
    1183. 

  1183. 

  1184. 		status = get_mapping_status(ssk, msk);
    1185. 

  1185. 		trace_subflow_check_data_avail(status, skb_peek(&ssk->sk_receive_queue));
    1186. 

  1186. 		if (unlikely(status == MAPPING_INVALID || status == MAPPING_DUMMY ||
    1187. 

  1187. 			     status == MAPPING_BAD_CSUM))
    1188. 

  1188. 			goto fallback;
    1189. 

  1189. 

  1190. 		if (status != MAPPING_OK)
    1191. 

  1191. 			goto no_data;
    1192. 

  1192. 

  1193. 		skb = skb_peek(&ssk->sk_receive_queue);
    1194. 

  1194. 		if (WARN_ON_ONCE(!skb))
    1195. 

  1195. 			goto no_data;
    1196. 

  1196. 

  1197. 		/* if msk lacks the remote key, this subflow must provide an
    1198. 

  1198. 		 * MP_CAPABLE-based mapping
    1199. 

  1199. 		 */
    1200. 

  1200. 		if (unlikely(!READ_ONCE(msk->can_ack))) {
    1201. 

  1201. 			if (!subflow->mpc_map)
    1202. 

  1202. 				goto fallback;
    1203. 

  1203. 			WRITE_ONCE(msk->remote_key, subflow->remote_key);
    1204. 

  1204. 			WRITE_ONCE(msk->ack_seq, subflow->map_seq);
    1205. 

  1205. 			WRITE_ONCE(msk->can_ack, true);
    1206. 

  1206. 		}
    1207. 

  1207. 

  1208. 		old_ack = READ_ONCE(msk->ack_seq);
    1209. 

  1209. 		ack_seq = mptcp_subflow_get_mapped_dsn(subflow);
    1210. 

  1210. 		pr_debug("msk ack_seq=%llx subflow ack_seq=%llx", old_ack,
    1211. 

  1211. 			 ack_seq);
    1212. 

  1212. 		if (unlikely(before64(ack_seq, old_ack))) {
    1213. 

  1213. 			mptcp_subflow_discard_data(ssk, skb, old_ack - ack_seq);
    1214. 

  1214. 			continue;
    1215. 

  1215. 		}
    1216. 

  1216. 

  1217. 		WRITE_ONCE(subflow->data_avail, MPTCP_SUBFLOW_DATA_AVAIL);
    1218. 

  1218. 		break;
    1219. 

  1219. 	}
    1220. 

  1220. 	return true;
    1221. 

  1221. 

  1222. no_data:
    1223. 

  1223. 	subflow_sched_work_if_closed(msk, ssk);
    1224. 

  1224. 	return false;
    1225. 

  1225. 

  1226. fallback:
    1227. 

  1227. 	if (!__mptcp_check_fallback(msk)) {
    1228. 

  1228. 		/* RFC 8684 section 3.7. */
    1229. 

  1229. 		if (status == MAPPING_BAD_CSUM &&
    1230. 

  1230. 		    (subflow->mp_join || subflow->valid_csum_seen)) {
    1231. 

  1231. 			subflow->send_mp_fail = 1;
    1232. 

  1232. 

  1233. 			if (!READ_ONCE(msk->allow_infinite_fallback)) {
    1234. 

  1234. 				subflow->reset_transient = 0;
    1235. 

  1235. 				subflow->reset_reason = MPTCP_RST_EMIDDLEBOX;
    1236. 

  1236. 				goto reset;
    1237. 

  1237. 			}
    1238. 

  1238. 			mptcp_subflow_fail(msk, ssk);
    1239. 

  1239. 			WRITE_ONCE(subflow->data_avail, MPTCP_SUBFLOW_DATA_AVAIL);
    1240. 

  1240. 			return true;
    1241. 

  1241. 		}
    1242. 

  1242. 

  1243. 		if (!subflow_can_fallback(subflow) && subflow->map_data_len) {
    1244. 

  1244. 			/* fatal protocol error, close the socket.
    1245. 

  1245. 			 * subflow_error_report() will introduce the appropriate barriers
    1246. 

  1246. 			 */
    1247. 

  1247. 			subflow->reset_transient = 0;
    1248. 

  1248. 			subflow->reset_reason = MPTCP_RST_EMPTCP;
    1249. 

  1249. 

  1250. reset:
    1251. 

  1251. 			WRITE_ONCE(ssk->sk_err, EBADMSG);
    1252. 

  1252. 			tcp_set_state(ssk, TCP_CLOSE);
    1253. 

  1253. 			while ((skb = skb_peek(&ssk->sk_receive_queue)))
    1254. 

  1254. 				sk_eat_skb(ssk, skb);
    1255. 

  1255. 			tcp_send_active_reset(ssk, GFP_ATOMIC);
    1256. 

  1256. 			WRITE_ONCE(subflow->data_avail, MPTCP_SUBFLOW_NODATA);
    1257. 

  1257. 			return false;
    1258. 

  1258. 		}
    1259. 

  1259. 

  1260. 		mptcp_do_fallback(ssk);
    1261. 

  1261. 	}
    1262. 

  1262. 

  1263. 	skb = skb_peek(&ssk->sk_receive_queue);
    1264. 

  1264. 	subflow->map_valid = 1;
    1265. 

  1265. 	subflow->map_seq = READ_ONCE(msk->ack_seq);
    1266. 

  1266. 	subflow->map_data_len = skb->len;
    1267. 

  1267. 	subflow->map_subflow_seq = tcp_sk(ssk)->copied_seq - subflow->ssn_offset;
    1268. 

  1268. 	WRITE_ONCE(subflow->data_avail, MPTCP_SUBFLOW_DATA_AVAIL);
    1269. 

  1269. 	return true;
    1270. 

  1270. }
    1271. 

  1271. 

  1272. bool mptcp_subflow_data_available(struct sock *sk)
    1273. 

  1273. {
    1274. 

  1274. 	struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
    1275. 

  1275. 

  1276. 	/* check if current mapping is still valid */
    1277. 

  1277. 	if (subflow->map_valid &&
    1278. 

  1278. 	    mptcp_subflow_get_map_offset(subflow) >= subflow->map_data_len) {
    1279. 

  1279. 		subflow->map_valid = 0;
    1280. 

  1280. 		WRITE_ONCE(subflow->data_avail, MPTCP_SUBFLOW_NODATA);
    1281. 

  1281. 

  1282. 		pr_debug("Done with mapping: seq=%u data_len=%u",
    1283. 

  1283. 			 subflow->map_subflow_seq,
    1284. 

  1284. 			 subflow->map_data_len);
    1285. 

  1285. 	}
    1286. 

  1286. 

  1287. 	return subflow_check_data_avail(sk);
    1288. 

  1288. }
    1289. 

  1289. 

  1290. /* If ssk has an mptcp parent socket, use the mptcp rcvbuf occupancy,
    1291. 

  1291.  * not the ssk one.
    1292. 

  1292.  *
    1293. 

  1293.  * In mptcp, rwin is about the mptcp-level connection data.
    1294. 

  1294.  *
    1295. 

  1295.  * Data that is still on the ssk rx queue can thus be ignored,
    1296. 

  1296.  * as far as mptcp peer is concerned that data is still inflight.
    1297. 

  1297.  * DSS ACK is updated when skb is moved to the mptcp rx queue.
    1298. 

  1298.  */
    1299. 

  1299. void mptcp_space(const struct sock *ssk, int *space, int *full_space)
    1300. 

  1300. {
    1301. 

  1301. 	const struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk);
    1302. 

  1302. 	const struct sock *sk = subflow->conn;
    1303. 

  1303. 

  1304. 	*space = __mptcp_space(sk);
    1305. 

  1305. 	*full_space = tcp_full_space(sk);
    1306. 

  1306. }
    1307. 

  1307. 

  1308. static void subflow_error_report(struct sock *ssk)
    1309. 

  1309. {
    1310. 

  1310. 	struct sock *sk = mptcp_subflow_ctx(ssk)->conn;
    1311. 

  1311. 

  1312. 	/* bail early if this is a no-op, so that we avoid introducing a
    1313. 

  1313. 	 * problematic lockdep dependency between TCP accept queue lock
    1314. 

  1314. 	 * and msk socket spinlock
    1315. 

  1315. 	 */
    1316. 

  1316. 	if (!sk->sk_socket)
    1317. 

  1317. 		return;
    1318. 

  1318. 

  1319. 	mptcp_data_lock(sk);
    1320. 

  1320. 	if (!sock_owned_by_user(sk))
    1321. 

  1321. 		__mptcp_error_report(sk);
    1322. 

  1322. 	else
    1323. 

  1323. 		__set_bit(MPTCP_ERROR_REPORT,  &mptcp_sk(sk)->cb_flags);
    1324. 

  1324. 	mptcp_data_unlock(sk);
    1325. 

  1325. }
    1326. 

  1326. 

  1327. static void subflow_data_ready(struct sock *sk)
    1328. 

  1328. {
    1329. 

  1329. 	struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
    1330. 

  1330. 	u16 state = 1 << inet_sk_state_load(sk);
    1331. 

  1331. 	struct sock *parent = subflow->conn;
    1332. 

  1332. 	struct mptcp_sock *msk;
    1333. 

  1333. 

  1334. 	msk = mptcp_sk(parent);
    1335. 

  1335. 	if (state & TCPF_LISTEN) {
    1336. 

  1336. 		/* MPJ subflow are removed from accept queue before reaching here,
    1337. 

  1337. 		 * avoid stray wakeups
    1338. 

  1338. 		 */
    1339. 

  1339. 		if (reqsk_queue_empty(&inet_csk(sk)->icsk_accept_queue))
    1340. 

  1340. 			return;
    1341. 

  1341. 

  1342. 		parent->sk_data_ready(parent);
    1343. 

  1343. 		return;
    1344. 

  1344. 	}
    1345. 

  1345. 

  1346. 	WARN_ON_ONCE(!__mptcp_check_fallback(msk) && !subflow->mp_capable &&
    1347. 

  1347. 		     !subflow->mp_join && !(state & TCPF_CLOSE));
    1348. 

  1348. 

  1349. 	if (mptcp_subflow_data_available(sk))
    1350. 

  1350. 		mptcp_data_ready(parent, sk);
    1351. 

  1351. 	else if (unlikely(sk->sk_err))
    1352. 

  1352. 		subflow_error_report(sk);
    1353. 

  1353. }
    1354. 

  1354. 

  1355. static void subflow_write_space(struct sock *ssk)
    1356. 

  1356. {
    1357. 

  1357. 	struct sock *sk = mptcp_subflow_ctx(ssk)->conn;
    1358. 

  1358. 

  1359. 	mptcp_propagate_sndbuf(sk, ssk);
    1360. 

  1360. 	mptcp_write_space(sk);
    1361. 

  1361. }
    1362. 

  1362. 

  1363. static const struct inet_connection_sock_af_ops *
    1364. 

  1364. subflow_default_af_ops(struct sock *sk)
    1365. 

  1365. {
    1366. 

  1366. #if IS_ENABLED(CONFIG_MPTCP_IPV6)
    1367. 

  1367. 	if (sk->sk_family == AF_INET6)
    1368. 

  1368. 		return &subflow_v6_specific;
    1369. 

  1369. #endif
    1370. 

  1370. 	return &subflow_specific;
    1371. 

  1371. }
    1372. 

  1372. 

  1373. #if IS_ENABLED(CONFIG_MPTCP_IPV6)
    1374. 

  1374. void mptcpv6_handle_mapped(struct sock *sk, bool mapped)
    1375. 

  1375. {
    1376. 

  1376. 	struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
    1377. 

  1377. 	struct inet_connection_sock *icsk = inet_csk(sk);
    1378. 

  1378. 	const struct inet_connection_sock_af_ops *target;
    1379. 

  1379. 

  1380. 	target = mapped ? &subflow_v6m_specific : subflow_default_af_ops(sk);
    1381. 

  1381. 

  1382. 	pr_debug("subflow=%p family=%d ops=%p target=%p mapped=%d",
    1383. 

  1383. 		 subflow, sk->sk_family, icsk->icsk_af_ops, target, mapped);
    1384. 

  1384. 

  1385. 	if (likely(icsk->icsk_af_ops == target))
    1386. 

  1386. 		return;
    1387. 

  1387. 

  1388. 	subflow->icsk_af_ops = icsk->icsk_af_ops;
    1389. 

  1389. 	icsk->icsk_af_ops = target;
    1390. 

  1390. }
    1391. 

  1391. #endif
    1392. 

  1392. 

  1393. void mptcp_info2sockaddr(const struct mptcp_addr_info *info,
    1394. 

  1394. 			 struct sockaddr_storage *addr,
    1395. 

  1395. 			 unsigned short family)
    1396. 

  1396. {
    1397. 

  1397. 	memset(addr, 0, sizeof(*addr));
    1398. 

  1398. 	addr->ss_family = family;
    1399. 

  1399. 	if (addr->ss_family == AF_INET) {
    1400. 

  1400. 		struct sockaddr_in *in_addr = (struct sockaddr_in *)addr;
    1401. 

  1401. 

  1402. 		if (info->family == AF_INET)
    1403. 

  1403. 			in_addr->sin_addr = info->addr;
    1404. 

  1404. #if IS_ENABLED(CONFIG_MPTCP_IPV6)
    1405. 

  1405. 		else if (ipv6_addr_v4mapped(&info->addr6))
    1406. 

  1406. 			in_addr->sin_addr.s_addr = info->addr6.s6_addr32[3];
    1407. 

  1407. #endif
    1408. 

  1408. 		in_addr->sin_port = info->port;
    1409. 

  1409. 	}
    1410. 

  1410. #if IS_ENABLED(CONFIG_MPTCP_IPV6)
    1411. 

  1411. 	else if (addr->ss_family == AF_INET6) {
    1412. 

  1412. 		struct sockaddr_in6 *in6_addr = (struct sockaddr_in6 *)addr;
    1413. 

  1413. 

  1414. 		if (info->family == AF_INET)
    1415. 

  1415. 			ipv6_addr_set_v4mapped(info->addr.s_addr,
    1416. 

  1416. 					       &in6_addr->sin6_addr);
    1417. 

  1417. 		else
    1418. 

  1418. 			in6_addr->sin6_addr = info->addr6;
    1419. 

  1419. 		in6_addr->sin6_port = info->port;
    1420. 

  1420. 	}
    1421. 

  1421. #endif
    1422. 

  1422. }
    1423. 

  1423. 

  1424. int __mptcp_subflow_connect(struct sock *sk, const struct mptcp_addr_info *loc,
    1425. 

  1425. 			    const struct mptcp_addr_info *remote)
    1426. 

  1426. {
    1427. 

  1427. 	struct mptcp_sock *msk = mptcp_sk(sk);
    1428. 

  1428. 	struct mptcp_subflow_context *subflow;
    1429. 

  1429. 	struct sockaddr_storage addr;
    1430. 

  1430. 	int remote_id = remote->id;
    1431. 

  1431. 	int local_id = loc->id;
    1432. 

  1432. 	int err = -ENOTCONN;
    1433. 

  1433. 	struct socket *sf;
    1434. 

  1434. 	struct sock *ssk;
    1435. 

  1435. 	u32 remote_token;
    1436. 

  1436. 	int addrlen;
    1437. 

  1437. 	int ifindex;
    1438. 

  1438. 	u8 flags;
    1439. 

  1439. 

  1440. 	if (!mptcp_is_fully_established(sk))
    1441. 

  1441. 		goto err_out;
    1442. 

  1442. 

  1443. 	err = mptcp_subflow_create_socket(sk, loc->family, &sf);
    1444. 

  1444. 	if (err)
    1445. 

  1445. 		goto err_out;
    1446. 

  1446. 

  1447. 	ssk = sf->sk;
    1448. 

  1448. 	subflow = mptcp_subflow_ctx(ssk);
    1449. 

  1449. 	do {
    1450. 

  1450. 		get_random_bytes(&subflow->local_nonce, sizeof(u32));
    1451. 

  1451. 	} while (!subflow->local_nonce);
    1452. 

  1452. 

  1453. 	if (local_id)
    1454. 

  1454. 		subflow_set_local_id(subflow, local_id);
    1455. 

  1455. 

  1456. 	mptcp_pm_get_flags_and_ifindex_by_id(msk, local_id,
    1457. 

  1457. 					     &flags, &ifindex);
    1458. 

  1458. 	subflow->remote_key = msk->remote_key;
    1459. 

  1459. 	subflow->local_key = msk->local_key;
    1460. 

  1460. 	subflow->token = msk->token;
    1461. 

  1461. 	mptcp_info2sockaddr(loc, &addr, ssk->sk_family);
    1462. 

  1462. 

  1463. 	addrlen = sizeof(struct sockaddr_in);
    1464. 

  1464. #if IS_ENABLED(CONFIG_MPTCP_IPV6)
    1465. 

  1465. 	if (addr.ss_family == AF_INET6)
    1466. 

  1466. 		addrlen = sizeof(struct sockaddr_in6);
    1467. 

  1467. #endif
    1468. 

  1468. 	mptcp_sockopt_sync(msk, ssk);
    1469. 

  1469. 

  1470. 	ssk->sk_bound_dev_if = ifindex;
    1471. 

  1471. 	err = kernel_bind(sf, (struct sockaddr *)&addr, addrlen);
    1472. 

  1472. 	if (err)
    1473. 

  1473. 		goto failed;
    1474. 

  1474. 

  1475. 	mptcp_crypto_key_sha(subflow->remote_key, &remote_token, NULL);
    1476. 

  1476. 	pr_debug("msk=%p remote_token=%u local_id=%d remote_id=%d", msk,
    1477. 

  1477. 		 remote_token, local_id, remote_id);
    1478. 

  1478. 	subflow->remote_token = remote_token;
    1479. 

  1479. 	subflow->remote_id = remote_id;
    1480. 

  1480. 	subflow->request_join = 1;
    1481. 

  1481. 	subflow->request_bkup = !!(flags & MPTCP_PM_ADDR_FLAG_BACKUP);
    1482. 

  1482. 	mptcp_info2sockaddr(remote, &addr, ssk->sk_family);
    1483. 

  1483. 

  1484. 	sock_hold(ssk);
    1485. 

  1485. 	list_add_tail(&subflow->node, &msk->conn_list);
    1486. 

  1486. 	err = kernel_connect(sf, (struct sockaddr *)&addr, addrlen, O_NONBLOCK);
    1487. 

  1487. 	if (err && err != -EINPROGRESS)
    1488. 

  1488. 		goto failed_unlink;
    1489. 

  1489. 

  1490. 	/* discard the subflow socket */
    1491. 

  1491. 	mptcp_sock_graft(ssk, sk->sk_socket);
    1492. 

  1492. 	iput(SOCK_INODE(sf));
    1493. 

  1493. 	WRITE_ONCE(msk->allow_infinite_fallback, false);
    1494. 

  1494. 	mptcp_stop_tout_timer(sk);
    1495. 

  1495. 	return 0;
    1496. 

  1496. 

  1497. failed_unlink:
    1498. 

  1498. 	list_del(&subflow->node);
    1499. 

  1499. 	sock_put(mptcp_subflow_tcp_sock(subflow));
    1500. 

  1500. 

  1501. failed:
    1502. 

  1502. 	subflow->disposable = 1;
    1503. 

  1503. 	sock_release(sf);
    1504. 

  1504. 

  1505. err_out:
    1506. 

  1506. 	/* we account subflows before the creation, and this failures will not
    1507. 

  1507. 	 * be caught by sk_state_change()
    1508. 

  1508. 	 */
    1509. 

  1509. 	mptcp_pm_close_subflow(msk);
    1510. 

  1510. 	return err;
    1511. 

  1511. }
    1512. 

  1512. 

  1513. static void mptcp_attach_cgroup(struct sock *parent, struct sock *child)
    1514. 

  1514. {
    1515. 

  1515. #ifdef CONFIG_SOCK_CGROUP_DATA
    1516. 

  1516. 	struct sock_cgroup_data *parent_skcd = &parent->sk_cgrp_data,
    1517. 

  1517. 				*child_skcd = &child->sk_cgrp_data;
    1518. 

  1518. 

  1519. 	/* only the additional subflows created by kworkers have to be modified */
    1520. 

  1520. 	if (cgroup_id(sock_cgroup_ptr(parent_skcd)) !=
    1521. 

  1521. 	    cgroup_id(sock_cgroup_ptr(child_skcd))) {
    1522. 

  1522. #ifdef CONFIG_MEMCG
    1523. 

  1523. 		struct mem_cgroup *memcg = parent->sk_memcg;
    1524. 

  1524. 

  1525. 		mem_cgroup_sk_free(child);
    1526. 

  1526. 		if (memcg && css_tryget(&memcg->css))
    1527. 

  1527. 			child->sk_memcg = memcg;
    1528. 

  1528. #endif /* CONFIG_MEMCG */
    1529. 

  1529. 

  1530. 		cgroup_sk_free(child_skcd);
    1531. 

  1531. 		*child_skcd = *parent_skcd;
    1532. 

  1532. 		cgroup_sk_clone(child_skcd);
    1533. 

  1533. 	}
    1534. 

  1534. #endif /* CONFIG_SOCK_CGROUP_DATA */
    1535. 

  1535. }
    1536. 

  1536. 

  1537. static void mptcp_subflow_ops_override(struct sock *ssk)
    1538. 

  1538. {
    1539. 

  1539. #if IS_ENABLED(CONFIG_MPTCP_IPV6)
    1540. 

  1540. 	if (ssk->sk_prot == &tcpv6_prot)
    1541. 

  1541. 		ssk->sk_prot = &tcpv6_prot_override;
    1542. 

  1542. 	else
    1543. 

  1543. #endif
    1544. 

  1544. 		ssk->sk_prot = &tcp_prot_override;
    1545. 

  1545. }
    1546. 

  1546. 

  1547. static void mptcp_subflow_ops_undo_override(struct sock *ssk)
    1548. 

  1548. {
    1549. 

  1549. #if IS_ENABLED(CONFIG_MPTCP_IPV6)
    1550. 

  1550. 	if (ssk->sk_prot == &tcpv6_prot_override)
    1551. 

  1551. 		ssk->sk_prot = &tcpv6_prot;
    1552. 

  1552. 	else
    1553. 

  1553. #endif
    1554. 

  1554. 		ssk->sk_prot = &tcp_prot;
    1555. 

  1555. }
    1556. 

  1556. 

  1557. int mptcp_subflow_create_socket(struct sock *sk, unsigned short family,
    1558. 

  1558. 				struct socket **new_sock)
    1559. 

  1559. {
    1560. 

  1560. 	struct mptcp_subflow_context *subflow;
    1561. 

  1561. 	struct net *net = sock_net(sk);
    1562. 

  1562. 	struct socket *sf;
    1563. 

  1563. 	int err;
    1564. 

  1564. 

  1565. 	/* un-accepted server sockets can reach here - on bad configuration
    1566. 

  1566. 	 * bail early to avoid greater trouble later
    1567. 

  1567. 	 */
    1568. 

  1568. 	if (unlikely(!sk->sk_socket))
    1569. 

  1569. 		return -EINVAL;
    1570. 

  1570. 

  1571. 	err = sock_create_kern(net, family, SOCK_STREAM, IPPROTO_TCP, &sf);
    1572. 

  1572. 	if (err)
    1573. 

  1573. 		return err;
    1574. 

  1574. 

  1575. 	lock_sock_nested(sf->sk, SINGLE_DEPTH_NESTING);
    1576. 

  1576. 

  1577. 	/* the newly created socket has to be in the same cgroup as its parent */
    1578. 

  1578. 	mptcp_attach_cgroup(sk, sf->sk);
    1579. 

  1579. 

  1580. 	/* kernel sockets do not by default acquire net ref, but TCP timer
    1581. 

  1581. 	 * needs it.
    1582. 

  1582. 	 */
    1583. 

  1583. 	sf->sk->sk_net_refcnt = 1;
    1584. 

  1584. 	get_net_track(net, &sf->sk->ns_tracker, GFP_KERNEL);
    1585. 

  1585. 	sock_inuse_add(net, 1);
    1586. 

  1586. 	err = tcp_set_ulp(sf->sk, "mptcp");
    1587. 

  1587. 	release_sock(sf->sk);
    1588. 

  1588. 

  1589. 	if (err) {
    1590. 

  1590. 		sock_release(sf);
    1591. 

  1591. 		return err;
    1592. 

  1592. 	}
    1593. 

  1593. 

  1594. 	/* the newly created socket really belongs to the owning MPTCP master
    1595. 

  1595. 	 * socket, even if for additional subflows the allocation is performed
    1596. 

  1596. 	 * by a kernel workqueue. Adjust inode references, so that the
    1597. 

  1597. 	 * procfs/diag interfaces really show this one belonging to the correct
    1598. 

  1598. 	 * user.
    1599. 

  1599. 	 */
    1600. 

  1600. 	SOCK_INODE(sf)->i_ino = SOCK_INODE(sk->sk_socket)->i_ino;
    1601. 

  1601. 	SOCK_INODE(sf)->i_uid = SOCK_INODE(sk->sk_socket)->i_uid;
    1602. 

  1602. 	SOCK_INODE(sf)->i_gid = SOCK_INODE(sk->sk_socket)->i_gid;
    1603. 

  1603. 

  1604. 	subflow = mptcp_subflow_ctx(sf->sk);
    1605. 

  1605. 	pr_debug("subflow=%p", subflow);
    1606. 

  1606. 

  1607. 	*new_sock = sf;
    1608. 

  1608. 	sock_hold(sk);
    1609. 

  1609. 	subflow->conn = sk;
    1610. 

  1610. 	mptcp_subflow_ops_override(sf->sk);
    1611. 

  1611. 

  1612. 	return 0;
    1613. 

  1613. }
    1614. 

  1614. 

  1615. static struct mptcp_subflow_context *subflow_create_ctx(struct sock *sk,
    1616. 

  1616. 							gfp_t priority)
    1617. 

  1617. {
    1618. 

  1618. 	struct inet_connection_sock *icsk = inet_csk(sk);
    1619. 

  1619. 	struct mptcp_subflow_context *ctx;
    1620. 

  1620. 

  1621. 	ctx = kzalloc(sizeof(*ctx), priority);
    1622. 

  1622. 	if (!ctx)
    1623. 

  1623. 		return NULL;
    1624. 

  1624. 

  1625. 	rcu_assign_pointer(icsk->icsk_ulp_data, ctx);
    1626. 

  1626. 	INIT_LIST_HEAD(&ctx->node);
    1627. 

  1627. 	INIT_LIST_HEAD(&ctx->delegated_node);
    1628. 

  1628. 

  1629. 	pr_debug("subflow=%p", ctx);
    1630. 

  1630. 

  1631. 	ctx->tcp_sock = sk;
    1632. 

  1632. 

  1633. 	return ctx;
    1634. 

  1634. }
    1635. 

  1635. 

  1636. static void __subflow_state_change(struct sock *sk)
    1637. 

  1637. {
    1638. 

  1638. 	struct socket_wq *wq;
    1639. 

  1639. 

  1640. 	rcu_read_lock();
    1641. 

  1641. 	wq = rcu_dereference(sk->sk_wq);
    1642. 

  1642. 	if (skwq_has_sleeper(wq))
    1643. 

  1643. 		wake_up_interruptible_all(&wq->wait);
    1644. 

  1644. 	rcu_read_unlock();
    1645. 

  1645. }
    1646. 

  1646. 

  1647. static bool subflow_is_done(const struct sock *sk)
    1648. 

  1648. {
    1649. 

  1649. 	return sk->sk_shutdown & RCV_SHUTDOWN || sk->sk_state == TCP_CLOSE;
    1650. 

  1650. }
    1651. 

  1651. 

  1652. static void subflow_state_change(struct sock *sk)
    1653. 

  1653. {
    1654. 

  1654. 	struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
    1655. 

  1655. 	struct sock *parent = subflow->conn;
    1656. 

  1656. 	struct mptcp_sock *msk;
    1657. 

  1657. 

  1658. 	__subflow_state_change(sk);
    1659. 

  1659. 

  1660. 	msk = mptcp_sk(parent);
    1661. 

  1661. 	if (subflow_simultaneous_connect(sk)) {
    1662. 

  1662. 		mptcp_propagate_sndbuf(parent, sk);
    1663. 

  1663. 		mptcp_do_fallback(sk);
    1664. 

  1664. 		mptcp_rcv_space_init(msk, sk);
    1665. 

  1665. 		pr_fallback(msk);
    1666. 

  1666. 		subflow->conn_finished = 1;
    1667. 

  1667. 		mptcp_set_connected(parent);
    1668. 

  1668. 	}
    1669. 

  1669. 

  1670. 	/* as recvmsg() does not acquire the subflow socket for ssk selection
    1671. 

  1671. 	 * a fin packet carrying a DSS can be unnoticed if we don't trigger
    1672. 

  1672. 	 * the data available machinery here.
    1673. 

  1673. 	 */
    1674. 

  1674. 	if (mptcp_subflow_data_available(sk))
    1675. 

  1675. 		mptcp_data_ready(parent, sk);
    1676. 

  1676. 	else if (unlikely(sk->sk_err))
    1677. 

  1677. 		subflow_error_report(sk);
    1678. 

  1678. 

  1679. 	subflow_sched_work_if_closed(mptcp_sk(parent), sk);
    1680. 

  1680. 

  1681. 	/* when the fallback subflow closes the rx side, trigger a 'dummy'
    1682. 

  1682. 	 * ingress data fin, so that the msk state will follow along
    1683. 

  1683. 	 */
    1684. 

  1684. 	if (__mptcp_check_fallback(msk) && subflow_is_done(sk) && msk->first == sk &&
    1685. 

  1685. 	    mptcp_update_rcv_data_fin(msk, READ_ONCE(msk->ack_seq), true))
    1686. 

  1686. 		mptcp_schedule_work(parent);
    1687. 

  1687. }
    1688. 

  1688. 

  1689. void mptcp_subflow_queue_clean(struct sock *listener_sk, struct sock *listener_ssk)
    1690. 

  1690. {
    1691. 

  1691. 	struct request_sock_queue *queue = &inet_csk(listener_ssk)->icsk_accept_queue;
    1692. 

  1692. 	struct request_sock *req, *head, *tail;
    1693. 

  1693. 	struct mptcp_subflow_context *subflow;
    1694. 

  1694. 	struct sock *sk, *ssk;
    1695. 

  1695. 

  1696. 	/* Due to lock dependencies no relevant lock can be acquired under rskq_lock.
    1697. 

  1697. 	 * Splice the req list, so that accept() can not reach the pending ssk after
    1698. 

  1698. 	 * the listener socket is released below.
    1699. 

  1699. 	 */
    1700. 

  1700. 	spin_lock_bh(&queue->rskq_lock);
    1701. 

  1701. 	head = queue->rskq_accept_head;
    1702. 

  1702. 	tail = queue->rskq_accept_tail;
    1703. 

  1703. 	queue->rskq_accept_head = NULL;
    1704. 

  1704. 	queue->rskq_accept_tail = NULL;
    1705. 

  1705. 	spin_unlock_bh(&queue->rskq_lock);
    1706. 

  1706. 

  1707. 	if (!head)
    1708. 

  1708. 		return;
    1709. 

  1709. 

  1710. 	/* can't acquire the msk socket lock under the subflow one,
    1711. 

  1711. 	 * or will cause ABBA deadlock
    1712. 

  1712. 	 */
    1713. 

  1713. 	release_sock(listener_ssk);
    1714. 

  1714. 

  1715. 	for (req = head; req; req = req->dl_next) {
    1716. 

  1716. 		ssk = req->sk;
    1717. 

  1717. 		if (!sk_is_mptcp(ssk))
    1718. 

  1718. 			continue;
    1719. 

  1719. 

  1720. 		subflow = mptcp_subflow_ctx(ssk);
    1721. 

  1721. 		if (!subflow || !subflow->conn)
    1722. 

  1722. 			continue;
    1723. 

  1723. 

  1724. 		sk = subflow->conn;
    1725. 

  1725. 		sock_hold(sk);
    1726. 

  1726. 

  1727. 		lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
    1728. 

  1728. 		__mptcp_unaccepted_force_close(sk);
    1729. 

  1729. 		release_sock(sk);
    1730. 

  1730. 

  1731. 		/* lockdep will report a false positive ABBA deadlock
    1732. 

  1732. 		 * between cancel_work_sync and the listener socket.
    1733. 

  1733. 		 * The involved locks belong to different sockets WRT
    1734. 

  1734. 		 * the existing AB chain.
    1735. 

  1735. 		 * Using a per socket key is problematic as key
    1736. 

  1736. 		 * deregistration requires process context and must be
    1737. 

  1737. 		 * performed at socket disposal time, in atomic
    1738. 

  1738. 		 * context.
    1739. 

  1739. 		 * Just tell lockdep to consider the listener socket
    1740. 

  1740. 		 * released here.
    1741. 

  1741. 		 */
    1742. 

  1742. 		mutex_release(&listener_sk->sk_lock.dep_map, _RET_IP_);
    1743. 

  1743. 		mptcp_cancel_work(sk);
    1744. 

  1744. 		mutex_acquire(&listener_sk->sk_lock.dep_map, 0, 0, _RET_IP_);
    1745. 

  1745. 

  1746. 		sock_put(sk);
    1747. 

  1747. 	}
    1748. 

  1748. 

  1749. 	/* we are still under the listener msk socket lock */
    1750. 

  1750. 	lock_sock_nested(listener_ssk, SINGLE_DEPTH_NESTING);
    1751. 

  1751. 

  1752. 	/* restore the listener queue, to let the TCP code clean it up */
    1753. 

  1753. 	spin_lock_bh(&queue->rskq_lock);
    1754. 

  1754. 	WARN_ON_ONCE(queue->rskq_accept_head);
    1755. 

  1755. 	queue->rskq_accept_head = head;
    1756. 

  1756. 	queue->rskq_accept_tail = tail;
    1757. 

  1757. 	spin_unlock_bh(&queue->rskq_lock);
    1758. 

  1758. }
    1759. 

  1759. 

  1760. static int subflow_ulp_init(struct sock *sk)
    1761. 

  1761. {
    1762. 

  1762. 	struct inet_connection_sock *icsk = inet_csk(sk);
    1763. 

  1763. 	struct mptcp_subflow_context *ctx;
    1764. 

  1764. 	struct tcp_sock *tp = tcp_sk(sk);
    1765. 

  1765. 	int err = 0;
    1766. 

  1766. 

  1767. 	/* disallow attaching ULP to a socket unless it has been
    1768. 

  1768. 	 * created with sock_create_kern()
    1769. 

  1769. 	 */
    1770. 

  1770. 	if (!sk->sk_kern_sock) {
    1771. 

  1771. 		err = -EOPNOTSUPP;
    1772. 

  1772. 		goto out;
    1773. 

  1773. 	}
    1774. 

  1774. 

  1775. 	ctx = subflow_create_ctx(sk, GFP_KERNEL);
    1776. 

  1776. 	if (!ctx) {
    1777. 

  1777. 		err = -ENOMEM;
    1778. 

  1778. 		goto out;
    1779. 

  1779. 	}
    1780. 

  1780. 

  1781. 	pr_debug("subflow=%p, family=%d", ctx, sk->sk_family);
    1782. 

  1782. 

  1783. 	tp->is_mptcp = 1;
    1784. 

  1784. 	ctx->icsk_af_ops = icsk->icsk_af_ops;
    1785. 

  1785. 	icsk->icsk_af_ops = subflow_default_af_ops(sk);
    1786. 

  1786. 	ctx->tcp_state_change = sk->sk_state_change;
    1787. 

  1787. 	ctx->tcp_error_report = sk->sk_error_report;
    1788. 

  1788. 

  1789. 	WARN_ON_ONCE(sk->sk_data_ready != sock_def_readable);
    1790. 

  1790. 	WARN_ON_ONCE(sk->sk_write_space != sk_stream_write_space);
    1791. 

  1791. 

  1792. 	sk->sk_data_ready = subflow_data_ready;
    1793. 

  1793. 	sk->sk_write_space = subflow_write_space;
    1794. 

  1794. 	sk->sk_state_change = subflow_state_change;
    1795. 

  1795. 	sk->sk_error_report = subflow_error_report;
    1796. 

  1796. out:
    1797. 

  1797. 	return err;
    1798. 

  1798. }
    1799. 

  1799. 

  1800. static void subflow_ulp_release(struct sock *ssk)
    1801. 

  1801. {
    1802. 

  1802. 	struct mptcp_subflow_context *ctx = mptcp_subflow_ctx(ssk);
    1803. 

  1803. 	bool release = true;
    1804. 

  1804. 	struct sock *sk;
    1805. 

  1805. 

  1806. 	if (!ctx)
    1807. 

  1807. 		return;
    1808. 

  1808. 

  1809. 	sk = ctx->conn;
    1810. 

  1810. 	if (sk) {
    1811. 

  1811. 		/* if the msk has been orphaned, keep the ctx
    1812. 

  1812. 		 * alive, will be freed by __mptcp_close_ssk(),
    1813. 

  1813. 		 * when the subflow is still unaccepted
    1814. 

  1814. 		 */
    1815. 

  1815. 		release = ctx->disposable || list_empty(&ctx->node);
    1816. 

  1816. 

  1817. 		/* inet_child_forget() does not call sk_state_change(),
    1818. 

  1818. 		 * explicitly trigger the socket close machinery
    1819. 

  1819. 		 */
    1820. 

  1820. 		if (!release && !test_and_set_bit(MPTCP_WORK_CLOSE_SUBFLOW,
    1821. 

  1821. 						  &mptcp_sk(sk)->flags))
    1822. 

  1822. 			mptcp_schedule_work(sk);
    1823. 

  1823. 		sock_put(sk);
    1824. 

  1824. 	}
    1825. 

  1825. 

  1826. 	mptcp_subflow_ops_undo_override(ssk);
    1827. 

  1827. 	if (release)
    1828. 

  1828. 		kfree_rcu(ctx, rcu);
    1829. 

  1829. }
    1830. 

  1830. 

  1831. static void subflow_ulp_clone(const struct request_sock *req,
    1832. 

  1832. 			      struct sock *newsk,
    1833. 

  1833. 			      const gfp_t priority)
    1834. 

  1834. {
    1835. 

  1835. 	struct mptcp_subflow_request_sock *subflow_req = mptcp_subflow_rsk(req);
    1836. 

  1836. 	struct mptcp_subflow_context *old_ctx = mptcp_subflow_ctx(newsk);
    1837. 

  1837. 	struct mptcp_subflow_context *new_ctx;
    1838. 

  1838. 

  1839. 	if (!tcp_rsk(req)->is_mptcp ||
    1840. 

  1840. 	    (!subflow_req->mp_capable && !subflow_req->mp_join)) {
    1841. 

  1841. 		subflow_ulp_fallback(newsk, old_ctx);
    1842. 

  1842. 		return;
    1843. 

  1843. 	}
    1844. 

  1844. 

  1845. 	new_ctx = subflow_create_ctx(newsk, priority);
    1846. 

  1846. 	if (!new_ctx) {
    1847. 

  1847. 		subflow_ulp_fallback(newsk, old_ctx);
    1848. 

  1848. 		return;
    1849. 

  1849. 	}
    1850. 

  1850. 

  1851. 	new_ctx->conn_finished = 1;
    1852. 

  1852. 	new_ctx->icsk_af_ops = old_ctx->icsk_af_ops;
    1853. 

  1853. 	new_ctx->tcp_state_change = old_ctx->tcp_state_change;
    1854. 

  1854. 	new_ctx->tcp_error_report = old_ctx->tcp_error_report;
    1855. 

  1855. 	new_ctx->rel_write_seq = 1;
    1856. 

  1856. 	new_ctx->tcp_sock = newsk;
    1857. 

  1857. 

  1858. 	if (subflow_req->mp_capable) {
    1859. 

  1859. 		/* see comments in subflow_syn_recv_sock(), MPTCP connection
    1860. 

  1860. 		 * is fully established only after we receive the remote key
    1861. 

  1861. 		 */
    1862. 

  1862. 		new_ctx->mp_capable = 1;
    1863. 

  1863. 		new_ctx->local_key = subflow_req->local_key;
    1864. 

  1864. 		new_ctx->token = subflow_req->token;
    1865. 

  1865. 		new_ctx->ssn_offset = subflow_req->ssn_offset;
    1866. 

  1866. 		new_ctx->idsn = subflow_req->idsn;
    1867. 

  1867. 

  1868. 		/* this is the first subflow, id is always 0 */
    1869. 

  1869. 		new_ctx->local_id_valid = 1;
    1870. 

  1870. 	} else if (subflow_req->mp_join) {
    1871. 

  1871. 		new_ctx->ssn_offset = subflow_req->ssn_offset;
    1872. 

  1872. 		new_ctx->mp_join = 1;
    1873. 

  1873. 		new_ctx->fully_established = 1;
    1874. 

  1874. 		new_ctx->backup = subflow_req->backup;
    1875. 

  1875. 		new_ctx->remote_id = subflow_req->remote_id;
    1876. 

  1876. 		new_ctx->token = subflow_req->token;
    1877. 

  1877. 		new_ctx->thmac = subflow_req->thmac;
    1878. 

  1878. 

  1879. 		/* the subflow req id is valid, fetched via subflow_check_req()
    1880. 

  1880. 		 * and subflow_token_join_request()
    1881. 

  1881. 		 */
    1882. 

  1882. 		subflow_set_local_id(new_ctx, subflow_req->local_id);
    1883. 

  1883. 	}
    1884. 

  1884. }
    1885. 

  1885. 

  1886. static void tcp_release_cb_override(struct sock *ssk)
    1887. 

  1887. {
    1888. 

  1888. 	struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk);
    1889. 

  1889. 	long status;
    1890. 

  1890. 

  1891. 	/* process and clear all the pending actions, but leave the subflow into
    1892. 

  1892. 	 * the napi queue. To respect locking, only the same CPU that originated
    1893. 

  1893. 	 * the action can touch the list. mptcp_napi_poll will take care of it.
    1894. 

  1894. 	 */
    1895. 

  1895. 	status = set_mask_bits(&subflow->delegated_status, MPTCP_DELEGATE_ACTIONS_MASK, 0);
    1896. 

  1896. 	if (status)
    1897. 

  1897. 		mptcp_subflow_process_delegated(ssk, status);
    1898. 

  1898. 

  1899. 	tcp_release_cb(ssk);
    1900. 

  1900. }
    1901. 

  1901. 

  1902. static struct tcp_ulp_ops subflow_ulp_ops __read_mostly = {
    1903. 

  1903. 	.name		= "mptcp",
    1904. 

  1904. 	.owner		= THIS_MODULE,
    1905. 

  1905. 	.init		= subflow_ulp_init,
    1906. 

  1906. 	.release	= subflow_ulp_release,
    1907. 

  1907. 	.clone		= subflow_ulp_clone,
    1908. 

  1908. };
    1909. 

  1909. 

  1910. static int subflow_ops_init(struct request_sock_ops *subflow_ops)
    1911. 

  1911. {
    1912. 

  1912. 	subflow_ops->obj_size = sizeof(struct mptcp_subflow_request_sock);
    1913. 

  1913. 

  1914. 	subflow_ops->slab = kmem_cache_create(subflow_ops->slab_name,
    1915. 

  1915. 					      subflow_ops->obj_size, 0,
    1916. 

  1916. 					      SLAB_ACCOUNT |
    1917. 

  1917. 					      SLAB_TYPESAFE_BY_RCU,
    1918. 

  1918. 					      NULL);
    1919. 

  1919. 	if (!subflow_ops->slab)
    1920. 

  1920. 		return -ENOMEM;
    1921. 

  1921. 

  1922. 	return 0;
    1923. 

  1923. }
    1924. 

  1924. 

  1925. void __init mptcp_subflow_init(void)
    1926. 

  1926. {
    1927. 

  1927. 	mptcp_subflow_v4_request_sock_ops = tcp_request_sock_ops;
    1928. 

  1928. 	mptcp_subflow_v4_request_sock_ops.slab_name = "request_sock_subflow_v4";
    1929. 

  1929. 	mptcp_subflow_v4_request_sock_ops.destructor = subflow_v4_req_destructor;
    1930. 

  1930. 

  1931. 	if (subflow_ops_init(&mptcp_subflow_v4_request_sock_ops) != 0)
    1932. 

  1932. 		panic("MPTCP: failed to init subflow v4 request sock ops\n");
    1933. 

  1933. 

  1934. 	subflow_request_sock_ipv4_ops = tcp_request_sock_ipv4_ops;
    1935. 

  1935. 	subflow_request_sock_ipv4_ops.route_req = subflow_v4_route_req;
    1936. 

  1936. 

  1937. 	subflow_specific = ipv4_specific;
    1938. 

  1938. 	subflow_specific.conn_request = subflow_v4_conn_request;
    1939. 

  1939. 	subflow_specific.syn_recv_sock = subflow_syn_recv_sock;
    1940. 

  1940. 	subflow_specific.sk_rx_dst_set = subflow_finish_connect;
    1941. 

  1941. 	subflow_specific.rebuild_header = subflow_rebuild_header;
    1942. 

  1942. 

  1943. 	tcp_prot_override = tcp_prot;
    1944. 

  1944. 	tcp_prot_override.release_cb = tcp_release_cb_override;
    1945. 

  1945. 

  1946. #if IS_ENABLED(CONFIG_MPTCP_IPV6)
    1947. 

  1947. 	/* In struct mptcp_subflow_request_sock, we assume the TCP request sock
    1948. 

  1948. 	 * structures for v4 and v6 have the same size. It should not changed in
    1949. 

  1949. 	 * the future but better to make sure to be warned if it is no longer
    1950. 

  1950. 	 * the case.
    1951. 

  1951. 	 */
    1952. 

  1952. 	BUILD_BUG_ON(sizeof(struct tcp_request_sock) != sizeof(struct tcp6_request_sock));
    1953. 

  1953. 

  1954. 	mptcp_subflow_v6_request_sock_ops = tcp6_request_sock_ops;
    1955. 

  1955. 	mptcp_subflow_v6_request_sock_ops.slab_name = "request_sock_subflow_v6";
    1956. 

  1956. 	mptcp_subflow_v6_request_sock_ops.destructor = subflow_v6_req_destructor;
    1957. 

  1957. 

  1958. 	if (subflow_ops_init(&mptcp_subflow_v6_request_sock_ops) != 0)
    1959. 

  1959. 		panic("MPTCP: failed to init subflow v6 request sock ops\n");
    1960. 

  1960. 

  1961. 	subflow_request_sock_ipv6_ops = tcp_request_sock_ipv6_ops;
    1962. 

  1962. 	subflow_request_sock_ipv6_ops.route_req = subflow_v6_route_req;
    1963. 

  1963. 

  1964. 	subflow_v6_specific = ipv6_specific;
    1965. 

  1965. 	subflow_v6_specific.conn_request = subflow_v6_conn_request;
    1966. 

  1966. 	subflow_v6_specific.syn_recv_sock = subflow_syn_recv_sock;
    1967. 

  1967. 	subflow_v6_specific.sk_rx_dst_set = subflow_finish_connect;
    1968. 

  1968. 	subflow_v6_specific.rebuild_header = subflow_v6_rebuild_header;
    1969. 

  1969. 

  1970. 	subflow_v6m_specific = subflow_v6_specific;
    1971. 

  1971. 	subflow_v6m_specific.queue_xmit = ipv4_specific.queue_xmit;
    1972. 

  1972. 	subflow_v6m_specific.send_check = ipv4_specific.send_check;
    1973. 

  1973. 	subflow_v6m_specific.net_header_len = ipv4_specific.net_header_len;
    1974. 

  1974. 	subflow_v6m_specific.mtu_reduced = ipv4_specific.mtu_reduced;
    1975. 

  1975. 	subflow_v6m_specific.net_frag_header_len = 0;
    1976. 

  1976. 	subflow_v6m_specific.rebuild_header = subflow_rebuild_header;
    1977. 

  1977. 

  1978. 	tcpv6_prot_override = tcpv6_prot;
    1979. 

  1979. 	tcpv6_prot_override.release_cb = tcp_release_cb_override;
    1980. 

  1980. #endif
    1981. 

  1981. 

  1982. 	mptcp_diag_subflow_init(&subflow_ulp_ops);
    1983. 

  1983. 

  1984. 	if (tcp_register_ulp(&subflow_ulp_ops) != 0)
    1985. 

  1985. 		panic("MPTCP: failed to register subflows to ULP\n");
    1986. 

  1986. }
    1987.