From nobody Mon Jan 26 00:10:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6BAB5366DD9 for ; Tue, 13 Jan 2026 06:13:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768284826; cv=none; b=VhQqCixxcNKRCBGnT3QNZKXl+NMN34grF2HYG1BIMuptcXD6Lrqqv5sYs9+YOl/dCcyykVDV/nADBZfjqJvAISDRQKNuj9SxylHWQGJEBCQcVFZoD0x0vHOAFNvXFPVRz/mcLzsaUZK4QU4fZXvZwD787BlGvuNhO4bOMQ//TcM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768284826; c=relaxed/simple; bh=5XaCszjAAfzWnP2ZMLJAV4294KewUZkewdicuBOdo0A=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=DB2GiaajoKb+Bfi9A525nXRwONElgMiOMkeKhsnhCGTGPKruhKpZcduPx4lsTiY6vRR9cMIteUwfVrEGvJ2JIoe6y0ZKfkxiX5eZnLdCsnsOUeFneZBJC4W87B1zmMskzavoOMhVhT7zFfgyThpS+9fQlKojD7azvEldr4QWvAA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=l1dFQTzk; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="l1dFQTzk" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8E945C19421; Tue, 13 Jan 2026 06:13:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1768284826; bh=5XaCszjAAfzWnP2ZMLJAV4294KewUZkewdicuBOdo0A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=l1dFQTzkKjYDjzcTZ2rrkTH3xpTwwBoR3EdnuhFkivDyLBxT29r9wK5KMXmSOWhug pQfHuOihoGEOAaH7KYWt4r8Mi7jmXLmmz8G8+4GJEChhp3vnzFsxqz9VoHXUI9EOuC mG+TOljELBe94qN3L/wcUkFC7gPgQEZyEKK0lihfQaHNDYJEVs3DaZrEUvgHpa7Tg0 5Civ8RoBSzeF0++DrMLAjKzKhwuhrLFHYAMa6O9DWkHBa0OZ/8oUH0/sy4rjO4QBld gevQAZh53z7W44qgcCeg/NEJGqDhdfRb8CMM1kPtWR61vEzEllf5XXSXJKcjWEnt1T eOs6ks2SwNxEQ== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v7 1/9] selftests: mptcp: add tcp tls tests Date: Tue, 13 Jan 2026 14:13:27 +0800 Message-ID: <4e4c85916e833c823f6dd49d2e6a047ee615f3e0.1768284047.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang A new TLS type has been added to cfg_sockopt_types, enabled via the parameter "-o TLS". do_setsockopt_tls() has been implemented to set TLS parameters for both the server and client. Three TCP TLS tests have been added to mptcp_join.sh. The command './mptcp_join.sh -c' can be used to run the tests. After adding TLS configuration, sock_test_tcpulp() needs to be updated as getsockopt ULP may now return not only "mptcp" but also "tls". These tests report "read: Resource temporarily unavailable" errors occasionally, which is fixed by adding handling for EAGAIN in copyfd_io_poll(). Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- tools/testing/selftests/net/mptcp/config | 1 + .../selftests/net/mptcp/mptcp_connect.c | 51 ++++++++++++++++++- .../testing/selftests/net/mptcp/mptcp_join.sh | 45 +++++++++++++++- 3 files changed, 94 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/net/mptcp/config b/tools/testing/selft= ests/net/mptcp/config index 59051ee2a986..18bd29ac5b24 100644 --- a/tools/testing/selftests/net/mptcp/config +++ b/tools/testing/selftests/net/mptcp/config @@ -34,3 +34,4 @@ CONFIG_NFT_SOCKET=3Dm CONFIG_NFT_TPROXY=3Dm CONFIG_SYN_COOKIES=3Dy CONFIG_VETH=3Dy +CONFIG_TLS=3Dy diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.c b/tools/test= ing/selftests/net/mptcp/mptcp_connect.c index 1c4fe60089a2..6fb3c0bf879b 100644 --- a/tools/testing/selftests/net/mptcp/mptcp_connect.c +++ b/tools/testing/selftests/net/mptcp/mptcp_connect.c @@ -34,6 +34,7 @@ #include #include #include +#include =20 extern int optind; =20 @@ -89,6 +90,7 @@ struct cfg_cmsg_types { struct cfg_sockopt_types { unsigned int transparent:1; unsigned int mptfo:1; + unsigned int tls:1; }; =20 struct tcp_inq_state { @@ -272,6 +274,39 @@ static int do_ulp_so(int sock, const char *name) return setsockopt(sock, IPPROTO_TCP, TCP_ULP, name, strlen(name)); } =20 +static void do_setsockopt_tls(int fd) +{ + struct tls12_crypto_info_aes_gcm_128 tls_tx =3D { + .info =3D { + .version =3D TLS_1_2_VERSION, + .cipher_type =3D TLS_CIPHER_AES_GCM_128, + }, + }; + struct tls12_crypto_info_aes_gcm_128 tls_rx =3D { + .info =3D { + .version =3D TLS_1_2_VERSION, + .cipher_type =3D TLS_CIPHER_AES_GCM_128, + }, + }; + int so_buf =3D 6553500; + int err; + + err =3D do_ulp_so(fd, "tls"); + if (err) + xerror("setsockopt TCP_ULP"); + + err =3D setsockopt(fd, SOL_TLS, TLS_TX, (void *)&tls_tx, sizeof(tls_tx)); + if (err) + xerror("setsockopt TLS_TX"); + + err =3D setsockopt(fd, SOL_TLS, TLS_RX, (void *)&tls_rx, sizeof(tls_rx)); + if (err) + xerror("setsockopt TLS_RX"); + + set_sndbuf(fd, so_buf); + set_rcvbuf(fd, so_buf); +} + #define X(m) xerror("%s:%u: %s: failed for proto %d at line %u", __FILE__,= __LINE__, (m), proto, line) static void sock_test_tcpulp(int sock, int proto, unsigned int line) { @@ -283,7 +318,7 @@ static void sock_test_tcpulp(int sock, int proto, unsig= ned int line) X("getsockopt"); =20 if (buflen > 0) { - if (strcmp(buf, "mptcp") !=3D 0) + if (strcmp(buf, "mptcp") !=3D 0 && strcmp(buf, "tls") !=3D 0) xerror("unexpected ULP '%s' for proto %d at line %u", buf, proto, line); ret =3D do_ulp_so(sock, "tls"); if (ret =3D=3D 0) @@ -425,8 +460,11 @@ static int sock_connect_mptcp(const char * const remot= eaddr, } =20 freeaddrinfo(addr); - if (sock !=3D -1) + if (sock !=3D -1) { SOCK_TEST_TCPULP(sock, proto); + if (cfg_sockopt_types.tls) + do_setsockopt_tls(sock); + } return sock; } =20 @@ -687,6 +725,8 @@ static int copyfd_io_poll(int infd, int peerfd, int out= fd, =20 /* Else, still have data to transmit */ } else if (len < 0) { + if (errno =3D=3D EAGAIN) + continue; if (cfg_rcv_trunc) return 0; perror("read"); @@ -1199,6 +1239,8 @@ int main_loop_s(int listensock) } =20 SOCK_TEST_TCPULP(remotesock, 0); + if (cfg_sockopt_types.tls) + do_setsockopt_tls(remotesock); =20 memset(&winfo, 0, sizeof(winfo)); err =3D copyfd_io(fd, remotesock, 1, true, &winfo); @@ -1299,6 +1341,11 @@ static void parse_setsock_options(const char *name) return; } =20 + if (strncmp(name, "TLS", len) =3D=3D 0) { + cfg_sockopt_types.tls =3D 1; + return; + } + fprintf(stderr, "Unrecognized setsockopt option %s\n", name); exit(1); } diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testin= g/selftests/net/mptcp/mptcp_join.sh index b2e6e548f796..6f8c6a03e760 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -63,6 +63,7 @@ unset fastclose unset fullmesh unset speed unset bind_addr +unset tls unset join_syn_rej unset join_csum_ns1 unset join_csum_ns2 @@ -974,6 +975,7 @@ do_transfer() local fastclose=3D${fastclose:-""} local speed=3D${speed:-"fast"} local bind_addr=3D${bind_addr:-"::"} + local tls=3D${tls:-""} local listener_in=3D"${sin}" local connector_in=3D"${cin}" port=3D$(get_port) @@ -995,6 +997,10 @@ do_transfer() extra_args=3D"-r ${speed}" fi =20 + if [ -n "${tls}" ] && [ ${tls} =3D "1" ]; then + extra_args=3D"$extra_args -o TLS" + fi + local extra_cl_args=3D"" local extra_srv_args=3D"" local trunc_size=3D"" @@ -1105,6 +1111,8 @@ run_tests() local listener_ns=3D"$1" local connector_ns=3D"$2" local connect_addr=3D"$3" + local cl_proto=3D"${4:-MPTCP}" + local srv_proto=3D"${5:-MPTCP}" =20 local size local test_linkfail=3D${test_linkfail:-0} @@ -1149,7 +1157,7 @@ run_tests() make_file "$sinfail" "server" $size fi =20 - do_transfer ${listener_ns} ${connector_ns} MPTCP MPTCP ${connect_addr} + do_transfer ${listener_ns} ${connector_ns} ${cl_proto} ${srv_proto} ${con= nect_addr} } =20 _dump_stats() @@ -4306,6 +4314,40 @@ endpoint_tests() fi } =20 +tls_tests() +{ + # single subflow, tls, TCP + if reset "single subflow, tls, TCP"; then + test_linkfail=3D128 tls=3D1 \ + run_tests $ns1 $ns2 10.0.1.1 TCP TCP + chk_join_nr 0 0 0 + fi + + # multiple subflows, tls, TCP + if reset "multiple subflows, tls, TCP"; then + pm_nl_set_limits $ns1 0 2 + pm_nl_set_limits $ns2 0 2 + pm_nl_add_endpoint $ns2 10.0.2.2 flags subflow + pm_nl_add_endpoint $ns2 10.0.3.2 flags subflow + test_linkfail=3D1024 tls=3D1 \ + run_tests $ns1 $ns2 10.0.1.1 TCP TCP + chk_join_nr 0 0 0 + fi + + # multiple subflows, signal, tls, TCP + if reset "multiple subflows, signal, tls, TCP"; then + pm_nl_set_limits $ns1 0 3 + pm_nl_add_endpoint $ns1 10.0.2.1 dev ns1eth2 flags signal + pm_nl_set_limits $ns2 1 3 + pm_nl_add_endpoint $ns2 10.0.3.2 dev ns2eth3 flags subflow + pm_nl_add_endpoint $ns2 10.0.4.2 dev ns2eth4 flags subflow + test_linkfail=3D2048 tls=3D1 \ + run_tests $ns1 $ns2 10.0.1.1 TCP TCP + chk_join_nr 0 0 0 + chk_add_nr 0 0 + fi +} + # [$1: error message] usage() { @@ -4356,6 +4398,7 @@ all_tests_sorted=3D( F@fail_tests u@userspace_tests I@endpoint_tests + c@tls_tests ) =20 all_tests_args=3D"" --=20 2.51.0 From nobody Mon Jan 26 00:10:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 70BD5A41 for ; Tue, 13 Jan 2026 06:13:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768284828; cv=none; b=Ripj+NF4XM+I1+izld1F+VeG68Pf6XykHH9GkDdBxt3YvRyMAhClj9SW6ZdFDzEwV21/jGkipplBGuumKHXLuz6MqsGe+bwhJzJMmnhUE21hk4OGCzaOzE+jpVhd+UHkUE5Tmi8nsPliV7BIjg8KbZO6nIcP3RJpihAvy3HfONo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768284828; c=relaxed/simple; bh=/POyJlwe/PXLa9O/e5at4Mlm9gFzE6S9sUvtynzRHP4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=f0md5FszyL8b/54QlLBCvvOTmUEDq+pBmEH7jZF8t5lVOyRyMkLcD8LvXeOU7ECtd3f1LH/XNG17BrRzDVX0GIP0NQFxXCRUrTq0VfxghVWMnLrgFBEm9nGLnuvhClBGjMYVTYtWczQQk/GuF8kMXc5PPUK5GDI+d7woWOUnCZQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=dNxSoxur; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="dNxSoxur" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9AF21C19422; Tue, 13 Jan 2026 06:13:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1768284828; bh=/POyJlwe/PXLa9O/e5at4Mlm9gFzE6S9sUvtynzRHP4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=dNxSoxururt6hEGJvAueyVB583ji2jAvm98HKkpLvmIVRgfQsE2x/Ua+LCGNOcoia OmiL1PBoYm+h9cYnGsb5QmzQbXEpxeooOm2iYOYneAf7zcn6q3y75ZqA3dMXjQk+Uh RbnZ18YJHiYC9rSxmUKqHawI4JPEcqIo01ntWXZ97Qg9SwR3YiH3l804cT5C4psUZe vB3Dh0TRLKpbm5XzDMLuGTTqL19CahLMKLMcm7/4k5S6718AJgDv0T6lMu16Z3IMHq WANgxkH/bam8bSM6/ZOztEa/SRvAsosusqu3VEpEhQGvZs2lo9nVlqWcj8Y/vTWnNK A0Q/S9u2mWfuA== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v7 2/9] tls: introduce struct tls_prot_ops Date: Tue, 13 Jan 2026 14:13:28 +0800 Message-ID: <6d9c54b31f5878b76d21ba40e9853de421d282ab.1768284047.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang To extend MPTCP support based on TCP TLS, a tls_prot_ops structure has been introduced for TLS, encapsulating TCP-specific helpers within this structure. Add registering, validating and finding functions for this structure to add, validate and find a tls_prot_ops on the global list tls_prot_ops_list. Register TCP-specific structure tls_tcp_ops in tls_init(). Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- include/net/tls.h | 18 ++++++++++++ net/tls/tls_main.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 90 insertions(+) diff --git a/include/net/tls.h b/include/net/tls.h index ebd2550280ae..5f730fb6e801 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -220,6 +220,24 @@ struct tls_prot_info { u16 tail_size; }; =20 +struct tls_prot_ops { + int protocol; + struct module *owner; + struct list_head list; + + int (*inq)(struct sock *sk); + int (*sendmsg_locked)(struct sock *sk, struct msghdr *msg, size_t size); + struct sk_buff *(*recv_skb)(struct sock *sk, u32 seq, u32 *off); + void (*read_done)(struct sock *sk, size_t len); + u32 (*get_skb_seq)(struct sk_buff *skb); + int (*read_sock)(struct sock *sk, read_descriptor_t *desc, + sk_read_actor_t recv_actor); + __poll_t (*poll)(struct file *file, struct socket *sock, + struct poll_table_struct *wait); + bool (*epollin_ready)(const struct sock *sk, int target); + void (*check_app_limited)(struct sock *sk); +}; + struct tls_context { /* read-only cache line */ struct tls_prot_info prot_info; diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index 56ce0bc8317b..525f0641d3d0 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -128,6 +128,24 @@ static struct proto_ops tls_proto_ops[TLS_NUM_PROTS][T= LS_NUM_CONFIG][TLS_NUM_CON static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG], const struct proto *base); =20 +static DEFINE_SPINLOCK(tls_prot_ops_lock); +static LIST_HEAD(tls_prot_ops_list); + +/* Must be called with rcu read lock held */ +static struct tls_prot_ops *tls_prot_ops_find(int protocol) +{ + struct tls_prot_ops *ops, *ret =3D NULL; + + list_for_each_entry_rcu(ops, &tls_prot_ops_list, list) { + if (ops->protocol =3D=3D protocol) { + ret =3D ops; + break; + } + } + + return ret; +} + void update_sk_prot(struct sock *sk, struct tls_context *ctx) { int ip_ver =3D sk->sk_family =3D=3D AF_INET6 ? TLSV6 : TLSV4; @@ -1236,6 +1254,58 @@ static struct tcp_ulp_ops tcp_tls_ulp_ops __read_mos= tly =3D { .get_info_size =3D tls_get_info_size, }; =20 +static int tls_validate_prot_ops(const struct tls_prot_ops *ops) +{ + if (!ops->inq || !ops->sendmsg_locked || + !ops->recv_skb || !ops->read_done || + !ops->get_skb_seq || !ops->read_sock || + !ops->poll || !ops->epollin_ready || + !ops->check_app_limited) { + pr_err("%d does not implement required ops\n", ops->protocol); + return -EINVAL; + } + + return 0; +} + +static int tls_register_prot_ops(struct tls_prot_ops *ops) +{ + int ret; + + ret =3D tls_validate_prot_ops(ops); + if (ret) + return ret; + + spin_lock(&tls_prot_ops_lock); + if (tls_prot_ops_find(ops->protocol)) { + spin_unlock(&tls_prot_ops_lock); + return -EEXIST; + } + list_add_tail_rcu(&ops->list, &tls_prot_ops_list); + spin_unlock(&tls_prot_ops_lock); + + pr_debug("tls_prot_ops %d registered\n", ops->protocol); + return 0; +} + +static u32 tcp_get_skb_seq(struct sk_buff *skb) +{ + return TCP_SKB_CB(skb)->seq; +} + +static struct tls_prot_ops tls_tcp_ops =3D { + .protocol =3D IPPROTO_TCP, + .inq =3D tcp_inq, + .sendmsg_locked =3D tcp_sendmsg_locked, + .recv_skb =3D tcp_recv_skb, + .read_done =3D tcp_read_done, + .get_skb_seq =3D tcp_get_skb_seq, + .read_sock =3D tcp_read_sock, + .poll =3D tcp_poll, + .epollin_ready =3D tcp_epollin_ready, + .check_app_limited =3D tcp_rate_check_app_limited, +}; + static int __init tls_register(void) { int err; @@ -1254,6 +1324,8 @@ static int __init tls_register(void) =20 tcp_register_ulp(&tcp_tls_ulp_ops); =20 + tls_register_prot_ops(&tls_tcp_ops); + return 0; err_strp: tls_strp_dev_exit(); --=20 2.51.0 From nobody Mon Jan 26 00:10:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EAD41366DC9 for ; Tue, 13 Jan 2026 06:13:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768284830; cv=none; b=Os8uwLakbfXJ6SKsbVHHK1XgHlwpihkz9zxiDm6H0r02m9xDPQxBsQjkp2nsjrHC9+Y+MblTJgje+S9Bnh3qoG9xW7hSdMFHT4/fndC88vvd9J+RkxTuR2DDAOd71euF1HwRpge7jd3RXw/XjOiEZujQ9/93Plf6IXHSNbou2Ww= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768284830; c=relaxed/simple; bh=QjeZw2kk+Ri3K4OoZQ3Mh4pSr0JxHolCF//nRuXD1v4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=n3DnIDrmIVX/IO5j2eO2uGnmd18Q5ppx6jlQmv4x/AMAAzPyFay766Pa3a/8V1m8E6E8Y7ZXoUx+/W0Ey7MkqbXojgmu45DnoJ1WQVEGYQ1ORetnCLWrN8gXStJoDDTSRndoAewDxe8GUb8ZggYu9+o2hnkJDCRzA1gizvPMeB4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=UOJB6xPO; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="UOJB6xPO" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 81D8DC116C6; Tue, 13 Jan 2026 06:13:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1768284829; bh=QjeZw2kk+Ri3K4OoZQ3Mh4pSr0JxHolCF//nRuXD1v4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=UOJB6xPOmcJqbUsNQibJu6N5ONK2z0kJCGLdHNTHWlw/D7UuPc7OwVU6BJBW6cfAo BLEyg3XP6e6Y6LsZQBUHmzTNiHgoVjlhCeDBHhCME8wa+20Vva09G9ICQY+IiymX6c exd/nFiVJ5tU2ntDJbZPyHTXJokAk+IAAYGIqtbdQWYk5VIxs/xa2rw5X+K4gpiSgT vOHGPljvv+lgGMzg4Wb4rkP99YisTMs2MQ4AYVO7uyTSOqGmo9QtlrNtsei0q+QVYo JctSv6qPdFRRg9z5MLUxkZEp8mhT68R/ZP3gWTr06Rf4lbHTnMjTOqbSOcS7ZnEYHk VKCYcdTIq6hTQ== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v7 3/9] tls: add ops in tls_context Date: Tue, 13 Jan 2026 14:13:29 +0800 Message-ID: X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang A pointer to struct tls_prot_ops, named 'ops', has been added to struct tls_context. The places originally calling TLS-specific helpers have now been modified to indirectly invoke them via 'ops' pointer in tls_context. In do_tls_setsockopt_conf(), ctx->ops is assigned either 'tls_mptcp_ops' or 'tls_tcp_ops' based on the socket protocol. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- include/net/tls.h | 1 + net/tls/tls_main.c | 15 +++++++++++---- net/tls/tls_strp.c | 28 +++++++++++++++++++--------- net/tls/tls_sw.c | 5 +++-- 4 files changed, 34 insertions(+), 15 deletions(-) diff --git a/include/net/tls.h b/include/net/tls.h index 5f730fb6e801..d9b2a8d2a25b 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -276,6 +276,7 @@ struct tls_context { struct sock *sk; =20 void (*sk_destruct)(struct sock *sk); + const struct tls_prot_ops *ops; =20 union tls_crypto_context crypto_send; union tls_crypto_context crypto_recv; diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index 525f0641d3d0..e8bb745029e4 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -206,13 +206,13 @@ int tls_push_sg(struct sock *sk, ctx->splicing_pages =3D true; while (1) { /* is sending application-limited? */ - tcp_rate_check_app_limited(sk); + ctx->ops->check_app_limited(sk); p =3D sg_page(sg); retry: bvec_set_page(&bvec, p, size, offset); iov_iter_bvec(&msg.msg_iter, ITER_SOURCE, &bvec, 1, size); =20 - ret =3D tcp_sendmsg_locked(sk, &msg, size); + ret =3D ctx->ops->sendmsg_locked(sk, &msg, size); =20 if (ret !=3D size) { if (ret > 0) { @@ -427,14 +427,14 @@ static __poll_t tls_sk_poll(struct file *file, struct= socket *sock, u8 shutdown; int state; =20 - mask =3D tcp_poll(file, sock, wait); + tls_ctx =3D tls_get_ctx(sk); + mask =3D tls_ctx->ops->poll(file, sock, wait); =20 state =3D inet_sk_state_load(sk); shutdown =3D READ_ONCE(sk->sk_shutdown); if (unlikely(state !=3D TCP_ESTABLISHED || shutdown & RCV_SHUTDOWN)) return mask; =20 - tls_ctx =3D tls_get_ctx(sk); ctx =3D tls_sw_ctx_rx(tls_ctx); psock =3D sk_psock_get(sk); =20 @@ -1094,6 +1094,13 @@ static int tls_init(struct sock *sk) ctx->tx_conf =3D TLS_BASE; ctx->rx_conf =3D TLS_BASE; ctx->tx_max_payload_len =3D TLS_MAX_PAYLOAD_SIZE; + spin_lock(&tls_prot_ops_lock); + ctx->ops =3D tls_prot_ops_find(sk->sk_protocol); + spin_unlock(&tls_prot_ops_lock); + if (!ctx->ops) { + rc =3D -EINVAL; + goto out; + } update_sk_prot(sk, ctx); out: write_unlock_bh(&sk->sk_callback_lock); diff --git a/net/tls/tls_strp.c b/net/tls/tls_strp.c index 98e12f0ff57e..f3d5c4325683 100644 --- a/net/tls/tls_strp.c +++ b/net/tls/tls_strp.c @@ -120,6 +120,7 @@ struct sk_buff *tls_strp_msg_detach(struct tls_sw_conte= xt_rx *ctx) int tls_strp_msg_cow(struct tls_sw_context_rx *ctx) { struct tls_strparser *strp =3D &ctx->strp; + struct tls_context *tls_ctx; struct sk_buff *skb; =20 if (strp->copy_mode) @@ -132,7 +133,8 @@ int tls_strp_msg_cow(struct tls_sw_context_rx *ctx) tls_strp_anchor_free(strp); strp->anchor =3D skb; =20 - tcp_read_done(strp->sk, strp->stm.full_len); + tls_ctx =3D tls_get_ctx(strp->sk); + tls_ctx->ops->read_done(strp->sk, strp->stm.full_len); strp->copy_mode =3D 1; =20 return 0; @@ -376,6 +378,7 @@ static int tls_strp_copyin(read_descriptor_t *desc, str= uct sk_buff *in_skb, =20 static int tls_strp_read_copyin(struct tls_strparser *strp) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); read_descriptor_t desc; =20 desc.arg.data =3D strp; @@ -383,13 +386,14 @@ static int tls_strp_read_copyin(struct tls_strparser = *strp) desc.count =3D 1; /* give more than one skb per call */ =20 /* sk should be locked here, so okay to do read_sock */ - tcp_read_sock(strp->sk, &desc, tls_strp_copyin); + ctx->ops->read_sock(strp->sk, &desc, tls_strp_copyin); =20 return desc.error; } =20 static int tls_strp_read_copy(struct tls_strparser *strp, bool qshort) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); struct skb_shared_info *shinfo; struct page *page; int need_spc, len; @@ -398,7 +402,7 @@ static int tls_strp_read_copy(struct tls_strparser *str= p, bool qshort) * to read the data out. Otherwise the connection will stall. * Without pressure threshold of INT_MAX will never be ready. */ - if (likely(qshort && !tcp_epollin_ready(strp->sk, INT_MAX))) + if (likely(qshort && !ctx->ops->epollin_ready(strp->sk, INT_MAX))) return 0; =20 shinfo =3D skb_shinfo(strp->anchor); @@ -434,12 +438,13 @@ static int tls_strp_read_copy(struct tls_strparser *s= trp, bool qshort) static bool tls_strp_check_queue_ok(struct tls_strparser *strp) { unsigned int len =3D strp->stm.offset + strp->stm.full_len; + struct tls_context *ctx =3D tls_get_ctx(strp->sk); struct sk_buff *first, *skb; u32 seq; =20 first =3D skb_shinfo(strp->anchor)->frag_list; skb =3D first; - seq =3D TCP_SKB_CB(first)->seq; + seq =3D ctx->ops->get_skb_seq(first); =20 /* Make sure there's no duplicate data in the queue, * and the decrypted status matches. @@ -449,7 +454,7 @@ static bool tls_strp_check_queue_ok(struct tls_strparse= r *strp) len -=3D skb->len; skb =3D skb->next; =20 - if (TCP_SKB_CB(skb)->seq !=3D seq) + if (ctx->ops->get_skb_seq(skb) !=3D seq) return false; if (skb_cmp_decrypted(first, skb)) return false; @@ -460,11 +465,12 @@ static bool tls_strp_check_queue_ok(struct tls_strpar= ser *strp) =20 static void tls_strp_load_anchor_with_queue(struct tls_strparser *strp, in= t len) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); struct tcp_sock *tp =3D tcp_sk(strp->sk); struct sk_buff *first; u32 offset; =20 - first =3D tcp_recv_skb(strp->sk, tp->copied_seq, &offset); + first =3D ctx->ops->recv_skb(strp->sk, tp->copied_seq, &offset); if (WARN_ON_ONCE(!first)) return; =20 @@ -483,6 +489,7 @@ static void tls_strp_load_anchor_with_queue(struct tls_= strparser *strp, int len) =20 bool tls_strp_msg_load(struct tls_strparser *strp, bool force_refresh) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); struct strp_msg *rxm; struct tls_msg *tlm; =20 @@ -490,7 +497,7 @@ bool tls_strp_msg_load(struct tls_strparser *strp, bool= force_refresh) DEBUG_NET_WARN_ON_ONCE(!strp->stm.full_len); =20 if (!strp->copy_mode && force_refresh) { - if (unlikely(tcp_inq(strp->sk) < strp->stm.full_len)) { + if (unlikely(ctx->ops->inq(strp->sk) < strp->stm.full_len)) { WRITE_ONCE(strp->msg_ready, 0); memset(&strp->stm, 0, sizeof(strp->stm)); return false; @@ -511,9 +518,10 @@ bool tls_strp_msg_load(struct tls_strparser *strp, boo= l force_refresh) /* Called with lock held on lower socket */ static int tls_strp_read_sock(struct tls_strparser *strp) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); int sz, inq; =20 - inq =3D tcp_inq(strp->sk); + inq =3D ctx->ops->inq(strp->sk); if (inq < 1) return 0; =20 @@ -583,10 +591,12 @@ static void tls_strp_work(struct work_struct *w) =20 void tls_strp_msg_done(struct tls_strparser *strp) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); + WARN_ON(!strp->stm.full_len); =20 if (likely(!strp->copy_mode)) - tcp_read_done(strp->sk, strp->stm.full_len); + ctx->ops->read_done(strp->sk, strp->stm.full_len); else tls_strp_flush_anchor_copy(strp); =20 diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 9937d4c810f2..f11af3fe39bf 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -1952,13 +1952,14 @@ tls_read_flush_backlog(struct sock *sk, struct tls_= prot_info *prot, size_t len_left, size_t decrypted, ssize_t done, size_t *flushed_at) { + struct tls_context *tls_ctx =3D tls_get_ctx(sk); size_t max_rec; =20 if (len_left <=3D decrypted) return false; =20 max_rec =3D prot->overhead_size - prot->tail_size + TLS_MAX_PAYLOAD_SIZE; - if (done - *flushed_at < SZ_128K && tcp_inq(sk) > max_rec) + if (done - *flushed_at < SZ_128K && tls_ctx->ops->inq(sk) > max_rec) return false; =20 *flushed_at =3D done; @@ -2489,7 +2490,7 @@ int tls_rx_msg_size(struct tls_strparser *strp, struc= t sk_buff *skb) } =20 tls_device_rx_resync_new_rec(strp->sk, data_len + TLS_HEADER_SIZE, - TCP_SKB_CB(skb)->seq + strp->stm.offset); + tls_ctx->ops->get_skb_seq(skb) + strp->stm.offset); return data_len + TLS_HEADER_SIZE; =20 read_failure: --=20 2.51.0 From nobody Mon Jan 26 00:10:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 97EE0A41 for ; Tue, 13 Jan 2026 06:13:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768284831; cv=none; b=TWAMCPvK1MnLfgNOLy95IJC8ZKA1rsI/aJW/k31hKIBrgvb1LFxuNIQs/UVQB3q0YGGmCQ8GRgrSZmnS4670FldFXz7y9286wXBIBPJwWUS19JH7VKhoKDaBYA/KvFXm7nFggbutZ/ol/V9AFdppsyyYVvuNzMxN2oN3K3ilt2Y= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768284831; c=relaxed/simple; bh=s+J0uiEWN2RKqf6vRJ0b882/FRaUaQiO4LNcZ2w7mr4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=WNoDbmj1VvBqw1Wmfleb6LdvCe6TqX/0ZWrXNzND/gwjg6WwLeD07vlULGKfbAaTuyYlWA/KMtmU9iMNEDeleqpGaxLwB3bytWL++89j5yxx8vLpX2iLnhwIEF0SVqwH6XYDo1usr7GmBJMLk2vxOkxPySn/Egv2mdjetAXLfYM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ONak/q5j; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ONak/q5j" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 46074C19421; Tue, 13 Jan 2026 06:13:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1768284831; bh=s+J0uiEWN2RKqf6vRJ0b882/FRaUaQiO4LNcZ2w7mr4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ONak/q5jdWm/hPEL51V8Y/eRoYlkWwYy+DySeqBVba0oa2BGUl+vWjXmkZJMz/w/3 poHjfJU1MJu+ivMPITjSbo2zLZVBsbmUXfv58ZPKbRXC3AWXUU70aGbMpqS4c78hmN ad6AcAhpTs9sHqXlFCwjv0GbbKPh94opSwTSnurv1OjJGnLyAgpjxpNOw/Egfv0af8 CuyULfShXFr/U2X/rSL0b3WcLzTMIIPCByWwtGUL5nvxavZu7p7vcwdIbUQHHHgo7w FJiLaaSRB7KQoKW4nkWWhuMGnX6oJmtKq09aiZBY574WH/lw6CqLLY55DOm2nVyZ1c 5auhMPPh/lcCw== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Gang Yan , Paolo Abeni Subject: [RFC mptcp-next v7 4/9] mptcp: allow overridden write_space to be invoked Date: Tue, 13 Jan 2026 14:13:30 +0800 Message-ID: <3bb02f7f4d3d58291ac1e7a2eaaf851edb636136.1768284047.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Gang Yan TLS overrides its own sk_write_space function with tls_write_space(). This patch ensures that the overridden sk_write_space can be invoked by MPTCP. Note: This patch was initially included in the NVME MPTCP set. Suggested-by: Paolo Abeni Signed-off-by: Gang Yan --- net/mptcp/protocol.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index cd5266099993..f5d4d7d030f2 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -1014,7 +1014,7 @@ static inline void mptcp_write_space(struct sock *sk) /* pairs with memory barrier in mptcp_poll */ smp_mb(); if (mptcp_stream_memory_free(sk, 1)) - sk_stream_write_space(sk); + INDIRECT_CALL_1(sk->sk_write_space, sk_stream_write_space, sk); } =20 static inline void __mptcp_sync_sndbuf(struct sock *sk) --=20 2.51.0 From nobody Mon Jan 26 00:10:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 61B42366DC7 for ; Tue, 13 Jan 2026 06:13:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768284833; cv=none; b=QC1bS2q8DMIoopCaCOhON8ChN7haI4KoizGsyBfQTkVo1UIaL+eWrBPZ3uZNrltzdDROgRhR/uKzbPsJdfViW0nN+gDLOzJcEqCin8aalXtSqTxZfYOFQKPBSSTrA/OYHWeBhp2B1RwKXu2kZO29ZXb3rpMaFyQP9dUbBbOMTb8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768284833; c=relaxed/simple; bh=GBw4zWCGkK5GIjNsRYXI1QrMdTiVpNMOHKCjnMweplQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=IvrKd2Ny5vBLzpWCg4k/4WFzZKHMEhJEVRpk52RvnLK5WpiNV+26OlGCgJXDrHClse3sFTEAkG5nlG1TLW9qAIq0EFN+gxOMbglW7E7z5FRVviclHbzWSOLsmoRHLxQ+Kew6b9jRsre1sIq35AAVvx6d3US9ZrU+LAn2zJwCmZA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=OesChuQw; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="OesChuQw" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 27E0CC116C6; Tue, 13 Jan 2026 06:13:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1768284833; bh=GBw4zWCGkK5GIjNsRYXI1QrMdTiVpNMOHKCjnMweplQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=OesChuQwPqnYR+fUHqA2cCpwNfiscKDponmM9GZS0aTS5OecRloUxaFJ4QzinTdTR MFMLDRgwU3jlixJILyjz5x0sCUhZmUvV+X5sMqyR1Z4yyLZEvcBtwuAbUniEf6u/1x rbt1+OIdzLwJdlJYI9g048Rwls024S4OaOaZ8zlE6JC9B++gGJGPvisEeJVNjy+jk7 D9DRn8y5keqvyXic1nj9XN9wVqPnnDwMWDZEvz55P0I10kmRIRHFZqsyni0Zz0JWmg KLwtRBKw7jY7Np+Pu/tl47LJlNBpFaQBBHdgdOzHlVuwzks9M3Oak1hljYY6vQBKOW uyKbPpxFlgESg== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Gang Yan Subject: [RFC mptcp-next v7 5/9] mptcp: update mptcp_check_readable Date: Tue, 13 Jan 2026 14:13:31 +0800 Message-ID: X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Gang Yan This patch makes mptcp_check_readable() aligned with TCP, and renames it to mptcp_stream_is_readable(). It will be used in the case of KTLS, because 'prot' will be modified, tls_sw_sock_is_readable() is expected to be called from prot->sock_is_readable(). Signed-off-by: Gang Yan --- net/mptcp/protocol.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 900f26e21acd..e5b59310bd27 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3239,9 +3239,11 @@ void __mptcp_unaccepted_force_close(struct sock *sk) __mptcp_destroy_sock(sk); } =20 -static __poll_t mptcp_check_readable(struct sock *sk) +static __poll_t mptcp_stream_is_readable(struct sock *sk) { - return mptcp_epollin_ready(sk) ? EPOLLIN | EPOLLRDNORM : 0; + if (mptcp_epollin_ready(sk)) + return true; + return sk_is_readable(sk); } =20 static void mptcp_check_listen_stop(struct sock *sk) @@ -4303,7 +4305,8 @@ static __poll_t mptcp_poll(struct file *file, struct = socket *sock, mask |=3D EPOLLIN | EPOLLRDNORM | EPOLLRDHUP; =20 if (state !=3D TCP_SYN_SENT && state !=3D TCP_SYN_RECV) { - mask |=3D mptcp_check_readable(sk); + if (mptcp_stream_is_readable(sk)) + mask |=3D EPOLLIN | EPOLLRDNORM; if (shutdown & SEND_SHUTDOWN) mask |=3D EPOLLOUT | EPOLLWRNORM; else --=20 2.51.0 From nobody Mon Jan 26 00:10:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7C19DA41 for ; Tue, 13 Jan 2026 06:13:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768284835; cv=none; b=Aj/KCIvf+S77JliTYtJEiOQ/DbXOupKCvC4sBGs1wLuug4ODDhTj6E8I2SLOWiYzTqsDjD5i0XRvyS+NnufBidzp3qS/pT4SFtssB8yxGhVysRp1NpJJ00b3Qhx7cvm8OlRqLaQjF1Re8HHrlc1EcTq5rP4G3+dJHFEAReA0EZ4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768284835; c=relaxed/simple; bh=J9JjOTy4iHK94lhHXIPXji1D1kdYy/srKBioKY2BVjg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=FfBxTHCY/jNGeFuBHBj5qylTZnfLrqESk8dBb+OB7sXpKveJaNwW3D0C53XSvs0gb6Vhf1BsVlzTGQRxBsueyMptbz4QJZWUUZXpZVR5VlBx8apQLdD3aAZr7KXfoqionUzmzG31ieJXRPCdsGoTz1HsDcmwNJZSqp6/YVAUhh0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=SvdtSdBM; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="SvdtSdBM" Received: by smtp.kernel.org (Postfix) with ESMTPSA id DC95EC116C6; Tue, 13 Jan 2026 06:13:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1768284835; bh=J9JjOTy4iHK94lhHXIPXji1D1kdYy/srKBioKY2BVjg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=SvdtSdBM91GateGBWyZc1tTrKN/MncPoLQkJnZnqs5cW9EVRBzHwWkwf1walGzsQY C17/bm/MmtWhGSe1FQjhz8FD6W0sOy7NjjVwSJPV9W0i+cGgO9jzI6/tib1JWVZnC0 wLC8pnDiitFk2T57jQU3x3NGse6lrQgqJrgG3JOZxZREmMsd+HfIJi9LEyXG8xNOJs e6KKEtfWfHl1oWhGvR9VClTDJj5LKd+dfEkd+nXGBC9He9q0HtZC+xPZrf9m6gjQFo 1M+nVSonXrYKRr2F89UA4BLbMkexSZLApFmOFRBe+W3D+RjODwkwxBeaaZNpxsY5BF 1UMXEDeLEJWWQ== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v7 6/9] mptcp: implement tls_mptcp_ops Date: Tue, 13 Jan 2026 14:13:32 +0800 Message-ID: <7ebe2388bbacb63ac91be1c7a9e6836c0554b292.1768284047.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang This patch implements the MPTCP-specific struct tls_prot_ops, named 'tls_mptcp_ops'. Note that there is a slight difference between mptcp_inq() and mptcp_inq_hint(), it does not return 1 when the socket is closed or shut down; instead, it returns 0. Otherwise, it would break the condition "inq < 1" in tls_strp_read_sock(). A direct call to mptcp_read_sock() could lead to a deadlock, as 'read_sock' interface of TLS might be invoked from within a softirq context. In such a scenario, lock_sock_fast(), which is called by mptcp_rcv_space_adjust() or mptcp_cleanup_rbuf(), would cause the deadlocks. To resolve it, use in_softirq() to determine whether to call mptcp_read_sock() or mptcp_read_sock_noack(). Passing an MPTCP socket to tcp_sock_rate_check_app_limited() can trigger a crash. Here, an MPTCP version of check_app_limited() is implemented, which calls tcp_sock_rate_check_app_limited() for each subflow. MPTCP TLS_HW mode is not yet implemented, returning EOPNOTSUPP here. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- include/net/mptcp.h | 2 + include/net/tcp.h | 1 + net/ipv4/tcp_rate.c | 9 +++- net/mptcp/protocol.c | 116 ++++++++++++++++++++++++++++++++++++++++--- net/tls/tls_main.c | 6 +++ 5 files changed, 126 insertions(+), 8 deletions(-) diff --git a/include/net/mptcp.h b/include/net/mptcp.h index 4cf59e83c1c5..02564eceeb7e 100644 --- a/include/net/mptcp.h +++ b/include/net/mptcp.h @@ -132,6 +132,8 @@ struct mptcp_pm_ops { void (*release)(struct mptcp_sock *msk); } ____cacheline_aligned_in_smp; =20 +extern struct tls_prot_ops tls_mptcp_ops; + #ifdef CONFIG_MPTCP void mptcp_init(void); =20 diff --git a/include/net/tcp.h b/include/net/tcp.h index 1ff682763ed3..4b2b9daada49 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -1372,6 +1372,7 @@ void tcp_rate_skb_delivered(struct sock *sk, struct s= k_buff *skb, struct rate_sample *rs); void tcp_rate_gen(struct sock *sk, u32 delivered, u32 lost, bool is_sack_reneg, struct rate_sample *rs); +void tcp_sock_rate_check_app_limited(struct tcp_sock *tp); void tcp_rate_check_app_limited(struct sock *sk); =20 static inline bool tcp_skb_sent_after(u64 t1, u64 t2, u32 seq1, u32 seq2) diff --git a/net/ipv4/tcp_rate.c b/net/ipv4/tcp_rate.c index a8f6d9d06f2e..93bf22ae58c4 100644 --- a/net/ipv4/tcp_rate.c +++ b/net/ipv4/tcp_rate.c @@ -191,9 +191,9 @@ void tcp_rate_gen(struct sock *sk, u32 delivered, u32 l= ost, } =20 /* If a gap is detected between sends, mark the socket application-limited= . */ -void tcp_rate_check_app_limited(struct sock *sk) +void tcp_sock_rate_check_app_limited(struct tcp_sock *tp) { - struct tcp_sock *tp =3D tcp_sk(sk); + struct sock *sk =3D (struct sock *)tp; =20 if (/* We have less than one packet to send. */ tp->write_seq - tp->snd_nxt < tp->mss_cache && @@ -206,4 +206,9 @@ void tcp_rate_check_app_limited(struct sock *sk) tp->app_limited =3D (tp->delivered + tcp_packets_in_flight(tp)) ? : 1; } + +void tcp_rate_check_app_limited(struct sock *sk) +{ + tcp_sock_rate_check_app_limited(tcp_sk(sk)); +} EXPORT_SYMBOL_GPL(tcp_rate_check_app_limited); diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index e5b59310bd27..7d95c0401672 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -24,11 +24,12 @@ #include #include #include +#include #include #include "protocol.h" #include "mib.h" =20 -static unsigned int mptcp_inq_hint(const struct sock *sk); +static unsigned int mptcp_inq_hint(struct sock *sk); =20 #define CREATE_TRACE_POINTS #include @@ -1884,7 +1885,7 @@ static void mptcp_rps_record_subflows(const struct mp= tcp_sock *msk) } } =20 -static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) +static int mptcp_sendmsg_locked(struct sock *sk, struct msghdr *msg, size_= t len) { struct mptcp_sock *msk =3D mptcp_sk(sk); struct page_frag *pfrag; @@ -1895,8 +1896,6 @@ static int mptcp_sendmsg(struct sock *sk, struct msgh= dr *msg, size_t len) /* silently ignore everything else */ msg->msg_flags &=3D MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL | MSG_FASTOPEN; =20 - lock_sock(sk); - mptcp_rps_record_subflows(msk); =20 if (unlikely(inet_test_bit(DEFER_CONNECT, sk) || @@ -2004,7 +2003,6 @@ static int mptcp_sendmsg(struct sock *sk, struct msgh= dr *msg, size_t len) __mptcp_push_pending(sk, msg->msg_flags); =20 out: - release_sock(sk); return copied; =20 do_error: @@ -2015,6 +2013,17 @@ static int mptcp_sendmsg(struct sock *sk, struct msg= hdr *msg, size_t len) goto out; } =20 +static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) +{ + int ret; + + lock_sock(sk); + ret =3D mptcp_sendmsg_locked(sk, msg, len); + release_sock(sk); + + return ret; +} + static void mptcp_rcv_space_adjust(struct mptcp_sock *msk, int copied); =20 static void mptcp_eat_recv_skb(struct sock *sk, struct sk_buff *skb) @@ -2242,7 +2251,7 @@ static bool mptcp_move_skbs(struct sock *sk) return enqueued; } =20 -static unsigned int mptcp_inq_hint(const struct sock *sk) +static int mptcp_inq(struct sock *sk) { const struct mptcp_sock *msk =3D mptcp_sk(sk); const struct sk_buff *skb; @@ -2257,6 +2266,16 @@ static unsigned int mptcp_inq_hint(const struct sock= *sk) return (unsigned int)hint_val; } =20 + return 0; +} + +static unsigned int mptcp_inq_hint(struct sock *sk) +{ + unsigned int inq =3D mptcp_inq(sk); + + if (inq) + return inq; + if (sk->sk_state =3D=3D TCP_CLOSE || (sk->sk_shutdown & RCV_SHUTDOWN)) return 1; =20 @@ -4678,3 +4697,88 @@ int __init mptcp_proto_v6_init(void) return err; } #endif + +static struct sk_buff *mptcp_recv_skb_tls(struct sock *sk, u32 seq, u32 *o= ff) +{ + return mptcp_recv_skb(sk, off); +} + +static void mptcp_read_done(struct sock *sk, size_t len) +{ + struct mptcp_sock *msk =3D mptcp_sk(sk); + struct sk_buff *skb; + size_t left; + u32 offset; + + msk_owned_by_me(msk); + + if (sk->sk_state =3D=3D TCP_LISTEN) + return; + + left =3D len; + while (left && (skb =3D mptcp_recv_skb(sk, &offset)) !=3D NULL) { + int used; + + used =3D min_t(size_t, skb->len - offset, left); + msk->bytes_consumed +=3D used; + MPTCP_SKB_CB(skb)->offset +=3D used; + MPTCP_SKB_CB(skb)->map_seq +=3D used; + left -=3D used; + + if (skb->len > offset + used) + break; + + mptcp_eat_recv_skb(sk, skb); + } + + mptcp_rcv_space_adjust(msk, len - left); + + /* Clean up data we have read: This will do ACK frames. */ + if (left !=3D len) + mptcp_cleanup_rbuf(msk, len - left); +} + +static u32 mptcp_get_skb_seq(struct sk_buff *skb) +{ + return MPTCP_SKB_CB(skb)->map_seq; +} + +static int mptcp_read_sock_tls(struct sock *sk, read_descriptor_t *desc, + sk_read_actor_t recv_actor) +{ + return __mptcp_read_sock(sk, desc, recv_actor, in_softirq()); +} + +static bool mptcp_epollin_ready_tls(const struct sock *sk, int target) +{ + return mptcp_epollin_ready(sk); +} + +static void mptcp_check_app_limited(struct sock *sk) +{ + struct mptcp_sock *msk =3D mptcp_sk(sk); + struct mptcp_subflow_context *subflow; + + mptcp_for_each_subflow(msk, subflow) { + struct sock *ssk =3D mptcp_subflow_tcp_sock(subflow); + bool slow; + + slow =3D lock_sock_fast(ssk); + tcp_sock_rate_check_app_limited(tcp_sk(ssk)); + unlock_sock_fast(ssk, slow); + } +} + +struct tls_prot_ops tls_mptcp_ops =3D { + .protocol =3D IPPROTO_MPTCP, + .inq =3D mptcp_inq, + .sendmsg_locked =3D mptcp_sendmsg_locked, + .recv_skb =3D mptcp_recv_skb_tls, + .read_done =3D mptcp_read_done, + .get_skb_seq =3D mptcp_get_skb_seq, + .read_sock =3D mptcp_read_sock_tls, + .poll =3D mptcp_poll, + .epollin_ready =3D mptcp_epollin_ready_tls, + .check_app_limited =3D mptcp_check_app_limited, +}; +EXPORT_SYMBOL(tls_mptcp_ops); diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index e8bb745029e4..75e01f2dde26 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -772,6 +772,9 @@ static int do_tls_setsockopt_conf(struct sock *sk, sock= ptr_t optval, tls_sw_strparser_arm(sk, ctx); } =20 + if (conf =3D=3D TLS_HW && sk->sk_protocol =3D=3D IPPROTO_MPTCP) + return -EOPNOTSUPP; + if (tx) ctx->tx_conf =3D conf; else @@ -1332,6 +1335,9 @@ static int __init tls_register(void) tcp_register_ulp(&tcp_tls_ulp_ops); =20 tls_register_prot_ops(&tls_tcp_ops); +#ifdef CONFIG_MPTCP + tls_register_prot_ops(&tls_mptcp_ops); +#endif =20 return 0; err_strp: --=20 2.51.0 From nobody Mon Jan 26 00:10:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ADCD7366DDA for ; Tue, 13 Jan 2026 06:13:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768284837; cv=none; b=cPYz7VTdvxST4FB1KwklsAWfTBcjFsATEY19euu0NpW2QWjftzwkAr0ZuNr86DbLAffT6CIkepxzCi/TeWPCuUSz9e2IPCiDKkEjGd1RCAvKGE6FPlF1ywbzJnWQUF9xE8qKamZx/8rJ3YRFkwO/3++XhGd30dG7kUuqwr1ozSg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768284837; c=relaxed/simple; bh=vE9bHUlxjKVxWB2oL0nOeYzwSvj2VRUG8O2v0SVGfmo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=k9uPW39SDBYugP12INRM+SG/LWCKVVp0LOFxvqDMZ6OOAKV5/UtJKcJDiRrbqhYKnF/WSOxM4BxJWQx2bd02Hr1FbMdorSNEClyv6ZwF7bS/TekYNT9tisn30obVT9e+6azeg2aqX4YL9S1eOsfo59S22aJti/z2zVGCsjPZVA4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=mctwxc74; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="mctwxc74" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0CDD2C19421; Tue, 13 Jan 2026 06:13:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1768284837; bh=vE9bHUlxjKVxWB2oL0nOeYzwSvj2VRUG8O2v0SVGfmo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=mctwxc74b+USSEMzUbK48HQl/IdLJn6ejIBiBVppuUyMT46VBiPAOZAtrpmGIVneM mRvsBEW0qsOS7VeSQoP3S5py+SKO36i/lnbsKX8Te3TE1aGIO62NTWi8iTgPM7hOoQ /Alk24HpoXBkEc/1TbbOdnT8i1fBPr1IFwAdPZ7hVfGjNQ5iqVLoMqtD/EZW+Do0QZ mOMdmWKbx2hajl29kfmdUFy7atoJEeA5QXQfbEWCh6gBd2K870SXbuCUaEkP8cVK0j 5eX+OhX99vbt+uc+5WKt2RDeVbhC737RbYQVwfBQPw2EHIADVO+KDgBnZRUx0WCGBE fqABZKGoCFRPA== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v7 7/9] mptcp: update ULP getsockopt Date: Tue, 13 Jan 2026 14:13:33 +0800 Message-ID: <97b5a86944d3704fc1e2b8a3b5eb5c177508c51b.1768284047.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang This patch extracts TCP_ULP getsockopt operation into a tcp_sock_get_ulp() helper so that it can also be used in MPTCP. TCP_ULP was obtained by calling mptcp_getsockopt_first_sf_only() to get ULP of the first subflow. Now that the mechanism has changed, a new helper mptcp_getsockopt_tcp_ulp() is added to get ULP of msk. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- include/linux/tcp.h | 1 + net/ipv4/tcp.c | 36 ++++++++++++++++++++++-------------- net/mptcp/sockopt.c | 12 ++++++++++++ 3 files changed, 35 insertions(+), 14 deletions(-) diff --git a/include/linux/tcp.h b/include/linux/tcp.h index 20b8c6e21fef..6f0becc26402 100644 --- a/include/linux/tcp.h +++ b/include/linux/tcp.h @@ -644,6 +644,7 @@ void tcp_sock_set_quickack(struct sock *sk, int val); int tcp_sock_set_syncnt(struct sock *sk, int val); int tcp_sock_set_user_timeout(struct sock *sk, int val); int tcp_sock_set_maxseg(struct sock *sk, int val); +int tcp_sock_get_ulp(struct sock *sk, sockptr_t optval, sockptr_t optlen); =20 static inline bool dst_tcp_usec_ts(const struct dst_entry *dst) { diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index ed6dc29d422d..5ea4d94d67db 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -4436,6 +4436,27 @@ struct sk_buff *tcp_get_timestamping_opt_stats(const= struct sock *sk, return stats; } =20 +int tcp_sock_get_ulp(struct sock *sk, sockptr_t optval, sockptr_t optlen) +{ + struct inet_connection_sock *icsk =3D inet_csk(sk); + int len; + + if (copy_from_sockptr(&len, optlen, sizeof(int))) + return -EFAULT; + len =3D min_t(unsigned int, len, TCP_ULP_NAME_MAX); + if (!icsk->icsk_ulp_ops) { + len =3D 0; + if (copy_to_sockptr(optlen, &len, sizeof(int))) + return -EFAULT; + return 0; + } + if (copy_to_sockptr(optlen, &len, sizeof(int))) + return -EFAULT; + if (copy_to_sockptr(optval, icsk->icsk_ulp_ops->name, len)) + return -EFAULT; + return 0; +} + int do_tcp_getsockopt(struct sock *sk, int level, int optname, sockptr_t optval, sockptr_t optlen) { @@ -4545,20 +4566,7 @@ int do_tcp_getsockopt(struct sock *sk, int level, return 0; =20 case TCP_ULP: - if (copy_from_sockptr(&len, optlen, sizeof(int))) - return -EFAULT; - len =3D min_t(unsigned int, len, TCP_ULP_NAME_MAX); - if (!icsk->icsk_ulp_ops) { - len =3D 0; - if (copy_to_sockptr(optlen, &len, sizeof(int))) - return -EFAULT; - return 0; - } - if (copy_to_sockptr(optlen, &len, sizeof(int))) - return -EFAULT; - if (copy_to_sockptr(optval, icsk->icsk_ulp_ops->name, len)) - return -EFAULT; - return 0; + return tcp_sock_get_ulp(sk, optval, optlen); =20 case TCP_FASTOPEN_KEY: { u64 key[TCP_FASTOPEN_KEY_BUF_LENGTH / sizeof(u64)]; diff --git a/net/mptcp/sockopt.c b/net/mptcp/sockopt.c index de90a2897d2d..a6230f7910fd 100644 --- a/net/mptcp/sockopt.c +++ b/net/mptcp/sockopt.c @@ -1393,6 +1393,17 @@ static int mptcp_put_int_option(struct mptcp_sock *m= sk, char __user *optval, return 0; } =20 +static int mptcp_getsockopt_tcp_ulp(struct sock *sk, char __user *optval, + int __user *optlen) +{ + int ret; + + lock_sock(sk); + ret =3D tcp_sock_get_ulp(sk, USER_SOCKPTR(optval), USER_SOCKPTR(optlen)); + release_sock(sk); + return ret; +} + static int mptcp_getsockopt_sol_tcp(struct mptcp_sock *msk, int optname, char __user *optval, int __user *optlen) { @@ -1400,6 +1411,7 @@ static int mptcp_getsockopt_sol_tcp(struct mptcp_sock= *msk, int optname, =20 switch (optname) { case TCP_ULP: + return mptcp_getsockopt_tcp_ulp(sk, optval, optlen); case TCP_CONGESTION: case TCP_INFO: case TCP_CC_INFO: --=20 2.51.0 From nobody Mon Jan 26 00:10:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AA61D366DC7 for ; Tue, 13 Jan 2026 06:13:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768284839; cv=none; b=AzD69EIcLI9TYYerRN2Wcbmhl60fbvCFZ8HrquRi/jHjnSle1SRdp6hkDfmZRn9vDnHsyjgdpfl8fB54J3EL73rxVidMhsy49Sj+FcbWSseMl8G6XKJYgRcbZVtwJYo7ARglgSGEZeUnWrMkuWBVoItI3+6vjqt/fkUnYW9IeZI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768284839; c=relaxed/simple; bh=8g9uy+Z67Gx4B1Pan9h6BnbgoBxMF4YXxG+y/OKQFpQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Y0TC4jYOwxAHkOX0W7iciiapq+61YGA9IwxUkRhYMi90WKzAzwToZ0lEHhKUBgILil/9t89znFTxc5JZnPcBk04wADTYSkS+hvlEHy9ncXmMjOwCQb+Z1KfZs1jH4NuDXepJyA/m14HYwk4hwEV+HmOE44LOa/SEE0wLgor0kWk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=BTAZDnPR; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="BTAZDnPR" Received: by smtp.kernel.org (Postfix) with ESMTPSA id DB276C116C6; Tue, 13 Jan 2026 06:13:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1768284839; bh=8g9uy+Z67Gx4B1Pan9h6BnbgoBxMF4YXxG+y/OKQFpQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=BTAZDnPREG8vB35X/RLlm6zSDWy/XDliNIm6dEUpUv8krTXahfQt6HhjR0uZSCJ2h uG45SyrJfQ74QeYr6gbY19zT+6arvAdfRV+gpWg/TviBuZFqu8x4nwvqZQnx11aSc5 FZTl/0C4AJ3Xl6RxaBAwBBYM4cIGl2lcx22W7iUlXDuvPpqYsb0MLE+nfVi9tpIhTm IT26GtvHfeJjJeTgqkofhVHxJAmu6L72AeMnc9mYnGN3mH+aHjHvGIJqfIk9aGy9aG FUSk7ssI3N9aozoFKK+ghQ/FEhNwF/DqEMCshXCn20gQw648FJVree9nJ9EX7Swli0 1j2BROwwTj96g== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v7 8/9] mptcp: enable TLS setsockopt Date: Tue, 13 Jan 2026 14:13:34 +0800 Message-ID: <3e7d76ee08f8bbf381450a2fda6b571ca0b31472.1768284047.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang This patch extracts TCP_ULP setsockopt operation into a tcp_sock_set_ulp() helper so that it can also be used in MPTCP. Add MPTCP TLS setsockopt support in mptcp_setsockopt_sol_tcp(). It allows setting the TCP_ULP option to 'tls' exclusively, and enables configuration of the TLS_TX and TLS_RX options at the SOL_TLS level. This option cannot be set when the socket is in CLOSE or LISTEN state. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- include/linux/tcp.h | 1 + net/ipv4/tcp.c | 42 ++++++++++++++++++++++++------------------ net/mptcp/sockopt.c | 24 +++++++++++++++++++++++- 3 files changed, 48 insertions(+), 19 deletions(-) diff --git a/include/linux/tcp.h b/include/linux/tcp.h index 6f0becc26402..46b83895908c 100644 --- a/include/linux/tcp.h +++ b/include/linux/tcp.h @@ -645,6 +645,7 @@ int tcp_sock_set_syncnt(struct sock *sk, int val); int tcp_sock_set_user_timeout(struct sock *sk, int val); int tcp_sock_set_maxseg(struct sock *sk, int val); int tcp_sock_get_ulp(struct sock *sk, sockptr_t optval, sockptr_t optlen); +int tcp_sock_set_ulp(struct sock *sk, sockptr_t optval, unsigned int optle= n); =20 static inline bool dst_tcp_usec_ts(const struct dst_entry *dst) { diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index 5ea4d94d67db..7dd6000247f7 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -3807,6 +3807,28 @@ int tcp_sock_set_maxseg(struct sock *sk, int val) return 0; } =20 +int tcp_sock_set_ulp(struct sock *sk, sockptr_t optval, unsigned int optle= n) +{ + char name[TCP_ULP_NAME_MAX]; + int err =3D 0; + size_t len; + int val; + + if (optlen < 1) + return -EINVAL; + + len =3D min_t(long, TCP_ULP_NAME_MAX - 1, optlen); + val =3D strncpy_from_sockptr(name, optval, len); + if (val < 0) + return -EFAULT; + name[val] =3D 0; + + sockopt_lock_sock(sk); + err =3D tcp_set_ulp(sk, name); + sockopt_release_sock(sk); + return err; +} + /* * Socket option code for TCP. */ @@ -3840,24 +3862,8 @@ int do_tcp_setsockopt(struct sock *sk, int level, in= t optname, sockopt_release_sock(sk); return err; } - case TCP_ULP: { - char name[TCP_ULP_NAME_MAX]; - - if (optlen < 1) - return -EINVAL; - - val =3D strncpy_from_sockptr(name, optval, - min_t(long, TCP_ULP_NAME_MAX - 1, - optlen)); - if (val < 0) - return -EFAULT; - name[val] =3D 0; - - sockopt_lock_sock(sk); - err =3D tcp_set_ulp(sk, name); - sockopt_release_sock(sk); - return err; - } + case TCP_ULP: + return tcp_sock_set_ulp(sk, optval, optlen); case TCP_FASTOPEN_KEY: { __u8 key[TCP_FASTOPEN_KEY_BUF_LENGTH]; __u8 *backup_key =3D NULL; diff --git a/net/mptcp/sockopt.c b/net/mptcp/sockopt.c index a6230f7910fd..c0c95c405b43 100644 --- a/net/mptcp/sockopt.c +++ b/net/mptcp/sockopt.c @@ -12,6 +12,7 @@ #include #include #include +#include #include "protocol.h" =20 #define MIN_INFO_OPTLEN_SIZE 16 @@ -567,6 +568,7 @@ static bool mptcp_supported_sockopt(int level, int optn= ame) case TCP_FASTOPEN_CONNECT: case TCP_FASTOPEN_KEY: case TCP_FASTOPEN_NO_COOKIE: + case TCP_ULP: return true; } =20 @@ -576,6 +578,13 @@ static bool mptcp_supported_sockopt(int level, int opt= name) * TCP_REPAIR_WINDOW are not supported, better avoid this mess */ } + if (level =3D=3D SOL_TLS) { + switch (optname) { + case TLS_TX: + case TLS_RX: + return true; + } + } return false; } =20 @@ -815,6 +824,19 @@ static int mptcp_setsockopt_all_sf(struct mptcp_sock *= msk, int level, return ret; } =20 +static int mptcp_setsockopt_tcp_ulp(struct sock *sk, sockptr_t optval, uns= igned int optlen) +{ + char ulp[4] =3D ""; + + if (copy_from_user(ulp, optval.user, 4)) + return -EFAULT; + if (strcmp(ulp, "tls\0")) + return -EOPNOTSUPP; + if ((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN)) + return -ENOTCONN; + return tcp_sock_set_ulp(sk, optval, optlen); +} + static int mptcp_setsockopt_sol_tcp(struct mptcp_sock *msk, int optname, sockptr_t optval, unsigned int optlen) { @@ -823,7 +845,7 @@ static int mptcp_setsockopt_sol_tcp(struct mptcp_sock *= msk, int optname, =20 switch (optname) { case TCP_ULP: - return -EOPNOTSUPP; + return mptcp_setsockopt_tcp_ulp(sk, optval, optlen); case TCP_CONGESTION: return mptcp_setsockopt_sol_tcp_congestion(msk, optval, optlen); case TCP_DEFER_ACCEPT: --=20 2.51.0 From nobody Mon Jan 26 00:10:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3B823366DC5 for ; Tue, 13 Jan 2026 06:14:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768284841; cv=none; b=kz1+rAzQfkMdPSXmg9aEp/0vUWtsCrIW9pVkt2QaCZdb8wAO6mkHS0z2W+H2LOETSXb+mcbYHijegbflAZE9Nd9h8uIS50nv1MBCri2/8vZRqnyb47SviXVa2qcw3EhoRENtj1NF9ihkvDuZF4vOrIZY50uy3nUYG7bY8DRD/d4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768284841; c=relaxed/simple; bh=QgcOK8gHhJAwc8+O/5aTxT9bEGlRJLknDJedT9CwB/E=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=EeGIFX05hCRusmqKYFD7Jc6NN1Lrzkep1FR+O9kzreEXZjfd1WQX3C759AuZAhn+Kw2R65L7N6HGAyJX+mN7w+KZHu0xbmq3n8Q1r6zncAs/T4Kwg7Drsz4shIcrKz1TwtTs5WKmkpFq/6/ns3ZLE4+Ude8HtWrae405yMG+DeM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=p6NgOFQL; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="p6NgOFQL" Received: by smtp.kernel.org (Postfix) with ESMTPSA id CDFB1C116C6; Tue, 13 Jan 2026 06:13:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1768284841; bh=QgcOK8gHhJAwc8+O/5aTxT9bEGlRJLknDJedT9CwB/E=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=p6NgOFQLpgLVHa0NUavRCMog6cxI4Ow1RoApYbP8USnCHz6jK/sTPheotPpNN5UCz nXx8RRYMUNIjFgagnnY8Wrp2qZ3LhZdyOyHBbXgLXkTsD6QavZcC9jPDLuedl8UoHK oQrRlAyWl3MNjE0OYKyjznR0wLK+45mTO0hdRoB0Jp0jatuTqarvdD0qFgrKGfTcw+ KovvTNS6mk8VqqARlrBShuyrwBQpAK/4MUR5sUaafWp6/eN88AUyf/dyPAg4i7Rtd3 RHZ0BCI7LHhpMs4dbmojCGoTkzInegW1ROWCvXvLzyJKVKr3H3o+f+nIjxj0XZ1AZz sFf+9CDaiZd2A== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v7 9/9] selftests: mptcp: add mptcp tls tests Date: Tue, 13 Jan 2026 14:13:35 +0800 Message-ID: X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang With KTLS being implemented, "tls" should no longer be used in sock_test_tcpulp(), it breaks mptcp_connect.sh tests. Another ULP name, "smc", is set instead in this patch. Update the last two TCP TLS tests to MPTCP TLS tests. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- .../selftests/net/mptcp/mptcp_connect.c | 2 +- .../testing/selftests/net/mptcp/mptcp_join.sh | 18 +++++++++--------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.c b/tools/test= ing/selftests/net/mptcp/mptcp_connect.c index 6fb3c0bf879b..5d1dd7b66ed6 100644 --- a/tools/testing/selftests/net/mptcp/mptcp_connect.c +++ b/tools/testing/selftests/net/mptcp/mptcp_connect.c @@ -324,7 +324,7 @@ static void sock_test_tcpulp(int sock, int proto, unsig= ned int line) if (ret =3D=3D 0) X("setsockopt"); } else if (proto =3D=3D IPPROTO_MPTCP) { - ret =3D do_ulp_so(sock, "tls"); + ret =3D do_ulp_so(sock, "smc"); if (ret !=3D -1) X("setsockopt"); } diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testin= g/selftests/net/mptcp/mptcp_join.sh index 6f8c6a03e760..883b079d8e33 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -4323,28 +4323,28 @@ tls_tests() chk_join_nr 0 0 0 fi =20 - # multiple subflows, tls, TCP - if reset "multiple subflows, tls, TCP"; then + # multiple subflows, tls, MPTCP + if reset "multiple subflows, tls, MPTCP"; then pm_nl_set_limits $ns1 0 2 pm_nl_set_limits $ns2 0 2 pm_nl_add_endpoint $ns2 10.0.2.2 flags subflow pm_nl_add_endpoint $ns2 10.0.3.2 flags subflow test_linkfail=3D1024 tls=3D1 \ - run_tests $ns1 $ns2 10.0.1.1 TCP TCP - chk_join_nr 0 0 0 + run_tests $ns1 $ns2 10.0.1.1 + chk_join_nr 2 2 2 fi =20 - # multiple subflows, signal, tls, TCP - if reset "multiple subflows, signal, tls, TCP"; then + # multiple subflows, signal, tls, MPTCP + if reset "multiple subflows, signal, tls, MPTCP"; then pm_nl_set_limits $ns1 0 3 pm_nl_add_endpoint $ns1 10.0.2.1 dev ns1eth2 flags signal pm_nl_set_limits $ns2 1 3 pm_nl_add_endpoint $ns2 10.0.3.2 dev ns2eth3 flags subflow pm_nl_add_endpoint $ns2 10.0.4.2 dev ns2eth4 flags subflow test_linkfail=3D2048 tls=3D1 \ - run_tests $ns1 $ns2 10.0.1.1 TCP TCP - chk_join_nr 0 0 0 - chk_add_nr 0 0 + run_tests $ns1 $ns2 10.0.1.1 + chk_join_nr 3 3 3 + chk_add_nr 1 1 fi } =20 --=20 2.51.0