From nobody Mon Jan 26 00:10:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4E96638736E for ; Tue, 13 Jan 2026 09:09:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768295368; cv=none; b=X+kzvppLJ03Ajilu+ot1KSuTtnkNwaORD6KkYHkr9SfJiz1dTTq56+qzWP/npjkpEXOF/kF6wczxWuO0cm5GubN2CUNHlcou1GD8mDqmTp1DTTgN92eefCLwfNu3uMRXw0jwfzGu5GgpNPWwPnOn28Df0qGmrFcJYMREczTGowE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768295368; c=relaxed/simple; bh=ULmkRt8uJRoJgVg9yEjYEPTAk1TrZeGQN/u57a1Xb/Q=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=p3CVHLSr/G82bfhSMSi6Kwuw/BKAlEFYjSf+S4H3Iiba2/0ydFKAPEbOUUdvWBV6L9gN57wGJgKANdNdSammwrPu51LC4HwX7Ps1yxTHu+pEluJjiz0Ls61bixxX3UzvlKAiNe9+l/9YYZ8A9VKIUCMWMUzsS2BqLInDF249U7I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=l3/iBI7e; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="l3/iBI7e" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3C862C19422; Tue, 13 Jan 2026 09:09:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1768295367; bh=ULmkRt8uJRoJgVg9yEjYEPTAk1TrZeGQN/u57a1Xb/Q=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=l3/iBI7e0ytwvwLwTgpOyEllwYB5t8ikH65QhGwxKfKQfgxkxqMUxc8fVTbnSI4FD HB1dwLv5zKy6Hh0/ETe4J/Guqutl46xNeqa9iL2KcbVLpstEh1xP/rSTn5veDPPlk7 AJl0ZkdsPRxbCF7wEVYi6p8XkWdJQnyoNV3lnegwwhnF6RZSsMTKaxozpXsz4YXrsy VPDzQLDnreYKWLDaeyvglid0O4G+kqP01dU4e7GfJQPU0LuC4H2fQvlBbVNR56cisv VsVVY55BZoZMl+2r/0uhs/am4wbFzQQtlqYJnkTq8KJV396c2wHNAFhVM8JoM8nJ1S uRLa92d397e1A== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v8 1/9] selftests: mptcp: add tcp tls tests Date: Tue, 13 Jan 2026 17:09:09 +0800 Message-ID: <0fc65c3feb01336c68c70347f2ab29c5a22215ad.1768294706.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang This patch adds "cl_proto" and "srv_proto" parameters to run_tests, enabling TCP testing in mptcp_join.sh. A new TLS type has been added to cfg_sockopt_types, enabled via the parameter "-o TLS". do_setsockopt_tls() has been implemented to set TLS parameters for both the server and client. Three TCP TLS tests have been added to mptcp_join.sh. The command "./mptcp_join.sh -c" can be used to run the tests. After adding TLS configuration, sock_test_tcpulp() needs to be updated as getsockopt ULP may now return not only "mptcp" but also "tls". These tests report "read: Resource temporarily unavailable" errors occasionally, which is fixed by adding handling for EAGAIN in copyfd_io_poll(). Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- tools/testing/selftests/net/mptcp/config | 1 + .../selftests/net/mptcp/mptcp_connect.c | 51 ++++++++++++++++++- .../testing/selftests/net/mptcp/mptcp_join.sh | 45 +++++++++++++++- 3 files changed, 94 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/net/mptcp/config b/tools/testing/selft= ests/net/mptcp/config index 59051ee2a986..18bd29ac5b24 100644 --- a/tools/testing/selftests/net/mptcp/config +++ b/tools/testing/selftests/net/mptcp/config @@ -34,3 +34,4 @@ CONFIG_NFT_SOCKET=3Dm CONFIG_NFT_TPROXY=3Dm CONFIG_SYN_COOKIES=3Dy CONFIG_VETH=3Dy +CONFIG_TLS=3Dy diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.c b/tools/test= ing/selftests/net/mptcp/mptcp_connect.c index 1c4fe60089a2..6fb3c0bf879b 100644 --- a/tools/testing/selftests/net/mptcp/mptcp_connect.c +++ b/tools/testing/selftests/net/mptcp/mptcp_connect.c @@ -34,6 +34,7 @@ #include #include #include +#include =20 extern int optind; =20 @@ -89,6 +90,7 @@ struct cfg_cmsg_types { struct cfg_sockopt_types { unsigned int transparent:1; unsigned int mptfo:1; + unsigned int tls:1; }; =20 struct tcp_inq_state { @@ -272,6 +274,39 @@ static int do_ulp_so(int sock, const char *name) return setsockopt(sock, IPPROTO_TCP, TCP_ULP, name, strlen(name)); } =20 +static void do_setsockopt_tls(int fd) +{ + struct tls12_crypto_info_aes_gcm_128 tls_tx =3D { + .info =3D { + .version =3D TLS_1_2_VERSION, + .cipher_type =3D TLS_CIPHER_AES_GCM_128, + }, + }; + struct tls12_crypto_info_aes_gcm_128 tls_rx =3D { + .info =3D { + .version =3D TLS_1_2_VERSION, + .cipher_type =3D TLS_CIPHER_AES_GCM_128, + }, + }; + int so_buf =3D 6553500; + int err; + + err =3D do_ulp_so(fd, "tls"); + if (err) + xerror("setsockopt TCP_ULP"); + + err =3D setsockopt(fd, SOL_TLS, TLS_TX, (void *)&tls_tx, sizeof(tls_tx)); + if (err) + xerror("setsockopt TLS_TX"); + + err =3D setsockopt(fd, SOL_TLS, TLS_RX, (void *)&tls_rx, sizeof(tls_rx)); + if (err) + xerror("setsockopt TLS_RX"); + + set_sndbuf(fd, so_buf); + set_rcvbuf(fd, so_buf); +} + #define X(m) xerror("%s:%u: %s: failed for proto %d at line %u", __FILE__,= __LINE__, (m), proto, line) static void sock_test_tcpulp(int sock, int proto, unsigned int line) { @@ -283,7 +318,7 @@ static void sock_test_tcpulp(int sock, int proto, unsig= ned int line) X("getsockopt"); =20 if (buflen > 0) { - if (strcmp(buf, "mptcp") !=3D 0) + if (strcmp(buf, "mptcp") !=3D 0 && strcmp(buf, "tls") !=3D 0) xerror("unexpected ULP '%s' for proto %d at line %u", buf, proto, line); ret =3D do_ulp_so(sock, "tls"); if (ret =3D=3D 0) @@ -425,8 +460,11 @@ static int sock_connect_mptcp(const char * const remot= eaddr, } =20 freeaddrinfo(addr); - if (sock !=3D -1) + if (sock !=3D -1) { SOCK_TEST_TCPULP(sock, proto); + if (cfg_sockopt_types.tls) + do_setsockopt_tls(sock); + } return sock; } =20 @@ -687,6 +725,8 @@ static int copyfd_io_poll(int infd, int peerfd, int out= fd, =20 /* Else, still have data to transmit */ } else if (len < 0) { + if (errno =3D=3D EAGAIN) + continue; if (cfg_rcv_trunc) return 0; perror("read"); @@ -1199,6 +1239,8 @@ int main_loop_s(int listensock) } =20 SOCK_TEST_TCPULP(remotesock, 0); + if (cfg_sockopt_types.tls) + do_setsockopt_tls(remotesock); =20 memset(&winfo, 0, sizeof(winfo)); err =3D copyfd_io(fd, remotesock, 1, true, &winfo); @@ -1299,6 +1341,11 @@ static void parse_setsock_options(const char *name) return; } =20 + if (strncmp(name, "TLS", len) =3D=3D 0) { + cfg_sockopt_types.tls =3D 1; + return; + } + fprintf(stderr, "Unrecognized setsockopt option %s\n", name); exit(1); } diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testin= g/selftests/net/mptcp/mptcp_join.sh index b2e6e548f796..6f8c6a03e760 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -63,6 +63,7 @@ unset fastclose unset fullmesh unset speed unset bind_addr +unset tls unset join_syn_rej unset join_csum_ns1 unset join_csum_ns2 @@ -974,6 +975,7 @@ do_transfer() local fastclose=3D${fastclose:-""} local speed=3D${speed:-"fast"} local bind_addr=3D${bind_addr:-"::"} + local tls=3D${tls:-""} local listener_in=3D"${sin}" local connector_in=3D"${cin}" port=3D$(get_port) @@ -995,6 +997,10 @@ do_transfer() extra_args=3D"-r ${speed}" fi =20 + if [ -n "${tls}" ] && [ ${tls} =3D "1" ]; then + extra_args=3D"$extra_args -o TLS" + fi + local extra_cl_args=3D"" local extra_srv_args=3D"" local trunc_size=3D"" @@ -1105,6 +1111,8 @@ run_tests() local listener_ns=3D"$1" local connector_ns=3D"$2" local connect_addr=3D"$3" + local cl_proto=3D"${4:-MPTCP}" + local srv_proto=3D"${5:-MPTCP}" =20 local size local test_linkfail=3D${test_linkfail:-0} @@ -1149,7 +1157,7 @@ run_tests() make_file "$sinfail" "server" $size fi =20 - do_transfer ${listener_ns} ${connector_ns} MPTCP MPTCP ${connect_addr} + do_transfer ${listener_ns} ${connector_ns} ${cl_proto} ${srv_proto} ${con= nect_addr} } =20 _dump_stats() @@ -4306,6 +4314,40 @@ endpoint_tests() fi } =20 +tls_tests() +{ + # single subflow, tls, TCP + if reset "single subflow, tls, TCP"; then + test_linkfail=3D128 tls=3D1 \ + run_tests $ns1 $ns2 10.0.1.1 TCP TCP + chk_join_nr 0 0 0 + fi + + # multiple subflows, tls, TCP + if reset "multiple subflows, tls, TCP"; then + pm_nl_set_limits $ns1 0 2 + pm_nl_set_limits $ns2 0 2 + pm_nl_add_endpoint $ns2 10.0.2.2 flags subflow + pm_nl_add_endpoint $ns2 10.0.3.2 flags subflow + test_linkfail=3D1024 tls=3D1 \ + run_tests $ns1 $ns2 10.0.1.1 TCP TCP + chk_join_nr 0 0 0 + fi + + # multiple subflows, signal, tls, TCP + if reset "multiple subflows, signal, tls, TCP"; then + pm_nl_set_limits $ns1 0 3 + pm_nl_add_endpoint $ns1 10.0.2.1 dev ns1eth2 flags signal + pm_nl_set_limits $ns2 1 3 + pm_nl_add_endpoint $ns2 10.0.3.2 dev ns2eth3 flags subflow + pm_nl_add_endpoint $ns2 10.0.4.2 dev ns2eth4 flags subflow + test_linkfail=3D2048 tls=3D1 \ + run_tests $ns1 $ns2 10.0.1.1 TCP TCP + chk_join_nr 0 0 0 + chk_add_nr 0 0 + fi +} + # [$1: error message] usage() { @@ -4356,6 +4398,7 @@ all_tests_sorted=3D( F@fail_tests u@userspace_tests I@endpoint_tests + c@tls_tests ) =20 all_tests_args=3D"" --=20 2.51.0 From nobody Mon Jan 26 00:10:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4743B387370 for ; Tue, 13 Jan 2026 09:09:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768295370; cv=none; b=c2DtZmsMJj+bfZbCVz1OX8gdNJ1K5oSTm/OfhJdM4Q+fYN/q80yXiJvv0jgVw42PduTFIduxzMvBj6kwmz2s89SUXEOUZ+4D4+qJ/Q+nPj1HgStpRbkeSPgvMJVPEAR56HSDxbmeD19LBc0HaBhQP2X736D4s0bdBXxtxS3/V6A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768295370; c=relaxed/simple; bh=/POyJlwe/PXLa9O/e5at4Mlm9gFzE6S9sUvtynzRHP4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=T94EyQau4hDaImW+9DILAbGURt1oIZ+iZqu7e3tP9BBct6W1M58bF2+bjr3D4cMISzGXuOy1T/Ma/PVSFnWs9TcAjIHQfN8uzukuc/5Ca16fvHuZNoa2EwFhKTwrkG0NzErhvckqSqvczRACDH44fF+5SlpSN61iScVUs0eLwdo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=pG8V1QMd; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="pG8V1QMd" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 61FDEC19423; Tue, 13 Jan 2026 09:09:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1768295369; bh=/POyJlwe/PXLa9O/e5at4Mlm9gFzE6S9sUvtynzRHP4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=pG8V1QMdP0SakAOsKjxMyvYaeQucaUU/j0co4nW2odJktI269nKQvJhR3sY7wUPbm 8wEXb4fxMQqu0ZLTtHhptAqRwjQYJuPzHalNkcUZU1mlFh1fEr2cKqtPrNuNn5avfz PqolhGpguZr9MX3nmUg/jqGBs0l0MlLrtTgKKaxlytm6BN58/oXJUV+J+xDP0/6mN8 nWU8RyVPLLtumHfQBn7u7QueVXzAlz0dZeIOCa16uZu7C8FhEnh0lODNCkv3PGmSqp cOE0duSsD/5hWgcoRb50wj24Wj7d5Z/oqC21QJ752RkJBMO+Ks95hbQ3oIf+geUBHl 3anEE199ofg1Q== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v8 2/9] tls: introduce struct tls_prot_ops Date: Tue, 13 Jan 2026 17:09:10 +0800 Message-ID: <40823b25823b8467a99c942d08d9415d7c8ca7fe.1768294706.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang To extend MPTCP support based on TCP TLS, a tls_prot_ops structure has been introduced for TLS, encapsulating TCP-specific helpers within this structure. Add registering, validating and finding functions for this structure to add, validate and find a tls_prot_ops on the global list tls_prot_ops_list. Register TCP-specific structure tls_tcp_ops in tls_init(). Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- include/net/tls.h | 18 ++++++++++++ net/tls/tls_main.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 90 insertions(+) diff --git a/include/net/tls.h b/include/net/tls.h index ebd2550280ae..5f730fb6e801 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -220,6 +220,24 @@ struct tls_prot_info { u16 tail_size; }; =20 +struct tls_prot_ops { + int protocol; + struct module *owner; + struct list_head list; + + int (*inq)(struct sock *sk); + int (*sendmsg_locked)(struct sock *sk, struct msghdr *msg, size_t size); + struct sk_buff *(*recv_skb)(struct sock *sk, u32 seq, u32 *off); + void (*read_done)(struct sock *sk, size_t len); + u32 (*get_skb_seq)(struct sk_buff *skb); + int (*read_sock)(struct sock *sk, read_descriptor_t *desc, + sk_read_actor_t recv_actor); + __poll_t (*poll)(struct file *file, struct socket *sock, + struct poll_table_struct *wait); + bool (*epollin_ready)(const struct sock *sk, int target); + void (*check_app_limited)(struct sock *sk); +}; + struct tls_context { /* read-only cache line */ struct tls_prot_info prot_info; diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index 56ce0bc8317b..525f0641d3d0 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -128,6 +128,24 @@ static struct proto_ops tls_proto_ops[TLS_NUM_PROTS][T= LS_NUM_CONFIG][TLS_NUM_CON static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG], const struct proto *base); =20 +static DEFINE_SPINLOCK(tls_prot_ops_lock); +static LIST_HEAD(tls_prot_ops_list); + +/* Must be called with rcu read lock held */ +static struct tls_prot_ops *tls_prot_ops_find(int protocol) +{ + struct tls_prot_ops *ops, *ret =3D NULL; + + list_for_each_entry_rcu(ops, &tls_prot_ops_list, list) { + if (ops->protocol =3D=3D protocol) { + ret =3D ops; + break; + } + } + + return ret; +} + void update_sk_prot(struct sock *sk, struct tls_context *ctx) { int ip_ver =3D sk->sk_family =3D=3D AF_INET6 ? TLSV6 : TLSV4; @@ -1236,6 +1254,58 @@ static struct tcp_ulp_ops tcp_tls_ulp_ops __read_mos= tly =3D { .get_info_size =3D tls_get_info_size, }; =20 +static int tls_validate_prot_ops(const struct tls_prot_ops *ops) +{ + if (!ops->inq || !ops->sendmsg_locked || + !ops->recv_skb || !ops->read_done || + !ops->get_skb_seq || !ops->read_sock || + !ops->poll || !ops->epollin_ready || + !ops->check_app_limited) { + pr_err("%d does not implement required ops\n", ops->protocol); + return -EINVAL; + } + + return 0; +} + +static int tls_register_prot_ops(struct tls_prot_ops *ops) +{ + int ret; + + ret =3D tls_validate_prot_ops(ops); + if (ret) + return ret; + + spin_lock(&tls_prot_ops_lock); + if (tls_prot_ops_find(ops->protocol)) { + spin_unlock(&tls_prot_ops_lock); + return -EEXIST; + } + list_add_tail_rcu(&ops->list, &tls_prot_ops_list); + spin_unlock(&tls_prot_ops_lock); + + pr_debug("tls_prot_ops %d registered\n", ops->protocol); + return 0; +} + +static u32 tcp_get_skb_seq(struct sk_buff *skb) +{ + return TCP_SKB_CB(skb)->seq; +} + +static struct tls_prot_ops tls_tcp_ops =3D { + .protocol =3D IPPROTO_TCP, + .inq =3D tcp_inq, + .sendmsg_locked =3D tcp_sendmsg_locked, + .recv_skb =3D tcp_recv_skb, + .read_done =3D tcp_read_done, + .get_skb_seq =3D tcp_get_skb_seq, + .read_sock =3D tcp_read_sock, + .poll =3D tcp_poll, + .epollin_ready =3D tcp_epollin_ready, + .check_app_limited =3D tcp_rate_check_app_limited, +}; + static int __init tls_register(void) { int err; @@ -1254,6 +1324,8 @@ static int __init tls_register(void) =20 tcp_register_ulp(&tcp_tls_ulp_ops); =20 + tls_register_prot_ops(&tls_tcp_ops); + return 0; err_strp: tls_strp_dev_exit(); --=20 2.51.0 From nobody Mon Jan 26 00:10:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 41989387375 for ; Tue, 13 Jan 2026 09:09:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768295372; cv=none; b=g05bL4c52LdI32NfZp6gNlc/ZRS6H9YSNJ5L2RpgLRqlmHqA6Q0LcHgSGmHef9M0xs80GnprjKVygT0LwTRfahhWWamOZjva7uYKzhmIIO4fa4dfKsJhRsBjYWKpIt4s3kmP1qrwKqprN5hr8sL3Pj+xws/smI9CHk7fPzIzkSk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768295372; c=relaxed/simple; bh=PaN9BsAa0rXJt9Y4NO/ODPWLtg4xVtpTvyxvBJdE1mQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=gSRfCOB71Tek56IHVkxVCKAScE3yT5I+8B0thaFH6pDxDD3HF84NWO9BOy/1JJ3v6rtx9QDlr88lLZ+XJQ1OGb5kKr50PBR1l6UIrwpipYU5v6MBgmkzPnC5oz04vk4pTBI9Qdj7xlOoChhbla1qAkq5gBXynjAQ/5Dzi7H0Cls= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ZT1WRIoA; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ZT1WRIoA" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 54E6FC116C6; Tue, 13 Jan 2026 09:09:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1768295371; bh=PaN9BsAa0rXJt9Y4NO/ODPWLtg4xVtpTvyxvBJdE1mQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ZT1WRIoAvyiUrxfedSmrz5vX+FBm55ufqKYGQ5J+AX3DIhjqnuOGgsl8akMWDuv0a GpOwUk7m84pMtP8QuZ/0ehQ5xNHcVm9mceIPA3DuBWgWMrge/H8f5OHOJEQYmItkWE QwD243OZYfoMIoGCLCbUqeZMoUkA/wkeSFLs6Trx8aUIG5hensPTDHMxkXnFfIH2Q1 5+UFEkO1D1h228EoikFBiZdNQc0Ex30v5OyYUal8Ges9R1xjg1PxPabvguMuOBNNd5 kPRd4Hky3qhn/31kjFRbVzgie7c0N1t85Sxkol5Mx5+ipi8rPjeH8wn56mOXsEHvHc w5DJ0M6r1Lwwg== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v8 3/9] tls: add ops in tls_context Date: Tue, 13 Jan 2026 17:09:11 +0800 Message-ID: X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang A pointer to struct tls_prot_ops, named 'ops', has been added to struct tls_context. The places originally calling TLS-specific helpers have now been modified to indirectly invoke them via 'ops' pointer in tls_context. In do_tls_setsockopt_conf(), ctx->ops is assigned either 'tls_mptcp_ops' or 'tls_tcp_ops' based on the socket protocol. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- include/net/tls.h | 1 + net/tls/tls_main.c | 13 +++++++++---- net/tls/tls_strp.c | 28 +++++++++++++++++++--------- net/tls/tls_sw.c | 7 +++++-- 4 files changed, 34 insertions(+), 15 deletions(-) diff --git a/include/net/tls.h b/include/net/tls.h index 5f730fb6e801..d9b2a8d2a25b 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -276,6 +276,7 @@ struct tls_context { struct sock *sk; =20 void (*sk_destruct)(struct sock *sk); + const struct tls_prot_ops *ops; =20 union tls_crypto_context crypto_send; union tls_crypto_context crypto_recv; diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index 525f0641d3d0..af45919652f8 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -206,13 +206,13 @@ int tls_push_sg(struct sock *sk, ctx->splicing_pages =3D true; while (1) { /* is sending application-limited? */ - tcp_rate_check_app_limited(sk); + ctx->ops->check_app_limited(sk); p =3D sg_page(sg); retry: bvec_set_page(&bvec, p, size, offset); iov_iter_bvec(&msg.msg_iter, ITER_SOURCE, &bvec, 1, size); =20 - ret =3D tcp_sendmsg_locked(sk, &msg, size); + ret =3D ctx->ops->sendmsg_locked(sk, &msg, size); =20 if (ret !=3D size) { if (ret > 0) { @@ -427,14 +427,14 @@ static __poll_t tls_sk_poll(struct file *file, struct= socket *sock, u8 shutdown; int state; =20 - mask =3D tcp_poll(file, sock, wait); + tls_ctx =3D tls_get_ctx(sk); + mask =3D tls_ctx->ops->poll(file, sock, wait); =20 state =3D inet_sk_state_load(sk); shutdown =3D READ_ONCE(sk->sk_shutdown); if (unlikely(state !=3D TCP_ESTABLISHED || shutdown & RCV_SHUTDOWN)) return mask; =20 - tls_ctx =3D tls_get_ctx(sk); ctx =3D tls_sw_ctx_rx(tls_ctx); psock =3D sk_psock_get(sk); =20 @@ -1094,6 +1094,11 @@ static int tls_init(struct sock *sk) ctx->tx_conf =3D TLS_BASE; ctx->rx_conf =3D TLS_BASE; ctx->tx_max_payload_len =3D TLS_MAX_PAYLOAD_SIZE; + ctx->ops =3D tls_prot_ops_find(sk->sk_protocol); + if (!ctx->ops) { + rc =3D -EINVAL; + goto out; + } update_sk_prot(sk, ctx); out: write_unlock_bh(&sk->sk_callback_lock); diff --git a/net/tls/tls_strp.c b/net/tls/tls_strp.c index 98e12f0ff57e..f3d5c4325683 100644 --- a/net/tls/tls_strp.c +++ b/net/tls/tls_strp.c @@ -120,6 +120,7 @@ struct sk_buff *tls_strp_msg_detach(struct tls_sw_conte= xt_rx *ctx) int tls_strp_msg_cow(struct tls_sw_context_rx *ctx) { struct tls_strparser *strp =3D &ctx->strp; + struct tls_context *tls_ctx; struct sk_buff *skb; =20 if (strp->copy_mode) @@ -132,7 +133,8 @@ int tls_strp_msg_cow(struct tls_sw_context_rx *ctx) tls_strp_anchor_free(strp); strp->anchor =3D skb; =20 - tcp_read_done(strp->sk, strp->stm.full_len); + tls_ctx =3D tls_get_ctx(strp->sk); + tls_ctx->ops->read_done(strp->sk, strp->stm.full_len); strp->copy_mode =3D 1; =20 return 0; @@ -376,6 +378,7 @@ static int tls_strp_copyin(read_descriptor_t *desc, str= uct sk_buff *in_skb, =20 static int tls_strp_read_copyin(struct tls_strparser *strp) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); read_descriptor_t desc; =20 desc.arg.data =3D strp; @@ -383,13 +386,14 @@ static int tls_strp_read_copyin(struct tls_strparser = *strp) desc.count =3D 1; /* give more than one skb per call */ =20 /* sk should be locked here, so okay to do read_sock */ - tcp_read_sock(strp->sk, &desc, tls_strp_copyin); + ctx->ops->read_sock(strp->sk, &desc, tls_strp_copyin); =20 return desc.error; } =20 static int tls_strp_read_copy(struct tls_strparser *strp, bool qshort) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); struct skb_shared_info *shinfo; struct page *page; int need_spc, len; @@ -398,7 +402,7 @@ static int tls_strp_read_copy(struct tls_strparser *str= p, bool qshort) * to read the data out. Otherwise the connection will stall. * Without pressure threshold of INT_MAX will never be ready. */ - if (likely(qshort && !tcp_epollin_ready(strp->sk, INT_MAX))) + if (likely(qshort && !ctx->ops->epollin_ready(strp->sk, INT_MAX))) return 0; =20 shinfo =3D skb_shinfo(strp->anchor); @@ -434,12 +438,13 @@ static int tls_strp_read_copy(struct tls_strparser *s= trp, bool qshort) static bool tls_strp_check_queue_ok(struct tls_strparser *strp) { unsigned int len =3D strp->stm.offset + strp->stm.full_len; + struct tls_context *ctx =3D tls_get_ctx(strp->sk); struct sk_buff *first, *skb; u32 seq; =20 first =3D skb_shinfo(strp->anchor)->frag_list; skb =3D first; - seq =3D TCP_SKB_CB(first)->seq; + seq =3D ctx->ops->get_skb_seq(first); =20 /* Make sure there's no duplicate data in the queue, * and the decrypted status matches. @@ -449,7 +454,7 @@ static bool tls_strp_check_queue_ok(struct tls_strparse= r *strp) len -=3D skb->len; skb =3D skb->next; =20 - if (TCP_SKB_CB(skb)->seq !=3D seq) + if (ctx->ops->get_skb_seq(skb) !=3D seq) return false; if (skb_cmp_decrypted(first, skb)) return false; @@ -460,11 +465,12 @@ static bool tls_strp_check_queue_ok(struct tls_strpar= ser *strp) =20 static void tls_strp_load_anchor_with_queue(struct tls_strparser *strp, in= t len) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); struct tcp_sock *tp =3D tcp_sk(strp->sk); struct sk_buff *first; u32 offset; =20 - first =3D tcp_recv_skb(strp->sk, tp->copied_seq, &offset); + first =3D ctx->ops->recv_skb(strp->sk, tp->copied_seq, &offset); if (WARN_ON_ONCE(!first)) return; =20 @@ -483,6 +489,7 @@ static void tls_strp_load_anchor_with_queue(struct tls_= strparser *strp, int len) =20 bool tls_strp_msg_load(struct tls_strparser *strp, bool force_refresh) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); struct strp_msg *rxm; struct tls_msg *tlm; =20 @@ -490,7 +497,7 @@ bool tls_strp_msg_load(struct tls_strparser *strp, bool= force_refresh) DEBUG_NET_WARN_ON_ONCE(!strp->stm.full_len); =20 if (!strp->copy_mode && force_refresh) { - if (unlikely(tcp_inq(strp->sk) < strp->stm.full_len)) { + if (unlikely(ctx->ops->inq(strp->sk) < strp->stm.full_len)) { WRITE_ONCE(strp->msg_ready, 0); memset(&strp->stm, 0, sizeof(strp->stm)); return false; @@ -511,9 +518,10 @@ bool tls_strp_msg_load(struct tls_strparser *strp, boo= l force_refresh) /* Called with lock held on lower socket */ static int tls_strp_read_sock(struct tls_strparser *strp) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); int sz, inq; =20 - inq =3D tcp_inq(strp->sk); + inq =3D ctx->ops->inq(strp->sk); if (inq < 1) return 0; =20 @@ -583,10 +591,12 @@ static void tls_strp_work(struct work_struct *w) =20 void tls_strp_msg_done(struct tls_strparser *strp) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); + WARN_ON(!strp->stm.full_len); =20 if (likely(!strp->copy_mode)) - tcp_read_done(strp->sk, strp->stm.full_len); + ctx->ops->read_done(strp->sk, strp->stm.full_len); else tls_strp_flush_anchor_copy(strp); =20 diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 9937d4c810f2..c932725b75e6 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -1952,13 +1952,14 @@ tls_read_flush_backlog(struct sock *sk, struct tls_= prot_info *prot, size_t len_left, size_t decrypted, ssize_t done, size_t *flushed_at) { + struct tls_context *tls_ctx =3D tls_get_ctx(sk); size_t max_rec; =20 if (len_left <=3D decrypted) return false; =20 max_rec =3D prot->overhead_size - prot->tail_size + TLS_MAX_PAYLOAD_SIZE; - if (done - *flushed_at < SZ_128K && tcp_inq(sk) > max_rec) + if (done - *flushed_at < SZ_128K && tls_ctx->ops->inq(sk) > max_rec) return false; =20 *flushed_at =3D done; @@ -2446,6 +2447,7 @@ int tls_rx_msg_size(struct tls_strparser *strp, struc= t sk_buff *skb) size_t cipher_overhead; size_t data_len =3D 0; int ret; + u32 seq; =20 /* Verify that we have a full TLS header, or wait for more data */ if (strp->stm.offset + prot->prepend_size > skb->len) @@ -2488,8 +2490,9 @@ int tls_rx_msg_size(struct tls_strparser *strp, struc= t sk_buff *skb) goto read_failure; } =20 + seq =3D tls_ctx->ops->get_skb_seq(skb); tls_device_rx_resync_new_rec(strp->sk, data_len + TLS_HEADER_SIZE, - TCP_SKB_CB(skb)->seq + strp->stm.offset); + seq + strp->stm.offset); return data_len + TLS_HEADER_SIZE; =20 read_failure: --=20 2.51.0 From nobody Mon Jan 26 00:10:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2D7A9325488 for ; Tue, 13 Jan 2026 09:09:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768295374; cv=none; b=b2glha89tKO2aC2gEGLciEzvshkOGiRLHj1sed07FYxrh9qAaL+SA1nxnbRDarxoB9i586P0/wout951Gav0IM9m88AGeeoifUtob4dNrd199qfwd/6Dg6WDurpcZ0Bop+68vMCP3781pOiOPz78FgNLk+A9gSvJ3Z2Fi/ZXPhw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768295374; c=relaxed/simple; bh=s+J0uiEWN2RKqf6vRJ0b882/FRaUaQiO4LNcZ2w7mr4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=YpGwhafAr87tJv5Ze9v9q26Re1Xv672d9YfzDmhpH29JK15CIpRMixXFgMw6AD3o7w84Enbes+aZcaPBjrsWc8xPZCUm/r4//mRkGejmHIsh3ga1J3t01T+UJj18WOVhTj3hSueRLl7v7TRBfe289vNxEUkUUoBPc93HvI5ECYc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=TRmHEAG3; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="TRmHEAG3" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4670FC19422; Tue, 13 Jan 2026 09:09:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1768295373; bh=s+J0uiEWN2RKqf6vRJ0b882/FRaUaQiO4LNcZ2w7mr4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=TRmHEAG3QAvBeH4IdjGTWIJukUSO+6PivaaqJEE62J11m7qLLmlS6KEwLE97R6ILt RecEZbPqN3128tqcLbftq67CrfEUivzHnNY+CpOYq9xqmqifPhQtGk2BMJDBs3I0h4 rMXrxk17UeeQChCNU4N6ko00M84inVU/4EK9hNx/d/Puf+vp/DgZFRHaK8SP2I3EaO ts5FcaLiwJL8EZ8x2Oeft5/zJfFPczlJR1i7s3uZWt39SJrjcHIRxHZTarp6zJgMUZ oBDQdleaDe9xEqHl8Bau495KExN/XCRThcpo/oNQrQmi/2vqrruRy/biel5lvNeTTd 1WdsSMEQQKDzg== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Gang Yan , Paolo Abeni Subject: [RFC mptcp-next v8 4/9] mptcp: allow overridden write_space to be invoked Date: Tue, 13 Jan 2026 17:09:12 +0800 Message-ID: <86ecc368bc66839d12bc409bccd07b674513dc43.1768294706.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Gang Yan TLS overrides its own sk_write_space function with tls_write_space(). This patch ensures that the overridden sk_write_space can be invoked by MPTCP. Note: This patch was initially included in the NVME MPTCP set. Suggested-by: Paolo Abeni Signed-off-by: Gang Yan --- net/mptcp/protocol.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index cd5266099993..f5d4d7d030f2 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -1014,7 +1014,7 @@ static inline void mptcp_write_space(struct sock *sk) /* pairs with memory barrier in mptcp_poll */ smp_mb(); if (mptcp_stream_memory_free(sk, 1)) - sk_stream_write_space(sk); + INDIRECT_CALL_1(sk->sk_write_space, sk_stream_write_space, sk); } =20 static inline void __mptcp_sync_sndbuf(struct sock *sk) --=20 2.51.0 From nobody Mon Jan 26 00:10:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EB471325488 for ; Tue, 13 Jan 2026 09:09:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768295376; cv=none; b=d1xaYT4LPd/NeHp/S1qLY3KfT0eRJuyWpNW5DB8EfoQ1nJALTukSyNgbdSofkxHRaUJTyg7N/oNbf5oAWKR9AiLJDr09fgizASkJXBVGc8eQM3m/VPHXFqSvA1Bau5UeSZ3plXTtHA68MaBWzLqeFHtQuTT16E0gjTeVbHxV+Qo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768295376; c=relaxed/simple; bh=n64iqdK9kIbQnTyGOnOCSHHDNP6gVU09yKRuDcObZsw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ZV6Lq5eLNqYB8tlstUucBQQf1sQKfnzov9L+ogeKv6zs4db5I7X0Fg205KvH0ML0CxEY7ECZbt3mxjqGnb0yr6IzqvSGv38CA5u9T/ZfmiJhO+f41Lv+kYwJspPuHZy33WSrqqEHAc1qvm4/FiIaJr0kLKvJI/BWy6Cij8P0mjU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=fY31AnKo; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="fY31AnKo" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6C228C19422; Tue, 13 Jan 2026 09:09:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1768295375; bh=n64iqdK9kIbQnTyGOnOCSHHDNP6gVU09yKRuDcObZsw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=fY31AnKoLxfnBQzBPratsBZDXF+QaUB57PhVnvI1gusiE4u1We7lwWWIhBOAijtlR a3zBqRQEaJTnUerc8iI8YkIbI8jDQ4FNeTlVy6qH0l53uD5QN4bGkkhroTggREgRNv NMf1y63KvPPYRoapRLsqoef1IeneEJqIOfGRmxURAXfBfp+7vJysS+on8VVjhZH9Z/ Fs7JN5sUSUIXbWyruWvSiCYUxZaxhtoBBU97glilRxP53qS31LriztnBJvGKPbHJhh 38PnCpDgrqbOIoOSD9NkQ2ckfwyc+6x8Gfv4coCXJcKY04M9tibZ2bEzTQQFjrM4uI N3sVY3QWmL72A== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Gang Yan Subject: [RFC mptcp-next v8 5/9] mptcp: update mptcp_check_readable Date: Tue, 13 Jan 2026 17:09:13 +0800 Message-ID: X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Gang Yan This patch makes mptcp_check_readable() aligned with TCP, and renames it to mptcp_stream_is_readable(). It will be used in the case of KTLS, because 'prot' will be modified, tls_sw_sock_is_readable() is expected to be called from prot->sock_is_readable(). Signed-off-by: Gang Yan --- net/mptcp/protocol.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 900f26e21acd..b10a5e0d808c 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3239,9 +3239,11 @@ void __mptcp_unaccepted_force_close(struct sock *sk) __mptcp_destroy_sock(sk); } =20 -static __poll_t mptcp_check_readable(struct sock *sk) +static bool mptcp_stream_is_readable(struct sock *sk) { - return mptcp_epollin_ready(sk) ? EPOLLIN | EPOLLRDNORM : 0; + if (mptcp_epollin_ready(sk)) + return true; + return sk_is_readable(sk); } =20 static void mptcp_check_listen_stop(struct sock *sk) @@ -4303,7 +4305,8 @@ static __poll_t mptcp_poll(struct file *file, struct = socket *sock, mask |=3D EPOLLIN | EPOLLRDNORM | EPOLLRDHUP; =20 if (state !=3D TCP_SYN_SENT && state !=3D TCP_SYN_RECV) { - mask |=3D mptcp_check_readable(sk); + if (mptcp_stream_is_readable(sk)) + mask |=3D EPOLLIN | EPOLLRDNORM; if (shutdown & SEND_SHUTDOWN) mask |=3D EPOLLOUT | EPOLLWRNORM; else --=20 2.51.0 From nobody Mon Jan 26 00:10:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E5EB33815E3 for ; Tue, 13 Jan 2026 09:09:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768295380; cv=none; b=mffZ7Ke1stXirv+wYck/ub/y2F50TusCfHqYZJnm1BlUwOG+4B7A9ckQDNwzxsXSudfIQYzvgmbRMdD/iEervIbSXmaImMLWeY1w0eyNzTnQSX+CyWmqUUiiIZGJqFQAHa9ge38S69WWJBHxR3gLDywo1xxkkjSTit3xkVmaSn8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768295380; c=relaxed/simple; bh=i2EARGl27fy0aCpQmM+HGvLsAa4aF+eY2quVoGI8R5Q=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=haEFU630L+MBYoib7dKqXNDl56//W3eOxhG4TnmYh9lAvmxMdq+j+cWQ6JehTohrI1WqHh57RzxP5QXJjP20pCotWxmSTOK44QCYnux2S5uhq+MfB+U1OLbJAEBNoKZlnOKSohfJX9e0xLu57sBP6gKzFiPzjml3wcd7nBl4SBY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=mt+iSNX/; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="mt+iSNX/" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2D108C19422; Tue, 13 Jan 2026 09:09:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1768295377; bh=i2EARGl27fy0aCpQmM+HGvLsAa4aF+eY2quVoGI8R5Q=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=mt+iSNX/z/rQ0mgsZ2PWG5efqW3bhiPGUjPWVRPUmSKy/fBqzd/NCM+wTuHOsv4Bs TCsNmjD0hYbUo3zplmD3WoHh1jyW24Ugn/z+pLrGfHpNXT9ivJUvAMhDcGJuUgCzSH hAddaEsU8I5hV8luZOAcu/BPtdVAps9AC/wuh4IgGXWxWzR3T9cvPUPUWytxJg1epT Ve16xKBPlQH89zaZFniokvruCWtpLE+B8FiASs/XcreUnWHdLKRRI4fHbwP8n4gJ7S Y5GR2woLwnAerfovLRgu/BmPVqX+nOPqhd9peK4aT06y2U2mEtkODIeJ4HQMZ0TAN2 gXM1jr0bWpMRw== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v8 6/9] mptcp: implement tls_mptcp_ops Date: Tue, 13 Jan 2026 17:09:14 +0800 Message-ID: X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang This patch implements the MPTCP-specific struct tls_prot_ops, named 'tls_mptcp_ops'. Note that there is a slight difference between mptcp_inq() and mptcp_inq_hint(), it does not return 1 when the socket is closed or shut down; instead, it returns 0. Otherwise, it would break the condition "inq < 1" in tls_strp_read_sock(). A direct call to mptcp_read_sock() could lead to a deadlock, as 'read_sock' interface of TLS might be invoked from within a softirq context. In such a scenario, lock_sock_fast(), which is called by mptcp_rcv_space_adjust() or mptcp_cleanup_rbuf(), would cause the deadlocks. To resolve it, use in_softirq() to determine whether to call mptcp_read_sock() or mptcp_read_sock_noack(). Passing an MPTCP socket to tcp_sock_rate_check_app_limited() can trigger a crash. Here, an MPTCP version of check_app_limited() is implemented, which calls tcp_sock_rate_check_app_limited() for each subflow. MPTCP TLS_HW mode is not yet implemented, returning EOPNOTSUPP here. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- include/net/mptcp.h | 2 + include/net/tcp.h | 1 + net/ipv4/tcp_rate.c | 9 +++- net/mptcp/protocol.c | 116 ++++++++++++++++++++++++++++++++++++++++--- net/tls/tls_main.c | 6 +++ 5 files changed, 126 insertions(+), 8 deletions(-) diff --git a/include/net/mptcp.h b/include/net/mptcp.h index 4cf59e83c1c5..02564eceeb7e 100644 --- a/include/net/mptcp.h +++ b/include/net/mptcp.h @@ -132,6 +132,8 @@ struct mptcp_pm_ops { void (*release)(struct mptcp_sock *msk); } ____cacheline_aligned_in_smp; =20 +extern struct tls_prot_ops tls_mptcp_ops; + #ifdef CONFIG_MPTCP void mptcp_init(void); =20 diff --git a/include/net/tcp.h b/include/net/tcp.h index 1ff682763ed3..4b2b9daada49 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -1372,6 +1372,7 @@ void tcp_rate_skb_delivered(struct sock *sk, struct s= k_buff *skb, struct rate_sample *rs); void tcp_rate_gen(struct sock *sk, u32 delivered, u32 lost, bool is_sack_reneg, struct rate_sample *rs); +void tcp_sock_rate_check_app_limited(struct tcp_sock *tp); void tcp_rate_check_app_limited(struct sock *sk); =20 static inline bool tcp_skb_sent_after(u64 t1, u64 t2, u32 seq1, u32 seq2) diff --git a/net/ipv4/tcp_rate.c b/net/ipv4/tcp_rate.c index a8f6d9d06f2e..93bf22ae58c4 100644 --- a/net/ipv4/tcp_rate.c +++ b/net/ipv4/tcp_rate.c @@ -191,9 +191,9 @@ void tcp_rate_gen(struct sock *sk, u32 delivered, u32 l= ost, } =20 /* If a gap is detected between sends, mark the socket application-limited= . */ -void tcp_rate_check_app_limited(struct sock *sk) +void tcp_sock_rate_check_app_limited(struct tcp_sock *tp) { - struct tcp_sock *tp =3D tcp_sk(sk); + struct sock *sk =3D (struct sock *)tp; =20 if (/* We have less than one packet to send. */ tp->write_seq - tp->snd_nxt < tp->mss_cache && @@ -206,4 +206,9 @@ void tcp_rate_check_app_limited(struct sock *sk) tp->app_limited =3D (tp->delivered + tcp_packets_in_flight(tp)) ? : 1; } + +void tcp_rate_check_app_limited(struct sock *sk) +{ + tcp_sock_rate_check_app_limited(tcp_sk(sk)); +} EXPORT_SYMBOL_GPL(tcp_rate_check_app_limited); diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index b10a5e0d808c..61269490d407 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -24,11 +24,12 @@ #include #include #include +#include #include #include "protocol.h" #include "mib.h" =20 -static unsigned int mptcp_inq_hint(const struct sock *sk); +static unsigned int mptcp_inq_hint(struct sock *sk); =20 #define CREATE_TRACE_POINTS #include @@ -1884,7 +1885,7 @@ static void mptcp_rps_record_subflows(const struct mp= tcp_sock *msk) } } =20 -static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) +static int mptcp_sendmsg_locked(struct sock *sk, struct msghdr *msg, size_= t len) { struct mptcp_sock *msk =3D mptcp_sk(sk); struct page_frag *pfrag; @@ -1895,8 +1896,6 @@ static int mptcp_sendmsg(struct sock *sk, struct msgh= dr *msg, size_t len) /* silently ignore everything else */ msg->msg_flags &=3D MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL | MSG_FASTOPEN; =20 - lock_sock(sk); - mptcp_rps_record_subflows(msk); =20 if (unlikely(inet_test_bit(DEFER_CONNECT, sk) || @@ -2004,7 +2003,6 @@ static int mptcp_sendmsg(struct sock *sk, struct msgh= dr *msg, size_t len) __mptcp_push_pending(sk, msg->msg_flags); =20 out: - release_sock(sk); return copied; =20 do_error: @@ -2015,6 +2013,17 @@ static int mptcp_sendmsg(struct sock *sk, struct msg= hdr *msg, size_t len) goto out; } =20 +static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) +{ + int ret; + + lock_sock(sk); + ret =3D mptcp_sendmsg_locked(sk, msg, len); + release_sock(sk); + + return ret; +} + static void mptcp_rcv_space_adjust(struct mptcp_sock *msk, int copied); =20 static void mptcp_eat_recv_skb(struct sock *sk, struct sk_buff *skb) @@ -2242,7 +2251,7 @@ static bool mptcp_move_skbs(struct sock *sk) return enqueued; } =20 -static unsigned int mptcp_inq_hint(const struct sock *sk) +static int mptcp_inq(struct sock *sk) { const struct mptcp_sock *msk =3D mptcp_sk(sk); const struct sk_buff *skb; @@ -2257,6 +2266,16 @@ static unsigned int mptcp_inq_hint(const struct sock= *sk) return (unsigned int)hint_val; } =20 + return 0; +} + +static unsigned int mptcp_inq_hint(struct sock *sk) +{ + unsigned int inq =3D mptcp_inq(sk); + + if (inq) + return inq; + if (sk->sk_state =3D=3D TCP_CLOSE || (sk->sk_shutdown & RCV_SHUTDOWN)) return 1; =20 @@ -4678,3 +4697,88 @@ int __init mptcp_proto_v6_init(void) return err; } #endif + +static struct sk_buff *mptcp_recv_skb_tls(struct sock *sk, u32 seq, u32 *o= ff) +{ + return mptcp_recv_skb(sk, off); +} + +static void mptcp_read_done(struct sock *sk, size_t len) +{ + struct mptcp_sock *msk =3D mptcp_sk(sk); + struct sk_buff *skb; + size_t left; + u32 offset; + + msk_owned_by_me(msk); + + if (sk->sk_state =3D=3D TCP_LISTEN) + return; + + left =3D len; + while (left && (skb =3D mptcp_recv_skb(sk, &offset)) !=3D NULL) { + int used; + + used =3D min_t(size_t, skb->len - offset, left); + msk->bytes_consumed +=3D used; + MPTCP_SKB_CB(skb)->offset +=3D used; + MPTCP_SKB_CB(skb)->map_seq +=3D used; + left -=3D used; + + if (skb->len > offset + used) + break; + + mptcp_eat_recv_skb(sk, skb); + } + + mptcp_rcv_space_adjust(msk, len - left); + + /* Clean up data we have read: This will do ACK frames. */ + if (left !=3D len) + mptcp_cleanup_rbuf(msk, len - left); +} + +static u32 mptcp_get_skb_seq(struct sk_buff *skb) +{ + return MPTCP_SKB_CB(skb)->map_seq; +} + +static int mptcp_read_sock_tls(struct sock *sk, read_descriptor_t *desc, + sk_read_actor_t recv_actor) +{ + return __mptcp_read_sock(sk, desc, recv_actor, in_softirq()); +} + +static bool mptcp_epollin_ready_tls(const struct sock *sk, int target) +{ + return mptcp_epollin_ready(sk); +} + +static void mptcp_check_app_limited(struct sock *sk) +{ + struct mptcp_sock *msk =3D mptcp_sk(sk); + struct mptcp_subflow_context *subflow; + + mptcp_for_each_subflow(msk, subflow) { + struct sock *ssk =3D mptcp_subflow_tcp_sock(subflow); + bool slow; + + slow =3D lock_sock_fast(ssk); + tcp_sock_rate_check_app_limited(tcp_sk(ssk)); + unlock_sock_fast(ssk, slow); + } +} + +struct tls_prot_ops tls_mptcp_ops =3D { + .protocol =3D IPPROTO_MPTCP, + .inq =3D mptcp_inq, + .sendmsg_locked =3D mptcp_sendmsg_locked, + .recv_skb =3D mptcp_recv_skb_tls, + .read_done =3D mptcp_read_done, + .get_skb_seq =3D mptcp_get_skb_seq, + .read_sock =3D mptcp_read_sock_tls, + .poll =3D mptcp_poll, + .epollin_ready =3D mptcp_epollin_ready_tls, + .check_app_limited =3D mptcp_check_app_limited, +}; +EXPORT_SYMBOL(tls_mptcp_ops); diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index af45919652f8..1051cb53bc5a 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -772,6 +772,9 @@ static int do_tls_setsockopt_conf(struct sock *sk, sock= ptr_t optval, tls_sw_strparser_arm(sk, ctx); } =20 + if (conf =3D=3D TLS_HW && sk->sk_protocol =3D=3D IPPROTO_MPTCP) + return -EOPNOTSUPP; + if (tx) ctx->tx_conf =3D conf; else @@ -1330,6 +1333,9 @@ static int __init tls_register(void) tcp_register_ulp(&tcp_tls_ulp_ops); =20 tls_register_prot_ops(&tls_tcp_ops); +#ifdef CONFIG_MPTCP + tls_register_prot_ops(&tls_mptcp_ops); +#endif =20 return 0; err_strp: --=20 2.51.0 From nobody Mon Jan 26 00:10:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E5DD23815DE for ; Tue, 13 Jan 2026 09:09:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768295380; cv=none; b=q3sufKclkb8t67LIPNHiwcBkQ5oEhz2FmkDaZTucXgwK/OQ3ZJF6IZOa/7dPcOx/+i7UOon1Gz+zMY2h4n88qIetIM/MWZNcWQ1ilMfLVkcHIhMxs5zFATGX3VjInOuqjEev8yTH+nAoOq8Edqe1579xZy2fNNjZ3ylEzC1opGk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768295380; c=relaxed/simple; bh=vE9bHUlxjKVxWB2oL0nOeYzwSvj2VRUG8O2v0SVGfmo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=gjXmpIlOXM++gDMWQB+c+nmleKLd//nbPcRqyeF3rog7h1OjpMsL/FPw/g/V0T8vBhS7XgKMrdUcT0lCyOrI4F7vwkbMdItjigap87u86ypYUOxHLsw2a5Zm28/Q/l17kCW+wWp4CLI0dwL2q9qTDY4De/a/Di77oHGQ2cJtuVw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=mqL4X2G0; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="mqL4X2G0" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1E906C116C6; Tue, 13 Jan 2026 09:09:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1768295379; bh=vE9bHUlxjKVxWB2oL0nOeYzwSvj2VRUG8O2v0SVGfmo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=mqL4X2G0rLrtMOjdJSb+lKy7vB65xN7jKUTwQRb9WjM7+7POn5mLUo2BuxPVnE71X wJsOAuLjF0QOMjYkrXpRAOLSPTnhpKD6H4mygFAGaOvitr/sKqftBdsxbvFqVoRJ7N DfPVayOM3EBm4RSsQmZctUv9xQMRiNtNmFgIgfjPe8svOY7FJyRc4Q+pAIcU/q5eaG 5aT5rIXLzZ7bHMsV5ItHV1eF1O3TiqriuyKwqznDR4F6b+GdYz2zRdslrn+AeGLSxZ TL8cUf9jt+BVM9TNnzIaNthRSh4IjObzYFyGZOLHC84bd0mK8SZjNEqAkXXaoIbenf sbiFdVWbNGjNg== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v8 7/9] mptcp: update ULP getsockopt Date: Tue, 13 Jan 2026 17:09:15 +0800 Message-ID: <5086b09e03fcd7d48edc2034d5847d83014a3f53.1768294706.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang This patch extracts TCP_ULP getsockopt operation into a tcp_sock_get_ulp() helper so that it can also be used in MPTCP. TCP_ULP was obtained by calling mptcp_getsockopt_first_sf_only() to get ULP of the first subflow. Now that the mechanism has changed, a new helper mptcp_getsockopt_tcp_ulp() is added to get ULP of msk. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- include/linux/tcp.h | 1 + net/ipv4/tcp.c | 36 ++++++++++++++++++++++-------------- net/mptcp/sockopt.c | 12 ++++++++++++ 3 files changed, 35 insertions(+), 14 deletions(-) diff --git a/include/linux/tcp.h b/include/linux/tcp.h index 20b8c6e21fef..6f0becc26402 100644 --- a/include/linux/tcp.h +++ b/include/linux/tcp.h @@ -644,6 +644,7 @@ void tcp_sock_set_quickack(struct sock *sk, int val); int tcp_sock_set_syncnt(struct sock *sk, int val); int tcp_sock_set_user_timeout(struct sock *sk, int val); int tcp_sock_set_maxseg(struct sock *sk, int val); +int tcp_sock_get_ulp(struct sock *sk, sockptr_t optval, sockptr_t optlen); =20 static inline bool dst_tcp_usec_ts(const struct dst_entry *dst) { diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index ed6dc29d422d..5ea4d94d67db 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -4436,6 +4436,27 @@ struct sk_buff *tcp_get_timestamping_opt_stats(const= struct sock *sk, return stats; } =20 +int tcp_sock_get_ulp(struct sock *sk, sockptr_t optval, sockptr_t optlen) +{ + struct inet_connection_sock *icsk =3D inet_csk(sk); + int len; + + if (copy_from_sockptr(&len, optlen, sizeof(int))) + return -EFAULT; + len =3D min_t(unsigned int, len, TCP_ULP_NAME_MAX); + if (!icsk->icsk_ulp_ops) { + len =3D 0; + if (copy_to_sockptr(optlen, &len, sizeof(int))) + return -EFAULT; + return 0; + } + if (copy_to_sockptr(optlen, &len, sizeof(int))) + return -EFAULT; + if (copy_to_sockptr(optval, icsk->icsk_ulp_ops->name, len)) + return -EFAULT; + return 0; +} + int do_tcp_getsockopt(struct sock *sk, int level, int optname, sockptr_t optval, sockptr_t optlen) { @@ -4545,20 +4566,7 @@ int do_tcp_getsockopt(struct sock *sk, int level, return 0; =20 case TCP_ULP: - if (copy_from_sockptr(&len, optlen, sizeof(int))) - return -EFAULT; - len =3D min_t(unsigned int, len, TCP_ULP_NAME_MAX); - if (!icsk->icsk_ulp_ops) { - len =3D 0; - if (copy_to_sockptr(optlen, &len, sizeof(int))) - return -EFAULT; - return 0; - } - if (copy_to_sockptr(optlen, &len, sizeof(int))) - return -EFAULT; - if (copy_to_sockptr(optval, icsk->icsk_ulp_ops->name, len)) - return -EFAULT; - return 0; + return tcp_sock_get_ulp(sk, optval, optlen); =20 case TCP_FASTOPEN_KEY: { u64 key[TCP_FASTOPEN_KEY_BUF_LENGTH / sizeof(u64)]; diff --git a/net/mptcp/sockopt.c b/net/mptcp/sockopt.c index de90a2897d2d..a6230f7910fd 100644 --- a/net/mptcp/sockopt.c +++ b/net/mptcp/sockopt.c @@ -1393,6 +1393,17 @@ static int mptcp_put_int_option(struct mptcp_sock *m= sk, char __user *optval, return 0; } =20 +static int mptcp_getsockopt_tcp_ulp(struct sock *sk, char __user *optval, + int __user *optlen) +{ + int ret; + + lock_sock(sk); + ret =3D tcp_sock_get_ulp(sk, USER_SOCKPTR(optval), USER_SOCKPTR(optlen)); + release_sock(sk); + return ret; +} + static int mptcp_getsockopt_sol_tcp(struct mptcp_sock *msk, int optname, char __user *optval, int __user *optlen) { @@ -1400,6 +1411,7 @@ static int mptcp_getsockopt_sol_tcp(struct mptcp_sock= *msk, int optname, =20 switch (optname) { case TCP_ULP: + return mptcp_getsockopt_tcp_ulp(sk, optval, optlen); case TCP_CONGESTION: case TCP_INFO: case TCP_CC_INFO: --=20 2.51.0 From nobody Mon Jan 26 00:10:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D5BD7381700 for ; Tue, 13 Jan 2026 09:09:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768295383; cv=none; b=GHRfV3rficFu2Jzmyd7NMJSxA/dxam44I/TB4Yukg6fwsnM9a16GZctA+FlJh6dRTSsRYSDaUkD52wPKe+0gOYsZ0lPZXqYzj69irfctUlzw/ZCYi1g5iIHgztPpr839WqZOHk6FGfQLR3tgeBGxj/+t7U9LyMsSTfC1WbUSoiI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768295383; c=relaxed/simple; bh=PButCW9oDVizPqHig2qLqN3R9cbnZMEziQPnaTw42nE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=iAKiU7s+x1z1m4Wi4vbR4oluLj/DN0HVPsEB5NkaRWRv9tQeZ7HV3wW5Mls7x/q9v6n9FL2yRecPXQqLQoglU/hqOKor/G/jZTc8G2DS0JY6Yi0AdZ4lpfQIjKS+dbBvSlLohZXPk1eKnljFO8thp5J8krwpdX4M8Zcz7fTDp4Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=gprxnSDE; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="gprxnSDE" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 08313C2BC9E; Tue, 13 Jan 2026 09:09:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1768295381; bh=PButCW9oDVizPqHig2qLqN3R9cbnZMEziQPnaTw42nE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=gprxnSDEJkym8oJKHlhmG5s6brQ8gUwsTrA+gem8Tjr79FP0TIqKe/Juo3f5xiZ3+ WcbIdre8N7tlYJWXqJWaCq3oz+6v93BpmeRH9fFnHeE0DJIWfqguArmId0nWt66i3i VUX4rNpsqgQZ8nNHy6SKlwAdPKSwijZvrWPK+HpIBpuzzipCXVW9A+Is7BqKIbMuYd h9uw1ogXA5KDbhXv62F+Nn9kAnJZutxpJP3qmxsTZskot8SJ4Y89LNgHmN3DlTXhtc 7BjMBvMaqBu2K1D6p5NP/vBd+GSujl/AdNpWgjpdP2ZPOv9+4mqGfx1KJBxFKehsT0 RZveO9VXEtopQ== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v8 8/9] mptcp: enable TLS setsockopt Date: Tue, 13 Jan 2026 17:09:16 +0800 Message-ID: <260385f2ca8105eb442bcf9b68f1488f017f4e76.1768294706.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang This patch extracts TCP_ULP setsockopt operation into a tcp_sock_set_ulp() helper so that it can also be used in MPTCP. Add MPTCP TLS setsockopt support in mptcp_setsockopt_sol_tcp(). It allows setting the TCP_ULP option to 'tls' exclusively, and enables configuration of the TLS_TX and TLS_RX options at the SOL_TLS level. This option cannot be set when the socket is in CLOSE or LISTEN state. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- include/linux/tcp.h | 1 + net/ipv4/tcp.c | 42 ++++++++++++++++++++++++------------------ net/mptcp/sockopt.c | 25 ++++++++++++++++++++++++- 3 files changed, 49 insertions(+), 19 deletions(-) diff --git a/include/linux/tcp.h b/include/linux/tcp.h index 6f0becc26402..46b83895908c 100644 --- a/include/linux/tcp.h +++ b/include/linux/tcp.h @@ -645,6 +645,7 @@ int tcp_sock_set_syncnt(struct sock *sk, int val); int tcp_sock_set_user_timeout(struct sock *sk, int val); int tcp_sock_set_maxseg(struct sock *sk, int val); int tcp_sock_get_ulp(struct sock *sk, sockptr_t optval, sockptr_t optlen); +int tcp_sock_set_ulp(struct sock *sk, sockptr_t optval, unsigned int optle= n); =20 static inline bool dst_tcp_usec_ts(const struct dst_entry *dst) { diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index 5ea4d94d67db..7dd6000247f7 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -3807,6 +3807,28 @@ int tcp_sock_set_maxseg(struct sock *sk, int val) return 0; } =20 +int tcp_sock_set_ulp(struct sock *sk, sockptr_t optval, unsigned int optle= n) +{ + char name[TCP_ULP_NAME_MAX]; + int err =3D 0; + size_t len; + int val; + + if (optlen < 1) + return -EINVAL; + + len =3D min_t(long, TCP_ULP_NAME_MAX - 1, optlen); + val =3D strncpy_from_sockptr(name, optval, len); + if (val < 0) + return -EFAULT; + name[val] =3D 0; + + sockopt_lock_sock(sk); + err =3D tcp_set_ulp(sk, name); + sockopt_release_sock(sk); + return err; +} + /* * Socket option code for TCP. */ @@ -3840,24 +3862,8 @@ int do_tcp_setsockopt(struct sock *sk, int level, in= t optname, sockopt_release_sock(sk); return err; } - case TCP_ULP: { - char name[TCP_ULP_NAME_MAX]; - - if (optlen < 1) - return -EINVAL; - - val =3D strncpy_from_sockptr(name, optval, - min_t(long, TCP_ULP_NAME_MAX - 1, - optlen)); - if (val < 0) - return -EFAULT; - name[val] =3D 0; - - sockopt_lock_sock(sk); - err =3D tcp_set_ulp(sk, name); - sockopt_release_sock(sk); - return err; - } + case TCP_ULP: + return tcp_sock_set_ulp(sk, optval, optlen); case TCP_FASTOPEN_KEY: { __u8 key[TCP_FASTOPEN_KEY_BUF_LENGTH]; __u8 *backup_key =3D NULL; diff --git a/net/mptcp/sockopt.c b/net/mptcp/sockopt.c index a6230f7910fd..aafc627b3da9 100644 --- a/net/mptcp/sockopt.c +++ b/net/mptcp/sockopt.c @@ -12,6 +12,7 @@ #include #include #include +#include #include "protocol.h" =20 #define MIN_INFO_OPTLEN_SIZE 16 @@ -567,6 +568,7 @@ static bool mptcp_supported_sockopt(int level, int optn= ame) case TCP_FASTOPEN_CONNECT: case TCP_FASTOPEN_KEY: case TCP_FASTOPEN_NO_COOKIE: + case TCP_ULP: return true; } =20 @@ -576,6 +578,13 @@ static bool mptcp_supported_sockopt(int level, int opt= name) * TCP_REPAIR_WINDOW are not supported, better avoid this mess */ } + if (level =3D=3D SOL_TLS) { + switch (optname) { + case TLS_TX: + case TLS_RX: + return true; + } + } return false; } =20 @@ -815,6 +824,20 @@ static int mptcp_setsockopt_all_sf(struct mptcp_sock *= msk, int level, return ret; } =20 +static int mptcp_setsockopt_tcp_ulp(struct sock *sk, sockptr_t optval, + unsigned int optlen) +{ + char ulp[4] =3D ""; + + if (copy_from_user(ulp, optval.user, 4)) + return -EFAULT; + if (strcmp(ulp, "tls\0")) + return -EOPNOTSUPP; + if ((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN)) + return -ENOTCONN; + return tcp_sock_set_ulp(sk, optval, optlen); +} + static int mptcp_setsockopt_sol_tcp(struct mptcp_sock *msk, int optname, sockptr_t optval, unsigned int optlen) { @@ -823,7 +846,7 @@ static int mptcp_setsockopt_sol_tcp(struct mptcp_sock *= msk, int optname, =20 switch (optname) { case TCP_ULP: - return -EOPNOTSUPP; + return mptcp_setsockopt_tcp_ulp(sk, optval, optlen); case TCP_CONGESTION: return mptcp_setsockopt_sol_tcp_congestion(msk, optval, optlen); case TCP_DEFER_ACCEPT: --=20 2.51.0 From nobody Mon Jan 26 00:10:12 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 424143815F7 for ; Tue, 13 Jan 2026 09:09:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768295384; cv=none; b=euPeYMmHaALlStQHt7FqK79FHAcaXykJ2kOfbzTa6/BZ8AvISX3GKMV7E0q9rlc8OfaaZq60tC+R/Whf+fCoPHwVb8DeuEooWXYPt8rOUjG1tXhy+Q/7jluwk+JXX2/c3x85VBOoGMjWGlwd9MZ9Atj3eB284kcyO/+EQPDWx9Q= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768295384; c=relaxed/simple; bh=QgcOK8gHhJAwc8+O/5aTxT9bEGlRJLknDJedT9CwB/E=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Sbrm4YVbxDdaf0eCnKAttLDMb6TnoJLqpmQKKgNKG2ECNk6SPleVQ5LHQcLY18QYNS04ZanKfNENA4k/aJ/ROPHgDej37I8Q/e2ZNpeWDThAxWpT7iNFZ7LjZnVy3s//zy7mVzQXVEsvyZ/QfUEomKIkQpA6NTcwaKXRx/U4SBY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=oBLZKMjn; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="oBLZKMjn" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 37310C116C6; Tue, 13 Jan 2026 09:09:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1768295383; bh=QgcOK8gHhJAwc8+O/5aTxT9bEGlRJLknDJedT9CwB/E=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=oBLZKMjnSIuVghwSb/4bjCbdCeigY11qgwRj+CLLqybrE09F7Fry+duX6RUkfX9GC EKfiW1NBuHn9AUczoACJ7KLXVHOExQs6WD1oJMdCSJv0Ie06ugxPB0kKLv7tG0s+Re Vmaw5TfGvgyvcNSXNge0WoTe39OJfUAvalmb/sQRV/n0zCKJ7Nt4jA+uvLayOUnacN NZKlymxMNIJKeMQdXzDA3BzjjBtBK8JRJS16J0mYq8E4WdA1U5HmgRGgieQ6uZiAuh Qcm3EU9uUpznlEL8gjcQ819nJ9m9d5s3SZLHFnxvOdNKRFoa1EAAKRwhvoVrIrhuOL FjyPx8Zgm0+Iw== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v8 9/9] selftests: mptcp: add mptcp tls tests Date: Tue, 13 Jan 2026 17:09:17 +0800 Message-ID: X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang With KTLS being implemented, "tls" should no longer be used in sock_test_tcpulp(), it breaks mptcp_connect.sh tests. Another ULP name, "smc", is set instead in this patch. Update the last two TCP TLS tests to MPTCP TLS tests. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- .../selftests/net/mptcp/mptcp_connect.c | 2 +- .../testing/selftests/net/mptcp/mptcp_join.sh | 18 +++++++++--------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.c b/tools/test= ing/selftests/net/mptcp/mptcp_connect.c index 6fb3c0bf879b..5d1dd7b66ed6 100644 --- a/tools/testing/selftests/net/mptcp/mptcp_connect.c +++ b/tools/testing/selftests/net/mptcp/mptcp_connect.c @@ -324,7 +324,7 @@ static void sock_test_tcpulp(int sock, int proto, unsig= ned int line) if (ret =3D=3D 0) X("setsockopt"); } else if (proto =3D=3D IPPROTO_MPTCP) { - ret =3D do_ulp_so(sock, "tls"); + ret =3D do_ulp_so(sock, "smc"); if (ret !=3D -1) X("setsockopt"); } diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testin= g/selftests/net/mptcp/mptcp_join.sh index 6f8c6a03e760..883b079d8e33 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -4323,28 +4323,28 @@ tls_tests() chk_join_nr 0 0 0 fi =20 - # multiple subflows, tls, TCP - if reset "multiple subflows, tls, TCP"; then + # multiple subflows, tls, MPTCP + if reset "multiple subflows, tls, MPTCP"; then pm_nl_set_limits $ns1 0 2 pm_nl_set_limits $ns2 0 2 pm_nl_add_endpoint $ns2 10.0.2.2 flags subflow pm_nl_add_endpoint $ns2 10.0.3.2 flags subflow test_linkfail=3D1024 tls=3D1 \ - run_tests $ns1 $ns2 10.0.1.1 TCP TCP - chk_join_nr 0 0 0 + run_tests $ns1 $ns2 10.0.1.1 + chk_join_nr 2 2 2 fi =20 - # multiple subflows, signal, tls, TCP - if reset "multiple subflows, signal, tls, TCP"; then + # multiple subflows, signal, tls, MPTCP + if reset "multiple subflows, signal, tls, MPTCP"; then pm_nl_set_limits $ns1 0 3 pm_nl_add_endpoint $ns1 10.0.2.1 dev ns1eth2 flags signal pm_nl_set_limits $ns2 1 3 pm_nl_add_endpoint $ns2 10.0.3.2 dev ns2eth3 flags subflow pm_nl_add_endpoint $ns2 10.0.4.2 dev ns2eth4 flags subflow test_linkfail=3D2048 tls=3D1 \ - run_tests $ns1 $ns2 10.0.1.1 TCP TCP - chk_join_nr 0 0 0 - chk_add_nr 0 0 + run_tests $ns1 $ns2 10.0.1.1 + chk_join_nr 3 3 3 + chk_add_nr 1 1 fi } =20 --=20 2.51.0