From nobody Sat Apr 18 05:31:36 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E27B534DB6D for ; Fri, 17 Apr 2026 23:48:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776469702; cv=none; b=kOf9MkfYWV7RDaqPPNi7jL6Yq9Rv64nFRakqeugPEPKrexS/sftKXYYoTSNemaowe3bmY5hQJUbL4vXp0UuO0qCxjAA0SYRNeYT3txSKJRdwJt0Z/b+2HClMy+jyfxNx3oQSDpfXAftw5J6Wl0U+iPJu6sdPirFM1ZhMN8gT1Fc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776469702; c=relaxed/simple; bh=50ia+68fzV0DZXMHDK4jzmnCLZprcI7EoCgCZ0/k3z4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=FB0RwgC30tFLYX951vcdLUc+DaX+m9Pia5u9CNp8/BbgNsVjgERSD4G8KFgEb41HuXcZvD8XXRsDMDBb3ztn1kpG1t8cl+ZVtg3LfqPPZ5KwjZ92G5F0wVdCqKYr3GD1AHqHYKyrZAa7ULxZE512ioMB96l7KOFMNIyNE5nTKkI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=JeUzowsZ; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="JeUzowsZ" Received: by smtp.kernel.org (Postfix) with ESMTPSA id B0948C2BCB3; Fri, 17 Apr 2026 23:48:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1776469701; bh=50ia+68fzV0DZXMHDK4jzmnCLZprcI7EoCgCZ0/k3z4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=JeUzowsZVKO3TpEWFjDIByct0ZvkO54mE8jEfwE2TCL6kusmAOfsf482UxoeVueBg eRGbfGdvaI6F/mCPIDvRa4Y38zv9D6XKc49Gj1qkdKaomYi5XfeD8TWMRh2fpJDQIM tw6idqMOjGftcC8XEscaAbfdxp/cuzfg6Myb36Yx96/bmNh9AuQYWolw/HJlmDXd1e uHKNM5IP6aub0fisGNVBHZXyYynzRTO7EuZPA1VB97V5QRp9u2wkXWZc/BAQejI1st PrUWO71l9bBF1xZ1hXhf5WlJ3fsG5azbYB6Mvn5/fXyRlg9f7BDGl+j7Vf8Q+jU3Mp WJf1ALRCZfHBw== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v15 01/15] tls: add per-protocol cache to support mptcp Date: Sat, 18 Apr 2026 07:47:40 +0800 Message-ID: <9723c2d0f8b059c9d295545983920a9c428cf3db.1776469068.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang The TLS ULP uses a single global array to cache base protocol operations. When MPTCP sockets enable TLS, they overwrite this global cache with mptcp_prot, causing active TCP TLS sockets to use MPTCP-specific ops. This leads to type confusion and kernel panics. Fix by replacing the global cache with a per-protocol linked list. Each protocol (TCP, MPTCP, etc.) now has its own cached operations, stored in struct tls_proto and referenced from tls_context. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- include/net/tls.h | 10 ++++ include/net/tls_toe.h | 3 +- net/tls/tls.h | 3 +- net/tls/tls_main.c | 112 ++++++++++++++++++++++++++---------------- net/tls/tls_toe.c | 5 +- 5 files changed, 87 insertions(+), 46 deletions(-) diff --git a/include/net/tls.h b/include/net/tls.h index ebd2550280ae..f65604270932 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -220,6 +220,14 @@ struct tls_prot_info { u16 tail_size; }; =20 +struct tls_proto { + struct rcu_head rcu; + struct list_head list; + const struct proto *prot; + struct proto prots[TLS_NUM_CONFIG][TLS_NUM_CONFIG]; + struct proto_ops proto_ops[TLS_NUM_CONFIG][TLS_NUM_CONFIG]; +}; + struct tls_context { /* read-only cache line */ struct tls_prot_info prot_info; @@ -257,6 +265,8 @@ struct tls_context { struct proto *sk_proto; struct sock *sk; =20 + struct tls_proto *proto; + void (*sk_destruct)(struct sock *sk); =20 union tls_crypto_context crypto_send; diff --git a/include/net/tls_toe.h b/include/net/tls_toe.h index b3aa7593ce2c..b73029364b2c 100644 --- a/include/net/tls_toe.h +++ b/include/net/tls_toe.h @@ -69,7 +69,8 @@ struct tls_toe_device { struct kref kref; }; =20 -int tls_toe_bypass(struct sock *sk); +int tls_toe_bypass(struct sock *sk, + struct tls_proto *proto); int tls_toe_hash(struct sock *sk); void tls_toe_unhash(struct sock *sk); =20 diff --git a/net/tls/tls.h b/net/tls/tls.h index e8f81a006520..c9e839642c31 100644 --- a/net/tls/tls.h +++ b/net/tls/tls.h @@ -136,7 +136,8 @@ struct tls_rec { int __net_init tls_proc_init(struct net *net); void __net_exit tls_proc_fini(struct net *net); =20 -struct tls_context *tls_ctx_create(struct sock *sk); +struct tls_context *tls_ctx_create(struct sock *sk, + struct tls_proto *proto); void tls_ctx_free(struct sock *sk, struct tls_context *ctx); void update_sk_prot(struct sock *sk, struct tls_context *ctx); =20 diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index fd39acf41a61..b7d59448b0a8 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -52,12 +52,6 @@ MODULE_DESCRIPTION("Transport Layer Security Support"); MODULE_LICENSE("Dual BSD/GPL"); MODULE_ALIAS_TCP_ULP("tls"); =20 -enum { - TLSV4, - TLSV6, - TLS_NUM_PROTS, -}; - #define CHECK_CIPHER_DESC(cipher,ci) \ static_assert(cipher ## _IV_SIZE <=3D TLS_MAX_IV_SIZE); \ static_assert(cipher ## _SALT_SIZE <=3D TLS_MAX_SALT_SIZE); \ @@ -119,23 +113,22 @@ CHECK_CIPHER_DESC(TLS_CIPHER_SM4_CCM, tls12_crypto_in= fo_sm4_ccm); CHECK_CIPHER_DESC(TLS_CIPHER_ARIA_GCM_128, tls12_crypto_info_aria_gcm_128); CHECK_CIPHER_DESC(TLS_CIPHER_ARIA_GCM_256, tls12_crypto_info_aria_gcm_256); =20 -static const struct proto *saved_tcpv6_prot; -static DEFINE_MUTEX(tcpv6_prot_mutex); -static const struct proto *saved_tcpv4_prot; -static DEFINE_MUTEX(tcpv4_prot_mutex); -static struct proto tls_prots[TLS_NUM_PROTS][TLS_NUM_CONFIG][TLS_NUM_CONFI= G]; -static struct proto_ops tls_proto_ops[TLS_NUM_PROTS][TLS_NUM_CONFIG][TLS_N= UM_CONFIG]; +static LIST_HEAD(tls_proto_list); +static DEFINE_MUTEX(tls_proto_mutex); static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG], const struct proto *base); =20 void update_sk_prot(struct sock *sk, struct tls_context *ctx) { - int ip_ver =3D sk->sk_family =3D=3D AF_INET6 ? TLSV6 : TLSV4; + struct tls_proto *proto =3D ctx->proto; + + if (!proto) + return; =20 WRITE_ONCE(sk->sk_prot, - &tls_prots[ip_ver][ctx->tx_conf][ctx->rx_conf]); + &proto->prots[ctx->tx_conf][ctx->rx_conf]); WRITE_ONCE(sk->sk_socket->ops, - &tls_proto_ops[ip_ver][ctx->tx_conf][ctx->rx_conf]); + &proto->proto_ops[ctx->tx_conf][ctx->rx_conf]); } =20 int wait_on_pending_writer(struct sock *sk, long *timeo) @@ -910,7 +903,8 @@ static int tls_disconnect(struct sock *sk, int flags) return -EOPNOTSUPP; } =20 -struct tls_context *tls_ctx_create(struct sock *sk) +struct tls_context *tls_ctx_create(struct sock *sk, + struct tls_proto *proto) { struct inet_connection_sock *icsk =3D inet_csk(sk); struct tls_context *ctx; @@ -921,6 +915,7 @@ struct tls_context *tls_ctx_create(struct sock *sk) =20 mutex_init(&ctx->tx_lock); ctx->sk_proto =3D READ_ONCE(sk->sk_prot); + ctx->proto =3D proto; ctx->sk =3D sk; /* Release semantic of rcu_assign_pointer() ensures that * ctx->sk_proto is visible before changing sk->sk_prot in @@ -968,35 +963,64 @@ static void build_proto_ops(struct proto_ops ops[TLS_= NUM_CONFIG][TLS_NUM_CONFIG] #endif } =20 -static void tls_build_proto(struct sock *sk) +static struct tls_proto *tls_proto_find(const struct proto *prot) { - int ip_ver =3D sk->sk_family =3D=3D AF_INET6 ? TLSV6 : TLSV4; - struct proto *prot =3D READ_ONCE(sk->sk_prot); + struct tls_proto *proto, *ret =3D NULL; =20 - /* Build IPv6 TLS whenever the address of tcpv6 _prot changes */ - if (ip_ver =3D=3D TLSV6 && - unlikely(prot !=3D smp_load_acquire(&saved_tcpv6_prot))) { - mutex_lock(&tcpv6_prot_mutex); - if (likely(prot !=3D saved_tcpv6_prot)) { - build_protos(tls_prots[TLSV6], prot); - build_proto_ops(tls_proto_ops[TLSV6], - sk->sk_socket->ops); - smp_store_release(&saved_tcpv6_prot, prot); + rcu_read_lock(); + list_for_each_entry_rcu(proto, &tls_proto_list, list) { + if (proto->prot =3D=3D prot) { + ret =3D proto; + break; } - mutex_unlock(&tcpv6_prot_mutex); } + rcu_read_unlock(); + return ret; +} =20 - if (ip_ver =3D=3D TLSV4 && - unlikely(prot !=3D smp_load_acquire(&saved_tcpv4_prot))) { - mutex_lock(&tcpv4_prot_mutex); - if (likely(prot !=3D saved_tcpv4_prot)) { - build_protos(tls_prots[TLSV4], prot); - build_proto_ops(tls_proto_ops[TLSV4], - sk->sk_socket->ops); - smp_store_release(&saved_tcpv4_prot, prot); - } - mutex_unlock(&tcpv4_prot_mutex); +static void tls_proto_cleanup(void) +{ + struct tls_proto *prot, *tmp; + + mutex_lock(&tls_proto_mutex); + list_for_each_entry_safe(prot, tmp, &tls_proto_list, list) { + list_del_rcu(&prot->list); + kfree_rcu(prot, rcu); } + mutex_unlock(&tls_proto_mutex); +} + +static struct tls_proto *tls_build_proto(struct sock *sk) +{ + struct proto *prot =3D READ_ONCE(sk->sk_prot); + struct tls_proto *proto; + + proto =3D tls_proto_find(prot); + if (proto) + return proto; + + mutex_lock(&tls_proto_mutex); + /* Re-check under lock */ + proto =3D tls_proto_find(prot); + if (proto) { + mutex_unlock(&tls_proto_mutex); + return proto; + } + + proto =3D kzalloc(sizeof(*proto), GFP_KERNEL); + if (!proto) { + mutex_unlock(&tls_proto_mutex); + return NULL; + } + + proto->prot =3D prot; + build_protos(proto->prots, prot); + build_proto_ops(proto->proto_ops, + sk->sk_socket->ops); + list_add_rcu(&proto->list, &tls_proto_list); + mutex_unlock(&tls_proto_mutex); + + return proto; } =20 static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG], @@ -1046,13 +1070,16 @@ static void build_protos(struct proto prot[TLS_NUM_= CONFIG][TLS_NUM_CONFIG], =20 static int tls_init(struct sock *sk) { + struct tls_proto *proto; struct tls_context *ctx; int rc =3D 0; =20 - tls_build_proto(sk); + proto =3D tls_build_proto(sk); + if (!proto) + return -ENOMEM; =20 #ifdef CONFIG_TLS_TOE - if (tls_toe_bypass(sk)) + if (tls_toe_bypass(sk, proto)) return 0; #endif =20 @@ -1067,7 +1094,7 @@ static int tls_init(struct sock *sk) =20 /* allocate tls context */ write_lock_bh(&sk->sk_callback_lock); - ctx =3D tls_ctx_create(sk); + ctx =3D tls_ctx_create(sk, proto); if (!ctx) { rc =3D -ENOMEM; goto out; @@ -1264,6 +1291,7 @@ static int __init tls_register(void) =20 static void __exit tls_unregister(void) { + tls_proto_cleanup(); tcp_unregister_ulp(&tcp_tls_ulp_ops); tls_strp_dev_exit(); tls_device_cleanup(); diff --git a/net/tls/tls_toe.c b/net/tls/tls_toe.c index 825669e1ab47..3c63f9b4c8af 100644 --- a/net/tls/tls_toe.c +++ b/net/tls/tls_toe.c @@ -54,7 +54,8 @@ static void tls_toe_sk_destruct(struct sock *sk) tls_ctx_free(sk, ctx); } =20 -int tls_toe_bypass(struct sock *sk) +int tls_toe_bypass(struct sock *sk, + struct tls_proto *proto) { struct tls_toe_device *dev; struct tls_context *ctx; @@ -63,7 +64,7 @@ int tls_toe_bypass(struct sock *sk) spin_lock_bh(&device_spinlock); list_for_each_entry(dev, &device_list, dev_list) { if (dev->feature && dev->feature(dev)) { - ctx =3D tls_ctx_create(sk); + ctx =3D tls_ctx_create(sk, proto); if (!ctx) goto out; =20 --=20 2.51.0 From nobody Sat Apr 18 05:31:36 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A63E435C19F for ; Fri, 17 Apr 2026 23:48:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776469703; cv=none; b=CMHug4navFPw+iSIwgKYZc3WRdi2dUWPcRbXTdXPmVhPa1pd7S3ZVilZuxB355ERR8Wb1mjCoMIh3LgrYx7bUO78YNEeVwBrMZOlOdDBaHXebFide3QZG8CoZxuLDyRDdFiU4xwMEp2AHGeN6xNTHf6pSQkL1R4k2CybcoK6Iro= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776469703; c=relaxed/simple; bh=4ksfCEh6aF+WLh5McrphHRaxSC1SEj05Ptb0M1Fxk98=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ILR/m1L939AUXX6SuHe6/BjzWX6fZfXjtPwnga3C6rnjLZeYwgb4Ua4onIJ9lJcKN+dNugdS8VhhraJIjRjou6JWIPWVe9SjG8I6xWtmze5PPEgZtwnA6nLhxPCRr5L81vLl9AbJ0O7IH2McMGOKyWZ83x6HrBTZQlf6k+QzmB4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=U9l+HZzp; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="U9l+HZzp" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3EC47C2BCB5; Fri, 17 Apr 2026 23:48:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1776469703; bh=4ksfCEh6aF+WLh5McrphHRaxSC1SEj05Ptb0M1Fxk98=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=U9l+HZzpE1bsOObRaiTmg5GixRuEpIzBfmDjx997/BCfSHAw0z4QIPM8MOFdGhmjn QwGAMW+oKSQnShLBD1jzaojlatoTjn5tvQ15pyZMmQChaKqKQ7k6ExCuee/n2TDnh2 W1YqWo+vjoY0TqrCP88hSC0HBU3AA/R7pvNBckJOKbZNMdbyka9aIQZ8+uU0KJ6OXc G6ClimA6AJsMj7OS/+3aIA0szjG8smF+3TaVm6szTpoW0GB0sdIk3TG/8RsXpH0WtZ FjDO9D7+Ya036gKlATZVmEIglzCOSwVy9YbgVzlDuvr8Olc7O/dgAUz41hBWrL6vDA 8wyIXOwskC0nw== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v15 02/15] tls: introduce struct tls_prot_ops Date: Sat, 18 Apr 2026 07:47:41 +0800 Message-ID: X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang To extend MPTCP support based on TCP TLS, a tls_prot_ops structure has been introduced for TLS, encapsulating TCP-specific helpers within this structure. Add registering, validating and finding functions for this structure to add, validate and find a tls_prot_ops on the global list tls_prot_ops_list. Register TCP-specific structure tls_tcp_ops in tls_init(). Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- include/net/tls.h | 19 +++++++++ net/tls/tls_main.c | 97 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 116 insertions(+) diff --git a/include/net/tls.h b/include/net/tls.h index f65604270932..3c73e61ce4a3 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -220,6 +220,25 @@ struct tls_prot_info { u16 tail_size; }; =20 +struct tls_prot_ops { + int protocol; + struct module *owner; + struct list_head list; + + int (*inq)(struct sock *sk); + int (*sendmsg_locked)(struct sock *sk, struct msghdr *msg, size_t size); + struct sk_buff *(*recv_skb)(struct sock *sk, u32 *off); + bool (*lock_is_held)(struct sock *sk); + int (*read_sock)(struct sock *sk, read_descriptor_t *desc, + sk_read_actor_t recv_actor); + void (*read_done)(struct sock *sk, size_t len); + u32 (*get_skb_seq)(struct sk_buff *skb); + __poll_t (*poll)(struct file *file, struct socket *sock, + struct poll_table_struct *wait); + bool (*epollin_ready)(const struct sock *sk); + void (*check_app_limited)(struct sock *sk); +}; + struct tls_proto { struct rcu_head rcu; struct list_head list; diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index b7d59448b0a8..5fe030fce19d 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -115,9 +115,27 @@ CHECK_CIPHER_DESC(TLS_CIPHER_ARIA_GCM_256, tls12_crypt= o_info_aria_gcm_256); =20 static LIST_HEAD(tls_proto_list); static DEFINE_MUTEX(tls_proto_mutex); +static LIST_HEAD(tls_prot_ops_list); +static DEFINE_SPINLOCK(tls_prot_ops_lock); static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG], const struct proto *base); =20 +static struct tls_prot_ops *tls_prot_ops_find(int protocol) +{ + struct tls_prot_ops *ops, *ret =3D NULL; + + rcu_read_lock(); + list_for_each_entry_rcu(ops, &tls_prot_ops_list, list) { + if (ops->protocol =3D=3D protocol) { + ret =3D ops; + break; + } + } + rcu_read_unlock(); + + return ret; +} + void update_sk_prot(struct sock *sk, struct tls_context *ctx) { struct tls_proto *proto =3D ctx->proto; @@ -1263,6 +1281,82 @@ static struct tcp_ulp_ops tcp_tls_ulp_ops __read_mos= tly =3D { .get_info_size =3D tls_get_info_size, }; =20 +static int tls_validate_prot_ops(const struct tls_prot_ops *ops) +{ + if (!ops->inq || !ops->sendmsg_locked || + !ops->recv_skb || !ops->lock_is_held || + !ops->read_sock || !ops->read_done || + !ops->get_skb_seq || + !ops->poll || !ops->epollin_ready || + !ops->check_app_limited) { + pr_err("%d does not implement required ops\n", ops->protocol); + return -EINVAL; + } + + return 0; +} + +static int tls_register_prot_ops(struct tls_prot_ops *ops) +{ + int ret; + + ret =3D tls_validate_prot_ops(ops); + if (ret) + return ret; + + spin_lock(&tls_prot_ops_lock); + if (tls_prot_ops_find(ops->protocol)) { + spin_unlock(&tls_prot_ops_lock); + return -EEXIST; + } + list_add_tail_rcu(&ops->list, &tls_prot_ops_list); + spin_unlock(&tls_prot_ops_lock); + + pr_debug("tls_prot_ops %d registered\n", ops->protocol); + return 0; +} + +static void tls_unregister_prot_ops(struct tls_prot_ops *ops) +{ + spin_lock(&tls_prot_ops_lock); + list_del_rcu(&ops->list); + spin_unlock(&tls_prot_ops_lock); +} + +static struct sk_buff *tls_tcp_recv_skb(struct sock *sk, u32 *off) +{ + return tcp_recv_skb(sk, tcp_sk(sk)->copied_seq, off); +} + +static bool tls_tcp_lock_is_held(struct sock *sk) +{ + return sock_owned_by_user_nocheck(sk); +} + +static u32 tls_tcp_get_skb_seq(struct sk_buff *skb) +{ + return TCP_SKB_CB(skb)->seq; +} + +static bool tls_tcp_epollin_ready(const struct sock *sk) +{ + return tcp_epollin_ready(sk, INT_MAX); +} + +static struct tls_prot_ops tls_tcp_ops =3D { + .protocol =3D IPPROTO_TCP, + .inq =3D tcp_inq, + .sendmsg_locked =3D tcp_sendmsg_locked, + .recv_skb =3D tls_tcp_recv_skb, + .lock_is_held =3D tls_tcp_lock_is_held, + .read_sock =3D tcp_read_sock, + .read_done =3D tcp_read_done, + .get_skb_seq =3D tls_tcp_get_skb_seq, + .poll =3D tcp_poll, + .epollin_ready =3D tls_tcp_epollin_ready, + .check_app_limited =3D tcp_rate_check_app_limited, +}; + static int __init tls_register(void) { int err; @@ -1281,6 +1375,8 @@ static int __init tls_register(void) =20 tcp_register_ulp(&tcp_tls_ulp_ops); =20 + tls_register_prot_ops(&tls_tcp_ops); + return 0; err_strp: tls_strp_dev_exit(); @@ -1292,6 +1388,7 @@ static int __init tls_register(void) static void __exit tls_unregister(void) { tls_proto_cleanup(); + tls_unregister_prot_ops(&tls_tcp_ops); tcp_unregister_ulp(&tcp_tls_ulp_ops); tls_strp_dev_exit(); tls_device_cleanup(); --=20 2.51.0 From nobody Sat Apr 18 05:31:36 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 54ECA34DB6D for ; Fri, 17 Apr 2026 23:48:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776469705; cv=none; b=VODbc/MmxjeFwjc4X+p8ZycexwtNd4VIRGPE515R6xX2V0aqeCpPMmojuMYD/AB0lges1hpb/vwZxnS2x1dsrqv98oInR3Bu7tOtkJ9OjJSzsaVOaCSMDNt1rkGdDmosW/sG/Wxg5FnvxgpwtypBjBv30UCffXWuZHhooWWnp8s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776469705; c=relaxed/simple; bh=QN9JnSo4ZjHKtB08iZYvbY8bJtFfdtXk/FZCVopUuuk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=amsL3xPJ+wgw8cVkqVJraoMCEQBQFpht4/1/qdWJlQd+fWMJ/Wi0UQ+E2wcJbuGU5lOwnWLtmFZ0S314zcpNu9yG+kzOXFQ+PskDJXqdngtn1ZxFNgMF8ZQzrJL5WRDD314ykV4ZgiQi7TICCoX/hZn9eHexz/vhOrlVB8ppwWY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=aXoWFUiR; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="aXoWFUiR" Received: by smtp.kernel.org (Postfix) with ESMTPSA id C4027C19425; Fri, 17 Apr 2026 23:48:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1776469704; bh=QN9JnSo4ZjHKtB08iZYvbY8bJtFfdtXk/FZCVopUuuk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=aXoWFUiRBc5k2URi4BR/kI6ZApyVhmsSjUWJn1ehmNmEfOczTP4T9yO5LL/TKcNRi CwCFgHLWQcCLyBxiUrtD9uv41bYhG+ONzgMbzXpeJH7ER6a5RoQoUMwjKkox997WOs PBBsmI/2rVBOU/j2gBt9ZPDYgzZMW1C0aUeDg6+dQLLWViEPxzSmICWlV7dcknKQUB WEdNHBLGEOnQw7QQyV+6hJpiHL4AcRNKHKvccvTXaqpfokptMFp4L4eYTxe/Flp6bq oj5FoXuEeEOcukQ8Cu2LwVsKY2RprzW6cn1pZqPF7rA9Deg88eiFnpNiPzTpgo8t7m ZRh9Si9mj6jfg== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v15 03/15] tls: add tls_prot_ops pointer to tls_proto Date: Sat, 18 Apr 2026 07:47:42 +0800 Message-ID: <1f99af1c361fe7bc8e7da04a209295e313a0d217.1776469068.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang A pointer to struct tls_prot_ops, named 'ops', has been added to struct tls_proto. The places originally calling TLS-specific helpers have now been modified to indirectly invoke them via 'ops' pointer in tls_proto. In tls_build_proto(), proto->ops is assigned either 'tls_mptcp_ops' or 'tls_tcp_ops' based on the socket protocol. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- include/net/tls.h | 1 + net/tls/tls_main.c | 16 ++++++++++++---- net/tls/tls_strp.c | 33 ++++++++++++++++++++++----------- net/tls/tls_sw.c | 7 +++++-- 4 files changed, 40 insertions(+), 17 deletions(-) diff --git a/include/net/tls.h b/include/net/tls.h index 3c73e61ce4a3..9d01e151035d 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -243,6 +243,7 @@ struct tls_proto { struct rcu_head rcu; struct list_head list; const struct proto *prot; + const struct tls_prot_ops *ops; struct proto prots[TLS_NUM_CONFIG][TLS_NUM_CONFIG]; struct proto_ops proto_ops[TLS_NUM_CONFIG][TLS_NUM_CONFIG]; }; diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index 5fe030fce19d..ba0a0e622c75 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -199,13 +199,13 @@ int tls_push_sg(struct sock *sk, ctx->splicing_pages =3D true; while (1) { /* is sending application-limited? */ - tcp_rate_check_app_limited(sk); + ctx->proto->ops->check_app_limited(sk); p =3D sg_page(sg); retry: bvec_set_page(&bvec, p, size, offset); iov_iter_bvec(&msg.msg_iter, ITER_SOURCE, &bvec, 1, size); =20 - ret =3D tcp_sendmsg_locked(sk, &msg, size); + ret =3D ctx->proto->ops->sendmsg_locked(sk, &msg, size); =20 if (ret !=3D size) { if (ret > 0) { @@ -420,14 +420,14 @@ static __poll_t tls_sk_poll(struct file *file, struct= socket *sock, u8 shutdown; int state; =20 - mask =3D tcp_poll(file, sock, wait); + tls_ctx =3D tls_get_ctx(sk); + mask =3D tls_ctx->proto->ops->poll(file, sock, wait); =20 state =3D inet_sk_state_load(sk); shutdown =3D READ_ONCE(sk->sk_shutdown); if (unlikely(state !=3D TCP_ESTABLISHED || shutdown & RCV_SHUTDOWN)) return mask; =20 - tls_ctx =3D tls_get_ctx(sk); ctx =3D tls_sw_ctx_rx(tls_ctx); psock =3D sk_psock_get(sk); =20 @@ -1011,6 +1011,7 @@ static void tls_proto_cleanup(void) static struct tls_proto *tls_build_proto(struct sock *sk) { struct proto *prot =3D READ_ONCE(sk->sk_prot); + struct tls_prot_ops *ops; struct tls_proto *proto; =20 proto =3D tls_proto_find(prot); @@ -1025,6 +1026,12 @@ static struct tls_proto *tls_build_proto(struct sock= *sk) return proto; } =20 + ops =3D tls_prot_ops_find(sk->sk_protocol); + if (!ops) { + mutex_unlock(&tls_proto_mutex); + return NULL; + } + proto =3D kzalloc(sizeof(*proto), GFP_KERNEL); if (!proto) { mutex_unlock(&tls_proto_mutex); @@ -1032,6 +1039,7 @@ static struct tls_proto *tls_build_proto(struct sock = *sk) } =20 proto->prot =3D prot; + proto->ops =3D ops; build_protos(proto->prots, prot); build_proto_ops(proto->proto_ops, sk->sk_socket->ops); diff --git a/net/tls/tls_strp.c b/net/tls/tls_strp.c index 98e12f0ff57e..94407b639820 100644 --- a/net/tls/tls_strp.c +++ b/net/tls/tls_strp.c @@ -120,6 +120,7 @@ struct sk_buff *tls_strp_msg_detach(struct tls_sw_conte= xt_rx *ctx) int tls_strp_msg_cow(struct tls_sw_context_rx *ctx) { struct tls_strparser *strp =3D &ctx->strp; + struct tls_context *tls_ctx; struct sk_buff *skb; =20 if (strp->copy_mode) @@ -132,7 +133,8 @@ int tls_strp_msg_cow(struct tls_sw_context_rx *ctx) tls_strp_anchor_free(strp); strp->anchor =3D skb; =20 - tcp_read_done(strp->sk, strp->stm.full_len); + tls_ctx =3D tls_get_ctx(strp->sk); + tls_ctx->proto->ops->read_done(strp->sk, strp->stm.full_len); strp->copy_mode =3D 1; =20 return 0; @@ -376,6 +378,7 @@ static int tls_strp_copyin(read_descriptor_t *desc, str= uct sk_buff *in_skb, =20 static int tls_strp_read_copyin(struct tls_strparser *strp) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); read_descriptor_t desc; =20 desc.arg.data =3D strp; @@ -383,13 +386,14 @@ static int tls_strp_read_copyin(struct tls_strparser = *strp) desc.count =3D 1; /* give more than one skb per call */ =20 /* sk should be locked here, so okay to do read_sock */ - tcp_read_sock(strp->sk, &desc, tls_strp_copyin); + ctx->proto->ops->read_sock(strp->sk, &desc, tls_strp_copyin); =20 return desc.error; } =20 static int tls_strp_read_copy(struct tls_strparser *strp, bool qshort) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); struct skb_shared_info *shinfo; struct page *page; int need_spc, len; @@ -398,7 +402,7 @@ static int tls_strp_read_copy(struct tls_strparser *str= p, bool qshort) * to read the data out. Otherwise the connection will stall. * Without pressure threshold of INT_MAX will never be ready. */ - if (likely(qshort && !tcp_epollin_ready(strp->sk, INT_MAX))) + if (likely(qshort && !ctx->proto->ops->epollin_ready(strp->sk))) return 0; =20 shinfo =3D skb_shinfo(strp->anchor); @@ -434,12 +438,13 @@ static int tls_strp_read_copy(struct tls_strparser *s= trp, bool qshort) static bool tls_strp_check_queue_ok(struct tls_strparser *strp) { unsigned int len =3D strp->stm.offset + strp->stm.full_len; + struct tls_context *ctx =3D tls_get_ctx(strp->sk); struct sk_buff *first, *skb; u32 seq; =20 first =3D skb_shinfo(strp->anchor)->frag_list; skb =3D first; - seq =3D TCP_SKB_CB(first)->seq; + seq =3D ctx->proto->ops->get_skb_seq(first); =20 /* Make sure there's no duplicate data in the queue, * and the decrypted status matches. @@ -449,7 +454,7 @@ static bool tls_strp_check_queue_ok(struct tls_strparse= r *strp) len -=3D skb->len; skb =3D skb->next; =20 - if (TCP_SKB_CB(skb)->seq !=3D seq) + if (ctx->proto->ops->get_skb_seq(skb) !=3D seq) return false; if (skb_cmp_decrypted(first, skb)) return false; @@ -460,11 +465,11 @@ static bool tls_strp_check_queue_ok(struct tls_strpar= ser *strp) =20 static void tls_strp_load_anchor_with_queue(struct tls_strparser *strp, in= t len) { - struct tcp_sock *tp =3D tcp_sk(strp->sk); + struct tls_context *ctx =3D tls_get_ctx(strp->sk); struct sk_buff *first; u32 offset; =20 - first =3D tcp_recv_skb(strp->sk, tp->copied_seq, &offset); + first =3D ctx->proto->ops->recv_skb(strp->sk, &offset); if (WARN_ON_ONCE(!first)) return; =20 @@ -483,6 +488,7 @@ static void tls_strp_load_anchor_with_queue(struct tls_= strparser *strp, int len) =20 bool tls_strp_msg_load(struct tls_strparser *strp, bool force_refresh) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); struct strp_msg *rxm; struct tls_msg *tlm; =20 @@ -490,7 +496,7 @@ bool tls_strp_msg_load(struct tls_strparser *strp, bool= force_refresh) DEBUG_NET_WARN_ON_ONCE(!strp->stm.full_len); =20 if (!strp->copy_mode && force_refresh) { - if (unlikely(tcp_inq(strp->sk) < strp->stm.full_len)) { + if (unlikely(ctx->proto->ops->inq(strp->sk) < strp->stm.full_len)) { WRITE_ONCE(strp->msg_ready, 0); memset(&strp->stm, 0, sizeof(strp->stm)); return false; @@ -511,9 +517,10 @@ bool tls_strp_msg_load(struct tls_strparser *strp, boo= l force_refresh) /* Called with lock held on lower socket */ static int tls_strp_read_sock(struct tls_strparser *strp) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); int sz, inq; =20 - inq =3D tcp_inq(strp->sk); + inq =3D ctx->proto->ops->inq(strp->sk); if (inq < 1) return 0; =20 @@ -556,6 +563,8 @@ void tls_strp_check_rcv(struct tls_strparser *strp) /* Lower sock lock held */ void tls_strp_data_ready(struct tls_strparser *strp) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); + /* This check is needed to synchronize with do_tls_strp_work. * do_tls_strp_work acquires a process lock (lock_sock) whereas * the lock held here is bh_lock_sock. The two locks can be @@ -563,7 +572,7 @@ void tls_strp_data_ready(struct tls_strparser *strp) * allows a thread in BH context to safely check if the process * lock is held. In this case, if the lock is held, queue work. */ - if (sock_owned_by_user_nocheck(strp->sk)) { + if (ctx->proto->ops->lock_is_held(strp->sk)) { queue_work(tls_strp_wq, &strp->work); return; } @@ -583,10 +592,12 @@ static void tls_strp_work(struct work_struct *w) =20 void tls_strp_msg_done(struct tls_strparser *strp) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); + WARN_ON(!strp->stm.full_len); =20 if (likely(!strp->copy_mode)) - tcp_read_done(strp->sk, strp->stm.full_len); + ctx->proto->ops->read_done(strp->sk, strp->stm.full_len); else tls_strp_flush_anchor_copy(strp); =20 diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 94d2ae0daa8c..af8b60ddcc00 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -1963,13 +1963,14 @@ tls_read_flush_backlog(struct sock *sk, struct tls_= prot_info *prot, size_t len_left, size_t decrypted, ssize_t done, size_t *flushed_at) { + struct tls_context *tls_ctx =3D tls_get_ctx(sk); size_t max_rec; =20 if (len_left <=3D decrypted) return false; =20 max_rec =3D prot->overhead_size - prot->tail_size + TLS_MAX_PAYLOAD_SIZE; - if (done - *flushed_at < SZ_128K && tcp_inq(sk) > max_rec) + if (done - *flushed_at < SZ_128K && tls_ctx->proto->ops->inq(sk) > max_re= c) return false; =20 *flushed_at =3D done; @@ -2455,6 +2456,7 @@ int tls_rx_msg_size(struct tls_strparser *strp, struc= t sk_buff *skb) size_t cipher_overhead; size_t data_len =3D 0; int ret; + u32 seq; =20 /* Verify that we have a full TLS header, or wait for more data */ if (strp->stm.offset + prot->prepend_size > skb->len) @@ -2497,8 +2499,9 @@ int tls_rx_msg_size(struct tls_strparser *strp, struc= t sk_buff *skb) goto read_failure; } =20 + seq =3D tls_ctx->proto->ops->get_skb_seq(skb); tls_device_rx_resync_new_rec(strp->sk, data_len + TLS_HEADER_SIZE, - TCP_SKB_CB(skb)->seq + strp->stm.offset); + seq + strp->stm.offset); return data_len + TLS_HEADER_SIZE; =20 read_failure: --=20 2.51.0 From nobody Sat Apr 18 05:31:36 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ADDC4371CF4 for ; Fri, 17 Apr 2026 23:48:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776469706; cv=none; b=fbuoPRQXrshRMk5D94AxZZUf30skepF0Mc5k9xqvdq+CW4AgKfzwKK/b8eux8ysztASR/8VVeJndgmE3K5dWb8kqimXmF/cNkrkbLJUuzfQT3WcH33U8rkHK+O3b57iXP+ae9tX4NAAMvhrLeE4O2h3+InHAK+PMCNIJZCftZk0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776469706; c=relaxed/simple; bh=r8MNZp5WgROb15YVC5fOdejPhTj9GUw9kijbF96W7ZI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=FXDtg86Uel8Rg1nkjSC2yv/Y4UUgL+Jw1dk3xtQc9daJpuvTi6suCUQTfca5yl2rHuN9PAoCYJXEdu+4m5ihwB18hKdFOZnwa8V2K+5KELTAw/n7/nKiyduXxmA+A/a1/y25DErU+b3ywQS83DEedhBdjXJ54yXPZAKJkDQTAFo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=HTiWrcN2; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="HTiWrcN2" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4F801C2BCB3; Fri, 17 Apr 2026 23:48:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1776469706; bh=r8MNZp5WgROb15YVC5fOdejPhTj9GUw9kijbF96W7ZI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=HTiWrcN2W7cwnCR3hu3BLFhWM2LCetx/2YcOALvzDl7JIvTkTLGxBg7K3niGQd5rI m9s6JYa+NOU+BDj8GcdIeYwpZsLj2KI4suQ7ta7rsvWWn5CXD8YjRuL24xgcm6Vjod Md1tPVo/nRScZsiojIWiQsUfK8BIggzGzKXh519uSECU7engocXpvVphVAh4WAoa2I pCMe19+RqeDyUbpW7Tx2d/CgDJWQb0Lwwfpwr6CI/LEfaZX1uKrVjfkbN69fhRfEji ptN69OtJgLgL61Bh/jyliPlMfNDosMNVxthAJGa9jNdSGwVwRpu57BXySvG/mFH2w+ 7jPsQLYd7GwUA== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Gang Yan , Geliang Tang Subject: [RFC mptcp-next v15 04/15] mptcp: update mptcp_check_readable Date: Sat, 18 Apr 2026 07:47:43 +0800 Message-ID: X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Gang Yan This patch makes mptcp_check_readable() aligned with TCP, and renames it to mptcp_stream_is_readable(). It will be used in the case of KTLS, because 'prot' will be modified, tls_sw_sock_is_readable() is expected to be called from prot->sock_is_readable(). Co-developed-by: Geliang Tang Signed-off-by: Geliang Tang Signed-off-by: Gang Yan --- net/mptcp/protocol.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 6b486fc94c16..b08010040b07 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3262,9 +3262,11 @@ void __mptcp_unaccepted_force_close(struct sock *sk) __mptcp_destroy_sock(sk); } =20 -static __poll_t mptcp_check_readable(struct sock *sk) +static bool mptcp_stream_is_readable(struct sock *sk) { - return mptcp_epollin_ready(sk) ? EPOLLIN | EPOLLRDNORM : 0; + if (mptcp_epollin_ready(sk)) + return true; + return sk_is_readable(sk); } =20 static void mptcp_check_listen_stop(struct sock *sk) @@ -4326,7 +4328,8 @@ static __poll_t mptcp_poll(struct file *file, struct = socket *sock, mask |=3D EPOLLIN | EPOLLRDNORM | EPOLLRDHUP; =20 if (state !=3D TCP_SYN_SENT && state !=3D TCP_SYN_RECV) { - mask |=3D mptcp_check_readable(sk); + if (mptcp_stream_is_readable(sk)) + mask |=3D EPOLLIN | EPOLLRDNORM; if (shutdown & SEND_SHUTDOWN) mask |=3D EPOLLOUT | EPOLLWRNORM; else --=20 2.51.0 From nobody Sat Apr 18 05:31:36 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E90B135C19F for ; Fri, 17 Apr 2026 23:48:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776469708; cv=none; b=CqgTk8WGK1/fzMTsZ2p0ILGy9FnAVWctINWeLuvJ/utTCZQp5RbcJNqcGYUX5Qa7QpK4mJAPgCOdUjyRd6g2jcyQSOFT5DX9H/mkNUePYuzgR34WZEx8T9zh9z6EfCsQfRfwQM2oKM40cepqY0bNG0Vs4XmGoBvrC0NoZu/HDd8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776469708; c=relaxed/simple; bh=DXPzLibDDPO4uSjZwTCPJC1MXfwuExxUqeG7JWPg8AY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=srKu3/NVH0tXBoORNG9sPgzj5NUzsAL5S8D4rWJaU+bviXtoAMlHrs1phe2R1DePwnAKRfvUGjwJchNA8qOS3qqJRm1Mbgw2JsmyISFgYLUU/AQltZ63KdVc3a5dEiGkQua16/sjYevFBJd4agpoA1rRTsb4mRvzuAo0BLDwq48= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=HJz15i8l; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="HJz15i8l" Received: by smtp.kernel.org (Postfix) with ESMTPSA id CC156C2BCB5; Fri, 17 Apr 2026 23:48:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1776469707; bh=DXPzLibDDPO4uSjZwTCPJC1MXfwuExxUqeG7JWPg8AY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=HJz15i8laM5uasaKP+f1iAYcJDcvC7WheFLOL/HjviT5d8DorlsuclEYxA9jVrzov Xox28f3mUaNyRQvVIRyFyXj2IyJOJYIe+ySrvmJ6emgXMS2By0rnLRY45lPzlsWxBU 1BoCQuvfhmnrGy5Ry1gTyBe/74cKqE1RnN7Yey9VOeTqzHPic97bQfukKBfcKehL1S a6/v6sy3Od8TU8Y1+jJYHtQxK0ufi/WEIFN93P2ZzLQsBGCntvI5QX4oynzJLEY61y uCcqXXWUrk++AO4UWyNC5ii6EW02QyLJtnvWnYCff8dL+rNQ3XEtYTUICFatFvvQXy neTQmooSYG4Ag== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v15 05/15] mptcp: implement tls_mptcp_ops Date: Sat, 18 Apr 2026 07:47:44 +0800 Message-ID: <41c9792bb87a49d2586e775471c27201b16bb080.1776469068.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang This patch implements the MPTCP-specific struct tls_prot_ops, named 'tls_mptcp_ops'. Note that there is a slight difference between mptcp_inq() and mptcp_inq_hint(), it does not return 1 when the socket is closed or shut down; instead, it returns 0. Otherwise, it would break the condition "inq < 1" in tls_strp_read_sock(). Passing an MPTCP socket to tcp_sock_rate_check_app_limited() can trigger a crash. Here, an MPTCP version of check_app_limited() is implemented, which calls tcp_sock_rate_check_app_limited() for each subflow. When MPTCP implements lock_is_held interface, it not only checks sock_owned_by_user_nocheck(sk) as TCP does, but also needs to check whether the MPTCP data lock is held. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- include/net/mptcp.h | 2 + include/net/tcp.h | 1 + net/ipv4/tcp.c | 9 +++- net/mptcp/protocol.c | 107 ++++++++++++++++++++++++++++++++++++++++--- net/mptcp/protocol.h | 1 + net/tls/tls_main.c | 6 +++ 6 files changed, 118 insertions(+), 8 deletions(-) diff --git a/include/net/mptcp.h b/include/net/mptcp.h index 4cf59e83c1c5..02564eceeb7e 100644 --- a/include/net/mptcp.h +++ b/include/net/mptcp.h @@ -132,6 +132,8 @@ struct mptcp_pm_ops { void (*release)(struct mptcp_sock *msk); } ____cacheline_aligned_in_smp; =20 +extern struct tls_prot_ops tls_mptcp_ops; + #ifdef CONFIG_MPTCP void mptcp_init(void); =20 diff --git a/include/net/tcp.h b/include/net/tcp.h index dfa52ceefd23..a6966dac44c0 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -852,6 +852,7 @@ static inline int tcp_bound_to_half_wnd(struct tcp_sock= *tp, int pktsize) =20 /* tcp.c */ void tcp_get_info(struct sock *, struct tcp_info *); +void tcp_sock_rate_check_app_limited(struct tcp_sock *tp); void tcp_rate_check_app_limited(struct sock *sk); =20 /* Read 'sendfile()'-style from a TCP socket */ diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index d685b65f53fe..0281c334789b 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -1100,9 +1100,9 @@ int tcp_sendmsg_fastopen(struct sock *sk, struct msgh= dr *msg, int *copied, } =20 /* If a gap is detected between sends, mark the socket application-limited= . */ -void tcp_rate_check_app_limited(struct sock *sk) +void tcp_sock_rate_check_app_limited(struct tcp_sock *tp) { - struct tcp_sock *tp =3D tcp_sk(sk); + struct sock *sk =3D (struct sock *)tp; =20 if (/* We have less than one packet to send. */ tp->write_seq - tp->snd_nxt < tp->mss_cache && @@ -1115,6 +1115,11 @@ void tcp_rate_check_app_limited(struct sock *sk) tp->app_limited =3D (tp->delivered + tcp_packets_in_flight(tp)) ? : 1; } + +void tcp_rate_check_app_limited(struct sock *sk) +{ + tcp_sock_rate_check_app_limited(tcp_sk(sk)); +} EXPORT_SYMBOL_GPL(tcp_rate_check_app_limited); =20 int tcp_sendmsg_locked(struct sock *sk, struct msghdr *msg, size_t size) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index b08010040b07..a4fda39499b7 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -24,11 +24,12 @@ #include #include #include +#include #include #include "protocol.h" #include "mib.h" =20 -static unsigned int mptcp_inq_hint(const struct sock *sk); +static unsigned int mptcp_inq_hint(struct sock *sk); =20 #define CREATE_TRACE_POINTS #include @@ -1895,7 +1896,7 @@ static void mptcp_rps_record_subflows(const struct mp= tcp_sock *msk) } } =20 -static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) +static int mptcp_sendmsg_locked(struct sock *sk, struct msghdr *msg, size_= t len) { struct mptcp_sock *msk =3D mptcp_sk(sk); struct page_frag *pfrag; @@ -1907,8 +1908,6 @@ static int mptcp_sendmsg(struct sock *sk, struct msgh= dr *msg, size_t len) msg->msg_flags &=3D MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL | MSG_FASTOPEN | MSG_EOR; =20 - lock_sock(sk); - mptcp_rps_record_subflows(msk); =20 if (unlikely(inet_test_bit(DEFER_CONNECT, sk) || @@ -2024,7 +2023,6 @@ static int mptcp_sendmsg(struct sock *sk, struct msgh= dr *msg, size_t len) } =20 out: - release_sock(sk); return copied; =20 do_error: @@ -2035,6 +2033,17 @@ static int mptcp_sendmsg(struct sock *sk, struct msg= hdr *msg, size_t len) goto out; } =20 +static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) +{ + int ret; + + lock_sock(sk); + ret =3D mptcp_sendmsg_locked(sk, msg, len); + release_sock(sk); + + return ret; +} + static void mptcp_rcv_space_adjust(struct mptcp_sock *msk, int copied); =20 static void mptcp_eat_recv_skb(struct sock *sk, struct sk_buff *skb) @@ -2265,7 +2274,7 @@ static bool mptcp_move_skbs(struct sock *sk) return enqueued; } =20 -static unsigned int mptcp_inq_hint(const struct sock *sk) +static int mptcp_inq(struct sock *sk) { const struct mptcp_sock *msk =3D mptcp_sk(sk); const struct sk_buff *skb; @@ -2280,6 +2289,16 @@ static unsigned int mptcp_inq_hint(const struct sock= *sk) return (unsigned int)hint_val; } =20 + return 0; +} + +static unsigned int mptcp_inq_hint(struct sock *sk) +{ + unsigned int inq =3D mptcp_inq(sk); + + if (inq) + return inq; + if (sk->sk_state =3D=3D TCP_CLOSE || (sk->sk_shutdown & RCV_SHUTDOWN)) return 1; =20 @@ -4710,3 +4729,79 @@ int __init mptcp_proto_v6_init(void) return err; } #endif + +static bool mptcp_lock_is_held(struct sock *sk) +{ + return sock_owned_by_user_nocheck(sk) || + mptcp_data_is_locked(sk); +} + +static void mptcp_read_done(struct sock *sk, size_t len) +{ + struct mptcp_sock *msk =3D mptcp_sk(sk); + struct sk_buff *skb; + size_t left; + u32 offset; + + msk_owned_by_me(msk); + + if (sk->sk_state =3D=3D TCP_LISTEN) + return; + + left =3D len; + while (left && (skb =3D mptcp_recv_skb(sk, &offset)) !=3D NULL) { + int used; + + used =3D min_t(size_t, skb->len - offset, left); + msk->bytes_consumed +=3D used; + MPTCP_SKB_CB(skb)->offset +=3D used; + MPTCP_SKB_CB(skb)->map_seq +=3D used; + left -=3D used; + + if (skb->len > offset + used) + break; + + mptcp_eat_recv_skb(sk, skb); + } + + mptcp_rcv_space_adjust(msk, len - left); + + /* Clean up data we have read: This will do ACK frames. */ + if (left !=3D len) + mptcp_cleanup_rbuf(msk, len - left); +} + +static u32 mptcp_get_skb_seq(struct sk_buff *skb) +{ + return MPTCP_SKB_CB(skb)->map_seq - MPTCP_SKB_CB(skb)->offset; +} + +static void mptcp_check_app_limited(struct sock *sk) +{ + struct mptcp_sock *msk =3D mptcp_sk(sk); + struct mptcp_subflow_context *subflow; + + mptcp_for_each_subflow(msk, subflow) { + struct sock *ssk =3D mptcp_subflow_tcp_sock(subflow); + bool slow; + + slow =3D lock_sock_fast(ssk); + tcp_sock_rate_check_app_limited(tcp_sk(ssk)); + unlock_sock_fast(ssk, slow); + } +} + +struct tls_prot_ops tls_mptcp_ops =3D { + .protocol =3D IPPROTO_MPTCP, + .inq =3D mptcp_inq, + .sendmsg_locked =3D mptcp_sendmsg_locked, + .recv_skb =3D mptcp_recv_skb, + .lock_is_held =3D mptcp_lock_is_held, + .read_sock =3D mptcp_read_sock, + .read_done =3D mptcp_read_done, + .get_skb_seq =3D mptcp_get_skb_seq, + .poll =3D mptcp_poll, + .epollin_ready =3D mptcp_epollin_ready, + .check_app_limited =3D mptcp_check_app_limited, +}; +EXPORT_SYMBOL(tls_mptcp_ops); diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 661600f8b573..1c604a1ded6f 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -380,6 +380,7 @@ struct mptcp_sock { =20 #define mptcp_data_lock(sk) spin_lock_bh(&(sk)->sk_lock.slock) #define mptcp_data_unlock(sk) spin_unlock_bh(&(sk)->sk_lock.slock) +#define mptcp_data_is_locked(sk) spin_is_locked(&(sk)->sk_lock.slock) =20 #define mptcp_for_each_subflow(__msk, __subflow) \ list_for_each_entry(__subflow, &((__msk)->conn_list), node) diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index ba0a0e622c75..79b194f7924a 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -1384,6 +1384,9 @@ static int __init tls_register(void) tcp_register_ulp(&tcp_tls_ulp_ops); =20 tls_register_prot_ops(&tls_tcp_ops); +#ifdef CONFIG_MPTCP + tls_register_prot_ops(&tls_mptcp_ops); +#endif =20 return 0; err_strp: @@ -1396,6 +1399,9 @@ static int __init tls_register(void) static void __exit tls_unregister(void) { tls_proto_cleanup(); +#ifdef CONFIG_MPTCP + tls_unregister_prot_ops(&tls_mptcp_ops); +#endif tls_unregister_prot_ops(&tls_tcp_ops); tcp_unregister_ulp(&tcp_tls_ulp_ops); tls_strp_dev_exit(); --=20 2.51.0 From nobody Sat Apr 18 05:31:36 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7868434DB6D for ; Fri, 17 Apr 2026 23:48:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776469710; cv=none; b=j9tcg8cmK9QZ4T3+HQk6akNs69weYf29gqtEd+r9mr+56ohcSuud3Fno4biLbWkbNTwI2Zi7L0Ufuq15FBL8B+MZhRSX8d24WiLVy596saUXgIqAWpuUKmoYTTzuZsL+rMjlbqAdRjuJL6EJot+kpJC0PaOsdnWN5xJNzgTIq8U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776469710; c=relaxed/simple; bh=6GzcsaFMq28d0FWn520aOq92c8IsBigTgiZ49vjCiME=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=i/RdhaYoH7dZ1Yyftet0Jy/Vz7a3hHZgTnt8Qimjqw1sQdZcJPSdaXhsnsUoeIXQ6GR+ndIo/7WZdcXwnawVRMvRIbCDMw7MK36y7SRDLwaK1PW6/CtK5F5CSfzdSBACksMz4QzaueLt0OL9+8WyPhwt0WKQxzKts4xbtPiMTpY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=lKhtNdXO; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="lKhtNdXO" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 48EEEC2BCB3; Fri, 17 Apr 2026 23:48:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1776469710; bh=6GzcsaFMq28d0FWn520aOq92c8IsBigTgiZ49vjCiME=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=lKhtNdXO+RM7ERkIoUzOWhtmI09Ah9/auE7ebLugFw9FQDwqgRfTaDyDPyJx5xDcu 2mqk9hou5TejEYzCcxxMH2MAcufJ2hs4IFgnLu6dBTBzI64YPPEiQdfi4grH26kj/c OUkqvZrKRDJSld75QVV3NAoE+kQ1KsrDGeIeO+eRo0SmFntsgtHt1vmBLezL/ghVBy itG2AU4FjaWL1un0TA1v/WpF4SC6SeJeBDsPZJKHRk5q5OroBiOIsoYy8SuI8q76Lo ENUrGgZq9f0Jzt/LWpaSQQ7KTcUVEyiIvUCx/LOYp9Pe0RHtzd2Yi0ur4kuZimt7ts niccX5sq+edlw== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v15 06/15] tls: disable device offload for mptcp sockets Date: Sat, 18 Apr 2026 07:47:45 +0800 Message-ID: X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang MPTCP TLS hardware offload is not yet implemented. Return -EOPNOTSUPP when attempting to enable device offload on MPTCP sockets. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- net/tls/tls_device.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c index 99c8eff9783e..6744c2494740 100644 --- a/net/tls/tls_device.c +++ b/net/tls/tls_device.c @@ -1074,6 +1074,9 @@ int tls_set_device_offload(struct sock *sk) ctx =3D tls_get_ctx(sk); prot =3D &ctx->prot_info; =20 + if (sk->sk_protocol =3D=3D IPPROTO_MPTCP) + return -EOPNOTSUPP; + if (ctx->priv_ctx_tx) return -EEXIST; =20 @@ -1196,6 +1199,9 @@ int tls_set_device_offload_rx(struct sock *sk, struct= tls_context *ctx) struct net_device *netdev; int rc =3D 0; =20 + if (sk->sk_protocol =3D=3D IPPROTO_MPTCP) + return -EOPNOTSUPP; + if (ctx->crypto_recv.info.version !=3D TLS_1_2_VERSION) return -EOPNOTSUPP; =20 --=20 2.51.0 From nobody Sat Apr 18 05:31:36 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B584B30AAD8 for ; Fri, 17 Apr 2026 23:48:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776469711; cv=none; b=qYswUdQBKysckd2306UIIzngZHq6gP4/PZ7MfAjUUK4dHlZ+4dlPpF84WpmEGtvwoG8YzoZdhEt3+2k5AW7SH5iSOc8HsLkhuD8DcIGR8uFmRVY41FHcVbXQ+ZS7FfVkR5Qqra7M1tuMl8F/5/NYssQq0dr5julEREiUuByRv2I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776469711; c=relaxed/simple; bh=4U92Ip/RpM8HdDf98N80w9A563wog7UedFp0DqJ9QiM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=o1GZrjuV8Ec7ntbTGGuWhemIYLo4YVrcsnSIoKOObA+JmutYRY3ZgInwQW5RelGu03rOsQ/8mzujv956I3neupGM7JnIDkiTSzQyem4Br6jgY4kVhH6yJpBp5wpT5teUwe5eLmtJmmZZ5JD28e978lF7P3Z0wQ1gITAi7uemCFo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=T9efaNa5; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="T9efaNa5" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9EDA8C19425; Fri, 17 Apr 2026 23:48:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1776469711; bh=4U92Ip/RpM8HdDf98N80w9A563wog7UedFp0DqJ9QiM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=T9efaNa54cll2J8KO1gEz/7B3jouwZsLp6t10jDjNEHw8bgEbri0suZbCibT+DcRn AgXJJ4KoDI6fOrFwE+5YBmOgstmPc+cxNjTjWdB2KeLXebxzupAb6O9VoHH4IOUGSl f+eE7u/fgaztMG3uK6a3LNB0fJjUHm+BcQZ8asitk7/WIgBkEKd1Et3hgxaTwmhn96 6G329z3A1d2gR6y99zNT8aRTECMULags82Hy80CN9Z34LkHsGGa1bzVbsxuzNpvFtz A+IXk7HFeODE8AHt7NMjy2nzYcllevpiTU9bUYnQvDJRMi0Gf6bca+yv5bdDulXR6P 6l/BW1dSBRLQw== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v15 07/15] mptcp: update ulp getsockopt for tls support Date: Sat, 18 Apr 2026 07:47:46 +0800 Message-ID: <90225bbe95de9ee060dfa2e02e956d0a57a985a6.1776469068.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang This patch extracts TCP_ULP getsockopt operation into a tcp_sock_get_ulp() helper so that it can also be used in MPTCP. TCP_ULP was obtained by calling mptcp_getsockopt_first_sf_only() to get ULP of the first subflow. Now that the mechanism has changed, a new helper mptcp_getsockopt_tcp_ulp() is added to get ULP of msk. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- include/linux/tcp.h | 1 + net/ipv4/tcp.c | 36 ++++++++++++++++++++++-------------- net/mptcp/sockopt.c | 18 ++++++++++++++++++ 3 files changed, 41 insertions(+), 14 deletions(-) diff --git a/include/linux/tcp.h b/include/linux/tcp.h index 6982f10e826b..2bb1cbd3eeab 100644 --- a/include/linux/tcp.h +++ b/include/linux/tcp.h @@ -653,6 +653,7 @@ void tcp_sock_set_quickack(struct sock *sk, int val); int tcp_sock_set_syncnt(struct sock *sk, int val); int tcp_sock_set_user_timeout(struct sock *sk, int val); int tcp_sock_set_maxseg(struct sock *sk, int val); +int tcp_sock_get_ulp(struct sock *sk, sockptr_t optval, sockptr_t optlen); =20 static inline bool dst_tcp_usec_ts(const struct dst_entry *dst) { diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index 0281c334789b..d895b6349372 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -4478,6 +4478,27 @@ struct sk_buff *tcp_get_timestamping_opt_stats(const= struct sock *sk, return stats; } =20 +int tcp_sock_get_ulp(struct sock *sk, sockptr_t optval, sockptr_t optlen) +{ + struct inet_connection_sock *icsk =3D inet_csk(sk); + int len; + + if (copy_from_sockptr(&len, optlen, sizeof(int))) + return -EFAULT; + len =3D min_t(unsigned int, len, TCP_ULP_NAME_MAX); + if (!icsk->icsk_ulp_ops) { + len =3D 0; + if (copy_to_sockptr(optlen, &len, sizeof(int))) + return -EFAULT; + return 0; + } + if (copy_to_sockptr(optlen, &len, sizeof(int))) + return -EFAULT; + if (copy_to_sockptr(optval, icsk->icsk_ulp_ops->name, len)) + return -EFAULT; + return 0; +} + int do_tcp_getsockopt(struct sock *sk, int level, int optname, sockptr_t optval, sockptr_t optlen) { @@ -4587,20 +4608,7 @@ int do_tcp_getsockopt(struct sock *sk, int level, return 0; =20 case TCP_ULP: - if (copy_from_sockptr(&len, optlen, sizeof(int))) - return -EFAULT; - len =3D min_t(unsigned int, len, TCP_ULP_NAME_MAX); - if (!icsk->icsk_ulp_ops) { - len =3D 0; - if (copy_to_sockptr(optlen, &len, sizeof(int))) - return -EFAULT; - return 0; - } - if (copy_to_sockptr(optlen, &len, sizeof(int))) - return -EFAULT; - if (copy_to_sockptr(optval, icsk->icsk_ulp_ops->name, len)) - return -EFAULT; - return 0; + return tcp_sock_get_ulp(sk, optval, optlen); =20 case TCP_FASTOPEN_KEY: { u64 key[TCP_FASTOPEN_KEY_BUF_LENGTH / sizeof(u64)]; diff --git a/net/mptcp/sockopt.c b/net/mptcp/sockopt.c index de90a2897d2d..59742c956154 100644 --- a/net/mptcp/sockopt.c +++ b/net/mptcp/sockopt.c @@ -1393,6 +1393,23 @@ static int mptcp_put_int_option(struct mptcp_sock *m= sk, char __user *optval, return 0; } =20 +static int mptcp_getsockopt_tcp_ulp(struct sock *sk, char __user *optval, + int __user *optlen) +{ + int ret, len; + + if (copy_from_sockptr(&len, USER_SOCKPTR(optlen), sizeof(int))) + return -EFAULT; + + if (len < 0) + return -EINVAL; + + lock_sock(sk); + ret =3D tcp_sock_get_ulp(sk, USER_SOCKPTR(optval), USER_SOCKPTR(optlen)); + release_sock(sk); + return ret; +} + static int mptcp_getsockopt_sol_tcp(struct mptcp_sock *msk, int optname, char __user *optval, int __user *optlen) { @@ -1400,6 +1417,7 @@ static int mptcp_getsockopt_sol_tcp(struct mptcp_sock= *msk, int optname, =20 switch (optname) { case TCP_ULP: + return mptcp_getsockopt_tcp_ulp(sk, optval, optlen); case TCP_CONGESTION: case TCP_INFO: case TCP_CC_INFO: --=20 2.51.0 From nobody Sat Apr 18 05:31:36 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 62E0230AAD8 for ; Fri, 17 Apr 2026 23:48:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776469713; cv=none; b=bJjli0+XUUHkOctC4XWxEHvC5KLdA1WCLqGro68yV/ZIoF1Td/e0ufiAvtqe9jHRZXEEzkc65GJpIDqxbTGALtdCh23cnel1HqAGvthpylhUkFYg3DSMhtR/WFVE5K+QbmiaU0FJ//HXRzHcnwUBblP4uOWfnY7kN1pIBY/IejY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776469713; c=relaxed/simple; bh=TmMeEzXxt0tSf8YPbt+b0+vQuWNC7fgyuNVaG2w6bgg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=YgTyOmmXVHjcqLk5x8HKJQOXsU4fQbP70vvh8Lbi64RzbuwvtVYEVHbz6X9HbOJsnpsh7+B4pvGOlPuvt9IaqEnixqQxkOlqoewj68/Bd3kI3+eCAc+EY4/NC92eIgdsKdF8YATZmz4YQutYnfnJEBAdivK2jhvxIthnCh8K8U8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=i+bhKs3U; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="i+bhKs3U" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 15850C2BCB3; Fri, 17 Apr 2026 23:48:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1776469713; bh=TmMeEzXxt0tSf8YPbt+b0+vQuWNC7fgyuNVaG2w6bgg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=i+bhKs3UIFdakk76EbOi8KV/CHwPlfyOoGNKiBPPqPli/Cklv23yYVaftbICjpczA pgyrqxq2D5jKlK5EFRkUUQQ2WbdEurLfVA0/ZnsWy1g7jCsAH8Q1zlGxEBeVm1clcF ttVnK034O8smoeRhx/Wa43aus3PrFubMeZyibw3NwN3JYJ8UsziJ1CteafhDCw1Szs RaW9aUYF7hklakUwWDccOyw5ka2bDiz2XPua3R3rldZ7E6DLz0YmOcb8hnJ5i3gq1s fU7LlgDUhFJOqwYBucgiV62j14bb41qlGqx7k1x6GEfnlBsPJ+AwZvRdfNIFv+8BBN NyAzVA/aJt3ag== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v15 08/15] mptcp: enable ulp setsockopt for tls support Date: Sat, 18 Apr 2026 07:47:47 +0800 Message-ID: <8bbc703de93b99ed4e44fddc1b0267a86d7ed4e7.1776469068.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang Allow MPTCP sockets to set the TCP_ULP socket option to enable TLS. Add mptcp_setsockopt_tcp_ulp() which validates the socket state (must not be CLOSE or LISTEN), only accepts "tls" as the ULP name, and then calls tcp_set_ulp(). Include TCP_ULP in the list of supported options in supported_sockopt(), and handle it in setsockopt_sol_tcp() instead of returning -EOPNOTSUPP. Call tcp_cleanup_ulp() in mptcp_destroy_common() to release ULP module's reference count. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- net/mptcp/protocol.c | 1 + net/mptcp/sockopt.c | 35 ++++++++++++++++++++++++++++++++++- 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index a4fda39499b7..f68d93f0b3be 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3422,6 +3422,7 @@ static void mptcp_destroy_common(struct mptcp_sock *m= sk) =20 __mptcp_clear_xmit(sk); mptcp_backlog_purge(sk); + tcp_cleanup_ulp(sk); =20 /* join list will be eventually flushed (with rst) at sock lock release t= ime */ mptcp_for_each_subflow_safe(msk, subflow, tmp) diff --git a/net/mptcp/sockopt.c b/net/mptcp/sockopt.c index 59742c956154..4282b47faed7 100644 --- a/net/mptcp/sockopt.c +++ b/net/mptcp/sockopt.c @@ -12,6 +12,7 @@ #include #include #include +#include #include "protocol.h" =20 #define MIN_INFO_OPTLEN_SIZE 16 @@ -567,6 +568,7 @@ static bool mptcp_supported_sockopt(int level, int optn= ame) case TCP_FASTOPEN_CONNECT: case TCP_FASTOPEN_KEY: case TCP_FASTOPEN_NO_COOKIE: + case TCP_ULP: return true; } =20 @@ -815,6 +817,37 @@ static int mptcp_setsockopt_all_sf(struct mptcp_sock *= msk, int level, return ret; } =20 +static int mptcp_setsockopt_tcp_ulp(struct sock *sk, sockptr_t optval, + unsigned int optlen) +{ + char name[TCP_ULP_NAME_MAX]; + int err =3D 0; + size_t len; + int val; + + if (optlen < 1) + return -EINVAL; + + len =3D min_t(long, TCP_ULP_NAME_MAX - 1, optlen); + val =3D strncpy_from_sockptr(name, optval, len); + if (val < 0) + return -EFAULT; + name[val] =3D 0; + + if (strcmp(name, "tls")) + return -EOPNOTSUPP; + + sockopt_lock_sock(sk); + if ((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN)) { + err =3D -ENOTCONN; + goto out; + } + err =3D tcp_set_ulp(sk, name); +out: + sockopt_release_sock(sk); + return err; +} + static int mptcp_setsockopt_sol_tcp(struct mptcp_sock *msk, int optname, sockptr_t optval, unsigned int optlen) { @@ -823,7 +856,7 @@ static int mptcp_setsockopt_sol_tcp(struct mptcp_sock *= msk, int optname, =20 switch (optname) { case TCP_ULP: - return -EOPNOTSUPP; + return mptcp_setsockopt_tcp_ulp(sk, optval, optlen); case TCP_CONGESTION: return mptcp_setsockopt_sol_tcp_congestion(msk, optval, optlen); case TCP_DEFER_ACCEPT: --=20 2.51.0 From nobody Sat Apr 18 05:31:36 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8F22230AAD8 for ; Fri, 17 Apr 2026 23:48:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776469714; cv=none; b=ZiiCUd89q9f9v9Z1FCZOgLCy1z+MOpPrsz0tvO8ixAPrgAKvDZ+NxNjL+iIj01MhmyB05nOj7GOnVjbNraxMB+7JSCN7B/TLF8Ak50XtF7tl5RjBL+FGKz7uqIAegdO8zC7geOz0pOHGNWLoRt0UdN/d8U36RkY9LqVHD/VUtzo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776469714; c=relaxed/simple; bh=J0NJGf88lWcWV1rrjAAaDmhfdWlaoFxKlanO6HSL9Q4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ngH2GukemQHZyfZrxWmtgLWYND6q983oUoy3AqalBB5K+9OgAwGGBuQ2KYM3eVf4apuFjsV2ls+6vebIX5eTkpTxrCdxP4dZUw8pglSlFmi78oVB1E27xGY5nyBlVenkQ4hxgYAooifr0UnWln3BpGf4belX3yg+e+eK0hsFgzo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=boHqck7T; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="boHqck7T" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 76581C2BCB5; Fri, 17 Apr 2026 23:48:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1776469714; bh=J0NJGf88lWcWV1rrjAAaDmhfdWlaoFxKlanO6HSL9Q4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=boHqck7T0V6jrVNIrzKwh2Pu+C+jPlIFzk+k7nvjX+xszc8QnhPEgiue2XEAC2qK5 YPF4OdOE8dIkLE9bedHRvBmwiZy3dAAxFcvs0XF59MCazl5FtzVxq2ynEFl/w79igN b28CyaIxvigD6utsssrSUOp3pZhnL6flcI7wX16WNA9yH+3JqMgoyuj7RjDYKJ04py 4qZqmS9bePu68L8JajkPbJWV2eOpzGr50hJ3FMFKZAVXY+XfYm8DvUQvYqTuhOWNW8 XpO+FvcO1nI2oW0QGjKBpR+HwE0rG2IEz59ik3I+nBCo6BkR0NDRlftfmCB2TDiCwY u+GaUMhwiqYvg== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v15 09/15] selftests: mptcp: connect: use espintcp for ulp test Date: Sat, 18 Apr 2026 07:47:48 +0800 Message-ID: X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang With KTLS being implemented, "tls" should no longer be used in sock_test_tcpulp(), it breaks mptcp_connect.sh tests. Another ULP name, "espintcp", is set instead in this patch. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- tools/testing/selftests/net/mptcp/mptcp_connect.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.c b/tools/test= ing/selftests/net/mptcp/mptcp_connect.c index cbe573c4ab3a..299a7a02d6f5 100644 --- a/tools/testing/selftests/net/mptcp/mptcp_connect.c +++ b/tools/testing/selftests/net/mptcp/mptcp_connect.c @@ -285,11 +285,11 @@ static void sock_test_tcpulp(int sock, int proto, uns= igned int line) if (buflen > 0) { if (strcmp(buf, "mptcp") !=3D 0) xerror("unexpected ULP '%s' for proto %d at line %u", buf, proto, line); - ret =3D do_ulp_so(sock, "tls"); + ret =3D do_ulp_so(sock, "espintcp"); if (ret =3D=3D 0) X("setsockopt"); } else if (proto =3D=3D IPPROTO_MPTCP) { - ret =3D do_ulp_so(sock, "tls"); + ret =3D do_ulp_so(sock, "espintcp"); if (ret !=3D -1) X("setsockopt"); } --=20 2.51.0 From nobody Sat Apr 18 05:31:36 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EC33930AAD8 for ; Fri, 17 Apr 2026 23:48:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776469716; cv=none; b=GgNd+YqHwNu5AH6KsiLc3+kBOPF+MDHW0JXRK2iFXk16o2LMrTh77Qk3GXRf6VO3LWZhKyJdriiO0gm4houRYV2+f9clwRoKaoIzwxMudbexfSufkbeiybgLTrq2cTIL6dlDasVCDygA2iz/cjibCrPYE14DU8hds39KgWIFvj8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776469716; c=relaxed/simple; bh=eIlPWHcOkfzODYNXpJujuwhPgHAm/UIBEQqRPzU01N0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=bH04OyI75Rw3CDEVs/8IlPSvHd+fsSdRSKGAYswVZ/270fVGa021DoOU7AauWwzBOJKoJB9StSOffevjXshZzUa1EZ+QBIWVwiSpYlb0shAZhLLhKUShc0Gh9BPq7S6fCQ7yqv38WqqogsIGONnFYRoKTB2N35kMbQOAppguaVo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=fIS/ZbPT; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="fIS/ZbPT" Received: by smtp.kernel.org (Postfix) with ESMTPSA id E21F1C19425; Fri, 17 Apr 2026 23:48:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1776469715; bh=eIlPWHcOkfzODYNXpJujuwhPgHAm/UIBEQqRPzU01N0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=fIS/ZbPT6FbcGyWKqEOHyESVjmGyqcalRfRzrWGNf1qCajYdFvl0hfoyoJo0EhpnT qe8jRtRv59omKZ0l51CQ1ZbK/BUTSW5VFD2bKrB2reKnZxDCoChsYtb2TaS5dOuK+x llWEFh85VuFhxsktwp1Zz594UHjN3Ibcpu3XY14qAef8+ZIF2vYQV5wVCQceghRpl5 1iR7d+sOvm5jRG4kkPJvVE5aE/N0qLvkrVVzFKxDZ/ilPQD7r0hN5c4smncMDT5VvL 7ZEfz6+J/hhSX2pZQEMQ+bN9z4w365EYLlDz5QvJa26gsSoeM6Zbc+tqOf6Xi/O4f8 grdLTN2ZX+Tow== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v15 10/15] selftests: tls: add mptcp variant for testing Date: Sat, 18 Apr 2026 07:47:49 +0800 Message-ID: <1907e96bd6c30a00050ad09ce1a911404ddd3a3c.1776469069.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang To enable easy MPTCP socket creation in MPTCP TLS tests, two protocol parameters (cli_proto and srv_proto) have been added to ulp_sock_pair(). These are passed as third arguments of socket(): 0 creates TCP sockets, IPPROTO_MPTCP creates MPTCP sockets. A new variant "mptcp" is added both in FIXTURE_VARIANT(tls) to control whether to create MPTCP sockets or not for tests. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- tools/testing/selftests/net/tls.c | 45 +++++++++++++++++++++++++++---- 1 file changed, 40 insertions(+), 5 deletions(-) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/ne= t/tls.c index 9e2ccea13d70..0d19e5582d3d 100644 --- a/tools/testing/selftests/net/tls.c +++ b/tools/testing/selftests/net/tls.c @@ -26,6 +26,10 @@ #define TLS_PAYLOAD_MAX_LEN 16384 #define SOL_TLS 282 =20 +#ifndef IPPROTO_MPTCP +#define IPPROTO_MPTCP 262 +#endif + static int fips_enabled; =20 struct tls_crypto_info_keys { @@ -108,8 +112,9 @@ static void memrnd(void *s, size_t n) *byte++ =3D rand(); } =20 -static void ulp_sock_pair(struct __test_metadata *_metadata, - int *fd, int *cfd, bool *notls) +static void __ulp_sock_pair(struct __test_metadata *_metadata, + int *fd, int *cfd, bool *notls, + int cli_proto, int srv_proto) { struct sockaddr_in addr; socklen_t len; @@ -122,8 +127,8 @@ static void ulp_sock_pair(struct __test_metadata *_meta= data, addr.sin_addr.s_addr =3D htonl(INADDR_ANY); addr.sin_port =3D 0; =20 - *fd =3D socket(AF_INET, SOCK_STREAM, 0); - sfd =3D socket(AF_INET, SOCK_STREAM, 0); + *fd =3D socket(AF_INET, SOCK_STREAM, cli_proto); + sfd =3D socket(AF_INET, SOCK_STREAM, srv_proto); =20 ret =3D bind(sfd, &addr, sizeof(addr)); ASSERT_EQ(ret, 0); @@ -153,6 +158,12 @@ static void ulp_sock_pair(struct __test_metadata *_met= adata, ASSERT_EQ(ret, 0); } =20 +static void ulp_sock_pair(struct __test_metadata *_metadata, + int *fd, int *cfd, bool *notls) +{ + __ulp_sock_pair(_metadata, fd, cfd, notls, 0, 0); +} + /* Produce a basic cmsg */ static int tls_send_cmsg(int fd, unsigned char record_type, void *data, size_t len, int flags) @@ -310,6 +321,7 @@ FIXTURE_VARIANT(tls) uint16_t tls_version; uint16_t cipher_type; bool nopad, fips_non_compliant; + bool mptcp; }; =20 FIXTURE_VARIANT_ADD(tls, 12_aes_gcm) @@ -395,6 +407,24 @@ FIXTURE_VARIANT_ADD(tls, 12_aria_gcm_256) .cipher_type =3D TLS_CIPHER_ARIA_GCM_256, }; =20 +static bool is_mptcp_enable(struct __test_metadata *_metadata) +{ + char buf[16] =3D { 0 }; + ssize_t n; + int fd; + + fd =3D open("/proc/sys/net/mptcp/enabled", O_RDONLY); + if (fd <=3D 0) + return false; + + n =3D read(fd, buf, sizeof(buf) - 1); + if (n <=3D 0) + return false; + + close(fd); + return (atoi(buf) =3D=3D 1); +} + FIXTURE_SETUP(tls) { struct tls_crypto_info_keys tls12; @@ -404,10 +434,15 @@ FIXTURE_SETUP(tls) if (fips_enabled && variant->fips_non_compliant) SKIP(return, "Unsupported cipher in FIPS mode"); =20 + if (variant->mptcp && !is_mptcp_enable(_metadata)) + SKIP(return, "no MPTCP support"); + tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 0); =20 - ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls); + __ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls, + variant->mptcp ? IPPROTO_MPTCP : 0, + variant->mptcp ? IPPROTO_MPTCP : 0); =20 if (self->notls) return; --=20 2.51.0 From nobody Sat Apr 18 05:31:36 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BD4D530AAD8 for ; Fri, 17 Apr 2026 23:48:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776469717; cv=none; b=Lqim/b1HaglCSoJY8SReEI/3zSVhFzHIi+8F/3VNTLgXq97r894DogZwnyir8rn0KocxagveTUm6aHbeE1/4+zlExDSPB0fjj88CPCHIv2rjAvAoqW4RREjpm91hCrU6ETkJfKwQZHSRPPwHQCpwY4cGQhcFTU+XftFf470CFzo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776469717; c=relaxed/simple; bh=fJRguZsPthsi6pvu3nbI6tt5IWEa5y4Jg8LDr2Iak2s=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=em8Yb61Lg7bmmBVx5GRNZKiG2KTV314+bUHIFlGAAg0oyqwN73nsAc8pCUsIruBjAVl1UeXEqUoLIB22898zGGwu6TXB6kkoIbwB8q/UKsj1BZpCJu0ZUPix/V844obWly33Mff174NEpIXDzWtfhWmKN6rC1hRC222ltiM/cbA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=I33zDRTs; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="I33zDRTs" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5DFC6C2BCB3; Fri, 17 Apr 2026 23:48:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1776469717; bh=fJRguZsPthsi6pvu3nbI6tt5IWEa5y4Jg8LDr2Iak2s=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=I33zDRTsZN60RWu+Ap+AXA4BqW3bja+KuxtqfBSeJWRUmK9MhCbH+IRyabaLG+9OT 4mkozrEuE+25gNIriifUWnHCsXsEABbwjM9xZSv+Dzi2uE0+A87unTfE1rU+YF8AZf 68R5vTm6B3+bbrRUm5w9xsjjgzQdb01F8YbDFBcJfD15feQOMM5//78ZXU1ehLqt9d WZSuJD64FetEuXL0eiRlGntanS2TYTNr66px/X/ccQtOFIzD+7R7zCMwYnW2aEwEly 4szlGTF7hE6NWDnA4tQf0DTbliNQPWTiGxH3uTKCns4nZRaSFl4ow6P3jW0GyPQ+BE gknSqtKfdM8Cg== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v15 11/15] selftests: tls: increase pollin timeouts for mptcp Date: Sat, 18 Apr 2026 07:47:50 +0800 Message-ID: <15ec7d1a97589e3294ad3220ef74fb386834c7b0.1776469069.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang MPTCP requires longer timeouts in pollin test due to subflow establishment delays and slower state transitions. Increase timeout values to prevent false failures: # RUN tls.13_sm4_ccm_mptcp.pollin ... # tls.c:1411:pollin:Expected poll(&fd, 1, 20) (0) =3D=3D 1 (1) # tls.c:1412:pollin:Expected fd.revents & POLLIN (0) =3D=3D 1 (1) # pollin: Test failed # FAIL tls.13_sm4_ccm_mptcp.pollin not ok 357 tls.13_sm4_ccm_mptcp.pollin Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- tools/testing/selftests/net/tls.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/ne= t/tls.c index 0d19e5582d3d..048bb4d3e0d8 100644 --- a/tools/testing/selftests/net/tls.c +++ b/tools/testing/selftests/net/tls.c @@ -1320,6 +1320,7 @@ TEST_F(tls, bidir) =20 TEST_F(tls, pollin) { + int timeout =3D variant->mptcp ? 100 : 20; char const *test_str =3D "test_poll"; struct pollfd fd =3D { 0, 0, 0 }; char buf[10]; @@ -1329,11 +1330,11 @@ TEST_F(tls, pollin) fd.fd =3D self->cfd; fd.events =3D POLLIN; =20 - EXPECT_EQ(poll(&fd, 1, 20), 1); + EXPECT_EQ(poll(&fd, 1, timeout), 1); EXPECT_EQ(fd.revents & POLLIN, 1); EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len); /* Test timing out */ - EXPECT_EQ(poll(&fd, 1, 20), 0); + EXPECT_EQ(poll(&fd, 1, timeout), 0); } =20 TEST_F(tls, poll_wait) --=20 2.51.0 From nobody Sat Apr 18 05:31:36 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3B6D630AAD8 for ; Fri, 17 Apr 2026 23:48:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776469719; cv=none; b=sKquom4RidKZX8alsAXAWEXvZDC2ag8bqwLJKaL/GVnrocSz+7lj7nB5E5+zZm1QVyyUQ70x0O2nuqBEgivkCxOIeTYTDMM7eMGZLKJV6jJaw17CTnEEYcqjNs7qXU+LzipVTGyKEbc5Dsv+4YN1YZLCp9Tx7coBTEAy/k/ys7M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776469719; c=relaxed/simple; bh=cMjw6s3JZb9vyookluIQsS8ImPnHPQDtUSKqI4Dat8A=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=vGbKoEFuWHqUpjekIRCdd9Md6mvTZFvUTvzjQpW3FEag8ssGMFYtvDF6JE+I1+K+sHCjKUwJILB9vJrojDjXFqEKlifPkEoS0GNfEaFeOSOqBj5BjnDHtS72uyJEXlfmYANyxUs/IXUnph72DFG0+EjRTx5prV0iWABFxN8BJug= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=s1C9b1z0; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="s1C9b1z0" Received: by smtp.kernel.org (Postfix) with ESMTPSA id E1D5AC19425; Fri, 17 Apr 2026 23:48:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1776469718; bh=cMjw6s3JZb9vyookluIQsS8ImPnHPQDtUSKqI4Dat8A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=s1C9b1z0D22KIzJby46xf3qtoPlkJWrvmHKnldmuuQwGks1Qd1thvh89aeGs96bLb /jpSJXMWtcvXjeSVo8QXtzROFgJEH0Rg8358ISE6utZdit6UeqFJkiyEfaMX5nn8En mqSjTu55iKqM+MJLvTwMy8HOG6yPpsuLAUQfhM2lmavHHdDb4NJ3k9FREDiGFNzk0N N7m4gMpleCGg3RCRodDctrLaL8gXE9JGJMm0OlUvxFPlBaSYDN/+9gzECiJks4srPb W4+mGi/cvBS5eii7nmzvQZMt6hmHy2WK16bRhwVGDL2yJLrzQK+55UY8VK5XejvxQu JlvPZeE4H4Jdw== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v15 12/15] selftests: tls: increase nonblocking data size for mptcp Date: Sat, 18 Apr 2026 07:47:51 +0800 Message-ID: X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang Increase the data size in nonblocking tests to accommodate MPTCP's multi-subflow behavior and ensure sufficient data for testing, avoiding the following errors: # RUN tls.12_aria_gcm_mptcp.nonblocking ... # tls.c:1534:nonblocking:Expected 0 (0) !=3D eagain (0) # nonblocking: Test failed Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- tools/testing/selftests/net/tls.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/ne= t/tls.c index 048bb4d3e0d8..8bd5def6f3ec 100644 --- a/tools/testing/selftests/net/tls.c +++ b/tools/testing/selftests/net/tls.c @@ -1426,6 +1426,9 @@ TEST_F(tls, nonblocking) int flags; int res; =20 + if (variant->mptcp) + data *=3D 4; + flags =3D fcntl(self->fd, F_GETFL, 0); fcntl(self->fd, F_SETFL, flags | O_NONBLOCK); fcntl(self->cfd, F_SETFL, flags | O_NONBLOCK); --=20 2.51.0 From nobody Sat Apr 18 05:31:36 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A40BE30AAD8 for ; Fri, 17 Apr 2026 23:48:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776469720; cv=none; b=Wznw6a4G9Yz2XBJqJXCQ+OGVrAx22DU+xnZxoopZCdHFJkgUtOH3vWcvjdG/ghE/b0UZFx8OU+pSl2cKZzJ/Fe/Sb0ydLAj4yfshl6WnseS0UQr1ZzcCTGGgg8HtM0EyqiM3UOV5mQ21daaE4WVzmUK+gnFmHFqY3+/2mt+CWH0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776469720; c=relaxed/simple; bh=OD0wW/fu4V6t1lZ1xY5BRcucZeJuFwOySEpT0FYgpsQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=W6GZWz8jeUjS7l9SzflilbA0RIpxouxALQ46Es0nLE52qfckAz2hfPMjlrENo5rjrnZMdjEM30luyhOV7v34Sru88/zls1Xq2MOJXg/+xxkJ3G35uwFrFJ0qgGUzgiroGFboKvMx+7T04o5SJTrofIEU/9ffb9zideiIEfeHGNQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=FRIUOTKe; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="FRIUOTKe" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 70924C19425; Fri, 17 Apr 2026 23:48:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1776469720; bh=OD0wW/fu4V6t1lZ1xY5BRcucZeJuFwOySEpT0FYgpsQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=FRIUOTKeXcxMw+SF/4R48VACk2enmeUEkQy/kbD2IwoncIQ+YwRzyvWPZ8CzehaAQ A/OIk2TSvVdPcc8e86v8D0PCtgs/fbriSEr/icmanqNwxaB8vyula4g/IKnhdXQqLn 6FWg/rB9bW/kW3liESFLsKF97UfOl1q3HPbHv2j1P/c6fRvLfnTmjA+pgY3c/3RjgE EwitZfJR0pK62AZINoVimBlwFpoWeFm7V4yn2enFqNdyHr08niNmjPauVXx4D5ZsKM bc4FLKGVUCKg6qFwcKsrWiyWd/SY9fpK9wOru+QctslfVv86wIqOXgk4b6OLFjkqbm dkyeRSaHHBYpA== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v15 13/15] selftests: tls: wait close in shutdown_reuse for mptcp Date: Sat, 18 Apr 2026 07:47:52 +0800 Message-ID: X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang In shutdown_reuse tests, add a delay after shutdown to wait for MPTCP sockets to reach TCP_CLOSE state before reuse via bind(), avoiding the following errors: # RUN tls.12_aes_gcm_mptcp.shutdown_reuse ... # tls.c:1790:shutdown_reuse:Expected ret (-1) =3D=3D 0 (0) # shutdown_reuse: Test failed # FAIL tls.12_aes_gcm_mptcp.shutdown_reuse not ok 14 tls.12_aes_gcm_mptcp.shutdown_reuse # RUN tls.13_aes_gcm_mptcp.shutdown_reuse ... # tls.c:1790:shutdown_reuse:Expected ret (-1) =3D=3D 0 (0) # shutdown_reuse: Test failed # FAIL tls.13_aes_gcm_mptcp.shutdown_reuse not ok 15 tls.13_aes_gcm_mptcp.shutdown_reuse # RUN tls.12_chacha_mptcp.shutdown_reuse ... # OK tls.12_chacha_mptcp.shutdown_reuse ok 16 tls.12_chacha_mptcp.shutdown_reuse # RUN tls.13_chacha_mptcp.shutdown_reuse ... # OK tls.13_chacha_mptcp.shutdown_reuse ok 17 tls.13_chacha_mptcp.shutdown_reuse # RUN tls.13_sm4_gcm_mptcp.shutdown_reuse ... # tls.c:1790:shutdown_reuse:Expected ret (-1) =3D=3D 0 (0) # shutdown_reuse: Test failed # FAIL tls.13_sm4_gcm_mptcp.shutdown_reuse not ok 18 tls.13_sm4_gcm_mptcp.shutdown_reuse This TCP_CLOSE check is just for MPTCP, because it should not slow down plain TCP tests. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- tools/testing/selftests/net/tls.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/ne= t/tls.c index 8bd5def6f3ec..face5bde8c67 100644 --- a/tools/testing/selftests/net/tls.c +++ b/tools/testing/selftests/net/tls.c @@ -30,6 +30,10 @@ #define IPPROTO_MPTCP 262 #endif =20 +#ifndef TCP_CLOSE +#define TCP_CLOSE 7 +#endif + static int fips_enabled; =20 struct tls_crypto_info_keys { @@ -1699,6 +1703,25 @@ TEST_F(tls, shutdown_unsent) shutdown(self->cfd, SHUT_RDWR); } =20 +static bool wait_for_tcp_close(struct __test_metadata *_metadata, + int fd, int max) +{ + struct tcp_info info; + socklen_t len; + int i, ret; + + for (i =3D 0; i < max; i++) { + len =3D sizeof(info); + ret =3D getsockopt(fd, IPPROTO_TCP, TCP_INFO, &info, &len); + ASSERT_EQ(ret, 0); + if (info.tcpi_state =3D=3D TCP_CLOSE) + return true; + usleep(1000); + } + + return false; +} + TEST_F(tls, shutdown_reuse) { struct sockaddr_in addr; @@ -1708,6 +1731,9 @@ TEST_F(tls, shutdown_reuse) shutdown(self->cfd, SHUT_RDWR); close(self->cfd); =20 + if (variant->mptcp) + EXPECT_TRUE(wait_for_tcp_close(_metadata, self->fd, 1000)); + addr.sin_family =3D AF_INET; addr.sin_addr.s_addr =3D htonl(INADDR_ANY); addr.sin_port =3D 0; --=20 2.51.0 From nobody Sat Apr 18 05:31:36 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0F18330AAD8 for ; Fri, 17 Apr 2026 23:48:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776469722; cv=none; b=b8rF5FsRTl8rERbCKO9aIGLAM1yHKqNyrv8z5s+ycTYh82Sj4b2fLKhx4qqnOow+Nols2Ma4/0AMDzvPo5xiMl1tfd2WsqI0pbyBGl/X9nufQslS6gHlvQaCoJfgVUM1i+dPxG9Jtf+ggnUS53dE5m/D5EhS7JSLPnZDq073w8g= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776469722; c=relaxed/simple; bh=uXh0I7JdF5A2waQ6hlA3HXd5IMtboNzJdSIVpsNyyWs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=qmEBOlwQYIqpWF1yoBbNPtyY9EPjzPchHj+sh3yWUQ9Brobn4ROx9C1/0xCGz6nx9Tx1mgoX5LNTyuCcEAsWKNxcjrqlYCvQ4c0C0we44zV5A7pmEPu8nWSpu8ELAlHB0JhWguJBCCleFpEq9js9NfcheEavtZ11N+oUHkFAYFA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=bUTVcUO0; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="bUTVcUO0" Received: by smtp.kernel.org (Postfix) with ESMTPSA id F2CA2C2BCB3; Fri, 17 Apr 2026 23:48:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1776469721; bh=uXh0I7JdF5A2waQ6hlA3HXd5IMtboNzJdSIVpsNyyWs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=bUTVcUO0AT4468zywK6i7GojRUN9mYytfXt+HuFqyCcS7l+bOv2hCJ17iM1I4YBxh aMWEphwYuwZFBXGBXRtro9OVj6yrmrQoGWK+XdEA18X5g9gAGAeYe63RapTbMmYpJj +xgRCcm/C6bch/RyHASEgL5Zh4ny/6cigsEW9Y1+/IMHGO3bmFmu+qY6vFsiDAemOF 3k9m48RSyckHNeFFnLoBADlPicWH2pmtl9Kpftw4tblXTFdpb847/4mfUxJyL4BW5a MhbuXImmpgbRyo+nB2ew37+SOPNg1G9kgPmhWqZlJnUNsomAfKTUCMIkdYb2s+TtuW YdkqGzubdfJAg== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v15 14/15] selftests: tls: add mptcp test cases Date: Sat, 18 Apr 2026 07:47:53 +0800 Message-ID: X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang This patch introduces MPTCP test cases for the TLS fixture. These "mptcp" variants are configured to create MPTCP sockets specifically for MPTCP TLS testing purposes. The default limit of 1024 for file descriptor values is too low for the newly added MPTCP tests, causing accept() to fail when the fd number exceeds 1024. Raise the limit to 4096 to avoid test failures. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- tools/testing/selftests/net/tls.c | 105 ++++++++++++++++++++++++++++++ 1 file changed, 105 insertions(+) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/ne= t/tls.c index face5bde8c67..1d30d14efd10 100644 --- a/tools/testing/selftests/net/tls.c +++ b/tools/testing/selftests/net/tls.c @@ -20,6 +20,7 @@ #include #include #include +#include =20 #include "kselftest_harness.h" =20 @@ -411,6 +412,102 @@ FIXTURE_VARIANT_ADD(tls, 12_aria_gcm_256) .cipher_type =3D TLS_CIPHER_ARIA_GCM_256, }; =20 +FIXTURE_VARIANT_ADD(tls, 12_aes_gcm_mptcp) +{ + .tls_version =3D TLS_1_2_VERSION, + .cipher_type =3D TLS_CIPHER_AES_GCM_128, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 13_aes_gcm_mptcp) +{ + .tls_version =3D TLS_1_3_VERSION, + .cipher_type =3D TLS_CIPHER_AES_GCM_128, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 12_chacha_mptcp) +{ + .tls_version =3D TLS_1_2_VERSION, + .cipher_type =3D TLS_CIPHER_CHACHA20_POLY1305, + .fips_non_compliant =3D true, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 13_chacha_mptcp) +{ + .tls_version =3D TLS_1_3_VERSION, + .cipher_type =3D TLS_CIPHER_CHACHA20_POLY1305, + .fips_non_compliant =3D true, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 13_sm4_gcm_mptcp) +{ + .tls_version =3D TLS_1_3_VERSION, + .cipher_type =3D TLS_CIPHER_SM4_GCM, + .fips_non_compliant =3D true, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 13_sm4_ccm_mptcp) +{ + .tls_version =3D TLS_1_3_VERSION, + .cipher_type =3D TLS_CIPHER_SM4_CCM, + .fips_non_compliant =3D true, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 12_aes_ccm_mptcp) +{ + .tls_version =3D TLS_1_2_VERSION, + .cipher_type =3D TLS_CIPHER_AES_CCM_128, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 13_aes_ccm_mptcp) +{ + .tls_version =3D TLS_1_3_VERSION, + .cipher_type =3D TLS_CIPHER_AES_CCM_128, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 12_aes_gcm_256_mptcp) +{ + .tls_version =3D TLS_1_2_VERSION, + .cipher_type =3D TLS_CIPHER_AES_GCM_256, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 13_aes_gcm_256_mptcp) +{ + .tls_version =3D TLS_1_3_VERSION, + .cipher_type =3D TLS_CIPHER_AES_GCM_256, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 13_nopad_mptcp) +{ + .tls_version =3D TLS_1_3_VERSION, + .cipher_type =3D TLS_CIPHER_AES_GCM_128, + .nopad =3D true, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 12_aria_gcm_mptcp) +{ + .tls_version =3D TLS_1_2_VERSION, + .cipher_type =3D TLS_CIPHER_ARIA_GCM_128, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 12_aria_gcm_256_mptcp) +{ + .tls_version =3D TLS_1_2_VERSION, + .cipher_type =3D TLS_CIPHER_ARIA_GCM_256, + .mptcp =3D true, +}; + static bool is_mptcp_enable(struct __test_metadata *_metadata) { char buf[16] =3D { 0 }; @@ -3372,4 +3469,12 @@ static void __attribute__((constructor)) fips_check(= void) { } } =20 +static void __attribute__((constructor)) increase_rlimit(void) +{ + struct rlimit rl =3D { 4096, 4096 }; + + if (setrlimit(RLIMIT_NOFILE, &rl) !=3D 0) + perror("setrlimit"); +} + TEST_HARNESS_MAIN --=20 2.51.0 From nobody Sat Apr 18 05:31:36 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7E23630AAD8 for ; Fri, 17 Apr 2026 23:48:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776469723; cv=none; b=MqcboKx5AtAr4SN2vPAT/uOmd3zuYeQ54dRjpqi2tqgUR/WH/bcnOFwoVFWDaLDBGs3qsiiv89liK04RD01uhOJKorzXd7AN9AmNY2FmlqIeUmeAvPDqHKpW8Oo2T3bYnQQ9Sqcx9VTkA+mpzYC4Vp/5Gjcs/s11AL40i+8cZXQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776469723; c=relaxed/simple; bh=IYmzj3X50jh3wdEINOsNrgDyrehEPz9IfS4ohbE91QQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Xh81P3bH/OaSXOBVkQeBw2Tk2uPIJDcd5Jo66u2ngfjxVJ/M6XrcVWrknA6F/EyBvAKu3W3Iqozd9Rvfp+0c8b0qArxSdd0lTFKK77ZJzxP2OD9rg6+5/CfhUcX4xj4d+tB5vjLKdYpB6WoycPoFDhVmV3ct4czGmyKI1ipfUvA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=tlScb3ja; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="tlScb3ja" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 62C2FC2BCB3; Fri, 17 Apr 2026 23:48:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1776469723; bh=IYmzj3X50jh3wdEINOsNrgDyrehEPz9IfS4ohbE91QQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=tlScb3jaQviJxphfyEptolD2phrlSUri+UQYMRRT1sN1uyhtoXEGR0ofHqVVU6i7j fwNw9+kiGR43DGWRKAfhDaEp+3FFBDjbXktkCyZr9if38kmirKM0VUkcGn7oTcEUKV CbcZKhsHhxVzkxvnkSMoAIcNIH5Q4EW5NqIKlx5v0lP0s4YOIinz289I9VTw3W/vST ScETZNxEs4KWwnVc6euACsr4VPOpgoMG1NTcBF75jlP8DOMthH+cQPSIklL1t//VmI StDSlmsfWxJb4gZupZbT2PEt03z+6Gxn7M3FP57QcVxDDL6CUNinEsn3wIqs6K2ZYM HSAkTyiuV2kHA== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v15 15/15] selftests: mptcp: cover mptcp tls tests Date: Sat, 18 Apr 2026 07:47:54 +0800 Message-ID: <0f4e0bfd3d9d42cde090e523a12f7f5132ca1445.1776469069.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang The mptcp tests for tls.c is available now, this patch adds mptcp_tls.sh to test it in the MPTCP CI by default. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- tools/testing/selftests/net/mptcp/.gitignore | 1 + tools/testing/selftests/net/mptcp/Makefile | 2 + tools/testing/selftests/net/mptcp/config | 5 ++ .../testing/selftests/net/mptcp/mptcp_tls.sh | 62 +++++++++++++++++++ tools/testing/selftests/net/mptcp/tls.c | 1 + 5 files changed, 71 insertions(+) create mode 100755 tools/testing/selftests/net/mptcp/mptcp_tls.sh create mode 120000 tools/testing/selftests/net/mptcp/tls.c diff --git a/tools/testing/selftests/net/mptcp/.gitignore b/tools/testing/s= elftests/net/mptcp/.gitignore index 833279fb34e2..f6defec6eeb5 100644 --- a/tools/testing/selftests/net/mptcp/.gitignore +++ b/tools/testing/selftests/net/mptcp/.gitignore @@ -4,4 +4,5 @@ mptcp_diag mptcp_inq mptcp_sockopt pm_nl_ctl +tls *.pcap diff --git a/tools/testing/selftests/net/mptcp/Makefile b/tools/testing/sel= ftests/net/mptcp/Makefile index 22ba0da2adb8..f7c959a25b3b 100644 --- a/tools/testing/selftests/net/mptcp/Makefile +++ b/tools/testing/selftests/net/mptcp/Makefile @@ -14,6 +14,7 @@ TEST_PROGS :=3D \ mptcp_connect_splice.sh \ mptcp_join.sh \ mptcp_sockopt.sh \ + mptcp_tls.sh \ pm_netlink.sh \ simult_flows.sh \ userspace_pm.sh \ @@ -25,6 +26,7 @@ TEST_GEN_FILES :=3D \ mptcp_inq \ mptcp_sockopt \ pm_nl_ctl \ + tls \ # end of TEST_GEN_FILES =20 TEST_FILES :=3D \ diff --git a/tools/testing/selftests/net/mptcp/config b/tools/testing/selft= ests/net/mptcp/config index 59051ee2a986..e8e852e0a842 100644 --- a/tools/testing/selftests/net/mptcp/config +++ b/tools/testing/selftests/net/mptcp/config @@ -34,3 +34,8 @@ CONFIG_NFT_SOCKET=3Dm CONFIG_NFT_TPROXY=3Dm CONFIG_SYN_COOKIES=3Dy CONFIG_VETH=3Dy +CONFIG_TLS=3Dm +CONFIG_CRYPTO_ARIA=3Dm +CONFIG_CRYPTO_CCM=3Dm +CONFIG_CRYPTO_CHACHA20POLY1305=3Dm +CONFIG_CRYPTO_SM4_GENERIC=3Dm diff --git a/tools/testing/selftests/net/mptcp/mptcp_tls.sh b/tools/testing= /selftests/net/mptcp/mptcp_tls.sh new file mode 100755 index 000000000000..ea366d149a20 --- /dev/null +++ b/tools/testing/selftests/net/mptcp/mptcp_tls.sh @@ -0,0 +1,62 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 + +. "$(dirname "${0}")/mptcp_lib.sh" + +ret=3D0 +ns1=3D"" + +# This function is used in the cleanup trap +#shellcheck disable=3DSC2317,SC2329 +cleanup() +{ + if [ -n "$pid" ] && kill -0 "$pid" 2>/dev/null; then + kill "$pid" 2>/dev/null + wait "$pid" 2>/dev/null + fi + + mptcp_lib_ns_exit "$ns1" +} + +init() +{ + local max=3D"${1:-4}" + + mptcp_lib_ns_init ns1 + + mptcp_lib_pm_nl_set_limits "$ns1" "$max" "$max" + + local i + for i in $(seq 1 "$max"); do + mptcp_lib_pm_nl_add_endpoint "$ns1" \ + "127.0.0.1" flags signal port 1000"$i" + done +} + +trap cleanup EXIT + +mptcp_lib_check_mptcp +# Temporarily set max to '0' to disable multipath testing, +# as it depends on "mptcp: fix stall because of data_ready" series of fixe= s. +# It will be re-enabled together with that series later as a squash-to pat= ch. +init 0 + +ip netns exec "$ns1" ./tls -v 12_aes_gcm_mptcp \ + -v 13_aes_gcm_mptcp \ + -v 12_chacha_mptcp \ + -v 13_chacha_mptcp \ + -v 13_sm4_gcm_mptcp \ + -v 13_sm4_ccm_mptcp \ + -v 12_aes_ccm_mptcp \ + -v 13_aes_ccm_mptcp \ + -v 12_aes_gcm_256_mptcp \ + -v 13_aes_gcm_256_mptcp \ + -v 13_nopad_mptcp \ + -v 12_aria_gcm_mptcp \ + -v 12_aria_gcm_256_mptcp & +pid=3D$! +wait $pid +ret=3D$? + +mptcp_lib_result_print_all_tap +exit $ret diff --git a/tools/testing/selftests/net/mptcp/tls.c b/tools/testing/selfte= sts/net/mptcp/tls.c new file mode 120000 index 000000000000..724b1f047c89 --- /dev/null +++ b/tools/testing/selftests/net/mptcp/tls.c @@ -0,0 +1 @@ +../tls.c \ No newline at end of file --=20 2.51.0