From nobody Tue May 5 11:27:58 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 050ED22689C for ; Wed, 29 Apr 2026 10:47:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777459639; cv=none; b=fbDIH9v1OfXvXMe69mv1zHtGNY6eBfK975HFz1VrM1wiClzEjLdGbRGm9G7rn6dKuhIeXQys7D4MVcxtdHdKOLCCXzGK1418wQCZEeKMNInp+JveDm3GE1esIq7+m+WUZ2DOkGif0zkL0avdfPH9CjvcdrhbPZpDL9pl28xBSjA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777459639; c=relaxed/simple; bh=Umf7dEr3O8paI001b/KBe22R/zAt3WcjGL/01HTIN/o=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=KQ7LLoSCLS70PaHBxrQW2fmqVpkeXEjA2IclvXtsVUZgZ1B77IT9Y6BcX3sXmUvQCUR02SLwZ6hTx+oqIwsfwpjmF1F2QW/0spEHe2pHGvX0Uvv7CBBi638aEdWtS8LOuo0aTW85QcBOcBRPYBOE/Mhafcs7EJtdUF3oyALkjCc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=lE8Nzge3; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="lE8Nzge3" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1904DC2BCB3; Wed, 29 Apr 2026 10:47:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777459638; bh=Umf7dEr3O8paI001b/KBe22R/zAt3WcjGL/01HTIN/o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=lE8Nzge3NYsPdGOSbFBDownzHq/ZdAdthfcDhTcBZZiKNKiyhBKESFVQUZf6IxhiT sAST9NusPt13pgD+PDCOC3C01L/fwVPded7a/kA+v6QVcAMz/niKPNXjGpFTVTCXQG QarfQ/0LD7N1hzy7gMJDt1hM9H4VHx+pxtjzfc4VCtq4ovI1Vrmcp3a4xKJ4MDFVmj vcIr+28yZAU5jYi0rTNFzOGnUT8dFT8iH+eX0UPRJ0rtvrotT0sV/Dn6gSiJQ2pZJ0 CWZfeuh2w0tx5gtHxgaposSoGlAWkgs3JBeVqomvBjqffStqCsywZhNGtUa+Zdy2Wl yXqiM+Qo/DB2w== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v18 01/15] tls: add per-protocol cache to support mptcp Date: Wed, 29 Apr 2026 18:44:49 +0800 Message-ID: <8ad45d639a417dde664d86f8dae6711b20ee6b4d.1777459066.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang The TLS ULP uses a single global array to cache base protocol operations. When MPTCP sockets enable TLS, they overwrite this global cache with mptcp_prot, causing active TCP TLS sockets to use MPTCP-specific ops. This leads to type confusion and kernel panics. Fix by replacing the global cache with a per-protocol linked list. Each protocol (TCP, MPTCP, etc.) now has its own cached operations, stored in struct tls_proto and referenced from tls_context. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- include/net/tls.h | 18 ++++++ include/net/tls_toe.h | 3 +- net/tls/tls.h | 3 +- net/tls/tls_main.c | 144 +++++++++++++++++++++++++++++------------- net/tls/tls_toe.c | 5 +- 5 files changed, 126 insertions(+), 47 deletions(-) diff --git a/include/net/tls.h b/include/net/tls.h index ebd2550280ae..baedee91d648 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -81,6 +81,12 @@ struct tls_rec; #define TLS_AES_CCM_IV_B0_BYTE 2 #define TLS_SM4_CCM_IV_B0_BYTE 2 =20 +enum { + TLSV4, + TLSV6, + TLS_NUM_PROTS, +}; + enum { TLS_BASE, TLS_SW, @@ -220,6 +226,16 @@ struct tls_prot_info { u16 tail_size; }; =20 +struct tls_proto { + struct rcu_head rcu; + refcount_t refcnt; + struct list_head list; + int ip_ver; + const struct proto *prot; + struct proto prots[TLS_NUM_PROTS][TLS_NUM_CONFIG][TLS_NUM_CONFIG]; + struct proto_ops proto_ops[TLS_NUM_PROTS][TLS_NUM_CONFIG][TLS_NUM_CONFIG]; +}; + struct tls_context { /* read-only cache line */ struct tls_prot_info prot_info; @@ -257,6 +273,8 @@ struct tls_context { struct proto *sk_proto; struct sock *sk; =20 + struct tls_proto *proto; + void (*sk_destruct)(struct sock *sk); =20 union tls_crypto_context crypto_send; diff --git a/include/net/tls_toe.h b/include/net/tls_toe.h index b3aa7593ce2c..b73029364b2c 100644 --- a/include/net/tls_toe.h +++ b/include/net/tls_toe.h @@ -69,7 +69,8 @@ struct tls_toe_device { struct kref kref; }; =20 -int tls_toe_bypass(struct sock *sk); +int tls_toe_bypass(struct sock *sk, + struct tls_proto *proto); int tls_toe_hash(struct sock *sk); void tls_toe_unhash(struct sock *sk); =20 diff --git a/net/tls/tls.h b/net/tls/tls.h index e8f81a006520..c9e839642c31 100644 --- a/net/tls/tls.h +++ b/net/tls/tls.h @@ -136,7 +136,8 @@ struct tls_rec { int __net_init tls_proc_init(struct net *net); void __net_exit tls_proc_fini(struct net *net); =20 -struct tls_context *tls_ctx_create(struct sock *sk); +struct tls_context *tls_ctx_create(struct sock *sk, + struct tls_proto *proto); void tls_ctx_free(struct sock *sk, struct tls_context *ctx); void update_sk_prot(struct sock *sk, struct tls_context *ctx); =20 diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index fd39acf41a61..ade124a8731f 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -52,12 +52,6 @@ MODULE_DESCRIPTION("Transport Layer Security Support"); MODULE_LICENSE("Dual BSD/GPL"); MODULE_ALIAS_TCP_ULP("tls"); =20 -enum { - TLSV4, - TLSV6, - TLS_NUM_PROTS, -}; - #define CHECK_CIPHER_DESC(cipher,ci) \ static_assert(cipher ## _IV_SIZE <=3D TLS_MAX_IV_SIZE); \ static_assert(cipher ## _SALT_SIZE <=3D TLS_MAX_SALT_SIZE); \ @@ -119,23 +113,64 @@ CHECK_CIPHER_DESC(TLS_CIPHER_SM4_CCM, tls12_crypto_in= fo_sm4_ccm); CHECK_CIPHER_DESC(TLS_CIPHER_ARIA_GCM_128, tls12_crypto_info_aria_gcm_128); CHECK_CIPHER_DESC(TLS_CIPHER_ARIA_GCM_256, tls12_crypto_info_aria_gcm_256); =20 -static const struct proto *saved_tcpv6_prot; -static DEFINE_MUTEX(tcpv6_prot_mutex); -static const struct proto *saved_tcpv4_prot; -static DEFINE_MUTEX(tcpv4_prot_mutex); -static struct proto tls_prots[TLS_NUM_PROTS][TLS_NUM_CONFIG][TLS_NUM_CONFI= G]; -static struct proto_ops tls_proto_ops[TLS_NUM_PROTS][TLS_NUM_CONFIG][TLS_N= UM_CONFIG]; +static LIST_HEAD(tls_proto_list); +static DEFINE_SPINLOCK(tls_proto_lock); static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG], const struct proto *base); =20 +static struct tls_proto *tls_proto_find(const struct proto *prot, + int ip_ver) +{ + struct tls_proto *proto, *ret =3D NULL; + + rcu_read_lock(); + list_for_each_entry_rcu(proto, &tls_proto_list, list) { + if (proto->prot =3D=3D prot && proto->ip_ver =3D=3D ip_ver) { + if (refcount_inc_not_zero(&proto->refcnt)) + ret =3D proto; + break; + } + } + rcu_read_unlock(); + return ret; +} + +static void tls_proto_free(struct rcu_head *rcu) +{ + struct tls_proto *proto =3D container_of(rcu, + struct tls_proto, + rcu); + + kfree(proto); +} + +static void tls_proto_cleanup(void) +{ + struct tls_proto *prot, *tmp; + + spin_lock_bh(&tls_proto_lock); + list_for_each_entry_safe(prot, tmp, &tls_proto_list, list) { + list_del_rcu(&prot->list); + call_rcu(&prot->rcu, tls_proto_free); + } + spin_unlock_bh(&tls_proto_lock); + + synchronize_rcu(); + rcu_barrier(); +} + void update_sk_prot(struct sock *sk, struct tls_context *ctx) { int ip_ver =3D sk->sk_family =3D=3D AF_INET6 ? TLSV6 : TLSV4; + struct tls_proto *proto =3D ctx->proto; + + if (!proto) + return; =20 WRITE_ONCE(sk->sk_prot, - &tls_prots[ip_ver][ctx->tx_conf][ctx->rx_conf]); + &proto->prots[ip_ver][ctx->tx_conf][ctx->rx_conf]); WRITE_ONCE(sk->sk_socket->ops, - &tls_proto_ops[ip_ver][ctx->tx_conf][ctx->rx_conf]); + &proto->proto_ops[ip_ver][ctx->tx_conf][ctx->rx_conf]); } =20 int wait_on_pending_writer(struct sock *sk, long *timeo) @@ -314,6 +349,20 @@ static void tls_write_space(struct sock *sk) ctx->sk_write_space(sk); } =20 +static bool tls_proto_put(struct tls_proto *proto) +{ + if (refcount_dec_and_test(&proto->refcnt)) { + spin_lock(&tls_proto_lock); + list_del_rcu(&proto->list); + spin_unlock(&tls_proto_lock); + + call_rcu(&proto->rcu, tls_proto_free); + return true; + } + + return false; +} + /** * tls_ctx_free() - free TLS ULP context * @sk: socket to with @ctx is attached @@ -327,6 +376,9 @@ void tls_ctx_free(struct sock *sk, struct tls_context *= ctx) if (!ctx) return; =20 + if (ctx->proto && tls_proto_put(ctx->proto)) + ctx->proto =3D NULL; + memzero_explicit(&ctx->crypto_send, sizeof(ctx->crypto_send)); memzero_explicit(&ctx->crypto_recv, sizeof(ctx->crypto_recv)); mutex_destroy(&ctx->tx_lock); @@ -910,7 +962,8 @@ static int tls_disconnect(struct sock *sk, int flags) return -EOPNOTSUPP; } =20 -struct tls_context *tls_ctx_create(struct sock *sk) +struct tls_context *tls_ctx_create(struct sock *sk, + struct tls_proto *proto) { struct inet_connection_sock *icsk =3D inet_csk(sk); struct tls_context *ctx; @@ -921,6 +974,7 @@ struct tls_context *tls_ctx_create(struct sock *sk) =20 mutex_init(&ctx->tx_lock); ctx->sk_proto =3D READ_ONCE(sk->sk_prot); + ctx->proto =3D proto; ctx->sk =3D sk; /* Release semantic of rcu_assign_pointer() ensures that * ctx->sk_proto is visible before changing sk->sk_prot in @@ -968,35 +1022,32 @@ static void build_proto_ops(struct proto_ops ops[TLS= _NUM_CONFIG][TLS_NUM_CONFIG] #endif } =20 -static void tls_build_proto(struct sock *sk) +static struct tls_proto *tls_build_proto(struct sock *sk) { int ip_ver =3D sk->sk_family =3D=3D AF_INET6 ? TLSV6 : TLSV4; struct proto *prot =3D READ_ONCE(sk->sk_prot); + struct tls_proto *proto; =20 - /* Build IPv6 TLS whenever the address of tcpv6 _prot changes */ - if (ip_ver =3D=3D TLSV6 && - unlikely(prot !=3D smp_load_acquire(&saved_tcpv6_prot))) { - mutex_lock(&tcpv6_prot_mutex); - if (likely(prot !=3D saved_tcpv6_prot)) { - build_protos(tls_prots[TLSV6], prot); - build_proto_ops(tls_proto_ops[TLSV6], - sk->sk_socket->ops); - smp_store_release(&saved_tcpv6_prot, prot); - } - mutex_unlock(&tcpv6_prot_mutex); - } + spin_lock_bh(&tls_proto_lock); + proto =3D tls_proto_find(prot, ip_ver); + if (proto) + goto out; =20 - if (ip_ver =3D=3D TLSV4 && - unlikely(prot !=3D smp_load_acquire(&saved_tcpv4_prot))) { - mutex_lock(&tcpv4_prot_mutex); - if (likely(prot !=3D saved_tcpv4_prot)) { - build_protos(tls_prots[TLSV4], prot); - build_proto_ops(tls_proto_ops[TLSV4], - sk->sk_socket->ops); - smp_store_release(&saved_tcpv4_prot, prot); - } - mutex_unlock(&tcpv4_prot_mutex); - } + proto =3D kzalloc_obj(*proto, GFP_ATOMIC); + if (!proto) + goto out; + + proto->ip_ver =3D ip_ver; + proto->prot =3D prot; + refcount_set(&proto->refcnt, 1); + build_protos(proto->prots[ip_ver], prot); + build_proto_ops(proto->proto_ops[ip_ver], + sk->sk_socket->ops); + list_add_rcu(&proto->list, &tls_proto_list); + +out: + spin_unlock_bh(&tls_proto_lock); + return proto; } =20 static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG], @@ -1046,13 +1097,16 @@ static void build_protos(struct proto prot[TLS_NUM_= CONFIG][TLS_NUM_CONFIG], =20 static int tls_init(struct sock *sk) { + struct tls_proto *proto; struct tls_context *ctx; int rc =3D 0; =20 - tls_build_proto(sk); + proto =3D tls_build_proto(sk); + if (!proto) + return -ENOMEM; =20 #ifdef CONFIG_TLS_TOE - if (tls_toe_bypass(sk)) + if (tls_toe_bypass(sk, proto)) return 0; #endif =20 @@ -1062,13 +1116,16 @@ static int tls_init(struct sock *sk) * to modify the accept implementation to clone rather then * share the ulp context. */ - if (sk->sk_state !=3D TCP_ESTABLISHED) + if (sk->sk_state !=3D TCP_ESTABLISHED) { + tls_proto_put(proto); return -ENOTCONN; + } =20 /* allocate tls context */ write_lock_bh(&sk->sk_callback_lock); - ctx =3D tls_ctx_create(sk); + ctx =3D tls_ctx_create(sk, proto); if (!ctx) { + tls_proto_put(proto); rc =3D -ENOMEM; goto out; } @@ -1264,6 +1321,7 @@ static int __init tls_register(void) =20 static void __exit tls_unregister(void) { + tls_proto_cleanup(); tcp_unregister_ulp(&tcp_tls_ulp_ops); tls_strp_dev_exit(); tls_device_cleanup(); diff --git a/net/tls/tls_toe.c b/net/tls/tls_toe.c index 825669e1ab47..3c63f9b4c8af 100644 --- a/net/tls/tls_toe.c +++ b/net/tls/tls_toe.c @@ -54,7 +54,8 @@ static void tls_toe_sk_destruct(struct sock *sk) tls_ctx_free(sk, ctx); } =20 -int tls_toe_bypass(struct sock *sk) +int tls_toe_bypass(struct sock *sk, + struct tls_proto *proto) { struct tls_toe_device *dev; struct tls_context *ctx; @@ -63,7 +64,7 @@ int tls_toe_bypass(struct sock *sk) spin_lock_bh(&device_spinlock); list_for_each_entry(dev, &device_list, dev_list) { if (dev->feature && dev->feature(dev)) { - ctx =3D tls_ctx_create(sk); + ctx =3D tls_ctx_create(sk, proto); if (!ctx) goto out; =20 --=20 2.53.0 From nobody Tue May 5 11:27:58 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EC3B52D7D27 for ; Wed, 29 Apr 2026 10:47:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777459641; cv=none; b=JwfFRnIngMUg+2WM3SR5ZBr/Wk/j4hZmVAtvpEZzh3KSMlWlAE8OgO08PmMnFHAXJ0EGa562RVQd7umhh4TgrpeLfH//B/srPwmF34rG2rldk/vk+zs/nfcYATDPyEim4fC6Xtv0eEeZklQP5sgMVddNfCMquU/4rNULEj44TgU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777459641; c=relaxed/simple; bh=57cNEFbFDtMfLCXiiklK6qGELaxp9/fzm8/lNKzc8PU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=kQRyUWiU/zlhqNPZgGGbyPHzeB38bmzAivi8rwfq9nf7GMfSoy39HCI5suOgHwWBWoKUpL/SGFjKCKvwpgqsSyAP8YSWu9G1djNrqrOAHiu8LcZZhdK/dCoNeXOcj9tDisN2F+AiQqANl9e1WzNkSBE8bPvfHP3ZhTMWXKDC9OM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=J4umCzPY; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="J4umCzPY" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3E428C19425; Wed, 29 Apr 2026 10:47:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777459640; bh=57cNEFbFDtMfLCXiiklK6qGELaxp9/fzm8/lNKzc8PU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=J4umCzPYlPtT8qCufZYD67ue3+95rdW5I9XNtozN2+76G2/xGALFLg1Nc+iP4RTa/ xOtgGa0eyBZ9cMlzM8KebeAWEu7YP1WOCFQ/7f40G6eghNOaFL9DZfoHEyIL/cmDEj HLXflF2tyZMl9G2Vitzh5SPoaPlPku/03kpIfndw44nFIXfZr3MkuKCr46fKyHoK6D gwW0fm2JmP4Tqo4aRQCIb2FuK0BhslRQigzcfEpZW49tTXietpxox5GsPWUtgOk+71 JkKIE0uSfqEQcWNdj3BvJMjf7xgCNbvG0i0COdVCcq/cRMo4m/VF+uOLIyS9J4pBlu tBJrse9PYbQ+g== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v18 02/15] tls: introduce struct tls_prot_ops Date: Wed, 29 Apr 2026 18:44:50 +0800 Message-ID: X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang To extend MPTCP support based on TCP TLS, a tls_prot_ops structure has been introduced for TLS, encapsulating TCP-specific helpers within this structure. Add registering, validating and finding functions for this structure to add, validate and find a tls_prot_ops on the global list tls_prot_ops_list. Register TCP-specific structure tls_tcp_ops in tls_register(). Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- include/net/tls.h | 18 ++++++++ net/tls/tls_main.c | 104 ++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 121 insertions(+), 1 deletion(-) diff --git a/include/net/tls.h b/include/net/tls.h index baedee91d648..7d544af4390a 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -226,6 +226,24 @@ struct tls_prot_info { u16 tail_size; }; =20 +struct tls_prot_ops { + int protocol; + struct list_head list; + + int (*inq)(struct sock *sk); + int (*sendmsg_locked)(struct sock *sk, struct msghdr *msg, size_t size); + struct sk_buff *(*recv_skb)(struct sock *sk, u32 *off); + bool (*lock_is_held)(struct sock *sk); + int (*read_sock)(struct sock *sk, read_descriptor_t *desc, + sk_read_actor_t recv_actor); + void (*read_done)(struct sock *sk, size_t len); + u32 (*get_skb_seq)(struct sk_buff *skb); + __poll_t (*poll)(struct file *file, struct socket *sock, + struct poll_table_struct *wait); + bool (*epollin_ready)(const struct sock *sk); + void (*check_app_limited)(struct sock *sk); +}; + struct tls_proto { struct rcu_head rcu; refcount_t refcnt; diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index ade124a8731f..ef51e84fd9b7 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -115,6 +115,8 @@ CHECK_CIPHER_DESC(TLS_CIPHER_ARIA_GCM_256, tls12_crypto= _info_aria_gcm_256); =20 static LIST_HEAD(tls_proto_list); static DEFINE_SPINLOCK(tls_proto_lock); +static LIST_HEAD(tls_prot_ops_list); +static DEFINE_SPINLOCK(tls_prot_ops_lock); static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG], const struct proto *base); =20 @@ -159,6 +161,18 @@ static void tls_proto_cleanup(void) rcu_barrier(); } =20 +static struct tls_prot_ops *tls_prot_ops_find(int protocol) +{ + struct tls_prot_ops *ops; + + list_for_each_entry_rcu(ops, &tls_prot_ops_list, list) { + if (ops->protocol =3D=3D protocol) + return ops; + } + + return NULL; +} + void update_sk_prot(struct sock *sk, struct tls_context *ctx) { int ip_ver =3D sk->sk_family =3D=3D AF_INET6 ? TLSV6 : TLSV4; @@ -1293,6 +1307,87 @@ static struct tcp_ulp_ops tcp_tls_ulp_ops __read_mos= tly =3D { .get_info_size =3D tls_get_info_size, }; =20 +static int tls_validate_prot_ops(const struct tls_prot_ops *ops) +{ + if (!ops->inq || !ops->sendmsg_locked || + !ops->recv_skb || !ops->lock_is_held || + !ops->read_sock || !ops->read_done || + !ops->get_skb_seq || + !ops->poll || !ops->epollin_ready || + !ops->check_app_limited) { + pr_err("%d does not implement required ops\n", ops->protocol); + return -EINVAL; + } + + return 0; +} + +static int tls_register_prot_ops(struct tls_prot_ops *ops) +{ + int ret; + + ret =3D tls_validate_prot_ops(ops); + if (ret) + return ret; + + spin_lock(&tls_prot_ops_lock); + rcu_read_lock(); + if (tls_prot_ops_find(ops->protocol)) { + rcu_read_unlock(); + spin_unlock(&tls_prot_ops_lock); + return -EEXIST; + } + rcu_read_unlock(); + list_add_tail_rcu(&ops->list, &tls_prot_ops_list); + spin_unlock(&tls_prot_ops_lock); + + pr_debug("tls_prot_ops %d registered\n", ops->protocol); + return 0; +} + +static void tls_unregister_prot_ops(struct tls_prot_ops *ops) +{ + spin_lock(&tls_prot_ops_lock); + list_del_rcu(&ops->list); + spin_unlock(&tls_prot_ops_lock); + + synchronize_rcu(); +} + +static struct sk_buff *tls_tcp_recv_skb(struct sock *sk, u32 *off) +{ + return tcp_recv_skb(sk, tcp_sk(sk)->copied_seq, off); +} + +static bool tls_tcp_lock_is_held(struct sock *sk) +{ + return sock_owned_by_user_nocheck(sk); +} + +static u32 tls_tcp_get_skb_seq(struct sk_buff *skb) +{ + return TCP_SKB_CB(skb)->seq; +} + +static bool tls_tcp_epollin_ready(const struct sock *sk) +{ + return tcp_epollin_ready(sk, INT_MAX); +} + +static struct tls_prot_ops tls_tcp_ops =3D { + .protocol =3D IPPROTO_TCP, + .inq =3D tcp_inq, + .sendmsg_locked =3D tcp_sendmsg_locked, + .recv_skb =3D tls_tcp_recv_skb, + .lock_is_held =3D tls_tcp_lock_is_held, + .read_sock =3D tcp_read_sock, + .read_done =3D tcp_read_done, + .get_skb_seq =3D tls_tcp_get_skb_seq, + .poll =3D tcp_poll, + .epollin_ready =3D tls_tcp_epollin_ready, + .check_app_limited =3D tcp_rate_check_app_limited, +}; + static int __init tls_register(void) { int err; @@ -1305,13 +1400,19 @@ static int __init tls_register(void) if (err) goto err_pernet; =20 - err =3D tls_device_init(); + err =3D tls_register_prot_ops(&tls_tcp_ops); if (err) goto err_strp; =20 + err =3D tls_device_init(); + if (err) + goto err_ops; + tcp_register_ulp(&tcp_tls_ulp_ops); =20 return 0; +err_ops: + tls_unregister_prot_ops(&tls_tcp_ops); err_strp: tls_strp_dev_exit(); err_pernet: @@ -1322,6 +1423,7 @@ static int __init tls_register(void) static void __exit tls_unregister(void) { tls_proto_cleanup(); + tls_unregister_prot_ops(&tls_tcp_ops); tcp_unregister_ulp(&tcp_tls_ulp_ops); tls_strp_dev_exit(); tls_device_cleanup(); --=20 2.53.0 From nobody Tue May 5 11:27:58 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2D133329E49 for ; Wed, 29 Apr 2026 10:47:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777459643; cv=none; b=CClO0pYCW7FhLKx/TCAU5XFI1qpwSiHfE/m1em/bJaMP0uvS3zpBBxvCwxmjRoDwznBfv6YqloeBYEJqmgQDlUsdMzh0OiaGUeDeM7Hsbp26O4Ky5rrcxYqB+WR47ZtZ9UyXp0ds0qmPhj9ZIPDtVpG7FHyILEsvT5tY/otW5+g= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777459643; c=relaxed/simple; bh=tUsXFE9eijJwBM6j87Tm19C0z/vmubWFVhJr2nKSbfA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Ny63veZMUhd9lMD77o0EJaZ54txcDhDciW7O3W5hCMnePiOIWaQR20a8TnMXnJaeGGWCaxTw4fkoNoDAP7HtWgyjf1GFUay4w+YMXysiqepa7gkfMO71pneFIhIVmgGa11x52FAqO7rRn1tD2yBcAUcQIVz6shrywzSrxLVOUI4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=I+7IxeUU; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="I+7IxeUU" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 49998C19425; Wed, 29 Apr 2026 10:47:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777459642; bh=tUsXFE9eijJwBM6j87Tm19C0z/vmubWFVhJr2nKSbfA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=I+7IxeUU124/2opDnqnRaTHGdTUyuwqkLFpLukjNP3xRirSkwcp3ZBvOAHPWzM1l1 s/FdmmJPAGTmxvK+A5Yntrq9Uq5N+LVDo2XC/lsB4RDvyH6Rt7xH6aYGJackWoZ7ft Q0px63x71N3yHyLK+x2A5UjJpvRGSwHb8Crvf4MX0MolJmU4AoDPfE3M0EYCEacruN nKwgMne88WfXiClAY1OkZ2Q0sRChbDw0g8wTvFydCC6KGryOVFXTCg+Wg86rdtRVw0 u2Oi8XH0orN6vpAkSj41vdaMtFM6DquFqoTZ0Q/G0vzHmEN4v2/Jk3M0b1lpard21i aO6Hg1OHbKsDQ== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v18 03/15] tls: add tls_prot_ops pointer to tls_proto Date: Wed, 29 Apr 2026 18:44:51 +0800 Message-ID: <5f8b44b4e3206103e7888b14e19a49f45cbb1f07.1777459066.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang A pointer to struct tls_prot_ops, named 'ops', has been added to struct tls_proto. The places originally calling TLS-specific helpers have now been modified to indirectly invoke them via 'ops' pointer in tls_proto. In tls_build_proto(), proto->ops is assigned either 'tls_mptcp_ops' or 'tls_tcp_ops' based on the socket protocol. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- include/net/tls.h | 1 + net/tls/tls_main.c | 20 ++++++++++++++++---- net/tls/tls_strp.c | 32 +++++++++++++++++++++----------- net/tls/tls_sw.c | 6 ++++-- 4 files changed, 42 insertions(+), 17 deletions(-) diff --git a/include/net/tls.h b/include/net/tls.h index 7d544af4390a..c76711a96ffe 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -250,6 +250,7 @@ struct tls_proto { struct list_head list; int ip_ver; const struct proto *prot; + const struct tls_prot_ops *ops; struct proto prots[TLS_NUM_PROTS][TLS_NUM_CONFIG][TLS_NUM_CONFIG]; struct proto_ops proto_ops[TLS_NUM_PROTS][TLS_NUM_CONFIG][TLS_NUM_CONFIG]; }; diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index ef51e84fd9b7..8e93b4e161a8 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -237,13 +237,13 @@ int tls_push_sg(struct sock *sk, ctx->splicing_pages =3D true; while (1) { /* is sending application-limited? */ - tcp_rate_check_app_limited(sk); + ctx->proto->ops->check_app_limited(sk); p =3D sg_page(sg); retry: bvec_set_page(&bvec, p, size, offset); iov_iter_bvec(&msg.msg_iter, ITER_SOURCE, &bvec, 1, size); =20 - ret =3D tcp_sendmsg_locked(sk, &msg, size); + ret =3D ctx->proto->ops->sendmsg_locked(sk, &msg, size); =20 if (ret !=3D size) { if (ret > 0) { @@ -475,14 +475,16 @@ static __poll_t tls_sk_poll(struct file *file, struct= socket *sock, u8 shutdown; int state; =20 - mask =3D tcp_poll(file, sock, wait); + tls_ctx =3D tls_get_ctx(sk); + if (!tls_ctx || !tls_ctx->proto || !tls_ctx->proto->ops) + return 0; + mask =3D tls_ctx->proto->ops->poll(file, sock, wait); =20 state =3D inet_sk_state_load(sk); shutdown =3D READ_ONCE(sk->sk_shutdown); if (unlikely(state !=3D TCP_ESTABLISHED || shutdown & RCV_SHUTDOWN)) return mask; =20 - tls_ctx =3D tls_get_ctx(sk); ctx =3D tls_sw_ctx_rx(tls_ctx); psock =3D sk_psock_get(sk); =20 @@ -1040,6 +1042,7 @@ static struct tls_proto *tls_build_proto(struct sock = *sk) { int ip_ver =3D sk->sk_family =3D=3D AF_INET6 ? TLSV6 : TLSV4; struct proto *prot =3D READ_ONCE(sk->sk_prot); + struct tls_prot_ops *ops; struct tls_proto *proto; =20 spin_lock_bh(&tls_proto_lock); @@ -1047,12 +1050,21 @@ static struct tls_proto *tls_build_proto(struct soc= k *sk) if (proto) goto out; =20 + rcu_read_lock(); + ops =3D tls_prot_ops_find(sk->sk_protocol); + if (!ops) { + rcu_read_unlock(); + goto out; + } + rcu_read_unlock(); + proto =3D kzalloc_obj(*proto, GFP_ATOMIC); if (!proto) goto out; =20 proto->ip_ver =3D ip_ver; proto->prot =3D prot; + proto->ops =3D ops; refcount_set(&proto->refcnt, 1); build_protos(proto->prots[ip_ver], prot); build_proto_ops(proto->proto_ops[ip_ver], diff --git a/net/tls/tls_strp.c b/net/tls/tls_strp.c index 98e12f0ff57e..763f9a06589e 100644 --- a/net/tls/tls_strp.c +++ b/net/tls/tls_strp.c @@ -120,6 +120,7 @@ struct sk_buff *tls_strp_msg_detach(struct tls_sw_conte= xt_rx *ctx) int tls_strp_msg_cow(struct tls_sw_context_rx *ctx) { struct tls_strparser *strp =3D &ctx->strp; + struct tls_context *tls_ctx =3D tls_get_ctx(strp->sk); struct sk_buff *skb; =20 if (strp->copy_mode) @@ -132,7 +133,7 @@ int tls_strp_msg_cow(struct tls_sw_context_rx *ctx) tls_strp_anchor_free(strp); strp->anchor =3D skb; =20 - tcp_read_done(strp->sk, strp->stm.full_len); + tls_ctx->proto->ops->read_done(strp->sk, strp->stm.full_len); strp->copy_mode =3D 1; =20 return 0; @@ -376,6 +377,7 @@ static int tls_strp_copyin(read_descriptor_t *desc, str= uct sk_buff *in_skb, =20 static int tls_strp_read_copyin(struct tls_strparser *strp) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); read_descriptor_t desc; =20 desc.arg.data =3D strp; @@ -383,13 +385,14 @@ static int tls_strp_read_copyin(struct tls_strparser = *strp) desc.count =3D 1; /* give more than one skb per call */ =20 /* sk should be locked here, so okay to do read_sock */ - tcp_read_sock(strp->sk, &desc, tls_strp_copyin); + ctx->proto->ops->read_sock(strp->sk, &desc, tls_strp_copyin); =20 return desc.error; } =20 static int tls_strp_read_copy(struct tls_strparser *strp, bool qshort) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); struct skb_shared_info *shinfo; struct page *page; int need_spc, len; @@ -398,7 +401,7 @@ static int tls_strp_read_copy(struct tls_strparser *str= p, bool qshort) * to read the data out. Otherwise the connection will stall. * Without pressure threshold of INT_MAX will never be ready. */ - if (likely(qshort && !tcp_epollin_ready(strp->sk, INT_MAX))) + if (likely(qshort && !ctx->proto->ops->epollin_ready(strp->sk))) return 0; =20 shinfo =3D skb_shinfo(strp->anchor); @@ -434,12 +437,13 @@ static int tls_strp_read_copy(struct tls_strparser *s= trp, bool qshort) static bool tls_strp_check_queue_ok(struct tls_strparser *strp) { unsigned int len =3D strp->stm.offset + strp->stm.full_len; + struct tls_context *ctx =3D tls_get_ctx(strp->sk); struct sk_buff *first, *skb; u32 seq; =20 first =3D skb_shinfo(strp->anchor)->frag_list; skb =3D first; - seq =3D TCP_SKB_CB(first)->seq; + seq =3D ctx->proto->ops->get_skb_seq(first); =20 /* Make sure there's no duplicate data in the queue, * and the decrypted status matches. @@ -449,7 +453,7 @@ static bool tls_strp_check_queue_ok(struct tls_strparse= r *strp) len -=3D skb->len; skb =3D skb->next; =20 - if (TCP_SKB_CB(skb)->seq !=3D seq) + if (ctx->proto->ops->get_skb_seq(skb) !=3D seq) return false; if (skb_cmp_decrypted(first, skb)) return false; @@ -460,11 +464,11 @@ static bool tls_strp_check_queue_ok(struct tls_strpar= ser *strp) =20 static void tls_strp_load_anchor_with_queue(struct tls_strparser *strp, in= t len) { - struct tcp_sock *tp =3D tcp_sk(strp->sk); + struct tls_context *ctx =3D tls_get_ctx(strp->sk); struct sk_buff *first; u32 offset; =20 - first =3D tcp_recv_skb(strp->sk, tp->copied_seq, &offset); + first =3D ctx->proto->ops->recv_skb(strp->sk, &offset); if (WARN_ON_ONCE(!first)) return; =20 @@ -483,6 +487,7 @@ static void tls_strp_load_anchor_with_queue(struct tls_= strparser *strp, int len) =20 bool tls_strp_msg_load(struct tls_strparser *strp, bool force_refresh) { + int inq =3D tls_get_ctx(strp->sk)->proto->ops->inq(strp->sk); struct strp_msg *rxm; struct tls_msg *tlm; =20 @@ -490,7 +495,7 @@ bool tls_strp_msg_load(struct tls_strparser *strp, bool= force_refresh) DEBUG_NET_WARN_ON_ONCE(!strp->stm.full_len); =20 if (!strp->copy_mode && force_refresh) { - if (unlikely(tcp_inq(strp->sk) < strp->stm.full_len)) { + if (unlikely(inq < strp->stm.full_len)) { WRITE_ONCE(strp->msg_ready, 0); memset(&strp->stm, 0, sizeof(strp->stm)); return false; @@ -511,9 +516,10 @@ bool tls_strp_msg_load(struct tls_strparser *strp, boo= l force_refresh) /* Called with lock held on lower socket */ static int tls_strp_read_sock(struct tls_strparser *strp) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); int sz, inq; =20 - inq =3D tcp_inq(strp->sk); + inq =3D ctx->proto->ops->inq(strp->sk); if (inq < 1) return 0; =20 @@ -556,6 +562,8 @@ void tls_strp_check_rcv(struct tls_strparser *strp) /* Lower sock lock held */ void tls_strp_data_ready(struct tls_strparser *strp) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); + /* This check is needed to synchronize with do_tls_strp_work. * do_tls_strp_work acquires a process lock (lock_sock) whereas * the lock held here is bh_lock_sock. The two locks can be @@ -563,7 +571,7 @@ void tls_strp_data_ready(struct tls_strparser *strp) * allows a thread in BH context to safely check if the process * lock is held. In this case, if the lock is held, queue work. */ - if (sock_owned_by_user_nocheck(strp->sk)) { + if (ctx->proto->ops->lock_is_held(strp->sk)) { queue_work(tls_strp_wq, &strp->work); return; } @@ -583,10 +591,12 @@ static void tls_strp_work(struct work_struct *w) =20 void tls_strp_msg_done(struct tls_strparser *strp) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); + WARN_ON(!strp->stm.full_len); =20 if (likely(!strp->copy_mode)) - tcp_read_done(strp->sk, strp->stm.full_len); + ctx->proto->ops->read_done(strp->sk, strp->stm.full_len); else tls_strp_flush_anchor_copy(strp); =20 diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 94d2ae0daa8c..34b9359cb0c0 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -1963,13 +1963,14 @@ tls_read_flush_backlog(struct sock *sk, struct tls_= prot_info *prot, size_t len_left, size_t decrypted, ssize_t done, size_t *flushed_at) { + int inq =3D tls_get_ctx(sk)->proto->ops->inq(sk); size_t max_rec; =20 if (len_left <=3D decrypted) return false; =20 max_rec =3D prot->overhead_size - prot->tail_size + TLS_MAX_PAYLOAD_SIZE; - if (done - *flushed_at < SZ_128K && tcp_inq(sk) > max_rec) + if (done - *flushed_at < SZ_128K && inq > max_rec) return false; =20 *flushed_at =3D done; @@ -2451,6 +2452,7 @@ int tls_rx_msg_size(struct tls_strparser *strp, struc= t sk_buff *skb) { struct tls_context *tls_ctx =3D tls_get_ctx(strp->sk); struct tls_prot_info *prot =3D &tls_ctx->prot_info; + u32 seq =3D tls_ctx->proto->ops->get_skb_seq(skb); char header[TLS_HEADER_SIZE + TLS_MAX_IV_SIZE]; size_t cipher_overhead; size_t data_len =3D 0; @@ -2498,7 +2500,7 @@ int tls_rx_msg_size(struct tls_strparser *strp, struc= t sk_buff *skb) } =20 tls_device_rx_resync_new_rec(strp->sk, data_len + TLS_HEADER_SIZE, - TCP_SKB_CB(skb)->seq + strp->stm.offset); + seq + strp->stm.offset); return data_len + TLS_HEADER_SIZE; =20 read_failure: --=20 2.53.0 From nobody Tue May 5 11:27:58 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F1DB82D7D27 for ; Wed, 29 Apr 2026 10:47:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777459645; cv=none; b=hVynU39Ko+8seOsgKy46w6uQcUw18kJSUqFZ2oc7dfkz9klurW7hVR+nkqpDfMhCeMypFSVHn3sFVA6J5vQwAW9S6YUIjhqIf8LhJwZsqAvHB9Rt11T/3wIs5Hqhb6SmMRsZdfyrV8Y67F1NR8dW06lNbvOdg/9ZmgrbtJ11mXg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777459645; c=relaxed/simple; bh=TWUMxOA29PdbpJEVwwkjAYfIP9tKyfs8M9pBX6ufxuk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=JsBXvEJ1fXrmDM5LPcU79JUCZieTyUH0iEf/m1DVZzn1GSJ8el4e+sWLTB3Cqx0mfJFjIq7AJ+l+BOibyWm3FyEkNbanYdZ93tDPYLnnrjgjO5B6dPKOA6qr2CHyRk3HFIH1oKl62/XM48oKtQGgDANHCb/ttXCwIHpj/2qMMa4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=j418wzw3; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="j418wzw3" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6EA19C2BCB3; Wed, 29 Apr 2026 10:47:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777459644; bh=TWUMxOA29PdbpJEVwwkjAYfIP9tKyfs8M9pBX6ufxuk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=j418wzw3BSLOE91XFYfE22t859dWcs534nCGAlAOziILBjQeH5vOeXf0EAdBYNjHW YC/Oej8abnm1SqhcBxJ4qAlc8nEEEW5n1zgGG8+zsAsPwn7g0dqUkSsmPWeDLRbfnG rrpF2V5wVFPhamFpbO2AmslQbG1KSTcjSr3Lq4O0MbbOn8IX4IiKEJAK4X157/5SFN NcaCg/piYKRDTFCE3duYa0SFOpPoo6XTRnxRyVeIJODObxERk462LIYbgfyJ+Xmjua GMgeuuEgP2tdhRg0I9r3YApKEWPg1+CDIsoRqsFJ+NHMZhe0JQgTAk512Qe2ajFEsk DmLUtdjO0/cug== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Gang Yan , Geliang Tang Subject: [RFC mptcp-next v18 04/15] mptcp: update mptcp_check_readable Date: Wed, 29 Apr 2026 18:44:52 +0800 Message-ID: <7a40b902e14aae603cfd915672ed32cc9d821cde.1777459066.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Gang Yan This patch makes mptcp_check_readable() aligned with TCP, and renames it to mptcp_stream_is_readable(). It will be used in the case of KTLS, because 'prot' will be modified, tls_sw_sock_is_readable() is expected to be called from prot->sock_is_readable(). Co-developed-by: Geliang Tang Signed-off-by: Geliang Tang Signed-off-by: Gang Yan --- net/mptcp/protocol.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 0db50e3715c3..5d4f0bc08973 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3262,9 +3262,11 @@ void __mptcp_unaccepted_force_close(struct sock *sk) __mptcp_destroy_sock(sk); } =20 -static __poll_t mptcp_check_readable(struct sock *sk) +static bool mptcp_stream_is_readable(struct sock *sk) { - return mptcp_epollin_ready(sk) ? EPOLLIN | EPOLLRDNORM : 0; + if (mptcp_epollin_ready(sk)) + return true; + return sk_is_readable(sk); } =20 static void mptcp_check_listen_stop(struct sock *sk) @@ -4327,7 +4329,8 @@ static __poll_t mptcp_poll(struct file *file, struct = socket *sock, mask |=3D EPOLLIN | EPOLLRDNORM | EPOLLRDHUP; =20 if (state !=3D TCP_SYN_SENT && state !=3D TCP_SYN_RECV) { - mask |=3D mptcp_check_readable(sk); + if (mptcp_stream_is_readable(sk)) + mask |=3D EPOLLIN | EPOLLRDNORM; if (shutdown & SEND_SHUTDOWN) mask |=3D EPOLLOUT | EPOLLWRNORM; else --=20 2.53.0 From nobody Tue May 5 11:27:58 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F16B3329E49 for ; Wed, 29 Apr 2026 10:47:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777459647; cv=none; b=eWSZqTNoN5sAep55wAbNp6Jcy6B2gKNcuYmorTZQ1551a2d6eLne5vEyx9Yq5n8uH91ZkEphAIxZi3oiRyxaqmosJLD85gAzgWGSs5k+ZWWl9dtD0toKSaKPURp4a9VkoJl1C9nFPITY0uuQmAWSTUwjF5SoS1HLAztG8yHPwAY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777459647; c=relaxed/simple; bh=IwGH7x5HeXPjJ82nzOaBDzIL7P3dADO+vdUZKF7/D/w=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=K37Kk3e4z0QN6VaFFciaLepWx8ZKVoZLaLFt3gM5RO/4wZE3TeNB3ktUQO7YKZT9+5z9PqGOjyCMtyPtPb+A5IfDZMhsazftwzzRh3WHLWWW7bI4smAQhCOwNyk3bXWN5jBB1g8VnzOwfpHtyGgV5Ua4jTGKd2Jqg8OYgNOR2tM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=lx0nXLCG; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="lx0nXLCG" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2354AC2BCB3; Wed, 29 Apr 2026 10:47:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777459646; bh=IwGH7x5HeXPjJ82nzOaBDzIL7P3dADO+vdUZKF7/D/w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=lx0nXLCGzeMonRbfTVDElMrzGnP4m9um/0abgEYZVBGY3hTdg9bb/P7iLvVTFurGu YmbpaT45OECtbsOZw2JjJfRQ0iZDn3YHe+tYavbW5FEvizZQGMURJ0kMf9ixJ8lbj0 7Qj43EFinZ2oBXtVN1v4o5y4pmDi0KsUX6f2BfnVIQjHekH8H8Phyh5nvK8u/gR/Gd WSsCFOCScsPX6DDcZ8Q/G4id/FkSXXONjH6PcPn3a6gxCaminH6vDNvC4jUQoC/Igl gUMCKyad/eXjc48NurWQQbx5rCiL0ydwkqmNBzaH3a6hLoGc/RQFwp83fWbhOMcoh8 YZ2aZ9Mr3KafQ== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v18 05/15] mptcp: implement tls_mptcp_ops Date: Wed, 29 Apr 2026 18:44:53 +0800 Message-ID: X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang This patch implements the MPTCP-specific struct tls_prot_ops, named 'tls_mptcp_ops'. Passing an MPTCP socket to tcp_sock_rate_check_app_limited() can trigger a crash. Here, an MPTCP version of check_app_limited() is implemented, which calls tcp_sock_rate_check_app_limited() for each subflow. When MPTCP implements lock_is_held interface, it not only checks sock_owned_by_user_nocheck(sk) as TCP does, but also needs to check whether the MPTCP data lock is held. This is required because TLS may call lock_is_held from softirq context with bh_lock_sock held. Checking both conditions ensures TLS always defers to workqueue when the MPTCP data lock is held, avoiding deadlock. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- include/net/mptcp.h | 2 + include/net/tcp.h | 1 + net/ipv4/tcp.c | 9 +++- net/mptcp/protocol.c | 120 +++++++++++++++++++++++++++++++++++++++++-- net/mptcp/protocol.h | 1 + net/tls/tls_main.c | 13 +++++ 6 files changed, 140 insertions(+), 6 deletions(-) diff --git a/include/net/mptcp.h b/include/net/mptcp.h index 4cf59e83c1c5..02564eceeb7e 100644 --- a/include/net/mptcp.h +++ b/include/net/mptcp.h @@ -132,6 +132,8 @@ struct mptcp_pm_ops { void (*release)(struct mptcp_sock *msk); } ____cacheline_aligned_in_smp; =20 +extern struct tls_prot_ops tls_mptcp_ops; + #ifdef CONFIG_MPTCP void mptcp_init(void); =20 diff --git a/include/net/tcp.h b/include/net/tcp.h index ecbadcb3a744..6d5ced8edcc7 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -852,6 +852,7 @@ static inline int tcp_bound_to_half_wnd(struct tcp_sock= *tp, int pktsize) =20 /* tcp.c */ void tcp_get_info(struct sock *, struct tcp_info *); +void tcp_sock_rate_check_app_limited(struct tcp_sock *tp); void tcp_rate_check_app_limited(struct sock *sk); =20 /* Read 'sendfile()'-style from a TCP socket */ diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index 4f9bfbe88f21..8ae79c5036d1 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -1100,9 +1100,9 @@ int tcp_sendmsg_fastopen(struct sock *sk, struct msgh= dr *msg, int *copied, } =20 /* If a gap is detected between sends, mark the socket application-limited= . */ -void tcp_rate_check_app_limited(struct sock *sk) +void tcp_sock_rate_check_app_limited(struct tcp_sock *tp) { - struct tcp_sock *tp =3D tcp_sk(sk); + struct sock *sk =3D (struct sock *)tp; =20 if (/* We have less than one packet to send. */ tp->write_seq - tp->snd_nxt < tp->mss_cache && @@ -1115,6 +1115,11 @@ void tcp_rate_check_app_limited(struct sock *sk) tp->app_limited =3D (tp->delivered + tcp_packets_in_flight(tp)) ? : 1; } + +void tcp_rate_check_app_limited(struct sock *sk) +{ + tcp_sock_rate_check_app_limited(tcp_sk(sk)); +} EXPORT_SYMBOL_GPL(tcp_rate_check_app_limited); =20 int tcp_sendmsg_locked(struct sock *sk, struct msghdr *msg, size_t size) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 5d4f0bc08973..f9ac87dd4ff1 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -24,6 +24,7 @@ #include #include #include +#include #include #include "protocol.h" #include "mib.h" @@ -1895,7 +1896,7 @@ static void mptcp_rps_record_subflows(const struct mp= tcp_sock *msk) } } =20 -static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) +static int mptcp_sendmsg_locked(struct sock *sk, struct msghdr *msg, size_= t len) { struct mptcp_sock *msk =3D mptcp_sk(sk); struct page_frag *pfrag; @@ -1907,8 +1908,6 @@ static int mptcp_sendmsg(struct sock *sk, struct msgh= dr *msg, size_t len) msg->msg_flags &=3D MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL | MSG_FASTOPEN | MSG_EOR; =20 - lock_sock(sk); - mptcp_rps_record_subflows(msk); =20 if (unlikely(inet_test_bit(DEFER_CONNECT, sk) || @@ -2024,7 +2023,6 @@ static int mptcp_sendmsg(struct sock *sk, struct msgh= dr *msg, size_t len) } =20 out: - release_sock(sk); return copied; =20 do_error: @@ -2035,6 +2033,17 @@ static int mptcp_sendmsg(struct sock *sk, struct msg= hdr *msg, size_t len) goto out; } =20 +static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) +{ + int ret; + + lock_sock(sk); + ret =3D mptcp_sendmsg_locked(sk, msg, len); + release_sock(sk); + + return ret; +} + static void mptcp_rcv_space_adjust(struct mptcp_sock *msk, int copied); =20 static void mptcp_eat_recv_skb(struct sock *sk, struct sk_buff *skb) @@ -4711,3 +4720,106 @@ int __init mptcp_proto_v6_init(void) return err; } #endif + +static int mptcp_inq(struct sock *sk) +{ + const struct mptcp_sock *msk =3D mptcp_sk(sk); + const struct sk_buff *skb; + + if ((1 << sk->sk_state) & (TCPF_SYN_SENT | TCPF_SYN_RECV)) + return 0; + + skb =3D skb_peek(&sk->sk_receive_queue); + if (skb) { + u64 answ =3D READ_ONCE(msk->ack_seq) - MPTCP_SKB_CB(skb)->map_seq; + + if (answ >=3D INT_MAX) + answ =3D INT_MAX; + + /* Subtract 1, if FIN was received */ + if (answ && + (sk->sk_state =3D=3D TCP_CLOSE || + (sk->sk_shutdown & RCV_SHUTDOWN))) + answ--; + + return (int)answ; + } + + return 0; +} + +static bool mptcp_lock_is_held(struct sock *sk) +{ + return sock_owned_by_user_nocheck(sk) || + mptcp_data_is_locked(sk); +} + +static void mptcp_read_done(struct sock *sk, size_t len) +{ + struct mptcp_sock *msk =3D mptcp_sk(sk); + struct sk_buff *skb; + size_t left; + u32 offset; + + msk_owned_by_me(msk); + + if (sk->sk_state =3D=3D TCP_LISTEN) + return; + + left =3D len; + while (left && (skb =3D mptcp_recv_skb(sk, &offset)) !=3D NULL) { + int used; + + used =3D min_t(size_t, skb->len - offset, left); + msk->bytes_consumed +=3D used; + MPTCP_SKB_CB(skb)->offset +=3D used; + MPTCP_SKB_CB(skb)->map_seq +=3D used; + left -=3D used; + + if (skb->len > offset + used) + break; + + mptcp_eat_recv_skb(sk, skb); + } + + mptcp_rcv_space_adjust(msk, len - left); + + /* Clean up data we have read: This will do ACK frames. */ + if (left !=3D len) + mptcp_cleanup_rbuf(msk, len - left); +} + +static u32 mptcp_get_skb_seq(struct sk_buff *skb) +{ + return MPTCP_SKB_CB(skb)->map_seq - MPTCP_SKB_CB(skb)->offset; +} + +static void mptcp_check_app_limited(struct sock *sk) +{ + struct mptcp_sock *msk =3D mptcp_sk(sk); + struct mptcp_subflow_context *subflow; + + mptcp_for_each_subflow(msk, subflow) { + struct sock *ssk =3D mptcp_subflow_tcp_sock(subflow); + bool slow; + + slow =3D lock_sock_fast(ssk); + tcp_sock_rate_check_app_limited(tcp_sk(ssk)); + unlock_sock_fast(ssk, slow); + } +} + +struct tls_prot_ops tls_mptcp_ops =3D { + .protocol =3D IPPROTO_MPTCP, + .inq =3D mptcp_inq, + .sendmsg_locked =3D mptcp_sendmsg_locked, + .recv_skb =3D mptcp_recv_skb, + .lock_is_held =3D mptcp_lock_is_held, + .read_sock =3D mptcp_read_sock, + .read_done =3D mptcp_read_done, + .get_skb_seq =3D mptcp_get_skb_seq, + .poll =3D mptcp_poll, + .epollin_ready =3D mptcp_epollin_ready, + .check_app_limited =3D mptcp_check_app_limited, +}; +EXPORT_SYMBOL(tls_mptcp_ops); diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 661600f8b573..1c604a1ded6f 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -380,6 +380,7 @@ struct mptcp_sock { =20 #define mptcp_data_lock(sk) spin_lock_bh(&(sk)->sk_lock.slock) #define mptcp_data_unlock(sk) spin_unlock_bh(&(sk)->sk_lock.slock) +#define mptcp_data_is_locked(sk) spin_is_locked(&(sk)->sk_lock.slock) =20 #define mptcp_for_each_subflow(__msk, __subflow) \ list_for_each_entry(__subflow, &((__msk)->conn_list), node) diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index 8e93b4e161a8..836e75bab578 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -1416,6 +1416,12 @@ static int __init tls_register(void) if (err) goto err_strp; =20 +#ifdef CONFIG_MPTCP + err =3D tls_register_prot_ops(&tls_mptcp_ops); + if (err) + goto err_tcp; +#endif + err =3D tls_device_init(); if (err) goto err_ops; @@ -1424,6 +1430,10 @@ static int __init tls_register(void) =20 return 0; err_ops: +#ifdef CONFIG_MPTCP + tls_unregister_prot_ops(&tls_mptcp_ops); +err_tcp: +#endif tls_unregister_prot_ops(&tls_tcp_ops); err_strp: tls_strp_dev_exit(); @@ -1435,6 +1445,9 @@ static int __init tls_register(void) static void __exit tls_unregister(void) { tls_proto_cleanup(); +#ifdef CONFIG_MPTCP + tls_unregister_prot_ops(&tls_mptcp_ops); +#endif tls_unregister_prot_ops(&tls_tcp_ops); tcp_unregister_ulp(&tcp_tls_ulp_ops); tls_strp_dev_exit(); --=20 2.53.0 From nobody Tue May 5 11:27:58 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E75242D7D27 for ; Wed, 29 Apr 2026 10:47:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777459649; cv=none; b=H/2WOc5m2A/SRVmUXGuEaIS7OaJkNBqKZLADJZJ5tKaV3uJGGovxKoTDfGOitW9bBew0KanY+qd3/37YZVNk2yBf0+3HcGpwUXMB3RW6Sg7v04W0HPcMKIClHdzuoGB+LnkpEp7cQZgdLrcToGxWse+xNILE8dpY+JnHAMe0S0c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777459649; c=relaxed/simple; bh=QCtkSjLWnfBnI8wObN2ozkvWfxp89TiXkwvv7ih34Nw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Z+hlwS2bC41pvIhXY3dFhPJL6hCJcEUfJrA/sr3go8E2l1LvPeqzeThT0HexVWHNlhbz3gsfzcgqSIHBPz7/daeBFSs8C7Uq0QvrQrSXyr/j+3RSnleNP96DD0hjiwEYk1u70+ijGKj5FCaodwpqEPxHU2NA4aDguPW07u1Le7M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Vgs7h8A1; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Vgs7h8A1" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3B3F0C4AF09; Wed, 29 Apr 2026 10:47:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777459648; bh=QCtkSjLWnfBnI8wObN2ozkvWfxp89TiXkwvv7ih34Nw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Vgs7h8A1Bs0ccNIg5DHXdGQ/GxrFfal+Ly+NKLhmbWEZPFwuuoCwvzgAqPRPRgo+o oK7TtOM/LTBY1lLNXmelDeI6Gqh5tk6nz+bfdh28bjQxChSSOdO+2eYWA+qIkCPtRn wH8Os3h/M/6fBERczLtrDs4ITMmmQxSkhzE9vu5GnVpztB/hzgMR8dHak8BdxLzswI HAvTs/Nw9javgut9VNGI9Vub7Dwg+gptUNQwFFggwe+v2XECxhrAJrijcJiO/byOKV Soa9tQDnJrJvwRzHSCF8CKFZYkZDYJ7t9mb26xD6OG1w7unb2HyKapo2YFD2Mn0+zh L5HSKB+pvW7tw== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v18 06/15] tls: disable device offload for mptcp sockets Date: Wed, 29 Apr 2026 18:44:54 +0800 Message-ID: <76d9b89472d3b8f8a57087bc4043e9445db175ae.1777459066.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang MPTCP TLS hardware offload is not yet implemented. Return -EOPNOTSUPP when attempting to enable device offload on MPTCP sockets. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- net/tls/tls_device.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c index 99c8eff9783e..6744c2494740 100644 --- a/net/tls/tls_device.c +++ b/net/tls/tls_device.c @@ -1074,6 +1074,9 @@ int tls_set_device_offload(struct sock *sk) ctx =3D tls_get_ctx(sk); prot =3D &ctx->prot_info; =20 + if (sk->sk_protocol =3D=3D IPPROTO_MPTCP) + return -EOPNOTSUPP; + if (ctx->priv_ctx_tx) return -EEXIST; =20 @@ -1196,6 +1199,9 @@ int tls_set_device_offload_rx(struct sock *sk, struct= tls_context *ctx) struct net_device *netdev; int rc =3D 0; =20 + if (sk->sk_protocol =3D=3D IPPROTO_MPTCP) + return -EOPNOTSUPP; + if (ctx->crypto_recv.info.version !=3D TLS_1_2_VERSION) return -EOPNOTSUPP; =20 --=20 2.53.0 From nobody Tue May 5 11:27:58 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D028022689C for ; Wed, 29 Apr 2026 10:47:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777459650; cv=none; b=fhy1tPmYcdGKF9k7YW2Dx0DdN5lBnBcr1vJCgMEZ2n22THitK00xzoMDwPKu/cvHNUY+OHth2360cXmUHV6WMVkm99taYlM3DQ/l6mUwMIMSb0d4A9SMy8Z61hQIwrJhrv4h768tQHabFrh/M5irFkMXCZKE2b1d7zF8eIUF3uo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777459650; c=relaxed/simple; bh=6ZgTjduAYeLkY05HB2FvZ4E8knZFgrGfApE7QKisb5o=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=oaIVkFrPA9KT9fEbLJ2AFJ1ALnKWk6VZ3Gkof7LINkcMPHtFglpwAyvzKSjkqNqSJWZs90EM8g6qfSgP4D5lo2AWDrSAiuXWjXdJiWjQ5+z4QYbUMeuwy4ByUqw2fBYDOQQL5syD18wPrLbGdGuH9zWzJKz3y1kSXaVF14LNj0s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=LVhJJ43S; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="LVhJJ43S" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 46E13C19425; Wed, 29 Apr 2026 10:47:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777459650; bh=6ZgTjduAYeLkY05HB2FvZ4E8knZFgrGfApE7QKisb5o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=LVhJJ43SswmTVW5KGMo4/nHI7345sgEM24ECWz07pXSDGRdUJ0rI7RUwuWNCUdxxl sEH7DxqcJ8hah4aAjuD/wMqO5QkLkn2H46iNR9dyKYnEft+G9ZEYbGJ4MpmSLanyGZ 2HuqrTnHgdT7OvcYp/v+3DF2MQ5EAbwZ9Ye8ULI7/4y+sOW/UavO/egp1qwbBrsfte 2l/E8Ec4emz8ZoRY4DQUM07vralsVoA7bGuRJ1QSj1cHS8TMLBjGX/WFnkKfoODP3+ rnWUXYe2feXtk86SGqGMzCs7/8WtXrqizd/g7McCbWNVBSEpse898wqRHdWb9smCVT LoL3+B/uEQTrg== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v18 07/15] mptcp: update ulp getsockopt for tls support Date: Wed, 29 Apr 2026 18:44:55 +0800 Message-ID: <553bf3b33d741fd521e3a9aebf36f16730c65c7a.1777459066.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang This patch extracts TCP_ULP getsockopt operation into a tcp_sock_get_ulp() helper so that it can also be used in MPTCP. TCP_ULP was obtained by calling mptcp_getsockopt_first_sf_only() to get ULP of the first subflow. Now that the mechanism has changed, a new helper mptcp_getsockopt_tcp_ulp() is added to get ULP of msk. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- include/linux/tcp.h | 1 + net/ipv4/tcp.c | 36 ++++++++++++++++++++++-------------- net/mptcp/sockopt.c | 18 ++++++++++++++++++ 3 files changed, 41 insertions(+), 14 deletions(-) diff --git a/include/linux/tcp.h b/include/linux/tcp.h index 6982f10e826b..2bb1cbd3eeab 100644 --- a/include/linux/tcp.h +++ b/include/linux/tcp.h @@ -653,6 +653,7 @@ void tcp_sock_set_quickack(struct sock *sk, int val); int tcp_sock_set_syncnt(struct sock *sk, int val); int tcp_sock_set_user_timeout(struct sock *sk, int val); int tcp_sock_set_maxseg(struct sock *sk, int val); +int tcp_sock_get_ulp(struct sock *sk, sockptr_t optval, sockptr_t optlen); =20 static inline bool dst_tcp_usec_ts(const struct dst_entry *dst) { diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index 8ae79c5036d1..442c3cae0fa7 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -4489,6 +4489,27 @@ struct sk_buff *tcp_get_timestamping_opt_stats(const= struct sock *sk, return stats; } =20 +int tcp_sock_get_ulp(struct sock *sk, sockptr_t optval, sockptr_t optlen) +{ + struct inet_connection_sock *icsk =3D inet_csk(sk); + int len; + + if (copy_from_sockptr(&len, optlen, sizeof(int))) + return -EFAULT; + len =3D min_t(unsigned int, len, TCP_ULP_NAME_MAX); + if (!icsk->icsk_ulp_ops) { + len =3D 0; + if (copy_to_sockptr(optlen, &len, sizeof(int))) + return -EFAULT; + return 0; + } + if (copy_to_sockptr(optlen, &len, sizeof(int))) + return -EFAULT; + if (copy_to_sockptr(optval, icsk->icsk_ulp_ops->name, len)) + return -EFAULT; + return 0; +} + int do_tcp_getsockopt(struct sock *sk, int level, int optname, sockptr_t optval, sockptr_t optlen) { @@ -4598,20 +4619,7 @@ int do_tcp_getsockopt(struct sock *sk, int level, return 0; =20 case TCP_ULP: - if (copy_from_sockptr(&len, optlen, sizeof(int))) - return -EFAULT; - len =3D min_t(unsigned int, len, TCP_ULP_NAME_MAX); - if (!icsk->icsk_ulp_ops) { - len =3D 0; - if (copy_to_sockptr(optlen, &len, sizeof(int))) - return -EFAULT; - return 0; - } - if (copy_to_sockptr(optlen, &len, sizeof(int))) - return -EFAULT; - if (copy_to_sockptr(optval, icsk->icsk_ulp_ops->name, len)) - return -EFAULT; - return 0; + return tcp_sock_get_ulp(sk, optval, optlen); =20 case TCP_FASTOPEN_KEY: { u64 key[TCP_FASTOPEN_KEY_BUF_LENGTH / sizeof(u64)]; diff --git a/net/mptcp/sockopt.c b/net/mptcp/sockopt.c index 0efe40be2fde..bea55b1608f0 100644 --- a/net/mptcp/sockopt.c +++ b/net/mptcp/sockopt.c @@ -1393,6 +1393,23 @@ static int mptcp_put_int_option(struct mptcp_sock *m= sk, char __user *optval, return 0; } =20 +static int mptcp_getsockopt_tcp_ulp(struct sock *sk, char __user *optval, + int __user *optlen) +{ + int ret, len; + + if (copy_from_sockptr(&len, USER_SOCKPTR(optlen), sizeof(int))) + return -EFAULT; + + if (len < 0) + return -EINVAL; + + lock_sock(sk); + ret =3D tcp_sock_get_ulp(sk, USER_SOCKPTR(optval), USER_SOCKPTR(optlen)); + release_sock(sk); + return ret; +} + static int mptcp_getsockopt_sol_tcp(struct mptcp_sock *msk, int optname, char __user *optval, int __user *optlen) { @@ -1400,6 +1417,7 @@ static int mptcp_getsockopt_sol_tcp(struct mptcp_sock= *msk, int optname, =20 switch (optname) { case TCP_ULP: + return mptcp_getsockopt_tcp_ulp(sk, optval, optlen); case TCP_CONGESTION: case TCP_INFO: case TCP_CC_INFO: --=20 2.53.0 From nobody Tue May 5 11:27:58 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0C2B9329E49 for ; Wed, 29 Apr 2026 10:47:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777459653; cv=none; b=S1GIR5OXjQX1tiA/XqtfRA2sn7u+93x5MOT6vnwyvfCCfTrRUk0E+MSOWc7pshoFwJIIfJG7BeaE1/5i1akxM5muP3HIqqJgEsBtsv7GdfuY8dwFEb7cZLMDT+QPcbeM5ZW3zPHHvWBJCdrTxGVYVKBFLPQHB3WVbH6f0yqxPEQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777459653; c=relaxed/simple; bh=cF3MEYE3ZvQOGmen2U+zSPTQGK09OR7pQ1vas4Jiwlo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=jP06lKMgxfsP/YGSL3ssukgQ198OwHKC0WfsGGdqhFD9v6rYKCOFrRMkEwX+vhAF53bC+vVg7cwDBugOWPTB7Qj7kPV0QEOl1e8QunvGWmVrjRVog0uYw3a4hnAhVSLFY+jlOVR2egOqK+snKHJ/Z9M3gSW0MgUu6qpDtRE+Ymc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=QVg68C1h; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="QVg68C1h" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3950BC2BCC4; Wed, 29 Apr 2026 10:47:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777459652; bh=cF3MEYE3ZvQOGmen2U+zSPTQGK09OR7pQ1vas4Jiwlo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=QVg68C1hpdIXZfMIEmxQ2Avtzj4/GaoKzHpkDNqYfVHPpf2Gvf8EYi/DNIPq23D9d rkHzpz8TaPaFmeYeeGl7tDqHTgMSpIX9DVI4GmtN3juSb67aX8x8mAa0T5PZVk1Q5p KdGHKudjBEHocIRH5ZPhf3TegcXx7wXCCszwKTkwQy/+IvGtqYfpfwMJPMZ0QCrilU uR8f3ZMZ1f9P5Fth9/+dISZ0i2vlihc5HLpYra/iXp1VfJ+vSdsFUqE51tlbzGK5L8 mpdyqRiGOl3XDURNS86/hDoBRZYG9CxtCHbQjd17PWT2RbOxp66SP3DG0lGD7eGxyg yUswac9Mn448g== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v18 08/15] mptcp: enable ulp setsockopt for tls support Date: Wed, 29 Apr 2026 18:44:56 +0800 Message-ID: <80342a9357fe2bd820213dc8dea00c9051c327db.1777459066.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang Allow MPTCP sockets to set the TCP_ULP socket option to enable TLS. Add mptcp_setsockopt_tcp_ulp() which validates the socket state (must not be CLOSE or LISTEN), only accepts "tls" as the ULP name, and then calls tcp_set_ulp(). Include TCP_ULP in the list of supported options in supported_sockopt(), and handle it in setsockopt_sol_tcp() instead of returning -EOPNOTSUPP. Call tcp_cleanup_ulp() in mptcp_destroy_common() to release ULP module's reference count. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- net/mptcp/protocol.c | 1 + net/mptcp/sockopt.c | 35 ++++++++++++++++++++++++++++++++++- 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index f9ac87dd4ff1..0ea63098e351 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3625,6 +3625,7 @@ static void mptcp_destroy(struct sock *sk) /* allow the following to close even the initial subflow */ msk->free_first =3D 1; mptcp_destroy_common(msk); + tcp_cleanup_ulp(sk); sk_sockets_allocated_dec(sk); } =20 diff --git a/net/mptcp/sockopt.c b/net/mptcp/sockopt.c index bea55b1608f0..6eee830f1d36 100644 --- a/net/mptcp/sockopt.c +++ b/net/mptcp/sockopt.c @@ -12,6 +12,7 @@ #include #include #include +#include #include "protocol.h" =20 #define MIN_INFO_OPTLEN_SIZE 16 @@ -567,6 +568,7 @@ static bool mptcp_supported_sockopt(int level, int optn= ame) case TCP_FASTOPEN_CONNECT: case TCP_FASTOPEN_KEY: case TCP_FASTOPEN_NO_COOKIE: + case TCP_ULP: return true; } =20 @@ -815,6 +817,37 @@ static int mptcp_setsockopt_all_sf(struct mptcp_sock *= msk, int level, return ret; } =20 +static int mptcp_setsockopt_tcp_ulp(struct sock *sk, sockptr_t optval, + unsigned int optlen) +{ + char name[TCP_ULP_NAME_MAX]; + int err =3D 0; + size_t len; + int val; + + if (optlen < 1) + return -EINVAL; + + len =3D min_t(long, TCP_ULP_NAME_MAX - 1, optlen); + val =3D strncpy_from_sockptr(name, optval, len); + if (val < 0) + return -EFAULT; + name[val] =3D 0; + + if (strcmp(name, "tls")) + return -EOPNOTSUPP; + + sockopt_lock_sock(sk); + if ((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN)) { + err =3D -ENOTCONN; + goto out; + } + err =3D tcp_set_ulp(sk, name); +out: + sockopt_release_sock(sk); + return err; +} + static int mptcp_setsockopt_sol_tcp(struct mptcp_sock *msk, int optname, sockptr_t optval, unsigned int optlen) { @@ -823,7 +856,7 @@ static int mptcp_setsockopt_sol_tcp(struct mptcp_sock *= msk, int optname, =20 switch (optname) { case TCP_ULP: - return -EOPNOTSUPP; + return mptcp_setsockopt_tcp_ulp(sk, optval, optlen); case TCP_CONGESTION: return mptcp_setsockopt_sol_tcp_congestion(msk, optval, optlen); case TCP_DEFER_ACCEPT: --=20 2.53.0 From nobody Tue May 5 11:27:58 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8F9733EB7F0 for ; Wed, 29 Apr 2026 10:47:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777459655; cv=none; b=TSX+Qd32IAiDg41w6ZggkELQlxVVfasb/gaIqLDuydnZr9BkUm4cbHIO6MxJDx6RcRVwusuSc3B4J1XYoBHqYPa4mDlq13XjuqFkLU4SDDA4dkWeYa6E27kTCUde0jufxbdplHybGUzzE0TQTVhxc7gNR8kgrueQRW6tciAzL4k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777459655; c=relaxed/simple; bh=EoSZLrxJrEfv4uRyfcT0i/5aFTWIAohjf1lCqM6vMV0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=dzcQdaMU2EUmiXK+95z/EGNbivFblfMXWIXkk4FlG8cUbbesFwkn3CD37igJo9/8R/q/Vn2gdkCIBnO1kVDGdDpwz2w1W/MCuOQG3u+id1ux/eThHcjPDymA2eJfm43YyoJ34WHx2oEF8CRXFymq0KnffEYn+Mdjwbeb1WnIaNM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=gPUP6lOl; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="gPUP6lOl" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7772AC19425; Wed, 29 Apr 2026 10:47:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777459655; bh=EoSZLrxJrEfv4uRyfcT0i/5aFTWIAohjf1lCqM6vMV0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=gPUP6lOlpYxsKj6cYjqDG7FjpOFFm9GpmWAmFSZ1+qxAaHsCJdDw60pSv4f7fOONe +Vrug5sJQLoBNt0KFLe4Arqhr1ldcPNSxLZEIH8dogVgTKCjHF/6/KoV4L5MYQjBb2 qsG2HYbjCzEziwv9J8OLAQVf/RYJ8+pxEMxrf5Y6FkKeCKszcZpmO42PI+Ewk0+7aE a++JIDNePXDJpQ9KGvl2ZR1dPJTR1ziys+KWF9YN2M7UuIH7NyvQX/HPvGK/vMBAFG iuNxKLGOUkRi4iQVEVuZ8nCyvvOd6xalzCBTXFZ6DAjDClmfQXTOYFrt1cPScUz5Zx U0uy0OK3bQj+w== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v18 09/15] selftests: mptcp: connect: use espintcp for ulp test Date: Wed, 29 Apr 2026 18:44:57 +0800 Message-ID: X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang With KTLS being implemented, "tls" should no longer be used in sock_test_tcpulp(), it breaks mptcp_connect.sh tests. Another ULP name, "espintcp", is set instead in this patch. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- tools/testing/selftests/net/mptcp/mptcp_connect.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.c b/tools/test= ing/selftests/net/mptcp/mptcp_connect.c index cbe573c4ab3a..299a7a02d6f5 100644 --- a/tools/testing/selftests/net/mptcp/mptcp_connect.c +++ b/tools/testing/selftests/net/mptcp/mptcp_connect.c @@ -285,11 +285,11 @@ static void sock_test_tcpulp(int sock, int proto, uns= igned int line) if (buflen > 0) { if (strcmp(buf, "mptcp") !=3D 0) xerror("unexpected ULP '%s' for proto %d at line %u", buf, proto, line); - ret =3D do_ulp_so(sock, "tls"); + ret =3D do_ulp_so(sock, "espintcp"); if (ret =3D=3D 0) X("setsockopt"); } else if (proto =3D=3D IPPROTO_MPTCP) { - ret =3D do_ulp_so(sock, "tls"); + ret =3D do_ulp_so(sock, "espintcp"); if (ret !=3D -1) X("setsockopt"); } --=20 2.53.0 From nobody Tue May 5 11:27:58 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C2B84367F23 for ; Wed, 29 Apr 2026 11:08:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777460908; cv=none; b=GNW8s4/0L9iwhBeTeP9taOM3fduuhbIJW6a0HDsV6NfbjrlnNWA6mxqnLbOY4ynaXIKlH8Xgj71+uflT6PkvkLSlJU5R8T2YVrvxTcN7Ii4G6DJ4NUo3IbByOXmVmPe4LksSiJewRsfW22JpGTZZEnJnpjYBpiBMwYmWqoa7vws= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777460908; c=relaxed/simple; bh=jk3l49RDP8jV6GKjl8SD9E0b9k2P1Nrw5zS2dhhLetU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=rRNm6akKgNQu6M8zm0FKkC7V5BiPjenyNcV8RJ+/iPASc+yADl739qDTRej9MfBxQazcZOc5JKRs3nasco+VOPSChjEINF7I/VaU4zTVoaNxTxmo45ouCZxFW7iboYLeB2lVJD38C85hPycxce34FzYZFplN7+OJT09Hk0333rY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=sf+kw9U8; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="sf+kw9U8" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0FD4CC19425; Wed, 29 Apr 2026 11:08:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777460908; bh=jk3l49RDP8jV6GKjl8SD9E0b9k2P1Nrw5zS2dhhLetU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=sf+kw9U8uP1BF9vxqmHiwKk1B16ixAteOBaPW4see/dCbVuZcpqlyZ5kHoOLEwIW5 Vqq8zQpNRvvQBjfB+ZRLGkEgYSK1RWnFfhDJJNsZBAy8v0L64AU7zhH5G7cXVKYYjz I1p9vUvbu7qzdNNioAwn5FrQVZTSY/Bc1GJmQ606afyFXskKgrXv+KKvlKEFYlquY4 wvpVxTj329WcMuc2BSYC5v0WMHu6p2nMy2eBXRujMJ3GYV1Ar6C9BnKe6m8EnUMOg/ t7+pv0+Eh74fBS8ZvN1BcIiTffwOYwhwhStogach8Xb7zS/ua1tbRk/WdH5zb5PYzC 9eGfa5WZqUhOg== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v18 10/15] selftests: tls: add mptcp variant for testing Date: Wed, 29 Apr 2026 19:08:14 +0800 Message-ID: <645dc357f2c65b7e52e994f1c6ade19b185b716e.1777459066.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang To enable easy MPTCP socket creation in MPTCP TLS tests, two protocol parameters (cli_proto and srv_proto) have been added to ulp_sock_pair(). These are passed as third arguments of socket(): 0 creates TCP sockets, IPPROTO_MPTCP creates MPTCP sockets. A new variant "mptcp" is added both in FIXTURE_VARIANT(tls) to control whether to create MPTCP sockets or not for tests. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- tools/testing/selftests/net/tls.c | 44 +++++++++++++++++++++++++++---- 1 file changed, 39 insertions(+), 5 deletions(-) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/ne= t/tls.c index 9e2ccea13d70..80e8071993c0 100644 --- a/tools/testing/selftests/net/tls.c +++ b/tools/testing/selftests/net/tls.c @@ -26,6 +26,10 @@ #define TLS_PAYLOAD_MAX_LEN 16384 #define SOL_TLS 282 =20 +#ifndef IPPROTO_MPTCP +#define IPPROTO_MPTCP 262 +#endif + static int fips_enabled; =20 struct tls_crypto_info_keys { @@ -108,8 +112,9 @@ static void memrnd(void *s, size_t n) *byte++ =3D rand(); } =20 -static void ulp_sock_pair(struct __test_metadata *_metadata, - int *fd, int *cfd, bool *notls) +static void __ulp_sock_pair(struct __test_metadata *_metadata, + int *fd, int *cfd, bool *notls, + int cli_proto, int srv_proto) { struct sockaddr_in addr; socklen_t len; @@ -122,8 +127,8 @@ static void ulp_sock_pair(struct __test_metadata *_meta= data, addr.sin_addr.s_addr =3D htonl(INADDR_ANY); addr.sin_port =3D 0; =20 - *fd =3D socket(AF_INET, SOCK_STREAM, 0); - sfd =3D socket(AF_INET, SOCK_STREAM, 0); + *fd =3D socket(AF_INET, SOCK_STREAM, cli_proto); + sfd =3D socket(AF_INET, SOCK_STREAM, srv_proto); =20 ret =3D bind(sfd, &addr, sizeof(addr)); ASSERT_EQ(ret, 0); @@ -153,6 +158,12 @@ static void ulp_sock_pair(struct __test_metadata *_met= adata, ASSERT_EQ(ret, 0); } =20 +static void ulp_sock_pair(struct __test_metadata *_metadata, + int *fd, int *cfd, bool *notls) +{ + __ulp_sock_pair(_metadata, fd, cfd, notls, 0, 0); +} + /* Produce a basic cmsg */ static int tls_send_cmsg(int fd, unsigned char record_type, void *data, size_t len, int flags) @@ -310,6 +321,7 @@ FIXTURE_VARIANT(tls) uint16_t tls_version; uint16_t cipher_type; bool nopad, fips_non_compliant; + bool mptcp; }; =20 FIXTURE_VARIANT_ADD(tls, 12_aes_gcm) @@ -395,6 +407,23 @@ FIXTURE_VARIANT_ADD(tls, 12_aria_gcm_256) .cipher_type =3D TLS_CIPHER_ARIA_GCM_256, }; =20 +static bool is_mptcp_enable(struct __test_metadata *_metadata) +{ + char buf[16] =3D { 0 }; + ssize_t n; + int fd; + + fd =3D open("/proc/sys/net/mptcp/enabled", O_RDONLY); + if (fd < 0) + return false; + + n =3D read(fd, buf, sizeof(buf) - 1); + close(fd); + if (n <=3D 0) + return false; + return (atoi(buf) =3D=3D 1); +} + FIXTURE_SETUP(tls) { struct tls_crypto_info_keys tls12; @@ -404,10 +433,15 @@ FIXTURE_SETUP(tls) if (fips_enabled && variant->fips_non_compliant) SKIP(return, "Unsupported cipher in FIPS mode"); =20 + if (variant->mptcp && !is_mptcp_enable(_metadata)) + SKIP(return, "no MPTCP support"); + tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 0); =20 - ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls); + __ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls, + variant->mptcp ? IPPROTO_MPTCP : 0, + variant->mptcp ? IPPROTO_MPTCP : 0); =20 if (self->notls) return; --=20 2.53.0 From nobody Tue May 5 11:27:58 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E976433F595 for ; Wed, 29 Apr 2026 11:08:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777460914; cv=none; b=jr0S3wG7F/UW50wVXNYWv+gmkE6lGYtcOKR51yonBnH093tmDjUp+5/z4maDDqBWrObfap2wd/UwpIwn3fbWxx2pRX8T+iU+mzWjS6PgGBxqxY1i0aFuC4tN58AKNO1KjU2avRUdOUFhGAaDk75aq+nYs51bjAkIPEbTa/Am4bE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777460914; c=relaxed/simple; bh=hZ54esWfvtSDC/Udme6pFMmcN0sRtcQiX4ZHQHGs4U0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=EsC9A0lV4ZNY8xtj8giMUhSgU1GPgLvvYFHCdxoMY4uZLwis7JodWQhquKFgieilvkg3EjzQmk5tdZg1o07yJly0AQDqEOEBpykMGyZGhzbvavNzEWcpQvjjekMoYfFyBC1CPAU1RYKPG8bzpQyZhUWkcWtLplvMi+Jz78K/s10= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=hyohdXuc; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="hyohdXuc" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 27192C19425; Wed, 29 Apr 2026 11:08:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777460913; bh=hZ54esWfvtSDC/Udme6pFMmcN0sRtcQiX4ZHQHGs4U0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=hyohdXucGMvKl+Ga7Pa2Sis3KcsPeP7JsK33C2lIJWO5eDTV4YgMJUTzfiQNREqso GU3GLQNe4nSXJm+1SPPD3lPrZj3xg1vpHZELy+MP907KEIcYmx4bA0Q5p+SlI2BKvR dvtdv8aAspeFEkVU7MfEUByep8kxmw5xyQ4E/6AF+Exeqy9NNhkC/Qet5lFfzm+8Mz VNU+x9cDYqNIVY6uCfVKTtfM92M4gDgyFTwcHP3epTSwR11+tQO00UFb1F/KLvW6um kw8+s4nN89FrJZgnZjVqrP0XtCS9Ov/hMmjshfkhKOUBGh2fnutUAWNHswMYHks2Q9 l7pVCe1C+NPIw== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v18 11/15] selftests: tls: increase pollin timeouts for mptcp Date: Wed, 29 Apr 2026 19:08:15 +0800 Message-ID: X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang MPTCP requires longer timeouts in pollin test due to subflow establishment delays and slower state transitions. Increase timeout values to prevent false failures: # RUN tls.13_sm4_ccm_mptcp.pollin ... # tls.c:1411:pollin:Expected poll(&fd, 1, 20) (0) =3D=3D 1 (1) # tls.c:1412:pollin:Expected fd.revents & POLLIN (0) =3D=3D 1 (1) # pollin: Test failed # FAIL tls.13_sm4_ccm_mptcp.pollin not ok 357 tls.13_sm4_ccm_mptcp.pollin Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- tools/testing/selftests/net/tls.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/ne= t/tls.c index 80e8071993c0..0dc6514c2c3f 100644 --- a/tools/testing/selftests/net/tls.c +++ b/tools/testing/selftests/net/tls.c @@ -1319,6 +1319,7 @@ TEST_F(tls, bidir) =20 TEST_F(tls, pollin) { + int timeout =3D variant->mptcp ? 100 : 20; char const *test_str =3D "test_poll"; struct pollfd fd =3D { 0, 0, 0 }; char buf[10]; @@ -1328,11 +1329,11 @@ TEST_F(tls, pollin) fd.fd =3D self->cfd; fd.events =3D POLLIN; =20 - EXPECT_EQ(poll(&fd, 1, 20), 1); + EXPECT_EQ(poll(&fd, 1, timeout), 1); EXPECT_EQ(fd.revents & POLLIN, 1); EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len); /* Test timing out */ - EXPECT_EQ(poll(&fd, 1, 20), 0); + EXPECT_EQ(poll(&fd, 1, timeout), 0); } =20 TEST_F(tls, poll_wait) --=20 2.53.0 From nobody Tue May 5 11:27:58 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9C1E333F595 for ; Wed, 29 Apr 2026 11:08:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777460919; cv=none; b=sOhUlS6jrlAPoD/MZPuDCxrDP6ywFm7HSeaaTTSutDCNHx91CFyxS2rJmu6YrMoW8cx0qS4IBKJEeM7Ja5chGKuc/yeQXLXJ/jDXZvgwPH7Bq5aN1DdFbom2oR/xEws+lVQLS7+je2i3pj0jkNH1UfrdiooFM+Fq8y+gFGj3TLA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777460919; c=relaxed/simple; bh=9OeyXWwMDJZIMSpWczfQ/xfjYZU2iuZ3dTfJ7KE8hkw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=rmiasFRfacx1m+UjVtJybM8RHi1hEqnJAOLPKrQxITc1C9SueV31leonjsHOl7kmLT+CBb2XAIGPMuhGkDC3V+eI73aNqTWXa7FFGtaYNQ8Bl1tLYynzvYAuzanSDxITb6f4dsHiL/VynqxJY6jKuw1PtmgtSBs3p3r0gTxHpow= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=e8TSFIDc; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="e8TSFIDc" Received: by smtp.kernel.org (Postfix) with ESMTPSA id B8AEBC2BCB3; Wed, 29 Apr 2026 11:08:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777460919; bh=9OeyXWwMDJZIMSpWczfQ/xfjYZU2iuZ3dTfJ7KE8hkw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=e8TSFIDcHlyg5hwqcEaYHSJAoad5iINvf8L8oyUJVxLiJqbnRd1agremtO4DmQLit IiPf6ejr4BQGILwk5/cKu3tLr7qIXlmpc7hclRJQkKUdDcuIMUmIKGjOvKOoBSnBWe cgUiKSvAfZmoLNRwgegBmNr+d1Q1mDgDu2bPbeacmJY0xO+8BS9pYlyt8MUAsQALUg KE99wGqCUuhNonz2000iacy1KvhZdZuO74pKDdUkuq1PSxW95poUXnn+RMuM9KgWq2 bCT3Jwny0eJsls0Vu1dxLcll/ULG8gMIMoxrvmeIy3ZP8TeNspPSJU8bSSiZP9LYaC oXmuPgezkqhpA== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v18 12/15] selftests: tls: increase nonblocking data size for mptcp Date: Wed, 29 Apr 2026 19:08:16 +0800 Message-ID: <5a913371067061a1f1235031dbf72538a55e6e37.1777459066.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang Increase the data size in nonblocking tests to accommodate MPTCP's multi-subflow behavior and ensure sufficient data for testing, avoiding the following errors: # RUN tls.12_aria_gcm_mptcp.nonblocking ... # tls.c:1534:nonblocking:Expected 0 (0) !=3D eagain (0) # nonblocking: Test failed Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- tools/testing/selftests/net/tls.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/ne= t/tls.c index 0dc6514c2c3f..bf8ecfdfdd18 100644 --- a/tools/testing/selftests/net/tls.c +++ b/tools/testing/selftests/net/tls.c @@ -1425,6 +1425,9 @@ TEST_F(tls, nonblocking) int flags; int res; =20 + if (variant->mptcp) + data *=3D 4; + flags =3D fcntl(self->fd, F_GETFL, 0); fcntl(self->fd, F_SETFL, flags | O_NONBLOCK); fcntl(self->cfd, F_SETFL, flags | O_NONBLOCK); --=20 2.53.0 From nobody Tue May 5 11:27:58 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DB70F33F595 for ; Wed, 29 Apr 2026 11:08:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777460922; cv=none; b=ZmyBog+D+B6QFPSu8AxTLGEY2YuCe6mHUPzlHVk4MmjX//GcYIjOABZFa+r0i0CMCY1JQtpnP+SoXqQagnNjE6pZ35GlUsTnCa44t0+hkGrslekkgFOyB3SOdDkb3dbB+LG/Swq7j3I8rVdrtMvm+Xg1NW/+NTNvxnUnWwysInA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777460922; c=relaxed/simple; bh=qgb0Osm6S4pRavM+0JGhfyEGRXZl67LV3MM0GVu9tPA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=oVcYjz4CGFQ2vXmDIEe+WKr8kSDzLGQbhGOkSyHlixH7mpu3fqZ/+XHwoJjegxtD28enL70DwCPp7vvWI+pzxZE9MKD6AtU0UInRHBZizWlq0g9wnmMDuAz+orcdQ6YiqIGvMDRF+NppzMYj/JeQIgsKW4MrwemVoGFsbOwnTzo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=nT58BH8F; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="nT58BH8F" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0B572C2BCB3; Wed, 29 Apr 2026 11:08:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777460922; bh=qgb0Osm6S4pRavM+0JGhfyEGRXZl67LV3MM0GVu9tPA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=nT58BH8Fp53JeT22iKedrnFiJYwxFGz2raPCmF9XAEKlbQR/VqzB5WpWBi0gVHBUV Z6trI/L+rUf6J0HawidGpiWcvM6qeNymkEursAL1RZIgUqz8A6t+h6osrcGC/+RJKD LoqIM5lpsvUtdX8vCtYLCPRxZWfFif+er9MPrVlwW6F9KbmTWlTViX5pziygymp5Lc pesusI3Vh/HR0eCGnN5umq0++zfxSIt39ndv3/7oIJ/tyCmyquTBA502oKZ1qEEfpG 54TBjJ9+wtXmGgmcC5phmXPC1b4tEAi/DemdbOv50VBM5ejMO4XtmNcsp9UHcwdaWM pkQZa06yulPvw== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v18 13/15] selftests: tls: wait close in shutdown_reuse for mptcp Date: Wed, 29 Apr 2026 19:08:17 +0800 Message-ID: X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang In shutdown_reuse tests, add a delay after shutdown to wait for MPTCP sockets to reach TCP_CLOSE state before reuse via bind(), avoiding the following errors: # RUN tls.12_aes_gcm_mptcp.shutdown_reuse ... # tls.c:1790:shutdown_reuse:Expected ret (-1) =3D=3D 0 (0) # shutdown_reuse: Test failed # FAIL tls.12_aes_gcm_mptcp.shutdown_reuse not ok 14 tls.12_aes_gcm_mptcp.shutdown_reuse # RUN tls.13_aes_gcm_mptcp.shutdown_reuse ... # tls.c:1790:shutdown_reuse:Expected ret (-1) =3D=3D 0 (0) # shutdown_reuse: Test failed # FAIL tls.13_aes_gcm_mptcp.shutdown_reuse not ok 15 tls.13_aes_gcm_mptcp.shutdown_reuse # RUN tls.12_chacha_mptcp.shutdown_reuse ... # OK tls.12_chacha_mptcp.shutdown_reuse ok 16 tls.12_chacha_mptcp.shutdown_reuse # RUN tls.13_chacha_mptcp.shutdown_reuse ... # OK tls.13_chacha_mptcp.shutdown_reuse ok 17 tls.13_chacha_mptcp.shutdown_reuse # RUN tls.13_sm4_gcm_mptcp.shutdown_reuse ... # tls.c:1790:shutdown_reuse:Expected ret (-1) =3D=3D 0 (0) # shutdown_reuse: Test failed # FAIL tls.13_sm4_gcm_mptcp.shutdown_reuse not ok 18 tls.13_sm4_gcm_mptcp.shutdown_reuse This TCP_CLOSE check is just for MPTCP, because it should not slow down plain TCP tests. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- tools/testing/selftests/net/tls.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/ne= t/tls.c index bf8ecfdfdd18..8bedc2cde763 100644 --- a/tools/testing/selftests/net/tls.c +++ b/tools/testing/selftests/net/tls.c @@ -30,6 +30,10 @@ #define IPPROTO_MPTCP 262 #endif =20 +#ifndef TCP_CLOSE +#define TCP_CLOSE 7 +#endif + static int fips_enabled; =20 struct tls_crypto_info_keys { @@ -1698,6 +1702,25 @@ TEST_F(tls, shutdown_unsent) shutdown(self->cfd, SHUT_RDWR); } =20 +static bool wait_for_tcp_close(struct __test_metadata *_metadata, + int fd, int max) +{ + struct tcp_info info; + socklen_t len; + int i, ret; + + for (i =3D 0; i < max; i++) { + len =3D sizeof(info); + ret =3D getsockopt(fd, IPPROTO_TCP, TCP_INFO, &info, &len); + ASSERT_EQ(ret, 0); + if (info.tcpi_state =3D=3D TCP_CLOSE) + return true; + usleep(1000); + } + + return false; +} + TEST_F(tls, shutdown_reuse) { struct sockaddr_in addr; @@ -1707,6 +1730,9 @@ TEST_F(tls, shutdown_reuse) shutdown(self->cfd, SHUT_RDWR); close(self->cfd); =20 + if (variant->mptcp) + EXPECT_TRUE(wait_for_tcp_close(_metadata, self->fd, 1000)); + addr.sin_family =3D AF_INET; addr.sin_addr.s_addr =3D htonl(INADDR_ANY); addr.sin_port =3D 0; --=20 2.53.0 From nobody Tue May 5 11:27:58 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F28CA2BFC85 for ; Wed, 29 Apr 2026 11:08:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777460930; cv=none; b=cLbuNY600uYBq2f3OwERJKyhQJUqbYQJFSo+9ZMdhdnLcR7avpSewR3xunkbzTbF2IxQXX8jaH9WkCCKjg1AYULs4tMu0l/pv3B1f19aoE3VkVn12gX59ahtV/K1ulV2SEmJVK9nBg2/gKMWNgh9VtPY20TMQJB5sHJoYI+x89g= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777460930; c=relaxed/simple; bh=53cLyz0shDwlj3oIo8fULuL++tU6/Z+rkMHtn/yeNWA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=eZPZ8HmhlxsX5hTpePSWRKDF3JMobajReYMt5T6oQwPXqfCNv5URYKvSTwsQmZtwVykvBk1k5QTQBSH2TMgWvRwB6jlsAjkpQWdOozdU2VufeWCxX3wxtwEUw+Lj4wI3sF0mgjrpZ92Z1KnOJEV1mz74vCdbRpvbYQBhMTVrl+4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ebpWmtol; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ebpWmtol" Received: by smtp.kernel.org (Postfix) with ESMTPSA id E7029C2BCB3; Wed, 29 Apr 2026 11:08:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777460929; bh=53cLyz0shDwlj3oIo8fULuL++tU6/Z+rkMHtn/yeNWA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ebpWmtoljICipU1llT0ciaEjQV5YcM60BSwYrji2fbP1kbTXNaissU6jrnYrgkk33 QNcAvxk24wOIdldTlJqmVSmqBjRPRJRnm8Id0A7opiYWKlf5OmFc8Ms3bIcmvn0HME BKNwqBVbi73rm7dr2zmgWzQBOSvBwhKtNE9ebXmSHKZKclIuunzI89eGm0TKvTjJh2 z8rG5j/NXbvkep/DVPY1zkjWBt8GxfUOp38QC+qcVSJqD7esHrhKWr+XvkGMjYBXH0 gqbxqNzPeHGGUZX7e4OqaPUvOJ9ffE7nFCs6CZRYCF6nbO1s3jscYz9rvR4iv92ato apd/dQrQEMrLg== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v18 14/15] selftests: tls: add mptcp test cases Date: Wed, 29 Apr 2026 19:08:18 +0800 Message-ID: <9920843ecf736737e0679e3e28e68e88a201cff1.1777459066.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang This patch introduces MPTCP test cases for the TLS fixture. These "mptcp" variants are configured to create MPTCP sockets specifically for MPTCP TLS testing purposes. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- tools/testing/selftests/net/tls.c | 96 +++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/ne= t/tls.c index 8bedc2cde763..c7922b9f6812 100644 --- a/tools/testing/selftests/net/tls.c +++ b/tools/testing/selftests/net/tls.c @@ -411,6 +411,102 @@ FIXTURE_VARIANT_ADD(tls, 12_aria_gcm_256) .cipher_type =3D TLS_CIPHER_ARIA_GCM_256, }; =20 +FIXTURE_VARIANT_ADD(tls, 12_aes_gcm_mptcp) +{ + .tls_version =3D TLS_1_2_VERSION, + .cipher_type =3D TLS_CIPHER_AES_GCM_128, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 13_aes_gcm_mptcp) +{ + .tls_version =3D TLS_1_3_VERSION, + .cipher_type =3D TLS_CIPHER_AES_GCM_128, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 12_chacha_mptcp) +{ + .tls_version =3D TLS_1_2_VERSION, + .cipher_type =3D TLS_CIPHER_CHACHA20_POLY1305, + .fips_non_compliant =3D true, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 13_chacha_mptcp) +{ + .tls_version =3D TLS_1_3_VERSION, + .cipher_type =3D TLS_CIPHER_CHACHA20_POLY1305, + .fips_non_compliant =3D true, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 13_sm4_gcm_mptcp) +{ + .tls_version =3D TLS_1_3_VERSION, + .cipher_type =3D TLS_CIPHER_SM4_GCM, + .fips_non_compliant =3D true, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 13_sm4_ccm_mptcp) +{ + .tls_version =3D TLS_1_3_VERSION, + .cipher_type =3D TLS_CIPHER_SM4_CCM, + .fips_non_compliant =3D true, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 12_aes_ccm_mptcp) +{ + .tls_version =3D TLS_1_2_VERSION, + .cipher_type =3D TLS_CIPHER_AES_CCM_128, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 13_aes_ccm_mptcp) +{ + .tls_version =3D TLS_1_3_VERSION, + .cipher_type =3D TLS_CIPHER_AES_CCM_128, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 12_aes_gcm_256_mptcp) +{ + .tls_version =3D TLS_1_2_VERSION, + .cipher_type =3D TLS_CIPHER_AES_GCM_256, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 13_aes_gcm_256_mptcp) +{ + .tls_version =3D TLS_1_3_VERSION, + .cipher_type =3D TLS_CIPHER_AES_GCM_256, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 13_nopad_mptcp) +{ + .tls_version =3D TLS_1_3_VERSION, + .cipher_type =3D TLS_CIPHER_AES_GCM_128, + .nopad =3D true, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 12_aria_gcm_mptcp) +{ + .tls_version =3D TLS_1_2_VERSION, + .cipher_type =3D TLS_CIPHER_ARIA_GCM_128, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 12_aria_gcm_256_mptcp) +{ + .tls_version =3D TLS_1_2_VERSION, + .cipher_type =3D TLS_CIPHER_ARIA_GCM_256, + .mptcp =3D true, +}; + static bool is_mptcp_enable(struct __test_metadata *_metadata) { char buf[16] =3D { 0 }; --=20 2.53.0 From nobody Tue May 5 11:27:58 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 655FC33F595 for ; Wed, 29 Apr 2026 11:08:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777460932; cv=none; b=exJluYr5D23ATZYdHAhAJ1XDXp0o/+qusJuTAl1BvI5cUZXkyas1KVkJOFxgjxc9pFSUAejl3apfBXu0d5zPKE51IZihs95pl3X9lp18YEbVeHWrT+5hMOntxTU0eWsGBL3U/FEGirc3A815bCE/k93DuOY6G8BURl2ikjrMmxk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777460932; c=relaxed/simple; bh=WKSHvRHmiEP5wu5Daz9jP5Hg7i9nlw5OrmM/Z91cZyI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=MQxEyLlgSRpu3sV1aNhT8OpudUZ+VB0U7syAkO703ayWc3ui4xDehpmRwIl8rb3LgTmKciiWWRr4fa/rta+H0tVTwZiRGCklAU1GxdICc+Ox8J0Azus87RhQDRxM1qn8lAmYwWFaTxP7TKywc6Feh7VbUv52KXCWY8FqcKPDfdY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=CNQzKOLg; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="CNQzKOLg" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4A58CC2BCC4; Wed, 29 Apr 2026 11:08:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777460932; bh=WKSHvRHmiEP5wu5Daz9jP5Hg7i9nlw5OrmM/Z91cZyI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=CNQzKOLgkHCsrJuFSSsobYVkxxRQnKfMdJEPNjTp3JI3nxBSdifi6078fFCWtj3w+ fHXAHMaG9BaHhVchtyvmQOt3miqg9D0AxxoX8bzRZYe0oiuLW14JY8pfQtsdmsTyIr z6WlmewXhlPFu7DEgTRG6/i552VUsOtMLI2UKndBT5EeVhmqURo8vS3skCz584dqYD BQgeVBguWVwzThHtpbe1dsdSpG7SsUv0bK7wyLi3f4r8wAk3bjfdD7/Fw6Yhv1z4QD JiXPxjd0u49ZqZ45YQ/SFjYDNjX593IR30np3CbMMkfpsW8MS5EJ8QasNldR2IbGE3 ncqOpCfTlIJHw== From: Geliang Tang To: mptcp@lists.linux.dev Cc: Geliang Tang , Gang Yan Subject: [RFC mptcp-next v18 15/15] selftests: mptcp: cover mptcp tls tests Date: Wed, 29 Apr 2026 19:08:19 +0800 Message-ID: <7716e88bf741d262dc7ec7c86e252af841e665da.1777459066.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang The mptcp tests for tls.c is available now, this patch adds mptcp_tls.sh to test it in the MPTCP CI by default. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- tools/testing/selftests/net/mptcp/.gitignore | 1 + tools/testing/selftests/net/mptcp/Makefile | 2 + tools/testing/selftests/net/mptcp/config | 5 ++ .../testing/selftests/net/mptcp/mptcp_tls.sh | 62 +++++++++++++++++++ tools/testing/selftests/net/mptcp/tls.c | 1 + 5 files changed, 71 insertions(+) create mode 100755 tools/testing/selftests/net/mptcp/mptcp_tls.sh create mode 120000 tools/testing/selftests/net/mptcp/tls.c diff --git a/tools/testing/selftests/net/mptcp/.gitignore b/tools/testing/s= elftests/net/mptcp/.gitignore index 833279fb34e2..f6defec6eeb5 100644 --- a/tools/testing/selftests/net/mptcp/.gitignore +++ b/tools/testing/selftests/net/mptcp/.gitignore @@ -4,4 +4,5 @@ mptcp_diag mptcp_inq mptcp_sockopt pm_nl_ctl +tls *.pcap diff --git a/tools/testing/selftests/net/mptcp/Makefile b/tools/testing/sel= ftests/net/mptcp/Makefile index 22ba0da2adb8..f7c959a25b3b 100644 --- a/tools/testing/selftests/net/mptcp/Makefile +++ b/tools/testing/selftests/net/mptcp/Makefile @@ -14,6 +14,7 @@ TEST_PROGS :=3D \ mptcp_connect_splice.sh \ mptcp_join.sh \ mptcp_sockopt.sh \ + mptcp_tls.sh \ pm_netlink.sh \ simult_flows.sh \ userspace_pm.sh \ @@ -25,6 +26,7 @@ TEST_GEN_FILES :=3D \ mptcp_inq \ mptcp_sockopt \ pm_nl_ctl \ + tls \ # end of TEST_GEN_FILES =20 TEST_FILES :=3D \ diff --git a/tools/testing/selftests/net/mptcp/config b/tools/testing/selft= ests/net/mptcp/config index 59051ee2a986..e8e852e0a842 100644 --- a/tools/testing/selftests/net/mptcp/config +++ b/tools/testing/selftests/net/mptcp/config @@ -34,3 +34,8 @@ CONFIG_NFT_SOCKET=3Dm CONFIG_NFT_TPROXY=3Dm CONFIG_SYN_COOKIES=3Dy CONFIG_VETH=3Dy +CONFIG_TLS=3Dm +CONFIG_CRYPTO_ARIA=3Dm +CONFIG_CRYPTO_CCM=3Dm +CONFIG_CRYPTO_CHACHA20POLY1305=3Dm +CONFIG_CRYPTO_SM4_GENERIC=3Dm diff --git a/tools/testing/selftests/net/mptcp/mptcp_tls.sh b/tools/testing= /selftests/net/mptcp/mptcp_tls.sh new file mode 100755 index 000000000000..ea366d149a20 --- /dev/null +++ b/tools/testing/selftests/net/mptcp/mptcp_tls.sh @@ -0,0 +1,62 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 + +. "$(dirname "${0}")/mptcp_lib.sh" + +ret=3D0 +ns1=3D"" + +# This function is used in the cleanup trap +#shellcheck disable=3DSC2317,SC2329 +cleanup() +{ + if [ -n "$pid" ] && kill -0 "$pid" 2>/dev/null; then + kill "$pid" 2>/dev/null + wait "$pid" 2>/dev/null + fi + + mptcp_lib_ns_exit "$ns1" +} + +init() +{ + local max=3D"${1:-4}" + + mptcp_lib_ns_init ns1 + + mptcp_lib_pm_nl_set_limits "$ns1" "$max" "$max" + + local i + for i in $(seq 1 "$max"); do + mptcp_lib_pm_nl_add_endpoint "$ns1" \ + "127.0.0.1" flags signal port 1000"$i" + done +} + +trap cleanup EXIT + +mptcp_lib_check_mptcp +# Temporarily set max to '0' to disable multipath testing, +# as it depends on "mptcp: fix stall because of data_ready" series of fixe= s. +# It will be re-enabled together with that series later as a squash-to pat= ch. +init 0 + +ip netns exec "$ns1" ./tls -v 12_aes_gcm_mptcp \ + -v 13_aes_gcm_mptcp \ + -v 12_chacha_mptcp \ + -v 13_chacha_mptcp \ + -v 13_sm4_gcm_mptcp \ + -v 13_sm4_ccm_mptcp \ + -v 12_aes_ccm_mptcp \ + -v 13_aes_ccm_mptcp \ + -v 12_aes_gcm_256_mptcp \ + -v 13_aes_gcm_256_mptcp \ + -v 13_nopad_mptcp \ + -v 12_aria_gcm_mptcp \ + -v 12_aria_gcm_256_mptcp & +pid=3D$! +wait $pid +ret=3D$? + +mptcp_lib_result_print_all_tap +exit $ret diff --git a/tools/testing/selftests/net/mptcp/tls.c b/tools/testing/selfte= sts/net/mptcp/tls.c new file mode 120000 index 000000000000..724b1f047c89 --- /dev/null +++ b/tools/testing/selftests/net/mptcp/tls.c @@ -0,0 +1 @@ +../tls.c \ No newline at end of file --=20 2.53.0