From nobody Sat May 30 15:33:40 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1360233067C
	for <mptcp@lists.linux.dev>; Fri, 29 May 2026 11:14:16 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780053258; cv=none;
 b=aG9l01UMqezz6KoMJQB92Kja7pXefcvpm+ckq7JdA0BqjZsnzwTJ0NDDyeQi2CyjWdlmN1m2aQwHO0E5m23TDKWOPzWrTQ34dMM1Ui95Nve4Io8G+6aw0JHihIkBbk7hBmoGwrJuEbJkarCE54fY+C8myOgoHbYTZp0WqLO0DAw=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780053258; c=relaxed/simple;
	bh=pefUPGrJtQmpA7Mei7yXQD1BajBEZunb+ZJNbzi5vHE=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=rbbHOeasjXYHbEgOGp6NBXRyGQ00BF/tD4aoTIb86Qwel6M3LHLeye9SQ5K6L4LtvDlMbUHlPnyMuVm1XWovGmx2KLuXv1F260A+28/D+bsIhdn9dnofE9ovE6F4iYk1UL8eURZ+d6lsT662iysS1TqhIMDKAaEEU7v3Z9PqZjE=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=YapUl8S6; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="YapUl8S6"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 912221F00898;
	Fri, 29 May 2026 11:14:15 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780053256;
	bh=WaVXx70jO+Cjdcsj6TsN53LD18R7K6tLhbg+q5ufX0g=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=YapUl8S6F2aOBfTcoT5/77n2SjbsnZB2YWUT9w1uJpnDmXvImiy7kTG+YD1YL8M5t
	 n3J1Op8r+2NuLuQQdZ+ITurIoz0yeQh9utKZl78tuOdKiQ1c94JyIXhUBQCb+xGHCH
	 LsryjnT2lDL9bj7J6Kl2xdbStyZxNXTX60yfpA9iBmgmobitGqn6F7tj0Md/Gl0Ix8
	 3UfZeUFBA8fpnuj6FRIYkp15Dhcp844bxHaMKs8or90jBnIE6NL/UKZ4GuXfk7523w
	 ypbpNXbzstQPwD82PQLiiOe4Y9yczVZBf9cTxPZ+SWpWX8PeOhujCQPhbWxskX9o73
	 hvTQHV8JeLPvg==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>
Subject: [RFC mptcp-next v22 01/20] tls: add clone callback to prevent NULL
 accept crash
Date: Fri, 29 May 2026 19:13:43 +0800
Message-ID: 
 <52eca39c284a3831111fe790b74e5a78fceceb69.1780052851.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.53.0
In-Reply-To: <cover.1780052851.git.tanggeliang@kylinos.cn>
References: <cover.1780052851.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

When a TLS ULP context is attached to a listening socket (e.g., by
calling setsockopt(TCP_ULP, "tls") before accept()), the subsequent
accept() triggers inet_clone_ulp() which accesses ulp_ops->clone.
Since tcp_tls_ulp_ops lacked a .clone member, this resulted in a NULL
pointer access and kernel panic.

Add an empty tls_clone() function and assign it to the .clone field.
The existing ESTABLISHED state check in tls_init() already prevents
TLS on listen sockets, so this serves as a safety net for any remaining
paths.

Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 net/tls/tls_main.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index fd39acf41a61..51ae8925d891 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -1082,6 +1082,12 @@ static int tls_init(struct sock *sk)
 	return rc;
 }
=20
+static void tls_clone(const struct request_sock *req,
+		      struct sock *newsk,
+		      const gfp_t priority)
+{
+}
+
 static void tls_update(struct sock *sk, struct proto *p,
 		       void (*write_space)(struct sock *sk))
 {
@@ -1231,6 +1237,7 @@ static struct tcp_ulp_ops tcp_tls_ulp_ops __read_most=
ly =3D {
 	.name			=3D "tls",
 	.owner			=3D THIS_MODULE,
 	.init			=3D tls_init,
+	.clone			=3D tls_clone,
 	.update			=3D tls_update,
 	.get_info		=3D tls_get_info,
 	.get_info_size		=3D tls_get_info_size,
--=20
2.53.0
From nobody Sat May 30 15:33:40 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id AE7422E7384
	for <mptcp@lists.linux.dev>; Fri, 29 May 2026 11:14:18 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780053259; cv=none;
 b=sbXo9ULKHyxSEgT2X9z9WeAft9boS8zlYtC4+L17F/GYx5ok70Fvw+mNFhHuWjDpFOEHV/BoAJwUAmtgDVlHzdDWEHFZ1fp8qZJ0zSwoPR7czHs+flPTRuPbl0tgW5U2n1xidwoBLnYWO1erXgFzgLf+3xkIL3ZPSt/9wrnxfUE=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780053259; c=relaxed/simple;
	bh=+9gjmTdNU7JtR8m5IpxhfOn7BhGUqIrQcGhQbnyKidw=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=DwgrfRDynU2W2l+i/hoxBC5FsYFiDFSz3Mj4T/kls+uwFvmLXU7d4GEjX7HCrRx9J92iUQ8P1X8MzMHbQhH3Ywuj12Zc1Hn10hKxIn86GsX4eJdbP8YouyoSHlZ9pGQwNwMRmWrli1WqPQWsM96NbxOA1d2N8WE8Xqs1z6rH/7A=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=CtAD3anq; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="CtAD3anq"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6BA141F00893;
	Fri, 29 May 2026 11:14:17 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780053258;
	bh=8MkRwn6UnTQGwiPU+AIFfHPCH3XrZXZwjUF3PQrmdV8=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=CtAD3anqVGUJJVcjcdwzBnm0cB5GSTDNX2Olp7SmeD8yR2RbZRuOCBJH8lwe/V26o
	 iCuDQR56c7MXT+UlbvI7d/KcORaWa3/6gKzXWhgycFkFXsJtTGJagHxzHFKS9X2i8Z
	 kYImfl2IbSNFm4xd6L85or8FTcSH045oiGue3Yd+zO5SOxsbixiULPfgHSw/Qlpbyw
	 PAYm6BopcmR/hWTz3yIRSUgQ8zqFCQKFtjAGUmRJj4snDHVzOgBL5iaWhQN0BLgTa+
	 vjmn4LNKwj/WRhAAa0Hrxz/0XNpR0ZkUMTSigAxmzqv9HVp8XuQxP6jqcn55+fdY9M
	 d7crqESvG5CJw==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>
Subject: [RFC mptcp-next v22 02/20] tls: init mixed SW/TOE proto to prevent
 NULL call
Date: Fri, 29 May 2026 19:13:44 +0800
Message-ID: 
 <4b3d22717387a6a8efb1bd948f4a6e6f8648eff2.1780052851.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.53.0
In-Reply-To: <cover.1780052851.git.tanggeliang@kylinos.cn>
References: <cover.1780052851.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

When a TOE socket falls back to software offload, update_sk_prot() accesses
prot->prots[TLS_SW][TLS_HW_RECORD] and proto_ops[TLS_SW][TLS_HW_RECORD].
These entries were never initialized, causing NULL function pointers and
kernel panic. Add the missing entries for [TLS_SW][TLS_HW_RECORD] and
[TLS_HW_RECORD][TLS_SW] in both build_protos() and build_proto_ops().

Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 net/tls/tls_main.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index 51ae8925d891..6d1272dc3c34 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -965,6 +965,9 @@ static void build_proto_ops(struct proto_ops ops[TLS_NU=
M_CONFIG][TLS_NUM_CONFIG]
 #endif
 #ifdef CONFIG_TLS_TOE
 	ops[TLS_HW_RECORD][TLS_HW_RECORD] =3D *base;
+
+	ops[TLS_SW][TLS_HW_RECORD] =3D ops[TLS_SW][TLS_SW];
+	ops[TLS_HW_RECORD][TLS_SW] =3D ops[TLS_BASE][TLS_SW];
 #endif
 }
=20
@@ -1041,6 +1044,11 @@ static void build_protos(struct proto prot[TLS_NUM_C=
ONFIG][TLS_NUM_CONFIG],
 	prot[TLS_HW_RECORD][TLS_HW_RECORD] =3D *base;
 	prot[TLS_HW_RECORD][TLS_HW_RECORD].hash		=3D tls_toe_hash;
 	prot[TLS_HW_RECORD][TLS_HW_RECORD].unhash	=3D tls_toe_unhash;
+
+	prot[TLS_SW][TLS_HW_RECORD] =3D prot[TLS_SW][TLS_SW];
+	prot[TLS_HW_RECORD][TLS_SW] =3D prot[TLS_BASE][TLS_SW];
+	prot[TLS_SW][TLS_HW_RECORD].hash =3D NULL;
+	prot[TLS_HW_RECORD][TLS_SW].unhash =3D NULL;
 #endif
 }
=20
--=20
2.53.0
From nobody Sat May 30 15:33:40 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6E4141C862F
	for <mptcp@lists.linux.dev>; Fri, 29 May 2026 11:14:20 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780053261; cv=none;
 b=tEmmorRyyVW2DOk7DGQhyvfZKTioblN5281J2HOOeTRVm20J3khQR0E/RiR2RiO57pEadrANxqa+sm76AyiX+1XRegjPZ47BozN4nZtC1+jAkldB35IphAbrVntSEb0gTO2yclXjKP5lJtdAWMODsk4o3XwKsTnbIh1bLXiDlg0=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780053261; c=relaxed/simple;
	bh=s2CQBlnblQ9JBFQhSMtEwGgOCh0C2SDtC4WDSQgvZx4=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=UxIaWYmixZ9yTRsdWllYcQTLvhGh8RFAxs6RDkAzaTeeEnFaVotw3jjkjynw+12d9eutRLBzqr89X8QlfBJ4WXqykCD7XG/D0RW3BVfeh/4vqArndoh3xEJU1y1bWBrwfA4eV/PfKm14/SyXc9M5Ep/T5l+ikSirEU3WMTFRQzQ=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=SD3+jW3R; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="SD3+jW3R"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 126CB1F00899;
	Fri, 29 May 2026 11:14:18 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780053260;
	bh=StnTNuvd8trV9Bp5cMPaZEAky9zIaIYtLYl08NI1+EA=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=SD3+jW3RWKRDElVrkya9mOLTidCPj16QqYHJjZsxyY2is9e0komKbyjqJdTf7PfRs
	 WkDnnRwGVXqlTNP3t/z1UL627ZJ/Fo0TyT4GlFrO3aU/xpf+1aXBUX64HAwXbhOHdZ
	 vph9BtIpa4WeUeeI4Hi/VsVfmJSamjsVy45qUKt4lXOMA//a5BDyDVW3FeqQrHj9BB
	 oA5K4ve6/RXlm9iSjDAC3y3ZFzFDMHVlCtNgzHnLlqPj7hcb+TnyoExFnoDTFo3Hl8
	 6RN9LzrRgqOkTQBOFK+LPQ5pEsPNB64U75mhOnblpThi4fFX94FjMbydpV+UVlr+qX
	 yUZh2f0+lsuJQ==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>
Subject: [RFC mptcp-next v22 03/20] tls: add ESTABLISHED state check for TOE
 bypass
Date: Fri, 29 May 2026 19:13:45 +0800
Message-ID: 
 <faecb7e60a6deda1415f10a20b38e218858e734b.1780052851.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.53.0
In-Reply-To: <cover.1780052851.git.tanggeliang@kylinos.cn>
References: <cover.1780052851.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

When CONFIG_TLS_TOE is enabled, tls_init() calls tls_toe_bypass()
before checking the socket state. This allows a listening socket
(TCP_LISTEN) to attach a TOE TLS context via setsockopt(TCP_ULP, "tls")
after listen().

Later when accept() clones the socket, inet_clone_ulp() dereferences
the ULP's clone callback (which is NULL for TLS), causing a NULL
pointer access and kernel panic.

Move the state check before tls_toe_bypass() to ensure TOE bypass is
only attempted on established sockets. This prevents unsafe attachment
to listen sockets and aligns TOE behavior with the existing restriction
applied to software TLS.

Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 net/tls/tls_main.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index 6d1272dc3c34..8809b056290a 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -1059,11 +1059,6 @@ static int tls_init(struct sock *sk)
=20
 	tls_build_proto(sk);
=20
-#ifdef CONFIG_TLS_TOE
-	if (tls_toe_bypass(sk))
-		return 0;
-#endif
-
 	/* The TLS ulp is currently supported only for TCP sockets
 	 * in ESTABLISHED state.
 	 * Supporting sockets in LISTEN state will require us
@@ -1073,6 +1068,11 @@ static int tls_init(struct sock *sk)
 	if (sk->sk_state !=3D TCP_ESTABLISHED)
 		return -ENOTCONN;
=20
+#ifdef CONFIG_TLS_TOE
+	if (tls_toe_bypass(sk))
+		return 0;
+#endif
+
 	/* allocate tls context */
 	write_lock_bh(&sk->sk_callback_lock);
 	ctx =3D tls_ctx_create(sk);
--=20
2.53.0
From nobody Sat May 30 15:33:40 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id DB70433A9E1
	for <mptcp@lists.linux.dev>; Fri, 29 May 2026 11:14:21 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780053262; cv=none;
 b=nZePrGm2mKO3c4PFSa+L364NhZuHQbMRY+tN+uUWHgAp2tDZxEHmIpHGZldu39vTAjM8TfP0BF1DvYi6KwgOgJuyMW0WRKOxqExoA0w5Cg6TwDyyMT0lTgQvNxseBYEWbgr7+JsJvMHhJlteKsf5mGuwJ3KpkWXP6rwJRliIl0g=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780053262; c=relaxed/simple;
	bh=md2W6E8hUS9PSeCFZeer557QYxVMsIiNkuHALsVaBms=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=uCnMmin4b3hELd63JxA6ZWV6sWbNmnDFjo/xK2vtbmwGo5aU3ed+GtUqtjlUEYLOiqSQJzvS1HN8Izm+3hKJykAujfyB1AzLmVfyruO5ng6WYcC9m1EbhqpNxazgTQEwgJGzFJkE8VP9cCtD8dqPOu3NFGGnLVzQMzTsq+Y+eIM=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=Q6IBwmE4; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="Q6IBwmE4"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id C75881F00893;
	Fri, 29 May 2026 11:14:20 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780053261;
	bh=dh/9vtk0h6W+FRIK8g0S0seuCc09OIrdlemifKpOjUk=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=Q6IBwmE4adcrTktNqIC4tTpFdrAGM6gpipuCteEv53jzlrNoSIHzvJxf6iKNh6KCV
	 ECzof0DaqkTnicKYWKVftZwZ5IdjwiCHIgmNGSHOq/KTGS3aOhpjq9SnEk208j1h9h
	 PnUxXPQ3LP99jmTb9Pki07usey5lGJ+3lH6NPiGYBVbmEc54K4vcJiAvj1VJMwBhOM
	 Vle43TYxjU3y826Vp8NzgHS1B+ru5WWA5IZlX+UuGrbi14VWiOSEDd74K7oRQYqNRU
	 qKvPXZwgsjNEWiqNJZ4FDSjpcmjDox/0gpb928IGB3EDqGNkcxffX9KusWzFuSsuIS
	 bWX7jTjtG3EKQ==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>
Subject: [RFC mptcp-next v22 04/20] tcp: add socket lock to TCP_ULP getsockopt
Date: Fri, 29 May 2026 19:13:46 +0800
Message-ID: 
 <831d466ed59c1195efe901a4132a453db88f1383.1780052851.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.53.0
In-Reply-To: <cover.1780052851.git.tanggeliang@kylinos.cn>
References: <cover.1780052851.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

When handling TCP_ULP getsockopt, do_tcp_getsockopt() accesses
icsk->icsk_ulp_ops without holding the socket lock. A concurrent
connect(AF_UNSPEC) (or other operation that calls tcp_cleanup_ulp())
can set icsk_ulp_ops to NULL and release the module reference.
If this occurs between the NULL check and the dereference of ->name,
the kernel may access a NULL pointer or a stale pointer, leading to
a crash or use-after-free.

Extract the TCP_ULP getsockopt logic into a helper tcp_sock_get_ulp()
and wrap the call with lock_sock()/release_sock() to ensure the ULP
operation is protected against concurrent modification.

Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 net/ipv4/tcp.c | 44 +++++++++++++++++++++++++++++---------------
 1 file changed, 29 insertions(+), 15 deletions(-)

diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index a058f350a759..c01f97d5dfe8 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -4481,6 +4481,28 @@ struct sk_buff *tcp_get_timestamping_opt_stats(const=
 struct sock *sk,
 	return stats;
 }
=20
+static int tcp_sock_get_ulp(struct sock *sk, sockptr_t optval,
+			    sockptr_t optlen)
+{
+	struct inet_connection_sock *icsk =3D inet_csk(sk);
+	int len;
+
+	if (copy_from_sockptr(&len, optlen, sizeof(int)))
+		return -EFAULT;
+	len =3D min_t(unsigned int, len, TCP_ULP_NAME_MAX);
+	if (!icsk->icsk_ulp_ops) {
+		len =3D 0;
+		if (copy_to_sockptr(optlen, &len, sizeof(int)))
+			return -EFAULT;
+		return 0;
+	}
+	if (copy_to_sockptr(optlen, &len, sizeof(int)))
+		return -EFAULT;
+	if (copy_to_sockptr(optval, icsk->icsk_ulp_ops->name, len))
+		return -EFAULT;
+	return 0;
+}
+
 int do_tcp_getsockopt(struct sock *sk, int level,
 		      int optname, sockptr_t optval, sockptr_t optlen)
 {
@@ -4589,22 +4611,14 @@ int do_tcp_getsockopt(struct sock *sk, int level,
 			return -EFAULT;
 		return 0;
=20
-	case TCP_ULP:
-		if (copy_from_sockptr(&len, optlen, sizeof(int)))
-			return -EFAULT;
-		len =3D min_t(unsigned int, len, TCP_ULP_NAME_MAX);
-		if (!icsk->icsk_ulp_ops) {
-			len =3D 0;
-			if (copy_to_sockptr(optlen, &len, sizeof(int)))
-				return -EFAULT;
-			return 0;
-		}
-		if (copy_to_sockptr(optlen, &len, sizeof(int)))
-			return -EFAULT;
-		if (copy_to_sockptr(optval, icsk->icsk_ulp_ops->name, len))
-			return -EFAULT;
-		return 0;
+	case TCP_ULP: {
+		int err;
=20
+		lock_sock(sk);
+		err =3D tcp_sock_get_ulp(sk, optval, optlen);
+		release_sock(sk);
+		return err;
+	}
 	case TCP_FASTOPEN_KEY: {
 		u64 key[TCP_FASTOPEN_KEY_BUF_LENGTH / sizeof(u64)];
 		unsigned int key_len;
--=20
2.53.0
From nobody Sat May 30 15:33:40 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 604262E7384
	for <mptcp@lists.linux.dev>; Fri, 29 May 2026 11:14:24 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780053265; cv=none;
 b=fLdJJj7KSsGRWCfCInFQDRHoLxKDmrSXKfSerIvM9krwH1y7/5xIc3ErBjHIcYHkinTAX34AeuGW1K7m9t6wiRQWhoh+3POEU2ZinhkjP/IwIK9n2fX/NMZkiO14H0pwRph6TBML0EEHLGD7WO8/9tLL33kyww5NVLnjma4IOPY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780053265; c=relaxed/simple;
	bh=SSMXDGbZCoDbYyyST7bczri5n98h7tiuS8ZBXRNpC/I=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=ORN4XCjlvjDxUb4N0lgVruWRFo2O2B8GaMSZlQ7b4xZk9+u1hDGtvacVj2tcMyilQ3d6Eeb2O+atqiYCtGQLFnqNgZHz/Ev0+8dbwafgEoDVLEyCBX0taTg5Awn/K4OoqM5uCtW5HJs+CAdsXNnr+xTjJhmPFXI5rDwNkkgNAac=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=QUBBDoX2; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="QUBBDoX2"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6F0441F00898;
	Fri, 29 May 2026 11:14:22 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780053263;
	bh=QSjauhyI5bZJ3xN2qC1c6qqEg9tbCDdC4EPA9p2j9lI=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=QUBBDoX2TcM2jvbEAXsYw7ki+3HhbT5CA+eN0pda6ou7fJCeyAzwjfU8w9Q53ASAP
	 fL+j/8gxLegrtQwVhj3J8KTU6/la4pR0GKSMagScrMn1fU7EpkTbERe0rGoAivTGpI
	 q3fZ1D+Ahbj0sb57qI1F02M/DU6S2hbmTkFSv45O+xA3I5t0i/PWJbcg/InfpVE8aN
	 VrWQ7yHV1FJJb5nHbbxqXxroMJOl3HAZFCSk3W/zbkqzxbssBbXcAuAFN7d9PqqSEc
	 JE8/eWABvrnLgGIUuHVHfPeWUO+tQEUGBCOVxSLpCZJTJO5NdLVgG8ygDyIbAk75Qa
	 aP5Ug1D+LNWZw==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v22 05/20] tls: add per-protocol cache for MPTCP
 support
Date: Fri, 29 May 2026 19:13:47 +0800
Message-ID: 
 <32ce386e58606ecda19a84319f9a0795c98dc796.1780052851.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.53.0
In-Reply-To: <cover.1780052851.git.tanggeliang@kylinos.cn>
References: <cover.1780052851.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

The TLS ULP uses global static arrays to cache base protocol operations.
When MPTCP sockets enable TLS, they overwrite these global caches when
building for MPTCP, causing active TCP TLS sockets to use MPTCP-specific
ops. This leads to type confusion and kernel panics.

Fix by replacing the global caches with a per-protocol linked list. Each
protocol (TCP, MPTCP, etc.) now has its own cached operations, stored in
struct tls_prot and referenced from tls_context.

Add a struct tls_prot *prot parameter to tls_ctx_create() and
tls_toe_bypass(), and store the pointer in tls_context. This allows
protocol-specific TLS operation tables (e.g., for MPTCP) to be passed
down.

Also add WRITE_ONCE(sk->sk_prot, ctx->sk_proto) in tls_toe_sk_destruct()
to restore the original socket protocol before freeing the TLS context.
This is necessary because the socket may have been switched to a TLS
protocol variant; on destruction we must revert it to avoid use-after-free
or stale function pointers.

Add smp_rmb() barriers in tls_sk_poll() and tls_sw_sock_is_readable()
to ensure proper ordering when reading the TLS context. These pair with
the smp_store_release() in update_sk_prot().

Also add a NULL check for tls_ctx in tls_sw_sock_is_readable() to safely
return false when the context is not yet initialized.

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 include/net/tls.h     |  12 ++++
 include/net/tls_toe.h |   2 +-
 net/tls/tls.h         |   2 +-
 net/tls/tls_main.c    | 158 +++++++++++++++++++++++++++++++-----------
 net/tls/tls_sw.c      |  18 ++++-
 net/tls/tls_toe.c     |   6 +-
 6 files changed, 151 insertions(+), 47 deletions(-)

diff --git a/include/net/tls.h b/include/net/tls.h
index ebd2550280ae..7ff4d4566d41 100644
--- a/include/net/tls.h
+++ b/include/net/tls.h
@@ -220,6 +220,16 @@ struct tls_prot_info {
 	u16 tail_size;
 };
=20
+struct tls_prot {
+	struct rcu_head			rcu;
+	refcount_t			refcnt;
+	struct list_head		list;
+	int				ip_ver;
+	const struct proto		*prot;
+	struct proto prots[TLS_NUM_CONFIG][TLS_NUM_CONFIG];
+	struct proto_ops proto_ops[TLS_NUM_CONFIG][TLS_NUM_CONFIG];
+};
+
 struct tls_context {
 	/* read-only cache line */
 	struct tls_prot_info prot_info;
@@ -257,6 +267,8 @@ struct tls_context {
 	struct proto *sk_proto;
 	struct sock *sk;
=20
+	struct tls_prot *prot;
+
 	void (*sk_destruct)(struct sock *sk);
=20
 	union tls_crypto_context crypto_send;
diff --git a/include/net/tls_toe.h b/include/net/tls_toe.h
index b3aa7593ce2c..f1de7d2498cf 100644
--- a/include/net/tls_toe.h
+++ b/include/net/tls_toe.h
@@ -69,7 +69,7 @@ struct tls_toe_device {
 	struct kref kref;
 };
=20
-int tls_toe_bypass(struct sock *sk);
+int tls_toe_bypass(struct sock *sk, struct tls_prot *prot);
 int tls_toe_hash(struct sock *sk);
 void tls_toe_unhash(struct sock *sk);
=20
diff --git a/net/tls/tls.h b/net/tls/tls.h
index 12f44cb649c9..b9a41e1b8f8c 100644
--- a/net/tls/tls.h
+++ b/net/tls/tls.h
@@ -136,7 +136,7 @@ struct tls_rec {
 int __net_init tls_proc_init(struct net *net);
 void __net_exit tls_proc_fini(struct net *net);
=20
-struct tls_context *tls_ctx_create(struct sock *sk);
+struct tls_context *tls_ctx_create(struct sock *sk, struct tls_prot *prot);
 void tls_ctx_free(struct sock *sk, struct tls_context *ctx);
 void update_sk_prot(struct sock *sk, struct tls_context *ctx);
=20
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index 8809b056290a..cdf0fb05fc99 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -119,23 +119,66 @@ CHECK_CIPHER_DESC(TLS_CIPHER_SM4_CCM, tls12_crypto_in=
fo_sm4_ccm);
 CHECK_CIPHER_DESC(TLS_CIPHER_ARIA_GCM_128, tls12_crypto_info_aria_gcm_128);
 CHECK_CIPHER_DESC(TLS_CIPHER_ARIA_GCM_256, tls12_crypto_info_aria_gcm_256);
=20
-static const struct proto *saved_tcpv6_prot;
-static DEFINE_MUTEX(tcpv6_prot_mutex);
-static const struct proto *saved_tcpv4_prot;
-static DEFINE_MUTEX(tcpv4_prot_mutex);
-static struct proto tls_prots[TLS_NUM_PROTS][TLS_NUM_CONFIG][TLS_NUM_CONFI=
G];
-static struct proto_ops tls_proto_ops[TLS_NUM_PROTS][TLS_NUM_CONFIG][TLS_N=
UM_CONFIG];
+static LIST_HEAD(tls_prot_list);
+static DEFINE_SPINLOCK(tls_prot_lock);
 static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG],
 			 const struct proto *base);
=20
+static struct tls_prot *tls_prot_find(const struct proto *proto,
+				      int ip_ver)
+{
+	struct tls_prot *prot, *ret =3D NULL;
+
+	rcu_read_lock();
+	list_for_each_entry_rcu(prot, &tls_prot_list, list) {
+		if (prot->prot =3D=3D proto && prot->ip_ver =3D=3D ip_ver &&
+		    refcount_inc_not_zero(&prot->refcnt)) {
+			ret =3D prot;
+			break;
+		}
+	}
+	rcu_read_unlock();
+	return ret;
+}
+
+static void tls_prot_free(struct rcu_head *rcu)
+{
+	struct tls_prot *prot =3D container_of(rcu, struct tls_prot, rcu);
+
+	kfree(prot);
+}
+
+static void tls_prot_cleanup(void)
+{
+	struct tls_prot *prot, *tmp;
+
+	spin_lock_bh(&tls_prot_lock);
+	list_for_each_entry_safe(prot, tmp, &tls_prot_list, list) {
+		list_del_rcu(&prot->list);
+		call_rcu(&prot->rcu, tls_prot_free);
+	}
+	spin_unlock_bh(&tls_prot_lock);
+	rcu_barrier();
+}
+
 void update_sk_prot(struct sock *sk, struct tls_context *ctx)
 {
-	int ip_ver =3D sk->sk_family =3D=3D AF_INET6 ? TLSV6 : TLSV4;
+	struct tls_prot *prot =3D ctx->prot;
+
+	if (!prot)
+		return;
=20
-	WRITE_ONCE(sk->sk_prot,
-		   &tls_prots[ip_ver][ctx->tx_conf][ctx->rx_conf]);
-	WRITE_ONCE(sk->sk_socket->ops,
-		   &tls_proto_ops[ip_ver][ctx->tx_conf][ctx->rx_conf]);
+	/* Ensure sk->sk_prot is not visible before icsk_ulp_data.
+	 * Pairs with the rcu_assign_pointer() release in tls_ctx_create()
+	 * and with smp_rmb() in tls_sw_sock_is_readable().
+	 */
+	smp_store_release(&sk->sk_prot,
+			  &prot->prots[ctx->tx_conf][ctx->rx_conf]);
+	/* Ensure sk->sk_socket->ops is not visible before icsk_ulp_data.
+	 * Pairs with smp_rmb() in tls_sk_poll().
+	 */
+	smp_store_release(&sk->sk_socket->ops,
+			  &prot->proto_ops[ctx->tx_conf][ctx->rx_conf]);
 }
=20
 int wait_on_pending_writer(struct sock *sk, long *timeo)
@@ -314,6 +357,16 @@ static void tls_write_space(struct sock *sk)
 	ctx->sk_write_space(sk);
 }
=20
+static void tls_prot_put(struct tls_prot *prot)
+{
+	if (refcount_dec_and_test(&prot->refcnt)) {
+		spin_lock_bh(&tls_prot_lock);
+		list_del_rcu(&prot->list);
+		spin_unlock_bh(&tls_prot_lock);
+		call_rcu(&prot->rcu, tls_prot_free);
+	}
+}
+
 /**
  * tls_ctx_free() - free TLS ULP context
  * @sk:  socket to with @ctx is attached
@@ -327,6 +380,11 @@ void tls_ctx_free(struct sock *sk, struct tls_context =
*ctx)
 	if (!ctx)
 		return;
=20
+	if (ctx->prot) {
+		tls_prot_put(ctx->prot);
+		ctx->prot =3D NULL;
+	}
+
 	memzero_explicit(&ctx->crypto_send, sizeof(ctx->crypto_send));
 	memzero_explicit(&ctx->crypto_recv, sizeof(ctx->crypto_recv));
 	mutex_destroy(&ctx->tx_lock);
@@ -409,6 +467,14 @@ static __poll_t tls_sk_poll(struct file *file, struct =
socket *sock,
 	u8 shutdown;
 	int state;
=20
+	/* Paired with smp_store_release() in update_sk_prot().
+	 * Orders the read of tls_ctx (icsk_ulp_data) to ensure
+	 * we see a fully initialized context after the new socket
+	 * operations are installed. Without this barrier, we might
+	 * observe a stale or NULL tls_ctx.
+	 */
+	smp_rmb();
+
 	mask =3D tcp_poll(file, sock, wait);
=20
 	state =3D inet_sk_state_load(sk);
@@ -910,7 +976,7 @@ static int tls_disconnect(struct sock *sk, int flags)
 	return -EOPNOTSUPP;
 }
=20
-struct tls_context *tls_ctx_create(struct sock *sk)
+struct tls_context *tls_ctx_create(struct sock *sk, struct tls_prot *prot)
 {
 	struct inet_connection_sock *icsk =3D inet_csk(sk);
 	struct tls_context *ctx;
@@ -921,6 +987,7 @@ struct tls_context *tls_ctx_create(struct sock *sk)
=20
 	mutex_init(&ctx->tx_lock);
 	ctx->sk_proto =3D READ_ONCE(sk->sk_prot);
+	ctx->prot =3D prot;
 	ctx->sk =3D sk;
 	/* Release semantic of rcu_assign_pointer() ensures that
 	 * ctx->sk_proto is visible before changing sk->sk_prot in
@@ -971,35 +1038,37 @@ static void build_proto_ops(struct proto_ops ops[TLS=
_NUM_CONFIG][TLS_NUM_CONFIG]
 #endif
 }
=20
-static void tls_build_proto(struct sock *sk)
+static struct tls_prot *tls_build_proto(struct sock *sk)
 {
 	int ip_ver =3D sk->sk_family =3D=3D AF_INET6 ? TLSV6 : TLSV4;
-	struct proto *prot =3D READ_ONCE(sk->sk_prot);
-
-	/* Build IPv6 TLS whenever the address of tcpv6 _prot changes */
-	if (ip_ver =3D=3D TLSV6 &&
-	    unlikely(prot !=3D smp_load_acquire(&saved_tcpv6_prot))) {
-		mutex_lock(&tcpv6_prot_mutex);
-		if (likely(prot !=3D saved_tcpv6_prot)) {
-			build_protos(tls_prots[TLSV6], prot);
-			build_proto_ops(tls_proto_ops[TLSV6],
-					sk->sk_socket->ops);
-			smp_store_release(&saved_tcpv6_prot, prot);
-		}
-		mutex_unlock(&tcpv6_prot_mutex);
-	}
+	struct proto *proto =3D READ_ONCE(sk->sk_prot);
+	struct tls_prot *prot, *cache;
=20
-	if (ip_ver =3D=3D TLSV4 &&
-	    unlikely(prot !=3D smp_load_acquire(&saved_tcpv4_prot))) {
-		mutex_lock(&tcpv4_prot_mutex);
-		if (likely(prot !=3D saved_tcpv4_prot)) {
-			build_protos(tls_prots[TLSV4], prot);
-			build_proto_ops(tls_proto_ops[TLSV4],
-					sk->sk_socket->ops);
-			smp_store_release(&saved_tcpv4_prot, prot);
-		}
-		mutex_unlock(&tcpv4_prot_mutex);
+	if (!sk->sk_socket)
+		return NULL;
+
+	prot =3D kzalloc_obj(*prot, GFP_KERNEL);
+	if (!prot)
+		return NULL;
+
+	spin_lock_bh(&tls_prot_lock);
+	cache =3D tls_prot_find(proto, ip_ver);
+	if (cache) {
+		spin_unlock_bh(&tls_prot_lock);
+		kfree(prot);
+		return cache;
 	}
+
+	prot->ip_ver =3D ip_ver;
+	prot->prot =3D proto;
+	refcount_set(&prot->refcnt, 1);
+	build_protos(prot->prots, proto);
+	build_proto_ops(prot->proto_ops,
+			sk->sk_socket->ops);
+	list_add_rcu(&prot->list, &tls_prot_list);
+
+	spin_unlock_bh(&tls_prot_lock);
+	return prot;
 }
=20
 static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG],
@@ -1054,10 +1123,13 @@ static void build_protos(struct proto prot[TLS_NUM_=
CONFIG][TLS_NUM_CONFIG],
=20
 static int tls_init(struct sock *sk)
 {
+	struct tls_prot *prot;
 	struct tls_context *ctx;
 	int rc =3D 0;
=20
-	tls_build_proto(sk);
+	prot =3D tls_build_proto(sk);
+	if (!prot)
+		return -ENOMEM;
=20
 	/* The TLS ulp is currently supported only for TCP sockets
 	 * in ESTABLISHED state.
@@ -1065,18 +1137,21 @@ static int tls_init(struct sock *sk)
 	 * to modify the accept implementation to clone rather then
 	 * share the ulp context.
 	 */
-	if (sk->sk_state !=3D TCP_ESTABLISHED)
+	if (sk->sk_state !=3D TCP_ESTABLISHED) {
+		tls_prot_put(prot);
 		return -ENOTCONN;
+	}
=20
 #ifdef CONFIG_TLS_TOE
-	if (tls_toe_bypass(sk))
+	if (tls_toe_bypass(sk, prot))
 		return 0;
 #endif
=20
 	/* allocate tls context */
 	write_lock_bh(&sk->sk_callback_lock);
-	ctx =3D tls_ctx_create(sk);
+	ctx =3D tls_ctx_create(sk, prot);
 	if (!ctx) {
+		tls_prot_put(prot);
 		rc =3D -ENOMEM;
 		goto out;
 	}
@@ -1280,6 +1355,7 @@ static int __init tls_register(void)
 static void __exit tls_unregister(void)
 {
 	tcp_unregister_ulp(&tcp_tls_ulp_ops);
+	tls_prot_cleanup();
 	tls_strp_dev_exit();
 	tls_device_cleanup();
 	unregister_pernet_subsys(&tls_proc_ops);
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 964ebc268ee4..8c5eeb92d017 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -2450,11 +2450,25 @@ int tls_sw_read_sock(struct sock *sk, read_descript=
or_t *desc,
=20
 bool tls_sw_sock_is_readable(struct sock *sk)
 {
-	struct tls_context *tls_ctx =3D tls_get_ctx(sk);
-	struct tls_sw_context_rx *ctx =3D tls_sw_ctx_rx(tls_ctx);
+	struct tls_sw_context_rx *ctx;
+	struct tls_context *tls_ctx;
 	bool ingress_empty =3D true;
 	struct sk_psock *psock;
=20
+	/* Paired with smp_store_release() in update_sk_prot()
+	 * for sk->sk_prot. Orders the read of icsk_ulp_data
+	 * after the read of sk->sk_prot in sk_is_readable().
+	 * Prevents seeing a new sk->sk_prot but a stale
+	 * icsk_ulp_data.
+	 */
+	smp_rmb();
+
+	tls_ctx =3D tls_get_ctx(sk);
+	if (!tls_ctx)
+		return false;
+
+	ctx =3D tls_sw_ctx_rx(tls_ctx);
+
 	rcu_read_lock();
 	psock =3D sk_psock(sk);
 	if (psock)
diff --git a/net/tls/tls_toe.c b/net/tls/tls_toe.c
index 825669e1ab47..e92853c106da 100644
--- a/net/tls/tls_toe.c
+++ b/net/tls/tls_toe.c
@@ -48,13 +48,15 @@ static void tls_toe_sk_destruct(struct sock *sk)
 	struct inet_connection_sock *icsk =3D inet_csk(sk);
 	struct tls_context *ctx =3D tls_get_ctx(sk);
=20
+	WRITE_ONCE(sk->sk_prot, ctx->sk_proto);
+
 	ctx->sk_destruct(sk);
 	/* Free ctx */
 	rcu_assign_pointer(icsk->icsk_ulp_data, NULL);
 	tls_ctx_free(sk, ctx);
 }
=20
-int tls_toe_bypass(struct sock *sk)
+int tls_toe_bypass(struct sock *sk, struct tls_prot *prot)
 {
 	struct tls_toe_device *dev;
 	struct tls_context *ctx;
@@ -63,7 +65,7 @@ int tls_toe_bypass(struct sock *sk)
 	spin_lock_bh(&device_spinlock);
 	list_for_each_entry(dev, &device_list, dev_list) {
 		if (dev->feature && dev->feature(dev)) {
-			ctx =3D tls_ctx_create(sk);
+			ctx =3D tls_ctx_create(sk, prot);
 			if (!ctx)
 				goto out;
=20
--=20
2.53.0
From nobody Sat May 30 15:33:40 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8FC8B3016E7
	for <mptcp@lists.linux.dev>; Fri, 29 May 2026 11:14:25 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780053266; cv=none;
 b=mSuYvmWQJ5GYizHpiD7LQspgmkQPnKke2JrUGHASDlz7BHzBjKQr+3rieDnrcZ39UenlqspbTXlM6PomTgNH+nMhyFPLEwYMQYvyH1+7dcZf6kPRhSgxjNMtQk42yb+nV1CUHg/9tmSXjOLKJIXgD5PKFrBCIZ2Kd3dr/zaqYlM=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780053266; c=relaxed/simple;
	bh=zDO9HJc1I5EIUxxU6atIh0/SOz/dpoCLhx9u+JMw7As=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=W4NzXDHD7BFhks69wfA1i9ALEPXzVvyPgiuO7AkLr3LAC9greU2Rmcvnw3Bzr66pvFAnYJtirb383+sIyrTjxee8CWf7vc46DtexRbwykQKmB4PGO8P9JmbM675RW6tJ+aVWAiH2pM00HCuqhvErsEKnCHg6WM4JGtJEBP7ng9g=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=PEQgM6rr; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="PEQgM6rr"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 75C861F00893;
	Fri, 29 May 2026 11:14:24 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780053265;
	bh=yT/ss49zrB8lQ3GJfif3Im6isQWPnmiw2M6vttbIYXw=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=PEQgM6rrP7bkJQYvwfb/f/LmCgKlzbxeCKL2a0kDXLGuhctEbkiu5OZvCpcAjly/C
	 iLORMUfv5IgIe5ZrmB6go6kpn6MtfeHws+e1kgx3DAz/NgVjX6yAvm+mwx9Ao2Z5Hm
	 03TOuq40YTdWIuPDc1vf9RzNWsvJ8RBZTBQgLJ86KS66unHSh8pZKulyyPBZqhZX/y
	 3jG8W9YxTNPBSkdyYcwJ2IubfIpo6VYzKLmAOegD3IMVD7A5Ma0zxcYOE+fDKbvsEj
	 DEZqYcy1ZzciSPRL71BTBgUNDBEO3+bRIZ5xhj8bEwbzugP1ctpbG579EtfJsGxKRz
	 ej3nBd6vKdqrA==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v22 06/20] tls: introduce tls protocol ops structure
Date: Fri, 29 May 2026 19:13:48 +0800
Message-ID: 
 <da05b025a22b0289716502a83edb9a59bb902b2d.1780052851.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.53.0
In-Reply-To: <cover.1780052851.git.tanggeliang@kylinos.cn>
References: <cover.1780052851.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

To extend MPTCP support based on TCP TLS, a tls_prot_ops structure has
been introduced for TLS, encapsulating TCP-specific helpers within this
structure.

Add registering, validating and finding functions for this structure to
add, validate and find a tls_prot_ops on the global list tls_prot_ops_list.

Register TCP-specific structure tls_tcp_ops in tls_register().

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 include/net/tls.h  |  22 ++++++++++
 net/tls/tls_main.c | 106 ++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 127 insertions(+), 1 deletion(-)

diff --git a/include/net/tls.h b/include/net/tls.h
index 7ff4d4566d41..e13894c054ad 100644
--- a/include/net/tls.h
+++ b/include/net/tls.h
@@ -220,6 +220,28 @@ struct tls_prot_info {
 	u16 tail_size;
 };
=20
+struct tls_prot_ops {
+	struct module		*owner;
+	int			protocol;
+	struct list_head	list;
+
+	int (*inq)(struct sock *sk);
+	int (*sendmsg_locked)(struct sock *sk, struct msghdr *msg,
+			      size_t size);
+	struct sk_buff *(*recv_skb)(struct sock *sk, u32 *off);
+	bool (*lock_is_held)(struct sock *sk);
+	int (*read_sock)(struct sock *sk, read_descriptor_t *desc,
+			 sk_read_actor_t recv_actor);
+	void (*read_done)(struct sock *sk, size_t len);
+	u32 (*get_skb_seq)(struct sk_buff *skb);
+	int (*skb_copy_bits)(const struct sk_buff *skb, int offset,
+			     void *to, int len);
+	__poll_t (*poll)(struct file *file, struct socket *sock,
+			 struct poll_table_struct *wait);
+	bool (*epollin_ready)(const struct sock *sk);
+	void (*check_app_limited)(struct sock *sk);
+};
+
 struct tls_prot {
 	struct rcu_head			rcu;
 	refcount_t			refcnt;
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index cdf0fb05fc99..2d9e10507f4b 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -120,6 +120,7 @@ CHECK_CIPHER_DESC(TLS_CIPHER_ARIA_GCM_128, tls12_crypto=
_info_aria_gcm_128);
 CHECK_CIPHER_DESC(TLS_CIPHER_ARIA_GCM_256, tls12_crypto_info_aria_gcm_256);
=20
 static LIST_HEAD(tls_prot_list);
+static LIST_HEAD(tls_prot_ops_list);
 static DEFINE_SPINLOCK(tls_prot_lock);
 static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG],
 			 const struct proto *base);
@@ -161,6 +162,22 @@ static void tls_prot_cleanup(void)
 	rcu_barrier();
 }
=20
+static struct tls_prot_ops *tls_prot_ops_find(int protocol)
+{
+	struct tls_prot_ops *ops, *ret =3D NULL;
+
+	rcu_read_lock();
+	list_for_each_entry_rcu(ops, &tls_prot_ops_list, list) {
+		if (ops->protocol =3D=3D protocol) {
+			ret =3D ops;
+			break;
+		}
+	}
+	rcu_read_unlock();
+
+	return ret;
+}
+
 void update_sk_prot(struct sock *sk, struct tls_context *ctx)
 {
 	struct tls_prot *prot =3D ctx->prot;
@@ -1326,6 +1343,86 @@ static struct tcp_ulp_ops tcp_tls_ulp_ops __read_mos=
tly =3D {
 	.get_info_size		=3D tls_get_info_size,
 };
=20
+static int tls_validate_prot_ops(const struct tls_prot_ops *ops)
+{
+	if (!ops->inq || !ops->sendmsg_locked ||
+	    !ops->recv_skb || !ops->lock_is_held ||
+	    !ops->read_sock || !ops->read_done ||
+	    !ops->get_skb_seq || !ops->skb_copy_bits ||
+	    !ops->poll || !ops->epollin_ready ||
+	    !ops->check_app_limited) {
+		pr_err("%d does not implement required ops\n", ops->protocol);
+		return -EINVAL;
+	}
+
+	return 0;
+}
+
+static int tls_register_prot_ops(struct tls_prot_ops *ops)
+{
+	int ret;
+
+	ret =3D tls_validate_prot_ops(ops);
+	if (ret)
+		return ret;
+
+	spin_lock_bh(&tls_prot_lock);
+	if (tls_prot_ops_find(ops->protocol)) {
+		spin_unlock_bh(&tls_prot_lock);
+		return -EEXIST;
+	}
+
+	list_add_tail_rcu(&ops->list, &tls_prot_ops_list);
+	spin_unlock_bh(&tls_prot_lock);
+
+	pr_debug("tls_prot_ops %d registered\n", ops->protocol);
+	return 0;
+}
+
+static void tls_unregister_prot_ops(struct tls_prot_ops *ops)
+{
+	spin_lock_bh(&tls_prot_lock);
+	list_del_rcu(&ops->list);
+	spin_unlock_bh(&tls_prot_lock);
+	synchronize_rcu();
+}
+
+static struct sk_buff *tls_tcp_recv_skb(struct sock *sk, u32 *off)
+{
+	return tcp_recv_skb(sk, tcp_sk(sk)->copied_seq, off);
+}
+
+static bool tls_tcp_lock_is_held(struct sock *sk)
+{
+	return sock_owned_by_user_nocheck(sk);
+}
+
+static u32 tls_tcp_get_skb_seq(struct sk_buff *skb)
+{
+	return TCP_SKB_CB(skb)->seq;
+}
+
+static bool tls_tcp_epollin_ready(const struct sock *sk)
+{
+	return tcp_epollin_ready(sk, INT_MAX);
+}
+
+static struct tls_prot_ops tls_tcp_ops =3D {
+	.owner			=3D THIS_MODULE,
+	.protocol		=3D IPPROTO_TCP,
+	.inq			=3D tcp_inq,
+	.sendmsg_locked		=3D tcp_sendmsg_locked,
+	.recv_skb		=3D tls_tcp_recv_skb,
+	.lock_is_held		=3D tls_tcp_lock_is_held,
+	.read_sock		=3D tcp_read_sock,
+	.read_done		=3D tcp_read_done,
+	.get_skb_seq		=3D tls_tcp_get_skb_seq,
+	.skb_copy_bits		=3D skb_copy_bits,
+	.poll			=3D tcp_poll,
+	.epollin_ready		=3D tls_tcp_epollin_ready,
+	.check_app_limited	=3D tcp_rate_check_app_limited,
+};
+
 static int __init tls_register(void)
 {
 	int err;
@@ -1338,13 +1435,19 @@ static int __init tls_register(void)
 	if (err)
 		goto err_pernet;
=20
-	err =3D tls_device_init();
+	err =3D tls_register_prot_ops(&tls_tcp_ops);
 	if (err)
 		goto err_strp;
=20
+	err =3D tls_device_init();
+	if (err)
+		goto err_ops;
+
 	tcp_register_ulp(&tcp_tls_ulp_ops);
=20
 	return 0;
+err_ops:
+	tls_unregister_prot_ops(&tls_tcp_ops);
 err_strp:
 	tls_strp_dev_exit();
 err_pernet:
@@ -1355,6 +1458,7 @@ static int __init tls_register(void)
 static void __exit tls_unregister(void)
 {
 	tcp_unregister_ulp(&tcp_tls_ulp_ops);
+	tls_unregister_prot_ops(&tls_tcp_ops);
 	tls_prot_cleanup();
 	tls_strp_dev_exit();
 	tls_device_cleanup();
--=20
2.53.0
From nobody Sat May 30 15:33:40 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9A41133A9E1
	for <mptcp@lists.linux.dev>; Fri, 29 May 2026 11:14:27 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780053268; cv=none;
 b=kSWpVTNnupV0LpBOQAWaMCYzyIEVwTZYod54HTwke3rUpqT7FmLdIQPl66bKY7cOOUfCx2HJMFWA3dVJzX9NSW45Qxxqf01M4rM0fMdP4QHhNzJtF5O825PHjuvirZX3hPzmHQcrGUP1QfljGRtIhGSowQAbusEImojMevoUlqM=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780053268; c=relaxed/simple;
	bh=5era6W594TCQdQrsNQa6RdYcNTJfIDmFNjxb4eMZznw=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=K+szElTxkgpgir9ydd5DuNQuj9JiBwYr4DeaKVZA+y7JkB1yDRchMQbtg90UEtjdTLp/uefH43i9QTyJi35uPj/KdMC2bVP8wMiTuvuJNu4zAgFplC6aRAH31M/SIHIgC3oXrsisGte/QU3y/fcjNgxrNzyjQdi9VWAmsU9GLWE=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=mrZLxJ73; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="mrZLxJ73"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 239281F00898;
	Fri, 29 May 2026 11:14:25 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780053267;
	bh=HpRTRywEcoOZTLVchSwgkEY5lb2HvqLu0Y/tXxA4eZY=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=mrZLxJ73+G0FcJGrvkmKHVoc+iYfRTYyeFlAcgs+EHYE1BucOWLKSkIxGfJeu4Fej
	 m3GVoEtwM0iN2Weo8hq+GBPkFBYiQvNOCqtG9OKySkUKIJIsy4fFJQEJ1Yk4TIgJB1
	 l54TdVp/ytnKPxmGWZlF9qRsMZcRF9lgGUz11oJndQ+Q7krfnQM1QR6H4VYyjTZoLG
	 OoeE5mtnI1P/hW7voiu19eUXaC5ZYFDaQSCZjHVI2eHX4MfjHi/w4gDQi6nsCBLdRo
	 YRolUrfiJMq06gr51MNMzTgh1ViCjDhtJyHWLEHoXotTBmY+LGtfH23KQdrY71ny1U
	 oagleNNDLUwgw==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v22 07/20] tls: store protocol ops pointer in
 tls_proto
Date: Fri, 29 May 2026 19:13:49 +0800
Message-ID: 
 <b5b4e224cf12b5900e4fa7a4f40a90b0284fa45c.1780052851.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.53.0
In-Reply-To: <cover.1780052851.git.tanggeliang@kylinos.cn>
References: <cover.1780052851.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

A pointer to struct tls_prot_ops, named 'ops', has been added to struct
tls_prot. The places originally calling TLS-specific helpers have now
been modified to indirectly invoke them via 'ops' pointer in tls_prot.

In tls_build_proto(), prot->ops is assigned either 'tls_mptcp_ops' or
'tls_tcp_ops' based on the socket protocol.

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 include/net/tls.h  |  1 +
 net/tls/tls_main.c | 19 +++++++++++++++----
 net/tls/tls_strp.c | 33 ++++++++++++++++++++++-----------
 net/tls/tls_sw.c   |  9 ++++++---
 4 files changed, 44 insertions(+), 18 deletions(-)

diff --git a/include/net/tls.h b/include/net/tls.h
index e13894c054ad..9ea199328070 100644
--- a/include/net/tls.h
+++ b/include/net/tls.h
@@ -248,6 +248,7 @@ struct tls_prot {
 	struct list_head		list;
 	int				ip_ver;
 	const struct proto		*prot;
+	const struct tls_prot_ops	*ops;
 	struct proto prots[TLS_NUM_CONFIG][TLS_NUM_CONFIG];
 	struct proto_ops proto_ops[TLS_NUM_CONFIG][TLS_NUM_CONFIG];
 };
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index 2d9e10507f4b..3c19cb04dae7 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -156,6 +156,7 @@ static void tls_prot_cleanup(void)
 	spin_lock_bh(&tls_prot_lock);
 	list_for_each_entry_safe(prot, tmp, &tls_prot_list, list) {
 		list_del_rcu(&prot->list);
+		module_put(prot->ops->owner);
 		call_rcu(&prot->rcu, tls_prot_free);
 	}
 	spin_unlock_bh(&tls_prot_lock);
@@ -248,13 +249,13 @@ int tls_push_sg(struct sock *sk,
 	ctx->splicing_pages =3D true;
 	while (1) {
 		/* is sending application-limited? */
-		tcp_rate_check_app_limited(sk);
+		ctx->prot->ops->check_app_limited(sk);
 		p =3D sg_page(sg);
 retry:
 		bvec_set_page(&bvec, p, size, offset);
 		iov_iter_bvec(&msg.msg_iter, ITER_SOURCE, &bvec, 1, size);
=20
-		ret =3D tcp_sendmsg_locked(sk, &msg, size);
+		ret =3D ctx->prot->ops->sendmsg_locked(sk, &msg, size);
=20
 		if (ret !=3D size) {
 			if (ret > 0) {
@@ -380,6 +381,7 @@ static void tls_prot_put(struct tls_prot *prot)
 		spin_lock_bh(&tls_prot_lock);
 		list_del_rcu(&prot->list);
 		spin_unlock_bh(&tls_prot_lock);
+		module_put(prot->ops->owner);
 		call_rcu(&prot->rcu, tls_prot_free);
 	}
 }
@@ -492,14 +494,14 @@ static __poll_t tls_sk_poll(struct file *file, struct=
 socket *sock,
 	 */
 	smp_rmb();
=20
-	mask =3D tcp_poll(file, sock, wait);
+	tls_ctx =3D tls_get_ctx(sk);
+	mask =3D tls_ctx->prot->ops->poll(file, sock, wait);
=20
 	state =3D inet_sk_state_load(sk);
 	shutdown =3D READ_ONCE(sk->sk_shutdown);
 	if (unlikely(state !=3D TCP_ESTABLISHED || shutdown & RCV_SHUTDOWN))
 		return mask;
=20
-	tls_ctx =3D tls_get_ctx(sk);
 	ctx =3D tls_sw_ctx_rx(tls_ctx);
 	psock =3D sk_psock_get(sk);
=20
@@ -1060,6 +1062,7 @@ static struct tls_prot *tls_build_proto(struct sock *=
sk)
 	int ip_ver =3D sk->sk_family =3D=3D AF_INET6 ? TLSV6 : TLSV4;
 	struct proto *proto =3D READ_ONCE(sk->sk_prot);
 	struct tls_prot *prot, *cache;
+	struct tls_prot_ops *ops;
=20
 	if (!sk->sk_socket)
 		return NULL;
@@ -1076,8 +1079,16 @@ static struct tls_prot *tls_build_proto(struct sock =
*sk)
 		return cache;
 	}
=20
+	ops =3D tls_prot_ops_find(sk->sk_protocol);
+	if (!ops || !try_module_get(ops->owner)) {
+		spin_unlock_bh(&tls_prot_lock);
+		kfree(prot);
+		return NULL;
+	}
+
 	prot->ip_ver =3D ip_ver;
 	prot->prot =3D proto;
+	prot->ops =3D ops;
 	refcount_set(&prot->refcnt, 1);
 	build_protos(prot->prots, proto);
 	build_proto_ops(prot->proto_ops,
diff --git a/net/tls/tls_strp.c b/net/tls/tls_strp.c
index c72e88317627..c88cb966649b 100644
--- a/net/tls/tls_strp.c
+++ b/net/tls/tls_strp.c
@@ -120,6 +120,7 @@ struct sk_buff *tls_strp_msg_detach(struct tls_sw_conte=
xt_rx *ctx)
 int tls_strp_msg_cow(struct tls_sw_context_rx *ctx)
 {
 	struct tls_strparser *strp =3D &ctx->strp;
+	struct tls_context *tls_ctx =3D tls_get_ctx(strp->sk);
 	struct sk_buff *skb;
=20
 	if (strp->copy_mode)
@@ -132,7 +133,7 @@ int tls_strp_msg_cow(struct tls_sw_context_rx *ctx)
 	tls_strp_anchor_free(strp);
 	strp->anchor =3D skb;
=20
-	tcp_read_done(strp->sk, strp->stm.full_len);
+	tls_ctx->prot->ops->read_done(strp->sk, strp->stm.full_len);
 	strp->copy_mode =3D 1;
=20
 	return 0;
@@ -376,6 +377,7 @@ static int tls_strp_copyin(read_descriptor_t *desc, str=
uct sk_buff *in_skb,
=20
 static int tls_strp_read_copyin(struct tls_strparser *strp)
 {
+	struct tls_context *ctx =3D tls_get_ctx(strp->sk);
 	read_descriptor_t desc;
=20
 	desc.arg.data =3D strp;
@@ -383,13 +385,14 @@ static int tls_strp_read_copyin(struct tls_strparser =
*strp)
 	desc.count =3D 1; /* give more than one skb per call */
=20
 	/* sk should be locked here, so okay to do read_sock */
-	tcp_read_sock(strp->sk, &desc, tls_strp_copyin);
+	ctx->prot->ops->read_sock(strp->sk, &desc, tls_strp_copyin);
=20
 	return desc.error;
 }
=20
 static int tls_strp_read_copy(struct tls_strparser *strp, bool qshort)
 {
+	struct tls_context *ctx =3D tls_get_ctx(strp->sk);
 	struct skb_shared_info *shinfo;
 	struct page *page;
 	int need_spc, len;
@@ -398,7 +401,7 @@ static int tls_strp_read_copy(struct tls_strparser *str=
p, bool qshort)
 	 * to read the data out. Otherwise the connection will stall.
 	 * Without pressure threshold of INT_MAX will never be ready.
 	 */
-	if (likely(qshort && !tcp_epollin_ready(strp->sk, INT_MAX)))
+	if (likely(qshort && !ctx->prot->ops->epollin_ready(strp->sk)))
 		return 0;
=20
 	shinfo =3D skb_shinfo(strp->anchor);
@@ -434,12 +437,13 @@ static int tls_strp_read_copy(struct tls_strparser *s=
trp, bool qshort)
 static bool tls_strp_check_queue_ok(struct tls_strparser *strp)
 {
 	unsigned int len =3D strp->stm.offset + strp->stm.full_len;
+	struct tls_context *ctx =3D tls_get_ctx(strp->sk);
 	struct sk_buff *first, *skb;
 	u32 seq;
=20
 	first =3D skb_shinfo(strp->anchor)->frag_list;
 	skb =3D first;
-	seq =3D TCP_SKB_CB(first)->seq;
+	seq =3D ctx->prot->ops->get_skb_seq(first);
=20
 	/* Make sure there's no duplicate data in the queue,
 	 * and the decrypted status matches.
@@ -449,7 +453,7 @@ static bool tls_strp_check_queue_ok(struct tls_strparse=
r *strp)
 		len -=3D skb->len;
 		skb =3D skb->next;
=20
-		if (TCP_SKB_CB(skb)->seq !=3D seq)
+		if (ctx->prot->ops->get_skb_seq(skb) !=3D seq)
 			return false;
 		if (skb_cmp_decrypted(first, skb))
 			return false;
@@ -460,11 +464,11 @@ static bool tls_strp_check_queue_ok(struct tls_strpar=
ser *strp)
=20
 static void tls_strp_load_anchor_with_queue(struct tls_strparser *strp, in=
t len)
 {
-	struct tcp_sock *tp =3D tcp_sk(strp->sk);
+	struct tls_context *ctx =3D tls_get_ctx(strp->sk);
 	struct sk_buff *first;
 	u32 offset;
=20
-	first =3D tcp_recv_skb(strp->sk, tp->copied_seq, &offset);
+	first =3D ctx->prot->ops->recv_skb(strp->sk, &offset);
 	if (WARN_ON_ONCE(!first))
 		return;
=20
@@ -483,6 +487,7 @@ static void tls_strp_load_anchor_with_queue(struct tls_=
strparser *strp, int len)
=20
 bool tls_strp_msg_load(struct tls_strparser *strp, bool force_refresh)
 {
+	struct tls_context *ctx =3D tls_get_ctx(strp->sk);
 	struct strp_msg *rxm;
 	struct tls_msg *tlm;
=20
@@ -490,7 +495,8 @@ bool tls_strp_msg_load(struct tls_strparser *strp, bool=
 force_refresh)
 	DEBUG_NET_WARN_ON_ONCE(!strp->stm.full_len);
=20
 	if (!strp->copy_mode && force_refresh) {
-		if (unlikely(tcp_inq(strp->sk) < strp->stm.full_len)) {
+		if (unlikely(ctx->prot->ops->inq(strp->sk) <
+			     strp->stm.full_len)) {
 			WRITE_ONCE(strp->msg_ready, 0);
 			memset(&strp->stm, 0, sizeof(strp->stm));
 			return false;
@@ -511,9 +517,10 @@ bool tls_strp_msg_load(struct tls_strparser *strp, boo=
l force_refresh)
 /* Called with lock held on lower socket */
 static int tls_strp_read_sock(struct tls_strparser *strp)
 {
+	struct tls_context *ctx =3D tls_get_ctx(strp->sk);
 	int sz, inq;
=20
-	inq =3D tcp_inq(strp->sk);
+	inq =3D ctx->prot->ops->inq(strp->sk);
 	if (inq < 1)
 		return 0;
=20
@@ -556,6 +563,8 @@ void tls_strp_check_rcv(struct tls_strparser *strp)
 /* Lower sock lock held */
 void tls_strp_data_ready(struct tls_strparser *strp)
 {
+	struct tls_context *ctx =3D tls_get_ctx(strp->sk);
+
 	/* This check is needed to synchronize with do_tls_strp_work.
 	 * do_tls_strp_work acquires a process lock (lock_sock) whereas
 	 * the lock held here is bh_lock_sock. The two locks can be
@@ -563,7 +572,7 @@ void tls_strp_data_ready(struct tls_strparser *strp)
 	 * allows a thread in BH context to safely check if the process
 	 * lock is held. In this case, if the lock is held, queue work.
 	 */
-	if (sock_owned_by_user_nocheck(strp->sk)) {
+	if (ctx->prot->ops->lock_is_held(strp->sk)) {
 		queue_work(tls_strp_wq, &strp->work);
 		return;
 	}
@@ -583,10 +592,12 @@ static void tls_strp_work(struct work_struct *w)
=20
 void tls_strp_msg_done(struct tls_strparser *strp)
 {
+	struct tls_context *ctx =3D tls_get_ctx(strp->sk);
+
 	WARN_ON(!strp->stm.full_len);
=20
 	if (likely(!strp->copy_mode))
-		tcp_read_done(strp->sk, strp->stm.full_len);
+		ctx->prot->ops->read_done(strp->sk, strp->stm.full_len);
 	else
 		tls_strp_flush_anchor_copy(strp);
=20
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 8c5eeb92d017..437662598756 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1987,7 +1987,8 @@ tls_read_flush_backlog(struct sock *sk, struct tls_pr=
ot_info *prot,
 		return false;
=20
 	max_rec =3D prot->overhead_size - prot->tail_size + TLS_MAX_PAYLOAD_SIZE;
-	if (done - *flushed_at < SZ_128K && tcp_inq(sk) > max_rec)
+	if (done - *flushed_at < SZ_128K &&
+	    tls_get_ctx(sk)->prot->ops->inq(sk) > max_rec)
 		return false;
=20
 	*flushed_at =3D done;
@@ -2499,7 +2500,8 @@ int tls_rx_msg_size(struct tls_strparser *strp, struc=
t sk_buff *skb)
 	}
=20
 	/* Linearize header to local buffer */
-	ret =3D skb_copy_bits(skb, strp->stm.offset, header, prot->prepend_size);
+	ret =3D tls_ctx->prot->ops->skb_copy_bits(skb, strp->stm.offset, header,
+						prot->prepend_size);
 	if (ret < 0)
 		goto read_failure;
=20
@@ -2530,7 +2532,8 @@ int tls_rx_msg_size(struct tls_strparser *strp, struc=
t sk_buff *skb)
 	}
=20
 	tls_device_rx_resync_new_rec(strp->sk, data_len + TLS_HEADER_SIZE,
-				     TCP_SKB_CB(skb)->seq + strp->stm.offset);
+				     tls_ctx->prot->ops->get_skb_seq(skb) +
+				     strp->stm.offset);
 	return data_len + TLS_HEADER_SIZE;
=20
 read_failure:
--=20
2.53.0
From nobody Sat May 30 15:33:40 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 01E38189F43
	for <mptcp@lists.linux.dev>; Fri, 29 May 2026 11:14:29 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780053270; cv=none;
 b=HE8pAhQJdsn99OptGt7bQRVF+FP+7a3N4HkwXiYBvWbuAaTVoHvXpmO9N1+Jt9m2Hh5ZCCvd0WSeR5Fc6UWuZwBPT9KE4Zqzpt0TPdXBlD5uQx9J/dOR4mxkiOy8BoVHrUFdwdxXln49+y4eQOZsjrsQyu8JKho+FslphrZ5I4Q=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780053270; c=relaxed/simple;
	bh=xkOmdXS493PXsswRrf3Se4sg9ZYAL/unp6qhF1FPYtE=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=hdlY460AggCH9wAS8PYasmnMpqdiXz6deYKoDtokJ4sKTQQ0UqkypBRntRoGACxJw4NDro9q0q2csNVGXIeADO+hrXPZ9Xs6KlFaTKpv2AjYIoDuhRhq2pjGiY6sUzcjdzF7wRCdNdeCWhUMHaiQlglZ163g7UYagQJlvG+8hzg=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=Xgx7lt6D; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="Xgx7lt6D"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2E5E11F00893;
	Fri, 29 May 2026 11:14:27 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780053269;
	bh=gu9GpY4sbcUoW5c0J9NA8wncRBEplx6/5//iMulJeDQ=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=Xgx7lt6DSoQ3FHTKpkZtFZacAapfi2YiqirTFKlyeg9/vKmqUF0qYnuirIIhl7Y7s
	 ra0/YMQ2BMGY2Dm9vLLI3/aXM+O0umPSaE5JJ3mPbwFpfhKQHHo14J14Tv8BtP73i/
	 f09bt0Ls//6b+pVKo5X6leVICnwazNl8bhj8GTm/+HGtN9yOgoMJ3A7XOLUH/2EZ9m
	 2pNGCNY6kv9tDd3hQecJiolZR2sg2y0SVm+jPl/9RvEI2NOSh5O6CF5lOOPcXprFUh
	 dB3Wy1Srqi+v1CNJOLIZFAIc0VtvYpFjt9gb1pHvDIqx7S+ZzX5hR04tZUvqXXBiqq
	 WsFjHQZ1QLNwg==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Gang Yan <yangang@kylinos.cn>,
	Geliang Tang <geliang@kernel.org>
Subject: [RFC mptcp-next v22 08/20] mptcp: update mptcp_check_readable helper
Date: Fri, 29 May 2026 19:13:50 +0800
Message-ID: 
 <45ca86564cd7e9dd0a615dca44941badb67520c7.1780052851.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.53.0
In-Reply-To: <cover.1780052851.git.tanggeliang@kylinos.cn>
References: <cover.1780052851.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Gang Yan <yangang@kylinos.cn>

This patch makes mptcp_check_readable() aligned with TCP, and renames it to
mptcp_stream_is_readable(). It will be used in the case of KTLS, because
'prot' will be modified, tls_sw_sock_is_readable() is expected to be called
from prot->sock_is_readable().

Co-developed-by: Geliang Tang <geliang@kernel.org>
Signed-off-by: Geliang Tang <geliang@kernel.org>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
---
 net/mptcp/protocol.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index 7fe618e22d1b..b7976a551af0 100644
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -3401,9 +3401,11 @@ void __mptcp_unaccepted_force_close(struct sock *sk)
 	__mptcp_destroy_sock(sk);
 }
=20
-static __poll_t mptcp_check_readable(struct sock *sk)
+static bool mptcp_stream_is_readable(struct sock *sk)
 {
-	return mptcp_epollin_ready(sk) ? EPOLLIN | EPOLLRDNORM : 0;
+	if (mptcp_epollin_ready(sk))
+		return true;
+	return sk_is_readable(sk);
 }
=20
 static void mptcp_check_listen_stop(struct sock *sk)
@@ -4467,7 +4469,8 @@ static __poll_t mptcp_poll(struct file *file, struct =
socket *sock,
 		mask |=3D EPOLLIN | EPOLLRDNORM | EPOLLRDHUP;
=20
 	if (state !=3D TCP_SYN_SENT && state !=3D TCP_SYN_RECV) {
-		mask |=3D mptcp_check_readable(sk);
+		if (mptcp_stream_is_readable(sk))
+			mask |=3D EPOLLIN | EPOLLRDNORM;
 		if (shutdown & SEND_SHUTDOWN)
 			mask |=3D EPOLLOUT | EPOLLWRNORM;
 		else
--=20
2.53.0
From nobody Sat May 30 15:33:40 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id D47482E7384
	for <mptcp@lists.linux.dev>; Fri, 29 May 2026 11:14:31 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780053273; cv=none;
 b=UYKsaHGG5QUAWzDCRAVCu06cHwJqM537Q1mCnYek4YTzw6oBxv7h0MbxaQSjbTp8hzmmfPYdJrBDVF7Jc3qpDGTw2r0EO3h1l6KpsO0D1fEq3HzH1lMtAR1U4bkQIb/RaqMYF059P4ZYPo1wKLTPjlCHgrq0S2x/sGYJoLHYnlU=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780053273; c=relaxed/simple;
	bh=9WQdCnxeKbQn+palntOrOe+AD8ajLYENasrhJkONmww=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=dHYiXFe/18UX2b41NFlAOrOPnsuNORsWNm2sc9I4ah5khHAr45Rrl8zACutbOTboImAvP7sIHw1n1kzIWkwSM3NgfE69P08oeIcv43Rg9/vajY3uMGzkogueVAITPZEFVKtFoGBRlZ2srwnHADz8+oDLpGtUfyoWiPveAfeaiPc=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=gfrU0r38; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="gfrU0r38"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 530A11F00898;
	Fri, 29 May 2026 11:14:30 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780053271;
	bh=oC9U7kOPpqMKspg0ZdL1Ubfi9VPVrcGyBmoh1TFDawc=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=gfrU0r38VoARl1ob8Kvu/BMoNszvCP1QCmHCjD97vzCnA7Q0Hn4Mw21Yq+vueFg1B
	 pRmUweAWmvaMTcMdTMxIztN+nAVkJUEIZdCZyKS93hoaej0hC+x513Pl+wmkl5qnoy
	 CaTTWox4QRHd3WM7Mzhrs2aTLTml/o2GRkgEqSyFJ1npTVXJpYb2syeSV642IjsKFY
	 bWeIfmDVN2OR+5IKj4ddP17l13qZvfPu+29hGlmTF9g66fjkEMyRVZ0vL8cJDa8z5T
	 pq3wGx1UNUFFAkELUcRIHqJAHgrStVTg/cKK67M0xorbpA4Wc7ZFPzjVB25VpE4976
	 7qluk/4W6eN8g==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v22 09/20] mptcp: implement mptcp-specific tls
 protocol ops
Date: Fri, 29 May 2026 19:13:51 +0800
Message-ID: 
 <f6319b32af7e5a3db30c847f125c4db9ad1b53a3.1780052851.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.53.0
In-Reply-To: <cover.1780052851.git.tanggeliang@kylinos.cn>
References: <cover.1780052851.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

This patch implements the MPTCP-specific struct tls_prot_ops, named
'tls_mptcp_ops'.

Passing an MPTCP socket to tcp_sock_rate_check_app_limited() can
trigger a crash. Here, an MPTCP version of check_app_limited() is
implemented, which calls tcp_sock_rate_check_app_limited() for each
subflow.

When MPTCP implements lock_is_held interface, it not only checks
sock_owned_by_user_nocheck(sk) as TCP does, but also needs to check
whether the MPTCP data lock is held. This is required because TLS
may call lock_is_held from softirq context with bh_lock_sock held.
Checking both conditions ensures TLS always defers to workqueue when
the MPTCP data lock is held, avoiding deadlock.

Implement mptcp_skb_copy_bits() to handle fragmented MPTCP skbs when
copying TLS record headers.

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 include/net/mptcp.h  |   2 +
 include/net/tcp.h    |   1 +
 net/ipv4/tcp.c       |   9 ++-
 net/mptcp/protocol.c | 151 +++++++++++++++++++++++++++++++++++++++++--
 net/mptcp/protocol.h |   1 +
 net/tls/tls_main.c   |  13 ++++
 6 files changed, 171 insertions(+), 6 deletions(-)

diff --git a/include/net/mptcp.h b/include/net/mptcp.h
index aef2dbeb847b..75a30c70c6e1 100644
--- a/include/net/mptcp.h
+++ b/include/net/mptcp.h
@@ -128,6 +128,8 @@ struct mptcp_pm_ops {
 	void (*release)(struct mptcp_sock *msk);
 } ____cacheline_aligned_in_smp;
=20
+extern struct tls_prot_ops tls_mptcp_ops;
+
 #ifdef CONFIG_MPTCP
 void mptcp_init(void);
=20
diff --git a/include/net/tcp.h b/include/net/tcp.h
index f063eccbbba3..1c8201f69ef1 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -849,6 +849,7 @@ static inline int tcp_bound_to_half_wnd(struct tcp_sock=
 *tp, int pktsize)
=20
 /* tcp.c */
 void tcp_get_info(struct sock *, struct tcp_info *);
+void tcp_sock_rate_check_app_limited(struct tcp_sock *tp);
 void tcp_rate_check_app_limited(struct sock *sk);
=20
 /* Read 'sendfile()'-style from a TCP socket */
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index c01f97d5dfe8..413807e1be75 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -1097,9 +1097,9 @@ int tcp_sendmsg_fastopen(struct sock *sk, struct msgh=
dr *msg, int *copied,
 }
=20
 /* If a gap is detected between sends, mark the socket application-limited=
. */
-void tcp_rate_check_app_limited(struct sock *sk)
+void tcp_sock_rate_check_app_limited(struct tcp_sock *tp)
 {
-	struct tcp_sock *tp =3D tcp_sk(sk);
+	struct sock *sk =3D (struct sock *)tp;
=20
 	if (/* We have less than one packet to send. */
 	    tp->write_seq - tp->snd_nxt < tp->mss_cache &&
@@ -1112,6 +1112,11 @@ void tcp_rate_check_app_limited(struct sock *sk)
 		tp->app_limited =3D
 			(tp->delivered + tcp_packets_in_flight(tp)) ? : 1;
 }
+
+void tcp_rate_check_app_limited(struct sock *sk)
+{
+	tcp_sock_rate_check_app_limited(tcp_sk(sk));
+}
 EXPORT_SYMBOL_GPL(tcp_rate_check_app_limited);
=20
 int tcp_sendmsg_locked(struct sock *sk, struct msghdr *msg, size_t size)
diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index b7976a551af0..f9dbe3a1e57b 100644
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -24,6 +24,7 @@
 #include <net/mptcp.h>
 #include <net/hotdata.h>
 #include <net/xfrm.h>
+#include <net/tls.h>
 #include <asm/ioctls.h>
 #include "protocol.h"
 #include "mib.h"
@@ -1967,7 +1968,7 @@ static void mptcp_rps_record_subflows(const struct mp=
tcp_sock *msk)
 	}
 }
=20
-static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
+static int mptcp_sendmsg_locked(struct sock *sk, struct msghdr *msg, size_=
t len)
 {
 	struct mptcp_sock *msk =3D mptcp_sk(sk);
 	struct page_frag *pfrag;
@@ -1979,8 +1980,6 @@ static int mptcp_sendmsg(struct sock *sk, struct msgh=
dr *msg, size_t len)
 	msg->msg_flags &=3D MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL |
 			  MSG_FASTOPEN | MSG_EOR;
=20
-	lock_sock(sk);
-
 	mptcp_rps_record_subflows(msk);
=20
 	if (unlikely(inet_test_bit(DEFER_CONNECT, sk) ||
@@ -2096,7 +2095,6 @@ static int mptcp_sendmsg(struct sock *sk, struct msgh=
dr *msg, size_t len)
 	}
=20
 out:
-	release_sock(sk);
 	return copied;
=20
 do_error:
@@ -2107,6 +2105,17 @@ static int mptcp_sendmsg(struct sock *sk, struct msg=
hdr *msg, size_t len)
 	goto out;
 }
=20
+static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
+{
+	int ret;
+
+	lock_sock(sk);
+	ret =3D mptcp_sendmsg_locked(sk, msg, len);
+	release_sock(sk);
+
+	return ret;
+}
+
 static void mptcp_rcv_space_adjust(struct mptcp_sock *msk, int copied);
=20
 static void mptcp_eat_recv_skb(struct sock *sk, struct sk_buff *skb)
@@ -4851,3 +4860,137 @@ int __init mptcp_proto_v6_init(void)
 	return err;
 }
 #endif
+
+static int mptcp_inq(struct sock *sk)
+{
+	const struct mptcp_sock *msk =3D mptcp_sk(sk);
+	const struct sk_buff *skb;
+
+	if ((1 << sk->sk_state) & (TCPF_SYN_SENT | TCPF_SYN_RECV))
+		return 0;
+
+	skb =3D skb_peek(&sk->sk_receive_queue);
+	if (skb) {
+		u64 answ =3D READ_ONCE(msk->ack_seq) - MPTCP_SKB_CB(skb)->map_seq;
+
+		if (answ >=3D INT_MAX)
+			answ =3D INT_MAX;
+
+		/* Subtract 1, if FIN was received */
+		if (answ &&
+		    (sk->sk_state =3D=3D TCP_CLOSE ||
+		     (sk->sk_shutdown & RCV_SHUTDOWN)))
+			answ--;
+
+		return (int)answ;
+	}
+
+	return 0;
+}
+
+static bool mptcp_lock_is_held(struct sock *sk)
+{
+	return sock_owned_by_user_nocheck(sk) ||
+	       mptcp_data_is_locked(sk);
+}
+
+static void mptcp_read_done(struct sock *sk, size_t len)
+{
+	struct mptcp_sock *msk =3D mptcp_sk(sk);
+	struct sk_buff *skb;
+	size_t left;
+	u32 offset;
+
+	msk_owned_by_me(msk);
+
+	if (sk->sk_state =3D=3D TCP_LISTEN)
+		return;
+
+	left =3D len;
+	while (left && (skb =3D mptcp_recv_skb(sk, &offset)) !=3D NULL) {
+		int used;
+
+		used =3D min_t(size_t, skb->len - offset, left);
+		msk->bytes_consumed +=3D used;
+		MPTCP_SKB_CB(skb)->offset +=3D used;
+		MPTCP_SKB_CB(skb)->map_seq +=3D used;
+		left -=3D used;
+
+		if (skb->len > offset + used)
+			break;
+
+		mptcp_eat_recv_skb(sk, skb);
+	}
+
+	mptcp_rcv_space_adjust(msk, len - left);
+
+	/* Clean up data we have read: This will do ACK frames. */
+	if (left !=3D len)
+		mptcp_cleanup_rbuf(msk, len - left);
+}
+
+static u32 mptcp_get_skb_seq(struct sk_buff *skb)
+{
+	return MPTCP_SKB_CB(skb)->map_seq - MPTCP_SKB_CB(skb)->offset;
+}
+
+static int mptcp_skb_copy_bits(const struct sk_buff *skb, int off,
+			       void *buf, int len)
+{
+	struct sk_buff *iter =3D skb_shinfo(skb)->frag_list;
+	int copied =3D 0, count;
+	int offset =3D off;
+	int ret =3D 0;
+
+	do {
+		const struct sk_buff *cur =3D iter ? iter : skb;
+
+		if (offset > cur->len)
+			return -EFAULT;
+
+		count =3D min((int)(cur->len - offset), len - copied);
+		ret =3D skb_copy_bits(cur, offset, buf + copied, count);
+		if (ret)
+			break;
+
+		copied +=3D count;
+		if (!iter)
+			break;
+		iter =3D iter->next;
+		offset =3D MPTCP_SKB_CB(iter)->offset;
+	} while (copied !=3D len);
+
+	return ret;
+}
+
+static void mptcp_check_app_limited(struct sock *sk)
+{
+	struct mptcp_sock *msk =3D mptcp_sk(sk);
+	struct mptcp_subflow_context *subflow;
+
+	mptcp_for_each_subflow(msk, subflow) {
+		struct sock *ssk =3D mptcp_subflow_tcp_sock(subflow);
+		bool slow;
+
+		slow =3D lock_sock_fast(ssk);
+		tcp_sock_rate_check_app_limited(tcp_sk(ssk));
+		unlock_sock_fast(ssk, slow);
+	}
+}
+
+struct tls_prot_ops tls_mptcp_ops =3D {
+	.owner			=3D THIS_MODULE,
+	.protocol		=3D IPPROTO_MPTCP,
+	.inq			=3D mptcp_inq,
+	.sendmsg_locked		=3D mptcp_sendmsg_locked,
+	.recv_skb		=3D mptcp_recv_skb,
+	.lock_is_held		=3D mptcp_lock_is_held,
+	.read_sock		=3D mptcp_read_sock,
+	.read_done		=3D mptcp_read_done,
+	.get_skb_seq		=3D mptcp_get_skb_seq,
+	.skb_copy_bits		=3D mptcp_skb_copy_bits,
+	.poll			=3D mptcp_poll,
+	.epollin_ready		=3D mptcp_epollin_ready,
+	.check_app_limited	=3D mptcp_check_app_limited,
+};
+EXPORT_SYMBOL(tls_mptcp_ops);
diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h
index 2321ad4d845d..1d8fcd742eb9 100644
--- a/net/mptcp/protocol.h
+++ b/net/mptcp/protocol.h
@@ -380,6 +380,7 @@ struct mptcp_sock {
=20
 #define mptcp_data_lock(sk) spin_lock_bh(&(sk)->sk_lock.slock)
 #define mptcp_data_unlock(sk) spin_unlock_bh(&(sk)->sk_lock.slock)
+#define mptcp_data_is_locked(sk) spin_is_locked(&(sk)->sk_lock.slock)
=20
 #define mptcp_for_each_subflow(__msk, __subflow)			\
 	list_for_each_entry(__subflow, &((__msk)->conn_list), node)
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index 3c19cb04dae7..67541b8880d7 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -1450,6 +1450,12 @@ static int __init tls_register(void)
 	if (err)
 		goto err_strp;
=20
+#ifdef CONFIG_MPTCP
+	err =3D tls_register_prot_ops(&tls_mptcp_ops);
+	if (err)
+		goto err_tcp;
+#endif
+
 	err =3D tls_device_init();
 	if (err)
 		goto err_ops;
@@ -1458,6 +1464,10 @@ static int __init tls_register(void)
=20
 	return 0;
 err_ops:
+#ifdef CONFIG_MPTCP
+	tls_unregister_prot_ops(&tls_mptcp_ops);
+err_tcp:
+#endif
 	tls_unregister_prot_ops(&tls_tcp_ops);
 err_strp:
 	tls_strp_dev_exit();
@@ -1469,6 +1479,9 @@ static int __init tls_register(void)
 static void __exit tls_unregister(void)
 {
 	tcp_unregister_ulp(&tcp_tls_ulp_ops);
+#ifdef CONFIG_MPTCP
+	tls_unregister_prot_ops(&tls_mptcp_ops);
+#endif
 	tls_unregister_prot_ops(&tls_tcp_ops);
 	tls_prot_cleanup();
 	tls_strp_dev_exit();
--=20
2.53.0
From nobody Sat May 30 15:33:40 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 445C72E7384
	for <mptcp@lists.linux.dev>; Fri, 29 May 2026 11:14:33 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780053275; cv=none;
 b=UO+lvLiEGweuaNwnt2cwXDXoCYRM10LOL7GonwZHO1/fdwJ6zVx72LMuN8wsYk11IZWUBBD46elcJHYmbsCq3VeqkUqRA95bUAhhi5uUvNDzaLdi9CVUgL0P+XJoqcNFMjVmrshLM58G3zjQPIiiBPH4jvo4ycx4pGbrnXa/hOE=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780053275; c=relaxed/simple;
	bh=hrtN9uQddVM0lcmO9wc2o6AU3IK9pMQ70Z6iH5TPITU=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=sEW8KuB5ZNuNItCpNZ7skBhhOR+Kp6ky2aTbxP/5juEKIBFE7ZhO05d9E2WOsSWnzutNJoEaPGtpMn1IauGGPGt68fmh1D1oYAqCN9F/BxNLBZd0/MRyQRkPJsoqqX4ZibK4gv9S649uSs2x5eWToJt0z3wsTs3xcBMfnQG5ouM=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=iJnf9Ae7; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="iJnf9Ae7"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5F7051F00893;
	Fri, 29 May 2026 11:14:32 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780053273;
	bh=NkVnihIy31dIAYz2JOSqK3T3ETJqUTTxorUyuRboKN4=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=iJnf9Ae7tFksteXvDQZFZjJOE5cXvMng7acUwHctE9xN6OcpDKoAshwJQ/yIeNYNr
	 LUrtbRqzFkrpYJ58E0OH2YAR4kfVjTjEVNJzl9m2pOIFCKArykD+o5N+POkht99i0C
	 IiZWmOwNwOHUtfrmGIKhBEkN3MNPu3Aphahb6vXky9tHs1I6mGKdYh9ot7Dq9lPdUO
	 Vx1ufW9zkDiNW5vmmzoiNgYqgEfJgGlCjI8kkQ9oDBFg9DluuCCpRQQcloJeSb5/KQ
	 7q8msss0uXvfXilmLURbauyaK+jNy/eaKTJr4bCXFE7x1cJo8VC1gFqXGt+G6RJc38
	 wI9+UlMZDDSNg==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v22 10/20] tls: disable device offload for mptcp
 sockets
Date: Fri, 29 May 2026 19:13:52 +0800
Message-ID: 
 <f87315346791706a1487977ac411ba64b2fd91a9.1780052851.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.53.0
In-Reply-To: <cover.1780052851.git.tanggeliang@kylinos.cn>
References: <cover.1780052851.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

MPTCP TLS hardware offload is not yet implemented. Return -EOPNOTSUPP
when attempting to enable device offload on MPTCP sockets.

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 net/tls/tls_device.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c
index 741aef09bfd3..06f45edffb5f 100644
--- a/net/tls/tls_device.c
+++ b/net/tls/tls_device.c
@@ -1074,6 +1074,9 @@ int tls_set_device_offload(struct sock *sk)
 	ctx =3D tls_get_ctx(sk);
 	prot =3D &ctx->prot_info;
=20
+	if (sk->sk_protocol =3D=3D IPPROTO_MPTCP)
+		return -EOPNOTSUPP;
+
 	if (ctx->priv_ctx_tx)
 		return -EEXIST;
=20
@@ -1196,6 +1199,9 @@ int tls_set_device_offload_rx(struct sock *sk, struct=
 tls_context *ctx)
 	struct net_device *netdev;
 	int rc =3D 0;
=20
+	if (sk->sk_protocol =3D=3D IPPROTO_MPTCP)
+		return -EOPNOTSUPP;
+
 	if (ctx->crypto_recv.info.version !=3D TLS_1_2_VERSION)
 		return -EOPNOTSUPP;
=20
--=20
2.53.0
From nobody Sat May 30 15:33:40 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2D1B633067C
	for <mptcp@lists.linux.dev>; Fri, 29 May 2026 11:14:35 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780053277; cv=none;
 b=BFnxxc1lKfJo5fTfxcSAL3q+kXHwm89+/mml20HXrgbHKvepaTG0KYFn0Si614D6hYqKkdSnezuGejHhZS/98nEVdF79GXC0rDtkGynwNHBzRNaF2oMg1lJrUnhKE4JPaDT3AO4dSlgDcPjZ3UGGHN9r72IFdQdy8k3DTf2MGXE=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780053277; c=relaxed/simple;
	bh=2tNQdD1kXfIsy4s4UFB9qunJ7bSr3lm/j3H96tIJnLg=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=NjTkVgseOfTk2EqSA74nLdICe2MdMuWnyJZb7+Fp+TPBTLiZIBU0xjMOEPjrVjrrMwsytHwtebJ1hrEldz+vnp6YexpWeQQJNbu09rnXTXVITXf1sevs0xP6SDySbhfVf0ehnjuqq3UCtBJUZ5X4g/+3dcWFrTeRaBK7IVXOROg=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=jukfZACi; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="jukfZACi"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8425D1F00898;
	Fri, 29 May 2026 11:14:34 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780053275;
	bh=/+VUjgRwlW8blQRoopxGUb+8YI6yAg4UUKp5tj2bSSE=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=jukfZACicN8I0p8cD7e7bd7XQKf5qF/zS2eN6E8gioJ01VuEVD/c9FD8G7YR+jhOW
	 441pSEZDmFSMCzWdWcVOmpScdWnnqviou8si5QWWCh1M9nqATel0ycOmKW7o3ukduK
	 MVeOzxTre+kjSywv9duiKx0cBoEca8kYUJVDvqsQY2a7BGFLEfPX/xmrhKvxF9Dsoc
	 hxuua1rAMzOYHAb2eVa0PMYPBz7HoDORMIk+k0fjswdC1s2rUK+JB07pgsmobLJt3g
	 BH2h2ZRDl+PkdMnL17CsdXwnqH8i6eeYqcj0Bs4pFp1F1cLoOLNfeBOncb4GJAYrYY
	 gsBMEo4TR/R2Q==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v22 11/20] mptcp: update ulp getsockopt for tls
 support
Date: Fri, 29 May 2026 19:13:53 +0800
Message-ID: 
 <6bbf75e80cf5a8ff65fdd97a8918e7906037a3c4.1780052851.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.53.0
In-Reply-To: <cover.1780052851.git.tanggeliang@kylinos.cn>
References: <cover.1780052851.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

Export tcp_sock_get_ulp() helper and use it in MPTCP to get the ULP name
of the MPTCP socket itself, replacing the previous approach that returned
the ULP of the first subflow via mptcp_getsockopt_first_sf_only().

Add mptcp_getsockopt_tcp_ulp() which acquires the socket lock before
calling the helper, ensuring safe access to icsk_ulp_ops.

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 include/linux/tcp.h |  2 ++
 net/ipv4/tcp.c      |  4 ++--
 net/mptcp/sockopt.c | 20 ++++++++++++++++++++
 3 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/include/linux/tcp.h b/include/linux/tcp.h
index 8a6807082672..662a7de907e6 100644
--- a/include/linux/tcp.h
+++ b/include/linux/tcp.h
@@ -653,6 +653,8 @@ void tcp_sock_set_quickack(struct sock *sk, int val);
 int tcp_sock_set_syncnt(struct sock *sk, int val);
 int tcp_sock_set_user_timeout(struct sock *sk, int val);
 int tcp_sock_set_maxseg(struct sock *sk, int val);
+int tcp_sock_get_ulp(struct sock *sk, sockptr_t optval,
+		     sockptr_t optlen);
=20
 static inline bool dst_tcp_usec_ts(const struct dst_entry *dst)
 {
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 413807e1be75..ed9f8c27ace1 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -4486,8 +4486,8 @@ struct sk_buff *tcp_get_timestamping_opt_stats(const =
struct sock *sk,
 	return stats;
 }
=20
-static int tcp_sock_get_ulp(struct sock *sk, sockptr_t optval,
-			    sockptr_t optlen)
+int tcp_sock_get_ulp(struct sock *sk, sockptr_t optval,
+		     sockptr_t optlen)
 {
 	struct inet_connection_sock *icsk =3D inet_csk(sk);
 	int len;
diff --git a/net/mptcp/sockopt.c b/net/mptcp/sockopt.c
index fcf6feb2a9eb..b7eccade1f90 100644
--- a/net/mptcp/sockopt.c
+++ b/net/mptcp/sockopt.c
@@ -1408,6 +1408,25 @@ static int mptcp_put_int_option(struct mptcp_sock *m=
sk, char __user *optval,
 	return 0;
 }
=20
+static int mptcp_getsockopt_tcp_ulp(struct sock *sk,
+				    char __user *optval,
+				    int __user *optlen)
+{
+	int ret, len;
+
+	if (copy_from_sockptr(&len, USER_SOCKPTR(optlen), sizeof(int)))
+		return -EFAULT;
+
+	if (len < 0)
+		return -EINVAL;
+
+	lock_sock(sk);
+	ret =3D tcp_sock_get_ulp(sk, USER_SOCKPTR(optval),
+			       USER_SOCKPTR(optlen));
+	release_sock(sk);
+	return ret;
+}
+
 static int mptcp_getsockopt_sol_tcp(struct mptcp_sock *msk, int optname,
 				    char __user *optval, int __user *optlen)
 {
@@ -1415,6 +1434,7 @@ static int mptcp_getsockopt_sol_tcp(struct mptcp_sock=
 *msk, int optname,
=20
 	switch (optname) {
 	case TCP_ULP:
+		return mptcp_getsockopt_tcp_ulp(sk, optval, optlen);
 	case TCP_CONGESTION:
 	case TCP_INFO:
 	case TCP_CC_INFO:
--=20
2.53.0
From nobody Sat May 30 15:33:40 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 47D753BE65C
	for <mptcp@lists.linux.dev>; Fri, 29 May 2026 11:14:37 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780053279; cv=none;
 b=F457+OlU8TsbuZQsmJx2BXFCibKxuHzBOV7CHVIgNslCbYve7Dw1V+yurV29V4SMADEFuVezaOFIKihoScZ9gMhTgFwhHT5gphrHu7gdmEkqS7NCfiiIKomG6RbOK10DfqP65sHqG1kaHdNxCahqj4dynBGHf+K7FbH7ayjQGPA=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780053279; c=relaxed/simple;
	bh=4izWaohbT9APxn0iR8ureinX623jq3pJmCSnPaSDjcY=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=CvuGl67pLqm1tkFY58+QvyYPDZACDUTDX067qjf9Q470xe7Xnl2fLJRfYLth2wwPUebdULfrPGWgrQccoExGgqsMiS/TrjUFa6cuWS/PfveH4R2aRidSRt8NPdeVzlh5mYxHJl+MZpDEVGmgppxNBa67/JXaXp4sQVXksIWyv7g=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=IDYU9VrJ; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="IDYU9VrJ"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5CA7C1F00899;
	Fri, 29 May 2026 11:14:36 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780053277;
	bh=GLT8fng9KbiEqiwXafGg/LxgIWTnPbGX0DiZpooAGoI=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=IDYU9VrJs5NFOFYa+yDf4yLaoRmzcw4kTyjVDd/uQkddBSrLpMS5z+D1I39Rg/Cec
	 ZXfnVfy2Yw55PqMvK4hNGNQhACW+odvt5HXJB4rn0rt68bRma8B+p7g8o+/wU1QEMF
	 0Ts2dKA3HDTIvlOyyHOhRpBhoALyrtCKGN6+5R9N11Jwn2xqSDj/+lNDJIavIKHbhe
	 kY3fd2mUloSZRelm7AwAQW42QkQICsZIkjTQiRxlscFG9pQ4kehN4lEzscZvij5l06
	 +5q+uNssIv7u8NnhzZUyrSnSGJi8gpujL+sxskusXu7ADbIusTWH6uxj7V/U824OTg
	 mzSkRvT/KaL8Q==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v22 12/20] mptcp: enable ulp setsockopt for tls
 support
Date: Fri, 29 May 2026 19:13:54 +0800
Message-ID: 
 <67118c759fba8945088e496c5dff2e8af7c1ca44.1780052851.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.53.0
In-Reply-To: <cover.1780052851.git.tanggeliang@kylinos.cn>
References: <cover.1780052851.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

Allow MPTCP sockets to set the TCP_ULP socket option to enable TLS.
Add mptcp_setsockopt_tcp_ulp() which validates the socket state (must
not be CLOSE or LISTEN), only accepts "tls" as the ULP name, and then
calls tcp_set_ulp().

Include TCP_ULP in the list of supported options in supported_sockopt(),
and handle it in setsockopt_sol_tcp() instead of returning -EOPNOTSUPP.

Call tcp_cleanup_ulp() in mptcp_destroy_common() to release ULP module's
reference count.

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 net/mptcp/protocol.c |  1 +
 net/mptcp/sockopt.c  | 40 +++++++++++++++++++++++++++++++++++++++-
 2 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index f9dbe3a1e57b..26a9b0df5808 100644
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -3765,6 +3765,7 @@ static void mptcp_destroy(struct sock *sk)
 	/* allow the following to close even the initial subflow */
 	msk->free_first =3D 1;
 	mptcp_destroy_common(msk);
+	tcp_cleanup_ulp(sk);
 	sk_sockets_allocated_dec(sk);
 }
=20
diff --git a/net/mptcp/sockopt.c b/net/mptcp/sockopt.c
index b7eccade1f90..d692bca17adf 100644
--- a/net/mptcp/sockopt.c
+++ b/net/mptcp/sockopt.c
@@ -12,6 +12,7 @@
 #include <net/protocol.h>
 #include <net/tcp.h>
 #include <net/mptcp.h>
+#include <net/tls.h>
 #include "protocol.h"
=20
 #define MIN_INFO_OPTLEN_SIZE		16
@@ -577,6 +578,7 @@ static bool mptcp_supported_sockopt(int level, int optn=
ame)
 		case TCP_FASTOPEN_CONNECT:
 		case TCP_FASTOPEN_KEY:
 		case TCP_FASTOPEN_NO_COOKIE:
+		case TCP_ULP:
 			return true;
 		}
=20
@@ -830,6 +832,42 @@ static int mptcp_setsockopt_all_sf(struct mptcp_sock *=
msk, int level,
 	return ret;
 }
=20
+static int mptcp_setsockopt_tcp_ulp(struct sock *sk, sockptr_t optval,
+				    unsigned int optlen)
+{
+	struct mptcp_sock *msk =3D mptcp_sk(sk);
+	char name[TCP_ULP_NAME_MAX];
+	int err =3D 0;
+	size_t len;
+	int val;
+
+	if (optlen < 1)
+		return -EINVAL;
+
+	len =3D min_t(long, TCP_ULP_NAME_MAX - 1, optlen);
+	val =3D strncpy_from_sockptr(name, optval, len);
+	if (val < 0)
+		return -EFAULT;
+	name[val] =3D 0;
+
+	if (strcmp(name, "tls"))
+		return -EOPNOTSUPP;
+
+	sockopt_lock_sock(sk);
+	if (__mptcp_check_fallback(msk)) {
+		err =3D -EOPNOTSUPP;
+		goto out;
+	}
+	if ((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN)) {
+		err =3D -ENOTCONN;
+		goto out;
+	}
+	err =3D tcp_set_ulp(sk, name);
+out:
+	sockopt_release_sock(sk);
+	return err;
+}
+
 static int mptcp_setsockopt_sol_tcp(struct mptcp_sock *msk, int optname,
 				    sockptr_t optval, unsigned int optlen)
 {
@@ -838,7 +876,7 @@ static int mptcp_setsockopt_sol_tcp(struct mptcp_sock *=
msk, int optname,
=20
 	switch (optname) {
 	case TCP_ULP:
-		return -EOPNOTSUPP;
+		return mptcp_setsockopt_tcp_ulp(sk, optval, optlen);
 	case TCP_CONGESTION:
 		return mptcp_setsockopt_sol_tcp_congestion(msk, optval, optlen);
 	case TCP_DEFER_ACCEPT:
--=20
2.53.0
From nobody Sat May 30 15:33:40 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 292E63016E7
	for <mptcp@lists.linux.dev>; Fri, 29 May 2026 11:14:40 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780053281; cv=none;
 b=A1irYNoJwq96KPIBYQwl0w7GUnXO56C4n8yplfPfBNtju0t/tA+UiaOzJ+8ImbLa/bZId4dpwgqdHB9cDhLA3V1kuPnZhJOhhQLEmTo1yfKZ09fNfUWE4mh4iXGY0Nv5UxFA2TtIWCdH1tM6IIndmJfN5Cpa7/SLtpmdqQE4WOg=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780053281; c=relaxed/simple;
	bh=3gl0K9I5PyXXoykIdu26iq4G+91su8cvRW6scifbKT8=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=cFbn+ahR+J+aROD4/d+fkb/10Cllr36jIEiMPPcG5NCY6jcgDDJS7jz1+neH8Ju4FoziKJJZ5v7KJt3Oq1N2m/331CNqfDxgqIDaibf6nFTzc390pMdaKv85g7CAce7gtuhYPYF5rUsVNRz246pAH8vLyk9Xq9PiAIB+rYPJic4=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=L+wcn3wS; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="L+wcn3wS"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 82B3B1F00893;
	Fri, 29 May 2026 11:14:38 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780053280;
	bh=i1r228t++8Jx2HzWD9Lh3NCKCbWjqFm66UQqWx4jVMw=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=L+wcn3wSU1Q5nLdZaWtJv7LPSdFFHsxJDg33YnLhHn449u6lZmIf9MJtkuKwmfjWr
	 DNNwqqYgLKPtES0gM3zQTy6XPbdnOfJtGu0COU5NgBUAyd8XqoGzvt+dCVY4MSIODY
	 MaPVn/x+Ty/04iQxnuBLH6Vn5EahAbvvAvMB633cVGSRLwXyFPAwxP4WAEp2xlI8OL
	 ZXrdsqkx5ZigxMVBRnAGxRQIODN/+R+OtSCJ6XWVm2waPYTHMJj5FzuU9htkMezCtV
	 NIYmMaZG8CR1vBzkCbrbuI/vVlR/nXaLOwlRD1ACoLBWrBKrB474uUxunAWVpKSWvR
	 QRKubG41P4yIQ==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v22 13/20] selftests: mptcp: connect: use espintcp
 for ulp test
Date: Fri, 29 May 2026 19:13:55 +0800
Message-ID: 
 <246842e2c9737d307f95f94b8dbf86c047b7ccea.1780052851.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.53.0
In-Reply-To: <cover.1780052851.git.tanggeliang@kylinos.cn>
References: <cover.1780052851.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

With KTLS being implemented, "tls" should no longer be used in
sock_test_tcpulp(), it breaks mptcp_connect.sh tests. Another ULP
name, "espintcp", is set instead in this patch.

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 tools/testing/selftests/net/mptcp/config          | 4 ++++
 tools/testing/selftests/net/mptcp/mptcp_connect.c | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/tools/testing/selftests/net/mptcp/config b/tools/testing/selft=
ests/net/mptcp/config
index 59051ee2a986..f48bd5183fb3 100644
--- a/tools/testing/selftests/net/mptcp/config
+++ b/tools/testing/selftests/net/mptcp/config
@@ -34,3 +34,7 @@ CONFIG_NFT_SOCKET=3Dm
 CONFIG_NFT_TPROXY=3Dm
 CONFIG_SYN_COOKIES=3Dy
 CONFIG_VETH=3Dy
+CONFIG_INET_ESP=3Dy
+CONFIG_INET_ESPINTCP=3Dy
+CONFIG_INET6_ESP=3Dy
+CONFIG_INET6_ESPINTCP=3Dy
diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.c b/tools/test=
ing/selftests/net/mptcp/mptcp_connect.c
index cbe573c4ab3a..299a7a02d6f5 100644
--- a/tools/testing/selftests/net/mptcp/mptcp_connect.c
+++ b/tools/testing/selftests/net/mptcp/mptcp_connect.c
@@ -285,11 +285,11 @@ static void sock_test_tcpulp(int sock, int proto, uns=
igned int line)
 	if (buflen > 0) {
 		if (strcmp(buf, "mptcp") !=3D 0)
 			xerror("unexpected ULP '%s' for proto %d at line %u", buf, proto, line);
-		ret =3D do_ulp_so(sock, "tls");
+		ret =3D do_ulp_so(sock, "espintcp");
 		if (ret =3D=3D 0)
 			X("setsockopt");
 	} else if (proto =3D=3D IPPROTO_MPTCP) {
-		ret =3D do_ulp_so(sock, "tls");
+		ret =3D do_ulp_so(sock, "espintcp");
 		if (ret !=3D -1)
 			X("setsockopt");
 	}
--=20
2.53.0
From nobody Sat May 30 15:33:40 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id EC4173016E7
	for <mptcp@lists.linux.dev>; Fri, 29 May 2026 11:14:41 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780053283; cv=none;
 b=ZNQeiV+uoxJwVXdVGA8mo2oqoF97lbXLXYKywxNQU078G4N1Zwk5ww7VAgoembbyYN8ghSZIVIoOwmhJY1qu8nKUIdncOdazMqhYhooaczKmz+DYhQI/W9gdhDctQzsrgFNjFq/9BjU15pu0cbrnSMnQFe1sWCVlGY91F9lNrqU=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780053283; c=relaxed/simple;
	bh=Mqrz92JEPCE1o6xkBk8ggU4pOInHHunzS838mGSLmuE=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=D/AmKhcZq3dh0cJW2AZfYic9/v0DT3wmVbyGLkbd9o20mHhslOxV8aRla0VPSsw/Yw2hhGjYX/CowjXnA4LTRuI+S4pmCv+UhpsF+/xHabenzsyEXTxOywR+T4lwViWmHp7AziH6N0iVNGRcwMHt5/K9XrEn08yDk2U1gDGUcV4=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=B9Lyz9Cd; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="B9Lyz9Cd"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id A77F51F00899;
	Fri, 29 May 2026 11:14:40 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780053281;
	bh=MAO1CzgHEProwfI+nczP+M5IuY8I7OjS+4gtXMDKNlY=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=B9Lyz9Cdsf6f0P51B35OFOVc/Zopq7Pb8yiz7bC9CRm8y26WDIfzXUf5r0uacGaUL
	 iqc/sDcXIZYSqviojySP59bG6jDV2LweZi9TFoT/rs2LBJq+PTjCCFOlk8T00r6olo
	 k5YgTX8CDHJXn0FY3xcPbwH+TvZikAoq7JrGVHgmA9/v9CrZGT/LgfxtiDr65wyMFx
	 SS+2b152iVW8dJgPWECJgbAwBg4GsEjvKOzCtK9YOLMg44QB+7c1pysJAusTkItbIX
	 rpsTEwzqIIPvHt1zJU2ZkBX6YrSYVaR/0SasKc5cTqMZyIWZKEjmiiuKXkdO6fTZ4r
	 KuKbhPOhqzVyg==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v22 14/20] selftests: tls: add mptcp variant for
 testing
Date: Fri, 29 May 2026 19:13:56 +0800
Message-ID: 
 <239e21d57bfbca1e3a1529b07eb32c91a4759bd1.1780052851.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.53.0
In-Reply-To: <cover.1780052851.git.tanggeliang@kylinos.cn>
References: <cover.1780052851.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

To enable easy MPTCP socket creation in MPTCP TLS tests, two protocol
parameters (cli_proto and srv_proto) have been added to ulp_sock_pair().
These are passed as third arguments of socket(): 0 creates TCP sockets,
IPPROTO_MPTCP creates MPTCP sockets.

A new variant "mptcp" is added both in FIXTURE_VARIANT(tls) to control
whether to create MPTCP sockets or not for tests.

Add is_mptcp_enable() helper to check MPTCP support. Used in
FIXTURE_SETUP(tls) to skip MPTCP variants when MPTCP is not enabled.

Also accept EOPNOTSUPP when setting TCP_ULP on MPTCP sockets, as they
may return this error in addition to ENOENT.

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 tools/testing/selftests/net/tls.c | 46 +++++++++++++++++++++++++++----
 1 file changed, 40 insertions(+), 6 deletions(-)

diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/ne=
t/tls.c
index 9b9a3cb2700d..fed83918cd9d 100644
--- a/tools/testing/selftests/net/tls.c
+++ b/tools/testing/selftests/net/tls.c
@@ -26,6 +26,10 @@
 #define TLS_PAYLOAD_MAX_LEN 16384
 #define SOL_TLS 282
=20
+#ifndef IPPROTO_MPTCP
+#define IPPROTO_MPTCP 262
+#endif
+
 static int fips_enabled;
=20
 struct tls_crypto_info_keys {
@@ -108,8 +112,9 @@ static void memrnd(void *s, size_t n)
 		*byte++ =3D rand();
 }
=20
-static void ulp_sock_pair(struct __test_metadata *_metadata,
-			  int *fd, int *cfd, bool *notls)
+static void __ulp_sock_pair(struct __test_metadata *_metadata,
+			    int *fd, int *cfd, bool *notls,
+			    int cli_proto, int srv_proto)
 {
 	struct sockaddr_in addr;
 	socklen_t len;
@@ -122,8 +127,8 @@ static void ulp_sock_pair(struct __test_metadata *_meta=
data,
 	addr.sin_addr.s_addr =3D htonl(INADDR_ANY);
 	addr.sin_port =3D 0;
=20
-	*fd =3D socket(AF_INET, SOCK_STREAM, 0);
-	sfd =3D socket(AF_INET, SOCK_STREAM, 0);
+	*fd =3D socket(AF_INET, SOCK_STREAM, cli_proto);
+	sfd =3D socket(AF_INET, SOCK_STREAM, srv_proto);
=20
 	ret =3D bind(sfd, &addr, sizeof(addr));
 	ASSERT_EQ(ret, 0);
@@ -143,7 +148,7 @@ static void ulp_sock_pair(struct __test_metadata *_meta=
data,
=20
 	ret =3D setsockopt(*fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
 	if (ret !=3D 0) {
-		ASSERT_EQ(errno, ENOENT);
+		ASSERT_TRUE(errno =3D=3D ENOENT || errno =3D=3D EOPNOTSUPP);
 		*notls =3D true;
 		printf("Failure setting TCP_ULP, testing without tls\n");
 		return;
@@ -153,6 +158,12 @@ static void ulp_sock_pair(struct __test_metadata *_met=
adata,
 	ASSERT_EQ(ret, 0);
 }
=20
+static void ulp_sock_pair(struct __test_metadata *_metadata,
+			  int *fd, int *cfd, bool *notls)
+{
+	__ulp_sock_pair(_metadata, fd, cfd, notls, 0, 0);
+}
+
 /* Produce a basic cmsg */
 static int tls_send_cmsg(int fd, unsigned char record_type,
 			 void *data, size_t len, int flags)
@@ -310,6 +321,7 @@ FIXTURE_VARIANT(tls)
 	uint16_t tls_version;
 	uint16_t cipher_type;
 	bool nopad, fips_non_compliant;
+	bool mptcp;
 };
=20
 FIXTURE_VARIANT_ADD(tls, 12_aes_gcm)
@@ -395,6 +407,23 @@ FIXTURE_VARIANT_ADD(tls, 12_aria_gcm_256)
 	.cipher_type =3D TLS_CIPHER_ARIA_GCM_256,
 };
=20
+static bool is_mptcp_enable(void)
+{
+	char buf[16] =3D { 0 };
+	ssize_t n;
+	int fd;
+
+	fd =3D open("/proc/sys/net/mptcp/enabled", O_RDONLY);
+	if (fd < 0)
+		return false;
+
+	n =3D read(fd, buf, sizeof(buf) - 1);
+	close(fd);
+	if (n <=3D 0)
+		return false;
+	return (atoi(buf) =3D=3D 1);
+}
+
 FIXTURE_SETUP(tls)
 {
 	struct tls_crypto_info_keys tls12;
@@ -404,10 +433,15 @@ FIXTURE_SETUP(tls)
 	if (fips_enabled && variant->fips_non_compliant)
 		SKIP(return, "Unsupported cipher in FIPS mode");
=20
+	if (variant->mptcp && !is_mptcp_enable())
+		SKIP(return, "no MPTCP support");
+
 	tls_crypto_info_init(variant->tls_version, variant->cipher_type,
 			     &tls12, 0);
=20
-	ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls);
+	__ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls,
+			variant->mptcp ? IPPROTO_MPTCP : 0,
+			variant->mptcp ? IPPROTO_MPTCP : 0);
=20
 	if (self->notls)
 		return;
--=20
2.53.0
From nobody Sat May 30 15:33:40 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2E81E368947
	for <mptcp@lists.linux.dev>; Fri, 29 May 2026 11:14:44 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780053285; cv=none;
 b=E2ud//4WCZg4saAiCeKpz0mWAmlrl2TaGniLHbpQlONjtgPwcMIaXksuJAiBfOUAPYk2u1XA8Zh6CEkIEjZ7cIp52StEK5ktrbA0zDb63td6Fs1f7FfInnSUO/C7ogtn8mh/ovz1jwekKoQvl8/z5f3hv18Bk6BWur3WnUPXz0k=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780053285; c=relaxed/simple;
	bh=iqV0zSaCNXM8wzAhRBNqtu6qJvXxNa7FekUqOtiqHWo=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=rLJla1yd+3OXlnH35iVN2gALO23yKtJ0W0e2fossEOFWnR6z8iUt3VQkHrjZC7vhRMpbB2QSBdQv+rBYuRC/skCZE5XTLJaW20xdx7WcuLZsiA1ygpCt4IjxK2QO9Rm7MnQnkaLhRS3OyWqjyZ+e0fUzhVe3oM2JlIzQFAT8+MA=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=OlURIi7q; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="OlURIi7q"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 80F591F00893;
	Fri, 29 May 2026 11:14:42 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780053283;
	bh=VqJYDhrdfYG8x1P+nVzqyFokwQq12zc8vWSKIl8WGmY=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=OlURIi7qd0qx0XDfnutfA11pEmapXXjXoV3K8hyCdo9Q7rcSN9XbnsdqPRTdYk8uu
	 9tx/TFw4QLG5hKjnHfdKp75JkBxajolQc1/8YyTZD9KxkTHQkSzPOrV80Hw9hMx1Pu
	 oDVanRnN1vNkVvJzKojI11gj47hsqlCNoVyY+gScOxj6o9B7lA0HjbTGgA9I177DGN
	 wv3ZPKy0+8KmcJ7Hx3Ed7oq1+Mm9Sd0qvn1vb1hd3rYmDTCDGdASRK9q8QjMdSjyzj
	 0i5RESaG2dya1o8nu1pUjeUpssQk4DXDnbAff/SSCU6cdhYVJ5O9cgcoZJW/60xDEJ
	 grPNNoU9zhzmg==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v22 15/20] selftests: tls: increase pollin timeouts
 for mptcp
Date: Fri, 29 May 2026 19:13:57 +0800
Message-ID: 
 <f94cae7b3d7e40c8cba76b2c39ecab7cd4cd99c7.1780052851.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.53.0
In-Reply-To: <cover.1780052851.git.tanggeliang@kylinos.cn>
References: <cover.1780052851.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

MPTCP requires longer timeouts in pollin test due to subflow establishment
delays and slower state transitions. Increase timeout values to prevent
false failures:

 #  RUN           tls.13_sm4_ccm_mptcp.pollin ...
 # tls.c:1411:pollin:Expected poll(&fd, 1, 20) (0) =3D=3D 1 (1)
 # tls.c:1412:pollin:Expected fd.revents & POLLIN (0) =3D=3D 1 (1)
 # pollin: Test failed
 #          FAIL  tls.13_sm4_ccm_mptcp.pollin
 not ok 357 tls.13_sm4_ccm_mptcp.pollin

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 tools/testing/selftests/net/tls.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/ne=
t/tls.c
index fed83918cd9d..5a6c5ee2757f 100644
--- a/tools/testing/selftests/net/tls.c
+++ b/tools/testing/selftests/net/tls.c
@@ -1362,6 +1362,7 @@ TEST_F(tls, bidir)
=20
 TEST_F(tls, pollin)
 {
+	int timeout =3D variant->mptcp ? 100 : 20;
 	char const *test_str =3D "test_poll";
 	struct pollfd fd =3D { 0, 0, 0 };
 	char buf[10];
@@ -1371,11 +1372,11 @@ TEST_F(tls, pollin)
 	fd.fd =3D self->cfd;
 	fd.events =3D POLLIN;
=20
-	EXPECT_EQ(poll(&fd, 1, 20), 1);
+	EXPECT_EQ(poll(&fd, 1, timeout), 1);
 	EXPECT_EQ(fd.revents & POLLIN, 1);
 	EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len);
 	/* Test timing out */
-	EXPECT_EQ(poll(&fd, 1, 20), 0);
+	EXPECT_EQ(poll(&fd, 1, timeout), 0);
 }
=20
 TEST_F(tls, poll_wait)
--=20
2.53.0
From nobody Sat May 30 15:33:40 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7DA30189F43
	for <mptcp@lists.linux.dev>; Fri, 29 May 2026 11:14:46 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780053287; cv=none;
 b=dJDeszWIhqLNT+jgKZ5myh7fnIYyWznnbbYtP+njBgfj1aWFixDRAEjO+dFGLA6eIhKTQtEYZDlkbQaaGb07sl/0c2sElYC2uCdVhwJ7GQgGLts+Jse9Evgsk/COeIncNhOcj0nnu63H41A46lwnqJsMc1FdC5QdnBZeujp6Hqw=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780053287; c=relaxed/simple;
	bh=C8Alr9wHDA1wyvNjYB2Q8LN7wGjGU3z/KZAEUgOKn0E=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=ncxohmPJ5Kj1fy6mkokx9kUMbgIcMbkxakwKDE/2Qhyf9tvnKY+sq5XlkNbr5xfDoMxz+2lKCQJbg2NGpUSwFZlPVl7JnlgMp2Yxbb301e5yDbjbPLbF8A6c7ZcxdeQ9QagNKhp342M2hl0YxwGIyt54SBIiQuNGHvJCmrzXiu4=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=LztGG62n; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="LztGG62n"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id A5A341F00898;
	Fri, 29 May 2026 11:14:44 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780053286;
	bh=WEViAPywuZzQo7Al26/ts5tn23+npYf3//x6bxmYZBQ=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=LztGG62ne8VSCPx1926lv9zYs8IQ7ZprPJVetD26ZTVMOrFYbYmuDhzQMulPA2ram
	 DUId4HEv/HbvwschIOK9kdICj877GKtLgdNn1gZ+L2Zd5l7hO5qe8IEJYwDPCtCShN
	 M5f5QqKMyHFU9CJREY80BeY7Gl4p88qaXPRY5jNzdAmrHqA6slL+GWPJdXl4UwTcXE
	 msTMbnGU/3jROuiYc3ZgX4m/iu71Q86zSto0NdXMOg5RzXYpUkf7izmjfbNeUthMj7
	 zhZDa9mx5K9Y7RP6/U+A6luBhK4sxDNxO2jYyiGcjl7bE/BbBcw4Rzq4cdm/mU3IMT
	 wy8HFEYBPSqeA==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v22 16/20] selftests: tls: increase nonblocking data
 size for mptcp
Date: Fri, 29 May 2026 19:13:58 +0800
Message-ID: 
 <54a119fe0f969a2e8024c3ae56e06fca8c6a9c48.1780052851.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.53.0
In-Reply-To: <cover.1780052851.git.tanggeliang@kylinos.cn>
References: <cover.1780052851.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

Increase the data size in nonblocking tests to accommodate MPTCP's
multi-subflow behavior and ensure sufficient data for testing,
avoiding the following errors:

 #  RUN           tls.12_aria_gcm_mptcp.nonblocking ...
 # tls.c:1534:nonblocking:Expected 0 (0) !=3D eagain (0)
 # nonblocking: Test failed

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 tools/testing/selftests/net/tls.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/ne=
t/tls.c
index 5a6c5ee2757f..64aad661a1b4 100644
--- a/tools/testing/selftests/net/tls.c
+++ b/tools/testing/selftests/net/tls.c
@@ -1468,6 +1468,9 @@ TEST_F(tls, nonblocking)
 	int flags;
 	int res;
=20
+	if (variant->mptcp)
+		data *=3D 4;
+
 	flags =3D fcntl(self->fd, F_GETFL, 0);
 	fcntl(self->fd, F_SETFL, flags | O_NONBLOCK);
 	fcntl(self->cfd, F_SETFL, flags | O_NONBLOCK);
--=20
2.53.0
From nobody Sat May 30 15:33:40 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7BBA23016E7
	for <mptcp@lists.linux.dev>; Fri, 29 May 2026 11:14:48 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780053289; cv=none;
 b=b4oTzPjQNKhC3FjmaG5pMO7MkcFaNQN7fFBpoDZIUMFPGObU3momG20BlZSo5NWLYz0FlZdypNa49+ZNSk9eHv3A7KA7dqhDp+OJbK7js+6ZZ0mpe5jA3x53QtLLr8I/tAuTCzxjUdatTVuZGzYIJZwo8xK4F1Cvbi3d0EPJnLY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780053289; c=relaxed/simple;
	bh=tObZAo0LS5jMzz2TR2El2jbzErgrvVlRvmtiCiaFxJA=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=jg43XECC4ZotqvUuByqcX2ApLycX2h2P6PCkqQrLQ59IV5beiwFKqYjt+COHDWKCF+BinqQW02Wihmkk/u4FoeVjTzjwsLgMmy6qURzM2jP58my2QvU3/+oHe3U4QvihPw9dhpbkpKIWBO9g+SdFiJ+GThqXGVmESRW7XKpKctM=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=ouyyxG5c; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="ouyyxG5c"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id C9A781F00893;
	Fri, 29 May 2026 11:14:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780053288;
	bh=KBTULavDNo0rDYPoW2s6IkaqCZ+B1f0yBJdFI74edPU=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=ouyyxG5cR743bYyKUngIea8qAvSUyQY2+fFffZmlWBltVF7Te1qV6v0lPeylH1LQN
	 CBTJ3GZeLlLC7UrP/UI6RMXe53nkQpduDouBTZ6xXUJ26uMOGkV9Ab9auXm0NaBrhX
	 Gtf7oq/fHw6xSb1UxUqe2uVdOLUqRinrok7Im1jGMAvDdSbTcWR2ZmpThWo81ZZ4iV
	 IEVXLYAWdG0sbfsDLx9dMMFQnmMLeJNo/6HciGkk9ibXQoN3kuv2rood8yDieDmy5+
	 Dl7JQt58C/NY0FbbS70YVGmrxAn29zEA9sNrYcUmsiNrVWh6pHgalkyE32unpmxjMZ
	 DTuYAeDr9WI7w==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v22 17/20] selftests: tls: retry bind on EINVAL in
 shutdown_reuse
Date: Fri, 29 May 2026 19:13:59 +0800
Message-ID: 
 <d7920f37c8ce1cc0449cfe438195ef5f2f2efee6.1780052851.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.53.0
In-Reply-To: <cover.1780052851.git.tanggeliang@kylinos.cn>
References: <cover.1780052851.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

In the shutdown_reuse test, after shutdown and close, bind() may fail
with EINVAL for MPTCP sockets due to asynchronous state transition of
the top-level MPTCP socket. The subflow may have reached TCP_CLOSE,
but the MPTCP socket state hasn't been updated yet.

Retry bind() on EINVAL for up to 1000 iterations (1 second) to allow
the MPTCP socket to complete its state transition.

This fixes the following intermittent failures:

 #  RUN           tls.12_aes_gcm_mptcp.shutdown_reuse ...
 # tls.c:1790:shutdown_reuse:Expected ret (-1) =3D=3D 0 (0)
 # shutdown_reuse: Test failed
 #          FAIL  tls.12_aes_gcm_mptcp.shutdown_reuse
 not ok 14 tls.12_aes_gcm_mptcp.shutdown_reuse
 #  RUN           tls.13_aes_gcm_mptcp.shutdown_reuse ...
 # tls.c:1790:shutdown_reuse:Expected ret (-1) =3D=3D 0 (0)
 # shutdown_reuse: Test failed
 #          FAIL  tls.13_aes_gcm_mptcp.shutdown_reuse
 not ok 15 tls.13_aes_gcm_mptcp.shutdown_reuse
 #  RUN           tls.12_chacha_mptcp.shutdown_reuse ...
 #            OK  tls.12_chacha_mptcp.shutdown_reuse
 ok 16 tls.12_chacha_mptcp.shutdown_reuse
 #  RUN           tls.13_chacha_mptcp.shutdown_reuse ...
 #            OK  tls.13_chacha_mptcp.shutdown_reuse
 ok 17 tls.13_chacha_mptcp.shutdown_reuse
 #  RUN           tls.13_sm4_gcm_mptcp.shutdown_reuse ...
 # tls.c:1790:shutdown_reuse:Expected ret (-1) =3D=3D 0 (0)
 # shutdown_reuse: Test failed
 #          FAIL  tls.13_sm4_gcm_mptcp.shutdown_reuse
 not ok 18 tls.13_sm4_gcm_mptcp.shutdown_reuse

This is only done for MPTCP variants to avoid slowing down plain TCP
tests.

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 tools/testing/selftests/net/tls.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/ne=
t/tls.c
index 64aad661a1b4..4ae7505846f9 100644
--- a/tools/testing/selftests/net/tls.c
+++ b/tools/testing/selftests/net/tls.c
@@ -1744,6 +1744,7 @@ TEST_F(tls, shutdown_unsent)
 TEST_F(tls, shutdown_reuse)
 {
 	struct sockaddr_in addr;
+	int i =3D 0;
 	int ret;
=20
 	shutdown(self->fd, SHUT_RDWR);
@@ -1754,7 +1755,13 @@ TEST_F(tls, shutdown_reuse)
 	addr.sin_addr.s_addr =3D htonl(INADDR_ANY);
 	addr.sin_port =3D 0;
=20
+retry:
 	ret =3D bind(self->fd, &addr, sizeof(addr));
+	if (variant->mptcp &&
+	    ret < 0 && errno =3D=3D EINVAL && i++ < 1000) {
+		usleep(1000);
+		goto retry;
+	}
 	EXPECT_EQ(ret, 0);
 	ret =3D listen(self->fd, 10);
 	EXPECT_EQ(ret, -1);
--=20
2.53.0
From nobody Sat May 30 15:33:40 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id D68B43016E7
	for <mptcp@lists.linux.dev>; Fri, 29 May 2026 11:14:50 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780053291; cv=none;
 b=DbJAVTaEdXYKtfZW8AOeuFtzyqN/UvZQaJL7zl5ey1kP+68NMNcfPmPgL0armnjKfnwLZnJ5JFnH7oYfT7117uOGjc6IiBn7DEuHfpgIXPhQBqm5jScWp/klxC5m3wPmM3AgRx1JlG2rcrsH4rg+tjoS/sxCci82tStOrsrBzF8=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780053291; c=relaxed/simple;
	bh=oqContIvSwDjBBUvCDlGJnboNlniQ4AqWa16l/Stl9A=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=CX10lyWx+AgLZgJCuqWJb/1h/FiDPR7w7uXQ7PQB/wUPIgSkB7fnSc24Q/KpuP4bjFzMgeXNk/vEB9l8FPRJxxX03zod0B3U4+n2fezWoTbWsszt0y8v1JsWLK7lEMFX1o/sP5kXLS4gR0ZAZVaFTRzXBOydXxSui4zHKoAcqZE=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=iavVt3Ov; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="iavVt3Ov"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 14E0B1F00898;
	Fri, 29 May 2026 11:14:48 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780053290;
	bh=jNixIy30UgWwxn53isZSW3yVS4d5nxvceDL4X9ngrNM=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=iavVt3OvBMwv2MJa/5yRnC8C529mgwY1U9YX6k907X+nqaHtoluOuu+ZN0V/VKjK0
	 Wt+XjGZKqWsZyyj1L7iojXID99/3VxSKqx2aYm30bLxZZq7mnkDcvnuXFEY5b/KGPI
	 sXCSoCZIZy0OdNZahjCnUYixo00WQ6vXysNlNXkNrcZ9u1ENaAwJNyIZ0/qzP7x/bw
	 KSROMxUpjYSRj1O9Tagb6DJ/woT9twPjDdoyQ/hkzMLdTnqOs4eLH3W5bolH+rEWTX
	 VuNF3HpiFIHQkUuEuPWysqlOBTi1gfFE0MMUUv0xxnTSj5vhezECa+DYiKhmDWei/G
	 7X9T5Jk0BeYSA==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Paolo Abeni <pabeni@redhat.com>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v22 18/20] selftests: tls: set timeout for
 multi_chunk_sendfile
Date: Fri, 29 May 2026 19:14:00 +0800
Message-ID: 
 <1f8df4b64bc23644c48b25a8a3fc0a4ed8611cb9.1780052851.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.53.0
In-Reply-To: <cover.1780052851.git.tanggeliang@kylinos.cn>
References: <cover.1780052851.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

The multi_chunk_sendfile test can time out with the default 30-second
limit when run on certain configurations (e.g., MPTCP). Add a 240-second
timeout using TEST_F_TIMEOUT to prevent failure:

 # multi_chunk_sendfile: Test terminated by timeout 30
 #          FAIL  tls.13_chacha_mptcp.multi_chunk_sendfile
 not ok 204 tls.13_chacha_mptcp.multi_chunk_sendfile

Suggested-by: Paolo Abeni <pabeni@redhat.com>
Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 tools/testing/selftests/net/tls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/ne=
t/tls.c
index 4ae7505846f9..6f51da27ef1e 100644
--- a/tools/testing/selftests/net/tls.c
+++ b/tools/testing/selftests/net/tls.c
@@ -536,7 +536,7 @@ static void chunked_sendfile(struct __test_metadata *_m=
etadata,
 	close(fd);
 }
=20
-TEST_F(tls, multi_chunk_sendfile)
+TEST_F_TIMEOUT(tls, multi_chunk_sendfile, 240)
 {
 	chunked_sendfile(_metadata, self, 4096, 4096);
 	chunked_sendfile(_metadata, self, 4096, 0);
--=20
2.53.0
From nobody Sat May 30 15:33:40 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id E8800189F43
	for <mptcp@lists.linux.dev>; Fri, 29 May 2026 11:14:52 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780053293; cv=none;
 b=DypBxR/yP2N8ZzOYmDHR6ngNFiVUgyyD7gDIBq1OIEz9BYXFMu4g4sG1C7Ev7MxA4Bhy2kqz3a++RdT3+pFuth7IbQxNSMKjsmcUjBIrNmgKRKcUAlzuFaLIhBJCeSvbzbIHGWJkmHhssJT3GL3NDhs3kaTuGvylKt7gKw+ZaAg=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780053293; c=relaxed/simple;
	bh=82iGtqlHP03QmuWGf0VaMBINawAW0bVgPGIo/n8dCzs=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=eb5yjZAghdQ94BJ9rSuRitq3iUEcWDgiHdNILTqbR3X2xmFUg1PvNio0eyAwlaEd9BRwAOhiuxCdjOlfqNckOlyZ1drj2BMa3t6HYInhYOXDevfStnt5qbc9yqcxDuzb1ZEHDTjw7XyKhy5pMyZbIGBeO+kmtAMD5r5P5HRz1cM=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=COD88hPO; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="COD88hPO"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 69E321F00893;
	Fri, 29 May 2026 11:14:51 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780053292;
	bh=sD3L1RTJjtvETcJNDdakdqHvduVfdS94pHrk3pmxhy0=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=COD88hPOaoSkorQjo5m3m3mkXgtVLh/yX9LZf8WAbsvNxmAfrjhanAQuuPibm7EEE
	 fCdiNM/+l46DCXovNG/JXIXPqcDZshjHHkN2ktnpOI4VeJl0B4CSe6YHoKq/XR84/8
	 xauTrPDBwXxNF26f1bjLhAcjWiCSsRqSy3lXkaNY0rrJTfzkYaj1FX0KDuGKBpR438
	 ehsu4X46ulOPtGeVfvF//PirmLyNbrySHDPjisO+xLTfnZeYIQbSjajoXJrbBFDkP/
	 zG/m61xaeILZPtHvO88gscOyCd07eLU2IZj09xa22L/71JURJoLolWzD37F/CrTC+g
	 /2exBGzXKnC+g==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v22 19/20] selftests: tls: add mptcp test cases
Date: Fri, 29 May 2026 19:14:01 +0800
Message-ID: 
 <63dfcd5f4d0feda7a8ae243c7e7291c317f510b7.1780052851.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.53.0
In-Reply-To: <cover.1780052851.git.tanggeliang@kylinos.cn>
References: <cover.1780052851.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

This patch introduces MPTCP test cases for the TLS fixture. These "mptcp"
variants are configured to create MPTCP sockets specifically for MPTCP TLS
testing purposes.

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 tools/testing/selftests/net/tls.c | 96 +++++++++++++++++++++++++++++++
 1 file changed, 96 insertions(+)

diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/ne=
t/tls.c
index 6f51da27ef1e..83cdb06da587 100644
--- a/tools/testing/selftests/net/tls.c
+++ b/tools/testing/selftests/net/tls.c
@@ -407,6 +407,102 @@ FIXTURE_VARIANT_ADD(tls, 12_aria_gcm_256)
 	.cipher_type =3D TLS_CIPHER_ARIA_GCM_256,
 };
=20
+FIXTURE_VARIANT_ADD(tls, 12_aes_gcm_mptcp)
+{
+	.tls_version =3D TLS_1_2_VERSION,
+	.cipher_type =3D TLS_CIPHER_AES_GCM_128,
+	.mptcp =3D true,
+};
+
+FIXTURE_VARIANT_ADD(tls, 13_aes_gcm_mptcp)
+{
+	.tls_version =3D TLS_1_3_VERSION,
+	.cipher_type =3D TLS_CIPHER_AES_GCM_128,
+	.mptcp =3D true,
+};
+
+FIXTURE_VARIANT_ADD(tls, 12_chacha_mptcp)
+{
+	.tls_version =3D TLS_1_2_VERSION,
+	.cipher_type =3D TLS_CIPHER_CHACHA20_POLY1305,
+	.fips_non_compliant =3D true,
+	.mptcp =3D true,
+};
+
+FIXTURE_VARIANT_ADD(tls, 13_chacha_mptcp)
+{
+	.tls_version =3D TLS_1_3_VERSION,
+	.cipher_type =3D TLS_CIPHER_CHACHA20_POLY1305,
+	.fips_non_compliant =3D true,
+	.mptcp =3D true,
+};
+
+FIXTURE_VARIANT_ADD(tls, 13_sm4_gcm_mptcp)
+{
+	.tls_version =3D TLS_1_3_VERSION,
+	.cipher_type =3D TLS_CIPHER_SM4_GCM,
+	.fips_non_compliant =3D true,
+	.mptcp =3D true,
+};
+
+FIXTURE_VARIANT_ADD(tls, 13_sm4_ccm_mptcp)
+{
+	.tls_version =3D TLS_1_3_VERSION,
+	.cipher_type =3D TLS_CIPHER_SM4_CCM,
+	.fips_non_compliant =3D true,
+	.mptcp =3D true,
+};
+
+FIXTURE_VARIANT_ADD(tls, 12_aes_ccm_mptcp)
+{
+	.tls_version =3D TLS_1_2_VERSION,
+	.cipher_type =3D TLS_CIPHER_AES_CCM_128,
+	.mptcp =3D true,
+};
+
+FIXTURE_VARIANT_ADD(tls, 13_aes_ccm_mptcp)
+{
+	.tls_version =3D TLS_1_3_VERSION,
+	.cipher_type =3D TLS_CIPHER_AES_CCM_128,
+	.mptcp =3D true,
+};
+
+FIXTURE_VARIANT_ADD(tls, 12_aes_gcm_256_mptcp)
+{
+	.tls_version =3D TLS_1_2_VERSION,
+	.cipher_type =3D TLS_CIPHER_AES_GCM_256,
+	.mptcp =3D true,
+};
+
+FIXTURE_VARIANT_ADD(tls, 13_aes_gcm_256_mptcp)
+{
+	.tls_version =3D TLS_1_3_VERSION,
+	.cipher_type =3D TLS_CIPHER_AES_GCM_256,
+	.mptcp =3D true,
+};
+
+FIXTURE_VARIANT_ADD(tls, 13_nopad_mptcp)
+{
+	.tls_version =3D TLS_1_3_VERSION,
+	.cipher_type =3D TLS_CIPHER_AES_GCM_128,
+	.nopad =3D true,
+	.mptcp =3D true,
+};
+
+FIXTURE_VARIANT_ADD(tls, 12_aria_gcm_mptcp)
+{
+	.tls_version =3D TLS_1_2_VERSION,
+	.cipher_type =3D TLS_CIPHER_ARIA_GCM_128,
+	.mptcp =3D true,
+};
+
+FIXTURE_VARIANT_ADD(tls, 12_aria_gcm_256_mptcp)
+{
+	.tls_version =3D TLS_1_2_VERSION,
+	.cipher_type =3D TLS_CIPHER_ARIA_GCM_256,
+	.mptcp =3D true,
+};
+
 static bool is_mptcp_enable(void)
 {
 	char buf[16] =3D { 0 };
--=20
2.53.0
From nobody Sat May 30 15:33:40 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4C07933A9E1
	for <mptcp@lists.linux.dev>; Fri, 29 May 2026 11:14:55 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780053296; cv=none;
 b=AsKEo72LsTpw2iZ9WDIV3xN+O8bfYFB92xyNb9sNa1/ZmjBq/rSkATq0bAmkvh7gh6Gf/MDMs1XxZAN1OPNxLp6IViJk1i0ur9K4ul/vXgdkaqvJOy9Um3rFUDIq3dOSEs6p6guxMly0zpoXLwZIhVgfx/5SZdpQKwwI828NhSE=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780053296; c=relaxed/simple;
	bh=92H9x9yFNkbJgJjQ0eKxqkSzeLXxSN34dHUm+ZBI/Ec=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=q35sucQYtUDZIAPLUjTw2wruolGufSsfdZo3dDOgABooNfGZSeJ32rz33tc5+8Agf8OP19YiAs34+mxuiYaXTm9DAx6Dmt4PPUoD8Mu2ffvINaF8U3vNFPoJoHz4GJvEpPWIwEH/TiLecD8hWr/1RQJ2Ta+r3SUqkwyt3EdKyxo=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=H7M78kvE; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="H7M78kvE"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8F02D1F00898;
	Fri, 29 May 2026 11:14:53 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780053295;
	bh=EToo3lVyscBNTbcRYQRhh2LBDC9LSekOmA85iyM/VrY=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=H7M78kvE78G6jG5wM/1gbY0/g3eBY3QJQlCp2tenVITXa5L3ikbhPV9KGohoheBL0
	 QCGD5XQPxH5BIkPN8U0WyuZpnf698dI2FmMkr6vD3iY9PxZSyKqDs/DZOWmNIeSNAI
	 qIg3OjOTHCTEJK3tU2W1ASyeLCKX3kyH97Q94J3khcSn36qfqyA3RZbuDkYbDvA80O
	 2nwbE47g3J9+jyqQ8tEK+6Z7PQBYgtM1/1gDEekXbB1XMk84dyotSfrwqA1wFvFkg/
	 0yRsgQHDiwlTz5iV/KDqBVFop27zAAiPiaaeJ7SHidxJBxeuBIE0hzVMiDOxSq2B3R
	 yM93Dymane9+A==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v22 20/20] selftests: mptcp: cover mptcp tls tests
Date: Fri, 29 May 2026 19:14:02 +0800
Message-ID: 
 <6aa2f2b3e4a6c3cd3a0731d4c9887aab98a25f2c.1780052851.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.53.0
In-Reply-To: <cover.1780052851.git.tanggeliang@kylinos.cn>
References: <cover.1780052851.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

The mptcp tests for tls.c is available now, this patch adds mptcp_tls.sh
to test it in the MPTCP CI by default.

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 tools/testing/selftests/net/mptcp/.gitignore  |  1 +
 tools/testing/selftests/net/mptcp/Makefile    |  2 +
 tools/testing/selftests/net/mptcp/config      |  5 ++
 .../testing/selftests/net/mptcp/mptcp_tls.sh  | 61 +++++++++++++++++++
 tools/testing/selftests/net/mptcp/tls.c       |  1 +
 5 files changed, 70 insertions(+)
 create mode 100755 tools/testing/selftests/net/mptcp/mptcp_tls.sh
 create mode 120000 tools/testing/selftests/net/mptcp/tls.c

diff --git a/tools/testing/selftests/net/mptcp/.gitignore b/tools/testing/s=
elftests/net/mptcp/.gitignore
index 833279fb34e2..f6defec6eeb5 100644
--- a/tools/testing/selftests/net/mptcp/.gitignore
+++ b/tools/testing/selftests/net/mptcp/.gitignore
@@ -4,4 +4,5 @@ mptcp_diag
 mptcp_inq
 mptcp_sockopt
 pm_nl_ctl
+tls
 *.pcap
diff --git a/tools/testing/selftests/net/mptcp/Makefile b/tools/testing/sel=
ftests/net/mptcp/Makefile
index 22ba0da2adb8..f7c959a25b3b 100644
--- a/tools/testing/selftests/net/mptcp/Makefile
+++ b/tools/testing/selftests/net/mptcp/Makefile
@@ -14,6 +14,7 @@ TEST_PROGS :=3D \
 	mptcp_connect_splice.sh \
 	mptcp_join.sh \
 	mptcp_sockopt.sh \
+	mptcp_tls.sh \
 	pm_netlink.sh \
 	simult_flows.sh \
 	userspace_pm.sh \
@@ -25,6 +26,7 @@ TEST_GEN_FILES :=3D \
 	mptcp_inq \
 	mptcp_sockopt \
 	pm_nl_ctl \
+	tls \
 # end of TEST_GEN_FILES
=20
 TEST_FILES :=3D \
diff --git a/tools/testing/selftests/net/mptcp/config b/tools/testing/selft=
ests/net/mptcp/config
index f48bd5183fb3..bfc26bde0501 100644
--- a/tools/testing/selftests/net/mptcp/config
+++ b/tools/testing/selftests/net/mptcp/config
@@ -38,3 +38,8 @@ CONFIG_INET_ESP=3Dy
 CONFIG_INET_ESPINTCP=3Dy
 CONFIG_INET6_ESP=3Dy
 CONFIG_INET6_ESPINTCP=3Dy
+CONFIG_TLS=3Dm
+CONFIG_CRYPTO_ARIA=3Dm
+CONFIG_CRYPTO_CCM=3Dm
+CONFIG_CRYPTO_CHACHA20POLY1305=3Dm
+CONFIG_CRYPTO_SM4_GENERIC=3Dm
diff --git a/tools/testing/selftests/net/mptcp/mptcp_tls.sh b/tools/testing=
/selftests/net/mptcp/mptcp_tls.sh
new file mode 100755
index 000000000000..79d120cd4b16
--- /dev/null
+++ b/tools/testing/selftests/net/mptcp/mptcp_tls.sh
@@ -0,0 +1,61 @@
+#!/bin/bash
+# SPDX-License-Identifier: GPL-2.0
+
+. "$(dirname "${0}")/mptcp_lib.sh"
+
+ret=3D0
+ns1=3D""
+pid=3D""
+
+# This function is used in the cleanup trap
+#shellcheck disable=3DSC2317,SC2329
+cleanup()
+{
+	if [ -n "$pid" ] && kill -0 "$pid" 2>/dev/null; then
+		kill "$pid" 2>/dev/null
+		wait "$pid" 2>/dev/null
+	fi
+
+	mptcp_lib_ns_exit "$ns1"
+}
+
+init()
+{
+	local max=3D"${1:-4}"
+
+	mptcp_lib_ns_init ns1
+
+	mptcp_lib_pm_nl_set_limits "$ns1" "$max" "$max"
+
+	local i
+	for i in $(seq 1 "$max"); do
+		mptcp_lib_pm_nl_add_endpoint "$ns1" \
+			"127.0.0.1" flags signal port 1000"$i"
+	done
+}
+
+mptcp_lib_check_mptcp
+
+trap cleanup EXIT
+
+init
+
+ip netns exec "$ns1" ./tls -v 12_aes_gcm_mptcp \
+			   -v 13_aes_gcm_mptcp \
+			   -v 12_chacha_mptcp \
+			   -v 13_chacha_mptcp \
+			   -v 13_sm4_gcm_mptcp \
+			   -v 13_sm4_ccm_mptcp \
+			   -v 12_aes_ccm_mptcp \
+			   -v 13_aes_ccm_mptcp \
+			   -v 12_aes_gcm_256_mptcp \
+			   -v 13_aes_gcm_256_mptcp \
+			   -v 13_nopad_mptcp \
+			   -v 12_aria_gcm_mptcp \
+			   -v 12_aria_gcm_256_mptcp &
+pid=3D$!
+wait $pid
+ret=3D$?
+
+mptcp_lib_result_print_all_tap
+exit $ret
diff --git a/tools/testing/selftests/net/mptcp/tls.c b/tools/testing/selfte=
sts/net/mptcp/tls.c
new file mode 120000
index 000000000000..724b1f047c89
--- /dev/null
+++ b/tools/testing/selftests/net/mptcp/tls.c
@@ -0,0 +1 @@
+../tls.c
\ No newline at end of file
--=20
2.53.0