From nobody Mon Jun 8 04:25:15 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A70782E764D for ; Fri, 5 Jun 2026 01:23:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622629; cv=none; b=fJhq6pJVaqKT92mXVIzweAGA42ZnOm9yGJ3tW396s1MwqTdp7iWKrZBZt1vKY115xmaUfhir9GYrqOf6EhAcaDFXPMg0hfqaqSIf9K3hmu3U3zBsQg6JMP4m9HedU7Zwlq+bfEf19cA05xYyjZcTu6QIK5Lm/eZdG73by32z5BA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622629; c=relaxed/simple; bh=T9pzYjR4nP+ZbJ/0E0pAYmE0zL4KcGgn08+F8Uq8KM8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=FYwToAct0UgeN6urRex3AA/WRh1Ebrldku+R06um/zH/YYDNrSTT883Kg62YiGLN181GjUXh5Vx8CQ9YGcYx7DYI0RveRUegmWj6k54Yny2qcWX/WV6bSryaLhabnaA+nfisnR3m9VJpx1YTD8VNqgfHuqoEavuEndppRGG20LA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=UCdtazy4; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="UCdtazy4" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4C1151F00893; Fri, 5 Jun 2026 01:23:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1780622624; bh=5KFfqZIC9/gx5OgaUNtX+5UM8ICakik9uNzS+rxhEJE=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=UCdtazy46Shyi910zN+ias8mjOjcx5GskfA4VGH0pm7Cy6qfD26B0aWqLtN00KTGw b5UEnS+iDjA2NaC6FDReWhuEIAZplVU83b/HM1nL0brUPNw2J2OxdKgRg1cS6YKGRa r6+yGOMPDD7x4rYAmVffXazU2kj7U0LH0j5IwCrNJgVadAVbZrfCUrIHI4sN3RETzi AhAa1ZkDnvP/SpvlXGKD2e2aA2lYndWPBEceBfU9z4FxYy/IrKnowjVpHsrI4IT5Al tHdPp9jIq1xNu266dydoyp2zYlBmF2X7W6NS5TkEpr8dVuIl+cU87FKYAxZo6BPG0b 8i4Q/Q5VpdGgg== From: Geliang Tang To: mptcp@lists.linux.dev, yangang@kylinos.cn, qiang.zhang@linux.dev Cc: Geliang Tang Subject: [RFC mptcp-next v24 01/18] tls: restore sk_prot before calling original destructor Date: Fri, 5 Jun 2026 09:22:41 +0800 Message-ID: <4eace29b1e3623a5100cda2c5e1ca2f982474c94.1780621326.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang When a TLS socket is offloaded to a TOE device, tls_toe_bypass() replaces sk->sk_prot with a TLS-specific protocol table. On socket destruction, tls_toe_sk_destruct() calls the original sk_destruct callback (ctx->sk_destruct), which may rely on the original sk_prot (e.g., for memory accounting or close handling). Without restoring sk->sk_prot before calling ctx->sk_destruct, the destructor may access stale or incorrect protocol functions, leading to use-after-free or kernel panic. Add WRITE_ONCE(sk->sk_prot, ctx->sk_proto) before invoking ctx->sk_destruct to restore the original protocol pointer. This mirrors the restoration already done in tls_sk_proto_close() for the software and device offload paths. Fixes: 76f7164d02d4 ("net/tls: free ctx in sock destruct") Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- net/tls/tls_toe.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/tls/tls_toe.c b/net/tls/tls_toe.c index 825669e1ab47..c9c1a0952f4b 100644 --- a/net/tls/tls_toe.c +++ b/net/tls/tls_toe.c @@ -48,6 +48,8 @@ static void tls_toe_sk_destruct(struct sock *sk) struct inet_connection_sock *icsk =3D inet_csk(sk); struct tls_context *ctx =3D tls_get_ctx(sk); =20 + WRITE_ONCE(sk->sk_prot, ctx->sk_proto); + ctx->sk_destruct(sk); /* Free ctx */ rcu_assign_pointer(icsk->icsk_ulp_data, NULL); --=20 2.53.0 From nobody Mon Jun 8 04:25:15 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C810D3909A7 for ; Fri, 5 Jun 2026 01:23:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622637; cv=none; b=f3O90rB9KtE6nlUPmjU6UYA5oTQFv8aeNgMJcI3duMT5g7KKVoHnVS1VUJxgxKsvh8o8C4S0w5+0eg8GJmbePqwnifuaREdBfMU/pFTxDphQ9KWXqAn6ObV8TN/wuuIDI2NmUKohzKmgBTXKq7xGpx52EW4lerrLAPoSINR8Ig4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622637; c=relaxed/simple; bh=mXXXQ1hTFX5YwHbN2eRMya+XfHKAY6qsw3TVQSOB5HY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Db+vDW/+T9u1XDLSvi8eXa2bQWDmPr35olkJYmduZM839gFzt0vlWDPWM93ih606uZoRdFkG5JIQI3CKRQRR7+PGzt3nF/XLEezkhTHC47OT3K8SW9LiJyYh50m2VYIKudBve5J/DXUQl0b7R/IqXAOxu6ki4hz7smXIaMg6plw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ZSMCgrDh; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ZSMCgrDh" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 447FA1F00899; Fri, 5 Jun 2026 01:23:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1780622628; bh=tWofvDHpbrqfzq+HQx7fPnFXtYb0+inkOq0FwYW4NLE=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=ZSMCgrDhSKTqtNeylzNKB2f2SuZR+nAjiW2YvSoUP8yRT/bAC6LOQ0fJZ05XuaeHZ wzfJDmtEW1sl7XDUKRyFtdcMY+YQzfbfFfPg+G+ilZKeYZepEJDZOIiCkfbGMSNlGy s/11dBFsLLAfrI1XWUOAVlF2VnvMzwFgw3+sMvINR2+uZljr6UDeeyYUcOiejM+hOA AnmKAiyehmHJWfi5YXc3akdbXVfWubQG614SpHUBHl0IoLi2ae1v6f7UCJgV/+somK 5RZf0Ni6qFYDUqkco68MovQtmE3k5UeJ8Ck//dgMpDRaEsg/REGds2qh2WunW29TMN R2TU+SoY5AB5A== From: Geliang Tang To: mptcp@lists.linux.dev, yangang@kylinos.cn, qiang.zhang@linux.dev Cc: Geliang Tang Subject: [RFC mptcp-next v24 02/18] tls: add READ_ONCE and NULL check for tls_get_ctx Date: Fri, 5 Jun 2026 09:22:42 +0800 Message-ID: <15f8380158a1bd8cd185fe1f28c4ce4d573ae57a.1780621326.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang In tls_sk_poll(), tls_get_ctx(sk) may return NULL when the TLS context is being released, leading to a NULL pointer dereference. Add a NULL check to prevent this. Additionally, the comment in tls_get_ctx() claimed that RCU dereference is not needed for TLS data path, but lockless readers such as tls_sk_poll() need at least READ_ONCE to ensure a consistent read. Use READ_ONCE() and update the comment accordingly. Fixes: 121dca784fc0 ("tls: suppress wakeups unless we have a full record") Co-developed-by: Zqiang Signed-off-by: Zqiang Signed-off-by: Geliang Tang --- include/net/tls.h | 4 +++- net/tls/tls_main.c | 3 +++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/include/net/tls.h b/include/net/tls.h index ebd2550280ae..28b21906091d 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -372,8 +372,10 @@ static inline struct tls_context *tls_get_ctx(const st= ruct sock *sk) =20 /* Use RCU on icsk_ulp_data only for sock diag code, * TLS data path doesn't need rcu_dereference(). + * Some callers (e.g., tls_sk_poll) are lockless + * so READ_ONCE() is needed. */ - return (__force void *)icsk->icsk_ulp_data; + return (__force void *)READ_ONCE(icsk->icsk_ulp_data); } =20 static inline struct tls_sw_context_rx *tls_sw_ctx_rx( diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index fd39acf41a61..ffedc5553a47 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -417,6 +417,9 @@ static __poll_t tls_sk_poll(struct file *file, struct s= ocket *sock, return mask; =20 tls_ctx =3D tls_get_ctx(sk); + if (!tls_ctx) + return mask; + ctx =3D tls_sw_ctx_rx(tls_ctx); psock =3D sk_psock_get(sk); =20 --=20 2.53.0 From nobody Mon Jun 8 04:25:15 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EBB4F35A3B9 for ; Fri, 5 Jun 2026 01:23:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622643; cv=none; b=g1XMqy7SClGffnZmQGPCYIKZ3imHL94IttBhQkH8TT+e7tlmXjgEO+NIIPN5AW8gnegeeBwjF+vf5ykF82dsOakO2ZYPR1FL/bDxCYvlQZJ5PQ8HRL3mQvWCR6Z0VKBLnS1C36PeN/wAVVCRE8jvrLW5TEhhqkTyWpaQL/ngnBc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622643; c=relaxed/simple; bh=L8LFD8Xv7YiC+7fHSwTMGYVbGGWhFkJCezwoZzWcg4s=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=KWH2Wywm8cDNDNPv3OQ3dvf2MMhoxsRs9yJ2/xEUk2n/r/ggbT3L+EUcwHlf70GDQ4MC2O6zqOwJ0fEmVgM5oymHsqjRL/MoSPHpelh+Nm6wCubtDy6YVfDYuAGlMB3ZyrjcpLkprlsfXD+S0t4KfcyfSZdYQJ9uWp+yj+uav2o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=bvf2sRCU; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="bvf2sRCU" Received: by smtp.kernel.org (Postfix) with ESMTPSA id BAC1F1F0089A; Fri, 5 Jun 2026 01:23:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1780622636; bh=qsrz0MqK2nbVFYR50ZnCxTeD8uOUZvjJFtT79gWLBz8=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=bvf2sRCUaUMVhO7BC0ipJxWH+ehN8ekay3LSQ7JIqU6PXKTOXLt2rqyEusrPCpDUN nmt7jkpQ0C9Zbio6tQf/rzeP88thXJCIVUe4M6rJa/Gtf/TpePnBGnO7N9lJcsQiSU 8ESiWbOlzda9qHFOz4Nqp5XrIQak3tGwE/UnrXMXToqkSrFnviByeuLL97q0ugU/xl R1Pb973al6oNUbDO07XyVOiaXjk636aRALDSw3WEeeXD3w7XNLpXY/aiYaHDpD0Jfy bm5VNY3c/C0gVDogMak/us1GEV8EchsUYX7YBa3uJlRQJFk2FDBDBVPW7K0fKaDjOJ DTzXq7UlbBeZg== From: Geliang Tang To: mptcp@lists.linux.dev, yangang@kylinos.cn, qiang.zhang@linux.dev Cc: Geliang Tang Subject: [RFC mptcp-next v24 03/18] tls: add per-protocol cache for mptcp support Date: Fri, 5 Jun 2026 09:22:43 +0800 Message-ID: <4cb054fe86a64996012c7cad2ed24f9987a4091d.1780621326.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang The TLS ULP uses global static arrays to cache base protocol operations. When MPTCP sockets enable TLS, they overwrite these global caches when building for MPTCP, causing active TCP TLS sockets to use MPTCP-specific ops. This leads to type confusion and kernel panics. Fix by replacing the global caches with a per-protocol linked list. Each protocol (TCP, MPTCP, etc.) now has its own cached operations, stored in struct tls_prot and referenced from tls_context. Add a struct tls_prot *prot parameter to tls_ctx_create() and tls_toe_bypass(), and store the pointer in tls_context. This allows protocol-specific TLS operation tables (e.g., for MPTCP) to be passed down. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- include/net/tls.h | 12 ++++ include/net/tls_toe.h | 2 +- net/tls/tls.h | 2 +- net/tls/tls_main.c | 139 +++++++++++++++++++++++++++++++----------- net/tls/tls_toe.c | 4 +- 5 files changed, 118 insertions(+), 41 deletions(-) diff --git a/include/net/tls.h b/include/net/tls.h index 28b21906091d..758a5ee9b0a0 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -220,6 +220,16 @@ struct tls_prot_info { u16 tail_size; }; =20 +struct tls_prot { + struct rcu_head rcu; + refcount_t refcnt; + struct list_head list; + int ip_ver; + const struct proto *prot; + struct proto prots[TLS_NUM_CONFIG][TLS_NUM_CONFIG]; + struct proto_ops proto_ops[TLS_NUM_CONFIG][TLS_NUM_CONFIG]; +}; + struct tls_context { /* read-only cache line */ struct tls_prot_info prot_info; @@ -257,6 +267,8 @@ struct tls_context { struct proto *sk_proto; struct sock *sk; =20 + struct tls_prot *prot; + void (*sk_destruct)(struct sock *sk); =20 union tls_crypto_context crypto_send; diff --git a/include/net/tls_toe.h b/include/net/tls_toe.h index b3aa7593ce2c..f1de7d2498cf 100644 --- a/include/net/tls_toe.h +++ b/include/net/tls_toe.h @@ -69,7 +69,7 @@ struct tls_toe_device { struct kref kref; }; =20 -int tls_toe_bypass(struct sock *sk); +int tls_toe_bypass(struct sock *sk, struct tls_prot *prot); int tls_toe_hash(struct sock *sk); void tls_toe_unhash(struct sock *sk); =20 diff --git a/net/tls/tls.h b/net/tls/tls.h index 12f44cb649c9..b9a41e1b8f8c 100644 --- a/net/tls/tls.h +++ b/net/tls/tls.h @@ -136,7 +136,7 @@ struct tls_rec { int __net_init tls_proc_init(struct net *net); void __net_exit tls_proc_fini(struct net *net); =20 -struct tls_context *tls_ctx_create(struct sock *sk); +struct tls_context *tls_ctx_create(struct sock *sk, struct tls_prot *prot); void tls_ctx_free(struct sock *sk, struct tls_context *ctx); void update_sk_prot(struct sock *sk, struct tls_context *ctx); =20 diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index ffedc5553a47..32ea08e1f317 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -119,23 +119,59 @@ CHECK_CIPHER_DESC(TLS_CIPHER_SM4_CCM, tls12_crypto_in= fo_sm4_ccm); CHECK_CIPHER_DESC(TLS_CIPHER_ARIA_GCM_128, tls12_crypto_info_aria_gcm_128); CHECK_CIPHER_DESC(TLS_CIPHER_ARIA_GCM_256, tls12_crypto_info_aria_gcm_256); =20 -static const struct proto *saved_tcpv6_prot; -static DEFINE_MUTEX(tcpv6_prot_mutex); -static const struct proto *saved_tcpv4_prot; -static DEFINE_MUTEX(tcpv4_prot_mutex); -static struct proto tls_prots[TLS_NUM_PROTS][TLS_NUM_CONFIG][TLS_NUM_CONFI= G]; -static struct proto_ops tls_proto_ops[TLS_NUM_PROTS][TLS_NUM_CONFIG][TLS_N= UM_CONFIG]; +static LIST_HEAD(tls_prot_list); +static DEFINE_SPINLOCK(tls_prot_lock); static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG], const struct proto *base); =20 +static struct tls_prot *tls_prot_find(const struct proto *proto, + int ip_ver) +{ + struct tls_prot *prot, *ret =3D NULL; + + rcu_read_lock(); + list_for_each_entry_rcu(prot, &tls_prot_list, list) { + if (prot->prot =3D=3D proto && prot->ip_ver =3D=3D ip_ver && + refcount_inc_not_zero(&prot->refcnt)) { + ret =3D prot; + break; + } + } + rcu_read_unlock(); + return ret; +} + +static void tls_prot_free(struct rcu_head *rcu) +{ + struct tls_prot *prot =3D container_of(rcu, struct tls_prot, rcu); + + kfree(prot); +} + +static void tls_prot_cleanup(void) +{ + struct tls_prot *prot, *tmp; + + spin_lock_bh(&tls_prot_lock); + list_for_each_entry_safe(prot, tmp, &tls_prot_list, list) { + list_del_rcu(&prot->list); + call_rcu(&prot->rcu, tls_prot_free); + } + spin_unlock_bh(&tls_prot_lock); + rcu_barrier(); +} + void update_sk_prot(struct sock *sk, struct tls_context *ctx) { - int ip_ver =3D sk->sk_family =3D=3D AF_INET6 ? TLSV6 : TLSV4; + struct tls_prot *prot =3D ctx->prot; + + if (!prot) + return; =20 WRITE_ONCE(sk->sk_prot, - &tls_prots[ip_ver][ctx->tx_conf][ctx->rx_conf]); + &prot->prots[ctx->tx_conf][ctx->rx_conf]); WRITE_ONCE(sk->sk_socket->ops, - &tls_proto_ops[ip_ver][ctx->tx_conf][ctx->rx_conf]); + &prot->proto_ops[ctx->tx_conf][ctx->rx_conf]); } =20 int wait_on_pending_writer(struct sock *sk, long *timeo) @@ -314,6 +350,16 @@ static void tls_write_space(struct sock *sk) ctx->sk_write_space(sk); } =20 +static void tls_prot_put(struct tls_prot *prot) +{ + if (refcount_dec_and_test(&prot->refcnt)) { + spin_lock_bh(&tls_prot_lock); + list_del_rcu(&prot->list); + spin_unlock_bh(&tls_prot_lock); + call_rcu(&prot->rcu, tls_prot_free); + } +} + /** * tls_ctx_free() - free TLS ULP context * @sk: socket to with @ctx is attached @@ -327,6 +373,11 @@ void tls_ctx_free(struct sock *sk, struct tls_context = *ctx) if (!ctx) return; =20 + if (ctx->prot) { + tls_prot_put(ctx->prot); + ctx->prot =3D NULL; + } + memzero_explicit(&ctx->crypto_send, sizeof(ctx->crypto_send)); memzero_explicit(&ctx->crypto_recv, sizeof(ctx->crypto_recv)); mutex_destroy(&ctx->tx_lock); @@ -913,7 +964,7 @@ static int tls_disconnect(struct sock *sk, int flags) return -EOPNOTSUPP; } =20 -struct tls_context *tls_ctx_create(struct sock *sk) +struct tls_context *tls_ctx_create(struct sock *sk, struct tls_prot *prot) { struct inet_connection_sock *icsk =3D inet_csk(sk); struct tls_context *ctx; @@ -924,6 +975,7 @@ struct tls_context *tls_ctx_create(struct sock *sk) =20 mutex_init(&ctx->tx_lock); ctx->sk_proto =3D READ_ONCE(sk->sk_prot); + ctx->prot =3D prot; ctx->sk =3D sk; /* Release semantic of rcu_assign_pointer() ensures that * ctx->sk_proto is visible before changing sk->sk_prot in @@ -971,35 +1023,41 @@ static void build_proto_ops(struct proto_ops ops[TLS= _NUM_CONFIG][TLS_NUM_CONFIG] #endif } =20 -static void tls_build_proto(struct sock *sk) +static struct tls_prot *tls_build_proto(struct sock *sk) { int ip_ver =3D sk->sk_family =3D=3D AF_INET6 ? TLSV6 : TLSV4; struct proto *prot =3D READ_ONCE(sk->sk_prot); + struct tls_prot *proto, *cache; =20 - /* Build IPv6 TLS whenever the address of tcpv6 _prot changes */ - if (ip_ver =3D=3D TLSV6 && - unlikely(prot !=3D smp_load_acquire(&saved_tcpv6_prot))) { - mutex_lock(&tcpv6_prot_mutex); - if (likely(prot !=3D saved_tcpv6_prot)) { - build_protos(tls_prots[TLSV6], prot); - build_proto_ops(tls_proto_ops[TLSV6], - sk->sk_socket->ops); - smp_store_release(&saved_tcpv6_prot, prot); - } - mutex_unlock(&tcpv6_prot_mutex); - } + if (!sk->sk_socket) + return NULL; =20 - if (ip_ver =3D=3D TLSV4 && - unlikely(prot !=3D smp_load_acquire(&saved_tcpv4_prot))) { - mutex_lock(&tcpv4_prot_mutex); - if (likely(prot !=3D saved_tcpv4_prot)) { - build_protos(tls_prots[TLSV4], prot); - build_proto_ops(tls_proto_ops[TLSV4], - sk->sk_socket->ops); - smp_store_release(&saved_tcpv4_prot, prot); - } - mutex_unlock(&tcpv4_prot_mutex); + cache =3D tls_prot_find(prot, ip_ver); + if (cache) + return cache; + + proto =3D kzalloc_obj(*proto, GFP_KERNEL); + if (!proto) + return NULL; + + spin_lock_bh(&tls_prot_lock); + cache =3D tls_prot_find(prot, ip_ver); + if (cache) { + spin_unlock_bh(&tls_prot_lock); + kfree(proto); + return cache; } + + proto->ip_ver =3D ip_ver; + proto->prot =3D prot; + refcount_set(&proto->refcnt, 1); + build_protos(proto->prots, prot); + build_proto_ops(proto->proto_ops, + sk->sk_socket->ops); + list_add_rcu(&proto->list, &tls_prot_list); + spin_unlock_bh(&tls_prot_lock); + + return proto; } =20 static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG], @@ -1050,12 +1108,15 @@ static void build_protos(struct proto prot[TLS_NUM_= CONFIG][TLS_NUM_CONFIG], static int tls_init(struct sock *sk) { struct tls_context *ctx; + struct tls_prot *prot; int rc =3D 0; =20 - tls_build_proto(sk); + prot =3D tls_build_proto(sk); + if (!prot) + return -ENOMEM; =20 #ifdef CONFIG_TLS_TOE - if (tls_toe_bypass(sk)) + if (tls_toe_bypass(sk, prot)) return 0; #endif =20 @@ -1065,13 +1126,16 @@ static int tls_init(struct sock *sk) * to modify the accept implementation to clone rather then * share the ulp context. */ - if (sk->sk_state !=3D TCP_ESTABLISHED) + if (sk->sk_state !=3D TCP_ESTABLISHED) { + tls_prot_put(prot); return -ENOTCONN; + } =20 /* allocate tls context */ write_lock_bh(&sk->sk_callback_lock); - ctx =3D tls_ctx_create(sk); + ctx =3D tls_ctx_create(sk, prot); if (!ctx) { + tls_prot_put(prot); rc =3D -ENOMEM; goto out; } @@ -1268,6 +1332,7 @@ static int __init tls_register(void) static void __exit tls_unregister(void) { tcp_unregister_ulp(&tcp_tls_ulp_ops); + tls_prot_cleanup(); tls_strp_dev_exit(); tls_device_cleanup(); unregister_pernet_subsys(&tls_proc_ops); diff --git a/net/tls/tls_toe.c b/net/tls/tls_toe.c index c9c1a0952f4b..e92853c106da 100644 --- a/net/tls/tls_toe.c +++ b/net/tls/tls_toe.c @@ -56,7 +56,7 @@ static void tls_toe_sk_destruct(struct sock *sk) tls_ctx_free(sk, ctx); } =20 -int tls_toe_bypass(struct sock *sk) +int tls_toe_bypass(struct sock *sk, struct tls_prot *prot) { struct tls_toe_device *dev; struct tls_context *ctx; @@ -65,7 +65,7 @@ int tls_toe_bypass(struct sock *sk) spin_lock_bh(&device_spinlock); list_for_each_entry(dev, &device_list, dev_list) { if (dev->feature && dev->feature(dev)) { - ctx =3D tls_ctx_create(sk); + ctx =3D tls_ctx_create(sk, prot); if (!ctx) goto out; =20 --=20 2.53.0 From nobody Mon Jun 8 04:25:15 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 596B63126A0 for ; Fri, 5 Jun 2026 01:23:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622645; cv=none; b=hyQkLlQJyKDy8C684BneLC4J5wF0pF/jANTWZzg/wLitycdkOCb1IAA5x8VnnS1qNzGWSy11A6Vl1/xtItXKHIoHsBKzM/Nqkyi7rj8Gyg6ZMYCHznk6AoClnllSZWDLTeeg41sElcaDBiYBTeOXozoykOSa4hY5nLpUwmtPoro= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622645; c=relaxed/simple; bh=nayMZt+tz1D7gi4RgtSWLZ7a4sFE8hXAOJmcw3GJ+GM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=k7+VtMSrfjQsM7qQMw2DVN90KCUUeFc1WYfPwAfTuqdAgzmluz181u3EliwE45TMH0jLOs3Tv3R/fC2vDqnqRdlVWj+T6Vwgx1IWJ/1bIKp3nIh/f63JCH4CbcyGWghivFwIOGduy3Q4bxk1z+tC+2qmqZeWCHOIvKEjlvmNZqY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=impPr28j; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="impPr28j" Received: by smtp.kernel.org (Postfix) with ESMTPSA id E8E521F00898; Fri, 5 Jun 2026 01:23:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1780622638; bh=97yWqPVYaT4z6wJJoX1Kxm/WoVmY3maBRko7X6NlCQo=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=impPr28jCJHUnbcf5ptexg3+dVUmxYzOpSrAaDsKCAHyEF4iVQbtX+I2UwNLDfufb lZ6+qnw0abHKD8P0nM/HBloMNM6n02mIibAgcEFoTziUWy1t2F0D1Ifk45dlZp1XqN wNHXX1CIwUhl+KYRB1g+HRst2cj3+s5DxKTIUd+siDb+uy2SoTqx0Kv2BmMorurYTc 2VWsstZ3fR+3S+WN5KrF4CoJKORZ0PDAYONFHC7QMEXohQEdqHJ8HHlfSFQvDGKPuW 2UDMDPwDo9vp6mkoWrIRvfEquy5cFYunuhyho37pVlWGnnQjEmvXcV49edijYv/u/j qFYm1aBXk3a2A== From: Geliang Tang To: mptcp@lists.linux.dev, yangang@kylinos.cn, qiang.zhang@linux.dev Cc: Geliang Tang Subject: [RFC mptcp-next v24 04/18] tls: introduce tls protocol ops structure Date: Fri, 5 Jun 2026 09:22:44 +0800 Message-ID: <3b02df337efb3625381f4b2decd28f48ddd57152.1780621326.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang To extend MPTCP support based on TCP TLS, a tls_prot_ops structure has been introduced for TLS, encapsulating TCP-specific helpers within this structure. Add registering, validating and finding functions for this structure to add, validate and find a tls_prot_ops on the global list tls_prot_ops_list. Register TCP-specific structure tls_tcp_ops in tls_register(). Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- include/net/tls.h | 22 ++++++++++ net/tls/tls_main.c | 106 ++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 127 insertions(+), 1 deletion(-) diff --git a/include/net/tls.h b/include/net/tls.h index 758a5ee9b0a0..5a905065a77a 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -220,6 +220,28 @@ struct tls_prot_info { u16 tail_size; }; =20 +struct tls_prot_ops { + struct module *owner; + int protocol; + struct list_head list; + + int (*inq)(struct sock *sk); + int (*sendmsg_locked)(struct sock *sk, struct msghdr *msg, + size_t size); + struct sk_buff *(*recv_skb)(struct sock *sk, u32 *off); + bool (*lock_is_held)(struct sock *sk); + int (*read_sock)(struct sock *sk, read_descriptor_t *desc, + sk_read_actor_t recv_actor); + void (*read_done)(struct sock *sk, size_t len); + u32 (*get_skb_seq)(struct sk_buff *skb); + int (*skb_copy_bits)(const struct sk_buff *skb, int offset, + void *to, int len); + __poll_t (*poll)(struct file *file, struct socket *sock, + struct poll_table_struct *wait); + bool (*epollin_ready)(const struct sock *sk); + void (*check_app_limited)(struct sock *sk); +}; + struct tls_prot { struct rcu_head rcu; refcount_t refcnt; diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index 32ea08e1f317..6983820b22d7 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -120,6 +120,7 @@ CHECK_CIPHER_DESC(TLS_CIPHER_ARIA_GCM_128, tls12_crypto= _info_aria_gcm_128); CHECK_CIPHER_DESC(TLS_CIPHER_ARIA_GCM_256, tls12_crypto_info_aria_gcm_256); =20 static LIST_HEAD(tls_prot_list); +static LIST_HEAD(tls_prot_ops_list); static DEFINE_SPINLOCK(tls_prot_lock); static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG], const struct proto *base); @@ -161,6 +162,22 @@ static void tls_prot_cleanup(void) rcu_barrier(); } =20 +static struct tls_prot_ops *tls_prot_ops_find(int protocol) +{ + struct tls_prot_ops *ops, *ret =3D NULL; + + rcu_read_lock(); + list_for_each_entry_rcu(ops, &tls_prot_ops_list, list) { + if (ops->protocol =3D=3D protocol) { + ret =3D ops; + break; + } + } + rcu_read_unlock(); + + return ret; +} + void update_sk_prot(struct sock *sk, struct tls_context *ctx) { struct tls_prot *prot =3D ctx->prot; @@ -1303,6 +1320,86 @@ static struct tcp_ulp_ops tcp_tls_ulp_ops __read_mos= tly =3D { .get_info_size =3D tls_get_info_size, }; =20 +static int tls_validate_prot_ops(const struct tls_prot_ops *ops) +{ + if (!ops->inq || !ops->sendmsg_locked || + !ops->recv_skb || !ops->lock_is_held || + !ops->read_sock || !ops->read_done || + !ops->get_skb_seq || !ops->skb_copy_bits || + !ops->poll || !ops->epollin_ready || + !ops->check_app_limited) { + pr_err("%d does not implement required ops\n", ops->protocol); + return -EINVAL; + } + + return 0; +} + +static int tls_register_prot_ops(struct tls_prot_ops *ops) +{ + int ret; + + ret =3D tls_validate_prot_ops(ops); + if (ret) + return ret; + + spin_lock_bh(&tls_prot_lock); + if (tls_prot_ops_find(ops->protocol)) { + spin_unlock_bh(&tls_prot_lock); + return -EEXIST; + } + + list_add_tail_rcu(&ops->list, &tls_prot_ops_list); + spin_unlock_bh(&tls_prot_lock); + + pr_debug("tls_prot_ops %d registered\n", ops->protocol); + return 0; +} + +static void tls_unregister_prot_ops(struct tls_prot_ops *ops) +{ + spin_lock_bh(&tls_prot_lock); + list_del_rcu(&ops->list); + spin_unlock_bh(&tls_prot_lock); + synchronize_rcu(); +} + +static struct sk_buff *tls_tcp_recv_skb(struct sock *sk, u32 *off) +{ + return tcp_recv_skb(sk, tcp_sk(sk)->copied_seq, off); +} + +static bool tls_tcp_lock_is_held(struct sock *sk) +{ + return sock_owned_by_user_nocheck(sk); +} + +static u32 tls_tcp_get_skb_seq(struct sk_buff *skb) +{ + return TCP_SKB_CB(skb)->seq; +} + +static bool tls_tcp_epollin_ready(const struct sock *sk) +{ + return tcp_epollin_ready(sk, INT_MAX); +} + +static struct tls_prot_ops tls_tcp_ops =3D { + .owner =3D THIS_MODULE, + .protocol =3D IPPROTO_TCP, + .inq =3D tcp_inq, + .sendmsg_locked =3D tcp_sendmsg_locked, + .recv_skb =3D tls_tcp_recv_skb, + .lock_is_held =3D tls_tcp_lock_is_held, + .read_sock =3D tcp_read_sock, + .read_done =3D tcp_read_done, + .get_skb_seq =3D tls_tcp_get_skb_seq, + .skb_copy_bits =3D skb_copy_bits, + .poll =3D tcp_poll, + .epollin_ready =3D tls_tcp_epollin_ready, + .check_app_limited =3D tcp_rate_check_app_limited, +}; + static int __init tls_register(void) { int err; @@ -1315,13 +1412,19 @@ static int __init tls_register(void) if (err) goto err_pernet; =20 - err =3D tls_device_init(); + err =3D tls_register_prot_ops(&tls_tcp_ops); if (err) goto err_strp; =20 + err =3D tls_device_init(); + if (err) + goto err_ops; + tcp_register_ulp(&tcp_tls_ulp_ops); =20 return 0; +err_ops: + tls_unregister_prot_ops(&tls_tcp_ops); err_strp: tls_strp_dev_exit(); err_pernet: @@ -1332,6 +1435,7 @@ static int __init tls_register(void) static void __exit tls_unregister(void) { tcp_unregister_ulp(&tcp_tls_ulp_ops); + tls_unregister_prot_ops(&tls_tcp_ops); tls_prot_cleanup(); tls_strp_dev_exit(); tls_device_cleanup(); --=20 2.53.0 From nobody Mon Jun 8 04:25:15 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DA276382390 for ; Fri, 5 Jun 2026 01:24:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622647; cv=none; b=WT1Y9sulLmGuls67oOr2kfHhAt+v6ZTDNLACOb3UZ3Dl0/nnnInDpsfWt78qcT9oSHnaRRLZWZuPAIp35DFeIzTn6c5AUqhqb2Aee40KiJWCULPbZENql/Fqu11sEIerYMpIzkztqfj2tcif0mxkxkNhzhKiZdspvJAwjSQi33U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622647; c=relaxed/simple; bh=iTjr1YvwdPAQZ3srY59dYyDwoU+CAaj4OCmkFOo01qU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ETr1o6mYljDBJwyO1fuOXSmlVCat+YfAd/tGa4qsKVJ2gIMkB0PPqaL6FqlyYhXiSNib1j5674KuK3XHfxI5tI59mNA0adaYZf1vrl/fC1RPtHvYOVT/aJMEdmjIKZ0po5XNqfjT5tTM23fs1gQ9GN0pXCgaj8j4Zhk7oJ59va4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=De6tsDHN; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="De6tsDHN" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4C41D1F00893; Fri, 5 Jun 2026 01:23:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1780622641; bh=mzI5vWVfW2vznxFt+VbCaPVGNkkAniaXSNGqT3iP190=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=De6tsDHNNSeqpoWJnLbU1apppH4p+AqUkuh0GHA8yY1d4NHAhQFsXSgPlPD9/mWJZ yuRDigxPmXo4PsYHaApLDHTY0Lq1exxC/WTsU9k2Oev3vWmib5SoFAWz2io9tZwM77 0MXRUq7QeBGnNvqULTdKUSP4Nl1yt0ZHAMEs3GTr3SrBAeh5GDzYba4PvAobwAhcfL XvvlpbhV1WQr3kRbKsehbjlLk5LQ/DxgcYJ1/I42kyLlSnY7iqzfmXfzrh7M+h3Ukx RgyNRhkfVdGo3URxViz9TqmlC8sCsBYJQPxgjA7EzISkayVraId08PlxqMw1vNNhsd 3do1UqdRRhNFQ== From: Geliang Tang To: mptcp@lists.linux.dev, yangang@kylinos.cn, qiang.zhang@linux.dev Cc: Geliang Tang Subject: [RFC mptcp-next v24 05/18] tls: store protocol ops pointer in tls_proto Date: Fri, 5 Jun 2026 09:22:45 +0800 Message-ID: <9f65c6bf95a29b3d9dca0ddad3023cf76322911a.1780621326.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang A pointer to struct tls_prot_ops, named 'ops', has been added to struct tls_prot. The places originally calling TLS-specific helpers have now been modified to indirectly invoke them via 'ops' pointer in tls_prot. In tls_build_proto(), prot->ops is assigned either 'tls_mptcp_ops' or 'tls_tcp_ops' based on the socket protocol. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- include/net/tls.h | 1 + net/tls/tls_main.c | 35 ++++++++++++++++++++++++--- net/tls/tls_strp.c | 59 +++++++++++++++++++++++++++++----------------- net/tls/tls_sw.c | 30 +++++++++++++---------- 4 files changed, 88 insertions(+), 37 deletions(-) diff --git a/include/net/tls.h b/include/net/tls.h index 5a905065a77a..11d567c85950 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -248,6 +248,7 @@ struct tls_prot { struct list_head list; int ip_ver; const struct proto *prot; + const struct tls_prot_ops *ops; struct proto prots[TLS_NUM_CONFIG][TLS_NUM_CONFIG]; struct proto_ops proto_ops[TLS_NUM_CONFIG][TLS_NUM_CONFIG]; }; diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index 6983820b22d7..f7525109a393 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -156,6 +156,7 @@ static void tls_prot_cleanup(void) spin_lock_bh(&tls_prot_lock); list_for_each_entry_safe(prot, tmp, &tls_prot_list, list) { list_del_rcu(&prot->list); + module_put(prot->ops->owner); call_rcu(&prot->rcu, tls_prot_free); } spin_unlock_bh(&tls_prot_lock); @@ -241,13 +242,13 @@ int tls_push_sg(struct sock *sk, ctx->splicing_pages =3D true; while (1) { /* is sending application-limited? */ - tcp_rate_check_app_limited(sk); + ctx->prot->ops->check_app_limited(sk); p =3D sg_page(sg); retry: bvec_set_page(&bvec, p, size, offset); iov_iter_bvec(&msg.msg_iter, ITER_SOURCE, &bvec, 1, size); =20 - ret =3D tcp_sendmsg_locked(sk, &msg, size); + ret =3D ctx->prot->ops->sendmsg_locked(sk, &msg, size); =20 if (ret !=3D size) { if (ret > 0) { @@ -373,6 +374,7 @@ static void tls_prot_put(struct tls_prot *prot) spin_lock_bh(&tls_prot_lock); list_del_rcu(&prot->list); spin_unlock_bh(&tls_prot_lock); + module_put(prot->ops->owner); call_rcu(&prot->rcu, tls_prot_free); } } @@ -466,6 +468,24 @@ static void tls_sk_proto_close(struct sock *sk, long t= imeout) tls_ctx_free(sk, ctx); } =20 +static __poll_t tls_prot_poll(struct file *file, struct socket *sock, + struct poll_table_struct *wait) +{ + struct tls_context *tls_ctx; + struct sock *sk =3D sock->sk; + + tls_ctx =3D tls_get_ctx(sk); + if (!tls_ctx) { + __poll_t mask =3D 0; + + if (sk->sk_protocol =3D=3D IPPROTO_TCP) + mask =3D tcp_poll(file, sock, wait); + return mask; + } + + return tls_ctx->prot->ops->poll(file, sock, wait); +} + static __poll_t tls_sk_poll(struct file *file, struct socket *sock, struct poll_table_struct *wait) { @@ -477,7 +497,7 @@ static __poll_t tls_sk_poll(struct file *file, struct s= ocket *sock, u8 shutdown; int state; =20 - mask =3D tcp_poll(file, sock, wait); + mask =3D tls_prot_poll(file, sock, wait); =20 state =3D inet_sk_state_load(sk); shutdown =3D READ_ONCE(sk->sk_shutdown); @@ -1045,6 +1065,7 @@ static struct tls_prot *tls_build_proto(struct sock *= sk) int ip_ver =3D sk->sk_family =3D=3D AF_INET6 ? TLSV6 : TLSV4; struct proto *prot =3D READ_ONCE(sk->sk_prot); struct tls_prot *proto, *cache; + struct tls_prot_ops *ops; =20 if (!sk->sk_socket) return NULL; @@ -1065,8 +1086,16 @@ static struct tls_prot *tls_build_proto(struct sock = *sk) return cache; } =20 + ops =3D tls_prot_ops_find(sk->sk_protocol); + if (!ops || !try_module_get(ops->owner)) { + spin_unlock_bh(&tls_prot_lock); + kfree(proto); + return NULL; + } + proto->ip_ver =3D ip_ver; proto->prot =3D prot; + proto->ops =3D ops; refcount_set(&proto->refcnt, 1); build_protos(proto->prots, prot); build_proto_ops(proto->proto_ops, diff --git a/net/tls/tls_strp.c b/net/tls/tls_strp.c index c72e88317627..4622c7c062cc 100644 --- a/net/tls/tls_strp.c +++ b/net/tls/tls_strp.c @@ -42,6 +42,8 @@ static struct sk_buff * tls_strp_skb_copy(struct tls_strparser *strp, struct sk_buff *in_skb, int offset, int len) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); + const struct tls_prot_ops *ops =3D ctx->prot->ops; struct sk_buff *skb; int i, err; =20 @@ -53,9 +55,9 @@ tls_strp_skb_copy(struct tls_strparser *strp, struct sk_b= uff *in_skb, for (i =3D 0; i < skb_shinfo(skb)->nr_frags; i++) { skb_frag_t *frag =3D &skb_shinfo(skb)->frags[i]; =20 - WARN_ON_ONCE(skb_copy_bits(in_skb, offset, - skb_frag_address(frag), - skb_frag_size(frag))); + WARN_ON_ONCE(ops->skb_copy_bits(in_skb, offset, + skb_frag_address(frag), + skb_frag_size(frag))); offset +=3D skb_frag_size(frag); } =20 @@ -120,6 +122,7 @@ struct sk_buff *tls_strp_msg_detach(struct tls_sw_conte= xt_rx *ctx) int tls_strp_msg_cow(struct tls_sw_context_rx *ctx) { struct tls_strparser *strp =3D &ctx->strp; + struct tls_context *tls_ctx =3D tls_get_ctx(strp->sk); struct sk_buff *skb; =20 if (strp->copy_mode) @@ -132,7 +135,7 @@ int tls_strp_msg_cow(struct tls_sw_context_rx *ctx) tls_strp_anchor_free(strp); strp->anchor =3D skb; =20 - tcp_read_done(strp->sk, strp->stm.full_len); + tls_ctx->prot->ops->read_done(strp->sk, strp->stm.full_len); strp->copy_mode =3D 1; =20 return 0; @@ -211,6 +214,8 @@ static int tls_strp_copyin_frag(struct tls_strparser *s= trp, struct sk_buff *skb, struct sk_buff *in_skb, unsigned int offset, size_t in_len) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); + const struct tls_prot_ops *ops =3D ctx->prot->ops; unsigned int nfrag =3D skb->len / PAGE_SIZE; size_t len, chunk; skb_frag_t *frag; @@ -228,10 +233,10 @@ static int tls_strp_copyin_frag(struct tls_strparser = *strp, struct sk_buff *skb, if (!strp->stm.full_len) { /* Assume one page is more than enough for headers */ chunk =3D min_t(size_t, len, PAGE_SIZE - skb_frag_size(frag)); - WARN_ON_ONCE(skb_copy_bits(in_skb, offset, - skb_frag_address(frag) + - skb_frag_size(frag), - chunk)); + WARN_ON_ONCE(ops->skb_copy_bits(in_skb, offset, + skb_frag_address(frag) + + skb_frag_size(frag), + chunk)); =20 skb->len +=3D chunk; skb->data_len +=3D chunk; @@ -266,10 +271,10 @@ static int tls_strp_copyin_frag(struct tls_strparser = *strp, struct sk_buff *skb, while (len && strp->stm.full_len > skb->len) { chunk =3D min_t(size_t, len, strp->stm.full_len - skb->len); chunk =3D min_t(size_t, chunk, PAGE_SIZE - skb_frag_size(frag)); - WARN_ON_ONCE(skb_copy_bits(in_skb, offset, - skb_frag_address(frag) + - skb_frag_size(frag), - chunk)); + WARN_ON_ONCE(ops->skb_copy_bits(in_skb, offset, + skb_frag_address(frag) + + skb_frag_size(frag), + chunk)); =20 skb->len +=3D chunk; skb->data_len +=3D chunk; @@ -376,6 +381,7 @@ static int tls_strp_copyin(read_descriptor_t *desc, str= uct sk_buff *in_skb, =20 static int tls_strp_read_copyin(struct tls_strparser *strp) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); read_descriptor_t desc; =20 desc.arg.data =3D strp; @@ -383,13 +389,14 @@ static int tls_strp_read_copyin(struct tls_strparser = *strp) desc.count =3D 1; /* give more than one skb per call */ =20 /* sk should be locked here, so okay to do read_sock */ - tcp_read_sock(strp->sk, &desc, tls_strp_copyin); + ctx->prot->ops->read_sock(strp->sk, &desc, tls_strp_copyin); =20 return desc.error; } =20 static int tls_strp_read_copy(struct tls_strparser *strp, bool qshort) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); struct skb_shared_info *shinfo; struct page *page; int need_spc, len; @@ -398,7 +405,7 @@ static int tls_strp_read_copy(struct tls_strparser *str= p, bool qshort) * to read the data out. Otherwise the connection will stall. * Without pressure threshold of INT_MAX will never be ready. */ - if (likely(qshort && !tcp_epollin_ready(strp->sk, INT_MAX))) + if (likely(qshort && !ctx->prot->ops->epollin_ready(strp->sk))) return 0; =20 shinfo =3D skb_shinfo(strp->anchor); @@ -434,12 +441,13 @@ static int tls_strp_read_copy(struct tls_strparser *s= trp, bool qshort) static bool tls_strp_check_queue_ok(struct tls_strparser *strp) { unsigned int len =3D strp->stm.offset + strp->stm.full_len; + struct tls_context *ctx =3D tls_get_ctx(strp->sk); struct sk_buff *first, *skb; u32 seq; =20 first =3D skb_shinfo(strp->anchor)->frag_list; skb =3D first; - seq =3D TCP_SKB_CB(first)->seq; + seq =3D ctx->prot->ops->get_skb_seq(first); =20 /* Make sure there's no duplicate data in the queue, * and the decrypted status matches. @@ -449,7 +457,7 @@ static bool tls_strp_check_queue_ok(struct tls_strparse= r *strp) len -=3D skb->len; skb =3D skb->next; =20 - if (TCP_SKB_CB(skb)->seq !=3D seq) + if (ctx->prot->ops->get_skb_seq(skb) !=3D seq) return false; if (skb_cmp_decrypted(first, skb)) return false; @@ -460,11 +468,11 @@ static bool tls_strp_check_queue_ok(struct tls_strpar= ser *strp) =20 static void tls_strp_load_anchor_with_queue(struct tls_strparser *strp, in= t len) { - struct tcp_sock *tp =3D tcp_sk(strp->sk); + struct tls_context *ctx =3D tls_get_ctx(strp->sk); struct sk_buff *first; u32 offset; =20 - first =3D tcp_recv_skb(strp->sk, tp->copied_seq, &offset); + first =3D ctx->prot->ops->recv_skb(strp->sk, &offset); if (WARN_ON_ONCE(!first)) return; =20 @@ -483,6 +491,7 @@ static void tls_strp_load_anchor_with_queue(struct tls_= strparser *strp, int len) =20 bool tls_strp_msg_load(struct tls_strparser *strp, bool force_refresh) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); struct strp_msg *rxm; struct tls_msg *tlm; =20 @@ -490,7 +499,8 @@ bool tls_strp_msg_load(struct tls_strparser *strp, bool= force_refresh) DEBUG_NET_WARN_ON_ONCE(!strp->stm.full_len); =20 if (!strp->copy_mode && force_refresh) { - if (unlikely(tcp_inq(strp->sk) < strp->stm.full_len)) { + if (unlikely(ctx->prot->ops->inq(strp->sk) < + strp->stm.full_len)) { WRITE_ONCE(strp->msg_ready, 0); memset(&strp->stm, 0, sizeof(strp->stm)); return false; @@ -511,9 +521,10 @@ bool tls_strp_msg_load(struct tls_strparser *strp, boo= l force_refresh) /* Called with lock held on lower socket */ static int tls_strp_read_sock(struct tls_strparser *strp) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); int sz, inq; =20 - inq =3D tcp_inq(strp->sk); + inq =3D ctx->prot->ops->inq(strp->sk); if (inq < 1) return 0; =20 @@ -556,6 +567,8 @@ void tls_strp_check_rcv(struct tls_strparser *strp) /* Lower sock lock held */ void tls_strp_data_ready(struct tls_strparser *strp) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); + /* This check is needed to synchronize with do_tls_strp_work. * do_tls_strp_work acquires a process lock (lock_sock) whereas * the lock held here is bh_lock_sock. The two locks can be @@ -563,7 +576,7 @@ void tls_strp_data_ready(struct tls_strparser *strp) * allows a thread in BH context to safely check if the process * lock is held. In this case, if the lock is held, queue work. */ - if (sock_owned_by_user_nocheck(strp->sk)) { + if (ctx->prot->ops->lock_is_held(strp->sk)) { queue_work(tls_strp_wq, &strp->work); return; } @@ -583,10 +596,12 @@ static void tls_strp_work(struct work_struct *w) =20 void tls_strp_msg_done(struct tls_strparser *strp) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); + WARN_ON(!strp->stm.full_len); =20 if (likely(!strp->copy_mode)) - tcp_read_done(strp->sk, strp->stm.full_len); + ctx->prot->ops->read_done(strp->sk, strp->stm.full_len); else tls_strp_flush_anchor_copy(strp); =20 diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 964ebc268ee4..01d831bafd6b 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -154,9 +154,11 @@ static int skb_nsg(struct sk_buff *skb, int offset, in= t len) return __skb_nsg(skb, offset, len, 0); } =20 -static int tls_padding_length(struct tls_prot_info *prot, struct sk_buff *= skb, +static int tls_padding_length(struct tls_context *tls_ctx, struct sk_buff = *skb, struct tls_decrypt_arg *darg) { + const struct tls_prot_ops *ops =3D tls_ctx->prot->ops; + struct tls_prot_info *prot =3D &tls_ctx->prot_info; struct strp_msg *rxm =3D strp_msg(skb); struct tls_msg *tlm =3D tls_msg(skb); int sub =3D 0; @@ -170,8 +172,8 @@ static int tls_padding_length(struct tls_prot_info *pro= t, struct sk_buff *skb, while (content_type =3D=3D 0) { if (offset < prot->prepend_size) return -EBADMSG; - err =3D skb_copy_bits(skb, rxm->offset + offset, - &content_type, 1); + err =3D ops->skb_copy_bits(skb, rxm->offset + offset, + &content_type, 1); if (err) return err; if (content_type) @@ -1539,6 +1541,7 @@ static int tls_decrypt_sg(struct sock *sk, struct iov= _iter *out_iov, { struct tls_context *tls_ctx =3D tls_get_ctx(sk); struct tls_sw_context_rx *ctx =3D tls_sw_ctx_rx(tls_ctx); + const struct tls_prot_ops *ops =3D tls_ctx->prot->ops; struct tls_prot_info *prot =3D &tls_ctx->prot_info; int n_sgin, n_sgout, aead_size, err, pages =3D 0; struct sk_buff *skb =3D tls_strp_msg(ctx); @@ -1618,9 +1621,9 @@ static int tls_decrypt_sg(struct sock *sk, struct iov= _iter *out_iov, memcpy(&dctx->iv[iv_offset], tls_ctx->rx.iv, prot->iv_size + prot->salt_size); } else { - err =3D skb_copy_bits(skb, rxm->offset + TLS_HEADER_SIZE, - &dctx->iv[iv_offset] + prot->salt_size, - prot->iv_size); + err =3D ops->skb_copy_bits(skb, rxm->offset + TLS_HEADER_SIZE, + &dctx->iv[iv_offset] + prot->salt_size, + prot->iv_size); if (err < 0) goto exit_free; memcpy(&dctx->iv[iv_offset], tls_ctx->rx.iv, prot->salt_size); @@ -1734,7 +1737,7 @@ tls_decrypt_sw(struct sock *sk, struct tls_context *t= ls_ctx, return tls_decrypt_sw(sk, tls_ctx, msg, darg); } =20 - pad =3D tls_padding_length(prot, darg->skb, darg); + pad =3D tls_padding_length(tls_ctx, darg->skb, darg); if (pad < 0) { if (darg->skb !=3D tls_strp_msg(ctx)) consume_skb(darg->skb); @@ -1763,7 +1766,7 @@ tls_decrypt_device(struct sock *sk, struct msghdr *ms= g, if (err <=3D 0) return err; =20 - pad =3D tls_padding_length(prot, tls_strp_msg(ctx), darg); + pad =3D tls_padding_length(tls_ctx, tls_strp_msg(ctx), darg); if (pad < 0) return pad; =20 @@ -1811,7 +1814,7 @@ static int tls_check_pending_rekey(struct sock *sk, s= truct tls_context *ctx, if (rxm->full_len < 1) return 0; =20 - err =3D skb_copy_bits(skb, rxm->offset, &hs_type, 1); + err =3D ctx->prot->ops->skb_copy_bits(skb, rxm->offset, &hs_type, 1); if (err < 0) { DEBUG_NET_WARN_ON_ONCE(1); return err; @@ -1987,7 +1990,8 @@ tls_read_flush_backlog(struct sock *sk, struct tls_pr= ot_info *prot, return false; =20 max_rec =3D prot->overhead_size - prot->tail_size + TLS_MAX_PAYLOAD_SIZE; - if (done - *flushed_at < SZ_128K && tcp_inq(sk) > max_rec) + if (done - *flushed_at < SZ_128K && + tls_get_ctx(sk)->prot->ops->inq(sk) > max_rec) return false; =20 *flushed_at =3D done; @@ -2485,7 +2489,8 @@ int tls_rx_msg_size(struct tls_strparser *strp, struc= t sk_buff *skb) } =20 /* Linearize header to local buffer */ - ret =3D skb_copy_bits(skb, strp->stm.offset, header, prot->prepend_size); + ret =3D tls_ctx->prot->ops->skb_copy_bits(skb, strp->stm.offset, header, + prot->prepend_size); if (ret < 0) goto read_failure; =20 @@ -2516,7 +2521,8 @@ int tls_rx_msg_size(struct tls_strparser *strp, struc= t sk_buff *skb) } =20 tls_device_rx_resync_new_rec(strp->sk, data_len + TLS_HEADER_SIZE, - TCP_SKB_CB(skb)->seq + strp->stm.offset); + tls_ctx->prot->ops->get_skb_seq(skb) + + strp->stm.offset); return data_len + TLS_HEADER_SIZE; =20 read_failure: --=20 2.53.0 From nobody Mon Jun 8 04:25:15 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5735736493F for ; Fri, 5 Jun 2026 01:24:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622651; cv=none; b=q5Gf5wG7Yy4c4/M7Pa1wOn7irZovqQBNUuiNBVQDmrYxg3nlH0IBlR2pnbmfigEatqcEflr1/RCGbHtRBiXSpjbQCoyoa4m46kc0qN3F8m+cZz0l1M+am80NbdwXkRAlyYg196qmqMTEOt1I2G6leJjOxMeZJr/231rMQhqRffs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622651; c=relaxed/simple; bh=p9veBbOJQy4963l2PiVIz75Kg4JgzBbJd/gYc44CPVI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=KqVMrfr5TLDCPdgH9Yoxrm6EngLQ1xmS2D8d6nGiQcJXDqdeu6kC27S0M+WoAyXqoDFbol/JOx5C4EIP+i5LWDRBjPPlQseppK/dRHXra+1Qwwpa5txwVkdEFBlG5rm9tBxTC+9k7n33tsRwgDJO+cZdsMvbWX5dkAjQSkL9wtQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=NgYglSjJ; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="NgYglSjJ" Received: by smtp.kernel.org (Postfix) with ESMTPSA id D43961F00899; Fri, 5 Jun 2026 01:24:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1780622644; bh=5BfO/jVifGk1X59+x2TQaeBLcKaAY51Bm3vaZLte1fI=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=NgYglSjJcJMRKorqVdhYDmGJU59wnYTRV0H1dTpYEDPEZAN0CNPloddtvcQ6Uubjo VXyY9I9v0Q/iuzZ6huM4s/I6OhI8UO4dp88V9Fw9pRF5Cfx6thz9px8Z7jaTt3uTQJ /WOGrZF6azNnVx+SFjRwDMDdNLwEOH/xDKrXFutO3jOY8eyTjo5pMRH20K1OZek4Wh ICYcP6D9j51KTMChQobdATg39NMqUkVtRnuigglL+pUXK1R25AxNluTdpmBzx3KYZq K/yEx0fDkjPOlF7EOS9beVDDX3b/SVSBagym+VVb6fQx4gg1dYc4j5ajor1LD60XfT WzOoJM/ZmJNyw== From: Geliang Tang To: mptcp@lists.linux.dev, yangang@kylinos.cn, qiang.zhang@linux.dev Cc: Geliang Tang Subject: [RFC mptcp-next v24 06/18] mptcp: implement mptcp-specific tls protocol ops Date: Fri, 5 Jun 2026 09:22:46 +0800 Message-ID: <52d70ea6e8bf48650ab2f2f527d6221f5f83c4d2.1780621326.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang This patch implements the MPTCP-specific struct tls_prot_ops, named 'tls_mptcp_ops'. Passing an MPTCP socket to tcp_sock_rate_check_app_limited() can trigger a crash. Here, an MPTCP version of check_app_limited() is implemented, which calls tcp_sock_rate_check_app_limited() for each subflow. When MPTCP implements lock_is_held interface, it not only checks sock_owned_by_user_nocheck(sk) as TCP does, but also needs to check whether the MPTCP data lock is held. This is required because TLS may call lock_is_held from softirq context with bh_lock_sock held. Checking both conditions ensures TLS always defers to workqueue when the MPTCP data lock is held, avoiding deadlock. Implement mptcp_skb_copy_bits() to handle fragmented MPTCP skbs when copying TLS record headers. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- include/net/mptcp.h | 11 +++ include/net/tcp.h | 1 + net/ipv4/tcp.c | 9 ++- net/mptcp/protocol.c | 165 +++++++++++++++++++++++++++++++++++++++++-- net/mptcp/protocol.h | 1 + net/tls/tls_main.c | 17 +++++ 6 files changed, 196 insertions(+), 8 deletions(-) diff --git a/include/net/mptcp.h b/include/net/mptcp.h index 333bde2a0b76..b0a172c38891 100644 --- a/include/net/mptcp.h +++ b/include/net/mptcp.h @@ -132,6 +132,8 @@ struct mptcp_pm_ops { void (*release)(struct mptcp_sock *msk); } ____cacheline_aligned_in_smp; =20 +extern struct tls_prot_ops tls_mptcp_ops; + #ifdef CONFIG_MPTCP void mptcp_init(void); =20 @@ -237,6 +239,9 @@ static inline __be32 mptcp_reset_option(const struct sk= _buff *skb) } =20 void mptcp_active_detect_blackhole(struct sock *sk, bool expired); + +__poll_t mptcp_poll(struct file *file, struct socket *sock, + struct poll_table_struct *wait); #else =20 static inline void mptcp_init(void) @@ -314,6 +319,12 @@ static inline struct request_sock *mptcp_subflow_reqsk= _alloc(const struct reques static inline __be32 mptcp_reset_option(const struct sk_buff *skb) { retu= rn htonl(0u); } =20 static inline void mptcp_active_detect_blackhole(struct sock *sk, bool exp= ired) { } + +static inline __poll_t mptcp_poll(struct file *file, struct socket *sock, + struct poll_table_struct *wait) +{ + return 0; +} #endif /* CONFIG_MPTCP */ =20 #if IS_ENABLED(CONFIG_MPTCP_IPV6) diff --git a/include/net/tcp.h b/include/net/tcp.h index f063eccbbba3..1c8201f69ef1 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -849,6 +849,7 @@ static inline int tcp_bound_to_half_wnd(struct tcp_sock= *tp, int pktsize) =20 /* tcp.c */ void tcp_get_info(struct sock *, struct tcp_info *); +void tcp_sock_rate_check_app_limited(struct tcp_sock *tp); void tcp_rate_check_app_limited(struct sock *sk); =20 /* Read 'sendfile()'-style from a TCP socket */ diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index a058f350a759..bdad459e6605 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -1097,9 +1097,9 @@ int tcp_sendmsg_fastopen(struct sock *sk, struct msgh= dr *msg, int *copied, } =20 /* If a gap is detected between sends, mark the socket application-limited= . */ -void tcp_rate_check_app_limited(struct sock *sk) +void tcp_sock_rate_check_app_limited(struct tcp_sock *tp) { - struct tcp_sock *tp =3D tcp_sk(sk); + struct sock *sk =3D (struct sock *)tp; =20 if (/* We have less than one packet to send. */ tp->write_seq - tp->snd_nxt < tp->mss_cache && @@ -1112,6 +1112,11 @@ void tcp_rate_check_app_limited(struct sock *sk) tp->app_limited =3D (tp->delivered + tcp_packets_in_flight(tp)) ? : 1; } + +void tcp_rate_check_app_limited(struct sock *sk) +{ + tcp_sock_rate_check_app_limited(tcp_sk(sk)); +} EXPORT_SYMBOL_GPL(tcp_rate_check_app_limited); =20 int tcp_sendmsg_locked(struct sock *sk, struct msghdr *msg, size_t size) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index a4f7e99b30db..f09faf3056b6 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -24,6 +24,7 @@ #include #include #include +#include #include #include "protocol.h" #include "mib.h" @@ -1967,7 +1968,7 @@ static void mptcp_rps_record_subflows(const struct mp= tcp_sock *msk) } } =20 -static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) +static int mptcp_sendmsg_locked(struct sock *sk, struct msghdr *msg, size_= t len) { struct mptcp_sock *msk =3D mptcp_sk(sk); struct page_frag *pfrag; @@ -1979,8 +1980,6 @@ static int mptcp_sendmsg(struct sock *sk, struct msgh= dr *msg, size_t len) msg->msg_flags &=3D MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL | MSG_FASTOPEN | MSG_EOR; =20 - lock_sock(sk); - mptcp_rps_record_subflows(msk); =20 if (unlikely(inet_test_bit(DEFER_CONNECT, sk) || @@ -2096,7 +2095,6 @@ static int mptcp_sendmsg(struct sock *sk, struct msgh= dr *msg, size_t len) } =20 out: - release_sock(sk); return copied; =20 do_error: @@ -2107,6 +2105,17 @@ static int mptcp_sendmsg(struct sock *sk, struct msg= hdr *msg, size_t len) goto out; } =20 +static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) +{ + int ret; + + lock_sock(sk); + ret =3D mptcp_sendmsg_locked(sk, msg, len); + release_sock(sk); + + return ret; +} + static void mptcp_rcv_space_adjust(struct mptcp_sock *msk, int copied); =20 static void mptcp_eat_recv_skb(struct sock *sk, struct sk_buff *skb) @@ -4437,8 +4446,8 @@ static __poll_t mptcp_check_writeable(struct mptcp_so= ck *msk) return 0; } =20 -static __poll_t mptcp_poll(struct file *file, struct socket *sock, - struct poll_table_struct *wait) +__poll_t mptcp_poll(struct file *file, struct socket *sock, + struct poll_table_struct *wait) { struct sock *sk =3D sock->sk; struct mptcp_sock *msk; @@ -4485,6 +4494,7 @@ static __poll_t mptcp_poll(struct file *file, struct = socket *sock, =20 return mask; } +EXPORT_SYMBOL_GPL(mptcp_poll); =20 static struct sk_buff *mptcp_recv_skb(struct sock *sk, u32 *off) { @@ -4850,3 +4860,146 @@ int __init mptcp_proto_v6_init(void) return err; } #endif + +static int mptcp_inq(struct sock *sk) +{ + const struct mptcp_sock *msk =3D mptcp_sk(sk); + const struct sk_buff *skb; + + if ((1 << sk->sk_state) & (TCPF_SYN_SENT | TCPF_SYN_RECV)) + return 0; + + skb =3D skb_peek(&sk->sk_receive_queue); + if (skb) { + u64 answ =3D READ_ONCE(msk->ack_seq) - MPTCP_SKB_CB(skb)->map_seq; + + if (answ >=3D INT_MAX) + answ =3D INT_MAX; + + /* Subtract 1, if FIN was received */ + if (answ && + (sk->sk_state =3D=3D TCP_CLOSE || + (sk->sk_shutdown & RCV_SHUTDOWN))) + answ--; + + return (int)answ; + } + + return 0; +} + +static bool mptcp_lock_is_held(struct sock *sk) +{ + return sock_owned_by_user_nocheck(sk) || + mptcp_data_is_locked(sk); +} + +static void mptcp_read_done(struct sock *sk, size_t len) +{ + struct mptcp_sock *msk =3D mptcp_sk(sk); + struct sk_buff *skb; + size_t left; + u32 offset; + + msk_owned_by_me(msk); + + if (sk->sk_state =3D=3D TCP_LISTEN) + return; + + left =3D len; + while (left && (skb =3D mptcp_recv_skb(sk, &offset)) !=3D NULL) { + int used; + + used =3D min_t(size_t, skb->len - offset, left); + msk->bytes_consumed +=3D used; + MPTCP_SKB_CB(skb)->offset +=3D used; + MPTCP_SKB_CB(skb)->map_seq +=3D used; + left -=3D used; + + if (skb->len > offset + used) + break; + + mptcp_eat_recv_skb(sk, skb); + } + + mptcp_rcv_space_adjust(msk, len - left); + + /* Clean up data we have read: This will do ACK frames. */ + if (left !=3D len) + mptcp_cleanup_rbuf(msk, len - left); +} + +static u32 mptcp_get_skb_seq(struct sk_buff *skb) +{ + return MPTCP_SKB_CB(skb)->map_seq - MPTCP_SKB_CB(skb)->offset; +} + +static int mptcp_skb_copy_bits(const struct sk_buff *skb, int off, + void *buf, int len) +{ + const struct sk_buff *iter =3D skb_shinfo(skb)->frag_list; + int copied =3D 0; + int ret =3D 0; + + if (!iter) + return skb_copy_bits(skb, off, buf, len); + + /* Make absolute to positive */ + off -=3D MPTCP_SKB_CB(iter)->offset; + + while (iter && copied < len) { + int skb_off =3D MPTCP_SKB_CB(iter)->offset; + int data_len =3D iter->len - skb_off; + int count; + + if (off >=3D data_len) { + off -=3D data_len; /* MPTCP skb avail data */ + iter =3D iter->next; + continue; + } + + count =3D min((int)(data_len - off), len - copied); + ret =3D skb_copy_bits(iter, skb_off + off, buf + copied, count); + if (ret) + break; + copied +=3D count; + off =3D 0; + iter =3D iter->next; + } + + if (copied < len && !ret) + ret =3D -EFAULT; + return ret; +} + +static void mptcp_check_app_limited(struct sock *sk) +{ + struct mptcp_sock *msk =3D mptcp_sk(sk); + struct mptcp_subflow_context *subflow; + + mptcp_for_each_subflow(msk, subflow) { + struct sock *ssk =3D mptcp_subflow_tcp_sock(subflow); + bool slow; + + slow =3D lock_sock_fast(ssk); + tcp_sock_rate_check_app_limited(tcp_sk(ssk)); + unlock_sock_fast(ssk, slow); + } +} + +struct tls_prot_ops tls_mptcp_ops =3D { + .owner =3D THIS_MODULE, + .protocol =3D IPPROTO_MPTCP, + .inq =3D mptcp_inq, + .sendmsg_locked =3D mptcp_sendmsg_locked, + .recv_skb =3D mptcp_recv_skb, + .lock_is_held =3D mptcp_lock_is_held, + .read_sock =3D mptcp_read_sock, + .read_done =3D mptcp_read_done, + .get_skb_seq =3D mptcp_get_skb_seq, + .skb_copy_bits =3D mptcp_skb_copy_bits, + .poll =3D mptcp_poll, + .epollin_ready =3D mptcp_epollin_ready, + .check_app_limited =3D mptcp_check_app_limited, +}; +EXPORT_SYMBOL(tls_mptcp_ops); diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index da40c6f3705f..6dea626348d9 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -380,6 +380,7 @@ struct mptcp_sock { =20 #define mptcp_data_lock(sk) spin_lock_bh(&(sk)->sk_lock.slock) #define mptcp_data_unlock(sk) spin_unlock_bh(&(sk)->sk_lock.slock) +#define mptcp_data_is_locked(sk) spin_is_locked(&(sk)->sk_lock.slock) =20 #define mptcp_for_each_subflow(__msk, __subflow) \ list_for_each_entry(__subflow, &((__msk)->conn_list), node) diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index f7525109a393..5b15df184ca7 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -480,6 +480,10 @@ static __poll_t tls_prot_poll(struct file *file, struc= t socket *sock, =20 if (sk->sk_protocol =3D=3D IPPROTO_TCP) mask =3D tcp_poll(file, sock, wait); +#ifdef CONFIG_MPTCP + else if (sk->sk_protocol =3D=3D IPPROTO_MPTCP) + mask =3D mptcp_poll(file, sock, wait); +#endif return mask; } =20 @@ -1445,6 +1449,12 @@ static int __init tls_register(void) if (err) goto err_strp; =20 +#ifdef CONFIG_MPTCP + err =3D tls_register_prot_ops(&tls_mptcp_ops); + if (err) + goto err_tcp; +#endif + err =3D tls_device_init(); if (err) goto err_ops; @@ -1453,6 +1463,10 @@ static int __init tls_register(void) =20 return 0; err_ops: +#ifdef CONFIG_MPTCP + tls_unregister_prot_ops(&tls_mptcp_ops); +err_tcp: +#endif tls_unregister_prot_ops(&tls_tcp_ops); err_strp: tls_strp_dev_exit(); @@ -1464,6 +1478,9 @@ static int __init tls_register(void) static void __exit tls_unregister(void) { tcp_unregister_ulp(&tcp_tls_ulp_ops); +#ifdef CONFIG_MPTCP + tls_unregister_prot_ops(&tls_mptcp_ops); +#endif tls_unregister_prot_ops(&tls_tcp_ops); tls_prot_cleanup(); tls_strp_dev_exit(); --=20 2.53.0 From nobody Mon Jun 8 04:25:15 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 496CE329E6A for ; Fri, 5 Jun 2026 01:24:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622653; cv=none; b=aWRYtNRIGwelDL9/JC9GouiOpSb5y51K2s0MUhvXGjgPiOmAloR3ntUZbtz51GRoG/299Dfkg9GRROZBuV/wufHsTv6/gqqKrdZUgTehHMV/p6qO9dnpigUn7hMNErJww9ByTjLa8Pvo6N7k/H65b6yjzpa7NEC5IZpmZvkvRK8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622653; c=relaxed/simple; bh=hrtN9uQddVM0lcmO9wc2o6AU3IK9pMQ70Z6iH5TPITU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=pBesf9KrJEfxZDOrkHHiOnn8ieMbL/jbvtA0OJeyKjENM7SYqp2IMfilIww7AB8rAh68aHSIdzCEUER2V7zJkVCwIF42Z3anEaMFFYejhER1A2Oe5XwrsIKS108xPrKdxYChD3+NOcLogU9VXx70gST+RgU1soL1qi4Qbz/EXOo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=aSlPlyhw; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="aSlPlyhw" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 587BF1F0089E; Fri, 5 Jun 2026 01:24:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1780622648; bh=NkVnihIy31dIAYz2JOSqK3T3ETJqUTTxorUyuRboKN4=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=aSlPlyhwrZeUvX1W3CBQLqALRXJMeABQOti1woSLkiq8Ne9Ms03xkUJR1ET23sEQZ BdmU0uJg13ajOkHfGHuCbzI/3wVQlGrwYwYlGlKLA70gVQjhqDeI9rc0QXu7c+8nvg gEI3g1AFT/whQ/DFjiQEnGsUmibfKBlJPOr0tJ6aqq/MqIQ0CUA5Qf4qrbnMeFf2GW JHSXxmyH2dDvSieu1W497VxiVFSGeaIF33cuxPG7NmqNbMKwOXdJI/Weyl40TzrVXJ csiAWgViuJDVo4+2rRZs3edqRZ9nWFL/FT6Bd1UNaZfeGAx+Irsc9bg6FROHdOR/I+ 4zrjd4qDVLCGA== From: Geliang Tang To: mptcp@lists.linux.dev, yangang@kylinos.cn, qiang.zhang@linux.dev Cc: Geliang Tang Subject: [RFC mptcp-next v24 07/18] tls: disable device offload for mptcp sockets Date: Fri, 5 Jun 2026 09:22:47 +0800 Message-ID: <5ebe902b3f41226014c04539018da45afbf6e843.1780621326.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang MPTCP TLS hardware offload is not yet implemented. Return -EOPNOTSUPP when attempting to enable device offload on MPTCP sockets. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- net/tls/tls_device.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c index 741aef09bfd3..06f45edffb5f 100644 --- a/net/tls/tls_device.c +++ b/net/tls/tls_device.c @@ -1074,6 +1074,9 @@ int tls_set_device_offload(struct sock *sk) ctx =3D tls_get_ctx(sk); prot =3D &ctx->prot_info; =20 + if (sk->sk_protocol =3D=3D IPPROTO_MPTCP) + return -EOPNOTSUPP; + if (ctx->priv_ctx_tx) return -EEXIST; =20 @@ -1196,6 +1199,9 @@ int tls_set_device_offload_rx(struct sock *sk, struct= tls_context *ctx) struct net_device *netdev; int rc =3D 0; =20 + if (sk->sk_protocol =3D=3D IPPROTO_MPTCP) + return -EOPNOTSUPP; + if (ctx->crypto_recv.info.version !=3D TLS_1_2_VERSION) return -EOPNOTSUPP; =20 --=20 2.53.0 From nobody Mon Jun 8 04:25:15 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A9E4A3BE62B for ; Fri, 5 Jun 2026 01:24:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622658; cv=none; b=DgwQiibzk8m+Gzy/G7cpRJhGsmiVqNeMA/q+CY/9st/SjUjGjet9E6V3HI95AE1eu5zH1A3cMFFbsDZg5hDnlTvelDnu/vLXoizPakTbElDlISD4O/+WKqBrBIuVz88Cl+uNYj+h3uPs22ajatlQmKh8DvPy9qyJYToXcZQmuT4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622658; c=relaxed/simple; bh=P6O/OVi9vyvMfhgQ9Q0yeLoh2mdenLYE9tDkGkxyaM8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=u5CbgSWJyTt9NIGPClFMwSqiPwnnrub+yVJ+vdxQwYdaLdAi6BUEEf5Dwdsa3Rz+oaXf8NPYXVU+NrbTilqSp7ZLB0bba6/tJCmew4UBs8DQoVmXMTh2lktvAmdbHZBv3uU/cYlR0F88DQTkv1FMzmpajPBMF4FvEa6NxTuVXFo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=guq3sxSH; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="guq3sxSH" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 543731F00898; Fri, 5 Jun 2026 01:24:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1780622652; bh=Ny+jzGQ+QwgSl0CJ5DS0auqfHDiPzam/ihtOoeHNj8s=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=guq3sxSHEkfC1reLNMme/UKFLG2SL2dnRp7o37DdESfpsSWaoJwyfjxfIAXW5kCH+ xpBtEsxTW9QjsSZL303tCK4dVF+3Z3EYhA3fpUXTm/JVxz7ioh0IGEmY2j/zA/3KPt g5n8orRxXOCJF1KtWP561L6BwlFV2l1GBUtMW4YiOzYymrE8RBb4vpwLXySaAloouo 6jT/NbObNvt+PiuqR2k20yP5Gv6CantpAbMq5XOwdg+jTkIKturNhuKItc3GST0IPc DvP1tFi9g+0SqLw6SGotIZC21DBG/9j+EXJlBWwyDlzQE2yzjQqhmWVTMMEy3bnNj7 R7sVFSd9UqemA== From: Geliang Tang To: mptcp@lists.linux.dev, yangang@kylinos.cn, qiang.zhang@linux.dev Cc: Geliang Tang Subject: [RFC mptcp-next v24 08/18] mptcp: update mptcp_check_readable helper Date: Fri, 5 Jun 2026 09:22:48 +0800 Message-ID: <4b67c21f18961e944b79623ba54bbfff45e3e4a0.1780621326.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Gang Yan This patch makes mptcp_check_readable() aligned with TCP, and renames it to mptcp_stream_is_readable(). It will be used in the case of KTLS, because 'prot' will be modified, tls_sw_sock_is_readable() is expected to be called from prot->sock_is_readable(). Co-developed-by: Geliang Tang Signed-off-by: Geliang Tang Signed-off-by: Gang Yan --- net/mptcp/protocol.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index f09faf3056b6..55cc68c460b6 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3410,9 +3410,18 @@ void __mptcp_unaccepted_force_close(struct sock *sk) __mptcp_destroy_sock(sk); } =20 -static __poll_t mptcp_check_readable(struct sock *sk) +static bool mptcp_stream_is_readable(struct sock *sk) { - return mptcp_epollin_ready(sk) ? EPOLLIN | EPOLLRDNORM : 0; + bool ret; + + if (mptcp_epollin_ready(sk)) + return true; + + lock_sock(sk); + ret =3D sk_is_readable(sk); + release_sock(sk); + + return ret; } =20 static void mptcp_check_listen_stop(struct sock *sk) @@ -4476,7 +4485,8 @@ __poll_t mptcp_poll(struct file *file, struct socket = *sock, mask |=3D EPOLLIN | EPOLLRDNORM | EPOLLRDHUP; =20 if (state !=3D TCP_SYN_SENT && state !=3D TCP_SYN_RECV) { - mask |=3D mptcp_check_readable(sk); + if (mptcp_stream_is_readable(sk)) + mask |=3D EPOLLIN | EPOLLRDNORM; if (shutdown & SEND_SHUTDOWN) mask |=3D EPOLLOUT | EPOLLWRNORM; else --=20 2.53.0 From nobody Mon Jun 8 04:25:15 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 40D153BCD14 for ; Fri, 5 Jun 2026 01:24:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622663; cv=none; b=kQI8h/7I49S2POBvVDqt+Ul7BrIT0khjLEnWp3W8iidO3S3uWWiHwlByV85qIlaabl9GSyX1vkTV9LxpB1jLstVPpF7Tf6no2sYeyOf0wzzbuH2dIzEpM3SQ2ASFHhPonrzPDDQ3cnTj33dxPY4P2Xa29CXCRbmsswYXFM/ZYw4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622663; c=relaxed/simple; bh=EZRqF6eE9zEwYBVGPqqRDvTyGjmL25NcAp2roqLcPNo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=p3iecQaKrTVHdNcpsOr+16HEf1M2OqfxmYwK45d0yNXnopw1pC+ck0Ant3rpnbLRvTDicEc5fUhwbbqvnmB3mXowO0v0bbx4jslVHWo3jfh0wiDfyD6SekbwyWWcMVGXOQNY8tY28c7Ko8/53fLhZj/UWHaOWSidd9OmNIhmjz0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ezJG8XPk; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ezJG8XPk" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3FD871F0089A; Fri, 5 Jun 2026 01:24:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1780622656; bh=jw+BUPncgkSN+kg2iVhsourrdt2Sz8wQXostv6EkgbE=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=ezJG8XPkKjYZNyYIiRyEJA0MexWAc/D9f9JqPUpQzILnOoQoFwekFZzqIkT0a137l WqcjDrszuz7YP4ZoMBUh1JzFvtQ20kQNeG/95tMN2TG06g7tbUXktpVjBC74fxKgXN SpiiOMteJGPH88tRQtAxszIEv/zLBb/H3Mqk9JZEeNbtE1kkIVqWcVcZuObQkhRCfo kTXgvhI+91ok/5iDpejbz/3X3/siHuJq2uNbe5hNY1dg9B4QG84yLciA5k0HaHAZGJ 5+QUt/IJ9iPdybEzM2V8IIBwW+LJaIXATXyLqfLiQLxm0VPSTjY54lvvCI72PESyON rfE1IXbyNymuA== From: Geliang Tang To: mptcp@lists.linux.dev, yangang@kylinos.cn, qiang.zhang@linux.dev Cc: Geliang Tang Subject: [RFC mptcp-next v24 09/18] mptcp: implement ulp getsockopt for tls support Date: Fri, 5 Jun 2026 09:22:49 +0800 Message-ID: X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang Add mptcp_getsockopt_tcp_ulp() to handle TCP_ULP getsockopt on MPTCP sockets. The helper reads the user length once, checks for negative value, takes the socket lock, caps the length to TCP_ULP_NAME_MAX, and copies the ULP name (or sets the length to zero if no ULP is attached) to userspace. The lock ensures safe access to icsk->icsk_ulp_ops. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- net/mptcp/sockopt.c | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/net/mptcp/sockopt.c b/net/mptcp/sockopt.c index fcf6feb2a9eb..cc45491cd3b2 100644 --- a/net/mptcp/sockopt.c +++ b/net/mptcp/sockopt.c @@ -1408,6 +1408,39 @@ static int mptcp_put_int_option(struct mptcp_sock *m= sk, char __user *optval, return 0; } =20 +static int mptcp_getsockopt_tcp_ulp(struct sock *sk, + char __user *optval, + int __user *optlen) +{ + struct inet_connection_sock *icsk =3D inet_csk(sk); + int ret =3D 0, len; + + if (copy_from_sockptr(&len, USER_SOCKPTR(optlen), sizeof(int))) + return -EFAULT; + + if (len < 0) + return -EINVAL; + + lock_sock(sk); + len =3D min_t(unsigned int, len, TCP_ULP_NAME_MAX); + if (!icsk->icsk_ulp_ops) { + len =3D 0; + if (copy_to_sockptr(USER_SOCKPTR(optlen), &len, sizeof(int))) + ret =3D -EFAULT; + goto out; + } + if (copy_to_sockptr(USER_SOCKPTR(optlen), &len, sizeof(int))) { + ret =3D -EFAULT; + goto out; + } + if (copy_to_sockptr(USER_SOCKPTR(optval), icsk->icsk_ulp_ops->name, + len)) + ret =3D -EFAULT; +out: + release_sock(sk); + return ret; +} + static int mptcp_getsockopt_sol_tcp(struct mptcp_sock *msk, int optname, char __user *optval, int __user *optlen) { @@ -1415,6 +1448,7 @@ static int mptcp_getsockopt_sol_tcp(struct mptcp_sock= *msk, int optname, =20 switch (optname) { case TCP_ULP: + return mptcp_getsockopt_tcp_ulp(sk, optval, optlen); case TCP_CONGESTION: case TCP_INFO: case TCP_CC_INFO: --=20 2.53.0 From nobody Mon Jun 8 04:25:15 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2B780351C17 for ; Fri, 5 Jun 2026 01:24:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622666; cv=none; b=UBATPFAbYnGyChvxpylZ+bXUNZwa6qdf+53PkPmH07IOxGyd1AWPeQ0UCo0QAbVya3Yhmr6INr2OIujdWGBoC1PMGNZIn19X8ZfpxrjoAitpNLGFR6eZ7+4JmfSa0e1g/ineXa0LaX2bbL0q8JibNkN/GUt04SKKi+r/FhknHB8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622666; c=relaxed/simple; bh=Iklzlhbp9JBQW7xMm6FoVauQGvLCZTYoh4fjbav/F70=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=KW0UH+bVNUxjo+SamSZYxu7NVZMIEh3b42l2VLO95QAxK7ZhbizO++4c/JbCehvRbWRMpn3KWInufZnjnK6nY9Omnz54kY8byqWDi10mDsaARqjLhwZeStVWnNmKMssknK0Bmmzc1y7+7Gg09by2/bTmqpm39OCjwXUGmFu22Fs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Day36RyW; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Day36RyW" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 385E11F0089C; Fri, 5 Jun 2026 01:24:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1780622659; bh=rTJGMb0aZHFaedbBgeubqLAdlseOZ+DRKD2fOMx3DyA=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=Day36RyWQm8alrr/ic3pJRuNiUYJfD/3SvLfAwyzIt0ofjFezQnifWVIf2QttNlPj adfjgTvk5kXEic3ZM6M9KZAAIk/Fmtx10+bQZFtH+wxYDKPvZh9aw4CWgh/+dGnz6a KwmtzVlRUvaj7hs9nE4BaidycSf0euhay8hwnQBUmHWnSFwthz4ijcssGHqCoFojRf iIUUno5rZg1Ejt4QiK56XBw20ayw/CB3+/yVkXAOwnAblIslHwJVSwnxxZ6xK0T/jq iCxLq7mp2E3t5RAnRAnHPSlBg2X5EuZUv1nDs5VxMKMhnbxF5iWEVXxXfHdt8oZEcV g0d9gCBCAApSA== From: Geliang Tang To: mptcp@lists.linux.dev, yangang@kylinos.cn, qiang.zhang@linux.dev Cc: Geliang Tang Subject: [RFC mptcp-next v24 10/18] mptcp: implement ulp setsockopt for tls support Date: Fri, 5 Jun 2026 09:22:50 +0800 Message-ID: X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang Allow MPTCP sockets to set the TCP_ULP socket option to enable TLS. Add mptcp_setsockopt_tcp_ulp() which validates the socket state (must not be CLOSE or LISTEN), only accepts "tls" as the ULP name, and then calls tcp_set_ulp(). Include TCP_ULP in the list of supported options in supported_sockopt(), and handle it in setsockopt_sol_tcp() instead of returning -EOPNOTSUPP. Call tcp_cleanup_ulp() in mptcp_destroy_common() to release ULP module's reference count. On a fallback MPTCP socket, the ULP is already set to "mptcp". Setting "tls" will fail with -EEXIST, so no special handling is needed. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- net/mptcp/protocol.c | 1 + net/mptcp/sockopt.c | 34 +++++++++++++++++++++++++++++++++- 2 files changed, 34 insertions(+), 1 deletion(-) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 55cc68c460b6..a2972e70aa84 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3772,6 +3772,7 @@ static void mptcp_destroy(struct sock *sk) /* allow the following to close even the initial subflow */ msk->free_first =3D 1; mptcp_destroy_common(msk); + tcp_cleanup_ulp(sk); sk_sockets_allocated_dec(sk); } =20 diff --git a/net/mptcp/sockopt.c b/net/mptcp/sockopt.c index cc45491cd3b2..eeb348336195 100644 --- a/net/mptcp/sockopt.c +++ b/net/mptcp/sockopt.c @@ -577,6 +577,7 @@ static bool mptcp_supported_sockopt(int level, int optn= ame) case TCP_FASTOPEN_CONNECT: case TCP_FASTOPEN_KEY: case TCP_FASTOPEN_NO_COOKIE: + case TCP_ULP: return true; } =20 @@ -830,6 +831,37 @@ static int mptcp_setsockopt_all_sf(struct mptcp_sock *= msk, int level, return ret; } =20 +static int mptcp_setsockopt_tcp_ulp(struct sock *sk, sockptr_t optval, + unsigned int optlen) +{ + char name[TCP_ULP_NAME_MAX]; + int err =3D 0; + size_t len; + int val; + + if (optlen < 1) + return -EINVAL; + + len =3D min_t(long, TCP_ULP_NAME_MAX - 1, optlen); + val =3D strncpy_from_sockptr(name, optval, len); + if (val < 0) + return -EFAULT; + name[val] =3D 0; + + if (strcmp(name, "tls")) + return -EOPNOTSUPP; + + sockopt_lock_sock(sk); + if ((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN)) { + err =3D -ENOTCONN; + goto out; + } + err =3D tcp_set_ulp(sk, name); +out: + sockopt_release_sock(sk); + return err; +} + static int mptcp_setsockopt_sol_tcp(struct mptcp_sock *msk, int optname, sockptr_t optval, unsigned int optlen) { @@ -838,7 +870,7 @@ static int mptcp_setsockopt_sol_tcp(struct mptcp_sock *= msk, int optname, =20 switch (optname) { case TCP_ULP: - return -EOPNOTSUPP; + return mptcp_setsockopt_tcp_ulp(sk, optval, optlen); case TCP_CONGESTION: return mptcp_setsockopt_sol_tcp_congestion(msk, optval, optlen); case TCP_DEFER_ACCEPT: --=20 2.53.0 From nobody Mon Jun 8 04:25:15 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3E39E37AA7A for ; Fri, 5 Jun 2026 01:24:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622667; cv=none; b=caju2ew2hmXIHFHO4DtzV9oTTDes6Q5zUnRCae6m7kwejjaCi4NIkTIIMd877aNzIHT9sez5dLbyjcQ8ASS6PuKrZVVkk2TV5Y0QSXuvhnieJsRigEfa1z16eOgVHRwJAh51f7OXQiarzAuEEvPZW0dHBQpxwAw6XDu4Y2j8T1w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622667; c=relaxed/simple; bh=3gl0K9I5PyXXoykIdu26iq4G+91su8cvRW6scifbKT8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=IhoVcbRuoG4Iuir3QGXd3muiEB41dkERqW7F9v30o0vWjMuA/sKm5xxLxJgCsLgg/Tn2Eo7EMsWGiL6b811q06vJowf0L8HD1ltYBo3TfsUZ5/Yc2rPk+VjgnEI3KxttXtSxiAmiL+w8G/fV62pXz3N1r3pkgracyDP22neYDCM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=dtlTDz3X; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="dtlTDz3X" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 30B1D1F00899; Fri, 5 Jun 2026 01:24:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1780622662; bh=i1r228t++8Jx2HzWD9Lh3NCKCbWjqFm66UQqWx4jVMw=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=dtlTDz3XDs5WB9aZXhhg28bIQVmj/9JuisiAN9dvDqr4MIJ/Sa2x4gRYiz/zztfmr XafZMAJcBkdxoQa8SpZOQu+gXYwswPPLBumFS3WrQWQaEIHFr7WiKoSwxwerI8cHlL B66vz4ZNOHOhW3g/8tOoVzBVZ8/c2t0bURn4cj8eA66wL+di0lCoQFikBvO8ySBO2o CYA2FPt0mActQg18JzoJ6DvKSep8s2achw96f5jCa2k4Kx8puRIEmGnBV823nBX8Uv gTA9vjQ99IxWnQi9zHW//4a4PETimb8to2cWPDmV3mCd0K+2Q8vy6rCa6Zs8M5fkkD /W7lNMRuMpUaw== From: Geliang Tang To: mptcp@lists.linux.dev, yangang@kylinos.cn, qiang.zhang@linux.dev Cc: Geliang Tang Subject: [RFC mptcp-next v24 11/18] selftests: mptcp: connect: use espintcp for ulp test Date: Fri, 5 Jun 2026 09:22:51 +0800 Message-ID: X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang With KTLS being implemented, "tls" should no longer be used in sock_test_tcpulp(), it breaks mptcp_connect.sh tests. Another ULP name, "espintcp", is set instead in this patch. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- tools/testing/selftests/net/mptcp/config | 4 ++++ tools/testing/selftests/net/mptcp/mptcp_connect.c | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/net/mptcp/config b/tools/testing/selft= ests/net/mptcp/config index 59051ee2a986..f48bd5183fb3 100644 --- a/tools/testing/selftests/net/mptcp/config +++ b/tools/testing/selftests/net/mptcp/config @@ -34,3 +34,7 @@ CONFIG_NFT_SOCKET=3Dm CONFIG_NFT_TPROXY=3Dm CONFIG_SYN_COOKIES=3Dy CONFIG_VETH=3Dy +CONFIG_INET_ESP=3Dy +CONFIG_INET_ESPINTCP=3Dy +CONFIG_INET6_ESP=3Dy +CONFIG_INET6_ESPINTCP=3Dy diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.c b/tools/test= ing/selftests/net/mptcp/mptcp_connect.c index cbe573c4ab3a..299a7a02d6f5 100644 --- a/tools/testing/selftests/net/mptcp/mptcp_connect.c +++ b/tools/testing/selftests/net/mptcp/mptcp_connect.c @@ -285,11 +285,11 @@ static void sock_test_tcpulp(int sock, int proto, uns= igned int line) if (buflen > 0) { if (strcmp(buf, "mptcp") !=3D 0) xerror("unexpected ULP '%s' for proto %d at line %u", buf, proto, line); - ret =3D do_ulp_so(sock, "tls"); + ret =3D do_ulp_so(sock, "espintcp"); if (ret =3D=3D 0) X("setsockopt"); } else if (proto =3D=3D IPPROTO_MPTCP) { - ret =3D do_ulp_so(sock, "tls"); + ret =3D do_ulp_so(sock, "espintcp"); if (ret !=3D -1) X("setsockopt"); } --=20 2.53.0 From nobody Mon Jun 8 04:25:15 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 97E3F3BB123 for ; Fri, 5 Jun 2026 01:24:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622672; cv=none; b=XUjZ1HOfXvpMZPsQSDo/xSzbEvB7A20+P6tAfcPQ3Q4+ht5mfNttP6RmjPz0wWTOMaizYmIMn+Pg4VdFsjvjj6VtBxtA6rjl3ZB1tNlMhiCg/HDAz2R1IL+//EZR7j5oXX9F7vpu28LmSHMc2kcJS0xrOTmApPLtxVxpSvX1gZg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622672; c=relaxed/simple; bh=Mqrz92JEPCE1o6xkBk8ggU4pOInHHunzS838mGSLmuE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=jIIycmjv6T49CnszUkWRoA504J+XA1UtsBFwRj4A0TfMFS7tY0y8EPZJ6DCTq6DTLviJWrGB0c6uaffDGICa02yFpTmk09lUDRXHWv6iilTkLA0FCNWRazUWZ41pi4LqWGhqY1/0edxmjlK8hz9p1L3NUDTRglQHmqqhG/D/Il4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=M6OVHuWJ; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="M6OVHuWJ" Received: by smtp.kernel.org (Postfix) with ESMTPSA id A02B11F00893; Fri, 5 Jun 2026 01:24:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1780622665; bh=MAO1CzgHEProwfI+nczP+M5IuY8I7OjS+4gtXMDKNlY=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=M6OVHuWJc2mGFor/ShRLEclepTQzRNLPuaeY3b7UxeWmeN0t9azi7KskPDcvWRPzG hU+9ohJDUPPzblFtHzWGH0z1od9SIzVETgAU7qRmgyZZSlDuvHqjg8Z56SZIweIrmK fkZTFi3U+qvjhms/jqTebHXioHI80x0mYBrMSigmu0cKRW99+e8EAZQ6bQhqYhGPAj w7wvmwBTGSMOvLhgxgHPNyNb3u0ayx2iSkfVtk9+twk76FtlFsN7EdyezgLPe4wXDz qESCITpQozxDeWt8riNNmc/Kr5NyJzLW0LxzFthb0gStR8x5vshNYFNmmJbUVcy1Rj iAT8n/S/k5Qpg== From: Geliang Tang To: mptcp@lists.linux.dev, yangang@kylinos.cn, qiang.zhang@linux.dev Cc: Geliang Tang Subject: [RFC mptcp-next v24 12/18] selftests: tls: add mptcp variant for testing Date: Fri, 5 Jun 2026 09:22:52 +0800 Message-ID: <2ffc433750c6afaca48fcee6b3b83d1657a4dafc.1780621326.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang To enable easy MPTCP socket creation in MPTCP TLS tests, two protocol parameters (cli_proto and srv_proto) have been added to ulp_sock_pair(). These are passed as third arguments of socket(): 0 creates TCP sockets, IPPROTO_MPTCP creates MPTCP sockets. A new variant "mptcp" is added both in FIXTURE_VARIANT(tls) to control whether to create MPTCP sockets or not for tests. Add is_mptcp_enable() helper to check MPTCP support. Used in FIXTURE_SETUP(tls) to skip MPTCP variants when MPTCP is not enabled. Also accept EOPNOTSUPP when setting TCP_ULP on MPTCP sockets, as they may return this error in addition to ENOENT. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- tools/testing/selftests/net/tls.c | 46 +++++++++++++++++++++++++++---- 1 file changed, 40 insertions(+), 6 deletions(-) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/ne= t/tls.c index 9b9a3cb2700d..fed83918cd9d 100644 --- a/tools/testing/selftests/net/tls.c +++ b/tools/testing/selftests/net/tls.c @@ -26,6 +26,10 @@ #define TLS_PAYLOAD_MAX_LEN 16384 #define SOL_TLS 282 =20 +#ifndef IPPROTO_MPTCP +#define IPPROTO_MPTCP 262 +#endif + static int fips_enabled; =20 struct tls_crypto_info_keys { @@ -108,8 +112,9 @@ static void memrnd(void *s, size_t n) *byte++ =3D rand(); } =20 -static void ulp_sock_pair(struct __test_metadata *_metadata, - int *fd, int *cfd, bool *notls) +static void __ulp_sock_pair(struct __test_metadata *_metadata, + int *fd, int *cfd, bool *notls, + int cli_proto, int srv_proto) { struct sockaddr_in addr; socklen_t len; @@ -122,8 +127,8 @@ static void ulp_sock_pair(struct __test_metadata *_meta= data, addr.sin_addr.s_addr =3D htonl(INADDR_ANY); addr.sin_port =3D 0; =20 - *fd =3D socket(AF_INET, SOCK_STREAM, 0); - sfd =3D socket(AF_INET, SOCK_STREAM, 0); + *fd =3D socket(AF_INET, SOCK_STREAM, cli_proto); + sfd =3D socket(AF_INET, SOCK_STREAM, srv_proto); =20 ret =3D bind(sfd, &addr, sizeof(addr)); ASSERT_EQ(ret, 0); @@ -143,7 +148,7 @@ static void ulp_sock_pair(struct __test_metadata *_meta= data, =20 ret =3D setsockopt(*fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); if (ret !=3D 0) { - ASSERT_EQ(errno, ENOENT); + ASSERT_TRUE(errno =3D=3D ENOENT || errno =3D=3D EOPNOTSUPP); *notls =3D true; printf("Failure setting TCP_ULP, testing without tls\n"); return; @@ -153,6 +158,12 @@ static void ulp_sock_pair(struct __test_metadata *_met= adata, ASSERT_EQ(ret, 0); } =20 +static void ulp_sock_pair(struct __test_metadata *_metadata, + int *fd, int *cfd, bool *notls) +{ + __ulp_sock_pair(_metadata, fd, cfd, notls, 0, 0); +} + /* Produce a basic cmsg */ static int tls_send_cmsg(int fd, unsigned char record_type, void *data, size_t len, int flags) @@ -310,6 +321,7 @@ FIXTURE_VARIANT(tls) uint16_t tls_version; uint16_t cipher_type; bool nopad, fips_non_compliant; + bool mptcp; }; =20 FIXTURE_VARIANT_ADD(tls, 12_aes_gcm) @@ -395,6 +407,23 @@ FIXTURE_VARIANT_ADD(tls, 12_aria_gcm_256) .cipher_type =3D TLS_CIPHER_ARIA_GCM_256, }; =20 +static bool is_mptcp_enable(void) +{ + char buf[16] =3D { 0 }; + ssize_t n; + int fd; + + fd =3D open("/proc/sys/net/mptcp/enabled", O_RDONLY); + if (fd < 0) + return false; + + n =3D read(fd, buf, sizeof(buf) - 1); + close(fd); + if (n <=3D 0) + return false; + return (atoi(buf) =3D=3D 1); +} + FIXTURE_SETUP(tls) { struct tls_crypto_info_keys tls12; @@ -404,10 +433,15 @@ FIXTURE_SETUP(tls) if (fips_enabled && variant->fips_non_compliant) SKIP(return, "Unsupported cipher in FIPS mode"); =20 + if (variant->mptcp && !is_mptcp_enable()) + SKIP(return, "no MPTCP support"); + tls_crypto_info_init(variant->tls_version, variant->cipher_type, &tls12, 0); =20 - ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls); + __ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls, + variant->mptcp ? IPPROTO_MPTCP : 0, + variant->mptcp ? IPPROTO_MPTCP : 0); =20 if (self->notls) return; --=20 2.53.0 From nobody Mon Jun 8 04:25:15 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1519B3B7B93 for ; Fri, 5 Jun 2026 01:24:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622674; cv=none; b=F8I93PS9/Ew6QY0XfjoonT4Y3g+Oh3nz1S7rtOG/RTeXK8AMYuqJHwMOsrOxk5RSME5HidGg9fpEBYCZDU2u4B49HeU96hYNMgp5bwH71coaOIjNmD+QPtSvgs1R74bntWCOr3vtUYQwRlMf/jHQL67gtwnXb6XVgXLHWN8tk/M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622674; c=relaxed/simple; bh=iqV0zSaCNXM8wzAhRBNqtu6qJvXxNa7FekUqOtiqHWo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=JAbet6Mh5SDHCsl1jt7iHDqdmOhfwWxDvxNcLb6SrMvQ40ow1bq/Em26dfk4kO3IlZLX16dHlFF+8FbRIm3WLN/cZxRVQtM/+Ym8Sy+olc5rxRsvONOZDEzWM1NpCUVNd9KRdjf3f2mk8gV9coaNjqgbgAyDWKZqM7nKkSRwReU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=RfNXedSy; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="RfNXedSy" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3B29E1F0089A; Fri, 5 Jun 2026 01:24:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1780622669; bh=VqJYDhrdfYG8x1P+nVzqyFokwQq12zc8vWSKIl8WGmY=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=RfNXedSyIBah6ZVtkEnuyaNYDWHvK79+7Ro3l9uslvxbeEliEDmesUekhYx3XTCXd keW8SO9FvVrlOCiJ8/DntO0G+Q2IVryUFtoVpU7LGM8jymQ/t9chCghwDaMJELrlpE cYF186jIzY/1UoYO3FRgkxkrfnIBfS+o/fizVulJahV1kxxzpHJA3Itxfgi0UnPKm9 uqYbbazz3j7ocEYKV3aSfcCEnAgny+e3Fx5TcMsLLITQGDN6jN5BL2L6gfuo1WfkXS eq6qXrHB2xeAvr3ggV6K/JvtMKoet0c0eJouLl3WLPOgxO5PeIAXwjI2mufoecvFwP Zo6yXkTf8EbBw== From: Geliang Tang To: mptcp@lists.linux.dev, yangang@kylinos.cn, qiang.zhang@linux.dev Cc: Geliang Tang Subject: [RFC mptcp-next v24 13/18] selftests: tls: increase pollin timeouts for mptcp Date: Fri, 5 Jun 2026 09:22:53 +0800 Message-ID: <144d06579285a2d2012f92e6028d1742e9a9b26d.1780621326.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang MPTCP requires longer timeouts in pollin test due to subflow establishment delays and slower state transitions. Increase timeout values to prevent false failures: # RUN tls.13_sm4_ccm_mptcp.pollin ... # tls.c:1411:pollin:Expected poll(&fd, 1, 20) (0) =3D=3D 1 (1) # tls.c:1412:pollin:Expected fd.revents & POLLIN (0) =3D=3D 1 (1) # pollin: Test failed # FAIL tls.13_sm4_ccm_mptcp.pollin not ok 357 tls.13_sm4_ccm_mptcp.pollin Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- tools/testing/selftests/net/tls.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/ne= t/tls.c index fed83918cd9d..5a6c5ee2757f 100644 --- a/tools/testing/selftests/net/tls.c +++ b/tools/testing/selftests/net/tls.c @@ -1362,6 +1362,7 @@ TEST_F(tls, bidir) =20 TEST_F(tls, pollin) { + int timeout =3D variant->mptcp ? 100 : 20; char const *test_str =3D "test_poll"; struct pollfd fd =3D { 0, 0, 0 }; char buf[10]; @@ -1371,11 +1372,11 @@ TEST_F(tls, pollin) fd.fd =3D self->cfd; fd.events =3D POLLIN; =20 - EXPECT_EQ(poll(&fd, 1, 20), 1); + EXPECT_EQ(poll(&fd, 1, timeout), 1); EXPECT_EQ(fd.revents & POLLIN, 1); EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len); /* Test timing out */ - EXPECT_EQ(poll(&fd, 1, 20), 0); + EXPECT_EQ(poll(&fd, 1, timeout), 0); } =20 TEST_F(tls, poll_wait) --=20 2.53.0 From nobody Mon Jun 8 04:25:15 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7A8FA363C51 for ; Fri, 5 Jun 2026 01:24:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622678; cv=none; b=es3Kf4VcQAJ+mAt0stR/HvXuXvt1nHDLI3BDJ5rkKAbJw3zd01+1zYPIMHsWang/LozCE6UwxhOhpsdVe/zzs3dIZLvWbBPAPBgtlp8GY3/QQaak63diEL9NKTBf+5CU52ExXjTZUt38F63N1m9l/j6JKZRNfQJLi7w057QXJMc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622678; c=relaxed/simple; bh=C8Alr9wHDA1wyvNjYB2Q8LN7wGjGU3z/KZAEUgOKn0E=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=NCOw2MzxgCej+4AqIM5Ko80EmfmAvQ2OBX1biTrtswkDN0anFKliEwpWBhwLSxMSHZV1jTQyEP2FFY4cIjvKINKd/U/FCUShgSRigafGBJLyo+vU4U45uZcd87RqyJNoZjIoqnslhnczDI293cP63Mh6qkq1Iv/Kc6OvxlMVNaQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=keaLkcG4; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="keaLkcG4" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 07D0D1F00898; Fri, 5 Jun 2026 01:24:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1780622671; bh=WEViAPywuZzQo7Al26/ts5tn23+npYf3//x6bxmYZBQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=keaLkcG4hLY9D2I+ATL+lRfOoJSUUb9NKqhKnvXLxE54MY4FDW73svkjq/RIBwZpX 5PFs2Kz0MFGC6Q69by21s13j5qQxGZMgsU8tVTyGo4ucUIYC4A80XPOlemoVFkbP7X OO2W66ud4gVZTxGkqbGwdE7oCEmcnJp7IdRmHDn53ookhVDx8MWg3zsII1MjWLArfF c5SEDrHyLqP/G17LXDV2TrMpeTG7a72Q9EnizCpRuQHOrIisE3x2Xrju/Z2wRM6w/L k46gkJjmVlp3SywXLGdBFR+rTZHyb8Q7QCScvgNZHv1Y/R9/UPyMHUXlGaqB3oXXQa 8DgGqZdp0jzJg== From: Geliang Tang To: mptcp@lists.linux.dev, yangang@kylinos.cn, qiang.zhang@linux.dev Cc: Geliang Tang Subject: [RFC mptcp-next v24 14/18] selftests: tls: increase nonblocking data size for mptcp Date: Fri, 5 Jun 2026 09:22:54 +0800 Message-ID: <1a1d342ccf9c0ed50b4bd133531d60912cc42bb9.1780621326.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang Increase the data size in nonblocking tests to accommodate MPTCP's multi-subflow behavior and ensure sufficient data for testing, avoiding the following errors: # RUN tls.12_aria_gcm_mptcp.nonblocking ... # tls.c:1534:nonblocking:Expected 0 (0) !=3D eagain (0) # nonblocking: Test failed Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- tools/testing/selftests/net/tls.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/ne= t/tls.c index 5a6c5ee2757f..64aad661a1b4 100644 --- a/tools/testing/selftests/net/tls.c +++ b/tools/testing/selftests/net/tls.c @@ -1468,6 +1468,9 @@ TEST_F(tls, nonblocking) int flags; int res; =20 + if (variant->mptcp) + data *=3D 4; + flags =3D fcntl(self->fd, F_GETFL, 0); fcntl(self->fd, F_SETFL, flags | O_NONBLOCK); fcntl(self->cfd, F_SETFL, flags | O_NONBLOCK); --=20 2.53.0 From nobody Mon Jun 8 04:25:15 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C855D2EEE81 for ; Fri, 5 Jun 2026 01:24:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622683; cv=none; b=YvLbiOuREtHJSz7D9jjxLFeCSel4uoHE6Pq3pp9Cgd+/DsxegHsbTTBTp3oR0K1lQseCT5nULBB1OsGAVSViMZAIrTLOdHVdHgD4OoQUW1ONv/T0FbFKeOWhC6YQ8oovTOEdh89xqsqGH8ZB1m78oxbGa12b7CK9l5zpLbERV54= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622683; c=relaxed/simple; bh=x++q9UrygcGpWHorzTl/tCCzY48BIP0kiZ0SE56jM4o=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=QDjrrcJpbQXssWVhjneOsMStU57DaOIqr5Fpxj6189jCUTrt3oTgTBvGsHKwzKSomNEa9zF7odHXoI5tU1va2+tZVZMxc/EVrWd9OXPlEMDd4DxeIyGzo4UWleAGnGG7YHRwQKRPgnfjvPApkFQRvZ5UCGED19tu8bDaKOjSw38= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=EkKpgn0W; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="EkKpgn0W" Received: by smtp.kernel.org (Postfix) with ESMTPSA id F3F101F00893; Fri, 5 Jun 2026 01:24:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1780622675; bh=fKDRQclkJ626atSWNQktztDQZTZsZwJhifMsbK6XASA=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=EkKpgn0WbB7wzQiMew82PljhADPaZuOceCQBZaSsrGHQHcJmoGy6WtHGN1iLh8Bvf wwN0Cl21fm9cY8pgNFPVeUWDllHAczrLxcHbid3pJY0U91kawO/omWudJnam3ntkzw X4ixqFv+AQFloWGNyIBBOWiTB02WXPzhRUonnSZxm2/gDTnf4KACTFc3qaSL5uKyzV d/2NplUkBoTaBagTtbMnGRIMqv0umLnsK1V0pNjEllFxVCdR+F1mBh84Lo7mzGU9v1 XeAP3PLZJDPUtDS4pnNdKrwolZyIC6QhiTIBxQXEspxPJ49h79Uj44AdyyuNxN2Gj2 VDyGQ+o5C/Fag== From: Geliang Tang To: mptcp@lists.linux.dev, yangang@kylinos.cn, qiang.zhang@linux.dev Cc: Geliang Tang Subject: [RFC mptcp-next v24 15/18] selftests: tls: retry bind for mptcp in shutdown_reuse Date: Fri, 5 Jun 2026 09:22:55 +0800 Message-ID: <8e89c02b8c36105a39908fec0d551d913a50c4fc.1780621326.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang In the shutdown_reuse test, after shutdown and close, bind() may fail with EINVAL for MPTCP sockets due to asynchronous state transition of the top-level MPTCP socket. Retry bind() on EINVAL for up to 1000 iterations (1 second) to allow the MPTCP socket to complete its state transition. This fixes the following intermittent failures: # RUN tls.12_aes_gcm_mptcp.shutdown_reuse ... # tls.c:1790:shutdown_reuse:Expected ret (-1) =3D=3D 0 (0) # shutdown_reuse: Test failed # FAIL tls.12_aes_gcm_mptcp.shutdown_reuse not ok 14 tls.12_aes_gcm_mptcp.shutdown_reuse # RUN tls.13_aes_gcm_mptcp.shutdown_reuse ... # tls.c:1790:shutdown_reuse:Expected ret (-1) =3D=3D 0 (0) # shutdown_reuse: Test failed # FAIL tls.13_aes_gcm_mptcp.shutdown_reuse not ok 15 tls.13_aes_gcm_mptcp.shutdown_reuse # RUN tls.12_chacha_mptcp.shutdown_reuse ... # OK tls.12_chacha_mptcp.shutdown_reuse ok 16 tls.12_chacha_mptcp.shutdown_reuse # RUN tls.13_chacha_mptcp.shutdown_reuse ... # OK tls.13_chacha_mptcp.shutdown_reuse ok 17 tls.13_chacha_mptcp.shutdown_reuse # RUN tls.13_sm4_gcm_mptcp.shutdown_reuse ... # tls.c:1790:shutdown_reuse:Expected ret (-1) =3D=3D 0 (0) # shutdown_reuse: Test failed # FAIL tls.13_sm4_gcm_mptcp.shutdown_reuse not ok 18 tls.13_sm4_gcm_mptcp.shutdown_reuse This is only done for MPTCP variants to avoid slowing down plain TCP tests. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- tools/testing/selftests/net/tls.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/ne= t/tls.c index 64aad661a1b4..4ae7505846f9 100644 --- a/tools/testing/selftests/net/tls.c +++ b/tools/testing/selftests/net/tls.c @@ -1744,6 +1744,7 @@ TEST_F(tls, shutdown_unsent) TEST_F(tls, shutdown_reuse) { struct sockaddr_in addr; + int i =3D 0; int ret; =20 shutdown(self->fd, SHUT_RDWR); @@ -1754,7 +1755,13 @@ TEST_F(tls, shutdown_reuse) addr.sin_addr.s_addr =3D htonl(INADDR_ANY); addr.sin_port =3D 0; =20 +retry: ret =3D bind(self->fd, &addr, sizeof(addr)); + if (variant->mptcp && + ret < 0 && errno =3D=3D EINVAL && i++ < 1000) { + usleep(1000); + goto retry; + } EXPECT_EQ(ret, 0); ret =3D listen(self->fd, 10); EXPECT_EQ(ret, -1); --=20 2.53.0 From nobody Mon Jun 8 04:25:15 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 68DB13BADB5 for ; Fri, 5 Jun 2026 01:24:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622687; cv=none; b=OdwD5VvFQ2MGsDr45GTpB874QQ+p2YOw7vUEqB+T/usIUgrFM38jrE4CxqYQZyZL1vykYzO0k0aWT0XHfBDJW5db2Mc0e8s/0FyQWh1sAoZUe4aknHUTyxA1sxvZVfghWHMt1V9nDIiYh2c/oZ+zkTCfbwVyevXrd73rLnhIub4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622687; c=relaxed/simple; bh=oqContIvSwDjBBUvCDlGJnboNlniQ4AqWa16l/Stl9A=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=HSo1XEJ9Nw+qjWCbrNtINLxIuRgiU5x4pWpZuHbd8U+PJo/Iknr32IeEQ+JrDnNxfXEQdaP13H3ksMXSgPXxotoQiihvorjhuh5iCQ+LJHc2SeXGPHNIPuD/8hF3wUwz4GHre9RUg8Sfg9l/tqOSpmtiVwxvJizIGqj+xVvAS2I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=f37ef4gy; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="f37ef4gy" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5C9091F0089A; Fri, 5 Jun 2026 01:24:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1780622679; bh=jNixIy30UgWwxn53isZSW3yVS4d5nxvceDL4X9ngrNM=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=f37ef4gyDo+B4fxnSvZdFbwzJz7GJ8bpOJIc1AdgSU5buznGMMC4UCwr6bOtzw6OV lBLHoKNSQYoJAbVBwYNuK83NerOdCjJWEfe1lRWgm6gqp1T2gVXAKVK65q2cBxoiml B+ZiY7/aQJhbsxG9mrbmrIFzey0vZmQVibuCigV+vQVGSeivQpp5EgX4ebfF7ff1os nsAIOcGcD/w77qmJbUN3cqM9NAmrBfniVyB9qPwgnVzDHdKTc/4exP36xpKMzin3N/ pIKxCcNZvlBW2/IiZdXf5ihH5NAgZvTal4lznrmwUMc/Jms22AksuETRlnUz8lqjS+ YScNGEzhe61LQ== From: Geliang Tang To: mptcp@lists.linux.dev, yangang@kylinos.cn, qiang.zhang@linux.dev Cc: Geliang Tang , Paolo Abeni Subject: [RFC mptcp-next v24 16/18] selftests: tls: set timeout for multi_chunk_sendfile Date: Fri, 5 Jun 2026 09:22:56 +0800 Message-ID: X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang The multi_chunk_sendfile test can time out with the default 30-second limit when run on certain configurations (e.g., MPTCP). Add a 240-second timeout using TEST_F_TIMEOUT to prevent failure: # multi_chunk_sendfile: Test terminated by timeout 30 # FAIL tls.13_chacha_mptcp.multi_chunk_sendfile not ok 204 tls.13_chacha_mptcp.multi_chunk_sendfile Suggested-by: Paolo Abeni Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- tools/testing/selftests/net/tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/ne= t/tls.c index 4ae7505846f9..6f51da27ef1e 100644 --- a/tools/testing/selftests/net/tls.c +++ b/tools/testing/selftests/net/tls.c @@ -536,7 +536,7 @@ static void chunked_sendfile(struct __test_metadata *_m= etadata, close(fd); } =20 -TEST_F(tls, multi_chunk_sendfile) +TEST_F_TIMEOUT(tls, multi_chunk_sendfile, 240) { chunked_sendfile(_metadata, self, 4096, 4096); chunked_sendfile(_metadata, self, 4096, 0); --=20 2.53.0 From nobody Mon Jun 8 04:25:15 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8DFA63BAD99 for ; Fri, 5 Jun 2026 01:24:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622691; cv=none; b=tEHZrj06OASzrz2feDO0mU1cNIRQCCA4HX5rlId4431QhZbPDBhEPEs7Bc6EtJuwOsNFDKyT6oA/FCePiKMITjvC8IzC9aOcObkqbVWh0ojL4Z5Xc5XwkEMMRcN77/kHqCo0VQy63laYCvM7G2Q0sJmi2yQTMjRJgzjJjD+SJzM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622691; c=relaxed/simple; bh=82iGtqlHP03QmuWGf0VaMBINawAW0bVgPGIo/n8dCzs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=IpZBacZQwj/yzNLrlGD7fi/e6zdpnl7rAwvzJArrw8k1CDQ5oFL26km8ymx1OaqZ6wleZ74GX0MjzvwHduvqzfKyIDkdYcIDrlQRkbi2F9aP+EwZTWvkmzxYgzJ+YrUso8jZKagtWEQ6CO8PeM3oaqTGHkGXW/9gwSY+TPmbeEg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=oIMtrIQb; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="oIMtrIQb" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5CA921F00898; Fri, 5 Jun 2026 01:24:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1780622683; bh=sD3L1RTJjtvETcJNDdakdqHvduVfdS94pHrk3pmxhy0=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=oIMtrIQboxsBJDiJeTi0JBfLiMBGjDB4LJ5iRsn7ja2x15M5Wz0WRG5XiL6yAHH++ A6SYNNueLeIbk9UvcT6EmznUdkeAaOo0+on3uq7wqJTT/t2/Z4Eg4grQJF3ElKuWIw +BWmpu4Ie25oWxGGw+DZE5qn0ikm4KtaiMFhk6yQWdxsxV1beMRhkGmZb9CBWdZRk+ kB2v4js8XRY+CI1QWudYbXo8PsAA9U14dpo8by18ovZA3DNpPUo1FwdfTP1WbY1QAw RnpNwBeUhcFxFYg43zdqQze2Jc3hWe2N4EpDrCKPZcBeDUXvqosaa726/UVKa7cUJn EgKZoxCLcpxbw== From: Geliang Tang To: mptcp@lists.linux.dev, yangang@kylinos.cn, qiang.zhang@linux.dev Cc: Geliang Tang Subject: [RFC mptcp-next v24 17/18] selftests: tls: add mptcp test cases Date: Fri, 5 Jun 2026 09:22:57 +0800 Message-ID: <353562249c2b1b90014f3ef08e10bf5f5bd3d628.1780621326.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang This patch introduces MPTCP test cases for the TLS fixture. These "mptcp" variants are configured to create MPTCP sockets specifically for MPTCP TLS testing purposes. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- tools/testing/selftests/net/tls.c | 96 +++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/ne= t/tls.c index 6f51da27ef1e..83cdb06da587 100644 --- a/tools/testing/selftests/net/tls.c +++ b/tools/testing/selftests/net/tls.c @@ -407,6 +407,102 @@ FIXTURE_VARIANT_ADD(tls, 12_aria_gcm_256) .cipher_type =3D TLS_CIPHER_ARIA_GCM_256, }; =20 +FIXTURE_VARIANT_ADD(tls, 12_aes_gcm_mptcp) +{ + .tls_version =3D TLS_1_2_VERSION, + .cipher_type =3D TLS_CIPHER_AES_GCM_128, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 13_aes_gcm_mptcp) +{ + .tls_version =3D TLS_1_3_VERSION, + .cipher_type =3D TLS_CIPHER_AES_GCM_128, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 12_chacha_mptcp) +{ + .tls_version =3D TLS_1_2_VERSION, + .cipher_type =3D TLS_CIPHER_CHACHA20_POLY1305, + .fips_non_compliant =3D true, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 13_chacha_mptcp) +{ + .tls_version =3D TLS_1_3_VERSION, + .cipher_type =3D TLS_CIPHER_CHACHA20_POLY1305, + .fips_non_compliant =3D true, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 13_sm4_gcm_mptcp) +{ + .tls_version =3D TLS_1_3_VERSION, + .cipher_type =3D TLS_CIPHER_SM4_GCM, + .fips_non_compliant =3D true, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 13_sm4_ccm_mptcp) +{ + .tls_version =3D TLS_1_3_VERSION, + .cipher_type =3D TLS_CIPHER_SM4_CCM, + .fips_non_compliant =3D true, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 12_aes_ccm_mptcp) +{ + .tls_version =3D TLS_1_2_VERSION, + .cipher_type =3D TLS_CIPHER_AES_CCM_128, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 13_aes_ccm_mptcp) +{ + .tls_version =3D TLS_1_3_VERSION, + .cipher_type =3D TLS_CIPHER_AES_CCM_128, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 12_aes_gcm_256_mptcp) +{ + .tls_version =3D TLS_1_2_VERSION, + .cipher_type =3D TLS_CIPHER_AES_GCM_256, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 13_aes_gcm_256_mptcp) +{ + .tls_version =3D TLS_1_3_VERSION, + .cipher_type =3D TLS_CIPHER_AES_GCM_256, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 13_nopad_mptcp) +{ + .tls_version =3D TLS_1_3_VERSION, + .cipher_type =3D TLS_CIPHER_AES_GCM_128, + .nopad =3D true, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 12_aria_gcm_mptcp) +{ + .tls_version =3D TLS_1_2_VERSION, + .cipher_type =3D TLS_CIPHER_ARIA_GCM_128, + .mptcp =3D true, +}; + +FIXTURE_VARIANT_ADD(tls, 12_aria_gcm_256_mptcp) +{ + .tls_version =3D TLS_1_2_VERSION, + .cipher_type =3D TLS_CIPHER_ARIA_GCM_256, + .mptcp =3D true, +}; + static bool is_mptcp_enable(void) { char buf[16] =3D { 0 }; --=20 2.53.0 From nobody Mon Jun 8 04:25:15 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CFC293126A0 for ; Fri, 5 Jun 2026 01:24:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622695; cv=none; b=L5iCHS10QL0pE9+YSjovlibBuT/IU34VSEVm1a2m95HrnXwzhDhFFPxS9I3LlHx1fM+BOBK4ZbGcyFIunAcUe2LhnFG6Nim428/LHle44nrzYeBo9NvXbg4hskmSnVVW7BqcruJyNY//B5XoxmDmxE3bKkD7GMqrvpZsBEXn9Ts= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780622695; c=relaxed/simple; bh=oh836tNBbGv9lStuFKPhGrXSl3XH9N3xEReyRKNE2Fs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=r575X5shwS5NHLKD5QMFFDtTylT34v72UssRXbgqdZEvq5igqKWxJIF8Zft3DSbtglwUeh14iFdLfM712Kb+a6mrqmyrCZbcglQYmXMW0CFs3tOv74vprFY+JptkJbByYh0qlHzV99gsvlYLTSteD6p5SsA8c7vq8B8NQPLnPwY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=IHG6fDCG; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="IHG6fDCG" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0E8431F00899; Fri, 5 Jun 2026 01:24:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1780622686; bh=djlHMWKxdleBmF8gbCWMrbEI9WbhJ5fonqtX+jhWqyg=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=IHG6fDCGE5zemTHztIRY4BMox2qNb+ALYi8icS9v3Z8Lojb7jSEw78WeSZ4oFQdvn 7qJ+KWEIdRaOwDXwFRZifM8Xgmaxufq1OolBzfbBAuc1+eAxcJbH8AMsu3iNc2o/Mz QPw9wHrSov2jBr8sBLds2ujKjJv6w+tpSuJlxN0SWYFPzdksIO1Qma14N4MzG2VUrt 3AbNm1xTthodKtvpavSiYjMX67i3Mth83qajV60cpVZq8OL6Inke9jQP7V/u7NmVo3 z2kV7dwc7wdVs2xTc0hrWcIs4o7M3ua1dttZr8mfKuuahCHz/Pe3WtegHZMa4r/Ag5 jRfIZ+4Q0Vivg== From: Geliang Tang To: mptcp@lists.linux.dev, yangang@kylinos.cn, qiang.zhang@linux.dev Cc: Geliang Tang Subject: [RFC mptcp-next v24 18/18] selftests: mptcp: cover mptcp tls tests Date: Fri, 5 Jun 2026 09:22:58 +0800 Message-ID: X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang The mptcp tests for tls.c is available now, this patch adds mptcp_tls.sh to test it in the MPTCP CI by default. The script creates a network namespace, sets up the necessary MPTCP endpoints (by default with 4 subflows), and invokes the tls test binary with all MPTCP-specific test variants (e.g., 12_aes_gcm_mptcp, 13_aes_gcm_mptcp, etc.). A symbolic link to the existing tls.c test program is created under the mptcp selftests directory. Additionally, update the kernel config to enable TLS and the required crypto modules (ARIA, CCM, ChaCha20-Poly1305, SM4) so that all test ciphers can be exercised. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Signed-off-by: Geliang Tang --- tools/testing/selftests/net/mptcp/.gitignore | 1 + tools/testing/selftests/net/mptcp/Makefile | 2 + tools/testing/selftests/net/mptcp/config | 5 ++ .../testing/selftests/net/mptcp/mptcp_tls.sh | 61 +++++++++++++++++++ tools/testing/selftests/net/mptcp/tls.c | 1 + 5 files changed, 70 insertions(+) create mode 100755 tools/testing/selftests/net/mptcp/mptcp_tls.sh create mode 120000 tools/testing/selftests/net/mptcp/tls.c diff --git a/tools/testing/selftests/net/mptcp/.gitignore b/tools/testing/s= elftests/net/mptcp/.gitignore index 833279fb34e2..f6defec6eeb5 100644 --- a/tools/testing/selftests/net/mptcp/.gitignore +++ b/tools/testing/selftests/net/mptcp/.gitignore @@ -4,4 +4,5 @@ mptcp_diag mptcp_inq mptcp_sockopt pm_nl_ctl +tls *.pcap diff --git a/tools/testing/selftests/net/mptcp/Makefile b/tools/testing/sel= ftests/net/mptcp/Makefile index 22ba0da2adb8..f7c959a25b3b 100644 --- a/tools/testing/selftests/net/mptcp/Makefile +++ b/tools/testing/selftests/net/mptcp/Makefile @@ -14,6 +14,7 @@ TEST_PROGS :=3D \ mptcp_connect_splice.sh \ mptcp_join.sh \ mptcp_sockopt.sh \ + mptcp_tls.sh \ pm_netlink.sh \ simult_flows.sh \ userspace_pm.sh \ @@ -25,6 +26,7 @@ TEST_GEN_FILES :=3D \ mptcp_inq \ mptcp_sockopt \ pm_nl_ctl \ + tls \ # end of TEST_GEN_FILES =20 TEST_FILES :=3D \ diff --git a/tools/testing/selftests/net/mptcp/config b/tools/testing/selft= ests/net/mptcp/config index f48bd5183fb3..bfc26bde0501 100644 --- a/tools/testing/selftests/net/mptcp/config +++ b/tools/testing/selftests/net/mptcp/config @@ -38,3 +38,8 @@ CONFIG_INET_ESP=3Dy CONFIG_INET_ESPINTCP=3Dy CONFIG_INET6_ESP=3Dy CONFIG_INET6_ESPINTCP=3Dy +CONFIG_TLS=3Dm +CONFIG_CRYPTO_ARIA=3Dm +CONFIG_CRYPTO_CCM=3Dm +CONFIG_CRYPTO_CHACHA20POLY1305=3Dm +CONFIG_CRYPTO_SM4_GENERIC=3Dm diff --git a/tools/testing/selftests/net/mptcp/mptcp_tls.sh b/tools/testing= /selftests/net/mptcp/mptcp_tls.sh new file mode 100755 index 000000000000..79d120cd4b16 --- /dev/null +++ b/tools/testing/selftests/net/mptcp/mptcp_tls.sh @@ -0,0 +1,61 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 + +. "$(dirname "${0}")/mptcp_lib.sh" + +ret=3D0 +ns1=3D"" +pid=3D"" + +# This function is used in the cleanup trap +#shellcheck disable=3DSC2317,SC2329 +cleanup() +{ + if [ -n "$pid" ] && kill -0 "$pid" 2>/dev/null; then + kill "$pid" 2>/dev/null + wait "$pid" 2>/dev/null + fi + + mptcp_lib_ns_exit "$ns1" +} + +init() +{ + local max=3D"${1:-4}" + + mptcp_lib_ns_init ns1 + + mptcp_lib_pm_nl_set_limits "$ns1" "$max" "$max" + + local i + for i in $(seq 1 "$max"); do + mptcp_lib_pm_nl_add_endpoint "$ns1" \ + "127.0.0.1" flags signal port 1000"$i" + done +} + +mptcp_lib_check_mptcp + +trap cleanup EXIT + +init + +ip netns exec "$ns1" ./tls -v 12_aes_gcm_mptcp \ + -v 13_aes_gcm_mptcp \ + -v 12_chacha_mptcp \ + -v 13_chacha_mptcp \ + -v 13_sm4_gcm_mptcp \ + -v 13_sm4_ccm_mptcp \ + -v 12_aes_ccm_mptcp \ + -v 13_aes_ccm_mptcp \ + -v 12_aes_gcm_256_mptcp \ + -v 13_aes_gcm_256_mptcp \ + -v 13_nopad_mptcp \ + -v 12_aria_gcm_mptcp \ + -v 12_aria_gcm_256_mptcp & +pid=3D$! +wait $pid +ret=3D$? + +mptcp_lib_result_print_all_tap +exit $ret diff --git a/tools/testing/selftests/net/mptcp/tls.c b/tools/testing/selfte= sts/net/mptcp/tls.c new file mode 120000 index 000000000000..724b1f047c89 --- /dev/null +++ b/tools/testing/selftests/net/mptcp/tls.c @@ -0,0 +1 @@ +../tls.c \ No newline at end of file --=20 2.53.0