From nobody Thu Jun 11 06:59:51 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 954B02F8E98
	for <mptcp@lists.linux.dev>; Tue,  9 Jun 2026 02:19:18 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780971559; cv=none;
 b=IRyvilRazwnplbRsMZofuS+oCF1fyK7WuQqbBDn49L73l3Uq97G690cs5viCjdAp+D9D5ts1orhaPxj/swLvmRjKdh2aC1uuuRR538VTngs9vWRNQoTy1IzdxfbyX2S5sMruujOK2sV9WVePGUqQ7kRWMGLf0yNy1AoV3FzpHMM=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780971559; c=relaxed/simple;
	bh=guQnhnLaYe5q+Cyyel5GQphphPBrwj42TA4e/kkaE0Q=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=fvjCHMKuoQKttWyuePJuPcDAgOGyA0GUF7nI8laigxct9A6aC/Nv90nyINi74V+Lzc7ycH0Ixp4o5lIo0FUG90ENvmCSr1m90C/Qrw/fXBmu9wOmGYmul76Q/p/IFZSIlqEAWpL+h3HQ11jqtU3X/SqJsFixu/cT2q++kElgTPo=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=dQRvo2uZ; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="dQRvo2uZ"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 52F0C1F00898;
	Tue,  9 Jun 2026 02:19:17 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780971558;
	bh=dvwBBzQGkwhG03Uvq2YTmN8ktK6fIV80vm3uPhbs+D0=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=dQRvo2uZKLhlUo++PWsp2kwTpqNaMN0QX2jK0tBmPCRcFNqbr4pNVy05PbgfanyQ/
	 QRkhWVfNoDJTd3G2n1DyYlo06m3Ns8/VjWHZH6LVnvyz2KRHPTrUEVOHX90n4mf5Q8
	 ahfxkBZIqEjXJDvFQyyhXUsoTP0EWsyJDy4KZ0rLIle+RZA7pbdcvqLWdmZVi1E+ug
	 lGuTQ5hwcmGzhgiLPP3PZrWVOp/wnfXmdSdCPR3q8B2/xRGtdAZS8/MstfCl/bs0YP
	 lsxlK8XkvEMdUrjbO+w7Wj9bGOed3nMViLmvS+CxXjOklEnQAbcX7rpcf5mbSLZA9K
	 losWw1E9Kg0Pw==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>
Subject: [RFC mptcp-next v25 01/22] mptcp: add sendmsg_locked to proto_ops
Date: Tue,  9 Jun 2026 10:18:27 +0800
Message-ID: 
 <ed204110f6d5bfcd8ae4d8d55739fa59a5f56a83.1780970284.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1780970284.git.tanggeliang@kylinos.cn>
References: <cover.1780970284.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

MPTCP currently provides a standard sendmsg() implementation which
acquires and releases the socket lock internally. However, certain
upper layers (e.g., TLS) need to call the sendmsg method while the
socket lock is already held.

Split the existing mptcp_sendmsg() into mptcp_sendmsg_locked() which
assumes the caller holds the socket lock, and a tiny wrapper
mptcp_sendmsg() that acquires the lock and calls the locked version.

Expose .sendmsg_locked in both mptcp_stream_ops and mptcp_v6_stream_ops.

Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 net/mptcp/protocol.c | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index a4f7e99b30db..7f0c560f6b7e 100644
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -1967,7 +1967,7 @@ static void mptcp_rps_record_subflows(const struct mp=
tcp_sock *msk)
 	}
 }
=20
-static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
+static int mptcp_sendmsg_locked(struct sock *sk, struct msghdr *msg, size_=
t len)
 {
 	struct mptcp_sock *msk =3D mptcp_sk(sk);
 	struct page_frag *pfrag;
@@ -1979,8 +1979,6 @@ static int mptcp_sendmsg(struct sock *sk, struct msgh=
dr *msg, size_t len)
 	msg->msg_flags &=3D MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL |
 			  MSG_FASTOPEN | MSG_EOR;
=20
-	lock_sock(sk);
-
 	mptcp_rps_record_subflows(msk);
=20
 	if (unlikely(inet_test_bit(DEFER_CONNECT, sk) ||
@@ -2096,7 +2094,6 @@ static int mptcp_sendmsg(struct sock *sk, struct msgh=
dr *msg, size_t len)
 	}
=20
 out:
-	release_sock(sk);
 	return copied;
=20
 do_error:
@@ -2107,6 +2104,17 @@ static int mptcp_sendmsg(struct sock *sk, struct msg=
hdr *msg, size_t len)
 	goto out;
 }
=20
+static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
+{
+	int ret;
+
+	lock_sock(sk);
+	ret =3D mptcp_sendmsg_locked(sk, msg, len);
+	release_sock(sk);
+
+	return ret;
+}
+
 static void mptcp_rcv_space_adjust(struct mptcp_sock *msk, int copied);
=20
 static void mptcp_eat_recv_skb(struct sock *sk, struct sk_buff *skb)
@@ -4703,6 +4711,7 @@ static const struct proto_ops mptcp_stream_ops =3D {
 	.set_rcvlowat	   =3D mptcp_set_rcvlowat,
 	.read_sock	   =3D mptcp_read_sock,
 	.splice_read	   =3D mptcp_splice_read,
+	.sendmsg_locked	   =3D mptcp_sendmsg_locked,
 };
=20
 static struct inet_protosw mptcp_protosw =3D {
@@ -4815,6 +4824,7 @@ static const struct proto_ops mptcp_v6_stream_ops =3D=
 {
 	.set_rcvlowat	   =3D mptcp_set_rcvlowat,
 	.read_sock	   =3D mptcp_read_sock,
 	.splice_read	   =3D mptcp_splice_read,
+	.sendmsg_locked	   =3D mptcp_sendmsg_locked,
 };
=20
 static struct proto mptcp_v6_prot;
--=20
2.43.0
From nobody Thu Jun 11 06:59:51 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id C43D52F8E98
	for <mptcp@lists.linux.dev>; Tue,  9 Jun 2026 02:19:19 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780971560; cv=none;
 b=KKS6kuc+o7EumZWmC0Lv/d+uIRbQo6paYOTQEwYIoyQO+b71LXGy9ZCG4POI70Zn2/qWFmx9BpW5mzU4OkbbGeD39sQ9sLZelMIyUOnZyFKSEzI8HA7moPDwi68a/D0X70EMRaqTKGZKDfqKJnfY93W5/PnCqEgBz/CvkAR71SE=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780971560; c=relaxed/simple;
	bh=Op4/qidNO8/EEe0sw4xhDG6E3OdgHtNYgc2N5+3BTik=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=L+5rmtoudGaH6fUFhNKKFJxnnScpfoDvi3aNZpRNWnCcGnYqQ5/agUBa8efTZwyq5Aw7GjYddWt0V9FE1ZyrlEEi1gXTdoOsdL9mfyr5rBQdaG7fqHmWsq5c4FQvn41OzYe69rPaAP1Z3qJst6KygO3n5dpnDe8lliUuHQ7JuYI=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=SH9UiJS7; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="SH9UiJS7"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id B1B991F00893;
	Tue,  9 Jun 2026 02:19:18 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780971559;
	bh=imOyKEOqZ1XlIkcEU9jy1P7MzSTycLzbZZSOKast33Q=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=SH9UiJS7zeTRwS+L3ZQphuqRAgVrgwPeTcbvPGlEqhkdZERQXVw2ETVmYWW/oIea/
	 togb4wirOwvoki/yFO+UsyDF8sorg5F+PEdSv1xYNgFSF9cmtWr2ShJ7Xl/ItQ9XtQ
	 qvlVGys507alDVuHczV3J9In3qvb/8BDzP6uaLm7CdvEfFfRn47/pVfxYkF55k7iad
	 /eSCF1hqoNxtyBn14XF3cPJHszZIBSszuIiupOWHmos3zMdxZ2LHac2JiU6Z2Rl5xA
	 v6Fkj2/+hv+qdtxDvR/VaS5BiJFGiJyspGf1xKsEoI5WivxkCr8Pp2zEUGugQCP33W
	 wEn9C/YP+BZpw==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>
Subject: [RFC mptcp-next v25 02/22] tls: use sendmsg_locked from the
 underlying socket
Date: Tue,  9 Jun 2026 10:18:28 +0800
Message-ID: 
 <ffdba5765d2cd4696bbb32e756329be6ae95dd88.1780970284.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1780970284.git.tanggeliang@kylinos.cn>
References: <cover.1780970284.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

TLS offload (device and sw) may call tcp_sendmsg_locked() directly
when pushing TLS records. This assumes the underlying socket is always
a TCP socket. With MPTCP, the socket can be an MPTCP socket, which
does not directly expose a sendmsg_locked method via its proto_ops.

Replace the hard-coded tcp_sendmsg_locked() call with
sk->sk_socket->ops->sendmsg_locked(). This enables TLS to work
transparently over any socket that implements .sendmsg_locked,
including MPTCP after the previous commit.

The change is safe because both TCP and MPTCP now provide a conformant
.sendmsg_locked implementation.

Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 net/tls/tls_main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index fd39acf41a61..15605ac45ba2 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -194,7 +194,7 @@ int tls_push_sg(struct sock *sk,
 		bvec_set_page(&bvec, p, size, offset);
 		iov_iter_bvec(&msg.msg_iter, ITER_SOURCE, &bvec, 1, size);
=20
-		ret =3D tcp_sendmsg_locked(sk, &msg, size);
+		ret =3D sk->sk_socket->ops->sendmsg_locked(sk, &msg, size);
=20
 		if (ret !=3D size) {
 			if (ret > 0) {
--=20
2.43.0
From nobody Thu Jun 11 06:59:51 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 428E526CE32
	for <mptcp@lists.linux.dev>; Tue,  9 Jun 2026 02:19:22 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780971563; cv=none;
 b=orq3DPIoQawrkN4GQEitS/oKdztuX+K8BplI2+fABoRF/KEt0EDlaTB0GYA8U5Vok6+wxgahBCPsTrUlvI7Q/16n5sKXV6wq37Wimi7diwrWP+KrnY+yjs/ZUbKpF+9PRCmi77gpVT+ggiutnWfh6Xu43EaXsTpDqz6JXy9F9KA=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780971563; c=relaxed/simple;
	bh=8OcwG1w3JD2kkjVs4gyvVCgMQIzZ3LgHLy2RSK3ithU=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=PiJNUY5VBPiS2nWUcDG1MY0xAEo/uTCrr1QxKxrBFTyVFhWGq7OuvAnon+ZfebF8HNsHu1KR05uP3zYUUnSIn03NmMRx/pIJhVL4qvBryGbn44wp8geqJnMNULKA5xT0qu6tZIBxNqXo0YeropmfQDbSr5xKxgcqNNfUYE76jks=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=e1yYygIz; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="e1yYygIz"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0498B1F00898;
	Tue,  9 Jun 2026 02:19:19 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780971562;
	bh=BNWUb5CXXfh5aHD+Fkqba6f/U6vQMRu8EU0v+Z5kXiI=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=e1yYygIzpeErLpDR3+eHTQOIXx12HOe/8hgci3IJel9agnSyofc/8eeBuU94yusKc
	 +nX43B+UPlfMaQcz7tWVfcYrCWxYTlaS/kDEUfpEo3KmkXGVgdmarD57eOb6OIdYa0
	 ymZ4jBOYJuiY/ZL71Tk7FOy8BlR7NE/7UzgUzFRIL42RhHji/GEoDSdBcedAtvoVx5
	 /mgoYAxyvljTmdgvHLxBF1JhyToqQqDITx65ofY8HtEUORa/dQGdGCeyxhql2BT+zP
	 56M8MOZZp+3WYo+yUR6sojMOytQtIpItyrkVL6G6JNi6CdPrJQalXdhkKlSDSZherT
	 z5XC9oP1Q54Dg==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>
Subject: [RFC mptcp-next v25 03/22] mptcp: implement peek_len for proto_ops
Date: Tue,  9 Jun 2026 10:18:29 +0800
Message-ID: 
 <b17eb93495413decd9e4f5f1f02dec677d749663.1780970284.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1780970284.git.tanggeliang@kylinos.cn>
References: <cover.1780970284.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

The TLS stack uses tcp_inq() to query the amount of data available
in the receive queue without consuming it. For MPTCP sockets, this
information is not directly available from a TCP subflow; it must be
computed from the MPTCP receive queue and the current mapping.

Introduce mptcp_peek_len() which returns the number of bytes that
can be peeked from the MPTCP socket. It reuses the existing
mptcp_inq() helper (used by ioctl SIOCINQ). The implementation
considers the first skb in the receive queue, the current ack_seq,
and handles the FIN case.

Assign .peek_len in both mptcp_stream_ops and mptcp_v6_stream_ops
so that upper layers (e.g., TLS) can obtain the correct in-queue
byte count for an MPTCP connection.

Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 net/mptcp/protocol.c | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index 7f0c560f6b7e..18c8b6c64c3f 100644
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -4689,6 +4689,38 @@ static ssize_t mptcp_splice_read(struct socket *sock=
, loff_t *ppos,
 	return ret;
 }
=20
+static int mptcp_inq(struct sock *sk)
+{
+	const struct mptcp_sock *msk =3D mptcp_sk(sk);
+	const struct sk_buff *skb;
+
+	if ((1 << sk->sk_state) & (TCPF_SYN_SENT | TCPF_SYN_RECV))
+		return 0;
+
+	skb =3D skb_peek(&sk->sk_receive_queue);
+	if (skb) {
+		u64 answ =3D READ_ONCE(msk->ack_seq) - MPTCP_SKB_CB(skb)->map_seq;
+
+		if (answ >=3D INT_MAX)
+			answ =3D INT_MAX;
+
+		/* Subtract 1, if FIN was received */
+		if (answ &&
+		    (sk->sk_state =3D=3D TCP_CLOSE ||
+		     (sk->sk_shutdown & RCV_SHUTDOWN)))
+			answ--;
+
+		return (int)answ;
+	}
+
+	return 0;
+}
+
+static int mptcp_peek_len(struct socket *sock)
+{
+	return mptcp_inq(sock->sk);
+}
+
 static const struct proto_ops mptcp_stream_ops =3D {
 	.family		   =3D PF_INET,
 	.owner		   =3D THIS_MODULE,
@@ -4712,6 +4744,7 @@ static const struct proto_ops mptcp_stream_ops =3D {
 	.read_sock	   =3D mptcp_read_sock,
 	.splice_read	   =3D mptcp_splice_read,
 	.sendmsg_locked	   =3D mptcp_sendmsg_locked,
+	.peek_len	   =3D mptcp_peek_len,
 };
=20
 static struct inet_protosw mptcp_protosw =3D {
@@ -4825,6 +4858,7 @@ static const struct proto_ops mptcp_v6_stream_ops =3D=
 {
 	.read_sock	   =3D mptcp_read_sock,
 	.splice_read	   =3D mptcp_splice_read,
 	.sendmsg_locked	   =3D mptcp_sendmsg_locked,
+	.peek_len	   =3D mptcp_peek_len,
 };
=20
 static struct proto mptcp_v6_prot;
--=20
2.43.0
From nobody Thu Jun 11 06:59:51 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 973D12EA480
	for <mptcp@lists.linux.dev>; Tue,  9 Jun 2026 02:19:26 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780971567; cv=none;
 b=sMoKKvVnDyZvpq4uiYKst0UEhlxSXwHXvdNnpg2/HI1UFWz2xFxgItf5A3JjeURdenErv5+4GY/1+/cjbVt902/SiJJHcEIjySocmJ/9UXUuLyn+xBSY7HiwJ/kph3gKM4RRDywcWgosQaIS1sRsyUAUUNcfAp+udubiIDUF8qU=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780971567; c=relaxed/simple;
	bh=VHTysyCT+QHPcWheBGQ7vWkBA+p9OB64Q+D1pAXfcPI=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=sE3OOrYzRaVsqWn7ZkWIvgiA7IcOHe5/J+ox03OTbV/gbml6+2556SxEgiNR4GVg/vqSJAnsqjCBN8BmyIHJjNGmHPgWI6HOUi/tWIVzk6jmeA1/ttLckPcix2gQ6qoej0569W/lt2MWjCJeTaTnMuzlt5qIbY7gpZ9axtx06xU=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=JS7Z1Heb; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="JS7Z1Heb"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1A50F1F00893;
	Tue,  9 Jun 2026 02:19:22 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780971566;
	bh=UqwTny8lm73e/bg9bgWS1ZWlJFjYzPr3AJUZtW4HQ4s=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=JS7Z1HebSiEbNq53eLawmPe8oNtiOrCX6MGkf68sIPlzvXaptI7L6eJSR7jUz64Pz
	 0eyZa6soPh5c0Dj5DsOLcguxvdKsXcelclelOG6gEAYXfOi3mcu4MbX0+jOtaEG1uH
	 rty/ZCSIsfYV6foUw06DZG9mWHSD8eB1S4BQ3JzNPUb7mII/lenovs28mYUGm/nSWD
	 XxUKA+gY/+9aea0D4gcDV+85PI5dPPD9ulWFzTKWAN5WLaclOCVTtQ4+cxz5cVE/nI
	 JCWioqstezOMX8k07KmK1WJ9HMKq05G7levLLeHngF3eFgSjIMc5c6nxbI1Eb/+dJK
	 HdXtA169Sq5+A==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>
Subject: [RFC mptcp-next v25 04/22] tls: replace tcp_inq with socket peek_len
Date: Tue,  9 Jun 2026 10:18:30 +0800
Message-ID: 
 <f6cb04f09158dbd072e6f35ae21ff6662b1cf622.1780970284.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1780970284.git.tanggeliang@kylinos.cn>
References: <cover.1780970284.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

TLS (device, strparser, and software) calls tcp_inq() directly to
determine how much data is still pending in the socket receive queue.
This breaks when the underlying socket is not TCP (e.g., MPTCP).

Switch all occurrences of tcp_inq(sk) to sk->sk_socket->ops->
peek_len(sk->sk_socket). This operation is implemented for both TCP
and MPTCP (after the previous commits), making TLS transparently
usable over MPTCP connections.

The change is straightforward: every place where TLS needed the
available in-queue bytes now uses the protocol-specific peek_len
method instead of assuming a TCP socket.

Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 net/tls/tls_device.c | 4 ++--
 net/tls/tls_strp.c   | 6 ++++--
 net/tls/tls_sw.c     | 4 +++-
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c
index 741aef09bfd3..c44a59d9d715 100644
--- a/net/tls/tls_device.c
+++ b/net/tls/tls_device.c
@@ -805,7 +805,7 @@ void tls_device_rx_resync_new_rec(struct sock *sk, u32 =
rcd_len, u32 seq)
 		/* head of next rec is already in, note that the sock_inq will
 		 * include the currently parsed message when called from parser
 		 */
-		sock_data =3D tcp_inq(sk);
+		sock_data =3D sk->sk_socket->ops->peek_len(sk->sk_socket);
 		if (sock_data > rcd_len) {
 			trace_tls_device_rx_resync_nh_delay(sk, sock_data,
 							    rcd_len);
@@ -864,7 +864,7 @@ static void tls_device_core_ctrl_rx_resync(struct tls_c=
ontext *tls_ctx,
 	rxm =3D strp_msg(skb);
=20
 	/* head of next rec is already in, parser will sync for us */
-	if (tcp_inq(sk) > rxm->full_len) {
+	if (sk->sk_socket->ops->peek_len(sk->sk_socket) > rxm->full_len) {
 		trace_tls_device_rx_resync_nh_schedule(sk);
 		ctx->resync_nh_do_now =3D 1;
 	} else {
diff --git a/net/tls/tls_strp.c b/net/tls/tls_strp.c
index c72e88317627..c14dab13edf3 100644
--- a/net/tls/tls_strp.c
+++ b/net/tls/tls_strp.c
@@ -485,12 +485,14 @@ bool tls_strp_msg_load(struct tls_strparser *strp, bo=
ol force_refresh)
 {
 	struct strp_msg *rxm;
 	struct tls_msg *tlm;
+	int inq;
=20
 	DEBUG_NET_WARN_ON_ONCE(!strp->msg_ready);
 	DEBUG_NET_WARN_ON_ONCE(!strp->stm.full_len);
=20
 	if (!strp->copy_mode && force_refresh) {
-		if (unlikely(tcp_inq(strp->sk) < strp->stm.full_len)) {
+		inq =3D strp->sk->sk_socket->ops->peek_len(strp->sk->sk_socket);
+		if (unlikely(inq < strp->stm.full_len)) {
 			WRITE_ONCE(strp->msg_ready, 0);
 			memset(&strp->stm, 0, sizeof(strp->stm));
 			return false;
@@ -513,7 +515,7 @@ static int tls_strp_read_sock(struct tls_strparser *str=
p)
 {
 	int sz, inq;
=20
-	inq =3D tcp_inq(strp->sk);
+	inq =3D strp->sk->sk_socket->ops->peek_len(strp->sk->sk_socket);
 	if (inq < 1)
 		return 0;
=20
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 964ebc268ee4..d833ee14d62e 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1982,12 +1982,14 @@ tls_read_flush_backlog(struct sock *sk, struct tls_=
prot_info *prot,
 		       size_t *flushed_at)
 {
 	size_t max_rec;
+	int inq;
=20
 	if (len_left <=3D decrypted)
 		return false;
=20
+	inq =3D sk->sk_socket->ops->peek_len(sk->sk_socket);
 	max_rec =3D prot->overhead_size - prot->tail_size + TLS_MAX_PAYLOAD_SIZE;
-	if (done - *flushed_at < SZ_128K && tcp_inq(sk) > max_rec)
+	if (done - *flushed_at < SZ_128K && inq > max_rec)
 		return false;
=20
 	*flushed_at =3D done;
--=20
2.43.0
From nobody Thu Jun 11 06:59:51 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id F1C572EA480
	for <mptcp@lists.linux.dev>; Tue,  9 Jun 2026 02:19:28 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780971569; cv=none;
 b=GIXuRv7RkDp1bpEVOtLIcvG0XWOPwcTFYPh89iB97NklfkztYZcwj0EsgHXrr8Ur8PgGI9/LXfIgYw75DdlDIbYf8F04Io4kwnTa2mYEMBahLcXYGzdPdsTodvKUj4Qf6zGiPMaWwvOej0uPGuSnGt07ZIjTNdFtsRPCp8gXciQ=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780971569; c=relaxed/simple;
	bh=Vi6DGplYF22ZuD4RyEasfcJLV3CdVwD/U197egFGz8Q=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=YR+rYtdrQeRIcaN1LQSBl9K1zlZWaGloMJTteG0I3Z0+M94xHTA0MEfCBdlNm+ONLFpvtzhfBjt3IbopukSEgwohD+WqaFI8zdijTLjKZz1GgHTmPzZIopxHT/eB3XZbYtvl00gipVLbSouBmy1QZvSlM/G+iksXnOjVDRPMTPc=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=T9k8qi7m; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="T9k8qi7m"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id A95C31F00898;
	Tue,  9 Jun 2026 02:19:27 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780971568;
	bh=e/po5YpBmyH1b0uSU8kV9evCGSArI7pRUYEE9NwQuFc=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=T9k8qi7mawACB17qUdj6n6gxsJ5q3ztgkEyETRhixJxP+yQdnhJT7ZSARn6hVTvE6
	 8i89nmUPyrMdVky/rq683Euhlpff9w98wSs2259UjFYPfhzOEld5AbM2q0d+MHzYcV
	 tdEg/odDXhEeinvnqrnOWdy6wUC41mT/CAtQuAL4R/rfQ3KyKIrxvg2e5uceNUmMJQ
	 /GcaeOVawgw6YMcY+BSytTLMQt2r1MacM6bfR4onN94tgCfcZ0BO7rA+KbFlrI5/ve
	 lG6TDJS2+7Pr2peRZFkROEn8LAmJFpy0tKddvCKY1qO1odVWF+wuXFj8i2XsZNzMkg
	 zYFLdTnJDzgbw==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>
Subject: [RFC mptcp-next v25 05/22] tls: store original poll for non-TCP
 sockets
Date: Tue,  9 Jun 2026 10:18:31 +0800
Message-ID: 
 <d626b8f7717bc22b38b3b941e4846603398a1c12.1780970284.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1780970284.git.tanggeliang@kylinos.cn>
References: <cover.1780970284.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

The TLS layer currently calls tcp_poll() directly from its own poll
handler (tls_sk_poll). This breaks when the underlying socket is not
TCP, for example when TLS is used over MPTCP.

Store the original socket's poll method (sk->sk_socket->ops->poll)
in a new .sk_poll callback inside struct tls_context during TLS
initialization. Then modify tls_sk_poll() to invoke this stored
callback instead of hard-coded tcp_poll().

This allows TLS to correctly poll on any socket type that implements
the standard poll interface, including MPTCP. No functional change
for plain TCP sockets because they already use tcp_poll (which is
the same as the stored method).

Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 include/net/tls.h  | 2 ++
 net/tls/tls_main.c | 8 ++++++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/include/net/tls.h b/include/net/tls.h
index ebd2550280ae..87f78a2a7d48 100644
--- a/include/net/tls.h
+++ b/include/net/tls.h
@@ -258,6 +258,8 @@ struct tls_context {
 	struct sock *sk;
=20
 	void (*sk_destruct)(struct sock *sk);
+	__poll_t (*sk_poll)(struct file *file, struct socket *sock,
+			    struct poll_table_struct *wait);
=20
 	union tls_crypto_context crypto_send;
 	union tls_crypto_context crypto_recv;
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index 15605ac45ba2..a306371dd777 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -409,14 +409,17 @@ static __poll_t tls_sk_poll(struct file *file, struct=
 socket *sock,
 	u8 shutdown;
 	int state;
=20
-	mask =3D tcp_poll(file, sock, wait);
+	tls_ctx =3D tls_get_ctx(sk);
+	if (!tls_ctx)
+		return EPOLLHUP | EPOLLERR;
+
+	mask =3D tls_ctx->sk_poll(file, sock, wait);
=20
 	state =3D inet_sk_state_load(sk);
 	shutdown =3D READ_ONCE(sk->sk_shutdown);
 	if (unlikely(state !=3D TCP_ESTABLISHED || shutdown & RCV_SHUTDOWN))
 		return mask;
=20
-	tls_ctx =3D tls_get_ctx(sk);
 	ctx =3D tls_sw_ctx_rx(tls_ctx);
 	psock =3D sk_psock_get(sk);
=20
@@ -1076,6 +1079,7 @@ static int tls_init(struct sock *sk)
 	ctx->tx_conf =3D TLS_BASE;
 	ctx->rx_conf =3D TLS_BASE;
 	ctx->tx_max_payload_len =3D TLS_MAX_PAYLOAD_SIZE;
+	ctx->sk_poll =3D sk->sk_socket->ops->poll;
 	update_sk_prot(sk, ctx);
 out:
 	write_unlock_bh(&sk->sk_callback_lock);
--=20
2.43.0
From nobody Thu Jun 11 06:59:51 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id B550C2EA480
	for <mptcp@lists.linux.dev>; Tue,  9 Jun 2026 02:19:30 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780971571; cv=none;
 b=JgdTjlSDvr0e7iE+bNhN7B5bz5nsM6sj1lJWGc5KO5EC6YgPZapYcOnYy1fWsJyFCasRVyUV4LMo/M70j/yoe3irO3lv6rBNXYboYdykdAclFkvwnYYLX+L0hv7pqgOXOHK/Q9VOsGagxtwXlhSClfj7L7oL7jI0ehETVHIWFHE=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780971571; c=relaxed/simple;
	bh=I8YGT99KUh4vsZ0jKq6ZzPaN+cPgvmlVStkbtkjFmig=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=J+gZOAMPVQFpSuzInF+Q8TPVInf7kPBDwT8sopjvYYYi84ge/4te3/qOWrtK0yYuYgxS8cTuHZ3fW77YgE2Bojc5kQkHMiUoyp98xo3in4X12/9lKiI1PXMdA5OdbuUFXxrcAwZF8adjTIB4z6cva9sIrEmD0s/uWOGQt/1RAvM=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=bwr39CzA; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="bwr39CzA"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 845301F00893;
	Tue,  9 Jun 2026 02:19:29 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780971570;
	bh=9b5LYQM9Eu8oY2x7fGoUDDTDqwgoORyFl8ciKIpzf8c=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=bwr39CzAvFN5U8P1fHaeItE3MpRbfSFyVeRvYrtkQa/hegciUsN39jW/mP8rGlQeF
	 akOaDUX4sgRFmIiqutkMRqpMhZXn0mT+hm2hhQbCTHPh+e/6qwSl9HZTybiPsX5Roa
	 RvoNDGm5PV3O/m6mw/+fUIOhYgTo0xjF2rCeQ9EBwgDlirPcf3waaVCk4KOf6vG1FO
	 IBNqyOr+dZUfAbDL2AzYSZ1Iw5vn9oarRle041xozEb92RXXdwFz1Tpl52Cn+3HU3c
	 ANxHhBFOVTIkCrfuLT3ZSvQQICvj0GELpImCvSDipWlG8tfaMrnnkfgjXBHw4zqldX
	 WNdLkuSTUoi7g==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>
Subject: [RFC mptcp-next v25 06/22] tls: store original read_sock for non-TCP
 sockets
Date: Tue,  9 Jun 2026 10:18:32 +0800
Message-ID: 
 <bb2b68ae09d35d42097b7d14efcf1eae2beb4b58.1780970284.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1780970284.git.tanggeliang@kylinos.cn>
References: <cover.1780970284.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

TLS strparser uses tcp_read_sock() to copy data from the underlying
socket. This assumes the socket is always TCP, which fails when TLS
is used over MPTCP.

Store the original socket's read_sock method (sk->sk_socket->ops->
read_sock) in a new .sk_read_sock callback inside struct tls_context.
Then in tls_strp_read_copyin(), call this stored callback instead of
the hard-coded tcp_read_sock().

With this change, TLS strparser works transparently over any socket
that implements .read_sock (including MPTCP, which already provides
mptcp_read_sock). Behavior for plain TCP remains unchanged.

Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 include/net/tls.h  | 2 ++
 net/tls/tls_main.c | 1 +
 net/tls/tls_strp.c | 3 ++-
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/include/net/tls.h b/include/net/tls.h
index 87f78a2a7d48..6520fd3b5fb0 100644
--- a/include/net/tls.h
+++ b/include/net/tls.h
@@ -260,6 +260,8 @@ struct tls_context {
 	void (*sk_destruct)(struct sock *sk);
 	__poll_t (*sk_poll)(struct file *file, struct socket *sock,
 			    struct poll_table_struct *wait);
+	int (*sk_read_sock)(struct sock *sk, read_descriptor_t *desc,
+			    sk_read_actor_t recv_actor);
=20
 	union tls_crypto_context crypto_send;
 	union tls_crypto_context crypto_recv;
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index a306371dd777..c2d131aeac48 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -1080,6 +1080,7 @@ static int tls_init(struct sock *sk)
 	ctx->rx_conf =3D TLS_BASE;
 	ctx->tx_max_payload_len =3D TLS_MAX_PAYLOAD_SIZE;
 	ctx->sk_poll =3D sk->sk_socket->ops->poll;
+	ctx->sk_read_sock =3D sk->sk_socket->ops->read_sock;
 	update_sk_prot(sk, ctx);
 out:
 	write_unlock_bh(&sk->sk_callback_lock);
diff --git a/net/tls/tls_strp.c b/net/tls/tls_strp.c
index c14dab13edf3..36ab5d221eed 100644
--- a/net/tls/tls_strp.c
+++ b/net/tls/tls_strp.c
@@ -376,6 +376,7 @@ static int tls_strp_copyin(read_descriptor_t *desc, str=
uct sk_buff *in_skb,
=20
 static int tls_strp_read_copyin(struct tls_strparser *strp)
 {
+	struct tls_context *ctx =3D tls_get_ctx(strp->sk);
 	read_descriptor_t desc;
=20
 	desc.arg.data =3D strp;
@@ -383,7 +384,7 @@ static int tls_strp_read_copyin(struct tls_strparser *s=
trp)
 	desc.count =3D 1; /* give more than one skb per call */
=20
 	/* sk should be locked here, so okay to do read_sock */
-	tcp_read_sock(strp->sk, &desc, tls_strp_copyin);
+	ctx->sk_read_sock(strp->sk, &desc, tls_strp_copyin);
=20
 	return desc.error;
 }
--=20
2.43.0
From nobody Thu Jun 11 06:59:51 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 68B1C264A97
	for <mptcp@lists.linux.dev>; Tue,  9 Jun 2026 02:19:37 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780971578; cv=none;
 b=AF/3SonJKr9JI+/m0+rix+75EYD/0TvdXYdGI/jBdD8jq146B2tcYdRoZtx88HdOLqLncNJsKPrfwSqt79MxaNa+xz7zculgchJwhlouddoJtk9ea93BUgBlRRURCiCJMyqq8Pi9qoI5k/0U80To+wIESjUGaelkEH/bpegdPwA=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780971578; c=relaxed/simple;
	bh=dK5bkQWmcwYzFedahPDli3P5vHzw5wtN+g4e4sNKPS4=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=vB88snVuZYLLK23VTFWVKvwXovV1doGyYItIq2ELWsyRjFxrJddanbFBPcrJLtGnbmWjuslKP4MFdbe9Vv8RJcUBxnDIzSj3vudPLgNu2mwc6yq7qUGIRj73TCGsKgErgkkwBssaC2VIPXMUl4BJ1I7mng33jGE+ob5q8EOixpo=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=LE6koEGW; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="LE6koEGW"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id A6FBA1F00898;
	Tue,  9 Jun 2026 02:19:31 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780971577;
	bh=3vFm9GQwDwSwewQUh0MJQII4fp8zHJrCLgpGMu2WeyY=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=LE6koEGWi163u59/lKDQwxCeNI7BPbtZ2XiakR/Q3vrLzz0AYHGyNIvVji0qNNLjw
	 4FAQbYUDtgPPJ34j/pbqARLzCa1Jecjhsg994rglawH6IwoaXj4339UdTG91CIbj8h
	 cyhuEAEeSyA581tJywORToS/iqM7ZWLnXWxzOU/H7W3DJVKXFHk80C3XqrHsFMkhg3
	 g9TGIQTuUHk/+iS/N6Gcwtqjki9RB2+SXCMqGs99hrzktNYdahYtjv/fvbqZfalr/A
	 XdqwdFD9O1xZrwx8pnmNbZRFdXi8MwG0EQSwUyeL7Gu4qzhEUxnORFy7riIU9jGLNm
	 L80ZdXuqKe2xQ==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v25 07/22] tls: add per-protocol cache for mptcp
 support
Date: Tue,  9 Jun 2026 10:18:33 +0800
Message-ID: 
 <0bfd6cfe092eb899cfc0692108dc7695ad41b731.1780970284.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1780970284.git.tanggeliang@kylinos.cn>
References: <cover.1780970284.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

The TLS ULP uses global static arrays to cache base protocol operations.
When MPTCP sockets enable TLS, they overwrite these global caches when
building for MPTCP, causing active TCP TLS sockets to use MPTCP-specific
ops. This leads to type confusion and kernel panics.

Fix by replacing the global caches with a per-protocol linked list. Each
protocol (TCP, MPTCP, etc.) now has its own cached operations, stored in
struct tls_prot and referenced from tls_context.

Add a struct tls_prot *prot parameter to tls_ctx_create() and
tls_toe_bypass(), and store the pointer in tls_context. This allows
protocol-specific TLS operation tables (e.g., for MPTCP) to be passed
down.

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 include/net/tls.h     |  12 ++++
 include/net/tls_toe.h |   2 +-
 net/tls/tls.h         |   2 +-
 net/tls/tls_main.c    | 139 +++++++++++++++++++++++++++++++-----------
 net/tls/tls_toe.c     |   4 +-
 5 files changed, 118 insertions(+), 41 deletions(-)

diff --git a/include/net/tls.h b/include/net/tls.h
index 6520fd3b5fb0..a22a417002cf 100644
--- a/include/net/tls.h
+++ b/include/net/tls.h
@@ -220,6 +220,16 @@ struct tls_prot_info {
 	u16 tail_size;
 };
=20
+struct tls_prot {
+	struct rcu_head			rcu;
+	refcount_t			refcnt;
+	struct list_head		list;
+	int				ip_ver;
+	const struct proto		*prot;
+	struct proto prots[TLS_NUM_CONFIG][TLS_NUM_CONFIG];
+	struct proto_ops proto_ops[TLS_NUM_CONFIG][TLS_NUM_CONFIG];
+};
+
 struct tls_context {
 	/* read-only cache line */
 	struct tls_prot_info prot_info;
@@ -257,6 +267,8 @@ struct tls_context {
 	struct proto *sk_proto;
 	struct sock *sk;
=20
+	struct tls_prot *prot;
+
 	void (*sk_destruct)(struct sock *sk);
 	__poll_t (*sk_poll)(struct file *file, struct socket *sock,
 			    struct poll_table_struct *wait);
diff --git a/include/net/tls_toe.h b/include/net/tls_toe.h
index b3aa7593ce2c..f1de7d2498cf 100644
--- a/include/net/tls_toe.h
+++ b/include/net/tls_toe.h
@@ -69,7 +69,7 @@ struct tls_toe_device {
 	struct kref kref;
 };
=20
-int tls_toe_bypass(struct sock *sk);
+int tls_toe_bypass(struct sock *sk, struct tls_prot *prot);
 int tls_toe_hash(struct sock *sk);
 void tls_toe_unhash(struct sock *sk);
=20
diff --git a/net/tls/tls.h b/net/tls/tls.h
index 12f44cb649c9..b9a41e1b8f8c 100644
--- a/net/tls/tls.h
+++ b/net/tls/tls.h
@@ -136,7 +136,7 @@ struct tls_rec {
 int __net_init tls_proc_init(struct net *net);
 void __net_exit tls_proc_fini(struct net *net);
=20
-struct tls_context *tls_ctx_create(struct sock *sk);
+struct tls_context *tls_ctx_create(struct sock *sk, struct tls_prot *prot);
 void tls_ctx_free(struct sock *sk, struct tls_context *ctx);
 void update_sk_prot(struct sock *sk, struct tls_context *ctx);
=20
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index c2d131aeac48..d583e50bb5b9 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -119,23 +119,59 @@ CHECK_CIPHER_DESC(TLS_CIPHER_SM4_CCM, tls12_crypto_in=
fo_sm4_ccm);
 CHECK_CIPHER_DESC(TLS_CIPHER_ARIA_GCM_128, tls12_crypto_info_aria_gcm_128);
 CHECK_CIPHER_DESC(TLS_CIPHER_ARIA_GCM_256, tls12_crypto_info_aria_gcm_256);
=20
-static const struct proto *saved_tcpv6_prot;
-static DEFINE_MUTEX(tcpv6_prot_mutex);
-static const struct proto *saved_tcpv4_prot;
-static DEFINE_MUTEX(tcpv4_prot_mutex);
-static struct proto tls_prots[TLS_NUM_PROTS][TLS_NUM_CONFIG][TLS_NUM_CONFI=
G];
-static struct proto_ops tls_proto_ops[TLS_NUM_PROTS][TLS_NUM_CONFIG][TLS_N=
UM_CONFIG];
+static LIST_HEAD(tls_prot_list);
+static DEFINE_SPINLOCK(tls_prot_lock);
 static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG],
 			 const struct proto *base);
=20
+static struct tls_prot *tls_prot_find(const struct proto *proto,
+				      int ip_ver)
+{
+	struct tls_prot *prot, *ret =3D NULL;
+
+	rcu_read_lock();
+	list_for_each_entry_rcu(prot, &tls_prot_list, list) {
+		if (prot->prot =3D=3D proto && prot->ip_ver =3D=3D ip_ver &&
+		    refcount_inc_not_zero(&prot->refcnt)) {
+			ret =3D prot;
+			break;
+		}
+	}
+	rcu_read_unlock();
+	return ret;
+}
+
+static void tls_prot_free(struct rcu_head *rcu)
+{
+	struct tls_prot *prot =3D container_of(rcu, struct tls_prot, rcu);
+
+	kfree(prot);
+}
+
+static void tls_prot_cleanup(void)
+{
+	struct tls_prot *prot, *tmp;
+
+	spin_lock_bh(&tls_prot_lock);
+	list_for_each_entry_safe(prot, tmp, &tls_prot_list, list) {
+		list_del_rcu(&prot->list);
+		call_rcu(&prot->rcu, tls_prot_free);
+	}
+	spin_unlock_bh(&tls_prot_lock);
+	rcu_barrier();
+}
+
 void update_sk_prot(struct sock *sk, struct tls_context *ctx)
 {
-	int ip_ver =3D sk->sk_family =3D=3D AF_INET6 ? TLSV6 : TLSV4;
+	struct tls_prot *prot =3D ctx->prot;
+
+	if (!prot)
+		return;
=20
 	WRITE_ONCE(sk->sk_prot,
-		   &tls_prots[ip_ver][ctx->tx_conf][ctx->rx_conf]);
+		   &prot->prots[ctx->tx_conf][ctx->rx_conf]);
 	WRITE_ONCE(sk->sk_socket->ops,
-		   &tls_proto_ops[ip_ver][ctx->tx_conf][ctx->rx_conf]);
+		   &prot->proto_ops[ctx->tx_conf][ctx->rx_conf]);
 }
=20
 int wait_on_pending_writer(struct sock *sk, long *timeo)
@@ -314,6 +350,16 @@ static void tls_write_space(struct sock *sk)
 	ctx->sk_write_space(sk);
 }
=20
+static void tls_prot_put(struct tls_prot *prot)
+{
+	if (refcount_dec_and_test(&prot->refcnt)) {
+		spin_lock_bh(&tls_prot_lock);
+		list_del_rcu(&prot->list);
+		spin_unlock_bh(&tls_prot_lock);
+		call_rcu(&prot->rcu, tls_prot_free);
+	}
+}
+
 /**
  * tls_ctx_free() - free TLS ULP context
  * @sk:  socket to with @ctx is attached
@@ -327,6 +373,11 @@ void tls_ctx_free(struct sock *sk, struct tls_context =
*ctx)
 	if (!ctx)
 		return;
=20
+	if (ctx->prot) {
+		tls_prot_put(ctx->prot);
+		ctx->prot =3D NULL;
+	}
+
 	memzero_explicit(&ctx->crypto_send, sizeof(ctx->crypto_send));
 	memzero_explicit(&ctx->crypto_recv, sizeof(ctx->crypto_recv));
 	mutex_destroy(&ctx->tx_lock);
@@ -913,7 +964,7 @@ static int tls_disconnect(struct sock *sk, int flags)
 	return -EOPNOTSUPP;
 }
=20
-struct tls_context *tls_ctx_create(struct sock *sk)
+struct tls_context *tls_ctx_create(struct sock *sk, struct tls_prot *prot)
 {
 	struct inet_connection_sock *icsk =3D inet_csk(sk);
 	struct tls_context *ctx;
@@ -924,6 +975,7 @@ struct tls_context *tls_ctx_create(struct sock *sk)
=20
 	mutex_init(&ctx->tx_lock);
 	ctx->sk_proto =3D READ_ONCE(sk->sk_prot);
+	ctx->prot =3D prot;
 	ctx->sk =3D sk;
 	/* Release semantic of rcu_assign_pointer() ensures that
 	 * ctx->sk_proto is visible before changing sk->sk_prot in
@@ -971,35 +1023,41 @@ static void build_proto_ops(struct proto_ops ops[TLS=
_NUM_CONFIG][TLS_NUM_CONFIG]
 #endif
 }
=20
-static void tls_build_proto(struct sock *sk)
+static struct tls_prot *tls_build_proto(struct sock *sk)
 {
 	int ip_ver =3D sk->sk_family =3D=3D AF_INET6 ? TLSV6 : TLSV4;
 	struct proto *prot =3D READ_ONCE(sk->sk_prot);
+	struct tls_prot *proto, *cache;
=20
-	/* Build IPv6 TLS whenever the address of tcpv6 _prot changes */
-	if (ip_ver =3D=3D TLSV6 &&
-	    unlikely(prot !=3D smp_load_acquire(&saved_tcpv6_prot))) {
-		mutex_lock(&tcpv6_prot_mutex);
-		if (likely(prot !=3D saved_tcpv6_prot)) {
-			build_protos(tls_prots[TLSV6], prot);
-			build_proto_ops(tls_proto_ops[TLSV6],
-					sk->sk_socket->ops);
-			smp_store_release(&saved_tcpv6_prot, prot);
-		}
-		mutex_unlock(&tcpv6_prot_mutex);
-	}
+	if (!sk->sk_socket)
+		return NULL;
=20
-	if (ip_ver =3D=3D TLSV4 &&
-	    unlikely(prot !=3D smp_load_acquire(&saved_tcpv4_prot))) {
-		mutex_lock(&tcpv4_prot_mutex);
-		if (likely(prot !=3D saved_tcpv4_prot)) {
-			build_protos(tls_prots[TLSV4], prot);
-			build_proto_ops(tls_proto_ops[TLSV4],
-					sk->sk_socket->ops);
-			smp_store_release(&saved_tcpv4_prot, prot);
-		}
-		mutex_unlock(&tcpv4_prot_mutex);
+	cache =3D tls_prot_find(prot, ip_ver);
+	if (cache)
+		return cache;
+
+	proto =3D kzalloc_obj(*proto, GFP_KERNEL);
+	if (!proto)
+		return NULL;
+
+	spin_lock_bh(&tls_prot_lock);
+	cache =3D tls_prot_find(prot, ip_ver);
+	if (cache) {
+		spin_unlock_bh(&tls_prot_lock);
+		kfree(proto);
+		return cache;
 	}
+
+	proto->ip_ver =3D ip_ver;
+	proto->prot =3D prot;
+	refcount_set(&proto->refcnt, 1);
+	build_protos(proto->prots, prot);
+	build_proto_ops(proto->proto_ops,
+			sk->sk_socket->ops);
+	list_add_rcu(&proto->list, &tls_prot_list);
+	spin_unlock_bh(&tls_prot_lock);
+
+	return proto;
 }
=20
 static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG],
@@ -1050,12 +1108,15 @@ static void build_protos(struct proto prot[TLS_NUM_=
CONFIG][TLS_NUM_CONFIG],
 static int tls_init(struct sock *sk)
 {
 	struct tls_context *ctx;
+	struct tls_prot *prot;
 	int rc =3D 0;
=20
-	tls_build_proto(sk);
+	prot =3D tls_build_proto(sk);
+	if (!prot)
+		return -ENOMEM;
=20
 #ifdef CONFIG_TLS_TOE
-	if (tls_toe_bypass(sk))
+	if (tls_toe_bypass(sk, prot))
 		return 0;
 #endif
=20
@@ -1065,13 +1126,16 @@ static int tls_init(struct sock *sk)
 	 * to modify the accept implementation to clone rather then
 	 * share the ulp context.
 	 */
-	if (sk->sk_state !=3D TCP_ESTABLISHED)
+	if (sk->sk_state !=3D TCP_ESTABLISHED) {
+		tls_prot_put(prot);
 		return -ENOTCONN;
+	}
=20
 	/* allocate tls context */
 	write_lock_bh(&sk->sk_callback_lock);
-	ctx =3D tls_ctx_create(sk);
+	ctx =3D tls_ctx_create(sk, prot);
 	if (!ctx) {
+		tls_prot_put(prot);
 		rc =3D -ENOMEM;
 		goto out;
 	}
@@ -1270,6 +1334,7 @@ static int __init tls_register(void)
 static void __exit tls_unregister(void)
 {
 	tcp_unregister_ulp(&tcp_tls_ulp_ops);
+	tls_prot_cleanup();
 	tls_strp_dev_exit();
 	tls_device_cleanup();
 	unregister_pernet_subsys(&tls_proc_ops);
diff --git a/net/tls/tls_toe.c b/net/tls/tls_toe.c
index 825669e1ab47..68085a28a58c 100644
--- a/net/tls/tls_toe.c
+++ b/net/tls/tls_toe.c
@@ -54,7 +54,7 @@ static void tls_toe_sk_destruct(struct sock *sk)
 	tls_ctx_free(sk, ctx);
 }
=20
-int tls_toe_bypass(struct sock *sk)
+int tls_toe_bypass(struct sock *sk, struct tls_prot *prot)
 {
 	struct tls_toe_device *dev;
 	struct tls_context *ctx;
@@ -63,7 +63,7 @@ int tls_toe_bypass(struct sock *sk)
 	spin_lock_bh(&device_spinlock);
 	list_for_each_entry(dev, &device_list, dev_list) {
 		if (dev->feature && dev->feature(dev)) {
-			ctx =3D tls_ctx_create(sk);
+			ctx =3D tls_ctx_create(sk, prot);
 			if (!ctx)
 				goto out;
=20
--=20
2.43.0
From nobody Thu Jun 11 06:59:51 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0CCC8264A97
	for <mptcp@lists.linux.dev>; Tue,  9 Jun 2026 02:19:39 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780971580; cv=none;
 b=L4d3iD1Jgccv+SzbQJRVt5PGKg82Ur46chvdMdUiw75vlQoit9CYjhnKaJj9upSoVi/DLX5WdOhPXPY+6DfrKngbUK1QvHw1fFgDPsyujm6zCXARWt9KX5qTPQUhDsjl57lG0BC9yQAPdbRNxM4ZZ/dNzuOwc2HmhDnY9CDlUg4=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780971580; c=relaxed/simple;
	bh=TIaJJGkxbUunGlapfRx3k/SMsq91nr+ggD7zg4cysh8=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=gbbKOUaWSwrE87pcyO+1elwfju+FWgU/lTsUVAX+dKVeSDmOZKF0OA8Hv88oNDctOFDYqEAVNUG7WwvL2959X4QlR2k/B5K9RG46+qnIWim4A2O8pACuBhS+mA6ikvmdKTJbPvilPW6H7adKK+PEwtsBzSFFRmcOnzXQhysst6I=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=dggsqqlY; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="dggsqqlY"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9F0CB1F00893;
	Tue,  9 Jun 2026 02:19:37 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780971578;
	bh=YwV8nFxaSk2T1LrLmgfxKNlVYlQiVnW1/O5XdolC62s=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=dggsqqlY3yPt76EPnSPNyOhKxB/1SMppw+8cjZRrjvVqXIq0hAmMWFhzUnEKmY7h3
	 B6bLNPtUGQFzPacFliUyqfCoA2Xm2lGTIHu79/vP2kQY/Sk4os5jgXjqWhY9DMkUYU
	 eYPXHRWysB3UpDvXsy4EQAfBkjVlaK4fdHoEufR4usZGI2kBG//HRvwCeXhBpgIb/O
	 Cv5veESM1j7rZQRho+KOKt0LqTrCFuSjJRyFfG1pIDdmmGKJs4xRqej6peGIeSV0Ok
	 U79ujNPThRfj8UlUUasea02n9mvhsrvXZ+ulB2on2pfBILHSVDHsuwrOmKi1zTho3D
	 Qgx4pVc2Kj2GA==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v25 08/22] tls: introduce tls protocol ops structure
Date: Tue,  9 Jun 2026 10:18:34 +0800
Message-ID: 
 <ec6a91923e7c9e7e41a75a676a85a3e449f44c0f.1780970284.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1780970284.git.tanggeliang@kylinos.cn>
References: <cover.1780970284.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

To extend MPTCP support based on TCP TLS, a tls_prot_ops structure has
been introduced for TLS, encapsulating TCP-specific helpers within this
structure.

Add registering, validating and finding functions for this structure to
add, validate and find a tls_prot_ops on the global list tls_prot_ops_list.

Register TCP-specific structure tls_tcp_ops in tls_register().

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 include/net/tls.h  |  15 +++++++
 net/tls/tls_main.c | 100 ++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 114 insertions(+), 1 deletion(-)

diff --git a/include/net/tls.h b/include/net/tls.h
index a22a417002cf..2cf5153465af 100644
--- a/include/net/tls.h
+++ b/include/net/tls.h
@@ -220,6 +220,21 @@ struct tls_prot_info {
 	u16 tail_size;
 };
=20
+struct tls_prot_ops {
+	struct module		*owner;
+	int			protocol;
+	struct list_head	list;
+
+	struct sk_buff *(*recv_skb)(struct sock *sk, u32 *off);
+	bool (*lock_is_held)(struct sock *sk);
+	void (*read_done)(struct sock *sk, size_t len);
+	u32 (*get_skb_seq)(struct sk_buff *skb);
+	int (*skb_get_header)(const struct sk_buff *skb, int offset,
+			      void *to, int len);
+	bool (*epollin_ready)(const struct sock *sk);
+	void (*check_app_limited)(struct sock *sk);
+};
+
 struct tls_prot {
 	struct rcu_head			rcu;
 	refcount_t			refcnt;
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index d583e50bb5b9..6f6fc2b08d3d 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -120,6 +120,7 @@ CHECK_CIPHER_DESC(TLS_CIPHER_ARIA_GCM_128, tls12_crypto=
_info_aria_gcm_128);
 CHECK_CIPHER_DESC(TLS_CIPHER_ARIA_GCM_256, tls12_crypto_info_aria_gcm_256);
=20
 static LIST_HEAD(tls_prot_list);
+static LIST_HEAD(tls_prot_ops_list);
 static DEFINE_SPINLOCK(tls_prot_lock);
 static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG],
 			 const struct proto *base);
@@ -161,6 +162,22 @@ static void tls_prot_cleanup(void)
 	rcu_barrier();
 }
=20
+static struct tls_prot_ops *tls_prot_ops_find(int protocol)
+{
+	struct tls_prot_ops *ops, *ret =3D NULL;
+
+	rcu_read_lock();
+	list_for_each_entry_rcu(ops, &tls_prot_ops_list, list) {
+		if (ops->protocol =3D=3D protocol) {
+			ret =3D ops;
+			break;
+		}
+	}
+	rcu_read_unlock();
+
+	return ret;
+}
+
 void update_sk_prot(struct sock *sk, struct tls_context *ctx)
 {
 	struct tls_prot *prot =3D ctx->prot;
@@ -1305,6 +1322,80 @@ static struct tcp_ulp_ops tcp_tls_ulp_ops __read_mos=
tly =3D {
 	.get_info_size		=3D tls_get_info_size,
 };
=20
+static int tls_validate_prot_ops(const struct tls_prot_ops *ops)
+{
+	if (!ops->recv_skb || !ops->lock_is_held ||
+	    !ops->read_done || !ops->get_skb_seq ||
+	    !ops->skb_get_header || !ops->epollin_ready ||
+	    !ops->check_app_limited) {
+		pr_err("%d does not implement required ops\n", ops->protocol);
+		return -EINVAL;
+	}
+
+	return 0;
+}
+
+static int tls_register_prot_ops(struct tls_prot_ops *ops)
+{
+	int ret;
+
+	ret =3D tls_validate_prot_ops(ops);
+	if (ret)
+		return ret;
+
+	spin_lock_bh(&tls_prot_lock);
+	if (tls_prot_ops_find(ops->protocol)) {
+		spin_unlock_bh(&tls_prot_lock);
+		return -EEXIST;
+	}
+
+	list_add_tail_rcu(&ops->list, &tls_prot_ops_list);
+	spin_unlock_bh(&tls_prot_lock);
+
+	pr_debug("tls_prot_ops %d registered\n", ops->protocol);
+	return 0;
+}
+
+static void tls_unregister_prot_ops(struct tls_prot_ops *ops)
+{
+	spin_lock_bh(&tls_prot_lock);
+	list_del_rcu(&ops->list);
+	spin_unlock_bh(&tls_prot_lock);
+	synchronize_rcu();
+}
+
+static struct sk_buff *tls_tcp_recv_skb(struct sock *sk, u32 *off)
+{
+	return tcp_recv_skb(sk, tcp_sk(sk)->copied_seq, off);
+}
+
+static bool tls_tcp_lock_is_held(struct sock *sk)
+{
+	return sock_owned_by_user_nocheck(sk);
+}
+
+static u32 tls_tcp_get_skb_seq(struct sk_buff *skb)
+{
+	return TCP_SKB_CB(skb)->seq;
+}
+
+static bool tls_tcp_epollin_ready(const struct sock *sk)
+{
+	return tcp_epollin_ready(sk, INT_MAX);
+}
+
+static struct tls_prot_ops tls_tcp_ops =3D {
+	.owner			=3D THIS_MODULE,
+	.protocol		=3D IPPROTO_TCP,
+	.recv_skb		=3D tls_tcp_recv_skb,
+	.lock_is_held		=3D tls_tcp_lock_is_held,
+	.read_done		=3D tcp_read_done,
+	.get_skb_seq		=3D tls_tcp_get_skb_seq,
+	.skb_get_header		=3D skb_copy_bits,
+	.epollin_ready		=3D tls_tcp_epollin_ready,
+	.check_app_limited	=3D tcp_rate_check_app_limited,
+};
+
 static int __init tls_register(void)
 {
 	int err;
@@ -1317,13 +1408,19 @@ static int __init tls_register(void)
 	if (err)
 		goto err_pernet;
=20
-	err =3D tls_device_init();
+	err =3D tls_register_prot_ops(&tls_tcp_ops);
 	if (err)
 		goto err_strp;
=20
+	err =3D tls_device_init();
+	if (err)
+		goto err_ops;
+
 	tcp_register_ulp(&tcp_tls_ulp_ops);
=20
 	return 0;
+err_ops:
+	tls_unregister_prot_ops(&tls_tcp_ops);
 err_strp:
 	tls_strp_dev_exit();
 err_pernet:
@@ -1334,6 +1431,7 @@ static int __init tls_register(void)
 static void __exit tls_unregister(void)
 {
 	tcp_unregister_ulp(&tcp_tls_ulp_ops);
+	tls_unregister_prot_ops(&tls_tcp_ops);
 	tls_prot_cleanup();
 	tls_strp_dev_exit();
 	tls_device_cleanup();
--=20
2.43.0
From nobody Thu Jun 11 06:59:51 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5C31A264A97
	for <mptcp@lists.linux.dev>; Tue,  9 Jun 2026 02:19:41 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780971582; cv=none;
 b=R8T2MZbdaT3RFdlFjcM994KFpHX7UYhtFHqe73GJKwRuj6HL0UWN+Pztpkz4VSWwa7ooxOF+XrwzCr0Vw0P46DYcxsoSD2BKlt0ojH9AtgwxaPRbtaY5BNDQS0r4yZYcg5Zb3I+1jw4a/vCLPgVFiLQVeL8XrfFUgOPp47/xoHg=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780971582; c=relaxed/simple;
	bh=pqRq/1RrAXPBJjMUV6qBozcpqo1D/bbXHw115OkoJwM=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=uUInEEqWnNacBJ7GWq4V/Dke18FfjDYfa3fE4H2gf3K6qvflKqojA9mKsE/W9lZt1vn5jDwTvJ6s4Ypm89RDCPBn1av3SM8nUmdax8OCVcpD6hPeUhm/PRlwdBsShkPwYOBbUPdRO3BI5NFJnPIOpZ6OGdqouIaxYXwbkjYszmo=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=AimX/RJU; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="AimX/RJU"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 896A81F00898;
	Tue,  9 Jun 2026 02:19:39 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780971581;
	bh=NrL6nbS6CSD7R9XRHoCXnzi8cv0IF/yWwr3xYUK+z4Q=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=AimX/RJUgySpNF3f0ZizS2tX6DaiCCbWz5PC8nLJp5gi+4cgGH2j33upsk/xnuDm3
	 LB/c0dYqM+eT9cgSw67kC/Y7c6cbgOAt0rY6l/pqDmTXQ4e3zDzlerHwWSMrXN/hH0
	 f+YqFqnKd4bTt6vW59/Z5qFuY+MlIMdJnMU9HM9VCL8P4p+azpBGEXcrUfVgHJq8Sm
	 LOBaPpxS2Hul8Fj/gKhzt+h0kZgRYYUPloI8WjVxSxANIr5cTOqVOH4IxSnpkq8aoR
	 phfjsGW8H12p6tsCXxlJtRr/7kzglUu5/2GA5Zvy4Pq5H8XEoVv0F8jNShUXU1z8cD
	 MZwMPyKaT5krQ==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v25 09/22] tls: store protocol ops pointer in
 tls_proto
Date: Tue,  9 Jun 2026 10:18:35 +0800
Message-ID: 
 <9f9de39e4de11d60ce71a52ee0e07b809f35e79d.1780970284.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1780970284.git.tanggeliang@kylinos.cn>
References: <cover.1780970284.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

A pointer to struct tls_prot_ops, named 'ops', has been added to struct
tls_prot. The places originally calling TLS-specific helpers have now
been modified to indirectly invoke them via 'ops' pointer in tls_prot.

In tls_build_proto(), prot->ops is assigned either 'tls_mptcp_ops' or
'tls_tcp_ops' based on the socket protocol.

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 include/net/tls.h  |  1 +
 net/tls/tls_main.c | 13 ++++++++++++-
 net/tls/tls_strp.c | 26 ++++++++++++++++++--------
 net/tls/tls_sw.c   |  5 +++--
 4 files changed, 34 insertions(+), 11 deletions(-)

diff --git a/include/net/tls.h b/include/net/tls.h
index 2cf5153465af..443d596f694f 100644
--- a/include/net/tls.h
+++ b/include/net/tls.h
@@ -241,6 +241,7 @@ struct tls_prot {
 	struct list_head		list;
 	int				ip_ver;
 	const struct proto		*prot;
+	const struct tls_prot_ops	*ops;
 	struct proto prots[TLS_NUM_CONFIG][TLS_NUM_CONFIG];
 	struct proto_ops proto_ops[TLS_NUM_CONFIG][TLS_NUM_CONFIG];
 };
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index 6f6fc2b08d3d..fa7727881e74 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -156,6 +156,7 @@ static void tls_prot_cleanup(void)
 	spin_lock_bh(&tls_prot_lock);
 	list_for_each_entry_safe(prot, tmp, &tls_prot_list, list) {
 		list_del_rcu(&prot->list);
+		module_put(prot->ops->owner);
 		call_rcu(&prot->rcu, tls_prot_free);
 	}
 	spin_unlock_bh(&tls_prot_lock);
@@ -241,7 +242,7 @@ int tls_push_sg(struct sock *sk,
 	ctx->splicing_pages =3D true;
 	while (1) {
 		/* is sending application-limited? */
-		tcp_rate_check_app_limited(sk);
+		ctx->prot->ops->check_app_limited(sk);
 		p =3D sg_page(sg);
 retry:
 		bvec_set_page(&bvec, p, size, offset);
@@ -373,6 +374,7 @@ static void tls_prot_put(struct tls_prot *prot)
 		spin_lock_bh(&tls_prot_lock);
 		list_del_rcu(&prot->list);
 		spin_unlock_bh(&tls_prot_lock);
+		module_put(prot->ops->owner);
 		call_rcu(&prot->rcu, tls_prot_free);
 	}
 }
@@ -1045,6 +1047,7 @@ static struct tls_prot *tls_build_proto(struct sock *=
sk)
 	int ip_ver =3D sk->sk_family =3D=3D AF_INET6 ? TLSV6 : TLSV4;
 	struct proto *prot =3D READ_ONCE(sk->sk_prot);
 	struct tls_prot *proto, *cache;
+	struct tls_prot_ops *ops;
=20
 	if (!sk->sk_socket)
 		return NULL;
@@ -1065,8 +1068,16 @@ static struct tls_prot *tls_build_proto(struct sock =
*sk)
 		return cache;
 	}
=20
+	ops =3D tls_prot_ops_find(sk->sk_protocol);
+	if (!ops || !try_module_get(ops->owner)) {
+		spin_unlock_bh(&tls_prot_lock);
+		kfree(proto);
+		return NULL;
+	}
+
 	proto->ip_ver =3D ip_ver;
 	proto->prot =3D prot;
+	proto->ops =3D ops;
 	refcount_set(&proto->refcnt, 1);
 	build_protos(proto->prots, prot);
 	build_proto_ops(proto->proto_ops,
diff --git a/net/tls/tls_strp.c b/net/tls/tls_strp.c
index 36ab5d221eed..2dca7637a0ca 100644
--- a/net/tls/tls_strp.c
+++ b/net/tls/tls_strp.c
@@ -120,6 +120,7 @@ struct sk_buff *tls_strp_msg_detach(struct tls_sw_conte=
xt_rx *ctx)
 int tls_strp_msg_cow(struct tls_sw_context_rx *ctx)
 {
 	struct tls_strparser *strp =3D &ctx->strp;
+	struct tls_context *tls_ctx =3D tls_get_ctx(strp->sk);
 	struct sk_buff *skb;
=20
 	if (strp->copy_mode)
@@ -132,7 +133,7 @@ int tls_strp_msg_cow(struct tls_sw_context_rx *ctx)
 	tls_strp_anchor_free(strp);
 	strp->anchor =3D skb;
=20
-	tcp_read_done(strp->sk, strp->stm.full_len);
+	tls_ctx->prot->ops->read_done(strp->sk, strp->stm.full_len);
 	strp->copy_mode =3D 1;
=20
 	return 0;
@@ -391,6 +392,7 @@ static int tls_strp_read_copyin(struct tls_strparser *s=
trp)
=20
 static int tls_strp_read_copy(struct tls_strparser *strp, bool qshort)
 {
+	struct tls_context *ctx =3D tls_get_ctx(strp->sk);
 	struct skb_shared_info *shinfo;
 	struct page *page;
 	int need_spc, len;
@@ -399,7 +401,7 @@ static int tls_strp_read_copy(struct tls_strparser *str=
p, bool qshort)
 	 * to read the data out. Otherwise the connection will stall.
 	 * Without pressure threshold of INT_MAX will never be ready.
 	 */
-	if (likely(qshort && !tcp_epollin_ready(strp->sk, INT_MAX)))
+	if (likely(qshort && !ctx->prot->ops->epollin_ready(strp->sk)))
 		return 0;
=20
 	shinfo =3D skb_shinfo(strp->anchor);
@@ -435,12 +437,13 @@ static int tls_strp_read_copy(struct tls_strparser *s=
trp, bool qshort)
 static bool tls_strp_check_queue_ok(struct tls_strparser *strp)
 {
 	unsigned int len =3D strp->stm.offset + strp->stm.full_len;
+	struct tls_context *ctx =3D tls_get_ctx(strp->sk);
 	struct sk_buff *first, *skb;
 	u32 seq;
=20
 	first =3D skb_shinfo(strp->anchor)->frag_list;
 	skb =3D first;
-	seq =3D TCP_SKB_CB(first)->seq;
+	seq =3D ctx->prot->ops->get_skb_seq(first);
=20
 	/* Make sure there's no duplicate data in the queue,
 	 * and the decrypted status matches.
@@ -450,7 +453,7 @@ static bool tls_strp_check_queue_ok(struct tls_strparse=
r *strp)
 		len -=3D skb->len;
 		skb =3D skb->next;
=20
-		if (TCP_SKB_CB(skb)->seq !=3D seq)
+		if (ctx->prot->ops->get_skb_seq(skb) !=3D seq)
 			return false;
 		if (skb_cmp_decrypted(first, skb))
 			return false;
@@ -461,11 +464,11 @@ static bool tls_strp_check_queue_ok(struct tls_strpar=
ser *strp)
=20
 static void tls_strp_load_anchor_with_queue(struct tls_strparser *strp, in=
t len)
 {
-	struct tcp_sock *tp =3D tcp_sk(strp->sk);
+	struct tls_context *ctx =3D tls_get_ctx(strp->sk);
 	struct sk_buff *first;
 	u32 offset;
=20
-	first =3D tcp_recv_skb(strp->sk, tp->copied_seq, &offset);
+	first =3D ctx->prot->ops->recv_skb(strp->sk, &offset);
 	if (WARN_ON_ONCE(!first))
 		return;
=20
@@ -559,6 +562,11 @@ void tls_strp_check_rcv(struct tls_strparser *strp)
 /* Lower sock lock held */
 void tls_strp_data_ready(struct tls_strparser *strp)
 {
+	struct tls_context *ctx =3D tls_get_ctx(strp->sk);
+
+	if (!ctx)
+		return;
+
 	/* This check is needed to synchronize with do_tls_strp_work.
 	 * do_tls_strp_work acquires a process lock (lock_sock) whereas
 	 * the lock held here is bh_lock_sock. The two locks can be
@@ -566,7 +574,7 @@ void tls_strp_data_ready(struct tls_strparser *strp)
 	 * allows a thread in BH context to safely check if the process
 	 * lock is held. In this case, if the lock is held, queue work.
 	 */
-	if (sock_owned_by_user_nocheck(strp->sk)) {
+	if (ctx->prot->ops->lock_is_held(strp->sk)) {
 		queue_work(tls_strp_wq, &strp->work);
 		return;
 	}
@@ -586,10 +594,12 @@ static void tls_strp_work(struct work_struct *w)
=20
 void tls_strp_msg_done(struct tls_strparser *strp)
 {
+	struct tls_context *ctx =3D tls_get_ctx(strp->sk);
+
 	WARN_ON(!strp->stm.full_len);
=20
 	if (likely(!strp->copy_mode))
-		tcp_read_done(strp->sk, strp->stm.full_len);
+		ctx->prot->ops->read_done(strp->sk, strp->stm.full_len);
 	else
 		tls_strp_flush_anchor_copy(strp);
=20
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index d833ee14d62e..4d0308d4e005 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -2470,6 +2470,7 @@ bool tls_sw_sock_is_readable(struct sock *sk)
 int tls_rx_msg_size(struct tls_strparser *strp, struct sk_buff *skb)
 {
 	struct tls_context *tls_ctx =3D tls_get_ctx(strp->sk);
+	const struct tls_prot_ops *ops =3D tls_ctx->prot->ops;
 	struct tls_prot_info *prot =3D &tls_ctx->prot_info;
 	char header[TLS_HEADER_SIZE + TLS_MAX_IV_SIZE];
 	size_t cipher_overhead;
@@ -2487,7 +2488,7 @@ int tls_rx_msg_size(struct tls_strparser *strp, struc=
t sk_buff *skb)
 	}
=20
 	/* Linearize header to local buffer */
-	ret =3D skb_copy_bits(skb, strp->stm.offset, header, prot->prepend_size);
+	ret =3D ops->skb_get_header(skb, strp->stm.offset, header, prot->prepend_=
size);
 	if (ret < 0)
 		goto read_failure;
=20
@@ -2518,7 +2519,7 @@ int tls_rx_msg_size(struct tls_strparser *strp, struc=
t sk_buff *skb)
 	}
=20
 	tls_device_rx_resync_new_rec(strp->sk, data_len + TLS_HEADER_SIZE,
-				     TCP_SKB_CB(skb)->seq + strp->stm.offset);
+				     ops->get_skb_seq(skb) + strp->stm.offset);
 	return data_len + TLS_HEADER_SIZE;
=20
 read_failure:
--=20
2.43.0
From nobody Thu Jun 11 06:59:51 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id E6870264A97
	for <mptcp@lists.linux.dev>; Tue,  9 Jun 2026 02:19:43 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780971585; cv=none;
 b=NQEMGRJyYT411J0Uv01SFe9pULcpIEwN/LBOBtRlai9l4upvU4ukCnAW3odAtf/G++1WdkmFYUykW/BRhpAgPMzJ8TTTuf5rl8laRU/gvEQz8pd8i6lS4xzAseAhqLne3g5aLBLreMsLf7RpF+MvCM2/xkWknLKtPgMUCgaVJJc=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780971585; c=relaxed/simple;
	bh=/pq1WdxxypAZu/C6uuEQi6NIle31JSl/Gv1O0Qrep0s=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=PhgyH3M65ZNDz8gSenKFAzzmcYacB5uVDXaMIIv1t7yHR2QxCjgkV8NfYbmP5jxzG9vD8/hvxzVDt6ZCYWjpG4kSKa9JiPS0Gl/sg1F/Juy7UNtzuKUMjZSIcAUrL6jlnBvXl01f0HSqpOjRW5M5hLN9gHSpEVdGptOgLk0F0wM=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=Js4cFae1; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="Js4cFae1"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id E1D731F00893;
	Tue,  9 Jun 2026 02:19:41 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780971583;
	bh=B5UkfWUF15ELwxSd5uOLYRa3qnSRpb3EQaVvgNcwXR0=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=Js4cFae18uFlMIyebewAB/VNXG1sHJInzS7sWkXnYpMFKDP/qkh7yDyw3ZNRZlG7C
	 E9XE1s4v4zLeAqzzC3XVD+S1gOYdMCSVszm6qLWc7T6OdOV/Kfn7qHSlkCWIzVRm8n
	 O8JEdRM1LXHwhnaQdnyNNBVZ9mNG21IvbBtosXFFi0PkbH4e1C5EAFYUs18ZM1IBuo
	 5pjxUYqiApEhYweEWUPj8zZDDvUdAtR8VSx3Vr9HNLQ25QT104b5PNt29Gxjy117mC
	 SiVj4wtBf0PEdsnOlc/1O+6uwSdIcl8uiTAwNiHiAPfHeaMegBibPC/PoyrOpOBi8w
	 wM4YRDVPpLq8g==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v25 10/22] mptcp: implement mptcp-specific tls
 protocol ops
Date: Tue,  9 Jun 2026 10:18:36 +0800
Message-ID: 
 <a9a07e63e591b620429acdc785826e158dec0bc8.1780970284.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1780970284.git.tanggeliang@kylinos.cn>
References: <cover.1780970284.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

This patch implements the MPTCP-specific struct tls_prot_ops, named
'tls_mptcp_ops'.

Passing an MPTCP socket to tcp_sock_rate_check_app_limited() can
trigger a crash. Here, an MPTCP version of check_app_limited() is
implemented, which calls tcp_sock_rate_check_app_limited() for each
subflow.

When MPTCP implements lock_is_held interface, it not only checks
sock_owned_by_user_nocheck(sk) as TCP does, but also needs to check
whether the MPTCP data lock is held. This is required because TLS
may call lock_is_held from softirq context with bh_lock_sock held.
Checking both conditions ensures TLS always defers to workqueue when
the MPTCP data lock is held, avoiding deadlock.

Implement mptcp_skb_get_header() to handle fragmented MPTCP skbs when
copying TLS record headers.

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 include/net/mptcp.h  |   2 +
 include/net/tcp.h    |   1 +
 net/ipv4/tcp.c       |   9 +++-
 net/mptcp/protocol.c | 113 +++++++++++++++++++++++++++++++++++++++++++
 net/mptcp/protocol.h |   1 +
 net/tls/tls_main.c   |  13 +++++
 6 files changed, 137 insertions(+), 2 deletions(-)

diff --git a/include/net/mptcp.h b/include/net/mptcp.h
index 333bde2a0b76..ba2257986b13 100644
--- a/include/net/mptcp.h
+++ b/include/net/mptcp.h
@@ -132,6 +132,8 @@ struct mptcp_pm_ops {
 	void (*release)(struct mptcp_sock *msk);
 } ____cacheline_aligned_in_smp;
=20
+extern struct tls_prot_ops tls_mptcp_ops;
+
 #ifdef CONFIG_MPTCP
 void mptcp_init(void);
=20
diff --git a/include/net/tcp.h b/include/net/tcp.h
index f063eccbbba3..1c8201f69ef1 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -849,6 +849,7 @@ static inline int tcp_bound_to_half_wnd(struct tcp_sock=
 *tp, int pktsize)
=20
 /* tcp.c */
 void tcp_get_info(struct sock *, struct tcp_info *);
+void tcp_sock_rate_check_app_limited(struct tcp_sock *tp);
 void tcp_rate_check_app_limited(struct sock *sk);
=20
 /* Read 'sendfile()'-style from a TCP socket */
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index a058f350a759..bdad459e6605 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -1097,9 +1097,9 @@ int tcp_sendmsg_fastopen(struct sock *sk, struct msgh=
dr *msg, int *copied,
 }
=20
 /* If a gap is detected between sends, mark the socket application-limited=
. */
-void tcp_rate_check_app_limited(struct sock *sk)
+void tcp_sock_rate_check_app_limited(struct tcp_sock *tp)
 {
-	struct tcp_sock *tp =3D tcp_sk(sk);
+	struct sock *sk =3D (struct sock *)tp;
=20
 	if (/* We have less than one packet to send. */
 	    tp->write_seq - tp->snd_nxt < tp->mss_cache &&
@@ -1112,6 +1112,11 @@ void tcp_rate_check_app_limited(struct sock *sk)
 		tp->app_limited =3D
 			(tp->delivered + tcp_packets_in_flight(tp)) ? : 1;
 }
+
+void tcp_rate_check_app_limited(struct sock *sk)
+{
+	tcp_sock_rate_check_app_limited(tcp_sk(sk));
+}
 EXPORT_SYMBOL_GPL(tcp_rate_check_app_limited);
=20
 int tcp_sendmsg_locked(struct sock *sk, struct msghdr *msg, size_t size)
diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index 18c8b6c64c3f..f4cd7a6e5770 100644
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -24,6 +24,7 @@
 #include <net/mptcp.h>
 #include <net/hotdata.h>
 #include <net/xfrm.h>
+#include <net/tls.h>
 #include <asm/ioctls.h>
 #include "protocol.h"
 #include "mib.h"
@@ -4894,3 +4895,115 @@ int __init mptcp_proto_v6_init(void)
 	return err;
 }
 #endif
+
+static bool mptcp_lock_is_held(struct sock *sk)
+{
+	return sock_owned_by_user_nocheck(sk) ||
+	       mptcp_data_is_locked(sk);
+}
+
+static void mptcp_read_done(struct sock *sk, size_t len)
+{
+	struct mptcp_sock *msk =3D mptcp_sk(sk);
+	struct sk_buff *skb;
+	size_t left;
+	u32 offset;
+
+	msk_owned_by_me(msk);
+
+	if (sk->sk_state =3D=3D TCP_LISTEN)
+		return;
+
+	left =3D len;
+	while (left && (skb =3D mptcp_recv_skb(sk, &offset)) !=3D NULL) {
+		int used;
+
+		used =3D min_t(size_t, skb->len - offset, left);
+		msk->bytes_consumed +=3D used;
+		MPTCP_SKB_CB(skb)->offset +=3D used;
+		MPTCP_SKB_CB(skb)->map_seq +=3D used;
+		left -=3D used;
+
+		if (skb->len > offset + used)
+			break;
+
+		mptcp_eat_recv_skb(sk, skb);
+	}
+
+	mptcp_rcv_space_adjust(msk, len - left);
+
+	/* Clean up data we have read: This will do ACK frames. */
+	if (left !=3D len)
+		mptcp_cleanup_rbuf(msk, len - left);
+}
+
+static u32 mptcp_get_skb_seq(struct sk_buff *skb)
+{
+	return MPTCP_SKB_CB(skb)->map_seq - MPTCP_SKB_CB(skb)->offset;
+}
+
+static int mptcp_skb_get_header(const struct sk_buff *skb, int off,
+				void *buf, int len)
+{
+	const struct sk_buff *iter =3D skb_shinfo(skb)->frag_list;
+	int copied =3D 0;
+	int ret =3D 0;
+
+	if (!iter)
+		return skb_copy_bits(skb, off, buf, len);
+
+	/* Make absolute to positive */
+	off -=3D MPTCP_SKB_CB(iter)->offset;
+
+	while (iter && copied < len) {
+		int skb_off  =3D MPTCP_SKB_CB(iter)->offset;
+		int data_len =3D iter->len - skb_off;
+		int count;
+
+		if (off >=3D data_len) {
+			off -=3D data_len; /* MPTCP skb avail data */
+			iter =3D iter->next;
+			continue;
+		}
+
+		count =3D min((int)(data_len - off), len - copied);
+		ret =3D skb_copy_bits(iter, skb_off + off, buf + copied, count);
+		if (ret)
+			break;
+		copied +=3D count;
+		off =3D 0;
+		iter =3D iter->next;
+	}
+
+	if (copied < len && !ret)
+		ret =3D -EFAULT;
+	return ret;
+}
+
+static void mptcp_check_app_limited(struct sock *sk)
+{
+	struct mptcp_sock *msk =3D mptcp_sk(sk);
+	struct mptcp_subflow_context *subflow;
+
+	mptcp_for_each_subflow(msk, subflow) {
+		struct sock *ssk =3D mptcp_subflow_tcp_sock(subflow);
+		bool slow;
+
+		slow =3D lock_sock_fast(ssk);
+		tcp_sock_rate_check_app_limited(tcp_sk(ssk));
+		unlock_sock_fast(ssk, slow);
+	}
+}
+
+struct tls_prot_ops tls_mptcp_ops =3D {
+	.owner			=3D THIS_MODULE,
+	.protocol		=3D IPPROTO_MPTCP,
+	.recv_skb		=3D mptcp_recv_skb,
+	.lock_is_held		=3D mptcp_lock_is_held,
+	.read_done		=3D mptcp_read_done,
+	.get_skb_seq		=3D mptcp_get_skb_seq,
+	.skb_get_header		=3D mptcp_skb_get_header,
+	.epollin_ready		=3D mptcp_epollin_ready,
+	.check_app_limited	=3D mptcp_check_app_limited,
+};
+EXPORT_SYMBOL(tls_mptcp_ops);
diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h
index da40c6f3705f..6dea626348d9 100644
--- a/net/mptcp/protocol.h
+++ b/net/mptcp/protocol.h
@@ -380,6 +380,7 @@ struct mptcp_sock {
=20
 #define mptcp_data_lock(sk) spin_lock_bh(&(sk)->sk_lock.slock)
 #define mptcp_data_unlock(sk) spin_unlock_bh(&(sk)->sk_lock.slock)
+#define mptcp_data_is_locked(sk) spin_is_locked(&(sk)->sk_lock.slock)
=20
 #define mptcp_for_each_subflow(__msk, __subflow)			\
 	list_for_each_entry(__subflow, &((__msk)->conn_list), node)
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index fa7727881e74..14a8f5e0ed01 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -1423,6 +1423,12 @@ static int __init tls_register(void)
 	if (err)
 		goto err_strp;
=20
+#ifdef CONFIG_MPTCP
+	err =3D tls_register_prot_ops(&tls_mptcp_ops);
+	if (err)
+		goto err_tcp;
+#endif
+
 	err =3D tls_device_init();
 	if (err)
 		goto err_ops;
@@ -1431,6 +1437,10 @@ static int __init tls_register(void)
=20
 	return 0;
 err_ops:
+#ifdef CONFIG_MPTCP
+	tls_unregister_prot_ops(&tls_mptcp_ops);
+err_tcp:
+#endif
 	tls_unregister_prot_ops(&tls_tcp_ops);
 err_strp:
 	tls_strp_dev_exit();
@@ -1442,6 +1452,9 @@ static int __init tls_register(void)
 static void __exit tls_unregister(void)
 {
 	tcp_unregister_ulp(&tcp_tls_ulp_ops);
+#ifdef CONFIG_MPTCP
+	tls_unregister_prot_ops(&tls_mptcp_ops);
+#endif
 	tls_unregister_prot_ops(&tls_tcp_ops);
 	tls_prot_cleanup();
 	tls_strp_dev_exit();
--=20
2.43.0
From nobody Thu Jun 11 06:59:51 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 72B96264A97
	for <mptcp@lists.linux.dev>; Tue,  9 Jun 2026 02:19:46 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780971587; cv=none;
 b=Sg50nujfKY2nhUK9jwk+FKjJwbVAwWelX8Bke4UCZy9UcercJbRvNbHhjLfg0pFaau8odcyXE2w+4R+6wOJzRFOnMf/aFFq8Yi3d2kBXmrYLT5G9cG5tLX67Yy7HAuYrUB3l4zb4kpY9QPQ9yF8iVrMWoG75iVdFmUuZSYGNfTY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780971587; c=relaxed/simple;
	bh=G1YiAKeuxGmjNW/LW5NLGQaIjbv75r1U5k8h6PMyMUQ=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=pPkgPVCOPCo5B+8H44hqIAwAjEEg0iaBEWyOcOLxHNBN1b4x3mYC2PXrJp43tbsBwtJy1eBG6KIB+BafKx7JPZVhwTuMgDbGvCuRYylBKXGnRYk/2rvVG715/NbBSVaGCp40ksAv6p1k37UeaJLGmYuKDIugq5ZMY/6QznBXV68=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=HDXcBmVH; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="HDXcBmVH"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 421C81F00898;
	Tue,  9 Jun 2026 02:19:43 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780971586;
	bh=w2AX+UV659DwcfB6hKqFldByCvZcsvMhYE3orNkWlnM=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=HDXcBmVHY57YpHnTS13PJ4IxOchThp1mQtgpi41OrHFKeoKIBqFP+wXFK74UvLTVf
	 6lH8kuiizjtSDoQibj18U4cwzZvOlSSUDexg0tkxjhJvBC7qdBik7iJjyivlGLxUIk
	 HEVW+ryCT+xl6yJe8Oks3rqjbMZQ2QOs9QCkV5G6O2Xoi0yvSUiMUqjOeMXIl85WrG
	 ivt0t3MOdG54U5/0389yYyGvc7q02qeWfYy20sFtlDF90asgtQn8LODcoo37D/CSQ/
	 /00Yn4QkcOTgf6SXbfqUl+lmzuYp64DQ06/WN545IK8uzUGyPvh0yxk+6SUHgW3COM
	 +QHqFxBS6wsSQ==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v25 11/22] tls: disable device offload for mptcp
 sockets
Date: Tue,  9 Jun 2026 10:18:37 +0800
Message-ID: 
 <742032c69ba291edb8a05a8948d5c647e5a88394.1780970284.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1780970284.git.tanggeliang@kylinos.cn>
References: <cover.1780970284.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

MPTCP TLS hardware offload is not yet implemented. Return -EOPNOTSUPP
when attempting to enable device offload on MPTCP sockets.

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 net/tls/tls_device.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c
index c44a59d9d715..e535edc23d0d 100644
--- a/net/tls/tls_device.c
+++ b/net/tls/tls_device.c
@@ -1074,6 +1074,9 @@ int tls_set_device_offload(struct sock *sk)
 	ctx =3D tls_get_ctx(sk);
 	prot =3D &ctx->prot_info;
=20
+	if (sk->sk_protocol =3D=3D IPPROTO_MPTCP)
+		return -EOPNOTSUPP;
+
 	if (ctx->priv_ctx_tx)
 		return -EEXIST;
=20
@@ -1196,6 +1199,9 @@ int tls_set_device_offload_rx(struct sock *sk, struct=
 tls_context *ctx)
 	struct net_device *netdev;
 	int rc =3D 0;
=20
+	if (sk->sk_protocol =3D=3D IPPROTO_MPTCP)
+		return -EOPNOTSUPP;
+
 	if (ctx->crypto_recv.info.version !=3D TLS_1_2_VERSION)
 		return -EOPNOTSUPP;
=20
--=20
2.43.0
From nobody Thu Jun 11 06:59:51 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3C7F1264A97
	for <mptcp@lists.linux.dev>; Tue,  9 Jun 2026 02:19:49 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780971590; cv=none;
 b=eioFoCDj9IMcRwdEKdsBLupsSe+K+JuZm4dzGNPdfu0qSeb8ohXsb5ePzLK/H+33xHSV85cHfbR+0hu508B1OdcgZOwzBZ8fUYpLg9wCP4od2f4Z0UNqkWIFjrUiSzRqrtX461PkzkgSBA3YYgOEInvScycSOGobL8WYTpzEt3g=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780971590; c=relaxed/simple;
	bh=sGz3OO2IgIUsz7E0+PlicNJvuOcjAbshlgLTXQ3g6uU=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=FMtoQ5ItHm3x8JBg/YraAFwpOPrIq8kj6qnFvBhiS3XDRyj6OzQ+D4XCjNZJy4ssV6T4Zlu4ZwXCiyUvZwMHZSZ8dVt/Xg/Pnwxrmkj8IZLSRgilvWW71y31fCpHfbj29XfDQDyjJ2PS9PahonWu94GanDChRTlWOnCJ0C2FHjQ=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=AI+OtRjE; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="AI+OtRjE"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id B1CD81F00893;
	Tue,  9 Jun 2026 02:19:47 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780971589;
	bh=zIjPeZmlfN3afVBgqzrgpnKBqA/zf/ZD+cs5aWtqvgs=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=AI+OtRjEbiIq8eTIf5UtVoY5bc6W3IlGuDUWcS7tPpCGlTVvfOaDN88tYIvonwOCR
	 88Jq2K8A596h+3jiyToeMLHL1PS9BQAv5snWLcx2nLmyLptb4j0buJHXu59e5yZlSl
	 JNk8ZjIgtg84pHkmfFU2FV6m1DczYq7R9KPblbCU3X3PuJFy7VriTKxBiBjbFGCFfd
	 HfXu/WQC+O0nK6Gy1Rp4gqLR/C41+wA43CW/07lTrQHeLB0DDtk6dgC6ZA2lKUdsSa
	 sLVPM3L9vhQ7pQM5kaOmCEVMQH7Qaa7TGhOct6sWPtkrcltOG4Xwl982lkEAlGQwik
	 M9Jc7OzPABieg==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Gang Yan <yangang@kylinos.cn>,
	Geliang Tang <geliang@kernel.org>
Subject: [RFC mptcp-next v25 12/22] mptcp: update mptcp_check_readable helper
Date: Tue,  9 Jun 2026 10:18:38 +0800
Message-ID: 
 <11d376b04e2b0f440da0513b76c19acc0ef6d577.1780970284.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1780970284.git.tanggeliang@kylinos.cn>
References: <cover.1780970284.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Gang Yan <yangang@kylinos.cn>

This patch makes mptcp_check_readable() aligned with TCP, and renames it to
mptcp_stream_is_readable(). It will be used in the case of KTLS, because
'prot' will be modified, tls_sw_sock_is_readable() is expected to be called
from prot->sock_is_readable().

Co-developed-by: Geliang Tang <geliang@kernel.org>
Signed-off-by: Geliang Tang <geliang@kernel.org>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
---
 net/mptcp/protocol.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index f4cd7a6e5770..88504af790f9 100644
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -3410,9 +3410,11 @@ void __mptcp_unaccepted_force_close(struct sock *sk)
 	__mptcp_destroy_sock(sk);
 }
=20
-static __poll_t mptcp_check_readable(struct sock *sk)
+static bool mptcp_stream_is_readable(struct sock *sk)
 {
-	return mptcp_epollin_ready(sk) ? EPOLLIN | EPOLLRDNORM : 0;
+	if (mptcp_epollin_ready(sk))
+		return true;
+	return sk_is_readable(sk);
 }
=20
 static void mptcp_check_listen_stop(struct sock *sk)
@@ -4476,7 +4478,8 @@ static __poll_t mptcp_poll(struct file *file, struct =
socket *sock,
 		mask |=3D EPOLLIN | EPOLLRDNORM | EPOLLRDHUP;
=20
 	if (state !=3D TCP_SYN_SENT && state !=3D TCP_SYN_RECV) {
-		mask |=3D mptcp_check_readable(sk);
+		if (mptcp_stream_is_readable(sk))
+			mask |=3D EPOLLIN | EPOLLRDNORM;
 		if (shutdown & SEND_SHUTDOWN)
 			mask |=3D EPOLLOUT | EPOLLWRNORM;
 		else
--=20
2.43.0
From nobody Thu Jun 11 06:59:51 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 33FB6264A97
	for <mptcp@lists.linux.dev>; Tue,  9 Jun 2026 02:19:51 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780971593; cv=none;
 b=jErF+ekYnSgbQtIwmnQPuaFBkCxnS1He2hUF3DB6Tt8ReTCeu1f1ip/NWUldtVLLncbSx/giLQ7TebmHbzHTpXhInuB9Ts765PBtows2iKeA3hPn0g1JfikUe3aLHH4p1T5tOrCn7HZrzYp5cgnoY4GXA6Af0EgrRGz3oylWrx8=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780971593; c=relaxed/simple;
	bh=bO6B+1SluKm3Fw4taOXgPM5SMlFY5aRwgTQ1l1lJoCA=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=JUe+6Zx4dUf4C2jrlujYWAeSQywCYTXfLmoZJ2HHBxL8dq3ENO6NRjbSMY1nVFyJiceE4WDD8aXBGSY6zuxbo+wuoSQxi14w5366ElfvcYhUx3Ln2PBfiMu8YTC/Al1OG5DPZzw20jmZTAfLkAusbNjG0qnX+1FOr78q9X6kAuo=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=APMrcSCu; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="APMrcSCu"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id AACFA1F00898;
	Tue,  9 Jun 2026 02:19:49 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780971591;
	bh=O3IyzByKGZyq1ImxFokF6iMKoQ4GCf3i+PH0uhmv9pg=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=APMrcSCuFqptwjz5Yc2y8mzksl37cr1dWKAYqT4Hkl5k9dfaD3UKwUNkwHzHhp2K6
	 Ub975pWTaJLbR9yW0srs5ZomINdjUcDxpd8zSk6pp+jyngyuj35XocrQtImx+fBAkX
	 VPYx/illT2o8sgFxWdsxLSR7/sHTrjQehdvM31wS4His0qd0HnHWEeYl6wKFqDOaHP
	 g7Nxt4DvxTngEgl5J2O00ZrPufsktSREzhvuXzTyj21mw+P3ngvo3P0DgnBBZCHrLN
	 pfp+tijPmQXcFXdeCTjqZZtiG3quc4g1ORpFHjw4QO24hIqVGhYrhjF1KDBWrE9USh
	 GY9hVPShS74mg==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v25 13/22] mptcp: implement ulp getsockopt for tls
 support
Date: Tue,  9 Jun 2026 10:18:39 +0800
Message-ID: 
 <ad33553bf44ad3e3f1280fd16bfb8bb57038ea33.1780970284.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1780970284.git.tanggeliang@kylinos.cn>
References: <cover.1780970284.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

Add mptcp_getsockopt_tcp_ulp() to handle TCP_ULP getsockopt on MPTCP
sockets. The helper reads the user length once, checks for negative
value, takes the socket lock, caps the length to TCP_ULP_NAME_MAX, and
copies the ULP name (or sets the length to zero if no ULP is attached)
to userspace. The lock ensures safe access to icsk->icsk_ulp_ops.

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 net/mptcp/sockopt.c | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/net/mptcp/sockopt.c b/net/mptcp/sockopt.c
index fcf6feb2a9eb..cc45491cd3b2 100644
--- a/net/mptcp/sockopt.c
+++ b/net/mptcp/sockopt.c
@@ -1408,6 +1408,39 @@ static int mptcp_put_int_option(struct mptcp_sock *m=
sk, char __user *optval,
 	return 0;
 }
=20
+static int mptcp_getsockopt_tcp_ulp(struct sock *sk,
+				    char __user *optval,
+				    int __user *optlen)
+{
+	struct inet_connection_sock *icsk =3D inet_csk(sk);
+	int ret =3D 0, len;
+
+	if (copy_from_sockptr(&len, USER_SOCKPTR(optlen), sizeof(int)))
+		return -EFAULT;
+
+	if (len < 0)
+		return -EINVAL;
+
+	lock_sock(sk);
+	len =3D min_t(unsigned int, len, TCP_ULP_NAME_MAX);
+	if (!icsk->icsk_ulp_ops) {
+		len =3D 0;
+		if (copy_to_sockptr(USER_SOCKPTR(optlen), &len, sizeof(int)))
+			ret =3D -EFAULT;
+		goto out;
+	}
+	if (copy_to_sockptr(USER_SOCKPTR(optlen), &len, sizeof(int))) {
+		ret =3D -EFAULT;
+		goto out;
+	}
+	if (copy_to_sockptr(USER_SOCKPTR(optval), icsk->icsk_ulp_ops->name,
+			    len))
+		ret =3D -EFAULT;
+out:
+	release_sock(sk);
+	return ret;
+}
+
 static int mptcp_getsockopt_sol_tcp(struct mptcp_sock *msk, int optname,
 				    char __user *optval, int __user *optlen)
 {
@@ -1415,6 +1448,7 @@ static int mptcp_getsockopt_sol_tcp(struct mptcp_sock=
 *msk, int optname,
=20
 	switch (optname) {
 	case TCP_ULP:
+		return mptcp_getsockopt_tcp_ulp(sk, optval, optlen);
 	case TCP_CONGESTION:
 	case TCP_INFO:
 	case TCP_CC_INFO:
--=20
2.43.0
From nobody Thu Jun 11 06:59:51 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 202DE264A97
	for <mptcp@lists.linux.dev>; Tue,  9 Jun 2026 02:19:55 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780971596; cv=none;
 b=XzpgMHnd4EAau66mIpaxSUHgco+NRo7/Vie0qwtp6l/QI3hJf/gmj0rJ5ajp7T/+4rX6iaR08kkFLNRE+WcwavVLQdGvUibzRzXtPO/TWyNRpPLi3e5ioAZ1OjGP+VpWkXc3zimt/h7lL9zYDqEd+sEN6Uk+TqWbrReLISuR3aA=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780971596; c=relaxed/simple;
	bh=swfeOdHLEl1rDpl7MZcXTVp2mCA5RHUXYCHRAsrBahw=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=Mcyi85AOoL5HQZ487rOdPeIRDpw5qGZqYCqSGVgxcrNyLwD80fL9y8Fx1p7464IpSfq9no9Qnu5CFT6O4Rm+r8dGPPucxh4uXVSw3Ja7kYqaa6foF3BKd9iNJAwFs/20zzx2te3OBFlmHJ212GOZ8iMFkpul/QPMxbnZLpCRn9w=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=MVsJFObr; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="MVsJFObr"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5862B1F00893;
	Tue,  9 Jun 2026 02:19:52 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780971595;
	bh=JbsUoq7re+mhcfBBOJ0bGg2qYw4kHDSd2iSXk7JPTfQ=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=MVsJFObrlUPIn+dMgEX6Xq7cYUP+VpM60aoiu/qkhNkb9XhG5szGuwcpzGr6WYXnV
	 osFx2uBRYiOrLb0Z6HdFNulOxcvTlRvF2ixB8G0cgP9WMvkOpiD0gM68gYP71r+84X
	 PEChxZ3kj2j00iHWEJbpGHsrxmWRaydT8ab1YeMXOX7eEISp7YHGFB2TcoB3tCrdPr
	 YQLGsS8YU5UI2yr1HDuWsE9izcno44c/2wY3m+dLgTAk4py0tzM21uJOT0zVRu58Nn
	 1MkA+ScBe5iAndm2ySoJMQXZ9ifKpCZsu8wCpRI9s6/b8sGHwWH7BnrnKQqpYmarQp
	 whdYmzy5tunmg==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v25 14/22] mptcp: implement ulp setsockopt for tls
 support
Date: Tue,  9 Jun 2026 10:18:40 +0800
Message-ID: 
 <6d43a45b24785b4111d13b074a879b61c8eeed62.1780970284.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1780970284.git.tanggeliang@kylinos.cn>
References: <cover.1780970284.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

Allow MPTCP sockets to set the TCP_ULP socket option to enable TLS.
Add mptcp_setsockopt_tcp_ulp() which validates the socket state (must
not be CLOSE or LISTEN), only accepts "tls" as the ULP name, and then
calls tcp_set_ulp().

Include TCP_ULP in the list of supported options in supported_sockopt(),
and handle it in setsockopt_sol_tcp() instead of returning -EOPNOTSUPP.

Call tcp_cleanup_ulp() in mptcp_destroy_common() to release ULP module's
reference count.

On a fallback MPTCP socket, the ULP is already set to "mptcp". Setting
"tls" will fail with -EEXIST, so no special handling is needed.

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 net/mptcp/protocol.c |  1 +
 net/mptcp/sockopt.c  | 34 +++++++++++++++++++++++++++++++++-
 2 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index 88504af790f9..79432b139fe0 100644
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -3765,6 +3765,7 @@ static void mptcp_destroy(struct sock *sk)
 	/* allow the following to close even the initial subflow */
 	msk->free_first =3D 1;
 	mptcp_destroy_common(msk);
+	tcp_cleanup_ulp(sk);
 	sk_sockets_allocated_dec(sk);
 }
=20
diff --git a/net/mptcp/sockopt.c b/net/mptcp/sockopt.c
index cc45491cd3b2..eeb348336195 100644
--- a/net/mptcp/sockopt.c
+++ b/net/mptcp/sockopt.c
@@ -577,6 +577,7 @@ static bool mptcp_supported_sockopt(int level, int optn=
ame)
 		case TCP_FASTOPEN_CONNECT:
 		case TCP_FASTOPEN_KEY:
 		case TCP_FASTOPEN_NO_COOKIE:
+		case TCP_ULP:
 			return true;
 		}
=20
@@ -830,6 +831,37 @@ static int mptcp_setsockopt_all_sf(struct mptcp_sock *=
msk, int level,
 	return ret;
 }
=20
+static int mptcp_setsockopt_tcp_ulp(struct sock *sk, sockptr_t optval,
+				    unsigned int optlen)
+{
+	char name[TCP_ULP_NAME_MAX];
+	int err =3D 0;
+	size_t len;
+	int val;
+
+	if (optlen < 1)
+		return -EINVAL;
+
+	len =3D min_t(long, TCP_ULP_NAME_MAX - 1, optlen);
+	val =3D strncpy_from_sockptr(name, optval, len);
+	if (val < 0)
+		return -EFAULT;
+	name[val] =3D 0;
+
+	if (strcmp(name, "tls"))
+		return -EOPNOTSUPP;
+
+	sockopt_lock_sock(sk);
+	if ((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN)) {
+		err =3D -ENOTCONN;
+		goto out;
+	}
+	err =3D tcp_set_ulp(sk, name);
+out:
+	sockopt_release_sock(sk);
+	return err;
+}
+
 static int mptcp_setsockopt_sol_tcp(struct mptcp_sock *msk, int optname,
 				    sockptr_t optval, unsigned int optlen)
 {
@@ -838,7 +870,7 @@ static int mptcp_setsockopt_sol_tcp(struct mptcp_sock *=
msk, int optname,
=20
 	switch (optname) {
 	case TCP_ULP:
-		return -EOPNOTSUPP;
+		return mptcp_setsockopt_tcp_ulp(sk, optval, optlen);
 	case TCP_CONGESTION:
 		return mptcp_setsockopt_sol_tcp_congestion(msk, optval, optlen);
 	case TCP_DEFER_ACCEPT:
--=20
2.43.0
From nobody Thu Jun 11 06:59:51 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8C83A3019D8
	for <mptcp@lists.linux.dev>; Tue,  9 Jun 2026 02:19:57 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780971598; cv=none;
 b=etABMah9i3r85mzslMTSIn84KrQzISQjDmIOAqu3Ezudb+CZj0gWi2CxUlMFVO2ISkTkpBPO4CAmnH/NTXR8O/L0M75wHNjdN2ekC8/gcKeKKBEN20qonHx2cIvKnob0dNPvQ1UA0r8uN14DkAKYTlDsGOtyAruSg9LE8Yvc3hA=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780971598; c=relaxed/simple;
	bh=W7GzTuDlpXT2LHdi0YeB+Zagi+RoUqoiAUlvz4hcdyI=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=Gf1jqfJoocBzsATNPNihOZfPvfyztMpV4LkcpPYh0FAlf578ZTJL+m6OI30xYmFX+UmSR4feHZYZTs5IzmaUqkHUgAnD9ZaCBWk2flXIRmRR8gdI0NqVa2FtSHlK0Yo80CXKd7w8UQ1/GY425dl+pHiD8D0RcG5iUvUc1fFHb2k=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=ZQ/Gw1xW; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="ZQ/Gw1xW"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 911871F00898;
	Tue,  9 Jun 2026 02:19:55 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780971597;
	bh=wi7zkjdqPI8SAvGC9/gq0r5LIfvw40Nc/vyaaCNvMPQ=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=ZQ/Gw1xWjASgsi1b4QKWQSOWmhvN45sSYzPhHNDW3y2doSNnyLI49HofDfbJEr49Y
	 K7peSpHRD3PO4HVhQE7hhSXMsgu24OpMWBXMnLj0sDfyU1x79aYShqxMCP3JQKF1Dx
	 32TjLeNLR84jOAputvtvFhwMmbbyVKxN2kcGHbTNrp1MPhbv/CqTxMuDkkKCmqVQTl
	 pHbZzp5LBO6zdZYHaQtdZu03qOo6PCc1AKSO7fmWkGZStoQ3y2y6ocnmyRmwlWuR/7
	 ENFGy9O2ThbrTTeMWC3odIq5jcWqy6G9K5HzDpU2K/r47/pGiTJuNh6tIHmmkqO9hC
	 rXFMsyjwnSUQA==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v25 15/22] selftests: mptcp: connect: use espintcp
 for ulp test
Date: Tue,  9 Jun 2026 10:18:41 +0800
Message-ID: 
 <05e269526a57d8901fa641a150b4e883d4ddbc1e.1780970284.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1780970284.git.tanggeliang@kylinos.cn>
References: <cover.1780970284.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

With KTLS being implemented, "tls" should no longer be used in
sock_test_tcpulp(), it breaks mptcp_connect.sh tests. Another ULP
name, "espintcp", is set instead in this patch.

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 tools/testing/selftests/net/mptcp/config          | 4 ++++
 tools/testing/selftests/net/mptcp/mptcp_connect.c | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/tools/testing/selftests/net/mptcp/config b/tools/testing/selft=
ests/net/mptcp/config
index 59051ee2a986..f48bd5183fb3 100644
--- a/tools/testing/selftests/net/mptcp/config
+++ b/tools/testing/selftests/net/mptcp/config
@@ -34,3 +34,7 @@ CONFIG_NFT_SOCKET=3Dm
 CONFIG_NFT_TPROXY=3Dm
 CONFIG_SYN_COOKIES=3Dy
 CONFIG_VETH=3Dy
+CONFIG_INET_ESP=3Dy
+CONFIG_INET_ESPINTCP=3Dy
+CONFIG_INET6_ESP=3Dy
+CONFIG_INET6_ESPINTCP=3Dy
diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.c b/tools/test=
ing/selftests/net/mptcp/mptcp_connect.c
index cbe573c4ab3a..299a7a02d6f5 100644
--- a/tools/testing/selftests/net/mptcp/mptcp_connect.c
+++ b/tools/testing/selftests/net/mptcp/mptcp_connect.c
@@ -285,11 +285,11 @@ static void sock_test_tcpulp(int sock, int proto, uns=
igned int line)
 	if (buflen > 0) {
 		if (strcmp(buf, "mptcp") !=3D 0)
 			xerror("unexpected ULP '%s' for proto %d at line %u", buf, proto, line);
-		ret =3D do_ulp_so(sock, "tls");
+		ret =3D do_ulp_so(sock, "espintcp");
 		if (ret =3D=3D 0)
 			X("setsockopt");
 	} else if (proto =3D=3D IPPROTO_MPTCP) {
-		ret =3D do_ulp_so(sock, "tls");
+		ret =3D do_ulp_so(sock, "espintcp");
 		if (ret !=3D -1)
 			X("setsockopt");
 	}
--=20
2.43.0
From nobody Thu Jun 11 06:59:51 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 909B42F8E98
	for <mptcp@lists.linux.dev>; Tue,  9 Jun 2026 02:19:59 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780971600; cv=none;
 b=WXZFALLCCd5V1kyFrXLco8UCVMQGd4JAD3Z4Wz8R/ua86WQbu6CBx+RuwRFDsHiEsA3x6qCki4ywz/zR1clCGy3ErQR2Rq9I0QdDGps4AMoF40f/NjMtCQZTKZ698Sa/vy8SS6HsE7dqd3s9zIPqpsotSAp8ATKw0FusS3SrW3U=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780971600; c=relaxed/simple;
	bh=T24EsLKTudqyZ2DfoDOzxTu5oh3ljNrXUTevnRLMDGo=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=byYVvxul+5O/vL7LwoJZJpPSJ2zq9IAM0CUfw6iH4gjG5yDFPfLoN89If52BQ0XG4m2zdLvCLU/ggnbTK3Fx+a/UUhW/oi0STvxFf8TdsaGj7hicYBXFnYE2t+hxYctT3soZhoUBCyudf3xlf2Z6LGwEa22fd4DnqtgUFkCWtfI=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=AouuFRjV; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="AouuFRjV"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 00B531F00893;
	Tue,  9 Jun 2026 02:19:57 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780971599;
	bh=TnVYOByNO8/vJriZvMsn/OJ8Yq3gWlPwYk6rv44ZmI0=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=AouuFRjV+LATagneUMLYO18NfTeD37QptfFqFgp/0UhA/yQZIYJ4KORMAhBHoyr3g
	 iba1ZL04z3WgBkoqA1haqcAyP+vE1X+WKI4+zsYFFtEoRk7JoudvACx1bOyPaAJUz6
	 R41MFf0KzOErDzNE+Hs8QKroMLdDICOkua9bwSX8kGrnOML0cwVOq8F2wDlZ250KmP
	 7pnHs/sLMbpu6Nr89y9Gcnsfv4iB4dwh4We53wwmt33/H6ea1LtU+w6aA5RQnvpdEa
	 SIpm6ir8cbDzGaNu47+tF767mOGvOyneDWNSw3PsA+23L3ayBVi5Bg5tK1DnQz9/PM
	 PDzR8FZfonB1Q==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v25 16/22] selftests: tls: add mptcp variant for
 testing
Date: Tue,  9 Jun 2026 10:18:42 +0800
Message-ID: 
 <755b1055f8d76c157cd921f7f9e3898a8cc02bfa.1780970284.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1780970284.git.tanggeliang@kylinos.cn>
References: <cover.1780970284.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

To enable easy MPTCP socket creation in MPTCP TLS tests, two protocol
parameters (cli_proto and srv_proto) have been added to ulp_sock_pair().
These are passed as third arguments of socket(): 0 creates TCP sockets,
IPPROTO_MPTCP creates MPTCP sockets.

A new variant "mptcp" is added both in FIXTURE_VARIANT(tls) to control
whether to create MPTCP sockets or not for tests.

Add is_mptcp_enable() helper to check MPTCP support. Used in
FIXTURE_SETUP(tls) to skip MPTCP variants when MPTCP is not enabled.

Also accept EOPNOTSUPP when setting TCP_ULP on MPTCP sockets, as they
may return this error in addition to ENOENT.

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 tools/testing/selftests/net/tls.c | 46 +++++++++++++++++++++++++++----
 1 file changed, 40 insertions(+), 6 deletions(-)

diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/ne=
t/tls.c
index 9b9a3cb2700d..fed83918cd9d 100644
--- a/tools/testing/selftests/net/tls.c
+++ b/tools/testing/selftests/net/tls.c
@@ -26,6 +26,10 @@
 #define TLS_PAYLOAD_MAX_LEN 16384
 #define SOL_TLS 282
=20
+#ifndef IPPROTO_MPTCP
+#define IPPROTO_MPTCP 262
+#endif
+
 static int fips_enabled;
=20
 struct tls_crypto_info_keys {
@@ -108,8 +112,9 @@ static void memrnd(void *s, size_t n)
 		*byte++ =3D rand();
 }
=20
-static void ulp_sock_pair(struct __test_metadata *_metadata,
-			  int *fd, int *cfd, bool *notls)
+static void __ulp_sock_pair(struct __test_metadata *_metadata,
+			    int *fd, int *cfd, bool *notls,
+			    int cli_proto, int srv_proto)
 {
 	struct sockaddr_in addr;
 	socklen_t len;
@@ -122,8 +127,8 @@ static void ulp_sock_pair(struct __test_metadata *_meta=
data,
 	addr.sin_addr.s_addr =3D htonl(INADDR_ANY);
 	addr.sin_port =3D 0;
=20
-	*fd =3D socket(AF_INET, SOCK_STREAM, 0);
-	sfd =3D socket(AF_INET, SOCK_STREAM, 0);
+	*fd =3D socket(AF_INET, SOCK_STREAM, cli_proto);
+	sfd =3D socket(AF_INET, SOCK_STREAM, srv_proto);
=20
 	ret =3D bind(sfd, &addr, sizeof(addr));
 	ASSERT_EQ(ret, 0);
@@ -143,7 +148,7 @@ static void ulp_sock_pair(struct __test_metadata *_meta=
data,
=20
 	ret =3D setsockopt(*fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
 	if (ret !=3D 0) {
-		ASSERT_EQ(errno, ENOENT);
+		ASSERT_TRUE(errno =3D=3D ENOENT || errno =3D=3D EOPNOTSUPP);
 		*notls =3D true;
 		printf("Failure setting TCP_ULP, testing without tls\n");
 		return;
@@ -153,6 +158,12 @@ static void ulp_sock_pair(struct __test_metadata *_met=
adata,
 	ASSERT_EQ(ret, 0);
 }
=20
+static void ulp_sock_pair(struct __test_metadata *_metadata,
+			  int *fd, int *cfd, bool *notls)
+{
+	__ulp_sock_pair(_metadata, fd, cfd, notls, 0, 0);
+}
+
 /* Produce a basic cmsg */
 static int tls_send_cmsg(int fd, unsigned char record_type,
 			 void *data, size_t len, int flags)
@@ -310,6 +321,7 @@ FIXTURE_VARIANT(tls)
 	uint16_t tls_version;
 	uint16_t cipher_type;
 	bool nopad, fips_non_compliant;
+	bool mptcp;
 };
=20
 FIXTURE_VARIANT_ADD(tls, 12_aes_gcm)
@@ -395,6 +407,23 @@ FIXTURE_VARIANT_ADD(tls, 12_aria_gcm_256)
 	.cipher_type =3D TLS_CIPHER_ARIA_GCM_256,
 };
=20
+static bool is_mptcp_enable(void)
+{
+	char buf[16] =3D { 0 };
+	ssize_t n;
+	int fd;
+
+	fd =3D open("/proc/sys/net/mptcp/enabled", O_RDONLY);
+	if (fd < 0)
+		return false;
+
+	n =3D read(fd, buf, sizeof(buf) - 1);
+	close(fd);
+	if (n <=3D 0)
+		return false;
+	return (atoi(buf) =3D=3D 1);
+}
+
 FIXTURE_SETUP(tls)
 {
 	struct tls_crypto_info_keys tls12;
@@ -404,10 +433,15 @@ FIXTURE_SETUP(tls)
 	if (fips_enabled && variant->fips_non_compliant)
 		SKIP(return, "Unsupported cipher in FIPS mode");
=20
+	if (variant->mptcp && !is_mptcp_enable())
+		SKIP(return, "no MPTCP support");
+
 	tls_crypto_info_init(variant->tls_version, variant->cipher_type,
 			     &tls12, 0);
=20
-	ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls);
+	__ulp_sock_pair(_metadata, &self->fd, &self->cfd, &self->notls,
+			variant->mptcp ? IPPROTO_MPTCP : 0,
+			variant->mptcp ? IPPROTO_MPTCP : 0);
=20
 	if (self->notls)
 		return;
--=20
2.43.0
From nobody Thu Jun 11 06:59:51 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id CDFAA2F8E98
	for <mptcp@lists.linux.dev>; Tue,  9 Jun 2026 02:20:01 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780971602; cv=none;
 b=QacKiG08JSOzfHxldFiBB+U2XcBz0qlZZYe5pIHaM4yw7lG9H5s014TFmK+5wpK6ef5dADWY6pZ4q+tnLvVLiPvSHSFOD7CF111me1AzzCS331Rn58k+rFKNRZqTBjOovfhKTxVM5H75/OwVhbJy14/ctW32o18iQ+BuVuKHnts=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780971602; c=relaxed/simple;
	bh=0MC1e1X4134Qk+ppmW3HSRM8Eyr9JD3CJdogsgBVigE=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=nUPdp7VL4ziRHkegEZLD5J3jPThJv36MPtKD0u0TM5RZjh9CaRlyPg3EQ0OmpCMfdpR10nbDR1t/6PZ0nasn4nmVbdXASs/T0+MzW/hjlgQwMN7R/PyKqCT89xR645sOVsn5QrQFGqV8OX13396H9MgS8izMMSc7QOT59VguBWs=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=QAUdOzub; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="QAUdOzub"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 219CC1F00898;
	Tue,  9 Jun 2026 02:19:59 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780971601;
	bh=At1zo6hDfmt/kaK3eOVzt6d52M3LX1QctkxXRyIIboM=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=QAUdOzubTechU8Nm6kibJh61hXhd4yKtD53Mtr704fFXnko1jFo0Jr0XrEgX8iATC
	 39uXfk+CZzEuwDM6/M6J1MkmVjBPFaXNHm6ujye3WS71PDJkkmWm+e0dX//aBzRqsu
	 jiWHzUe8WrUgqA65nR3mdXMQwfIAOBnhQoEd6CDLe2Yh1fHx9qQ7vP5yW5AVxc4zdG
	 47OUfPgNScOM2sOlOvUlpxFhHkP3IY893zvtu/YXgWAwQa9N1nsZW1PjtczOLnUNub
	 eXT8WjUOPm00uPWTEwxhw4Yo7vfPF3CxKhH3dwxVA/0v8OiK/AbwYn/TkM5Oqb960j
	 CGTqBR7dimsKA==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v25 17/22] selftests: tls: increase pollin timeouts
 for mptcp
Date: Tue,  9 Jun 2026 10:18:43 +0800
Message-ID: 
 <8a29f77d066d34fe94e888046b029fbaceb795c6.1780970284.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1780970284.git.tanggeliang@kylinos.cn>
References: <cover.1780970284.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

MPTCP requires longer timeouts in pollin test due to subflow establishment
delays and slower state transitions. Increase timeout values to prevent
false failures:

 #  RUN           tls.13_sm4_ccm_mptcp.pollin ...
 # tls.c:1411:pollin:Expected poll(&fd, 1, 20) (0) =3D=3D 1 (1)
 # tls.c:1412:pollin:Expected fd.revents & POLLIN (0) =3D=3D 1 (1)
 # pollin: Test failed
 #          FAIL  tls.13_sm4_ccm_mptcp.pollin
 not ok 357 tls.13_sm4_ccm_mptcp.pollin

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 tools/testing/selftests/net/tls.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/ne=
t/tls.c
index fed83918cd9d..5a6c5ee2757f 100644
--- a/tools/testing/selftests/net/tls.c
+++ b/tools/testing/selftests/net/tls.c
@@ -1362,6 +1362,7 @@ TEST_F(tls, bidir)
=20
 TEST_F(tls, pollin)
 {
+	int timeout =3D variant->mptcp ? 100 : 20;
 	char const *test_str =3D "test_poll";
 	struct pollfd fd =3D { 0, 0, 0 };
 	char buf[10];
@@ -1371,11 +1372,11 @@ TEST_F(tls, pollin)
 	fd.fd =3D self->cfd;
 	fd.events =3D POLLIN;
=20
-	EXPECT_EQ(poll(&fd, 1, 20), 1);
+	EXPECT_EQ(poll(&fd, 1, timeout), 1);
 	EXPECT_EQ(fd.revents & POLLIN, 1);
 	EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_WAITALL), send_len);
 	/* Test timing out */
-	EXPECT_EQ(poll(&fd, 1, 20), 0);
+	EXPECT_EQ(poll(&fd, 1, timeout), 0);
 }
=20
 TEST_F(tls, poll_wait)
--=20
2.43.0
From nobody Thu Jun 11 06:59:51 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id E310B264A97
	for <mptcp@lists.linux.dev>; Tue,  9 Jun 2026 02:20:03 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780971604; cv=none;
 b=jTnMV2xc8XtSU+ehu4H05yBRozJowT/nDWNSR1GIdU6FU5cVGQc4ChkUCb0D1bnR377wltD1hzipGNUjiUlA9P/W29Mh0tQFQ939daZEaHBoLPOqs5vlKlqLdRuPtGDYBpKtZ1jsYjlGw/FWteOR0iU3ROZRQrxd/95bk38R7RQ=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780971604; c=relaxed/simple;
	bh=4AKlW549wTkILs+MzA7D+Lh+1QdT40vJVxuqHdPXVtw=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=kNHHTCB6kdGpdI6YEWnvuuc76GJvM5LaN7IxMBLUTHCSZv/fDikAN5B+imKNdzQfyyPsb17ew3ExaYTpecNuu/LU/fYqaOldS0TGnje6eZ/RFd5yDkljz+pDJ1PWRDjhorU49cVZaJ7Lts5yz3QwyOlC39YYCoYLeUuMtyu2kgs=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=Cy3KK4g4; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="Cy3KK4g4"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1D4481F00893;
	Tue,  9 Jun 2026 02:20:01 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780971603;
	bh=n2yAJSDtTC6LukPE1XvLhTl+hjeJ2GVLRfC8sw2Jlms=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=Cy3KK4g4RXdBGROIX9wpkUseSM6tPe9hVkUd0c/nO88KbfXtBC0bGd6UcH4f4WS/3
	 5OymlY265Qwvr+b1nuVQqm6RDyW1F7ccBaeZCFxaaXHm7J8KP4SbI74TQjzHjMMrGt
	 MFU0Rw7vUlotUBWY47GBG55UgEWuB1RNXR5Sxmfn5rc9oE0tihvtYlA02Dhy6QcMOA
	 RPAce1OnAx0aFb6uYanhSV5+8gROqzSFML7SctdyKa4LO30rd1YJDrdRMbO+weBMi6
	 I0zeCq1YPnLZNWVVlrxBMmHWqt7TOwJBCn8Mc6oBT5+tv4ER+LiTUz+XopdsHQsXCk
	 X865B1cZ14aUg==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v25 18/22] selftests: tls: increase nonblocking data
 size for mptcp
Date: Tue,  9 Jun 2026 10:18:44 +0800
Message-ID: 
 <669eef0f6fc23483386ec07ebd34c72c07142142.1780970284.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1780970284.git.tanggeliang@kylinos.cn>
References: <cover.1780970284.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

Increase the data size in nonblocking tests to accommodate MPTCP's
multi-subflow behavior and ensure sufficient data for testing,
avoiding the following errors:

 #  RUN           tls.12_aria_gcm_mptcp.nonblocking ...
 # tls.c:1534:nonblocking:Expected 0 (0) !=3D eagain (0)
 # nonblocking: Test failed

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 tools/testing/selftests/net/tls.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/ne=
t/tls.c
index 5a6c5ee2757f..64aad661a1b4 100644
--- a/tools/testing/selftests/net/tls.c
+++ b/tools/testing/selftests/net/tls.c
@@ -1468,6 +1468,9 @@ TEST_F(tls, nonblocking)
 	int flags;
 	int res;
=20
+	if (variant->mptcp)
+		data *=3D 4;
+
 	flags =3D fcntl(self->fd, F_GETFL, 0);
 	fcntl(self->fd, F_SETFL, flags | O_NONBLOCK);
 	fcntl(self->cfd, F_SETFL, flags | O_NONBLOCK);
--=20
2.43.0
From nobody Thu Jun 11 06:59:51 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id B4D14264A97
	for <mptcp@lists.linux.dev>; Tue,  9 Jun 2026 02:20:05 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780971606; cv=none;
 b=Q+999EmCIfnzRDkLhqRPozQ/JHxPWedLw2uOd/HQi6BcxYZ9BYnDP+ReYCgWhKUnrhSUYAaHdPhVSeGfHAzpiR0baouB6RWhS2tY33/dHX0JF4pVq+5wE5BhUsuHoQnu1ZbqsKbExmF1+GXUMTueaTjdjm7Nutox7mBl96ShFGo=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780971606; c=relaxed/simple;
	bh=PSHYO8Pk8v3Z8MQAJcqJEM59hDIv33+Oxa/ecwAVlYs=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=XrsLkWNYfZrviV1ahq1wW6GZcGPRZz+FIVgu586Sm1Xisf0iK0apDUx2ZV8vEXtcFDKjE86W2tAtHFlhBlMrNrNuBqLFBpgR/F0G6aFtqW7OFIFTxEHdZq613WAL7pYM+2+dC98LLcvyWyElTvwUYz9XHOiMUnKM2fowMzV9AXc=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=PVaEmSx6; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="PVaEmSx6"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4C2701F00898;
	Tue,  9 Jun 2026 02:20:04 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780971605;
	bh=S/Fkq9y3NgcGU2ulT5l9+cox6coWokFGlmb0jnTr0WM=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=PVaEmSx6eL8bFFU8PsopvivRDAGVHNuq/+SHpqyd7YH7v37eB59iWv5eFAR0vIlvB
	 zIDCnMa0NrTknCgYTdPkqfGkOR2a/Skl9EF8uL0OmB1v7ZSG+fNJO9rTRjesYJA7yW
	 CFux94dpBgmUu1qZWDCMDTFkgN79j96qYgZxcYGfzEFANr6aXMWK97G21qgudWruEb
	 WdteCHbcw8S8ya6ePJ4q6ZoCmfzDcg6jmeOMVfQnufqV1KVRKkpb71Sx0mAN9P/vok
	 gO5BAcfhTRTMgi1brrz6zkmM3JdRbi18Q27MQOoh0tzYjDamT1Bv5/dy6zIM2IIlS0
	 hHkRjZqcmTjYQ==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v25 19/22] selftests: tls: retry bind for mptcp in
 shutdown_reuse
Date: Tue,  9 Jun 2026 10:18:45 +0800
Message-ID: 
 <fe705751a406fd84e4c60cff4eb6ecf5478f1fa6.1780970284.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1780970284.git.tanggeliang@kylinos.cn>
References: <cover.1780970284.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

In the shutdown_reuse test, after shutdown and close, bind() may fail
with EINVAL for MPTCP sockets due to asynchronous state transition of
the top-level MPTCP socket. Retry bind() on EINVAL for up to 1000
iterations (1 second) to allow the MPTCP socket to complete its state
transition. This fixes the following intermittent failures:

 #  RUN           tls.12_aes_gcm_mptcp.shutdown_reuse ...
 # tls.c:1790:shutdown_reuse:Expected ret (-1) =3D=3D 0 (0)
 # shutdown_reuse: Test failed
 #          FAIL  tls.12_aes_gcm_mptcp.shutdown_reuse
 not ok 14 tls.12_aes_gcm_mptcp.shutdown_reuse
 #  RUN           tls.13_aes_gcm_mptcp.shutdown_reuse ...
 # tls.c:1790:shutdown_reuse:Expected ret (-1) =3D=3D 0 (0)
 # shutdown_reuse: Test failed
 #          FAIL  tls.13_aes_gcm_mptcp.shutdown_reuse
 not ok 15 tls.13_aes_gcm_mptcp.shutdown_reuse
 #  RUN           tls.12_chacha_mptcp.shutdown_reuse ...
 #            OK  tls.12_chacha_mptcp.shutdown_reuse
 ok 16 tls.12_chacha_mptcp.shutdown_reuse
 #  RUN           tls.13_chacha_mptcp.shutdown_reuse ...
 #            OK  tls.13_chacha_mptcp.shutdown_reuse
 ok 17 tls.13_chacha_mptcp.shutdown_reuse
 #  RUN           tls.13_sm4_gcm_mptcp.shutdown_reuse ...
 # tls.c:1790:shutdown_reuse:Expected ret (-1) =3D=3D 0 (0)
 # shutdown_reuse: Test failed
 #          FAIL  tls.13_sm4_gcm_mptcp.shutdown_reuse
 not ok 18 tls.13_sm4_gcm_mptcp.shutdown_reuse

This is only done for MPTCP variants to avoid slowing down plain TCP
tests.

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 tools/testing/selftests/net/tls.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/ne=
t/tls.c
index 64aad661a1b4..4ae7505846f9 100644
--- a/tools/testing/selftests/net/tls.c
+++ b/tools/testing/selftests/net/tls.c
@@ -1744,6 +1744,7 @@ TEST_F(tls, shutdown_unsent)
 TEST_F(tls, shutdown_reuse)
 {
 	struct sockaddr_in addr;
+	int i =3D 0;
 	int ret;
=20
 	shutdown(self->fd, SHUT_RDWR);
@@ -1754,7 +1755,13 @@ TEST_F(tls, shutdown_reuse)
 	addr.sin_addr.s_addr =3D htonl(INADDR_ANY);
 	addr.sin_port =3D 0;
=20
+retry:
 	ret =3D bind(self->fd, &addr, sizeof(addr));
+	if (variant->mptcp &&
+	    ret < 0 && errno =3D=3D EINVAL && i++ < 1000) {
+		usleep(1000);
+		goto retry;
+	}
 	EXPECT_EQ(ret, 0);
 	ret =3D listen(self->fd, 10);
 	EXPECT_EQ(ret, -1);
--=20
2.43.0
From nobody Thu Jun 11 06:59:51 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3EEE635B634
	for <mptcp@lists.linux.dev>; Tue,  9 Jun 2026 02:20:09 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780971610; cv=none;
 b=Zp5yg0kN1L6l0ayG4KgeufYjYoaTb3CFsz0FT4yeSn68FCs98a6/ka75EXwVyeN69pe04XsSjaCQTV7WsmMfXT8JACkSQOE3tnGg4nL9VrDCNQxtW3rz4tU6nzvXAbOzbwWiHl2yacx4J8Hh3EsBH25c9vSH2spT6hwhA0WIuZE=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780971610; c=relaxed/simple;
	bh=3IsquAv4YDxMPBzDcFjkvuRls51Rw/lTNaNmpziy6To=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=SF62fa+O4D/3yRR+Z+5HgipLGFe5+9+jkPr+4H5BvLxoFiNFzfdyhaBdTatjcOCrb8QuiHi/5HGBcHURsdoF+v2mn8kvhzcYpJ2bMZvTkKBeLT1EUX7yALB4Lz0xLoS/r+a2tyCjnC7ySQGrqh6FN2IwChMhMNj4dh7nuuBWKy0=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=nzOAoJ2y; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="nzOAoJ2y"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 46AEC1F00893;
	Tue,  9 Jun 2026 02:20:05 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780971609;
	bh=Gxkqt+h6izqRYrlC/RzMeNRphQ6RNv+N6Om0PZ/RFQM=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=nzOAoJ2yL6tFoC3x16bQoeVGNR5vDKIP5kbSvmrw9GUY5QR86fVH0GhiI/FfCxbp8
	 1ilM27U+gVgFE5t0mEjChFKk8gluFQmTvFX607oiZozsPtFOXJxzQs2RP+L1jn1YGr
	 SN8EBTwTyoMouWLcB7TxbOYd5OnfcsOk6o3757LmCr8h6CI+SJVlPjalicfcR1bJh0
	 H5Hkx7aD3PW+DCxXLv+ZjYZNqKOGu0VG8nwxsof50JhoEB6DMLkY9ICQlqCFBP+EiJ
	 pU63iED72h0no4ML9f6D2mY8jF5qCiokgzp/F5vXdRMYRwURAObv9XJNqljYJh49rh
	 7ZAXbBYEjJdmQ==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Paolo Abeni <pabeni@redhat.com>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v25 20/22] selftests: tls: set timeout for
 multi_chunk_sendfile
Date: Tue,  9 Jun 2026 10:18:46 +0800
Message-ID: 
 <0599263dc958f9c7d6b04ebba42a480a4d19fe80.1780970284.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1780970284.git.tanggeliang@kylinos.cn>
References: <cover.1780970284.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

The multi_chunk_sendfile test can time out with the default 30-second
limit when run on certain configurations (e.g., MPTCP). Add a 240-second
timeout using TEST_F_TIMEOUT to prevent failure:

 # multi_chunk_sendfile: Test terminated by timeout 30
 #          FAIL  tls.13_chacha_mptcp.multi_chunk_sendfile
 not ok 204 tls.13_chacha_mptcp.multi_chunk_sendfile

Suggested-by: Paolo Abeni <pabeni@redhat.com>
Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 tools/testing/selftests/net/tls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/ne=
t/tls.c
index 4ae7505846f9..6f51da27ef1e 100644
--- a/tools/testing/selftests/net/tls.c
+++ b/tools/testing/selftests/net/tls.c
@@ -536,7 +536,7 @@ static void chunked_sendfile(struct __test_metadata *_m=
etadata,
 	close(fd);
 }
=20
-TEST_F(tls, multi_chunk_sendfile)
+TEST_F_TIMEOUT(tls, multi_chunk_sendfile, 240)
 {
 	chunked_sendfile(_metadata, self, 4096, 4096);
 	chunked_sendfile(_metadata, self, 4096, 0);
--=20
2.43.0
From nobody Thu Jun 11 06:59:51 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 643DA264A97
	for <mptcp@lists.linux.dev>; Tue,  9 Jun 2026 02:20:11 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780971612; cv=none;
 b=o+bEquuhH+wxa79ukefXTnzxTS+o05vmBCJ9ClQIdFSRpYKzxy5eYMxXm4VepE910i02jMbeG+FotZ/78OKQW5X57BTo0mv1Z7CvyAJe0oFXyGnI1v5+qz/wFCdl8t6BeNvd3IbA3k3mM0YX8kvMkpuiIY5ebxq19k8QcYL2vaE=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780971612; c=relaxed/simple;
	bh=0Y0TwTXxolaDx7c2k5LdGVFkxBOEMIsf4pu32Nl0Tow=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=VQ6ZnjmaFEUSH/jP9xAjBis0jbJMZtPvflipLeyfgOqbJUEfg1QBcdnMGZECjmYLoNPYcI45s7xGdC4RzxfGPam6ZTMklP6G4wVUX8pQSHBfnzD/P5Hjy666f/ZRV6r+vcUn7HYXVuoTHp/yYnljLa3pkTePPfESvCpdS8Q6OkY=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=Fn5URPRe; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="Fn5URPRe"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id A6A021F00898;
	Tue,  9 Jun 2026 02:20:09 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780971611;
	bh=/wQmDE5lHgxqc7cZ7Rk26YaG+K0NxtZ2F66qRcTGmo8=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=Fn5URPReqxpO9SIhecA8RtQPLPZYV5uwumabaJOoT1aTaz2HJAc2mWevJgFOdIDOG
	 TlSZ4NobOzUVM38gQc4W8AoVZ7FyvOfgGBJhowIdH6SaVAv6YHrDkE6BoNnmmvQxg1
	 6tPHzYbJjXq750OqvxzdqM18y7U4qRidHMGINosVJ2Li6mA7VvLgF6Wy3UjIR6btMQ
	 7kD38LyjEQrFFFPdTEe51+wD3x+1fw9/Q7JTPlFgqpG49rY4Q2dwxFqDhw9k8GVEgm
	 u8RSH0kZpIdvpAPdCSAaassSR7WXXs4Y0jtnf0sTlzYNL22Q39pnnYUQcUcCDqd9Bp
	 Pr3JAXjv4V+GA==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v25 21/22] selftests: tls: add mptcp test cases
Date: Tue,  9 Jun 2026 10:18:47 +0800
Message-ID: 
 <2951f244bada95f791127e893b8827225e91cc13.1780970284.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1780970284.git.tanggeliang@kylinos.cn>
References: <cover.1780970284.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

This patch introduces MPTCP test cases for the TLS fixture. These "mptcp"
variants are configured to create MPTCP sockets specifically for MPTCP TLS
testing purposes.

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 tools/testing/selftests/net/tls.c | 96 +++++++++++++++++++++++++++++++
 1 file changed, 96 insertions(+)

diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/ne=
t/tls.c
index 6f51da27ef1e..83cdb06da587 100644
--- a/tools/testing/selftests/net/tls.c
+++ b/tools/testing/selftests/net/tls.c
@@ -407,6 +407,102 @@ FIXTURE_VARIANT_ADD(tls, 12_aria_gcm_256)
 	.cipher_type =3D TLS_CIPHER_ARIA_GCM_256,
 };
=20
+FIXTURE_VARIANT_ADD(tls, 12_aes_gcm_mptcp)
+{
+	.tls_version =3D TLS_1_2_VERSION,
+	.cipher_type =3D TLS_CIPHER_AES_GCM_128,
+	.mptcp =3D true,
+};
+
+FIXTURE_VARIANT_ADD(tls, 13_aes_gcm_mptcp)
+{
+	.tls_version =3D TLS_1_3_VERSION,
+	.cipher_type =3D TLS_CIPHER_AES_GCM_128,
+	.mptcp =3D true,
+};
+
+FIXTURE_VARIANT_ADD(tls, 12_chacha_mptcp)
+{
+	.tls_version =3D TLS_1_2_VERSION,
+	.cipher_type =3D TLS_CIPHER_CHACHA20_POLY1305,
+	.fips_non_compliant =3D true,
+	.mptcp =3D true,
+};
+
+FIXTURE_VARIANT_ADD(tls, 13_chacha_mptcp)
+{
+	.tls_version =3D TLS_1_3_VERSION,
+	.cipher_type =3D TLS_CIPHER_CHACHA20_POLY1305,
+	.fips_non_compliant =3D true,
+	.mptcp =3D true,
+};
+
+FIXTURE_VARIANT_ADD(tls, 13_sm4_gcm_mptcp)
+{
+	.tls_version =3D TLS_1_3_VERSION,
+	.cipher_type =3D TLS_CIPHER_SM4_GCM,
+	.fips_non_compliant =3D true,
+	.mptcp =3D true,
+};
+
+FIXTURE_VARIANT_ADD(tls, 13_sm4_ccm_mptcp)
+{
+	.tls_version =3D TLS_1_3_VERSION,
+	.cipher_type =3D TLS_CIPHER_SM4_CCM,
+	.fips_non_compliant =3D true,
+	.mptcp =3D true,
+};
+
+FIXTURE_VARIANT_ADD(tls, 12_aes_ccm_mptcp)
+{
+	.tls_version =3D TLS_1_2_VERSION,
+	.cipher_type =3D TLS_CIPHER_AES_CCM_128,
+	.mptcp =3D true,
+};
+
+FIXTURE_VARIANT_ADD(tls, 13_aes_ccm_mptcp)
+{
+	.tls_version =3D TLS_1_3_VERSION,
+	.cipher_type =3D TLS_CIPHER_AES_CCM_128,
+	.mptcp =3D true,
+};
+
+FIXTURE_VARIANT_ADD(tls, 12_aes_gcm_256_mptcp)
+{
+	.tls_version =3D TLS_1_2_VERSION,
+	.cipher_type =3D TLS_CIPHER_AES_GCM_256,
+	.mptcp =3D true,
+};
+
+FIXTURE_VARIANT_ADD(tls, 13_aes_gcm_256_mptcp)
+{
+	.tls_version =3D TLS_1_3_VERSION,
+	.cipher_type =3D TLS_CIPHER_AES_GCM_256,
+	.mptcp =3D true,
+};
+
+FIXTURE_VARIANT_ADD(tls, 13_nopad_mptcp)
+{
+	.tls_version =3D TLS_1_3_VERSION,
+	.cipher_type =3D TLS_CIPHER_AES_GCM_128,
+	.nopad =3D true,
+	.mptcp =3D true,
+};
+
+FIXTURE_VARIANT_ADD(tls, 12_aria_gcm_mptcp)
+{
+	.tls_version =3D TLS_1_2_VERSION,
+	.cipher_type =3D TLS_CIPHER_ARIA_GCM_128,
+	.mptcp =3D true,
+};
+
+FIXTURE_VARIANT_ADD(tls, 12_aria_gcm_256_mptcp)
+{
+	.tls_version =3D TLS_1_2_VERSION,
+	.cipher_type =3D TLS_CIPHER_ARIA_GCM_256,
+	.mptcp =3D true,
+};
+
 static bool is_mptcp_enable(void)
 {
 	char buf[16] =3D { 0 };
--=20
2.43.0
From nobody Thu Jun 11 06:59:51 2026
Received: from smtp.kernel.org
 (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2A06A264A97
	for <mptcp@lists.linux.dev>; Tue,  9 Jun 2026 02:20:14 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=100.103.45.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780971615; cv=none;
 b=BqV2fydpg3hCB71RdP/TX//Z+Mbxo5alHct/7m/CA8FE9qokKvoYkinU4DoG4kQM2a6BrhoUunrKhEDR33nXRIwDfXn7ErD/h68qts1TfN7cDeax9IY1IC3kmbKKhCrZ2lIxRMg0StfzvYrqO2s1HT7sVJM+nXmv9wPYxQ7IW7Y=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780971615; c=relaxed/simple;
	bh=eLDxUddWKGyho5/asJgYy8IzUMdC4wPVI6vLDh6Oszg=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=oxArejtWmG0y8xt+kRmmqEfn4F4eN+LoGnq3jdCeZuAHPe35oSqqVITi341ZWNKnIaOXCH1WS4mIaMAwSTIO1B6OfuaXvz+Ofx+uR0r5FeaMLrSLNy8RAtZluvYSTJGJBnH6TNuWGgB+sAJv/xBtDaSn8gK6lB3tC588ruUK1nQ=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=Oe1ToUci; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="Oe1ToUci"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 55E8B1F00893;
	Tue,  9 Jun 2026 02:20:12 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1780971614;
	bh=xiRuS2ijp5hPUQkqN0sx1ZTcEwrYMVcTFbyslvRNapk=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=Oe1ToUcio9JJ+sK1u5997FsC51/JUta+aoHXIK9dLVjF3QEWffnZq/mX9KVsTnwjB
	 zqzXmToge8X9EWSMBI8kT/eaYNeiins+dIKN1Is+RdP+Lb3fedTeEbDqIgKbavhkkM
	 GaMMqPM1pi6rxfbG21jCNU21IPxNWKEt4oZjKDFvnLMO0bYkHNTeph4xfzmWESwbSk
	 aapWHqMOBlbE7v+NNzai1+c6+mLhYhyGHB0wwzX8pc8Jz3uUEdhQmvvM6Elz6jkwhM
	 Tp2J7IOArDl8rJ4mCdVMeveUl3LrNNN1+GsGbuilZhKYd8EetgqASDaOjzZCvm7vqm
	 kN5aDaf0O0Kgw==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v25 22/22] selftests: mptcp: cover mptcp tls tests
Date: Tue,  9 Jun 2026 10:18:48 +0800
Message-ID: 
 <c45a34dc328d9d5da869808f7b8c84d3c4a94d99.1780970284.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1780970284.git.tanggeliang@kylinos.cn>
References: <cover.1780970284.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

The mptcp tests for tls.c is available now, this patch adds mptcp_tls.sh
to test it in the MPTCP CI by default.

The script creates a network namespace, sets up the necessary MPTCP
endpoints (by default with 4 subflows), and invokes the tls test binary
with all MPTCP-specific test variants (e.g., 12_aes_gcm_mptcp,
13_aes_gcm_mptcp, etc.). A symbolic link to the existing tls.c test
program is created under the mptcp selftests directory.

Additionally, update the kernel config to enable TLS and the required
crypto modules (ARIA, CCM, ChaCha20-Poly1305, SM4) so that all test
ciphers can be exercised.

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 tools/testing/selftests/net/mptcp/.gitignore  |  1 +
 tools/testing/selftests/net/mptcp/Makefile    |  2 +
 tools/testing/selftests/net/mptcp/config      |  5 ++
 .../testing/selftests/net/mptcp/mptcp_tls.sh  | 61 +++++++++++++++++++
 tools/testing/selftests/net/mptcp/tls.c       |  1 +
 5 files changed, 70 insertions(+)
 create mode 100755 tools/testing/selftests/net/mptcp/mptcp_tls.sh
 create mode 120000 tools/testing/selftests/net/mptcp/tls.c

diff --git a/tools/testing/selftests/net/mptcp/.gitignore b/tools/testing/s=
elftests/net/mptcp/.gitignore
index 833279fb34e2..f6defec6eeb5 100644
--- a/tools/testing/selftests/net/mptcp/.gitignore
+++ b/tools/testing/selftests/net/mptcp/.gitignore
@@ -4,4 +4,5 @@ mptcp_diag
 mptcp_inq
 mptcp_sockopt
 pm_nl_ctl
+tls
 *.pcap
diff --git a/tools/testing/selftests/net/mptcp/Makefile b/tools/testing/sel=
ftests/net/mptcp/Makefile
index 22ba0da2adb8..f7c959a25b3b 100644
--- a/tools/testing/selftests/net/mptcp/Makefile
+++ b/tools/testing/selftests/net/mptcp/Makefile
@@ -14,6 +14,7 @@ TEST_PROGS :=3D \
 	mptcp_connect_splice.sh \
 	mptcp_join.sh \
 	mptcp_sockopt.sh \
+	mptcp_tls.sh \
 	pm_netlink.sh \
 	simult_flows.sh \
 	userspace_pm.sh \
@@ -25,6 +26,7 @@ TEST_GEN_FILES :=3D \
 	mptcp_inq \
 	mptcp_sockopt \
 	pm_nl_ctl \
+	tls \
 # end of TEST_GEN_FILES
=20
 TEST_FILES :=3D \
diff --git a/tools/testing/selftests/net/mptcp/config b/tools/testing/selft=
ests/net/mptcp/config
index f48bd5183fb3..bfc26bde0501 100644
--- a/tools/testing/selftests/net/mptcp/config
+++ b/tools/testing/selftests/net/mptcp/config
@@ -38,3 +38,8 @@ CONFIG_INET_ESP=3Dy
 CONFIG_INET_ESPINTCP=3Dy
 CONFIG_INET6_ESP=3Dy
 CONFIG_INET6_ESPINTCP=3Dy
+CONFIG_TLS=3Dm
+CONFIG_CRYPTO_ARIA=3Dm
+CONFIG_CRYPTO_CCM=3Dm
+CONFIG_CRYPTO_CHACHA20POLY1305=3Dm
+CONFIG_CRYPTO_SM4_GENERIC=3Dm
diff --git a/tools/testing/selftests/net/mptcp/mptcp_tls.sh b/tools/testing=
/selftests/net/mptcp/mptcp_tls.sh
new file mode 100755
index 000000000000..79d120cd4b16
--- /dev/null
+++ b/tools/testing/selftests/net/mptcp/mptcp_tls.sh
@@ -0,0 +1,61 @@
+#!/bin/bash
+# SPDX-License-Identifier: GPL-2.0
+
+. "$(dirname "${0}")/mptcp_lib.sh"
+
+ret=3D0
+ns1=3D""
+pid=3D""
+
+# This function is used in the cleanup trap
+#shellcheck disable=3DSC2317,SC2329
+cleanup()
+{
+	if [ -n "$pid" ] && kill -0 "$pid" 2>/dev/null; then
+		kill "$pid" 2>/dev/null
+		wait "$pid" 2>/dev/null
+	fi
+
+	mptcp_lib_ns_exit "$ns1"
+}
+
+init()
+{
+	local max=3D"${1:-4}"
+
+	mptcp_lib_ns_init ns1
+
+	mptcp_lib_pm_nl_set_limits "$ns1" "$max" "$max"
+
+	local i
+	for i in $(seq 1 "$max"); do
+		mptcp_lib_pm_nl_add_endpoint "$ns1" \
+			"127.0.0.1" flags signal port 1000"$i"
+	done
+}
+
+mptcp_lib_check_mptcp
+
+trap cleanup EXIT
+
+init
+
+ip netns exec "$ns1" ./tls -v 12_aes_gcm_mptcp \
+			   -v 13_aes_gcm_mptcp \
+			   -v 12_chacha_mptcp \
+			   -v 13_chacha_mptcp \
+			   -v 13_sm4_gcm_mptcp \
+			   -v 13_sm4_ccm_mptcp \
+			   -v 12_aes_ccm_mptcp \
+			   -v 13_aes_ccm_mptcp \
+			   -v 12_aes_gcm_256_mptcp \
+			   -v 13_aes_gcm_256_mptcp \
+			   -v 13_nopad_mptcp \
+			   -v 12_aria_gcm_mptcp \
+			   -v 12_aria_gcm_256_mptcp &
+pid=3D$!
+wait $pid
+ret=3D$?
+
+mptcp_lib_result_print_all_tap
+exit $ret
diff --git a/tools/testing/selftests/net/mptcp/tls.c b/tools/testing/selfte=
sts/net/mptcp/tls.c
new file mode 120000
index 000000000000..724b1f047c89
--- /dev/null
+++ b/tools/testing/selftests/net/mptcp/tls.c
@@ -0,0 +1 @@
+../tls.c
\ No newline at end of file
--=20
2.43.0