From nobody Sun Jul 5 05:52:29 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 75CDE36403B; Mon, 22 Jun 2026 10:44:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125054; cv=none; b=UW/PkXRLZlYh7tPUo4uLwL8EUv632FPB1fwCqkRmdEm3LlEt5Ryct32zZYQF6GZ+WeXrcE+SXhXRpdiSDZg9yrLQCg1HUJUgW8L+lRD2wp3Iaa/TKMwk0nOzHuxcBTj5NOmnGrs6DjrYMt0SPD6O/gf2RLWCmHbkaxgqfacMufw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125054; c=relaxed/simple; bh=8n7LlVOuJlHzPRVuig1AXQ7RVkmp7CZcsBBL4ZlYS4w=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=H/RcwT9c0KEX0u9ZYsPqLYHU35CZshx+hQSaDPjsjpx2ZEZyD3s3Ok89K4Z5KebIgNryIjaiqbGE4NhaT9Q0MmnhjjPp1mXN8mAvBqnnhVZgZrtnhFZIM2RwvKyoK1onk674BlxgYlnALxzTPQZqsNJ0zBdXagsNxyz4NQlA480= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Lt3Y9+Jy; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Lt3Y9+Jy" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 87E611F00A3A; Mon, 22 Jun 2026 10:44:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1782125053; bh=LS5C8oveC/OFKMD1yPkh69Cz4bn65BQ165iFbZz6YYU=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=Lt3Y9+JyhTJNPAjlKeaDkgxKdK7NOoHxphdMINgVH0gfFRU3EF1ghEs5/JUavIioE y6OZY4FYER+WraRbX7h0/vhzZaBBUwEQU8pe2wWrIkOGv7+f7JEreQi9Yv6eSouccv a2eb3PJZfUqWl9SeL1rM7UMC3I2lsE3NS8xR1r7eLa6Q4RlLjHSuSHHqqLD6xIs5xh mfQEpMinjYIk9HriXPdfrc099Ypx3ZuegNb1RGT5oZALZ8iSkNYH6r5JWb6RlSh2bs xEO1lZeM8W/ZUboJvOAmB8QZS7ENJv6esBQqlZQnWSnqFiIAqXP6d7MfDx4HXr5SqA 2xuBI4AFWRLZw== From: Geliang Tang To: Matthieu Baerts , Mat Martineau , Geliang Tang , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Neal Cardwell , Kuniyuki Iwashima , John Fastabend , Sabrina Dubroca , Hannes Reinecke Cc: Geliang Tang , netdev@vger.kernel.org, mptcp@lists.linux.dev, Gang Yan , Zqiang Subject: [RFC net-next 01/17] tls: make tls_ctx_create and update_sk_prot static Date: Mon, 22 Jun 2026 18:43:21 +0800 Message-ID: X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang The TLS TOE (TCP offload engine) support has been removed. As a result, tls_ctx_create() and update_sk_prot() are no longer used outside of tls_main.c. Make them static and remove their prototypes from tls.h. This avoids exporting unnecessary symbols and cleans up the internal API. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Co-developed-by: Zqiang Signed-off-by: Zqiang Signed-off-by: Geliang Tang --- net/tls/tls.h | 2 -- net/tls/tls_main.c | 4 ++-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/net/tls/tls.h b/net/tls/tls.h index 60a37bdaaa25..68dfe109808e 100644 --- a/net/tls/tls.h +++ b/net/tls/tls.h @@ -136,9 +136,7 @@ struct tls_rec { int __net_init tls_proc_init(struct net *net); void __net_exit tls_proc_fini(struct net *net); =20 -struct tls_context *tls_ctx_create(struct sock *sk); void tls_ctx_free(struct sock *sk, struct tls_context *ctx); -void update_sk_prot(struct sock *sk, struct tls_context *ctx); =20 int wait_on_pending_writer(struct sock *sk, long *timeo); void tls_err_abort(struct sock *sk, int err); diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index 8c588cdab733..9675c75bc50c 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -126,7 +126,7 @@ static struct proto_ops tls_proto_ops[TLS_NUM_PROTS][TL= S_NUM_CONFIG][TLS_NUM_CON static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG], const struct proto *base); =20 -void update_sk_prot(struct sock *sk, struct tls_context *ctx) +static void update_sk_prot(struct sock *sk, struct tls_context *ctx) { int ip_ver =3D sk->sk_family =3D=3D AF_INET6 ? TLSV6 : TLSV4; =20 @@ -913,7 +913,7 @@ static int tls_disconnect(struct sock *sk, int flags) return -EOPNOTSUPP; } =20 -struct tls_context *tls_ctx_create(struct sock *sk) +static struct tls_context *tls_ctx_create(struct sock *sk) { struct inet_connection_sock *icsk =3D inet_csk(sk); struct tls_context *ctx; --=20 2.53.0 From nobody Sun Jul 5 05:52:29 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9F6813911AB; Mon, 22 Jun 2026 10:44:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125060; cv=none; b=DRAZgk3poXgBVhWTFB5+q8yKDcMeMwK6QNiAyGBrFZTl/Ubd/U9dDNa30kgVQ+qx/5BJz3/6OOYPiiq8gxM2GJ11xDZgOfyUwJt/WasICAvD11PlDOBkY9v4+4oA99bj/qAFd/CznNnsOjZo8Xau4LOXxG7cEJN41AgPEVM9MOo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125060; c=relaxed/simple; bh=Ag/hQ9rRmfp2USAAToXkC9c+6xqCdl3B8rz4gW9w9gQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=hS7ywzmtkcwFPAZgDAs98210Ustke95n34ZIdTxUlIzNEFWy1yKLsmj7wnEG2mVS1v8S4T6jdGC2DhTbMo3Igxn4ZD0ZljyUvNLXXKClpry1MDk5YuvW0c+Q3ZXB8FDuSyaEucq6KuQ6oxZqlUwWimoBP48sXGMk/k7abBnB/U4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=JI9nDEOh; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="JI9nDEOh" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 020121F00A3E; Mon, 22 Jun 2026 10:44:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1782125059; bh=vf5shtTjZbJJ4RO3sH4LEHQNLiU1arvXN5MniILsa7A=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=JI9nDEOhmo0Dy+sAuGHfYD5WxnFg2sROUkghwB/0+U2+QzMr0Hiu6kR7pR5pMFMXO VzPFsL2LDKoSpeAbtXEQ5m9P8H/1BIwilOHfjg/qw3JvDoIjQZajHmC9J9+axcS7bK 6RMOAYEaMd0L8pYdqYWXS7a6dA6fLcvPWmvxtUARxXj9zHlom3VzxPn736KEqpMefp WA3Ky9JWL5gBTgeRp7bVq7sFXxf9SUMOBr3T/hIelq0VIpqn6rv/5OsXDcW3mvBkkP +Jbq5KiatF1d5sEG2jP5GjDW9cInnuFCtF6T4sutgxJZPFy7AEbQ5vv6NtIy8aRcZg +X3jWw4R8J2TQ== From: Geliang Tang To: Matthieu Baerts , Mat Martineau , Geliang Tang , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Neal Cardwell , Kuniyuki Iwashima , John Fastabend , Sabrina Dubroca , Hannes Reinecke Cc: Geliang Tang , netdev@vger.kernel.org, mptcp@lists.linux.dev, Gang Yan , Zqiang Subject: [RFC net-next 02/17] tls: factor out __tls_build_proto for mptcp support Date: Mon, 22 Jun 2026 18:43:22 +0800 Message-ID: X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang tls_build_proto() contains duplicated logic for building IPv4 and IPv6 TLS protocol caches. Factor out the common code into a new helper __tls_build_proto(), which takes the saved protocol pointer, mutex, and IP family as parameters. This prepares for adding MPTCP support by reducing the amount of duplicated code needed when introducing additional protocol variants. No functional change intended. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Co-developed-by: Zqiang Signed-off-by: Zqiang Signed-off-by: Geliang Tang --- net/tls/tls_main.c | 46 ++++++++++++++++++++++++---------------------- 1 file changed, 24 insertions(+), 22 deletions(-) diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index 9675c75bc50c..be824affd1b1 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -968,35 +968,37 @@ static void build_proto_ops(struct proto_ops ops[TLS_= NUM_CONFIG][TLS_NUM_CONFIG] #endif } =20 -static void tls_build_proto(struct sock *sk) +static void __tls_build_proto(struct sock *sk, + const struct proto *saved_prot, + struct mutex *prot_mutex, + int family) { int ip_ver =3D sk->sk_family =3D=3D AF_INET6 ? TLSV6 : TLSV4; struct proto *prot =3D READ_ONCE(sk->sk_prot); =20 - /* Build IPv6 TLS whenever the address of tcpv6 _prot changes */ - if (ip_ver =3D=3D TLSV6 && - unlikely(prot !=3D smp_load_acquire(&saved_tcpv6_prot))) { - mutex_lock(&tcpv6_prot_mutex); - if (likely(prot !=3D saved_tcpv6_prot)) { - build_protos(tls_prots[TLSV6], prot); - build_proto_ops(tls_proto_ops[TLSV6], - sk->sk_socket->ops); - smp_store_release(&saved_tcpv6_prot, prot); + if (ip_ver =3D=3D family) { + /* smp_load_acquire pairs with smp_store_release below */ + if (unlikely(prot !=3D smp_load_acquire(&saved_prot))) { + mutex_lock(prot_mutex); + if (likely(prot !=3D saved_prot)) { + build_protos(tls_prots[family], prot); + build_proto_ops(tls_proto_ops[family], + sk->sk_socket->ops); + /* pairs with smp_load_acquire above */ + smp_store_release(&saved_prot, prot); + } + mutex_unlock(prot_mutex); } - mutex_unlock(&tcpv6_prot_mutex); } +} =20 - if (ip_ver =3D=3D TLSV4 && - unlikely(prot !=3D smp_load_acquire(&saved_tcpv4_prot))) { - mutex_lock(&tcpv4_prot_mutex); - if (likely(prot !=3D saved_tcpv4_prot)) { - build_protos(tls_prots[TLSV4], prot); - build_proto_ops(tls_proto_ops[TLSV4], - sk->sk_socket->ops); - smp_store_release(&saved_tcpv4_prot, prot); - } - mutex_unlock(&tcpv4_prot_mutex); - } +static void tls_build_proto(struct sock *sk) +{ + /* Build IPv6 TLS whenever the address of tcpv6 _prot changes */ + __tls_build_proto(sk, saved_tcpv6_prot, &tcpv6_prot_mutex, + TLSV6); + __tls_build_proto(sk, saved_tcpv4_prot, &tcpv4_prot_mutex, + TLSV4); } =20 static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG], --=20 2.53.0 From nobody Sun Jul 5 05:52:29 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 59CE6396B79; Mon, 22 Jun 2026 10:44:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125067; cv=none; b=qlRKhTLG07A+gbusRmReNH3VdwNAXb69WEgmwjiaNPfDFVts0hxKKylqmhG82Jm7SAQbuMYT6nHnmwI6JkkLOZ9AqJH1vuHyP/mZCATzqMe0yi90+XC+hhGYW96Pjzoi2vjnuaqrQENj8u8EIrZzTxioegui6V14DafJOdySsVM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125067; c=relaxed/simple; bh=XBYv5zz3sOwlsm9ckbexl4pEDfCTMycnVQDACpe4atQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Wvqdl771UhhBnw/ESTXcJn3d/XEEGj8CHe8uPZFyeSoYIVPNMkGsYBGfbuJUAzGiVmOkTkeEjMPpdkMaZXdYZIBM66HkHpit/JEqc+mcM1njHkPYuwyoThA0P1GXbYGUYMcmg2Tj+cRUM2EfdYp8kDkFBSnCupTQ3OP//iwmTCo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=VHLZJPif; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="VHLZJPif" Received: by smtp.kernel.org (Postfix) with ESMTPSA id E77C21F000E9; Mon, 22 Jun 2026 10:44:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1782125066; bh=NICoJhyso/xKwA0V9BHghdzw8uXRKsBqUsvBGmFqrNg=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=VHLZJPifVrl03prN+KWe2+bHWPLEtRk3bauElubabnGTUnWNEXR/pYnm359flu9l6 8zLLBASimj5pCC+nxL9vO2NNa9mSB9B1U+ppH66etajQq42Dw0MHTHqbEOGV89ERtm VRX7uRYP8u5Tqq612M89qYsIMerr8mXdO918hKIQbFUz8g/9hKTcZertAZVXmyGEDB di0utKFzj6iRDMggl0dyfGWKuQajCOPDZ0bPVwcbEjj1b8QZ4GyCu/4gXP8TtEg7Tc V9++7tLWDh5+h2XQKrg0ncXyQp/XtMX/AK3lA33yMhkNNlUteT7sVfc8YjArpe8xlQ U49dybBsmVKbQ== From: Geliang Tang To: Matthieu Baerts , Mat Martineau , Geliang Tang , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Neal Cardwell , Kuniyuki Iwashima , John Fastabend , Sabrina Dubroca , Hannes Reinecke Cc: Geliang Tang , netdev@vger.kernel.org, mptcp@lists.linux.dev, Gang Yan , Zqiang Subject: [RFC net-next 03/17] tls: add protocol dimension to tls operation cache Date: Mon, 22 Jun 2026 18:43:23 +0800 Message-ID: <1d024f02806622ab3ad467e90ea7311dd5810073.1782123118.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang The current TLS operation cache is indexed solely by IP version (IPv4/IPv6). This was sufficient when only TCP was supported. Rename TLS_NUM_PROTS to TLS_NUM_FAMILY to accurately reflect that it represents the number of address families. With the introduction of MPTCP, both TCP and MPTCP sockets within the same IP version now share the same cache entries. When an MPTCP socket enables TLS, it overwrites the cache with MPTCP-specific operations, causing existing TCP TLS sockets to use the wrong ops, leading to type confusion and kernel panics. Fix by extending the cache arrays with a protocol dimension to separate TCP and MPTCP. Introduce TLSTCP and TLSMPTCP enum values, along with separate saved protocol pointers and mutexes for MPTCP. update_sk_prot() and __tls_build_proto() now select the appropriate cache based on sk->sk_protocol. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Co-developed-by: Zqiang Signed-off-by: Zqiang Signed-off-by: Geliang Tang --- net/tls/tls_main.c | 40 +++++++++++++++++++++++++++++----------- 1 file changed, 29 insertions(+), 11 deletions(-) diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index be824affd1b1..94133d62f73e 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -53,7 +53,13 @@ MODULE_ALIAS_TCP_ULP("tls"); enum { TLSV4, TLSV6, - TLS_NUM_PROTS, + TLS_NUM_FAMILY, +}; + +enum { + TLSTCP, + TLSMPTCP, + TLS_NUM_PROTO, }; =20 #define CHECK_CIPHER_DESC(cipher,ci) \ @@ -117,23 +123,30 @@ CHECK_CIPHER_DESC(TLS_CIPHER_SM4_CCM, tls12_crypto_in= fo_sm4_ccm); CHECK_CIPHER_DESC(TLS_CIPHER_ARIA_GCM_128, tls12_crypto_info_aria_gcm_128); CHECK_CIPHER_DESC(TLS_CIPHER_ARIA_GCM_256, tls12_crypto_info_aria_gcm_256); =20 +static const struct proto *saved_mptcpv6_prot; +static DEFINE_MUTEX(mptcpv6_prot_mutex); static const struct proto *saved_tcpv6_prot; static DEFINE_MUTEX(tcpv6_prot_mutex); +static const struct proto *saved_mptcpv4_prot; +static DEFINE_MUTEX(mptcpv4_prot_mutex); static const struct proto *saved_tcpv4_prot; static DEFINE_MUTEX(tcpv4_prot_mutex); -static struct proto tls_prots[TLS_NUM_PROTS][TLS_NUM_CONFIG][TLS_NUM_CONFI= G]; -static struct proto_ops tls_proto_ops[TLS_NUM_PROTS][TLS_NUM_CONFIG][TLS_N= UM_CONFIG]; +static struct proto +tls_prots[TLS_NUM_FAMILY][TLS_NUM_PROTO][TLS_NUM_CONFIG][TLS_NUM_CONFIG]; +static struct proto_ops +tls_proto_ops[TLS_NUM_FAMILY][TLS_NUM_PROTO][TLS_NUM_CONFIG][TLS_NUM_CONFI= G]; static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG], const struct proto *base); =20 static void update_sk_prot(struct sock *sk, struct tls_context *ctx) { + int proto =3D sk->sk_protocol =3D=3D IPPROTO_MPTCP ? TLSMPTCP : TLSTCP; int ip_ver =3D sk->sk_family =3D=3D AF_INET6 ? TLSV6 : TLSV4; =20 WRITE_ONCE(sk->sk_prot, - &tls_prots[ip_ver][ctx->tx_conf][ctx->rx_conf]); + &tls_prots[ip_ver][proto][ctx->tx_conf][ctx->rx_conf]); WRITE_ONCE(sk->sk_socket->ops, - &tls_proto_ops[ip_ver][ctx->tx_conf][ctx->rx_conf]); + &tls_proto_ops[ip_ver][proto][ctx->tx_conf][ctx->rx_conf]); } =20 int wait_on_pending_writer(struct sock *sk, long *timeo) @@ -971,18 +984,19 @@ static void build_proto_ops(struct proto_ops ops[TLS_= NUM_CONFIG][TLS_NUM_CONFIG] static void __tls_build_proto(struct sock *sk, const struct proto *saved_prot, struct mutex *prot_mutex, - int family) + int family, int protocol) { + int proto =3D sk->sk_protocol =3D=3D IPPROTO_MPTCP ? TLSMPTCP : TLSTCP; int ip_ver =3D sk->sk_family =3D=3D AF_INET6 ? TLSV6 : TLSV4; struct proto *prot =3D READ_ONCE(sk->sk_prot); =20 - if (ip_ver =3D=3D family) { + if (ip_ver =3D=3D family && proto =3D=3D protocol) { /* smp_load_acquire pairs with smp_store_release below */ if (unlikely(prot !=3D smp_load_acquire(&saved_prot))) { mutex_lock(prot_mutex); if (likely(prot !=3D saved_prot)) { - build_protos(tls_prots[family], prot); - build_proto_ops(tls_proto_ops[family], + build_protos(tls_prots[family][protocol], prot); + build_proto_ops(tls_proto_ops[family][protocol], sk->sk_socket->ops); /* pairs with smp_load_acquire above */ smp_store_release(&saved_prot, prot); @@ -995,10 +1009,14 @@ static void __tls_build_proto(struct sock *sk, static void tls_build_proto(struct sock *sk) { /* Build IPv6 TLS whenever the address of tcpv6 _prot changes */ + __tls_build_proto(sk, saved_mptcpv6_prot, &mptcpv6_prot_mutex, + TLSV6, TLSMPTCP); __tls_build_proto(sk, saved_tcpv6_prot, &tcpv6_prot_mutex, - TLSV6); + TLSV6, TLSTCP); + __tls_build_proto(sk, saved_mptcpv4_prot, &mptcpv4_prot_mutex, + TLSV4, TLSMPTCP); __tls_build_proto(sk, saved_tcpv4_prot, &tcpv4_prot_mutex, - TLSV4); + TLSV4, TLSTCP); } =20 static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG], --=20 2.53.0 From nobody Sun Jul 5 05:52:29 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8ACD63A257A; Mon, 22 Jun 2026 10:44:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125073; cv=none; b=Mr5SNKcfxgk1RVU3CmfYvVQfuUuirsFSNxrMiJG9ke1kotMlRggoQ+1rbKwrAywghV1+bm5JhNv91oqPO+JXirl9i/Ctzq+Ei0Ue5hPgXWX+dqW8fEFJqPDOkI2tTjOCIxWPIdnKr5cap7WR/QC5vGhWDN0nqFtvpw06pI8vBvk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125073; c=relaxed/simple; bh=23FfBzvwf6vtsX+bSKDkY+fTzHFGvyIE3g3cW17zKO4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Kdk16exAbd+2NdgN6GUI9U9BUa2I5WfXW9KcBpzisV1B9H6o0kROSX69GYT9wuNiq3nThhLdJSlQ0heIODIAi5yTIebD0oFSuv7VWXWLKqoS1NVvz5B7RLgQ4za93TUlxtW9N+lyXT2XavkPmkAArFVYKhr2g9v5r2ye0D2j/eI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=YGe9Etx6; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="YGe9Etx6" Received: by smtp.kernel.org (Postfix) with ESMTPSA id ACDD71F00A3A; Mon, 22 Jun 2026 10:44:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1782125072; bh=nx6CQtZhvOWCiVH7CrMligEOnt7OJLAqPhhVMvzVfxo=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=YGe9Etx61dt8m5ckWv9Xp9GSxVxWKxaL8poHaboZCZRwe1279nQB0XsVY5Orp1oi5 JbzYDSaAu64mMA2hgSp7LiSITPjG2b1KuEMuHmjtsfjlhWagikxtuh+w50vpabxVMy 5u1ekU9/8SCjTlTG/XU6DYgl/SdS2bk9/wte2XcneMs+JaXgvzrevE7Gbrm4EIgCQn 7Ki7QF03z8c7S093VSD90MkfPADumACZh9LlffduObFAkJ6DvsN+3uXfbMG8eXr7MD 7oUx2z/83cC3bsd34ouZweKzCMLBm4XMFOvTwRiUOfXoGIA+OMwS6mwcwJiDOZul3l slwFsuwHn5XaQ== From: Geliang Tang To: Matthieu Baerts , Mat Martineau , Geliang Tang , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Neal Cardwell , Kuniyuki Iwashima , John Fastabend , Sabrina Dubroca , Hannes Reinecke Cc: Geliang Tang , netdev@vger.kernel.org, mptcp@lists.linux.dev, Gang Yan , Zqiang Subject: [RFC net-next 04/17] mptcp: add sendmsg_locked to proto_ops Date: Mon, 22 Jun 2026 18:43:24 +0800 Message-ID: X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang MPTCP currently provides a standard sendmsg() implementation which acquires and releases the socket lock internally. However, certain upper layers (e.g., TLS) need to call the sendmsg method while the socket lock is already held. Split the existing mptcp_sendmsg() into mptcp_sendmsg_locked() which assumes the caller holds the socket lock, and a tiny wrapper mptcp_sendmsg() that acquires the lock and calls the locked version. Expose .sendmsg_locked in both mptcp_stream_ops and mptcp_v6_stream_ops. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Co-developed-by: Zqiang Signed-off-by: Zqiang Signed-off-by: Geliang Tang --- net/mptcp/protocol.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index a4f7e99b30db..7f0c560f6b7e 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -1967,7 +1967,7 @@ static void mptcp_rps_record_subflows(const struct mp= tcp_sock *msk) } } =20 -static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) +static int mptcp_sendmsg_locked(struct sock *sk, struct msghdr *msg, size_= t len) { struct mptcp_sock *msk =3D mptcp_sk(sk); struct page_frag *pfrag; @@ -1979,8 +1979,6 @@ static int mptcp_sendmsg(struct sock *sk, struct msgh= dr *msg, size_t len) msg->msg_flags &=3D MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL | MSG_FASTOPEN | MSG_EOR; =20 - lock_sock(sk); - mptcp_rps_record_subflows(msk); =20 if (unlikely(inet_test_bit(DEFER_CONNECT, sk) || @@ -2096,7 +2094,6 @@ static int mptcp_sendmsg(struct sock *sk, struct msgh= dr *msg, size_t len) } =20 out: - release_sock(sk); return copied; =20 do_error: @@ -2107,6 +2104,17 @@ static int mptcp_sendmsg(struct sock *sk, struct msg= hdr *msg, size_t len) goto out; } =20 +static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) +{ + int ret; + + lock_sock(sk); + ret =3D mptcp_sendmsg_locked(sk, msg, len); + release_sock(sk); + + return ret; +} + static void mptcp_rcv_space_adjust(struct mptcp_sock *msk, int copied); =20 static void mptcp_eat_recv_skb(struct sock *sk, struct sk_buff *skb) @@ -4703,6 +4711,7 @@ static const struct proto_ops mptcp_stream_ops =3D { .set_rcvlowat =3D mptcp_set_rcvlowat, .read_sock =3D mptcp_read_sock, .splice_read =3D mptcp_splice_read, + .sendmsg_locked =3D mptcp_sendmsg_locked, }; =20 static struct inet_protosw mptcp_protosw =3D { @@ -4815,6 +4824,7 @@ static const struct proto_ops mptcp_v6_stream_ops =3D= { .set_rcvlowat =3D mptcp_set_rcvlowat, .read_sock =3D mptcp_read_sock, .splice_read =3D mptcp_splice_read, + .sendmsg_locked =3D mptcp_sendmsg_locked, }; =20 static struct proto mptcp_v6_prot; --=20 2.53.0 From nobody Sun Jul 5 05:52:29 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2E0F63911AB; Mon, 22 Jun 2026 10:44:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125080; cv=none; b=Ie8YZPh1OmfUM2T4FrKUHSI9eOTkq4kfh5/Dog1hbHYxgu/npSn0lb7row9AObrIbiYELG3r8CfG67pW7jwYenNjTmpg4mjZqL163N2hUhhHS5iHobeNC3ibW8x7+70fEqCY3zW9ldwD7K0TjgoKpUNtYYDVhSX9GstauI8Dd5A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125080; c=relaxed/simple; bh=dCweXSwZahBhbS+UWwbV+PSu1HCL6L4nmJGA+iKmKKs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=LnbUqgvC8mx6djrn3tFrOacCN/tJ8BEuEVcua1FJcDHHDecuOmfcX33C4ByFPEhuQceA20SDig17m+7NF+ytSK5XbMcD99KxQWGAIYDc+1xHFAvmBYaVKAIaxK8wRfh0rAUYRyF+CXf73BlGb9C6dfwaohX/HkH9e2BHVCYi85I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=neDaCJBr; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="neDaCJBr" Received: by smtp.kernel.org (Postfix) with ESMTPSA id D050D1F000E9; Mon, 22 Jun 2026 10:44:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1782125078; bh=fehQSkc7VdP41HQ+w8t04mqwikH5bRxdEWNY0w+oBr8=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=neDaCJBr2HHQrsGjbCLOPT5GFadcZDyckUoQgaiI4nBxSd7Xq3DZUaExfVRON/vYH ZrtdqXZiAXTVYWsab1BDh82Lo5jFo+X+t4hBW/SMzlI/jCN/KoCJ2dxXCTVm1jasmY u2jMJul0kOLUI4gLJxqgK6yCC9pIpc9/3LxsXYtK8Auz7pfQAaFWPuX67ihjMAZB/a JIqDCla1NnWa7OxKjBBjm+ugfS6AV+qntfc47tRsugsjP258NvI9Y9A9GPf3hjUwFT EcLdn4JtQjg8VG9nU8yUEkvFE1eRXHcMfaWBHLsc3LfZ3jPzO1mdhBsocACy6kLj4Q OHVq9y51wsvew== From: Geliang Tang To: Matthieu Baerts , Mat Martineau , Geliang Tang , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Neal Cardwell , Kuniyuki Iwashima , John Fastabend , Sabrina Dubroca , Hannes Reinecke Cc: Geliang Tang , netdev@vger.kernel.org, mptcp@lists.linux.dev, Gang Yan , Zqiang Subject: [RFC net-next 05/17] tls: use sendmsg_locked from the underlying socket Date: Mon, 22 Jun 2026 18:43:25 +0800 Message-ID: X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang TLS offload (device and sw) may call tcp_sendmsg_locked() directly when pushing TLS records. This assumes the underlying socket is always a TCP socket. With MPTCP, the socket can be an MPTCP socket, which does not directly expose a sendmsg_locked method via its proto_ops. Replace the hard-coded tcp_sendmsg_locked() call with sk->sk_socket->ops->sendmsg_locked(). This enables TLS to work transparently over any socket that implements .sendmsg_locked, including MPTCP after the previous commit. The change is safe because both TCP and MPTCP now provide a conformant .sendmsg_locked implementation. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Co-developed-by: Zqiang Signed-off-by: Zqiang Signed-off-by: Geliang Tang --- net/tls/tls_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index 94133d62f73e..b6adfa67491b 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -205,7 +205,7 @@ int tls_push_sg(struct sock *sk, bvec_set_page(&bvec, p, size, offset); iov_iter_bvec(&msg.msg_iter, ITER_SOURCE, &bvec, 1, size); =20 - ret =3D tcp_sendmsg_locked(sk, &msg, size); + ret =3D sk->sk_socket->ops->sendmsg_locked(sk, &msg, size); =20 if (ret !=3D size) { if (ret > 0) { --=20 2.53.0 From nobody Sun Jul 5 05:52:29 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2F73439F19F; Mon, 22 Jun 2026 10:44:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125086; cv=none; b=b+fKtc+/d7hP1PYob61lIazUFZ9vPZjlVukUKMTKlJ1Ky42tFO0c5ZVSnBfe4K8dhRBI9/I/fVUuIQnOLRBWleKhl3okjRgAlBXgia70w6uJRkVI6XNmC02UU46jwUAyHI3EZ366Jh8CDQ2O0fIb8eSLLQwyDJ0gzCfdG5WM+Ao= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125086; c=relaxed/simple; bh=L8ALMhMzye9OWF9aqb4A63inTTgNPXkuLlL6kT5bjpg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=LoVJfgSlnSWZqo3DOe/P8B5Laoelxtb4ljRv1+sK+JCZ59rEHfV4uFXxAKaLVMDazqPJQ5VCBwpZTu5Dtbf3VAxH4Vhm6Ue2cIpqaUO/iRToBGZBujqJ0dvd0iDu3fdi8UahYJG3scE0xnP4ys9jRtQX7yC4lQ0RTr3YyHjd/wI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=kE+vJ55m; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="kE+vJ55m" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7BED21F00A3D; Mon, 22 Jun 2026 10:44:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1782125084; bh=KAZXrpf5DysoitoHYWCgK/fcW29jojMKSDLi2cg6A7Q=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=kE+vJ55mm34hSOd/hRlUr0IDQd8CBjlqLXim20N522Fj4GIt5CgfFyUMhFCHUCz/Y VvJl9uQFHZDXnPVrUI6zzmAzslmuwa2qRNTRzgmm+T9NlcMKRpSfiKpafEOJQXJ+Ae 4IxGDiDU/32DATLGx/2YFpMXqqzzHgNLgVBpslIJOXlSocPEJ7hyWcmWKq1agFnWF1 sPzkfOvVksFqf8KuDOawPTOzxE8exBQi2ZMmlGQz61eyZUpq9buaJR73tWHR9dRJNA HEAGjQXH3l1/1u+Oi0eG09vwEJxVJGz9nfqhyPcQcq0ROFw1cColAyG82HCA5X5EE4 NbW3rkAMnmNSA== From: Geliang Tang To: Matthieu Baerts , Mat Martineau , Geliang Tang , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Neal Cardwell , Kuniyuki Iwashima , John Fastabend , Sabrina Dubroca , Hannes Reinecke Cc: Geliang Tang , netdev@vger.kernel.org, mptcp@lists.linux.dev, Gang Yan , Zqiang Subject: [RFC net-next 06/17] mptcp: implement peek_len for proto_ops Date: Mon, 22 Jun 2026 18:43:26 +0800 Message-ID: <18c20e74da2323812ba3881ae0a5aa25ada3a8f3.1782123118.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang The TLS stack uses tcp_inq() to query the amount of data available in the receive queue without consuming it. For MPTCP sockets, this information is not directly available from a TCP subflow; it must be computed from the MPTCP receive queue and the current mapping. Introduce mptcp_peek_len() which returns the number of bytes that can be peeked from the MPTCP socket. It reuses the existing mptcp_inq() helper (used by ioctl SIOCINQ). The implementation considers the first skb in the receive queue, the current ack_seq, and handles the FIN case. Assign .peek_len in both mptcp_stream_ops and mptcp_v6_stream_ops so that upper layers (e.g., TLS) can obtain the correct in-queue byte count for an MPTCP connection. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Co-developed-by: Zqiang Signed-off-by: Zqiang Signed-off-by: Geliang Tang --- net/mptcp/protocol.c | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 7f0c560f6b7e..18c8b6c64c3f 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -4689,6 +4689,38 @@ static ssize_t mptcp_splice_read(struct socket *sock= , loff_t *ppos, return ret; } =20 +static int mptcp_inq(struct sock *sk) +{ + const struct mptcp_sock *msk =3D mptcp_sk(sk); + const struct sk_buff *skb; + + if ((1 << sk->sk_state) & (TCPF_SYN_SENT | TCPF_SYN_RECV)) + return 0; + + skb =3D skb_peek(&sk->sk_receive_queue); + if (skb) { + u64 answ =3D READ_ONCE(msk->ack_seq) - MPTCP_SKB_CB(skb)->map_seq; + + if (answ >=3D INT_MAX) + answ =3D INT_MAX; + + /* Subtract 1, if FIN was received */ + if (answ && + (sk->sk_state =3D=3D TCP_CLOSE || + (sk->sk_shutdown & RCV_SHUTDOWN))) + answ--; + + return (int)answ; + } + + return 0; +} + +static int mptcp_peek_len(struct socket *sock) +{ + return mptcp_inq(sock->sk); +} + static const struct proto_ops mptcp_stream_ops =3D { .family =3D PF_INET, .owner =3D THIS_MODULE, @@ -4712,6 +4744,7 @@ static const struct proto_ops mptcp_stream_ops =3D { .read_sock =3D mptcp_read_sock, .splice_read =3D mptcp_splice_read, .sendmsg_locked =3D mptcp_sendmsg_locked, + .peek_len =3D mptcp_peek_len, }; =20 static struct inet_protosw mptcp_protosw =3D { @@ -4825,6 +4858,7 @@ static const struct proto_ops mptcp_v6_stream_ops =3D= { .read_sock =3D mptcp_read_sock, .splice_read =3D mptcp_splice_read, .sendmsg_locked =3D mptcp_sendmsg_locked, + .peek_len =3D mptcp_peek_len, }; =20 static struct proto mptcp_v6_prot; --=20 2.53.0 From nobody Sun Jul 5 05:52:29 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5C44D396B79; Mon, 22 Jun 2026 10:44:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125091; cv=none; b=cdl+RoSmZwkQ38eWTRHwJoj6nQDXyPqL3DN6V96yqsBt+BkyZ2/fwWVg0v34+7wBrT4x8XebdJWfrL6cZfBrEpJYm7k80blaIznPVqUUcwWVpwnp44n7pAg2i0pI1rEzQOGw31TbQ49m9NJ/PWXYpZXz9i9gS16K3gxVXMfvQSA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125091; c=relaxed/simple; bh=uUAz00WkmvKE4Pw3KMgKRpIyOHXUaewfiwq3ELCxz6c=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=uXi5RSTHz17kh4WJfRiVg5+3CyFEE4JwhHXmdVlbl3MLgRb9j5K01X5qVdeEYanpagecX7mblakale9KcUL3/tJ1jrrAM3rw4XlDmusAQhVnQrGrjfo8Q6Ye0iQSyWKNhzAWwys0V9XW6/0tohJY+EHwLm8+iECpuh8f37Yiaj8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=jplHGzm+; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="jplHGzm+" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6D0851F000E9; Mon, 22 Jun 2026 10:44:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1782125090; bh=5U39BmXz5gXJhw1YQj428YGYFBW5iG5GsyNCDasB+xI=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=jplHGzm+Ngni6xtBTDItq7x30P7LqXB+nL20Thk4rnreYKLYZSytvca2QPwUnB0Lq /wdP5BaArDkf0ZlZi3Fup10+6Ig/vhTeZYTv4EzKUMFTPv0ORF6q77ueTw+ZYpRvga wLMq/kBeFuMDpJxHqUKP+gWxyMysygFx16zZ3FPJsPl6pTU+f4B9duUM7+eNV8KSd9 By3XjHnxRgH2bJQSPbsn91Ey1F4j5fYYRvjVf9UyJov7YiQFPzfto0NbnkHJa/qvx8 7RWIwdbHmXV82nj3OUHmpYgVykibvC74wcOeoSKE62OL8sgVYetxp3YRiwTbZcP8/y MgM0E869VLYMg== From: Geliang Tang To: Matthieu Baerts , Mat Martineau , Geliang Tang , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Neal Cardwell , Kuniyuki Iwashima , John Fastabend , Sabrina Dubroca , Hannes Reinecke Cc: Geliang Tang , netdev@vger.kernel.org, mptcp@lists.linux.dev, Gang Yan , Zqiang Subject: [RFC net-next 07/17] tls: replace tcp_inq with socket peek_len Date: Mon, 22 Jun 2026 18:43:27 +0800 Message-ID: <2c96084e62a7b48733443b70ca2e540bd095bf51.1782123118.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang TLS (device, strparser, and software) calls tcp_inq() directly to determine how much data is still pending in the socket receive queue. This breaks when the underlying socket is not TCP (e.g., MPTCP). Switch all occurrences of tcp_inq(sk) to sk->sk_socket->ops-> peek_len(sk->sk_socket). This operation is implemented for both TCP and MPTCP (after the previous commits), making TLS transparently usable over MPTCP connections. The change is straightforward: every place where TLS needed the available in-queue bytes now uses the protocol-specific peek_len method instead of assuming a TCP socket. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Co-developed-by: Zqiang Signed-off-by: Zqiang Signed-off-by: Geliang Tang --- net/tls/tls_device.c | 4 ++-- net/tls/tls_strp.c | 6 ++++-- net/tls/tls_sw.c | 4 +++- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c index 741aef09bfd3..c44a59d9d715 100644 --- a/net/tls/tls_device.c +++ b/net/tls/tls_device.c @@ -805,7 +805,7 @@ void tls_device_rx_resync_new_rec(struct sock *sk, u32 = rcd_len, u32 seq) /* head of next rec is already in, note that the sock_inq will * include the currently parsed message when called from parser */ - sock_data =3D tcp_inq(sk); + sock_data =3D sk->sk_socket->ops->peek_len(sk->sk_socket); if (sock_data > rcd_len) { trace_tls_device_rx_resync_nh_delay(sk, sock_data, rcd_len); @@ -864,7 +864,7 @@ static void tls_device_core_ctrl_rx_resync(struct tls_c= ontext *tls_ctx, rxm =3D strp_msg(skb); =20 /* head of next rec is already in, parser will sync for us */ - if (tcp_inq(sk) > rxm->full_len) { + if (sk->sk_socket->ops->peek_len(sk->sk_socket) > rxm->full_len) { trace_tls_device_rx_resync_nh_schedule(sk); ctx->resync_nh_do_now =3D 1; } else { diff --git a/net/tls/tls_strp.c b/net/tls/tls_strp.c index 61b10c697ecc..82a5b64b5f48 100644 --- a/net/tls/tls_strp.c +++ b/net/tls/tls_strp.c @@ -484,12 +484,14 @@ bool tls_strp_msg_load(struct tls_strparser *strp, bo= ol force_refresh) { struct strp_msg *rxm; struct tls_msg *tlm; + int inq; =20 DEBUG_NET_WARN_ON_ONCE(!strp->msg_ready); DEBUG_NET_WARN_ON_ONCE(!strp->stm.full_len); =20 if (!strp->copy_mode && force_refresh) { - if (unlikely(tcp_inq(strp->sk) < strp->stm.full_len)) { + inq =3D strp->sk->sk_socket->ops->peek_len(strp->sk->sk_socket); + if (unlikely(inq < strp->stm.full_len)) { WRITE_ONCE(strp->msg_ready, 0); strp->msg_announced =3D 0; memset(&strp->stm, 0, sizeof(strp->stm)); @@ -513,7 +515,7 @@ static int tls_strp_read_sock(struct tls_strparser *str= p) { int sz, inq; =20 - inq =3D tcp_inq(strp->sk); + inq =3D strp->sk->sk_socket->ops->peek_len(strp->sk->sk_socket); if (inq < 1) return 0; =20 diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 9324e4ed20a3..35fb0c3c965a 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -1706,12 +1706,14 @@ tls_read_flush_backlog(struct sock *sk, struct tls_= prot_info *prot, size_t *flushed_at) { size_t max_rec; + int inq; =20 if (len_left <=3D decrypted) return false; =20 + inq =3D sk->sk_socket->ops->peek_len(sk->sk_socket); max_rec =3D prot->overhead_size - prot->tail_size + TLS_MAX_PAYLOAD_SIZE; - if (done - *flushed_at < SZ_128K && tcp_inq(sk) > max_rec) + if (done - *flushed_at < SZ_128K && inq > max_rec) return false; =20 *flushed_at =3D done; --=20 2.53.0 From nobody Sun Jul 5 05:52:29 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 743013911AB; Mon, 22 Jun 2026 10:44:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125098; cv=none; b=G0D9h8qnsO+MubWDq8wW/93Ea9R/u8ewHbguQTrfRmXNY4lGdaOS1AER/bwtxdpiCjPtl86V/IPk+r+9VuvvlI5YQQJRWCbfuK+XIOI6ZYhCzqQ6e19TWx1pPY6JZyln0HyAzhCZcawNLX6Xy112hxM8vz0gmScD/tR5HWQN86Y= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125098; c=relaxed/simple; bh=8MUhb382d/R1PCu+tdHK8NlDjZwLDeCDY5OQYjc9EpU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=c0z8SaaZ4p6C1Kl3aFJEYBpmzA9p3HomS0ZN6kDeYY+e4cgg5DjPaq4zATuEMLnRzKprQWOcXADdCYNlkQ8IUszu5Jdpq/ywuH97nZvbVqFEt7PnoKOP2JidzNs4q9weIoTGcNkclpv7vmBAd4QyN6xX+AEKbaq9tpwA4um29W4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=P3Y1fIq9; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="P3Y1fIq9" Received: by smtp.kernel.org (Postfix) with ESMTPSA id BEB101F00A3D; Mon, 22 Jun 2026 10:44:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1782125097; bh=soDiR3RUZ9V+2GK/1ZPqifI1nKWagFi1KoWspkiO5mM=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=P3Y1fIq9rFsWLiEd2siAIKgxDJtDdPWZpuzTRLP3kYvv5R2cZ6ZKI79Ajm2fsZ4K/ HqF3vil6YGUuwgVFTuUGiBxbIUTZsq0qkZ6K29HY45Oqd4kSpTm2fppwVZw+MDp5Wo YESRoHvQVpgAQfw2ZRxvEIJl3Y5tH66c8MVtrHfmpbdbo/2DwTliVUldsJnfztQgG3 VjOnDtBGrekRrP8i47E6aNRvT5TNGguUXmzUECBpJMjNSHzXYwpJTPjZEy5qWz8d/F xuV6cjxUW7G4BmkdntHWlQ1v2ji1tbXaOxjd/kCG6OSOvobhfF0owgtaho5RMznG5m ZU+stnIZ37msg== From: Geliang Tang To: Matthieu Baerts , Mat Martineau , Geliang Tang , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Neal Cardwell , Kuniyuki Iwashima , John Fastabend , Sabrina Dubroca , Hannes Reinecke Cc: Geliang Tang , netdev@vger.kernel.org, mptcp@lists.linux.dev, Gang Yan , Zqiang Subject: [RFC net-next 08/17] tls: store original read_sock for non-tcp sockets Date: Mon, 22 Jun 2026 18:43:28 +0800 Message-ID: X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang TLS strparser uses tcp_read_sock() to copy data from the underlying socket. This assumes the socket is always TCP, which fails when TLS is used over MPTCP. Store the original socket's read_sock method (sk->sk_socket->ops-> read_sock) in a new .sk_read_sock callback inside struct tls_context. Then in tls_strp_read_copyin(), call this stored callback instead of the hard-coded tcp_read_sock(). With this change, TLS strparser works transparently over any socket that implements .read_sock (including MPTCP, which already provides mptcp_read_sock). Behavior for plain TCP remains unchanged. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Co-developed-by: Zqiang Signed-off-by: Zqiang Signed-off-by: Geliang Tang --- include/net/tls.h | 2 ++ net/tls/tls_main.c | 1 + net/tls/tls_strp.c | 3 ++- 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/include/net/tls.h b/include/net/tls.h index e57bef58851e..aee4f74dc3d9 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -262,6 +262,8 @@ struct tls_context { struct sock *sk; =20 void (*sk_destruct)(struct sock *sk); + int (*sk_read_sock)(struct sock *sk, read_descriptor_t *desc, + sk_read_actor_t recv_actor); =20 union tls_crypto_context crypto_send; union tls_crypto_context crypto_recv; diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index b6adfa67491b..c9499bfd7a1d 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -1086,6 +1086,7 @@ static int tls_init(struct sock *sk) ctx->tx_conf =3D TLS_BASE; ctx->rx_conf =3D TLS_BASE; ctx->tx_max_payload_len =3D TLS_MAX_PAYLOAD_SIZE; + ctx->sk_read_sock =3D sk->sk_socket->ops->read_sock; update_sk_prot(sk, ctx); out: write_unlock_bh(&sk->sk_callback_lock); diff --git a/net/tls/tls_strp.c b/net/tls/tls_strp.c index 82a5b64b5f48..9945d17b2f8c 100644 --- a/net/tls/tls_strp.c +++ b/net/tls/tls_strp.c @@ -375,6 +375,7 @@ static int tls_strp_copyin(read_descriptor_t *desc, str= uct sk_buff *in_skb, =20 static int tls_strp_read_copyin(struct tls_strparser *strp) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); read_descriptor_t desc; =20 desc.arg.data =3D strp; @@ -382,7 +383,7 @@ static int tls_strp_read_copyin(struct tls_strparser *s= trp) desc.count =3D 1; /* give more than one skb per call */ =20 /* sk should be locked here, so okay to do read_sock */ - tcp_read_sock(strp->sk, &desc, tls_strp_copyin); + ctx->sk_read_sock(strp->sk, &desc, tls_strp_copyin); =20 return desc.error; } --=20 2.53.0 From nobody Sun Jul 5 05:52:29 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6D63D36402A; Mon, 22 Jun 2026 10:45:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125104; cv=none; b=GwlDUqnBV3TfkeyPBnd0CiVje4LtW7EMwuiLSxmvAQVTsPTVFY3AkAxIIFhdJ+UKdAfCTgZqDRB8xcYUr9asKr4MHEpxGcHGj9yCg49WA3Xt6EsyE18tdu+E5Pa3jSCg9FtFLCdIi/IiQbN4SNlqjAceshUK5VFj6Gdx+GcYXoA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125104; c=relaxed/simple; bh=XFMs3iW8wVB7PHYBQMT4cKn8M02CMRfibowf/8LKbx4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=UXixAnc79HoTzN+jQDcD3BcX3n+bvrj/43shLrzO8fQ9iMwKkkQPCE2w++3Hx0B4h7lHV4lpU4njs7Pn4sbfd+AravjEhdEArTldg7H4toCqROSchgpXHKO8aevwRRw2RBmbTPtiXrTAga3old6ejgwChS2ctTbGZ945VGA+YUU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=hQFu9Ppz; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="hQFu9Ppz" Received: by smtp.kernel.org (Postfix) with ESMTPSA id B44241F000E9; Mon, 22 Jun 2026 10:44:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1782125103; bh=Blrcz2kDLGnJzXXbDekEWDQd2L26ysCgfs+yZXqDpU0=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=hQFu9Ppz9vmoxOf2novo44dagqMHXF8ihe8EHI4QhoRjinsl3mXOYMj79J9XO3XTc X1yHAcDhyvo2K9T2wjwvJyNyv+ViOGCNNLpnxWv+cc/s71uYO3tfKdQLp6BG2fr09z Mlb3sB93w18TEt8R5UPUq/oFYrpDtTY4tL1c9siUl/56H4prLrsWEMuuczQwy/Oo2x MlWii7B9PPG05dhut52LXsZ9xX3qET2hWGgryXjoO1Jck/UUHmDWDH0jt+jVzbFYsy dnwCKJKOYT0EVzl0w7SdEtdklzZbNckBgEU7pAX0CYQfhQPz3lcur6aqAaGlhyDnew kGBe2r2OmtiVw== From: Geliang Tang To: Matthieu Baerts , Mat Martineau , Geliang Tang , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Neal Cardwell , Kuniyuki Iwashima , John Fastabend , Sabrina Dubroca , Hannes Reinecke Cc: Geliang Tang , netdev@vger.kernel.org, mptcp@lists.linux.dev, Gang Yan , Zqiang Subject: [RFC net-next 09/17] tls: introduce tls protocol ops structure Date: Mon, 22 Jun 2026 18:43:29 +0800 Message-ID: X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang To extend MPTCP support based on TCP TLS, a tls_prot_ops structure has been introduced for TLS, encapsulating TCP-specific helpers within this structure. Add registering, validating and finding functions for this structure to add, validate and find a tls_prot_ops on the global list tls_prot_ops_list. Register TCP-specific structure tls_tcp_ops in tls_register(). Co-developed-by: Gang Yan Signed-off-by: Gang Yan Co-developed-by: Zqiang Signed-off-by: Zqiang Signed-off-by: Geliang Tang --- include/net/tls.h | 15 +++++++ net/tls/tls_main.c | 101 ++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 115 insertions(+), 1 deletion(-) diff --git a/include/net/tls.h b/include/net/tls.h index aee4f74dc3d9..500fe87b50d2 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -224,6 +224,21 @@ struct tls_prot_info { u16 tail_size; }; =20 +struct tls_prot_ops { + struct module *owner; + struct list_head list; + int protocol; + + struct sk_buff *(*recv_skb)(struct sock *sk, u32 *off); + bool (*lock_is_held)(struct sock *sk); + void (*read_done)(struct sock *sk, size_t len); + u32 (*get_skb_seq)(struct sk_buff *skb); + int (*skb_get_header)(const struct sk_buff *skb, int offset, + void *to, int len); + bool (*epollin_ready)(const struct sock *sk); + void (*check_app_limited)(struct sock *sk); +}; + struct tls_context { /* read-only cache line */ struct tls_prot_info prot_info; diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index c9499bfd7a1d..296d133fa61f 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -137,6 +137,8 @@ static struct proto_ops tls_proto_ops[TLS_NUM_FAMILY][TLS_NUM_PROTO][TLS_NUM_CONFIG][TLS_NUM_CONFI= G]; static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG], const struct proto *base); +static LIST_HEAD(tls_prot_ops_list); +static DEFINE_SPINLOCK(tls_prot_ops_lock); =20 static void update_sk_prot(struct sock *sk, struct tls_context *ctx) { @@ -1059,6 +1061,22 @@ static void build_protos(struct proto prot[TLS_NUM_C= ONFIG][TLS_NUM_CONFIG], #endif } =20 +static struct tls_prot_ops *tls_prot_ops_find(int protocol) +{ + struct tls_prot_ops *ops, *ret =3D NULL; + + rcu_read_lock(); + list_for_each_entry_rcu(ops, &tls_prot_ops_list, list) { + if (ops->protocol =3D=3D protocol) { + ret =3D ops; + break; + } + } + rcu_read_unlock(); + + return ret; +} + static int tls_init(struct sock *sk) { struct tls_context *ctx; @@ -1245,6 +1263,80 @@ static struct tcp_ulp_ops tcp_tls_ulp_ops __read_mos= tly =3D { .get_info_size =3D tls_get_info_size, }; =20 +static int tls_validate_prot_ops(const struct tls_prot_ops *ops) +{ + if (!ops->recv_skb || !ops->lock_is_held || + !ops->read_done || !ops->get_skb_seq || + !ops->skb_get_header || !ops->epollin_ready || + !ops->check_app_limited) { + pr_err("%d does not implement required ops\n", ops->protocol); + return -EINVAL; + } + + return 0; +} + +static int tls_register_prot_ops(struct tls_prot_ops *ops) +{ + int ret; + + ret =3D tls_validate_prot_ops(ops); + if (ret) + return ret; + + spin_lock_bh(&tls_prot_ops_lock); + if (tls_prot_ops_find(ops->protocol)) { + spin_unlock_bh(&tls_prot_ops_lock); + return -EEXIST; + } + + list_add_tail_rcu(&ops->list, &tls_prot_ops_list); + spin_unlock_bh(&tls_prot_ops_lock); + + pr_debug("tls_prot_ops %d registered\n", ops->protocol); + return 0; +} + +static void tls_unregister_prot_ops(struct tls_prot_ops *ops) +{ + spin_lock_bh(&tls_prot_ops_lock); + list_del_rcu(&ops->list); + spin_unlock_bh(&tls_prot_ops_lock); + synchronize_rcu(); +} + +static struct sk_buff *tls_tcp_recv_skb(struct sock *sk, u32 *off) +{ + return tcp_recv_skb(sk, tcp_sk(sk)->copied_seq, off); +} + +static bool tls_tcp_lock_is_held(struct sock *sk) +{ + return sock_owned_by_user_nocheck(sk); +} + +static u32 tls_tcp_get_skb_seq(struct sk_buff *skb) +{ + return TCP_SKB_CB(skb)->seq; +} + +static bool tls_tcp_epollin_ready(const struct sock *sk) +{ + return tcp_epollin_ready(sk, INT_MAX); +} + +static struct tls_prot_ops tls_tcp_ops =3D { + .owner =3D THIS_MODULE, + .protocol =3D IPPROTO_TCP, + .recv_skb =3D tls_tcp_recv_skb, + .lock_is_held =3D tls_tcp_lock_is_held, + .read_done =3D tcp_read_done, + .get_skb_seq =3D tls_tcp_get_skb_seq, + .skb_get_header =3D skb_copy_bits, + .epollin_ready =3D tls_tcp_epollin_ready, + .check_app_limited =3D tcp_rate_check_app_limited, +}; + static int __init tls_register(void) { int err; @@ -1257,13 +1349,19 @@ static int __init tls_register(void) if (err) goto err_pernet; =20 - err =3D tls_device_init(); + err =3D tls_register_prot_ops(&tls_tcp_ops); if (err) goto err_strp; =20 + err =3D tls_device_init(); + if (err) + goto err_ops; + tcp_register_ulp(&tcp_tls_ulp_ops); =20 return 0; +err_ops: + tls_unregister_prot_ops(&tls_tcp_ops); err_strp: tls_strp_dev_exit(); err_pernet: @@ -1274,6 +1372,7 @@ static int __init tls_register(void) static void __exit tls_unregister(void) { tcp_unregister_ulp(&tcp_tls_ulp_ops); + tls_unregister_prot_ops(&tls_tcp_ops); tls_strp_dev_exit(); tls_device_cleanup(); unregister_pernet_subsys(&tls_proc_ops); --=20 2.53.0 From nobody Sun Jul 5 05:52:29 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C5C10377EBC; Mon, 22 Jun 2026 10:45:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125111; cv=none; b=qvwLoh1F/NKEs1XOr1z31jIDuDQw6lpo/3ZUK3UPvjXNHiT3ybr3aA0QvsohfIOcO9tOaIqdFPnZqSWdmTwa7Ytj69MvjpN9ngEfJTZF6GeZRYcMwNF1Z4k4/YjSniixVfdfksC+ROGClwUPV0ShTmfIF8bYqVYerEkn1oae+Oc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125111; c=relaxed/simple; bh=BysBD/KiCO2kzwS8UjYAEXCaQLi08XyqkdzCcqQ9jiE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ZgdX1gczfq2I9eIVWryb00MYswbHbJfh1cRyEHv9X+NG1zXMVE6vtcyLmEqztitXWKmVTx0VXzIcuStJGTw7+l86u5DHQppqDJb8t0IumXWQQvwgmvG6XLySMCJmuKhfjF+Sh+ufXnbKE5Znn+jRblM8aXwhT3dcRgwF9xpyNLc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=CySggEjO; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="CySggEjO" Received: by smtp.kernel.org (Postfix) with ESMTPSA id F29711F00A3A; Mon, 22 Jun 2026 10:45:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1782125109; bh=+BNaWJI0mtv2ppA8Vy396ETUGmIt5K1VDkVdiNfbH3c=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=CySggEjONBlMs6WRAxjHZA2U3l+lE+FShbOeSkmOU7NiLgFCVPKoGwg/eBCgGlzRu k+SA+MlfoH1ukkPdSzCPUFdq8g2/lw8vfbx4hXpRQbq490p6VIX4aZWEaNkAIh0+7D MfL/CNBEGLpVSff3nanWWRe7RCtI/srAl1lzz4DJSDDAhWgBR78J77oGjzhO50UnuZ c3pjtvX7E0IvFM/B0jrzQgX7s32yyHOcREsYAVz4GkWf9TKfXM4ppDJYHDtD2Bn6D/ LGly8gwyh1zcFlZGT2g+d2G2QqrtqBahc9A+zc15lm6W2jahz6ZOmHBHSBwr4F9RZD UyE1el/mmjy7A== From: Geliang Tang To: Matthieu Baerts , Mat Martineau , Geliang Tang , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Neal Cardwell , Kuniyuki Iwashima , John Fastabend , Sabrina Dubroca , Hannes Reinecke Cc: Geliang Tang , netdev@vger.kernel.org, mptcp@lists.linux.dev, Gang Yan , Zqiang Subject: [RFC net-next 10/17] tls: use protocol ops via tls_context Date: Mon, 22 Jun 2026 18:43:30 +0800 Message-ID: <48b1e0873abc726e87c16f89c19f2f66f78864f1.1782123118.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang Currently, TLS code directly calls TCP-specific functions (e.g., tcp_rate_check_app_limited, tcp_read_done, tcp_epollin_ready, etc.) and accesses TCP-specific fields (e.g., TCP_SKB_CB(skb)->seq). This makes it hard to support other protocols like MPTCP. Introduce a struct tls_prot_ops pointer in tls_context, which is initialized during tls_init based on the socket protocol (TCP or MPTCP). All protocol-dependent operations are now invoked via this ops pointer, allowing each protocol to provide its own implementation. Also add proper module reference counting for the ops owner. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Co-developed-by: Zqiang Signed-off-by: Zqiang Signed-off-by: Geliang Tang --- include/net/tls.h | 2 ++ net/tls/tls_main.c | 15 ++++++++++++++- net/tls/tls_strp.c | 26 ++++++++++++++++++-------- net/tls/tls_sw.c | 6 ++++-- 4 files changed, 38 insertions(+), 11 deletions(-) diff --git a/include/net/tls.h b/include/net/tls.h index 500fe87b50d2..9270de42787b 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -280,6 +280,8 @@ struct tls_context { int (*sk_read_sock)(struct sock *sk, read_descriptor_t *desc, sk_read_actor_t recv_actor); =20 + const struct tls_prot_ops *ops; + union tls_crypto_context crypto_send; union tls_crypto_context crypto_recv; =20 diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index 296d133fa61f..b45890e75c9e 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -201,7 +201,7 @@ int tls_push_sg(struct sock *sk, ctx->splicing_pages =3D true; while (1) { /* is sending application-limited? */ - tcp_rate_check_app_limited(sk); + ctx->ops->check_app_limited(sk); p =3D sg_page(sg); retry: bvec_set_page(&bvec, p, size, offset); @@ -340,6 +340,11 @@ void tls_ctx_free(struct sock *sk, struct tls_context = *ctx) if (!ctx) return; =20 + if (ctx->ops) { + module_put(ctx->ops->owner); + ctx->ops =3D NULL; + } + memzero_explicit(&ctx->crypto_send, sizeof(ctx->crypto_send)); memzero_explicit(&ctx->crypto_recv, sizeof(ctx->crypto_recv)); mutex_destroy(&ctx->tx_lock); @@ -1079,6 +1084,7 @@ static struct tls_prot_ops *tls_prot_ops_find(int pro= tocol) =20 static int tls_init(struct sock *sk) { + struct tls_prot_ops *ops; struct tls_context *ctx; int rc =3D 0; =20 @@ -1101,10 +1107,17 @@ static int tls_init(struct sock *sk) goto out; } =20 + ops =3D tls_prot_ops_find(sk->sk_protocol); + if (!ops || !try_module_get(ops->owner)) { + rc =3D -EINVAL; + goto out; + } + ctx->tx_conf =3D TLS_BASE; ctx->rx_conf =3D TLS_BASE; ctx->tx_max_payload_len =3D TLS_MAX_PAYLOAD_SIZE; ctx->sk_read_sock =3D sk->sk_socket->ops->read_sock; + ctx->ops =3D ops; update_sk_prot(sk, ctx); out: write_unlock_bh(&sk->sk_callback_lock); diff --git a/net/tls/tls_strp.c b/net/tls/tls_strp.c index 9945d17b2f8c..48eb4b692f47 100644 --- a/net/tls/tls_strp.c +++ b/net/tls/tls_strp.c @@ -120,6 +120,7 @@ struct sk_buff *tls_strp_msg_detach(struct tls_sw_conte= xt_rx *ctx) int tls_strp_msg_cow(struct tls_sw_context_rx *ctx) { struct tls_strparser *strp =3D &ctx->strp; + struct tls_context *tls_ctx =3D tls_get_ctx(strp->sk); struct sk_buff *skb; =20 if (strp->copy_mode) @@ -132,7 +133,7 @@ int tls_strp_msg_cow(struct tls_sw_context_rx *ctx) tls_strp_anchor_free(strp); strp->anchor =3D skb; =20 - tcp_read_done(strp->sk, strp->stm.full_len); + tls_ctx->ops->read_done(strp->sk, strp->stm.full_len); strp->copy_mode =3D 1; =20 return 0; @@ -390,6 +391,7 @@ static int tls_strp_read_copyin(struct tls_strparser *s= trp) =20 static int tls_strp_read_copy(struct tls_strparser *strp, bool qshort) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); struct skb_shared_info *shinfo; struct page *page; int need_spc, len; @@ -398,7 +400,7 @@ static int tls_strp_read_copy(struct tls_strparser *str= p, bool qshort) * to read the data out. Otherwise the connection will stall. * Without pressure threshold of INT_MAX will never be ready. */ - if (likely(qshort && !tcp_epollin_ready(strp->sk, INT_MAX))) + if (likely(qshort && !ctx->ops->epollin_ready(strp->sk))) return 0; =20 shinfo =3D skb_shinfo(strp->anchor); @@ -434,12 +436,13 @@ static int tls_strp_read_copy(struct tls_strparser *s= trp, bool qshort) static bool tls_strp_check_queue_ok(struct tls_strparser *strp) { unsigned int len =3D strp->stm.offset + strp->stm.full_len; + struct tls_context *ctx =3D tls_get_ctx(strp->sk); struct sk_buff *first, *skb; u32 seq; =20 first =3D skb_shinfo(strp->anchor)->frag_list; skb =3D first; - seq =3D TCP_SKB_CB(first)->seq; + seq =3D ctx->ops->get_skb_seq(first); =20 /* Make sure there's no duplicate data in the queue, * and the decrypted status matches. @@ -449,7 +452,7 @@ static bool tls_strp_check_queue_ok(struct tls_strparse= r *strp) len -=3D skb->len; skb =3D skb->next; =20 - if (TCP_SKB_CB(skb)->seq !=3D seq) + if (ctx->ops->get_skb_seq(skb) !=3D seq) return false; if (skb_cmp_decrypted(first, skb)) return false; @@ -460,11 +463,11 @@ static bool tls_strp_check_queue_ok(struct tls_strpar= ser *strp) =20 static void tls_strp_load_anchor_with_queue(struct tls_strparser *strp, in= t len) { - struct tcp_sock *tp =3D tcp_sk(strp->sk); + struct tls_context *ctx =3D tls_get_ctx(strp->sk); struct sk_buff *first; u32 offset; =20 - first =3D tcp_recv_skb(strp->sk, tp->copied_seq, &offset); + first =3D ctx->ops->recv_skb(strp->sk, &offset); if (WARN_ON_ONCE(!first)) return; =20 @@ -565,6 +568,11 @@ void tls_strp_check_rcv(struct tls_strparser *strp, bo= ol announce) /* Lower sock lock held */ void tls_strp_data_ready(struct tls_strparser *strp) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); + + if (!ctx) + return; + /* This check is needed to synchronize with do_tls_strp_work. * do_tls_strp_work acquires a process lock (lock_sock) whereas * the lock held here is bh_lock_sock. The two locks can be @@ -572,7 +580,7 @@ void tls_strp_data_ready(struct tls_strparser *strp) * allows a thread in BH context to safely check if the process * lock is held. In this case, if the lock is held, queue work. */ - if (sock_owned_by_user_nocheck(strp->sk)) { + if (ctx->ops->lock_is_held(strp->sk)) { queue_work(tls_strp_wq, &strp->work); return; } @@ -597,10 +605,12 @@ static void tls_strp_work(struct work_struct *w) */ void tls_strp_msg_consume(struct tls_strparser *strp) { + struct tls_context *ctx =3D tls_get_ctx(strp->sk); + WARN_ON(!strp->stm.full_len); =20 if (likely(!strp->copy_mode)) - tcp_read_done(strp->sk, strp->stm.full_len); + ctx->ops->read_done(strp->sk, strp->stm.full_len); else tls_strp_flush_anchor_copy(strp); =20 diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 35fb0c3c965a..71ab9763b1ed 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -2171,7 +2171,8 @@ int tls_rx_msg_size(struct tls_strparser *strp, struc= t sk_buff *skb) } =20 /* Linearize header to local buffer */ - ret =3D skb_copy_bits(skb, strp->stm.offset, header, prot->prepend_size); + ret =3D tls_ctx->ops->skb_get_header(skb, strp->stm.offset, header, + prot->prepend_size); if (ret < 0) goto read_failure; =20 @@ -2202,7 +2203,8 @@ int tls_rx_msg_size(struct tls_strparser *strp, struc= t sk_buff *skb) } =20 tls_device_rx_resync_new_rec(strp->sk, data_len + TLS_HEADER_SIZE, - TCP_SKB_CB(skb)->seq + strp->stm.offset); + tls_ctx->ops->get_skb_seq(skb) + + strp->stm.offset); return data_len + TLS_HEADER_SIZE; =20 read_failure: --=20 2.53.0 From nobody Sun Jul 5 05:52:29 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5249A29DB9A; Mon, 22 Jun 2026 10:45:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125117; cv=none; b=Y/lOpIC/JyIeg3hj6lHYgNMBp+damIKkHDY0t9j2dvz9QlRlCogPwrdCgQt7qWMABVobKwUO/H5z+7jnybB0vZd7UqAfXjGwmt0nMSdlCjA9xuVLm2xkiQWRcEoEbVvvXLZwZgPM/cJv0YxEmuj6H6W3ZTHauczZX2b5uitwQvk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125117; c=relaxed/simple; bh=Tr4oW7UO0sW/fQVPPy0YeoSrDki/XK4SVSEqmGO2sUM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=p81DINzXdYwDhnk7mZqZIhjRQETrQ72jxnkYblBebwR63pOIHTz4LSPFNlMblmcfs4IFhWKJguKOnuGeNsUQaL17lTwTm54l29IGelSXlPzjRpGwSy1O++jv4ksn+sxTq4iDq7f2PxOOEG40VzE/ol+A1jeqXfbVfzRj1d6DPhw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=iBnP2/gy; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="iBnP2/gy" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 50E201F00A3D; Mon, 22 Jun 2026 10:45:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1782125116; bh=3bBqNZaZV2OEMX+X5K6tu2Jo8UwlRKjp7hC3OW6PrVU=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=iBnP2/gyXY7PXgc62No3bnpCdLP8wv2BFAJhAMQjvtbHTZuI8krG3fQaXJ2SM0ikg usenvIfRfEjJE7MuVo34hChVPsBeVQl9UpnWpg8A0bFsh7MtSk0bYbPj/FarzG3/PZ KgVNsUjmECUlvl0o31jR060S8FD7lFqXKWoTipnaiD2XAE7AupUV4ME+t78GvYjBP6 5K8MEG38Udrekgnf4Ubi/4qvMhjLrBTJ8ko+oR1vTNmJVIcXqDes7HfkL78Z7WtDND VWcuSpa6l3qvr6lETY5mEXbbKKaks9nKyKUaidAgDqvxkCpyThpcTeb+zrPGu1QvMQ NFPcJVNWCMy3A== From: Geliang Tang To: Matthieu Baerts , Mat Martineau , Geliang Tang , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Neal Cardwell , Kuniyuki Iwashima , John Fastabend , Sabrina Dubroca , Hannes Reinecke Cc: Geliang Tang , netdev@vger.kernel.org, mptcp@lists.linux.dev, Gang Yan , Zqiang Subject: [RFC net-next 11/17] mptcp: implement mptcp-specific tls protocol ops Date: Mon, 22 Jun 2026 18:43:31 +0800 Message-ID: <447fc4384ba0d4b0f78c452239dbb3e87e021578.1782123118.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang This patch implements the MPTCP-specific struct tls_prot_ops, named 'tls_mptcp_ops'. Passing an MPTCP socket to tcp_sock_rate_check_app_limited() can trigger a crash. Here, an MPTCP version of check_app_limited() is implemented, which calls tcp_sock_rate_check_app_limited() for each subflow. When MPTCP implements lock_is_held interface, it not only checks sock_owned_by_user_nocheck(sk) as TCP does, but also needs to check whether the MPTCP data lock is held. This is required because TLS may call lock_is_held from softirq context with bh_lock_sock held. Checking both conditions ensures TLS always defers to workqueue when the MPTCP data lock is held, avoiding deadlock. Implement mptcp_skb_get_header() to handle fragmented MPTCP skbs when copying TLS record headers. In tls_strp_read_sock(), tls_strp_load_anchor_with_queue() first attaches the skbs from TCP/MPTCP to the frag_list of strp->anchor. In TCP, this is fine because the skb data is contiguous; however, in MPTCP, each skb has its own offset, causing the data to be non-contiguous. As a result, during the subsequent tls_rx_msg_size() process, skb_copy_bits() may access across skbs. In MPTCP, the offset of the second skb is ignored, leading to data access errors. Therefore, mptcp_skb_get_header() can effectively handle this problem and obtain the correct TLS header. In the later process, tls_strp_check_queue_ok() handles the copy_mode scenario. When an MPTCP skb has a non-zero offset, it falls back to copy_mode, copying the valid data from each skb one by one into anchor->frag_list, thus resolving the offset issue. Hence, the impact of the offset within the TLS module is completely eliminated. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Co-developed-by: Zqiang Signed-off-by: Zqiang Signed-off-by: Geliang Tang --- include/net/mptcp.h | 2 + include/net/tcp.h | 1 + net/ipv4/tcp.c | 9 +++- net/mptcp/protocol.c | 113 +++++++++++++++++++++++++++++++++++++++++++ net/mptcp/protocol.h | 1 + net/tls/tls_main.c | 13 +++++ 6 files changed, 137 insertions(+), 2 deletions(-) diff --git a/include/net/mptcp.h b/include/net/mptcp.h index 333bde2a0b76..ba2257986b13 100644 --- a/include/net/mptcp.h +++ b/include/net/mptcp.h @@ -132,6 +132,8 @@ struct mptcp_pm_ops { void (*release)(struct mptcp_sock *msk); } ____cacheline_aligned_in_smp; =20 +extern struct tls_prot_ops tls_mptcp_ops; + #ifdef CONFIG_MPTCP void mptcp_init(void); =20 diff --git a/include/net/tcp.h b/include/net/tcp.h index 6d376ea4d1c0..ac823492d3e4 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -849,6 +849,7 @@ static inline int tcp_bound_to_half_wnd(struct tcp_sock= *tp, int pktsize) =20 /* tcp.c */ void tcp_get_info(struct sock *, struct tcp_info *); +void tcp_sock_rate_check_app_limited(struct tcp_sock *tp); void tcp_rate_check_app_limited(struct sock *sk); =20 /* Read 'sendfile()'-style from a TCP socket */ diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index b427f924608c..b875be6ae5bc 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -1096,9 +1096,9 @@ int tcp_sendmsg_fastopen(struct sock *sk, struct msgh= dr *msg, int *copied, } =20 /* If a gap is detected between sends, mark the socket application-limited= . */ -void tcp_rate_check_app_limited(struct sock *sk) +void tcp_sock_rate_check_app_limited(struct tcp_sock *tp) { - struct tcp_sock *tp =3D tcp_sk(sk); + struct sock *sk =3D (struct sock *)tp; =20 if (/* We have less than one packet to send. */ tp->write_seq - tp->snd_nxt < tp->mss_cache && @@ -1111,6 +1111,11 @@ void tcp_rate_check_app_limited(struct sock *sk) tp->app_limited =3D (tp->delivered + tcp_packets_in_flight(tp)) ? : 1; } + +void tcp_rate_check_app_limited(struct sock *sk) +{ + tcp_sock_rate_check_app_limited(tcp_sk(sk)); +} EXPORT_SYMBOL_GPL(tcp_rate_check_app_limited); =20 int tcp_sendmsg_locked(struct sock *sk, struct msghdr *msg, size_t size) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 18c8b6c64c3f..f4cd7a6e5770 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -24,6 +24,7 @@ #include #include #include +#include #include #include "protocol.h" #include "mib.h" @@ -4894,3 +4895,115 @@ int __init mptcp_proto_v6_init(void) return err; } #endif + +static bool mptcp_lock_is_held(struct sock *sk) +{ + return sock_owned_by_user_nocheck(sk) || + mptcp_data_is_locked(sk); +} + +static void mptcp_read_done(struct sock *sk, size_t len) +{ + struct mptcp_sock *msk =3D mptcp_sk(sk); + struct sk_buff *skb; + size_t left; + u32 offset; + + msk_owned_by_me(msk); + + if (sk->sk_state =3D=3D TCP_LISTEN) + return; + + left =3D len; + while (left && (skb =3D mptcp_recv_skb(sk, &offset)) !=3D NULL) { + int used; + + used =3D min_t(size_t, skb->len - offset, left); + msk->bytes_consumed +=3D used; + MPTCP_SKB_CB(skb)->offset +=3D used; + MPTCP_SKB_CB(skb)->map_seq +=3D used; + left -=3D used; + + if (skb->len > offset + used) + break; + + mptcp_eat_recv_skb(sk, skb); + } + + mptcp_rcv_space_adjust(msk, len - left); + + /* Clean up data we have read: This will do ACK frames. */ + if (left !=3D len) + mptcp_cleanup_rbuf(msk, len - left); +} + +static u32 mptcp_get_skb_seq(struct sk_buff *skb) +{ + return MPTCP_SKB_CB(skb)->map_seq - MPTCP_SKB_CB(skb)->offset; +} + +static int mptcp_skb_get_header(const struct sk_buff *skb, int off, + void *buf, int len) +{ + const struct sk_buff *iter =3D skb_shinfo(skb)->frag_list; + int copied =3D 0; + int ret =3D 0; + + if (!iter) + return skb_copy_bits(skb, off, buf, len); + + /* Make absolute to positive */ + off -=3D MPTCP_SKB_CB(iter)->offset; + + while (iter && copied < len) { + int skb_off =3D MPTCP_SKB_CB(iter)->offset; + int data_len =3D iter->len - skb_off; + int count; + + if (off >=3D data_len) { + off -=3D data_len; /* MPTCP skb avail data */ + iter =3D iter->next; + continue; + } + + count =3D min((int)(data_len - off), len - copied); + ret =3D skb_copy_bits(iter, skb_off + off, buf + copied, count); + if (ret) + break; + copied +=3D count; + off =3D 0; + iter =3D iter->next; + } + + if (copied < len && !ret) + ret =3D -EFAULT; + return ret; +} + +static void mptcp_check_app_limited(struct sock *sk) +{ + struct mptcp_sock *msk =3D mptcp_sk(sk); + struct mptcp_subflow_context *subflow; + + mptcp_for_each_subflow(msk, subflow) { + struct sock *ssk =3D mptcp_subflow_tcp_sock(subflow); + bool slow; + + slow =3D lock_sock_fast(ssk); + tcp_sock_rate_check_app_limited(tcp_sk(ssk)); + unlock_sock_fast(ssk, slow); + } +} + +struct tls_prot_ops tls_mptcp_ops =3D { + .owner =3D THIS_MODULE, + .protocol =3D IPPROTO_MPTCP, + .recv_skb =3D mptcp_recv_skb, + .lock_is_held =3D mptcp_lock_is_held, + .read_done =3D mptcp_read_done, + .get_skb_seq =3D mptcp_get_skb_seq, + .skb_get_header =3D mptcp_skb_get_header, + .epollin_ready =3D mptcp_epollin_ready, + .check_app_limited =3D mptcp_check_app_limited, +}; +EXPORT_SYMBOL(tls_mptcp_ops); diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index da40c6f3705f..6dea626348d9 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -380,6 +380,7 @@ struct mptcp_sock { =20 #define mptcp_data_lock(sk) spin_lock_bh(&(sk)->sk_lock.slock) #define mptcp_data_unlock(sk) spin_unlock_bh(&(sk)->sk_lock.slock) +#define mptcp_data_is_locked(sk) spin_is_locked(&(sk)->sk_lock.slock) =20 #define mptcp_for_each_subflow(__msk, __subflow) \ list_for_each_entry(__subflow, &((__msk)->conn_list), node) diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index b45890e75c9e..170ccbb9d36d 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -1366,6 +1366,12 @@ static int __init tls_register(void) if (err) goto err_strp; =20 +#ifdef CONFIG_MPTCP + err =3D tls_register_prot_ops(&tls_mptcp_ops); + if (err) + goto err_tcp; +#endif + err =3D tls_device_init(); if (err) goto err_ops; @@ -1374,6 +1380,10 @@ static int __init tls_register(void) =20 return 0; err_ops: +#ifdef CONFIG_MPTCP + tls_unregister_prot_ops(&tls_mptcp_ops); +err_tcp: +#endif tls_unregister_prot_ops(&tls_tcp_ops); err_strp: tls_strp_dev_exit(); @@ -1385,6 +1395,9 @@ static int __init tls_register(void) static void __exit tls_unregister(void) { tcp_unregister_ulp(&tcp_tls_ulp_ops); +#ifdef CONFIG_MPTCP + tls_unregister_prot_ops(&tls_mptcp_ops); +#endif tls_unregister_prot_ops(&tls_tcp_ops); tls_strp_dev_exit(); tls_device_cleanup(); --=20 2.53.0 From nobody Sun Jul 5 05:52:29 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7513222425B; Mon, 22 Jun 2026 10:45:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125123; cv=none; b=kHMN/p7Ydj9wVmzUpxZlRe1sVufT7ZoJelDU3agPSuthIQ2SQ2P7H5WaIJJgTEoVzXvvkV2PZKNyOCLw1CZiud1X5zenTPfumOpaX0XAYEFMx/1guR32j3sS4pFvfdzRIvMdv3zifslXrza1w074se61EMis8/NRgF5GV6ODtIs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125123; c=relaxed/simple; bh=N/6VknjjXpbN1MD/FqnHTdAkw9Tm/5ZBaUYYE2rQ+nA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=YTTz4SS6Yem6UhwiNU3RCx2ccwnSQRd3ew2TLhO11B8G5W9PBNpJHtRvlQjr+DnTq7SLTCT09nYxxCDj9XHGvHIUFdYJbD8WbuhzWt0FCYMEI18JMQaXjL5bFqKlmKduJiyrozZE3YmG3MM0cs9SJGzkK0n3P6VKrpOFX4Otj+s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=O26V+GNv; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="O26V+GNv" Received: by smtp.kernel.org (Postfix) with ESMTPSA id A8B4A1F00A3A; Mon, 22 Jun 2026 10:45:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1782125122; bh=3nAMPLkbHtZkUggX5mvXpgfHri8dhjwekxzXl9N1Kro=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=O26V+GNvu+PIgRGPM32bn7o4/c2iFMNS4z7TvamYqFbZihAaJmEmi+Rvgy+bi+V5s b8APqHraU69Dl+lJBCjGCclv9JVF6WHf8YleaUWYOHe58YeZFTbmGk3M5NuhqBml1o xdiWLIaknxSMbqDjigFDKNCq/CQSEC4MObc29DyoErQ4TvMLoDdc6oWlrNhdpmBtsz 8SkpMEZHeDYalk+Do/00cmGYGF7ERt2IUIchZSeSEItS1lhJjd3R63bk/D6f1sISyI gaOFkEUhu4IHn9n1IIuTnHCiIkNCm+SP9UPSqlcWT4Yh/WJiWwcKU6UwwbkgcvxBNi 5z/gprzQhPQmw== From: Geliang Tang To: Matthieu Baerts , Mat Martineau , Geliang Tang , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Neal Cardwell , Kuniyuki Iwashima , John Fastabend , Sabrina Dubroca , Hannes Reinecke Cc: Geliang Tang , netdev@vger.kernel.org, mptcp@lists.linux.dev, Gang Yan , Zqiang Subject: [RFC net-next 12/17] tls: add mptcp support for sk_poll Date: Mon, 22 Jun 2026 18:43:32 +0800 Message-ID: <57bd0d017b79b2dd63ae71ed071dc946a00b63a2.1782123118.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang The tls_sk_poll() function currently uses tcp_poll() unconditionally to obtain the base poll mask, which works only for TCP. This prevents TLS over MPTCP from working correctly with poll(). Make the poll function protocol-aware by selecting the appropriate poll function based on sk->sk_protocol. For TCP it calls tcp_poll(), for MPTCP it calls mptcp_poll() (guarded by CONFIG_MPTCP). Any other protocol returns 0. Also export mptcp_poll() symbol so that the TLS module can use it. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Co-developed-by: Zqiang Signed-off-by: Zqiang Signed-off-by: Geliang Tang --- include/net/mptcp.h | 9 +++++++++ net/mptcp/protocol.c | 5 +++-- net/tls/tls_main.c | 17 ++++++++++++++++- 3 files changed, 28 insertions(+), 3 deletions(-) diff --git a/include/net/mptcp.h b/include/net/mptcp.h index ba2257986b13..b0a172c38891 100644 --- a/include/net/mptcp.h +++ b/include/net/mptcp.h @@ -239,6 +239,9 @@ static inline __be32 mptcp_reset_option(const struct sk= _buff *skb) } =20 void mptcp_active_detect_blackhole(struct sock *sk, bool expired); + +__poll_t mptcp_poll(struct file *file, struct socket *sock, + struct poll_table_struct *wait); #else =20 static inline void mptcp_init(void) @@ -316,6 +319,12 @@ static inline struct request_sock *mptcp_subflow_reqsk= _alloc(const struct reques static inline __be32 mptcp_reset_option(const struct sk_buff *skb) { retu= rn htonl(0u); } =20 static inline void mptcp_active_detect_blackhole(struct sock *sk, bool exp= ired) { } + +static inline __poll_t mptcp_poll(struct file *file, struct socket *sock, + struct poll_table_struct *wait) +{ + return 0; +} #endif /* CONFIG_MPTCP */ =20 #if IS_ENABLED(CONFIG_MPTCP_IPV6) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index f4cd7a6e5770..169bd468f212 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -4446,8 +4446,8 @@ static __poll_t mptcp_check_writeable(struct mptcp_so= ck *msk) return 0; } =20 -static __poll_t mptcp_poll(struct file *file, struct socket *sock, - struct poll_table_struct *wait) +__poll_t mptcp_poll(struct file *file, struct socket *sock, + struct poll_table_struct *wait) { struct sock *sk =3D sock->sk; struct mptcp_sock *msk; @@ -4494,6 +4494,7 @@ static __poll_t mptcp_poll(struct file *file, struct = socket *sock, =20 return mask; } +EXPORT_SYMBOL_GPL(mptcp_poll); =20 static struct sk_buff *mptcp_recv_skb(struct sock *sk, u32 *off) { diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index 170ccbb9d36d..fa9fda3480da 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -416,6 +416,21 @@ static void tls_sk_proto_close(struct sock *sk, long t= imeout) tls_ctx_free(sk, ctx); } =20 +static __poll_t tls_proto_poll(struct file *file, struct socket *sock, + struct poll_table_struct *wait) +{ + switch (sock->sk->sk_protocol) { + case IPPROTO_TCP: + return tcp_poll(file, sock, wait); +#ifdef CONFIG_MPTCP + case IPPROTO_MPTCP: + return mptcp_poll(file, sock, wait); +#endif + default: + return 0; + } +} + static __poll_t tls_sk_poll(struct file *file, struct socket *sock, struct poll_table_struct *wait) { @@ -426,7 +441,7 @@ static __poll_t tls_sk_poll(struct file *file, struct s= ocket *sock, u8 shutdown; int state; =20 - mask =3D tcp_poll(file, sock, wait); + mask =3D tls_proto_poll(file, sock, wait); =20 state =3D inet_sk_state_load(sk); shutdown =3D READ_ONCE(sk->sk_shutdown); --=20 2.53.0 From nobody Sun Jul 5 05:52:29 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B383D288C08; Mon, 22 Jun 2026 10:45:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125129; cv=none; b=a6WvPZPBhqHTgjFLQN0ghC+qpnUl5hBCYURCff/LKprkzpazIzC/9a2MdZG/ZfTejmwgg7AJJYjwCViKvo3LK0oa7s/Acd0o2vteFgPNhWnmCNCKKrG7fLuTVrzUsHChBM47a+mPJUqPIQNCrcb8QkN7/20AWasnFOlmOxoOfuA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125129; c=relaxed/simple; bh=+EDQjqw/VgpJAoh5blkvsxy93vUaO1Qxy6iOVtA96p0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=pgi3BuTN2UMX4If+pmrp6TydHl3ZGxtK0WT30NY5Bxo+pSClalpqUavXzBVryuKZHgcGIFqMyhMLzygveGGnTxiroYprnATovguZo2mEvbdl8w/gFPyi2tkuYwc3V42ENzevn+HpvgvO57TPMM5AMw3jsohZsJVvW1W9N8HXh0A= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Vw/mEO6X; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Vw/mEO6X" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 076961F000E9; Mon, 22 Jun 2026 10:45:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1782125128; bh=g9X9BHQkTTlvnervJXfft5QAn1V/XvkEgw0/jLS2oR8=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=Vw/mEO6XwF2FN1+aR2Z6GOSkordwceH4hi1dWKggd54yVXDEDmNVPKYlwhZtGVF8Y wGKxcutQsT5YRFjDkCsGqTr566FRLbwTu9/Ipi8Ryx8jt4Q7yRTzw3tZQY1OVDF/ug JEjFZ/W3xNVz8biWzV2lZCFoGkoa1OTmf0f0MR3FT3YQ2Q5BigNL8WW0nUu5B6aB1K Ai69oXJwXrc/XJRgN0Ak6Rv5Hhxt690N0+aPFKSb+mDnuLlB55XPUkdQRrnHF1I20W YuAyhr4HoZtMsmeLBMQ5ogtSj1E2WNtNEmzltjZAPUSS33pVcbM64awolaWAWR01Mm r8ANLPW0unmTQ== From: Geliang Tang To: Matthieu Baerts , Mat Martineau , Geliang Tang , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Neal Cardwell , Kuniyuki Iwashima , John Fastabend , Sabrina Dubroca , Hannes Reinecke Cc: Geliang Tang , netdev@vger.kernel.org, mptcp@lists.linux.dev, Gang Yan , Zqiang Subject: [RFC net-next 13/17] tls: disable device offload for mptcp sockets Date: Mon, 22 Jun 2026 18:43:33 +0800 Message-ID: <8f0f4a336e0348f2169b55703950d3c6a9297589.1782123118.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang MPTCP TLS hardware offload is not yet implemented. Return -EOPNOTSUPP when attempting to enable device offload on MPTCP sockets. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Co-developed-by: Zqiang Signed-off-by: Zqiang Signed-off-by: Geliang Tang --- net/tls/tls_device.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c index c44a59d9d715..e535edc23d0d 100644 --- a/net/tls/tls_device.c +++ b/net/tls/tls_device.c @@ -1074,6 +1074,9 @@ int tls_set_device_offload(struct sock *sk) ctx =3D tls_get_ctx(sk); prot =3D &ctx->prot_info; =20 + if (sk->sk_protocol =3D=3D IPPROTO_MPTCP) + return -EOPNOTSUPP; + if (ctx->priv_ctx_tx) return -EEXIST; =20 @@ -1196,6 +1199,9 @@ int tls_set_device_offload_rx(struct sock *sk, struct= tls_context *ctx) struct net_device *netdev; int rc =3D 0; =20 + if (sk->sk_protocol =3D=3D IPPROTO_MPTCP) + return -EOPNOTSUPP; + if (ctx->crypto_recv.info.version !=3D TLS_1_2_VERSION) return -EOPNOTSUPP; =20 --=20 2.53.0 From nobody Sun Jul 5 05:52:29 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0A99F2D8DB5; Mon, 22 Jun 2026 10:45:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125135; cv=none; b=mDLf8GD06tvpsjbtw6DFNfZ3tEoC5mcMipQPNjwmu5WXpVITOV6Uw96Q8okIYMWG9RDNUs5eXK8QQetQT94/L48AUU2v4GjyXq3g4v7hHgtkEec4tG7PnhetTo0mA7chgvsF76bMYyw6RdE0EwSxLGgutxD77trmGgcde3xx7+c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125135; c=relaxed/simple; bh=8k7S1qfboZqmvpZVsqXkg/GjIOlb4FxWgv/vzSg8CwM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=T6vZYJ0S8tWB0YSeqEtGaTdS3FJPFYFYBBJSskUQfVY4LZlCg/gnpnNgDXpKWZqFdoFJiYaNskN1IS+XYGNAASX+BN295MB4oRAgtFtsiheYHUoUrspL6Sxn8rfv5jx03I0c1JshhKpEVP5u+n5oaY3bW++753ei28vMi8cIHvQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ojBEFTuC; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ojBEFTuC" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 11AD61F00A3A; Mon, 22 Jun 2026 10:45:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1782125133; bh=+oXU5BQE83lpg+FNcsdULE1a0aNl+zX11pMLBsZsNw8=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=ojBEFTuCs0C8luxJ9zMTqGVG2OrkYkQtD5cmR4G1ZS+PfPL/Sy1zLqpCGm5jrxbtP KVjehGuS/OID4dA3zcrgt+qtcJ3A81nyxewSZCUPB4nF3YsD37/JqMqyNj7iwKHYbY AM1Q/66iaUAf/+ZfC5vmkmb/sW/MjcwTrguMeqymMvQPdMGaGjCCZ8mo5lRg0nmhau YZQD7G7iRpvUPcUxcInoBJ+IMBpChyL2bti19q8xddG4J1CalttOCyz8Me/cMs1BhT S7DLdbIxFAXr46sc+69WIB6cjKMiIqKp4BajjrBWsQfj5wv4hT1TWJ3ZlArJqP1O66 q1G75BAu0pV4w== From: Geliang Tang To: Matthieu Baerts , Mat Martineau , Geliang Tang , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Neal Cardwell , Kuniyuki Iwashima , John Fastabend , Sabrina Dubroca , Hannes Reinecke Cc: Gang Yan , netdev@vger.kernel.org, mptcp@lists.linux.dev Subject: [RFC net-next 14/17] mptcp: update mptcp_check_readable helper Date: Mon, 22 Jun 2026 18:43:34 +0800 Message-ID: <981719194baddbe01429181a35456042d84d20c6.1782123118.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Gang Yan This patch makes mptcp_check_readable() aligned with TCP, and renames it to mptcp_stream_is_readable(). It will be used in the case of KTLS, because 'prot' will be modified, tls_sw_sock_is_readable() is expected to be called from prot->sock_is_readable(). Co-developed-by: Geliang Tang Signed-off-by: Geliang Tang Signed-off-by: Gang Yan --- net/mptcp/protocol.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 169bd468f212..4951b1dd013b 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3410,9 +3410,11 @@ void __mptcp_unaccepted_force_close(struct sock *sk) __mptcp_destroy_sock(sk); } =20 -static __poll_t mptcp_check_readable(struct sock *sk) +static bool mptcp_stream_is_readable(struct sock *sk) { - return mptcp_epollin_ready(sk) ? EPOLLIN | EPOLLRDNORM : 0; + if (mptcp_epollin_ready(sk)) + return true; + return sk_is_readable(sk); } =20 static void mptcp_check_listen_stop(struct sock *sk) @@ -4476,7 +4478,8 @@ __poll_t mptcp_poll(struct file *file, struct socket = *sock, mask |=3D EPOLLIN | EPOLLRDNORM | EPOLLRDHUP; =20 if (state !=3D TCP_SYN_SENT && state !=3D TCP_SYN_RECV) { - mask |=3D mptcp_check_readable(sk); + if (mptcp_stream_is_readable(sk)) + mask |=3D EPOLLIN | EPOLLRDNORM; if (shutdown & SEND_SHUTDOWN) mask |=3D EPOLLOUT | EPOLLWRNORM; else --=20 2.53.0 From nobody Sun Jul 5 05:52:29 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 43E7B3368BF; Mon, 22 Jun 2026 10:45:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125142; cv=none; b=SNoRQz2ta0r2zGBFj8jN5+JRgHU1089nAehfqvWrEidB+XzkGyEnS9dCGOOcq8lmvkmJra5gEy840ME4r6yjjMAo2knAndIO82sCvJttVZac67RehhONPOgaS1K0jQxKL3rqNI1T4SLXY4QC3cZqKbVmfD8sMsfJfQ1it/HqQWE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125142; c=relaxed/simple; bh=YMYEcO6oWg+5g8/K28JKn6LZ68JiT37LhT5mos5KUC0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Bms3C7sR4XItQiDcAA/lRHcANpLyOjxDLFJS8v+6jqqaKRc/F/ACq1ObcuhZKJBUJkhsFr9HOOCgZOYzp1h3BSLDVxRtDaAatkupvF+rNVMUjj191GVg4Q3oDlX5JYOneOLQgANUqG5Kq9ICmyswx3u6UyJOpE2kvAGAa+Gi7oY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Qy0iPQLh; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Qy0iPQLh" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 92AB81F00A3D; Mon, 22 Jun 2026 10:45:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1782125140; bh=HZ9KoAvey7IIJ0YGel+JomLuMp7h8EIw7jUe5wLKSgs=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=Qy0iPQLhVf5A8ZZMnTFKFwpkdvTD++vdhkXK/rNXr2j9EDD4T5PmhhQfLKxGC8qNA IyFYdZINbZff+uxKFtiWiWnSWgOnH5QXELTnwcWvkd/2FdIlFPU/zxFf73HsVPowWX ILqvqwQhbfL8IGC1zc4nJXVjh8HJlHJspD107ddEG3tPOKkMvM72S1CBgnDuhebqI2 o8Fl5fC9a08W82An0HhXmdw1/eskVyHu0kC9t3A7oEkN2jF5oP7Wi4BZDvIduwKvmE hm96OESwaqo0aSYwOl0LK0eJFgfplqYsOyVAv8eHQGB8xVB/uKtKL5kNgr4j41T+9M OqLbo7nrmyIGQ== From: Geliang Tang To: Matthieu Baerts , Mat Martineau , Geliang Tang , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Neal Cardwell , Kuniyuki Iwashima , John Fastabend , Sabrina Dubroca , Hannes Reinecke Cc: Geliang Tang , netdev@vger.kernel.org, mptcp@lists.linux.dev, Gang Yan , Zqiang Subject: [RFC net-next 15/17] mptcp: implement ulp getsockopt for tls support Date: Mon, 22 Jun 2026 18:43:35 +0800 Message-ID: <753868a3ae0050d21457d8d3e86e39081c92a6b5.1782123118.git.tanggeliang@kylinos.cn> X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang Add mptcp_getsockopt_tcp_ulp() to handle TCP_ULP getsockopt on MPTCP sockets. The helper reads the user length once, checks for negative value, takes the socket lock, caps the length to TCP_ULP_NAME_MAX, and copies the ULP name (or sets the length to zero if no ULP is attached) to userspace. The lock ensures safe access to icsk->icsk_ulp_ops. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Co-developed-by: Zqiang Signed-off-by: Zqiang Signed-off-by: Geliang Tang --- net/mptcp/sockopt.c | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/net/mptcp/sockopt.c b/net/mptcp/sockopt.c index fcf6feb2a9eb..cc45491cd3b2 100644 --- a/net/mptcp/sockopt.c +++ b/net/mptcp/sockopt.c @@ -1408,6 +1408,39 @@ static int mptcp_put_int_option(struct mptcp_sock *m= sk, char __user *optval, return 0; } =20 +static int mptcp_getsockopt_tcp_ulp(struct sock *sk, + char __user *optval, + int __user *optlen) +{ + struct inet_connection_sock *icsk =3D inet_csk(sk); + int ret =3D 0, len; + + if (copy_from_sockptr(&len, USER_SOCKPTR(optlen), sizeof(int))) + return -EFAULT; + + if (len < 0) + return -EINVAL; + + lock_sock(sk); + len =3D min_t(unsigned int, len, TCP_ULP_NAME_MAX); + if (!icsk->icsk_ulp_ops) { + len =3D 0; + if (copy_to_sockptr(USER_SOCKPTR(optlen), &len, sizeof(int))) + ret =3D -EFAULT; + goto out; + } + if (copy_to_sockptr(USER_SOCKPTR(optlen), &len, sizeof(int))) { + ret =3D -EFAULT; + goto out; + } + if (copy_to_sockptr(USER_SOCKPTR(optval), icsk->icsk_ulp_ops->name, + len)) + ret =3D -EFAULT; +out: + release_sock(sk); + return ret; +} + static int mptcp_getsockopt_sol_tcp(struct mptcp_sock *msk, int optname, char __user *optval, int __user *optlen) { @@ -1415,6 +1448,7 @@ static int mptcp_getsockopt_sol_tcp(struct mptcp_sock= *msk, int optname, =20 switch (optname) { case TCP_ULP: + return mptcp_getsockopt_tcp_ulp(sk, optval, optlen); case TCP_CONGESTION: case TCP_INFO: case TCP_CC_INFO: --=20 2.53.0 From nobody Sun Jul 5 05:52:29 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A26AA2D73B8; Mon, 22 Jun 2026 10:45:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125148; cv=none; b=nFcm8FTmLLBvxQFcWwpdOEuUqz9IYBdrh6QEJi7Q9zVRTe1GpMxP9s+6p4K9rquLysIxsge4mybzycJKQYPTYS6J7iNDaVZZ13HETQCAiH2ai3PAh15AVzGl2DmMmyV1g+MlFcLduE5lt1V9UlnNT9kBmvTTIAl+3C1cgcZ8gtg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125148; c=relaxed/simple; bh=Ppf3B4eK8Z291M3r119oZ3z9khVovqK9p20tSRCRCrI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=VCYvjGMrCWEsvrsr1WyA7qmNm2xtH+5r3SxiQV9oZjA+OMvqOBlFcdxMQmNsvD72FbwfT8HcP45O5SsWO/cLiYspjcaZwSB7GjxpnFjb1bmouJJdQJUz9eyz1eRxlZ1+/s/TKvGhlCzV+ZOW9Qk+51HTkYqQIgfnMfD6/Wf9PZc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=DZtUuAhp; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="DZtUuAhp" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 90D2E1F00A3A; Mon, 22 Jun 2026 10:45:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1782125147; bh=BozqsLI47skNl6XWMuoFxFP9hiH/FqoBjWoEhhi3bao=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=DZtUuAhpCewxpwSCOHdSxEwRCAVI1pqPEPmA2hJrEuKdIU3+/yvz7YOl/pLZQe3Ts 0jt2Ol9olKoZw1v+32KTam6TsN/7n+ZFkyXBwQIRIO0nEmoNyifyb9h0LkXybMhvSO PpvQhxlX2qJE/YOKJj5ro684am7Wx9ZhFjFhWBePr8L8idRhI5dFAZHeD66CSn1QKZ +Zfb7WvRy1vfLcBWzPUIjaMdQ4ojR3FrQMXQBA6qFeC686Ab/ZF3zum7hpiHt1E0Ak UQ+cvIBk4t8LhbzyBp6aaTb7Uq80nfk7mXCZnXNhqhu1uqBFYCpGlaA8rPofvRMQqa 0Y8lILEXlG0vQ== From: Geliang Tang To: Matthieu Baerts , Mat Martineau , Geliang Tang , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Neal Cardwell , Kuniyuki Iwashima , John Fastabend , Sabrina Dubroca , Hannes Reinecke Cc: Geliang Tang , netdev@vger.kernel.org, mptcp@lists.linux.dev, Gang Yan , Zqiang Subject: [RFC net-next 16/17] mptcp: implement ulp setsockopt for tls support Date: Mon, 22 Jun 2026 18:43:36 +0800 Message-ID: X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang Allow MPTCP sockets to set the TCP_ULP socket option to enable TLS. Add mptcp_setsockopt_tcp_ulp() which validates the socket state (must not be CLOSE or LISTEN), only accepts "tls" as the ULP name, and then calls tcp_set_ulp(). Include TCP_ULP in the list of supported options in supported_sockopt(), and handle it in setsockopt_sol_tcp() instead of returning -EOPNOTSUPP. Call tcp_cleanup_ulp() in mptcp_destroy_common() to release ULP module's reference count. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Co-developed-by: Zqiang Signed-off-by: Zqiang Signed-off-by: Geliang Tang --- net/mptcp/protocol.c | 1 + net/mptcp/sockopt.c | 34 +++++++++++++++++++++++++++++++++- 2 files changed, 34 insertions(+), 1 deletion(-) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 4951b1dd013b..a13acee67688 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3765,6 +3765,7 @@ static void mptcp_destroy(struct sock *sk) /* allow the following to close even the initial subflow */ msk->free_first =3D 1; mptcp_destroy_common(msk); + tcp_cleanup_ulp(sk); sk_sockets_allocated_dec(sk); } =20 diff --git a/net/mptcp/sockopt.c b/net/mptcp/sockopt.c index cc45491cd3b2..eeb348336195 100644 --- a/net/mptcp/sockopt.c +++ b/net/mptcp/sockopt.c @@ -577,6 +577,7 @@ static bool mptcp_supported_sockopt(int level, int optn= ame) case TCP_FASTOPEN_CONNECT: case TCP_FASTOPEN_KEY: case TCP_FASTOPEN_NO_COOKIE: + case TCP_ULP: return true; } =20 @@ -830,6 +831,37 @@ static int mptcp_setsockopt_all_sf(struct mptcp_sock *= msk, int level, return ret; } =20 +static int mptcp_setsockopt_tcp_ulp(struct sock *sk, sockptr_t optval, + unsigned int optlen) +{ + char name[TCP_ULP_NAME_MAX]; + int err =3D 0; + size_t len; + int val; + + if (optlen < 1) + return -EINVAL; + + len =3D min_t(long, TCP_ULP_NAME_MAX - 1, optlen); + val =3D strncpy_from_sockptr(name, optval, len); + if (val < 0) + return -EFAULT; + name[val] =3D 0; + + if (strcmp(name, "tls")) + return -EOPNOTSUPP; + + sockopt_lock_sock(sk); + if ((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN)) { + err =3D -ENOTCONN; + goto out; + } + err =3D tcp_set_ulp(sk, name); +out: + sockopt_release_sock(sk); + return err; +} + static int mptcp_setsockopt_sol_tcp(struct mptcp_sock *msk, int optname, sockptr_t optval, unsigned int optlen) { @@ -838,7 +870,7 @@ static int mptcp_setsockopt_sol_tcp(struct mptcp_sock *= msk, int optname, =20 switch (optname) { case TCP_ULP: - return -EOPNOTSUPP; + return mptcp_setsockopt_tcp_ulp(sk, optval, optlen); case TCP_CONGESTION: return mptcp_setsockopt_sol_tcp_congestion(msk, optval, optlen); case TCP_DEFER_ACCEPT: --=20 2.53.0 From nobody Sun Jul 5 05:52:29 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6287225A2DD; Mon, 22 Jun 2026 10:45:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125154; cv=none; b=c9vzCcAjkClOyLYnr0MxUEKmK4SZ25ihf/KUGTlAOXEOxPjAww3Y06B4uZTNwsmElQ0KKmzMPm6jvHj/Q3uByCbVbvNvduRbmuT8fUemrhbiBDYx9dneoKyXVOND/zHXeAfPER3vF9oaNHipysUkTQTPS5xr/eM/ifbedeQnVw0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782125154; c=relaxed/simple; bh=VNvrtxoaG5emAwKov6TZiEf5xy1ZkFNWlEUcXAj737A=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=rptcXUL5FPbajmk051Xq/AzafAND9li+hEYMo/CM2km79JNczhmvMTFLNIugjeNWKxQ+Tcj9BOo5amZ0ljegB1/nmX2YGWOhNga0AIM2pUhjkq/5fwPA+Iz2lNMsotNH/aazqHSZGIevy2hKnqgSztmWQj0tr/aN27ufvMtm+Lg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=iMyAkRTT; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="iMyAkRTT" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 03C2D1F000E9; Mon, 22 Jun 2026 10:45:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1782125153; bh=YtkPB6i0OvwV1lSTcqmCxooTBK1I0ZwQwnbBpJV8564=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=iMyAkRTT0g6B+mY3jolDy6vdeFQNrpJ1Y3QrG8k5PwlMTjcN+qHIF9iM80NOLHlmY DInkHYlF8O2bnciY0LFKHSQ1PHMuMIx6QgHo92TXN99Gck+CDMpZbZ1goEzFUmFaR/ rJl1vVYfq2II8S78Jhn+wyVNq2otuPq+n6m+HxGjznf2maF0vRk8/lZLapb0nf+Civ BITyJS7pKSQWeORWGaP4YoMm2peErFpYG5RuN2KpUKUHoepY95n9uzp0X00lFc5epL d56XJ9IFGb2zh4l5JzharQrXnAU1y+KoiUX6rTNRgm1/9Lv/NrAgBvyAyZUKUYbedN beXtbuUQ0w9+w== From: Geliang Tang To: Matthieu Baerts , Mat Martineau , Geliang Tang , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Neal Cardwell , Kuniyuki Iwashima , John Fastabend , Sabrina Dubroca , Hannes Reinecke Cc: Geliang Tang , netdev@vger.kernel.org, mptcp@lists.linux.dev, Gang Yan , Zqiang Subject: [RFC net-next 17/17] selftests: mptcp: connect: use espintcp for ulp test Date: Mon, 22 Jun 2026 18:43:37 +0800 Message-ID: X-Mailer: git-send-email 2.53.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Geliang Tang With KTLS being implemented, "tls" should no longer be used in sock_test_tcpulp(), it breaks mptcp_connect.sh tests. Another ULP name, "espintcp", is set instead in this patch. Co-developed-by: Gang Yan Signed-off-by: Gang Yan Co-developed-by: Zqiang Signed-off-by: Zqiang Signed-off-by: Geliang Tang --- tools/testing/selftests/net/mptcp/config | 4 ++++ tools/testing/selftests/net/mptcp/mptcp_connect.c | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/net/mptcp/config b/tools/testing/selft= ests/net/mptcp/config index 59051ee2a986..f48bd5183fb3 100644 --- a/tools/testing/selftests/net/mptcp/config +++ b/tools/testing/selftests/net/mptcp/config @@ -34,3 +34,7 @@ CONFIG_NFT_SOCKET=3Dm CONFIG_NFT_TPROXY=3Dm CONFIG_SYN_COOKIES=3Dy CONFIG_VETH=3Dy +CONFIG_INET_ESP=3Dy +CONFIG_INET_ESPINTCP=3Dy +CONFIG_INET6_ESP=3Dy +CONFIG_INET6_ESPINTCP=3Dy diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.c b/tools/test= ing/selftests/net/mptcp/mptcp_connect.c index cbe573c4ab3a..299a7a02d6f5 100644 --- a/tools/testing/selftests/net/mptcp/mptcp_connect.c +++ b/tools/testing/selftests/net/mptcp/mptcp_connect.c @@ -285,11 +285,11 @@ static void sock_test_tcpulp(int sock, int proto, uns= igned int line) if (buflen > 0) { if (strcmp(buf, "mptcp") !=3D 0) xerror("unexpected ULP '%s' for proto %d at line %u", buf, proto, line); - ret =3D do_ulp_so(sock, "tls"); + ret =3D do_ulp_so(sock, "espintcp"); if (ret =3D=3D 0) X("setsockopt"); } else if (proto =3D=3D IPPROTO_MPTCP) { - ret =3D do_ulp_so(sock, "tls"); + ret =3D do_ulp_so(sock, "espintcp"); if (ret !=3D -1) X("setsockopt"); } --=20 2.53.0