From nobody Mon Jan 26 01:47:19 2026
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id EAD41366DC9
	for <mptcp@lists.linux.dev>; Tue, 13 Jan 2026 06:13:49 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1768284830; cv=none;
 b=Os8uwLakbfXJ6SKsbVHHK1XgHlwpihkz9zxiDm6H0r02m9xDPQxBsQjkp2nsjrHC9+Y+MblTJgje+S9Bnh3qoG9xW7hSdMFHT4/fndC88vvd9J+RkxTuR2DDAOd71euF1HwRpge7jd3RXw/XjOiEZujQ9/93Plf6IXHSNbou2Ww=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1768284830; c=relaxed/simple;
	bh=QjeZw2kk+Ri3K4OoZQ3Mh4pSr0JxHolCF//nRuXD1v4=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=n3DnIDrmIVX/IO5j2eO2uGnmd18Q5ppx6jlQmv4x/AMAAzPyFay766Pa3a/8V1m8E6E8Y7ZXoUx+/W0Ey7MkqbXojgmu45DnoJ1WQVEGYQ1ORetnCLWrN8gXStJoDDTSRndoAewDxe8GUb8ZggYu9+o2hnkJDCRzA1gizvPMeB4=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=UOJB6xPO; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="UOJB6xPO"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 81D8DC116C6;
	Tue, 13 Jan 2026 06:13:48 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1768284829;
	bh=QjeZw2kk+Ri3K4OoZQ3Mh4pSr0JxHolCF//nRuXD1v4=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=UOJB6xPOmcJqbUsNQibJu6N5ONK2z0kJCGLdHNTHWlw/D7UuPc7OwVU6BJBW6cfAo
	 BLEyg3XP6e6Y6LsZQBUHmzTNiHgoVjlhCeDBHhCME8wa+20Vva09G9ICQY+IiymX6c
	 exd/nFiVJ5tU2ntDJbZPyHTXJokAk+IAAYGIqtbdQWYk5VIxs/xa2rw5X+K4gpiSgT
	 vOHGPljvv+lgGMzg4Wb4rkP99YisTMs2MQ4AYVO7uyTSOqGmo9QtlrNtsei0q+QVYo
	 JctSv6qPdFRRg9z5MLUxkZEp8mhT68R/ZP3gWTr06Rf4lbHTnMjTOqbSOcS7ZnEYHk
	 VKCYcdTIq6hTQ==
From: Geliang Tang <geliang@kernel.org>
To: mptcp@lists.linux.dev
Cc: Geliang Tang <tanggeliang@kylinos.cn>,
	Gang Yan <yangang@kylinos.cn>
Subject: [RFC mptcp-next v7 3/9] tls: add ops in tls_context
Date: Tue, 13 Jan 2026 14:13:29 +0800
Message-ID: 
 <fb0063c3108c611d32860d4cbae63674aa187986.1768284047.git.tanggeliang@kylinos.cn>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <cover.1768284047.git.tanggeliang@kylinos.cn>
References: <cover.1768284047.git.tanggeliang@kylinos.cn>
Precedence: bulk
X-Mailing-List: mptcp@lists.linux.dev
List-Id: <mptcp.lists.linux.dev>
List-Subscribe: <mailto:mptcp+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:mptcp+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Geliang Tang <tanggeliang@kylinos.cn>

A pointer to struct tls_prot_ops, named 'ops', has been added to struct
tls_context. The places originally calling TLS-specific helpers have now
been modified to indirectly invoke them via 'ops' pointer in tls_context.

In do_tls_setsockopt_conf(), ctx->ops is assigned either 'tls_mptcp_ops'
or 'tls_tcp_ops' based on the socket protocol.

Co-developed-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Gang Yan <yangang@kylinos.cn>
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
---
 include/net/tls.h  |  1 +
 net/tls/tls_main.c | 15 +++++++++++----
 net/tls/tls_strp.c | 28 +++++++++++++++++++---------
 net/tls/tls_sw.c   |  5 +++--
 4 files changed, 34 insertions(+), 15 deletions(-)

diff --git a/include/net/tls.h b/include/net/tls.h
index 5f730fb6e801..d9b2a8d2a25b 100644
--- a/include/net/tls.h
+++ b/include/net/tls.h
@@ -276,6 +276,7 @@ struct tls_context {
 	struct sock *sk;
=20
 	void (*sk_destruct)(struct sock *sk);
+	const struct tls_prot_ops *ops;
=20
 	union tls_crypto_context crypto_send;
 	union tls_crypto_context crypto_recv;
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index 525f0641d3d0..e8bb745029e4 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -206,13 +206,13 @@ int tls_push_sg(struct sock *sk,
 	ctx->splicing_pages =3D true;
 	while (1) {
 		/* is sending application-limited? */
-		tcp_rate_check_app_limited(sk);
+		ctx->ops->check_app_limited(sk);
 		p =3D sg_page(sg);
 retry:
 		bvec_set_page(&bvec, p, size, offset);
 		iov_iter_bvec(&msg.msg_iter, ITER_SOURCE, &bvec, 1, size);
=20
-		ret =3D tcp_sendmsg_locked(sk, &msg, size);
+		ret =3D ctx->ops->sendmsg_locked(sk, &msg, size);
=20
 		if (ret !=3D size) {
 			if (ret > 0) {
@@ -427,14 +427,14 @@ static __poll_t tls_sk_poll(struct file *file, struct=
 socket *sock,
 	u8 shutdown;
 	int state;
=20
-	mask =3D tcp_poll(file, sock, wait);
+	tls_ctx =3D tls_get_ctx(sk);
+	mask =3D tls_ctx->ops->poll(file, sock, wait);
=20
 	state =3D inet_sk_state_load(sk);
 	shutdown =3D READ_ONCE(sk->sk_shutdown);
 	if (unlikely(state !=3D TCP_ESTABLISHED || shutdown & RCV_SHUTDOWN))
 		return mask;
=20
-	tls_ctx =3D tls_get_ctx(sk);
 	ctx =3D tls_sw_ctx_rx(tls_ctx);
 	psock =3D sk_psock_get(sk);
=20
@@ -1094,6 +1094,13 @@ static int tls_init(struct sock *sk)
 	ctx->tx_conf =3D TLS_BASE;
 	ctx->rx_conf =3D TLS_BASE;
 	ctx->tx_max_payload_len =3D TLS_MAX_PAYLOAD_SIZE;
+	spin_lock(&tls_prot_ops_lock);
+	ctx->ops =3D tls_prot_ops_find(sk->sk_protocol);
+	spin_unlock(&tls_prot_ops_lock);
+	if (!ctx->ops) {
+		rc =3D -EINVAL;
+		goto out;
+	}
 	update_sk_prot(sk, ctx);
 out:
 	write_unlock_bh(&sk->sk_callback_lock);
diff --git a/net/tls/tls_strp.c b/net/tls/tls_strp.c
index 98e12f0ff57e..f3d5c4325683 100644
--- a/net/tls/tls_strp.c
+++ b/net/tls/tls_strp.c
@@ -120,6 +120,7 @@ struct sk_buff *tls_strp_msg_detach(struct tls_sw_conte=
xt_rx *ctx)
 int tls_strp_msg_cow(struct tls_sw_context_rx *ctx)
 {
 	struct tls_strparser *strp =3D &ctx->strp;
+	struct tls_context *tls_ctx;
 	struct sk_buff *skb;
=20
 	if (strp->copy_mode)
@@ -132,7 +133,8 @@ int tls_strp_msg_cow(struct tls_sw_context_rx *ctx)
 	tls_strp_anchor_free(strp);
 	strp->anchor =3D skb;
=20
-	tcp_read_done(strp->sk, strp->stm.full_len);
+	tls_ctx =3D tls_get_ctx(strp->sk);
+	tls_ctx->ops->read_done(strp->sk, strp->stm.full_len);
 	strp->copy_mode =3D 1;
=20
 	return 0;
@@ -376,6 +378,7 @@ static int tls_strp_copyin(read_descriptor_t *desc, str=
uct sk_buff *in_skb,
=20
 static int tls_strp_read_copyin(struct tls_strparser *strp)
 {
+	struct tls_context *ctx =3D tls_get_ctx(strp->sk);
 	read_descriptor_t desc;
=20
 	desc.arg.data =3D strp;
@@ -383,13 +386,14 @@ static int tls_strp_read_copyin(struct tls_strparser =
*strp)
 	desc.count =3D 1; /* give more than one skb per call */
=20
 	/* sk should be locked here, so okay to do read_sock */
-	tcp_read_sock(strp->sk, &desc, tls_strp_copyin);
+	ctx->ops->read_sock(strp->sk, &desc, tls_strp_copyin);
=20
 	return desc.error;
 }
=20
 static int tls_strp_read_copy(struct tls_strparser *strp, bool qshort)
 {
+	struct tls_context *ctx =3D tls_get_ctx(strp->sk);
 	struct skb_shared_info *shinfo;
 	struct page *page;
 	int need_spc, len;
@@ -398,7 +402,7 @@ static int tls_strp_read_copy(struct tls_strparser *str=
p, bool qshort)
 	 * to read the data out. Otherwise the connection will stall.
 	 * Without pressure threshold of INT_MAX will never be ready.
 	 */
-	if (likely(qshort && !tcp_epollin_ready(strp->sk, INT_MAX)))
+	if (likely(qshort && !ctx->ops->epollin_ready(strp->sk, INT_MAX)))
 		return 0;
=20
 	shinfo =3D skb_shinfo(strp->anchor);
@@ -434,12 +438,13 @@ static int tls_strp_read_copy(struct tls_strparser *s=
trp, bool qshort)
 static bool tls_strp_check_queue_ok(struct tls_strparser *strp)
 {
 	unsigned int len =3D strp->stm.offset + strp->stm.full_len;
+	struct tls_context *ctx =3D tls_get_ctx(strp->sk);
 	struct sk_buff *first, *skb;
 	u32 seq;
=20
 	first =3D skb_shinfo(strp->anchor)->frag_list;
 	skb =3D first;
-	seq =3D TCP_SKB_CB(first)->seq;
+	seq =3D ctx->ops->get_skb_seq(first);
=20
 	/* Make sure there's no duplicate data in the queue,
 	 * and the decrypted status matches.
@@ -449,7 +454,7 @@ static bool tls_strp_check_queue_ok(struct tls_strparse=
r *strp)
 		len -=3D skb->len;
 		skb =3D skb->next;
=20
-		if (TCP_SKB_CB(skb)->seq !=3D seq)
+		if (ctx->ops->get_skb_seq(skb) !=3D seq)
 			return false;
 		if (skb_cmp_decrypted(first, skb))
 			return false;
@@ -460,11 +465,12 @@ static bool tls_strp_check_queue_ok(struct tls_strpar=
ser *strp)
=20
 static void tls_strp_load_anchor_with_queue(struct tls_strparser *strp, in=
t len)
 {
+	struct tls_context *ctx =3D tls_get_ctx(strp->sk);
 	struct tcp_sock *tp =3D tcp_sk(strp->sk);
 	struct sk_buff *first;
 	u32 offset;
=20
-	first =3D tcp_recv_skb(strp->sk, tp->copied_seq, &offset);
+	first =3D ctx->ops->recv_skb(strp->sk, tp->copied_seq, &offset);
 	if (WARN_ON_ONCE(!first))
 		return;
=20
@@ -483,6 +489,7 @@ static void tls_strp_load_anchor_with_queue(struct tls_=
strparser *strp, int len)
=20
 bool tls_strp_msg_load(struct tls_strparser *strp, bool force_refresh)
 {
+	struct tls_context *ctx =3D tls_get_ctx(strp->sk);
 	struct strp_msg *rxm;
 	struct tls_msg *tlm;
=20
@@ -490,7 +497,7 @@ bool tls_strp_msg_load(struct tls_strparser *strp, bool=
 force_refresh)
 	DEBUG_NET_WARN_ON_ONCE(!strp->stm.full_len);
=20
 	if (!strp->copy_mode && force_refresh) {
-		if (unlikely(tcp_inq(strp->sk) < strp->stm.full_len)) {
+		if (unlikely(ctx->ops->inq(strp->sk) < strp->stm.full_len)) {
 			WRITE_ONCE(strp->msg_ready, 0);
 			memset(&strp->stm, 0, sizeof(strp->stm));
 			return false;
@@ -511,9 +518,10 @@ bool tls_strp_msg_load(struct tls_strparser *strp, boo=
l force_refresh)
 /* Called with lock held on lower socket */
 static int tls_strp_read_sock(struct tls_strparser *strp)
 {
+	struct tls_context *ctx =3D tls_get_ctx(strp->sk);
 	int sz, inq;
=20
-	inq =3D tcp_inq(strp->sk);
+	inq =3D ctx->ops->inq(strp->sk);
 	if (inq < 1)
 		return 0;
=20
@@ -583,10 +591,12 @@ static void tls_strp_work(struct work_struct *w)
=20
 void tls_strp_msg_done(struct tls_strparser *strp)
 {
+	struct tls_context *ctx =3D tls_get_ctx(strp->sk);
+
 	WARN_ON(!strp->stm.full_len);
=20
 	if (likely(!strp->copy_mode))
-		tcp_read_done(strp->sk, strp->stm.full_len);
+		ctx->ops->read_done(strp->sk, strp->stm.full_len);
 	else
 		tls_strp_flush_anchor_copy(strp);
=20
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 9937d4c810f2..f11af3fe39bf 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1952,13 +1952,14 @@ tls_read_flush_backlog(struct sock *sk, struct tls_=
prot_info *prot,
 		       size_t len_left, size_t decrypted, ssize_t done,
 		       size_t *flushed_at)
 {
+	struct tls_context *tls_ctx =3D tls_get_ctx(sk);
 	size_t max_rec;
=20
 	if (len_left <=3D decrypted)
 		return false;
=20
 	max_rec =3D prot->overhead_size - prot->tail_size + TLS_MAX_PAYLOAD_SIZE;
-	if (done - *flushed_at < SZ_128K && tcp_inq(sk) > max_rec)
+	if (done - *flushed_at < SZ_128K && tls_ctx->ops->inq(sk) > max_rec)
 		return false;
=20
 	*flushed_at =3D done;
@@ -2489,7 +2490,7 @@ int tls_rx_msg_size(struct tls_strparser *strp, struc=
t sk_buff *skb)
 	}
=20
 	tls_device_rx_resync_new_rec(strp->sk, data_len + TLS_HEADER_SIZE,
-				     TCP_SKB_CB(skb)->seq + strp->stm.offset);
+				     tls_ctx->ops->get_skb_seq(skb) + strp->stm.offset);
 	return data_len + TLS_HEADER_SIZE;
=20
 read_failure:
--=20
2.51.0