linux/net/ipv4/tcp.c
<<
>>
Prefs 
   1/*
   2 * INET         An implementation of the TCP/IP protocol suite for the LINUX
   3 *              operating system.  INET is implemented using the  BSD Socket
   4 *              interface as the means of communication with the user level.
   5 *
   6 *              Implementation of the Transmission Control Protocol(TCP).
   7 *
   8 * Authors:     Ross Biro
   9 *              Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
  10 *              Mark Evans, <evansmp@uhura.aston.ac.uk>
  11 *              Corey Minyard <wf-rch!minyard@relay.EU.net>
  12 *              Florian La Roche, <flla@stud.uni-sb.de>
  13 *              Charles Hedrick, <hedrick@klinzhai.rutgers.edu>
  14 *              Linus Torvalds, <torvalds@cs.helsinki.fi>
  15 *              Alan Cox, <gw4pts@gw4pts.ampr.org>
  16 *              Matthew Dillon, <dillon@apollo.west.oic.com>
  17 *              Arnt Gulbrandsen, <agulbra@nvg.unit.no>
  18 *              Jorge Cwik, <jorge@laser.satlink.net>
  19 *
  20 * Fixes:
  21 *              Alan Cox        :       Numerous verify_area() calls
  22 *              Alan Cox        :       Set the ACK bit on a reset
  23 *              Alan Cox        :       Stopped it crashing if it closed while
  24 *                                      sk->inuse=1 and was trying to connect
  25 *                                      (tcp_err()).
  26 *              Alan Cox        :       All icmp error handling was broken
  27 *                                      pointers passed where wrong and the
  28 *                                      socket was looked up backwards. Nobody
  29 *                                      tested any icmp error code obviously.
  30 *              Alan Cox        :       tcp_err() now handled properly. It
  31 *                                      wakes people on errors. poll
  32 *                                      behaves and the icmp error race
  33 *                                      has gone by moving it into sock.c
  34 *              Alan Cox        :       tcp_send_reset() fixed to work for
  35 *                                      everything not just packets for
  36 *                                      unknown sockets.
  37 *              Alan Cox        :       tcp option processing.
  38 *              Alan Cox        :       Reset tweaked (still not 100%) [Had
  39 *                                      syn rule wrong]
  40 *              Herp Rosmanith  :       More reset fixes
  41 *              Alan Cox        :       No longer acks invalid rst frames.
  42 *                                      Acking any kind of RST is right out.
  43 *              Alan Cox        :       Sets an ignore me flag on an rst
  44 *                                      receive otherwise odd bits of prattle
  45 *                                      escape still
  46 *              Alan Cox        :       Fixed another acking RST frame bug.
  47 *                                      Should stop LAN workplace lockups.
  48 *              Alan Cox        :       Some tidyups using the new skb list
  49 *                                      facilities
  50 *              Alan Cox        :       sk->keepopen now seems to work
  51 *              Alan Cox        :       Pulls options out correctly on accepts
  52 *              Alan Cox        :       Fixed assorted sk->rqueue->next errors
  53 *              Alan Cox        :       PSH doesn't end a TCP read. Switched a
  54 *                                      bit to skb ops.
  55 *              Alan Cox        :       Tidied tcp_data to avoid a potential
  56 *                                      nasty.
  57 *              Alan Cox        :       Added some better commenting, as the
  58 *                                      tcp is hard to follow
  59 *              Alan Cox        :       Removed incorrect check for 20 * psh
  60 *      Michael O'Reilly        :       ack < copied bug fix.
  61 *      Johannes Stille         :       Misc tcp fixes (not all in yet).
  62 *              Alan Cox        :       FIN with no memory -> CRASH
  63 *              Alan Cox        :       Added socket option proto entries.
  64 *                                      Also added awareness of them to accept.
  65 *              Alan Cox        :       Added TCP options (SOL_TCP)
  66 *              Alan Cox        :       Switched wakeup calls to callbacks,
  67 *                                      so the kernel can layer network
  68 *                                      sockets.
  69 *              Alan Cox        :       Use ip_tos/ip_ttl settings.
  70 *              Alan Cox        :       Handle FIN (more) properly (we hope).
  71 *              Alan Cox        :       RST frames sent on unsynchronised
  72 *                                      state ack error.
  73 *              Alan Cox        :       Put in missing check for SYN bit.
  74 *              Alan Cox        :       Added tcp_select_window() aka NET2E
  75 *                                      window non shrink trick.
  76 *              Alan Cox        :       Added a couple of small NET2E timer
  77 *                                      fixes
  78 *              Charles Hedrick :       TCP fixes
  79 *              Toomas Tamm     :       TCP window fixes
  80 *              Alan Cox        :       Small URG fix to rlogin ^C ack fight
  81 *              Charles Hedrick :       Rewrote most of it to actually work
  82 *              Linus           :       Rewrote tcp_read() and URG handling
  83 *                                      completely
  84 *              Gerhard Koerting:       Fixed some missing timer handling
  85 *              Matthew Dillon  :       Reworked TCP machine states as per RFC
  86 *              Gerhard Koerting:       PC/TCP workarounds
  87 *              Adam Caldwell   :       Assorted timer/timing errors
  88 *              Matthew Dillon  :       Fixed another RST bug
  89 *              Alan Cox        :       Move to kernel side addressing changes.
  90 *              Alan Cox        :       Beginning work on TCP fastpathing
  91 *                                      (not yet usable)
  92 *              Arnt Gulbrandsen:       Turbocharged tcp_check() routine.
  93 *              Alan Cox        :       TCP fast path debugging
  94 *              Alan Cox        :       Window clamping
  95 *              Michael Riepe   :       Bug in tcp_check()
  96 *              Matt Dillon     :       More TCP improvements and RST bug fixes
  97 *              Matt Dillon     :       Yet more small nasties remove from the
  98 *                                      TCP code (Be very nice to this man if
  99 *                                      tcp finally works 100%) 8)
 100 *              Alan Cox        :       BSD accept semantics.
 101 *              Alan Cox        :       Reset on closedown bug.
 102 *      Peter De Schrijver      :       ENOTCONN check missing in tcp_sendto().
 103 *              Michael Pall    :       Handle poll() after URG properly in
 104 *                                      all cases.
 105 *              Michael Pall    :       Undo the last fix in tcp_read_urg()
 106 *                                      (multi URG PUSH broke rlogin).
 107 *              Michael Pall    :       Fix the multi URG PUSH problem in
 108 *                                      tcp_readable(), poll() after URG
 109 *                                      works now.
 110 *              Michael Pall    :       recv(...,MSG_OOB) never blocks in the
 111 *                                      BSD api.
 112 *              Alan Cox        :       Changed the semantics of sk->socket to
 113 *                                      fix a race and a signal problem with
 114 *                                      accept() and async I/O.
 115 *              Alan Cox        :       Relaxed the rules on tcp_sendto().
 116 *              Yury Shevchuk   :       Really fixed accept() blocking problem.
 117 *              Craig I. Hagan  :       Allow for BSD compatible TIME_WAIT for
 118 *                                      clients/servers which listen in on
 119 *                                      fixed ports.
 120 *              Alan Cox        :       Cleaned the above up and shrank it to
 121 *                                      a sensible code size.
 122 *              Alan Cox        :       Self connect lockup fix.
 123 *              Alan Cox        :       No connect to multicast.
 124 *              Ross Biro       :       Close unaccepted children on master
 125 *                                      socket close.
 126 *              Alan Cox        :       Reset tracing code.
 127 *              Alan Cox        :       Spurious resets on shutdown.
 128 *              Alan Cox        :       Giant 15 minute/60 second timer error
 129 *              Alan Cox        :       Small whoops in polling before an
 130 *                                      accept.
 131 *              Alan Cox        :       Kept the state trace facility since
 132 *                                      it's handy for debugging.
 133 *              Alan Cox        :       More reset handler fixes.
 134 *              Alan Cox        :       Started rewriting the code based on
 135 *                                      the RFC's for other useful protocol
 136 *                                      references see: Comer, KA9Q NOS, and
 137 *                                      for a reference on the difference
 138 *                                      between specifications and how BSD
 139 *                                      works see the 4.4lite source.
 140 *              A.N.Kuznetsov   :       Don't time wait on completion of tidy
 141 *                                      close.
 142 *              Linus Torvalds  :       Fin/Shutdown & copied_seq changes.
 143 *              Linus Torvalds  :       Fixed BSD port reuse to work first syn
 144 *              Alan Cox        :       Reimplemented timers as per the RFC
 145 *                                      and using multiple timers for sanity.
 146 *              Alan Cox        :       Small bug fixes, and a lot of new
 147 *                                      comments.
 148 *              Alan Cox        :       Fixed dual reader crash by locking
 149 *                                      the buffers (much like datagram.c)
 150 *              Alan Cox        :       Fixed stuck sockets in probe. A probe
 151 *                                      now gets fed up of retrying without
 152 *                                      (even a no space) answer.
 153 *              Alan Cox        :       Extracted closing code better
 154 *              Alan Cox        :       Fixed the closing state machine to
 155 *                                      resemble the RFC.
 156 *              Alan Cox        :       More 'per spec' fixes.
 157 *              Jorge Cwik      :       Even faster checksumming.
 158 *              Alan Cox        :       tcp_data() doesn't ack illegal PSH
 159 *                                      only frames. At least one pc tcp stack
 160 *                                      generates them.
 161 *              Alan Cox        :       Cache last socket.
 162 *              Alan Cox        :       Per route irtt.
 163 *              Matt Day        :       poll()->select() match BSD precisely on error
 164 *              Alan Cox        :       New buffers
 165 *              Marc Tamsky     :       Various sk->prot->retransmits and
 166 *                                      sk->retransmits misupdating fixed.
 167 *                                      Fixed tcp_write_timeout: stuck close,
 168 *                                      and TCP syn retries gets used now.
 169 *              Mark Yarvis     :       In tcp_read_wakeup(), don't send an
 170 *                                      ack if state is TCP_CLOSED.
 171 *              Alan Cox        :       Look up device on a retransmit - routes may
 172 *                                      change. Doesn't yet cope with MSS shrink right
 173 *                                      but it's a start!
 174 *              Marc Tamsky     :       Closing in closing fixes.
 175 *              Mike Shaver     :       RFC1122 verifications.
 176 *              Alan Cox        :       rcv_saddr errors.
 177 *              Alan Cox        :       Block double connect().
 178 *              Alan Cox        :       Small hooks for enSKIP.
 179 *              Alexey Kuznetsov:       Path MTU discovery.
 180 *              Alan Cox        :       Support soft errors.
 181 *              Alan Cox        :       Fix MTU discovery pathological case
 182 *                                      when the remote claims no mtu!
 183 *              Marc Tamsky     :       TCP_CLOSE fix.
 184 *              Colin (G3TNE)   :       Send a reset on syn ack replies in
 185 *                                      window but wrong (fixes NT lpd problems)
 186 *              Pedro Roque     :       Better TCP window handling, delayed ack.
 187 *              Joerg Reuter    :       No modification of locked buffers in
 188 *                                      tcp_do_retransmit()
 189 *              Eric Schenk     :       Changed receiver side silly window
 190 *                                      avoidance algorithm to BSD style
 191 *                                      algorithm. This doubles throughput
 192 *                                      against machines running Solaris,
 193 *                                      and seems to result in general
 194 *                                      improvement.
 195 *      Stefan Magdalinski      :       adjusted tcp_readable() to fix FIONREAD
 196 *      Willy Konynenberg       :       Transparent proxying support.
 197 *      Mike McLagan            :       Routing by source
 198 *              Keith Owens     :       Do proper merging with partial SKB's in
 199 *                                      tcp_do_sendmsg to avoid burstiness.
 200 *              Eric Schenk     :       Fix fast close down bug with
 201 *                                      shutdown() followed by close().
 202 *              Andi Kleen      :       Make poll agree with SIGIO
 203 *      Salvatore Sanfilippo    :       Support SO_LINGER with linger == 1 and
 204 *                                      lingertime == 0 (RFC 793 ABORT Call)
 205 *      Hirokazu Takahashi      :       Use copy_from_user() instead of
 206 *                                      csum_and_copy_from_user() if possible.
 207 *
 208 *              This program is free software; you can redistribute it and/or
 209 *              modify it under the terms of the GNU General Public License
 210 *              as published by the Free Software Foundation; either version
 211 *              2 of the License, or(at your option) any later version.
 212 *
 213 * Description of States:
 214 *
 215 *      TCP_SYN_SENT            sent a connection request, waiting for ack
 216 *
 217 *      TCP_SYN_RECV            received a connection request, sent ack,
 218 *                              waiting for final ack in three-way handshake.
 219 *
 220 *      TCP_ESTABLISHED         connection established
 221 *
 222 *      TCP_FIN_WAIT1           our side has shutdown, waiting to complete
 223 *                              transmission of remaining buffered data
 224 *
 225 *      TCP_FIN_WAIT2           all buffered data sent, waiting for remote
 226 *                              to shutdown
 227 *
 228 *      TCP_CLOSING             both sides have shutdown but we still have
 229 *                              data we have to finish sending
 230 *
 231 *      TCP_TIME_WAIT           timeout to catch resent junk before entering
 232 *                              closed, can only be entered from FIN_WAIT2
 233 *                              or CLOSING.  Required because the other end
 234 *                              may not have gotten our last ACK causing it
 235 *                              to retransmit the data packet (which we ignore)
 236 *
 237 *      TCP_CLOSE_WAIT          remote side has shutdown and is waiting for
 238 *                              us to finish writing our data and to shutdown
 239 *                              (we have to close() to move on to LAST_ACK)
 240 *
 241 *      TCP_LAST_ACK            out side has shutdown after remote has
 242 *                              shutdown.  There may still be data in our
 243 *                              buffer that we have to finish sending
 244 *
 245 *      TCP_CLOSE               socket is finished
 246 */
 247
 248#define pr_fmt(fmt) "TCP: " fmt
 249
 250#include <linux/kernel.h>
 251#include <linux/module.h>
 252#include <linux/types.h>
 253#include <linux/fcntl.h>
 254#include <linux/poll.h>
 255#include <linux/init.h>
 256#include <linux/fs.h>
 257#include <linux/skbuff.h>
 258#include <linux/scatterlist.h>
 259#include <linux/splice.h>
 260#include <linux/net.h>
 261#include <linux/socket.h>
 262#include <linux/random.h>
 263#include <linux/bootmem.h>
 264#include <linux/highmem.h>
 265#include <linux/swap.h>
 266#include <linux/cache.h>
 267#include <linux/err.h>
 268#include <linux/crypto.h>
 269#include <linux/time.h>
 270#include <linux/slab.h>
 271
 272#include <net/icmp.h>
 273#include <net/inet_common.h>
 274#include <net/tcp.h>
 275#include <net/xfrm.h>
 276#include <net/ip.h>
 277#include <net/netdma.h>
 278#include <net/sock.h>
 279
 280#include <asm/uaccess.h>
 281#include <asm/ioctls.h>
 282#include <net/busy_poll.h>
 283
 284int sysctl_tcp_fin_timeout __read_mostly = TCP_FIN_TIMEOUT;
 285
 286int sysctl_tcp_min_tso_segs __read_mostly = 2;
 287
 288struct percpu_counter tcp_orphan_count;
 289EXPORT_SYMBOL_GPL(tcp_orphan_count);
 290
 291long sysctl_tcp_mem[3] __read_mostly;
 292int sysctl_tcp_wmem[3] __read_mostly;
 293int sysctl_tcp_rmem[3] __read_mostly;
 294
 295EXPORT_SYMBOL(sysctl_tcp_mem);
 296EXPORT_SYMBOL(sysctl_tcp_rmem);
 297EXPORT_SYMBOL(sysctl_tcp_wmem);
 298
 299atomic_long_t tcp_memory_allocated;     /* Current allocated memory. */
 300EXPORT_SYMBOL(tcp_memory_allocated);
 301
 302/*
 303 * Current number of TCP sockets.
 304 */
 305struct percpu_counter tcp_sockets_allocated;
 306EXPORT_SYMBOL(tcp_sockets_allocated);
 307
 308/*
 309 * TCP splice context
 310 */
 311struct tcp_splice_state {
 312        struct pipe_inode_info *pipe;
 313        size_t len;
 314        unsigned int flags;
 315};
 316
 317/*
 318 * Pressure flag: try to collapse.
 319 * Technical note: it is used by multiple contexts non atomically.
 320 * All the __sk_mem_schedule() is of this nature: accounting
 321 * is strict, actions are advisory and have some latency.
 322 */
 323int tcp_memory_pressure __read_mostly;
 324EXPORT_SYMBOL(tcp_memory_pressure);
 325
 326void tcp_enter_memory_pressure(struct sock *sk)
 327{
 328        if (!tcp_memory_pressure) {
 329                NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMEMORYPRESSURES);
 330                tcp_memory_pressure = 1;
 331        }
 332}
 333EXPORT_SYMBOL(tcp_enter_memory_pressure);
 334
 335/* Convert seconds to retransmits based on initial and max timeout */
 336static u8 secs_to_retrans(int seconds, int timeout, int rto_max)
 337{
 338        u8 res = 0;
 339
 340        if (seconds > 0) {
 341                int period = timeout;
 342
 343                res = 1;
 344                while (seconds > period && res < 255) {
 345                        res++;
 346                        timeout <<= 1;
 347                        if (timeout > rto_max)
 348                                timeout = rto_max;
 349                        period += timeout;
 350                }
 351        }
 352        return res;
 353}
 354
 355/* Convert retransmits to seconds based on initial and max timeout */
 356static int retrans_to_secs(u8 retrans, int timeout, int rto_max)
 357{
 358        int period = 0;
 359
 360        if (retrans > 0) {
 361                period = timeout;
 362                while (--retrans) {
 363                        timeout <<= 1;
 364                        if (timeout > rto_max)
 365                                timeout = rto_max;
 366                        period += timeout;
 367                }
 368        }
 369        return period;
 370}
 371
 372/* Address-family independent initialization for a tcp_sock.
 373 *
 374 * NOTE: A lot of things set to zero explicitly by call to
 375 *       sk_alloc() so need not be done here.
 376 */
 377void tcp_init_sock(struct sock *sk)
 378{
 379        struct inet_connection_sock *icsk = inet_csk(sk);
 380        struct tcp_sock *tp = tcp_sk(sk);
 381
 382        skb_queue_head_init(&tp->out_of_order_queue);
 383        tcp_init_xmit_timers(sk);
 384        tcp_prequeue_init(tp);
 385        INIT_LIST_HEAD(&tp->tsq_node);
 386
 387        icsk->icsk_rto = TCP_TIMEOUT_INIT;
 388        tp->mdev = TCP_TIMEOUT_INIT;
 389
 390        /* So many TCP implementations out there (incorrectly) count the
 391         * initial SYN frame in their delayed-ACK and congestion control
 392         * algorithms that we must have the following bandaid to talk
 393         * efficiently to them.  -DaveM
 394         */
 395        tp->snd_cwnd = TCP_INIT_CWND;
 396
 397        /* See draft-stevens-tcpca-spec-01 for discussion of the
 398         * initialization of these values.
 399         */
 400        tp->snd_ssthresh = TCP_INFINITE_SSTHRESH;
 401        tp->snd_cwnd_clamp = ~0;
 402        tp->mss_cache = TCP_MSS_DEFAULT;
 403
 404        tp->reordering = sysctl_tcp_reordering;
 405        tcp_enable_early_retrans(tp);
 406        icsk->icsk_ca_ops = &tcp_init_congestion_ops;
 407
 408        tp->tsoffset = 0;
 409
 410        sk->sk_state = TCP_CLOSE;
 411
 412        sk->sk_write_space = sk_stream_write_space;
 413        sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
 414
 415        icsk->icsk_sync_mss = tcp_sync_mss;
 416
 417        sk->sk_sndbuf = sysctl_tcp_wmem[1];
 418        sk->sk_rcvbuf = sysctl_tcp_rmem[1];
 419
 420        local_bh_disable();
 421        sock_update_memcg(sk);
 422        sk_sockets_allocated_inc(sk);
 423        local_bh_enable();
 424}
 425EXPORT_SYMBOL(tcp_init_sock);
 426
 427/*
 428 *      Wait for a TCP event.
 429 *
 430 *      Note that we don't need to lock the socket, as the upper poll layers
 431 *      take care of normal races (between the test and the event) and we don't
 432 *      go look at any of the socket buffers directly.
 433 */
 434unsigned int tcp_poll(struct file *file, struct socket *sock, poll_table *wait)
 435{
 436        unsigned int mask;
 437        struct sock *sk = sock->sk;
 438        const struct tcp_sock *tp = tcp_sk(sk);
 439
 440        sock_rps_record_flow(sk);
 441
 442        sock_poll_wait(file, sk_sleep(sk), wait);
 443        if (sk->sk_state == TCP_LISTEN)
 444                return inet_csk_listen_poll(sk);
 445
 446        /* Socket is not locked. We are protected from async events
 447         * by poll logic and correct handling of state changes
 448         * made by other threads is impossible in any case.
 449         */
 450
 451        mask = 0;
 452
 453        /*
 454         * POLLHUP is certainly not done right. But poll() doesn't
 455         * have a notion of HUP in just one direction, and for a
 456         * socket the read side is more interesting.
 457         *
 458         * Some poll() documentation says that POLLHUP is incompatible
 459         * with the POLLOUT/POLLWR flags, so somebody should check this
 460         * all. But careful, it tends to be safer to return too many
 461         * bits than too few, and you can easily break real applications
 462         * if you don't tell them that something has hung up!
 463         *
 464         * Check-me.
 465         *
 466         * Check number 1. POLLHUP is _UNMASKABLE_ event (see UNIX98 and
 467         * our fs/select.c). It means that after we received EOF,
 468         * poll always returns immediately, making impossible poll() on write()
 469         * in state CLOSE_WAIT. One solution is evident --- to set POLLHUP
 470         * if and only if shutdown has been made in both directions.
 471         * Actually, it is interesting to look how Solaris and DUX
 472         * solve this dilemma. I would prefer, if POLLHUP were maskable,
 473         * then we could set it on SND_SHUTDOWN. BTW examples given
 474         * in Stevens' books assume exactly this behaviour, it explains
 475         * why POLLHUP is incompatible with POLLOUT.    --ANK
 476         *
 477         * NOTE. Check for TCP_CLOSE is added. The goal is to prevent
 478         * blocking on fresh not-connected or disconnected socket. --ANK
 479         */
 480        if (sk->sk_shutdown == SHUTDOWN_MASK || sk->sk_state == TCP_CLOSE)
 481                mask |= POLLHUP;
 482        if (sk->sk_shutdown & RCV_SHUTDOWN)
 483                mask |= POLLIN | POLLRDNORM | POLLRDHUP;
 484
 485        /* Connected or passive Fast Open socket? */
 486        if (sk->sk_state != TCP_SYN_SENT &&
 487            (sk->sk_state != TCP_SYN_RECV || tp->fastopen_rsk != NULL)) {
 488                int target = sock_rcvlowat(sk, 0, INT_MAX);
 489
 490                if (tp->urg_seq == tp->copied_seq &&
 491                    !sock_flag(sk, SOCK_URGINLINE) &&
 492                    tp->urg_data)
 493                        target++;
 494
 495                /* Potential race condition. If read of tp below will
 496                 * escape above sk->sk_state, we can be illegally awaken
 497                 * in SYN_* states. */
 498                if (tp->rcv_nxt - tp->copied_seq >= target)
 499                        mask |= POLLIN | POLLRDNORM;
 500
 501                if (!(sk->sk_shutdown & SEND_SHUTDOWN)) {
 502                        if (sk_stream_is_writeable(sk)) {
 503                                mask |= POLLOUT | POLLWRNORM;
 504                        } else {  /* send SIGIO later */
 505                                set_bit(SOCK_ASYNC_NOSPACE,
 506                                        &sk->sk_socket->flags);
 507                                set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
 508
 509                                /* Race breaker. If space is freed after
 510                                 * wspace test but before the flags are set,
 511                                 * IO signal will be lost.
 512                                 */
 513                                if (sk_stream_is_writeable(sk))
 514                                        mask |= POLLOUT | POLLWRNORM;
 515                        }
 516                } else
 517                        mask |= POLLOUT | POLLWRNORM;
 518
 519                if (tp->urg_data & TCP_URG_VALID)
 520                        mask |= POLLPRI;
 521        }
 522        /* This barrier is coupled with smp_wmb() in tcp_reset() */
 523        smp_rmb();
 524        if (sk->sk_err)
 525                mask |= POLLERR;
 526
 527        return mask;
 528}
 529EXPORT_SYMBOL(tcp_poll);
 530
 531int tcp_ioctl(struct sock *sk, int cmd, unsigned long arg)
 532{
 533        struct tcp_sock *tp = tcp_sk(sk);
 534        int answ;
 535        bool slow;
 536
 537        switch (cmd) {
 538        case SIOCINQ:
 539                if (sk->sk_state == TCP_LISTEN)
 540                        return -EINVAL;
 541
 542                slow = lock_sock_fast(sk);
 543                if ((1 << sk->sk_state) & (TCPF_SYN_SENT | TCPF_SYN_RECV))
 544                        answ = 0;
 545                else if (sock_flag(sk, SOCK_URGINLINE) ||
 546                         !tp->urg_data ||
 547                         before(tp->urg_seq, tp->copied_seq) ||
 548                         !before(tp->urg_seq, tp->rcv_nxt)) {
 549
 550                        answ = tp->rcv_nxt - tp->copied_seq;
 551
 552                        /* Subtract 1, if FIN was received */
 553                        if (answ && sock_flag(sk, SOCK_DONE))
 554                                answ--;
 555                } else
 556                        answ = tp->urg_seq - tp->copied_seq;
 557                unlock_sock_fast(sk, slow);
 558                break;
 559        case SIOCATMARK:
 560                answ = tp->urg_data && tp->urg_seq == tp->copied_seq;
 561                break;
 562        case SIOCOUTQ:
 563                if (sk->sk_state == TCP_LISTEN)
 564                        return -EINVAL;
 565
 566                if ((1 << sk->sk_state) & (TCPF_SYN_SENT | TCPF_SYN_RECV))
 567                        answ = 0;
 568                else
 569                        answ = tp->write_seq - tp->snd_una;
 570                break;
 571        case SIOCOUTQNSD:
 572                if (sk->sk_state == TCP_LISTEN)
 573                        return -EINVAL;
 574
 575                if ((1 << sk->sk_state) & (TCPF_SYN_SENT | TCPF_SYN_RECV))
 576                        answ = 0;
 577                else
 578                        answ = tp->write_seq - tp->snd_nxt;
 579                break;
 580        default:
 581                return -ENOIOCTLCMD;
 582        }
 583
 584        return put_user(answ, (int __user *)arg);
 585}
 586EXPORT_SYMBOL(tcp_ioctl);
 587
 588static inline void tcp_mark_push(struct tcp_sock *tp, struct sk_buff *skb)
 589{
 590        TCP_SKB_CB(skb)->tcp_flags |= TCPHDR_PSH;
 591        tp->pushed_seq = tp->write_seq;
 592}
 593
 594static inline bool forced_push(const struct tcp_sock *tp)
 595{
 596        return after(tp->write_seq, tp->pushed_seq + (tp->max_window >> 1));
 597}
 598
 599static inline void skb_entail(struct sock *sk, struct sk_buff *skb)
 600{
 601        struct tcp_sock *tp = tcp_sk(sk);
 602        struct tcp_skb_cb *tcb = TCP_SKB_CB(skb);
 603
 604        skb->csum    = 0;
 605        tcb->seq     = tcb->end_seq = tp->write_seq;
 606        tcb->tcp_flags = TCPHDR_ACK;
 607        tcb->sacked  = 0;
 608        skb_header_release(skb);
 609        tcp_add_write_queue_tail(sk, skb);
 610        sk->sk_wmem_queued += skb->truesize;
 611        sk_mem_charge(sk, skb->truesize);
 612        if (tp->nonagle & TCP_NAGLE_PUSH)
 613                tp->nonagle &= ~TCP_NAGLE_PUSH;
 614}
 615
 616static inline void tcp_mark_urg(struct tcp_sock *tp, int flags)
 617{
 618        if (flags & MSG_OOB)
 619                tp->snd_up = tp->write_seq;
 620}
 621
 622static inline void tcp_push(struct sock *sk, int flags, int mss_now,
 623                            int nonagle)
 624{
 625        if (tcp_send_head(sk)) {
 626                struct tcp_sock *tp = tcp_sk(sk);
 627
 628                if (!(flags & MSG_MORE) || forced_push(tp))
 629                        tcp_mark_push(tp, tcp_write_queue_tail(sk));
 630
 631                tcp_mark_urg(tp, flags);
 632                __tcp_push_pending_frames(sk, mss_now,
 633                                          (flags & MSG_MORE) ? TCP_NAGLE_CORK : nonagle);
 634        }
 635}
 636
 637static int tcp_splice_data_recv(read_descriptor_t *rd_desc, struct sk_buff *skb,
 638                                unsigned int offset, size_t len)
 639{
 640        struct tcp_splice_state *tss = rd_desc->arg.data;
 641        int ret;
 642
 643        ret = skb_splice_bits(skb, offset, tss->pipe, min(rd_desc->count, len),
 644                              tss->flags);
 645        if (ret > 0)
 646                rd_desc->count -= ret;
 647        return ret;
 648}
 649
 650static int __tcp_splice_read(struct sock *sk, struct tcp_splice_state *tss)
 651{
 652        /* Store TCP splice context information in read_descriptor_t. */
 653        read_descriptor_t rd_desc = {
 654                .arg.data = tss,
 655                .count    = tss->len,
 656        };
 657
 658        return tcp_read_sock(sk, &rd_desc, tcp_splice_data_recv);
 659}
 660
 661/**
 662 *  tcp_splice_read - splice data from TCP socket to a pipe
 663 * @sock:       socket to splice from
 664 * @ppos:       position (not valid)
 665 * @pipe:       pipe to splice to
 666 * @len:        number of bytes to splice
 667 * @flags:      splice modifier flags
 668 *
 669 * Description:
 670 *    Will read pages from given socket and fill them into a pipe.
 671 *
 672 **/
 673ssize_t tcp_splice_read(struct socket *sock, loff_t *ppos,
 674                        struct pipe_inode_info *pipe, size_t len,
 675                        unsigned int flags)
 676{
 677        struct sock *sk = sock->sk;
 678        struct tcp_splice_state tss = {
 679                .pipe = pipe,
 680                .len = len,
 681                .flags = flags,
 682        };
 683        long timeo;
 684        ssize_t spliced;
 685        int ret;
 686
 687        sock_rps_record_flow(sk);
 688        /*
 689         * We can't seek on a socket input
 690         */
 691        if (unlikely(*ppos))
 692                return -ESPIPE;
 693
 694        ret = spliced = 0;
 695
 696        lock_sock(sk);
 697
 698        timeo = sock_rcvtimeo(sk, sock->file->f_flags & O_NONBLOCK);
 699        while (tss.len) {
 700                ret = __tcp_splice_read(sk, &tss);
 701                if (ret < 0)
 702                        break;
 703                else if (!ret) {
 704                        if (spliced)
 705                                break;
 706                        if (sock_flag(sk, SOCK_DONE))
 707                                break;
 708                        if (sk->sk_err) {
 709                                ret = sock_error(sk);
 710                                break;
 711                        }
 712                        if (sk->sk_shutdown & RCV_SHUTDOWN)
 713                                break;
 714                        if (sk->sk_state == TCP_CLOSE) {
 715                                /*
 716                                 * This occurs when user tries to read
 717                                 * from never connected socket.
 718                                 */
 719                                if (!sock_flag(sk, SOCK_DONE))
 720                                        ret = -ENOTCONN;
 721                                break;
 722                        }
 723                        if (!timeo) {
 724                                ret = -EAGAIN;
 725                                break;
 726                        }
 727                        sk_wait_data(sk, &timeo);
 728                        if (signal_pending(current)) {
 729                                ret = sock_intr_errno(timeo);
 730                                break;
 731                        }
 732                        continue;
 733                }
 734                tss.len -= ret;
 735                spliced += ret;
 736
 737                if (!timeo)
 738                        break;
 739                release_sock(sk);
 740                lock_sock(sk);
 741
 742                if (sk->sk_err || sk->sk_state == TCP_CLOSE ||
 743                    (sk->sk_shutdown & RCV_SHUTDOWN) ||
 744                    signal_pending(current))
 745                        break;
 746        }
 747
 748        release_sock(sk);
 749
 750        if (spliced)
 751                return spliced;
 752
 753        return ret;
 754}
 755EXPORT_SYMBOL(tcp_splice_read);
 756
 757struct sk_buff *sk_stream_alloc_skb(struct sock *sk, int size, gfp_t gfp)
 758{
 759        struct sk_buff *skb;
 760
 761        /* The TCP header must be at least 32-bit aligned.  */
 762        size = ALIGN(size, 4);
 763
 764        skb = alloc_skb_fclone(size + sk->sk_prot->max_header, gfp);
 765        if (skb) {
 766                if (sk_wmem_schedule(sk, skb->truesize)) {
 767                        skb_reserve(skb, sk->sk_prot->max_header);
 768                        /*
 769                         * Make sure that we have exactly size bytes
 770                         * available to the caller, no more, no less.
 771                         */
 772                        skb->reserved_tailroom = skb->end - skb->tail - size;
 773                        return skb;
 774                }
 775                __kfree_skb(skb);
 776        } else {
 777                sk->sk_prot->enter_memory_pressure(sk);
 778                sk_stream_moderate_sndbuf(sk);
 779        }
 780        return NULL;
 781}
 782
 783static unsigned int tcp_xmit_size_goal(struct sock *sk, u32 mss_now,
 784                                       int large_allowed)
 785{
 786        struct tcp_sock *tp = tcp_sk(sk);
 787        u32 xmit_size_goal, old_size_goal;
 788
 789        xmit_size_goal = mss_now;
 790
 791        if (large_allowed && sk_can_gso(sk)) {
 792                u32 gso_size, hlen;
 793
 794                /* Maybe we should/could use sk->sk_prot->max_header here ? */
 795                hlen = inet_csk(sk)->icsk_af_ops->net_header_len +
 796                       inet_csk(sk)->icsk_ext_hdr_len +
 797                       tp->tcp_header_len;
 798
 799                /* Goal is to send at least one packet per ms,
 800                 * not one big TSO packet every 100 ms.
 801                 * This preserves ACK clocking and is consistent
 802                 * with tcp_tso_should_defer() heuristic.
 803                 */
 804                gso_size = sk->sk_pacing_rate / (2 * MSEC_PER_SEC);
 805                gso_size = max_t(u32, gso_size,
 806                                 sysctl_tcp_min_tso_segs * mss_now);
 807
 808                xmit_size_goal = min_t(u32, gso_size,
 809                                       sk->sk_gso_max_size - 1 - hlen);
 810
 811                xmit_size_goal = tcp_bound_to_half_wnd(tp, xmit_size_goal);
 812
 813                /* We try hard to avoid divides here */
 814                old_size_goal = tp->xmit_size_goal_segs * mss_now;
 815
 816                if (likely(old_size_goal <= xmit_size_goal &&
 817                           old_size_goal + mss_now > xmit_size_goal)) {
 818                        xmit_size_goal = old_size_goal;
 819                } else {
 820                        tp->xmit_size_goal_segs =
 821                                min_t(u16, xmit_size_goal / mss_now,
 822                                      sk->sk_gso_max_segs);
 823                        xmit_size_goal = tp->xmit_size_goal_segs * mss_now;
 824                }
 825        }
 826
 827        return max(xmit_size_goal, mss_now);
 828}
 829
 830static int tcp_send_mss(struct sock *sk, int *size_goal, int flags)
 831{
 832        int mss_now;
 833
 834        mss_now = tcp_current_mss(sk);
 835        *size_goal = tcp_xmit_size_goal(sk, mss_now, !(flags & MSG_OOB));
 836
 837        return mss_now;
 838}
 839
 840static ssize_t do_tcp_sendpages(struct sock *sk, struct page *page, int offset,
 841                                size_t size, int flags)
 842{
 843        struct tcp_sock *tp = tcp_sk(sk);
 844        int mss_now, size_goal;
 845        int err;
 846        ssize_t copied;
 847        long timeo = sock_sndtimeo(sk, flags & MSG_DONTWAIT);
 848
 849        /* Wait for a connection to finish. One exception is TCP Fast Open
 850         * (passive side) where data is allowed to be sent before a connection
 851         * is fully established.
 852         */
 853        if (((1 << sk->sk_state) & ~(TCPF_ESTABLISHED | TCPF_CLOSE_WAIT)) &&
 854            !tcp_passive_fastopen(sk)) {
 855                if ((err = sk_stream_wait_connect(sk, &timeo)) != 0)
 856                        goto out_err;
 857        }
 858
 859        clear_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags);
 860
 861        mss_now = tcp_send_mss(sk, &size_goal, flags);
 862        copied = 0;
 863
 864        err = -EPIPE;
 865        if (sk->sk_err || (sk->sk_shutdown & SEND_SHUTDOWN))
 866                goto out_err;
 867
 868        while (size > 0) {
 869                struct sk_buff *skb = tcp_write_queue_tail(sk);
 870                int copy, i;
 871                bool can_coalesce;
 872
 873                if (!tcp_send_head(sk) || (copy = size_goal - skb->len) <= 0) {
 874new_segment:
 875                        if (!sk_stream_memory_free(sk))
 876                                goto wait_for_sndbuf;
 877
 878                        skb = sk_stream_alloc_skb(sk, 0, sk->sk_allocation);
 879                        if (!skb)
 880                                goto wait_for_memory;
 881
 882                        skb_entail(sk, skb);
 883                        copy = size_goal;
 884                }
 885
 886                if (copy > size)
 887                        copy = size;
 888
 889                i = skb_shinfo(skb)->nr_frags;
 890                can_coalesce = skb_can_coalesce(skb, i, page, offset);
 891                if (!can_coalesce && i >= MAX_SKB_FRAGS) {
 892                        tcp_mark_push(tp, skb);
 893                        goto new_segment;
 894                }
 895                if (!sk_wmem_schedule(sk, copy))
 896                        goto wait_for_memory;
 897
 898                if (can_coalesce) {
 899                        skb_frag_size_add(&skb_shinfo(skb)->frags[i - 1], copy);
 900                } else {
 901                        get_page(page);
 902                        skb_fill_page_desc(skb, i, page, offset, copy);
 903                }
 904                skb_shinfo(skb)->tx_flags |= SKBTX_SHARED_FRAG;
 905
 906                skb->len += copy;
 907                skb->data_len += copy;
 908                skb->truesize += copy;
 909                sk->sk_wmem_queued += copy;
 910                sk_mem_charge(sk, copy);
 911                skb->ip_summed = CHECKSUM_PARTIAL;
 912                tp->write_seq += copy;
 913                TCP_SKB_CB(skb)->end_seq += copy;
 914                skb_shinfo(skb)->gso_segs = 0;
 915
 916                if (!copied)
 917                        TCP_SKB_CB(skb)->tcp_flags &= ~TCPHDR_PSH;
 918
 919                copied += copy;
 920                offset += copy;
 921                if (!(size -= copy))
 922                        goto out;
 923
 924                if (skb->len < size_goal || (flags & MSG_OOB))
 925                        continue;
 926
 927                if (forced_push(tp)) {
 928                        tcp_mark_push(tp, skb);
 929                        __tcp_push_pending_frames(sk, mss_now, TCP_NAGLE_PUSH);
 930                } else if (skb == tcp_send_head(sk))
 931                        tcp_push_one(sk, mss_now);
 932                continue;
 933
 934wait_for_sndbuf:
 935                set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
 936wait_for_memory:
 937                tcp_push(sk, flags & ~MSG_MORE, mss_now, TCP_NAGLE_PUSH);
 938
 939                if ((err = sk_stream_wait_memory(sk, &timeo)) != 0)
 940                        goto do_error;
 941
 942                mss_now = tcp_send_mss(sk, &size_goal, flags);
 943        }
 944
 945out:
 946        if (copied && !(flags & MSG_SENDPAGE_NOTLAST))
 947                tcp_push(sk, flags, mss_now, tp->nonagle);
 948        return copied;
 949
 950do_error:
 951        if (copied)
 952                goto out;
 953out_err:
 954        return sk_stream_error(sk, flags, err);
 955}
 956
 957int tcp_sendpage(struct sock *sk, struct page *page, int offset,
 958                 size_t size, int flags)
 959{
 960        ssize_t res;
 961
 962        if (!(sk->sk_route_caps & NETIF_F_SG) ||
 963            !(sk->sk_route_caps & NETIF_F_ALL_CSUM))
 964                return sock_no_sendpage(sk->sk_socket, page, offset, size,
 965                                        flags);
 966
 967        lock_sock(sk);
 968        res = do_tcp_sendpages(sk, page, offset, size, flags);
 969        release_sock(sk);
 970        return res;
 971}
 972EXPORT_SYMBOL(tcp_sendpage);
 973
 974static inline int select_size(const struct sock *sk, bool sg)
 975{
 976        const struct tcp_sock *tp = tcp_sk(sk);
 977        int tmp = tp->mss_cache;
 978
 979        if (sg) {
 980                if (sk_can_gso(sk)) {
 981                        /* Small frames wont use a full page:
 982                         * Payload will immediately follow tcp header.
 983                         */
 984                        tmp = SKB_WITH_OVERHEAD(2048 - MAX_TCP_HEADER);
 985                } else {
 986                        int pgbreak = SKB_MAX_HEAD(MAX_TCP_HEADER);
 987
 988                        if (tmp >= pgbreak &&
 989                            tmp <= pgbreak + (MAX_SKB_FRAGS - 1) * PAGE_SIZE)
 990                                tmp = pgbreak;
 991                }
 992        }
 993
 994        return tmp;
 995}
 996
 997void tcp_free_fastopen_req(struct tcp_sock *tp)
 998{
 999        if (tp->fastopen_req != NULL) {
1000                kfree(tp->fastopen_req);

1001                tp->fastopen_req = NULL;
1002        }
1003}
1004
1005static int tcp_sendmsg_fastopen(struct sock *sk, struct msghdr *msg, int *size)
1006{
1007        struct tcp_sock *tp = tcp_sk(sk);
1008        int err, flags;
1009
1010        if (!(sysctl_tcp_fastopen & TFO_CLIENT_ENABLE))
1011                return -EOPNOTSUPP;
1012        if (tp->fastopen_req != NULL)
1013                return -EALREADY; /* Another Fast Open is in progress */
1014
1015        tp->fastopen_req = kzalloc(sizeof(struct tcp_fastopen_request),
1016                                   sk->sk_allocation);
1017        if (unlikely(tp->fastopen_req == NULL))
1018                return -ENOBUFS;
1019        tp->fastopen_req->data = msg;
1020
1021        flags = (msg->msg_flags & MSG_DONTWAIT) ? O_NONBLOCK : 0;
1022        err = __inet_stream_connect(sk->sk_socket, msg->msg_name,
1023                                    msg->msg_namelen, flags);
1024        *size = tp->fastopen_req->copied;
1025        tcp_free_fastopen_req(tp);
1026        return err;
1027}
1028
1029int tcp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
1030                size_t size)
1031{
1032        struct iovec *iov;
1033        struct tcp_sock *tp = tcp_sk(sk);
1034        struct sk_buff *skb;
1035        int iovlen, flags, err, copied = 0;
1036        int mss_now = 0, size_goal, copied_syn = 0, offset = 0;
1037        bool sg;
1038        long timeo;
1039
1040        lock_sock(sk);
1041
1042        flags = msg->msg_flags;
1043        if (flags & MSG_FASTOPEN) {
1044                err = tcp_sendmsg_fastopen(sk, msg, &copied_syn);
1045                if (err == -EINPROGRESS && copied_syn > 0)
1046                        goto out;
1047                else if (err)
1048                        goto out_err;
1049                offset = copied_syn;
1050        }
1051
1052        timeo = sock_sndtimeo(sk, flags & MSG_DONTWAIT);
1053
1054        /* Wait for a connection to finish. One exception is TCP Fast Open
1055         * (passive side) where data is allowed to be sent before a connection
1056         * is fully established.
1057         */
1058        if (((1 << sk->sk_state) & ~(TCPF_ESTABLISHED | TCPF_CLOSE_WAIT)) &&
1059            !tcp_passive_fastopen(sk)) {
1060                if ((err = sk_stream_wait_connect(sk, &timeo)) != 0)
1061                        goto do_error;
1062        }
1063
1064        if (unlikely(tp->repair)) {
1065                if (tp->repair_queue == TCP_RECV_QUEUE) {
1066                        copied = tcp_send_rcvq(sk, msg, size);
1067                        goto out;
1068                }
1069
1070                err = -EINVAL;
1071                if (tp->repair_queue == TCP_NO_QUEUE)
1072                        goto out_err;
1073
1074                /* 'common' sending to sendq */
1075        }
1076
1077        /* This should be in poll */
1078        clear_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags);
1079
1080        mss_now = tcp_send_mss(sk, &size_goal, flags);
1081
1082        /* Ok commence sending. */
1083        iovlen = msg->msg_iovlen;
1084        iov = msg->msg_iov;
1085        copied = 0;
1086
1087        err = -EPIPE;
1088        if (sk->sk_err || (sk->sk_shutdown & SEND_SHUTDOWN))
1089                goto out_err;
1090
1091        sg = !!(sk->sk_route_caps & NETIF_F_SG);
1092
1093        while (--iovlen >= 0) {
1094                size_t seglen = iov->iov_len;
1095                unsigned char __user *from = iov->iov_base;
1096
1097                iov++;
1098                if (unlikely(offset > 0)) {  /* Skip bytes copied in SYN */
1099                        if (offset >= seglen) {
1100                                offset -= seglen;
1101                                continue;
1102                        }
1103                        seglen -= offset;
1104                        from += offset;
1105                        offset = 0;
1106                }
1107
1108                while (seglen > 0) {
1109                        int copy = 0;
1110                        int max = size_goal;
1111
1112                        skb = tcp_write_queue_tail(sk);
1113                        if (tcp_send_head(sk)) {
1114                                if (skb->ip_summed == CHECKSUM_NONE)
1115                                        max = mss_now;
1116                                copy = max - skb->len;
1117                        }
1118
1119                        if (copy <= 0) {
1120new_segment:
1121                                /* Allocate new segment. If the interface is SG,
1122                                 * allocate skb fitting to single page.
1123                                 */
1124                                if (!sk_stream_memory_free(sk))
1125                                        goto wait_for_sndbuf;
1126
1127                                skb = sk_stream_alloc_skb(sk,
1128                                                          select_size(sk, sg),
1129                                                          sk->sk_allocation);
1130                                if (!skb)
1131                                        goto wait_for_memory;
1132
1133                                /*
1134                                 * All packets are restored as if they have
1135                                 * already been sent.
1136                                 */
1137                                if (tp->repair)
1138                                        TCP_SKB_CB(skb)->when = tcp_time_stamp;
1139
1140                                /*
1141                                 * Check whether we can use HW checksum.
1142                                 */
1143                                if (sk->sk_route_caps & NETIF_F_ALL_CSUM)
1144                                        skb->ip_summed = CHECKSUM_PARTIAL;
1145
1146                                skb_entail(sk, skb);
1147                                copy = size_goal;
1148                                max = size_goal;
1149                        }
1150
1151                        /* Try to append data to the end of skb. */
1152                        if (copy > seglen)
1153                                copy = seglen;
1154
1155                        /* Where to copy to? */
1156                        if (skb_availroom(skb) > 0) {
1157                                /* We have some space in skb head. Superb! */
1158                                copy = min_t(int, copy, skb_availroom(skb));
1159                                err = skb_add_data_nocache(sk, skb, from, copy);
1160                                if (err)
1161                                        goto do_fault;
1162                        } else {
1163                                bool merge = true;
1164                                int i = skb_shinfo(skb)->nr_frags;
1165                                struct page_frag *pfrag = sk_page_frag(sk);
1166
1167                                if (!sk_page_frag_refill(sk, pfrag))
1168                                        goto wait_for_memory;
1169
1170                                if (!skb_can_coalesce(skb, i, pfrag->page,
1171                                                      pfrag->offset)) {
1172                                        if (i == MAX_SKB_FRAGS || !sg) {
1173                                                tcp_mark_push(tp, skb);
1174                                                goto new_segment;
1175                                        }
1176                                        merge = false;
1177                                }
1178
1179                                copy = min_t(int, copy, pfrag->size - pfrag->offset);
1180
1181                                if (!sk_wmem_schedule(sk, copy))
1182                                        goto wait_for_memory;
1183
1184                                err = skb_copy_to_page_nocache(sk, from, skb,
1185                                                               pfrag->page,
1186                                                               pfrag->offset,
1187                                                               copy);
1188                                if (err)
1189                                        goto do_error;
1190
1191                                /* Update the skb. */
1192                                if (merge) {
1193                                        skb_frag_size_add(&skb_shinfo(skb)->frags[i - 1], copy);
1194                                } else {
1195                                        skb_fill_page_desc(skb, i, pfrag->page,
1196                                                           pfrag->offset, copy);
1197                                        get_page(pfrag->page);
1198                                }
1199                                pfrag->offset += copy;
1200                        }
1201
1202                        if (!copied)
1203                                TCP_SKB_CB(skb)->tcp_flags &= ~TCPHDR_PSH;
1204
1205                        tp->write_seq += copy;
1206                        TCP_SKB_CB(skb)->end_seq += copy;
1207                        skb_shinfo(skb)->gso_segs = 0;
1208
1209                        from += copy;
1210                        copied += copy;
1211                        if ((seglen -= copy) == 0 && iovlen == 0)
1212                                goto out;
1213
1214                        if (skb->len < max || (flags & MSG_OOB) || unlikely(tp->repair))
1215                                continue;
1216
1217                        if (forced_push(tp)) {
1218                                tcp_mark_push(tp, skb);
1219                                __tcp_push_pending_frames(sk, mss_now, TCP_NAGLE_PUSH);
1220                        } else if (skb == tcp_send_head(sk))
1221                                tcp_push_one(sk, mss_now);
1222                        continue;
1223
1224wait_for_sndbuf:
1225                        set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
1226wait_for_memory:
1227                        if (copied)
1228                                tcp_push(sk, flags & ~MSG_MORE, mss_now, TCP_NAGLE_PUSH);
1229
1230                        if ((err = sk_stream_wait_memory(sk, &timeo)) != 0)
1231                                goto do_error;
1232
1233                        mss_now = tcp_send_mss(sk, &size_goal, flags);
1234                }
1235        }
1236
1237out:
1238        if (copied)
1239                tcp_push(sk, flags, mss_now, tp->nonagle);
1240        release_sock(sk);
1241        return copied + copied_syn;
1242
1243do_fault:
1244        if (!skb->len) {
1245                tcp_unlink_write_queue(skb, sk);
1246                /* It is the one place in all of TCP, except connection
1247                 * reset, where we can be unlinking the send_head.
1248                 */
1249                tcp_check_send_head(sk, skb);
1250                sk_wmem_free_skb(sk, skb);
1251        }
1252
1253do_error:
1254        if (copied + copied_syn)
1255                goto out;
1256out_err:
1257        err = sk_stream_error(sk, flags, err);
1258        release_sock(sk);
1259        return err;
1260}
1261EXPORT_SYMBOL(tcp_sendmsg);
1262
1263/*
1264 *      Handle reading urgent data. BSD has very simple semantics for
1265 *      this, no blocking and very strange errors 8)
1266 */
1267
1268static int tcp_recv_urg(struct sock *sk, struct msghdr *msg, int len, int flags)
1269{
1270        struct tcp_sock *tp = tcp_sk(sk);
1271
1272        /* No URG data to read. */
1273        if (sock_flag(sk, SOCK_URGINLINE) || !tp->urg_data ||
1274            tp->urg_data == TCP_URG_READ)
1275                return -EINVAL; /* Yes this is right ! */
1276
1277        if (sk->sk_state == TCP_CLOSE && !sock_flag(sk, SOCK_DONE))
1278                return -ENOTCONN;
1279
1280        if (tp->urg_data & TCP_URG_VALID) {
1281                int err = 0;
1282                char c = tp->urg_data;
1283
1284                if (!(flags & MSG_PEEK))
1285                        tp->urg_data = TCP_URG_READ;
1286
1287                /* Read urgent data. */
1288                msg->msg_flags |= MSG_OOB;
1289
1290                if (len > 0) {
1291                        if (!(flags & MSG_TRUNC))
1292                                err = memcpy_toiovec(msg->msg_iov, &c, 1);
1293                        len = 1;
1294                } else
1295                        msg->msg_flags |= MSG_TRUNC;
1296
1297                return err ? -EFAULT : len;
1298        }
1299
1300        if (sk->sk_state == TCP_CLOSE || (sk->sk_shutdown & RCV_SHUTDOWN))
1301                return 0;
1302
1303        /* Fixed the recv(..., MSG_OOB) behaviour.  BSD docs and
1304         * the available implementations agree in this case:
1305         * this call should never block, independent of the
1306         * blocking state of the socket.
1307         * Mike <pall@rz.uni-karlsruhe.de>
1308         */
1309        return -EAGAIN;
1310}
1311
1312static int tcp_peek_sndq(struct sock *sk, struct msghdr *msg, int len)
1313{
1314        struct sk_buff *skb;
1315        int copied = 0, err = 0;
1316
1317        /* XXX -- need to support SO_PEEK_OFF */
1318
1319        skb_queue_walk(&sk->sk_write_queue, skb) {
1320                err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, skb->len);
1321                if (err)
1322                        break;
1323
1324                copied += skb->len;
1325        }
1326
1327        return err ?: copied;
1328}
1329
1330/* Clean up the receive buffer for full frames taken by the user,
1331 * then send an ACK if necessary.  COPIED is the number of bytes
1332 * tcp_recvmsg has given to the user so far, it speeds up the
1333 * calculation of whether or not we must ACK for the sake of
1334 * a window update.
1335 */
1336void tcp_cleanup_rbuf(struct sock *sk, int copied)
1337{
1338        struct tcp_sock *tp = tcp_sk(sk);
1339        bool time_to_ack = false;
1340
1341        struct sk_buff *skb = skb_peek(&sk->sk_receive_queue);
1342
1343        WARN(skb && !before(tp->copied_seq, TCP_SKB_CB(skb)->end_seq),
1344             "cleanup rbuf bug: copied %X seq %X rcvnxt %X\n",
1345             tp->copied_seq, TCP_SKB_CB(skb)->end_seq, tp->rcv_nxt);
1346
1347        if (inet_csk_ack_scheduled(sk)) {
1348                const struct inet_connection_sock *icsk = inet_csk(sk);
1349                   /* Delayed ACKs frequently hit locked sockets during bulk
1350                    * receive. */
1351                if (icsk->icsk_ack.blocked ||
1352                    /* Once-per-two-segments ACK was not sent by tcp_input.c */
1353                    tp->rcv_nxt - tp->rcv_wup > icsk->icsk_ack.rcv_mss ||
1354                    /*
1355                     * If this read emptied read buffer, we send ACK, if
1356                     * connection is not bidirectional, user drained
1357                     * receive buffer and there was a small segment
1358                     * in queue.
1359                     */
1360                    (copied > 0 &&
1361                     ((icsk->icsk_ack.pending & ICSK_ACK_PUSHED2) ||
1362                      ((icsk->icsk_ack.pending & ICSK_ACK_PUSHED) &&
1363                       !icsk->icsk_ack.pingpong)) &&
1364                      !atomic_read(&sk->sk_rmem_alloc)))
1365                        time_to_ack = true;
1366        }
1367
1368        /* We send an ACK if we can now advertise a non-zero window
1369         * which has been raised "significantly".
1370         *
1371         * Even if window raised up to infinity, do not send window open ACK
1372         * in states, where we will not receive more. It is useless.
1373         */
1374        if (copied > 0 && !time_to_ack && !(sk->sk_shutdown & RCV_SHUTDOWN)) {
1375                __u32 rcv_window_now = tcp_receive_window(tp);
1376
1377                /* Optimize, __tcp_select_window() is not cheap. */
1378                if (2*rcv_window_now <= tp->window_clamp) {
1379                        __u32 new_window = __tcp_select_window(sk);
1380
1381                        /* Send ACK now, if this read freed lots of space
1382                         * in our buffer. Certainly, new_window is new window.
1383                         * We can advertise it now, if it is not less than current one.
1384                         * "Lots" means "at least twice" here.
1385                         */
1386                        if (new_window && new_window >= 2 * rcv_window_now)
1387                                time_to_ack = true;
1388                }
1389        }
1390        if (time_to_ack)
1391                tcp_send_ack(sk);
1392}
1393
1394static void tcp_prequeue_process(struct sock *sk)
1395{
1396        struct sk_buff *skb;
1397        struct tcp_sock *tp = tcp_sk(sk);
1398
1399        NET_INC_STATS_USER(sock_net(sk), LINUX_MIB_TCPPREQUEUED);
1400
1401        /* RX process wants to run with disabled BHs, though it is not
1402         * necessary */
1403        local_bh_disable();
1404        while ((skb = __skb_dequeue(&tp->ucopy.prequeue)) != NULL)
1405                sk_backlog_rcv(sk, skb);
1406        local_bh_enable();
1407
1408        /* Clear memory counter. */
1409        tp->ucopy.memory = 0;
1410}
1411
1412#ifdef CONFIG_NET_DMA
1413static void tcp_service_net_dma(struct sock *sk, bool wait)
1414{
1415        dma_cookie_t done, used;
1416        dma_cookie_t last_issued;
1417        struct tcp_sock *tp = tcp_sk(sk);
1418
1419        if (!tp->ucopy.dma_chan)
1420                return;
1421
1422        last_issued = tp->ucopy.dma_cookie;
1423        dma_async_issue_pending(tp->ucopy.dma_chan);
1424
1425        do {
1426                if (dma_async_is_tx_complete(tp->ucopy.dma_chan,
1427                                              last_issued, &done,
1428                                              &used) == DMA_COMPLETE) {
1429                        /* Safe to free early-copied skbs now */
1430                        __skb_queue_purge(&sk->sk_async_wait_queue);
1431                        break;
1432                } else {
1433                        struct sk_buff *skb;
1434                        while ((skb = skb_peek(&sk->sk_async_wait_queue)) &&
1435                               (dma_async_is_complete(skb->dma_cookie, done,
1436                                                      used) == DMA_COMPLETE)) {
1437                                __skb_dequeue(&sk->sk_async_wait_queue);
1438                                kfree_skb(skb);
1439                        }
1440                }
1441        } while (wait);
1442}
1443#endif
1444
1445static struct sk_buff *tcp_recv_skb(struct sock *sk, u32 seq, u32 *off)
1446{
1447        struct sk_buff *skb;
1448        u32 offset;
1449
1450        while ((skb = skb_peek(&sk->sk_receive_queue)) != NULL) {
1451                offset = seq - TCP_SKB_CB(skb)->seq;
1452                if (tcp_hdr(skb)->syn)
1453                        offset--;
1454                if (offset < skb->len || tcp_hdr(skb)->fin) {
1455                        *off = offset;
1456                        return skb;
1457                }
1458                /* This looks weird, but this can happen if TCP collapsing
1459                 * splitted a fat GRO packet, while we released socket lock
1460                 * in skb_splice_bits()
1461                 */
1462                sk_eat_skb(sk, skb, false);
1463        }
1464        return NULL;
1465}
1466
1467/*
1468 * This routine provides an alternative to tcp_recvmsg() for routines
1469 * that would like to handle copying from skbuffs directly in 'sendfile'
1470 * fashion.
1471 * Note:
1472 *      - It is assumed that the socket was locked by the caller.
1473 *      - The routine does not block.
1474 *      - At present, there is no support for reading OOB data
1475 *        or for 'peeking' the socket using this routine
1476 *        (although both would be easy to implement).
1477 */
1478int tcp_read_sock(struct sock *sk, read_descriptor_t *desc,
1479                  sk_read_actor_t recv_actor)
1480{
1481        struct sk_buff *skb;
1482        struct tcp_sock *tp = tcp_sk(sk);
1483        u32 seq = tp->copied_seq;
1484        u32 offset;
1485        int copied = 0;
1486
1487        if (sk->sk_state == TCP_LISTEN)
1488                return -ENOTCONN;
1489        while ((skb = tcp_recv_skb(sk, seq, &offset)) != NULL) {
1490                if (offset < skb->len) {
1491                        int used;
1492                        size_t len;
1493
1494                        len = skb->len - offset;
1495                        /* Stop reading if we hit a patch of urgent data */
1496                        if (tp->urg_data) {
1497                                u32 urg_offset = tp->urg_seq - seq;
1498                                if (urg_offset < len)
1499                                        len = urg_offset;
1500                                if (!len)
1501                                        break;
1502                        }
1503                        used = recv_actor(desc, skb, offset, len);
1504                        if (used <= 0) {
1505                                if (!copied)
1506                                        copied = used;
1507                                break;
1508                        } else if (used <= len) {
1509                                seq += used;
1510                                copied += used;
1511                                offset += used;
1512                        }
1513                        /* If recv_actor drops the lock (e.g. TCP splice
1514                         * receive) the skb pointer might be invalid when
1515                         * getting here: tcp_collapse might have deleted it
1516                         * while aggregating skbs from the socket queue.
1517                         */
1518                        skb = tcp_recv_skb(sk, seq - 1, &offset);
1519                        if (!skb)
1520                                break;
1521                        /* TCP coalescing might have appended data to the skb.
1522                         * Try to splice more frags
1523                         */
1524                        if (offset + 1 != skb->len)
1525                                continue;
1526                }
1527                if (tcp_hdr(skb)->fin) {
1528                        sk_eat_skb(sk, skb, false);
1529                        ++seq;
1530                        break;
1531                }
1532                sk_eat_skb(sk, skb, false);
1533                if (!desc->count)
1534                        break;
1535                tp->copied_seq = seq;
1536        }
1537        tp->copied_seq = seq;
1538
1539        tcp_rcv_space_adjust(sk);
1540
1541        /* Clean up data we have read: This will do ACK frames. */
1542        if (copied > 0) {
1543                tcp_recv_skb(sk, seq, &offset);
1544                tcp_cleanup_rbuf(sk, copied);
1545        }
1546        return copied;
1547}
1548EXPORT_SYMBOL(tcp_read_sock);
1549
1550/*
1551 *      This routine copies from a sock struct into the user buffer.
1552 *
1553 *      Technical note: in 2.3 we work on _locked_ socket, so that
1554 *      tricks with *seq access order and skb->users are not required.
1555 *      Probably, code can be easily improved even more.
1556 */
1557
1558int tcp_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
1559                size_t len, int nonblock, int flags, int *addr_len)
1560{
1561        struct tcp_sock *tp = tcp_sk(sk);
1562        int copied = 0;
1563        u32 peek_seq;
1564        u32 *seq;
1565        unsigned long used;
1566        int err;
1567        int target;             /* Read at least this many bytes */
1568        long timeo;
1569        struct task_struct *user_recv = NULL;
1570        bool copied_early = false;
1571        struct sk_buff *skb;
1572        u32 urg_hole = 0;
1573
1574        if (sk_can_busy_loop(sk) && skb_queue_empty(&sk->sk_receive_queue) &&
1575            (sk->sk_state == TCP_ESTABLISHED))
1576                sk_busy_loop(sk, nonblock);
1577
1578        lock_sock(sk);
1579
1580        err = -ENOTCONN;
1581        if (sk->sk_state == TCP_LISTEN)
1582                goto out;
1583
1584        timeo = sock_rcvtimeo(sk, nonblock);
1585
1586        /* Urgent data needs to be handled specially. */
1587        if (flags & MSG_OOB)
1588                goto recv_urg;
1589
1590        if (unlikely(tp->repair)) {
1591                err = -EPERM;
1592                if (!(flags & MSG_PEEK))
1593                        goto out;
1594
1595                if (tp->repair_queue == TCP_SEND_QUEUE)
1596                        goto recv_sndq;
1597
1598                err = -EINVAL;
1599                if (tp->repair_queue == TCP_NO_QUEUE)
1600                        goto out;
1601
1602                /* 'common' recv queue MSG_PEEK-ing */
1603        }
1604
1605        seq = &tp->copied_seq;
1606        if (flags & MSG_PEEK) {
1607                peek_seq = tp->copied_seq;
1608                seq = &peek_seq;
1609        }
1610
1611        target = sock_rcvlowat(sk, flags & MSG_WAITALL, len);
1612
1613#ifdef CONFIG_NET_DMA
1614        tp->ucopy.dma_chan = NULL;
1615        preempt_disable();
1616        skb = skb_peek_tail(&sk->sk_receive_queue);
1617        {
1618                int available = 0;
1619
1620                if (skb)
1621                        available = TCP_SKB_CB(skb)->seq + skb->len - (*seq);
1622                if ((available < target) &&
1623                    (len > sysctl_tcp_dma_copybreak) && !(flags & MSG_PEEK) &&
1624                    !sysctl_tcp_low_latency &&
1625                    net_dma_find_channel()) {
1626                        preempt_enable_no_resched();
1627                        tp->ucopy.pinned_list =
1628                                        dma_pin_iovec_pages(msg->msg_iov, len);
1629                } else {
1630                        preempt_enable_no_resched();
1631                }
1632        }
1633#endif
1634
1635        do {
1636                u32 offset;
1637
1638                /* Are we at urgent data? Stop if we have read anything or have SIGURG pending. */
1639                if (tp->urg_data && tp->urg_seq == *seq) {
1640                        if (copied)
1641                                break;
1642                        if (signal_pending(current)) {
1643                                copied = timeo ? sock_intr_errno(timeo) : -EAGAIN;
1644                                break;
1645                        }
1646                }
1647
1648                /* Next get a buffer. */
1649
1650                skb_queue_walk(&sk->sk_receive_queue, skb) {
1651                        /* Now that we have two receive queues this
1652                         * shouldn't happen.
1653                         */
1654                        if (WARN(before(*seq, TCP_SKB_CB(skb)->seq),
1655                                 "recvmsg bug: copied %X seq %X rcvnxt %X fl %X\n",
1656                                 *seq, TCP_SKB_CB(skb)->seq, tp->rcv_nxt,
1657                                 flags))
1658                                break;
1659
1660                        offset = *seq - TCP_SKB_CB(skb)->seq;
1661                        if (tcp_hdr(skb)->syn)
1662                                offset--;
1663                        if (offset < skb->len)
1664                                goto found_ok_skb;
1665                        if (tcp_hdr(skb)->fin)
1666                                goto found_fin_ok;
1667                        WARN(!(flags & MSG_PEEK),
1668                             "recvmsg bug 2: copied %X seq %X rcvnxt %X fl %X\n",
1669                             *seq, TCP_SKB_CB(skb)->seq, tp->rcv_nxt, flags);
1670                }
1671
1672                /* Well, if we have backlog, try to process it now yet. */
1673
1674                if (copied >= target && !sk->sk_backlog.tail)
1675                        break;
1676
1677                if (copied) {
1678                        if (sk->sk_err ||
1679                            sk->sk_state == TCP_CLOSE ||
1680                            (sk->sk_shutdown & RCV_SHUTDOWN) ||
1681                            !timeo ||
1682                            signal_pending(current))
1683                                break;
1684                } else {
1685                        if (sock_flag(sk, SOCK_DONE))
1686                                break;
1687
1688                        if (sk->sk_err) {
1689                                copied = sock_error(sk);
1690                                break;
1691                        }
1692
1693                        if (sk->sk_shutdown & RCV_SHUTDOWN)
1694                                break;
1695
1696                        if (sk->sk_state == TCP_CLOSE) {
1697                                if (!sock_flag(sk, SOCK_DONE)) {
1698                                        /* This occurs when user tries to read
1699                                         * from never connected socket.
1700                                         */
1701                                        copied = -ENOTCONN;
1702                                        break;
1703                                }
1704                                break;
1705                        }
1706
1707                        if (!timeo) {
1708                                copied = -EAGAIN;
1709                                break;
1710                        }
1711
1712                        if (signal_pending(current)) {
1713                                copied = sock_intr_errno(timeo);
1714                                break;
1715                        }
1716                }
1717
1718                tcp_cleanup_rbuf(sk, copied);
1719
1720                if (!sysctl_tcp_low_latency && tp->ucopy.task == user_recv) {
1721                        /* Install new reader */
1722                        if (!user_recv && !(flags & (MSG_TRUNC | MSG_PEEK))) {
1723                                user_recv = current;
1724                                tp->ucopy.task = user_recv;
1725                                tp->ucopy.iov = msg->msg_iov;
1726                        }
1727
1728                        tp->ucopy.len = len;
1729
1730                        WARN_ON(tp->copied_seq != tp->rcv_nxt &&
1731                                !(flags & (MSG_PEEK | MSG_TRUNC)));
1732
1733                        /* Ugly... If prequeue is not empty, we have to
1734                         * process it before releasing socket, otherwise
1735                         * order will be broken at second iteration.
1736                         * More elegant solution is required!!!
1737                         *
1738                         * Look: we have the following (pseudo)queues:
1739                         *
1740                         * 1. packets in flight
1741                         * 2. backlog
1742                         * 3. prequeue
1743                         * 4. receive_queue
1744                         *
1745                         * Each queue can be processed only if the next ones
1746                         * are empty. At this point we have empty receive_queue.
1747                         * But prequeue _can_ be not empty after 2nd iteration,
1748                         * when we jumped to start of loop because backlog
1749                         * processing added something to receive_queue.
1750                         * We cannot release_sock(), because backlog contains
1751                         * packets arrived _after_ prequeued ones.
1752                         *
1753                         * Shortly, algorithm is clear --- to process all
1754                         * the queues in order. We could make it more directly,
1755                         * requeueing packets from backlog to prequeue, if
1756                         * is not empty. It is more elegant, but eats cycles,
1757                         * unfortunately.
1758                         */
1759                        if (!skb_queue_empty(&tp->ucopy.prequeue))
1760                                goto do_prequeue;
1761
1762                        /* __ Set realtime policy in scheduler __ */
1763                }
1764
1765#ifdef CONFIG_NET_DMA
1766                if (tp->ucopy.dma_chan) {
1767                        if (tp->rcv_wnd == 0 &&
1768                            !skb_queue_empty(&sk->sk_async_wait_queue)) {
1769                                tcp_service_net_dma(sk, true);
1770                                tcp_cleanup_rbuf(sk, copied);
1771                        } else
1772                                dma_async_issue_pending(tp->ucopy.dma_chan);
1773                }
1774#endif
1775                if (copied >= target) {
1776                        /* Do not sleep, just process backlog. */
1777                        release_sock(sk);
1778                        lock_sock(sk);
1779                } else
1780                        sk_wait_data(sk, &timeo);
1781
1782#ifdef CONFIG_NET_DMA
1783                tcp_service_net_dma(sk, false);  /* Don't block */
1784                tp->ucopy.wakeup = 0;
1785#endif
1786
1787                if (user_recv) {
1788                        int chunk;
1789
1790                        /* __ Restore normal policy in scheduler __ */
1791
1792                        if ((chunk = len - tp->ucopy.len) != 0) {
1793                                NET_ADD_STATS_USER(sock_net(sk), LINUX_MIB_TCPDIRECTCOPYFROMBACKLOG, chunk);
1794                                len -= chunk;
1795                                copied += chunk;
1796                        }
1797
1798                        if (tp->rcv_nxt == tp->copied_seq &&
1799                            !skb_queue_empty(&tp->ucopy.prequeue)) {
1800do_prequeue:
1801                                tcp_prequeue_process(sk);
1802
1803                                if ((chunk = len - tp->ucopy.len) != 0) {
1804                                        NET_ADD_STATS_USER(sock_net(sk), LINUX_MIB_TCPDIRECTCOPYFROMPREQUEUE, chunk);
1805                                        len -= chunk;
1806                                        copied += chunk;
1807                                }
1808                        }
1809                }
1810                if ((flags & MSG_PEEK) &&
1811                    (peek_seq - copied - urg_hole != tp->copied_seq)) {
1812                        net_dbg_ratelimited("TCP(%s:%d): Application bug, race in MSG_PEEK\n",
1813                                            current->comm,
1814                                            task_pid_nr(current));
1815                        peek_seq = tp->copied_seq;
1816                }
1817                continue;
1818
1819        found_ok_skb:
1820                /* Ok so how much can we use? */
1821                used = skb->len - offset;
1822                if (len < used)
1823                        used = len;
1824
1825                /* Do we have urgent data here? */
1826                if (tp->urg_data) {
1827                        u32 urg_offset = tp->urg_seq - *seq;
1828                        if (urg_offset < used) {
1829                                if (!urg_offset) {
1830                                        if (!sock_flag(sk, SOCK_URGINLINE)) {
1831                                                ++*seq;
1832                                                urg_hole++;
1833                                                offset++;
1834                                                used--;
1835                                                if (!used)
1836                                                        goto skip_copy;
1837                                        }
1838                                } else
1839                                        used = urg_offset;
1840                        }
1841                }
1842
1843                if (!(flags & MSG_TRUNC)) {
1844#ifdef CONFIG_NET_DMA
1845                        if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
1846                                tp->ucopy.dma_chan = net_dma_find_channel();
1847
1848                        if (tp->ucopy.dma_chan) {
1849                                tp->ucopy.dma_cookie = dma_skb_copy_datagram_iovec(
1850                                        tp->ucopy.dma_chan, skb, offset,
1851                                        msg->msg_iov, used,
1852                                        tp->ucopy.pinned_list);
1853
1854                                if (tp->ucopy.dma_cookie < 0) {
1855
1856                                        pr_alert("%s: dma_cookie < 0\n",
1857                                                 __func__);
1858
1859                                        /* Exception. Bailout! */
1860                                        if (!copied)
1861                                                copied = -EFAULT;
1862                                        break;
1863                                }
1864
1865                                dma_async_issue_pending(tp->ucopy.dma_chan);
1866
1867                                if ((offset + used) == skb->len)
1868                                        copied_early = true;
1869
1870                        } else
1871#endif
1872                        {
1873                                err = skb_copy_datagram_iovec(skb, offset,
1874                                                msg->msg_iov, used);
1875                                if (err) {
1876                                        /* Exception. Bailout! */
1877                                        if (!copied)
1878                                                copied = -EFAULT;
1879                                        break;
1880                                }
1881                        }
1882                }
1883
1884                *seq += used;
1885                copied += used;
1886                len -= used;
1887
1888                tcp_rcv_space_adjust(sk);
1889
1890skip_copy:
1891                if (tp->urg_data && after(tp->copied_seq, tp->urg_seq)) {
1892                        tp->urg_data = 0;
1893                        tcp_fast_path_check(sk);
1894                }
1895                if (used + offset < skb->len)
1896                        continue;
1897
1898                if (tcp_hdr(skb)->fin)
1899                        goto found_fin_ok;
1900                if (!(flags & MSG_PEEK)) {
1901                        sk_eat_skb(sk, skb, copied_early);
1902                        copied_early = false;
1903                }
1904                continue;
1905
1906        found_fin_ok:
1907                /* Process the FIN. */
1908                ++*seq;
1909                if (!(flags & MSG_PEEK)) {
1910                        sk_eat_skb(sk, skb, copied_early);
1911                        copied_early = false;
1912                }
1913                break;
1914        } while (len > 0);
1915
1916        if (user_recv) {
1917                if (!skb_queue_empty(&tp->ucopy.prequeue)) {
1918                        int chunk;
1919
1920                        tp->ucopy.len = copied > 0 ? len : 0;
1921
1922                        tcp_prequeue_process(sk);
1923
1924                        if (copied > 0 && (chunk = len - tp->ucopy.len) != 0) {
1925                                NET_ADD_STATS_USER(sock_net(sk), LINUX_MIB_TCPDIRECTCOPYFROMPREQUEUE, chunk);
1926                                len -= chunk;
1927                                copied += chunk;
1928                        }
1929                }
1930
1931                tp->ucopy.task = NULL;
1932                tp->ucopy.len = 0;
1933        }
1934
1935#ifdef CONFIG_NET_DMA
1936        tcp_service_net_dma(sk, true);  /* Wait for queue to drain */
1937        tp->ucopy.dma_chan = NULL;
1938
1939        if (tp->ucopy.pinned_list) {
1940                dma_unpin_iovec_pages(tp->ucopy.pinned_list);
1941                tp->ucopy.pinned_list = NULL;
1942        }
1943#endif
1944
1945        /* According to UNIX98, msg_name/msg_namelen are ignored
1946         * on connected socket. I was just happy when found this 8) --ANK
1947         */
1948
1949        /* Clean up data we have read: This will do ACK frames. */
1950        tcp_cleanup_rbuf(sk, copied);
1951
1952        release_sock(sk);
1953        return copied;
1954
1955out:
1956        release_sock(sk);
1957        return err;
1958
1959recv_urg:
1960        err = tcp_recv_urg(sk, msg, len, flags);
1961        goto out;
1962
1963recv_sndq:
1964        err = tcp_peek_sndq(sk, msg, len);
1965        goto out;
1966}
1967EXPORT_SYMBOL(tcp_recvmsg);
1968
1969void tcp_set_state(struct sock *sk, int state)
1970{
1971        int oldstate = sk->sk_state;
1972
1973        switch (state) {
1974        case TCP_ESTABLISHED:
1975                if (oldstate != TCP_ESTABLISHED)
1976                        TCP_INC_STATS(sock_net(sk), TCP_MIB_CURRESTAB);
1977                break;
1978
1979        case TCP_CLOSE:
1980                if (oldstate == TCP_CLOSE_WAIT || oldstate == TCP_ESTABLISHED)
1981                        TCP_INC_STATS(sock_net(sk), TCP_MIB_ESTABRESETS);
1982
1983                sk->sk_prot->unhash(sk);
1984                if (inet_csk(sk)->icsk_bind_hash &&
1985                    !(sk->sk_userlocks & SOCK_BINDPORT_LOCK))
1986                        inet_put_port(sk);
1987                /* fall through */
1988        default:
1989                if (oldstate == TCP_ESTABLISHED)
1990                        TCP_DEC_STATS(sock_net(sk), TCP_MIB_CURRESTAB);
1991        }
1992
1993        /* Change state AFTER socket is unhashed to avoid closed
1994         * socket sitting in hash tables.
1995         */
1996        sk->sk_state = state;
1997
1998#ifdef STATE_TRACE
1999        SOCK_DEBUG(sk, "TCP sk=%p, State %s -> %s\n", sk, statename[oldstate], statename[state]);
2000#endif

2001}
2002EXPORT_SYMBOL_GPL(tcp_set_state);
2003
2004/*
2005 *      State processing on a close. This implements the state shift for
2006 *      sending our FIN frame. Note that we only send a FIN for some
2007 *      states. A shutdown() may have already sent the FIN, or we may be
2008 *      closed.
2009 */
2010
2011static const unsigned char new_state[16] = {
2012  /* current state:        new state:      action:      */
2013  /* (Invalid)          */ TCP_CLOSE,
2014  /* TCP_ESTABLISHED    */ TCP_FIN_WAIT1 | TCP_ACTION_FIN,
2015  /* TCP_SYN_SENT       */ TCP_CLOSE,
2016  /* TCP_SYN_RECV       */ TCP_FIN_WAIT1 | TCP_ACTION_FIN,
2017  /* TCP_FIN_WAIT1      */ TCP_FIN_WAIT1,
2018  /* TCP_FIN_WAIT2      */ TCP_FIN_WAIT2,
2019  /* TCP_TIME_WAIT      */ TCP_CLOSE,
2020  /* TCP_CLOSE          */ TCP_CLOSE,
2021  /* TCP_CLOSE_WAIT     */ TCP_LAST_ACK  | TCP_ACTION_FIN,
2022  /* TCP_LAST_ACK       */ TCP_LAST_ACK,
2023  /* TCP_LISTEN         */ TCP_CLOSE,
2024  /* TCP_CLOSING        */ TCP_CLOSING,
2025};
2026
2027static int tcp_close_state(struct sock *sk)
2028{
2029        int next = (int)new_state[sk->sk_state];
2030        int ns = next & TCP_STATE_MASK;
2031
2032        tcp_set_state(sk, ns);
2033
2034        return next & TCP_ACTION_FIN;
2035}
2036
2037/*
2038 *      Shutdown the sending side of a connection. Much like close except
2039 *      that we don't receive shut down or sock_set_flag(sk, SOCK_DEAD).
2040 */
2041
2042void tcp_shutdown(struct sock *sk, int how)
2043{
2044        /*      We need to grab some memory, and put together a FIN,
2045         *      and then put it into the queue to be sent.
2046         *              Tim MacKenzie(tym@dibbler.cs.monash.edu.au) 4 Dec '92.
2047         */
2048        if (!(how & SEND_SHUTDOWN))
2049                return;
2050
2051        /* If we've already sent a FIN, or it's a closed state, skip this. */
2052        if ((1 << sk->sk_state) &
2053            (TCPF_ESTABLISHED | TCPF_SYN_SENT |
2054             TCPF_SYN_RECV | TCPF_CLOSE_WAIT)) {
2055                /* Clear out any half completed packets.  FIN if needed. */
2056                if (tcp_close_state(sk))
2057                        tcp_send_fin(sk);
2058        }
2059}
2060EXPORT_SYMBOL(tcp_shutdown);
2061
2062bool tcp_check_oom(struct sock *sk, int shift)
2063{
2064        bool too_many_orphans, out_of_socket_memory;
2065
2066        too_many_orphans = tcp_too_many_orphans(sk, shift);
2067        out_of_socket_memory = tcp_out_of_memory(sk);
2068
2069        if (too_many_orphans)
2070                net_info_ratelimited("too many orphaned sockets\n");
2071        if (out_of_socket_memory)
2072                net_info_ratelimited("out of memory -- consider tuning tcp_mem\n");
2073        return too_many_orphans || out_of_socket_memory;
2074}
2075
2076void tcp_close(struct sock *sk, long timeout)
2077{
2078        struct sk_buff *skb;
2079        int data_was_unread = 0;
2080        int state;
2081
2082        lock_sock(sk);
2083        sk->sk_shutdown = SHUTDOWN_MASK;
2084
2085        if (sk->sk_state == TCP_LISTEN) {
2086                tcp_set_state(sk, TCP_CLOSE);
2087
2088                /* Special case. */
2089                inet_csk_listen_stop(sk);
2090
2091                goto adjudge_to_death;
2092        }
2093
2094        /*  We need to flush the recv. buffs.  We do this only on the
2095         *  descriptor close, not protocol-sourced closes, because the
2096         *  reader process may not have drained the data yet!
2097         */
2098        while ((skb = __skb_dequeue(&sk->sk_receive_queue)) != NULL) {
2099                u32 len = TCP_SKB_CB(skb)->end_seq - TCP_SKB_CB(skb)->seq -
2100                          tcp_hdr(skb)->fin;
2101                data_was_unread += len;
2102                __kfree_skb(skb);
2103        }
2104
2105        sk_mem_reclaim(sk);
2106
2107        /* If socket has been already reset (e.g. in tcp_reset()) - kill it. */
2108        if (sk->sk_state == TCP_CLOSE)
2109                goto adjudge_to_death;
2110
2111        /* As outlined in RFC 2525, section 2.17, we send a RST here because
2112         * data was lost. To witness the awful effects of the old behavior of
2113         * always doing a FIN, run an older 2.1.x kernel or 2.0.x, start a bulk
2114         * GET in an FTP client, suspend the process, wait for the client to
2115         * advertise a zero window, then kill -9 the FTP client, wheee...
2116         * Note: timeout is always zero in such a case.
2117         */
2118        if (unlikely(tcp_sk(sk)->repair)) {
2119                sk->sk_prot->disconnect(sk, 0);
2120        } else if (data_was_unread) {
2121                /* Unread data was tossed, zap the connection. */
2122                NET_INC_STATS_USER(sock_net(sk), LINUX_MIB_TCPABORTONCLOSE);
2123                tcp_set_state(sk, TCP_CLOSE);
2124                tcp_send_active_reset(sk, sk->sk_allocation);
2125        } else if (sock_flag(sk, SOCK_LINGER) && !sk->sk_lingertime) {
2126                /* Check zero linger _after_ checking for unread data. */
2127                sk->sk_prot->disconnect(sk, 0);
2128                NET_INC_STATS_USER(sock_net(sk), LINUX_MIB_TCPABORTONDATA);
2129        } else if (tcp_close_state(sk)) {
2130                /* We FIN if the application ate all the data before
2131                 * zapping the connection.
2132                 */
2133
2134                /* RED-PEN. Formally speaking, we have broken TCP state
2135                 * machine. State transitions:
2136                 *
2137                 * TCP_ESTABLISHED -> TCP_FIN_WAIT1
2138                 * TCP_SYN_RECV -> TCP_FIN_WAIT1 (forget it, it's impossible)
2139                 * TCP_CLOSE_WAIT -> TCP_LAST_ACK
2140                 *
2141                 * are legal only when FIN has been sent (i.e. in window),
2142                 * rather than queued out of window. Purists blame.
2143                 *
2144                 * F.e. "RFC state" is ESTABLISHED,
2145                 * if Linux state is FIN-WAIT-1, but FIN is still not sent.
2146                 *
2147                 * The visible declinations are that sometimes
2148                 * we enter time-wait state, when it is not required really
2149                 * (harmless), do not send active resets, when they are
2150                 * required by specs (TCP_ESTABLISHED, TCP_CLOSE_WAIT, when
2151                 * they look as CLOSING or LAST_ACK for Linux)
2152                 * Probably, I missed some more holelets.
2153                 *                                              --ANK
2154                 * XXX (TFO) - To start off we don't support SYN+ACK+FIN
2155                 * in a single packet! (May consider it later but will
2156                 * probably need API support or TCP_CORK SYN-ACK until
2157                 * data is written and socket is closed.)
2158                 */
2159                tcp_send_fin(sk);
2160        }
2161
2162        sk_stream_wait_close(sk, timeout);
2163
2164adjudge_to_death:
2165        state = sk->sk_state;
2166        sock_hold(sk);
2167        sock_orphan(sk);
2168
2169        /* It is the last release_sock in its life. It will remove backlog. */
2170        release_sock(sk);
2171
2172
2173        /* Now socket is owned by kernel and we acquire BH lock
2174           to finish close. No need to check for user refs.
2175         */
2176        local_bh_disable();
2177        bh_lock_sock(sk);
2178        WARN_ON(sock_owned_by_user(sk));
2179
2180        percpu_counter_inc(sk->sk_prot->orphan_count);
2181
2182        /* Have we already been destroyed by a softirq or backlog? */
2183        if (state != TCP_CLOSE && sk->sk_state == TCP_CLOSE)
2184                goto out;
2185
2186        /*      This is a (useful) BSD violating of the RFC. There is a
2187         *      problem with TCP as specified in that the other end could
2188         *      keep a socket open forever with no application left this end.
2189         *      We use a 3 minute timeout (about the same as BSD) then kill
2190         *      our end. If they send after that then tough - BUT: long enough
2191         *      that we won't make the old 4*rto = almost no time - whoops
2192         *      reset mistake.
2193         *
2194         *      Nope, it was not mistake. It is really desired behaviour
2195         *      f.e. on http servers, when such sockets are useless, but
2196         *      consume significant resources. Let's do it with special
2197         *      linger2 option.                                 --ANK
2198         */
2199
2200        if (sk->sk_state == TCP_FIN_WAIT2) {
2201                struct tcp_sock *tp = tcp_sk(sk);
2202                if (tp->linger2 < 0) {
2203                        tcp_set_state(sk, TCP_CLOSE);
2204                        tcp_send_active_reset(sk, GFP_ATOMIC);
2205                        NET_INC_STATS_BH(sock_net(sk),
2206                                        LINUX_MIB_TCPABORTONLINGER);
2207                } else {
2208                        const int tmo = tcp_fin_time(sk);
2209
2210                        if (tmo > TCP_TIMEWAIT_LEN) {
2211                                inet_csk_reset_keepalive_timer(sk,
2212                                                tmo - TCP_TIMEWAIT_LEN);
2213                        } else {
2214                                tcp_time_wait(sk, TCP_FIN_WAIT2, tmo);
2215                                goto out;
2216                        }
2217                }
2218        }
2219        if (sk->sk_state != TCP_CLOSE) {
2220                sk_mem_reclaim(sk);
2221                if (tcp_check_oom(sk, 0)) {
2222                        tcp_set_state(sk, TCP_CLOSE);
2223                        tcp_send_active_reset(sk, GFP_ATOMIC);
2224                        NET_INC_STATS_BH(sock_net(sk),
2225                                        LINUX_MIB_TCPABORTONMEMORY);
2226                }
2227        }
2228
2229        if (sk->sk_state == TCP_CLOSE) {
2230                struct request_sock *req = tcp_sk(sk)->fastopen_rsk;
2231                /* We could get here with a non-NULL req if the socket is
2232                 * aborted (e.g., closed with unread data) before 3WHS
2233                 * finishes.
2234                 */
2235                if (req != NULL)
2236                        reqsk_fastopen_remove(sk, req, false);
2237                inet_csk_destroy_sock(sk);
2238        }
2239        /* Otherwise, socket is reprieved until protocol close. */
2240
2241out:
2242        bh_unlock_sock(sk);
2243        local_bh_enable();
2244        sock_put(sk);
2245}
2246EXPORT_SYMBOL(tcp_close);
2247
2248/* These states need RST on ABORT according to RFC793 */
2249
2250static inline bool tcp_need_reset(int state)
2251{
2252        return (1 << state) &
2253               (TCPF_ESTABLISHED | TCPF_CLOSE_WAIT | TCPF_FIN_WAIT1 |
2254                TCPF_FIN_WAIT2 | TCPF_SYN_RECV);
2255}
2256
2257int tcp_disconnect(struct sock *sk, int flags)
2258{
2259        struct inet_sock *inet = inet_sk(sk);
2260        struct inet_connection_sock *icsk = inet_csk(sk);
2261        struct tcp_sock *tp = tcp_sk(sk);
2262        int err = 0;
2263        int old_state = sk->sk_state;
2264
2265        if (old_state != TCP_CLOSE)
2266                tcp_set_state(sk, TCP_CLOSE);
2267
2268        /* ABORT function of RFC793 */
2269        if (old_state == TCP_LISTEN) {
2270                inet_csk_listen_stop(sk);
2271        } else if (unlikely(tp->repair)) {
2272                sk->sk_err = ECONNABORTED;
2273        } else if (tcp_need_reset(old_state) ||
2274                   (tp->snd_nxt != tp->write_seq &&
2275                    (1 << old_state) & (TCPF_CLOSING | TCPF_LAST_ACK))) {
2276                /* The last check adjusts for discrepancy of Linux wrt. RFC
2277                 * states
2278                 */
2279                tcp_send_active_reset(sk, gfp_any());
2280                sk->sk_err = ECONNRESET;
2281        } else if (old_state == TCP_SYN_SENT)
2282                sk->sk_err = ECONNRESET;
2283
2284        tcp_clear_xmit_timers(sk);
2285        __skb_queue_purge(&sk->sk_receive_queue);
2286        tcp_write_queue_purge(sk);
2287        __skb_queue_purge(&tp->out_of_order_queue);
2288#ifdef CONFIG_NET_DMA
2289        __skb_queue_purge(&sk->sk_async_wait_queue);
2290#endif
2291
2292        inet->inet_dport = 0;
2293
2294        if (!(sk->sk_userlocks & SOCK_BINDADDR_LOCK))
2295                inet_reset_saddr(sk);
2296
2297        sk->sk_shutdown = 0;
2298        sock_reset_flag(sk, SOCK_DONE);
2299        tp->srtt = 0;
2300        if ((tp->write_seq += tp->max_window + 2) == 0)
2301                tp->write_seq = 1;
2302        icsk->icsk_backoff = 0;
2303        tp->snd_cwnd = 2;
2304        icsk->icsk_probes_out = 0;
2305        tp->packets_out = 0;
2306        tp->snd_ssthresh = TCP_INFINITE_SSTHRESH;
2307        tp->snd_cwnd_cnt = 0;
2308        tp->window_clamp = 0;
2309        tcp_set_ca_state(sk, TCP_CA_Open);
2310        tcp_clear_retrans(tp);
2311        inet_csk_delack_init(sk);
2312        tcp_init_send_head(sk);
2313        memset(&tp->rx_opt, 0, sizeof(tp->rx_opt));
2314        __sk_dst_reset(sk);
2315
2316        WARN_ON(inet->inet_num && !icsk->icsk_bind_hash);
2317
2318        sk->sk_error_report(sk);
2319        return err;
2320}
2321EXPORT_SYMBOL(tcp_disconnect);
2322
2323void tcp_sock_destruct(struct sock *sk)
2324{
2325        inet_sock_destruct(sk);
2326
2327        kfree(inet_csk(sk)->icsk_accept_queue.fastopenq);
2328}
2329
2330static inline bool tcp_can_repair_sock(const struct sock *sk)
2331{
2332        return ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN) &&
2333                ((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_ESTABLISHED));
2334}
2335
2336static int tcp_repair_options_est(struct tcp_sock *tp,
2337                struct tcp_repair_opt __user *optbuf, unsigned int len)
2338{
2339        struct tcp_repair_opt opt;
2340
2341        while (len >= sizeof(opt)) {
2342                if (copy_from_user(&opt, optbuf, sizeof(opt)))
2343                        return -EFAULT;
2344
2345                optbuf++;
2346                len -= sizeof(opt);
2347
2348                switch (opt.opt_code) {
2349                case TCPOPT_MSS:
2350                        tp->rx_opt.mss_clamp = opt.opt_val;
2351                        break;
2352                case TCPOPT_WINDOW:
2353                        {
2354                                u16 snd_wscale = opt.opt_val & 0xFFFF;
2355                                u16 rcv_wscale = opt.opt_val >> 16;
2356
2357                                if (snd_wscale > 14 || rcv_wscale > 14)
2358                                        return -EFBIG;
2359
2360                                tp->rx_opt.snd_wscale = snd_wscale;
2361                                tp->rx_opt.rcv_wscale = rcv_wscale;
2362                                tp->rx_opt.wscale_ok = 1;
2363                        }
2364                        break;
2365                case TCPOPT_SACK_PERM:
2366                        if (opt.opt_val != 0)
2367                                return -EINVAL;
2368
2369                        tp->rx_opt.sack_ok |= TCP_SACK_SEEN;
2370                        if (sysctl_tcp_fack)
2371                                tcp_enable_fack(tp);
2372                        break;
2373                case TCPOPT_TIMESTAMP:
2374                        if (opt.opt_val != 0)
2375                                return -EINVAL;
2376
2377                        tp->rx_opt.tstamp_ok = 1;
2378                        break;
2379                }
2380        }
2381
2382        return 0;
2383}
2384
2385/*
2386 *      Socket option code for TCP.
2387 */
2388static int do_tcp_setsockopt(struct sock *sk, int level,
2389                int optname, char __user *optval, unsigned int optlen)
2390{
2391        struct tcp_sock *tp = tcp_sk(sk);
2392        struct inet_connection_sock *icsk = inet_csk(sk);
2393        int val;
2394        int err = 0;
2395
2396        /* These are data/string values, all the others are ints */
2397        switch (optname) {
2398        case TCP_CONGESTION: {
2399                char name[TCP_CA_NAME_MAX];
2400
2401                if (optlen < 1)
2402                        return -EINVAL;
2403
2404                val = strncpy_from_user(name, optval,
2405                                        min_t(long, TCP_CA_NAME_MAX-1, optlen));
2406                if (val < 0)
2407                        return -EFAULT;
2408                name[val] = 0;
2409
2410                lock_sock(sk);
2411                err = tcp_set_congestion_control(sk, name);
2412                release_sock(sk);
2413                return err;
2414        }
2415        default:
2416                /* fallthru */
2417                break;
2418        }
2419
2420        if (optlen < sizeof(int))
2421                return -EINVAL;
2422
2423        if (get_user(val, (int __user *)optval))
2424                return -EFAULT;
2425
2426        lock_sock(sk);
2427
2428        switch (optname) {
2429        case TCP_MAXSEG:
2430                /* Values greater than interface MTU won't take effect. However
2431                 * at the point when this call is done we typically don't yet
2432                 * know which interface is going to be used */
2433                if (val < TCP_MIN_MSS || val > MAX_TCP_WINDOW) {
2434                        err = -EINVAL;
2435                        break;
2436                }
2437                tp->rx_opt.user_mss = val;
2438                break;
2439
2440        case TCP_NODELAY:
2441                if (val) {
2442                        /* TCP_NODELAY is weaker than TCP_CORK, so that
2443                         * this option on corked socket is remembered, but
2444                         * it is not activated until cork is cleared.
2445                         *
2446                         * However, when TCP_NODELAY is set we make
2447                         * an explicit push, which overrides even TCP_CORK
2448                         * for currently queued segments.
2449                         */
2450                        tp->nonagle |= TCP_NAGLE_OFF|TCP_NAGLE_PUSH;
2451                        tcp_push_pending_frames(sk);
2452                } else {
2453                        tp->nonagle &= ~TCP_NAGLE_OFF;
2454                }
2455                break;
2456
2457        case TCP_THIN_LINEAR_TIMEOUTS:
2458                if (val < 0 || val > 1)
2459                        err = -EINVAL;
2460                else
2461                        tp->thin_lto = val;
2462                break;
2463
2464        case TCP_THIN_DUPACK:
2465                if (val < 0 || val > 1)
2466                        err = -EINVAL;
2467                else {
2468                        tp->thin_dupack = val;
2469                        if (tp->thin_dupack)
2470                                tcp_disable_early_retrans(tp);
2471                }
2472                break;
2473
2474        case TCP_REPAIR:
2475                if (!tcp_can_repair_sock(sk))
2476                        err = -EPERM;
2477                else if (val == 1) {
2478                        tp->repair = 1;
2479                        sk->sk_reuse = SK_FORCE_REUSE;
2480                        tp->repair_queue = TCP_NO_QUEUE;
2481                } else if (val == 0) {
2482                        tp->repair = 0;
2483                        sk->sk_reuse = SK_NO_REUSE;
2484                        tcp_send_window_probe(sk);
2485                } else
2486                        err = -EINVAL;
2487
2488                break;
2489
2490        case TCP_REPAIR_QUEUE:
2491                if (!tp->repair)
2492                        err = -EPERM;
2493                else if (val < TCP_QUEUES_NR)
2494                        tp->repair_queue = val;
2495                else
2496                        err = -EINVAL;
2497                break;
2498
2499        case TCP_QUEUE_SEQ:
2500                if (sk->sk_state != TCP_CLOSE)
2501                        err = -EPERM;
2502                else if (tp->repair_queue == TCP_SEND_QUEUE)
2503                        tp->write_seq = val;
2504                else if (tp->repair_queue == TCP_RECV_QUEUE)
2505                        tp->rcv_nxt = val;
2506                else
2507                        err = -EINVAL;
2508                break;
2509
2510        case TCP_REPAIR_OPTIONS:
2511                if (!tp->repair)
2512                        err = -EINVAL;
2513                else if (sk->sk_state == TCP_ESTABLISHED)
2514                        err = tcp_repair_options_est(tp,
2515                                        (struct tcp_repair_opt __user *)optval,
2516                                        optlen);
2517                else
2518                        err = -EPERM;
2519                break;
2520
2521        case TCP_CORK:
2522                /* When set indicates to always queue non-full frames.
2523                 * Later the user clears this option and we transmit
2524                 * any pending partial frames in the queue.  This is
2525                 * meant to be used alongside sendfile() to get properly
2526                 * filled frames when the user (for example) must write
2527                 * out headers with a write() call first and then use
2528                 * sendfile to send out the data parts.
2529                 *
2530                 * TCP_CORK can be set together with TCP_NODELAY and it is
2531                 * stronger than TCP_NODELAY.
2532                 */
2533                if (val) {
2534                        tp->nonagle |= TCP_NAGLE_CORK;
2535                } else {
2536                        tp->nonagle &= ~TCP_NAGLE_CORK;
2537                        if (tp->nonagle&TCP_NAGLE_OFF)
2538                                tp->nonagle |= TCP_NAGLE_PUSH;
2539                        tcp_push_pending_frames(sk);
2540                }
2541                break;
2542
2543        case TCP_KEEPIDLE:
2544                if (val < 1 || val > MAX_TCP_KEEPIDLE)
2545                        err = -EINVAL;
2546                else {
2547                        tp->keepalive_time = val * HZ;
2548                        if (sock_flag(sk, SOCK_KEEPOPEN) &&
2549                            !((1 << sk->sk_state) &
2550                              (TCPF_CLOSE | TCPF_LISTEN))) {
2551                                u32 elapsed = keepalive_time_elapsed(tp);
2552                                if (tp->keepalive_time > elapsed)
2553                                        elapsed = tp->keepalive_time - elapsed;
2554                                else
2555                                        elapsed = 0;
2556                                inet_csk_reset_keepalive_timer(sk, elapsed);
2557                        }
2558                }
2559                break;
2560        case TCP_KEEPINTVL:
2561                if (val < 1 || val > MAX_TCP_KEEPINTVL)
2562                        err = -EINVAL;
2563                else
2564                        tp->keepalive_intvl = val * HZ;
2565                break;
2566        case TCP_KEEPCNT:
2567                if (val < 1 || val > MAX_TCP_KEEPCNT)
2568                        err = -EINVAL;
2569                else
2570                        tp->keepalive_probes = val;
2571                break;
2572        case TCP_SYNCNT:
2573                if (val < 1 || val > MAX_TCP_SYNCNT)
2574                        err = -EINVAL;
2575                else
2576                        icsk->icsk_syn_retries = val;
2577                break;
2578
2579        case TCP_LINGER2:
2580                if (val < 0)
2581                        tp->linger2 = -1;
2582                else if (val > sysctl_tcp_fin_timeout / HZ)
2583                        tp->linger2 = 0;
2584                else
2585                        tp->linger2 = val * HZ;
2586                break;
2587
2588        case TCP_DEFER_ACCEPT:
2589                /* Translate value in seconds to number of retransmits */
2590                icsk->icsk_accept_queue.rskq_defer_accept =
2591                        secs_to_retrans(val, TCP_TIMEOUT_INIT / HZ,
2592                                        TCP_RTO_MAX / HZ);
2593                break;
2594
2595        case TCP_WINDOW_CLAMP:
2596                if (!val) {
2597                        if (sk->sk_state != TCP_CLOSE) {
2598                                err = -EINVAL;
2599                                break;
2600                        }
2601                        tp->window_clamp = 0;
2602                } else
2603                        tp->window_clamp = val < SOCK_MIN_RCVBUF / 2 ?
2604                                                SOCK_MIN_RCVBUF / 2 : val;
2605                break;
2606
2607        case TCP_QUICKACK:
2608                if (!val) {
2609                        icsk->icsk_ack.pingpong = 1;
2610                } else {
2611                        icsk->icsk_ack.pingpong = 0;
2612                        if ((1 << sk->sk_state) &
2613                            (TCPF_ESTABLISHED | TCPF_CLOSE_WAIT) &&
2614                            inet_csk_ack_scheduled(sk)) {
2615                                icsk->icsk_ack.pending |= ICSK_ACK_PUSHED;
2616                                tcp_cleanup_rbuf(sk, 1);
2617                                if (!(val & 1))
2618                                        icsk->icsk_ack.pingpong = 1;
2619                        }
2620                }
2621                break;
2622
2623#ifdef CONFIG_TCP_MD5SIG
2624        case TCP_MD5SIG:
2625                /* Read the IP->Key mappings from userspace */
2626                err = tp->af_specific->md5_parse(sk, optval, optlen);
2627                break;
2628#endif
2629        case TCP_USER_TIMEOUT:
2630                /* Cap the max timeout in ms TCP will retry/retrans
2631                 * before giving up and aborting (ETIMEDOUT) a connection.
2632                 */
2633                if (val < 0)
2634                        err = -EINVAL;
2635                else
2636                        icsk->icsk_user_timeout = msecs_to_jiffies(val);
2637                break;
2638
2639        case TCP_FASTOPEN:
2640                if (val >= 0 && ((1 << sk->sk_state) & (TCPF_CLOSE |
2641                    TCPF_LISTEN)))
2642                        err = fastopen_init_queue(sk, val);
2643                else
2644                        err = -EINVAL;
2645                break;
2646        case TCP_TIMESTAMP:
2647                if (!tp->repair)
2648                        err = -EPERM;
2649                else
2650                        tp->tsoffset = val - tcp_time_stamp;
2651                break;
2652        case TCP_NOTSENT_LOWAT:
2653                tp->notsent_lowat = val;
2654                sk->sk_write_space(sk);
2655                break;
2656        default:
2657                err = -ENOPROTOOPT;
2658                break;
2659        }
2660
2661        release_sock(sk);
2662        return err;
2663}
2664
2665int tcp_setsockopt(struct sock *sk, int level, int optname, char __user *optval,
2666                   unsigned int optlen)
2667{
2668        const struct inet_connection_sock *icsk = inet_csk(sk);
2669
2670        if (level != SOL_TCP)
2671                return icsk->icsk_af_ops->setsockopt(sk, level, optname,
2672                                                     optval, optlen);
2673        return do_tcp_setsockopt(sk, level, optname, optval, optlen);
2674}
2675EXPORT_SYMBOL(tcp_setsockopt);
2676
2677#ifdef CONFIG_COMPAT
2678int compat_tcp_setsockopt(struct sock *sk, int level, int optname,
2679                          char __user *optval, unsigned int optlen)
2680{
2681        if (level != SOL_TCP)
2682                return inet_csk_compat_setsockopt(sk, level, optname,
2683                                                  optval, optlen);
2684        return do_tcp_setsockopt(sk, level, optname, optval, optlen);
2685}
2686EXPORT_SYMBOL(compat_tcp_setsockopt);
2687#endif
2688
2689/* Return information about state of tcp endpoint in API format. */
2690void tcp_get_info(const struct sock *sk, struct tcp_info *info)
2691{
2692        const struct tcp_sock *tp = tcp_sk(sk);
2693        const struct inet_connection_sock *icsk = inet_csk(sk);
2694        u32 now = tcp_time_stamp;
2695
2696        memset(info, 0, sizeof(*info));
2697
2698        info->tcpi_state = sk->sk_state;
2699        info->tcpi_ca_state = icsk->icsk_ca_state;
2700        info->tcpi_retransmits = icsk->icsk_retransmits;
2701        info->tcpi_probes = icsk->icsk_probes_out;
2702        info->tcpi_backoff = icsk->icsk_backoff;
2703
2704        if (tp->rx_opt.tstamp_ok)
2705                info->tcpi_options |= TCPI_OPT_TIMESTAMPS;
2706        if (tcp_is_sack(tp))
2707                info->tcpi_options |= TCPI_OPT_SACK;
2708        if (tp->rx_opt.wscale_ok) {
2709                info->tcpi_options |= TCPI_OPT_WSCALE;
2710                info->tcpi_snd_wscale = tp->rx_opt.snd_wscale;
2711                info->tcpi_rcv_wscale = tp->rx_opt.rcv_wscale;
2712        }
2713
2714        if (tp->ecn_flags & TCP_ECN_OK)
2715                info->tcpi_options |= TCPI_OPT_ECN;
2716        if (tp->ecn_flags & TCP_ECN_SEEN)
2717                info->tcpi_options |= TCPI_OPT_ECN_SEEN;
2718        if (tp->syn_data_acked)
2719                info->tcpi_options |= TCPI_OPT_SYN_DATA;
2720
2721        info->tcpi_rto = jiffies_to_usecs(icsk->icsk_rto);
2722        info->tcpi_ato = jiffies_to_usecs(icsk->icsk_ack.ato);
2723        info->tcpi_snd_mss = tp->mss_cache;
2724        info->tcpi_rcv_mss = icsk->icsk_ack.rcv_mss;
2725
2726        if (sk->sk_state == TCP_LISTEN) {
2727                info->tcpi_unacked = sk->sk_ack_backlog;
2728                info->tcpi_sacked = sk->sk_max_ack_backlog;
2729        } else {
2730                info->tcpi_unacked = tp->packets_out;
2731                info->tcpi_sacked = tp->sacked_out;
2732        }
2733        info->tcpi_lost = tp->lost_out;
2734        info->tcpi_retrans = tp->retrans_out;
2735        info->tcpi_fackets = tp->fackets_out;
2736
2737        info->tcpi_last_data_sent = jiffies_to_msecs(now - tp->lsndtime);
2738        info->tcpi_last_data_recv = jiffies_to_msecs(now - icsk->icsk_ack.lrcvtime);
2739        info->tcpi_last_ack_recv = jiffies_to_msecs(now - tp->rcv_tstamp);
2740
2741        info->tcpi_pmtu = icsk->icsk_pmtu_cookie;
2742        info->tcpi_rcv_ssthresh = tp->rcv_ssthresh;
2743        info->tcpi_rtt = jiffies_to_usecs(tp->srtt)>>3;
2744        info->tcpi_rttvar = jiffies_to_usecs(tp->mdev)>>2;
2745        info->tcpi_snd_ssthresh = tp->snd_ssthresh;
2746        info->tcpi_snd_cwnd = tp->snd_cwnd;
2747        info->tcpi_advmss = tp->advmss;
2748        info->tcpi_reordering = tp->reordering;
2749
2750        info->tcpi_rcv_rtt = jiffies_to_usecs(tp->rcv_rtt_est.rtt)>>3;
2751        info->tcpi_rcv_space = tp->rcvq_space.space;
2752
2753        info->tcpi_total_retrans = tp->total_retrans;
2754}
2755EXPORT_SYMBOL_GPL(tcp_get_info);
2756
2757static int do_tcp_getsockopt(struct sock *sk, int level,
2758                int optname, char __user *optval, int __user *optlen)
2759{
2760        struct inet_connection_sock *icsk = inet_csk(sk);
2761        struct tcp_sock *tp = tcp_sk(sk);
2762        int val, len;
2763
2764        if (get_user(len, optlen))
2765                return -EFAULT;
2766
2767        len = min_t(unsigned int, len, sizeof(int));
2768
2769        if (len < 0)
2770                return -EINVAL;
2771
2772        switch (optname) {
2773        case TCP_MAXSEG:
2774                val = tp->mss_cache;
2775                if (!val && ((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN)))
2776                        val = tp->rx_opt.user_mss;
2777                if (tp->repair)
2778                        val = tp->rx_opt.mss_clamp;
2779                break;
2780        case TCP_NODELAY:
2781                val = !!(tp->nonagle&TCP_NAGLE_OFF);
2782                break;
2783        case TCP_CORK:
2784                val = !!(tp->nonagle&TCP_NAGLE_CORK);
2785                break;
2786        case TCP_KEEPIDLE:
2787                val = keepalive_time_when(tp) / HZ;
2788                break;
2789        case TCP_KEEPINTVL:
2790                val = keepalive_intvl_when(tp) / HZ;
2791                break;
2792        case TCP_KEEPCNT:
2793                val = keepalive_probes(tp);
2794                break;
2795        case TCP_SYNCNT:
2796                val = icsk->icsk_syn_retries ? : sysctl_tcp_syn_retries;
2797                break;
2798        case TCP_LINGER2:
2799                val = tp->linger2;
2800                if (val >= 0)
2801                        val = (val ? : sysctl_tcp_fin_timeout) / HZ;
2802                break;
2803        case TCP_DEFER_ACCEPT:
2804                val = retrans_to_secs(icsk->icsk_accept_queue.rskq_defer_accept,
2805                                      TCP_TIMEOUT_INIT / HZ, TCP_RTO_MAX / HZ);
2806                break;
2807        case TCP_WINDOW_CLAMP:
2808                val = tp->window_clamp;
2809                break;
2810        case TCP_INFO: {
2811                struct tcp_info info;
2812
2813                if (get_user(len, optlen))
2814                        return -EFAULT;
2815
2816                tcp_get_info(sk, &info);
2817
2818                len = min_t(unsigned int, len, sizeof(info));
2819                if (put_user(len, optlen))
2820                        return -EFAULT;
2821                if (copy_to_user(optval, &info, len))
2822                        return -EFAULT;
2823                return 0;
2824        }
2825        case TCP_QUICKACK:
2826                val = !icsk->icsk_ack.pingpong;
2827                break;
2828
2829        case TCP_CONGESTION:
2830                if (get_user(len, optlen))
2831                        return -EFAULT;
2832                len = min_t(unsigned int, len, TCP_CA_NAME_MAX);
2833                if (put_user(len, optlen))
2834                        return -EFAULT;
2835                if (copy_to_user(optval, icsk->icsk_ca_ops->name, len))
2836                        return -EFAULT;
2837                return 0;
2838
2839        case TCP_THIN_LINEAR_TIMEOUTS:
2840                val = tp->thin_lto;
2841                break;
2842        case TCP_THIN_DUPACK:
2843                val = tp->thin_dupack;
2844                break;
2845
2846        case TCP_REPAIR:
2847                val = tp->repair;
2848                break;
2849
2850        case TCP_REPAIR_QUEUE:
2851                if (tp->repair)
2852                        val = tp->repair_queue;
2853                else
2854                        return -EINVAL;
2855                break;
2856
2857        case TCP_QUEUE_SEQ:
2858                if (tp->repair_queue == TCP_SEND_QUEUE)
2859                        val = tp->write_seq;
2860                else if (tp->repair_queue == TCP_RECV_QUEUE)
2861                        val = tp->rcv_nxt;
2862                else
2863                        return -EINVAL;
2864                break;
2865
2866        case TCP_USER_TIMEOUT:
2867                val = jiffies_to_msecs(icsk->icsk_user_timeout);
2868                break;
2869        case TCP_TIMESTAMP:
2870                val = tcp_time_stamp + tp->tsoffset;
2871                break;
2872        case TCP_NOTSENT_LOWAT:
2873                val = tp->notsent_lowat;
2874                break;
2875        default:
2876                return -ENOPROTOOPT;
2877        }
2878
2879        if (put_user(len, optlen))
2880                return -EFAULT;
2881        if (copy_to_user(optval, &val, len))
2882                return -EFAULT;
2883        return 0;
2884}
2885
2886int tcp_getsockopt(struct sock *sk, int level, int optname, char __user *optval,
2887                   int __user *optlen)
2888{
2889        struct inet_connection_sock *icsk = inet_csk(sk);
2890
2891        if (level != SOL_TCP)
2892                return icsk->icsk_af_ops->getsockopt(sk, level, optname,
2893                                                     optval, optlen);
2894        return do_tcp_getsockopt(sk, level, optname, optval, optlen);
2895}
2896EXPORT_SYMBOL(tcp_getsockopt);
2897
2898#ifdef CONFIG_COMPAT
2899int compat_tcp_getsockopt(struct sock *sk, int level, int optname,
2900                          char __user *optval, int __user *optlen)
2901{
2902        if (level != SOL_TCP)
2903                return inet_csk_compat_getsockopt(sk, level, optname,
2904                                                  optval, optlen);
2905        return do_tcp_getsockopt(sk, level, optname, optval, optlen);
2906}
2907EXPORT_SYMBOL(compat_tcp_getsockopt);
2908#endif
2909
2910#ifdef CONFIG_TCP_MD5SIG
2911static struct tcp_md5sig_pool __percpu *tcp_md5sig_pool __read_mostly;
2912static DEFINE_MUTEX(tcp_md5sig_mutex);
2913
2914static void __tcp_free_md5sig_pool(struct tcp_md5sig_pool __percpu *pool)
2915{
2916        int cpu;
2917
2918        for_each_possible_cpu(cpu) {
2919                struct tcp_md5sig_pool *p = per_cpu_ptr(pool, cpu);
2920
2921                if (p->md5_desc.tfm)
2922                        crypto_free_hash(p->md5_desc.tfm);
2923        }
2924        free_percpu(pool);
2925}
2926
2927static void __tcp_alloc_md5sig_pool(void)
2928{
2929        int cpu;
2930        struct tcp_md5sig_pool __percpu *pool;
2931
2932        pool = alloc_percpu(struct tcp_md5sig_pool);
2933        if (!pool)
2934                return;
2935
2936        for_each_possible_cpu(cpu) {
2937                struct crypto_hash *hash;
2938
2939                hash = crypto_alloc_hash("md5", 0, CRYPTO_ALG_ASYNC);
2940                if (IS_ERR_OR_NULL(hash))
2941                        goto out_free;
2942
2943                per_cpu_ptr(pool, cpu)->md5_desc.tfm = hash;
2944        }
2945        /* before setting tcp_md5sig_pool, we must commit all writes
2946         * to memory. See ACCESS_ONCE() in tcp_get_md5sig_pool()
2947         */
2948        smp_wmb();
2949        tcp_md5sig_pool = pool;
2950        return;
2951out_free:
2952        __tcp_free_md5sig_pool(pool);
2953}
2954
2955bool tcp_alloc_md5sig_pool(void)
2956{
2957        if (unlikely(!tcp_md5sig_pool)) {
2958                mutex_lock(&tcp_md5sig_mutex);
2959
2960                if (!tcp_md5sig_pool)
2961                        __tcp_alloc_md5sig_pool();
2962
2963                mutex_unlock(&tcp_md5sig_mutex);
2964        }
2965        return tcp_md5sig_pool != NULL;
2966}
2967EXPORT_SYMBOL(tcp_alloc_md5sig_pool);
2968
2969
2970/**
2971 *      tcp_get_md5sig_pool - get md5sig_pool for this user
2972 *
2973 *      We use percpu structure, so if we succeed, we exit with preemption
2974 *      and BH disabled, to make sure another thread or softirq handling
2975 *      wont try to get same context.
2976 */
2977struct tcp_md5sig_pool *tcp_get_md5sig_pool(void)
2978{
2979        struct tcp_md5sig_pool __percpu *p;
2980
2981        local_bh_disable();
2982        p = ACCESS_ONCE(tcp_md5sig_pool);
2983        if (p)
2984                return __this_cpu_ptr(p);
2985
2986        local_bh_enable();
2987        return NULL;
2988}
2989EXPORT_SYMBOL(tcp_get_md5sig_pool);
2990
2991int tcp_md5_hash_header(struct tcp_md5sig_pool *hp,
2992                        const struct tcphdr *th)
2993{
2994        struct scatterlist sg;
2995        struct tcphdr hdr;
2996        int err;
2997
2998        /* We are not allowed to change tcphdr, make a local copy */
2999        memcpy(&hdr, th, sizeof(hdr));
3000        hdr.check = 0;

3001
3002        /* options aren't included in the hash */
3003        sg_init_one(&sg, &hdr, sizeof(hdr));
3004        err = crypto_hash_update(&hp->md5_desc, &sg, sizeof(hdr));
3005        return err;
3006}
3007EXPORT_SYMBOL(tcp_md5_hash_header);
3008
3009int tcp_md5_hash_skb_data(struct tcp_md5sig_pool *hp,
3010                          const struct sk_buff *skb, unsigned int header_len)
3011{
3012        struct scatterlist sg;
3013        const struct tcphdr *tp = tcp_hdr(skb);
3014        struct hash_desc *desc = &hp->md5_desc;
3015        unsigned int i;
3016        const unsigned int head_data_len = skb_headlen(skb) > header_len ?
3017                                           skb_headlen(skb) - header_len : 0;
3018        const struct skb_shared_info *shi = skb_shinfo(skb);
3019        struct sk_buff *frag_iter;
3020
3021        sg_init_table(&sg, 1);
3022
3023        sg_set_buf(&sg, ((u8 *) tp) + header_len, head_data_len);
3024        if (crypto_hash_update(desc, &sg, head_data_len))
3025                return 1;
3026
3027        for (i = 0; i < shi->nr_frags; ++i) {
3028                const struct skb_frag_struct *f = &shi->frags[i];
3029                unsigned int offset = f->page_offset;
3030                struct page *page = skb_frag_page(f) + (offset >> PAGE_SHIFT);
3031
3032                sg_set_page(&sg, page, skb_frag_size(f),
3033                            offset_in_page(offset));
3034                if (crypto_hash_update(desc, &sg, skb_frag_size(f)))
3035                        return 1;
3036        }
3037
3038        skb_walk_frags(skb, frag_iter)
3039                if (tcp_md5_hash_skb_data(hp, frag_iter, 0))
3040                        return 1;
3041
3042        return 0;
3043}
3044EXPORT_SYMBOL(tcp_md5_hash_skb_data);
3045
3046int tcp_md5_hash_key(struct tcp_md5sig_pool *hp, const struct tcp_md5sig_key *key)
3047{
3048        struct scatterlist sg;
3049
3050        sg_init_one(&sg, key->key, key->keylen);
3051        return crypto_hash_update(&hp->md5_desc, &sg, key->keylen);
3052}
3053EXPORT_SYMBOL(tcp_md5_hash_key);
3054
3055#endif
3056
3057void tcp_done(struct sock *sk)
3058{
3059        struct request_sock *req = tcp_sk(sk)->fastopen_rsk;
3060
3061        if (sk->sk_state == TCP_SYN_SENT || sk->sk_state == TCP_SYN_RECV)
3062                TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_ATTEMPTFAILS);
3063
3064        tcp_set_state(sk, TCP_CLOSE);
3065        tcp_clear_xmit_timers(sk);
3066        if (req != NULL)
3067                reqsk_fastopen_remove(sk, req, false);
3068
3069        sk->sk_shutdown = SHUTDOWN_MASK;
3070
3071        if (!sock_flag(sk, SOCK_DEAD))
3072                sk->sk_state_change(sk);
3073        else
3074                inet_csk_destroy_sock(sk);
3075}
3076EXPORT_SYMBOL_GPL(tcp_done);
3077
3078extern struct tcp_congestion_ops tcp_reno;
3079
3080static __initdata unsigned long thash_entries;
3081static int __init set_thash_entries(char *str)
3082{
3083        ssize_t ret;
3084
3085        if (!str)
3086                return 0;
3087
3088        ret = kstrtoul(str, 0, &thash_entries);
3089        if (ret)
3090                return 0;
3091
3092        return 1;
3093}
3094__setup("thash_entries=", set_thash_entries);
3095
3096static void tcp_init_mem(void)
3097{
3098        unsigned long limit = nr_free_buffer_pages() / 8;
3099        limit = max(limit, 128UL);
3100        sysctl_tcp_mem[0] = limit / 4 * 3;
3101        sysctl_tcp_mem[1] = limit;
3102        sysctl_tcp_mem[2] = sysctl_tcp_mem[0] * 2;
3103}
3104
3105void __init tcp_init(void)
3106{
3107        struct sk_buff *skb = NULL;
3108        unsigned long limit;
3109        int max_rshare, max_wshare, cnt;
3110        unsigned int i;
3111
3112        BUILD_BUG_ON(sizeof(struct tcp_skb_cb) > sizeof(skb->cb));
3113
3114        percpu_counter_init(&tcp_sockets_allocated, 0);
3115        percpu_counter_init(&tcp_orphan_count, 0);
3116        tcp_hashinfo.bind_bucket_cachep =
3117                kmem_cache_create("tcp_bind_bucket",
3118                                  sizeof(struct inet_bind_bucket), 0,
3119                                  SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
3120
3121        /* Size and allocate the main established and bind bucket
3122         * hash tables.
3123         *
3124         * The methodology is similar to that of the buffer cache.
3125         */
3126        tcp_hashinfo.ehash =
3127                alloc_large_system_hash("TCP established",
3128                                        sizeof(struct inet_ehash_bucket),
3129                                        thash_entries,
3130                                        17, /* one slot per 128 KB of memory */
3131                                        0,
3132                                        NULL,
3133                                        &tcp_hashinfo.ehash_mask,
3134                                        0,
3135                                        thash_entries ? 0 : 512 * 1024);
3136        for (i = 0; i <= tcp_hashinfo.ehash_mask; i++)
3137                INIT_HLIST_NULLS_HEAD(&tcp_hashinfo.ehash[i].chain, i);
3138
3139        if (inet_ehash_locks_alloc(&tcp_hashinfo))
3140                panic("TCP: failed to alloc ehash_locks");
3141        tcp_hashinfo.bhash =
3142                alloc_large_system_hash("TCP bind",
3143                                        sizeof(struct inet_bind_hashbucket),
3144                                        tcp_hashinfo.ehash_mask + 1,
3145                                        17, /* one slot per 128 KB of memory */
3146                                        0,
3147                                        &tcp_hashinfo.bhash_size,
3148                                        NULL,
3149                                        0,
3150                                        64 * 1024);
3151        tcp_hashinfo.bhash_size = 1U << tcp_hashinfo.bhash_size;
3152        for (i = 0; i < tcp_hashinfo.bhash_size; i++) {
3153                spin_lock_init(&tcp_hashinfo.bhash[i].lock);
3154                INIT_HLIST_HEAD(&tcp_hashinfo.bhash[i].chain);
3155        }
3156
3157
3158        cnt = tcp_hashinfo.ehash_mask + 1;
3159
3160        tcp_death_row.sysctl_max_tw_buckets = cnt / 2;
3161        sysctl_tcp_max_orphans = cnt / 2;
3162        sysctl_max_syn_backlog = max(128, cnt / 256);
3163
3164        tcp_init_mem();
3165        /* Set per-socket limits to no more than 1/128 the pressure threshold */
3166        limit = nr_free_buffer_pages() << (PAGE_SHIFT - 7);
3167        max_wshare = min(4UL*1024*1024, limit);
3168        max_rshare = min(6UL*1024*1024, limit);
3169
3170        sysctl_tcp_wmem[0] = SK_MEM_QUANTUM;
3171        sysctl_tcp_wmem[1] = 16*1024;
3172        sysctl_tcp_wmem[2] = max(64*1024, max_wshare);
3173
3174        sysctl_tcp_rmem[0] = SK_MEM_QUANTUM;
3175        sysctl_tcp_rmem[1] = 87380;
3176        sysctl_tcp_rmem[2] = max(87380, max_rshare);
3177
3178        pr_info("Hash tables configured (established %u bind %u)\n",
3179                tcp_hashinfo.ehash_mask + 1, tcp_hashinfo.bhash_size);
3180
3181        tcp_metrics_init();
3182
3183        tcp_register_congestion_control(&tcp_reno);
3184
3185        tcp_tasklet_init();
3186}
3187
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.