linux/net/ipv4/tcp.c
<<
>>
Prefs
   1/*
   2 * INET         An implementation of the TCP/IP protocol suite for the LINUX
   3 *              operating system.  INET is implemented using the  BSD Socket
   4 *              interface as the means of communication with the user level.
   5 *
   6 *              Implementation of the Transmission Control Protocol(TCP).
   7 *
   8 * Authors:     Ross Biro
   9 *              Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
  10 *              Mark Evans, <evansmp@uhura.aston.ac.uk>
  11 *              Corey Minyard <wf-rch!minyard@relay.EU.net>
  12 *              Florian La Roche, <flla@stud.uni-sb.de>
  13 *              Charles Hedrick, <hedrick@klinzhai.rutgers.edu>
  14 *              Linus Torvalds, <torvalds@cs.helsinki.fi>
  15 *              Alan Cox, <gw4pts@gw4pts.ampr.org>
  16 *              Matthew Dillon, <dillon@apollo.west.oic.com>
  17 *              Arnt Gulbrandsen, <agulbra@nvg.unit.no>
  18 *              Jorge Cwik, <jorge@laser.satlink.net>
  19 *
  20 * Fixes:
  21 *              Alan Cox        :       Numerous verify_area() calls
  22 *              Alan Cox        :       Set the ACK bit on a reset
  23 *              Alan Cox        :       Stopped it crashing if it closed while
  24 *                                      sk->inuse=1 and was trying to connect
  25 *                                      (tcp_err()).
  26 *              Alan Cox        :       All icmp error handling was broken
  27 *                                      pointers passed where wrong and the
  28 *                                      socket was looked up backwards. Nobody
  29 *                                      tested any icmp error code obviously.
  30 *              Alan Cox        :       tcp_err() now handled properly. It
  31 *                                      wakes people on errors. poll
  32 *                                      behaves and the icmp error race
  33 *                                      has gone by moving it into sock.c
  34 *              Alan Cox        :       tcp_send_reset() fixed to work for
  35 *                                      everything not just packets for
  36 *                                      unknown sockets.
  37 *              Alan Cox        :       tcp option processing.
  38 *              Alan Cox        :       Reset tweaked (still not 100%) [Had
  39 *                                      syn rule wrong]
  40 *              Herp Rosmanith  :       More reset fixes
  41 *              Alan Cox        :       No longer acks invalid rst frames.
  42 *                                      Acking any kind of RST is right out.
  43 *              Alan Cox        :       Sets an ignore me flag on an rst
  44 *                                      receive otherwise odd bits of prattle
  45 *                                      escape still
  46 *              Alan Cox        :       Fixed another acking RST frame bug.
  47 *                                      Should stop LAN workplace lockups.
  48 *              Alan Cox        :       Some tidyups using the new skb list
  49 *                                      facilities
  50 *              Alan Cox        :       sk->keepopen now seems to work
  51 *              Alan Cox        :       Pulls options out correctly on accepts
  52 *              Alan Cox        :       Fixed assorted sk->rqueue->next errors
  53 *              Alan Cox        :       PSH doesn't end a TCP read. Switched a
  54 *                                      bit to skb ops.
  55 *              Alan Cox        :       Tidied tcp_data to avoid a potential
  56 *                                      nasty.
  57 *              Alan Cox        :       Added some better commenting, as the
  58 *                                      tcp is hard to follow
  59 *              Alan Cox        :       Removed incorrect check for 20 * psh
  60 *      Michael O'Reilly        :       ack < copied bug fix.
  61 *      Johannes Stille         :       Misc tcp fixes (not all in yet).
  62 *              Alan Cox        :       FIN with no memory -> CRASH
  63 *              Alan Cox        :       Added socket option proto entries.
  64 *                                      Also added awareness of them to accept.
  65 *              Alan Cox        :       Added TCP options (SOL_TCP)
  66 *              Alan Cox        :       Switched wakeup calls to callbacks,
  67 *                                      so the kernel can layer network
  68 *                                      sockets.
  69 *              Alan Cox        :       Use ip_tos/ip_ttl settings.
  70 *              Alan Cox        :       Handle FIN (more) properly (we hope).
  71 *              Alan Cox        :       RST frames sent on unsynchronised
  72 *                                      state ack error.
  73 *              Alan Cox        :       Put in missing check for SYN bit.
  74 *              Alan Cox        :       Added tcp_select_window() aka NET2E
  75 *                                      window non shrink trick.
  76 *              Alan Cox        :       Added a couple of small NET2E timer
  77 *                                      fixes
  78 *              Charles Hedrick :       TCP fixes
  79 *              Toomas Tamm     :       TCP window fixes
  80 *              Alan Cox        :       Small URG fix to rlogin ^C ack fight
  81 *              Charles Hedrick :       Rewrote most of it to actually work
  82 *              Linus           :       Rewrote tcp_read() and URG handling
  83 *                                      completely
  84 *              Gerhard Koerting:       Fixed some missing timer handling
  85 *              Matthew Dillon  :       Reworked TCP machine states as per RFC
  86 *              Gerhard Koerting:       PC/TCP workarounds
  87 *              Adam Caldwell   :       Assorted timer/timing errors
  88 *              Matthew Dillon  :       Fixed another RST bug
  89 *              Alan Cox        :       Move to kernel side addressing changes.
  90 *              Alan Cox        :       Beginning work on TCP fastpathing
  91 *                                      (not yet usable)
  92 *              Arnt Gulbrandsen:       Turbocharged tcp_check() routine.
  93 *              Alan Cox        :       TCP fast path debugging
  94 *              Alan Cox        :       Window clamping
  95 *              Michael Riepe   :       Bug in tcp_check()
  96 *              Matt Dillon     :       More TCP improvements and RST bug fixes
  97 *              Matt Dillon     :       Yet more small nasties remove from the
  98 *                                      TCP code (Be very nice to this man if
  99 *                                      tcp finally works 100%) 8)
 100 *              Alan Cox        :       BSD accept semantics.
 101 *              Alan Cox        :       Reset on closedown bug.
 102 *      Peter De Schrijver      :       ENOTCONN check missing in tcp_sendto().
 103 *              Michael Pall    :       Handle poll() after URG properly in
 104 *                                      all cases.
 105 *              Michael Pall    :       Undo the last fix in tcp_read_urg()
 106 *                                      (multi URG PUSH broke rlogin).
 107 *              Michael Pall    :       Fix the multi URG PUSH problem in
 108 *                                      tcp_readable(), poll() after URG
 109 *                                      works now.
 110 *              Michael Pall    :       recv(...,MSG_OOB) never blocks in the
 111 *                                      BSD api.
 112 *              Alan Cox        :       Changed the semantics of sk->socket to
 113 *                                      fix a race and a signal problem with
 114 *                                      accept() and async I/O.
 115 *              Alan Cox        :       Relaxed the rules on tcp_sendto().
 116 *              Yury Shevchuk   :       Really fixed accept() blocking problem.
 117 *              Craig I. Hagan  :       Allow for BSD compatible TIME_WAIT for
 118 *                                      clients/servers which listen in on
 119 *                                      fixed ports.
 120 *              Alan Cox        :       Cleaned the above up and shrank it to
 121 *                                      a sensible code size.
 122 *              Alan Cox        :       Self connect lockup fix.
 123 *              Alan Cox        :       No connect to multicast.
 124 *              Ross Biro       :       Close unaccepted children on master
 125 *                                      socket close.
 126 *              Alan Cox        :       Reset tracing code.
 127 *              Alan Cox        :       Spurious resets on shutdown.
 128 *              Alan Cox        :       Giant 15 minute/60 second timer error
 129 *              Alan Cox        :       Small whoops in polling before an
 130 *                                      accept.
 131 *              Alan Cox        :       Kept the state trace facility since
 132 *                                      it's handy for debugging.
 133 *              Alan Cox        :       More reset handler fixes.
 134 *              Alan Cox        :       Started rewriting the code based on
 135 *                                      the RFC's for other useful protocol
 136 *                                      references see: Comer, KA9Q NOS, and
 137 *                                      for a reference on the difference
 138 *                                      between specifications and how BSD
 139 *                                      works see the 4.4lite source.
 140 *              A.N.Kuznetsov   :       Don't time wait on completion of tidy
 141 *                                      close.
 142 *              Linus Torvalds  :       Fin/Shutdown & copied_seq changes.
 143 *              Linus Torvalds  :       Fixed BSD port reuse to work first syn
 144 *              Alan Cox        :       Reimplemented timers as per the RFC
 145 *                                      and using multiple timers for sanity.
 146 *              Alan Cox        :       Small bug fixes, and a lot of new
 147 *                                      comments.
 148 *              Alan Cox        :       Fixed dual reader crash by locking
 149 *                                      the buffers (much like datagram.c)
 150 *              Alan Cox        :       Fixed stuck sockets in probe. A probe
 151 *                                      now gets fed up of retrying without
 152 *                                      (even a no space) answer.
 153 *              Alan Cox        :       Extracted closing code better
 154 *              Alan Cox        :       Fixed the closing state machine to
 155 *                                      resemble the RFC.
 156 *              Alan Cox        :       More 'per spec' fixes.
 157 *              Jorge Cwik      :       Even faster checksumming.
 158 *              Alan Cox        :       tcp_data() doesn't ack illegal PSH
 159 *                                      only frames. At least one pc tcp stack
 160 *                                      generates them.
 161 *              Alan Cox        :       Cache last socket.
 162 *              Alan Cox        :       Per route irtt.
 163 *              Matt Day        :       poll()->select() match BSD precisely on error
 164 *              Alan Cox        :       New buffers
 165 *              Marc Tamsky     :       Various sk->prot->retransmits and
 166 *                                      sk->retransmits misupdating fixed.
 167 *                                      Fixed tcp_write_timeout: stuck close,
 168 *                                      and TCP syn retries gets used now.
 169 *              Mark Yarvis     :       In tcp_read_wakeup(), don't send an
 170 *                                      ack if state is TCP_CLOSED.
 171 *              Alan Cox        :       Look up device on a retransmit - routes may
 172 *                                      change. Doesn't yet cope with MSS shrink right
 173 *                                      but it's a start!
 174 *              Marc Tamsky     :       Closing in closing fixes.
 175 *              Mike Shaver     :       RFC1122 verifications.
 176 *              Alan Cox        :       rcv_saddr errors.
 177 *              Alan Cox        :       Block double connect().
 178 *              Alan Cox        :       Small hooks for enSKIP.
 179 *              Alexey Kuznetsov:       Path MTU discovery.
 180 *              Alan Cox        :       Support soft errors.
 181 *              Alan Cox        :       Fix MTU discovery pathological case
 182 *                                      when the remote claims no mtu!
 183 *              Marc Tamsky     :       TCP_CLOSE fix.
 184 *              Colin (G3TNE)   :       Send a reset on syn ack replies in
 185 *                                      window but wrong (fixes NT lpd problems)
 186 *              Pedro Roque     :       Better TCP window handling, delayed ack.
 187 *              Joerg Reuter    :       No modification of locked buffers in
 188 *                                      tcp_do_retransmit()
 189 *              Eric Schenk     :       Changed receiver side silly window
 190 *                                      avoidance algorithm to BSD style
 191 *                                      algorithm. This doubles throughput
 192 *                                      against machines running Solaris,
 193 *                                      and seems to result in general
 194 *                                      improvement.
 195 *      Stefan Magdalinski      :       adjusted tcp_readable() to fix FIONREAD
 196 *      Willy Konynenberg       :       Transparent proxying support.
 197 *      Mike McLagan            :       Routing by source
 198 *              Keith Owens     :       Do proper merging with partial SKB's in
 199 *                                      tcp_do_sendmsg to avoid burstiness.
 200 *              Eric Schenk     :       Fix fast close down bug with
 201 *                                      shutdown() followed by close().
 202 *              Andi Kleen      :       Make poll agree with SIGIO
 203 *      Salvatore Sanfilippo    :       Support SO_LINGER with linger == 1 and
 204 *                                      lingertime == 0 (RFC 793 ABORT Call)
 205 *      Hirokazu Takahashi      :       Use copy_from_user() instead of
 206 *                                      csum_and_copy_from_user() if possible.
 207 *
 208 *              This program is free software; you can redistribute it and/or
 209 *              modify it under the terms of the GNU General Public License
 210 *              as published by the Free Software Foundation; either version
 211 *              2 of the License, or(at your option) any later version.
 212 *
 213 * Description of States:
 214 *
 215 *      TCP_SYN_SENT            sent a connection request, waiting for ack
 216 *
 217 *      TCP_SYN_RECV            received a connection request, sent ack,
 218 *                              waiting for final ack in three-way handshake.
 219 *
 220 *      TCP_ESTABLISHED         connection established
 221 *
 222 *      TCP_FIN_WAIT1           our side has shutdown, waiting to complete
 223 *                              transmission of remaining buffered data
 224 *
 225 *      TCP_FIN_WAIT2           all buffered data sent, waiting for remote
 226 *                              to shutdown
 227 *
 228 *      TCP_CLOSING             both sides have shutdown but we still have
 229 *                              data we have to finish sending
 230 *
 231 *      TCP_TIME_WAIT           timeout to catch resent junk before entering
 232 *                              closed, can only be entered from FIN_WAIT2
 233 *                              or CLOSING.  Required because the other end
 234 *                              may not have gotten our last ACK causing it
 235 *                              to retransmit the data packet (which we ignore)
 236 *
 237 *      TCP_CLOSE_WAIT          remote side has shutdown and is waiting for
 238 *                              us to finish writing our data and to shutdown
 239 *                              (we have to close() to move on to LAST_ACK)
 240 *
 241 *      TCP_LAST_ACK            out side has shutdown after remote has
 242 *                              shutdown.  There may still be data in our
 243 *                              buffer that we have to finish sending
 244 *
 245 *      TCP_CLOSE               socket is finished
 246 */
 247
 248#define pr_fmt(fmt) "TCP: " fmt
 249
 250#include <linux/kernel.h>
 251#include <linux/module.h>
 252#include <linux/types.h>
 253#include <linux/fcntl.h>
 254#include <linux/poll.h>
 255#include <linux/init.h>
 256#include <linux/fs.h>
 257#include <linux/skbuff.h>
 258#include <linux/scatterlist.h>
 259#include <linux/splice.h>
 260#include <linux/net.h>
 261#include <linux/socket.h>
 262#include <linux/random.h>
 263#include <linux/bootmem.h>
 264#include <linux/highmem.h>
 265#include <linux/swap.h>
 266#include <linux/cache.h>
 267#include <linux/err.h>
 268#include <linux/crypto.h>
 269#include <linux/time.h>
 270#include <linux/slab.h>
 271
 272#include <net/icmp.h>
 273#include <net/inet_common.h>
 274#include <net/tcp.h>
 275#include <net/xfrm.h>
 276#include <net/ip.h>
 277#include <net/sock.h>
 278
 279#include <asm/uaccess.h>
 280#include <asm/ioctls.h>
 281#include <net/busy_poll.h>
 282
 283int sysctl_tcp_fin_timeout __read_mostly = TCP_FIN_TIMEOUT;
 284
 285int sysctl_tcp_min_tso_segs __read_mostly = 2;
 286
 287int sysctl_tcp_autocorking __read_mostly = 1;
 288
 289struct percpu_counter tcp_orphan_count;
 290EXPORT_SYMBOL_GPL(tcp_orphan_count);
 291
 292long sysctl_tcp_mem[3] __read_mostly;
 293int sysctl_tcp_wmem[3] __read_mostly;
 294int sysctl_tcp_rmem[3] __read_mostly;
 295
 296EXPORT_SYMBOL(sysctl_tcp_mem);
 297EXPORT_SYMBOL(sysctl_tcp_rmem);
 298EXPORT_SYMBOL(sysctl_tcp_wmem);
 299
 300atomic_long_t tcp_memory_allocated;     /* Current allocated memory. */
 301EXPORT_SYMBOL(tcp_memory_allocated);
 302
 303/*
 304 * Current number of TCP sockets.
 305 */
 306struct percpu_counter tcp_sockets_allocated;
 307EXPORT_SYMBOL(tcp_sockets_allocated);
 308
 309/*
 310 * TCP splice context
 311 */
 312struct tcp_splice_state {
 313        struct pipe_inode_info *pipe;
 314        size_t len;
 315        unsigned int flags;
 316};
 317
 318/*
 319 * Pressure flag: try to collapse.
 320 * Technical note: it is used by multiple contexts non atomically.
 321 * All the __sk_mem_schedule() is of this nature: accounting
 322 * is strict, actions are advisory and have some latency.
 323 */
 324int tcp_memory_pressure __read_mostly;
 325EXPORT_SYMBOL(tcp_memory_pressure);
 326
 327void tcp_enter_memory_pressure(struct sock *sk)
 328{
 329        if (!tcp_memory_pressure) {
 330                NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMEMORYPRESSURES);
 331                tcp_memory_pressure = 1;
 332        }
 333}
 334EXPORT_SYMBOL(tcp_enter_memory_pressure);
 335
 336/* Convert seconds to retransmits based on initial and max timeout */
 337static u8 secs_to_retrans(int seconds, int timeout, int rto_max)
 338{
 339        u8 res = 0;
 340
 341        if (seconds > 0) {
 342                int period = timeout;
 343
 344                res = 1;
 345                while (seconds > period && res < 255) {
 346                        res++;
 347                        timeout <<= 1;
 348                        if (timeout > rto_max)
 349                                timeout = rto_max;
 350                        period += timeout;
 351                }
 352        }
 353        return res;
 354}
 355
 356/* Convert retransmits to seconds based on initial and max timeout */
 357static int retrans_to_secs(u8 retrans, int timeout, int rto_max)
 358{
 359        int period = 0;
 360
 361        if (retrans > 0) {
 362                period = timeout;
 363                while (--retrans) {
 364                        timeout <<= 1;
 365                        if (timeout > rto_max)
 366                                timeout = rto_max;
 367                        period += timeout;
 368                }
 369        }
 370        return period;
 371}
 372
 373/* Address-family independent initialization for a tcp_sock.
 374 *
 375 * NOTE: A lot of things set to zero explicitly by call to
 376 *       sk_alloc() so need not be done here.
 377 */
 378void tcp_init_sock(struct sock *sk)
 379{
 380        struct inet_connection_sock *icsk = inet_csk(sk);
 381        struct tcp_sock *tp = tcp_sk(sk);
 382
 383        __skb_queue_head_init(&tp->out_of_order_queue);
 384        tcp_init_xmit_timers(sk);
 385        tcp_prequeue_init(tp);
 386        INIT_LIST_HEAD(&tp->tsq_node);
 387
 388        icsk->icsk_rto = TCP_TIMEOUT_INIT;
 389        tp->mdev_us = jiffies_to_usecs(TCP_TIMEOUT_INIT);
 390
 391        /* So many TCP implementations out there (incorrectly) count the
 392         * initial SYN frame in their delayed-ACK and congestion control
 393         * algorithms that we must have the following bandaid to talk
 394         * efficiently to them.  -DaveM
 395         */
 396        tp->snd_cwnd = TCP_INIT_CWND;
 397
 398        /* See draft-stevens-tcpca-spec-01 for discussion of the
 399         * initialization of these values.
 400         */
 401        tp->snd_ssthresh = TCP_INFINITE_SSTHRESH;
 402        tp->snd_cwnd_clamp = ~0;
 403        tp->mss_cache = TCP_MSS_DEFAULT;
 404
 405        tp->reordering = sysctl_tcp_reordering;
 406        tcp_enable_early_retrans(tp);
 407        tcp_assign_congestion_control(sk);
 408
 409        tp->tsoffset = 0;
 410
 411        sk->sk_state = TCP_CLOSE;
 412
 413        sk->sk_write_space = sk_stream_write_space;
 414        sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
 415
 416        icsk->icsk_sync_mss = tcp_sync_mss;
 417
 418        sk->sk_sndbuf = sysctl_tcp_wmem[1];
 419        sk->sk_rcvbuf = sysctl_tcp_rmem[1];
 420
 421        local_bh_disable();
 422        sock_update_memcg(sk);
 423        sk_sockets_allocated_inc(sk);
 424        local_bh_enable();
 425}
 426EXPORT_SYMBOL(tcp_init_sock);
 427
 428static void tcp_tx_timestamp(struct sock *sk, struct sk_buff *skb)
 429{
 430        if (sk->sk_tsflags) {
 431                struct skb_shared_info *shinfo = skb_shinfo(skb);
 432
 433                sock_tx_timestamp(sk, &shinfo->tx_flags);
 434                if (shinfo->tx_flags & SKBTX_ANY_TSTAMP)
 435                        shinfo->tskey = TCP_SKB_CB(skb)->seq + skb->len - 1;
 436        }
 437}
 438
 439/*
 440 *      Wait for a TCP event.
 441 *
 442 *      Note that we don't need to lock the socket, as the upper poll layers
 443 *      take care of normal races (between the test and the event) and we don't
 444 *      go look at any of the socket buffers directly.
 445 */
 446unsigned int tcp_poll(struct file *file, struct socket *sock, poll_table *wait)
 447{
 448        unsigned int mask;
 449        struct sock *sk = sock->sk;
 450        const struct tcp_sock *tp = tcp_sk(sk);
 451
 452        sock_rps_record_flow(sk);
 453
 454        sock_poll_wait(file, sk_sleep(sk), wait);
 455        if (sk->sk_state == TCP_LISTEN)
 456                return inet_csk_listen_poll(sk);
 457
 458        /* Socket is not locked. We are protected from async events
 459         * by poll logic and correct handling of state changes
 460         * made by other threads is impossible in any case.
 461         */
 462
 463        mask = 0;
 464
 465        /*
 466         * POLLHUP is certainly not done right. But poll() doesn't
 467         * have a notion of HUP in just one direction, and for a
 468         * socket the read side is more interesting.
 469         *
 470         * Some poll() documentation says that POLLHUP is incompatible
 471         * with the POLLOUT/POLLWR flags, so somebody should check this
 472         * all. But careful, it tends to be safer to return too many
 473         * bits than too few, and you can easily break real applications
 474         * if you don't tell them that something has hung up!
 475         *
 476         * Check-me.
 477         *
 478         * Check number 1. POLLHUP is _UNMASKABLE_ event (see UNIX98 and
 479         * our fs/select.c). It means that after we received EOF,
 480         * poll always returns immediately, making impossible poll() on write()
 481         * in state CLOSE_WAIT. One solution is evident --- to set POLLHUP
 482         * if and only if shutdown has been made in both directions.
 483         * Actually, it is interesting to look how Solaris and DUX
 484         * solve this dilemma. I would prefer, if POLLHUP were maskable,
 485         * then we could set it on SND_SHUTDOWN. BTW examples given
 486         * in Stevens' books assume exactly this behaviour, it explains
 487         * why POLLHUP is incompatible with POLLOUT.    --ANK
 488         *
 489         * NOTE. Check for TCP_CLOSE is added. The goal is to prevent
 490         * blocking on fresh not-connected or disconnected socket. --ANK
 491         */
 492        if (sk->sk_shutdown == SHUTDOWN_MASK || sk->sk_state == TCP_CLOSE)
 493                mask |= POLLHUP;
 494        if (sk->sk_shutdown & RCV_SHUTDOWN)
 495                mask |= POLLIN | POLLRDNORM | POLLRDHUP;
 496
 497        /* Connected or passive Fast Open socket? */
 498        if (sk->sk_state != TCP_SYN_SENT &&
 499            (sk->sk_state != TCP_SYN_RECV || tp->fastopen_rsk != NULL)) {
 500                int target = sock_rcvlowat(sk, 0, INT_MAX);
 501
 502                if (tp->urg_seq == tp->copied_seq &&
 503                    !sock_flag(sk, SOCK_URGINLINE) &&
 504                    tp->urg_data)
 505                        target++;
 506
 507                /* Potential race condition. If read of tp below will
 508                 * escape above sk->sk_state, we can be illegally awaken
 509                 * in SYN_* states. */
 510                if (tp->rcv_nxt - tp->copied_seq >= target)
 511                        mask |= POLLIN | POLLRDNORM;
 512
 513                if (!(sk->sk_shutdown & SEND_SHUTDOWN)) {
 514                        if (sk_stream_is_writeable(sk)) {
 515                                mask |= POLLOUT | POLLWRNORM;
 516                        } else {  /* send SIGIO later */
 517                                set_bit(SOCK_ASYNC_NOSPACE,
 518                                        &sk->sk_socket->flags);
 519                                set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
 520
 521                                /* Race breaker. If space is freed after
 522                                 * wspace test but before the flags are set,
 523                                 * IO signal will be lost.
 524                                 */
 525                                if (sk_stream_is_writeable(sk))
 526                                        mask |= POLLOUT | POLLWRNORM;
 527                        }
 528                } else
 529                        mask |= POLLOUT | POLLWRNORM;
 530
 531                if (tp->urg_data & TCP_URG_VALID)
 532                        mask |= POLLPRI;
 533        }
 534        /* This barrier is coupled with smp_wmb() in tcp_reset() */
 535        smp_rmb();
 536        if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue))
 537                mask |= POLLERR;
 538
 539        return mask;
 540}
 541EXPORT_SYMBOL(tcp_poll);
 542
 543int tcp_ioctl(struct sock *sk, int cmd, unsigned long arg)
 544{
 545        struct tcp_sock *tp = tcp_sk(sk);
 546        int answ;
 547        bool slow;
 548
 549        switch (cmd) {
 550        case SIOCINQ:
 551                if (sk->sk_state == TCP_LISTEN)
 552                        return -EINVAL;
 553
 554                slow = lock_sock_fast(sk);
 555                if ((1 << sk->sk_state) & (TCPF_SYN_SENT | TCPF_SYN_RECV))
 556                        answ = 0;
 557                else if (sock_flag(sk, SOCK_URGINLINE) ||
 558                         !tp->urg_data ||
 559                         before(tp->urg_seq, tp->copied_seq) ||
 560                         !before(tp->urg_seq, tp->rcv_nxt)) {
 561
 562                        answ = tp->rcv_nxt - tp->copied_seq;
 563
 564                        /* Subtract 1, if FIN was received */
 565                        if (answ && sock_flag(sk, SOCK_DONE))
 566                                answ--;
 567                } else
 568                        answ = tp->urg_seq - tp->copied_seq;
 569                unlock_sock_fast(sk, slow);
 570                break;
 571        case SIOCATMARK:
 572                answ = tp->urg_data && tp->urg_seq == tp->copied_seq;
 573                break;
 574        case SIOCOUTQ:
 575                if (sk->sk_state == TCP_LISTEN)
 576                        return -EINVAL;
 577
 578                if ((1 << sk->sk_state) & (TCPF_SYN_SENT | TCPF_SYN_RECV))
 579                        answ = 0;
 580                else
 581                        answ = tp->write_seq - tp->snd_una;
 582                break;
 583        case SIOCOUTQNSD:
 584                if (sk->sk_state == TCP_LISTEN)
 585                        return -EINVAL;
 586
 587                if ((1 << sk->sk_state) & (TCPF_SYN_SENT | TCPF_SYN_RECV))
 588                        answ = 0;
 589                else
 590                        answ = tp->write_seq - tp->snd_nxt;
 591                break;
 592        default:
 593                return -ENOIOCTLCMD;
 594        }
 595
 596        return put_user(answ, (int __user *)arg);
 597}
 598EXPORT_SYMBOL(tcp_ioctl);
 599
 600static inline void tcp_mark_push(struct tcp_sock *tp, struct sk_buff *skb)
 601{
 602        TCP_SKB_CB(skb)->tcp_flags |= TCPHDR_PSH;
 603        tp->pushed_seq = tp->write_seq;
 604}
 605
 606static inline bool forced_push(const struct tcp_sock *tp)
 607{
 608        return after(tp->write_seq, tp->pushed_seq + (tp->max_window >> 1));
 609}
 610
 611static void skb_entail(struct sock *sk, struct sk_buff *skb)
 612{
 613        struct tcp_sock *tp = tcp_sk(sk);
 614        struct tcp_skb_cb *tcb = TCP_SKB_CB(skb);
 615
 616        skb->csum    = 0;
 617        tcb->seq     = tcb->end_seq = tp->write_seq;
 618        tcb->tcp_flags = TCPHDR_ACK;
 619        tcb->sacked  = 0;
 620        __skb_header_release(skb);
 621        tcp_add_write_queue_tail(sk, skb);
 622        sk->sk_wmem_queued += skb->truesize;
 623        sk_mem_charge(sk, skb->truesize);
 624        if (tp->nonagle & TCP_NAGLE_PUSH)
 625                tp->nonagle &= ~TCP_NAGLE_PUSH;
 626}
 627
 628static inline void tcp_mark_urg(struct tcp_sock *tp, int flags)
 629{
 630        if (flags & MSG_OOB)
 631                tp->snd_up = tp->write_seq;
 632}
 633
 634/* If a not yet filled skb is pushed, do not send it if
 635 * we have data packets in Qdisc or NIC queues :
 636 * Because TX completion will happen shortly, it gives a chance
 637 * to coalesce future sendmsg() payload into this skb, without
 638 * need for a timer, and with no latency trade off.
 639 * As packets containing data payload have a bigger truesize
 640 * than pure acks (dataless) packets, the last checks prevent
 641 * autocorking if we only have an ACK in Qdisc/NIC queues,
 642 * or if TX completion was delayed after we processed ACK packet.
 643 */
 644static bool tcp_should_autocork(struct sock *sk, struct sk_buff *skb,
 645                                int size_goal)
 646{
 647        return skb->len < size_goal &&
 648               sysctl_tcp_autocorking &&
 649               skb != tcp_write_queue_head(sk) &&
 650               atomic_read(&sk->sk_wmem_alloc) > skb->truesize;
 651}
 652
 653static void tcp_push(struct sock *sk, int flags, int mss_now,
 654                     int nonagle, int size_goal)
 655{
 656        struct tcp_sock *tp = tcp_sk(sk);
 657        struct sk_buff *skb;
 658
 659        if (!tcp_send_head(sk))
 660                return;
 661
 662        skb = tcp_write_queue_tail(sk);
 663        if (!(flags & MSG_MORE) || forced_push(tp))
 664                tcp_mark_push(tp, skb);
 665
 666        tcp_mark_urg(tp, flags);
 667
 668        if (tcp_should_autocork(sk, skb, size_goal)) {
 669
 670                /* avoid atomic op if TSQ_THROTTLED bit is already set */
 671                if (!test_bit(TSQ_THROTTLED, &tp->tsq_flags)) {
 672                        NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPAUTOCORKING);
 673                        set_bit(TSQ_THROTTLED, &tp->tsq_flags);
 674                }
 675                /* It is possible TX completion already happened
 676                 * before we set TSQ_THROTTLED.
 677                 */
 678                if (atomic_read(&sk->sk_wmem_alloc) > skb->truesize)
 679                        return;
 680        }
 681
 682        if (flags & MSG_MORE)
 683                nonagle = TCP_NAGLE_CORK;
 684
 685        __tcp_push_pending_frames(sk, mss_now, nonagle);
 686}
 687
 688static int tcp_splice_data_recv(read_descriptor_t *rd_desc, struct sk_buff *skb,
 689                                unsigned int offset, size_t len)
 690{
 691        struct tcp_splice_state *tss = rd_desc->arg.data;
 692        int ret;
 693
 694        ret = skb_splice_bits(skb, offset, tss->pipe, min(rd_desc->count, len),
 695                              tss->flags);
 696        if (ret > 0)
 697                rd_desc->count -= ret;
 698        return ret;
 699}
 700
 701static int __tcp_splice_read(struct sock *sk, struct tcp_splice_state *tss)
 702{
 703        /* Store TCP splice context information in read_descriptor_t. */
 704        read_descriptor_t rd_desc = {
 705                .arg.data = tss,
 706                .count    = tss->len,
 707        };
 708
 709        return tcp_read_sock(sk, &rd_desc, tcp_splice_data_recv);
 710}
 711
 712/**
 713 *  tcp_splice_read - splice data from TCP socket to a pipe
 714 * @sock:       socket to splice from
 715 * @ppos:       position (not valid)
 716 * @pipe:       pipe to splice to
 717 * @len:        number of bytes to splice
 718 * @flags:      splice modifier flags
 719 *
 720 * Description:
 721 *    Will read pages from given socket and fill them into a pipe.
 722 *
 723 **/
 724ssize_t tcp_splice_read(struct socket *sock, loff_t *ppos,
 725                        struct pipe_inode_info *pipe, size_t len,
 726                        unsigned int flags)
 727{
 728        struct sock *sk = sock->sk;
 729        struct tcp_splice_state tss = {
 730                .pipe = pipe,
 731                .len = len,
 732                .flags = flags,
 733        };
 734        long timeo;
 735        ssize_t spliced;
 736        int ret;
 737
 738        sock_rps_record_flow(sk);
 739        /*
 740         * We can't seek on a socket input
 741         */
 742        if (unlikely(*ppos))
 743                return -ESPIPE;
 744
 745        ret = spliced = 0;
 746
 747        lock_sock(sk);
 748
 749        timeo = sock_rcvtimeo(sk, sock->file->f_flags & O_NONBLOCK);
 750        while (tss.len) {
 751                ret = __tcp_splice_read(sk, &tss);
 752                if (ret < 0)
 753                        break;
 754                else if (!ret) {
 755                        if (spliced)
 756                                break;
 757                        if (sock_flag(sk, SOCK_DONE))
 758                                break;
 759                        if (sk->sk_err) {
 760                                ret = sock_error(sk);
 761                                break;
 762                        }
 763                        if (sk->sk_shutdown & RCV_SHUTDOWN)
 764                                break;
 765                        if (sk->sk_state == TCP_CLOSE) {
 766                                /*
 767                                 * This occurs when user tries to read
 768                                 * from never connected socket.
 769                                 */
 770                                if (!sock_flag(sk, SOCK_DONE))
 771                                        ret = -ENOTCONN;
 772                                break;
 773                        }
 774                        if (!timeo) {
 775                                ret = -EAGAIN;
 776                                break;
 777                        }
 778                        sk_wait_data(sk, &timeo);
 779                        if (signal_pending(current)) {
 780                                ret = sock_intr_errno(timeo);
 781                                break;
 782                        }
 783                        continue;
 784                }
 785                tss.len -= ret;
 786                spliced += ret;
 787
 788                if (!timeo)
 789                        break;
 790                release_sock(sk);
 791                lock_sock(sk);
 792
 793                if (sk->sk_err || sk->sk_state == TCP_CLOSE ||
 794                    (sk->sk_shutdown & RCV_SHUTDOWN) ||
 795                    signal_pending(current))
 796                        break;
 797        }
 798
 799        release_sock(sk);
 800
 801        if (spliced)
 802                return spliced;
 803
 804        return ret;
 805}
 806EXPORT_SYMBOL(tcp_splice_read);
 807
 808struct sk_buff *sk_stream_alloc_skb(struct sock *sk, int size, gfp_t gfp)
 809{
 810        struct sk_buff *skb;
 811
 812        /* The TCP header must be at least 32-bit aligned.  */
 813        size = ALIGN(size, 4);
 814
 815        skb = alloc_skb_fclone(size + sk->sk_prot->max_header, gfp);
 816        if (skb) {
 817                if (sk_wmem_schedule(sk, skb->truesize)) {
 818                        skb_reserve(skb, sk->sk_prot->max_header);
 819                        /*
 820                         * Make sure that we have exactly size bytes
 821                         * available to the caller, no more, no less.
 822                         */
 823                        skb->reserved_tailroom = skb->end - skb->tail - size;
 824                        return skb;
 825                }
 826                __kfree_skb(skb);
 827        } else {
 828                sk->sk_prot->enter_memory_pressure(sk);
 829                sk_stream_moderate_sndbuf(sk);
 830        }
 831        return NULL;
 832}
 833
 834static unsigned int tcp_xmit_size_goal(struct sock *sk, u32 mss_now,
 835                                       int large_allowed)
 836{
 837        struct tcp_sock *tp = tcp_sk(sk);
 838        u32 new_size_goal, size_goal, hlen;
 839
 840        if (!large_allowed || !sk_can_gso(sk))
 841                return mss_now;
 842
 843        /* Maybe we should/could use sk->sk_prot->max_header here ? */
 844        hlen = inet_csk(sk)->icsk_af_ops->net_header_len +
 845               inet_csk(sk)->icsk_ext_hdr_len +
 846               tp->tcp_header_len;
 847
 848        new_size_goal = sk->sk_gso_max_size - 1 - hlen;
 849        new_size_goal = tcp_bound_to_half_wnd(tp, new_size_goal);
 850
 851        /* We try hard to avoid divides here */
 852        size_goal = tp->gso_segs * mss_now;
 853        if (unlikely(new_size_goal < size_goal ||
 854                     new_size_goal >= size_goal + mss_now)) {
 855                tp->gso_segs = min_t(u16, new_size_goal / mss_now,
 856                                     sk->sk_gso_max_segs);
 857                size_goal = tp->gso_segs * mss_now;
 858        }
 859
 860        return max(size_goal, mss_now);
 861}
 862
 863static int tcp_send_mss(struct sock *sk, int *size_goal, int flags)
 864{
 865        int mss_now;
 866
 867        mss_now = tcp_current_mss(sk);
 868        *size_goal = tcp_xmit_size_goal(sk, mss_now, !(flags & MSG_OOB));
 869
 870        return mss_now;
 871}
 872
 873static ssize_t do_tcp_sendpages(struct sock *sk, struct page *page, int offset,
 874                                size_t size, int flags)
 875{
 876        struct tcp_sock *tp = tcp_sk(sk);
 877        int mss_now, size_goal;
 878        int err;
 879        ssize_t copied;
 880        long timeo = sock_sndtimeo(sk, flags & MSG_DONTWAIT);
 881
 882        /* Wait for a connection to finish. One exception is TCP Fast Open
 883         * (passive side) where data is allowed to be sent before a connection
 884         * is fully established.
 885         */
 886        if (((1 << sk->sk_state) & ~(TCPF_ESTABLISHED | TCPF_CLOSE_WAIT)) &&
 887            !tcp_passive_fastopen(sk)) {
 888                if ((err = sk_stream_wait_connect(sk, &timeo)) != 0)
 889                        goto out_err;
 890        }
 891
 892        clear_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags);
 893
 894        mss_now = tcp_send_mss(sk, &size_goal, flags);
 895        copied = 0;
 896
 897        err = -EPIPE;
 898        if (sk->sk_err || (sk->sk_shutdown & SEND_SHUTDOWN))
 899                goto out_err;
 900
 901        while (size > 0) {
 902                struct sk_buff *skb = tcp_write_queue_tail(sk);
 903                int copy, i;
 904                bool can_coalesce;
 905
 906                if (!tcp_send_head(sk) || (copy = size_goal - skb->len) <= 0) {
 907new_segment:
 908                        if (!sk_stream_memory_free(sk))
 909                                goto wait_for_sndbuf;
 910
 911                        skb = sk_stream_alloc_skb(sk, 0, sk->sk_allocation);
 912                        if (!skb)
 913                                goto wait_for_memory;
 914
 915                        skb_entail(sk, skb);
 916                        copy = size_goal;
 917                }
 918
 919                if (copy > size)
 920                        copy = size;
 921
 922                i = skb_shinfo(skb)->nr_frags;
 923                can_coalesce = skb_can_coalesce(skb, i, page, offset);
 924                if (!can_coalesce && i >= MAX_SKB_FRAGS) {
 925                        tcp_mark_push(tp, skb);
 926                        goto new_segment;
 927                }
 928                if (!sk_wmem_schedule(sk, copy))
 929                        goto wait_for_memory;
 930
 931                if (can_coalesce) {
 932                        skb_frag_size_add(&skb_shinfo(skb)->frags[i - 1], copy);
 933                } else {
 934                        get_page(page);
 935                        skb_fill_page_desc(skb, i, page, offset, copy);
 936                }
 937                skb_shinfo(skb)->tx_flags |= SKBTX_SHARED_FRAG;
 938
 939                skb->len += copy;
 940                skb->data_len += copy;
 941                skb->truesize += copy;
 942                sk->sk_wmem_queued += copy;
 943                sk_mem_charge(sk, copy);
 944                skb->ip_summed = CHECKSUM_PARTIAL;
 945                tp->write_seq += copy;
 946                TCP_SKB_CB(skb)->end_seq += copy;
 947                tcp_skb_pcount_set(skb, 0);
 948
 949                if (!copied)
 950                        TCP_SKB_CB(skb)->tcp_flags &= ~TCPHDR_PSH;
 951
 952                copied += copy;
 953                offset += copy;
 954                if (!(size -= copy)) {
 955                        tcp_tx_timestamp(sk, skb);
 956                        goto out;
 957                }
 958
 959                if (skb->len < size_goal || (flags & MSG_OOB))
 960                        continue;
 961
 962                if (forced_push(tp)) {
 963                        tcp_mark_push(tp, skb);
 964                        __tcp_push_pending_frames(sk, mss_now, TCP_NAGLE_PUSH);
 965                } else if (skb == tcp_send_head(sk))
 966                        tcp_push_one(sk, mss_now);
 967                continue;
 968
 969wait_for_sndbuf:
 970                set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
 971wait_for_memory:
 972                tcp_push(sk, flags & ~MSG_MORE, mss_now,
 973                         TCP_NAGLE_PUSH, size_goal);
 974
 975                if ((err = sk_stream_wait_memory(sk, &timeo)) != 0)
 976                        goto do_error;
 977
 978                mss_now = tcp_send_mss(sk, &size_goal, flags);
 979        }
 980
 981out:
 982        if (copied && !(flags & MSG_SENDPAGE_NOTLAST))
 983                tcp_push(sk, flags, mss_now, tp->nonagle, size_goal);
 984        return copied;
 985
 986do_error:
 987        if (copied)
 988                goto out;
 989out_err:
 990        return sk_stream_error(sk, flags, err);
 991}
 992
 993int tcp_sendpage(struct sock *sk, struct page *page, int offset,
 994                 size_t size, int flags)
 995{
 996        ssize_t res;
 997
 998        if (!(sk->sk_route_caps & NETIF_F_SG) ||
 999            !(sk->sk_route_caps & NETIF_F_ALL_CSUM))
1000                return sock_no_sendpage(sk->sk_socket, page, offset, size,
1001                                        flags);
1002
1003        lock_sock(sk);
1004        res = do_tcp_sendpages(sk, page, offset, size, flags);
1005        release_sock(sk);
1006        return res;
1007}
1008EXPORT_SYMBOL(tcp_sendpage);
1009
1010static inline int select_size(const struct sock *sk, bool sg)
1011{
1012        const struct tcp_sock *tp = tcp_sk(sk);
1013        int tmp = tp->mss_cache;
1014
1015        if (sg) {
1016                if (sk_can_gso(sk)) {
1017                        /* Small frames wont use a full page:
1018                         * Payload will immediately follow tcp header.
1019                         */
1020                        tmp = SKB_WITH_OVERHEAD(2048 - MAX_TCP_HEADER);
1021                } else {
1022                        int pgbreak = SKB_MAX_HEAD(MAX_TCP_HEADER);
1023
1024                        if (tmp >= pgbreak &&
1025                            tmp <= pgbreak + (MAX_SKB_FRAGS - 1) * PAGE_SIZE)
1026                                tmp = pgbreak;
1027                }
1028        }
1029
1030        return tmp;
1031}
1032
1033void tcp_free_fastopen_req(struct tcp_sock *tp)
1034{
1035        if (tp->fastopen_req != NULL) {
1036                kfree(tp->fastopen_req);
1037                tp->fastopen_req = NULL;
1038        }
1039}
1040
1041static int tcp_sendmsg_fastopen(struct sock *sk, struct msghdr *msg,
1042                                int *copied, size_t size)
1043{
1044        struct tcp_sock *tp = tcp_sk(sk);
1045        int err, flags;
1046
1047        if (!(sysctl_tcp_fastopen & TFO_CLIENT_ENABLE))
1048                return -EOPNOTSUPP;
1049        if (tp->fastopen_req != NULL)
1050                return -EALREADY; /* Another Fast Open is in progress */
1051
1052        tp->fastopen_req = kzalloc(sizeof(struct tcp_fastopen_request),
1053                                   sk->sk_allocation);
1054        if (unlikely(tp->fastopen_req == NULL))
1055                return -ENOBUFS;
1056        tp->fastopen_req->data = msg;
1057        tp->fastopen_req->size = size;
1058
1059        flags = (msg->msg_flags & MSG_DONTWAIT) ? O_NONBLOCK : 0;
1060        err = __inet_stream_connect(sk->sk_socket, msg->msg_name,
1061                                    msg->msg_namelen, flags);
1062        *copied = tp->fastopen_req->copied;
1063        tcp_free_fastopen_req(tp);
1064        return err;
1065}
1066
1067int tcp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
1068                size_t size)
1069{
1070        const struct iovec *iov;
1071        struct tcp_sock *tp = tcp_sk(sk);
1072        struct sk_buff *skb;
1073        int iovlen, flags, err, copied = 0;
1074        int mss_now = 0, size_goal, copied_syn = 0, offset = 0;
1075        bool sg;
1076        long timeo;
1077
1078        lock_sock(sk);
1079
1080        flags = msg->msg_flags;
1081        if (flags & MSG_FASTOPEN) {
1082                err = tcp_sendmsg_fastopen(sk, msg, &copied_syn, size);
1083                if (err == -EINPROGRESS && copied_syn > 0)
1084                        goto out;
1085                else if (err)
1086                        goto out_err;
1087                offset = copied_syn;
1088        }
1089
1090        timeo = sock_sndtimeo(sk, flags & MSG_DONTWAIT);
1091
1092        /* Wait for a connection to finish. One exception is TCP Fast Open
1093         * (passive side) where data is allowed to be sent before a connection
1094         * is fully established.
1095         */
1096        if (((1 << sk->sk_state) & ~(TCPF_ESTABLISHED | TCPF_CLOSE_WAIT)) &&
1097            !tcp_passive_fastopen(sk)) {
1098                if ((err = sk_stream_wait_connect(sk, &timeo)) != 0)
1099                        goto do_error;
1100        }
1101
1102        if (unlikely(tp->repair)) {
1103                if (tp->repair_queue == TCP_RECV_QUEUE) {
1104                        copied = tcp_send_rcvq(sk, msg, size);
1105                        goto out_nopush;
1106                }
1107
1108                err = -EINVAL;
1109                if (tp->repair_queue == TCP_NO_QUEUE)
1110                        goto out_err;
1111
1112                /* 'common' sending to sendq */
1113        }
1114
1115        /* This should be in poll */
1116        clear_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags);
1117
1118        mss_now = tcp_send_mss(sk, &size_goal, flags);
1119
1120        /* Ok commence sending. */
1121        iovlen = msg->msg_iter.nr_segs;
1122        iov = msg->msg_iter.iov;
1123        copied = 0;
1124
1125        err = -EPIPE;
1126        if (sk->sk_err || (sk->sk_shutdown & SEND_SHUTDOWN))
1127                goto out_err;
1128
1129        sg = !!(sk->sk_route_caps & NETIF_F_SG);
1130
1131        while (--iovlen >= 0) {
1132                size_t seglen = iov->iov_len;
1133                unsigned char __user *from = iov->iov_base;
1134
1135                iov++;
1136                if (unlikely(offset > 0)) {  /* Skip bytes copied in SYN */
1137                        if (offset >= seglen) {
1138                                offset -= seglen;
1139                                continue;
1140                        }
1141                        seglen -= offset;
1142                        from += offset;
1143                        offset = 0;
1144                }
1145
1146                while (seglen > 0) {
1147                        int copy = 0;
1148                        int max = size_goal;
1149
1150                        skb = tcp_write_queue_tail(sk);
1151                        if (tcp_send_head(sk)) {
1152                                if (skb->ip_summed == CHECKSUM_NONE)
1153                                        max = mss_now;
1154                                copy = max - skb->len;
1155                        }
1156
1157                        if (copy <= 0) {
1158new_segment:
1159                                /* Allocate new segment. If the interface is SG,
1160                                 * allocate skb fitting to single page.
1161                                 */
1162                                if (!sk_stream_memory_free(sk))
1163                                        goto wait_for_sndbuf;
1164
1165                                skb = sk_stream_alloc_skb(sk,
1166                                                          select_size(sk, sg),
1167                                                          sk->sk_allocation);
1168                                if (!skb)
1169                                        goto wait_for_memory;
1170
1171                                /*
1172                                 * Check whether we can use HW checksum.
1173                                 */
1174                                if (sk->sk_route_caps & NETIF_F_ALL_CSUM)
1175                                        skb->ip_summed = CHECKSUM_PARTIAL;
1176
1177                                skb_entail(sk, skb);
1178                                copy = size_goal;
1179                                max = size_goal;
1180
1181                                /* All packets are restored as if they have
1182                                 * already been sent. skb_mstamp isn't set to
1183                                 * avoid wrong rtt estimation.
1184                                 */
1185                                if (tp->repair)
1186                                        TCP_SKB_CB(skb)->sacked |= TCPCB_REPAIRED;
1187                        }
1188
1189                        /* Try to append data to the end of skb. */
1190                        if (copy > seglen)
1191                                copy = seglen;
1192
1193                        /* Where to copy to? */
1194                        if (skb_availroom(skb) > 0) {
1195                                /* We have some space in skb head. Superb! */
1196                                copy = min_t(int, copy, skb_availroom(skb));
1197                                err = skb_add_data_nocache(sk, skb, from, copy);
1198                                if (err)
1199                                        goto do_fault;
1200                        } else {
1201                                bool merge = true;
1202                                int i = skb_shinfo(skb)->nr_frags;
1203                                struct page_frag *pfrag = sk_page_frag(sk);
1204
1205                                if (!sk_page_frag_refill(sk, pfrag))
1206                                        goto wait_for_memory;
1207
1208                                if (!skb_can_coalesce(skb, i, pfrag->page,
1209                                                      pfrag->offset)) {
1210                                        if (i == MAX_SKB_FRAGS || !sg) {
1211                                                tcp_mark_push(tp, skb);
1212                                                goto new_segment;
1213                                        }
1214                                        merge = false;
1215                                }
1216
1217                                copy = min_t(int, copy, pfrag->size - pfrag->offset);
1218
1219                                if (!sk_wmem_schedule(sk, copy))
1220                                        goto wait_for_memory;
1221
1222                                err = skb_copy_to_page_nocache(sk, from, skb,
1223                                                               pfrag->page,
1224                                                               pfrag->offset,
1225                                                               copy);
1226                                if (err)
1227                                        goto do_error;
1228
1229                                /* Update the skb. */
1230                                if (merge) {
1231                                        skb_frag_size_add(&skb_shinfo(skb)->frags[i - 1], copy);
1232                                } else {
1233                                        skb_fill_page_desc(skb, i, pfrag->page,
1234                                                           pfrag->offset, copy);
1235                                        get_page(pfrag->page);
1236                                }
1237                                pfrag->offset += copy;
1238                        }
1239
1240                        if (!copied)
1241                                TCP_SKB_CB(skb)->tcp_flags &= ~TCPHDR_PSH;
1242
1243                        tp->write_seq += copy;
1244                        TCP_SKB_CB(skb)->end_seq += copy;
1245                        tcp_skb_pcount_set(skb, 0);
1246
1247                        from += copy;
1248                        copied += copy;
1249                        if ((seglen -= copy) == 0 && iovlen == 0) {
1250                                tcp_tx_timestamp(sk, skb);
1251                                goto out;
1252                        }
1253
1254                        if (skb->len < max || (flags & MSG_OOB) || unlikely(tp->repair))
1255                                continue;
1256
1257                        if (forced_push(tp)) {
1258                                tcp_mark_push(tp, skb);
1259                                __tcp_push_pending_frames(sk, mss_now, TCP_NAGLE_PUSH);
1260                        } else if (skb == tcp_send_head(sk))
1261                                tcp_push_one(sk, mss_now);
1262                        continue;
1263
1264wait_for_sndbuf:
1265                        set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
1266wait_for_memory:
1267                        if (copied)
1268                                tcp_push(sk, flags & ~MSG_MORE, mss_now,
1269                                         TCP_NAGLE_PUSH, size_goal);
1270
1271                        if ((err = sk_stream_wait_memory(sk, &timeo)) != 0)
1272                                goto do_error;
1273
1274                        mss_now = tcp_send_mss(sk, &size_goal, flags);
1275                }
1276        }
1277
1278out:
1279        if (copied)
1280                tcp_push(sk, flags, mss_now, tp->nonagle, size_goal);
1281out_nopush:
1282        release_sock(sk);
1283        return copied + copied_syn;
1284
1285do_fault:
1286        if (!skb->len) {
1287                tcp_unlink_write_queue(skb, sk);
1288                /* It is the one place in all of TCP, except connection
1289                 * reset, where we can be unlinking the send_head.
1290                 */
1291                tcp_check_send_head(sk, skb);
1292                sk_wmem_free_skb(sk, skb);
1293        }
1294
1295do_error:
1296        if (copied + copied_syn)
1297                goto out;
1298out_err:
1299        err = sk_stream_error(sk, flags, err);
1300        release_sock(sk);
1301        return err;
1302}
1303EXPORT_SYMBOL(tcp_sendmsg);
1304
1305/*
1306 *      Handle reading urgent data. BSD has very simple semantics for
1307 *      this, no blocking and very strange errors 8)
1308 */
1309
1310static int tcp_recv_urg(struct sock *sk, struct msghdr *msg, int len, int flags)
1311{
1312        struct tcp_sock *tp = tcp_sk(sk);
1313
1314        /* No URG data to read. */
1315        if (sock_flag(sk, SOCK_URGINLINE) || !tp->urg_data ||
1316            tp->urg_data == TCP_URG_READ)
1317                return -EINVAL; /* Yes this is right ! */
1318
1319        if (sk->sk_state == TCP_CLOSE && !sock_flag(sk, SOCK_DONE))
1320                return -ENOTCONN;
1321
1322        if (tp->urg_data & TCP_URG_VALID) {
1323                int err = 0;
1324                char c = tp->urg_data;
1325
1326                if (!(flags & MSG_PEEK))
1327                        tp->urg_data = TCP_URG_READ;
1328
1329                /* Read urgent data. */
1330                msg->msg_flags |= MSG_OOB;
1331
1332                if (len > 0) {
1333                        if (!(flags & MSG_TRUNC))
1334                                err = memcpy_to_msg(msg, &c, 1);
1335                        len = 1;
1336                } else
1337                        msg->msg_flags |= MSG_TRUNC;
1338
1339                return err ? -EFAULT : len;
1340        }
1341
1342        if (sk->sk_state == TCP_CLOSE || (sk->sk_shutdown & RCV_SHUTDOWN))
1343                return 0;
1344
1345        /* Fixed the recv(..., MSG_OOB) behaviour.  BSD docs and
1346         * the available implementations agree in this case:
1347         * this call should never block, independent of the
1348         * blocking state of the socket.
1349         * Mike <pall@rz.uni-karlsruhe.de>
1350         */
1351        return -EAGAIN;
1352}
1353
1354static int tcp_peek_sndq(struct sock *sk, struct msghdr *msg, int len)
1355{
1356        struct sk_buff *skb;
1357        int copied = 0, err = 0;
1358
1359        /* XXX -- need to support SO_PEEK_OFF */
1360
1361        skb_queue_walk(&sk->sk_write_queue, skb) {
1362                err = skb_copy_datagram_msg(skb, 0, msg, skb->len);
1363                if (err)
1364                        break;
1365
1366                copied += skb->len;
1367        }
1368
1369        return err ?: copied;
1370}
1371
1372/* Clean up the receive buffer for full frames taken by the user,
1373 * then send an ACK if necessary.  COPIED is the number of bytes
1374 * tcp_recvmsg has given to the user so far, it speeds up the
1375 * calculation of whether or not we must ACK for the sake of
1376 * a window update.
1377 */
1378static void tcp_cleanup_rbuf(struct sock *sk, int copied)
1379{
1380        struct tcp_sock *tp = tcp_sk(sk);
1381        bool time_to_ack = false;
1382
1383        struct sk_buff *skb = skb_peek(&sk->sk_receive_queue);
1384
1385        WARN(skb && !before(tp->copied_seq, TCP_SKB_CB(skb)->end_seq),
1386             "cleanup rbuf bug: copied %X seq %X rcvnxt %X\n",
1387             tp->copied_seq, TCP_SKB_CB(skb)->end_seq, tp->rcv_nxt);
1388
1389        if (inet_csk_ack_scheduled(sk)) {
1390                const struct inet_connection_sock *icsk = inet_csk(sk);
1391                   /* Delayed ACKs frequently hit locked sockets during bulk
1392                    * receive. */
1393                if (icsk->icsk_ack.blocked ||
1394                    /* Once-per-two-segments ACK was not sent by tcp_input.c */
1395                    tp->rcv_nxt - tp->rcv_wup > icsk->icsk_ack.rcv_mss ||
1396                    /*
1397                     * If this read emptied read buffer, we send ACK, if
1398                     * connection is not bidirectional, user drained
1399                     * receive buffer and there was a small segment
1400                     * in queue.
1401                     */
1402                    (copied > 0 &&
1403                     ((icsk->icsk_ack.pending & ICSK_ACK_PUSHED2) ||
1404                      ((icsk->icsk_ack.pending & ICSK_ACK_PUSHED) &&
1405                       !icsk->icsk_ack.pingpong)) &&
1406                      !atomic_read(&sk->sk_rmem_alloc)))
1407                        time_to_ack = true;
1408        }
1409
1410        /* We send an ACK if we can now advertise a non-zero window
1411         * which has been raised "significantly".
1412         *
1413         * Even if window raised up to infinity, do not send window open ACK
1414         * in states, where we will not receive more. It is useless.
1415         */
1416        if (copied > 0 && !time_to_ack && !(sk->sk_shutdown & RCV_SHUTDOWN)) {
1417                __u32 rcv_window_now = tcp_receive_window(tp);
1418
1419                /* Optimize, __tcp_select_window() is not cheap. */
1420                if (2*rcv_window_now <= tp->window_clamp) {
1421                        __u32 new_window = __tcp_select_window(sk);
1422
1423                        /* Send ACK now, if this read freed lots of space
1424                         * in our buffer. Certainly, new_window is new window.
1425                         * We can advertise it now, if it is not less than current one.
1426                         * "Lots" means "at least twice" here.
1427                         */
1428                        if (new_window && new_window >= 2 * rcv_window_now)
1429                                time_to_ack = true;
1430                }
1431        }
1432        if (time_to_ack)
1433                tcp_send_ack(sk);
1434}
1435
1436static void tcp_prequeue_process(struct sock *sk)
1437{
1438        struct sk_buff *skb;
1439        struct tcp_sock *tp = tcp_sk(sk);
1440
1441        NET_INC_STATS_USER(sock_net(sk), LINUX_MIB_TCPPREQUEUED);
1442
1443        /* RX process wants to run with disabled BHs, though it is not
1444         * necessary */
1445        local_bh_disable();
1446        while ((skb = __skb_dequeue(&tp->ucopy.prequeue)) != NULL)
1447                sk_backlog_rcv(sk, skb);
1448        local_bh_enable();
1449
1450        /* Clear memory counter. */
1451        tp->ucopy.memory = 0;
1452}
1453
1454static struct sk_buff *tcp_recv_skb(struct sock *sk, u32 seq, u32 *off)
1455{
1456        struct sk_buff *skb;
1457        u32 offset;
1458
1459        while ((skb = skb_peek(&sk->sk_receive_queue)) != NULL) {
1460                offset = seq - TCP_SKB_CB(skb)->seq;
1461                if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN)
1462                        offset--;
1463                if (offset < skb->len || (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN)) {
1464                        *off = offset;
1465                        return skb;
1466                }
1467                /* This looks weird, but this can happen if TCP collapsing
1468                 * splitted a fat GRO packet, while we released socket lock
1469                 * in skb_splice_bits()
1470                 */
1471                sk_eat_skb(sk, skb);
1472        }
1473        return NULL;
1474}
1475
1476/*
1477 * This routine provides an alternative to tcp_recvmsg() for routines
1478 * that would like to handle copying from skbuffs directly in 'sendfile'
1479 * fashion.
1480 * Note:
1481 *      - It is assumed that the socket was locked by the caller.
1482 *      - The routine does not block.
1483 *      - At present, there is no support for reading OOB data
1484 *        or for 'peeking' the socket using this routine
1485 *        (although both would be easy to implement).
1486 */
1487int tcp_read_sock(struct sock *sk, read_descriptor_t *desc,
1488                  sk_read_actor_t recv_actor)
1489{
1490        struct sk_buff *skb;
1491        struct tcp_sock *tp = tcp_sk(sk);
1492        u32 seq = tp->copied_seq;
1493        u32 offset;
1494        int copied = 0;
1495
1496        if (sk->sk_state == TCP_LISTEN)
1497                return -ENOTCONN;
1498        while ((skb = tcp_recv_skb(sk, seq, &offset)) != NULL) {
1499                if (offset < skb->len) {
1500                        int used;
1501                        size_t len;
1502
1503                        len = skb->len - offset;
1504                        /* Stop reading if we hit a patch of urgent data */
1505                        if (tp->urg_data) {
1506                                u32 urg_offset = tp->urg_seq - seq;
1507                                if (urg_offset < len)
1508                                        len = urg_offset;
1509                                if (!len)
1510                                        break;
1511                        }
1512                        used = recv_actor(desc, skb, offset, len);
1513                        if (used <= 0) {
1514                                if (!copied)
1515                                        copied = used;
1516                                break;
1517                        } else if (used <= len) {
1518                                seq += used;
1519                                copied += used;
1520                                offset += used;
1521                        }
1522                        /* If recv_actor drops the lock (e.g. TCP splice
1523                         * receive) the skb pointer might be invalid when
1524                         * getting here: tcp_collapse might have deleted it
1525                         * while aggregating skbs from the socket queue.
1526                         */
1527                        skb = tcp_recv_skb(sk, seq - 1, &offset);
1528                        if (!skb)
1529                                break;
1530                        /* TCP coalescing might have appended data to the skb.
1531                         * Try to splice more frags
1532                         */
1533                        if (offset + 1 != skb->len)
1534                                continue;
1535                }
1536                if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN) {
1537                        sk_eat_skb(sk, skb);
1538                        ++seq;
1539                        break;
1540                }
1541                sk_eat_skb(sk, skb);
1542                if (!desc->count)
1543                        break;
1544                tp->copied_seq = seq;
1545        }
1546        tp->copied_seq = seq;
1547
1548        tcp_rcv_space_adjust(sk);
1549
1550        /* Clean up data we have read: This will do ACK frames. */
1551        if (copied > 0) {
1552                tcp_recv_skb(sk, seq, &offset);
1553                tcp_cleanup_rbuf(sk, copied);
1554        }
1555        return copied;
1556}
1557EXPORT_SYMBOL(tcp_read_sock);
1558
1559/*
1560 *      This routine copies from a sock struct into the user buffer.
1561 *
1562 *      Technical note: in 2.3 we work on _locked_ socket, so that
1563 *      tricks with *seq access order and skb->users are not required.
1564 *      Probably, code can be easily improved even more.
1565 */
1566
1567int tcp_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
1568                size_t len, int nonblock, int flags, int *addr_len)
1569{
1570        struct tcp_sock *tp = tcp_sk(sk);
1571        int copied = 0;
1572        u32 peek_seq;
1573        u32 *seq;
1574        unsigned long used;
1575        int err;
1576        int target;             /* Read at least this many bytes */
1577        long timeo;
1578        struct task_struct *user_recv = NULL;
1579        struct sk_buff *skb;
1580        u32 urg_hole = 0;
1581
1582        if (unlikely(flags & MSG_ERRQUEUE))
1583                return inet_recv_error(sk, msg, len, addr_len);
1584
1585        if (sk_can_busy_loop(sk) && skb_queue_empty(&sk->sk_receive_queue) &&
1586            (sk->sk_state == TCP_ESTABLISHED))
1587                sk_busy_loop(sk, nonblock);
1588
1589        lock_sock(sk);
1590
1591        err = -ENOTCONN;
1592        if (sk->sk_state == TCP_LISTEN)
1593                goto out;
1594
1595        timeo = sock_rcvtimeo(sk, nonblock);
1596
1597        /* Urgent data needs to be handled specially. */
1598        if (flags & MSG_OOB)
1599                goto recv_urg;
1600
1601        if (unlikely(tp->repair)) {
1602                err = -EPERM;
1603                if (!(flags & MSG_PEEK))
1604                        goto out;
1605
1606                if (tp->repair_queue == TCP_SEND_QUEUE)
1607                        goto recv_sndq;
1608
1609                err = -EINVAL;
1610                if (tp->repair_queue == TCP_NO_QUEUE)
1611                        goto out;
1612
1613                /* 'common' recv queue MSG_PEEK-ing */
1614        }
1615
1616        seq = &tp->copied_seq;
1617        if (flags & MSG_PEEK) {
1618                peek_seq = tp->copied_seq;
1619                seq = &peek_seq;
1620        }
1621
1622        target = sock_rcvlowat(sk, flags & MSG_WAITALL, len);
1623
1624        do {
1625                u32 offset;
1626
1627                /* Are we at urgent data? Stop if we have read anything or have SIGURG pending. */
1628                if (tp->urg_data && tp->urg_seq == *seq) {
1629                        if (copied)
1630                                break;
1631                        if (signal_pending(current)) {
1632                                copied = timeo ? sock_intr_errno(timeo) : -EAGAIN;
1633                                break;
1634                        }
1635                }
1636
1637                /* Next get a buffer. */
1638
1639                skb_queue_walk(&sk->sk_receive_queue, skb) {
1640                        /* Now that we have two receive queues this
1641                         * shouldn't happen.
1642                         */
1643                        if (WARN(before(*seq, TCP_SKB_CB(skb)->seq),
1644                                 "recvmsg bug: copied %X seq %X rcvnxt %X fl %X\n",
1645                                 *seq, TCP_SKB_CB(skb)->seq, tp->rcv_nxt,
1646                                 flags))
1647                                break;
1648
1649                        offset = *seq - TCP_SKB_CB(skb)->seq;
1650                        if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN)
1651                                offset--;
1652                        if (offset < skb->len)
1653                                goto found_ok_skb;
1654                        if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN)
1655                                goto found_fin_ok;
1656                        WARN(!(flags & MSG_PEEK),
1657                             "recvmsg bug 2: copied %X seq %X rcvnxt %X fl %X\n",
1658                             *seq, TCP_SKB_CB(skb)->seq, tp->rcv_nxt, flags);
1659                }
1660
1661                /* Well, if we have backlog, try to process it now yet. */
1662
1663                if (copied >= target && !sk->sk_backlog.tail)
1664                        break;
1665
1666                if (copied) {
1667                        if (sk->sk_err ||
1668                            sk->sk_state == TCP_CLOSE ||
1669                            (sk->sk_shutdown & RCV_SHUTDOWN) ||
1670                            !timeo ||
1671                            signal_pending(current))
1672                                break;
1673                } else {
1674                        if (sock_flag(sk, SOCK_DONE))
1675                                break;
1676
1677                        if (sk->sk_err) {
1678                                copied = sock_error(sk);
1679                                break;
1680                        }
1681
1682                        if (sk->sk_shutdown & RCV_SHUTDOWN)
1683                                break;
1684
1685                        if (sk->sk_state == TCP_CLOSE) {
1686                                if (!sock_flag(sk, SOCK_DONE)) {
1687                                        /* This occurs when user tries to read
1688                                         * from never connected socket.
1689                                         */
1690                                        copied = -ENOTCONN;
1691                                        break;
1692                                }
1693                                break;
1694                        }
1695
1696                        if (!timeo) {
1697                                copied = -EAGAIN;
1698                                break;
1699                        }
1700
1701                        if (signal_pending(current)) {
1702                                copied = sock_intr_errno(timeo);
1703                                break;
1704                        }
1705                }
1706
1707                tcp_cleanup_rbuf(sk, copied);
1708
1709                if (!sysctl_tcp_low_latency && tp->ucopy.task == user_recv) {
1710                        /* Install new reader */
1711                        if (!user_recv && !(flags & (MSG_TRUNC | MSG_PEEK))) {
1712                                user_recv = current;
1713                                tp->ucopy.task = user_recv;
1714                                tp->ucopy.msg = msg;
1715                        }
1716
1717                        tp->ucopy.len = len;
1718
1719                        WARN_ON(tp->copied_seq != tp->rcv_nxt &&
1720                                !(flags & (MSG_PEEK | MSG_TRUNC)));
1721
1722                        /* Ugly... If prequeue is not empty, we have to
1723                         * process it before releasing socket, otherwise
1724                         * order will be broken at second iteration.
1725                         * More elegant solution is required!!!
1726                         *
1727                         * Look: we have the following (pseudo)queues:
1728                         *
1729                         * 1. packets in flight
1730                         * 2. backlog
1731                         * 3. prequeue
1732                         * 4. receive_queue
1733                         *
1734                         * Each queue can be processed only if the next ones
1735                         * are empty. At this point we have empty receive_queue.
1736                         * But prequeue _can_ be not empty after 2nd iteration,
1737                         * when we jumped to start of loop because backlog
1738                         * processing added something to receive_queue.
1739                         * We cannot release_sock(), because backlog contains
1740                         * packets arrived _after_ prequeued ones.
1741                         *
1742                         * Shortly, algorithm is clear --- to process all
1743                         * the queues in order. We could make it more directly,
1744                         * requeueing packets from backlog to prequeue, if
1745                         * is not empty. It is more elegant, but eats cycles,
1746                         * unfortunately.
1747                         */
1748                        if (!skb_queue_empty(&tp->ucopy.prequeue))
1749                                goto do_prequeue;
1750
1751                        /* __ Set realtime policy in scheduler __ */
1752                }
1753
1754                if (copied >= target) {
1755                        /* Do not sleep, just process backlog. */
1756                        release_sock(sk);
1757                        lock_sock(sk);
1758                } else
1759                        sk_wait_data(sk, &timeo);
1760
1761                if (user_recv) {
1762                        int chunk;
1763
1764                        /* __ Restore normal policy in scheduler __ */
1765
1766                        if ((chunk = len - tp->ucopy.len) != 0) {
1767                                NET_ADD_STATS_USER(sock_net(sk), LINUX_MIB_TCPDIRECTCOPYFROMBACKLOG, chunk);
1768                                len -= chunk;
1769                                copied += chunk;
1770                        }
1771
1772                        if (tp->rcv_nxt == tp->copied_seq &&
1773                            !skb_queue_empty(&tp->ucopy.prequeue)) {
1774do_prequeue:
1775                                tcp_prequeue_process(sk);
1776
1777                                if ((chunk = len - tp->ucopy.len) != 0) {
1778                                        NET_ADD_STATS_USER(sock_net(sk), LINUX_MIB_TCPDIRECTCOPYFROMPREQUEUE, chunk);
1779                                        len -= chunk;
1780                                        copied += chunk;
1781                                }
1782                        }
1783                }
1784                if ((flags & MSG_PEEK) &&
1785                    (peek_seq - copied - urg_hole != tp->copied_seq)) {
1786                        net_dbg_ratelimited("TCP(%s:%d): Application bug, race in MSG_PEEK\n",
1787                                            current->comm,
1788                                            task_pid_nr(current));
1789                        peek_seq = tp->copied_seq;
1790                }
1791                continue;
1792
1793        found_ok_skb:
1794                /* Ok so how much can we use? */
1795                used = skb->len - offset;
1796                if (len < used)
1797                        used = len;
1798
1799                /* Do we have urgent data here? */
1800                if (tp->urg_data) {
1801                        u32 urg_offset = tp->urg_seq - *seq;
1802                        if (urg_offset < used) {
1803                                if (!urg_offset) {
1804                                        if (!sock_flag(sk, SOCK_URGINLINE)) {
1805                                                ++*seq;
1806                                                urg_hole++;
1807                                                offset++;
1808                                                used--;
1809                                                if (!used)
1810                                                        goto skip_copy;
1811                                        }
1812                                } else
1813                                        used = urg_offset;
1814                        }
1815                }
1816
1817                if (!(flags & MSG_TRUNC)) {
1818                        err = skb_copy_datagram_msg(skb, offset, msg, used);
1819                        if (err) {
1820                                /* Exception. Bailout! */
1821                                if (!copied)
1822                                        copied = -EFAULT;
1823                                break;
1824                        }
1825                }
1826
1827                *seq += used;
1828                copied += used;
1829                len -= used;
1830
1831                tcp_rcv_space_adjust(sk);
1832
1833skip_copy:
1834                if (tp->urg_data && after(tp->copied_seq, tp->urg_seq)) {
1835                        tp->urg_data = 0;
1836                        tcp_fast_path_check(sk);
1837                }
1838                if (used + offset < skb->len)
1839                        continue;
1840
1841                if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN)
1842                        goto found_fin_ok;
1843                if (!(flags & MSG_PEEK))
1844                        sk_eat_skb(sk, skb);
1845                continue;
1846
1847        found_fin_ok:
1848                /* Process the FIN. */
1849                ++*seq;
1850                if (!(flags & MSG_PEEK))
1851                        sk_eat_skb(sk, skb);
1852                break;
1853        } while (len > 0);
1854
1855        if (user_recv) {
1856                if (!skb_queue_empty(&tp->ucopy.prequeue)) {
1857                        int chunk;
1858
1859                        tp->ucopy.len = copied > 0 ? len : 0;
1860
1861                        tcp_prequeue_process(sk);
1862
1863                        if (copied > 0 && (chunk = len - tp->ucopy.len) != 0) {
1864                                NET_ADD_STATS_USER(sock_net(sk), LINUX_MIB_TCPDIRECTCOPYFROMPREQUEUE, chunk);
1865                                len -= chunk;
1866                                copied += chunk;
1867                        }
1868                }
1869
1870                tp->ucopy.task = NULL;
1871                tp->ucopy.len = 0;
1872        }
1873
1874        /* According to UNIX98, msg_name/msg_namelen are ignored
1875         * on connected socket. I was just happy when found this 8) --ANK
1876         */
1877
1878        /* Clean up data we have read: This will do ACK frames. */
1879        tcp_cleanup_rbuf(sk, copied);
1880
1881        release_sock(sk);
1882        return copied;
1883
1884out:
1885        release_sock(sk);
1886        return err;
1887
1888recv_urg:
1889        err = tcp_recv_urg(sk, msg, len, flags);
1890        goto out;
1891
1892recv_sndq:
1893        err = tcp_peek_sndq(sk, msg, len);
1894        goto out;
1895}
1896EXPORT_SYMBOL(tcp_recvmsg);
1897
1898void tcp_set_state(struct sock *sk, int state)
1899{
1900        int oldstate = sk->sk_state;
1901
1902        switch (state) {
1903        case TCP_ESTABLISHED:
1904                if (oldstate != TCP_ESTABLISHED)
1905                        TCP_INC_STATS(sock_net(sk), TCP_MIB_CURRESTAB);
1906                break;
1907
1908        case TCP_CLOSE:
1909                if (oldstate == TCP_CLOSE_WAIT || oldstate == TCP_ESTABLISHED)
1910                        TCP_INC_STATS(sock_net(sk), TCP_MIB_ESTABRESETS);
1911
1912                sk->sk_prot->unhash(sk);
1913                if (inet_csk(sk)->icsk_bind_hash &&
1914                    !(sk->sk_userlocks & SOCK_BINDPORT_LOCK))
1915                        inet_put_port(sk);
1916                /* fall through */
1917        default:
1918                if (oldstate == TCP_ESTABLISHED)
1919                        TCP_DEC_STATS(sock_net(sk), TCP_MIB_CURRESTAB);
1920        }
1921
1922        /* Change state AFTER socket is unhashed to avoid closed
1923         * socket sitting in hash tables.
1924         */
1925        sk->sk_state = state;
1926
1927#ifdef STATE_TRACE
1928        SOCK_DEBUG(sk, "TCP sk=%p, State %s -> %s\n", sk, statename[oldstate], statename[state]);
1929#endif
1930}
1931EXPORT_SYMBOL_GPL(tcp_set_state);
1932
1933/*
1934 *      State processing on a close. This implements the state shift for
1935 *      sending our FIN frame. Note that we only send a FIN for some
1936 *      states. A shutdown() may have already sent the FIN, or we may be
1937 *      closed.
1938 */
1939
1940static const unsigned char new_state[16] = {
1941  /* current state:        new state:      action:      */
1942  /* (Invalid)          */ TCP_CLOSE,
1943  /* TCP_ESTABLISHED    */ TCP_FIN_WAIT1 | TCP_ACTION_FIN,
1944  /* TCP_SYN_SENT       */ TCP_CLOSE,
1945  /* TCP_SYN_RECV       */ TCP_FIN_WAIT1 | TCP_ACTION_FIN,
1946  /* TCP_FIN_WAIT1      */ TCP_FIN_WAIT1,
1947  /* TCP_FIN_WAIT2      */ TCP_FIN_WAIT2,
1948  /* TCP_TIME_WAIT      */ TCP_CLOSE,
1949  /* TCP_CLOSE          */ TCP_CLOSE,
1950  /* TCP_CLOSE_WAIT     */ TCP_LAST_ACK  | TCP_ACTION_FIN,
1951  /* TCP_LAST_ACK       */ TCP_LAST_ACK,
1952  /* TCP_LISTEN         */ TCP_CLOSE,
1953  /* TCP_CLOSING        */ TCP_CLOSING,
1954};
1955
1956static int tcp_close_state(struct sock *sk)
1957{
1958        int next = (int)new_state[sk->sk_state];
1959        int ns = next & TCP_STATE_MASK;
1960
1961        tcp_set_state(sk, ns);
1962
1963        return next & TCP_ACTION_FIN;
1964}
1965
1966/*
1967 *      Shutdown the sending side of a connection. Much like close except
1968 *      that we don't receive shut down or sock_set_flag(sk, SOCK_DEAD).
1969 */
1970
1971void tcp_shutdown(struct sock *sk, int how)
1972{
1973        /*      We need to grab some memory, and put together a FIN,
1974         *      and then put it into the queue to be sent.
1975         *              Tim MacKenzie(tym@dibbler.cs.monash.edu.au) 4 Dec '92.
1976         */
1977        if (!(how & SEND_SHUTDOWN))
1978                return;
1979
1980        /* If we've already sent a FIN, or it's a closed state, skip this. */
1981        if ((1 << sk->sk_state) &
1982            (TCPF_ESTABLISHED | TCPF_SYN_SENT |
1983             TCPF_SYN_RECV | TCPF_CLOSE_WAIT)) {
1984                /* Clear out any half completed packets.  FIN if needed. */
1985                if (tcp_close_state(sk))
1986                        tcp_send_fin(sk);
1987        }
1988}
1989EXPORT_SYMBOL(tcp_shutdown);
1990
1991bool tcp_check_oom(struct sock *sk, int shift)
1992{
1993        bool too_many_orphans, out_of_socket_memory;
1994
1995        too_many_orphans = tcp_too_many_orphans(sk, shift);
1996        out_of_socket_memory = tcp_out_of_memory(sk);
1997
1998        if (too_many_orphans)
1999                net_info_ratelimited("too many orphaned sockets\n");
2000        if (out_of_socket_memory)
2001                net_info_ratelimited("out of memory -- consider tuning tcp_mem\n");
2002        return too_many_orphans || out_of_socket_memory;
2003}
2004
2005void tcp_close(struct sock *sk, long timeout)
2006{
2007        struct sk_buff *skb;
2008        int data_was_unread = 0;
2009        int state;
2010
2011        lock_sock(sk);
2012        sk->sk_shutdown = SHUTDOWN_MASK;
2013
2014        if (sk->sk_state == TCP_LISTEN) {
2015                tcp_set_state(sk, TCP_CLOSE);
2016
2017                /* Special case. */
2018                inet_csk_listen_stop(sk);
2019
2020                goto adjudge_to_death;
2021        }
2022
2023        /*  We need to flush the recv. buffs.  We do this only on the
2024         *  descriptor close, not protocol-sourced closes, because the
2025         *  reader process may not have drained the data yet!
2026         */
2027        while ((skb = __skb_dequeue(&sk->sk_receive_queue)) != NULL) {
2028                u32 len = TCP_SKB_CB(skb)->end_seq - TCP_SKB_CB(skb)->seq;
2029
2030                if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN)
2031                        len--;
2032                data_was_unread += len;
2033                __kfree_skb(skb);
2034        }
2035
2036        sk_mem_reclaim(sk);
2037
2038        /* If socket has been already reset (e.g. in tcp_reset()) - kill it. */
2039        if (sk->sk_state == TCP_CLOSE)
2040                goto adjudge_to_death;
2041
2042        /* As outlined in RFC 2525, section 2.17, we send a RST here because
2043         * data was lost. To witness the awful effects of the old behavior of
2044         * always doing a FIN, run an older 2.1.x kernel or 2.0.x, start a bulk
2045         * GET in an FTP client, suspend the process, wait for the client to
2046         * advertise a zero window, then kill -9 the FTP client, wheee...
2047         * Note: timeout is always zero in such a case.
2048         */
2049        if (unlikely(tcp_sk(sk)->repair)) {
2050                sk->sk_prot->disconnect(sk, 0);
2051        } else if (data_was_unread) {
2052                /* Unread data was tossed, zap the connection. */
2053                NET_INC_STATS_USER(sock_net(sk), LINUX_MIB_TCPABORTONCLOSE);
2054                tcp_set_state(sk, TCP_CLOSE);
2055                tcp_send_active_reset(sk, sk->sk_allocation);
2056        } else if (sock_flag(sk, SOCK_LINGER) && !sk->sk_lingertime) {
2057                /* Check zero linger _after_ checking for unread data. */
2058                sk->sk_prot->disconnect(sk, 0);
2059                NET_INC_STATS_USER(sock_net(sk), LINUX_MIB_TCPABORTONDATA);
2060        } else if (tcp_close_state(sk)) {
2061                /* We FIN if the application ate all the data before
2062                 * zapping the connection.
2063                 */
2064
2065                /* RED-PEN. Formally speaking, we have broken TCP state
2066                 * machine. State transitions:
2067                 *
2068                 * TCP_ESTABLISHED -> TCP_FIN_WAIT1
2069                 * TCP_SYN_RECV -> TCP_FIN_WAIT1 (forget it, it's impossible)
2070                 * TCP_CLOSE_WAIT -> TCP_LAST_ACK
2071                 *
2072                 * are legal only when FIN has been sent (i.e. in window),
2073                 * rather than queued out of window. Purists blame.
2074                 *
2075                 * F.e. "RFC state" is ESTABLISHED,
2076                 * if Linux state is FIN-WAIT-1, but FIN is still not sent.
2077                 *
2078                 * The visible declinations are that sometimes
2079                 * we enter time-wait state, when it is not required really
2080                 * (harmless), do not send active resets, when they are
2081                 * required by specs (TCP_ESTABLISHED, TCP_CLOSE_WAIT, when
2082                 * they look as CLOSING or LAST_ACK for Linux)
2083                 * Probably, I missed some more holelets.
2084                 *                                              --ANK
2085                 * XXX (TFO) - To start off we don't support SYN+ACK+FIN
2086                 * in a single packet! (May consider it later but will
2087                 * probably need API support or TCP_CORK SYN-ACK until
2088                 * data is written and socket is closed.)
2089                 */
2090                tcp_send_fin(sk);
2091        }
2092
2093        sk_stream_wait_close(sk, timeout);
2094
2095adjudge_to_death:
2096        state = sk->sk_state;
2097        sock_hold(sk);
2098        sock_orphan(sk);
2099
2100        /* It is the last release_sock in its life. It will remove backlog. */
2101        release_sock(sk);
2102
2103
2104        /* Now socket is owned by kernel and we acquire BH lock
2105           to finish close. No need to check for user refs.
2106         */
2107        local_bh_disable();
2108        bh_lock_sock(sk);
2109        WARN_ON(sock_owned_by_user(sk));
2110
2111        percpu_counter_inc(sk->sk_prot->orphan_count);
2112
2113        /* Have we already been destroyed by a softirq or backlog? */
2114        if (state != TCP_CLOSE && sk->sk_state == TCP_CLOSE)
2115                goto out;
2116
2117        /*      This is a (useful) BSD violating of the RFC. There is a
2118         *      problem with TCP as specified in that the other end could
2119         *      keep a socket open forever with no application left this end.
2120         *      We use a 1 minute timeout (about the same as BSD) then kill
2121         *      our end. If they send after that then tough - BUT: long enough
2122         *      that we won't make the old 4*rto = almost no time - whoops
2123         *      reset mistake.
2124         *
2125         *      Nope, it was not mistake. It is really desired behaviour
2126         *      f.e. on http servers, when such sockets are useless, but
2127         *      consume significant resources. Let's do it with special
2128         *      linger2 option.                                 --ANK
2129         */
2130
2131        if (sk->sk_state == TCP_FIN_WAIT2) {
2132                struct tcp_sock *tp = tcp_sk(sk);
2133                if (tp->linger2 < 0) {
2134                        tcp_set_state(sk, TCP_CLOSE);
2135                        tcp_send_active_reset(sk, GFP_ATOMIC);
2136                        NET_INC_STATS_BH(sock_net(sk),
2137                                        LINUX_MIB_TCPABORTONLINGER);
2138                } else {
2139                        const int tmo = tcp_fin_time(sk);
2140
2141                        if (tmo > TCP_TIMEWAIT_LEN) {
2142                                inet_csk_reset_keepalive_timer(sk,
2143                                                tmo - TCP_TIMEWAIT_LEN);
2144                        } else {
2145                                tcp_time_wait(sk, TCP_FIN_WAIT2, tmo);
2146                                goto out;
2147                        }
2148                }
2149        }
2150        if (sk->sk_state != TCP_CLOSE) {
2151                sk_mem_reclaim(sk);
2152                if (tcp_check_oom(sk, 0)) {
2153                        tcp_set_state(sk, TCP_CLOSE);
2154                        tcp_send_active_reset(sk, GFP_ATOMIC);
2155                        NET_INC_STATS_BH(sock_net(sk),
2156                                        LINUX_MIB_TCPABORTONMEMORY);
2157                }
2158        }
2159
2160        if (sk->sk_state == TCP_CLOSE) {
2161                struct request_sock *req = tcp_sk(sk)->fastopen_rsk;
2162                /* We could get here with a non-NULL req if the socket is
2163                 * aborted (e.g., closed with unread data) before 3WHS
2164                 * finishes.
2165                 */
2166                if (req != NULL)
2167                        reqsk_fastopen_remove(sk, req, false);
2168                inet_csk_destroy_sock(sk);
2169        }
2170        /* Otherwise, socket is reprieved until protocol close. */
2171
2172out:
2173        bh_unlock_sock(sk);
2174        local_bh_enable();
2175        sock_put(sk);
2176}
2177EXPORT_SYMBOL(tcp_close);
2178
2179/* These states need RST on ABORT according to RFC793 */
2180
2181static inline bool tcp_need_reset(int state)
2182{
2183        return (1 << state) &
2184               (TCPF_ESTABLISHED | TCPF_CLOSE_WAIT | TCPF_FIN_WAIT1 |
2185                TCPF_FIN_WAIT2 | TCPF_SYN_RECV);
2186}
2187
2188int tcp_disconnect(struct sock *sk, int flags)
2189{
2190        struct inet_sock *inet = inet_sk(sk);
2191        struct inet_connection_sock *icsk = inet_csk(sk);
2192        struct tcp_sock *tp = tcp_sk(sk);
2193        int err = 0;
2194        int old_state = sk->sk_state;
2195
2196        if (old_state != TCP_CLOSE)
2197                tcp_set_state(sk, TCP_CLOSE);
2198
2199        /* ABORT function of RFC793 */
2200        if (old_state == TCP_LISTEN) {
2201                inet_csk_listen_stop(sk);
2202        } else if (unlikely(tp->repair)) {
2203                sk->sk_err = ECONNABORTED;
2204        } else if (tcp_need_reset(old_state) ||
2205                   (tp->snd_nxt != tp->write_seq &&
2206                    (1 << old_state) & (TCPF_CLOSING | TCPF_LAST_ACK))) {
2207                /* The last check adjusts for discrepancy of Linux wrt. RFC
2208                 * states
2209                 */
2210                tcp_send_active_reset(sk, gfp_any());
2211                sk->sk_err = ECONNRESET;
2212        } else if (old_state == TCP_SYN_SENT)
2213                sk->sk_err = ECONNRESET;
2214
2215        tcp_clear_xmit_timers(sk);
2216        __skb_queue_purge(&sk->sk_receive_queue);
2217        tcp_write_queue_purge(sk);
2218        __skb_queue_purge(&tp->out_of_order_queue);
2219
2220        inet->inet_dport = 0;
2221
2222        if (!(sk->sk_userlocks & SOCK_BINDADDR_LOCK))
2223                inet_reset_saddr(sk);
2224
2225        sk->sk_shutdown = 0;
2226        sock_reset_flag(sk, SOCK_DONE);
2227        tp->srtt_us = 0;
2228        if ((tp->write_seq += tp->max_window + 2) == 0)
2229                tp->write_seq = 1;
2230        icsk->icsk_backoff = 0;
2231        tp->snd_cwnd = 2;
2232        icsk->icsk_probes_out = 0;
2233        tp->packets_out = 0;
2234        tp->snd_ssthresh = TCP_INFINITE_SSTHRESH;
2235        tp->snd_cwnd_cnt = 0;
2236        tp->window_clamp = 0;
2237        tcp_set_ca_state(sk, TCP_CA_Open);
2238        tcp_clear_retrans(tp);
2239        inet_csk_delack_init(sk);
2240        tcp_init_send_head(sk);
2241        memset(&tp->rx_opt, 0, sizeof(tp->rx_opt));
2242        __sk_dst_reset(sk);
2243
2244        WARN_ON(inet->inet_num && !icsk->icsk_bind_hash);
2245
2246        sk->sk_error_report(sk);
2247        return err;
2248}
2249EXPORT_SYMBOL(tcp_disconnect);
2250
2251void tcp_sock_destruct(struct sock *sk)
2252{
2253        inet_sock_destruct(sk);
2254
2255        kfree(inet_csk(sk)->icsk_accept_queue.fastopenq);
2256}
2257
2258static inline bool tcp_can_repair_sock(const struct sock *sk)
2259{
2260        return ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN) &&
2261                ((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_ESTABLISHED));
2262}
2263
2264static int tcp_repair_options_est(struct tcp_sock *tp,
2265                struct tcp_repair_opt __user *optbuf, unsigned int len)
2266{
2267        struct tcp_repair_opt opt;
2268
2269        while (len >= sizeof(opt)) {
2270                if (copy_from_user(&opt, optbuf, sizeof(opt)))
2271                        return -EFAULT;
2272
2273                optbuf++;
2274                len -= sizeof(opt);
2275
2276                switch (opt.opt_code) {
2277                case TCPOPT_MSS:
2278                        tp->rx_opt.mss_clamp = opt.opt_val;
2279                        break;
2280                case TCPOPT_WINDOW:
2281                        {
2282                                u16 snd_wscale = opt.opt_val & 0xFFFF;
2283                                u16 rcv_wscale = opt.opt_val >> 16;
2284
2285                                if (snd_wscale > 14 || rcv_wscale > 14)
2286                                        return -EFBIG;
2287
2288                                tp->rx_opt.snd_wscale = snd_wscale;
2289                                tp->rx_opt.rcv_wscale = rcv_wscale;
2290                                tp->rx_opt.wscale_ok = 1;
2291                        }
2292                        break;
2293                case TCPOPT_SACK_PERM:
2294                        if (opt.opt_val != 0)
2295                                return -EINVAL;
2296
2297                        tp->rx_opt.sack_ok |= TCP_SACK_SEEN;
2298                        if (sysctl_tcp_fack)
2299                                tcp_enable_fack(tp);
2300                        break;
2301                case TCPOPT_TIMESTAMP:
2302                        if (opt.opt_val != 0)
2303                                return -EINVAL;
2304
2305                        tp->rx_opt.tstamp_ok = 1;
2306                        break;
2307                }
2308        }
2309
2310        return 0;
2311}
2312
2313/*
2314 *      Socket option code for TCP.
2315 */
2316static int do_tcp_setsockopt(struct sock *sk, int level,
2317                int optname, char __user *optval, unsigned int optlen)
2318{
2319        struct tcp_sock *tp = tcp_sk(sk);
2320        struct inet_connection_sock *icsk = inet_csk(sk);
2321        int val;
2322        int err = 0;
2323
2324        /* These are data/string values, all the others are ints */
2325        switch (optname) {
2326        case TCP_CONGESTION: {
2327                char name[TCP_CA_NAME_MAX];
2328
2329                if (optlen < 1)
2330                        return -EINVAL;
2331
2332                val = strncpy_from_user(name, optval,
2333                                        min_t(long, TCP_CA_NAME_MAX-1, optlen));
2334                if (val < 0)
2335                        return -EFAULT;
2336                name[val] = 0;
2337
2338                lock_sock(sk);
2339                err = tcp_set_congestion_control(sk, name);
2340                release_sock(sk);
2341                return err;
2342        }
2343        default:
2344                /* fallthru */
2345                break;
2346        }
2347
2348        if (optlen < sizeof(int))
2349                return -EINVAL;
2350
2351        if (get_user(val, (int __user *)optval))
2352                return -EFAULT;
2353
2354        lock_sock(sk);
2355
2356        switch (optname) {
2357        case TCP_MAXSEG:
2358                /* Values greater than interface MTU won't take effect. However
2359                 * at the point when this call is done we typically don't yet
2360                 * know which interface is going to be used */
2361                if (val < TCP_MIN_MSS || val > MAX_TCP_WINDOW) {
2362                        err = -EINVAL;
2363                        break;
2364                }
2365                tp->rx_opt.user_mss = val;
2366                break;
2367
2368        case TCP_NODELAY:
2369                if (val) {
2370                        /* TCP_NODELAY is weaker than TCP_CORK, so that
2371                         * this option on corked socket is remembered, but
2372                         * it is not activated until cork is cleared.
2373                         *
2374                         * However, when TCP_NODELAY is set we make
2375                         * an explicit push, which overrides even TCP_CORK
2376                         * for currently queued segments.
2377                         */
2378                        tp->nonagle |= TCP_NAGLE_OFF|TCP_NAGLE_PUSH;
2379                        tcp_push_pending_frames(sk);
2380                } else {
2381                        tp->nonagle &= ~TCP_NAGLE_OFF;
2382                }
2383                break;
2384
2385        case TCP_THIN_LINEAR_TIMEOUTS:
2386                if (val < 0 || val > 1)
2387                        err = -EINVAL;
2388                else
2389                        tp->thin_lto = val;
2390                break;
2391
2392        case TCP_THIN_DUPACK:
2393                if (val < 0 || val > 1)
2394                        err = -EINVAL;
2395                else {
2396                        tp->thin_dupack = val;
2397                        if (tp->thin_dupack)
2398                                tcp_disable_early_retrans(tp);
2399                }
2400                break;
2401
2402        case TCP_REPAIR:
2403                if (!tcp_can_repair_sock(sk))
2404                        err = -EPERM;
2405                else if (val == 1) {
2406                        tp->repair = 1;
2407                        sk->sk_reuse = SK_FORCE_REUSE;
2408                        tp->repair_queue = TCP_NO_QUEUE;
2409                } else if (val == 0) {
2410                        tp->repair = 0;
2411                        sk->sk_reuse = SK_NO_REUSE;
2412                        tcp_send_window_probe(sk);
2413                } else
2414                        err = -EINVAL;
2415
2416                break;
2417
2418        case TCP_REPAIR_QUEUE:
2419                if (!tp->repair)
2420                        err = -EPERM;
2421                else if (val < TCP_QUEUES_NR)
2422                        tp->repair_queue = val;
2423                else
2424                        err = -EINVAL;
2425                break;
2426
2427        case TCP_QUEUE_SEQ:
2428                if (sk->sk_state != TCP_CLOSE)
2429                        err = -EPERM;
2430                else if (tp->repair_queue == TCP_SEND_QUEUE)
2431                        tp->write_seq = val;
2432                else if (tp->repair_queue == TCP_RECV_QUEUE)
2433                        tp->rcv_nxt = val;
2434                else
2435                        err = -EINVAL;
2436                break;
2437
2438        case TCP_REPAIR_OPTIONS:
2439                if (!tp->repair)
2440                        err = -EINVAL;
2441                else if (sk->sk_state == TCP_ESTABLISHED)
2442                        err = tcp_repair_options_est(tp,
2443                                        (struct tcp_repair_opt __user *)optval,
2444                                        optlen);
2445                else
2446                        err = -EPERM;
2447                break;
2448
2449        case TCP_CORK:
2450                /* When set indicates to always queue non-full frames.
2451                 * Later the user clears this option and we transmit
2452                 * any pending partial frames in the queue.  This is
2453                 * meant to be used alongside sendfile() to get properly
2454                 * filled frames when the user (for example) must write
2455                 * out headers with a write() call first and then use
2456                 * sendfile to send out the data parts.
2457                 *
2458                 * TCP_CORK can be set together with TCP_NODELAY and it is
2459                 * stronger than TCP_NODELAY.
2460                 */
2461                if (val) {
2462                        tp->nonagle |= TCP_NAGLE_CORK;
2463                } else {
2464                        tp->nonagle &= ~TCP_NAGLE_CORK;
2465                        if (tp->nonagle&TCP_NAGLE_OFF)
2466                                tp->nonagle |= TCP_NAGLE_PUSH;
2467                        tcp_push_pending_frames(sk);
2468                }
2469                break;
2470
2471        case TCP_KEEPIDLE:
2472                if (val < 1 || val > MAX_TCP_KEEPIDLE)
2473                        err = -EINVAL;
2474                else {
2475                        tp->keepalive_time = val * HZ;
2476                        if (sock_flag(sk, SOCK_KEEPOPEN) &&
2477                            !((1 << sk->sk_state) &
2478                              (TCPF_CLOSE | TCPF_LISTEN))) {
2479                                u32 elapsed = keepalive_time_elapsed(tp);
2480                                if (tp->keepalive_time > elapsed)
2481                                        elapsed = tp->keepalive_time - elapsed;
2482                                else
2483                                        elapsed = 0;
2484                                inet_csk_reset_keepalive_timer(sk, elapsed);
2485                        }
2486                }
2487                break;
2488        case TCP_KEEPINTVL:
2489                if (val < 1 || val > MAX_TCP_KEEPINTVL)
2490                        err = -EINVAL;
2491                else
2492                        tp->keepalive_intvl = val * HZ;
2493                break;
2494        case TCP_KEEPCNT:
2495                if (val < 1 || val > MAX_TCP_KEEPCNT)
2496                        err = -EINVAL;
2497                else
2498                        tp->keepalive_probes = val;
2499                break;
2500        case TCP_SYNCNT:
2501                if (val < 1 || val > MAX_TCP_SYNCNT)
2502                        err = -EINVAL;
2503                else
2504                        icsk->icsk_syn_retries = val;
2505                break;
2506
2507        case TCP_LINGER2:
2508                if (val < 0)
2509                        tp->linger2 = -1;
2510                else if (val > sysctl_tcp_fin_timeout / HZ)
2511                        tp->linger2 = 0;
2512                else
2513                        tp->linger2 = val * HZ;
2514                break;
2515
2516        case TCP_DEFER_ACCEPT:
2517                /* Translate value in seconds to number of retransmits */
2518                icsk->icsk_accept_queue.rskq_defer_accept =
2519                        secs_to_retrans(val, TCP_TIMEOUT_INIT / HZ,
2520                                        TCP_RTO_MAX / HZ);
2521                break;
2522
2523        case TCP_WINDOW_CLAMP:
2524                if (!val) {
2525                        if (sk->sk_state != TCP_CLOSE) {
2526                                err = -EINVAL;
2527                                break;
2528                        }
2529                        tp->window_clamp = 0;
2530                } else
2531                        tp->window_clamp = val < SOCK_MIN_RCVBUF / 2 ?
2532                                                SOCK_MIN_RCVBUF / 2 : val;
2533                break;
2534
2535        case TCP_QUICKACK:
2536                if (!val) {
2537                        icsk->icsk_ack.pingpong = 1;
2538                } else {
2539                        icsk->icsk_ack.pingpong = 0;
2540                        if ((1 << sk->sk_state) &
2541                            (TCPF_ESTABLISHED | TCPF_CLOSE_WAIT) &&
2542                            inet_csk_ack_scheduled(sk)) {
2543                                icsk->icsk_ack.pending |= ICSK_ACK_PUSHED;
2544                                tcp_cleanup_rbuf(sk, 1);
2545                                if (!(val & 1))
2546                                        icsk->icsk_ack.pingpong = 1;
2547                        }
2548                }
2549                break;
2550
2551#ifdef CONFIG_TCP_MD5SIG
2552        case TCP_MD5SIG:
2553                /* Read the IP->Key mappings from userspace */
2554                err = tp->af_specific->md5_parse(sk, optval, optlen);
2555                break;
2556#endif
2557        case TCP_USER_TIMEOUT:
2558                /* Cap the max time in ms TCP will retry or probe the window
2559                 * before giving up and aborting (ETIMEDOUT) a connection.
2560                 */
2561                if (val < 0)
2562                        err = -EINVAL;
2563                else
2564                        icsk->icsk_user_timeout = msecs_to_jiffies(val);
2565                break;
2566
2567        case TCP_FASTOPEN:
2568                if (val >= 0 && ((1 << sk->sk_state) & (TCPF_CLOSE |
2569                    TCPF_LISTEN)))
2570                        err = fastopen_init_queue(sk, val);
2571                else
2572                        err = -EINVAL;
2573                break;
2574        case TCP_TIMESTAMP:
2575                if (!tp->repair)
2576                        err = -EPERM;
2577                else
2578                        tp->tsoffset = val - tcp_time_stamp;
2579                break;
2580        case TCP_NOTSENT_LOWAT:
2581                tp->notsent_lowat = val;
2582                sk->sk_write_space(sk);
2583                break;
2584        default:
2585                err = -ENOPROTOOPT;
2586                break;
2587        }
2588
2589        release_sock(sk);
2590        return err;
2591}
2592
2593int tcp_setsockopt(struct sock *sk, int level, int optname, char __user *optval,
2594                   unsigned int optlen)
2595{
2596        const struct inet_connection_sock *icsk = inet_csk(sk);
2597
2598        if (level != SOL_TCP)
2599                return icsk->icsk_af_ops->setsockopt(sk, level, optname,
2600                                                     optval, optlen);
2601        return do_tcp_setsockopt(sk, level, optname, optval, optlen);
2602}
2603EXPORT_SYMBOL(tcp_setsockopt);
2604
2605#ifdef CONFIG_COMPAT
2606int compat_tcp_setsockopt(struct sock *sk, int level, int optname,
2607                          char __user *optval, unsigned int optlen)
2608{
2609        if (level != SOL_TCP)
2610                return inet_csk_compat_setsockopt(sk, level, optname,
2611                                                  optval, optlen);
2612        return do_tcp_setsockopt(sk, level, optname, optval, optlen);
2613}
2614EXPORT_SYMBOL(compat_tcp_setsockopt);
2615#endif
2616
2617/* Return information about state of tcp endpoint in API format. */
2618void tcp_get_info(const struct sock *sk, struct tcp_info *info)
2619{
2620        const struct tcp_sock *tp = tcp_sk(sk);
2621        const struct inet_connection_sock *icsk = inet_csk(sk);
2622        u32 now = tcp_time_stamp;
2623
2624        memset(info, 0, sizeof(*info));
2625
2626        info->tcpi_state = sk->sk_state;
2627        info->tcpi_ca_state = icsk->icsk_ca_state;
2628        info->tcpi_retransmits = icsk->icsk_retransmits;
2629        info->tcpi_probes = icsk->icsk_probes_out;
2630        info->tcpi_backoff = icsk->icsk_backoff;
2631
2632        if (tp->rx_opt.tstamp_ok)
2633                info->tcpi_options |= TCPI_OPT_TIMESTAMPS;
2634        if (tcp_is_sack(tp))
2635                info->tcpi_options |= TCPI_OPT_SACK;
2636        if (tp->rx_opt.wscale_ok) {
2637                info->tcpi_options |= TCPI_OPT_WSCALE;
2638                info->tcpi_snd_wscale = tp->rx_opt.snd_wscale;
2639                info->tcpi_rcv_wscale = tp->rx_opt.rcv_wscale;
2640        }
2641
2642        if (tp->ecn_flags & TCP_ECN_OK)
2643                info->tcpi_options |= TCPI_OPT_ECN;
2644        if (tp->ecn_flags & TCP_ECN_SEEN)
2645                info->tcpi_options |= TCPI_OPT_ECN_SEEN;
2646        if (tp->syn_data_acked)
2647                info->tcpi_options |= TCPI_OPT_SYN_DATA;
2648
2649        info->tcpi_rto = jiffies_to_usecs(icsk->icsk_rto);
2650        info->tcpi_ato = jiffies_to_usecs(icsk->icsk_ack.ato);
2651        info->tcpi_snd_mss = tp->mss_cache;
2652        info->tcpi_rcv_mss = icsk->icsk_ack.rcv_mss;
2653
2654        if (sk->sk_state == TCP_LISTEN) {
2655                info->tcpi_unacked = sk->sk_ack_backlog;
2656                info->tcpi_sacked = sk->sk_max_ack_backlog;
2657        } else {
2658                info->tcpi_unacked = tp->packets_out;
2659                info->tcpi_sacked = tp->sacked_out;
2660        }
2661        info->tcpi_lost = tp->lost_out;
2662        info->tcpi_retrans = tp->retrans_out;
2663        info->tcpi_fackets = tp->fackets_out;
2664
2665        info->tcpi_last_data_sent = jiffies_to_msecs(now - tp->lsndtime);
2666        info->tcpi_last_data_recv = jiffies_to_msecs(now - icsk->icsk_ack.lrcvtime);
2667        info->tcpi_last_ack_recv = jiffies_to_msecs(now - tp->rcv_tstamp);
2668
2669        info->tcpi_pmtu = icsk->icsk_pmtu_cookie;
2670        info->tcpi_rcv_ssthresh = tp->rcv_ssthresh;
2671        info->tcpi_rtt = tp->srtt_us >> 3;
2672        info->tcpi_rttvar = tp->mdev_us >> 2;
2673        info->tcpi_snd_ssthresh = tp->snd_ssthresh;
2674        info->tcpi_snd_cwnd = tp->snd_cwnd;
2675        info->tcpi_advmss = tp->advmss;
2676        info->tcpi_reordering = tp->reordering;
2677
2678        info->tcpi_rcv_rtt = jiffies_to_usecs(tp->rcv_rtt_est.rtt)>>3;
2679        info->tcpi_rcv_space = tp->rcvq_space.space;
2680
2681        info->tcpi_total_retrans = tp->total_retrans;
2682
2683        info->tcpi_pacing_rate = sk->sk_pacing_rate != ~0U ?
2684                                        sk->sk_pacing_rate : ~0ULL;
2685        info->tcpi_max_pacing_rate = sk->sk_max_pacing_rate != ~0U ?
2686                                        sk->sk_max_pacing_rate : ~0ULL;
2687}
2688EXPORT_SYMBOL_GPL(tcp_get_info);
2689
2690static int do_tcp_getsockopt(struct sock *sk, int level,
2691                int optname, char __user *optval, int __user *optlen)
2692{
2693        struct inet_connection_sock *icsk = inet_csk(sk);
2694        struct tcp_sock *tp = tcp_sk(sk);
2695        int val, len;
2696
2697        if (get_user(len, optlen))
2698                return -EFAULT;
2699
2700        len = min_t(unsigned int, len, sizeof(int));
2701
2702        if (len < 0)
2703                return -EINVAL;
2704
2705        switch (optname) {
2706        case TCP_MAXSEG:
2707                val = tp->mss_cache;
2708                if (!val && ((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN)))
2709                        val = tp->rx_opt.user_mss;
2710                if (tp->repair)
2711                        val = tp->rx_opt.mss_clamp;
2712                break;
2713        case TCP_NODELAY:
2714                val = !!(tp->nonagle&TCP_NAGLE_OFF);
2715                break;
2716        case TCP_CORK:
2717                val = !!(tp->nonagle&TCP_NAGLE_CORK);
2718                break;
2719        case TCP_KEEPIDLE:
2720                val = keepalive_time_when(tp) / HZ;
2721                break;
2722        case TCP_KEEPINTVL:
2723                val = keepalive_intvl_when(tp) / HZ;
2724                break;
2725        case TCP_KEEPCNT:
2726                val = keepalive_probes(tp);
2727                break;
2728        case TCP_SYNCNT:
2729                val = icsk->icsk_syn_retries ? : sysctl_tcp_syn_retries;
2730                break;
2731        case TCP_LINGER2:
2732                val = tp->linger2;
2733                if (val >= 0)
2734                        val = (val ? : sysctl_tcp_fin_timeout) / HZ;
2735                break;
2736        case TCP_DEFER_ACCEPT:
2737                val = retrans_to_secs(icsk->icsk_accept_queue.rskq_defer_accept,
2738                                      TCP_TIMEOUT_INIT / HZ, TCP_RTO_MAX / HZ);
2739                break;
2740        case TCP_WINDOW_CLAMP:
2741                val = tp->window_clamp;
2742                break;
2743        case TCP_INFO: {
2744                struct tcp_info info;
2745
2746                if (get_user(len, optlen))
2747                        return -EFAULT;
2748
2749                tcp_get_info(sk, &info);
2750
2751                len = min_t(unsigned int, len, sizeof(info));
2752                if (put_user(len, optlen))
2753                        return -EFAULT;
2754                if (copy_to_user(optval, &info, len))
2755                        return -EFAULT;
2756                return 0;
2757        }
2758        case TCP_QUICKACK:
2759                val = !icsk->icsk_ack.pingpong;
2760                break;
2761
2762        case TCP_CONGESTION:
2763                if (get_user(len, optlen))
2764                        return -EFAULT;
2765                len = min_t(unsigned int, len, TCP_CA_NAME_MAX);
2766                if (put_user(len, optlen))
2767                        return -EFAULT;
2768                if (copy_to_user(optval, icsk->icsk_ca_ops->name, len))
2769                        return -EFAULT;
2770                return 0;
2771
2772        case TCP_THIN_LINEAR_TIMEOUTS:
2773                val = tp->thin_lto;
2774                break;
2775        case TCP_THIN_DUPACK:
2776                val = tp->thin_dupack;
2777                break;
2778
2779        case TCP_REPAIR:
2780                val = tp->repair;
2781                break;
2782
2783        case TCP_REPAIR_QUEUE:
2784                if (tp->repair)
2785                        val = tp->repair_queue;
2786                else
2787                        return -EINVAL;
2788                break;
2789
2790        case TCP_QUEUE_SEQ:
2791                if (tp->repair_queue == TCP_SEND_QUEUE)
2792                        val = tp->write_seq;
2793                else if (tp->repair_queue == TCP_RECV_QUEUE)
2794                        val = tp->rcv_nxt;
2795                else
2796                        return -EINVAL;
2797                break;
2798
2799        case TCP_USER_TIMEOUT:
2800                val = jiffies_to_msecs(icsk->icsk_user_timeout);
2801                break;
2802
2803        case TCP_FASTOPEN:
2804                if (icsk->icsk_accept_queue.fastopenq != NULL)
2805                        val = icsk->icsk_accept_queue.fastopenq->max_qlen;
2806                else
2807                        val = 0;
2808                break;
2809
2810        case TCP_TIMESTAMP:
2811                val = tcp_time_stamp + tp->tsoffset;
2812                break;
2813        case TCP_NOTSENT_LOWAT:
2814                val = tp->notsent_lowat;
2815                break;
2816        default:
2817                return -ENOPROTOOPT;
2818        }
2819
2820        if (put_user(len, optlen))
2821                return -EFAULT;
2822        if (copy_to_user(optval, &val, len))
2823                return -EFAULT;
2824        return 0;
2825}
2826
2827int tcp_getsockopt(struct sock *sk, int level, int optname, char __user *optval,
2828                   int __user *optlen)
2829{
2830        struct inet_connection_sock *icsk = inet_csk(sk);
2831
2832        if (level != SOL_TCP)
2833                return icsk->icsk_af_ops->getsockopt(sk, level, optname,
2834                                                     optval, optlen);
2835        return do_tcp_getsockopt(sk, level, optname, optval, optlen);
2836}
2837EXPORT_SYMBOL(tcp_getsockopt);
2838
2839#ifdef CONFIG_COMPAT
2840int compat_tcp_getsockopt(struct sock *sk, int level, int optname,
2841                          char __user *optval, int __user *optlen)
2842{
2843        if (level != SOL_TCP)
2844                return inet_csk_compat_getsockopt(sk, level, optname,
2845                                                  optval, optlen);
2846        return do_tcp_getsockopt(sk, level, optname, optval, optlen);
2847}
2848EXPORT_SYMBOL(compat_tcp_getsockopt);
2849#endif
2850
2851#ifdef CONFIG_TCP_MD5SIG
2852static DEFINE_PER_CPU(struct tcp_md5sig_pool, tcp_md5sig_pool);
2853static DEFINE_MUTEX(tcp_md5sig_mutex);
2854static bool tcp_md5sig_pool_populated = false;
2855
2856static void __tcp_alloc_md5sig_pool(void)
2857{
2858        int cpu;
2859
2860        for_each_possible_cpu(cpu) {
2861                if (!per_cpu(tcp_md5sig_pool, cpu).md5_desc.tfm) {
2862                        struct crypto_hash *hash;
2863
2864                        hash = crypto_alloc_hash("md5", 0, CRYPTO_ALG_ASYNC);
2865                        if (IS_ERR_OR_NULL(hash))
2866                                return;
2867                        per_cpu(tcp_md5sig_pool, cpu).md5_desc.tfm = hash;
2868                }
2869        }
2870        /* before setting tcp_md5sig_pool_populated, we must commit all writes
2871         * to memory. See smp_rmb() in tcp_get_md5sig_pool()
2872         */
2873        smp_wmb();
2874        tcp_md5sig_pool_populated = true;
2875}
2876
2877bool tcp_alloc_md5sig_pool(void)
2878{
2879        if (unlikely(!tcp_md5sig_pool_populated)) {
2880                mutex_lock(&tcp_md5sig_mutex);
2881
2882                if (!tcp_md5sig_pool_populated)
2883                        __tcp_alloc_md5sig_pool();
2884
2885                mutex_unlock(&tcp_md5sig_mutex);
2886        }
2887        return tcp_md5sig_pool_populated;
2888}
2889EXPORT_SYMBOL(tcp_alloc_md5sig_pool);
2890
2891
2892/**
2893 *      tcp_get_md5sig_pool - get md5sig_pool for this user
2894 *
2895 *      We use percpu structure, so if we succeed, we exit with preemption
2896 *      and BH disabled, to make sure another thread or softirq handling
2897 *      wont try to get same context.
2898 */
2899struct tcp_md5sig_pool *tcp_get_md5sig_pool(void)
2900{
2901        local_bh_disable();
2902
2903        if (tcp_md5sig_pool_populated) {
2904                /* coupled with smp_wmb() in __tcp_alloc_md5sig_pool() */
2905                smp_rmb();
2906                return this_cpu_ptr(&tcp_md5sig_pool);
2907        }
2908        local_bh_enable();
2909        return NULL;
2910}
2911EXPORT_SYMBOL(tcp_get_md5sig_pool);
2912
2913int tcp_md5_hash_header(struct tcp_md5sig_pool *hp,
2914                        const struct tcphdr *th)
2915{
2916        struct scatterlist sg;
2917        struct tcphdr hdr;
2918        int err;
2919
2920        /* We are not allowed to change tcphdr, make a local copy */
2921        memcpy(&hdr, th, sizeof(hdr));
2922        hdr.check = 0;
2923
2924        /* options aren't included in the hash */
2925        sg_init_one(&sg, &hdr, sizeof(hdr));
2926        err = crypto_hash_update(&hp->md5_desc, &sg, sizeof(hdr));
2927        return err;
2928}
2929EXPORT_SYMBOL(tcp_md5_hash_header);
2930
2931int tcp_md5_hash_skb_data(struct tcp_md5sig_pool *hp,
2932                          const struct sk_buff *skb, unsigned int header_len)
2933{
2934        struct scatterlist sg;
2935        const struct tcphdr *tp = tcp_hdr(skb);
2936        struct hash_desc *desc = &hp->md5_desc;
2937        unsigned int i;
2938        const unsigned int head_data_len = skb_headlen(skb) > header_len ?
2939                                           skb_headlen(skb) - header_len : 0;
2940        const struct skb_shared_info *shi = skb_shinfo(skb);
2941        struct sk_buff *frag_iter;
2942
2943        sg_init_table(&sg, 1);
2944
2945        sg_set_buf(&sg, ((u8 *) tp) + header_len, head_data_len);
2946        if (crypto_hash_update(desc, &sg, head_data_len))
2947                return 1;
2948
2949        for (i = 0; i < shi->nr_frags; ++i) {
2950                const struct skb_frag_struct *f = &shi->frags[i];
2951                unsigned int offset = f->page_offset;
2952                struct page *page = skb_frag_page(f) + (offset >> PAGE_SHIFT);
2953
2954                sg_set_page(&sg, page, skb_frag_size(f),
2955                            offset_in_page(offset));
2956                if (crypto_hash_update(desc, &sg, skb_frag_size(f)))
2957                        return 1;
2958        }
2959
2960        skb_walk_frags(skb, frag_iter)
2961                if (tcp_md5_hash_skb_data(hp, frag_iter, 0))
2962                        return 1;
2963
2964        return 0;
2965}
2966EXPORT_SYMBOL(tcp_md5_hash_skb_data);
2967
2968int tcp_md5_hash_key(struct tcp_md5sig_pool *hp, const struct tcp_md5sig_key *key)
2969{
2970        struct scatterlist sg;
2971
2972        sg_init_one(&sg, key->key, key->keylen);
2973        return crypto_hash_update(&hp->md5_desc, &sg, key->keylen);
2974}
2975EXPORT_SYMBOL(tcp_md5_hash_key);
2976
2977#endif
2978
2979void tcp_done(struct sock *sk)
2980{
2981        struct request_sock *req = tcp_sk(sk)->fastopen_rsk;
2982
2983        if (sk->sk_state == TCP_SYN_SENT || sk->sk_state == TCP_SYN_RECV)
2984                TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_ATTEMPTFAILS);
2985
2986        tcp_set_state(sk, TCP_CLOSE);
2987        tcp_clear_xmit_timers(sk);
2988        if (req != NULL)
2989                reqsk_fastopen_remove(sk, req, false);
2990
2991        sk->sk_shutdown = SHUTDOWN_MASK;
2992
2993        if (!sock_flag(sk, SOCK_DEAD))
2994                sk->sk_state_change(sk);
2995        else
2996                inet_csk_destroy_sock(sk);
2997}
2998EXPORT_SYMBOL_GPL(tcp_done);
2999
3000extern struct tcp_congestion_ops tcp_reno;
3001
3002static __initdata unsigned long thash_entries;
3003static int __init set_thash_entries(char *str)
3004{
3005        ssize_t ret;
3006
3007        if (!str)
3008                return 0;
3009
3010        ret = kstrtoul(str, 0, &thash_entries);
3011        if (ret)
3012                return 0;
3013
3014        return 1;
3015}
3016__setup("thash_entries=", set_thash_entries);
3017
3018static void __init tcp_init_mem(void)
3019{
3020        unsigned long limit = nr_free_buffer_pages() / 8;
3021        limit = max(limit, 128UL);
3022        sysctl_tcp_mem[0] = limit / 4 * 3;
3023        sysctl_tcp_mem[1] = limit;
3024        sysctl_tcp_mem[2] = sysctl_tcp_mem[0] * 2;
3025}
3026
3027void __init tcp_init(void)
3028{
3029        struct sk_buff *skb = NULL;
3030        unsigned long limit;
3031        int max_rshare, max_wshare, cnt;
3032        unsigned int i;
3033
3034        BUILD_BUG_ON(sizeof(struct tcp_skb_cb) > sizeof(skb->cb));
3035
3036        percpu_counter_init(&tcp_sockets_allocated, 0, GFP_KERNEL);
3037        percpu_counter_init(&tcp_orphan_count, 0, GFP_KERNEL);
3038        tcp_hashinfo.bind_bucket_cachep =
3039                kmem_cache_create("tcp_bind_bucket",
3040                                  sizeof(struct inet_bind_bucket), 0,
3041                                  SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
3042
3043        /* Size and allocate the main established and bind bucket
3044         * hash tables.
3045         *
3046         * The methodology is similar to that of the buffer cache.
3047         */
3048        tcp_hashinfo.ehash =
3049                alloc_large_system_hash("TCP established",
3050                                        sizeof(struct inet_ehash_bucket),
3051                                        thash_entries,
3052                                        17, /* one slot per 128 KB of memory */
3053                                        0,
3054                                        NULL,
3055                                        &tcp_hashinfo.ehash_mask,
3056                                        0,
3057                                        thash_entries ? 0 : 512 * 1024);
3058        for (i = 0; i <= tcp_hashinfo.ehash_mask; i++)
3059                INIT_HLIST_NULLS_HEAD(&tcp_hashinfo.ehash[i].chain, i);
3060
3061        if (inet_ehash_locks_alloc(&tcp_hashinfo))
3062                panic("TCP: failed to alloc ehash_locks");
3063        tcp_hashinfo.bhash =
3064                alloc_large_system_hash("TCP bind",
3065                                        sizeof(struct inet_bind_hashbucket),
3066                                        tcp_hashinfo.ehash_mask + 1,
3067                                        17, /* one slot per 128 KB of memory */
3068                                        0,
3069                                        &tcp_hashinfo.bhash_size,
3070                                        NULL,
3071                                        0,
3072                                        64 * 1024);
3073        tcp_hashinfo.bhash_size = 1U << tcp_hashinfo.bhash_size;
3074        for (i = 0; i < tcp_hashinfo.bhash_size; i++) {
3075                spin_lock_init(&tcp_hashinfo.bhash[i].lock);
3076                INIT_HLIST_HEAD(&tcp_hashinfo.bhash[i].chain);
3077        }
3078
3079
3080        cnt = tcp_hashinfo.ehash_mask + 1;
3081
3082        tcp_death_row.sysctl_max_tw_buckets = cnt / 2;
3083        sysctl_tcp_max_orphans = cnt / 2;
3084        sysctl_max_syn_backlog = max(128, cnt / 256);
3085
3086        tcp_init_mem();
3087        /* Set per-socket limits to no more than 1/128 the pressure threshold */
3088        limit = nr_free_buffer_pages() << (PAGE_SHIFT - 7);
3089        max_wshare = min(4UL*1024*1024, limit);
3090        max_rshare = min(6UL*1024*1024, limit);
3091
3092        sysctl_tcp_wmem[0] = SK_MEM_QUANTUM;
3093        sysctl_tcp_wmem[1] = 16*1024;
3094        sysctl_tcp_wmem[2] = max(64*1024, max_wshare);
3095
3096        sysctl_tcp_rmem[0] = SK_MEM_QUANTUM;
3097        sysctl_tcp_rmem[1] = 87380;
3098        sysctl_tcp_rmem[2] = max(87380, max_rshare);
3099
3100        pr_info("Hash tables configured (established %u bind %u)\n",
3101                tcp_hashinfo.ehash_mask + 1, tcp_hashinfo.bhash_size);
3102
3103        tcp_metrics_init();
3104        BUG_ON(tcp_register_congestion_control(&tcp_reno) != 0);
3105        tcp_tasklet_init();
3106}
3107
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.