TCP層recvmsg系統調用的實現分析

概述

recvmsg系統調用在tcp層的實現是tcp_recvmsg函數，該函數完成從接收隊列中讀取數據復制到用戶空間的任務；函數在執行過程中會鎖定控制塊，避免軟中斷在tcp層的影響；函數會涉及從接收隊列receive_queue，預處理隊列prequeue和后備隊列backlog中讀取數據；其中從prequeue和backlog中讀取的數據，還需要經過sk_backlog_rcv回調，該回調的實現為tcp_v4_do_rcv，實際上是先緩存到隊列中，然后需要讀取的時候，才進入協議棧處理，此時，是在進程上下文執行的，因為會設置tp->ucopy.task=current，在協議棧處理過程中，會直接將數據復制到用戶空間；

代碼分析

int tcp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, int nonblock,
        int flags, int *addr_len)
{
    struct tcp_sock *tp = tcp_sk(sk);
    int copied = 0;
    u32 peek_seq;
    u32 *seq;
    unsigned long used;
    int err;
    int target;        /* Read at least this many bytes */
    long timeo;
    struct task_struct *user_recv = NULL;
    struct sk_buff *skb, *last;
    u32 urg_hole = 0;

    if (unlikely(flags & MSG_ERRQUEUE))
        return inet_recv_error(sk, msg, len, addr_len);

    if (sk_can_busy_loop(sk) && skb_queue_empty(&sk->sk_receive_queue) &&
        (sk->sk_state == TCP_ESTABLISHED))
        sk_busy_loop(sk, nonblock);

    /* 傳輸層上鎖，避免軟中斷影響 */
    lock_sock(sk);

    err = -ENOTCONN;
    /* LISTEN狀態，不允許讀取數據 */
    if (sk->sk_state == TCP_LISTEN)
        goto out;

    /* 獲取阻塞讀取的超時時間，非阻塞為0 */
    timeo = sock_rcvtimeo(sk, nonblock);

    /* Urgent data needs to be handled specially. */
    /* 帶外數據讀取 */
    if (flags & MSG_OOB)
        goto recv_urg;

    /* 修復模式 */
    if (unlikely(tp->repair)) {
        err = -EPERM;
        if (!(flags & MSG_PEEK))
            goto out;

        if (tp->repair_queue == TCP_SEND_QUEUE)
            goto recv_sndq;

        err = -EINVAL;
        if (tp->repair_queue == TCP_NO_QUEUE)
            goto out;

        /* 'common' recv queue MSG_PEEK-ing */
    }

    /* 待讀取的序號 */
    seq = &tp->copied_seq;

    /* 只查看數據 */
    if (flags & MSG_PEEK) {
        /* 復制一個序號用於記錄 */
        peek_seq = tp->copied_seq;
        seq = &peek_seq;
    }

    /* 
        確定讀取長度，設置了MSG_WAITALL則
        使用用戶輸入的len，否則使用低潮限度 
    */
    target = sock_rcvlowat(sk, flags & MSG_WAITALL, len);

    do {
        u32 offset;

        /* Are we at urgent data? Stop if we have read anything or have SIGURG pending. */
        /* 讀到了帶外數據 */
        if (tp->urg_data && tp->urg_seq == *seq) {
            /* 之前已經讀取了部分數據，跳出 */
            if (copied)
                break;
            /* 用戶進程有信號待處理，跳出 */
            if (signal_pending(current)) {
                copied = timeo ? sock_intr_errno(timeo) : -EAGAIN;
                break;
            }
        }

        /* Next get a buffer. */

        /* 獲取隊尾 */
        last = skb_peek_tail(&sk->sk_receive_queue);

        /* 遍歷接收隊列，找到滿足讀取的skb */
        skb_queue_walk(&sk->sk_receive_queue, skb) {
            last = skb;
            /* Now that we have two receive queues this
             * shouldn't happen.
             */
            /* 隊列中序號比待讀取的大 */
            if (WARN(before(*seq, TCP_SKB_CB(skb)->seq),
                 "recvmsg bug: copied %X seq %X rcvnxt %X fl %X\n",
                 *seq, TCP_SKB_CB(skb)->seq, tp->rcv_nxt,
                 flags))
                break;

            /* 獲取序號偏移*/
            offset = *seq - TCP_SKB_CB(skb)->seq;

            /* 有syn標記，再減1 */
            if (unlikely(TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN)) {
                pr_err_once("%s: found a SYN, please report !\n", __func__);
                offset--;
            }
            /* 偏移小於skb數據長度，找到 */
            if (offset < skb->len)
                goto found_ok_skb;

            /* 有fin標記，跳轉到fin處理 */
            if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN)
                goto found_fin_ok;
            WARN(!(flags & MSG_PEEK),
                 "recvmsg bug 2: copied %X seq %X rcvnxt %X fl %X\n",
                 *seq, TCP_SKB_CB(skb)->seq, tp->rcv_nxt, flags);
        }

        /* Well, if we have backlog, try to process it now yet. */

        /* 讀完目標數據&& backlog隊列為空 */
        if (copied >= target && !sk->sk_backlog.tail)
            break;

        /* 未讀完目標數據，或者讀完目標數據，隊列不為空 */

        /* 已經讀取了數據 */
        if (copied) {
            /* 有錯誤或者關閉或者有信號，跳出 */
            if (sk->sk_err ||
                sk->sk_state == TCP_CLOSE ||
                (sk->sk_shutdown & RCV_SHUTDOWN) ||
                !timeo ||
                signal_pending(current))
                break;
        } else {
            /* 會話終結*/
            if (sock_flag(sk, SOCK_DONE))
                break;

            /* 有錯誤 */
            if (sk->sk_err) {
                copied = sock_error(sk);
                break;
            }

            /* 關閉接收端 */
            if (sk->sk_shutdown & RCV_SHUTDOWN)
                break;

            /* 連接關閉 */
            if (sk->sk_state == TCP_CLOSE) {
                /* 不在done狀態，可能再讀一個連接未建立起來的連接 */
                if (!sock_flag(sk, SOCK_DONE)) {
                    /* This occurs when user tries to read
                     * from never connected socket.
                     */
                    copied = -ENOTCONN;
                    break;
                }
                break;
            }

            /* 不阻塞等待 */
            if (!timeo) {
                copied = -EAGAIN;
                break;
            }

            /* 有信號待處理 */
            if (signal_pending(current)) {
                copied = sock_intr_errno(timeo);
                break;
            }
        }

        /* 檢查是否需要發送ack */
        tcp_cleanup_rbuf(sk, copied);

        /* 未開啟低延遲&& tp的任務為空或者是當前進程 */
        if (!sysctl_tcp_low_latency && tp->ucopy.task == user_recv) {
            /* Install new reader */
            /* 注冊當前進程任務 */
            if (!user_recv && !(flags & (MSG_TRUNC | MSG_PEEK))) {
                user_recv = current;
                tp->ucopy.task = user_recv;
                tp->ucopy.msg = msg;
            }

            /* 當前可以使用的用戶緩存大小 */
            tp->ucopy.len = len;

            WARN_ON(tp->copied_seq != tp->rcv_nxt &&
                !(flags & (MSG_PEEK | MSG_TRUNC)));

            /* Ugly... If prequeue is not empty, we have to
             * process it before releasing socket, otherwise
             * order will be broken at second iteration.
             * More elegant solution is required!!!
             *
             * Look: we have the following (pseudo)queues:
             *
             * 1. packets in flight
             * 2. backlog
             * 3. prequeue
             * 4. receive_queue
             *
             * Each queue can be processed only if the next ones
             * are empty. At this point we have empty receive_queue.
             * But prequeue _can_ be not empty after 2nd iteration,
             * when we jumped to start of loop because backlog
             * processing added something to receive_queue.
             * We cannot release_sock(), because backlog contains
             * packets arrived _after_ prequeued ones.
             *
             * Shortly, algorithm is clear --- to process all
             * the queues in order. We could make it more directly,
             * requeueing packets from backlog to prequeue, if
             * is not empty. It is more elegant, but eats cycles,
             * unfortunately.
             */
            /* prequeue不為空，處理prequeue */
            if (!skb_queue_empty(&tp->ucopy.prequeue))
                goto do_prequeue;

            /* __ Set realtime policy in scheduler __ */
        }

        /* 目標數據讀取完，處理后備隊列 */
        if (copied >= target) {
            /* Do not sleep, just process backlog. */
            release_sock(sk);
            lock_sock(sk);
        } 
        /* 未讀取完，進入等待 */
        else {
            sk_wait_data(sk, &timeo, last);
        }

        /* 用戶空間接收數據 */
        if (user_recv) {
            int chunk;

            /* __ Restore normal policy in scheduler __ */

            /* 獲取讀取長度 */
            chunk = len - tp->ucopy.len;

            /* 記錄剩余讀取長度和已經讀取長度 */
            if (chunk != 0) {
                NET_ADD_STATS(sock_net(sk), LINUX_MIB_TCPDIRECTCOPYFROMBACKLOG, chunk);
                len -= chunk;
                copied += chunk;
            }

            /* 
                接收到的數據已經全部復制到用戶空間
                && prequeue不為空
            */
            if (tp->rcv_nxt == tp->copied_seq &&
                !skb_queue_empty(&tp->ucopy.prequeue)) {
do_prequeue:
                /* 處理prequeue */
                tcp_prequeue_process(sk);

                /* 獲取讀取長度和剩余長度 */
                chunk = len - tp->ucopy.len;
                if (chunk != 0) {
                    NET_ADD_STATS(sock_net(sk), LINUX_MIB_TCPDIRECTCOPYFROMPREQUEUE, chunk);
                    len -= chunk;
                    copied += chunk;
                }
            }
        }

        /* 只是查看數據，則更新peek_seq */
        if ((flags & MSG_PEEK) &&
            (peek_seq - copied - urg_hole != tp->copied_seq)) {
            net_dbg_ratelimited("TCP(%s:%d): Application bug, race in MSG_PEEK\n",
                        current->comm,
                        task_pid_nr(current));
            peek_seq = tp->copied_seq;
        }
        continue;

/* 讀取一個找到的合適的段 */
    found_ok_skb:
        /* Ok so how much can we use? */

        /* 獲取該skb中可讀的數據長度 */
        used = skb->len - offset;

        /* 不需要讀取那么多，則調整為需要的長度 */
        if (len < used)
            used = len;

        /* Do we have urgent data here? */
        /* 有帶外數據*/
        if (tp->urg_data) {
            /* 帶外數據偏移 */
            u32 urg_offset = tp->urg_seq - *seq;

            /* 偏移在我們要讀取的數據范圍內 */
            if (urg_offset < used) {
                /* 當前正在讀取的數據為帶外數據 */
                if (!urg_offset) {
                    /* 不允許放入正常數據流 */
                    if (!sock_flag(sk, SOCK_URGINLINE)) {
                        /* 調整序號和偏移 */
                        ++*seq;
                        urg_hole++;
                        offset++;
                        used--;
                        /* 無可讀數據 */
                        if (!used)
                            goto skip_copy;
                    }
                } 
                /* 本次只能讀到帶外數據為止 */
                else
                    used = urg_offset;
            }
        }

        /* 讀取數據 */
        if (!(flags & MSG_TRUNC)) {
            err = skb_copy_datagram_msg(skb, offset, msg, used);
            if (err) {
                /* Exception. Bailout! */
                if (!copied)
                    copied = -EFAULT;
                break;
            }
        }

        /* 計算讀取和待讀取數據長度 */
        *seq += used;
        copied += used;
        len -= used;

        tcp_rcv_space_adjust(sk);

skip_copy:
        /* 完成對帶外數據的處理 */
        if (tp->urg_data && after(tp->copied_seq, tp->urg_seq)) {
            /* 標志清零 */
            tp->urg_data = 0;
            /* 快路檢查 */
            tcp_fast_path_check(sk);
        }

        /* 滿足繼續讀取 */
        if (used + offset < skb->len)
            continue;
        /* fin處理 */
        if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN)
            goto found_fin_ok;

        /* 數據讀取完，不是查看，則釋放該skb */
        if (!(flags & MSG_PEEK))
            sk_eat_skb(sk, skb);
        continue;

    found_fin_ok:
        /* Process the FIN. */
        /* 序號增加 */
        ++*seq;
        /* 不是查看，則釋放skb */
        if (!(flags & MSG_PEEK))
            sk_eat_skb(sk, skb);
        break;
    } while (len > 0);

    /* 用戶空間進程接收數據 */
    if (user_recv) {
        /* prequeue不為空 */
        if (!skb_queue_empty(&tp->ucopy.prequeue)) {
            int chunk;

            /* 調整剩余可用空間 */
            tp->ucopy.len = copied > 0 ? len : 0;

            /* 處理prequeue */
            tcp_prequeue_process(sk);

            /* 讀取了數據，則重新計算下長度 */
            if (copied > 0 && (chunk = len - tp->ucopy.len) != 0) {
                NET_ADD_STATS(sock_net(sk), LINUX_MIB_TCPDIRECTCOPYFROMPREQUEUE, chunk);
                len -= chunk;
                copied += chunk;
            }
        }

        /* 用戶空間結束讀取 */
        tp->ucopy.task = NULL;
        tp->ucopy.len = 0;
    }

    /* According to UNIX98, msg_name/msg_namelen are ignored
     * on connected socket. I was just happy when found this 8) --ANK
     */

    /* Clean up data we have read: This will do ACK frames. */
    /* 檢查是否有ack發送 */
    tcp_cleanup_rbuf(sk, copied);

    release_sock(sk);
    return copied;

out:
    release_sock(sk);
    return err;

recv_urg:
    /* 帶外數據 */
    err = tcp_recv_urg(sk, msg, len, flags);
    goto out;

recv_sndq:
    err = tcp_peek_sndq(sk, msg, len);
    goto out;
}