On Fri, Mar 07, 2025 at 09:03:32AM -0800, Jakub Kicinski wrote:
On Fri, 7 Mar 2025 09:42:49 +0200 Nikolay Aleksandrov wrote:
TBH, keeping buggy code with a comment doesn't sound good to me. I'd rather remove this support than tell people "good luck, it might crash". It's better to be safe until a correct design is in place which takes care of these issues.
That's my feeling too, FWIW. I think we knew about this issue for a while now, the longer we wait the more users we may disrupt with the revert.
Steffen said we can't sleep in xfrm_timer_handler(), which calls __xfrm_state_delete(). So I can't find a way to handle the race condition between bond_ipsec_add_sa_all() -> xdo_dev_state_add, which may sleep. And __xfrm_state_delete() -> xdo_dev_state_delete, which can't sleep.
Hi Jay, do you have any comments?
Thanks Hangbin