On Fri, Mar 07, 2025 at 09:03:32AM -0800, Jakub Kicinski wrote: > On Fri, 7 Mar 2025 09:42:49 +0200 Nikolay Aleksandrov wrote: > > TBH, keeping buggy code with a comment doesn't sound good to me. I'd rather remove this > > support than tell people "good luck, it might crash". It's better to be safe until a > > correct design is in place which takes care of these issues. > > That's my feeling too, FWIW. I think we knew about this issue > for a while now, the longer we wait the more users we may disrupt > with the revert. Steffen said we can't sleep in xfrm_timer_handler(), which calls __xfrm_state_delete(). So I can't find a way to handle the race condition between bond_ipsec_add_sa_all() -> xdo_dev_state_add, which may sleep. And __xfrm_state_delete() -> xdo_dev_state_delete, which can't sleep. Hi Jay, do you have any comments? Thanks Hangbin
