We (Android) are very interested in removing the restriction for 32-bit userspace processes accessing xfrm netlink on 64-bit kernels. IPsec support is required to pass Android conformance tests, and any manufacturer wishing to ship 32-bit userspace with a recent kernel needs out-of-tree changes (removing the compat_task check) to do so.
That said, itâs not difficult to work around alignment issues directly in userspace, so maybe we could just remove the check and make this the caller's responsibility? Hereâs an example of the workaround currently in the Android tree:
We could also employ a (relatively simple) solution such as the one above in the uapi XFRM header itself, though it would require a caller to declare the target kernel ABI at compile time. Maybe thatâs not unthinkable for an uncommon case?