Re: [PATCH net 0/2] bond: fix xfrm offload feature during init

[Cosmin Ratiu]

On Fri, 2025-01-17 at 08:54 +0100, Steffen Klassert wrote:
> > 
> > Hi Jianbo,
> > 
> > I talked with Sabrina and it looks we can't simply do this. Because
> > both
> > xfrm_add_sa_expire() and xfrm_timer_handler() calling
> > __xfrm_state_delete() under
> > spin lock. If we move the xfrm_dev_state_delete() out of
> > __xfrm_state_delete(),
> > all the places need to be handled correctly.
> > 
> > At the same time xfrm_timer_handler() calling
> > xfrm_dev_state_update_stats before
> > __xfrm_state_delete(). Should we also take care of it to make sure
> > the state
> > change and delete are called at the same time?
> > 
> > Hi Steffen, do you have any comments?
> 
> Can't you just fix this in bonding? xfrm_timer_handler() can't sleep
> anyway, even if you remove the spinlock, it is a timer function.
> 

I am not sure this can be fixed in bonding given that the
xdo_dev_state_delete op could, in the general case, sleep while talking
to the hardware. I don't think it's reasonable to expect devices to
offload xfrm while the kernel holds a spinlock.
Bonding just exposed this assumption mismatch because of the mutex that
was added to replace a spinlock which exhibited the same problem we are
talking about here.

Do the dev offload operations need to be synchronous? Couldn't
__xfrm_state_delete instead schedule a wq to do the dev offload? I saw
there's already an xfrm_state_gc_task that's invoked to call
xfrm_dev_state_free, perhaps that could be used to do the delete as
well?

Cosmin.