Re: [PATCH net v3 1/2] bonding: fix null-ptr-deref in bond_rr_gen_slave_id()

[Sebastian Andrzej Siewior]

On 2026-02-28 03:36:24 [+0000], Jiayuan Chen wrote:
> >  My only concern is that this will waste a percpu u32 per bond
> > device for the majority of bonding use cases (which use modes other than
> > balance-rr), which could be a few hundred bytes on a large machine.
> > 
> >  Does everything work reliably if the rr_tx_counter allocation
> > happens conditionally on mode == BOND_MODE_ROUNDROBIN in bond_setup, as
> > well as in bond_option_mode_set?
…
> An alternative would be to allocate conditionally in bond_init() (since the default mode is round-robin)
> and manage allocation/deallocation in bond_option_mode_set() when the mode changes.

This sounds reasonable.

> This is a trade-off between the added complexity of conditional alloc/free across multiple code
> paths and saving a per-CPU u32 for non-round-robin bonds.
> 
> For the per-CPU u32 overhead, it's only 4 extra bytes per CPU per bond device — and machines with
> that many CPUs tend to have plenty of memory to match.

4 bytes is the minimum allocation for per-CPU memory. The memory is
already "there" it is just not assigned. So for the 4 byte allocation it
is needed to find a single area (the smallest allocation size).
In case there no free block, a new block will be allocated and mapped
for each CPU which the part that costs memory.
That said, we should not waste memory but it is not _that_ expensive
either for a bond device. Things change if here are hundreds of devices.

> Thanks
> 
> >  -J

Sebastian