Re: [PATCH net v2 1/2] bonding: fix null-ptr-deref in bond_rr_gen_slave_id()

Next message: Xu, Baojun: "Re: [EXTERNAL] Re: [PATCH v1 2/2] ASoC: tas2781: Add tas5832 support"
Previous message: Krzysztof Kozlowski: "Re: [PATCH v2 1/1] arm64: dts: qcom: monaco-evk: Add Interface Plus Mezzanine"
In reply to: Sebastian Andrzej Siewior: "Re: [PATCH net v2 1/2] bonding: fix null-ptr-deref in bond_rr_gen_slave_id()"
Next in thread: Jiayuan Chen: "[PATCH net v2 2/2] selftests/bpf: add test for xdp_master_redirect with bond not up"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jiayuan Chen

Date: Fri Feb 27 2026 - 05:40:42 EST

February 27, 2026 at 18:21, "Sebastian Andrzej Siewior" <bigeasy@xxxxxxxxxxxxx mailto:bigeasy@xxxxxxxxxxxxx?to=%22Sebastian%20Andrzej%20Siewior%22%20%3Cbigeasy%40linutronix.de%3E > wrote:

>
> On 2026-02-27 10:17:29 [+0000], Jiayuan Chen wrote:
>
> >
> > bond_mode can be changed after device creation via sysfs or netlink, a bond created
> > in active-backup mode can later be switched to round-robin, which means the allocation
> > must not be conditional on the mode at creation time.
> >
> Must the device be in down state or can this be also changed while the
> device is up?
>
> Sebastian
>

The mode change requires the device to be DOWN. BOND_OPT_MODE is defined with BOND_OPTFLAG_IFDOWN,
and bond_opt_check_flags() enforces this:

if ((opt->flags & BOND_OPTFLAG_IFDOWN) && (bond->dev->flags & IFF_UP))
return -EBUSY;

The same restriction applies to the netlink path as well. Both sysfs and netlink go
through __bond_opt_set() → bond_opt_check_deps(), which enforces BOND_OPTFLAG_IFDOWN
for mode change. Attempting to change the mode while the device is UP returns -EBUSY
regardless of how the change is requested.

So unconditional allocation in bond_init() covers all cases: whether the device is created in
round-robin mode, or switched to round-robin later
(which requires being DOWN, meaning bond_open() hasn't been called with the new mode yet).

Thanks,