From: Dong Chenchen <dongchenchen2@huawei.com> This series fixes CVE-2026-52975, a data-race in bonding 3ad code (bond_3ad_get_active_agg_info / bond_3ad_state_machine_handler) reported by KCSAN. The fix adds __rcu qualifier to port->aggregator and proper RCU API usage. Patches 1-3 are Stable-dep-of prerequisites that add churn state netlink support, per-port LACP actor priority, and broadcast_neighbor option. Patch 4 is the main CVE fix implementing proper RCU rules for port->aggregator. Note: Patch 3 (broadcast_neighbor) has a Class B forced-minimal adaptation conflict - the target already has bond_up_slave array style in bond_xmit_broadcast, while the original patch expected bond_for_each_slave_rcu style. CVE core logic (all_slaves parameter, bond_should_broadcast_neighbor) was safely applied on target's existing control flow. Also, OLK-specific sysctl_bond_broadcast_arp_or_nd requires signature update at both bond_xmit_broadcast call sites. Dong Chenchen (3): bonding: print churn state via netlink bonding: add support for per-port LACP actor priority net: bonding: add broadcast_neighbor option for 802.3ad Eric Dumazet (1): bonding: 3ad: implement proper RCU rules for port->aggregator Documentation/networking/bonding.rst | 15 ++++ drivers/net/bonding/bond_3ad.c | 113 ++++++++++++++----------- drivers/net/bonding/bond_main.c | 73 +++++++++++++--- drivers/net/bonding/bond_netlink.c | 37 +++++++- drivers/net/bonding/bond_options.c | 78 +++++++++++++++++ drivers/net/bonding/bond_procfs.c | 3 +- drivers/net/bonding/bond_sysfs_slave.c | 17 ++-- include/net/bond_3ad.h | 3 +- include/net/bond_options.h | 2 + include/net/bonding.h | 3 + include/uapi/linux/if_link.h | 3 + 11 files changed, 276 insertions(+), 71 deletions(-) -- 2.43.0