Re: [PATCH 2/2] device property: fix infinite loop in fwnode_for_each_child_node()

Next message: Borislav Petkov: "Re: [PATCH v7 004/120] x86/cpuid: Introduce &lt;asm/cpuid/leaf_types.h&gt;"
Previous message: Jason Gunthorpe: "Re: [PATCH v12 1/2] IB/mlx5: Fix transport-domain rollback and initialize lb mutex earlier"
Next in thread: Xu Yang: "Re: [PATCH 2/2] device property: fix infinite loop in fwnode_for_each_child_node()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Andy Shevchenko

Date: Tue Jun 02 2026 - 20:30:35 EST

On Mon, May 25, 2026 at 02:09:20PM +0800, Xu Yang wrote:
> When iterate over children of a fwnode that has a secondary fwnode,
> fwnode_get_next_child_node() can enter an infinite loop if the secondary
> fwnode has more than one child.
>
> Parent Child
> (Primary fwnode) FWa: {FWa1, FWa2, FWa3}
> (Secondary fwnode) FWb: {FWb1, FWb2}
>
> In this case:
>
> ┌─> fwnode_get_next_child_node(FWa, FWa1)
> │ - fwnode_call_ptr_op(FWa, get_next_child_node, FWa1) returns FWa2
> │
> │ ...
> │
> │ fwnode_get_next_child_node(FWa, FWa3)
> │ - fwnode_call_ptr_op(FWa, get_next_child_node, FWa3) returns NULL
> │ - fwnode_call_ptr_op(FWb, get_next_child_node, FWa3) returns FWb1
> │
> │ fwnode_get_next_child_node(FWa, FWb1)
> │ - fwnode_call_ptr_op(FWa, get_next_child_node, FWb1) returns FWa1
> └────┘
>
> This cause fwnode_for_each_child_node() to loop indefinitely, reapeatedly
> output {FWa1, FWa2, FWa3, FWb1, FWa1, ...}.
>
> The root cause is that when the current child (FWb1) belongs to the
> secondary fwnode, calling get_next_child_node() on the parimary fwnode
> incorrectly returns the first child (FWa1) again instead of NULL.
>
> Fix this by dynamically checking the parent fwnode of the current child
> before calling get_next_child_node(). This approach follows the pattern
> established in commit b5b41ab6b0c1 ("device property: Check
> fwnode->secondary in fwnode_graph_get_next_endpoint()").

...

Can we utilise __free() instead?

--
With Best Regards,
Andy Shevchenko