[PATCH v2 0/2] device property: fix child iteration issues with secondary fwnodes

[Xu Yang]

This series fixes two issues in the fwnode child iteration logic when
a secondary fwnode is present.

The first patch addresses a refcount imbalance in
software_node_get_next_child(). When a software node is used as a
secondary fwnode, the iteration code may incorrectly decrement the
refcount of child nodes that do not belong to the software node
hierarchy. This results in refcount underflow and possible use-after-free.

The second patch fixes an infinite loop in
fwnode_for_each_child_node(), caused by improper handling of iteration
state across primary and secondary fwnodes. When iterating over children
from both primary and secondary fwnodes, the code may incorrectly
resume iteration from the primary fwnode even when the current child
belongs to the secondary, leading to repeated traversal and a loop.

Both issues are triggered when mixing different fwnode types through the
secondary mechanism, and stem from incorrect assumptions about ownership
and traversal context of child nodes.

---
Changes in v2:
- use __free() to cleanup parent fwnode
- Link to v1: https://lore.kernel.org/r/20260525-fixes_fwnode_iteration-v1-0-a12903fb2919@xxxxxxx

---
Xu Yang (2):
      software node: fix refcount leak in software_node_get_next_child()
      device property: fix infinite loop in fwnode_for_each_child_node()

 drivers/base/property.c | 18 +++++++++++++++---
 drivers/base/swnode.c   | 14 +++++++-------
 2 files changed, 22 insertions(+), 10 deletions(-)
---
base-commit: b7bee4ca5688e30ca50fbc87b1b8f7eed7006c17
change-id: 20260525-fixes_fwnode_iteration-baf62d861305

Best regards,
--  
Xu Yang <xu.yang_2@xxxxxxx>