Re: [PATCH v2 0/2] device property: fix child iteration issues with secondary fwnodes

Next message: Bernard Metzler: "Re: [PATCH] RDMA/siw: bound Read Response placement to the RREAD length"
Previous message: Michael Riesch: "Re: [PATCH 2/2] media: rockchip: dw-mipi-csi2rx: Add myself to the reviewers list"
In reply to: Xu Yang: "Re: [PATCH v2 2/2] device property: fix infinite loop in fwnode_for_each_child_node()"
Next in thread: Xu Yang: "Re: [PATCH v2 0/2] device property: fix child iteration issues with secondary fwnodes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Andy Shevchenko

Date: Wed Jun 03 2026 - 05:49:43 EST

On Wed, Jun 03, 2026 at 04:44:30PM +0800, Xu Yang wrote:
> This series fixes two issues in the fwnode child iteration logic when
> a secondary fwnode is present.
>
> The first patch addresses a refcount imbalance in
> software_node_get_next_child(). When a software node is used as a
> secondary fwnode, the iteration code may incorrectly decrement the
> refcount of child nodes that do not belong to the software node
> hierarchy. This results in refcount underflow and possible use-after-free.
>
> The second patch fixes an infinite loop in
> fwnode_for_each_child_node(), caused by improper handling of iteration
> state across primary and secondary fwnodes. When iterating over children
> from both primary and secondary fwnodes, the code may incorrectly
> resume iteration from the primary fwnode even when the current child
> belongs to the secondary, leading to repeated traversal and a loop.
>
> Both issues are triggered when mixing different fwnode types through the
> secondary mechanism, and stem from incorrect assumptions about ownership
> and traversal context of child nodes.

Please, Cc Bart who is heavily working on software nodes these days.

--
With Best Regards,
Andy Shevchenko