Re: [PATCH v3 0/2] device property: fix child iteration issues with secondary fwnodes

[Andy Shevchenko]

On Fri, Jun 05, 2026 at 06:31:16PM +0800, Xu Yang wrote:
> This series fixes two issues in the fwnode child iteration logic when
> a secondary fwnode is present.
> 
> The first issue is  a refcount imbalance in software_node_get_next_child().
> When a software node is used as a secondary fwnode, the iteration code may
> incorrectly decrement the refcount of child nodes that do not belong to the
> software node hierarchy. This results in refcount underflow and possible
> use-after-free.
> 
> The second issue is an infinite loop in fwnode_for_each_child_node(), caused
> by improper handling of iteration state across primary and secondary fwnodes.
> When iterating over children from both primary and secondary fwnodes, the code
> may incorrectly resume iteration from the primary fwnode even when the current
> child belongs to the secondary, leading to repeated traversal and a loop.
> 
> Both issues are triggered when mixing different fwnode types through the
> secondary mechanism, and stem from incorrect assumptions about ownership
> and traversal context of child nodes.

> ---
> Changes in v3:
> - remove software node patch 

Hmm... Maybe I was unclear. My question was to investigate the way to actually
move software node to use the swnode APIs (and not fwnode ones) and be on par
with what OF code does. This series does the opposite and adds a hack to the
next_child implementation.

> - add a kunit test case suggested by Andy Shevchenko

But thanks for the test case!

-- 
With Best Regards,
Andy Shevchenko