Re: [PATCH v2 0/2] device property: fix child iteration issues with secondary fwnodes

Next message: Huang, Kai: "Re: [PATCH v3 22/40] KVM: x86/hyperv: Eliminate an unnecessary include of x86.h in hyperv.h"
Previous message: Breno Leitao: "BUG: mm: VM_BUG_ON_PAGE in post_alloc_hook() via __ClearPagePrezeroed() on compound pages"
In reply to: Andy Shevchenko: "Re: [PATCH v2 0/2] device property: fix child iteration issues with secondary fwnodes"
Next in thread: Bartosz Golaszewski: "Re: [PATCH v2 0/2] device property: fix child iteration issues with secondary fwnodes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Xu Yang

Date: Thu Jun 04 2026 - 07:05:04 EST

On Wed, Jun 03, 2026 at 12:43:06PM +0300, Andy Shevchenko wrote:
> On Wed, Jun 03, 2026 at 04:44:30PM +0800, Xu Yang wrote:
> > This series fixes two issues in the fwnode child iteration logic when
> > a secondary fwnode is present.
> >
> > The first patch addresses a refcount imbalance in
> > software_node_get_next_child(). When a software node is used as a
> > secondary fwnode, the iteration code may incorrectly decrement the
> > refcount of child nodes that do not belong to the software node
> > hierarchy. This results in refcount underflow and possible use-after-free.
> >
> > The second patch fixes an infinite loop in
> > fwnode_for_each_child_node(), caused by improper handling of iteration
> > state across primary and secondary fwnodes. When iterating over children
> > from both primary and secondary fwnodes, the code may incorrectly
> > resume iteration from the primary fwnode even when the current child
> > belongs to the secondary, leading to repeated traversal and a loop.
> >
> > Both issues are triggered when mixing different fwnode types through the
> > secondary mechanism, and stem from incorrect assumptions about ownership
> > and traversal context of child nodes.
>
> Please, Cc Bart who is heavily working on software nodes these days.

Ah, the Cc list is generated by B4. Will Cc Bart in the future.

Thanks,
Xu Yang