1. Patchew
  2. linux
  3. View series

[PATCH v4 0/3] device property: fix child iteration issues with secondary fwnodes

Andy Shevchenko posted 3 patches 2 days, 2 hours ago 
drivers/base/property.c                 |  41 ++++---
drivers/base/test/Kconfig               |   1 +
drivers/base/test/property-entry-test.c | 136 ++++++++++++++++++++++++
3 files changed, 161 insertions(+), 17 deletions(-)
[PATCH v4 0/3] device property: fix child iteration issues with secondary fwnodes
Posted by Andy Shevchenko 2 days, 2 hours ago 
This series fixes two issues in the fwnode child iteration logic when
a secondary fwnode is present.

The first issue is  a refcount imbalance in software_node_get_next_child().
When a software node is used as a secondary fwnode, the iteration code may
incorrectly decrement the refcount of child nodes that do not belong to the
software node hierarchy. This results in refcount underflow and possible
use-after-free.

The second issue is an infinite loop in fwnode_for_each_child_node(), caused
by improper handling of iteration state across primary and secondary fwnodes.
When iterating over children from both primary and secondary fwnodes, the code
may incorrectly resume iteration from the primary fwnode even when the current
child belongs to the secondary, leading to repeated traversal and a loop.

Both issues are triggered when mixing different fwnode types through the
secondary mechanism, and stem from incorrect assumptions about ownership
and traversal context of child nodes.

Changes in v4:
- amended the fix and test case (Andy)
- added patch 2 to align other implementations with RAII approach (Andy)
- tested on Intel Galileo board for which the initial code was developed (Andy)
- Link to v3: https://patch.msgid.link/20260605-fixes_fwnode_iteration-v3-0-44c18472e1d1@nxp.com

Changes in v3:
- remove software node patch
- add a kunit test case suggested by Andy Shevchenko
- Link to v2: https://patch.msgid.link/20260603-fixes_fwnode_iteration-v2-0-0ae381f8b7b9@nxp.com

Changes in v2:
- use __free() to cleanup parent fwnode
- Link to v1: https://lore.kernel.org/r/20260525-fixes_fwnode_iteration-v1-0-a12903fb2919@nxp.com

Andy Shevchenko (1):
  device property: Refactor to use RAII approach

Xu Yang (2):
  device property: fix infinite loop in fwnode_for_each_child_node()
  device property: add test cases for fwnode_for_each_child_node()

 drivers/base/property.c                 |  41 ++++---
 drivers/base/test/Kconfig               |   1 +
 drivers/base/test/property-entry-test.c | 136 ++++++++++++++++++++++++
 3 files changed, 161 insertions(+), 17 deletions(-)

-- 
2.50.1

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.