PCI: endpoint: pci-epf-vntb: Add check to detect 'db_count' value of 0

epf_ntb->db_count value should be within 1 to MAX_DB_COUNT. Current code
only checks for the upper bound, while the lower bound is unchecked. This
can cause a lot of issues in the driver if the user passes 'db_count' as 0.

Add a check for 0 also. While at it, remove the redundant 'db_count'
assignment.

Fixes: e35f56bb0330 ("PCI: endpoint: Support NTB transfer between RC and EP")
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@oss.qualcomm.com>
Signed-off-by: Manivannan Sadhasivam <mani@kernel.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Koichiro Den <den@valinux.co.jp>
Reviewed-by: Frank Li <Frank.Li@nxp.com>
Link: https://patch.msgid.link/20260407124421.282766-2-mani@kernel.org

diff --git a/drivers/pci/endpoint/functions/pci-epf-vntb.c b/drivers/pci/endpoint/functions/pci-epf-vntb.c
index b493a300da4dcadcb8991c53392cfa3d8ba0753d..d59870fd34302875782f03e087ba43a860131ea3 100644 (file)
--- a/drivers/pci/endpoint/functions/pci-epf-vntb.c
+++ b/drivers/pci/endpoint/functions/pci-epf-vntb.c
@@ -488,7 +488,6 @@ static int epf_ntb_configure_interrupt(struct epf_ntb *ntb)
 {
        const struct pci_epc_features *epc_features;
        struct device *dev;
-       u32 db_count;
        int ret;
 
        dev = &ntb->epf->dev;
@@ -500,14 +499,12 @@ static int epf_ntb_configure_interrupt(struct epf_ntb *ntb)
                return -EINVAL;
        }
 
-       db_count = ntb->db_count;
-       if (db_count > MAX_DB_COUNT) {
-               dev_err(dev, "DB count cannot be more than %d\n", MAX_DB_COUNT);
+       if (!ntb->db_count || ntb->db_count > MAX_DB_COUNT) {
+               dev_err(dev, "DB count %d out of range (1 - %d)\n",
+                       ntb->db_count, MAX_DB_COUNT);
                return -EINVAL;
        }
 
-       ntb->db_count = db_count;
-
        if (epc_features->msi_capable) {
                ret = pci_epc_set_msi(ntb->epf->epc,
                                      ntb->epf->func_no,