Re: [PATCH v9 5/7] PCI: endpoint: pci-epf-vntb: Reuse pre-exposed doorbells and IRQ flags

[Koichiro Den]

On Thu, Feb 19, 2026 at 10:00:19PM +0530, ALOK TIWARI wrote:
> 
> 
> On 2/19/2026 1:43 PM, Koichiro Den wrote:
> >   static int epf_ntb_db_bar_init_msi_doorbell(struct epf_ntb *ntb,
> >   					    struct pci_epf_bar *db_bar,
> >   					    const struct pci_epc_features *epc_features,
> 
> The return value of pci_epc_get_features() seems to be used here
> without checking for NULL.
> 
> Since this function can return NULL, and other EPF drivers
> (pci-epf-test.c, pci-epf-ntb.c) handle that case,
> is VNTB assuming that epc_features is always non-NULL,
> or should a defensive NULL check be added for pci_epc_get_features()?

Thanks for the comment, good catch.

AFAICT, this is a pre-existing issue (at least since the initial vNTB merge,
commit e35f56bb0330), and the same pattern can be found in a few other paths in
epf-vntb, such as:

  - epf_ntb_config_spad_bar_alloc()
  - epf_ntb_configure_interrupt()
  - epf_ntb_db_bar_init() (the one you pointed out)

>From the current mainline state, all in-tree pci_epc_ops implementations provide
a .get_features callback and return a non-NULL pointer, and the same holds for
the in-tree dw_pcie_ep_ops implementations. So in practice this does not appear
to be triggering a NULL-dereference issue today.

That said, pci_epc_get_features() is documented to return NULL on failure, so
adding defensive checks would certainly imnprove robustness and align vNTB with
other EPF drivers.

Since this is independent of the doorbell rework in this series, I think it
would probably cleaner to address it in a separate patch.

If you are planning to send such a patch, I would be happy to test and/or review
it. Otherwise, I can prepare a small follow-up patch (with a Reported-by tag)
when I have a spare cycle. Given that this is pre-existing and does not seem to
cause observable issues today, I do not think it requires a Fixes: tag or stable
backporting.

Best regards,
Koichiro

> 
> > @@ -533,9 +549,24 @@ static int epf_ntb_db_bar_init_msi_doorbell(struct epf_ntb *ntb,
> >   	if (ret)
> >   		return ret;
> > +	/*
> > +	 * The doorbell target may already be exposed by a platform-owned fixed
> > +	 * BAR. In that case, we must reuse it and the requested db_bar must
> > +	 * match.
> > +	 */
> > +	if (epf->db_msg[0].bar != NO_BAR && epf->db_msg[0].bar != barno) {
> > +		ret = -EINVAL;
> > +		goto err_free_doorbell;
> > +	}
> > +
> >   	for (req = 0; req < ntb->db_count; req++) {
> > +		/* Avoid requesting duplicate handlers */
> > +		if (epf_ntb_db_irq_is_duplicated(epf, req))
> > +			continue;
> > +
> >   		ret = request_irq(epf->db_msg[req].virq, epf_ntb_doorbell_handler,
> > -				  0, "pci_epf_vntb_db", ntb);
> > +		
> 
> 
> Thanks,
> Alok