This patchset includes two fixes for endpoint decoder attach/detach for
auto-assembly region.

Patch #1 fixes OOB access in cxl_cancel_auto_attach().

Patch #2 fixes NULL endpoint pointers hole in p->targets[]. CXL driver
does not allow any NULL pointer hole in p->targets[], it will cause
NULL pointer dereference issue. However, if an assigned endpoint decoder
is removed from an auto-assembly region, it could make it happen.

The following operations can always trigger NULL pointer hole issue.
Precondition:
an auto-assembly region with LOCK flags or its assigned endpoint
decoders with LOCK flags. This means these assigned endpoint decoders
could be re-attached to the region after being detached.

echo {one of cxl pci BDF} > /sys/bus/pci/drivers/cxl_pci/unbind
echo {one of cxl pci BDF} > /sys/bus/pci/drivers/cxl_pci/bind

it will trigger the NUll pointer dereference issuse fixed by patch #2.

Note: Patch #2 only fixes NULL pointer dereference issue, re-attaching
a removal endpoint decoder to the auto-assembly region still fails
with the patch, because there are other issues blocking re-attachment
flow. One of them is that re-attachment will trigger calling
cxl_region_attach_position() for each targets in p->targets[] again, but
the function fails on the targets which have been attached. I am not
sure whether re-attachment is a valid user usage, if yes, I will work on
that later.

Signed-off-by: Li Ming <ming.li@zohomail.com>
---
Li Ming (2):
      cxl/region: Fix out-of-bounds access in cxl_cancel_auto_attach()
      cxl/region: Fill first free targets[] slot during auto-discovery

 drivers/cxl/core/region.c | 55 ++++++++++++++++++++++++++++-------------------
 1 file changed, 33 insertions(+), 22 deletions(-)
---
base-commit: a1516711b95490ad6c9f05b61500e73d4f603d28
change-id: 20260606-fix_two_issues_introduced_by_cxl_cancel_auto_attach-6267f4fdce27

Best regards,
-- 
Li Ming <ming.li@zohomail.com>