Re: [PATCH 0/2] cxl/region: Fix two decoder attach/detach issues for auto-assembly region

From: Dave Jiang

Date: Fri Jun 12 2026 - 12:41:24 EST



On 6/6/26 12:50 AM, Li Ming wrote:
> This patchset includes two fixes for endpoint decoder attach/detach for
> auto-assembly region.
>
> Patch #1 fixes OOB access in cxl_cancel_auto_attach().
>
> Patch #2 fixes NULL endpoint pointers hole in p->targets[]. CXL driver
> does not allow any NULL pointer hole in p->targets[], it will cause
> NULL pointer dereference issue. However, if an assigned endpoint decoder
> is removed from an auto-assembly region, it could make it happen.
>
> The following operations can always trigger NULL pointer hole issue.
> Precondition:
> an auto-assembly region with LOCK flags or its assigned endpoint
> decoders with LOCK flags. This means these assigned endpoint decoders
> could be re-attached to the region after being detached.
>
> echo {one of cxl pci BDF} > /sys/bus/pci/drivers/cxl_pci/unbind
> echo {one of cxl pci BDF} > /sys/bus/pci/drivers/cxl_pci/bind
>
> it will trigger the NUll pointer dereference issuse fixed by patch #2.
>
> Note: Patch #2 only fixes NULL pointer dereference issue, re-attaching
> a removal endpoint decoder to the auto-assembly region still fails
> with the patch, because there are other issues blocking re-attachment
> flow. One of them is that re-attachment will trigger calling
> cxl_region_attach_position() for each targets in p->targets[] again, but
> the function fails on the targets which have been attached. I am not
> sure whether re-attachment is a valid user usage, if yes, I will work on
> that later.
>
> Signed-off-by: Li Ming <ming.li@xxxxxxxxxxxx>
> ---
> Li Ming (2):
> cxl/region: Fix out-of-bounds access in cxl_cancel_auto_attach()
> cxl/region: Fill first free targets[] slot during auto-discovery

applied to cxl/next
cbda6a2c2bec
aa8a76711c15

>
> drivers/cxl/core/region.c | 55 ++++++++++++++++++++++++++++-------------------
> 1 file changed, 33 insertions(+), 22 deletions(-)
> ---
> base-commit: a1516711b95490ad6c9f05b61500e73d4f603d28
> change-id: 20260606-fix_two_issues_introduced_by_cxl_cancel_auto_attach-6267f4fdce27
>
> Best regards,