On Mon, May 04, 2026 at 03:48:23PM +0800, [email protected] wrote:
> A NULL pointer dereference was observed in the AMD64 AGP driver when
> running in a virtualized environment (e.g., QEMU/KVM) without a physical
> AMD Northbridge. The crash occurs in amd64_fetch_size() when attempting
> to dereference the pointer returned by node_to_amd_nb(0).
>
> The root cause of this crash is broken error propagation in
> agp_amd64_probe(). When no AMD Northbridges are found, cache_nbs()
> correctly returns -ENODEV. However, the probe function erroneously
> checked the return value against exactly -1, rather than < 0.
>
> As a result, the hardware absence error was masked, allowing the driver
> to improperly proceed with initialization. It eventually called
> agp_add_bridge(), which invokes amd64_fetch_size(). Since the hardware
> does not exist, node_to_amd_nb(0) returns NULL, leading to a General
> Protection Fault (GPF) when accessing its ->misc member.
>
> Fix the issue by correcting the error check in agp_amd64_probe() to
> abort properly when cache_nbs() returns any negative error code. This
> prevents the driver from erroneously proceeding without hardware, thereby
> resolving the subsequent NULL pointer dereference at its source.
>
> Signed-off-by: Mingyu Wang <[email protected]>
Fixes: a32073bffc65 ("[PATCH] x86_64: Clean and enhance up K8 northbridge
access code")
Reviewed-by: Lukas Wunner <[email protected]>
Cc: [email protected] # v2.6.18+
