On Mon, May 04, 2026 at 03:48:23PM +0800, [email protected] wrote: > A NULL pointer dereference was observed in the AMD64 AGP driver when > running in a virtualized environment (e.g., QEMU/KVM) without a physical > AMD Northbridge. The crash occurs in amd64_fetch_size() when attempting > to dereference the pointer returned by node_to_amd_nb(0). > > The root cause of this crash is broken error propagation in > agp_amd64_probe(). When no AMD Northbridges are found, cache_nbs() > correctly returns -ENODEV. However, the probe function erroneously > checked the return value against exactly -1, rather than < 0. > > As a result, the hardware absence error was masked, allowing the driver > to improperly proceed with initialization. It eventually called > agp_add_bridge(), which invokes amd64_fetch_size(). Since the hardware > does not exist, node_to_amd_nb(0) returns NULL, leading to a General > Protection Fault (GPF) when accessing its ->misc member. > > Fix the issue by correcting the error check in agp_amd64_probe() to > abort properly when cache_nbs() returns any negative error code. This > prevents the driver from erroneously proceeding without hardware, thereby > resolving the subsequent NULL pointer dereference at its source. > > Signed-off-by: Mingyu Wang <[email protected]>
Applied to drm-misc-next-fixes for v7.2, thank you for the patch.
