Greg Kroah-Hartman wrote: > On Wed, Nov 27, 2019 at 01:45:15PM -0800, Thinh Nguyen wrote: >> The function driver may try to enable an unconfigured endpoint. This >> check make sure that we do not attempt to access a NULL descriptor and >> crash. >> >> Cc: stable@xxxxxxxxxxxxxxx >> Signed-off-by: Thinh Nguyen <thinhn@xxxxxxxxxxxx> >> --- >> drivers/usb/dwc3/gadget.c | 3 +++ >> 1 file changed, 3 insertions(+) >> >> diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c >> index 7f97856e6b20..00f8f079bbf2 100644 >> --- a/drivers/usb/dwc3/gadget.c >> +++ b/drivers/usb/dwc3/gadget.c >> @@ -619,6 +619,9 @@ static int __dwc3_gadget_ep_enable(struct dwc3_ep *dep, unsigned int action) >> u32 reg; >> int ret; >> >> + if (!desc) >> + return -EINVAL; > How can this happen? Shouldn't this be caught at an earlier point in > time? Yeah, it should, and it's already handled or noted in all the function drivers in the kernel. It just bugs me a little seeing that it doesn't fail gracefully if it's not the case. You can discard this patch if you think it's unnecessary. Thanks, Thinh