From aabebc2bdfb4cb879634439fad26c297bd1042ae Mon Sep 17 00:00:00 2001
From: William Wu <william.wu@rock-chips.com>
Date: Mon, 20 Apr 2020 17:37:09 +0800
Subject: [PATCH] usb: gadget: uvc: fix possible NULL pointer dereference

This patch fixes the following panic when close the uvc
application in usb host.

Unable to handle kernel NULL pointer dereference at virtual address 00000003
pgd = 21faf91f
[00000003] *pgd=151af835, *pte=00000000, *ppte=00000000
Internal error: Oops: 17 [#1] PREEMPT SMP ARM
Modules linked in: galcore(O)
CPU: 1 PID: 720 Comm: uvc_gadget_pthr Tainted: G        W  O      4.19.111 #8
Hardware name: Generic DT based system
PC is at uvcg_video_ep_queue+0x40/0x58
LR is at uvcg_video_ep_queue+0x38/0x58
...
[<b04fff54>] (uvcg_video_ep_queue) from [<b05003a4>] (uvcg_video_pump+0x7c/0x104)
[<b05003a4>] (uvcg_video_pump) from [<b0527cd8>] (__video_do_ioctl+0x1c8/0x3a0)
[<b0527cd8>] (__video_do_ioctl) from [<b052b40c>] (video_usercopy+0x200/0x494)
[<b052b40c>] (video_usercopy) from [<b022043c>] (do_vfs_ioctl+0xac/0x798)
[<b022043c>] (do_vfs_ioctl) from [<b0220b5c>] (ksys_ioctl+0x34/0x58)
[<b0220b5c>] (ksys_ioctl) from [<b0101000>] (ret_fast_syscall+0x0/0x4c)

Change-Id: I893e4c2b95f9b583423e68d68e7beff1cd114687
Signed-off-by: William Wu <william.wu@rock-chips.com>
---
 drivers/usb/gadget/function/uvc_video.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/usb/gadget/function/uvc_video.c b/drivers/usb/gadget/function/uvc_video.c
index 79263b988e76..e43a7088d1c9 100644
--- a/drivers/usb/gadget/function/uvc_video.c
+++ b/drivers/usb/gadget/function/uvc_video.c
@@ -133,7 +133,7 @@ static int uvcg_video_ep_queue(struct uvc_video *video, struct usb_request *req)
 	if (ret < 0) {
 		printk(KERN_INFO "Failed to queue request (%d).\n", ret);
 		/* Isochronous endpoints can't be halted. */
-		if (usb_endpoint_xfer_bulk(video->ep->desc))
+		if (video->ep->desc && usb_endpoint_xfer_bulk(video->ep->desc))
 			usb_ep_set_halt(video->ep);
 	}