From 17b1eb8e7fdbca81bc6d74c003b02ca3b08f1fa4 Mon Sep 17 00:00:00 2001
From: P33M <P33M@github.com>
Date: Wed, 9 Jan 2013 16:12:04 +0000
Subject: [PATCH 044/174] dwc_otg: fix bug in dwc_otg_hcd.c resulting in silent
 kernel 	 memory corruption, escalating to OOPS under high USB load.

---
 drivers/usb/host/dwc_otg/dwc_otg_hcd.c       | 2 --
 drivers/usb/host/dwc_otg/dwc_otg_hcd_queue.c | 1 +
 2 files changed, 1 insertion(+), 2 deletions(-)

--- a/drivers/usb/host/dwc_otg/dwc_otg_hcd.c
+++ b/drivers/usb/host/dwc_otg/dwc_otg_hcd.c
@@ -500,8 +500,6 @@ int dwc_otg_hcd_urb_enqueue(dwc_otg_hcd_
 		DWC_ERROR("DWC OTG HCD URB Enqueue failed adding QTD. "
 			  "Error status %d\n", retval);
 		dwc_otg_hcd_qtd_free(qtd);
-	} else {
-		qtd->qh = *ep_handle;
 	}
 	intr_mask.d32 = DWC_READ_REG32(&hcd->core_if->core_global_regs->gintmsk);
 	if (!intr_mask.b.sofintr && retval == 0) {
--- a/drivers/usb/host/dwc_otg/dwc_otg_hcd_queue.c
+++ b/drivers/usb/host/dwc_otg/dwc_otg_hcd_queue.c
@@ -946,6 +946,7 @@ int dwc_otg_hcd_qtd_add(dwc_otg_qtd_t *
 	if (retval == 0) {
 		DWC_CIRCLEQ_INSERT_TAIL(&((*qh)->qtd_list), qtd,
 					qtd_list_entry);
+		qtd->qh = *qh;
 	}
 	DWC_SPINUNLOCK_IRQRESTORE(hcd->lock, flags);