brcm2708: update against latest rpi-3.10.y branch

Update our copies of the brcm2708 patches to the latest rpi-3.10-y
rebased against linux-3.10.y stable (3.10.32). This should hopefully
make it easier for us in the future to leverage the raspberry/rpi-*
branches.

Signed-off-by: Florian Fainelli <florian@openwrt.org>

SVN-Revision: 39770

1 files changed, 29 insertions, 0 deletions

diff --git a/target/linux/brcm2708/patches-3.10/0053-dwc_otg-fix-potential-use-after-free-case-in-interru.patch b/target/linux/brcm2708/patches-3.10/0053-dwc_otg-fix-potential-use-after-free-case-in-interru.patch
new file mode 100644
index 0000000000..fb4a53d22f
--- /dev/null
+++ b/target/linux/brcm2708/patches-3.10/0053-dwc_otg-fix-potential-use-after-free-case-in-interru.patch
@@ -0,0 +1,29 @@
+From 51d7ae6f936ea32dedbe423fab97e3281994fe82 Mon Sep 17 00:00:00 2001
+From: P33M <P33M@github.com>
+Date: Thu, 28 Feb 2013 16:52:51 +0000
+Subject: [PATCH 053/174] dwc_otg: fix potential use-after-free case in
+ interrupt handler
+
+If a transaction had previously aborted, certain interrupts are
+enabled to track error counts and reset where necessary. On IN
+endpoints the host generates an ACK interrupt near-simultaneously
+with completion of transfer. In the case where this transfer had
+previously had an error, this results in a use-after-free on
+the QTD memory space with a 1-byte length being overwritten to
+0x00.
+---
+ drivers/usb/host/dwc_otg/dwc_otg_hcd_intr.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/usb/host/dwc_otg/dwc_otg_hcd_intr.c
++++ b/drivers/usb/host/dwc_otg/dwc_otg_hcd_intr.c
+@@ -2223,7 +2223,8 @@ int32_t dwc_otg_hcd_handle_hc_n_intr(dwc
+ 		retval |= handle_hc_nak_intr(dwc_otg_hcd, hc, hc_regs, qtd);
+ 	}
+ 	if (hcint.b.ack) {
+-		retval |= handle_hc_ack_intr(dwc_otg_hcd, hc, hc_regs, qtd);
++		if(!hcint.b.chhltd)
++			retval |= handle_hc_ack_intr(dwc_otg_hcd, hc, hc_regs, qtd);
+ 	}
+ 	if (hcint.b.nyet) {
+ 		retval |= handle_hc_nyet_intr(dwc_otg_hcd, hc, hc_regs, qtd);