From 40149bca57d03cc67b2f6807aeabd89628c1918c Mon Sep 17 00:00:00 2001
From: wlf <wulf@rock-chips.com>
Date: Wed, 22 May 2013 17:46:51 +0800
Subject: [PATCH] USB: fix potential qtd use-after-free case in interrupt
 handler

---
 drivers/usb/dwc_otg/dwc_otg_hcd_intr.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/usb/dwc_otg/dwc_otg_hcd_intr.c b/drivers/usb/dwc_otg/dwc_otg_hcd_intr.c
index 684e89164918..524ce16943c7 100755
--- a/drivers/usb/dwc_otg/dwc_otg_hcd_intr.c
+++ b/drivers/usb/dwc_otg/dwc_otg_hcd_intr.c
@@ -1948,7 +1948,8 @@ int32_t dwc_otg_hcd_handle_hc_n_intr (dwc_otg_hcd_t *_dwc_otg_hcd, uint32_t _num
 		retval |= handle_hc_nak_intr(_dwc_otg_hcd, hc, hc_regs, qtd);
 	}
 	if (hcint.b.ack) {
-		retval |= handle_hc_ack_intr(_dwc_otg_hcd, hc, hc_regs, qtd);
+		if(!hcint.b.chhltd)
+			retval |= handle_hc_ack_intr(_dwc_otg_hcd, hc, hc_regs, qtd);
 	}
 	if (hcint.b.nyet) {
 		retval |= handle_hc_nyet_intr(_dwc_otg_hcd, hc, hc_regs, qtd);
-- 
2.34.1