The TRB processing loop could potentially call a back-end twice
with the same status transaction. While this was generally benign,
some code paths in the tablet backend weren't set up to handle
this case, resulting in a NULL dereference.
Fix by
- returning a STALL error when an invalid request was seen in the backend
- skipping a call to the backend if the number of packets in a status transaction was zero (this code fragment was taken from the Intel ACRN xhci backend)
The NULL dereferences will be fixed in a follow-up commit.
Discussed with/Reviewed by: Leon Dang (author)