The itd_patch() function is responsible for allocating entries in the
buffer page pointer list of the iTD.  Particularly, a new page pointer
is needed every time when buffer data crosses a page boundary.

However, there is a bug in the allocation logic: the function does not
allocate a new entry when the current transaction is the first
transaction in the iTD (as indicated by first!=0).

The consequence is that, when the data of the first transaction begins
somewhere at the end of a page so that it actually does cross the page
boundary, no new page pointer is allocated.  This means that the data
at the end of the first transaction (beyond the page boundary) will be
accessed by the HC using the second page pointer, which is zero.
Furthermore, the first page pointer will be later overwritten by the
page pointers of the other transactions, which will garble it because
the value is or-ed into the iTD field.

All this particular check (for !first) does is cause incorrect
behaviour, so it should be entirely removed (and with it the variable
first that is not used for anything else).
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>