usb: dwc3: Fix out of bound memory access for event buffer

The commit 49c45e0b ("usb: dwc3: gadget: Clear
pending events when stopping controller") added a
race of writing to the GEVNTCOUNT between the run_stop
and the dwc3_check_event_buf. This causes the
GEVNTCOUNT to be decremented below zero by the controller
and is resulting in a huge values(0xFFFC) which is much
larger than the event buffer size(0x1000).
When this happens the next dwc3_interrupt will be accessing
the next page after the event buffer resulting in a
memory abort.
Fix this by discarding any interrupts that are fired
after the run_stop bit is cleared. And also compare
the count value with the event buffer length to
prevent out of bound memory access.

The earlier commit still leaves a window of an event being
generated by the controller between clearing the pending
events and clearing the run_stop bit preventing the controller
from being halted. Fix this by clearing the pending events
after the run_stop bit is cleared.

Change-Id: Ic5244485dc1af728848f40c45f920a6a6f880ac2
Signed-off-by: Sriharsha Allenki <sallenki@codeaurora.org>