usb: gadget: diag: Fix potential use-after-free

In usb_diag_write(), it's possible that the write completion is
called immediately after usb_ep_queue() has executed but before
it has returned. And even rarer, a cable disconnection could
happen as well, resulting in diag_function_unbind which frees
the context structure before execution has returned to
usb_diag_write() where it then attempts to update the packet
counters using a dangling pointer and writes to freed memory.

Even though a kref is acquired soon after entry in the function,
its intention is to hold it until write completion, and coupled
with the fact that both the completion and unbind can happen
asynchronously we can not guarantee that context is valid after
a successful usb_ep_queue(). Fix the potential use-after-frees
by moving the counter increments.

Since it can also happen in the debugfs routines that touch the
same variables, add spinlock protection there as well.

Change-Id: I265e586d2732341aaf0148b579302ad0f99f4c88
Signed-off-by: Jack Pham <jackp@codeaurora.org>