diff --git a/0028-XXX-merge-with-segmentation-fault-p.patch b/0028-XXX-merge-with-segmentation-fault-p.patch
index 84d13169..4c53dca5 100644
--- a/0028-XXX-merge-with-segmentation-fault-p.patch
+++ b/0028-XXX-merge-with-segmentation-fault-p.patch
@@ -1,25 +1,17 @@
-From 62ae064e6bb8028b2d3f91b8c2e9b44a84d5f3cd Mon Sep 17 00:00:00 2001
+From a81c9410cc3538dfeb22484d1daa95e6a5bb1e79 Mon Sep 17 00:00:00 2001
 From: Alexander Graf <agraf@suse.de>
 Date: Wed, 11 Jul 2012 23:15:47 +0200
 Subject: [PATCH] XXX merge with segmentation fault passing patch
 
 ---
- user-exec.c |   30 +++++++++++++++++-------------
- 1 files changed, 17 insertions(+), 13 deletions(-)
+ user-exec.c |   32 +++++++++++++++++++-------------
+ 1 files changed, 19 insertions(+), 13 deletions(-)
 
 diff --git a/user-exec.c b/user-exec.c
-index 83d2d44..3710c08 100644
+index 83d2d44..cc57bde 100644
 --- a/user-exec.c
 +++ b/user-exec.c
-@@ -97,24 +97,28 @@ static inline int handle_cpu_signal(uintptr_t pc, unsigned long address,
-                 pc, address, is_write, *(unsigned long *)old_set);
- #endif
- 
-+    if (RESERVED_VA) {
-+        /* Convert to guest address space */
-+        address = address - GUEST_BASE;
-+    }
-+
+@@ -100,21 +100,27 @@ static inline int handle_cpu_signal(uintptr_t pc, unsigned long address,
      /* Maybe we're still holding the TB fiddling lock? */
      spin_unlock_safe(&tb_lock);
  
@@ -29,7 +21,8 @@ index 83d2d44..3710c08 100644
 -            return 1;
 -        }
 +    /* XXX: locking issue */
-+    if (is_write && page_unprotect(address, pc, puc)) {
++    if (h2g_valid(address) && is_write &&
++        page_unprotect(h2g(address), pc, puc)) {
 +        return 1;
 +    }
  
@@ -41,11 +34,17 @@ index 83d2d44..3710c08 100644
 -        if (ret == 0) {
 -            return 1; /* the MMU fault was handled without causing real CPU fault */
 -        }
++    if (RESERVED_VA) {
++        /* Convert forcefully to guest address space, invalid addresses
++           are still valid segv ones */
++        address = address - GUEST_BASE;
+     }
++
 +    /* see if it is an MMU fault */
 +    ret = cpu_handle_mmu_fault(env, address, is_write, MMU_USER_IDX);
 +    if (ret < 0) {
 +        return 0; /* not an MMU fault */
-     }
++    }
 +    if (ret == 0) {
 +        return 1; /* the MMU fault was handled without causing real CPU fault */
 +    }