Index: xen-4.0.0-testing/tools/ioemu-remote/hw/ide.c =================================================================== --- xen-4.0.0-testing.orig/tools/ioemu-remote/hw/ide.c +++ xen-4.0.0-testing/tools/ioemu-remote/hw/ide.c @@ -935,8 +935,9 @@ static inline void ide_dma_submit_check( static inline void ide_set_irq(IDEState *s) { - BMDMAState *bm = s->bmdma; - if (!s->bs) return; /* ouch! (see ide_flush_cb) */ + BMDMAState *bm; + if (!s || !s->bs) return; /* ouch! (see ide_flush_cb) */ + bm = s->bmdma; if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) { if (bm) { bm->status |= BM_STATUS_INT; @@ -1224,14 +1225,14 @@ static void ide_read_dma_cb(void *opaque int n; int64_t sector_num; + if (!s || !s->bs) return; /* ouch! (see ide_flush_cb) */ + if (ret < 0) { dma_buf_commit(s, 1); ide_dma_error(s); return; } - if (!s->bs) return; /* ouch! (see ide_flush_cb) */ - n = s->io_buffer_size >> 9; sector_num = ide_get_sector(s); if (n > 0) { @@ -1335,6 +1336,8 @@ static void ide_write_flush_cb(void *opa BMDMAState *bm = opaque; IDEState *s = bm->ide_if; + if (!s) return; /* yikes */ + if (ret != 0) { ide_dma_error(s); return; @@ -1366,13 +1369,13 @@ static void ide_write_dma_cb(void *opaqu int n; int64_t sector_num; + if (!s || !s->bs) return; /* ouch! (see ide_flush_cb) */ + if (ret < 0) { if (ide_handle_write_error(s, -ret, BM_STATUS_DMA_RETRY)) return; } - if (!s->bs) return; /* ouch! (see ide_flush_cb) */ - n = s->io_buffer_size >> 9; sector_num = ide_get_sector(s); if (n > 0) { @@ -1429,7 +1432,7 @@ static void ide_flush_cb(void *opaque, i { IDEState *s = opaque; - if (!s->bs) return; /* ouch! (see below) */ + if (!s || !s->bs) return; /* ouch! (see below) */ if (ret) { /* We are completely doomed. The IDE spec does not permit us @@ -1686,7 +1689,7 @@ static void ide_atapi_cmd_read_dma_cb(vo IDEState *s = bm->ide_if; int data_offset, n; - if (!s->bs) return; /* ouch! (see ide_flush_cb) */ + if (!s || !s->bs) return; /* ouch! (see ide_flush_cb) */ if (ret < 0) { ide_atapi_io_error(s, ret); @@ -2365,7 +2368,7 @@ static void cdrom_change_cb(void *opaque IDEState *s = opaque; uint64_t nb_sectors; - if (!s->bs) return; /* ouch! (see ide_flush_cb) */ + if (!s || !s->bs) return; /* ouch! (see ide_flush_cb) */ bdrv_get_geometry(s->bs, &nb_sectors); s->nb_sectors = nb_sectors;