xen/qemu-dm-segfault.patch

Index: xen-4.6.1-testing/tools/qemu-xen-traditional-dir-remote/hw/ide.c
===================================================================
--- xen-4.6.1-testing.orig/tools/qemu-xen-traditional-dir-remote/hw/ide.c
+++ xen-4.6.1-testing/tools/qemu-xen-traditional-dir-remote/hw/ide.c
@@ -937,8 +937,9 @@ static inline void ide_dma_submit_check(
 
 static inline void ide_set_irq(IDEState *s)
 {
-    BMDMAState *bm = s->bmdma;
-    if (!s->bs) return; /* ouch! (see ide_flush_cb) */
+    BMDMAState *bm;
+    if (!s || !s->bs) return; /* ouch! (see ide_flush_cb) */
+    bm = s->bmdma;
     if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
         if (bm) {
             bm->status |= BM_STATUS_INT;
@@ -1338,6 +1339,8 @@ static void ide_write_flush_cb(void *opa
     BMDMAState *bm = opaque;
     IDEState *s = bm->ide_if;
 
+    if (!s) return; /* yikes */
+
     if (ret != 0) {
 	ide_dma_error(s);
 	return;
@@ -1432,7 +1435,7 @@ static void ide_flush_cb(void *opaque, i
 {
     IDEState *s = opaque;
 
-    if (!s->bs) return; /* ouch! (see below) */
+    if (!s || !s->bs) return; /* ouch! (see below) */
 
     if (ret) {
         /* We are completely doomed.  The IDE spec does not permit us
@@ -1689,7 +1692,7 @@ static void ide_atapi_cmd_read_dma_cb(vo
     IDEState *s = bm->ide_if;
     int data_offset, n;
 
-    if (!s->bs) return; /* ouch! (see ide_flush_cb) */
+    if (!s || !s->bs) return; /* ouch! (see ide_flush_cb) */
 
     if (ret < 0) {
         ide_atapi_io_error(s, ret);
@@ -2375,7 +2378,7 @@ static void cdrom_change_cb(void *opaque
     IDEState *s = opaque;
     uint64_t nb_sectors;
 
-    if (!s->bs) return; /* ouch! (see ide_flush_cb) */
+    if (!s || !s->bs) return; /* ouch! (see ide_flush_cb) */
 
     bdrv_get_geometry(s->bs, &nb_sectors);
     s->nb_sectors = nb_sectors;