xen/qemu-dm-segfault.patch

Index: xen-4.5.1-testing/tools/qemu-xen-traditional-dir-remote/hw/ide.c
===================================================================
--- xen-4.5.1-testing.orig/tools/qemu-xen-traditional-dir-remote/hw/ide.c
+++ xen-4.5.1-testing/tools/qemu-xen-traditional-dir-remote/hw/ide.c
@@ -935,8 +935,9 @@ static inline void ide_dma_submit_check(
 
 static inline void ide_set_irq(IDEState *s)
 {
-    BMDMAState *bm = s->bmdma;
-    if (!s->bs) return; /* ouch! (see ide_flush_cb) */
+    BMDMAState *bm;
+    if (!s || !s->bs) return; /* ouch! (see ide_flush_cb) */
+    bm = s->bmdma;
     if (!(s->cmd & IDE_CMD_DISABLE_IRQ)) {
         if (bm) {
             bm->status |= BM_STATUS_INT;
@@ -1224,14 +1225,14 @@ static void ide_read_dma_cb(void *opaque
     int n;
     int64_t sector_num;
 
+    if (!s || !s->bs) return; /* ouch! (see ide_flush_cb) */
+
     if (ret < 0) {
         dma_buf_commit(s, 1);
 	ide_dma_error(s);
 	return;
     }
 
-    if (!s->bs) return; /* ouch! (see ide_flush_cb) */
-
     n = s->io_buffer_size >> 9;
     sector_num = ide_get_sector(s);
     if (n > 0) {
@@ -1335,6 +1336,8 @@ static void ide_write_flush_cb(void *opa
     BMDMAState *bm = opaque;
     IDEState *s = bm->ide_if;
 
+    if (!s) return; /* yikes */
+
     if (ret != 0) {
 	ide_dma_error(s);
 	return;
@@ -1366,13 +1369,13 @@ static void ide_write_dma_cb(void *opaqu
     int n;
     int64_t sector_num;
 
+    if (!s || !s->bs) return; /* ouch! (see ide_flush_cb) */
+
     if (ret < 0) {
         if (ide_handle_write_error(s, -ret,  BM_STATUS_DMA_RETRY))
             return;
     }
 
-    if (!s->bs) return; /* ouch! (see ide_flush_cb) */
-
     n = s->io_buffer_size >> 9;
     sector_num = ide_get_sector(s);
     if (n > 0) {
@@ -1429,7 +1432,7 @@ static void ide_flush_cb(void *opaque, i
 {
     IDEState *s = opaque;
 
-    if (!s->bs) return; /* ouch! (see below) */
+    if (!s || !s->bs) return; /* ouch! (see below) */
 
     if (ret) {
         /* We are completely doomed.  The IDE spec does not permit us
@@ -1686,7 +1689,7 @@ static void ide_atapi_cmd_read_dma_cb(vo
     IDEState *s = bm->ide_if;
     int data_offset, n;
 
-    if (!s->bs) return; /* ouch! (see ide_flush_cb) */
+    if (!s || !s->bs) return; /* ouch! (see ide_flush_cb) */
 
     if (ret < 0) {
         ide_atapi_io_error(s, ret);
@@ -2372,7 +2375,7 @@ static void cdrom_change_cb(void *opaque
     IDEState *s = opaque;
     uint64_t nb_sectors;
 
-    if (!s->bs) return; /* ouch! (see ide_flush_cb) */
+    if (!s || !s->bs) return; /* ouch! (see ide_flush_cb) */
 
     bdrv_get_geometry(s->bs, &nb_sectors);
     s->nb_sectors = nb_sectors;