PPC: Get rid of segfaults in DBDMA emulation

While trying to find the right channel number for the DBDMA emulation I
stumbled across segmentation faults that were purely triggered by the guest.

The guest should never have the possiblity to segfault us, so let's check
all indirect function calls on a channel, so the code even works for channels
that have not been reserved.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

hw/mac_dbdma.c

@@ -402,8 +402,10 @@ static void start_output(DBDMA_channel *ch, int key, uint32_t addr,
     ch->io.dma_end = dbdma_end;
     ch->io.is_dma_out = 1;
     ch->processing = 1;
+    if (ch->rw) {
         ch->rw(&ch->io);
     }
+}
 
 static void start_input(DBDMA_channel *ch, int key, uint32_t addr,
                        uint16_t req_count, int is_last)
@@ -425,8 +427,10 @@ static void start_input(DBDMA_channel *ch, int key, uint32_t addr,
     ch->io.dma_end = dbdma_end;
     ch->io.is_dma_out = 0;
     ch->processing = 1;
+    if (ch->rw) {
         ch->rw(&ch->io);
     }
+}
 
 static void load_word(DBDMA_channel *ch, int key, uint32_t addr,
                      uint16_t len)
@@ -688,7 +692,7 @@ dbdma_control_write(DBDMA_channel *ch)
 
     if (status & ACTIVE)
         qemu_bh_schedule(dbdma_bh);
-    if (status & FLUSH)
+    if ((status & FLUSH) && ch->flush)
         ch->flush(&ch->io);
 }