x86 shadow: don't try to unsshadow for p2m changes after the shadows 
have been torn down.

Signed-off-by: Tim Deegan <Tim.Deegan@xxxxxxxxxx>

diff -r d62bede476cb xen/arch/x86/mm/shadow/common.c
--- a/xen/arch/x86/mm/shadow/common.c	Mon Nov 23 15:19:38 2009 +0000
+++ b/xen/arch/x86/mm/shadow/common.c	Thu Nov 26 10:49:35 2009 +0000
@@ -3440,14 +3440,12 @@
  * with new content. It is responsible for update the entry, as well as other 
  * shadow processing jobs.
  */
-void
-shadow_write_p2m_entry(struct vcpu *v, unsigned long gfn, 
-                       l1_pgentry_t *p, mfn_t table_mfn, 
-                       l1_pgentry_t new, unsigned int level)
+
+static void sh_unshadow_for_p2m_change(struct vcpu *v, unsigned long gfn, 
+                                       l1_pgentry_t *p, mfn_t table_mfn, 
+                                       l1_pgentry_t new, unsigned int level)
 {
     struct domain *d = v->domain;
-    
-    shadow_lock(d);
 
     /* If we're removing an MFN from the p2m, remove it from the shadows too */
     if ( level == 1 )
@@ -3503,6 +3501,21 @@
                 unmap_domain_page(npte);
         }
     }
+}
+
+void
+shadow_write_p2m_entry(struct vcpu *v, unsigned long gfn, 
+                       l1_pgentry_t *p, mfn_t table_mfn, 
+                       l1_pgentry_t new, unsigned int level)
+{
+    struct domain *d = v->domain;
+    
+    shadow_lock(d);
+
+    /* If there are any shadows, update them.  But if shadow_teardown()
+     * has already been called then it's not safe to try. */ 
+    if ( likely(d->arch.paging.shadow.total_pages != 0) )
+         sh_unshadow_for_p2m_change(v, gfn, p, table_mfn, new, level);
 
     /* Update the entry with new content */
     safe_write_pte(p, new);