# HG changeset patch
# User Keir Fraser <keir.fraser@citrix.com>
# Date 1274857281 -3600
# Node ID 5addb6cb16fd64c664b1e3dd335c76b3426e05e9
# Parent  459f35d8cac4f19e6eae0a7396f6c97e20ae955c
x86 shadow: Avoid remove-all-shadows after shadow teardown

If dom0 alters the p2m of a domain that's being destroyed, we can end
up doing a remove-all-shadows after the shadow hash table has been
freed. Since no hash table implies no shadows, just return
immediately.

Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>

--- a/xen/arch/x86/mm/shadow/common.c
+++ b/xen/arch/x86/mm/shadow/common.c
@@ -2173,8 +2173,13 @@ static void hash_foreach(struct vcpu *v,
     struct domain *d = v->domain;
     struct page_info *x;
 
-    /* Say we're here, to stop hash-lookups reordering the chains */
     ASSERT(shadow_locked_by_me(d));
+
+    /* Can be called via p2m code &c after shadow teardown. */
+    if ( unlikely(!d->arch.paging.shadow.hash_table) )
+        return;
+
+    /* Say we're here, to stop hash-lookups reordering the chains */
     ASSERT(d->arch.paging.shadow.hash_walking == 0);
     d->arch.paging.shadow.hash_walking = 1;