diff -r 1e6455d608bd xen/arch/x86/mm/shadow/common.c
--- a/xen/arch/x86/mm/shadow/common.c	Fri Jan 18 16:20:47 2008 +0000
+++ b/xen/arch/x86/mm/shadow/common.c	Fri Jan 18 16:44:00 2008 +0000
@@ -593,11 +593,14 @@ int shadow_write_guest_entry(struct vcpu
  * appropriately.  Returns 0 if we page-faulted, 1 for success. */
 {
     int failed;
-    shadow_lock(v->domain);
+    struct domain *d = v->domain;
+    shadow_lock(d);
     failed = __copy_to_user(p, &new, sizeof(new));
     if ( failed != sizeof(new) )
-        sh_validate_guest_entry(v, gmfn, p, sizeof(new));
-    shadow_unlock(v->domain);
+        if ( sh_validate_guest_entry(v, gmfn, p, sizeof(new)) 
+             & SHADOW_SET_FLUSH )
+            flush_tlb_mask(d->domain_dirty_cpumask);
+    shadow_unlock(d);
     return (failed == 0);
 }
 
@@ -609,13 +612,16 @@ int shadow_cmpxchg_guest_entry(struct vc
  * cmpxchg itself was successful. */
 {
     int failed;
+    struct domain *d = v->domain;
     intpte_t t = *old;
-    shadow_lock(v->domain);
+    shadow_lock(d);
     failed = cmpxchg_user(p, t, new);
     if ( t == *old )
-        sh_validate_guest_entry(v, gmfn, p, sizeof(new));
+        if ( sh_validate_guest_entry(v, gmfn, p, sizeof(new))
+             & SHADOW_SET_FLUSH )
+            flush_tlb_mask(d->domain_dirty_cpumask);
     *old = t;
-    shadow_unlock(v->domain);
+    shadow_unlock(d);
     return (failed == 0);
 }