gfxstrand: So my concern is something like this:

1. Kernel does something that would _normally_ cause it to unmap userspace pages.
2. If kernel waits for the Xen grants to be released, it might deadlock.
3. If it does not, the guest has access to freed memory.