There was a timing window where flush_tlb_mask() could be called with
an empty mask (triggering a WARN_ON() in send_IPI_mask_flat() along
with APIC errors) because rather than using the already taken snapshot
of next's vcpu_dirty_cpumask struct vcpu's field was used directly,
which can get its only bit cleared by remote CPUs.

Replacing the structure field's use by the local variable then made
the inner cpus_empty() check completely redundant with the one in the
surrounding if()'s condition.

Signed-off-by: Jan Beulich <jbeulich@novell.com>