diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index f9b252c..538590a 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -285,46 +285,12 @@ check_v8086_mode(struct pt_regs *regs, unsigned long address,
 		tsk->thread.screen_bitmap |= 1 << bit;
 }
 
-static void dump_pagetable(unsigned long address)
-{
-	__typeof__(pte_val(__pte(0))) page;
-
-	page = read_cr3();
-	page = ((__typeof__(page) *) __va(page))[address >> PGDIR_SHIFT];
-
 #ifdef CONFIG_X86_PAE
-	printk("*pdpt = %016Lx ", page);
-	if ((page >> PAGE_SHIFT) < max_low_pfn
-	    && page & _PAGE_PRESENT) {
-		page &= PAGE_MASK;
-		page = ((__typeof__(page) *) __va(page))[(address >> PMD_SHIFT)
-							& (PTRS_PER_PMD - 1)];
-		printk(KERN_CONT "*pde = %016Lx ", page);
-		page &= ~_PAGE_NX;
-	}
+#define FMTPTE "ll"
 #else
-	printk("*pde = %08lx ", page);
+#define FMTPTE "l"
 #endif
 
-	/*
-	 * We must not directly access the pte in the highpte
-	 * case if the page table is located in highmem.
-	 * And let's rather not kmap-atomic the pte, just in case
-	 * it's allocated already:
-	 */
-	if ((page >> PAGE_SHIFT) < max_low_pfn
-	    && (page & _PAGE_PRESENT)
-	    && !(page & _PAGE_PSE)) {
-
-		page &= PAGE_MASK;
-		page = ((__typeof__(page) *) __va(page))[(address >> PAGE_SHIFT)
-							& (PTRS_PER_PTE - 1)];
-		printk("*pte = %0*Lx ", sizeof(page)*2, (u64)page);
-	}
-
-	printk("\n");
-}
-
 #else /* CONFIG_X86_64: */
 
 void vmalloc_sync_all(void)
@@ -440,6 +406,10 @@ check_v8086_mode(struct pt_regs *regs, unsigned long address,
 {
 }
 
+#define FMTPTE "ll"
+
+#endif /* CONFIG_X86_64 */
+
 static int bad_address(void *p)
 {
 	unsigned long dummy;
@@ -447,7 +417,7 @@ static int bad_address(void *p)
 	return probe_kernel_address((unsigned long *)p, dummy);
 }
 
-static void dump_pagetable(unsigned long address)
+void dump_pagetable(unsigned long address)
 {
 	pgd_t *pgd;
 	pud_t *pud;
@@ -462,7 +432,7 @@ static void dump_pagetable(unsigned long address)
 	if (bad_address(pgd))
 		goto bad;
 
-	printk("PGD %lx ", pgd_val(*pgd));
+	printk("PGD %"FMTPTE"x ", pgd_val(*pgd));
 
 	if (!pgd_present(*pgd))
 		goto out;
@@ -471,7 +441,7 @@ static void dump_pagetable(unsigned long address)
 	if (bad_address(pud))
 		goto bad;
 
-	printk("PUD %lx ", pud_val(*pud));
+	printk("PUD %"FMTPTE"x ", pud_val(*pud));
 	if (!pud_present(*pud) || pud_large(*pud))
 		goto out;
 
@@ -479,7 +449,7 @@ static void dump_pagetable(unsigned long address)
 	if (bad_address(pmd))
 		goto bad;
 
-	printk("PMD %lx ", pmd_val(*pmd));
+	printk("PMD %"FMTPTE"x ", pmd_val(*pmd));
 	if (!pmd_present(*pmd) || pmd_large(*pmd))
 		goto out;
 
@@ -487,7 +457,7 @@ static void dump_pagetable(unsigned long address)
 	if (bad_address(pte))
 		goto bad;
 
-	printk("PTE %lx", pte_val(*pte));
+	printk("PTE %"FMTPTE"x", pte_val(*pte));
 out:
 	printk("\n");
 	return;
@@ -495,8 +465,6 @@ bad:
 	printk("BAD\n");
 }
 
-#endif /* CONFIG_X86_64 */
-
 /*
  * Workaround for K8 erratum #93 & buggy BIOS.
  *
@@ -598,6 +566,10 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code,
 	printk_address(regs->ip, 1);
 
 	dump_pagetable(address);
+	printk(KERN_CRIT "Fixmap KM_PTE0 @ %#lx\n", fix_to_virt(KM_PTE0));
+	dump_pagetable(fix_to_virt(KM_PTE0));
+	printk(KERN_CRIT "Fixmap KM_PTE1 @ %#lx\n", fix_to_virt(KM_PTE1));
+	dump_pagetable(fix_to_virt(KM_PTE1));
 }
 
 static noinline void
diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
index 1729178..2c427d3 100644
--- a/arch/x86/xen/mmu.c
+++ b/arch/x86/xen/mmu.c
@@ -1015,13 +1015,34 @@ static int xen_pin_page(struct mm_struct *mm, struct page *page,
 	return flush;
 }
 
+static int xen_check_l1_pinned(pte_t *pte, unsigned long s, unsigned long e, struct mm_walk *walk)
+{
+	extern void dump_pagetable(unsigned long address);
+	struct page *pte_page = virt_to_page(pte);
+
+	if (!PagePinned(pte_page)) {
+		printk(KERN_CRIT "PTE @ %p is an L1 page %p covering %#lx-%#lx which is not pinned\n", pte, pte_page, s, e);
+		dump_pagetable((unsigned long)pte);
+		BUG();
+	}
+
+	return 0;
+}
+
 /* This is called just after a mm has been created, but it has not
    been used yet.  We need to make sure that its pagetable is all
    read-only, and can be pinned. */
 static void __xen_pgd_pin(struct mm_struct *mm, pgd_t *pgd)
 {
+	struct mm_walk xen_pin_walk = {
+		.pte_entry = &xen_check_l1_pinned,
+		.mm = mm,
+	};
+
 	vm_unmap_aliases();
 
+	walk_page_range(0xc0000000, FIXADDR_TOP, &xen_pin_walk);
+
 	xen_mc_batch();
 
 	if (__xen_pgd_walk(mm, pgd, xen_pin_page, USER_LIMIT)) {
diff --git a/init/main.c b/init/main.c
index 33ce929..baf4300 100644
--- a/init/main.c
+++ b/init/main.c
@@ -74,6 +74,8 @@
 #include <asm/sections.h>
 #include <asm/cacheflush.h>
 
+#include <asm/xen/page.h>
+
 #ifdef CONFIG_X86_LOCAL_APIC
 #include <asm/smp.h>
 #endif
@@ -815,6 +817,54 @@ static noinline int init_post(void)
 	system_state = SYSTEM_RUNNING;
 	numa_default_policy();
 
+	{
+		extern void dump_pagetable(unsigned long address);
+		struct page *pgd_page, *pte_page;
+		pgd_t *pgd;
+		pud_t *pud;
+		pmd_t *pmd;
+		phys_addr_t pte_phys;
+		unsigned long address = 0xc08ce011UL;//(unsigned long) __builtin_return_address(0);
+
+		pgd = pgd_offset(&init_mm, address);
+		if (!pgd_present(*pgd))
+			goto skip;
+
+		pud = pud_offset(pgd, address);
+		if (!pud_present(*pud))
+			goto skip;
+
+		pmd = pmd_offset(pud, address);
+		if (!pmd_present(*pmd))
+			goto skip;
+
+		pgd_page = virt_to_page(init_mm.pgd);
+		pte_page = pmd_page(*pmd);
+
+		pte_phys = page_to_phys(pte_page) + pte_index(address);
+		printk(KERN_CRIT "Test debug infrastructure on address %#lx:\n", address);
+		printk(KERN_CRIT "L4 at V:%p/P:%#llx/M:%#llx is %s and contains L2 at V:%p/P:%#llx/M:%#llx = %#llx "
+		       "which points to an L1 P:%#llx/M:%#llx which is %s %s\n",
+		       pgd, virt_to_phys(pgd), virt_to_machine(pgd).maddr,
+		       PagePinned(pgd_page) ? "pinned" : "unpinned",
+		       pmd, virt_to_phys(pmd), virt_to_machine(pmd).maddr,
+		       pmd_val(*pmd),
+		       pte_phys, phys_to_machine(XPADDR(pte_phys)).maddr,
+		       PagePinned(pte_page) ? "pinned" : "unpinned",
+		       PageHighMem(pte_page) ? "highmem" : "lowmem");
+		printk(KERN_CRIT "faulting address %#lx\n", address);
+		dump_pagetable(address);
+		if (!PageHighMem(pte_page)) {
+			printk(KERN_CRIT "lowmem mapping of L1 @ P:%#llx is at V:%p\n", pte_phys, phys_to_virt(page_to_phys(pte_page)));
+			dump_pagetable((unsigned long)phys_to_virt(page_to_phys(pte_page)));
+		}
+		printk(KERN_CRIT "Fixmap KM_PTE0 @ %#lx\n", fix_to_virt(KM_PTE0));
+		dump_pagetable(fix_to_virt(KM_PTE0));
+		printk(KERN_CRIT "Fixmap KM_PTE1 @ %#lx\n", fix_to_virt(KM_PTE1));
+		dump_pagetable(fix_to_virt(KM_PTE1));
+	}
+	skip:
+
 	if (sys_open((const char __user *) "/dev/console", O_RDWR, 0) < 0)
 		printk(KERN_WARNING "Warning: unable to open an initial console.\n");
 
diff --git a/mm/rmap.c b/mm/rmap.c
index 1652166..ced5650 100644
--- a/mm/rmap.c
+++ b/mm/rmap.c
@@ -52,6 +52,9 @@
 #include <linux/migrate.h>
 
 #include <asm/tlbflush.h>
+#include <asm/io.h>
+
+#include <asm/xen/page.h>
 
 #include "internal.h"
 
@@ -267,6 +270,7 @@ unsigned long page_address_in_vma(struct page *page, struct vm_area_struct *vma)
 pte_t *page_check_address(struct page *page, struct mm_struct *mm,
 			  unsigned long address, spinlock_t **ptlp, int sync)
 {
+	struct page *pgd_page, *pte_page;
 	pgd_t *pgd;
 	pud_t *pud;
 	pmd_t *pmd;
@@ -285,6 +289,32 @@ pte_t *page_check_address(struct page *page, struct mm_struct *mm,
 	if (!pmd_present(*pmd))
 		return NULL;
 
+	pgd_page = virt_to_page(mm->pgd);
+	pte_page = pmd_page(*pmd);
+
+	if (PagePinned(pgd_page) != PagePinned(pte_page)) {
+		extern void dump_pagetable(unsigned long address);
+		phys_addr_t pte_phys = page_to_phys(pte_page) + pte_index(address);
+		printk(KERN_CRIT "L4 at V:%p/P:%#llx/M:%#llx is %s and contains L2 at V:%p/P:%#llx/M:%#llx = %#llx "
+		       "which points to an L1 P:%#llx/M:%#llx which is %s %s\n",
+		       pgd, virt_to_phys(pgd), virt_to_machine(pgd).maddr,
+		       PagePinned(pgd_page) ? "pinned" : "unpinned",
+		       pmd, virt_to_phys(pmd), virt_to_machine(pmd).maddr,
+		       pmd_val(*pmd),
+		       pte_phys, phys_to_machine(XPADDR(pte_phys)).maddr,
+		       PagePinned(pte_page) ? "pinned" : "unpinned",
+		       PageHighMem(pte_page) ? "highmem" : "lowmem");
+		printk(KERN_CRIT "faulting address %#lx\n", address);
+		dump_pagetable(address);
+		if (!PageHighMem(pte_page)) {
+			printk(KERN_CRIT "lowmem mapping of L1 @ P:%#llx is at V:%p\n", pte_phys, phys_to_virt(page_to_phys(pte_page)));
+			dump_pagetable((unsigned long)phys_to_virt(page_to_phys(pte_page)));
+		}
+		printk(KERN_CRIT "Fixmap KM_PTE0 @ %#lx\n", fix_to_virt(KM_PTE0));
+		dump_pagetable(fix_to_virt(KM_PTE0));
+		printk(KERN_CRIT "Fixmap KM_PTE1 @ %#lx\n", fix_to_virt(KM_PTE1));
+		dump_pagetable(fix_to_virt(KM_PTE1));
+	}
 	pte = pte_offset_map(pmd, address);
 	/* Make a quick check before getting the lock */
 	if (!sync && !pte_present(*pte)) {