Index: 2006-06-29/linux-2.6-xen-sparse/arch/i386/mm/hypervisor.c
===================================================================
--- 2006-06-29.orig/linux-2.6-xen-sparse/arch/i386/mm/hypervisor.c	2006-06-29 15:32:32.000000000 +0200
+++ 2006-06-29/linux-2.6-xen-sparse/arch/i386/mm/hypervisor.c	2006-06-29 15:32:35.000000000 +0200
@@ -272,10 +272,6 @@ static unsigned long discontig_frames[1<
 int xen_create_contiguous_region(
 	unsigned long vstart, unsigned int order, unsigned int address_bits)
 {
-	pgd_t         *pgd; 
-	pud_t         *pud; 
-	pmd_t         *pmd;
-	pte_t         *pte;
 	unsigned long *in_frames = discontig_frames, out_frame;
 	unsigned long  frame, i, flags;
 	long           rc;
@@ -305,6 +301,9 @@ int xen_create_contiguous_region(
 	if (order > MAX_CONTIG_ORDER)
 		return -ENOMEM;
 
+	if (vstart < PAGE_OFFSET || vstart >= (unsigned long)high_memory)
+		return -EINVAL;
+
 	set_xen_guest_handle(exchange.in.extent_start, in_frames);
 	set_xen_guest_handle(exchange.out.extent_start, &out_frame);
 
@@ -314,11 +313,7 @@ int xen_create_contiguous_region(
 
 	/* 1. Zap current PTEs, remembering MFNs. */
 	for (i = 0; i < (1UL<<order); i++) {
-		pgd = pgd_offset_k(vstart + (i*PAGE_SIZE));
-		pud = pud_offset(pgd, (vstart + (i*PAGE_SIZE)));
-		pmd = pmd_offset(pud, (vstart + (i*PAGE_SIZE)));
-		pte = pte_offset_kernel(pmd, (vstart + (i*PAGE_SIZE)));
-		in_frames[i] = pte_mfn(*pte);
+		in_frames[i] = pfn_to_mfn((__pa(vstart) >> PAGE_SHIFT) + i);
 		if (HYPERVISOR_update_va_mapping(vstart + (i*PAGE_SIZE),
 						 __pte_ma(0), 0))
 			BUG();
@@ -373,10 +368,6 @@ int xen_create_contiguous_region(
 
 void xen_destroy_contiguous_region(unsigned long vstart, unsigned int order)
 {
-	pgd_t         *pgd; 
-	pud_t         *pud; 
-	pmd_t         *pmd;
-	pte_t         *pte;
 	unsigned long *out_frames = discontig_frames, in_frame;
 	unsigned long  frame, i, flags;
 	long           rc;
@@ -401,6 +392,9 @@ void xen_destroy_contiguous_region(unsig
 	if (order > MAX_CONTIG_ORDER)
 		return;
 
+	if (vstart < PAGE_OFFSET || vstart >= (unsigned long)high_memory)
+		return;
+
 	set_xen_guest_handle(exchange.in.extent_start, &in_frame);
 	set_xen_guest_handle(exchange.out.extent_start, out_frames);
 
@@ -411,11 +405,7 @@ void xen_destroy_contiguous_region(unsig
 	contiguous_bitmap_clear(__pa(vstart) >> PAGE_SHIFT, 1UL << order);
 
 	/* 1. Find start MFN of contiguous extent. */
-	pgd = pgd_offset_k(vstart);
-	pud = pud_offset(pgd, vstart);
-	pmd = pmd_offset(pud, vstart);
-	pte = pte_offset_kernel(pmd, vstart);
-	in_frame = pte_mfn(*pte);
+	in_frame = pfn_to_mfn(__pa(vstart) >> PAGE_SHIFT);
 
 	/* 2. Zap current PTEs. */
 	for (i = 0; i < (1UL<<order); i++) {