diff -r 0918b4bbffbb xen/arch/x86/mm/shadow/multi.c
--- a/xen/arch/x86/mm/shadow/multi.c	Tue Jan 15 11:19:14 2008 +0000
+++ b/xen/arch/x86/mm/shadow/multi.c	Thu Jan 17 10:28:48 2008 +0000
@@ -1888,11 +1888,28 @@ static shadow_l1e_t * shadow_get_and_cre
                                                 fetch_type_t ft)
 {
     mfn_t sl2mfn;
-    shadow_l2e_t *sl2e;
+    shadow_l2e_t *sl2e, tmp;
 
     /* Get the l2e */
     sl2e = shadow_get_and_create_l2e(v, gw, &sl2mfn, ft);
     if ( sl2e == NULL ) return NULL;
+
+    if ( __copy_from_user(&tmp, sl2e, sizeof(tmp)) != 0 )
+    {
+        local_flush_tlb();
+        if ( __copy_from_user(&tmp, sl2e, sizeof(tmp)) != 0 )
+            SHADOW_ERROR("Can't see the l2e, even with TLB flush");
+        else
+            SHADOW_ERROR("TLB flush made the l2e readable!");
+        show_page_walk((unsigned long) sl2e);
+        print_gw(gw);
+        show_page_walk(gw->va);
+        printk("v->arch.shadow_table[0] == %#lx\n", 
+               pagetable_get_pfn(v->arch.shadow_table[0]));
+        printk("CR3 = %#lx\n", read_cr3());
+        WARN();
+    }
+
     /* Install the sl1 in the l2e if it wasn't there or if we need to
      * re-do it to fix a PSE dirty bit. */
     if ( shadow_l2e_get_flags(*sl2e) & _PAGE_PRESENT