diff --git a/sys/arch/usermode/include/machdep.h b/sys/arch/usermode/include/machdep.h
index 0f5b0ddd3595..ff4a26ceec91 100644
--- a/sys/arch/usermode/include/machdep.h
+++ b/sys/arch/usermode/include/machdep.h
@@ -1,4 +1,4 @@
-/* $NetBSD: machdep.h,v 1.6 2011/12/14 18:51:39 reinoud Exp $ */
+/* $NetBSD: machdep.h,v 1.7 2012/01/03 10:53:46 reinoud Exp $ */
 
 /*-
  * Copyright (c) 2011 Reinoud Zandijk <reinoud@netbsd.org>
@@ -35,6 +35,7 @@ void	md_syscall_set_returnargs(lwp_t *l, ucontext_t *ucp,
 		int error, register_t *rval);
 void	md_syscall_inc_pc(ucontext_t *ucp, uint32_t opcode);
 void	md_syscall_dec_pc(ucontext_t *ucp, uint32_t opcode);
+register_t md_get_pc(ucontext_t *ucp);
 
 /* handlers */
 void	syscall(void);
diff --git a/sys/arch/usermode/include/pcb.h b/sys/arch/usermode/include/pcb.h
index 45e8b760c67f..33442a793c25 100644
--- a/sys/arch/usermode/include/pcb.h
+++ b/sys/arch/usermode/include/pcb.h
@@ -1,4 +1,4 @@
-/* $NetBSD: pcb.h,v 1.14 2011/12/12 15:04:51 reinoud Exp $ */
+/* $NetBSD: pcb.h,v 1.15 2012/01/03 10:53:46 reinoud Exp $ */
 
 /*-
  * Copyright (c) 2007 Jared D. McNeill <jmcneill@invisible.ca>
@@ -51,6 +51,7 @@ struct pcb {
 
 	int		 pcb_errno;		/* save/restore place */
 	vaddr_t		 pcb_fault_addr;	/* save place for fault addr */
+	vaddr_t		 pcb_fault_pc;		/* save place for fault PC */
 };
 
 #endif /* !_ARCH_USERMODE_INCLUDE_PCB_H */
diff --git a/sys/arch/usermode/usermode/machdep.c b/sys/arch/usermode/usermode/machdep.c
index bb73aceebd6d..154c86b0a0e1 100644
--- a/sys/arch/usermode/usermode/machdep.c
+++ b/sys/arch/usermode/usermode/machdep.c
@@ -1,4 +1,4 @@
-/* $NetBSD: machdep.c,v 1.47 2011/12/29 21:22:49 jmcneill Exp $ */
+/* $NetBSD: machdep.c,v 1.48 2012/01/03 10:53:46 reinoud Exp $ */
 
 /*-
  * Copyright (c) 2011 Reinoud Zandijk <reinoud@netbsd.org>
@@ -37,7 +37,7 @@
 #include "opt_memsize.h"
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.47 2011/12/29 21:22:49 jmcneill Exp $");
+__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.48 2012/01/03 10:53:46 reinoud Exp $");
 
 #include <sys/types.h>
 #include <sys/systm.h>
@@ -440,6 +440,14 @@ md_syscall_set_returnargs(lwp_t *l, ucontext_t *ucp,
 	//dump_regs(reg);
 }
 
+register_t
+md_get_pc(ucontext_t *ucp)
+{
+	register_t *reg = (register_t *) &ucp->uc_mcontext;
+
+	return reg[14];			/* EIP */
+}
+
 int
 md_syscall_check_opcode(ucontext_t *ucp)
 {
diff --git a/sys/arch/usermode/usermode/trap.c b/sys/arch/usermode/usermode/trap.c
index 74939d92c537..b89c17609034 100644
--- a/sys/arch/usermode/usermode/trap.c
+++ b/sys/arch/usermode/usermode/trap.c
@@ -1,4 +1,4 @@
-/* $NetBSD: trap.c,v 1.49 2012/01/02 22:02:51 reinoud Exp $ */
+/* $NetBSD: trap.c,v 1.50 2012/01/03 10:53:46 reinoud Exp $ */
 
 /*-
  * Copyright (c) 2011 Reinoud Zandijk <reinoud@netbsd.org>
@@ -27,7 +27,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: trap.c,v 1.49 2012/01/02 22:02:51 reinoud Exp $");
+__KERNEL_RCSID(0, "$NetBSD: trap.c,v 1.50 2012/01/03 10:53:46 reinoud Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -108,7 +108,7 @@ mem_access_handler(int sig, siginfo_t *info, void *ctx)
 	ucontext_t *uct = ctx;
 	struct lwp *l;
 	struct pcb *pcb;
-	vaddr_t va;
+	vaddr_t va, pc;
 
 	assert((info->si_signo == SIGSEGV) || (info->si_signo == SIGBUS));
 
@@ -147,9 +147,13 @@ mem_access_handler(int sig, siginfo_t *info, void *ctx)
 	l = curlwp;
 	pcb = lwp_getpcb(l);
 
+	/* get address of faulted memory access and make it page aligned */
 	va = (vaddr_t) info->si_addr;
 	va = trunc_page(va);
 
+	/* get PC address of faulted memory instruction */
+	pc = md_get_pc(ctx);
+
 #if 0	/* disabled for now, these checks need to move */
 #ifdef DIAGNOSTIC
 	/* sanity */
@@ -169,6 +173,7 @@ mem_access_handler(int sig, siginfo_t *info, void *ctx)
 	/* remember our parameters */
 //	assert((void *) pcb->pcb_fault_addr == NULL);
 	pcb->pcb_fault_addr = va;
+	pcb->pcb_fault_pc   = pc;
 
 	/* switch to the pagefault entry on return from signal */
 	memcpy(uct, &pcb->pcb_pagefault_ucp, sizeof(ucontext_t));
@@ -259,26 +264,25 @@ pagefault(void)
 	struct vmspace *vm;
 	struct vm_map *vm_map;
 	vm_prot_t atype;
-	vaddr_t va;
+	vaddr_t va, pc;
 	void *onfault;
-	int kmem, lwp_errno, rv;
+	int from_kernel, lwp_errno, rv;
 
 	l = curlwp;
 	pcb = lwp_getpcb(l);
 	p = l->l_proc;
 	vm = p->p_vmspace;
 	va = pcb->pcb_fault_addr;
+	pc = pcb->pcb_fault_pc;
 
 	lwp_errno = thunk_geterrno();
 
-	kmem = 1;
-	vm_map = kernel_map;
-	if ((va >= VM_MIN_ADDRESS) && (va < VM_MAXUSER_ADDRESS)) {
-		kmem = 0;
-		vm_map = &vm->vm_map;
-	}
+	vm_map = &vm->vm_map;
+	from_kernel = (pc >= VM_MIN_KERNEL_ADDRESS);
+	if (from_kernel && (va >= VM_MIN_KERNEL_ADDRESS))
+		vm_map = kernel_map;
 
-	dprintf_debug("pagefault : va = %p\n", (void *) va);
+	dprintf_debug("pagefault : pc %p, va %p\n", (void *) pc, (void *) va);
 
 	/* can pmap handle it? on its own? (r/m) */
 	onfault = pcb->pcb_onfault;
@@ -300,7 +304,7 @@ pagefault(void)
 		dprintf_debug("uvm_fault returned error %d\n", rv);
 
 		/* something got wrong */
-		if (kmem) {
+		if (from_kernel) {
 			/* copyin / copyout */
 			if (!onfault)
 				panic("kernel fault");