diff -r 1c744dc258c2 -r 54a7a4860809 src/arch/arm/faults.hh
--- a/src/arch/arm/faults.hh	Wed Mar 30 10:52:08 2011 -0500
+++ b/src/arch/arm/faults.hh	Wed Mar 30 11:01:16 2011 -0500
@@ -242,6 +242,16 @@
             StaticInstPtr inst = StaticInst::nullStaticInstPtr);
 };
 
+// A fault that flushes the pipe, including the faulting instructions
+class ReExec : public ArmFaultVals<ReExec>
+{
+  public:
+    ReExec() {}
+    void invoke(ThreadContext *tc,
+            StaticInstPtr inst = StaticInst::nullStaticInstPtr);
+};
+
+
 static inline Fault genMachineCheckFault()
 {
     return new Reset();
diff -r 1c744dc258c2 -r 54a7a4860809 src/arch/arm/faults.cc
--- a/src/arch/arm/faults.cc	Wed Mar 30 10:52:08 2011 -0500
+++ b/src/arch/arm/faults.cc	Wed Mar 30 11:01:16 2011 -0500
@@ -74,6 +74,9 @@
 template<> ArmFault::FaultVals ArmFaultVals<FlushPipe>::vals =
     {"Pipe Flush", 0x00, MODE_SVC, 0, 0, true, true}; // some dummy values
 
+template<> ArmFault::FaultVals ArmFaultVals<ReExec>::vals =
+    {"ReExec Flush", 0x00, MODE_SVC, 0, 0, true, true}; // some dummy values
+
 Addr 
 ArmFault::getVector(ThreadContext *tc)
 {
@@ -225,6 +228,17 @@
     tc->pcState(pc);
 }
 
+void
+ReExec::invoke(ThreadContext *tc, StaticInstPtr inst) {
+    DPRINTF(Faults, "Invoking ReExec Fault\n");
+
+    // Set the PC to then the faulting instruction.
+    // Net effect is simply squashing all instructions including this
+    // instruction and refetching/rexecuting current instruction
+    PCState pc = tc->pcState();
+    tc->pcState(pc);
+}
+
 template void AbortFault<PrefetchAbort>::invoke(ThreadContext *tc,
                                                 StaticInstPtr inst);
 template void AbortFault<DataAbort>::invoke(ThreadContext *tc,
diff -r 1c744dc258c2 -r 54a7a4860809 src/arch/arm/table_walker.cc
--- a/src/arch/arm/table_walker.cc	Wed Mar 30 10:52:08 2011 -0500
+++ b/src/arch/arm/table_walker.cc	Wed Mar 30 11:01:16 2011 -0500
@@ -116,6 +116,15 @@
         currState->tableWalker = this;
     }
     else if (_timing) {
+        // This is a translation that was completed and then faulted again
+        // because some underlying parameters that affect the translation
+        // changed out from under us (e.g. asid). It will either be a
+        // misprediction, in which case nothing will happen or we'll use
+        // this fault to re-execute the faulting instruction which should clean
+        // up everything.
+        if (currState->vaddr == _req->getVaddr()) {
+            return new ReExec;
+        }
         panic("currState should always be empty in timing mode!\n");
     }
 
diff -r 1c744dc258c2 -r 54a7a4860809 src/arch/arm/tlb.cc
--- a/src/arch/arm/tlb.cc	Wed Mar 30 10:52:08 2011 -0500
+++ b/src/arch/arm/tlb.cc	Wed Mar 30 11:01:16 2011 -0500
@@ -446,8 +446,10 @@
 TLB::translateFs(RequestPtr req, ThreadContext *tc, Mode mode,
         Translation *translation, bool &delay, bool timing)
 {
-    if (!miscRegValid)
+    if (!miscRegValid) {
         updateMiscReg(tc);
+        DPRINTF(TLBVerbose, "TLB variables changed!\n");
+    }
 
     Addr vaddr = req->getVaddr();
     uint32_t flags = req->getFlags();
@@ -456,7 +458,7 @@
     bool is_write = (mode == Write);
     bool is_priv = isPriv && !(flags & UserMode);
 
-    DPRINTF(TLBVerbose, "CPSR is user:%d UserMode:%d\n",
+    DPRINTF(TLBVerbose, "CPSR is priv:%d UserMode:%d\n",
             isPriv, flags & UserMode);
     // If this is a clrex instruction, provide a PA of 0 with no fault
     // This will force the monitor to set the tracked address to 0