diff --git a/sys/dev/xen/privcmd/privcmd.c b/sys/dev/xen/privcmd/privcmd.c
index 246390e3b7c2..e09886f42adb 100644
--- a/sys/dev/xen/privcmd/privcmd.c
+++ b/sys/dev/xen/privcmd/privcmd.c
@@ -232,9 +232,21 @@ privcmd_ioctl(struct cdev *dev, unsigned long cmd, caddr_t arg,
 		struct ioctl_privcmd_hypercall *hcall;
 
 		hcall = (struct ioctl_privcmd_hypercall *)arg;
-
+#ifdef __amd64__
+		/*
+		 * The hypervisor page table walker will refuse to access
+		 * user-space pages if SMAP is enabled, so temporary disable it
+		 * while performing the hypercall.
+		 */
+		if (cpu_stdext_feature & CPUID_STDEXT_SMAP)
+			stac();
+#endif
 		error = privcmd_hypercall(hcall->op, hcall->arg[0],
 		    hcall->arg[1], hcall->arg[2], hcall->arg[3], hcall->arg[4]);
+#ifdef __amd64__
+		if (cpu_stdext_feature & CPUID_STDEXT_SMAP)
+			clac();
+#endif
 		if (error >= 0) {
 			hcall->retval = error;
 			error = 0;