From 3d24f27402fa2b7d5fd85ee66f3677b076ef3749 Mon Sep 17 00:00:00 2001
From: "kfraser@localhost.localdomain" <kfraser@localhost.localdomain>
Date: Fri, 5 Jan 2007 14:44:58 +0000
Subject: [PATCH] [XEN] Fix EA calculation for POP <rm> when stack pointer is
 used as base of the EA calculation. It should be used *post* increment.

Original patch from Jan Beulich <jbeulich@novell.com>

Signed-off-by: Keir Fraser <keir@xensource.com>
---
 xen/arch/x86/x86_emulate.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/xen/arch/x86/x86_emulate.c b/xen/arch/x86/x86_emulate.c
index 323626ce0f..6ad67874ad 100644
--- a/xen/arch/x86/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate.c
@@ -616,6 +616,11 @@ x86_emulate(
                 ea.mem.off <<= (sib >> 6) & 3;
                 if ( (modrm_mod == 0) && ((sib_base & 7) == 5) )
                     ea.mem.off += insn_fetch_type(int32_t);
+                else if ( (sib_base == 4) && !twobyte && (b == 0x8f) )
+                    /* POP <rm> must have its EA calculated post increment. */
+                    ea.mem.off += _regs.esp +
+                        (((mode == X86EMUL_MODE_PROT64) && (op_bytes == 4))
+                         ? 8 : op_bytes);
                 else
                     ea.mem.off += *(long*)decode_register(sib_base, &_regs, 0);
             }
-- 
2.30.2