From fad290df77baee0c6757704f88c9b5a7d340f063 Mon Sep 17 00:00:00 2001
From: "Joakim L. Gilje" <jgilje@jgilje.net>
Date: Tue, 7 Nov 2023 12:39:42 +0100
Subject: [PATCH 1/2] add cpl_override in pmodeiret() when cpu_state.flags has
 NT_FLAG

---
 src/cpu/x86seg.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/cpu/x86seg.c b/src/cpu/x86seg.c
index eaa63f846..709253a20 100644
--- a/src/cpu/x86seg.c
+++ b/src/cpu/x86seg.c
@@ -1796,7 +1796,9 @@ pmodeiret(int is32)
     }
 
     if (cpu_state.flags & NT_FLAG) {
+        cpl_override = 1;
         seg  = readmemw(tr.base, 0);
+        cpl_override = 0;
         addr = seg & 0xfff8;
         if (seg & 0x0004) {
             x86seg_log("TS LDT %04X %04X IRET\n", seg, gdt.limit);

From a436c12de3b79e105ef9dd694678b9036040107d Mon Sep 17 00:00:00 2001
From: "Joakim L. Gilje" <jgilje@jgilje.net>
Date: Tue, 7 Nov 2023 20:45:45 +0100
Subject: [PATCH 2/2] pmodeiret(): move the second cpl_override after
 read_descriptor() because the flag is reset by the function

---
 src/cpu/x86seg.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/cpu/x86seg.c b/src/cpu/x86seg.c
index 709253a20..96061d3fa 100644
--- a/src/cpu/x86seg.c
+++ b/src/cpu/x86seg.c
@@ -1811,8 +1811,8 @@ pmodeiret(int is32)
             }
             addr += gdt.base;
         }
-        cpl_override = 1;
         read_descriptor(addr, segdat, segdat32, 1);
+        cpl_override = 1;
         op_taskswitch286(seg, segdat, segdat[2] & 0x0800);
         cpl_override = 0;
         return;