--- np2/i386c/ia32/cpu_mem.c	2011/12/16 09:05:42	1.24
+++ np2/i386c/ia32/cpu_mem.c	2012/01/08 11:32:16	1.28
@@ -64,7 +64,7 @@ check_limit_upstairs(descriptor_t *sdp, 
 			if (!SEG_IS_32BIT(sdp)) {
 				if ((len > limit)		/* len check */
 				 || (end > limit)) {		/* [1] */
-					return 0;
+					goto exc;
 				}
 			} else {
 				sdp->flag |= CPU_DESC_FLAG_WHOLEADR;
@@ -88,7 +88,7 @@ check_limit_upstairs(descriptor_t *sdp, 
 			 || (end < offset)			/* wrap check */
 			 || (offset < sdp->u.seg.limit) 	/* [1] */
 			 || (end > limit)) {			/* [2] */
-				return 0;
+				goto exc;
 			}
 		}
 	} else {
@@ -107,7 +107,7 @@ check_limit_upstairs(descriptor_t *sdp, 
 			if (!SEG_IS_32BIT(sdp)) {
 				if ((len > limit)		/* len check */
 				 || (offset + len > limit)) {	/* [1] */
-					return 0;
+					goto exc;
 				}
 			} else {
 				sdp->flag |= CPU_DESC_FLAG_WHOLEADR;
@@ -127,12 +127,19 @@ check_limit_upstairs(descriptor_t *sdp, 
 			 */
 			if ((len > sdp->u.seg.limit)		/* len check */
 			 || (end < offset)			/* wrap check */
-			 || (end > sdp->u.seg.limit)) {		/* [1] */
-				return 0;
+			 || (end > sdp->u.seg.limit + 1)) {	/* [1] */
+				goto exc;
 			}
 		}
 	}
 	return 1;	/* Ok! */
+
+exc:
+	VERBOSE(("check_limit_upstairs: check failure: offset = 0x%08x, len = %d", offset, len + 1));
+#if defined(DEBUG)
+	segdesc_dump(sdp);
+#endif
+	return 0;
 }
 
 static void MEMCALL
@@ -170,8 +177,7 @@ cpu_memoryread_check(descriptor_t *sdp, 
 	return;
 
 exc:
-	VERBOSE(("cpu_memoryread_check: check failure."));
-	VERBOSE(("offset = 0x%08x, len = %d", offset, len));
+	VERBOSE(("cpu_memoryread_check: check failure: offset = 0x%08x, len = %d", offset, len));
 #if defined(DEBUG)
 	segdesc_dump(sdp);
 #endif
@@ -210,15 +216,14 @@ cpu_memorywrite_check(descriptor_t *sdp,
 	return;
 
 exc:
-	VERBOSE(("cpu_memorywrite_check: check failure."));
-	VERBOSE(("offset = 0x%08x, len = %d", offset, len));
+	VERBOSE(("cpu_memorywrite_check: check failure: offset = 0x%08x, len = %d", offset, len));
 #if defined(DEBUG)
 	segdesc_dump(sdp);
 #endif
 	EXCEPTION(e, 0);
 }
 
-void
+void MEMCALL
 cpu_stack_push_check(UINT16 s, descriptor_t *sdp, UINT32 sp, UINT len)
 {
 	UINT32 limit;
@@ -227,6 +232,8 @@ cpu_stack_push_check(UINT16 s, descripto
 	__ASSERT(sdp != NULL);
 	__ASSERT(len > 0);
 
+	len--;
+
 	if (!SEG_IS_VALID(sdp)
 	 || !SEG_IS_PRESENT(sdp)
 	 || SEG_IS_SYSTEM(sdp)
@@ -235,7 +242,6 @@ cpu_stack_push_check(UINT16 s, descripto
 		goto exc;
 	}
 
-	len--;
 	start = sp - len;
 	limit = SEG_IS_32BIT(sdp) ? 0xffffffff : 0x0000ffff;
 
@@ -320,7 +326,7 @@ cpu_stack_push_check(UINT16 s, descripto
 			 */
 			if ((len > sdp->u.seg.limit)		/* len check */
 			 || (start > sp)			/* wrap check */
-			 || (sp > sdp->u.seg.limit)) {		/* [1] */
+			 || (sp > sdp->u.seg.limit + 1)) {	/* [1] */
 				goto exc;
 			}
 		}
@@ -328,15 +334,14 @@ cpu_stack_push_check(UINT16 s, descripto
 	return;
 
 exc:
-	VERBOSE(("cpu_stack_push_check: check failure."));
-	VERBOSE(("s = 0x%04x, sp = 0x%08x, len = %d", s, sp, len));
+	VERBOSE(("cpu_stack_push_check: check failure: selector = %04x, sp = 0x%08x, len = %d", s, sp, len));
 #if defined(DEBUG)
 	segdesc_dump(sdp);
 #endif
 	EXCEPTION(SS_EXCEPTION, s & 0xfffc);
 }
 
-void
+void MEMCALL
 cpu_stack_pop_check(UINT16 s, descriptor_t *sdp, UINT32 sp, UINT len)
 {
 
@@ -356,8 +361,7 @@ cpu_stack_pop_check(UINT16 s, descriptor
 	return;
 
 exc:
-	VERBOSE(("cpu_stack_pop_check: check failure."));
-	VERBOSE(("s = 0x%04x, sp = 0x%08x, len = %d", s, sp, len));
+	VERBOSE(("cpu_stack_pop_check: check failure: selector = %04x, sp = 0x%08x, len = %d", s, sp, len));
 #if defined(DEBUG)
 	segdesc_dump(sdp);
 #endif