Index: target-i386/translate.c
===================================================================
RCS file: /cvsroot/qemu/qemu/target-i386/translate.c,v
retrieving revision 1.57
diff -u -u -r1.57 translate.c
--- target-i386/translate.c	14 Jun 2006 14:29:34 -0000	1.57
+++ target-i386/translate.c	21 Jun 2006 11:01:47 -0000
@@ -2947,15 +2947,15 @@
         case 0x2d6: /* movq2dq */
             gen_op_enter_mmx();
             rm = (modrm & 7) | REX_B(s);
-            gen_op_movq(offsetof(CPUX86State,xmm_regs[rm].XMM_Q(0)),
-                        offsetof(CPUX86State,fpregs[reg & 7].mmx));
-            gen_op_movq_env_0(offsetof(CPUX86State,xmm_regs[rm].XMM_Q(1)));
+            gen_op_movq(offsetof(CPUX86State,xmm_regs[reg & 7].XMM_Q(0)),
+                        offsetof(CPUX86State,fpregs[rm].mmx));
+            gen_op_movq_env_0(offsetof(CPUX86State,xmm_regs[reg & 7].XMM_Q(1)));
             break;
         case 0x3d6: /* movdq2q */
             gen_op_enter_mmx();
             rm = (modrm & 7);
-            gen_op_movq(offsetof(CPUX86State,fpregs[rm].mmx),
-                        offsetof(CPUX86State,xmm_regs[reg].XMM_Q(0)));
+            gen_op_movq(offsetof(CPUX86State,fpregs[reg].mmx),
+                        offsetof(CPUX86State,xmm_regs[rm].XMM_Q(0)));
             break;
         case 0xd7: /* pmovmskb */
         case 0x1d7:
@@ -3006,8 +3006,9 @@
             if (mod != 3) {
                 gen_lea_modrm(s, modrm, &reg_addr, &offset_addr);
                 op2_offset = offsetof(CPUX86State,xmm_t0);
-                if (b1 >= 2 && ((b >= 0x50 && b <= 0x5f) ||
-                                b == 0xc2)) {
+                if (!(b1 == 2 && b == 0x5b) &&
+                    (b1 >= 2 && ((b >= 0x50 && b <= 0x5f) ||
+                                b == 0xc2))) {
                     /* specific case for SSE single instructions */
                     if (b1 == 2) {
                         /* 32 bit access */