Hello,
The DECstation's interrupt handler can crash under certain circumstances.
Due to a missing masking of the CP0 Cause register, if a spurious
interrupt is delivered (its deasserted before reading the register), the
handler may jump to an arbitrary memory location as determined by data
fetched from an incorrect location. Due to this problem my new /260
system used to crash frequently, because Cause.CE is often set to 3 (CE is
unspecified for all but coprocessor unusable exceptions).
The following patch masks Cause appropriately. A small reorganization of
code was also possible due to changes in the scheduling of delay slots.
Maciej
--
+ Maciej W. Rozycki, Technical University of Gdansk, Poland +
+--------------------------------------------------------------+
+ e-mail: macro@ds2.pg.gda.pl, PGP key available +
patch-mips-2.4.14-20011123-dec-cause-0
diff -up --recursive --new-file
linux-mips-2.4.14-20011123.macro/arch/mips/dec/int-handler.S
linux-mips-2.4.14-20011123/arch/mips/dec/int-handler.S
--- linux-mips-2.4.14-20011123.macro/arch/mips/dec/int-handler.S Tue Jul
3 04:27:16 2001
+++ linux-mips-2.4.14-20011123/arch/mips/dec/int-handler.S Sun Nov 25
00:40:11 2001
@@ -140,7 +140,7 @@
*/
mfc0 t0,CP0_CAUSE # get pending interrupts
mfc0 t2,CP0_STATUS
- la t1,cpu_mask_tbl
+ andi t0,ST0_IM # CAUSE.CE may be non-zero!
and t0,t2 # isolate allowed ones
beqz t0,spurious
@@ -148,7 +148,8 @@
/*
* Find irq with highest priority
*/
-1: lw t2,(t1)
+ la t1,cpu_mask_tbl
+1: lw t2,(t1)
move t3,t0
and t3,t2
beq t3,zero,1b
|