On Wed, 26 Apr 2023, Michael Schmitz wrote:
Thanks - we had seen evidence that a bus error generated mid-instruction did leave the USP at the address where the bus fault happened (not before the instruction started, neither what it would have been once the instruction completed), and the operation did not complete normally after the bus error (at least the value/address seen in the exception frame not stored).
I'm afraid I still don't fully understand how and why the user stack (rather than the supervisor stack) gets used for processing the exception frame.
Finn had also demonstrated that skipping signal delivery on bus errors abolishes the stack corruption. Your patch achieves the same objective in a different way, so I'm sure this will work as well. I had thought the 030 could resume the interrupted instruction using the information from the exception frame - and that does appear to work in all other cases except where signal delivery gets in the way, and it also works if moving the exception frame a little bit further down the stack. So our treatment of the bus error exception frame during signal delivery appears to be incorrect.
Wouldn't that depend on the exception frame format? Perhaps it is unsafe to treat any format 0xB exception frame in the way we do. If so, what do we do about address error exceptions, which are to produce SIGBUS? The Programmers Reference Manual says "a long bus fault stack frame may be generated" in this case.
