Hello, The DECstation's interrupt handler can crash under certain circumstances. Due to a missing masking of the CP0 Cause register, if a spurious interrupt is delivered (its deasserted before reading the register), the handler may jump to an arbitrary memory location as determined by data fetched from an incorrect location. Due to this problem my new /260 system used to crash frequently, because Cause.CE is often set to 3 (CE is unspecified for all but coprocessor unusable exceptions). The following patch masks Cause appropriately. A small reorganization of code was also possible due to changes in the scheduling of delay slots. Maciej -- + Maciej W. Rozycki, Technical University of Gdansk, Poland + +--------------------------------------------------------------+ + e-mail: macro@ds2.pg.gda.pl, PGP key available + patch-mips-2.4.14-20011123-dec-cause-0 diff -up --recursive --new-file linux-mips-2.4.14-20011123.macro/arch/mips/dec/int-handler.S linux-mips-2.4.14-20011123/arch/mips/dec/int-handler.S --- linux-mips-2.4.14-20011123.macro/arch/mips/dec/int-handler.S Tue Jul 3 04:27:16 2001 +++ linux-mips-2.4.14-20011123/arch/mips/dec/int-handler.S Sun Nov 25 00:40:11 2001 @@ -140,7 +140,7 @@ */ mfc0 t0,CP0_CAUSE # get pending interrupts mfc0 t2,CP0_STATUS - la t1,cpu_mask_tbl + andi t0,ST0_IM # CAUSE.CE may be non-zero! and t0,t2 # isolate allowed ones beqz t0,spurious @@ -148,7 +148,8 @@ /* * Find irq with highest priority */ -1: lw t2,(t1) + la t1,cpu_mask_tbl +1: lw t2,(t1) move t3,t0 and t3,t2 beq t3,zero,1b
