Plug two holes where we returned to userland without restoring

the predicate registers. Even though the ITLB and DTLB interrupts
happen often enough, this bug didn't do much harm. The reason
is that the interrupt handlers only modify p1 and since this is
a preserved (callee-saved) register it is hardly used in code
generated by the compiler. Compilers use scratch registers by
default. Changing the interrupt handlers to use p6 (ie a scratch
register) proved that the bug was in fact fatal.

2 files changed, 4 insertions, 0 deletions

diff --git a/sys/ia64/ia64/exception.S b/sys/ia64/ia64/exception.S
index 84d07a0..af0cbe8 100644
--- a/sys/ia64/ia64/exception.S
+++ b/sys/ia64/ia64/exception.S
@@ -96,6 +96,7 @@ interruption_Instruction_TLB:
 (p1)	br.dpnt.few 1f
 	;;
 	ld8	r21=[r18]		// read pte
+	mov	pr=r17,0x1ffff
 	;;
 	itc.i	r21			// insert pte
 	rfi				// done
@@ -172,6 +173,7 @@ interruption_Data_TLB:
 (p1)	br.dpnt.few 1f
 	;;
 	ld8	r21=[r18]		// read pte
+	mov	pr=r17,0x1ffff
 	;;
 	itc.d	r21			// insert pte
 	rfi				// done
diff --git a/sys/ia64/ia64/exception.s b/sys/ia64/ia64/exception.s
index 84d07a0..af0cbe8 100644
--- a/sys/ia64/ia64/exception.s
+++ b/sys/ia64/ia64/exception.s
@@ -96,6 +96,7 @@ interruption_Instruction_TLB:
 (p1)	br.dpnt.few 1f
 	;;
 	ld8	r21=[r18]		// read pte
+	mov	pr=r17,0x1ffff
 	;;
 	itc.i	r21			// insert pte
 	rfi				// done
@@ -172,6 +173,7 @@ interruption_Data_TLB:
 (p1)	br.dpnt.few 1f
 	;;
 	ld8	r21=[r18]		// read pte
+	mov	pr=r17,0x1ffff
 	;;
 	itc.d	r21			// insert pte
 	rfi				// done