From 46465d33480642ba9c722dcb1c4ba5d3b101a464 Mon Sep 17 00:00:00 2001
From: Mark Pizzolato <mark@infocomm.com>
Date: Tue, 5 Apr 2016 06:44:30 -0700
Subject: [PATCH] VAX: Add explanation to reason for stopping due to invalid
 PSL value

A user could change the contents of the PSL via a DEPOSIT command.
If the resulting PSL indicates Interrupt Stack and IPL is 0, then this is
equivalent to MTPR #0,#IPL which is explicitly described as "undefined"

When a MTPR #0,#IPL is performed, the VAX chip microcode doesn't check,
neither does the 780 microcode.  Nothing bad will happen immediately,
however when an interrupt occurs, the saved PSL will now contain IPL 0
and Interrupt Stack.  This combination will cause the REI dismissing the
taken interrupt to fail.  To avoid a user manually creating this via
a DEPOSIT command or to potentially detect this condition while stepping
through instructions this check refuses to execute when the PSL is
invalid.  This change merely provides an explanation.

On page 5-37 of the VAX SRM (DEC standard 32), the REI pseudo-code defines
exactly what a legal PSL looks like. The check at the beginning of
sim_instr is a direct implementation of that check, intended to prevent
the user from creating an inconsistent PSL through the simulator console.
In a VAX chip, the console code would exit by a genuine REI, and any
illegal value created by the user would cause a system stop (return to the
console).

On page 5-43, the revision history notes that in rev 8 of chapter 5,
MTPR #0,#IPL was made undefined. Because MXPR is privileged, and the
general assumption was that VMS knew what it was doing, no one realized
the potential inconsistency that MTPR #IPL could create until it was
too late. "Undefined" allows any behavior, up to and including blowing up
the system.
---
 VAX/vax_cpu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/VAX/vax_cpu.c b/VAX/vax_cpu.c
index e7852a7c..58195946 100644
--- a/VAX/vax_cpu.c
+++ b/VAX/vax_cpu.c
@@ -498,7 +498,7 @@ if ((PSL & PSL_MBZ) ||                                  /* validate PSL<mbz> */
     ((PSL_GETCUR (PSL) != KERN) &&                      /* esu => is, ipl = 0 */
         (PSL & (PSL_IS|PSL_IPL))) ||
     ((PSL & PSL_IS) && ((PSL & PSL_IPL) == 0)))         /* is => ipl > 0 */
-    return SCPE_STOP;
+    return sim_messagef (SCPE_STOP, "Unreasonable PSL value: %08X\r\n", PSL);
 cc = PSL & CC_MASK;                                     /* split PSL */
 PSL = PSL & ~CC_MASK;
 in_ie = 0;                                              /* not in exc */