On Nov 26,  3:04pm, "Charles M. Hannum" wrote:
> 
> So I scanned through the various implementations, and I note:
> 
> m68k, arm32: Fixed.
> mips, pc532: Looks right to me.

  The mips doesn't look right to me:

  The old fault handler is saved in S0, but then S0 is restored with the
saved S0 value before the fault handler is restored from S0.  That looks
to me like the fault handler will end up with whatever was in S0 when
kcopy() is called.

Michael