The big safety net here is that only one interrupt gets serviced at a
time, interrupts are turned off while it is being serviced. Most
drivers a very careful to not go deeper than 2 or 3 function levels
deep in a interrupt handler chain. BSD land has a problem with this
because of fine grained interrupt levels. Let me give an example on
the Sparc that I have seen:
1) level 4 scsi interrupt comes in
2) At deepest level of scsi interrupt handler level 10 timer comes in
3) At deepest level of timer handler level 12 serial port clicks an
interrupt
At this point you've eaten a ton of stack because you always let irq
level higher than the one you are handling come in under bsd, Linux
does not have this problem. Arguable there is a irq latency issue
here, but I like linux's model better with the base handlers.
But some of the SCSI interrupt handlers, for example, either (1) run with
interrupts enabled unless explicitly disabled in the code or (2) reenable
interrupts while completion processing is done. This means that with multiple
host adapters we could be in exactly the state you describe with multiple
interrupts on the stack.
Leonard