From cc9d69b20bda583142288b0cfb0ab472348a2b51 Mon Sep 17 00:00:00 2001 From: Alexandre Julliard Date: Fri, 4 Sep 2020 21:06:09 +0200 Subject: [PATCH] ntdll: Pop the Unix stack completely in call_user_apc_dispatcher(). Signed-off-by: Alexandre Julliard --- dlls/ntdll/unix/signal_arm.c | 12 +++++------- dlls/ntdll/unix/signal_arm64.c | 14 +++++--------- dlls/ntdll/unix/signal_i386.c | 32 +++++++++++++++++--------------- dlls/ntdll/unix/signal_x86_64.c | 12 +++++------- 4 files changed, 32 insertions(+), 38 deletions(-) diff --git a/dlls/ntdll/unix/signal_arm.c b/dlls/ntdll/unix/signal_arm.c index 89baf6db3df..e8971d22dbd 100644 --- a/dlls/ntdll/unix/signal_arm.c +++ b/dlls/ntdll/unix/signal_arm.c @@ -602,18 +602,16 @@ __ASM_GLOBAL_FUNC( call_user_apc_dispatcher, "mov sp, r0\n\t" "b 2f\n" "1:\tldr r0, [r10]\n\t" - "sub r11, r0, #0x1a0\n\t" - "cmp r11, sp\n\t" - "movlo sp, r11\n\t" + "sub sp, r0, #0x1a0\n\t" "mov r0, #3\n\t" "movt r0, #32\n\t" - "str r0, [r11]\n\t" /* context.ContextFlags = CONTEXT_FULL */ - "mov r1, r11\n\t" + "str r0, [sp]\n\t" /* context.ContextFlags = CONTEXT_FULL */ + "mov r1, sp\n\t" "mov r0, #~1\n\t" "bl " __ASM_NAME("NtGetContextThread") "\n\t" "mov r0, #0xc0\n\t" - "str r0, [r11, #4]\n\t" /* context.R0 = STATUS_USER_APC */ - "mov r0, r11\n\t" + "str r0, [sp, #4]\n\t" /* context.R0 = STATUS_USER_APC */ + "mov r0, sp\n\t" "mov ip, #0\n\t" "str ip, [r10]\n\t" "2:\tmov r1, r5\n\t" /* ctx */ diff --git a/dlls/ntdll/unix/signal_arm64.c b/dlls/ntdll/unix/signal_arm64.c index 51cc6cbcf28..e08d6a2ee17 100644 --- a/dlls/ntdll/unix/signal_arm64.c +++ b/dlls/ntdll/unix/signal_arm64.c @@ -655,21 +655,17 @@ __ASM_GLOBAL_FUNC( call_user_apc_dispatcher, "mov sp, x0\n\t" "b 2f\n" "1:\tldr x0, [x25]\n\t" - "sub x19, x0, #0x390\n\t" - "mov x0, sp\n\t" - "cmp x19, x0\n\t" - "csel x0, x19, x0, lo\n\t" - "mov sp, x0\n\t" + "sub sp, x0, #0x390\n\t" "mov w2, #0x400000\n\t" /* context.ContextFlags = CONTEXT_FULL */ "movk w2, #7\n\t" - "mov x1, x19\n\t" - "str w2, [x19]\n\t" + "str w2, [sp]\n\t" + "mov x1, sp\n\t" "mov x0, #~1\n\t" "bl " __ASM_NAME("NtGetContextThread") "\n\t" "mov w2, #0xc0\n\t" /* context.X0 = STATUS_USER_APC */ - "str x2, [x19, #8]\n\t" + "str x2, [sp, #8]\n\t" "str xzr, [x25]\n\t" - "mov x0, x19\n" /* context */ + "mov x0, sp\n" /* context */ "2:\tldr lr, [x0, #0xf8]\n\t" /* context.Lr */ "mov x1, x20\n\t" /* ctx */ "mov x2, x21\n\t" /* arg1 */ diff --git a/dlls/ntdll/unix/signal_i386.c b/dlls/ntdll/unix/signal_i386.c index 45482b819cc..e0ba27d3e94 100644 --- a/dlls/ntdll/unix/signal_i386.c +++ b/dlls/ntdll/unix/signal_i386.c @@ -1669,34 +1669,36 @@ __ASM_GLOBAL_FUNC( call_user_apc_dispatcher, "jz 1f\n\t" "movl 0xc4(%esi),%eax\n\t" /* context_ptr->Rsp */ "leal -0x2f8(%eax),%eax\n\t" /* sizeof(CONTEXT) + offsetof(frame,ret_addr) + params */ - "movl %esi,4(%eax)\n\t" - "movl 8(%esp),%ecx\n\t" /* ctx */ - "movl %ecx,8(%eax)\n\t" - "movl 12(%esp),%ecx\n\t" /* arg1 */ - "movl %ecx,12(%eax)\n\t" - "movl 16(%esp),%ecx\n\t" /* arg2 */ - "movl %ecx,16(%eax)\n\t" "movl 20(%esp),%ecx\n\t" /* func */ "movl %ecx,20(%eax)\n\t" + "movl 8(%esp),%ebx\n\t" /* ctx */ + "movl 12(%esp),%edx\n\t" /* arg1 */ + "movl 16(%esp),%ecx\n\t" /* arg2 */ "leal 4(%eax),%esp\n\t" "jmp 2f\n" "1:\tmovl %fs:0x1f8,%eax\n\t" /* x86_thread_data()->syscall_frame */ "leal -0x2cc(%eax),%esi\n\t" - "movl %esp,%ecx\n\t" + "movl %esp,%ebx\n\t" "cmpl %esp,%esi\n\t" "cmovbl %esi,%esp\n\t" - "pushl 20(%ecx)\n\t" /* func */ - "pushl 16(%ecx)\n\t" /* arg2 */ - "pushl 12(%ecx)\n\t" /* arg1 */ - "pushl 8(%ecx)\n\t" /* ctx */ - "pushl %esi\n\t" /* context */ "movl $0x00010007,(%esi)\n\t" /* context.ContextFlags = CONTEXT_FULL */ "pushl %esi\n\t" /* context */ "pushl $0xfffffffe\n\t" "call " __ASM_STDCALL("NtGetContextThread",8) "\n\t" "movl $0xc0,0xb0(%esi)\n" /* context.Eax = STATUS_USER_APC */ - "2:\tmovl $0,%fs:0x1f8\n\t" /* x86_thread_data()->syscall_frame = NULL */ - "pushl $0xdeaddead\n\t" + "movl 20(%ebx),%eax\n\t" /* func */ + "movl 16(%ebx),%ecx\n\t" /* arg2 */ + "movl 12(%ebx),%edx\n\t" /* arg1 */ + "movl 8(%ebx),%ebx\n\t" /* ctx */ + "leal -20(%esi),%esp\n\t" + "movl %eax,16(%esp)\n" /* func */ + "2:\tmovl %ecx,12(%esp)\n\t" /* arg2 */ + "movl %edx,8(%esp)\n\t" /* arg1 */ + "movl %ebx,4(%esp)\n\t" /* ctx */ + "movl %esi,(%esp)\n\t" /* context */ + "movl $0,%fs:0x1f8\n\t" /* x86_thread_data()->syscall_frame = NULL */ + "movl 0xb4(%esi),%ebp\n\t" /* context.Ebp */ + "pushl 0xb8(%esi)\n\t" /* context.Eip */ "jmp *%edi\n" ) diff --git a/dlls/ntdll/unix/signal_x86_64.c b/dlls/ntdll/unix/signal_x86_64.c index 31e87cfdc2a..e11b2c70b59 100644 --- a/dlls/ntdll/unix/signal_x86_64.c +++ b/dlls/ntdll/unix/signal_x86_64.c @@ -2013,26 +2013,24 @@ __ASM_GLOBAL_FUNC( call_user_apc_dispatcher, "leaq -0x5c0(%rax),%rsp\n\t" /* sizeof(CONTEXT) + offsetof(frame,ret_addr) */ "jmp 2f\n" "1:\tmovq 0x328(%rbx),%rax\n\t" /* amd64_thread_data()->syscall_frame */ - "leaq -0x4d0(%rax),%r10\n\t" + "leaq -0x4d0(%rax),%rsp\n\t" + "andq $~15,%rsp\n\t" "movq %rdx,%r12\n\t" /* ctx */ "movq %r8,%r13\n\t" /* arg1 */ "movq %r9,%r14\n\t" /* arg2 */ - "cmpq %rsp,%r10\n\t" - "cmovbq %r10,%rsp\n\t" - "andq $~15,%rsp\n\t" "movq %rsp,%rdx\n\t" /* context */ "movl $0x10000b,0x30(%rdx)\n\t" /* context.ContextFlags */ "movq $~1,%rcx\n\t" "call " __ASM_NAME("NtGetContextThread") "\n\t" "movq %rsp,%rcx\n\t" /* context */ - "movl $0xc0,%eax\n\t" - "movq %rax,0x78(%rcx)\n\t" /* context.Rax = STATUS_USER_APC */ + "movq $0xc0,0x78(%rcx)\n\t" /* context.Rax = STATUS_USER_APC */ "movq %r12,%rdx\n\t" /* ctx */ "movq %r13,%r8\n\t" /* arg1 */ "movq %r14,%r9\n" /* arg2 */ "2:\tmovq $0,0x328(%rbx)\n\t" "movq %rsi,0x20(%rsp)\n\t" /* func */ - "leaq -8(%rsp),%rsp\n\t" + "movq 0xa0(%rcx),%rbp\n\t" /* context.Rbp */ + "pushq 0xf8(%rcx)\n\t" /* context.Rip */ "jmp *%rdi" )