https://git.reactos.org/?p=reactos.git;a=commitdiff;h=26a64324e785ff712bde6736ed7cbfc92a98925b
commit 26a64324e785ff712bde6736ed7cbfc92a98925b
Author: Timo Kreuzer <timo.kreu...@reactos.org>
AuthorDate: Tue Aug 15 22:51:05 2023 +0300
Commit: Timo Kreuzer <timo.kreu...@reactos.org>
CommitDate: Sun Sep 17 10:37:50 2023 +0300
[NTOSKRNL/x64] Fix a bug in KeSwitchKernelStack
Don't safe anything in the callee's home space, because the callee can
overwrite it. Use the functions home space instead.
---
ntoskrnl/ke/amd64/trap.S | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/ntoskrnl/ke/amd64/trap.S b/ntoskrnl/ke/amd64/trap.S
index 082160893b4..93dce4215dc 100644
--- a/ntoskrnl/ke/amd64/trap.S
+++ b/ntoskrnl/ke/amd64/trap.S
@@ -1213,19 +1213,18 @@ EXTERN KiSwitchKernelStack:PROC
PUBLIC KeSwitchKernelStack
FUNC KeSwitchKernelStack
+ /* Save rcx and allocate callee home space */
+ mov [rsp + P1Home], rcx
+ .savereg rcx, P1Home
sub rsp, 40
.allocstack 40
-
- /* Save rcx */
- mov [rsp], rcx
- .savereg rcx, 0
.endprolog
/* Call the C handler, which returns the old stack in rax */
call KiSwitchKernelStack
/* Restore rcx (StackBase) */
- mov rcx, [rsp]
+ mov rcx, [rsp + 40 + P1Home]
/* Switch to new stack: RSP += (StackBase - OldStackBase) */
sub rcx, rax
