ntdll: Pop the Unix stack completely in call_user_apc_dispatcher().

dlls/ntdll/unix/signal_arm.c

@@ -602,18 +602,16 @@ __ASM_GLOBAL_FUNC( call_user_apc_dispatcher,
                    "mov sp, r0\n\t"
                    "b 2f\n"
                    "1:\tldr r0, [r10]\n\t"
-                   "sub r11, r0, #0x1a0\n\t"
-                   "cmp r11, sp\n\t"
-                   "movlo sp, r11\n\t"
+                   "sub sp, r0, #0x1a0\n\t"
                    "mov r0, #3\n\t"
                    "movt r0, #32\n\t"
-                   "str r0, [r11]\n\t"         /* context.ContextFlags = CONTEXT_FULL */
-                   "mov r1, r11\n\t"
+                   "str r0, [sp]\n\t"         /* context.ContextFlags = CONTEXT_FULL */
+                   "mov r1, sp\n\t"
                    "mov r0, #~1\n\t"
                    "bl " __ASM_NAME("NtGetContextThread") "\n\t"
                    "mov r0, #0xc0\n\t"
-                   "str r0, [r11, #4]\n\t"    /* context.R0 = STATUS_USER_APC */
-                   "mov r0, r11\n\t"
+                   "str r0, [sp, #4]\n\t"     /* context.R0 = STATUS_USER_APC */
+                   "mov r0, sp\n\t"
                    "mov ip, #0\n\t"
                    "str ip, [r10]\n\t"
                    "2:\tmov r1, r5\n\t"       /* ctx */

dlls/ntdll/unix/signal_arm64.c

@@ -655,21 +655,17 @@ __ASM_GLOBAL_FUNC( call_user_apc_dispatcher,
                    "mov sp, x0\n\t"
                    "b 2f\n"
                    "1:\tldr x0, [x25]\n\t"
-                   "sub x19, x0, #0x390\n\t"
-                   "mov x0, sp\n\t"
-                   "cmp x19, x0\n\t"
-                   "csel x0, x19, x0, lo\n\t"
-                   "mov sp, x0\n\t"
+                   "sub sp, x0, #0x390\n\t"
                    "mov w2, #0x400000\n\t"       /* context.ContextFlags = CONTEXT_FULL */
                    "movk w2, #7\n\t"
-                   "mov x1, x19\n\t"
-                   "str w2, [x19]\n\t"
+                   "str w2, [sp]\n\t"
+                   "mov x1, sp\n\t"
                    "mov x0, #~1\n\t"
                    "bl " __ASM_NAME("NtGetContextThread") "\n\t"
                    "mov w2, #0xc0\n\t"           /* context.X0 = STATUS_USER_APC */
-                   "str x2, [x19, #8]\n\t"
+                   "str x2, [sp, #8]\n\t"
                    "str xzr, [x25]\n\t"
-                   "mov x0, x19\n"               /* context */
+                   "mov x0, sp\n"                /* context */
                    "2:\tldr lr, [x0, #0xf8]\n\t" /* context.Lr */
                    "mov x1, x20\n\t"             /* ctx */
                    "mov x2, x21\n\t"             /* arg1 */

dlls/ntdll/unix/signal_i386.c

@@ -1669,34 +1669,36 @@ __ASM_GLOBAL_FUNC( call_user_apc_dispatcher,
                    "jz 1f\n\t"
                    "movl 0xc4(%esi),%eax\n\t"    /* context_ptr->Rsp */
                    "leal -0x2f8(%eax),%eax\n\t"  /* sizeof(CONTEXT) + offsetof(frame,ret_addr) + params */
-                   "movl %esi,4(%eax)\n\t"
-                   "movl 8(%esp),%ecx\n\t"       /* ctx */
-                   "movl %ecx,8(%eax)\n\t"
-                   "movl 12(%esp),%ecx\n\t"      /* arg1 */
-                   "movl %ecx,12(%eax)\n\t"
-                   "movl 16(%esp),%ecx\n\t"      /* arg2 */
-                   "movl %ecx,16(%eax)\n\t"
                    "movl 20(%esp),%ecx\n\t"      /* func */
                    "movl %ecx,20(%eax)\n\t"
+                   "movl 8(%esp),%ebx\n\t"       /* ctx */
+                   "movl 12(%esp),%edx\n\t"      /* arg1 */
+                   "movl 16(%esp),%ecx\n\t"      /* arg2 */
                    "leal 4(%eax),%esp\n\t"
                    "jmp 2f\n"
                    "1:\tmovl %fs:0x1f8,%eax\n\t" /* x86_thread_data()->syscall_frame */
                    "leal -0x2cc(%eax),%esi\n\t"
-                   "movl %esp,%ecx\n\t"
+                   "movl %esp,%ebx\n\t"
                    "cmpl %esp,%esi\n\t"
                    "cmovbl %esi,%esp\n\t"
-                   "pushl 20(%ecx)\n\t"          /* func */
-                   "pushl 16(%ecx)\n\t"          /* arg2 */
-                   "pushl 12(%ecx)\n\t"          /* arg1 */
-                   "pushl 8(%ecx)\n\t"           /* ctx */
-                   "pushl %esi\n\t"              /* context */
                    "movl $0x00010007,(%esi)\n\t" /* context.ContextFlags = CONTEXT_FULL */
                    "pushl %esi\n\t"              /* context */
                    "pushl $0xfffffffe\n\t"
                    "call " __ASM_STDCALL("NtGetContextThread",8) "\n\t"
                    "movl $0xc0,0xb0(%esi)\n"     /* context.Eax = STATUS_USER_APC */
-                   "2:\tmovl $0,%fs:0x1f8\n\t"   /* x86_thread_data()->syscall_frame = NULL */
-                   "pushl $0xdeaddead\n\t"
+                   "movl 20(%ebx),%eax\n\t"      /* func */
+                   "movl 16(%ebx),%ecx\n\t"      /* arg2 */
+                   "movl 12(%ebx),%edx\n\t"      /* arg1 */
+                   "movl 8(%ebx),%ebx\n\t"       /* ctx */
+                   "leal -20(%esi),%esp\n\t"
+                   "movl %eax,16(%esp)\n"        /* func */
+                   "2:\tmovl %ecx,12(%esp)\n\t"  /* arg2 */
+                   "movl %edx,8(%esp)\n\t"       /* arg1 */
+                   "movl %ebx,4(%esp)\n\t"       /* ctx */
+                   "movl %esi,(%esp)\n\t"        /* context */
+                   "movl $0,%fs:0x1f8\n\t"       /* x86_thread_data()->syscall_frame = NULL */
+                   "movl 0xb4(%esi),%ebp\n\t"    /* context.Ebp */
+                   "pushl 0xb8(%esi)\n\t"        /* context.Eip */
                    "jmp *%edi\n" )
 
 

dlls/ntdll/unix/signal_x86_64.c

@@ -2013,26 +2013,24 @@ __ASM_GLOBAL_FUNC( call_user_apc_dispatcher,
                    "leaq -0x5c0(%rax),%rsp\n\t"     /* sizeof(CONTEXT) + offsetof(frame,ret_addr) */
                    "jmp 2f\n"
                    "1:\tmovq 0x328(%rbx),%rax\n\t"  /* amd64_thread_data()->syscall_frame */
-                   "leaq -0x4d0(%rax),%r10\n\t"
+                   "leaq -0x4d0(%rax),%rsp\n\t"
+                   "andq $~15,%rsp\n\t"
                    "movq %rdx,%r12\n\t"             /* ctx */
                    "movq %r8,%r13\n\t"              /* arg1 */
                    "movq %r9,%r14\n\t"              /* arg2 */
-                   "cmpq %rsp,%r10\n\t"
-                   "cmovbq %r10,%rsp\n\t"
-                   "andq $~15,%rsp\n\t"
                    "movq %rsp,%rdx\n\t"             /* context */
                    "movl $0x10000b,0x30(%rdx)\n\t"  /* context.ContextFlags */
                    "movq $~1,%rcx\n\t"
                    "call " __ASM_NAME("NtGetContextThread") "\n\t"
                    "movq %rsp,%rcx\n\t"             /* context */
-                   "movl $0xc0,%eax\n\t"
-                   "movq %rax,0x78(%rcx)\n\t"       /* context.Rax = STATUS_USER_APC */
+                   "movq $0xc0,0x78(%rcx)\n\t"      /* context.Rax = STATUS_USER_APC */
                    "movq %r12,%rdx\n\t"             /* ctx */
                    "movq %r13,%r8\n\t"              /* arg1 */
                    "movq %r14,%r9\n"                /* arg2 */
                    "2:\tmovq $0,0x328(%rbx)\n\t"
                    "movq %rsi,0x20(%rsp)\n\t"       /* func */
-                   "leaq -8(%rsp),%rsp\n\t"
+                   "movq 0xa0(%rcx),%rbp\n\t"       /* context.Rbp */
+                   "pushq 0xf8(%rcx)\n\t"           /* context.Rip */
                    "jmp *%rdi" )