[PATCH] D119086: [COFF] Change the thunk that get inserted when calling a function in a dealyloaded DLL to leave 32 unused bytes on top of the stack on x64

Thomas Ferrand via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Sun Feb 6 09:15:24 PST 2022 

a_Tom created this revision.
a_Tom added a reviewer: ruiu.
a_Tom requested review of this revision.
Herald added a project: LLVM.
Herald added a subscriber: llvm-commits.

When linking a DLL with /delayload, lld insert a thunk that will call __delayLoadHelper2 on first invocation of a function located in the delayloaded DLL.
Prior to the call to __delayLoadHelper2, registers are saved on the stack (and restored after) but it seems that, at least on x64, the __delayLoadHelper2 function writes into the top of the stack, overwritting the value of the saved registers.
This change makes the thunk allocate 32 more bytes on the stack but doesn't use them so that __delayLoadHelper2 won't overwrite anything.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D119086

Files:
  lld/COFF/DLL.cpp


Index: lld/COFF/DLL.cpp
===================================================================
--- lld/COFF/DLL.cpp
+++ lld/COFF/DLL.cpp
@@ -201,18 +201,18 @@
     0x52,                               // push    rdx
     0x41, 0x50,                         // push    r8
     0x41, 0x51,                         // push    r9
-    0x48, 0x83, 0xEC, 0x48,             // sub     rsp, 48h
-    0x66, 0x0F, 0x7F, 0x04, 0x24,       // movdqa  xmmword ptr [rsp], xmm0
-    0x66, 0x0F, 0x7F, 0x4C, 0x24, 0x10, // movdqa  xmmword ptr [rsp+10h], xmm1
-    0x66, 0x0F, 0x7F, 0x54, 0x24, 0x20, // movdqa  xmmword ptr [rsp+20h], xmm2
-    0x66, 0x0F, 0x7F, 0x5C, 0x24, 0x30, // movdqa  xmmword ptr [rsp+30h], xmm3
+    0x48, 0x83, 0xEC, 0x68,             // sub     rsp, 68h
+    0x66, 0x0F, 0x7F, 0x44, 0x24, 0x20, // movdqa  xmmword ptr [rsp+20h], xmm0
+    0x66, 0x0F, 0x7F, 0x4C, 0x24, 0x30, // movdqa  xmmword ptr [rsp+30h], xmm1
+    0x66, 0x0F, 0x7F, 0x54, 0x24, 0x40, // movdqa  xmmword ptr [rsp+40h], xmm2
+    0x66, 0x0F, 0x7F, 0x5C, 0x24, 0x50, // movdqa  xmmword ptr [rsp+50h], xmm3
     0x48, 0x8B, 0xD0,                   // mov     rdx, rax
     0x48, 0x8D, 0x0D, 0, 0, 0, 0,       // lea     rcx, [___DELAY_IMPORT_...]
     0xE8, 0, 0, 0, 0,                   // call    __delayLoadHelper2
-    0x66, 0x0F, 0x6F, 0x04, 0x24,       // movdqa  xmm0, xmmword ptr [rsp]
-    0x66, 0x0F, 0x6F, 0x4C, 0x24, 0x10, // movdqa  xmm1, xmmword ptr [rsp+10h]
-    0x66, 0x0F, 0x6F, 0x54, 0x24, 0x20, // movdqa  xmm2, xmmword ptr [rsp+20h]
-    0x66, 0x0F, 0x6F, 0x5C, 0x24, 0x30, // movdqa  xmm3, xmmword ptr [rsp+30h]
+    0x66, 0x0F, 0x6F, 0x44, 0x24, 0x20, // movdqa  xmm0, xmmword ptr [rsp+20h]
+    0x66, 0x0F, 0x6F, 0x4C, 0x24, 0x30, // movdqa  xmm1, xmmword ptr [rsp+30h]
+    0x66, 0x0F, 0x6F, 0x54, 0x24, 0x40, // movdqa  xmm2, xmmword ptr [rsp+40h]
+    0x66, 0x0F, 0x6F, 0x5C, 0x24, 0x50, // movdqa  xmm3, xmmword ptr [rsp+50h]
     0x48, 0x83, 0xC4, 0x48,             // add     rsp, 48h
     0x41, 0x59,                         // pop     r9
     0x41, 0x58,                         // pop     r8
@@ -316,8 +316,8 @@
 
   void writeTo(uint8_t *buf) const override {
     memcpy(buf, tailMergeX64, sizeof(tailMergeX64));
-    write32le(buf + 39, desc->getRVA() - rva - 43);
-    write32le(buf + 44, helper->getRVA() - rva - 48);
+    write32le(buf + 40, desc->getRVA() - rva - 44);
+    write32le(buf + 45, helper->getRVA() - rva - 49);
   }
 
   Chunk *desc = nullptr;


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D119086.406259.patch
Type: text/x-patch
Size: 2470 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20220206/0135bbe4/attachment.bin>

More information about the llvm-commits mailing list