From 725a642c2d0b42e2b4435dfbfbff6b138d37d2ce Mon Sep 17 00:00:00 2001
From: Joel Sing <joel@sing.id.au>
Date: Wed, 27 Jan 2021 23:09:57 +1100
Subject: [PATCH] runtime: correct syscall10/syscall10X on openbsd/amd64

The syscall10/syscall10X implementation uses an incorrect stack offset for
arguments a7 to a10. Correct this so that the syscall arguments work as
intended.

Updates #36435
Fixes #43927

Change-Id: Ia7ae6cc8c89f50acfd951c0f271f3b3309934499
Reviewed-on: https://go-review.googlesource.com/c/go/+/287252
Trust: Joel Sing <joel@sing.id.au>
Reviewed-by: Cherry Zhang <cherryyz@google.com>
---
 src/runtime/sys_openbsd_amd64.s | 36 ++++++++++++++++++++-------------
 1 file changed, 22 insertions(+), 14 deletions(-)

diff --git a/src/runtime/sys_openbsd_amd64.s b/src/runtime/sys_openbsd_amd64.s
index 534645eec41..b3a76b57a3a 100644
--- a/src/runtime/sys_openbsd_amd64.s
+++ b/src/runtime/sys_openbsd_amd64.s
@@ -676,27 +676,31 @@ TEXT runtime·syscall10(SB),NOSPLIT,$0
 	PUSHQ	BP
 	MOVQ	SP, BP
 	SUBQ    $48, SP
+
+	// Arguments a1 to a6 get passed in registers, with a7 onwards being
+	// passed via the stack per the x86-64 System V ABI
+	// (https://github.com/hjl-tools/x86-psABI/wiki/x86-64-psABI-1.0.pdf).
 	MOVQ	(7*8)(DI), R10	// a7
 	MOVQ	(8*8)(DI), R11	// a8
 	MOVQ	(9*8)(DI), R12	// a9
 	MOVQ	(10*8)(DI), R13	// a10
-	MOVQ	R10, (1*8)(SP)	// a7
-	MOVQ	R11, (2*8)(SP)	// a8
-	MOVQ	R12, (3*8)(SP)	// a9
-	MOVQ	R13, (4*8)(SP)	// a10
+	MOVQ	R10, (0*8)(SP)	// a7
+	MOVQ	R11, (1*8)(SP)	// a8
+	MOVQ	R12, (2*8)(SP)	// a9
+	MOVQ	R13, (3*8)(SP)	// a10
 	MOVQ	(0*8)(DI), R11	// fn
 	MOVQ	(2*8)(DI), SI	// a2
 	MOVQ	(3*8)(DI), DX	// a3
 	MOVQ	(4*8)(DI), CX	// a4
 	MOVQ	(5*8)(DI), R8	// a5
 	MOVQ	(6*8)(DI), R9	// a6
-	MOVQ	DI, (SP)
+	MOVQ	DI, (4*8)(SP)
 	MOVQ	(1*8)(DI), DI	// a1
 	XORL	AX, AX	     	// vararg: say "no float args"
 
 	CALL	R11
 
-	MOVQ	(SP), DI
+	MOVQ	(4*8)(SP), DI
 	MOVQ	AX, (11*8)(DI) // r1
 	MOVQ	DX, (12*8)(DI) // r2
 
@@ -705,7 +709,7 @@ TEXT runtime·syscall10(SB),NOSPLIT,$0
 
 	CALL	libc_errno(SB)
 	MOVLQSX	(AX), AX
-	MOVQ	(SP), DI
+	MOVQ	(4*8)(SP), DI
 	MOVQ	AX, (13*8)(DI) // err
 
 ok:
@@ -741,27 +745,31 @@ TEXT runtime·syscall10X(SB),NOSPLIT,$0
 	PUSHQ	BP
 	MOVQ	SP, BP
 	SUBQ    $48, SP
+
+	// Arguments a1 to a6 get passed in registers, with a7 onwards being
+	// passed via the stack per the x86-64 System V ABI
+	// (https://github.com/hjl-tools/x86-psABI/wiki/x86-64-psABI-1.0.pdf).
 	MOVQ	(7*8)(DI), R10	// a7
 	MOVQ	(8*8)(DI), R11	// a8
 	MOVQ	(9*8)(DI), R12	// a9
 	MOVQ	(10*8)(DI), R13	// a10
-	MOVQ	R10, (1*8)(SP)	// a7
-	MOVQ	R11, (2*8)(SP)	// a8
-	MOVQ	R12, (3*8)(SP)	// a9
-	MOVQ	R13, (4*8)(SP)	// a10
+	MOVQ	R10, (0*8)(SP)	// a7
+	MOVQ	R11, (1*8)(SP)	// a8
+	MOVQ	R12, (2*8)(SP)	// a9
+	MOVQ	R13, (3*8)(SP)	// a10
 	MOVQ	(0*8)(DI), R11	// fn
 	MOVQ	(2*8)(DI), SI	// a2
 	MOVQ	(3*8)(DI), DX	// a3
 	MOVQ	(4*8)(DI), CX	// a4
 	MOVQ	(5*8)(DI), R8	// a5
 	MOVQ	(6*8)(DI), R9	// a6
-	MOVQ	DI, (SP)
+	MOVQ	DI, (4*8)(SP)
 	MOVQ	(1*8)(DI), DI	// a1
 	XORL	AX, AX	     	// vararg: say "no float args"
 
 	CALL	R11
 
-	MOVQ	(SP), DI
+	MOVQ	(4*8)(SP), DI
 	MOVQ	AX, (11*8)(DI) // r1
 	MOVQ	DX, (12*8)(DI) // r2
 
@@ -770,7 +778,7 @@ TEXT runtime·syscall10X(SB),NOSPLIT,$0
 
 	CALL	libc_errno(SB)
 	MOVLQSX	(AX), AX
-	MOVQ	(SP), DI
+	MOVQ	(4*8)(SP), DI
 	MOVQ	AX, (13*8)(DI) // err
 
 ok: