Kernel: Make sure the kernel info page is read-only for userspace

To enforce this, we create two separate mappings of the same underlying
physical page. A writable mapping for the kernel, and a read-only one
for userspace (the one returned by sys$get_kernel_info_page.)

Kernel/Process.cpp

@@ -58,7 +58,8 @@ static pid_t next_pid;
 InlineLinkedList<Process>* g_processes;
 static String* s_hostname;
 static Lock* s_hostname_lock;
-static VirtualAddress s_info_page_address;
+static VirtualAddress s_info_page_address_for_userspace;
+static VirtualAddress s_info_page_address_for_kernel;
 VirtualAddress g_return_to_ring3_from_signal_trampoline;
 VirtualAddress g_return_to_ring0_from_signal_trampoline;
 HashMap<String, OwnPtr<Module>>* g_modules;
@@ -78,7 +79,7 @@ void Process::initialize()
 
 void Process::update_info_page_timestamp(const timeval& tv)
 {
-    auto* info_page = (KernelInfoPage*)s_info_page_address.as_ptr();
+    auto* info_page = (KernelInfoPage*)s_info_page_address_for_kernel.as_ptr();
     info_page->serial++;
     const_cast<timeval&>(info_page->now) = tv;
 }
@@ -994,9 +995,15 @@ void create_signal_trampolines()
 
 void create_kernel_info_page()
 {
-    auto* info_page_region = MM.allocate_user_accessible_kernel_region(PAGE_SIZE, "Kernel info page").leak_ptr();
+    auto* info_page_region_for_userspace = MM.allocate_user_accessible_kernel_region(PAGE_SIZE, "Kernel info page").leak_ptr();
-    s_info_page_address = info_page_region->vaddr();
+    auto* info_page_region_for_kernel = MM.allocate_kernel_region_with_vmobject(info_page_region_for_userspace->vmobject(), PAGE_SIZE, "Kernel info page").leak_ptr();
-    memset(s_info_page_address.as_ptr(), 0, PAGE_SIZE);
+    s_info_page_address_for_userspace = info_page_region_for_userspace->vaddr();
+    s_info_page_address_for_kernel = info_page_region_for_kernel->vaddr();
+
+    memset(s_info_page_address_for_kernel.as_ptr(), 0, PAGE_SIZE);
+
+    info_page_region_for_userspace->set_writable(false);
+    info_page_region_for_userspace->remap();
 }
 
 int Process::sys$restore_signal_mask(u32 mask)
@@ -1700,7 +1707,7 @@ int Process::sys$sleep(unsigned seconds)
 
 timeval kgettimeofday()
 {
-    return const_cast<const timeval&>(((KernelInfoPage*)s_info_page_address.as_ptr())->now);
+    return const_cast<const timeval&>(((KernelInfoPage*)s_info_page_address_for_kernel.as_ptr())->now);
 }
 
 void kgettimeofday(timeval& tv)
@@ -3751,5 +3758,5 @@ int Process::sys$profiling_disable(pid_t pid)
 
 void* Process::sys$get_kernel_info_page()
 {
-    return s_info_page_address.as_ptr();
+    return s_info_page_address_for_userspace.as_ptr();
 }

Kernel/VM/MemoryManager.cpp

@@ -369,6 +369,17 @@ OwnPtr<Region> MemoryManager::allocate_user_accessible_kernel_region(size_t size
     return allocate_kernel_region(size, name, true);
 }
 
+OwnPtr<Region> MemoryManager::allocate_kernel_region_with_vmobject(VMObject& vmobject, size_t size, const StringView& name)
+{
+    InterruptDisabler disabler;
+    ASSERT(!(size % PAGE_SIZE));
+    auto range = kernel_page_directory().range_allocator().allocate_anywhere(size);
+    ASSERT(range.is_valid());
+    auto region = make<Region>(range, vmobject, 0, name, PROT_READ | PROT_WRITE | PROT_EXEC);
+    region->map(kernel_page_directory());
+    return region;
+}
+
 void MemoryManager::deallocate_user_physical_page(PhysicalPage&& page)
 {
     for (auto& region : m_user_physical_regions) {

Kernel/VM/MemoryManager.h

@@ -63,6 +63,7 @@ public:
     void map_for_kernel(VirtualAddress, PhysicalAddress, bool cache_disabled = false);
 
     OwnPtr<Region> allocate_kernel_region(size_t, const StringView& name, bool user_accessible = false, bool should_commit = true);
+    OwnPtr<Region> allocate_kernel_region_with_vmobject(VMObject&, size_t, const StringView& name);
     OwnPtr<Region> allocate_user_accessible_kernel_region(size_t, const StringView& name);
 
     unsigned user_physical_pages() const { return m_user_physical_pages; }