From 4dd4dd2f3c067eca446d9513e814ae9aaa648882 Mon Sep 17 00:00:00 2001
From: Ben Wiederhake <BenWiederhake.GitHub@gmx.de>
Date: Tue, 3 Mar 2020 05:12:39 +0100
Subject: [PATCH] Kernel: Fix race in clock_nanosleep

This is a complete fix of clock_nanosleep, because the thread holds the
process lock again when returning from sleep()/sleep_until().
Therefore, no further concurrent invalidation can occur.
---
 Kernel/Process.cpp | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/Kernel/Process.cpp b/Kernel/Process.cpp
index 5c22737c90..b11089fb64 100644
--- a/Kernel/Process.cpp
+++ b/Kernel/Process.cpp
@@ -4290,6 +4290,13 @@ int Process::sys$clock_nanosleep(const Syscall::SC_clock_nanosleep_params* user_
         if (wakeup_time > g_uptime) {
             u32 ticks_left = wakeup_time - g_uptime;
             if (!is_absolute && params.remaining_sleep) {
+                if (!validate_write_typed(params.remaining_sleep)) {
+                    // This can happen because the lock is dropped while
+                    // sleeping, thus giving other threads the opportunity
+                    // to make the region unwritable.
+                    return -EFAULT;
+                }
+
                 timespec remaining_sleep;
                 memset(&remaining_sleep, 0, sizeof(timespec));
                 remaining_sleep.tv_sec = ticks_left / TICKS_PER_SECOND;