Kernel: Add a way to specify which memory regions can make syscalls

This patch adds sys$msyscall() which is loosely based on an OpenBSD
mechanism for preventing syscalls from non-blessed memory regions.

It works similarly to pledge and unveil, you can call it as many
times as you like, and when you're finished, you call it with a null
pointer and it will stop accepting new regions from then on.

If a syscall later happens and doesn't originate from one of the
previously blessed regions, the kernel will simply crash the process.

Kernel/Syscalls/execve.cpp

@@ -549,6 +549,8 @@ int Process::do_exec(NonnullRefPtr<FileDescription> main_program_description, Ve
     m_execpromises = 0;
     m_has_execpromises = false;
 
+    m_enforces_syscall_regions = false;
+
     m_veil_state = VeilState::None;
     m_unveiled_paths.clear();
 

Kernel/Syscalls/fork.cpp

@@ -47,6 +47,7 @@ pid_t Process::sys$fork(RegisterState& regs)
     child->m_has_execpromises = m_has_execpromises;
     child->m_veil_state = m_veil_state;
     child->m_unveiled_paths = m_unveiled_paths.deep_copy();
+    child->m_enforces_syscall_regions = m_enforces_syscall_regions;
     child->m_fds = m_fds;
     child->m_sid = m_sid;
     child->m_pg = m_pg;

Kernel/Syscalls/mmap.cpp

@@ -550,4 +550,22 @@ void* Process::sys$allocate_tls(size_t size)
     return m_master_tls_region.unsafe_ptr()->vaddr().as_ptr();
 }
 
+int Process::sys$msyscall(void* address)
+{
+    if (m_enforces_syscall_regions)
+        return -EPERM;
+
+    if (!address) {
+        m_enforces_syscall_regions = true;
+        return 0;
+    }
+
+    auto* region = find_region_containing(Range { VirtualAddress { address }, 1 });
+    if (!region)
+        return -EINVAL;
+
+    region->set_syscall_region(true);
+    return 0;
+}
+
 }