From 9201a0602706a463d65ecf4b3623235f1f82cd03 Mon Sep 17 00:00:00 2001
From: Brian Gianforcaro <bgianf@serenityos.org>
Date: Sun, 18 Jul 2021 11:20:12 -0700
Subject: [PATCH] Kernel: Annotate all syscalls with
 VERIFY_PROCESS_BIG_LOCK_ACQUIRED

Before we start disabling acquisition of the big process lock for
specific syscalls, make sure to document and assert that all the
lock is held during all syscalls.
---
 Kernel/API/Syscall.h                 |  9 +++++++++
 Kernel/Syscalls/access.cpp           |  1 +
 Kernel/Syscalls/alarm.cpp            |  1 +
 Kernel/Syscalls/anon_create.cpp      |  1 +
 Kernel/Syscalls/beep.cpp             |  1 +
 Kernel/Syscalls/chdir.cpp            |  3 +++
 Kernel/Syscalls/chmod.cpp            |  2 ++
 Kernel/Syscalls/chown.cpp            |  2 ++
 Kernel/Syscalls/chroot.cpp           |  1 +
 Kernel/Syscalls/clock.cpp            |  5 +++++
 Kernel/Syscalls/debug.cpp            |  3 +++
 Kernel/Syscalls/disown.cpp           |  1 +
 Kernel/Syscalls/dup2.cpp             |  1 +
 Kernel/Syscalls/emuctl.cpp           |  1 +
 Kernel/Syscalls/execve.cpp           |  1 +
 Kernel/Syscalls/exit.cpp             |  6 ++++++
 Kernel/Syscalls/fcntl.cpp            |  1 +
 Kernel/Syscalls/fork.cpp             |  1 +
 Kernel/Syscalls/ftruncate.cpp        |  1 +
 Kernel/Syscalls/futex.cpp            |  1 +
 Kernel/Syscalls/get_dir_entries.cpp  |  1 +
 Kernel/Syscalls/get_stack_bounds.cpp |  1 +
 Kernel/Syscalls/getrandom.cpp        |  1 +
 Kernel/Syscalls/getuid.cpp           |  7 +++++++
 Kernel/Syscalls/hostname.cpp         |  2 ++
 Kernel/Syscalls/inode_watcher.cpp    |  3 +++
 Kernel/Syscalls/ioctl.cpp            |  1 +
 Kernel/Syscalls/keymap.cpp           |  1 +
 Kernel/Syscalls/kill.cpp             |  2 ++
 Kernel/Syscalls/link.cpp             |  2 ++
 Kernel/Syscalls/lseek.cpp            |  1 +
 Kernel/Syscalls/mkdir.cpp            |  1 +
 Kernel/Syscalls/mknod.cpp            |  1 +
 Kernel/Syscalls/mmap.cpp             |  8 ++++++++
 Kernel/Syscalls/module.cpp           |  2 ++
 Kernel/Syscalls/mount.cpp            |  2 ++
 Kernel/Syscalls/open.cpp             |  2 ++
 Kernel/Syscalls/perf_event.cpp       |  1 +
 Kernel/Syscalls/pipe.cpp             |  1 +
 Kernel/Syscalls/pledge.cpp           |  1 +
 Kernel/Syscalls/prctl.cpp            |  1 +
 Kernel/Syscalls/process.cpp          |  5 +++++
 Kernel/Syscalls/profiling.cpp        |  3 +++
 Kernel/Syscalls/ptrace.cpp           |  1 +
 Kernel/Syscalls/purge.cpp            |  1 +
 Kernel/Syscalls/read.cpp             |  2 ++
 Kernel/Syscalls/readlink.cpp         |  1 +
 Kernel/Syscalls/realpath.cpp         |  1 +
 Kernel/Syscalls/rename.cpp           |  1 +
 Kernel/Syscalls/rmdir.cpp            |  1 +
 Kernel/Syscalls/sched.cpp            |  3 +++
 Kernel/Syscalls/select.cpp           |  2 ++
 Kernel/Syscalls/sendfd.cpp           |  2 ++
 Kernel/Syscalls/setpgid.cpp          |  5 +++++
 Kernel/Syscalls/setuid.cpp           |  8 ++++++++
 Kernel/Syscalls/shutdown.cpp         |  2 ++
 Kernel/Syscalls/sigaction.cpp        |  4 ++++
 Kernel/Syscalls/socket.cpp           | 13 +++++++++++++
 Kernel/Syscalls/stat.cpp             |  2 ++
 Kernel/Syscalls/statvfs.cpp          |  2 ++
 Kernel/Syscalls/sync.cpp             |  1 +
 Kernel/Syscalls/sysconf.cpp          |  1 +
 Kernel/Syscalls/thread.cpp           |  8 ++++++++
 Kernel/Syscalls/times.cpp            |  1 +
 Kernel/Syscalls/ttyname.cpp          |  2 ++
 Kernel/Syscalls/umask.cpp            |  1 +
 Kernel/Syscalls/uname.cpp            |  1 +
 Kernel/Syscalls/unlink.cpp           |  1 +
 Kernel/Syscalls/unveil.cpp           |  1 +
 Kernel/Syscalls/utime.cpp            |  1 +
 Kernel/Syscalls/waitid.cpp           |  1 +
 Kernel/Syscalls/write.cpp            |  2 ++
 72 files changed, 165 insertions(+)

diff --git a/Kernel/API/Syscall.h b/Kernel/API/Syscall.h
index 1357b9fc54..a0f63d6337 100644
--- a/Kernel/API/Syscall.h
+++ b/Kernel/API/Syscall.h
@@ -33,6 +33,15 @@ enum class NeedsBigProcessLock {
     No
 };
 
+// Declare all syscalls and associated  metadata.
+//
+// NOTE: When declaring a new syscall or modifying an existing, please
+// ensure that the proper assert is present at the top of the syscall
+// implementation to both verify and document to any readers if the
+// syscall aquires the big process lock or not. The asserts are:
+//   - VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
+//   - VERIFY_NO_PROCESS_BIG_LOCK(this)
+//
 #define ENUMERATE_SYSCALLS(S)                               \
     S(yield, NeedsBigProcessLock::Yes)                      \
     S(open, NeedsBigProcessLock::Yes)                       \
diff --git a/Kernel/Syscalls/access.cpp b/Kernel/Syscalls/access.cpp
index a8dc4c1aa9..267231a6d0 100644
--- a/Kernel/Syscalls/access.cpp
+++ b/Kernel/Syscalls/access.cpp
@@ -12,6 +12,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$access(Userspace<const char*> user_path, size_t path_length, int mode)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
     REQUIRE_PROMISE(rpath);
     auto path = get_syscall_path_argument(user_path, path_length);
     if (path.is_error())
diff --git a/Kernel/Syscalls/alarm.cpp b/Kernel/Syscalls/alarm.cpp
index 1312b78061..1bbc81963b 100644
--- a/Kernel/Syscalls/alarm.cpp
+++ b/Kernel/Syscalls/alarm.cpp
@@ -11,6 +11,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$alarm(unsigned seconds)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
     REQUIRE_PROMISE(stdio);
     unsigned previous_alarm_remaining = 0;
     if (m_alarm_timer) {
diff --git a/Kernel/Syscalls/anon_create.cpp b/Kernel/Syscalls/anon_create.cpp
index 7c95d9e1ac..6a83b9f0d7 100644
--- a/Kernel/Syscalls/anon_create.cpp
+++ b/Kernel/Syscalls/anon_create.cpp
@@ -13,6 +13,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$anon_create(size_t size, int options)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
     REQUIRE_PROMISE(stdio);
 
     if (!size)
diff --git a/Kernel/Syscalls/beep.cpp b/Kernel/Syscalls/beep.cpp
index 337f61fa97..0f0a21a640 100644
--- a/Kernel/Syscalls/beep.cpp
+++ b/Kernel/Syscalls/beep.cpp
@@ -11,6 +11,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$beep()
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
     PCSpeaker::tone_on(440);
     auto result = Thread::current()->sleep(Time::from_nanoseconds(200'000'000));
     PCSpeaker::tone_off();
diff --git a/Kernel/Syscalls/chdir.cpp b/Kernel/Syscalls/chdir.cpp
index 995d098890..f3442b695a 100644
--- a/Kernel/Syscalls/chdir.cpp
+++ b/Kernel/Syscalls/chdir.cpp
@@ -13,6 +13,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$chdir(Userspace<const char*> user_path, size_t path_length)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
     REQUIRE_PROMISE(rpath);
     auto path = get_syscall_path_argument(user_path, path_length);
     if (path.is_error())
@@ -26,6 +27,7 @@ KResultOr<FlatPtr> Process::sys$chdir(Userspace<const char*> user_path, size_t p
 
 KResultOr<FlatPtr> Process::sys$fchdir(int fd)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
     REQUIRE_PROMISE(stdio);
     auto description = fds().file_description(fd);
     if (!description)
@@ -43,6 +45,7 @@ KResultOr<FlatPtr> Process::sys$fchdir(int fd)
 
 KResultOr<FlatPtr> Process::sys$getcwd(Userspace<char*> buffer, size_t size)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
     REQUIRE_PROMISE(rpath);
 
     if (size > NumericLimits<ssize_t>::max())
diff --git a/Kernel/Syscalls/chmod.cpp b/Kernel/Syscalls/chmod.cpp
index 387581b64c..caf55a939a 100644
--- a/Kernel/Syscalls/chmod.cpp
+++ b/Kernel/Syscalls/chmod.cpp
@@ -13,6 +13,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$chmod(Userspace<const char*> user_path, size_t path_length, mode_t mode)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
     REQUIRE_PROMISE(fattr);
     auto path = get_syscall_path_argument(user_path, path_length);
     if (path.is_error())
@@ -22,6 +23,7 @@ KResultOr<FlatPtr> Process::sys$chmod(Userspace<const char*> user_path, size_t p
 
 KResultOr<FlatPtr> Process::sys$fchmod(int fd, mode_t mode)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
     REQUIRE_PROMISE(fattr);
     auto description = fds().file_description(fd);
     if (!description)
diff --git a/Kernel/Syscalls/chown.cpp b/Kernel/Syscalls/chown.cpp
index 33e155f12f..6e899ec046 100644
--- a/Kernel/Syscalls/chown.cpp
+++ b/Kernel/Syscalls/chown.cpp
@@ -11,6 +11,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$fchown(int fd, uid_t uid, gid_t gid)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
     REQUIRE_PROMISE(chown);
     auto description = fds().file_description(fd);
     if (!description)
@@ -20,6 +21,7 @@ KResultOr<FlatPtr> Process::sys$fchown(int fd, uid_t uid, gid_t gid)
 
 KResultOr<FlatPtr> Process::sys$chown(Userspace<const Syscall::SC_chown_params*> user_params)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
     REQUIRE_PROMISE(chown);
     Syscall::SC_chown_params params;
     if (!copy_from_user(&params, user_params))
diff --git a/Kernel/Syscalls/chroot.cpp b/Kernel/Syscalls/chroot.cpp
index 67ca084bdb..5f13bccc91 100644
--- a/Kernel/Syscalls/chroot.cpp
+++ b/Kernel/Syscalls/chroot.cpp
@@ -13,6 +13,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$chroot(Userspace<const char*> user_path, size_t path_length, int mount_flags)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
     if (!is_superuser())
         return EPERM;
     REQUIRE_PROMISE(chroot);
diff --git a/Kernel/Syscalls/clock.cpp b/Kernel/Syscalls/clock.cpp
index ab20e666f0..990447ade2 100644
--- a/Kernel/Syscalls/clock.cpp
+++ b/Kernel/Syscalls/clock.cpp
@@ -12,6 +12,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$clock_gettime(clockid_t clock_id, Userspace<timespec*> user_ts)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
     REQUIRE_PROMISE(stdio);
 
     if (!TimeManagement::is_valid_clock_id(clock_id))
@@ -26,6 +27,7 @@ KResultOr<FlatPtr> Process::sys$clock_gettime(clockid_t clock_id, Userspace<time
 
 KResultOr<FlatPtr> Process::sys$clock_settime(clockid_t clock_id, Userspace<const timespec*> user_ts)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
     REQUIRE_PROMISE(settime);
 
     if (!is_superuser())
@@ -47,6 +49,7 @@ KResultOr<FlatPtr> Process::sys$clock_settime(clockid_t clock_id, Userspace<cons
 
 KResultOr<FlatPtr> Process::sys$clock_nanosleep(Userspace<const Syscall::SC_clock_nanosleep_params*> user_params)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
     REQUIRE_PROMISE(stdio);
 
     Syscall::SC_clock_nanosleep_params params;
@@ -89,6 +92,7 @@ KResultOr<FlatPtr> Process::sys$clock_nanosleep(Userspace<const Syscall::SC_cloc
 
 KResultOr<FlatPtr> Process::sys$adjtime(Userspace<const timeval*> user_delta, Userspace<timeval*> user_old_delta)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
     if (user_old_delta) {
         timespec old_delta_ts = TimeManagement::the().remaining_epoch_time_adjustment();
         timeval old_delta;
@@ -114,6 +118,7 @@ KResultOr<FlatPtr> Process::sys$adjtime(Userspace<const timeval*> user_delta, Us
 
 KResultOr<FlatPtr> Process::sys$gettimeofday(Userspace<timeval*> user_tv)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
     REQUIRE_PROMISE(stdio);
     auto tv = kgettimeofday().to_timeval();
     if (!copy_to_user(user_tv, &tv))
diff --git a/Kernel/Syscalls/debug.cpp b/Kernel/Syscalls/debug.cpp
index d8b51f125a..5df37e9c03 100644
--- a/Kernel/Syscalls/debug.cpp
+++ b/Kernel/Syscalls/debug.cpp
@@ -13,18 +13,21 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$dump_backtrace()
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
     dump_backtrace();
     return 0;
 }
 
 KResultOr<FlatPtr> Process::sys$dbgputch(u8 ch)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
     dbgputch(ch);
     return 0;
 }
 
 KResultOr<FlatPtr> Process::sys$dbgputstr(Userspace<const u8*> characters, size_t size)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
     if (size == 0)
         return 0;
 
diff --git a/Kernel/Syscalls/disown.cpp b/Kernel/Syscalls/disown.cpp
index 29ea3aa311..4e5cdbc8dc 100644
--- a/Kernel/Syscalls/disown.cpp
+++ b/Kernel/Syscalls/disown.cpp
@@ -10,6 +10,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$disown(ProcessID pid)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
     REQUIRE_PROMISE(proc);
     auto process = Process::from_pid(pid);
     if (!process)
diff --git a/Kernel/Syscalls/dup2.cpp b/Kernel/Syscalls/dup2.cpp
index 87a17fbba9..a9946e0f04 100644
--- a/Kernel/Syscalls/dup2.cpp
+++ b/Kernel/Syscalls/dup2.cpp
@@ -11,6 +11,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$dup2(int old_fd, int new_fd)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
     REQUIRE_PROMISE(stdio);
     auto description = fds().file_description(old_fd);
     if (!description)
diff --git a/Kernel/Syscalls/emuctl.cpp b/Kernel/Syscalls/emuctl.cpp
index e2849ae5ac..eed4936910 100644
--- a/Kernel/Syscalls/emuctl.cpp
+++ b/Kernel/Syscalls/emuctl.cpp
@@ -10,6 +10,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$emuctl()
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
     return ENOSYS;
 }
 
diff --git a/Kernel/Syscalls/execve.cpp b/Kernel/Syscalls/execve.cpp
index 6efb888f6d..6a80a65df7 100644
--- a/Kernel/Syscalls/execve.cpp
+++ b/Kernel/Syscalls/execve.cpp
@@ -931,6 +931,7 @@ KResult Process::exec(String path, Vector<String> arguments, Vector<String> envi
 
 KResultOr<FlatPtr> Process::sys$execve(Userspace<const Syscall::SC_execve_params*> user_params)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
     REQUIRE_PROMISE(exec);
 
     // NOTE: Be extremely careful with allocating any kernel memory in exec().
diff --git a/Kernel/Syscalls/exit.cpp b/Kernel/Syscalls/exit.cpp
index 3dcaea120f..b4c2d80e54 100644
--- a/Kernel/Syscalls/exit.cpp
+++ b/Kernel/Syscalls/exit.cpp
@@ -7,11 +7,17 @@
 #include <Kernel/KSyms.h>
 #include <Kernel/PerformanceManager.h>
 #include <Kernel/Process.h>
+#include <Kernel/Thread.h>
 
 namespace Kernel {
 
 void Process::sys$exit(int status)
 {
+    // FIXME: We have callers from kernel which don't aquire the big process lock.
+    if (Thread::current()->previous_mode() == Thread::PreviousMode::UserMode) {
+        VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
+    }
+
     {
         ProtectedDataMutationScope scope { *this };
         m_termination_status = status;
diff --git a/Kernel/Syscalls/fcntl.cpp b/Kernel/Syscalls/fcntl.cpp
index 7d182583a0..cff72f2d6b 100644
--- a/Kernel/Syscalls/fcntl.cpp
+++ b/Kernel/Syscalls/fcntl.cpp
@@ -12,6 +12,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$fcntl(int fd, int cmd, u32 arg)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
     REQUIRE_PROMISE(stdio);
     dbgln_if(IO_DEBUG, "sys$fcntl: fd={}, cmd={}, arg={}", fd, cmd, arg);
     auto description = fds().file_description(fd);
diff --git a/Kernel/Syscalls/fork.cpp b/Kernel/Syscalls/fork.cpp
index e97928388c..ac7ee055ef 100644
--- a/Kernel/Syscalls/fork.cpp
+++ b/Kernel/Syscalls/fork.cpp
@@ -16,6 +16,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$fork(RegisterState& regs)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
     REQUIRE_PROMISE(proc);
     RefPtr<Thread> child_first_thread;
     auto child = Process::create(child_first_thread, m_name, uid(), gid(), pid(), m_is_kernel_process, m_cwd, m_executable, m_tty, this);
diff --git a/Kernel/Syscalls/ftruncate.cpp b/Kernel/Syscalls/ftruncate.cpp
index 21065b06f7..fc62f869b9 100644
--- a/Kernel/Syscalls/ftruncate.cpp
+++ b/Kernel/Syscalls/ftruncate.cpp
@@ -11,6 +11,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$ftruncate(int fd, Userspace<off_t*> userspace_length)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
     off_t length;
     if (!copy_from_user(&length, userspace_length))
diff --git a/Kernel/Syscalls/futex.cpp b/Kernel/Syscalls/futex.cpp
index cd3eea648e..5897cc7ee5 100644
--- a/Kernel/Syscalls/futex.cpp
+++ b/Kernel/Syscalls/futex.cpp
@@ -84,6 +84,7 @@ void Process::clear_futex_queues_on_exec()
 
 KResultOr<FlatPtr> Process::sys$futex(Userspace<const Syscall::SC_futex_params*> user_params)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
     Syscall::SC_futex_params params;
     if (!copy_from_user(&params, user_params))
         return EFAULT;
diff --git a/Kernel/Syscalls/get_dir_entries.cpp b/Kernel/Syscalls/get_dir_entries.cpp
index 880d4f1ae4..2f98386858 100644
--- a/Kernel/Syscalls/get_dir_entries.cpp
+++ b/Kernel/Syscalls/get_dir_entries.cpp
@@ -11,6 +11,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$get_dir_entries(int fd, Userspace<void*> user_buffer, size_t user_size)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
     REQUIRE_PROMISE(stdio);
     if (user_size > NumericLimits<ssize_t>::max())
         return EINVAL;
diff --git a/Kernel/Syscalls/get_stack_bounds.cpp b/Kernel/Syscalls/get_stack_bounds.cpp
index d6eef43179..574a4d32f8 100644
--- a/Kernel/Syscalls/get_stack_bounds.cpp
+++ b/Kernel/Syscalls/get_stack_bounds.cpp
@@ -12,6 +12,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$get_stack_bounds(Userspace<FlatPtr*> user_stack_base, Userspace<size_t*> user_stack_size)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
     auto& regs = Thread::current()->get_register_dump_from_stack();
     FlatPtr stack_pointer = regs.userspace_sp();
     auto* stack_region = space().find_region_containing(Range { VirtualAddress(stack_pointer), 1 });
diff --git a/Kernel/Syscalls/getrandom.cpp b/Kernel/Syscalls/getrandom.cpp
index c2c6dc9bbc..7dca359907 100644
--- a/Kernel/Syscalls/getrandom.cpp
+++ b/Kernel/Syscalls/getrandom.cpp
@@ -15,6 +15,7 @@ namespace Kernel {
 // do, we should be able of the caveats that Linux has dealt with.
 KResultOr<FlatPtr> Process::sys$getrandom(Userspace<void*> buffer, size_t buffer_size, [[maybe_unused]] unsigned flags)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
     REQUIRE_PROMISE(stdio);
     if (buffer_size > NumericLimits<ssize_t>::max())
         return EINVAL;
diff --git a/Kernel/Syscalls/getuid.cpp b/Kernel/Syscalls/getuid.cpp
index 357607d702..b94711e3dd 100644
--- a/Kernel/Syscalls/getuid.cpp
+++ b/Kernel/Syscalls/getuid.cpp
@@ -10,30 +10,35 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$getuid()
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
     return uid();
 }
 
 KResultOr<FlatPtr> Process::sys$getgid()
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
     return gid();
 }
 
 KResultOr<FlatPtr> Process::sys$geteuid()
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
     return euid();
 }
 
 KResultOr<FlatPtr> Process::sys$getegid()
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
     return egid();
 }
 
 KResultOr<FlatPtr> Process::sys$getresuid(Userspace<uid_t*> ruid, Userspace<uid_t*> euid, Userspace<uid_t*> suid)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
     if (!copy_to_user(ruid, &m_uid) || !copy_to_user(euid, &m_euid) || !copy_to_user(suid, &m_suid))
         return EFAULT;
@@ -42,6 +47,7 @@ KResultOr<FlatPtr> Process::sys$getresuid(Userspace<uid_t*> ruid, Userspace<uid_
 
 KResultOr<FlatPtr> Process::sys$getresgid(Userspace<gid_t*> rgid, Userspace<gid_t*> egid, Userspace<gid_t*> sgid)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
     if (!copy_to_user(rgid, &m_gid) || !copy_to_user(egid, &m_egid) || !copy_to_user(sgid, &m_sgid))
         return EFAULT;
@@ -50,6 +56,7 @@ KResultOr<FlatPtr> Process::sys$getresgid(Userspace<gid_t*> rgid, Userspace<gid_
 
 KResultOr<FlatPtr> Process::sys$getgroups(size_t count, Userspace<gid_t*> user_gids)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
     if (!count)
         return extra_gids().size();
diff --git a/Kernel/Syscalls/hostname.cpp b/Kernel/Syscalls/hostname.cpp
index 128d57fe0d..14f9f697b8 100644
--- a/Kernel/Syscalls/hostname.cpp
+++ b/Kernel/Syscalls/hostname.cpp
@@ -13,6 +13,7 @@ extern Mutex* g_hostname_lock;
 
 KResultOr<FlatPtr> Process::sys$gethostname(Userspace<char*> buffer, size_t size)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
     if (size > NumericLimits<ssize_t>::max())
         return EINVAL;
@@ -26,6 +27,7 @@ KResultOr<FlatPtr> Process::sys$gethostname(Userspace<char*> buffer, size_t size
 
 KResultOr<FlatPtr> Process::sys$sethostname(Userspace<const char*> hostname, size_t length)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_NO_PROMISES;
     if (!is_superuser())
         return EPERM;
diff --git a/Kernel/Syscalls/inode_watcher.cpp b/Kernel/Syscalls/inode_watcher.cpp
index 1e8ca8c7bd..5667865bc2 100644
--- a/Kernel/Syscalls/inode_watcher.cpp
+++ b/Kernel/Syscalls/inode_watcher.cpp
@@ -15,6 +15,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$create_inode_watcher(u32 flags)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(rpath);
 
     int fd = m_fds.allocate();
@@ -42,6 +43,7 @@ KResultOr<FlatPtr> Process::sys$create_inode_watcher(u32 flags)
 
 KResultOr<FlatPtr> Process::sys$inode_watcher_add_watch(Userspace<const Syscall::SC_inode_watcher_add_watch_params*> user_params)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(rpath);
 
     Syscall::SC_inode_watcher_add_watch_params params;
@@ -75,6 +77,7 @@ KResultOr<FlatPtr> Process::sys$inode_watcher_add_watch(Userspace<const Syscall:
 
 KResultOr<FlatPtr> Process::sys$inode_watcher_remove_watch(int fd, int wd)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     auto description = fds().file_description(fd);
     if (!description)
         return EBADF;
diff --git a/Kernel/Syscalls/ioctl.cpp b/Kernel/Syscalls/ioctl.cpp
index 4c668904e2..5a2b740b08 100644
--- a/Kernel/Syscalls/ioctl.cpp
+++ b/Kernel/Syscalls/ioctl.cpp
@@ -12,6 +12,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$ioctl(int fd, unsigned request, FlatPtr arg)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     auto description = fds().file_description(fd);
     if (!description)
         return EBADF;
diff --git a/Kernel/Syscalls/keymap.cpp b/Kernel/Syscalls/keymap.cpp
index e8b051562d..0abe95413d 100644
--- a/Kernel/Syscalls/keymap.cpp
+++ b/Kernel/Syscalls/keymap.cpp
@@ -13,6 +13,7 @@ constexpr size_t map_name_max_size = 50;
 
 KResultOr<FlatPtr> Process::sys$setkeymap(Userspace<const Syscall::SC_setkeymap_params*> user_params)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
     REQUIRE_PROMISE(setkeymap);
 
     if (!is_superuser())
diff --git a/Kernel/Syscalls/kill.cpp b/Kernel/Syscalls/kill.cpp
index 1426a88dea..dc2c5af82e 100644
--- a/Kernel/Syscalls/kill.cpp
+++ b/Kernel/Syscalls/kill.cpp
@@ -98,6 +98,7 @@ KResult Process::do_killself(int signal)
 
 KResultOr<FlatPtr> Process::sys$kill(pid_t pid_or_pgid, int signal)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     if (pid_or_pgid == pid().value())
         REQUIRE_PROMISE(stdio);
     else
@@ -125,6 +126,7 @@ KResultOr<FlatPtr> Process::sys$kill(pid_t pid_or_pgid, int signal)
 
 KResultOr<FlatPtr> Process::sys$killpg(pid_t pgrp, int signum)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(proc);
     if (signum < 1 || signum >= 32)
         return EINVAL;
diff --git a/Kernel/Syscalls/link.cpp b/Kernel/Syscalls/link.cpp
index a5c5142f75..be3941e9e3 100644
--- a/Kernel/Syscalls/link.cpp
+++ b/Kernel/Syscalls/link.cpp
@@ -12,6 +12,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$link(Userspace<const Syscall::SC_link_params*> user_params)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(cpath);
     Syscall::SC_link_params params;
     if (!copy_from_user(&params, user_params))
@@ -27,6 +28,7 @@ KResultOr<FlatPtr> Process::sys$link(Userspace<const Syscall::SC_link_params*> u
 
 KResultOr<FlatPtr> Process::sys$symlink(Userspace<const Syscall::SC_symlink_params*> user_params)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(cpath);
     Syscall::SC_symlink_params params;
     if (!copy_from_user(&params, user_params))
diff --git a/Kernel/Syscalls/lseek.cpp b/Kernel/Syscalls/lseek.cpp
index 31d559dc31..c676333938 100644
--- a/Kernel/Syscalls/lseek.cpp
+++ b/Kernel/Syscalls/lseek.cpp
@@ -11,6 +11,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$lseek(int fd, Userspace<off_t*> userspace_offset, int whence)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
     auto description = fds().file_description(fd);
     if (!description)
diff --git a/Kernel/Syscalls/mkdir.cpp b/Kernel/Syscalls/mkdir.cpp
index 7ad45bee0e..b3b01a2004 100644
--- a/Kernel/Syscalls/mkdir.cpp
+++ b/Kernel/Syscalls/mkdir.cpp
@@ -12,6 +12,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$mkdir(Userspace<const char*> user_path, size_t path_length, mode_t mode)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(cpath);
     auto path = get_syscall_path_argument(user_path, path_length);
     if (path.is_error())
diff --git a/Kernel/Syscalls/mknod.cpp b/Kernel/Syscalls/mknod.cpp
index a1625a7789..7fb599dc47 100644
--- a/Kernel/Syscalls/mknod.cpp
+++ b/Kernel/Syscalls/mknod.cpp
@@ -12,6 +12,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$mknod(Userspace<const Syscall::SC_mknod_params*> user_params)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(dpath);
     Syscall::SC_mknod_params params;
     if (!copy_from_user(&params, user_params))
diff --git a/Kernel/Syscalls/mmap.cpp b/Kernel/Syscalls/mmap.cpp
index 82c59f190f..0ff97eb6e4 100644
--- a/Kernel/Syscalls/mmap.cpp
+++ b/Kernel/Syscalls/mmap.cpp
@@ -127,6 +127,7 @@ static bool validate_inode_mmap_prot(const Process& process, int prot, const Ino
 
 KResultOr<FlatPtr> Process::sys$mmap(Userspace<const Syscall::SC_mmap_params*> user_params)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
 
     Syscall::SC_mmap_params params;
@@ -282,6 +283,7 @@ static KResultOr<Range> expand_range_to_page_boundaries(FlatPtr address, size_t
 
 KResultOr<FlatPtr> Process::sys$mprotect(Userspace<void*> addr, size_t size, int prot)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
 
     if (prot & PROT_EXEC) {
@@ -436,6 +438,7 @@ KResultOr<FlatPtr> Process::sys$mprotect(Userspace<void*> addr, size_t size, int
 
 KResultOr<FlatPtr> Process::sys$madvise(Userspace<void*> address, size_t size, int advice)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
 
     auto range_or_error = expand_range_to_page_boundaries(address, size);
@@ -485,6 +488,7 @@ KResultOr<FlatPtr> Process::sys$madvise(Userspace<void*> address, size_t size, i
 
 KResultOr<FlatPtr> Process::sys$set_mmap_name(Userspace<const Syscall::SC_set_mmap_name_params*> user_params)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
 
     Syscall::SC_set_mmap_name_params params;
@@ -519,6 +523,7 @@ KResultOr<FlatPtr> Process::sys$set_mmap_name(Userspace<const Syscall::SC_set_mm
 
 KResultOr<FlatPtr> Process::sys$munmap(Userspace<void*> addr, size_t size)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
 
     auto result = space().unmap_mmap_range(VirtualAddress { addr }, size);
@@ -529,6 +534,7 @@ KResultOr<FlatPtr> Process::sys$munmap(Userspace<void*> addr, size_t size)
 
 KResultOr<FlatPtr> Process::sys$mremap(Userspace<const Syscall::SC_mremap_params*> user_params)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
 
     Syscall::SC_mremap_params params {};
@@ -578,6 +584,7 @@ KResultOr<FlatPtr> Process::sys$mremap(Userspace<const Syscall::SC_mremap_params
 
 KResultOr<FlatPtr> Process::sys$allocate_tls(Userspace<const char*> initial_data, size_t size)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
 
     if (!size || size % PAGE_SIZE != 0)
@@ -639,6 +646,7 @@ KResultOr<FlatPtr> Process::sys$allocate_tls(Userspace<const char*> initial_data
 
 KResultOr<FlatPtr> Process::sys$msyscall(Userspace<void*> address)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     if (space().enforces_syscall_regions())
         return EPERM;
 
diff --git a/Kernel/Syscalls/module.cpp b/Kernel/Syscalls/module.cpp
index 209c7c3dc1..5ab722de77 100644
--- a/Kernel/Syscalls/module.cpp
+++ b/Kernel/Syscalls/module.cpp
@@ -17,6 +17,7 @@ extern HashMap<String, OwnPtr<Module>>* g_modules;
 
 KResultOr<FlatPtr> Process::sys$module_load(Userspace<const char*> user_path, size_t path_length)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     if (!is_superuser())
         return EPERM;
 
@@ -146,6 +147,7 @@ KResultOr<FlatPtr> Process::sys$module_load(Userspace<const char*> user_path, si
 
 KResultOr<FlatPtr> Process::sys$module_unload(Userspace<const char*> user_name, size_t name_length)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     if (!is_superuser())
         return EPERM;
 
diff --git a/Kernel/Syscalls/mount.cpp b/Kernel/Syscalls/mount.cpp
index 9220551e5f..b83148f4b5 100644
--- a/Kernel/Syscalls/mount.cpp
+++ b/Kernel/Syscalls/mount.cpp
@@ -19,6 +19,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$mount(Userspace<const Syscall::SC_mount_params*> user_params)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     if (!is_superuser())
         return EPERM;
 
@@ -116,6 +117,7 @@ KResultOr<FlatPtr> Process::sys$mount(Userspace<const Syscall::SC_mount_params*>
 
 KResultOr<FlatPtr> Process::sys$umount(Userspace<const char*> user_mountpoint, size_t mountpoint_length)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     if (!is_superuser())
         return EPERM;
 
diff --git a/Kernel/Syscalls/open.cpp b/Kernel/Syscalls/open.cpp
index c0b0fd2c36..f6a2b2a4eb 100644
--- a/Kernel/Syscalls/open.cpp
+++ b/Kernel/Syscalls/open.cpp
@@ -14,6 +14,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$open(Userspace<const Syscall::SC_open_params*> user_params)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     Syscall::SC_open_params params;
     if (!copy_from_user(&params, user_params))
         return EFAULT;
@@ -77,6 +78,7 @@ KResultOr<FlatPtr> Process::sys$open(Userspace<const Syscall::SC_open_params*> u
 
 KResultOr<FlatPtr> Process::sys$close(int fd)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
     auto description = fds().file_description(fd);
     dbgln_if(IO_DEBUG, "sys$close({}) {}", fd, description.ptr());
diff --git a/Kernel/Syscalls/perf_event.cpp b/Kernel/Syscalls/perf_event.cpp
index d95c170743..b25faacf2d 100644
--- a/Kernel/Syscalls/perf_event.cpp
+++ b/Kernel/Syscalls/perf_event.cpp
@@ -11,6 +11,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$perf_event(int type, FlatPtr arg1, FlatPtr arg2)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     auto events_buffer = current_perf_events_buffer();
     if (!events_buffer) {
         if (!create_perf_events_buffer_if_needed())
diff --git a/Kernel/Syscalls/pipe.cpp b/Kernel/Syscalls/pipe.cpp
index ef70709339..55af36748d 100644
--- a/Kernel/Syscalls/pipe.cpp
+++ b/Kernel/Syscalls/pipe.cpp
@@ -12,6 +12,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$pipe(int pipefd[2], int flags)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
     if (fds().open_count() + 2 > fds().max_open())
         return EMFILE;
diff --git a/Kernel/Syscalls/pledge.cpp b/Kernel/Syscalls/pledge.cpp
index ae9e7d2d71..07a46e49f8 100644
--- a/Kernel/Syscalls/pledge.cpp
+++ b/Kernel/Syscalls/pledge.cpp
@@ -11,6 +11,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$pledge(Userspace<const Syscall::SC_pledge_params*> user_params)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     Syscall::SC_pledge_params params;
     if (!copy_from_user(&params, user_params))
         return EFAULT;
diff --git a/Kernel/Syscalls/prctl.cpp b/Kernel/Syscalls/prctl.cpp
index afe1d1ceae..10985ce136 100644
--- a/Kernel/Syscalls/prctl.cpp
+++ b/Kernel/Syscalls/prctl.cpp
@@ -11,6 +11,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$prctl(int option, FlatPtr arg1, [[maybe_unused]] FlatPtr arg2)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     switch (option) {
     case PR_GET_DUMPABLE:
         return is_dumpable();
diff --git a/Kernel/Syscalls/process.cpp b/Kernel/Syscalls/process.cpp
index 708526892a..c4d15ce4d1 100644
--- a/Kernel/Syscalls/process.cpp
+++ b/Kernel/Syscalls/process.cpp
@@ -11,18 +11,21 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$getpid()
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
     return pid().value();
 }
 
 KResultOr<FlatPtr> Process::sys$getppid()
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
     return m_ppid.value();
 }
 
 KResultOr<FlatPtr> Process::sys$get_process_name(Userspace<char*> buffer, size_t buffer_size)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
     if (m_name.length() + 1 > buffer_size)
         return ENAMETOOLONG;
@@ -34,6 +37,7 @@ KResultOr<FlatPtr> Process::sys$get_process_name(Userspace<char*> buffer, size_t
 
 KResultOr<FlatPtr> Process::sys$set_process_name(Userspace<const char*> user_name, size_t user_name_length)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(proc);
     if (user_name_length > 256)
         return ENAMETOOLONG;
@@ -49,6 +53,7 @@ KResultOr<FlatPtr> Process::sys$set_process_name(Userspace<const char*> user_nam
 
 KResultOr<FlatPtr> Process::sys$set_coredump_metadata(Userspace<const Syscall::SC_set_coredump_metadata_params*> user_params)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     Syscall::SC_set_coredump_metadata_params params;
     if (!copy_from_user(&params, user_params))
         return EFAULT;
diff --git a/Kernel/Syscalls/profiling.cpp b/Kernel/Syscalls/profiling.cpp
index 953bb7230e..33353f62e6 100644
--- a/Kernel/Syscalls/profiling.cpp
+++ b/Kernel/Syscalls/profiling.cpp
@@ -19,6 +19,7 @@ u64 g_profiling_event_mask;
 
 KResultOr<FlatPtr> Process::sys$profiling_enable(pid_t pid, u64 event_mask)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_NO_PROMISES;
 
     if (pid == -1) {
@@ -68,6 +69,7 @@ KResultOr<FlatPtr> Process::sys$profiling_enable(pid_t pid, u64 event_mask)
 
 KResultOr<FlatPtr> Process::sys$profiling_disable(pid_t pid)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_NO_PROMISES;
 
     if (pid == -1) {
@@ -97,6 +99,7 @@ KResultOr<FlatPtr> Process::sys$profiling_disable(pid_t pid)
 
 KResultOr<FlatPtr> Process::sys$profiling_free_buffer(pid_t pid)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_NO_PROMISES;
 
     if (pid == -1) {
diff --git a/Kernel/Syscalls/ptrace.cpp b/Kernel/Syscalls/ptrace.cpp
index ead7959be9..2470aceeee 100644
--- a/Kernel/Syscalls/ptrace.cpp
+++ b/Kernel/Syscalls/ptrace.cpp
@@ -157,6 +157,7 @@ static KResultOr<u32> handle_ptrace(const Kernel::Syscall::SC_ptrace_params& par
 
 KResultOr<FlatPtr> Process::sys$ptrace(Userspace<const Syscall::SC_ptrace_params*> user_params)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(ptrace);
     Syscall::SC_ptrace_params params {};
     if (!copy_from_user(&params, user_params))
diff --git a/Kernel/Syscalls/purge.cpp b/Kernel/Syscalls/purge.cpp
index 9701b910a9..838459c24c 100644
--- a/Kernel/Syscalls/purge.cpp
+++ b/Kernel/Syscalls/purge.cpp
@@ -15,6 +15,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$purge(int mode)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_NO_PROMISES;
     if (!is_superuser())
         return EPERM;
diff --git a/Kernel/Syscalls/read.cpp b/Kernel/Syscalls/read.cpp
index 58ead804c5..f8d10beb73 100644
--- a/Kernel/Syscalls/read.cpp
+++ b/Kernel/Syscalls/read.cpp
@@ -14,6 +14,7 @@ using BlockFlags = Thread::FileBlocker::BlockFlags;
 
 KResultOr<FlatPtr> Process::sys$readv(int fd, Userspace<const struct iovec*> iov, int iov_count)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
     if (iov_count < 0)
         return EINVAL;
@@ -70,6 +71,7 @@ KResultOr<FlatPtr> Process::sys$readv(int fd, Userspace<const struct iovec*> iov
 
 KResultOr<FlatPtr> Process::sys$read(int fd, Userspace<u8*> buffer, size_t size)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
     if (size == 0)
         return 0;
diff --git a/Kernel/Syscalls/readlink.cpp b/Kernel/Syscalls/readlink.cpp
index cf6999f455..91047bff62 100644
--- a/Kernel/Syscalls/readlink.cpp
+++ b/Kernel/Syscalls/readlink.cpp
@@ -13,6 +13,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$readlink(Userspace<const Syscall::SC_readlink_params*> user_params)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(rpath);
 
     Syscall::SC_readlink_params params;
diff --git a/Kernel/Syscalls/realpath.cpp b/Kernel/Syscalls/realpath.cpp
index 5da851da83..eac65ef303 100644
--- a/Kernel/Syscalls/realpath.cpp
+++ b/Kernel/Syscalls/realpath.cpp
@@ -13,6 +13,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$realpath(Userspace<const Syscall::SC_realpath_params*> user_params)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(rpath);
 
     Syscall::SC_realpath_params params;
diff --git a/Kernel/Syscalls/rename.cpp b/Kernel/Syscalls/rename.cpp
index 7b11781d42..1d142a891f 100644
--- a/Kernel/Syscalls/rename.cpp
+++ b/Kernel/Syscalls/rename.cpp
@@ -12,6 +12,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$rename(Userspace<const Syscall::SC_rename_params*> user_params)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(cpath);
     Syscall::SC_rename_params params;
     if (!copy_from_user(&params, user_params))
diff --git a/Kernel/Syscalls/rmdir.cpp b/Kernel/Syscalls/rmdir.cpp
index d6f6306c25..c7c9e12c62 100644
--- a/Kernel/Syscalls/rmdir.cpp
+++ b/Kernel/Syscalls/rmdir.cpp
@@ -12,6 +12,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$rmdir(Userspace<const char*> user_path, size_t path_length)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(cpath);
     auto path = get_syscall_path_argument(user_path, path_length);
     if (path.is_error())
diff --git a/Kernel/Syscalls/sched.cpp b/Kernel/Syscalls/sched.cpp
index 2bdb29090f..9d9310ce96 100644
--- a/Kernel/Syscalls/sched.cpp
+++ b/Kernel/Syscalls/sched.cpp
@@ -10,6 +10,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$yield()
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
     Thread::current()->yield_and_release_relock_big_lock();
     return 0;
@@ -17,6 +18,7 @@ KResultOr<FlatPtr> Process::sys$yield()
 
 KResultOr<FlatPtr> Process::sys$sched_setparam(int pid, Userspace<const struct sched_param*> user_param)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(proc);
     struct sched_param desired_param;
     if (!copy_from_user(&desired_param, user_param))
@@ -42,6 +44,7 @@ KResultOr<FlatPtr> Process::sys$sched_setparam(int pid, Userspace<const struct s
 
 KResultOr<FlatPtr> Process::sys$sched_getparam(pid_t pid, Userspace<struct sched_param*> user_param)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(proc);
     int priority;
     {
diff --git a/Kernel/Syscalls/select.cpp b/Kernel/Syscalls/select.cpp
index 76d3fa3fc2..567328469a 100644
--- a/Kernel/Syscalls/select.cpp
+++ b/Kernel/Syscalls/select.cpp
@@ -16,6 +16,7 @@ using BlockFlags = Thread::FileBlocker::BlockFlags;
 
 KResultOr<FlatPtr> Process::sys$select(Userspace<const Syscall::SC_select_params*> user_params)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
     Syscall::SC_select_params params {};
 
@@ -129,6 +130,7 @@ KResultOr<FlatPtr> Process::sys$select(Userspace<const Syscall::SC_select_params
 
 KResultOr<FlatPtr> Process::sys$poll(Userspace<const Syscall::SC_poll_params*> user_params)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
 
     Syscall::SC_poll_params params;
diff --git a/Kernel/Syscalls/sendfd.cpp b/Kernel/Syscalls/sendfd.cpp
index 0c82581a13..a3b8eb2871 100644
--- a/Kernel/Syscalls/sendfd.cpp
+++ b/Kernel/Syscalls/sendfd.cpp
@@ -12,6 +12,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$sendfd(int sockfd, int fd)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(sendfd);
     auto socket_description = fds().file_description(sockfd);
     if (!socket_description)
@@ -34,6 +35,7 @@ KResultOr<FlatPtr> Process::sys$sendfd(int sockfd, int fd)
 
 KResultOr<FlatPtr> Process::sys$recvfd(int sockfd, int options)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(recvfd);
     auto socket_description = fds().file_description(sockfd);
     if (!socket_description)
diff --git a/Kernel/Syscalls/setpgid.cpp b/Kernel/Syscalls/setpgid.cpp
index 0ec1324995..4467c5c63e 100644
--- a/Kernel/Syscalls/setpgid.cpp
+++ b/Kernel/Syscalls/setpgid.cpp
@@ -12,6 +12,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$getsid(pid_t pid)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(proc);
     if (pid == 0)
         return sid().value();
@@ -26,6 +27,7 @@ KResultOr<FlatPtr> Process::sys$getsid(pid_t pid)
 
 KResultOr<FlatPtr> Process::sys$setsid()
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(proc);
     InterruptDisabler disabler;
     bool found_process_with_same_pgid_as_my_pid = false;
@@ -45,6 +47,7 @@ KResultOr<FlatPtr> Process::sys$setsid()
 
 KResultOr<FlatPtr> Process::sys$getpgid(pid_t pid)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(proc);
     if (pid == 0)
         return pgid().value();
@@ -57,6 +60,7 @@ KResultOr<FlatPtr> Process::sys$getpgid(pid_t pid)
 
 KResultOr<FlatPtr> Process::sys$getpgrp()
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
     return pgid().value();
 }
@@ -77,6 +81,7 @@ SessionID Process::get_sid_from_pgid(ProcessGroupID pgid)
 
 KResultOr<FlatPtr> Process::sys$setpgid(pid_t specified_pid, pid_t specified_pgid)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(proc);
     ScopedSpinLock lock(g_processes_lock); // FIXME: Use a ProcessHandle
     ProcessID pid = specified_pid ? ProcessID(specified_pid) : this->pid();
diff --git a/Kernel/Syscalls/setuid.cpp b/Kernel/Syscalls/setuid.cpp
index bc52b2691f..0a9e7e607c 100644
--- a/Kernel/Syscalls/setuid.cpp
+++ b/Kernel/Syscalls/setuid.cpp
@@ -10,6 +10,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$seteuid(uid_t new_euid)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(id);
 
     if (new_euid != uid() && new_euid != suid() && !is_superuser())
@@ -26,6 +27,7 @@ KResultOr<FlatPtr> Process::sys$seteuid(uid_t new_euid)
 
 KResultOr<FlatPtr> Process::sys$setegid(gid_t new_egid)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(id);
 
     if (new_egid != gid() && new_egid != sgid() && !is_superuser())
@@ -41,6 +43,7 @@ KResultOr<FlatPtr> Process::sys$setegid(gid_t new_egid)
 
 KResultOr<FlatPtr> Process::sys$setuid(uid_t new_uid)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(id);
 
     if (new_uid != uid() && new_uid != euid() && !is_superuser())
@@ -58,6 +61,7 @@ KResultOr<FlatPtr> Process::sys$setuid(uid_t new_uid)
 
 KResultOr<FlatPtr> Process::sys$setgid(gid_t new_gid)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(id);
 
     if (new_gid != gid() && new_gid != egid() && !is_superuser())
@@ -75,6 +79,7 @@ KResultOr<FlatPtr> Process::sys$setgid(gid_t new_gid)
 
 KResultOr<FlatPtr> Process::sys$setreuid(uid_t new_ruid, uid_t new_euid)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(id);
 
     if (new_ruid == (uid_t)-1)
@@ -100,6 +105,7 @@ KResultOr<FlatPtr> Process::sys$setreuid(uid_t new_ruid, uid_t new_euid)
 
 KResultOr<FlatPtr> Process::sys$setresuid(uid_t new_ruid, uid_t new_euid, uid_t new_suid)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(id);
 
     if (new_ruid == (uid_t)-1)
@@ -125,6 +131,7 @@ KResultOr<FlatPtr> Process::sys$setresuid(uid_t new_ruid, uid_t new_euid, uid_t
 
 KResultOr<FlatPtr> Process::sys$setresgid(gid_t new_rgid, gid_t new_egid, gid_t new_sgid)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(id);
 
     if (new_rgid == (gid_t)-1)
@@ -150,6 +157,7 @@ KResultOr<FlatPtr> Process::sys$setresgid(gid_t new_rgid, gid_t new_egid, gid_t
 
 KResultOr<FlatPtr> Process::sys$setgroups(size_t count, Userspace<const gid_t*> user_gids)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(id);
     if (!is_superuser())
         return EPERM;
diff --git a/Kernel/Syscalls/shutdown.cpp b/Kernel/Syscalls/shutdown.cpp
index 88dda50e13..add177a25f 100644
--- a/Kernel/Syscalls/shutdown.cpp
+++ b/Kernel/Syscalls/shutdown.cpp
@@ -14,6 +14,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$reboot()
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     if (!is_superuser())
         return EPERM;
 
@@ -34,6 +35,7 @@ KResultOr<FlatPtr> Process::sys$reboot()
 
 KResultOr<FlatPtr> Process::sys$halt()
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     if (!is_superuser())
         return EPERM;
 
diff --git a/Kernel/Syscalls/sigaction.cpp b/Kernel/Syscalls/sigaction.cpp
index 1c0a413b3a..cbec96a400 100644
--- a/Kernel/Syscalls/sigaction.cpp
+++ b/Kernel/Syscalls/sigaction.cpp
@@ -13,6 +13,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$sigprocmask(int how, Userspace<const sigset_t*> set, Userspace<sigset_t*> old_set)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(sigaction);
     auto current_thread = Thread::current();
     u32 previous_signal_mask;
@@ -43,6 +44,7 @@ KResultOr<FlatPtr> Process::sys$sigprocmask(int how, Userspace<const sigset_t*>
 
 KResultOr<FlatPtr> Process::sys$sigpending(Userspace<sigset_t*> set)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
     auto pending_signals = Thread::current()->pending_signals();
     if (!copy_to_user(set, &pending_signals))
@@ -52,6 +54,7 @@ KResultOr<FlatPtr> Process::sys$sigpending(Userspace<sigset_t*> set)
 
 KResultOr<FlatPtr> Process::sys$sigaction(int signum, Userspace<const sigaction*> user_act, Userspace<sigaction*> user_old_act)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(sigaction);
     if (signum < 1 || signum >= 32 || signum == SIGKILL || signum == SIGSTOP)
         return EINVAL;
@@ -77,6 +80,7 @@ KResultOr<FlatPtr> Process::sys$sigaction(int signum, Userspace<const sigaction*
 
 KResultOr<FlatPtr> Process::sys$sigreturn([[maybe_unused]] RegisterState& registers)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
     SmapDisabler disabler;
 
diff --git a/Kernel/Syscalls/socket.cpp b/Kernel/Syscalls/socket.cpp
index f6f15384e5..85719be2cf 100644
--- a/Kernel/Syscalls/socket.cpp
+++ b/Kernel/Syscalls/socket.cpp
@@ -34,6 +34,7 @@ void Process::setup_socket_fd(int fd, NonnullRefPtr<FileDescription> description
 
 KResultOr<FlatPtr> Process::sys$socket(int domain, int type, int protocol)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE_FOR_SOCKET_DOMAIN(domain);
 
     if ((type & SOCK_TYPE_MASK) == SOCK_RAW && !is_superuser())
@@ -53,6 +54,7 @@ KResultOr<FlatPtr> Process::sys$socket(int domain, int type, int protocol)
 
 KResultOr<FlatPtr> Process::sys$bind(int sockfd, Userspace<const sockaddr*> address, socklen_t address_length)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     auto description = fds().file_description(sockfd);
     if (!description)
         return EBADF;
@@ -65,6 +67,7 @@ KResultOr<FlatPtr> Process::sys$bind(int sockfd, Userspace<const sockaddr*> addr
 
 KResultOr<FlatPtr> Process::sys$listen(int sockfd, int backlog)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     if (backlog < 0)
         return EINVAL;
     auto description = fds().file_description(sockfd);
@@ -81,6 +84,7 @@ KResultOr<FlatPtr> Process::sys$listen(int sockfd, int backlog)
 
 KResultOr<FlatPtr> Process::sys$accept4(Userspace<const Syscall::SC_accept4_params*> user_params)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(accept);
 
     Syscall::SC_accept4_params params;
@@ -148,6 +152,7 @@ KResultOr<FlatPtr> Process::sys$accept4(Userspace<const Syscall::SC_accept4_para
 
 KResultOr<FlatPtr> Process::sys$connect(int sockfd, Userspace<const sockaddr*> user_address, socklen_t user_address_size)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     int fd = m_fds.allocate();
     if (fd < 0)
         return fd;
@@ -165,6 +170,7 @@ KResultOr<FlatPtr> Process::sys$connect(int sockfd, Userspace<const sockaddr*> u
 
 KResultOr<FlatPtr> Process::sys$shutdown(int sockfd, int how)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
     if (how & ~SHUT_RDWR)
         return EINVAL;
@@ -181,6 +187,7 @@ KResultOr<FlatPtr> Process::sys$shutdown(int sockfd, int how)
 
 KResultOr<FlatPtr> Process::sys$sendmsg(int sockfd, Userspace<const struct msghdr*> user_msg, int flags)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
     struct msghdr msg;
     if (!copy_from_user(&msg, user_msg))
@@ -219,6 +226,7 @@ KResultOr<FlatPtr> Process::sys$sendmsg(int sockfd, Userspace<const struct msghd
 
 KResultOr<FlatPtr> Process::sys$recvmsg(int sockfd, Userspace<struct msghdr*> user_msg, int flags)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
 
     struct msghdr msg;
@@ -326,6 +334,7 @@ int Process::get_sock_or_peer_name(const Params& params)
 
 KResultOr<FlatPtr> Process::sys$getsockname(Userspace<const Syscall::SC_getsockname_params*> user_params)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     Syscall::SC_getsockname_params params;
     if (!copy_from_user(&params, user_params))
         return EFAULT;
@@ -334,6 +343,7 @@ KResultOr<FlatPtr> Process::sys$getsockname(Userspace<const Syscall::SC_getsockn
 
 KResultOr<FlatPtr> Process::sys$getpeername(Userspace<const Syscall::SC_getpeername_params*> user_params)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     Syscall::SC_getpeername_params params;
     if (!copy_from_user(&params, user_params))
         return EFAULT;
@@ -342,6 +352,7 @@ KResultOr<FlatPtr> Process::sys$getpeername(Userspace<const Syscall::SC_getpeern
 
 KResultOr<FlatPtr> Process::sys$getsockopt(Userspace<const Syscall::SC_getsockopt_params*> user_params)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     Syscall::SC_getsockopt_params params;
     if (!copy_from_user(&params, user_params))
         return EFAULT;
@@ -369,6 +380,7 @@ KResultOr<FlatPtr> Process::sys$getsockopt(Userspace<const Syscall::SC_getsockop
 
 KResultOr<FlatPtr> Process::sys$setsockopt(Userspace<const Syscall::SC_setsockopt_params*> user_params)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     Syscall::SC_setsockopt_params params;
     if (!copy_from_user(&params, user_params))
         return EFAULT;
@@ -385,6 +397,7 @@ KResultOr<FlatPtr> Process::sys$setsockopt(Userspace<const Syscall::SC_setsockop
 
 KResultOr<FlatPtr> Process::sys$socketpair(Userspace<const Syscall::SC_socketpair_params*> user_params)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     Syscall::SC_socketpair_params params;
     if (!copy_from_user(&params, user_params))
         return EFAULT;
diff --git a/Kernel/Syscalls/stat.cpp b/Kernel/Syscalls/stat.cpp
index c75716da8b..9ce48ad995 100644
--- a/Kernel/Syscalls/stat.cpp
+++ b/Kernel/Syscalls/stat.cpp
@@ -14,6 +14,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$fstat(int fd, Userspace<stat*> user_statbuf)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
     auto description = fds().file_description(fd);
     if (!description)
@@ -27,6 +28,7 @@ KResultOr<FlatPtr> Process::sys$fstat(int fd, Userspace<stat*> user_statbuf)
 
 KResultOr<FlatPtr> Process::sys$stat(Userspace<const Syscall::SC_stat_params*> user_params)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(rpath);
     Syscall::SC_stat_params params;
     if (!copy_from_user(&params, user_params))
diff --git a/Kernel/Syscalls/statvfs.cpp b/Kernel/Syscalls/statvfs.cpp
index ce7d369d36..791bc8e1c8 100644
--- a/Kernel/Syscalls/statvfs.cpp
+++ b/Kernel/Syscalls/statvfs.cpp
@@ -71,6 +71,7 @@ KResultOr<FlatPtr> Process::do_statvfs(String path, statvfs* buf)
 
 KResultOr<FlatPtr> Process::sys$statvfs(Userspace<const Syscall::SC_statvfs_params*> user_params)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(rpath);
 
     Syscall::SC_statvfs_params params;
@@ -85,6 +86,7 @@ KResultOr<FlatPtr> Process::sys$statvfs(Userspace<const Syscall::SC_statvfs_para
 
 KResultOr<FlatPtr> Process::sys$fstatvfs(int fd, statvfs* buf)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
 
     auto description = fds().file_description(fd);
diff --git a/Kernel/Syscalls/sync.cpp b/Kernel/Syscalls/sync.cpp
index fb07fa6d55..22174843f0 100644
--- a/Kernel/Syscalls/sync.cpp
+++ b/Kernel/Syscalls/sync.cpp
@@ -11,6 +11,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$sync()
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
     VirtualFileSystem::sync();
     return 0;
diff --git a/Kernel/Syscalls/sysconf.cpp b/Kernel/Syscalls/sysconf.cpp
index 2a6dae7b52..932d4ae4e3 100644
--- a/Kernel/Syscalls/sysconf.cpp
+++ b/Kernel/Syscalls/sysconf.cpp
@@ -11,6 +11,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$sysconf(int name)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     switch (name) {
     case _SC_MONOTONIC_CLOCK:
         return 1;
diff --git a/Kernel/Syscalls/thread.cpp b/Kernel/Syscalls/thread.cpp
index 8375912590..488d237ecf 100644
--- a/Kernel/Syscalls/thread.cpp
+++ b/Kernel/Syscalls/thread.cpp
@@ -18,6 +18,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$create_thread(void* (*entry)(void*), Userspace<const Syscall::SC_create_thread_params*> user_params)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(thread);
 
     Syscall::SC_create_thread_params params;
@@ -91,6 +92,7 @@ KResultOr<FlatPtr> Process::sys$create_thread(void* (*entry)(void*), Userspace<c
 
 void Process::sys$exit_thread(Userspace<void*> exit_value, Userspace<void*> stack_location, size_t stack_size)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(thread);
 
     if (this->thread_count() == 1) {
@@ -114,6 +116,7 @@ void Process::sys$exit_thread(Userspace<void*> exit_value, Userspace<void*> stac
 
 KResultOr<FlatPtr> Process::sys$detach_thread(pid_t tid)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(thread);
     auto thread = Thread::from_tid(tid);
     if (!thread || thread->pid() != pid())
@@ -128,6 +131,7 @@ KResultOr<FlatPtr> Process::sys$detach_thread(pid_t tid)
 
 KResultOr<FlatPtr> Process::sys$join_thread(pid_t tid, Userspace<void**> exit_value)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(thread);
 
     auto thread = Thread::from_tid(tid);
@@ -161,6 +165,7 @@ KResultOr<FlatPtr> Process::sys$join_thread(pid_t tid, Userspace<void**> exit_va
 
 KResultOr<FlatPtr> Process::sys$kill_thread(pid_t tid, int signal)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(thread);
 
     if (signal < 0 || signal >= 32)
@@ -182,6 +187,7 @@ KResultOr<FlatPtr> Process::sys$kill_thread(pid_t tid, int signal)
 
 KResultOr<FlatPtr> Process::sys$set_thread_name(pid_t tid, Userspace<const char*> user_name, size_t user_name_length)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
     auto name = copy_string_from_user(user_name, user_name_length);
     if (name.is_null())
@@ -201,6 +207,7 @@ KResultOr<FlatPtr> Process::sys$set_thread_name(pid_t tid, Userspace<const char*
 
 KResultOr<FlatPtr> Process::sys$get_thread_name(pid_t tid, Userspace<char*> buffer, size_t buffer_size)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(thread);
     if (buffer_size == 0)
         return EINVAL;
@@ -221,6 +228,7 @@ KResultOr<FlatPtr> Process::sys$get_thread_name(pid_t tid, Userspace<char*> buff
 
 KResultOr<FlatPtr> Process::sys$gettid()
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
     return Thread::current()->tid().value();
 }
diff --git a/Kernel/Syscalls/times.cpp b/Kernel/Syscalls/times.cpp
index 445006f678..08602553b0 100644
--- a/Kernel/Syscalls/times.cpp
+++ b/Kernel/Syscalls/times.cpp
@@ -10,6 +10,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$times(Userspace<tms*> user_times)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
     tms times = {};
     times.tms_utime = m_ticks_in_user;
diff --git a/Kernel/Syscalls/ttyname.cpp b/Kernel/Syscalls/ttyname.cpp
index 01f8776b93..f6542a0ab4 100644
--- a/Kernel/Syscalls/ttyname.cpp
+++ b/Kernel/Syscalls/ttyname.cpp
@@ -13,6 +13,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$ttyname(int fd, Userspace<char*> buffer, size_t size)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(tty);
     auto description = fds().file_description(fd);
     if (!description)
@@ -29,6 +30,7 @@ KResultOr<FlatPtr> Process::sys$ttyname(int fd, Userspace<char*> buffer, size_t
 
 KResultOr<FlatPtr> Process::sys$ptsname(int fd, Userspace<char*> buffer, size_t size)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(tty);
     auto description = fds().file_description(fd);
     if (!description)
diff --git a/Kernel/Syscalls/umask.cpp b/Kernel/Syscalls/umask.cpp
index 580aec0cc3..16819f0215 100644
--- a/Kernel/Syscalls/umask.cpp
+++ b/Kernel/Syscalls/umask.cpp
@@ -10,6 +10,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$umask(mode_t mask)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
     auto old_mask = m_umask;
     ProtectedDataMutationScope scope { *this };
diff --git a/Kernel/Syscalls/uname.cpp b/Kernel/Syscalls/uname.cpp
index 62d94a22a7..e127b15531 100644
--- a/Kernel/Syscalls/uname.cpp
+++ b/Kernel/Syscalls/uname.cpp
@@ -10,6 +10,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$uname(Userspace<utsname*> user_buf)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     extern String* g_hostname;
     extern Mutex* g_hostname_lock;
 
diff --git a/Kernel/Syscalls/unlink.cpp b/Kernel/Syscalls/unlink.cpp
index 8f3b8b2cb7..6178ac6cd4 100644
--- a/Kernel/Syscalls/unlink.cpp
+++ b/Kernel/Syscalls/unlink.cpp
@@ -12,6 +12,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$unlink(Userspace<const char*> user_path, size_t path_length)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(cpath);
     auto path = get_syscall_path_argument(user_path, path_length);
     if (path.is_error())
diff --git a/Kernel/Syscalls/unveil.cpp b/Kernel/Syscalls/unveil.cpp
index 64ca3bad5b..8d0d498f5e 100644
--- a/Kernel/Syscalls/unveil.cpp
+++ b/Kernel/Syscalls/unveil.cpp
@@ -26,6 +26,7 @@ static void update_intermediate_node_permissions(UnveilNode& root_node, UnveilAc
 
 KResultOr<FlatPtr> Process::sys$unveil(Userspace<const Syscall::SC_unveil_params*> user_params)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     Syscall::SC_unveil_params params;
     if (!copy_from_user(&params, user_params))
         return EFAULT;
diff --git a/Kernel/Syscalls/utime.cpp b/Kernel/Syscalls/utime.cpp
index cec3fd2c9a..4930ee2b6a 100644
--- a/Kernel/Syscalls/utime.cpp
+++ b/Kernel/Syscalls/utime.cpp
@@ -12,6 +12,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$utime(Userspace<const char*> user_path, size_t path_length, Userspace<const struct utimbuf*> user_buf)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(fattr);
     auto path = get_syscall_path_argument(user_path, path_length);
     if (path.is_error())
diff --git a/Kernel/Syscalls/waitid.cpp b/Kernel/Syscalls/waitid.cpp
index 828bc9919e..f33dd1d7e7 100644
--- a/Kernel/Syscalls/waitid.cpp
+++ b/Kernel/Syscalls/waitid.cpp
@@ -20,6 +20,7 @@ KResultOr<siginfo_t> Process::do_waitid(idtype_t idtype, int id, int options)
 
 KResultOr<FlatPtr> Process::sys$waitid(Userspace<const Syscall::SC_waitid_params*> user_params)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(proc);
 
     Syscall::SC_waitid_params params;
diff --git a/Kernel/Syscalls/write.cpp b/Kernel/Syscalls/write.cpp
index 2ede957a53..2ba6e98a54 100644
--- a/Kernel/Syscalls/write.cpp
+++ b/Kernel/Syscalls/write.cpp
@@ -13,6 +13,7 @@ namespace Kernel {
 
 KResultOr<FlatPtr> Process::sys$writev(int fd, Userspace<const struct iovec*> iov, int iov_count)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
     if (iov_count < 0)
         return EINVAL;
@@ -98,6 +99,7 @@ KResultOr<FlatPtr> Process::do_write(FileDescription& description, const UserOrK
 
 KResultOr<FlatPtr> Process::sys$write(int fd, Userspace<const u8*> data, size_t size)
 {
+    VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
     REQUIRE_PROMISE(stdio);
     if (size == 0)
         return 0;