From c877612211e3eada3cedd489a088c04440b6c459 Mon Sep 17 00:00:00 2001
From: Andreas Kling <kling@serenityos.org>
Date: Sat, 13 Feb 2021 01:49:44 +0100
Subject: [PATCH] Kernel: Round down base of partial ranges provided to
 munmap/mprotect

We were failing to round down the base of partial VM ranges. This led
to split regions being constructed that could have a non-page-aligned
base address. This would then trip assertions in the VM code.

Found by fuzz-syscalls. :^)
---
 Kernel/Syscalls/mmap.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Kernel/Syscalls/mmap.cpp b/Kernel/Syscalls/mmap.cpp
index c81228860e..727535ed27 100644
--- a/Kernel/Syscalls/mmap.cpp
+++ b/Kernel/Syscalls/mmap.cpp
@@ -272,7 +272,7 @@ int Process::sys$mprotect(void* addr, size_t size, int prot)
         REQUIRE_PROMISE(prot_exec);
     }
 
-    Range range_to_mprotect = { VirtualAddress(addr), PAGE_ROUND_UP(size) };
+    Range range_to_mprotect = { VirtualAddress((FlatPtr)addr & PAGE_MASK), PAGE_ROUND_UP(size) };
 
     if (!range_to_mprotect.size())
         return -EINVAL;
@@ -343,7 +343,7 @@ int Process::sys$madvise(void* address, size_t size, int advice)
 {
     REQUIRE_PROMISE(stdio);
 
-    Range range_to_madvise { VirtualAddress(address), PAGE_ROUND_UP(size) };
+    Range range_to_madvise { VirtualAddress((FlatPtr)address & PAGE_MASK), PAGE_ROUND_UP(size) };
 
     if (!range_to_madvise.size())
         return -EINVAL;