From c9ec415e2f5075f46175f5694fa4a2e91c5deb5d Mon Sep 17 00:00:00 2001
From: Andreas Kling <awesomekling@gmail.com>
Date: Tue, 31 Dec 2019 03:43:24 +0100
Subject: [PATCH] Kernel: Always reject never-userspace addresses before
 checking regions

At the moment, addresses below 8MB and above 3GB are never accessible
to userspace, so just reject them without even looking at the current
process's memory regions.
---
 Kernel/VM/MemoryManager.cpp | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/Kernel/VM/MemoryManager.cpp b/Kernel/VM/MemoryManager.cpp
index d44953f6bb..b16570150c 100644
--- a/Kernel/VM/MemoryManager.cpp
+++ b/Kernel/VM/MemoryManager.cpp
@@ -584,20 +584,31 @@ void MemoryManager::unquickmap_page()
     m_quickmap_in_use = false;
 }
 
+static inline bool is_user_address(VirtualAddress vaddr)
+{
+    return vaddr.get() >= (8 * MB) && vaddr.get() < 0xc0000000;
+}
+
 bool MemoryManager::validate_user_stack(const Process& process, VirtualAddress vaddr) const
 {
+    if (!is_user_address(vaddr))
+        return false;
     auto* region = user_region_from_vaddr(const_cast<Process&>(process), vaddr);
     return region && region->is_user_accessible() && region->is_stack();
 }
 
 bool MemoryManager::validate_user_read(const Process& process, VirtualAddress vaddr) const
 {
+    if (!is_user_address(vaddr))
+        return false;
     auto* region = user_region_from_vaddr(const_cast<Process&>(process), vaddr);
     return region && region->is_user_accessible() && region->is_readable();
 }
 
 bool MemoryManager::validate_user_write(const Process& process, VirtualAddress vaddr) const
 {
+    if (!is_user_address(vaddr))
+        return false;
     auto* region = user_region_from_vaddr(const_cast<Process&>(process), vaddr);
     return region && region->is_user_accessible() && region->is_writable();
 }