Kernel: Assert that copy_to/from_user() are called with user addresses

This will panic the kernel immediately if these functions are misused
so we can catch it and fix the misuse.

This patch fixes a couple of misuses:

    - create_signal_trampolines() writes to a user-accessible page
      above the 3GB address mark. We should really get rid of this
      page but that's a whole other thing.

    - CoW faults need to use copy_from_user rather than copy_to_user
      since it's the *source* pointer that points to user memory.

    - Inode faults need to use memcpy rather than copy_to_user since
      we're copying a kernel stack buffer into a quickmapped page.

This should make the copy_to/from_user() functions slightly less useful
for exploitation. Before this, they were essentially just glorified
memcpy() with SMAP disabled. :^)

Kernel/VM/Region.cpp

@@ -424,7 +424,7 @@ PageFaultResponse Region::handle_cow_fault(size_t page_index_in_region)
 #ifdef PAGE_FAULT_DEBUG
     dbgprintf("      >> COW P%p <- P%p\n", physical_page->paddr().get(), physical_page_to_copy->paddr().get());
 #endif
-    copy_to_user(dest_ptr, src_ptr, PAGE_SIZE);
+    copy_from_user(dest_ptr, src_ptr, PAGE_SIZE);
     vmobject_physical_page_entry = move(physical_page);
     MM.unquickmap_page();
     set_should_cow(page_index_in_region, false);
@@ -481,7 +481,7 @@ PageFaultResponse Region::handle_inode_fault(size_t page_index_in_region)
     }
 
     u8* dest_ptr = MM.quickmap_page(*vmobject_physical_page_entry);
-    copy_to_user(dest_ptr, page_buffer, PAGE_SIZE);
+    memcpy(dest_ptr, page_buffer, PAGE_SIZE);
     MM.unquickmap_page();
 
     remap_page(page_index_in_region);