Kernel: Do 2 validations in annotate_mapping syscall outside a spinlock

1 files changed, 5 insertions, 6 deletions

diff --git a/Kernel/Syscalls/mmap.cpp b/Kernel/Syscalls/mmap.cpp
index af63ab1fe3..0091116d12 100644
--- a/Kernel/Syscalls/mmap.cpp
+++ b/Kernel/Syscalls/mmap.cpp
@@ -575,11 +575,13 @@ ErrorOr<FlatPtr> Process::sys$allocate_tls(Userspace<char const*> initial_data,
 ErrorOr<FlatPtr> Process::sys$annotate_mapping(Userspace<void*> address, int flags)
 {
     VERIFY_NO_PROCESS_BIG_LOCK(this);
+    if (flags == to_underlying(VirtualMemoryRangeFlags::None))
+        return EINVAL;
 
-    return address_space().with([&](auto& space) -> ErrorOr<FlatPtr> {
-        if (flags == to_underlying(VirtualMemoryRangeFlags::None))
-            return EINVAL;
+    if (!Memory::is_user_address(address.vaddr()))
+        return EFAULT;
 
+    return address_space().with([&](auto& space) -> ErrorOr<FlatPtr> {
         if (space->enforces_syscall_regions() && (flags & to_underlying(VirtualMemoryRangeFlags::SyscallCode)))
             return EPERM;
 
@@ -588,9 +590,6 @@ ErrorOr<FlatPtr> Process::sys$annotate_mapping(Userspace<void*> address, int fla
             return 0;
         }
 
-        if (!Memory::is_user_address(address.vaddr()))
-            return EFAULT;
-
         auto* region = space->find_region_containing(Memory::VirtualRange { address.vaddr(), 1 });
         if (!region)
             return EINVAL;