Kernel+Userland: Convert process syscall region enforce flag to SetOnce

This flag is set only once, and should never reset once it has been set,
making it an ideal SetOnce use-case.
It also simplifies the expected conditions for the enabling prctl call,
as we don't expect a boolean flag, but rather the specific prctl option
will always set (enable) Process' AddressSpace syscall region enforcing.

Kernel/Memory/AddressSpace.h

@@ -8,6 +8,7 @@
 #pragma once
 
 #include <AK/RedBlackTree.h>
+#include <AK/SetOnce.h>
 #include <AK/Vector.h>
 #include <Kernel/Arch/PageDirectory.h>
 #include <Kernel/Library/LockWeakPtr.h>
@@ -48,8 +49,8 @@ public:
 
     ErrorOr<Vector<Region*, 4>> find_regions_intersecting(VirtualRange const&);
 
-    bool enforces_syscall_regions() const { return m_enforces_syscall_regions; }
-    void set_enforces_syscall_regions(bool b) { m_enforces_syscall_regions = b; }
+    bool enforces_syscall_regions() const { return m_enforces_syscall_regions.was_set(); }
+    void set_enforces_syscall_regions() { m_enforces_syscall_regions.set(); }
 
     void remove_all_regions(Badge<Process>);
 
@@ -68,7 +69,7 @@ private:
 
     RegionTree m_region_tree;
 
-    bool m_enforces_syscall_regions { false };
+    SetOnce m_enforces_syscall_regions;
 };
 
 }

Kernel/Syscalls/fork.cpp

@@ -164,7 +164,8 @@ ErrorOr<FlatPtr> Process::sys$fork(RegisterState& regs)
 
     TRY(address_space().with([&](auto& parent_space) {
         return child->address_space().with([&](auto& child_space) -> ErrorOr<void> {
-            child_space->set_enforces_syscall_regions(parent_space->enforces_syscall_regions());
+            if (parent_space->enforces_syscall_regions())
+                child_space->set_enforces_syscall_regions();
             for (auto& region : parent_space->region_tree().regions()) {
                 dbgln_if(FORK_DEBUG, "fork: cloning Region '{}' @ {}", region.name(), region.vaddr());
                 auto region_clone = TRY(region.try_clone());

Kernel/Syscalls/prctl.cpp

@@ -26,14 +26,10 @@ ErrorOr<FlatPtr> Process::sys$prctl(int option, FlatPtr arg1, FlatPtr arg2, Flat
                 return space->enforces_syscall_regions();
             });
         case PR_SET_NO_NEW_SYSCALL_REGION_ANNOTATIONS: {
-            if (arg1 != 0 && arg1 != 1)
+            if (arg1 != 0)
                 return EINVAL;
-            bool prohibit_new_annotated_syscall_regions = (arg1 == 1);
             return address_space().with([&](auto& space) -> ErrorOr<FlatPtr> {
-                if (space->enforces_syscall_regions() && !prohibit_new_annotated_syscall_regions)
-                    return EPERM;
-
-                space->set_enforces_syscall_regions(prohibit_new_annotated_syscall_regions);
+                space->set_enforces_syscall_regions();
                 return 0;
             });
             return 0;

Userland/Libraries/LibELF/DynamicLinker.cpp

@@ -739,7 +739,7 @@ Examples of static-pie ELF objects are ELF packers, and the system dynamic loade
         entry_point = entry_point.offset(main_executable_loader->base_address().get());
     auto entry_point_function = reinterpret_cast<EntryPointFunction>(entry_point.as_ptr());
 
-    int rc = syscall(SC_prctl, PR_SET_NO_NEW_SYSCALL_REGION_ANNOTATIONS, 1, 0, nullptr);
+    int rc = syscall(SC_prctl, PR_SET_NO_NEW_SYSCALL_REGION_ANNOTATIONS, 0, 0, nullptr);
     if (rc < 0) {
         VERIFY_NOT_REACHED();
     }