Aggressively randomize the location of the stack on all 64-bit architectures

except alpha.  This will put the stack at a random location in the upper
1/4th of the userland virtual address space providing up to 26 additional
bits of randomness in the address.  Skip alpha for now since it currently
puts the stack at a (for a 64-bit architecture) very low address.  Skip
32-bit architectures for now as well since those have a much smaller
virtual address space and we need more time to figure out what a safe
amount of extra randomizations is.  These architectures will continue to
use a mildly randomized stack address through the existing stackgap random
mechanism.  We will revisit this after 7.3 is released.

This should make it harder for an attacker to find the stack.

ok deraadt@, miod@

1 files changed, 4 insertions, 1 deletions

diff --git a/sys/arch/mips64/include/vmparam.h b/sys/arch/mips64/include/vmparam.h
index eef1c18f286..cfc8f55a05b 100644
--- a/sys/arch/mips64/include/vmparam.h
+++ b/sys/arch/mips64/include/vmparam.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: vmparam.h,v 1.29 2016/12/23 12:38:16 visa Exp $	*/
+/*	$OpenBSD: vmparam.h,v 1.30 2023/03/19 20:32:13 kettenis Exp $	*/
 /*	$NetBSD: vmparam.h,v 1.5 1994/10/26 21:10:10 cgd Exp $	*/
 
 /*
@@ -99,6 +99,9 @@
 #define VM_MIN_ADDRESS		((vaddr_t)0x0000000000004000L)
 #define VM_MAXUSER_ADDRESS	((vaddr_t)0x0000010000000000L)
 #define VM_MAX_ADDRESS		VM_MAXUSER_ADDRESS
+#ifdef _KERNEL
+#define VM_MIN_STACK_ADDRESS	((vaddr_t)0x000000c000000000L)
+#endif
 #define	VM_MIN_KERNEL_ADDRESS	((vaddr_t)0xc000000000000000L)
 #define	VM_MAX_KERNEL_ADDRESS	((vaddr_t)0xc000000040000000L)