Aggressively randomize the location of the stack on all 64-bit architectures

except alpha.  This will put the stack at a random location in the upper
1/4th of the userland virtual address space providing up to 26 additional
bits of randomness in the address.  Skip alpha for now since it currently
puts the stack at a (for a 64-bit architecture) very low address.  Skip
32-bit architectures for now as well since those have a much smaller
virtual address space and we need more time to figure out what a safe
amount of extra randomizations is.  These architectures will continue to
use a mildly randomized stack address through the existing stackgap random
mechanism.  We will revisit this after 7.3 is released.

This should make it harder for an attacker to find the stack.

ok deraadt@, miod@

1 files changed, 4 insertions, 1 deletions

diff --git a/sys/arch/sparc64/include/vmparam.h b/sys/arch/sparc64/include/vmparam.h
index 42c9075482e..a7a4a4bd593 100644
--- a/sys/arch/sparc64/include/vmparam.h
+++ b/sys/arch/sparc64/include/vmparam.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: vmparam.h,v 1.33 2021/08/03 04:45:54 semarie Exp $	*/
+/*	$OpenBSD: vmparam.h,v 1.34 2023/03/19 20:32:13 kettenis Exp $	*/
 /*	$NetBSD: vmparam.h,v 1.18 2001/05/01 02:19:19 thorpej Exp $ */
 
 /*
@@ -103,6 +103,9 @@
 #define VM_MIN_ADDRESS		((vaddr_t)PAGE_SIZE)
 #define VM_MAX_ADDRESS		((vaddr_t)-1)
 #define VM_MAXUSER_ADDRESS	((vaddr_t)-PAGE_SIZE)
+#ifdef _KERNEL
+#define VM_MIN_STACK_ADDRESS	((vaddr_t)0xfffffe0000000000L)
+#endif
 
 /* map PIE into the first quarter of the address space before hole */
 #define VM_PIE_MIN_ADDR		PAGE_SIZE