Use the fields in the sysentvec and in the vm map header in place of the

constants VM_MIN_ADDRESS, VM_MAXUSER_ADDRESS, USRSTACK and PS_STRINGS. This is mainly so that they can be variable even for the native abi, based on different machine types. Get stack protections from the sysentvec too. This makes it trivial to map the stack non-executable for certain abis, on machines that support it.
2002-09-21 22:07:17 +00:00 · 2002-09-21 22:07:17 +00:00 · 05ba50f522
commit 05ba50f522
parent a4c8a68c86
20 changed files with 102 additions and 93 deletions
--- a/sys/alpha/osf1/imgact_osf1.c
+++ b/sys/alpha/osf1/imgact_osf1.c
@ -177,7 +177,7 @@ exec_osf1_imgact(struct image_params *imgp)
 	/*
 	 * Destroy old process VM and create a new one (with a new stack).
 	 */
-	exec_new_vmspace(imgp, VM_MIN_ADDRESS, VM_MAXUSER_ADDRESS, USRSTACK);
+	exec_new_vmspace(imgp, &osf1_sysvec);
 	/*
 	 * The vm space can now be changed.
--- a/sys/compat/linprocfs/linprocfs.c
+++ b/sys/compat/linprocfs/linprocfs.c
@ -701,7 +701,8 @@ linprocfs_doproccmdline(PFS_FILL_ARGS)
 		sbuf_printf(sb, "%.*s", MAXCOMLEN, p->p_comm);
 	} else {
 		PROC_UNLOCK(p);
-		error = copyin((void*)PS_STRINGS, &pstr, sizeof(pstr));
+		error = copyin((void *)p->p_sysent->sv_psstrings, &pstr,
 		    sizeof(pstr));
 		if (error)
 			return (error);
 		for (i = 0; i < pstr.ps_nargvstr; i++) {
--- a/sys/compat/pecoff/imgact_pecoff.c
+++ b/sys/compat/pecoff/imgact_pecoff.c
@ -486,7 +486,7 @@ exec_pecoff_coff_prep_zmagic(struct image_params * imgp,
 	    peofs + PECOFF_HDR_SIZE, (caddr_t) sh, scnsiz);
 	if ((error = exec_extract_strings(imgp)) != 0)
 		goto fail;
-	exec_new_vmspace(imgp, VM_MIN_ADDRESS, VM_MAXUSER_ADDRESS, USRSTACK);
+	exec_new_vmspace(imgp, &pecoff_sysvec);
 	vmspace = imgp->proc->p_vmspace;
 	for (i = 0; i < fp->f_nscns; i++) {
 		prot = VM_PROT_WRITE;	/* XXX for relocation? */
--- a/sys/compat/svr4/imgact_svr4.c
+++ b/sys/compat/svr4/imgact_svr4.c
@ -122,7 +122,7 @@ exec_svr4_imgact(imgp)
    /*
     * Destroy old process VM and create a new one (with a new stack)
     */
-    exec_new_vmspace(imgp, VM_MIN_ADDRESS, VM_MAXUSER_ADDRESS, USRSTACK);
+    exec_new_vmspace(imgp, &svr4_sysvec);
    vmspace = imgp->proc->p_vmspace;
    /*
--- a/sys/fs/procfs/procfs_status.c
+++ b/sys/fs/procfs/procfs_status.c
@ -53,6 +53,7 @@
 #include <sys/proc.h>
 #include <sys/resourcevar.h>
 #include <sys/sbuf.h>
 #include <sys/sysent.h>
 #include <sys/tty.h>
 #include <vm/vm.h>
@ -191,7 +192,8 @@ procfs_doproccmdline(PFS_FILL_ARGS)
 	if (p != td->td_proc) {
 		sbuf_printf(sb, "%.*s", MAXCOMLEN, p->p_comm);
 	} else {
-		error = copyin((void*)PS_STRINGS, &pstr, sizeof(pstr));
+		error = copyin((void *)p->p_sysent->sv_psstrings, &pstr,
 		    sizeof(pstr));
 		if (error)
 			return (error);
 		for (i = 0; i < pstr.ps_nargvstr; i++) {
--- a/sys/i386/ibcs2/imgact_coff.c
+++ b/sys/i386/ibcs2/imgact_coff.c
@ -336,7 +336,7 @@ exec_coff_imgact(imgp)
 		goto fail;
 	}
-	exec_new_vmspace(imgp, VM_MIN_ADDRESS, VM_MAXUSER_ADDRESS, USRSTACK);
+	exec_new_vmspace(imgp, &ibcs2_svr3_sysvec);
 	vmspace = imgp->proc->p_vmspace;
 	for (i = 0; i < nscns; i++) {
--- a/sys/i386/linux/imgact_linux.c
+++ b/sys/i386/linux/imgact_linux.c
@ -121,7 +121,7 @@ exec_linux_imgact(imgp)
    /*
     * Destroy old process VM and create a new one (with a new stack)
     */
-    exec_new_vmspace(imgp, VM_MIN_ADDRESS, VM_MAXUSER_ADDRESS, USRSTACK);
+    exec_new_vmspace(imgp, &linux_sysvec);
    vmspace = imgp->proc->p_vmspace;
    /*
--- a/sys/kern/imgact_aout.c
+++ b/sys/kern/imgact_aout.c
@ -140,7 +140,7 @@ exec_aout_imgact(imgp)
 		file_offset = 0;
 		/* Pass PS_STRINGS for BSD/OS binaries only. */
 		if (N_GETMID(*a_out) == MID_ZERO)
-			imgp->ps_strings = PS_STRINGS;
+			imgp->ps_strings = aout_sysvec.sv_psstrings;
 		break;
 	default:
 		/* NetBSD compatibility */
@ -192,7 +192,7 @@ exec_aout_imgact(imgp)
 	/*
 	 * Destroy old process VM and create a new one (with a new stack)
 	 */
-	exec_new_vmspace(imgp, VM_MIN_ADDRESS, VM_MAXUSER_ADDRESS, USRSTACK);
+	exec_new_vmspace(imgp, &aout_sysvec);
 	/*
 	 * The vm space can be changed by exec_new_vmspace
@ -299,8 +299,8 @@ aout_coredump(td, vp, limit)
 		    IO_UNIT | IO_DIRECT, cred, NOCRED, (int *) NULL, td);
 	if (error == 0)
 		error = vn_rdwr_inchunks(UIO_WRITE, vp,
-		    (caddr_t)trunc_page(USRSTACK - ctob(vm->vm_ssize)),
+		    (caddr_t)trunc_page(p->p_sysent->sv_usrstack -
-		    round_page(ctob(vm->vm_ssize)),
+		    ctob(vm->vm_ssize)), round_page(ctob(vm->vm_ssize)),
 		    (off_t)ctob(uarea_pages + kstack_pages) +
 		        ctob(vm->vm_dsize), UIO_USERSPACE,
 		    IO_UNIT | IO_DIRECT, cred, NOCRED, (int *) NULL, td);
--- a/sys/kern/imgact_elf.c
+++ b/sys/kern/imgact_elf.c
@ -699,8 +699,7 @@ __CONCAT(exec_, __elfN(imgact))(struct image_params *imgp)
 	if ((error = exec_extract_strings(imgp)) != 0)
 		goto fail;
-	exec_new_vmspace(imgp, sv->sv_minuser, sv->sv_maxuser,
+	exec_new_vmspace(imgp, sv);
 	    sv->sv_usrstack);
 	vmspace = imgp->proc->p_vmspace;
--- a/sys/kern/imgact_gzip.c
+++ b/sys/kern/imgact_gzip.c
@ -229,7 +229,7 @@ do_aout_hdr(struct imgact_gzip * gz)
 	/*
 	 * Destroy old process VM and create a new one (with a new stack)
 	 */
-	exec_new_vmspace(gz->ip, VM_MIN_ADDRESS, VM_MAXUSER_ADDRESS, USRSTACK);
+	exec_new_vmspace(gz->ip, &aout_sysvec);
 	vmspace = gz->ip->proc->p_vmspace;
--- a/sys/kern/init_main.c
+++ b/sys/kern/init_main.c
@ -435,8 +435,8 @@ KASSERT((ke->ke_kgrlist.tqe_next != ke), ("linked to self!"));
 	pmap_pinit0(vmspace_pmap(&vmspace0));
 	p->p_vmspace = &vmspace0;
 	vmspace0.vm_refcnt = 1;
-	vm_map_init(&vmspace0.vm_map, round_page(VM_MIN_ADDRESS),
+	vm_map_init(&vmspace0.vm_map, p->p_sysent->sv_minuser,
-	    trunc_page(VM_MAXUSER_ADDRESS));
+	    p->p_sysent->sv_maxuser);
 	vmspace0.vm_map.pmap = vmspace_pmap(&vmspace0);
 	/*
@ -571,7 +571,7 @@ start_init(void *dummy)
 	/*
 	 * Need just enough stack to hold the faked-up "execve()" arguments.
 	 */
-	addr = trunc_page(USRSTACK - PAGE_SIZE);
+	addr = p->p_sysent->sv_usrstack - PAGE_SIZE;
 	if (vm_map_find(&p->p_vmspace->vm_map, NULL, 0, &addr, PAGE_SIZE,
 			FALSE, VM_PROT_ALL, VM_PROT_ALL, 0) != 0)
 		panic("init: couldn't allocate argument space");
@ -603,7 +603,7 @@ start_init(void *dummy)
 		 * Move out the boot flag argument.
 		 */
 		options = 0;
-		ucp = (char *)USRSTACK;
+		ucp = (char *)p->p_sysent->sv_usrstack;
 		(void)subyte(--ucp, 0);		/* trailing zero */
 		if (boothowto & RB_SINGLE) {
 			(void)subyte(--ucp, 's');
--- a/sys/kern/kern_exec.c
+++ b/sys/kern/kern_exec.c
@ -74,6 +74,9 @@ MALLOC_DEFINE(M_PARGS, "proc-args", "Process arguments");
 static MALLOC_DEFINE(M_ATEXEC, "atexec", "atexec callback");
 static int sysctl_kern_ps_strings(SYSCTL_HANDLER_ARGS);
 static int sysctl_kern_usrstack(SYSCTL_HANDLER_ARGS);
 /*
 * callout list for things to do at exec time
 */
@ -86,13 +89,12 @@ TAILQ_HEAD(exec_list_head, execlist);
 static struct exec_list_head exec_list = TAILQ_HEAD_INITIALIZER(exec_list);
 /* XXX This should be vm_size_t. */
-static u_long ps_strings = PS_STRINGS;
+SYSCTL_PROC(_kern, KERN_PS_STRINGS, ps_strings, CTLTYPE_ULONG|CTLFLAG_RD,
-SYSCTL_ULONG(_kern, KERN_PS_STRINGS, ps_strings, CTLFLAG_RD, &ps_strings,
+    NULL, 0, sysctl_kern_ps_strings, "LU", "");
    0, "");
 /* XXX This should be vm_size_t. */
-static u_long usrstack = USRSTACK;
+SYSCTL_PROC(_kern, KERN_USRSTACK, usrstack, CTLTYPE_ULONG|CTLFLAG_RD,
-SYSCTL_ULONG(_kern, KERN_USRSTACK, usrstack, CTLFLAG_RD, &usrstack, 0, "");
+    NULL, 0, sysctl_kern_usrstack, "LU", "");
 u_long ps_arg_cache_limit = PAGE_SIZE / 16;
 SYSCTL_ULONG(_kern, OID_AUTO, ps_arg_cache_limit, CTLFLAG_RW, 
@ -107,6 +109,26 @@ static int regstkpages = 256;
 SYSCTL_INT(_machdep, OID_AUTO, regstkpages, CTLFLAG_RW, &regstkpages, 0, "");
 #endif
 static int
 sysctl_kern_ps_strings(SYSCTL_HANDLER_ARGS)
 {
 	struct proc *p;
 	p = curproc;
 	return (SYSCTL_OUT(req, &p->p_sysent->sv_psstrings,
 	   sizeof(p->p_sysent->sv_psstrings)));
 }
 static int
 sysctl_kern_usrstack(SYSCTL_HANDLER_ARGS)
 {
 	struct proc *p;
 	p = curproc;
 	return (SYSCTL_OUT(req, &p->p_sysent->sv_usrstack,
 	    sizeof(p->p_sysent->sv_usrstack)));
 }
 /*
 * Each of the items is a pointer to a `const struct execsw', hence the
 * double pointer here.
@ -688,18 +710,20 @@ exec_unmap_first_page(imgp)
 *	automatically in trap.c.
 */
 int
-exec_new_vmspace(imgp, minuser, maxuser, stack_addr)
+exec_new_vmspace(imgp, sv)
 	struct image_params *imgp;
-	vm_offset_t minuser, maxuser, stack_addr;
+	struct sysentvec *sv;
 {
 	int error;
 	struct execlist *ep;
 	struct proc *p = imgp->proc;
 	struct vmspace *vmspace = p->p_vmspace;
 	vm_offset_t stack_addr;
 	vm_map_t map;
 	GIANT_REQUIRED;
-	stack_addr = stack_addr - maxssiz;
+	stack_addr = sv->sv_usrstack - maxssiz;
 	imgp->vmspace_destroyed = 1;
@ -714,21 +738,23 @@ exec_new_vmspace(imgp, minuser, maxuser, stack_addr)
 	 * otherwise, create a new VM space so that other threads are
 	 * not disrupted
 	 */
-	if (vmspace->vm_refcnt == 1 &&
+	map = &vmspace->vm_map;
-	    vm_map_min(&vmspace->vm_map) == minuser &&
+	if (vmspace->vm_refcnt == 1 && vm_map_min(map) == sv->sv_minuser &&
-	    vm_map_max(&vmspace->vm_map) == maxuser) {
+	    vm_map_max(map) == sv->sv_maxuser) {
 		if (vmspace->vm_shm)
 			shmexit(p);
-		pmap_remove_pages(vmspace_pmap(vmspace), minuser, maxuser);
+		pmap_remove_pages(vmspace_pmap(vmspace), vm_map_min(map),
-		vm_map_remove(&vmspace->vm_map, minuser, maxuser);
+		    vm_map_max(map));
 		vm_map_remove(map, vm_map_min(map), vm_map_max(map));
 	} else {
-		vmspace_exec(p, minuser, maxuser);
+		vmspace_exec(p, sv->sv_minuser, sv->sv_maxuser);
 		vmspace = p->p_vmspace;
 		map = &vmspace->vm_map;
 	}
 	/* Allocate a new stack */
-	error = vm_map_stack(&vmspace->vm_map, stack_addr, (vm_size_t)maxssiz,
+	error = vm_map_stack(map, stack_addr, (vm_size_t)maxssiz,
-	    VM_PROT_ALL, VM_PROT_ALL, 0);
+	    sv->sv_stackprot, VM_PROT_ALL, 0);
 	if (error)
 		return (error);
@ -740,8 +766,8 @@ exec_new_vmspace(imgp, minuser, maxuser, stack_addr)
 		 * store to grow upwards. This will do for now.
 		 */
 		vm_offset_t bsaddr;
-		bsaddr = USRSTACK - 2 * maxssiz;
+		bsaddr = p->p_sysent->sv_usrstack - 2 * maxssiz;
-		error = vm_map_find(&vmspace->vm_map, 0, 0, &bsaddr,
+		error = vm_map_find(map, 0, 0, &bsaddr,
 		    regstkpages * PAGE_SIZE, 0, VM_PROT_ALL, VM_PROT_ALL, 0);
 		FIRST_THREAD_IN_PROC(p)->td_md.md_bspstore = bsaddr;
 	}
@ -752,7 +778,7 @@ exec_new_vmspace(imgp, minuser, maxuser, stack_addr)
 	 * process stack so we can check the stack rlimit.
 	 */
 	vmspace->vm_ssize = sgrowsiz >> PAGE_SHIFT;
-	vmspace->vm_maxsaddr = (char *)USRSTACK - maxssiz;
+	vmspace->vm_maxsaddr = (char *)sv->sv_usrstack - maxssiz;
 	return (0);
 }
@ -851,7 +877,7 @@ exec_copyout_strings(imgp)
 	 */
 	p = imgp->proc;
 	szsigcode = 0;
-	arginfo = (struct ps_strings *)PS_STRINGS;
+	arginfo = (struct ps_strings *)p->p_sysent->sv_psstrings;
 	if (p->p_sysent->sv_szsigcode != NULL)
 		szsigcode = *(p->p_sysent->sv_szsigcode);
 	destp =	(caddr_t)arginfo - szsigcode - SPARE_USRSPACE -
--- a/sys/kern/kern_exit.c
+++ b/sys/kern/kern_exit.c
@ -287,10 +287,10 @@ exit1(td, rv)
 	if (--vm->vm_refcnt == 0) {
 		if (vm->vm_shm)
 			shmexit(p);
-		pmap_remove_pages(vmspace_pmap(vm), VM_MIN_ADDRESS,
+		pmap_remove_pages(vmspace_pmap(vm), vm_map_min(&vm->vm_map),
-		    VM_MAXUSER_ADDRESS);
+		    vm_map_max(&vm->vm_map));
-		(void) vm_map_remove(&vm->vm_map, VM_MIN_ADDRESS,
+		(void) vm_map_remove(&vm->vm_map, vm_map_min(&vm->vm_map),
-		    VM_MAXUSER_ADDRESS);
+		    vm_map_max(&vm->vm_map));
 		vm->vm_freer = p;
 	}
--- a/sys/kern/kern_resource.c
+++ b/sys/kern/kern_resource.c
@ -52,6 +52,7 @@
 #include <sys/proc.h>
 #include <sys/resourcevar.h>
 #include <sys/sx.h>
 #include <sys/sysent.h>
 #include <sys/time.h>
 #include <vm/vm.h>
@ -593,13 +594,15 @@ dosetrlimit(td, which, limp)
 			vm_prot_t prot;
 			if (limp->rlim_cur > alimp->rlim_cur) {
-				prot = VM_PROT_ALL;
+				prot = p->p_sysent->sv_stackprot;
 				size = limp->rlim_cur - alimp->rlim_cur;
-				addr = USRSTACK - limp->rlim_cur;
+				addr = p->p_sysent->sv_usrstack -
 				    limp->rlim_cur;
 			} else {
 				prot = VM_PROT_NONE;
 				size = alimp->rlim_cur - limp->rlim_cur;
-				addr = USRSTACK - alimp->rlim_cur;
+				addr = p->p_sysent->sv_usrstack -
 				    alimp->rlim_cur;
 			}
 			addr = trunc_page(addr);
 			size = round_page(size);
--- a/sys/sys/imgact.h
+++ b/sys/sys/imgact.h
@ -38,6 +38,7 @@
 #define MAXSHELLCMDLEN	128
 struct sysentvec;
 struct thread;
 struct vm_object;
@ -69,8 +70,7 @@ struct image_params {
 int	exec_check_permissions(struct image_params *);
 register_t *exec_copyout_strings(struct image_params *);
 int	exec_extract_strings(struct image_params *);
-int	exec_new_vmspace(struct image_params *, vm_offset_t, vm_offset_t,
+int	exec_new_vmspace(struct image_params *, struct sysentvec *);
    vm_offset_t);
 void	exec_setregs(struct thread *, u_long, u_long, u_long);
 int	exec_shell_imgact(struct image_params *);
 #endif
--- a/sys/vm/vm_glue.c
+++ b/sys/vm/vm_glue.c
@ -149,26 +149,18 @@ useracc(addr, len, rw)
 {
 	boolean_t rv;
 	vm_prot_t prot;
 	vm_map_t map;
 	KASSERT((rw & ~VM_PROT_ALL) == 0,
 	    ("illegal ``rw'' argument to useracc (%x)\n", rw));
 	prot = rw;
-	/*
+	map = &curproc->p_vmspace->vm_map;
-	 * XXX - check separately to disallow access to user area and user
+	if ((vm_offset_t)addr + len > vm_map_max(map) ||
-	 * page tables - they are in the map.
+	    (vm_offset_t)addr + len < (vm_offset_t)addr) {
 	 *
 	 * XXX - VM_MAXUSER_ADDRESS is an end address, not a max.  It was once
 	 * only used (as an end address) in trap.c.  Use it as an end address
 	 * here too.  This bogusness has spread.  I just fixed where it was
 	 * used as a max in vm_mmap.c.
 	 */
 	if ((vm_offset_t) addr + len > /* XXX */ VM_MAXUSER_ADDRESS
 	    || (vm_offset_t) addr + len < (vm_offset_t) addr) {
 		return (FALSE);
 	}
-	rv = vm_map_check_protection(&curproc->p_vmspace->vm_map,
+	rv = vm_map_check_protection(map, trunc_page((vm_offset_t)addr),
-	    trunc_page((vm_offset_t)addr), round_page((vm_offset_t)addr + len),
+	    round_page((vm_offset_t)addr + len), prot);
 	    prot);
 	return (rv == TRUE);
 }
--- a/sys/vm/vm_map.c
+++ b/sys/vm/vm_map.c
@ -78,6 +78,7 @@
 #include <sys/mman.h>
 #include <sys/vnode.h>
 #include <sys/resourcevar.h>
 #include <sys/sysent.h>
 #include <vm/vm.h>
 #include <vm/vm_param.h>
@ -2364,7 +2365,7 @@ vm_map_stack (vm_map_t map, vm_offset_t addrbos, vm_size_t max_ssize,
 	vm_size_t      init_ssize;
 	int            rv;
-	if (VM_MIN_ADDRESS > 0 && addrbos < VM_MIN_ADDRESS)
+	if (addrbos < vm_map_min(map))
 		return (KERN_NO_SPACE);
 	if (max_ssize < sgrowsiz)
@ -2552,9 +2553,7 @@ Retry:
 	}
 	rv = vm_map_insert(map, NULL, 0, addr, stack_entry->start,
-			   VM_PROT_ALL,
+	    p->p_sysent->sv_stackprot, VM_PROT_ALL, 0);
 			   VM_PROT_ALL,
 			   0);
 	/* Adjust the available stack space by the amount we grew. */
 	if (rv == KERN_SUCCESS) {
--- a/sys/vm/vm_mmap.c
+++ b/sys/vm/vm_mmap.c
@ -257,12 +257,9 @@ mmap(td, uap)
 		if (addr & PAGE_MASK)
 			return (EINVAL);
 		/* Address range must be all in user VM space. */
-		if (VM_MAXUSER_ADDRESS > 0 && addr + size > VM_MAXUSER_ADDRESS)
+		if (addr < vm_map_min(&vms->vm_map) ||
 		    addr + size > vm_map_max(&vms->vm_map))
 			return (EINVAL);
 #ifndef __i386__
 		if (VM_MIN_ADDRESS > 0 && addr < VM_MIN_ADDRESS)
 			return (EINVAL);
 #endif
 		if (addr + size < addr)
 			return (EINVAL);
 	}
@ -611,16 +608,11 @@ munmap(td, uap)
 		return (0);
 	/*
-	 * Check for illegal addresses.  Watch out for address wrap... Note
+	 * Check for illegal addresses.  Watch out for address wrap...
 	 * that VM_*_ADDRESS are not constants due to casts (argh).
 	 */
 	if (VM_MAXUSER_ADDRESS > 0 && addr + size > VM_MAXUSER_ADDRESS)
 		return (EINVAL);
 #ifndef __i386__
 	if (VM_MIN_ADDRESS > 0 && addr < VM_MIN_ADDRESS)
 		return (EINVAL);
 #endif
 	map = &td->td_proc->p_vmspace->vm_map;
 	if (addr < vm_map_min(map) || addr + size > vm_map_max(map))
 		return (EINVAL);
 	/*
 	 * Make sure entire range is allocated.
 	 */
@ -749,6 +741,7 @@ madvise(td, uap)
 	struct madvise_args *uap;
 {
 	vm_offset_t start, end;
 	vm_map_t map;
 	/*
 	 * Check for illegal behavior
@ -759,13 +752,10 @@ madvise(td, uap)
 	 * Check for illegal addresses.  Watch out for address wrap... Note
 	 * that VM_*_ADDRESS are not constants due to casts (argh).
 	 */
-	if (VM_MAXUSER_ADDRESS > 0 &&
+	map = &td->td_proc->p_vmspace->vm_map;
-		((vm_offset_t) uap->addr + uap->len) > VM_MAXUSER_ADDRESS)
+	if ((vm_offset_t)uap->addr < vm_map_min(map) ||
 	    (vm_offset_t)uap->addr + uap->len > vm_map_max(map))
 		return (EINVAL);
 #ifndef __i386__
 	if (VM_MIN_ADDRESS > 0 && uap->addr < VM_MIN_ADDRESS)
 		return (EINVAL);
 #endif
 	if (((vm_offset_t) uap->addr + uap->len) < (vm_offset_t) uap->addr)
 		return (EINVAL);
@ -776,8 +766,7 @@ madvise(td, uap)
 	start = trunc_page((vm_offset_t) uap->addr);
 	end = round_page((vm_offset_t) uap->addr + uap->len);
-	if (vm_map_madvise(&td->td_proc->p_vmspace->vm_map, start, end,
+	if (vm_map_madvise(map, start, end, uap->behav))
 	    uap->behav))
 		return (EINVAL);
 	return (0);
 }
@ -817,9 +806,8 @@ mincore(td, uap)
 	 */
 	first_addr = addr = trunc_page((vm_offset_t) uap->addr);
 	end = addr + (vm_size_t)round_page(uap->len);
-	if (VM_MAXUSER_ADDRESS > 0 && end > VM_MAXUSER_ADDRESS)
+	map = &td->td_proc->p_vmspace->vm_map;
-		return (EINVAL);
+	if (end > vm_map_max(map) || end < addr)
 	if (end < addr)
 		return (EINVAL);
 	/*
@ -828,7 +816,6 @@ mincore(td, uap)
 	vec = uap->vec;
 	mtx_lock(&Giant);
 	map = &td->td_proc->p_vmspace->vm_map;
 	pmap = vmspace_pmap(td->td_proc->p_vmspace);
 	vm_map_lock_read(map);
--- a/sys/vm/vm_pageout.c
+++ b/sys/vm/vm_pageout.c
@ -596,8 +596,8 @@ vm_pageout_map_deactivate_pages(map, desired)
 	 * table pages.
 	 */
 	if (desired == 0 && nothingwired)
-		pmap_remove(vm_map_pmap(map),
+		pmap_remove(vm_map_pmap(map), vm_map_min(map),
-			VM_MIN_ADDRESS, VM_MAXUSER_ADDRESS);
+		    vm_map_max(map));
 	vm_map_unlock(map);
 	return;
 }
--- a/sys/vm/vm_unix.c
+++ b/sys/vm/vm_unix.c
@ -93,7 +93,7 @@ obreak(td, uap)
 			error = ENOMEM;
 			goto done;
 		}
-		if (new > VM_MAXUSER_ADDRESS) {
+		if (new > vm_map_max(&vm->vm_map)) {
 			error = ENOMEM;
 			goto done;
 		}