Use the fields in the sysentvec and in the vm map header in place of the

constants VM_MIN_ADDRESS, VM_MAXUSER_ADDRESS, USRSTACK and PS_STRINGS.
This is mainly so that they can be variable even for the native abi, based
on different machine types.  Get stack protections from the sysentvec too.
This makes it trivial to map the stack non-executable for certain abis, on
machines that support it.

20 files changed, 102 insertions, 93 deletions

diff --git a/sys/alpha/osf1/imgact_osf1.c b/sys/alpha/osf1/imgact_osf1.c
index 1a44189ca99b..d6331823a8e2 100644
--- a/sys/alpha/osf1/imgact_osf1.c
+++ b/sys/alpha/osf1/imgact_osf1.c
@@ -177,7 +177,7 @@ exec_osf1_imgact(struct image_params *imgp)
 	/*
 	 * Destroy old process VM and create a new one (with a new stack).
 	 */
-	exec_new_vmspace(imgp, VM_MIN_ADDRESS, VM_MAXUSER_ADDRESS, USRSTACK);
+	exec_new_vmspace(imgp, &osf1_sysvec);
 
 	/*
 	 * The vm space can now be changed.
diff --git a/sys/compat/linprocfs/linprocfs.c b/sys/compat/linprocfs/linprocfs.c
index 74280d653a06..d0db2936b56e 100644
--- a/sys/compat/linprocfs/linprocfs.c
+++ b/sys/compat/linprocfs/linprocfs.c
@@ -701,7 +701,8 @@ linprocfs_doproccmdline(PFS_FILL_ARGS)
 		sbuf_printf(sb, "%.*s", MAXCOMLEN, p->p_comm);
 	} else {
 		PROC_UNLOCK(p);
-		error = copyin((void*)PS_STRINGS, &pstr, sizeof(pstr));
+		error = copyin((void *)p->p_sysent->sv_psstrings, &pstr,
+		    sizeof(pstr));
 		if (error)
 			return (error);
 		for (i = 0; i < pstr.ps_nargvstr; i++) {
diff --git a/sys/compat/pecoff/imgact_pecoff.c b/sys/compat/pecoff/imgact_pecoff.c
index 812aa5eb0a6c..1d70189fb247 100644
--- a/sys/compat/pecoff/imgact_pecoff.c
+++ b/sys/compat/pecoff/imgact_pecoff.c
@@ -486,7 +486,7 @@ exec_pecoff_coff_prep_zmagic(struct image_params * imgp,
 	    peofs + PECOFF_HDR_SIZE, (caddr_t) sh, scnsiz);
 	if ((error = exec_extract_strings(imgp)) != 0)
 		goto fail;
-	exec_new_vmspace(imgp, VM_MIN_ADDRESS, VM_MAXUSER_ADDRESS, USRSTACK);
+	exec_new_vmspace(imgp, &pecoff_sysvec);
 	vmspace = imgp->proc->p_vmspace;
 	for (i = 0; i < fp->f_nscns; i++) {
 		prot = VM_PROT_WRITE;	/* XXX for relocation? */
diff --git a/sys/compat/svr4/imgact_svr4.c b/sys/compat/svr4/imgact_svr4.c
index 3032c541645f..693793ac522a 100644
--- a/sys/compat/svr4/imgact_svr4.c
+++ b/sys/compat/svr4/imgact_svr4.c
@@ -122,7 +122,7 @@ exec_svr4_imgact(imgp)
     /*
      * Destroy old process VM and create a new one (with a new stack)
      */
-    exec_new_vmspace(imgp, VM_MIN_ADDRESS, VM_MAXUSER_ADDRESS, USRSTACK);
+    exec_new_vmspace(imgp, &svr4_sysvec);
     vmspace = imgp->proc->p_vmspace;
 
     /*
diff --git a/sys/fs/procfs/procfs_status.c b/sys/fs/procfs/procfs_status.c
index 6e5711b0fe2b..9e255aedaa8a 100644
--- a/sys/fs/procfs/procfs_status.c
+++ b/sys/fs/procfs/procfs_status.c
@@ -53,6 +53,7 @@
 #include <sys/proc.h>
 #include <sys/resourcevar.h>
 #include <sys/sbuf.h>
+#include <sys/sysent.h>
 #include <sys/tty.h>
 
 #include <vm/vm.h>
@@ -191,7 +192,8 @@ procfs_doproccmdline(PFS_FILL_ARGS)
 	if (p != td->td_proc) {
 		sbuf_printf(sb, "%.*s", MAXCOMLEN, p->p_comm);
 	} else {
-		error = copyin((void*)PS_STRINGS, &pstr, sizeof(pstr));
+		error = copyin((void *)p->p_sysent->sv_psstrings, &pstr,
+		    sizeof(pstr));
 		if (error)
 			return (error);
 		for (i = 0; i < pstr.ps_nargvstr; i++) {
diff --git a/sys/i386/ibcs2/imgact_coff.c b/sys/i386/ibcs2/imgact_coff.c
index 8cf447572598..fb5f537566f7 100644
--- a/sys/i386/ibcs2/imgact_coff.c
+++ b/sys/i386/ibcs2/imgact_coff.c
@@ -336,7 +336,7 @@ exec_coff_imgact(imgp)
 		goto fail;
 	}
 
-	exec_new_vmspace(imgp, VM_MIN_ADDRESS, VM_MAXUSER_ADDRESS, USRSTACK);
+	exec_new_vmspace(imgp, &ibcs2_svr3_sysvec);
 	vmspace = imgp->proc->p_vmspace;
 
 	for (i = 0; i < nscns; i++) {
diff --git a/sys/i386/linux/imgact_linux.c b/sys/i386/linux/imgact_linux.c
index 4b493d17f4c2..934902cd8b86 100644
--- a/sys/i386/linux/imgact_linux.c
+++ b/sys/i386/linux/imgact_linux.c
@@ -121,7 +121,7 @@ exec_linux_imgact(imgp)
     /*
      * Destroy old process VM and create a new one (with a new stack)
      */
-    exec_new_vmspace(imgp, VM_MIN_ADDRESS, VM_MAXUSER_ADDRESS, USRSTACK);
+    exec_new_vmspace(imgp, &linux_sysvec);
     vmspace = imgp->proc->p_vmspace;
 
     /*
diff --git a/sys/kern/imgact_aout.c b/sys/kern/imgact_aout.c
index 8903988791ba..e96054a19bed 100644
--- a/sys/kern/imgact_aout.c
+++ b/sys/kern/imgact_aout.c
@@ -140,7 +140,7 @@ exec_aout_imgact(imgp)
 		file_offset = 0;
 		/* Pass PS_STRINGS for BSD/OS binaries only. */
 		if (N_GETMID(*a_out) == MID_ZERO)
-			imgp->ps_strings = PS_STRINGS;
+			imgp->ps_strings = aout_sysvec.sv_psstrings;
 		break;
 	default:
 		/* NetBSD compatibility */
@@ -192,7 +192,7 @@ exec_aout_imgact(imgp)
 	/*
 	 * Destroy old process VM and create a new one (with a new stack)
 	 */
-	exec_new_vmspace(imgp, VM_MIN_ADDRESS, VM_MAXUSER_ADDRESS, USRSTACK);
+	exec_new_vmspace(imgp, &aout_sysvec);
 
 	/*
 	 * The vm space can be changed by exec_new_vmspace
@@ -299,8 +299,8 @@ aout_coredump(td, vp, limit)
 		    IO_UNIT | IO_DIRECT, cred, NOCRED, (int *) NULL, td);
 	if (error == 0)
 		error = vn_rdwr_inchunks(UIO_WRITE, vp,
-		    (caddr_t)trunc_page(USRSTACK - ctob(vm->vm_ssize)),
-		    round_page(ctob(vm->vm_ssize)),
+		    (caddr_t)trunc_page(p->p_sysent->sv_usrstack -
+		    ctob(vm->vm_ssize)), round_page(ctob(vm->vm_ssize)),
 		    (off_t)ctob(uarea_pages + kstack_pages) +
 		        ctob(vm->vm_dsize), UIO_USERSPACE,
 		    IO_UNIT | IO_DIRECT, cred, NOCRED, (int *) NULL, td);
diff --git a/sys/kern/imgact_elf.c b/sys/kern/imgact_elf.c
index 01e1bd26cd4d..7ff8dd834e49 100644
--- a/sys/kern/imgact_elf.c
+++ b/sys/kern/imgact_elf.c
@@ -699,8 +699,7 @@ __CONCAT(exec_, __elfN(imgact))(struct image_params *imgp)
 	if ((error = exec_extract_strings(imgp)) != 0)
 		goto fail;
 
-	exec_new_vmspace(imgp, sv->sv_minuser, sv->sv_maxuser,
-	    sv->sv_usrstack);
+	exec_new_vmspace(imgp, sv);
 
 	vmspace = imgp->proc->p_vmspace;
 
diff --git a/sys/kern/imgact_gzip.c b/sys/kern/imgact_gzip.c
index 3268413fd1e0..1ea1ad44c50c 100644
--- a/sys/kern/imgact_gzip.c
+++ b/sys/kern/imgact_gzip.c
@@ -229,7 +229,7 @@ do_aout_hdr(struct imgact_gzip * gz)
 	/*
 	 * Destroy old process VM and create a new one (with a new stack)
 	 */
-	exec_new_vmspace(gz->ip, VM_MIN_ADDRESS, VM_MAXUSER_ADDRESS, USRSTACK);
+	exec_new_vmspace(gz->ip, &aout_sysvec);
 
 	vmspace = gz->ip->proc->p_vmspace;
 
diff --git a/sys/kern/init_main.c b/sys/kern/init_main.c
index 93afb1d9a8c0..49bb73980ef1 100644
--- a/sys/kern/init_main.c
+++ b/sys/kern/init_main.c
@@ -435,8 +435,8 @@ KASSERT((ke->ke_kgrlist.tqe_next != ke), ("linked to self!"));
 	pmap_pinit0(vmspace_pmap(&vmspace0));
 	p->p_vmspace = &vmspace0;
 	vmspace0.vm_refcnt = 1;
-	vm_map_init(&vmspace0.vm_map, round_page(VM_MIN_ADDRESS),
-	    trunc_page(VM_MAXUSER_ADDRESS));
+	vm_map_init(&vmspace0.vm_map, p->p_sysent->sv_minuser,
+	    p->p_sysent->sv_maxuser);
 	vmspace0.vm_map.pmap = vmspace_pmap(&vmspace0);
 
 	/*
@@ -571,7 +571,7 @@ start_init(void *dummy)
 	/*
 	 * Need just enough stack to hold the faked-up "execve()" arguments.
 	 */
-	addr = trunc_page(USRSTACK - PAGE_SIZE);
+	addr = p->p_sysent->sv_usrstack - PAGE_SIZE;
 	if (vm_map_find(&p->p_vmspace->vm_map, NULL, 0, &addr, PAGE_SIZE,
 			FALSE, VM_PROT_ALL, VM_PROT_ALL, 0) != 0)
 		panic("init: couldn't allocate argument space");
@@ -603,7 +603,7 @@ start_init(void *dummy)
 		 * Move out the boot flag argument.
 		 */
 		options = 0;
-		ucp = (char *)USRSTACK;
+		ucp = (char *)p->p_sysent->sv_usrstack;
 		(void)subyte(--ucp, 0);		/* trailing zero */
 		if (boothowto & RB_SINGLE) {
 			(void)subyte(--ucp, 's');
diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c
index 3bad18a32eaa..784ed5c91578 100644
--- a/sys/kern/kern_exec.c
+++ b/sys/kern/kern_exec.c
@@ -74,6 +74,9 @@ MALLOC_DEFINE(M_PARGS, "proc-args", "Process arguments");
 
 static MALLOC_DEFINE(M_ATEXEC, "atexec", "atexec callback");
 
+static int sysctl_kern_ps_strings(SYSCTL_HANDLER_ARGS);
+static int sysctl_kern_usrstack(SYSCTL_HANDLER_ARGS);
+
 /*
  * callout list for things to do at exec time
  */
@@ -86,13 +89,12 @@ TAILQ_HEAD(exec_list_head, execlist);
 static struct exec_list_head exec_list = TAILQ_HEAD_INITIALIZER(exec_list);
 
 /* XXX This should be vm_size_t. */
-static u_long ps_strings = PS_STRINGS;
-SYSCTL_ULONG(_kern, KERN_PS_STRINGS, ps_strings, CTLFLAG_RD, &ps_strings,
-    0, "");
+SYSCTL_PROC(_kern, KERN_PS_STRINGS, ps_strings, CTLTYPE_ULONG|CTLFLAG_RD,
+    NULL, 0, sysctl_kern_ps_strings, "LU", "");
 
 /* XXX This should be vm_size_t. */
-static u_long usrstack = USRSTACK;
-SYSCTL_ULONG(_kern, KERN_USRSTACK, usrstack, CTLFLAG_RD, &usrstack, 0, "");
+SYSCTL_PROC(_kern, KERN_USRSTACK, usrstack, CTLTYPE_ULONG|CTLFLAG_RD,
+    NULL, 0, sysctl_kern_usrstack, "LU", "");
 
 u_long ps_arg_cache_limit = PAGE_SIZE / 16;
 SYSCTL_ULONG(_kern, OID_AUTO, ps_arg_cache_limit, CTLFLAG_RW, 
@@ -107,6 +109,26 @@ static int regstkpages = 256;
 SYSCTL_INT(_machdep, OID_AUTO, regstkpages, CTLFLAG_RW, &regstkpages, 0, "");
 #endif
 
+static int
+sysctl_kern_ps_strings(SYSCTL_HANDLER_ARGS)
+{
+	struct proc *p;
+
+	p = curproc;
+	return (SYSCTL_OUT(req, &p->p_sysent->sv_psstrings,
+	   sizeof(p->p_sysent->sv_psstrings)));
+}
+
+static int
+sysctl_kern_usrstack(SYSCTL_HANDLER_ARGS)
+{
+	struct proc *p;
+
+	p = curproc;
+	return (SYSCTL_OUT(req, &p->p_sysent->sv_usrstack,
+	    sizeof(p->p_sysent->sv_usrstack)));
+}
+
 /*
  * Each of the items is a pointer to a `const struct execsw', hence the
  * double pointer here.
@@ -688,18 +710,20 @@ exec_unmap_first_page(imgp)
  *	automatically in trap.c.
  */
 int
-exec_new_vmspace(imgp, minuser, maxuser, stack_addr)
+exec_new_vmspace(imgp, sv)
 	struct image_params *imgp;
-	vm_offset_t minuser, maxuser, stack_addr;
+	struct sysentvec *sv;
 {
 	int error;
 	struct execlist *ep;
 	struct proc *p = imgp->proc;
 	struct vmspace *vmspace = p->p_vmspace;
+	vm_offset_t stack_addr;
+	vm_map_t map;
 
 	GIANT_REQUIRED;
 
-	stack_addr = stack_addr - maxssiz;
+	stack_addr = sv->sv_usrstack - maxssiz;
 
 	imgp->vmspace_destroyed = 1;
 
@@ -714,21 +738,23 @@ exec_new_vmspace(imgp, minuser, maxuser, stack_addr)
 	 * otherwise, create a new VM space so that other threads are
 	 * not disrupted
 	 */
-	if (vmspace->vm_refcnt == 1 &&
-	    vm_map_min(&vmspace->vm_map) == minuser &&
-	    vm_map_max(&vmspace->vm_map) == maxuser) {
+	map = &vmspace->vm_map;
+	if (vmspace->vm_refcnt == 1 && vm_map_min(map) == sv->sv_minuser &&
+	    vm_map_max(map) == sv->sv_maxuser) {
 		if (vmspace->vm_shm)
 			shmexit(p);
-		pmap_remove_pages(vmspace_pmap(vmspace), minuser, maxuser);
-		vm_map_remove(&vmspace->vm_map, minuser, maxuser);
+		pmap_remove_pages(vmspace_pmap(vmspace), vm_map_min(map),
+		    vm_map_max(map));
+		vm_map_remove(map, vm_map_min(map), vm_map_max(map));
 	} else {
-		vmspace_exec(p, minuser, maxuser);
+		vmspace_exec(p, sv->sv_minuser, sv->sv_maxuser);
 		vmspace = p->p_vmspace;
+		map = &vmspace->vm_map;
 	}
 
 	/* Allocate a new stack */
-	error = vm_map_stack(&vmspace->vm_map, stack_addr, (vm_size_t)maxssiz,
-	    VM_PROT_ALL, VM_PROT_ALL, 0);
+	error = vm_map_stack(map, stack_addr, (vm_size_t)maxssiz,
+	    sv->sv_stackprot, VM_PROT_ALL, 0);
 	if (error)
 		return (error);
 
@@ -740,8 +766,8 @@ exec_new_vmspace(imgp, minuser, maxuser, stack_addr)
 		 * store to grow upwards. This will do for now.
 		 */
 		vm_offset_t bsaddr;
-		bsaddr = USRSTACK - 2 * maxssiz;
-		error = vm_map_find(&vmspace->vm_map, 0, 0, &bsaddr,
+		bsaddr = p->p_sysent->sv_usrstack - 2 * maxssiz;
+		error = vm_map_find(map, 0, 0, &bsaddr,
 		    regstkpages * PAGE_SIZE, 0, VM_PROT_ALL, VM_PROT_ALL, 0);
 		FIRST_THREAD_IN_PROC(p)->td_md.md_bspstore = bsaddr;
 	}
@@ -752,7 +778,7 @@ exec_new_vmspace(imgp, minuser, maxuser, stack_addr)
 	 * process stack so we can check the stack rlimit.
 	 */
 	vmspace->vm_ssize = sgrowsiz >> PAGE_SHIFT;
-	vmspace->vm_maxsaddr = (char *)USRSTACK - maxssiz;
+	vmspace->vm_maxsaddr = (char *)sv->sv_usrstack - maxssiz;
 
 	return (0);
 }
@@ -851,7 +877,7 @@ exec_copyout_strings(imgp)
 	 */
 	p = imgp->proc;
 	szsigcode = 0;
-	arginfo = (struct ps_strings *)PS_STRINGS;
+	arginfo = (struct ps_strings *)p->p_sysent->sv_psstrings;
 	if (p->p_sysent->sv_szsigcode != NULL)
 		szsigcode = *(p->p_sysent->sv_szsigcode);
 	destp =	(caddr_t)arginfo - szsigcode - SPARE_USRSPACE -
diff --git a/sys/kern/kern_exit.c b/sys/kern/kern_exit.c
index d08df3a27e3a..1725d5477e96 100644
--- a/sys/kern/kern_exit.c
+++ b/sys/kern/kern_exit.c
@@ -287,10 +287,10 @@ exit1(td, rv)
 	if (--vm->vm_refcnt == 0) {
 		if (vm->vm_shm)
 			shmexit(p);
-		pmap_remove_pages(vmspace_pmap(vm), VM_MIN_ADDRESS,
-		    VM_MAXUSER_ADDRESS);
-		(void) vm_map_remove(&vm->vm_map, VM_MIN_ADDRESS,
-		    VM_MAXUSER_ADDRESS);
+		pmap_remove_pages(vmspace_pmap(vm), vm_map_min(&vm->vm_map),
+		    vm_map_max(&vm->vm_map));
+		(void) vm_map_remove(&vm->vm_map, vm_map_min(&vm->vm_map),
+		    vm_map_max(&vm->vm_map));
 		vm->vm_freer = p;
 	}
 
diff --git a/sys/kern/kern_resource.c b/sys/kern/kern_resource.c
index 8f02c1332b54..535756c8e72b 100644
--- a/sys/kern/kern_resource.c
+++ b/sys/kern/kern_resource.c
@@ -52,6 +52,7 @@
 #include <sys/proc.h>
 #include <sys/resourcevar.h>
 #include <sys/sx.h>
+#include <sys/sysent.h>
 #include <sys/time.h>
 
 #include <vm/vm.h>
@@ -593,13 +594,15 @@ dosetrlimit(td, which, limp)
 			vm_prot_t prot;
 
 			if (limp->rlim_cur > alimp->rlim_cur) {
-				prot = VM_PROT_ALL;
+				prot = p->p_sysent->sv_stackprot;
 				size = limp->rlim_cur - alimp->rlim_cur;
-				addr = USRSTACK - limp->rlim_cur;
+				addr = p->p_sysent->sv_usrstack -
+				    limp->rlim_cur;
 			} else {
 				prot = VM_PROT_NONE;
 				size = alimp->rlim_cur - limp->rlim_cur;
-				addr = USRSTACK - alimp->rlim_cur;
+				addr = p->p_sysent->sv_usrstack -
+				    alimp->rlim_cur;
 			}
 			addr = trunc_page(addr);
 			size = round_page(size);
diff --git a/sys/sys/imgact.h b/sys/sys/imgact.h
index 6b43692b75f4..d2ea2cddeb4b 100644
--- a/sys/sys/imgact.h
+++ b/sys/sys/imgact.h
@@ -38,6 +38,7 @@
 
 #define MAXSHELLCMDLEN	128
 
+struct sysentvec;
 struct thread;
 struct vm_object;
 
@@ -69,8 +70,7 @@ struct image_params {
 int	exec_check_permissions(struct image_params *);
 register_t *exec_copyout_strings(struct image_params *);
 int	exec_extract_strings(struct image_params *);
-int	exec_new_vmspace(struct image_params *, vm_offset_t, vm_offset_t,
-    vm_offset_t);
+int	exec_new_vmspace(struct image_params *, struct sysentvec *);
 void	exec_setregs(struct thread *, u_long, u_long, u_long);
 int	exec_shell_imgact(struct image_params *);
 #endif
diff --git a/sys/vm/vm_glue.c b/sys/vm/vm_glue.c
index fd18159930aa..3b09a4b050e3 100644
--- a/sys/vm/vm_glue.c
+++ b/sys/vm/vm_glue.c
@@ -149,26 +149,18 @@ useracc(addr, len, rw)
 {
 	boolean_t rv;
 	vm_prot_t prot;
+	vm_map_t map;
 
 	KASSERT((rw & ~VM_PROT_ALL) == 0,
 	    ("illegal ``rw'' argument to useracc (%x)\n", rw));
 	prot = rw;
-	/*
-	 * XXX - check separately to disallow access to user area and user
-	 * page tables - they are in the map.
-	 *
-	 * XXX - VM_MAXUSER_ADDRESS is an end address, not a max.  It was once
-	 * only used (as an end address) in trap.c.  Use it as an end address
-	 * here too.  This bogusness has spread.  I just fixed where it was
-	 * used as a max in vm_mmap.c.
-	 */
-	if ((vm_offset_t) addr + len > /* XXX */ VM_MAXUSER_ADDRESS
-	    || (vm_offset_t) addr + len < (vm_offset_t) addr) {
+	map = &curproc->p_vmspace->vm_map;
+	if ((vm_offset_t)addr + len > vm_map_max(map) ||
+	    (vm_offset_t)addr + len < (vm_offset_t)addr) {
 		return (FALSE);
 	}
-	rv = vm_map_check_protection(&curproc->p_vmspace->vm_map,
-	    trunc_page((vm_offset_t)addr), round_page((vm_offset_t)addr + len),
-	    prot);
+	rv = vm_map_check_protection(map, trunc_page((vm_offset_t)addr),
+	    round_page((vm_offset_t)addr + len), prot);
 	return (rv == TRUE);
 }
 
diff --git a/sys/vm/vm_map.c b/sys/vm/vm_map.c
index 857514b07bac..386acbcccb68 100644
--- a/sys/vm/vm_map.c
+++ b/sys/vm/vm_map.c
@@ -78,6 +78,7 @@
 #include <sys/mman.h>
 #include <sys/vnode.h>
 #include <sys/resourcevar.h>
+#include <sys/sysent.h>
 
 #include <vm/vm.h>
 #include <vm/vm_param.h>
@@ -2364,7 +2365,7 @@ vm_map_stack (vm_map_t map, vm_offset_t addrbos, vm_size_t max_ssize,
 	vm_size_t      init_ssize;
 	int            rv;
 
-	if (VM_MIN_ADDRESS > 0 && addrbos < VM_MIN_ADDRESS)
+	if (addrbos < vm_map_min(map))
 		return (KERN_NO_SPACE);
 
 	if (max_ssize < sgrowsiz)
@@ -2552,9 +2553,7 @@ Retry:
 	}
 
 	rv = vm_map_insert(map, NULL, 0, addr, stack_entry->start,
-			   VM_PROT_ALL,
-			   VM_PROT_ALL,
-			   0);
+	    p->p_sysent->sv_stackprot, VM_PROT_ALL, 0);
 
 	/* Adjust the available stack space by the amount we grew. */
 	if (rv == KERN_SUCCESS) {
diff --git a/sys/vm/vm_mmap.c b/sys/vm/vm_mmap.c
index b9894a451704..42446fb7c717 100644
--- a/sys/vm/vm_mmap.c
+++ b/sys/vm/vm_mmap.c
@@ -257,12 +257,9 @@ mmap(td, uap)
 		if (addr & PAGE_MASK)
 			return (EINVAL);
 		/* Address range must be all in user VM space. */
-		if (VM_MAXUSER_ADDRESS > 0 && addr + size > VM_MAXUSER_ADDRESS)
+		if (addr < vm_map_min(&vms->vm_map) ||
+		    addr + size > vm_map_max(&vms->vm_map))
 			return (EINVAL);
-#ifndef __i386__
-		if (VM_MIN_ADDRESS > 0 && addr < VM_MIN_ADDRESS)
-			return (EINVAL);
-#endif
 		if (addr + size < addr)
 			return (EINVAL);
 	}
@@ -611,16 +608,11 @@ munmap(td, uap)
 		return (0);
 
 	/*
-	 * Check for illegal addresses.  Watch out for address wrap... Note
-	 * that VM_*_ADDRESS are not constants due to casts (argh).
+	 * Check for illegal addresses.  Watch out for address wrap...
 	 */
-	if (VM_MAXUSER_ADDRESS > 0 && addr + size > VM_MAXUSER_ADDRESS)
-		return (EINVAL);
-#ifndef __i386__
-	if (VM_MIN_ADDRESS > 0 && addr < VM_MIN_ADDRESS)
-		return (EINVAL);
-#endif
 	map = &td->td_proc->p_vmspace->vm_map;
+	if (addr < vm_map_min(map) || addr + size > vm_map_max(map))
+		return (EINVAL);
 	/*
 	 * Make sure entire range is allocated.
 	 */
@@ -749,6 +741,7 @@ madvise(td, uap)
 	struct madvise_args *uap;
 {
 	vm_offset_t start, end;
+	vm_map_t map;
 
 	/*
 	 * Check for illegal behavior
@@ -759,13 +752,10 @@ madvise(td, uap)
 	 * Check for illegal addresses.  Watch out for address wrap... Note
 	 * that VM_*_ADDRESS are not constants due to casts (argh).
 	 */
-	if (VM_MAXUSER_ADDRESS > 0 &&
-		((vm_offset_t) uap->addr + uap->len) > VM_MAXUSER_ADDRESS)
-		return (EINVAL);
-#ifndef __i386__
-	if (VM_MIN_ADDRESS > 0 && uap->addr < VM_MIN_ADDRESS)
+	map = &td->td_proc->p_vmspace->vm_map;
+	if ((vm_offset_t)uap->addr < vm_map_min(map) ||
+	    (vm_offset_t)uap->addr + uap->len > vm_map_max(map))
 		return (EINVAL);
-#endif
 	if (((vm_offset_t) uap->addr + uap->len) < (vm_offset_t) uap->addr)
 		return (EINVAL);
 
@@ -776,8 +766,7 @@ madvise(td, uap)
 	start = trunc_page((vm_offset_t) uap->addr);
 	end = round_page((vm_offset_t) uap->addr + uap->len);
 	
-	if (vm_map_madvise(&td->td_proc->p_vmspace->vm_map, start, end,
-	    uap->behav))
+	if (vm_map_madvise(map, start, end, uap->behav))
 		return (EINVAL);
 	return (0);
 }
@@ -817,9 +806,8 @@ mincore(td, uap)
 	 */
 	first_addr = addr = trunc_page((vm_offset_t) uap->addr);
 	end = addr + (vm_size_t)round_page(uap->len);
-	if (VM_MAXUSER_ADDRESS > 0 && end > VM_MAXUSER_ADDRESS)
-		return (EINVAL);
-	if (end < addr)
+	map = &td->td_proc->p_vmspace->vm_map;
+	if (end > vm_map_max(map) || end < addr)
 		return (EINVAL);
 
 	/*
@@ -828,7 +816,6 @@ mincore(td, uap)
 	vec = uap->vec;
 
 	mtx_lock(&Giant);
-	map = &td->td_proc->p_vmspace->vm_map;
 	pmap = vmspace_pmap(td->td_proc->p_vmspace);
 
 	vm_map_lock_read(map);
diff --git a/sys/vm/vm_pageout.c b/sys/vm/vm_pageout.c
index e20ddfec003f..87a61cc10ae4 100644
--- a/sys/vm/vm_pageout.c
+++ b/sys/vm/vm_pageout.c
@@ -596,8 +596,8 @@ vm_pageout_map_deactivate_pages(map, desired)
 	 * table pages.
 	 */
 	if (desired == 0 && nothingwired)
-		pmap_remove(vm_map_pmap(map),
-			VM_MIN_ADDRESS, VM_MAXUSER_ADDRESS);
+		pmap_remove(vm_map_pmap(map), vm_map_min(map),
+		    vm_map_max(map));
 	vm_map_unlock(map);
 	return;
 }
diff --git a/sys/vm/vm_unix.c b/sys/vm/vm_unix.c
index 1d02f3908155..90bfba2f71b8 100644
--- a/sys/vm/vm_unix.c
+++ b/sys/vm/vm_unix.c
@@ -93,7 +93,7 @@ obreak(td, uap)
 			error = ENOMEM;
 			goto done;
 		}
-		if (new > VM_MAXUSER_ADDRESS) {
+		if (new > vm_map_max(&vm->vm_map)) {
 			error = ENOMEM;
 			goto done;
 		}