Call for testing - ASLR patch

I have a small and straightforward yet feature-packed patch to implement ASLR for FreeBSD available for broader testing. The patch can be fetched from https://www.kib.kiev.ua/kib/aslr/aslr.5.patch . With this change, randomization is applied to all non-fixed mappings. By randomization I mean the base address for the mapping is selected with a guaranteed amount of entropy (bits). If the mapping was requested to be superpage aligned, the randomization honours the superpage attributes. The randomization is done on a best-effort basis - that is, the allocator falls back to a first fit strategy if fragmentation prevents entropy injection. It is trivial to implement a strong mode where failure to guarantee the requested amount of entropy results in mapping request failure, but I do not consider that to be usable. I have not fine-tuned the amount of entropy injected right now. It is only a quantitive change that will not change the implementation. The current amount is controlled by aslr_pages_rnd. To not spoil coalescing optimizations, to reduce the page table fragmentation inherent to ASLR, and to keep the transient superpage promotion for the malloced memory, the locality is implemented for anonymous private mappings, which are automatically grouped until fragmentation kicks in. The initial location for the anon group range is, of course, randomized. The default mode keeps the sbrk area unpopulated by other mappings, but this can be turned off, which gives much more breathing bits on the small AS architectures (funny that 32bits is considered small). This is tied with the question of following an application's hint about the mmap(2) base address. Testing shows that ignoring the hint does not affect the function of common applications, but I would expect more demanding code could break. By default sbrk is preserved and mmap hints are satisfied, which can be changed by using the kern.elf{32,64}.aslr_care_sbrk sysctl. Stack gap, W^X, shared page randomization, KASLR and other techniques are explicitely out of scope of this work. The paxtest results for the run with the patch applied and aggresively tuned can be seen at the https://www.kib.kiev.ua/kib/aslr/paxtest.log . For comparision, the run on Fedora 23 on the same machine is at https://www.kib.kiev.ua/kib/aslr/fedora.log . ASLR is enabled on per-ABI basis, and currently it is only enabled on native i386 and amd64 (including compat 32bit) ABIs. I expect to test and enable ASLR for armv6 and arm64 as well, later. The procctl(2) control for ASLR is implemented, by I have not provided a userspace wrapper around the syscall. In fact, the most reasonable control needed is per-image and not per-process, but we have no tradition to put the kernel-read attributes into the extattrs of binary, so I am still pondering that part and this also explains the non-written tool. Thanks to Oliver Pinter and Shawn Webb of the HardenedBSD project for pursuing ASLR for FreeBSD. Although this work is not based on theirs, it was inspired by their efforts. Thanks to Ed Maste, Robert Watson, John Baldwin, and Alan Cox for some discussions about the patch, and for The FreeBSD Foundation for directing me.