7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

*** 35,44 ****
--- 35,45 ----
  #include <sys/atomic.h>
  #include <sys/archsystm.h>
  #include <sys/machsystm.h>
  #include <sys/kdi.h>
  #include <sys/cpu_module.h>
+ #include <sys/secflags.h>
  
  #include <vm/hat_sfmmu.h>
  
  #include <sys/memnode.h>
  
*** 362,371 ****
--- 363,379 ----
  {
          return (valid_va_range_aligned(basep, lenp, minlen, dir, 0, 0, 0));
  }
  
  /*
+  * Default to forbidding the first 64k of address space.  This protects most
+  * reasonably sized structures from dereferences through NULL:
+  *     ((foo_t *)0)->bar
+  */
+ uintptr_t forbidden_null_mapping_sz = 0x10000;
+ 
+ /*
   * Determine whether [addr, addr+len] with protections `prot' are valid
   * for a user address space.
   */
  /*ARGSUSED*/
  int
*** 375,384 ****
--- 383,396 ----
          caddr_t eaddr = addr + len;
  
          if (eaddr <= addr || addr >= userlimit || eaddr > userlimit)
                  return (RANGE_BADADDR);
  
+         if ((addr <= (caddr_t)forbidden_null_mapping_sz) &&
+             secflag_enabled(as->a_proc, PROC_SEC_FORBIDNULLMAP))
+                 return (RANGE_BADADDR);
+ 
          /*
           * Determine if the address range falls within an illegal
           * range of the MMU.
           */
          if (eaddr > hole_start && addr < hole_end)