--- vm_mmap.c.orig	Tue Jul  2 16:06:19 2002
+++ vm_mmap.c	Wed Aug 18 16:49:12 2004
@@ -194,6 +194,8 @@
 	vm_offset_t addr;
 	vm_size_t size, pageoff;
 	vm_prot_t prot, maxprot;
+	vm_map_t map;
+
 	void *handle;
 	int flags, error;
 	int disablexworkaround;
@@ -264,8 +266,25 @@
 	 */
 	else if (addr == 0 ||
 	    (addr >= round_page((vm_offset_t)vms->vm_taddr) &&
-	     addr < round_page((vm_offset_t)vms->vm_daddr + maxdsiz)))
-		addr = round_page((vm_offset_t)vms->vm_daddr + maxdsiz);
+	     addr < round_page((vm_offset_t)vms->vm_daddr + maxdsiz))) {
+			/*
+			 * XXX So much dirtyness someone who knows what they are doing
+			 * will want to fix this monstrosity.
+			 */
+			map = &vms->vm_map;
+			vm_map_lock(map);
+			addr = round_page((vm_offset_t)vms->vm_daddr + maxdsiz);
+			if(vm_map_findspace(map, addr, size, &addr) != 0) {
+			/*
+			 * since we can't grab the upper process address space bruteforce it.
+			 */
+				for(addr = 0;addr <= round_page((vm_offset_t)vms->vm_taddr) &&
+					vm_map_findspace(map, addr, size, &addr) != 0
+					;addr += PAGE_SIZE,addr = round_page(addr));
+			}
+			vm_map_unlock(map);	
+	
+	}
 
 	if (flags & MAP_ANON) {
 		/*