--- vm_mmap.c.orig	Thu Aug  5 03:04:33 2004
+++ vm_mmap.c	Wed Aug 18 21:31:13 2004
@@ -208,6 +208,8 @@
 	vm_offset_t addr;
 	vm_size_t size, pageoff;
 	vm_prot_t prot, maxprot;
+	vm_map_t map;
+
 	void *handle;
 	int flags, error;
 	off_t pos;
@@ -276,9 +278,26 @@
 		if (addr == 0 ||
 		    (addr >= round_page((vm_offset_t)vms->vm_taddr) &&
 		    addr < round_page((vm_offset_t)vms->vm_daddr +
-		    lim_max(td->td_proc, RLIMIT_DATA))))
+		    lim_max(td->td_proc, RLIMIT_DATA)))) {
+			/*
+			 * XXX So much dirtyness someone who knows what they are doing
+			 * will want to fix this monstrosity.
+			 */
+			map = &td->td_proc->p_vmspace->vm_map;
+			vm_map_lock(map);
 			addr = round_page((vm_offset_t)vms->vm_daddr +
-			    lim_max(td->td_proc, RLIMIT_DATA));
+				lim_max(td->td_proc, RLIMIT_DATA));
+			if(vm_map_findspace(map, addr, size, &addr) != 0) {
+			/*
+			 * since we can't grab the upper process address space bruteforce it.
+			 */
+				for(addr = 0;addr <= round_page((vm_offset_t)vms->vm_taddr) &&
+					vm_map_findspace(map, addr, size, &addr) != 0
+					;addr += PAGE_SIZE,addr = round_page(addr));
+			}
+			vm_map_unlock(map);
+		}
+
 		PROC_UNLOCK(td->td_proc);
 	}
 	if (flags & MAP_ANON) {