To understand the ASLR and its impact on application address space I modified the NetBSD kern_pax.c code as below. My line of thought is to increase entropy by bringing in lower bytes into play. Original PAX code causes stack to be page aligned and jumps from page to page under different invocations. I just added that we move on to specific word aligned memory. Since in most applications the first few frames will be used less as compared to the ones on top, the performance should not be too much of an issue (it is just an assumption).
#define PAX_ASLR_DELTA_STACK_LSB PGSHIFT
#define PAX_ASLR_DELTA(delta, lsb, len) \
(((delta) & ((1UL << (len)) - 1)) << (lsb))
I modified it as
#define PAX_ASLR_DELTA_STACK_LSB 2
delta is output from
len is number of bits we wants to randomize.
The randomized value we get as above is added to address where stack was allocated initially by kernel.
I wanted to take expert opinion on if doing this actually brings any benefit about randomization, also if the performance penalty is prohibitive.
When I tried this applications did not crash so it seems to be okay.