Index: sys/vm/vm_map.c
===================================================================
--- sys/vm/vm_map.c	(revision 240069)
+++ sys/vm/vm_map.c	(working copy)
@@ -3247,7 +3247,7 @@ vm_map_stack(vm_map_t map, vm_offset_t addrbos, vm
 	vm_offset_t bot, top;
 	vm_size_t growsize, init_ssize;
 	int orient, rv;
-	rlim_t vmemlim;
+	rlim_t lmemlim, vmemlim;
 
 	/*
 	 * The stack orientation is piggybacked with the cow argument.
@@ -3268,6 +3268,7 @@ vm_map_stack(vm_map_t map, vm_offset_t addrbos, vm
 	init_ssize = (max_ssize < growsize) ? max_ssize : growsize;
 
 	PROC_LOCK(curthread->td_proc);
+	lmemlim = lim_cur(curthread->td_proc, RLIMIT_MEMLOCK);
 	vmemlim = lim_cur(curthread->td_proc, RLIMIT_VMEM);
 	PROC_UNLOCK(curthread->td_proc);
 
@@ -3279,6 +3280,14 @@ vm_map_stack(vm_map_t map, vm_offset_t addrbos, vm
 		return (KERN_NO_SPACE);
 	}
 
+	if (map->flags & MAP_WIREFUTURE) {
+		if (ptoa(vmspace_wired_count(curthread->td_proc->p_vmspace)) +
+		    init_ssize > lmemlim) {
+			vm_map_unlock(map);
+			return (KERN_NO_SPACE);
+		}
+	}
+
 	/* If we would blow our VMEM resource limit, no go */
 	if (map->size + init_ssize > vmemlim) {
 		vm_map_unlock(map);
@@ -3360,7 +3369,7 @@ vm_map_growstack(struct proc *p, vm_offset_t addr)
 	vm_offset_t end;
 	vm_size_t growsize;
 	size_t grow_amount, max_grow;
-	rlim_t stacklim, vmemlim;
+	rlim_t lmemlim, stacklim, vmemlim;
 	int is_procstack, rv;
 	struct ucred *cred;
 #ifdef notyet
@@ -3372,6 +3381,7 @@ vm_map_growstack(struct proc *p, vm_offset_t addr)
 
 Retry:
 	PROC_LOCK(p);
+	lmemlim = lim_cur(p, RLIMIT_MEMLOCK);
 	stacklim = lim_cur(p, RLIMIT_STACK);
 	vmemlim = lim_cur(p, RLIMIT_VMEM);
 	PROC_UNLOCK(p);
@@ -3494,7 +3504,25 @@ Retry:
 	if (is_procstack && (ctob(vm->vm_ssize) + grow_amount > limit))
 		grow_amount = limit - ctob(vm->vm_ssize);
 #endif
-
+	if (map->flags & MAP_WIREFUTURE) {
+		if (ptoa(vmspace_wired_count(p->p_vmspace)) + grow_amount >
+		    lmemlim) {
+			vm_map_unlock_read(map);
+			rv = KERN_NO_SPACE;
+			goto out;
+		}
+#ifdef RACCT
+		PROC_LOCK(p);
+		if (racct_set(p, RACCT_MEMLOCK,
+		    ptoa(vmspace_wired_count(p->p_vmspace)) + grow_amount)) {
+			PROC_UNLOCK(p);
+			vm_map_unlock_read(map);
+			rv = KERN_NO_SPACE;
+			goto out;
+		}
+		PROC_UNLOCK(p);
+#endif
+	}
 	/* If we would blow our VMEM resource limit, no go */
 	if (map->size + grow_amount > vmemlim) {
 		vm_map_unlock_read(map);
Index: sys/vm/vm_mmap.c
===================================================================
--- sys/vm/vm_mmap.c	(revision 240004)
+++ sys/vm/vm_mmap.c	(working copy)
@@ -1035,9 +1035,6 @@ sys_mlock(td, uap)
 	unsigned long nsize;
 	int error;
 
-	error = priv_check(td, PRIV_VM_MLOCK);
-	if (error)
-		return (error);
 	addr = (vm_offset_t)uap->addr;
 	size = uap->len;
 	last = addr + size;
@@ -1102,22 +1099,18 @@ sys_mlockall(td, uap)
 	if ((uap->how == 0) || ((uap->how & ~(MCL_CURRENT|MCL_FUTURE)) != 0))
 		return (EINVAL);
 
-#if 0
 	/*
 	 * If wiring all pages in the process would cause it to exceed
 	 * a hard resource limit, return ENOMEM.
 	 */
-	PROC_LOCK(td->td_proc);
-	if (map->size > lim_cur(td->td_proc, RLIMIT_MEMLOCK)) {
+	if (uap->how & MCL_CURRENT) {
+		PROC_LOCK(td->td_proc);
+		if (map->size > lim_cur(td->td_proc, RLIMIT_MEMLOCK)) {
+			PROC_UNLOCK(td->td_proc);
+			return (ENOMEM);
+		}
 		PROC_UNLOCK(td->td_proc);
-		return (ENOMEM);
 	}
-	PROC_UNLOCK(td->td_proc);
-#else
-	error = priv_check(td, PRIV_VM_MLOCK);
-	if (error)
-		return (error);
-#endif
 #ifdef RACCT
 	PROC_LOCK(td->td_proc);
 	error = racct_set(td->td_proc, RACCT_MEMLOCK, map->size);
@@ -1174,9 +1167,6 @@ sys_munlockall(td, uap)
 	int error;
 
 	map = &td->td_proc->p_vmspace->vm_map;
-	error = priv_check(td, PRIV_VM_MUNLOCK);
-	if (error)
-		return (error);
 
 	/* Clear the MAP_WIREFUTURE flag from this vm_map. */
 	vm_map_lock(map);
@@ -1215,9 +1205,6 @@ sys_munlock(td, uap)
 	vm_size_t size;
 	int error;
 
-	error = priv_check(td, PRIV_VM_MUNLOCK);
-	if (error)
-		return (error);
 	addr = (vm_offset_t)uap->addr;
 	size = uap->len;
 	last = addr + size;
@@ -1479,6 +1466,20 @@ vm_mmap(vm_map_t map, vm_offset_t *addr, vm_size_t
 
 	if (map == &td->td_proc->p_vmspace->vm_map) {
 		PROC_LOCK(td->td_proc);
+		if (map->flags & MAP_WIREFUTURE) {
+			if (ptoa(vmspace_wired_count(td->td_proc->p_vmspace)) +
+			    size > lim_cur(td->td_proc, RLIMIT_MEMLOCK)) {
+				PROC_UNLOCK(td->td_proc);
+				return (ENOMEM);
+			}
+			error = racct_set(td->td_proc, RACCT_MEMLOCK,
+			    ptoa(vmspace_wired_count(td->td_proc->p_vmspace)) +
+			    size);
+			if (error != 0) {
+				PROC_UNLOCK(td->td_proc);
+				return (error);
+			}
+		}
 		if (map->size + size > lim_cur(td->td_proc, RLIMIT_VMEM)) {
 			PROC_UNLOCK(td->td_proc);
 			return (ENOMEM);
Index: sys/vm/vm_unix.c
===================================================================
--- sys/vm/vm_unix.c	(revision 240004)
+++ sys/vm/vm_unix.c	(working copy)
@@ -77,13 +77,14 @@ sys_obreak(td, uap)
 {
 	struct vmspace *vm = td->td_proc->p_vmspace;
 	vm_offset_t new, old, base;
-	rlim_t datalim, vmemlim;
+	rlim_t datalim, lmemlim, vmemlim;
 	int prot, rv;
 	int error = 0;
 	boolean_t do_map_wirefuture;
 
 	PROC_LOCK(td->td_proc);
 	datalim = lim_cur(td->td_proc, RLIMIT_DATA);
+	lmemlim = lim_cur(td->td_proc, RLIMIT_MEMLOCK);
 	vmemlim = lim_cur(td->td_proc, RLIMIT_VMEM);
 	PROC_UNLOCK(td->td_proc);
 
@@ -116,6 +117,13 @@ sys_obreak(td, uap)
 		goto done;
 	}
 	if (new > old) {
+		if (vm->vm_map.flags & MAP_WIREFUTURE) {
+			if (ptoa(vmspace_wired_count(td->td_proc->p_vmspace)) +
+			    (new - old) > lmemlim) {
+				error = ENOMEM;
+				goto done;
+			}
+		}
 		if (vm->vm_map.size + (new - old) > vmemlim) {
 			error = ENOMEM;
 			goto done;
Index: lib/libc/sys/mlockall.2
===================================================================
--- lib/libc/sys/mlockall.2	(revision 240004)
+++ lib/libc/sys/mlockall.2	(working copy)
@@ -72,8 +72,6 @@ limit and the per-process
 .Dv RLIMIT_MEMLOCK
 resource limit.
 .Pp
-These calls are only available to the super-user.
-.Pp
 The
 .Fn munlockall
 call unlocks any locked memory regions in the process address space.
Index: lib/libc/sys/mlock.2
===================================================================
--- lib/libc/sys/mlock.2	(revision 240004)
+++ lib/libc/sys/mlock.2	(working copy)
@@ -98,8 +98,6 @@ a system-wide ``wired pages'' limit and
 the per-process
 .Li RLIMIT_MEMLOCK
 resource limit.
-.Pp
-These calls are only available to the super-user.
 .Sh RETURN VALUES
 .Rv -std
 .Pp
@@ -111,8 +109,6 @@ The
 system call
 will fail if:
 .Bl -tag -width Er
-.It Bq Er EPERM
-The caller is not the super-user.
 .It Bq Er EINVAL
 The address given is not page aligned or the length is negative.
 .It Bq Er EAGAIN
@@ -128,8 +124,6 @@ The
 system call
 will fail if:
 .Bl -tag -width Er
-.It Bq Er EPERM
-The caller is not the super-user.
 .It Bq Er EINVAL
 The address given is not page aligned or the length is negative.
 .It Bq Er ENOMEM