Merge from HEAD

23 files changed, 218 insertions, 102 deletions

diff --git a/lib/libc/Makefile b/lib/libc/Makefile
index b6d3f9f..2f8865c 100644
--- a/lib/libc/Makefile
+++ b/lib/libc/Makefile
@@ -95,6 +95,7 @@ NOASM=
 .include "${LIBC_SRCTOP}/stdtime/Makefile.inc"
 .include "${LIBC_SRCTOP}/string/Makefile.inc"
 .include "${LIBC_SRCTOP}/sys/Makefile.inc"
+.include "${LIBC_SRCTOP}/secure/Makefile.inc"
 .include "${LIBC_SRCTOP}/rpc/Makefile.inc"
 .include "${LIBC_SRCTOP}/uuid/Makefile.inc"
 .include "${LIBC_SRCTOP}/xdr/Makefile.inc"
diff --git a/lib/libc/aarch64/Symbol.map b/lib/libc/aarch64/Symbol.map
index e47056a..84c38d8 100644
--- a/lib/libc/aarch64/Symbol.map
+++ b/lib/libc/aarch64/Symbol.map
@@ -17,6 +17,8 @@ FBSD_1.0 {
 	__flt_rounds;
 	fpgetmask;
 	fpsetmask;
+	__infinity;
+	__nan;
 	setjmp;
 	longjmp;
 	sigsetjmp;
diff --git a/lib/libc/aarch64/gen/Makefile.inc b/lib/libc/aarch64/gen/Makefile.inc
index 2ccc834..f138008 100644
--- a/lib/libc/aarch64/gen/Makefile.inc
+++ b/lib/libc/aarch64/gen/Makefile.inc
@@ -5,6 +5,7 @@ SRCS+=	_ctx_start.S \
 	flt_rounds.c \
 	fpgetmask.c \
 	fpsetmask.c \
+	infinity.c \
 	ldexp.c \
 	makecontext.c \
 	_setjmp.S \
diff --git a/lib/libc/aarch64/gen/infinity.c b/lib/libc/aarch64/gen/infinity.c
new file mode 100644
index 0000000..c96045e
--- /dev/null
+++ b/lib/libc/aarch64/gen/infinity.c
@@ -0,0 +1,14 @@
+/*
+ * infinity.c
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <math.h>
+
+/* bytes for +Infinity on aarch64 */
+const union __infinity_un __infinity = { { 0, 0, 0, 0, 0, 0, 0xf0, 0x7f } };
+
+/* bytes for NaN */
+const union __nan_un __nan = { { 0, 0, 0xc0, 0xff } };
diff --git a/lib/libc/gen/tls.c b/lib/libc/gen/tls.c
index 58ebb55..73eb9a2 100644
--- a/lib/libc/gen/tls.c
+++ b/lib/libc/gen/tls.c
@@ -40,9 +40,9 @@
 #include "libc_private.h"
 
 /* Provided by jemalloc to avoid bootstrapping issues. */
-void	*__je_a0malloc(size_t size);
-void	*__je_a0calloc(size_t num, size_t size);
-void	__je_a0free(void *ptr);
+void	*__je_bootstrap_malloc(size_t size);
+void	*__je_bootstrap_calloc(size_t num, size_t size);
+void	__je_bootstrap_free(void *ptr);
 
 __weak_reference(__libc_allocate_tls, _rtld_allocate_tls);
 __weak_reference(__libc_free_tls, _rtld_free_tls);
@@ -125,8 +125,8 @@ __libc_free_tls(void *tcb, size_t tcbsize, size_t tcbalign __unused)
 
 	tls = (Elf_Addr **)((Elf_Addr)tcb + tcbsize - TLS_TCB_SIZE);
 	dtv = tls[0];
-	__je_a0free(dtv);
-	__je_a0free(tcb);
+	__je_bootstrap_free(dtv);
+	__je_bootstrap_free(tcb);
 }
 
 /*
@@ -142,18 +142,18 @@ __libc_allocate_tls(void *oldtcb, size_t tcbsize, size_t tcbalign __unused)
 	if (oldtcb != NULL && tcbsize == TLS_TCB_SIZE)
 		return (oldtcb);
 
-	tcb = __je_a0calloc(1, tls_static_space + tcbsize - TLS_TCB_SIZE);
+	tcb = __je_bootstrap_calloc(1, tls_static_space + tcbsize - TLS_TCB_SIZE);
 	tls = (Elf_Addr **)(tcb + tcbsize - TLS_TCB_SIZE);
 
 	if (oldtcb != NULL) {
 		memcpy(tls, oldtcb, tls_static_space);
-		__je_a0free(oldtcb);
+		__je_bootstrap_free(oldtcb);
 
 		/* Adjust the DTV. */
 		dtv = tls[0];
 		dtv[2] = (Elf_Addr)tls + TLS_TCB_SIZE;
 	} else {
-		dtv = __je_a0malloc(3 * sizeof(Elf_Addr));
+		dtv = __je_bootstrap_malloc(3 * sizeof(Elf_Addr));
 		tls[0] = dtv;
 		dtv[0] = 1;
 		dtv[1] = 1;
@@ -194,8 +194,8 @@ __libc_free_tls(void *tcb, size_t tcbsize __unused, size_t tcbalign)
 	dtv = ((Elf_Addr**)tcb)[1];
 	tlsend = (Elf_Addr) tcb;
 	tlsstart = tlsend - size;
-	__je_a0free((void*) tlsstart);
-	__je_a0free(dtv);
+	__je_bootstrap_free((void*) tlsstart);
+	__je_bootstrap_free(dtv);
 }
 
 /*
@@ -213,8 +213,8 @@ __libc_allocate_tls(void *oldtls, size_t tcbsize, size_t tcbalign)
 
 	if (tcbsize < 2 * sizeof(Elf_Addr))
 		tcbsize = 2 * sizeof(Elf_Addr);
-	tls = __je_a0calloc(1, size + tcbsize);
-	dtv = __je_a0malloc(3 * sizeof(Elf_Addr));
+	tls = __je_bootstrap_calloc(1, size + tcbsize);
+	dtv = __je_bootstrap_malloc(3 * sizeof(Elf_Addr));
 
 	segbase = (Elf_Addr)(tls + size);
 	((Elf_Addr*)segbase)[0] = segbase;
diff --git a/lib/libc/gen/wordexp.3 b/lib/libc/gen/wordexp.3
index 41b0d0c..2fc20ef 100644
--- a/lib/libc/gen/wordexp.3
+++ b/lib/libc/gen/wordexp.3
@@ -25,7 +25,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd July 07, 2015
+.Dd August 18, 2015
 .Dt WORDEXP 3
 .Os
 .Sh NAME
@@ -108,9 +108,8 @@ function frees the memory allocated by
 .Sh IMPLEMENTATION NOTES
 The
 .Fn wordexp
-function is implemented as a wrapper around the undocumented
-.Ic wordexp
-shell built-in command.
+function is implemented by executing
+.Xr sh 1 .
 .Sh RETURN VALUES
 The
 .Fn wordexp
@@ -132,9 +131,10 @@ argument contains one of the following unquoted characters:
 .Ql { ,
 .Ql } .
 .It Dv WRDE_BADVAL
-An attempt was made to expand an undefined shell variable and
+An error after successful parsing,
+such as an attempt to expand an undefined shell variable with
 .Dv WRDE_UNDEF
-is set in
+set in
 .Fa flags .
 .It Dv WRDE_CMDSUB
 An attempt was made to use command substitution and
@@ -142,7 +142,9 @@ An attempt was made to use command substitution and
 is set in
 .Fa flags .
 .It Dv WRDE_NOSPACE
-Not enough memory to store the result.
+Not enough memory to store the result or
+an error during
+.Xr fork 2 .
 .It Dv WRDE_SYNTAX
 Shell syntax error in
 .Fa words .
diff --git a/lib/libc/gen/wordexp.c b/lib/libc/gen/wordexp.c
index c7f4b1d..958ddc6 100644
--- a/lib/libc/gen/wordexp.c
+++ b/lib/libc/gen/wordexp.c
@@ -103,8 +103,7 @@ static int
 we_askshell(const char *words, wordexp_t *we, int flags)
 {
 	int pdes[2];			/* Pipe to child */
-	char bbuf[9];			/* Buffer for byte count */
-	char wbuf[9];			/* Buffer for word count */
+	char buf[18];			/* Buffer for byte and word count */
 	long nwords, nbytes;		/* Number of words, bytes from child */
 	long i;				/* Handy integer */
 	size_t sofs;			/* Offset into we->we_strings */
@@ -119,6 +118,7 @@ we_askshell(const char *words, wordexp_t *we, int flags)
 	char **nwv;			/* Temporary for realloc() */
 	sigset_t newsigblock, oldsigblock;
 	const char *ifs;
+	char save;
 
 	serrno = errno;
 	ifs = getenv("IFS");
@@ -138,8 +138,7 @@ we_askshell(const char *words, wordexp_t *we, int flags)
 	}
 	else if (pid == 0) {
 		/*
-		 * We are the child; just get /bin/sh to run the wordexp
-		 * builtin on `words'.
+		 * We are the child; make /bin/sh expand `words'.
 		 */
 		(void)_sigprocmask(SIG_SETMASK, &oldsigblock, NULL);
 		if ((pdes[1] != STDOUT_FILENO ?
@@ -147,7 +146,10 @@ we_askshell(const char *words, wordexp_t *we, int flags)
 		    _fcntl(pdes[1], F_SETFD, 0)) < 0)
 			_exit(1);
 		execl(_PATH_BSHELL, "sh", flags & WRDE_UNDEF ? "-u" : "+u",
-		    "-c", "IFS=$1;eval \"$2\";eval \"wordexp $3\"", "",
+		    "-c", "IFS=$1;eval \"$2\";eval \"echo;set -- $3\";"
+		    "IFS=;a=\"$*\";printf '%08x' \"$#\" \"${#a}\";"
+		    "printf '%s\\0' \"$@\"",
+		    "",
 		    ifs != NULL ? ifs : " \t\n",
 		    flags & WRDE_SHOWERR ? "" : "exec 2>/dev/null", words,
 		    (char *)NULL);
@@ -156,20 +158,30 @@ we_askshell(const char *words, wordexp_t *we, int flags)
 
 	/*
 	 * We are the parent; read the output of the shell wordexp function,
-	 * which is a 32-bit hexadecimal word count, a 32-bit hexadecimal
-	 * byte count (not including terminating null bytes), followed by
-	 * the expanded words separated by nulls.
+	 * which is a byte indicating that the words were parsed successfully,
+	 * a 32-bit hexadecimal word count, a 32-bit hexadecimal byte count
+	 * (not including terminating null bytes), followed by the expanded
+	 * words separated by nulls.
 	 */
 	_close(pdes[1]);
-	if (we_read_fully(pdes[0], wbuf, 8) != 8 ||
-			we_read_fully(pdes[0], bbuf, 8) != 8) {
-		error = flags & WRDE_UNDEF ? WRDE_BADVAL : WRDE_SYNTAX;
+	switch (we_read_fully(pdes[0], buf, 17)) {
+	case 1:
+		error = WRDE_BADVAL;
+		serrno = errno;
+		goto cleanup;
+	case 17:
+		break;
+	default:
+		error = WRDE_SYNTAX;
 		serrno = errno;
 		goto cleanup;
 	}
-	wbuf[8] = bbuf[8] = '\0';
-	nwords = strtol(wbuf, NULL, 16);
-	nbytes = strtol(bbuf, NULL, 16) + nwords;
+	save = buf[9];
+	buf[9] = '\0';
+	nwords = strtol(buf + 1, NULL, 16);
+	buf[9] = save;
+	buf[17] = '\0';
+	nbytes = strtol(buf + 9, NULL, 16) + nwords;
 
 	/*
 	 * Allocate or reallocate (when flags & WRDE_APPEND) the word vector
@@ -199,7 +211,7 @@ we_askshell(const char *words, wordexp_t *we, int flags)
 	we->we_strings = nstrings;
 
 	if (we_read_fully(pdes[0], we->we_strings + sofs, nbytes) != nbytes) {
-		error = flags & WRDE_UNDEF ? WRDE_BADVAL : WRDE_SYNTAX;
+		error = WRDE_NOSPACE; /* abort for unknown reason */
 		serrno = errno;
 		goto cleanup;
 	}
@@ -216,7 +228,7 @@ cleanup:
 		return (error);
 	}
 	if (wpid < 0 || !WIFEXITED(status) || WEXITSTATUS(status) != 0)
-		return (flags & WRDE_UNDEF ? WRDE_BADVAL : WRDE_SYNTAX);
+		return (WRDE_NOSPACE); /* abort for unknown reason */
 
 	/*
 	 * Break the null-terminated expanded word strings out into
diff --git a/lib/libc/locale/utf8.c b/lib/libc/locale/utf8.c
index 11e7825..e096b87 100644
--- a/lib/libc/locale/utf8.c
+++ b/lib/libc/locale/utf8.c
@@ -193,7 +193,7 @@ _UTF8_mbrtowc(wchar_t * __restrict pwc, const char * __restrict s, size_t n,
 		errno = EILSEQ;
 		return ((size_t)-1);
 	}
-	if (wch >= 0xd800 && wch <= 0xdfff) {
+	if ((wch >= 0xd800 && wch <= 0xdfff) || wch > 0x10ffff) {
 		/*
 		 * Malformed input; invalid code points.
 		 */
@@ -320,6 +320,10 @@ _UTF8_wcrtomb(char * __restrict s, wchar_t wc, mbstate_t * __restrict ps)
 		lead = 0xc0;
 		len = 2;
 	} else if ((wc & ~0xffff) == 0) {
+		if (wc >= 0xd800 && wc <= 0xdfff) {
+			errno = EILSEQ;
+			return ((size_t)-1);
+		}
 		lead = 0xe0;
 		len = 3;
 	} else if (wc >= 0 && wc <= 0x10ffff) {
diff --git a/lib/libc/net/rcmdsh.c b/lib/libc/net/rcmdsh.c
index bc4e87a..f30ad14 100644
--- a/lib/libc/net/rcmdsh.c
+++ b/lib/libc/net/rcmdsh.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rcmdsh.c,v 1.5 1998/04/25 16:23:58 millert Exp $	*/
+/*	$OpenBSD: rcmdsh.c,v 1.7 2002/03/12 00:05:44 millert Exp $	*/
 
 /*
  * Copyright (c) 2001, MagniComp
@@ -49,23 +49,18 @@ __FBSDID("$FreeBSD$");
 #include <string.h>
 #include <unistd.h>
 
-#ifndef _PATH_RSH
-#define	_PATH_RSH	"/usr/bin/rsh"
-#endif
-
 /*
  * This is a replacement rcmd() function that uses the rsh(1)
  * program in place of a direct rcmd(3) function call so as to
  * avoid having to be root.  Note that rport is ignored.
  */
 int
-rcmdsh(ahost, rport, locuser, remuser, cmd, rshprog)
-	char **ahost;
-	int rport;
-	const char *locuser, *remuser, *cmd, *rshprog;
+rcmdsh(char **ahost, int rport, const char *locuser, const char *remuser,
+    const char *cmd, const char *rshprog)
 {
 	struct addrinfo hints, *res;
-	int cpid, sp[2], error;
+	int sp[2], error;
+	pid_t cpid;
 	char *p;
 	struct passwd *pw;
 	char num[8];
diff --git a/lib/libc/posix1e/acl_flag.c b/lib/libc/posix1e/acl_flag.c
index 39e258d..8ad10c5 100644
--- a/lib/libc/posix1e/acl_flag.c
+++ b/lib/libc/posix1e/acl_flag.c
@@ -71,7 +71,7 @@ acl_clear_flags_np(acl_flagset_t flagset_d)
 		return (-1);
 	}
 
-	*flagset_d |= 0;
+	*flagset_d = 0;
 
 	return (0);
 }
diff --git a/lib/libc/secure/Makefile.inc b/lib/libc/secure/Makefile.inc
new file mode 100644
index 0000000..6f18bde
--- /dev/null
+++ b/lib/libc/secure/Makefile.inc
@@ -0,0 +1,12 @@
+# $FreeBSD$
+#
+# libc sources related to security
+
+.PATH: ${LIBC_SRCTOP}/secure
+
+# Sources common to both syscall interfaces:
+SRCS+=	\
+	stack_protector.c \
+	stack_protector_compat.c
+
+SYM_MAPS+=    ${LIBC_SRCTOP}/secure/Symbol.map
diff --git a/lib/libc/secure/Symbol.map b/lib/libc/secure/Symbol.map
new file mode 100644
index 0000000..aaa76c1
--- /dev/null
+++ b/lib/libc/secure/Symbol.map
@@ -0,0 +1,9 @@
+/*
+ * $FreeBSD$
+ */
+
+FBSD_1.0 {
+	__chk_fail;
+	__stack_chk_fail;
+	__stack_chk_guard;
+};
diff --git a/lib/libc/sys/stack_protector.c b/lib/libc/secure/stack_protector.c
index cd5f166..cd5f166 100644
--- a/lib/libc/sys/stack_protector.c
+++ b/lib/libc/secure/stack_protector.c
diff --git a/lib/libc/sys/stack_protector_compat.c b/lib/libc/secure/stack_protector_compat.c
index cacb863..cacb863 100644
--- a/lib/libc/sys/stack_protector_compat.c
+++ b/lib/libc/secure/stack_protector_compat.c
diff --git a/lib/libc/stdlib/jemalloc/Makefile.inc b/lib/libc/stdlib/jemalloc/Makefile.inc
index 4f5fa58..46006ee 100644
--- a/lib/libc/stdlib/jemalloc/Makefile.inc
+++ b/lib/libc/stdlib/jemalloc/Makefile.inc
@@ -4,7 +4,8 @@
 
 JEMALLOCSRCS:= jemalloc.c arena.c atomic.c base.c bitmap.c chunk.c \
 	chunk_dss.c chunk_mmap.c ckh.c ctl.c extent.c hash.c huge.c mb.c \
-	mutex.c prof.c quarantine.c rtree.c stats.c tcache.c tsd.c util.c
+	mutex.c pages.c prof.c quarantine.c rtree.c stats.c tcache.c tsd.c \
+	util.c
 
 SYM_MAPS+=${LIBC_SRCTOP}/stdlib/jemalloc/Symbol.map
 
@@ -39,12 +40,8 @@ MLINKS+= \
 	jemalloc.3 xallocx.3 \
 	jemalloc.3 sallocx.3 \
 	jemalloc.3 dallocx.3 \
+	jemalloc.3 sdallocx.3 \
 	jemalloc.3 nallocx.3 \
-	jemalloc.3 allocm.3 \
-	jemalloc.3 rallocm.3 \
-	jemalloc.3 sallocm.3 \
-	jemalloc.3 dallocm.3 \
-	jemalloc.3 nallocm.3 \
 	jemalloc.3 malloc.conf.5
 
 .if defined(MALLOC_PRODUCTION)
diff --git a/lib/libc/stdlib/jemalloc/Symbol.map b/lib/libc/stdlib/jemalloc/Symbol.map
index 132664a..c073068 100644
--- a/lib/libc/stdlib/jemalloc/Symbol.map
+++ b/lib/libc/stdlib/jemalloc/Symbol.map
@@ -51,6 +51,11 @@ FBSD_1.3 {
 	__nallocm;
 };
 
+FBSD_1.4 {
+	sdallocx;
+	__sdallocx;
+};
+
 FBSDprivate_1.0 {
 	_malloc_thread_cleanup;
 	_malloc_prefork;
diff --git a/lib/libc/string/bcopy.3 b/lib/libc/string/bcopy.3
index 1608fad..ac480f8 100644
--- a/lib/libc/string/bcopy.3
+++ b/lib/libc/string/bcopy.3
@@ -31,7 +31,7 @@
 .\"     @(#)bcopy.3	8.1 (Berkeley) 6/4/93
 .\" $FreeBSD$
 .\"
-.Dd June 4, 1993
+.Dd August 24, 2015
 .Dt BCOPY 3
 .Os
 .Sh NAME
@@ -75,3 +75,24 @@ before it was moved to
 for
 .St -p1003.1-2001
 compliance.
+.Pp
+.St -p1003.1-2008
+removes the specification of
+.Fn bcopy
+and it is marked as LEGACY in
+.St -p1003.1-2004 .
+New programs should use
+.Xr memmove 3 .
+If the input and output buffer do not overlap, then
+.Xr memcpy 3
+is more efficient.
+Note that
+.Fn bcopy
+takes
+.Ar src
+and
+.Ar dst
+in the opposite order from
+.Fn memmove
+and
+.Fn memcpy .
diff --git a/lib/libc/string/bzero.3 b/lib/libc/string/bzero.3
index 5af1bcf..130a652 100644
--- a/lib/libc/string/bzero.3
+++ b/lib/libc/string/bzero.3
@@ -31,7 +31,7 @@
 .\"	@(#)bzero.3	8.1 (Berkeley) 6/4/93
 .\" $FreeBSD$
 .\"
-.Dd October 6, 2014
+.Dd August 24, 2015
 .Dt BZERO 3
 .Os
 .Sh NAME
@@ -88,3 +88,11 @@ function first appeared in
 .Ox 5.5
 and
 .Fx 11.0 .
+.Pp
+.St -p1003.1-2008
+removes the specification of
+.Fn bzero
+and it is marked as LEGACY in
+.St -p1003.1-2004 .
+For portability with other systems new programs should use
+.Xr memset 3 .
diff --git a/lib/libc/sys/Makefile.inc b/lib/libc/sys/Makefile.inc
index e672b69..fad970c 100644
--- a/lib/libc/sys/Makefile.inc
+++ b/lib/libc/sys/Makefile.inc
@@ -21,8 +21,6 @@ PSEUDO+= _clock_gettime.o _gettimeofday.o
 
 # Sources common to both syscall interfaces:
 SRCS+=	\
-	stack_protector.c \
-	stack_protector_compat.c \
 	__error.c \
 	interposing_table.c
 
diff --git a/lib/libc/sys/Symbol.map b/lib/libc/sys/Symbol.map
index a3a613e..7b3257c 100644
--- a/lib/libc/sys/Symbol.map
+++ b/lib/libc/sys/Symbol.map
@@ -3,8 +3,8 @@
  */
 
 /*
- * It'd be nice to have this automatically generated, but we don't
- * know to what version they will eventually belong, so for now
+ * It'd be nice to automatically generate the syscall symbols, but we
+ * don't know to what version they will eventually belong to, so for now
  * it has to be manual.
  */
 FBSD_1.0 {
@@ -56,7 +56,6 @@ FBSD_1.0 {
 	bind;
 	chdir;
 	chflags;
-	__chk_fail;
 	chmod;
 	chown;
 	chroot;
@@ -281,8 +280,6 @@ FBSD_1.0 {
 	sigwaitinfo;
 	socket;
 	socketpair;
-	__stack_chk_fail;
-	__stack_chk_guard;
 	stat;
 	statfs;
 	swapoff;
diff --git a/lib/libc/sys/getrlimit.2 b/lib/libc/sys/getrlimit.2
index 5fdd58b..1fc3656 100644
--- a/lib/libc/sys/getrlimit.2
+++ b/lib/libc/sys/getrlimit.2
@@ -28,7 +28,7 @@
 .\"     @(#)getrlimit.2	8.1 (Berkeley) 6/4/93
 .\" $FreeBSD$
 .\"
-.Dd August 20, 2008
+.Dd August 19, 2015
 .Dt GETRLIMIT 2
 .Os
 .Sh NAME
@@ -74,6 +74,8 @@ this defines how far a program may extend its break with the
 function.
 .It Dv RLIMIT_FSIZE
 The largest size (in bytes) file that may be created.
+.It Dv RLIMIT_KQUEUES
+The maximum number of kqueues this user id is allowed to create.
 .It Dv RLIMIT_MEMLOCK
 The maximum size (in bytes) which a process may lock into memory
 using the
@@ -83,12 +85,25 @@ system call.
 The maximum number of open files for this process.
 .It Dv RLIMIT_NPROC
 The maximum number of simultaneous processes for this user id.
+.It Dv RLIMIT_NPTS
+The maximum number of pseudo-terminals this user id is allowed to create.
 .It Dv RLIMIT_RSS
-The maximum size (in bytes) to which a process's resident set size may
-grow.
-This imposes a limit on the amount of physical memory to be given to
-a process; if memory is tight, the system will prefer to take memory
-from processes that are exceeding their declared resident set size.
+When there is memory pressure and swap is available, prioritize eviction of
+a process' resident pages beyond this amount (in bytes).
+When memory is not under pressure, this rlimit is effectively ignored.
+Even when there is memory pressure, the amount of available swap space and some
+sysctl settings like
+.Xr vm.swap_enabled
+and
+.Xr vm.swap_idle_enabled
+can affect what happens to processes that have exceeded this size.
+.Pp
+Processes that exceed their set
+.Dv RLIMIT_RSS
+are not signalled or halted.
+The limit is merely a hint to the VM daemon to prefer to deactivate pages from
+processes that have exceeded their set
+.Dv RLIMIT_RSS .
 .It Dv RLIMIT_SBSIZE
 The maximum size (in bytes) of socket buffer usage for this user.
 This limits the amount of network memory, and hence the amount of
@@ -106,18 +121,20 @@ sysctl is set.
 Please see
 .Xr tuning 7
 for a complete description of this sysctl.
-.It Dv RLIMIT_NPTS
-The maximum number of pseudo-terminals created by this user id.
-.It Dv RLIMIT_KQUEUES
-The maximum number of kqueues created by this user id.
+.It Dv RLIMIT_VMEM
+An alias for
+.Dv RLIMIT_AS .
 .El
 .Pp
 A resource limit is specified as a soft limit and a hard limit.
-When a
-soft limit is exceeded a process may receive a signal (for example, if
-the cpu time or file size is exceeded), but it will be allowed to
-continue execution until it reaches the hard limit (or modifies
-its resource limit).
+When a soft limit is exceeded, a process might or might not receive a signal.
+For example, signals are generated when the cpu time or file size is exceeded,
+but not if the address space or RSS limit is exceeded.
+A program that exceeds the soft limit is allowed to continue execution until it
+reaches the hard limit, or modifies its own resource limit.
+Even reaching the hard limit does not necessarily halt a process.
+For example, if the RSS hard limit is exceeded, nothing happens.
+.Pp
 The
 .Vt rlimit
 structure is used to specify the hard and soft limits on a resource,
@@ -170,6 +187,20 @@ the soft cpu time limit is exceeded, a signal
 .Dv SIGXCPU
 is sent to the
 offending process.
+.Pp
+When most operations would allocate more virtual memory than allowed by the
+soft limit of
+.Dv RLIMIT_AS ,
+the operation fails with
+.Dv ENOMEM
+and no signal is raised.
+A notable exception is stack extension, described above.
+If stack extension would allocate more virtual memory than allowed by the soft
+limit of
+.Dv RLIMIT_AS ,
+the signal SIGSEGV will be delivered.
+The caller is free to raise the soft address space limit up to the hard limit
+and retry the allocation.
 .Sh RETURN VALUES
 .Rv -std
 .Sh ERRORS
diff --git a/lib/libc/sys/procctl.2 b/lib/libc/sys/procctl.2
index 76a3cef..88dcfd3 100644
--- a/lib/libc/sys/procctl.2
+++ b/lib/libc/sys/procctl.2
@@ -29,7 +29,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd December 29, 2014
+.Dd August 21, 2015
 .Dt PROCCTL 2
 .Os
 .Sh NAME
@@ -71,11 +71,11 @@ The control request to perform is specified by the
 .Fa cmd
 argument.
 The following commands are supported:
-.Bl -tag -width "Dv PROC_REAP_GETPIDS"
+.Bl -tag -width "PROC_REAP_GETPIDS"
 .It Dv PROC_SPROTECT
 Set process protection state.
 This is used to mark a process as protected from being killed if the system
-exhausts available memory and swap.
+exhausts the available memory and swap.
 The
 .Fa arg
 parameter must point to an integer containing an operation and zero or more
@@ -89,7 +89,7 @@ Clear the protected state of selected processes.
 .El
 .Pp
 The following optional flags are supported:
-.Bl -tag -width "Dv PPROT_DESCE"
+.Bl -tag -width "Dv PPROT_DESCEND"
 .It Dv PPROT_DESCEND
 Apply the requested operation to all child processes of each selected process
 in addition to each selected process.
@@ -101,18 +101,18 @@ Future child processes will also mark all of their future child processes.
 .El
 .It Dv PROC_REAP_ACQUIRE
 Acquires the reaper status for the current process.
-The status means that children orphaned by the reaper's descendants
-that were forked after the acquisition of the status are reparented to the
-reaper.
-After the system initialization,
+Reaper status means that children orphaned by the reaper's descendants
+that were forked after the acquisition of reaper status are reparented to the
+reaper process.
+After system initialization,
 .Xr init 8
 is the default reaper.
 .It Dv PROC_REAP_RELEASE
-Releases the reaper state for the current process.
+Release the reaper state for the current process.
 The reaper of the current process becomes the new reaper of the
 current process's descendants.
 .It Dv PROC_REAP_STATUS
-Provides the information about the reaper of the specified process,
+Provides information about the reaper of the specified process,
 or the process itself when it is a reaper.
 The
 .Fa data
@@ -133,7 +133,7 @@ The
 may have the following flags returned:
 .Bl -tag -width "Dv REAPER_STATUS_REALINIT"
 .It Dv REAPER_STATUS_OWNED
-The specified process has acquired the reaper status and has not
+The specified process has acquired reaper status and has not
 released it.
 When the flag is returned, the specified process
 .Fa id ,
@@ -142,13 +142,17 @@ pid, identifies the reaper, otherwise the
 field of the structure is set to the pid of the reaper
 for the specified process id.
 .It Dv REAPER_STATUS_REALINIT
-The specified process is the root of the reaper tree, i.e.
+The specified process is the root of the reaper tree, i.e.,
 .Xr init 8 .
 .El
 .Pp
 The
 .Fa rs_children
-field returns the number of children of the reaper.
+field returns the number of children of the reaper among the descendants.
+It is possible to have a child whose reaper is not the specified process,
+since the reaper for any existing children is not reset on the
+.Dv PROC_REAP_ACQUIRE
+operation.
 The
 .Fa rs_descendants
 field returns the total number of descendants of the reaper(s),
@@ -242,7 +246,7 @@ struct procctl_reaper_kill {
 The
 .Fa rk_sig
 field specifies the signal to be delivered.
-Zero is not a valid signal number, unlike
+Zero is not a valid signal number, unlike for
 .Xr kill 2 .
 The
 .Fa rk_flags
@@ -271,20 +275,20 @@ field identifies the number of processes signalled.
 The
 .Fa rk_fpid
 field is set to the pid of the first process for which signal
-delivery failed, e.g. due to the permission problems.
-If no such process exist, the
+delivery failed, e.g., due to permission problems.
+If no such process exists, the
 .Fa rk_fpid
 field is set to -1.
 .It Dv PROC_TRACE_CTL
 Enable or disable tracing of the specified process(es), according to the
 value of the integer argument.
-Tracing includes attachment to the process using
+Tracing includes attachment to the process using the
 .Xr ptrace 2
 and
 .Xr ktrace 2 ,
 debugging sysctls,
 .Xr hwpmc 4 ,
-.Xr dtrace 1
+.Xr dtrace 1 ,
 and core dumping.
 Possible values for the
 .Fa data
@@ -297,7 +301,7 @@ Only allowed for self.
 .It Dv PROC_TRACE_CTL_DISABLE
 Disable tracing for the specified process.
 Tracing is re-enabled when the process changes the executing
-program with
+program with the
 .Xr execve 2
 syscall.
 A child inherits the trace settings from the parent on
@@ -305,7 +309,7 @@ A child inherits the trace settings from the parent on
 .It Dv PROC_TRACE_CTL_DISABLE_EXEC
 Same as
 .Dv PROC_TRACE_CTL_DISABLE ,
-but the setting persist for the process even after
+but the setting persists for the process even after
 .Xr execve 2 .
 .El
 .It Dv PROC_TRACE_STATUS
@@ -315,7 +319,7 @@ the integer variable pointed to by
 If tracing is disabled,
 .Fa data
 is set to -1.
-If tracing is enabled, but no debugger is attached by
+If tracing is enabled, but no debugger is attached by the
 .Xr ptrace 2
 syscall,
 .Fa data
@@ -328,7 +332,7 @@ is set to the pid of the debugger process.
 Disabling tracing on a process should not be considered a security
 feature, as it is bypassable both by the kernel and privileged processes,
 and via other system mechanisms.
-As such, it should not be relied on to reliably protect cryptographic
+As such, it should not be utilized to reliably protect cryptographic
 keying material or other confidential data.
 .Sh RETURN VALUES
 If an error occurs, a value of -1 is returned and
@@ -404,9 +408,9 @@ request was issued for a process already being traced.
 .It Bq Er EPERM
 The
 .Dv PROC_TRACE_CTL
-request to re-enable tracing of the process (
-.Dv PROC_TRACE_CTL_ENABLE ) ,
-or to disable persistence of the
+request to re-enable tracing of the process
+.Po Dv PROC_TRACE_CTL_ENABLE Pc ,
+or to disable persistence of
 .Dv PROC_TRACE_CTL_DISABLE
 on
 .Xr execve 2
diff --git a/lib/libc/tests/sys/Makefile b/lib/libc/tests/sys/Makefile
index 89431bc..7ecf1d6 100644
--- a/lib/libc/tests/sys/Makefile
+++ b/lib/libc/tests/sys/Makefile
@@ -25,7 +25,10 @@ NETBSD_ATF_TESTS_C+=		kevent_test
 NETBSD_ATF_TESTS_C+=		kill_test
 NETBSD_ATF_TESTS_C+=		link_test
 NETBSD_ATF_TESTS_C+=		listen_test
+# On arm64 triggers panic ARM64TODO: pmap_mincore (PR202307).
+.if ${MACHINE_CPUARCH} != "aarch64"
 NETBSD_ATF_TESTS_C+=		mincore_test
+.endif
 NETBSD_ATF_TESTS_C+=		mkdir_test
 NETBSD_ATF_TESTS_C+=		mkfifo_test
 NETBSD_ATF_TESTS_C+=		mknod_test