This revision adds the rlimit and racct limit for the memlock property to vmm. After this change, a VM's vmspace cannot have any more wired memory than is allowed for the process that creates the VM.
Note that the limit is taken from the current process, but the calculation is independent from the process' vmspace. This means that a process can theoretically use mlock to wire memory up to the process' memlock limit, and then create a VM which has wired memory up to the process' memlock limit. In short, a process can now wire twice as much memory as the limit.
Additionally, this means that rctl/racct may not report the true amount of memory wired by a process; it will only report the amount of wired memory for the process vmspace or the process-created VM's vmspace, whichever occurred latest. Which means aggregate counts are also incorrect.
In practice, I don't think there are any programs that will create a VM with wired memory and use mlock, so this discrepancy will likely never surface.
This strategy seems semantically better than the alternative, which is to add the process' vmspace and VM's vmspace in both files vmm.c and vm/vm_mmap.c, since the process doesn't keep track of the VMs that it created.