Index: sys/amd64/amd64/elf_machdep.c
===================================================================
--- sys/amd64/amd64/elf_machdep.c
+++ sys/amd64/amd64/elf_machdep.c
@@ -72,8 +72,8 @@
 	.sv_setregs	= exec_setregs,
 	.sv_fixlimit	= NULL,
 	.sv_maxssiz	= NULL,
-	.sv_flags	= SV_ABI_FREEBSD | SV_LP64 | SV_SHP | SV_TIMEKEEP |
-			    SV_ASLR,
+	.sv_flags	= SV_ABI_FREEBSD | SV_ASLR | SV_LP64 | SV_SHP |
+			    SV_TIMEKEEP,
 	.sv_set_syscall_retval = cpu_set_syscall_retval,
 	.sv_fetch_syscall_args = cpu_fetch_syscall_args,
 	.sv_syscallnames = syscallnames,
Index: sys/arm/arm/elf_machdep.c
===================================================================
--- sys/arm/arm/elf_machdep.c
+++ sys/arm/arm/elf_machdep.c
@@ -75,7 +75,7 @@
 	.sv_maxssiz	= NULL,
 	.sv_flags	=
 #if __ARM_ARCH >= 6
-			  SV_SHP | SV_TIMEKEEP | SV_ASLR |
+			  SV_ASLR | SV_SHP | SV_TIMEKEEP |
 #endif
 			  SV_ABI_FREEBSD | SV_ILP32,
 	.sv_set_syscall_retval = cpu_set_syscall_retval,
Index: sys/compat/freebsd32/freebsd32_misc.c
===================================================================
--- sys/compat/freebsd32/freebsd32_misc.c
+++ sys/compat/freebsd32/freebsd32_misc.c
@@ -3046,10 +3046,10 @@
 	int error, error1, flags;
 
 	switch (uap->com) {
+	case PROC_ASLR_CTL:
 	case PROC_SPROTECT:
 	case PROC_TRACE_CTL:
 	case PROC_TRAPCAP_CTL:
-	case PROC_ASLR_CTL:
 		error = copyin(PTRIN(uap->data), &flags, sizeof(flags));
 		if (error != 0)
 			return (error);
@@ -3078,9 +3078,9 @@
 			return (error);
 		data = &x.rk;
 		break;
+	case PROC_ASLR_STATUS:
 	case PROC_TRACE_STATUS:
 	case PROC_TRAPCAP_STATUS:
-	case PROC_ASLR_STATUS:
 		data = &flags;
 		break;
 	default:
@@ -3098,9 +3098,9 @@
 		if (error == 0)
 			error = error1;
 		break;
+	case PROC_ASLR_STATUS:
 	case PROC_TRACE_STATUS:
 	case PROC_TRAPCAP_STATUS:
-	case PROC_ASLR_STATUS:
 		if (error == 0)
 			error = copyout(&flags, uap->data, sizeof(flags));
 		break;
Index: sys/compat/ia32/ia32_sysvec.c
===================================================================
--- sys/compat/ia32/ia32_sysvec.c
+++ sys/compat/ia32/ia32_sysvec.c
@@ -120,11 +120,11 @@
 	.sv_setregs	= ia32_setregs,
 	.sv_fixlimit	= ia32_fixlimit,
 	.sv_maxssiz	= &ia32_maxssiz,
-	.sv_flags	= SV_ABI_FREEBSD | SV_IA32 | SV_ILP32
+	.sv_flags	=
 #ifdef __amd64__
-		| SV_SHP | SV_TIMEKEEP | SV_ASLR
+			  SV_ASLR | SV_SHP | SV_TIMEKEEP |
 #endif
-	,
+			  SV_ABI_FREEBSD | SV_IA32 | SV_ILP32,
 	.sv_set_syscall_retval = ia32_set_syscall_retval,
 	.sv_fetch_syscall_args = ia32_fetch_syscall_args,
 	.sv_syscallnames = freebsd32_syscallnames,
Index: sys/i386/i386/elf_machdep.c
===================================================================
--- sys/i386/i386/elf_machdep.c
+++ sys/i386/i386/elf_machdep.c
@@ -78,8 +78,8 @@
 	.sv_setregs	= exec_setregs,
 	.sv_fixlimit	= NULL,
 	.sv_maxssiz	= NULL,
-	.sv_flags	= SV_ABI_FREEBSD | SV_IA32 | SV_ILP32 | SV_SHP |
-			    SV_TIMEKEEP | SV_ASLR,
+	.sv_flags	= SV_ABI_FREEBSD | SV_ASLR | SV_IA32 | SV_ILP32 |
+			    SV_SHP | SV_TIMEKEEP,
 	.sv_set_syscall_retval = cpu_set_syscall_retval,
 	.sv_fetch_syscall_args = cpu_fetch_syscall_args,
 	.sv_syscallnames = syscallnames,
Index: sys/kern/kern_fork.c
===================================================================
--- sys/kern/kern_fork.c
+++ sys/kern/kern_fork.c
@@ -497,8 +497,8 @@
 	 * Increase reference counts on shared objects.
 	 */
 	p2->p_flag = P_INMEM;
-	p2->p_flag2 = p1->p_flag2 & (P2_NOTRACE | P2_NOTRACE_EXEC | P2_TRAPCAP |
-	    P2_ASLR_ENABLE | P2_ASLR_DISABLE | P2_ASLR_IGNSTART);
+	p2->p_flag2 = p1->p_flag2 & (P2_ASLR_DISABLE | P2_ASLR_ENABLE |
+	    P2_ASLR_IGNSTART | P2_NOTRACE | P2_NOTRACE_EXEC | P2_TRAPCAP);
 	p2->p_swtick = ticks;
 	if (p1->p_flag & P_PROFIL)
 		startprofclock(p2);
Index: sys/kern/kern_procctl.c
===================================================================
--- sys/kern/kern_procctl.c
+++ sys/kern/kern_procctl.c
@@ -446,10 +446,10 @@
 	int error, error1, flags;
 
 	switch (uap->com) {
+	case PROC_ASLR_CTL:
 	case PROC_SPROTECT:
 	case PROC_TRACE_CTL:
 	case PROC_TRAPCAP_CTL:
-	case PROC_ASLR_CTL:
 		error = copyin(uap->data, &flags, sizeof(flags));
 		if (error != 0)
 			return (error);
@@ -476,9 +476,9 @@
 			return (error);
 		data = &x.rk;
 		break;
+	case PROC_ASLR_STATUS:
 	case PROC_TRACE_STATUS:
 	case PROC_TRAPCAP_STATUS:
-	case PROC_ASLR_STATUS:
 		data = &flags;
 		break;
 	default:
@@ -495,9 +495,9 @@
 		if (error == 0)
 			error = error1;
 		break;
+	case PROC_ASLR_STATUS:
 	case PROC_TRACE_STATUS:
 	case PROC_TRAPCAP_STATUS:
-	case PROC_ASLR_STATUS:
 		if (error == 0)
 			error = copyout(&flags, uap->data, sizeof(flags));
 		break;
@@ -511,6 +511,10 @@
 
 	PROC_LOCK_ASSERT(p, MA_OWNED);
 	switch (com) {
+	case PROC_ASLR_CTL:
+		return (aslr_ctl(td, p, *(int *)data));
+	case PROC_ASLR_STATUS:
+		return (aslr_status(td, p, data));
 	case PROC_SPROTECT:
 		return (protect_set(td, p, *(int *)data));
 	case PROC_REAP_ACQUIRE:
@@ -531,10 +535,6 @@
 		return (trapcap_ctl(td, p, *(int *)data));
 	case PROC_TRAPCAP_STATUS:
 		return (trapcap_status(td, p, data));
-	case PROC_ASLR_CTL:
-		return (aslr_ctl(td, p, *(int *)data));
-	case PROC_ASLR_STATUS:
-		return (aslr_status(td, p, data));
 	default:
 		return (EINVAL);
 	}
@@ -549,6 +549,8 @@
 	bool tree_locked;
 
 	switch (com) {
+	case PROC_ASLR_CTL:
+	case PROC_ASLR_STATUS:
 	case PROC_REAP_ACQUIRE:
 	case PROC_REAP_RELEASE:
 	case PROC_REAP_STATUS:
@@ -556,8 +558,6 @@
 	case PROC_REAP_KILL:
 	case PROC_TRACE_STATUS:
 	case PROC_TRAPCAP_STATUS:
-	case PROC_ASLR_CTL:
-	case PROC_ASLR_STATUS:
 		if (idtype != P_PID)
 			return (EINVAL);
 	}
@@ -577,10 +577,10 @@
 		sx_xlock(&proctree_lock);
 		tree_locked = true;
 		break;
-	case PROC_TRACE_STATUS:
-	case PROC_TRAPCAP_STATUS:
 	case PROC_ASLR_CTL:
 	case PROC_ASLR_STATUS:
+	case PROC_TRACE_STATUS:
+	case PROC_TRAPCAP_STATUS:
 		tree_locked = false;
 		break;
 	default:
Index: usr.bin/proccontrol/proccontrol.c
===================================================================
--- usr.bin/proccontrol/proccontrol.c
+++ usr.bin/proccontrol/proccontrol.c
@@ -39,10 +39,10 @@
 #include <unistd.h>
 
 enum {
+	MODE_ASLR,
 	MODE_INVALID,
 	MODE_TRACE,
 	MODE_TRAPCAP,
-	MODE_ASLR,
 };
 
 static pid_t
@@ -63,7 +63,7 @@
 usage(void)
 {
 
-	fprintf(stderr, "Usage: proccontrol -m (trace|trapcap|aslr) [-q] "
+	fprintf(stderr, "Usage: proccontrol -m (aslr|trace|trapcap) [-q] "
 	    "[-s (enable|disable)] [-p pid | command]\n");
 	exit(1);
 }
@@ -82,12 +82,12 @@
 	while ((ch = getopt(argc, argv, "m:qs:p:")) != -1) {
 		switch (ch) {
 		case 'm':
-			if (strcmp(optarg, "trace") == 0)
+			if (strcmp(optarg, "aslr") == 0)
+				mode = MODE_ASLR;
+			else if (strcmp(optarg, "trace") == 0)
 				mode = MODE_TRACE;
 			else if (strcmp(optarg, "trapcap") == 0)
 				mode = MODE_TRAPCAP;
-			else if (strcmp(optarg, "aslr") == 0)
-				mode = MODE_ASLR;
 			else
 				usage();
 			break;
@@ -124,15 +124,15 @@
 
 	if (query) {
 		switch (mode) {
+		case MODE_ASLR:
+			error = procctl(P_PID, pid, PROC_ASLR_STATUS, &arg);
+			break;
 		case MODE_TRACE:
 			error = procctl(P_PID, pid, PROC_TRACE_STATUS, &arg);
 			break;
 		case MODE_TRAPCAP:
 			error = procctl(P_PID, pid, PROC_TRAPCAP_STATUS, &arg);
 			break;
-		case MODE_ASLR:
-			error = procctl(P_PID, pid, PROC_ASLR_STATUS, &arg);
-			break;
 		default:
 			usage();
 			break;
@@ -140,6 +140,23 @@
 		if (error != 0)
 			err(1, "procctl status");
 		switch (mode) {
+		case MODE_ASLR:
+			switch (arg & ~PROC_ASLR_ACTIVE) {
+			case PROC_ASLR_FORCE_ENABLE:
+				printf("force enabled");
+				break;
+			case PROC_ASLR_FORCE_DISABLE:
+				printf("force disabled");
+				break;
+			case PROC_ASLR_NOFORCE:
+				printf("not forced");
+				break;
+			}
+			if ((arg & PROC_ASLR_ACTIVE) != 0)
+				printf(", active\n");
+			else
+				printf(", not active\n");
+			break;
 		case MODE_TRACE:
 			if (arg == -1)
 				printf("disabled\n");
@@ -158,26 +175,14 @@
 				break;
 			}
 			break;
-		case MODE_ASLR:
-			switch (arg & ~PROC_ASLR_ACTIVE) {
-			case PROC_ASLR_FORCE_ENABLE:
-				printf("force enabled");
-				break;
-			case PROC_ASLR_FORCE_DISABLE:
-				printf("force disabled");
-				break;
-			case PROC_ASLR_NOFORCE:
-				printf("not forced");
-				break;
-			}
-			if ((arg & PROC_ASLR_ACTIVE) != 0)
-				printf(", active\n");
-			else
-				printf(", not active\n");
-			break;
 		}
 	} else {
 		switch (mode) {
+		case MODE_ASLR:
+			arg = enable ? PROC_ASLR_FORCE_ENABLE :
+			    PROC_ASLR_FORCE_DISABLE;
+			error = procctl(P_PID, pid, PROC_ASLR_CTL, &arg);
+			break;
 		case MODE_TRACE:
 			arg = enable ? PROC_TRACE_CTL_ENABLE :
 			    PROC_TRACE_CTL_DISABLE;
@@ -188,11 +193,6 @@
 			    PROC_TRAPCAP_CTL_DISABLE;
 			error = procctl(P_PID, pid, PROC_TRAPCAP_CTL, &arg);
 			break;
-		case MODE_ASLR:
-			arg = enable ? PROC_ASLR_FORCE_ENABLE :
-			    PROC_ASLR_FORCE_DISABLE;
-			error = procctl(P_PID, pid, PROC_ASLR_CTL, &arg);
-			break;
 		default:
 			usage();
 			break;