lib: Remove ancient SCCS tags.

Remove ancient SCCS tags from the tree, automated scripting, with two
minor fixup to keep things compiling. All the common forms in the tree
were removed with a perl script.

Sponsored by: Netflix

libc: Purge unneeded cdefs.h

These sys/cdefs.h are not needed. Purge them. They are mostly left-over
from the $FreeBSD$ removal. A few in libc are still required for macros
that cdefs.h defines. Keep those.

Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D42385

Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

vfs: add realpathat syscall

realpath(3) is used a lot e.g., by clang and is a major source of getcwd
and fstatat calls. This can be done more efficiently in the kernel.

This works by performing a regular lookup while saving the name and found
parent directory. If the terminal vnode is a directory we can resolve it using
usual means. Otherwise we can use the name saved by lookup and resolve the
parent.

See the review for sample syscall counts.

Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D23574

Fix -Wsign-compare warnings in realpath.c

This is needed in order to build realpath.c as part of rtld.

libc: further adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 2-Clause license, however the tool I
was using mis-identified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

Style.

Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks

Simplify cleanup on failure in realpath(3).

If realpath() allocated memory for result and failed, the memory is
freed in each place where return is performed. More, the function
needs to track the allocation status, to not free user-supplied
buffer.

Consolidate the memory handling in the wrapper, freeing the buffer if
the actual worker failed.

Reviewed by: emaste (previous version)
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D10670

Fix several buffer overflows in realpath(3).
- The statement "left_len -= s - left;" does not take the slash into
account if one was found. This results in the invariant
"left[left_len] == '\0'" being violated (and possible buffer
overflows). The patch replaces the variable "s" with a size_t
"next_token_len" for more clarity.
- "slen" from readlink(2) can be 0 when encountering empty
symlinks. Then, further down, "symlink[slen - 1]" underflows the
buffer. When slen == 0, realpath(3) should probably return ENOENT
(http://austingroupbugs.net/view.php?id=825,
https://lwn.net/Articles/551224/).

Some other minor issues:
- The condition "resolved_len >= PATH_MAX" cannot be true.
- Similarly, "s - left >= sizeof(next_token)" cannot be true, as long
as "sizeof(next_token) >= sizeof(left)".
- Return ENAMETOOLONG when a resolved symlink from readlink(2) is too
long for the symlink buffer (instead of just truncating it).
- "resolved_len > 1" below the call to readlink(2) is always true as
"strlcat(resolved, next_token, PATH_MAX);" always results in a
string of length > 1. Also, "resolved[resolved_len - 1] = '\0';" is
not needed; there can never be a trailing slash here.
- The truncation check for "strlcat(symlink, left, sizeof(symlink));"
should be against "sizeof(symlink)" (the third argument to strlcat)
instead of "sizeof(left)".

Submitted by: Jan Kokemц╪ller <jan.kokemueller@gmail.com>
PR: 219154
MFC after: 2 weeks

realpath(): Properly fail "." or ".." components after non-directories.

If realpath() is called on pathnames like "/dev/null/." or "/dev/null/..",
it should fail with [ENOTDIR]. Pathnames like "/dev/null/" already failed as
they should.

Also, put the check for non-directories after lstatting the previous
component instead of when the empty component (consecutive or trailing
slashes) is detected, saving an lstat() call and some lines of code.

PR: kern/82980
MFC after: 2 weeks

- Correct mispellings of the word occurrence

Submitted by: Christoph Mallon <christoph.mallon@gmx.de> (via private mail)

Avoid mapping ENOENT to ENOTDIR for non-existent path components.

The ENOTDIR mapping was introduced in r235266 for kern/128933 based on
an interpretation of the somewhat ambiguous language in the POSIX realpath
specification. The interpretation is inconsistent with Solaris and Linux,
a regression from 9.0, and does not appear to be permitted by the
description of ENOTDIR:

20 ENOTDIR Not a directory. A component of the specified pathname
existed, but it was not a directory, when a directory was
expected.

PR: standards/171577
MFC after: 3 days

1) Although unpublished version of standard
http://austingroupbugs.net/view.php?id=385#c713
(Resolved state) recommend this way for the current standard (called
"earlier" in the text)

"However, earlier versions of this standard did not require this, and the
same example had to be written as:

// buf was obtained by malloc(buflen)
ret = write(fd, buf, buflen);
if (ret < 0) {
int save = errno;
free(buf);
errno = save;
return ret;
}
"

from feedback I have for previous commit it seems that many people prefer
to avoid mass code change needed for current standard compliance
and prefer to track unpublished standard instead, which requires now
that free() itself must save errno, not its usage code.

So, I back out "save errno across free()" part of previous commit,
and will fill PR for changing free() isntead.

2) Remove now unused serrno.

MFC after: 1 week

1) IEEE Std 1003.1-2008, "errno" section, is explicit that

"The setting of errno after a successful call to a function is
unspecified unless the description of that function specifies that
errno shall not be modified."

However, free() in IEEE Std 1003.1-2008 does not mention its interaction
with errno, so MAY modify it after successful call
(it depends on particular free() implementation, OS-specific, etc.).

So, save errno across free() calls to make code portable and
POSIX-conformant.

2) Remove unused serrno assignment.

MFC after: 1 week

According to SUSv4, realpath(3) must fail if
[ENOENT] A component of file_name does not name an existing file or
file_name points to an empty string.
[ENOTDIR] A component of the path prefix is not a directory, or the
file_name argument contains at least one non- <slash> character
and ends with one or more trailing <slash> characters and the last
pathname component names an existing file that is neither a
directory nor a symbolic link to a directory.
Add checks for the listed conditions, and set errno accordingly.

Update the realpath(3) manpage to mention SUS behaviour. Remove the
requirement to include sys/param.h before stdlib.h.

PR: 128933
MFC after: 3 weeks

Fix a warning emitted by Clang.

The size passed to strlcat() must depend on the input length, not the
output length. Because the input and output buffers are equal in size,
the resulting binary does not change at all.

Fix some style(9) issues.
Do not use strlcpy() where simple assignment is enough.

Noted by: bde (long time ago)
MFC after: 1 week

A new jail(8) with a configuration file, to replace the work currently done
by /etc/rc.d/jail.

MFC r206893:
Slightly modernize realpath(3).

SUSv4 requires that implementation returns EINVAL if supplied path is NULL,
and ENOENT if path is empty string [1].
Bring prototype in conformance with SUSv4, adding restrict keywords.
Allow the resolved path buffer pointer be NULL, in which case realpath(3)
allocates storage with malloc().

MFC r206898:
Free() is not allowed to modify errno, remove safety brackets around it.
Add small optimization, do not copy a string to the buffer that is
to be freed immediately after.

MFC r206997:
Move realpath(3) prototype to a POSIX section.

MFC r206998:
Add standards section, improve wording, taking into account the handling
of NULL and changed type in declaration.

Free() is not allowed to modify errno, remove safety brackets around it [1].
Add small optimization, do not copy a string to the buffer that is
to be freed immediately after.

Noted by: jh [1]
Reviewed by: jh
MFC after: 2 weeks

Slightly modernize realpath(3).

SUSv4 requires that implementation returns EINVAL if supplied path is NULL,
and ENOENT if path is empty string [1].
Bring prototype in conformance with SUSv4, adding restrict keywords.
Allow the resolved path buffer pointer be NULL, in which case realpath(3)
allocates storage with malloc().

PR: kern/121897 [1]
MFC after: 2 weeks

Create the altix project branch. The altix project will add support
for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting
is a two-module system, consisting of a base compute module and a
CPU expansion module. SGI's NUMAFlex architecture can be an excellent
platform to test CPU affinity and NUMA-aware features in FreeBSD.

- Import the HEAD csup code which is the basis for the cvsmode work.

Fix stripping last path component when only one path component left.

PR: 52686
MFC after: 1 day

Back out the `hiding' of strlcpy and strlcat. Several people
vocally objected to this safety belt.

`Hide' strlcpy and strlcat (using the namespace.h / __weak_reference
technique) so that we don't wind up calling into an application's
version if the application defines them.

Inspired by: qpopper's interfering and buggy version of strlcpy

BDE'ify

fix truncation check and buffer overflow check

- MAXPATHLEN -> PATH_MAX (pass correct buffer size to readlink as well)

Requested by: bde

Make realpath() thread-safe. New implementation does not use chdir(2) at all.

Submitted by: Constantin S. Svintsoff <kostik (at) iclub.nsu.ru>

Use strlcpy instead of strncpy.

Submitted by: imp
Reviewed by: silence on -audit

realpath(3) should use PATH_MAX instead of MAXPATHLEN according to POSIX.

This also reverts the PATH_MAX -> MAXPATHLEN part of
rev 1.3 of src/bin/realpath/realpath.c

Requested by: imp
Reviewed by: imp, bde

Fix the style of the SCM ID's.
I believe have made all of libc .c's as consistent as possible.

Remove _THREAD_SAFE and make libc thread-safe by default by
adding (weak definitions to) stubs for some of the pthread
functions. If the threads library is linked in, the real
pthread functions will pulled in.

Use the following convention for system calls wrapped by the
threads library:
__sys_foo - actual system call
_foo - weak definition to __sys_foo
foo - weak definition to __sys_foo

Change all libc uses of system calls wrapped by the threads
library from foo to _foo. In order to define the prototypes
for _foo(), we introduce namespace.h and un-namespace.h
(suggested by bde). All files that need to reference these
system calls, should include namespace.h before any standard
includes, then include un-namespace.h after the standard
includes and before any local includes. <db.h> is an exception
and shouldn't be included in between namespace.h and
un-namespace.h namespace.h will define foo to _foo, and
un-namespace.h will undefine foo.

Try to eliminate some of the recursive calls to MT-safe
functions in libc/stdio in preparation for adding a mutex
to FILE. We have recursive mutexes, but would like to avoid
using them if possible.

Remove uneeded includes of <errno.h> from a few files.

Add $FreeBSD$ to a few files in order to pass commitprep.

Approved by: -arch

Simplify sytem call renaming. Instead of _foo() <-- _libc_foo <-- foo(),
just use _foo() <-- foo(). In the case of a libpthread that doesn't do
call conversion (such as linuxthreads and our upcoming libpthread), this
is adequate. In the case of libc_r, we still need three names, which are
now _thread_sys_foo() <-- _foo() <-- foo().

Convert all internal libc usage of: aio_suspend(), close(), fsync(), msync(),
nanosleep(), open(), fcntl(), read(), and write() to _foo() instead of foo().

Remove all internal libc usage of: creat(), pause(), sleep(), system(),
tcdrain(), wait(), and waitpid().

Make thread cancellation fully POSIX-compliant.

Suggested by: deischen

Add three-tier symbol naming in support of POSIX thread cancellation
points. For library functions, the pattern is __sleep() <--
_libc_sleep() <-- sleep(). The arrows represent weak aliases. For
system calls, the pattern is _read() <-- _libc_read() <-- read().

fix tabs lost apparently in copy&paste

Replace memory leaking instances of realloc with non-leaking reallocf.
In some cases replace if (a == null) a = malloc(x); else a =
realloc(a, x); with simple reallocf(a, x). Per ANSI-C, this is
guaranteed to be the same thing.

I've been running these on my system here w/o ill effects for some
time. However, the CTM-express is at part 6 of 34 for the CAM
changes, so I've not been able to do a build world with the CAM in the
tree with these changes. Shouldn't impact anything, but...

realpath() should break on looped symlinks.

PR: 3911
Reviewed by: phk
Submitted by: Shigio Yamaguchi <shigio@wafu.netgate.net>

Part 2 of a failed commit (cvs broke). Original message:
Back out a dubious Lite2 change to "optimise" getcwd() to look at $PWD
because it's potentially dangerous (think: symlink races). Move
realpath() back to it's original location, and remove getcwd_physical()
by renaming it back to getcwd() and zapping the original getcwd wrapper.

Noticed by: bde

The following commits already happened but the log message got lost:

Modified Files:
gen/Makefile.inc gen/getcwd.c stdlib/Makefile.inc
Removed Files:
gen/realpath.3

merge from Lite2 - realpath() now shares a lot of code with getcwd()
and is now in the same file.

Don't attempt to lstat() the POSIXLY invalid empty pathname.

realpath() still accepts "" as an arg and converts it to a canonical
pathname for the current directory.

BSD 4.4 Lite Lib Sources