libc: expose execvpe for Linux compat

We already implemented execvpe internally with an _ prefix in libc so
go ahead and expose it for compatibility with Linux.

This reverts c605eea952146348e5e1ad5cab6c127d7a1bd164.

Bump __FreeBSD_version for the addition and add definitions to supress
compat shims in libzfs (zfs changes were merged from upstream).

PR: 275370 (request and exp-run (thanks antoine!))
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D42846

lib: Remove ancient SCCS tags.

Remove ancient SCCS tags from the tree, automated scripting, with two
minor fixup to keep things compiling. All the common forms in the tree
were removed with a perl script.

Sponsored by: Netflix

Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

libc: move declaration of 'char **environ' to common private header

Suggested by: imp
Reviewed by: markj
Tested by: markj (aarch64)
Sponsored by: The FreeBSD Foundation
MFC after: 3 weeks
Differential revision: https://reviews.freebsd.org/D37220

execvPe: obviate the need for potentially large stack allocations

Some environments in which execvPe may be called have a limited amount of
stack available. Currently, it avoidably allocates a segment on the stack
large enough to hold PATH so that it may be mutated and use strsep() for
easy parsing. This logic is now rewritten to just operate on the immutable
string passed in and do the necessary math to extract individual paths,
since it will be copying out those segments to another buffer anyways and
piecing them together with the name for a full path.

Additional size is also needed for the stack in posix_spawnp(), because it
may need to push all of argv to the stack and rebuild the command with sh in
front of it. We'll make sure it's properly aligned for the new thread, but
future work should likely make rfork_thread a little easier to use by
ensuring proper alignment.

Some trivial cleanup has been done with a couple of error writes, moving
strings into char arrays for use with the less fragile sizeof().

Reported by: Andrew Gierth <andrew_tao173.riddles.org.uk>
Reviewed by: jilles, kib, Andrew Gierth
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D25038

execvp: fix up the ENOEXEC fallback

If execve fails with ENOEXEC, execvp is expected to rebuild the command
with /bin/sh instead and try again.

The previous version did this, but overlooked two details:

argv[0] can conceivably be NULL, in which case memp would never get
terminated. We must allocate no less than three * sizeof(char *) so we can
properly terminate at all times. For the non-NULL argv standard case, we
count all the non-NULL elements and actually skip the first argument, so we
end up capturing the NULL terminator in our bcopy().

The second detail is that the spec is actually worded such that we should
have been preserving argv[0] as passed to execvp:

"[...] executed command shall be as if the process invoked the sh utility
using execl() as follows:

execl(<shell path>, arg0, file, arg1, ..., (char *)0);

where <shell path> is an unspecified pathname for the sh utility, file is
the process image file, and for execvp(), where arg0, arg1, and so on
correspond to the values passed to execvp() in argv[0], argv[1], and so on."

So we make this change at this time as well, while we're already touching
it. We decidedly can't preserve a NULL argv[0] as this would be incredibly,
incredibly fragile, so we retain our legacy behavior of using "sh" for
argv[] in this specific instance.

Some light tests are added to try and detect some components of handling the
ENOEXEC fallback; posix_spawnp_enoexec_fallback_null_argv0 is likely not
100% reliable, but it at least won't raise false-alarms and it did result in
useful failures with pre-change libc on my machine.

This is a secondary change in D25038.

Reported by: Andrew Gierth <andrew_tao173.riddles.org.uk>
Reviewed by: jilles, kib, Andrew Gierth
MFC after: 1 week

Clean up the vcs ID strings in libc's gen/ directory.

- Move CSRG IDs into __SCCSID().
- When a file has been copied, consistently use 'From: <tag>' for strings
referencing the version of the source file copied from in the license
block comment.
- Some of the 'From:' tags were using $FreeBSD$ that was being expanded on
each checkout. Fix those to hardcode the FreeBSD tag from the file that
was copied at the time of the copy.
- When multiple strings are present list them in "chronological" order,
so CSRG (__SCCSID) before FreeBSD (__FBSDID). If a file came from
OtherBSD and contains a CSRG ID from the OtherBSD file, use the order
CSRG -> OtherBSD -> FreeBSD.

Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D15831

General further adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 3-Clause license.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.

Renumber copyright clause 4

Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.

Submitted by: Jan Schaumann <jschauma@stevens.edu>
Pull Request: https://github.com/freebsd/freebsd/pull/96

libc: do not include <sys/types.h> where <sys/param.h> was already included

According to style(9):
> normally, include <sys/types.h> OR <sys/param.h>, but not both.
(<sys/param.h> already includes <sys/types.h> when LOCORE is not defined).

Use ANSI C prototypes. Eliminates -Wold-style-definition warnings.

Replace index() and rindex() calls with strchr() and strrchr().

The index() and rindex() functions were marked LEGACY in the 2001
revision of POSIX and were subsequently removed from the 2008 revision.
The strchr() and strrchr() functions are part of the C standard.

This makes the source code a lot more consistent, as most of these C
files also call into other str*() routines. In fact, about a dozen
already perform strchr() calls.

A new jail(8) with a configuration file, to replace the work currently done
by /etc/rc.d/jail.

Create the altix project branch. The altix project will add support
for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting
is a two-module system, consisting of a base compute module and a
CPU expansion module. SGI's NUMAFlex architecture can be an excellent
platform to test CPU affinity and NUMA-aware features in FreeBSD.

Remove warnings from exec.c.

The entries in the argv array are not const themselves, but sometimes we
want to fill in const values. Just make the array const and use
__DECONST() to make it const for the execve()-call itself.

Also convert the only K&R prototype to ANSI.

Properly use the envp argument in execvPe().

execvPe() is called by _execvpe(), which we added to implement
posix_spawnp(). We just took execvP() and added the envp argument.
Unfortunately we forgot to change the implementation to use envp over
environ.

This fixes the following piece of code:

| char * const arg[2] = { "env", NULL };
| char * const env[2] = { "FOO=BAR", NULL };
| posix_spawnp(NULL, "/usr/bin/env", NULL, NULL, arg, env);

MFC after: 2 weeks

- Import the HEAD csup code which is the basis for the cvsmode work.

Turn execvpe() into an internal libc routine.

Adding exevpe() has caused some ports to break. Even though execvpe() is
a useful routine, it does not conform to any standards.

This patch is a little bit different from the patch sent to the mailing
list. I forgot to remove execvpe from the Symbol.map (which does not
seem to miscompile libc, though).

Reviewed by: davidxu
Approved by: philip

Add POSIX routines called posix_spawn() and posix_spawnp(), which
can be used as replacements for exec/fork in a lot of cases. This
change also added execvpe() which allows environment variable
PATH to be used for searching executable file, it is used for
implementing posix_spawnp().

PR: standards/122051

Per Regents of the University of Calfornia letter, remove advertising
clause.

# If I've done so improperly on a file, please let me know.

Fixed some style bugs.

Add a libc function execvP that takes the search path as an arguement.
Change execvp to be a wrapper around execvP. This is necessary for some
of the /rescue pieces. It may also be more generally applicable as well.

Submitted by: Tim Kientzle <kientzle@acm.org>
Approved by: Silence on arch@

Remove an unused variable, `sverrno', which has not been used since 1.11.

Assume __STDC__, remove non-__STDC__ code.

Submitted by: keramida

* Remove 'register'. (some functions had 7+ register functions...)
* Fix SCM ID's.

Removed duplicate VCS ID tags, as per style(9).

Remove _THREAD_SAFE and make libc thread-safe by default by
adding (weak definitions to) stubs for some of the pthread
functions. If the threads library is linked in, the real
pthread functions will pulled in.

Use the following convention for system calls wrapped by the
threads library:
__sys_foo - actual system call
_foo - weak definition to __sys_foo
foo - weak definition to __sys_foo

Change all libc uses of system calls wrapped by the threads
library from foo to _foo. In order to define the prototypes
for _foo(), we introduce namespace.h and un-namespace.h
(suggested by bde). All files that need to reference these
system calls, should include namespace.h before any standard
includes, then include un-namespace.h after the standard
includes and before any local includes. <db.h> is an exception
and shouldn't be included in between namespace.h and
un-namespace.h namespace.h will define foo to _foo, and
un-namespace.h will undefine foo.

Try to eliminate some of the recursive calls to MT-safe
functions in libc/stdio in preparation for adding a mutex
to FILE. We have recursive mutexes, but would like to avoid
using them if possible.

Remove uneeded includes of <errno.h> from a few files.

Add $FreeBSD$ to a few files in order to pass commitprep.

Approved by: -arch

Simplify sytem call renaming. Instead of _foo() <-- _libc_foo <-- foo(),
just use _foo() <-- foo(). In the case of a libpthread that doesn't do
call conversion (such as linuxthreads and our upcoming libpthread), this
is adequate. In the case of libc_r, we still need three names, which are
now _thread_sys_foo() <-- _foo() <-- foo().

Convert all internal libc usage of: aio_suspend(), close(), fsync(), msync(),
nanosleep(), open(), fcntl(), read(), and write() to _foo() instead of foo().

Remove all internal libc usage of: creat(), pause(), sleep(), system(),
tcdrain(), wait(), and waitpid().

Make thread cancellation fully POSIX-compliant.

Suggested by: deischen

Add three-tier symbol naming in support of POSIX thread cancellation
points. For library functions, the pattern is __sleep() <--
_libc_sleep() <-- sleep(). The arrows represent weak aliases. For
system calls, the pattern is _read() <-- _libc_read() <-- read().

$Id$ -> $FreeBSD$

Fix a (relatively harmless) braino. I confused myself over the for() loop
that counted the number of elements in argv. The counter is incremented
in the next-iteration section of the loop, not the body, so at termination
it's already "counted" the element that failed the continuation test - in
this case the NULL argv terminator.

Noted by: bde

Remove last remaining references to malloc/realloc and functions that
call them. All the execX() libc functions should be vfork() safe now.
Specifically:
- execlp() does the argument count-and-build into a vector from alloca
(like the others) - buildargv() is no longer used (and gone).
- execvp() uses alloca/strcpy rather than strdup().
- the ENOEXEC handler uses alloca rather than malloc.
- a couple of free() calls removed - alloca works on the local stack and
the allocations are freed on function exit (which is why buildargv
wasn't useful - it's alloca() context would disappear on return).
Along the way:
- If alloca() fails (can it?), set errno = ENOMEM explicitly.
- The ENOEXEC recovery routine that trys again with /bin/sh appeared to
not be terminating the new argv[] array for /bin/sh, allowing it to
walk off the end of the list.

I dithered a bit about using alloca() even more as it's most commonly
associated with gcc. However, standalone portable (using malloc) and
machine-specific assembler alloca implementations appear to be available
on just about all the architectures we're likely to want to port to.
alloca will be the least of our problems if ever going to another compiler.

Fix style issues in execl(), and make execle() vfork()-safe.

Reviewed by: bde
Approved by: jkh

Correct braino in previous commit. I get the pointy hat again.

Make execl() vfork()-safe. This should fix potential bugs in rcp,
telnet and tip, and probably a few other apps.

Reviewed by: bde
Approved by: jkh

stat() the correct file in execvp() so that the fine tuned errno handling
actually works.

Fixed searching of $PATH in execvp(). Do what sh(1) should do according
to POSIX.2. In particular:

- don't retry for ETXTBSY. This matches what sh(1) does. The retry code
was broken anyway. It only slept for several seconds for the first few
retries. Then it retried without sleeping.
- don't abort the search for errors related to the path prefix, in
particular for ENAMETOOLONG, ENOTDIR, ELOOP. This fixes PR1487. sh(1)
gets this wrong in the opposite direction by never aborting the search.
- don't confuse EACCES for errors related to the path prefix with EACCES
for errors related to the file. sh(1) gets this wrong.
- don't return a stale errno when the search terminates normally without
finding anything. The errno for the last unsuccessful execve() was
usually returned. This gave too much precedence to pathologies in the
last component of $PATH. This bug is irrelevant for sh(1).

The implementation still uses the optimization/race-inhibitor of trying
to execve() things first. POSIX.2 seems to require looking at file
permissions using stat(). We now use stat() after execve() if execve()
fails with an ambiguous error. Trying execve() first may actually be a
pessimization, since failing execve()s are fundamentally a little slower
than stat(), and are significantly slower when a file is found but has
unsuitable permissions or points to an unsuitable interpreter.

PR: 1487

Fixed execvp() of an empty pathname to fail POSIXly. Previously it
attempted to exec the components of $PATH and it usually set errno
to the wrong value.

Found by: NIST PCTS

Fixed uninitialized variables for the '/'-in-pathname case in execvp().
Garbage in `eacces' caused the wrong errno to be set for non-EACCES errors.
Garbage in `etxtbsy' caused a semi-random retry strategy for ETXTBSY errors.

Found by: NIST-PCTS. gcc -Wall reported the problem, but -Wall is not
enabled for libc.

General -Wall warning cleanup, part I.
Submitted-By: Kent Vander Velden <graphix@iastate.edu>

Fix execl[e]. Multiple execle's failed because of bogus caching of the
pointer returned by realloc(). All callers free the pointer if the
execve fails. Nuke the caching. This essentially restores buildargv()
to the 1.1.5 version. Also fix a memory leak if realloc() fails. Also
nuke similar but non-broken caching in execvp(). malloc() should be
efficient enough.

BSD 4.4 Lite Lib Sources