Validate privileged code relationships

- Work towards improving non-optimized build support
- Introduce MODE=zero which is -O0 without ASAN/UBSAN
- Use system GCC when ~/.cosmo.mk has USE_SYSTEM_TOOLCHAIN=1
- Have package.com check .privileged code doesn't call non-privileged

libc/calls/calls.mk

@@ -183,6 +183,18 @@ o/$(MODE)/libc/calls/timeval_frommicros.o: private	\
 		CFLAGS +=				\
 			-O2
 
+# privileged functions
+o/$(MODE)/libc/calls/sigenter-freebsd.o			\
+o/$(MODE)/libc/calls/sigenter-netbsd.o			\
+o/$(MODE)/libc/calls/sigenter-openbsd.o			\
+o/$(MODE)/libc/calls/sigenter-linux.o			\
+o/$(MODE)/libc/calls/sigenter-xnu.o			\
+o/$(MODE)/libc/calls/pledge-linux.o			\
+o/$(MODE)/libc/calls/siginfo2cosmo.o: private		\
+		CFLAGS +=				\
+			-ffreestanding			\
+			-fno-sanitize=all
+
 o/$(MODE)/libc/calls/pledge-linux.o			\
 o/$(MODE)/libc/calls/unveil.o: private			\
 		CFLAGS +=				\

libc/calls/getpriority.c

@@ -48,7 +48,7 @@
  * @raise ESRCH if no such process existed
  * @see setpriority()
  */
-privileged int getpriority(int which, unsigned who) {
+int getpriority(int which, unsigned who) {
   int rc;
 #ifdef __x86_64__
   char cf;

libc/calls/islinux.c

@@ -21,7 +21,7 @@
 #include "libc/runtime/runtime.h"
 #include "libc/sysv/consts/pr.h"
 
-privileged bool __is_linux_2_6_23(void) {
+bool __is_linux_2_6_23(void) {
 #ifdef __x86_64__
   int rc;
   if (!IsLinux()) return false;

libc/calls/mremap-sysv.greg.c

@@ -34,7 +34,7 @@
  * C library runtime won't have any awareness of this memory, so certain
  * features like ASAN memory safety and kprintf() won't work as well.
  */
-privileged void *sys_mremap(void *p, size_t n, size_t m, int f, void *q) {
+void *sys_mremap(void *p, size_t n, size_t m, int f, void *q) {
 #ifdef __x86_64__
   bool cf;
   uintptr_t res, rdi, rsi, rdx;

libc/calls/prctl.c

@@ -31,7 +31,7 @@
  *
  * @raise ENOSYS on non-Linux
  */
-privileged int prctl(int operation, ...) {
+int prctl(int operation, ...) {
   int rc;
   va_list va;
   intptr_t a, b, c, d;

libc/calls/seccomp.c

@@ -35,7 +35,7 @@
  *
  * @raise ENOSYS on non-Linux.
  */
-privileged int seccomp(unsigned operation, unsigned flags, void *args) {
+int seccomp(unsigned operation, unsigned flags, void *args) {
   int rc;
   if (IsLinux()) {
 #ifdef __x86_64__

libc/calls/sigenter-linux.c

@@ -41,7 +41,7 @@ privileged void __sigenter_wsl(int sig, struct siginfo *info, ucontext_t *ctx) {
       ctx->uc_mcontext.fpregs = &ctx->__fpustate;
       for (i = 0; i < 8; ++i) {
         long double nan = NAN;
-        memcpy(ctx->__fpustate.st + i, &nan, 16);
+        __builtin_memcpy(ctx->__fpustate.st + i, &nan, 16);
       }
     }
     ((sigaction_f)(__executable_start + rva))(sig, info, ctx);

libc/calls/struct/fd.internal.h

@@ -3,20 +3,18 @@
 #if !(__ASSEMBLER__ + __LINKER__ + 0)
 COSMOPOLITAN_C_START_
 
-enum FdKind {
-  kFdEmpty,
-  kFdFile,
-  kFdSocket,
-  kFdProcess,
-  kFdConsole,
-  kFdSerial,
-  kFdZip,
-  kFdEpoll,
-  kFdReserved
-};
+#define kFdEmpty    0
+#define kFdFile     1
+#define kFdSocket   2
+#define kFdProcess  3
+#define kFdConsole  4
+#define kFdSerial   5
+#define kFdZip      6
+#define kFdEpoll    7
+#define kFdReserved 8
 
 struct Fd {
-  enum FdKind kind;
+  int kind;
   unsigned flags;
   unsigned mode;
   int64_t handle;

libc/calls/tcdrain.c

@@ -24,6 +24,7 @@
 #include "libc/dce.h"
 #include "libc/intrin/strace.internal.h"
 #include "libc/nt/files.h"
+#include "libc/sysv/consts/termios.h"
 #include "libc/sysv/errfuns.h"
 
 static textwindows int sys_tcdrain_nt(int fd) {

libc/calls/termios.h

@@ -1,9 +1,7 @@
 #ifndef COSMOPOLITAN_LIBC_CALLS_TERMIOS_H_
 #define COSMOPOLITAN_LIBC_CALLS_TERMIOS_H_
-#include "libc/calls/ioctl.h"
 #include "libc/calls/struct/termios.h"
 #include "libc/calls/struct/winsize.h"
-#include "libc/sysv/consts/termios.h"
 #if !(__ASSEMBLER__ + __LINKER__ + 0)
 COSMOPOLITAN_C_START_
 
@@ -38,25 +36,6 @@ uint32_t cfgetispeed(const struct termios *);
 int tcsetwinsize(int, const struct winsize *);
 int tcgetwinsize(int, struct winsize *);
 
-/*───────────────────────────────────────────────────────────────────────────│─╗
-│ cosmopolitan § teletypewriter » undiamonding                             ─╬─│┼
-╚────────────────────────────────────────────────────────────────────────────│*/
-#if defined(__GNUC__) && !defined(__STRICT_ANSI__)
-
-#define tcsetattr(FD, OPT, TIO) tcsetattr_dispatch(FD, OPT, TIO)
-forceinline int tcsetattr_dispatch(int fd, int opt, const struct termios *tio) {
-  if (__EQUIVALENT(opt, TCSANOW)) return ioctl(fd, TCSETS, (void *)tio);
-  if (__EQUIVALENT(opt, TCSADRAIN)) return ioctl(fd, TCSETSW, (void *)tio);
-  if (__EQUIVALENT(opt, TCSAFLUSH)) return ioctl(fd, TCSETSF, (void *)tio);
-  return (tcsetattr)(fd, opt, tio);
-}
-
-#define tcgetattr(FD, TIO) tcgetattr_dispatch(FD, TIO)
-forceinline int tcgetattr_dispatch(int fd, const struct termios *tio) {
-  return ioctl(fd, TCGETS, (void *)tio);
-}
-
-#endif /* GNUC && !ANSI */
 COSMOPOLITAN_C_END_
 #endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */
 #endif /* COSMOPOLITAN_LIBC_CALLS_TERMIOS_H_ */

libc/calls/wincrash.c

@@ -36,7 +36,7 @@
 
 #ifdef __x86_64__
 
-privileged unsigned __wincrash(struct NtExceptionPointers *ep) {
+unsigned __wincrash(struct NtExceptionPointers *ep) {
   int64_t rip;
   int sig, code;
   ucontext_t ctx;