8 files changed, 2527 insertions, 0 deletions
diff --git a/bin/cp/Makefile b/bin/cp/Makefile
new file mode 100644
index 000000000000..ae8770154408
--- /dev/null
+++ b/bin/cp/Makefile
@@ -0,0 +1,11 @@
+.include <src.opts.mk>
+
+PACKAGE=runtime
+PROG=	cp
+SRCS=	cp.c utils.c
+CFLAGS+= -D_ACL_PRIVATE
+
+HAS_TESTS=
+SUBDIR.${MK_TESTS}=	tests
+
+.include <bsd.prog.mk>
diff --git a/bin/cp/Makefile.depend b/bin/cp/Makefile.depend
new file mode 100644
index 000000000000..6ef78fac5cbf
--- /dev/null
+++ b/bin/cp/Makefile.depend
@@ -0,0 +1,15 @@
+# Autogenerated - do NOT edit!
+
+DIRDEPS = \
+	include \
+	include/xlocale \
+	lib/${CSU_DIR} \
+	lib/libc \
+	lib/libcompiler_rt \
+
+
+.include <dirdeps.mk>
+
+.if ${DEP_RELDIR} == ${_DEP_RELDIR}
+# local dependencies - needed for -jN in clean tree
+.endif
diff --git a/bin/cp/cp.1 b/bin/cp/cp.1
new file mode 100644
index 000000000000..5231fa72621c
--- /dev/null
+++ b/bin/cp/cp.1
@@ -0,0 +1,343 @@
+.\"-
+.\" Copyright (c) 1989, 1990, 1993, 1994
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" This code is derived from software contributed to Berkeley by
+.\" the Institute of Electrical and Electronics Engineers, Inc.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.Dd July 9, 2025
+.Dt CP 1
+.Os
+.Sh NAME
+.Nm cp
+.Nd copy files
+.Sh SYNOPSIS
+.Nm
+.Oo
+.Fl R
+.Op Fl H | Fl L | Fl P
+.Oc
+.Op Fl f | i | n
+.Op Fl alNpsvx
+.Ar source_file target_file
+.Nm
+.Oo
+.Fl R
+.Op Fl H | Fl L | Fl P
+.Oc
+.Op Fl f | i | n
+.Op Fl alNpsvx
+.Ar source_file ... target_directory
+.Nm
+.Op Fl f | i | n
+.Op Fl alNPpsvx
+.Ar source_file target_file
+.Nm
+.Op Fl f | i | n
+.Op Fl alNPpsvx
+.Ar source_file ... target_directory
+.Sh DESCRIPTION
+In the first synopsis form, the
+.Nm
+utility copies the contents of the
+.Ar source_file
+to the
+.Ar target_file .
+In the second synopsis form,
+the contents of each named
+.Ar source_file
+is copied to the destination
+.Ar target_directory .
+The names of the files themselves are not changed.
+If
+.Nm
+detects an attempt to copy a file to itself, the copy will fail.
+.Pp
+The following options are available:
+.Bl -tag -width flag
+.It Fl H
+If the
+.Fl R
+option is specified, symbolic links on the command line are followed.
+(Symbolic links encountered in the tree traversal are not followed.)
+.It Fl L , Fl -dereference
+If the
+.Fl R
+option is specified, all symbolic links are followed.
+.It Fl P , Fl -no-dereference
+No symbolic links are followed.
+This is the default if the
+.Fl R
+option is specified.
+.It Fl R , Fl -recursive
+If
+.Ar source_file
+designates a directory,
+.Nm
+copies the directory and the entire subtree connected at that point.
+If the
+.Ar source_file
+ends in a
+.Pa / ,
+the contents of the directory are copied rather than the
+directory itself.
+This option also causes symbolic links to be copied, rather than
+indirected through, and for
+.Nm
+to create special files rather than copying them as normal files.
+Created directories have the same mode as the corresponding source
+directory, unmodified by the process' umask.
+.Pp
+Note that
+.Nm
+copies hard linked files as separate files.
+If you need to preserve hard links, consider using
+.Xr tar 1 ,
+.Xr cpio 1 ,
+or
+.Xr pax 1
+instead.
+.It Fl a , Fl -archive
+Archive mode.
+Same as
+.Fl RpP .
+.It Fl f , Fl -force
+For each existing destination pathname, remove it and
+create a new file, without prompting for confirmation
+regardless of its permissions.
+(The
+.Fl f
+option overrides any previous
+.Fl i
+or
+.Fl n
+options.)
+.It Fl i , Fl -interactive
+Write a prompt to the standard error output before copying a file
+that would overwrite an existing file.
+If the response from the standard input begins with the character
+.Sq Li y
+or
+.Sq Li Y ,
+the file copy is attempted.
+(The
+.Fl i
+option overrides any previous
+.Fl f
+or
+.Fl n
+options.)
+.It Fl l , Fl -link
+Create hard links to regular files in a hierarchy instead of copying.
+.It Fl N
+When used with
+.Fl p ,
+suppress copying file flags.
+.It Fl n , Fl -no-clobber
+Do not overwrite an existing file.
+(The
+.Fl n
+option overrides any previous
+.Fl f
+or
+.Fl i
+options.)
+.It Fl p
+Preserve the following attributes of each source
+file in the copy: modification time, access time,
+file flags, file mode, ACL, user ID, and group ID, as allowed by permissions.
+.Pp
+If the user ID and group ID cannot be preserved, no error message
+is displayed and the exit value is not altered.
+.Pp
+If the source file has its set-user-ID bit on and the user ID cannot
+be preserved, the set-user-ID bit is not preserved
+in the copy's permissions.
+If the source file has its set-group-ID bit on and the group ID cannot
+be preserved, the set-group-ID bit is not preserved
+in the copy's permissions.
+If the source file has both its set-user-ID and set-group-ID bits on,
+and either the user ID or group ID cannot be preserved, neither
+the set-user-ID nor set-group-ID bits are preserved in the copy's
+permissions.
+.It Fl -sort
+Visit and traverse sources in (non-localized) lexicographical order.
+Normally,
+.Nm
+visits the sources in the order they were listed on the command line,
+and if recursing, traverses their contents in whichever order they
+were returned in by the kernel, which may be the order in which they
+were created, lexicographical order, or something else entirely.
+With
+.Fl -sort ,
+the sources are both visited and traversed in lexicographical order.
+This is mostly useful for testing.
+.It Fl s , Fl -symbolic-link
+Create symbolic links to regular files in a hierarchy instead of copying.
+.It Fl v , Fl -verbose
+Be verbose, showing both the source and destination path of each file
+as is copied.
+.It Fl x , Fl -one-file-system
+Do not traverse file system mount points.
+.El
+.Pp
+For each destination file that already exists, its contents are
+overwritten if permissions allow.
+Its mode, user ID, and group
+ID are unchanged unless the
+.Fl p
+option was specified.
+.Pp
+In the second synopsis form,
+.Ar target_directory
+must exist unless there is only one named
+.Ar source_file
+which is a directory and the
+.Fl R
+flag is specified.
+.Pp
+If the destination file does not exist, the mode of the source file is
+used as modified by the file mode creation mask
+.Pf ( Ic umask ,
+see
+.Xr csh 1 ) .
+If the source file has its set-user-ID bit on, that bit is removed
+unless both the source file and the destination file are owned by the
+same user.
+If the source file has its set-group-ID bit on, that bit is removed
+unless both the source file and the destination file are in the same
+group and the user is a member of that group.
+If both the set-user-ID and set-group-ID bits are set, all of the above
+conditions must be fulfilled or both bits are removed.
+.Pp
+Appropriate permissions are required for file creation or overwriting.
+.Pp
+Symbolic links are always followed unless the
+.Fl R
+flag is set, in which case symbolic links are not followed, by default.
+The
+.Fl H
+or
+.Fl L
+flags (in conjunction with the
+.Fl R
+flag) cause symbolic links to be followed as described above.
+The
+.Fl H ,
+.Fl L
+and
+.Fl P
+options are ignored unless the
+.Fl R
+option is specified.
+In addition, these options override each other and the
+command's actions are determined by the last one specified.
+.Pp
+If
+.Nm
+receives a
+.Dv SIGINFO
+(see the
+.Cm status
+argument for
+.Xr stty 1 )
+signal, the current input and output file and the percentage complete
+will be written to the standard output.
+.Sh EXIT STATUS
+.Ex -std
+.Sh EXAMPLES
+Make a copy of file
+.Pa foo
+named
+.Pa bar :
+.Pp
+.Dl $ cp foo bar
+.Pp
+Copy a group of files to the
+.Pa /tmp
+directory:
+.Pp
+.Dl $ cp *.txt /tmp
+.Pp
+Copy the directory
+.Pa junk
+and all of its contents (including any subdirectories) to the
+.Pa /tmp
+directory:
+.Pp
+.Dl $ cp -R junk /tmp
+.Sh COMPATIBILITY
+Historic versions of the
+.Nm
+utility had a
+.Fl r
+option.
+This implementation supports that option, however, its behavior
+is different from historical
+.Fx
+behavior.
+Use of this option
+is strongly discouraged as the behavior is
+implementation-dependent.
+In
+.Fx ,
+.Fl r
+is a synonym for
+.Fl RL
+and works the same unless modified by other flags.
+Historical implementations
+of
+.Fl r
+differ as they copy special files as normal
+files while recreating a hierarchy.
+.Pp
+The
+.Fl a ,
+.Fl l ,
+.Fl N ,
+.Fl n ,
+.Fl s ,
+.Fl v ,
+and
+.Fl x
+options are non-standard and their use in scripts is not recommended.
+.Sh SEE ALSO
+.Xr mv 1 ,
+.Xr umask 2 ,
+.Xr fts 3 ,
+.Xr symlink 7
+.Sh STANDARDS
+The
+.Nm
+command is expected to be
+.St -p1003.2
+compatible.
+.Sh HISTORY
+A
+.Nm
+command appeared in
+.At v1 .
diff --git a/bin/cp/cp.c b/bin/cp/cp.c
new file mode 100644
index 000000000000..38fe65399d06
--- /dev/null
+++ b/bin/cp/cp.c
@@ -0,0 +1,695 @@
+/*-
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ * Copyright (c) 1988, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * David Hitz of Auspex Systems Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * Cp copies source files to target files.
+ *
+ * The global PATH_T structure "to" always contains the path to the
+ * current target file.  Since fts(3) does not change directories,
+ * this path can be either absolute or dot-relative.
+ *
+ * The basic algorithm is to initialize "to" and use fts(3) to traverse
+ * the file hierarchy rooted in the argument list.  A trivial case is the
+ * case of 'cp file1 file2'.  The more interesting case is the case of
+ * 'cp file1 file2 ... fileN dir' where the hierarchy is traversed and the
+ * path (relative to the root of the traversal) is appended to dir (stored
+ * in "to") to form the final target path.
+ */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#include <assert.h>
+#include <err.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <fts.h>
+#include <getopt.h>
+#include <limits.h>
+#include <signal.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "extern.h"
+
+static char dot[] = ".";
+
+#define END(buf) (buf + sizeof(buf))
+PATH_T to = { .dir = -1, .end = to.path };
+bool Nflag, fflag, iflag, lflag, nflag, pflag, sflag, vflag;
+static bool Hflag, Lflag, Pflag, Rflag, rflag, Sflag;
+volatile sig_atomic_t info;
+
+enum op { FILE_TO_FILE, FILE_TO_DIR, DIR_TO_DNE };
+
+static int copy(char *[], enum op, int, struct stat *);
+static void siginfo(int __unused);
+
+enum {
+	SORT_OPT = CHAR_MAX,
+};
+
+static const struct option long_opts[] =
+{
+	{ "archive",		no_argument,		NULL,	'a' },
+	{ "force",		no_argument,		NULL,	'f' },
+	{ "interactive",	no_argument,		NULL,	'i' },
+	{ "dereference",	no_argument,		NULL,	'L' },
+	{ "link",		no_argument,		NULL,	'l' },
+	{ "no-clobber",		no_argument,		NULL,	'n' },
+	{ "no-dereference",	no_argument,		NULL,	'P' },
+	{ "recursive",		no_argument,		NULL,	'R' },
+	{ "symbolic-link",	no_argument,		NULL,	's' },
+	{ "verbose",		no_argument,		NULL,	'v' },
+	{ "one-file-system",	no_argument,		NULL,	'x' },
+	{ "sort",		no_argument,		NULL,	SORT_OPT },
+	{ 0 }
+};
+
+int
+main(int argc, char *argv[])
+{
+	struct stat to_stat, tmp_stat;
+	enum op type;
+	int ch, fts_options, r;
+	char *sep, *target;
+	bool have_trailing_slash = false;
+
+	fts_options = FTS_NOCHDIR | FTS_PHYSICAL;
+	while ((ch = getopt_long(argc, argv, "+HLPRafilNnprsvx", long_opts,
+	    NULL)) != -1)
+		switch (ch) {
+		case 'H':
+			Hflag = true;
+			Lflag = Pflag = false;
+			break;
+		case 'L':
+			Lflag = true;
+			Hflag = Pflag = false;
+			break;
+		case 'P':
+			Pflag = true;
+			Hflag = Lflag = false;
+			break;
+		case 'R':
+			Rflag = true;
+			break;
+		case 'a':
+			pflag = true;
+			Rflag = true;
+			Pflag = true;
+			Hflag = Lflag = false;
+			break;
+		case 'f':
+			fflag = true;
+			iflag = nflag = false;
+			break;
+		case 'i':
+			iflag = true;
+			fflag = nflag = false;
+			break;
+		case 'l':
+			lflag = true;
+			break;
+		case 'N':
+			Nflag = true;
+			break;
+		case 'n':
+			nflag = true;
+			fflag = iflag = false;
+			break;
+		case 'p':
+			pflag = true;
+			break;
+		case 'r':
+			rflag = Lflag = true;
+			Hflag = Pflag = false;
+			break;
+		case 's':
+			sflag = true;
+			break;
+		case 'v':
+			vflag = true;
+			break;
+		case 'x':
+			fts_options |= FTS_XDEV;
+			break;
+		case SORT_OPT:
+			Sflag = true;
+			break;
+		default:
+			usage();
+		}
+	argc -= optind;
+	argv += optind;
+
+	if (argc < 2)
+		usage();
+
+	if (Rflag && rflag)
+		errx(1, "the -R and -r options may not be specified together");
+	if (lflag && sflag)
+		errx(1, "the -l and -s options may not be specified together");
+	if (rflag)
+		Rflag = true;
+	if (Rflag) {
+		if (Hflag)
+			fts_options |= FTS_COMFOLLOW;
+		if (Lflag) {
+			fts_options &= ~FTS_PHYSICAL;
+			fts_options |= FTS_LOGICAL;
+		}
+	} else if (!Pflag) {
+		fts_options &= ~FTS_PHYSICAL;
+		fts_options |= FTS_LOGICAL | FTS_COMFOLLOW;
+	}
+	(void)signal(SIGINFO, siginfo);
+
+	/* Save the target base in "to". */
+	target = argv[--argc];
+	if (*target == '\0') {
+		target = dot;
+	} else if ((sep = strrchr(target, '/')) != NULL && sep[1] == '\0') {
+		have_trailing_slash = true;
+		while (sep > target && *sep == '/')
+			sep--;
+		sep[1] = '\0';
+	}
+	/*
+	 * Copy target into to.base, leaving room for a possible separator
+	 * which will be appended later in the non-FILE_TO_FILE cases.
+	 */
+	if (strlcpy(to.base, target, sizeof(to.base) - 1) >=
+	    sizeof(to.base) - 1)
+		errc(1, ENAMETOOLONG, "%s", target);
+
+	/* Set end of argument list for fts(3). */
+	argv[argc] = NULL;
+
+	/*
+	 * Cp has two distinct cases:
+	 *
+	 * cp [-R] source target
+	 * cp [-R] source1 ... sourceN directory
+	 *
+	 * In both cases, source can be either a file or a directory.
+	 *
+	 * In (1), the target becomes a copy of the source. That is, if the
+	 * source is a file, the target will be a file, and likewise for
+	 * directories.
+	 *
+	 * In (2), the real target is not directory, but "directory/source".
+	 */
+	r = stat(to.base, &to_stat);
+	if (r == -1 && errno != ENOENT)
+		err(1, "%s", target);
+	if (r == -1 || !S_ISDIR(to_stat.st_mode)) {
+		/*
+		 * Case (1).  Target is not a directory.
+		 */
+		if (argc > 1)
+			errc(1, ENOTDIR, "%s", target);
+
+		/*
+		 * Need to detect the case:
+		 *	cp -R dir foo
+		 * Where dir is a directory and foo does not exist, where
+		 * we want pathname concatenations turned on but not for
+		 * the initial mkdir().
+		 */
+		if (r == -1) {
+			if (Rflag && (Lflag || Hflag))
+				stat(*argv, &tmp_stat);
+			else
+				lstat(*argv, &tmp_stat);
+
+			if (S_ISDIR(tmp_stat.st_mode) && Rflag)
+				type = DIR_TO_DNE;
+			else
+				type = FILE_TO_FILE;
+		} else
+			type = FILE_TO_FILE;
+
+		if (have_trailing_slash && type == FILE_TO_FILE) {
+			if (r == -1)
+				errc(1, ENOENT, "%s", target);
+			else
+				errc(1, ENOTDIR, "%s", target);
+		}
+	} else {
+		/*
+		 * Case (2).  Target is a directory.
+		 */
+		type = FILE_TO_DIR;
+	}
+
+	/*
+	 * For DIR_TO_DNE, we could provide copy() with the to_stat we've
+	 * already allocated on the stack here that isn't being used for
+	 * anything.  Not doing so, though, simplifies later logic a little bit
+	 * as we need to skip checking root_stat on the first iteration and
+	 * ensure that we set it with the first mkdir().
+	 */
+	exit (copy(argv, type, fts_options, (type == DIR_TO_DNE ? NULL :
+	    &to_stat)));
+}
+
+static int
+ftscmp(const FTSENT * const *a, const FTSENT * const *b)
+{
+	return (strcmp((*a)->fts_name, (*b)->fts_name));
+}
+
+static int
+copy(char *argv[], enum op type, int fts_options, struct stat *root_stat)
+{
+	char rootname[NAME_MAX];
+	struct stat created_root_stat, to_stat, *curr_stat;
+	FTS *ftsp;
+	FTSENT *curr;
+	char *recpath = NULL, *sep;
+	int atflags, dne, badcp, len, level, rval;
+	mode_t mask, mode;
+	bool beneath = Rflag && type != FILE_TO_FILE;
+
+	/*
+	 * Keep an inverted copy of the umask, for use in correcting
+	 * permissions on created directories when not using -p.
+	 */
+	mask = ~umask(0777);
+	umask(~mask);
+
+	if (type == FILE_TO_FILE) {
+		to.dir = AT_FDCWD;
+		to.end = to.path + strlcpy(to.path, to.base, sizeof(to.path));
+		to.base[0] = '\0';
+	} else if (type == FILE_TO_DIR) {
+		to.dir = open(to.base, O_DIRECTORY | O_SEARCH);
+		if (to.dir < 0)
+			err(1, "%s", to.base);
+		/*
+		 * We have previously made sure there is room for this.
+		 */
+		if (strcmp(to.base, "/") != 0) {
+			sep = strchr(to.base, '\0');
+			sep[0] = '/';
+			sep[1] = '\0';
+		}
+	} else {
+		/*
+		 * We will create the destination directory imminently.
+		 */
+		to.dir = -1;
+	}
+
+	level = FTS_ROOTLEVEL;
+	if ((ftsp = fts_open(argv, fts_options, Sflag ? ftscmp : NULL)) == NULL)
+		err(1, "fts_open");
+	for (badcp = rval = 0;
+	     (curr = fts_read(ftsp)) != NULL;
+	     badcp = 0, *to.end = '\0') {
+		curr_stat = curr->fts_statp;
+		switch (curr->fts_info) {
+		case FTS_NS:
+		case FTS_DNR:
+		case FTS_ERR:
+			if (level > curr->fts_level) {
+				/* leaving a directory; remove its name from to.path */
+				if (type == DIR_TO_DNE &&
+				    curr->fts_level == FTS_ROOTLEVEL) {
+					/* this is actually our created root */
+				} else {
+					while (to.end > to.path && *to.end != '/')
+						to.end--;
+					assert(strcmp(to.end + (*to.end == '/'),
+					    curr->fts_name) == 0);
+					*to.end = '\0';
+				}
+				level--;
+			}
+			warnc(curr->fts_errno, "%s", curr->fts_path);
+			badcp = rval = 1;
+			continue;
+		case FTS_DC:			/* Warn, continue. */
+			warnx("%s: directory causes a cycle", curr->fts_path);
+			badcp = rval = 1;
+			continue;
+		case FTS_D:
+			/*
+			 * Stash the root basename off for detecting
+			 * recursion later.
+			 *
+			 * This will be essential if the root is a symlink
+			 * and we're rolling with -L or -H.  The later
+			 * bits will need this bit in particular.
+			 */
+			if (curr->fts_level == FTS_ROOTLEVEL) {
+				strlcpy(rootname, curr->fts_name,
+				    sizeof(rootname));
+			}
+			/* we must have a destination! */
+			if (type == DIR_TO_DNE &&
+			    curr->fts_level == FTS_ROOTLEVEL) {
+				assert(to.dir < 0);
+				assert(root_stat == NULL);
+				mode = curr_stat->st_mode | S_IRWXU;
+				/*
+				 * Will our umask prevent us from entering
+				 * the directory after we create it?
+				 */
+				if (~mask & S_IRWXU)
+					umask(~mask & ~S_IRWXU);
+				if (mkdir(to.base, mode) != 0) {
+					warn("%s", to.base);
+					fts_set(ftsp, curr, FTS_SKIP);
+					badcp = rval = 1;
+					if (~mask & S_IRWXU)
+						umask(~mask);
+					continue;
+				}
+				to.dir = open(to.base, O_DIRECTORY | O_SEARCH);
+				if (to.dir < 0) {
+					warn("%s", to.base);
+					(void)rmdir(to.base);
+					fts_set(ftsp, curr, FTS_SKIP);
+					badcp = rval = 1;
+					if (~mask & S_IRWXU)
+						umask(~mask);
+					continue;
+				}
+				if (fstat(to.dir, &created_root_stat) != 0) {
+					warn("%s", to.base);
+					(void)close(to.dir);
+					(void)rmdir(to.base);
+					fts_set(ftsp, curr, FTS_SKIP);
+					to.dir = -1;
+					badcp = rval = 1;
+					if (~mask & S_IRWXU)
+						umask(~mask);
+					continue;
+				}
+				if (~mask & S_IRWXU)
+					umask(~mask);
+				root_stat = &created_root_stat;
+				curr->fts_number = 1;
+				/*
+				 * We have previously made sure there is
+				 * room for this.
+				 */
+				sep = strchr(to.base, '\0');
+				sep[0] = '/';
+				sep[1] = '\0';
+			} else {
+				/* entering a directory; append its name to to.path */
+				len = snprintf(to.end, END(to.path) - to.end, "%s%s",
+				    to.end > to.path ? "/" : "", curr->fts_name);
+				if (to.end + len >= END(to.path)) {
+					*to.end = '\0';
+					warnc(ENAMETOOLONG, "%s%s%s%s", to.base,
+					    to.path, to.end > to.path ? "/" : "",
+					    curr->fts_name);
+					fts_set(ftsp, curr, FTS_SKIP);
+					badcp = rval = 1;
+					continue;
+				}
+				to.end += len;
+			}
+			level++;
+			/*
+			 * We're on the verge of recursing on ourselves.
+			 * Either we need to stop right here (we knowingly
+			 * just created it), or we will in an immediate
+			 * descendant.  Record the path of the immediate
+			 * descendant to make our lives a little less
+			 * complicated looking.
+			 */
+			if (type != FILE_TO_FILE &&
+			    root_stat->st_dev == curr_stat->st_dev &&
+			    root_stat->st_ino == curr_stat->st_ino) {
+				assert(recpath == NULL);
+				if (root_stat == &created_root_stat) {
+					/*
+					 * This directory didn't exist
+					 * when we started, we created it
+					 * as part of traversal.  Stop
+					 * right here before we do
+					 * something silly.
+					 */
+					fts_set(ftsp, curr, FTS_SKIP);
+					continue;
+				}
+				if (asprintf(&recpath, "%s/%s", to.path,
+				    rootname) < 0) {
+					warnc(ENOMEM, NULL);
+					fts_set(ftsp, curr, FTS_SKIP);
+					badcp = rval = 1;
+					continue;
+				}
+			}
+			if (recpath != NULL &&
+			    strcmp(recpath, to.path) == 0) {
+				fts_set(ftsp, curr, FTS_SKIP);
+				continue;
+			}
+			break;
+		case FTS_DP:
+			/*
+			 * We are nearly finished with this directory.  If we
+			 * didn't actually copy it, or otherwise don't need to
+			 * change its attributes, then we are done.
+			 *
+			 * If -p is in effect, set all the attributes.
+			 * Otherwise, set the correct permissions, limited
+			 * by the umask.  Optimise by avoiding a chmod()
+			 * if possible (which is usually the case if we
+			 * made the directory).  Note that mkdir() does not
+			 * honour setuid, setgid and sticky bits, but we
+			 * normally want to preserve them on directories.
+			 */
+			if (curr->fts_number && pflag) {
+				int fd = *to.path ? -1 : to.dir;
+				if (setfile(curr_stat, fd, true))
+					rval = 1;
+				if (preserve_dir_acls(curr->fts_accpath,
+				    to.path) != 0)
+					rval = 1;
+			} else if (curr->fts_number) {
+				const char *path = *to.path ? to.path : dot;
+				mode = curr_stat->st_mode;
+				if (fchmodat(to.dir, path, mode & mask, 0) != 0) {
+					warn("chmod: %s%s", to.base, to.path);
+					rval = 1;
+				}
+			}
+			if (level > curr->fts_level) {
+				/* leaving a directory; remove its name from to.path */
+				if (type == DIR_TO_DNE &&
+				    curr->fts_level == FTS_ROOTLEVEL) {
+					/* this is actually our created root */
+				} else {
+					while (to.end > to.path && *to.end != '/')
+						to.end--;
+					assert(strcmp(to.end + (*to.end == '/'),
+					    curr->fts_name) == 0);
+					*to.end = '\0';
+				}
+				level--;
+			}
+			continue;
+		default:
+			/* something else: append its name to to.path */
+			if (type == FILE_TO_FILE)
+				break;
+			len = snprintf(to.end, END(to.path) - to.end, "%s%s",
+			    to.end > to.path ? "/" : "", curr->fts_name);
+			if (to.end + len >= END(to.path)) {
+				*to.end = '\0';
+				warnc(ENAMETOOLONG, "%s%s%s%s", to.base,
+				    to.path, to.end > to.path ? "/" : "",
+				    curr->fts_name);
+				badcp = rval = 1;
+				continue;
+			}
+			/* intentionally do not update to.end */
+			break;
+		}
+
+		/* Not an error but need to remember it happened. */
+		if (to.path[0] == '\0') {
+			/*
+			 * This can happen in two cases:
+			 * - DIR_TO_DNE; we created the directory and
+			 *   populated root_stat earlier.
+			 * - FILE_TO_DIR if a source has a trailing slash;
+			 *   the caller populated root_stat.
+			 */
+			dne = false;
+			to_stat = *root_stat;
+		} else {
+			atflags = beneath ? AT_RESOLVE_BENEATH : 0;
+			if (curr->fts_info == FTS_D || curr->fts_info == FTS_SL)
+				atflags |= AT_SYMLINK_NOFOLLOW;
+			dne = fstatat(to.dir, to.path, &to_stat, atflags) != 0;
+		}
+
+		/* Check if source and destination are identical. */
+		if (!dne &&
+		    to_stat.st_dev == curr_stat->st_dev &&
+		    to_stat.st_ino == curr_stat->st_ino) {
+			warnx("%s%s and %s are identical (not copied).",
+			    to.base, to.path, curr->fts_path);
+			badcp = rval = 1;
+			if (S_ISDIR(curr_stat->st_mode))
+				fts_set(ftsp, curr, FTS_SKIP);
+			continue;
+		}
+
+		switch (curr_stat->st_mode & S_IFMT) {
+		case S_IFLNK:
+			if ((fts_options & FTS_LOGICAL) ||
+			    ((fts_options & FTS_COMFOLLOW) &&
+			    curr->fts_level == 0)) {
+				/*
+				 * We asked FTS to follow links but got
+				 * here anyway, which means the target is
+				 * nonexistent or inaccessible.  Let
+				 * copy_file() deal with the error.
+				 */
+				if (copy_file(curr, dne, beneath))
+					badcp = rval = 1;
+			} else {
+				/* Copy the link. */
+				if (copy_link(curr, dne, beneath))
+					badcp = rval = 1;
+			}
+			break;
+		case S_IFDIR:
+			if (!Rflag) {
+				warnx("%s is a directory (not copied).",
+				    curr->fts_path);
+				fts_set(ftsp, curr, FTS_SKIP);
+				badcp = rval = 1;
+				break;
+			}
+			/*
+			 * If the directory doesn't exist, create the new
+			 * one with the from file mode plus owner RWX bits,
+			 * modified by the umask.  Trade-off between being
+			 * able to write the directory (if from directory is
+			 * 555) and not causing a permissions race.  If the
+			 * umask blocks owner writes, we fail.
+			 */
+			if (dne) {
+				mode = curr_stat->st_mode | S_IRWXU;
+				/*
+				 * Will our umask prevent us from entering
+				 * the directory after we create it?
+				 */
+				if (~mask & S_IRWXU)
+					umask(~mask & ~S_IRWXU);
+				if (mkdirat(to.dir, to.path, mode) != 0) {
+					warn("%s%s", to.base, to.path);
+					fts_set(ftsp, curr, FTS_SKIP);
+					badcp = rval = 1;
+					if (~mask & S_IRWXU)
+						umask(~mask);
+					break;
+				}
+				if (~mask & S_IRWXU)
+					umask(~mask);
+			} else if (!S_ISDIR(to_stat.st_mode)) {
+				warnc(ENOTDIR, "%s%s", to.base, to.path);
+				fts_set(ftsp, curr, FTS_SKIP);
+				badcp = rval = 1;
+				break;
+			}
+			/*
+			 * Arrange to correct directory attributes later
+			 * (in the post-order phase) if this is a new
+			 * directory, or if the -p flag is in effect.
+			 * Note that fts_number may already be set if this
+			 * is the newly created destination directory.
+			 */
+			curr->fts_number |= pflag || dne;
+			break;
+		case S_IFBLK:
+		case S_IFCHR:
+			if (Rflag && !sflag) {
+				if (copy_special(curr_stat, dne, beneath))
+					badcp = rval = 1;
+			} else {
+				if (copy_file(curr, dne, beneath))
+					badcp = rval = 1;
+			}
+			break;
+		case S_IFSOCK:
+			warnx("%s is a socket (not copied).",
+			    curr->fts_path);
+			break;
+		case S_IFIFO:
+			if (Rflag && !sflag) {
+				if (copy_fifo(curr_stat, dne, beneath))
+					badcp = rval = 1;
+			} else {
+				if (copy_file(curr, dne, beneath))
+					badcp = rval = 1;
+			}
+			break;
+		default:
+			if (copy_file(curr, dne, beneath))
+				badcp = rval = 1;
+			break;
+		}
+		if (vflag && !badcp)
+			(void)printf("%s -> %s%s\n", curr->fts_path, to.base, to.path);
+	}
+	assert(level == FTS_ROOTLEVEL);
+	if (errno)
+		err(1, "fts_read");
+	(void)fts_close(ftsp);
+	if (to.dir != AT_FDCWD && to.dir >= 0)
+		(void)close(to.dir);
+	free(recpath);
+	return (rval);
+}
+
+static void
+siginfo(int sig __unused)
+{
+
+	info = 1;
+}
diff --git a/bin/cp/extern.h b/bin/cp/extern.h
new file mode 100644
index 000000000000..683e6e5f289f
--- /dev/null
+++ b/bin/cp/extern.h
@@ -0,0 +1,64 @@
+/*-
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ * Copyright (c) 1991, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+typedef struct {
+	int		 dir;		/* base directory handle */
+	char		 base[PATH_MAX + 1];	/* base directory path */
+	char		*end;		/* pointer to NUL at end of path */
+	char		 path[PATH_MAX];	/* target path */
+} PATH_T;
+
+extern PATH_T to;
+extern bool Nflag, fflag, iflag, lflag, nflag, pflag, sflag, vflag;
+extern volatile sig_atomic_t info;
+
+__BEGIN_DECLS
+int	copy_fifo(struct stat *, bool, bool);
+int	copy_file(const FTSENT *, bool, bool);
+int	copy_link(const FTSENT *, bool, bool);
+int	copy_special(struct stat *, bool, bool);
+int	setfile(struct stat *, int, bool);
+int	preserve_dir_acls(const char *, const char *);
+int	preserve_fd_acls(int, int);
+void	usage(void) __dead2;
+__END_DECLS
+
+/*
+ * The FreeBSD and Darwin kernels return ENOTCAPABLE when a path lookup
+ * violates a RESOLVE_BENEATH constraint.  This results in confusing error
+ * messages, so translate it to the more widely recognized EACCES.
+ */
+#ifdef ENOTCAPABLE
+#define warn(...)							\
+	warnc(errno == ENOTCAPABLE ? EACCES : errno, __VA_ARGS__)
+#define err(rv, ...)							\
+	errc(rv, errno == ENOTCAPABLE ? EACCES : errno, __VA_ARGS__)
+#endif
diff --git a/bin/cp/tests/Makefile b/bin/cp/tests/Makefile
new file mode 100644
index 000000000000..a1917ada8fbf
--- /dev/null
+++ b/bin/cp/tests/Makefile
@@ -0,0 +1,5 @@
+PACKAGE=	tests
+
+ATF_TESTS_SH=	cp_test
+
+.include <bsd.test.mk>
diff --git a/bin/cp/tests/cp_test.sh b/bin/cp/tests/cp_test.sh
new file mode 100755
index 000000000000..b637f862b7d3
--- /dev/null
+++ b/bin/cp/tests/cp_test.sh
@@ -0,0 +1,901 @@
+#
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2020 Kyle Evans <kevans@FreeBSD.org>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+
+check_size()
+{
+	file=$1
+	sz=$2
+
+	atf_check -o inline:"$sz\n" stat -f '%z' $file
+}
+
+atf_test_case basic
+basic_head()
+{
+	atf_set "descr" "Copy a file"
+}
+basic_body()
+{
+	echo "foo" > bar
+
+	atf_check cp bar baz
+	check_size baz 4
+}
+
+atf_test_case basic_symlink
+basic_symlink_head()
+{
+	atf_set "descr" "Copy a symlink to a file"
+}
+basic_symlink_body()
+{
+	echo "foo" > bar
+	ln -s bar baz
+
+	atf_check cp baz foo
+	atf_check test ! -L foo
+
+	atf_check cmp foo bar
+}
+
+atf_test_case chrdev
+chrdev_head()
+{
+	atf_set "descr" "Copy a character device"
+}
+chrdev_body()
+{
+	echo "foo" > bar
+
+	check_size bar 4
+	atf_check cp /dev/null trunc
+	check_size trunc 0
+	atf_check cp bar trunc
+	check_size trunc 4
+	atf_check cp /dev/null trunc
+	check_size trunc 0
+}
+
+atf_test_case hardlink
+hardlink_head()
+{
+	atf_set "descr" "Create a hard link to a file"
+}
+hardlink_body()
+{
+	echo "foo" >foo
+	atf_check cp -l foo bar
+	atf_check -o inline:"foo\n" cat bar
+	atf_check test foo -ef bar
+}
+
+atf_test_case hardlink_exists
+hardlink_exists_head()
+{
+	atf_set "descr" "Attempt to create a hard link to a file, " \
+	    "but the destination already exists"
+}
+hardlink_exists_body()
+{
+	echo "foo" >foo
+	echo "bar" >bar
+	atf_check -s not-exit:0 -e match:exists cp -l foo bar
+	atf_check -o inline:"bar\n" cat bar
+	atf_check test ! foo -ef bar
+}
+
+atf_test_case hardlink_exists_force
+hardlink_exists_force_head()
+{
+	atf_set "descr" "Force creation of a hard link to a file " \
+	    "when the destination already exists"
+}
+hardlink_exists_force_body()
+{
+	echo "foo" >foo
+	echo "bar" >bar
+	atf_check cp -fl foo bar
+	atf_check -o inline:"foo\n" cat bar
+	atf_check test foo -ef bar
+}
+
+atf_test_case matching_srctgt
+matching_srctgt_head()
+{
+	atf_set "descr" "Avoid infinite loop when copying a directory to itself"
+}
+matching_srctgt_body()
+{
+	# PR235438: `cp -R foo foo` would previously infinitely recurse and
+	# eventually error out.
+	mkdir foo
+	echo "qux" > foo/bar
+	cp foo/bar foo/zoo
+
+	atf_check cp -R foo foo
+	atf_check -o inline:"qux\n" cat foo/foo/bar
+	atf_check -o inline:"qux\n" cat foo/foo/zoo
+	atf_check test ! -e foo/foo/foo
+}
+
+atf_test_case matching_srctgt_contained
+matching_srctgt_contained_head()
+{
+	atf_set "descr" "Avoid infinite loop when copying a directory " \
+	    "into an existing subdirectory of itself"
+}
+matching_srctgt_contained_body()
+{
+	# Let's do the same thing, except we'll try to recursively copy foo into
+	# one of its subdirectories.
+	mkdir foo
+	ln -s foo coo
+	echo "qux" > foo/bar
+	mkdir foo/moo
+	touch foo/moo/roo
+	cp foo/bar foo/zoo
+
+	atf_check cp -R foo foo/moo
+	atf_check cp -RH coo foo/moo
+	atf_check -o inline:"qux\n" cat foo/moo/foo/bar
+	atf_check -o inline:"qux\n" cat foo/moo/coo/bar
+	atf_check -o inline:"qux\n" cat foo/moo/foo/zoo
+	atf_check -o inline:"qux\n" cat foo/moo/coo/zoo
+
+	# We should have copied the contents of foo/moo before foo, coo started
+	# getting copied in.
+	atf_check -o not-empty stat foo/moo/foo/moo/roo
+	atf_check -o not-empty stat foo/moo/coo/moo/roo
+	atf_check -e not-empty -s not-exit:0 stat foo/moo/foo/moo/foo
+	atf_check -e not-empty -s not-exit:0 stat foo/moo/coo/moo/coo
+}
+
+atf_test_case matching_srctgt_link
+matching_srctgt_link_head()
+{
+	atf_set "descr" "Avoid infinite loop when recursively copying a " \
+	    "symlink to a directory into the directory it links to"
+}
+matching_srctgt_link_body()
+{
+	mkdir foo
+	echo "qux" > foo/bar
+	cp foo/bar foo/zoo
+
+	atf_check ln -s foo roo
+	atf_check cp -RH roo foo
+	atf_check -o inline:"qux\n" cat foo/roo/bar
+	atf_check -o inline:"qux\n" cat foo/roo/zoo
+}
+
+atf_test_case matching_srctgt_nonexistent
+matching_srctgt_nonexistent_head()
+{
+	atf_set "descr" "Avoid infinite loop when recursively copying a " \
+	    "directory into a new subdirectory of itself"
+}
+matching_srctgt_nonexistent_body()
+{
+	# We'll copy foo to a nonexistent subdirectory; ideally, we would
+	# skip just the directory and end up with a layout like;
+	#
+	# foo/
+	#     bar
+	#     dne/
+	#         bar
+	#         zoo
+	#     zoo
+	#
+	mkdir foo
+	echo "qux" > foo/bar
+	cp foo/bar foo/zoo
+
+	atf_check cp -R foo foo/dne
+	atf_check -o inline:"qux\n" cat foo/dne/bar
+	atf_check -o inline:"qux\n" cat foo/dne/zoo
+	atf_check -e not-empty -s not-exit:0 stat foo/dne/foo
+}
+
+atf_test_case pflag_acls
+pflag_acls_head()
+{
+	atf_set "descr" "Verify that -p preserves access control lists"
+}
+pflag_acls_body()
+{
+	mkdir dir
+	ln -s dir lnk
+	echo "hello" >dir/file
+	if ! setfacl -m g:staff:D::allow dir ||
+	   ! setfacl -m g:staff:d::allow dir/file ; then
+		atf_skip "file system does not support ACLs"
+	fi
+	atf_check -o match:"group:staff:-+D-+" getfacl dir
+	atf_check -o match:"group:staff:-+d-+" getfacl dir/file
+	# file-to-file copy without -p
+	atf_check cp dir/file dst1
+	atf_check -o not-match:"group:staff:-+d-+" getfacl dst1
+	# file-to-file copy with -p
+	atf_check cp -p dir/file dst2
+	atf_check -o match:"group:staff:-+d-+" getfacl dst2
+	# recursive copy without -p
+	atf_check cp -r dir dst3
+	atf_check -o not-match:"group:staff:-+D-+" getfacl dst3
+	atf_check -o not-match:"group:staff:-+d-+" getfacl dst3/file
+	# recursive copy with -p
+	atf_check cp -rp dir dst4
+	atf_check -o match:"group:staff:-+D-+" getfacl dst4
+	atf_check -o match:"group:staff:-+d-+" getfacl dst4/file
+	# source is a link without -p
+	atf_check cp -r lnk dst5
+	atf_check -o not-match:"group:staff:-+D-+" getfacl dst5
+	atf_check -o not-match:"group:staff:-+d-+" getfacl dst5/file
+	# source is a link with -p
+	atf_check cp -rp lnk dst6
+	atf_check -o match:"group:staff:-+D-+" getfacl dst6
+	atf_check -o match:"group:staff:-+d-+" getfacl dst6/file
+}
+
+atf_test_case pflag_flags
+pflag_flags_head()
+{
+	atf_set "descr" "Verify that -p preserves file flags"
+}
+pflag_flags_body()
+{
+	mkdir dir
+	ln -s dir lnk
+	echo "hello" >dir/file
+	if ! chflags nodump dir ||
+	   ! chflags nodump dir/file ; then
+		atf_skip "file system does not support flags"
+	fi
+	atf_check -o match:"nodump" stat -f%Sf dir
+	atf_check -o match:"nodump" stat -f%Sf dir/file
+	# file-to-file copy without -p
+	atf_check cp dir/file dst1
+	atf_check -o not-match:"nodump" stat -f%Sf dst1
+	# file-to-file copy with -p
+	atf_check cp -p dir/file dst2
+	atf_check -o match:"nodump" stat -f%Sf dst2
+	# recursive copy without -p
+	atf_check cp -r dir dst3
+	atf_check -o not-match:"nodump" stat -f%Sf dst3
+	atf_check -o not-match:"nodump" stat -f%Sf dst3/file
+	# recursive copy with -p
+	atf_check cp -rp dir dst4
+	atf_check -o match:"nodump" stat -f%Sf dst4
+	atf_check -o match:"nodump" stat -f%Sf dst4/file
+	# source is a link without -p
+	atf_check cp -r lnk dst5
+	atf_check -o not-match:"nodump" stat -f%Sf dst5
+	atf_check -o not-match:"nodump" stat -f%Sf dst5/file
+	# source is a link with -p
+	atf_check cp -rp lnk dst6
+	atf_check -o match:"nodump" stat -f%Sf dst6
+	atf_check -o match:"nodump" stat -f%Sf dst6/file
+}
+
+recursive_link_setup()
+{
+	extra_cpflag=$1
+
+	mkdir -p foo/bar
+	ln -s bar foo/baz
+
+	mkdir foo-mirror
+	eval "cp -R $extra_cpflag foo foo-mirror"
+}
+
+atf_test_case recursive_link_dflt
+recursive_link_dflt_head()
+{
+	atf_set "descr" "Copy a directory containing a subdirectory and a " \
+	    "symlink to that subdirectory"
+}
+recursive_link_dflt_body()
+{
+	recursive_link_setup
+
+	# -P is the default, so this should work and preserve the link.
+	atf_check cp -R foo foo-mirror
+	atf_check test -L foo-mirror/foo/baz
+	atf_check test -d foo-mirror/foo/baz
+}
+
+atf_test_case recursive_link_Hflag
+recursive_link_Hflag_head()
+{
+	atf_set "descr" "Copy a directory containing a subdirectory and a " \
+	    "symlink to that subdirectory"
+}
+recursive_link_Hflag_body()
+{
+	recursive_link_setup
+
+	# -H will not follow either, so this should also work and preserve the
+	# link.
+	atf_check cp -RH foo foo-mirror
+	atf_check test -L foo-mirror/foo/baz
+	atf_check test -d foo-mirror/foo/baz
+}
+
+atf_test_case recursive_link_Lflag
+recursive_link_Lflag_head()
+{
+	atf_set "descr" "Copy a directory containing a subdirectory and a " \
+	    "symlink to that subdirectory"
+}
+recursive_link_Lflag_body()
+{
+	recursive_link_setup -L
+
+	# -L will work, but foo/baz ends up expanded to a directory.
+	atf_check test ! -L foo-mirror/foo/baz
+	atf_check test -d foo-mirror/foo/baz
+	atf_check cp -RL foo foo-mirror
+	atf_check test ! -L foo-mirror/foo/baz
+	atf_check test -d foo-mirror/foo/baz
+}
+
+atf_test_case samefile
+samefile_head()
+{
+	atf_set "descr" "Copy a file to itself"
+}
+samefile_body()
+{
+	echo "foo" >foo
+	ln foo bar
+	ln -s bar baz
+	atf_check -e match:"baz and baz are identical" \
+	    -s exit:1 cp baz baz
+	atf_check -e match:"bar and baz are identical" \
+	    -s exit:1 cp baz bar
+	atf_check -e match:"foo and baz are identical" \
+	    -s exit:1 cp baz foo
+	atf_check -e match:"bar and foo are identical" \
+	    -s exit:1 cp foo bar
+}
+
+file_is_sparse()
+{
+	atf_check -o match:"^[0-9]+-[0-9]" stat -h "$1"
+}
+
+files_are_equal()
+{
+	atf_check test ! "$1" -ef "$2"
+	atf_check cmp "$1" "$2"
+}
+
+atf_test_case sparse_leading_hole
+sparse_leading_hole_head()
+{
+	atf_set "descr" "Copy a sparse file stat starts with a hole"
+}
+sparse_leading_hole_body()
+{
+	# A 16-megabyte hole followed by one megabyte of data
+	truncate -s 16M foo
+	seq -f%015g 65536 >>foo
+	file_is_sparse foo
+
+	atf_check cp foo bar
+	files_are_equal foo bar
+	file_is_sparse bar
+}
+
+atf_test_case sparse_multiple_holes
+sparse_multiple_hole_head()
+{
+	atf_set "descr" "Copy a sparse file with multiple holes"
+}
+sparse_multiple_holes_body()
+{
+	# Three one-megabyte blocks of data preceded, separated, and
+	# followed by 16-megabyte holes
+	truncate -s 16M foo
+	seq -f%015g 65536 >>foo
+	truncate -s 33M foo
+	seq -f%015g 65536 >>foo
+	truncate -s 50M foo
+	seq -f%015g 65536 >>foo
+	truncate -s 67M foo
+	file_is_sparse foo
+
+	atf_check cp foo bar
+	files_are_equal foo bar
+	file_is_sparse bar
+}
+
+atf_test_case sparse_only_hole
+sparse_only_hole_head()
+{
+	atf_set "descr" "Copy a sparse file consisting entirely of a hole"
+}
+sparse_only_hole_body()
+{
+	# A 16-megabyte hole
+	truncate -s 16M foo
+	file_is_sparse foo
+
+	atf_check cp foo bar
+	files_are_equal foo bar
+	file_is_sparse bar
+}
+
+atf_test_case sparse_to_dev
+sparse_to_dev_head()
+{
+	atf_set "descr" "Copy a sparse file to a device"
+}
+sparse_to_dev_body()
+{
+	# Three one-megabyte blocks of data preceded, separated, and
+	# followed by 16-megabyte holes
+	truncate -s 16M foo
+	seq -f%015g 65536 >>foo
+	truncate -s 33M foo
+	seq -f%015g 65536 >>foo
+	truncate -s 50M foo
+	seq -f%015g 65536 >>foo
+	truncate -s 67M foo
+	file_is_sparse foo
+
+	atf_check -o file:foo cp foo /dev/stdout
+}
+
+atf_test_case sparse_trailing_hole
+sparse_trailing_hole_head()
+{
+	atf_set "descr" "Copy a sparse file that ends with a hole"
+}
+sparse_trailing_hole_body()
+{
+	# One megabyte of data followed by a 16-megabyte hole
+	seq -f%015g 65536 >foo
+	truncate -s 17M foo
+	file_is_sparse foo
+
+	atf_check cp foo bar
+	files_are_equal foo bar
+	file_is_sparse bar
+}
+
+atf_test_case standalone_Pflag
+standalone_Pflag_head()
+{
+	atf_set "descr" "Test -P without -R"
+}
+standalone_Pflag_body()
+{
+	echo "foo" > bar
+	ln -s bar foo
+
+	atf_check cp -P foo baz
+	atf_check test -L baz
+}
+
+atf_test_case symlink
+symlink_head()
+{
+	atf_set "descr" "Create a symbolic link to a file"
+}
+symlink_body()
+{
+	echo "foo" >foo
+	atf_check cp -s foo bar
+	atf_check -o inline:"foo\n" cat bar
+	atf_check -o inline:"foo\n" readlink bar
+}
+
+atf_test_case symlink_exists
+symlink_exists_head()
+{
+	atf_set "descr" "Attempt to create a symbolic link to a file, " \
+	    "but the destination already exists"
+}
+symlink_exists_body()
+{
+	echo "foo" >foo
+	echo "bar" >bar
+	atf_check -s not-exit:0 -e match:exists cp -s foo bar
+	atf_check -o inline:"bar\n" cat bar
+}
+
+atf_test_case symlink_exists_force
+symlink_exists_force_head()
+{
+	atf_set "descr" "Force creation of a symbolic link to a file " \
+	    "when the destination already exists"
+}
+symlink_exists_force_body()
+{
+	echo "foo" >foo
+	echo "bar" >bar
+	atf_check cp -fs foo bar
+	atf_check -o inline:"foo\n" cat bar
+	atf_check -o inline:"foo\n" readlink bar
+}
+
+atf_test_case directory_to_symlink
+directory_to_symlink_head()
+{
+	atf_set "descr" "Attempt to copy a directory to a symlink"
+}
+directory_to_symlink_body()
+{
+	mkdir -p foo
+	ln -s .. foo/bar
+	mkdir bar
+	touch bar/baz
+	atf_check -s not-exit:0 -e match:"Not a directory" \
+	    cp -R bar foo
+	atf_check -s not-exit:0 -e match:"Not a directory" \
+	    cp -r bar foo
+}
+
+atf_test_case overwrite_directory
+overwrite_directory_head()
+{
+	atf_set "descr" "Attempt to overwrite a directory with a file"
+}
+overwrite_directory_body()
+{
+	mkdir -p foo/bar/baz
+	touch bar
+	atf_check -s not-exit:0 -e match:"Is a directory" \
+	    cp bar foo
+	rm bar
+	mkdir bar
+	touch bar/baz
+	atf_check -s not-exit:0 -e match:"Is a directory" \
+	    cp -R bar foo
+	atf_check -s not-exit:0 -e match:"Is a directory" \
+	    cp -r bar foo
+}
+
+atf_test_case to_dir_dne
+to_dir_dne_head()
+{
+	atf_set "descr" "Copy a directory to a nonexistent directory"
+}
+to_dir_dne_body()
+{
+	mkdir dir
+	echo "foo" >dir/foo
+	atf_check cp -r dir dne
+	atf_check test -d dne
+	atf_check test -f dne/foo
+	atf_check cmp dir/foo dne/foo
+}
+
+atf_test_case to_nondir
+to_dir_dne_head()
+{
+	atf_set "descr" "Copy one or more files to a non-directory"
+}
+to_nondir_body()
+{
+	echo "foo" >foo
+	echo "bar" >bar
+	echo "baz" >baz
+	# This is described as “case 1” in source code comments
+	atf_check cp foo bar
+	atf_check cmp -s foo bar
+	# This is “case 2”, the target must be a directory
+	atf_check -s not-exit:0 -e match:"Not a directory" \
+	    cp foo bar baz
+}
+
+atf_test_case to_deadlink
+to_deadlink_head()
+{
+	atf_set "descr" "Copy a file to a dead symbolic link"
+}
+to_deadlink_body()
+{
+	echo "foo" >foo
+	ln -s bar baz
+	atf_check cp foo baz
+	atf_check cmp -s foo bar
+}
+
+atf_test_case to_deadlink_append
+to_deadlink_append_head()
+{
+	atf_set "descr" "Copy multiple files to a dead symbolic link"
+}
+to_deadlink_append_body()
+{
+	echo "foo" >foo
+	mkdir bar
+	ln -s baz bar/foo
+	atf_check cp foo bar
+	atf_check cmp -s foo bar/baz
+	rm -f bar/foo bar/baz
+	ln -s baz bar/foo
+	atf_check cp foo bar/
+	atf_check cmp -s foo bar/baz
+	rm -f bar/foo bar/baz
+	ln -s $PWD/baz bar/foo
+	atf_check cp foo bar/
+	atf_check cmp -s foo baz
+}
+
+atf_test_case to_dirlink
+to_dirlink_head()
+{
+	atf_set "descr" "Copy things to a symbolic link to a directory"
+}
+to_dirlink_body()
+{
+	mkdir src dir
+	echo "foo" >src/file
+	ln -s dir dst
+	atf_check cp -r src dst
+	atf_check cmp -s src/file dir/src/file
+	rm -r dir/*
+	atf_check cp -r src dst/
+	atf_check cmp -s src/file dir/src/file
+	rm -r dir/*
+	# If the source is a directory and ends in a slash, our cp has
+	# traditionally copied the contents of the source rather than
+	# the source itself.  It is unclear whether this is intended
+	# or simply a consequence of how FTS handles the situation.
+	# Notably, GNU cp does not behave in this manner.
+	atf_check cp -r src/ dst
+	atf_check cmp -s src/file dir/file
+	rm -r dir/*
+	atf_check cp -r src/ dst/
+	atf_check cmp -s src/file dir/file
+	rm -r dir/*
+}
+
+atf_test_case to_deaddirlink
+to_deaddirlink_head()
+{
+	atf_set "descr" "Copy things to a symbolic link to a nonexistent " \
+	    "directory"
+}
+to_deaddirlink_body()
+{
+	mkdir src
+	echo "foo" >src/file
+	ln -s dir dst
+	# It is unclear which error we should expect in these cases.
+	# Our current implementation always reports ENOTDIR, but one
+	# might be equally justified in expecting EEXIST or ENOENT.
+	# GNU cp reports EEXIST when the destination is given with a
+	# trailing slash and “cannot overwrite non-directory with
+	# directory” otherwise.
+	atf_check -s not-exit:0 -e ignore \
+	    cp -r src dst
+	atf_check -s not-exit:0 -e ignore \
+	    cp -r src dst/
+	atf_check -s not-exit:0 -e ignore \
+	    cp -r src/ dst
+	atf_check -s not-exit:0 -e ignore \
+	    cp -r src/ dst/
+	atf_check -s not-exit:0 -e ignore \
+	    cp -R src dst
+	atf_check -s not-exit:0 -e ignore \
+	    cp -R src dst/
+	atf_check -s not-exit:0 -e ignore \
+	    cp -R src/ dst
+	atf_check -s not-exit:0 -e ignore \
+	    cp -R src/ dst/
+}
+
+atf_test_case to_link_outside
+to_link_outside_head()
+{
+	atf_set "descr" "Recursively copy a directory containing a symbolic " \
+	    "link that points to somewhere outside the source directory"
+}
+to_link_outside_body()
+{
+	mkdir dir dst dst/dir
+	echo "foo" >dir/file
+	ln -s ../../file dst/dir/file
+	atf_check \
+	    -s exit:1 \
+	    -e match:"dst/dir/file: Permission denied" \
+	    cp -r dir dst
+}
+
+atf_test_case dstmode
+dstmode_head()
+{
+	atf_set "descr" "Verify that directories are created with the " \
+	    "correct permissions"
+}
+dstmode_body()
+{
+	mkdir -m 0755 dir
+	echo "foo" >dir/file
+	umask 0177
+	atf_check cp -R dir dst
+	umask 022
+	atf_check -o inline:"40600\n" stat -f%p dst
+	atf_check chmod 0750 dst
+	atf_check cmp dir/file dst/file
+}
+
+atf_test_case to_root cleanup
+to_root_head()
+{
+	atf_set "require.user" "unprivileged"
+}
+to_root_body()
+{
+	dst="test.$(atf_get ident).$$"
+	echo "$dst" >dst
+	echo "foo" >"$dst"
+	atf_check -s not-exit:0 \
+	    -e match:"^cp: /$dst: (Permission|Read-only)" \
+	    cp "$dst" /
+	atf_check -s not-exit:0 \
+	    -e match:"^cp: /$dst: (Permission|Read-only)" \
+	    cp "$dst" //
+}
+to_root_cleanup()
+{
+	(dst=$(cat dst) && rm "/$dst") 2>/dev/null || true
+}
+
+atf_test_case dirloop
+dirloop_head()
+{
+	atf_set "descr" "Test cycle detection when recursing"
+}
+dirloop_body()
+{
+	mkdir -p src/a src/b
+	ln -s ../b src/a
+	ln -s ../a src/b
+	atf_check \
+	    -s exit:1 \
+	    -e match:"src/a/b/a: directory causes a cycle" \
+	    -e match:"src/b/a/b: directory causes a cycle" \
+	    cp -r src dst
+	atf_check test -d dst
+	atf_check test -d dst/a
+	atf_check test -d dst/b
+	atf_check test -d dst/a/b
+	atf_check test ! -e dst/a/b/a
+	atf_check test -d dst/b/a
+	atf_check test ! -e dst/b/a/b
+}
+
+atf_test_case unrdir
+unrdir_head()
+{
+	atf_set "descr" "Test handling of unreadable directories"
+	atf_set "require.user" "unprivileged"
+}
+unrdir_body()
+{
+	for d in a b c ; do
+		mkdir -p src/$d
+		echo "$d" >src/$d/f
+	done
+	chmod 0 src/b
+	atf_check \
+	    -s exit:1 \
+	    -e match:"^cp: src/b: Permission denied" \
+	    cp -R --sort src dst
+	atf_check test -d dst/a
+	atf_check cmp src/a/f dst/a/f
+	atf_check test -d dst/b
+	atf_check test ! -e dst/b/f
+	atf_check test -d dst/c
+	atf_check cmp src/c/f dst/c/f
+}
+
+atf_test_case unrfile
+unrfile_head()
+{
+	atf_set "descr" "Test handling of unreadable files"
+	atf_set "require.user" "unprivileged"
+}
+unrfile_body()
+{
+	mkdir src
+	for d in a b c ; do
+		echo "$d" >src/$d
+	done
+	chmod 0 src/b
+	atf_check \
+	    -s exit:1 \
+	    -e match:"^cp: src/b: Permission denied" \
+	    cp -R --sort src dst
+	atf_check test -d dst
+	atf_check cmp src/a dst/a
+	atf_check test ! -e dst/b
+	atf_check cmp src/c dst/c
+}
+
+atf_test_case nopermute
+nopermute_head()
+{
+	atf_set descr "Check that getopt_long does not permute options"
+}
+nopermute_body()
+{
+	mkdir src dst
+	atf_check \
+	    -s exit:1 \
+	    -e match:'cp: -p: No such file' \
+	    cp -R src -p dst
+	atf_check test -d dst/src
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case basic
+	atf_add_test_case basic_symlink
+	atf_add_test_case chrdev
+	atf_add_test_case hardlink
+	atf_add_test_case hardlink_exists
+	atf_add_test_case hardlink_exists_force
+	atf_add_test_case matching_srctgt
+	atf_add_test_case matching_srctgt_contained
+	atf_add_test_case matching_srctgt_link
+	atf_add_test_case matching_srctgt_nonexistent
+	atf_add_test_case pflag_acls
+	atf_add_test_case pflag_flags
+	atf_add_test_case recursive_link_dflt
+	atf_add_test_case recursive_link_Hflag
+	atf_add_test_case recursive_link_Lflag
+	atf_add_test_case samefile
+	atf_add_test_case sparse_leading_hole
+	atf_add_test_case sparse_multiple_holes
+	atf_add_test_case sparse_only_hole
+	atf_add_test_case sparse_to_dev
+	atf_add_test_case sparse_trailing_hole
+	atf_add_test_case standalone_Pflag
+	atf_add_test_case symlink
+	atf_add_test_case symlink_exists
+	atf_add_test_case symlink_exists_force
+	atf_add_test_case directory_to_symlink
+	atf_add_test_case overwrite_directory
+	atf_add_test_case to_dir_dne
+	atf_add_test_case to_nondir
+	atf_add_test_case to_deadlink
+	atf_add_test_case to_deadlink_append
+	atf_add_test_case to_dirlink
+	atf_add_test_case to_deaddirlink
+	atf_add_test_case to_link_outside
+	atf_add_test_case dstmode
+	atf_add_test_case to_root
+	atf_add_test_case dirloop
+	atf_add_test_case unrdir
+	atf_add_test_case unrfile
+	atf_add_test_case nopermute
+}
diff --git a/bin/cp/utils.c b/bin/cp/utils.c
new file mode 100644
index 000000000000..2036056ada68
--- /dev/null
+++ b/bin/cp/utils.c
@@ -0,0 +1,493 @@
+/*-
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ * Copyright (c) 1991, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/param.h>
+#include <sys/acl.h>
+#include <sys/stat.h>
+
+#include <err.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <fts.h>
+#include <limits.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sysexits.h>
+#include <unistd.h>
+
+#include "extern.h"
+
+#define	cp_pct(x, y)	((y == 0) ? 0 : (int)(100.0 * (x) / (y)))
+
+/*
+ * Memory strategy threshold, in pages: if physmem is larger then this, use a 
+ * large buffer.
+ */
+#define PHYSPAGES_THRESHOLD (32*1024)
+
+/* Maximum buffer size in bytes - do not allow it to grow larger than this. */
+#define BUFSIZE_MAX (2*1024*1024)
+
+/*
+ * Small (default) buffer size in bytes. It's inefficient for this to be
+ * smaller than MAXPHYS.
+ */
+#define BUFSIZE_SMALL (MAXPHYS)
+
+/*
+ * Prompt used in -i case.
+ */
+#define YESNO "(y/n [n]) "
+
+static ssize_t
+copy_fallback(int from_fd, int to_fd)
+{
+	static char *buf = NULL;
+	static size_t bufsize;
+	ssize_t rcount, wresid, wcount = 0;
+	char *bufp;
+
+	if (buf == NULL) {
+		if (sysconf(_SC_PHYS_PAGES) > PHYSPAGES_THRESHOLD)
+			bufsize = MIN(BUFSIZE_MAX, MAXPHYS * 8);
+		else
+			bufsize = BUFSIZE_SMALL;
+		buf = malloc(bufsize);
+		if (buf == NULL)
+			err(1, "Not enough memory");
+	}
+	rcount = read(from_fd, buf, bufsize);
+	if (rcount <= 0)
+		return (rcount);
+	for (bufp = buf, wresid = rcount; ; bufp += wcount, wresid -= wcount) {
+		wcount = write(to_fd, bufp, wresid);
+		if (wcount <= 0)
+			break;
+		if (wcount >= wresid)
+			break;
+	}
+	return (wcount < 0 ? wcount : rcount);
+}
+
+int
+copy_file(const FTSENT *entp, bool dne, bool beneath)
+{
+	struct stat sb, *fs;
+	ssize_t wcount;
+	off_t wtotal;
+	int ch, checkch, from_fd, rval, to_fd;
+	bool use_copy_file_range = true;
+
+	fs = entp->fts_statp;
+	from_fd = to_fd = -1;
+	if (!lflag && !sflag) {
+		if ((from_fd = open(entp->fts_path, O_RDONLY, 0)) < 0 ||
+		    fstat(from_fd, &sb) != 0) {
+			warn("%s", entp->fts_path);
+			if (from_fd >= 0)
+				(void)close(from_fd);
+			return (1);
+		}
+		/*
+		 * Check that the file hasn't been replaced with one of a
+		 * different type.  This can happen if we've been asked to
+		 * copy something which is actively being modified and
+		 * lost the race, or if we've been asked to copy something
+		 * like /proc/X/fd/Y which stat(2) reports as S_IFREG but
+		 * is actually something else once you open it.
+		 */
+		if ((sb.st_mode & S_IFMT) != (fs->st_mode & S_IFMT)) {
+			warnx("%s: File changed", entp->fts_path);
+			(void)close(from_fd);
+			return (1);
+		}
+	}
+
+	/*
+	 * If the file exists and we're interactive, verify with the user.
+	 * If the file DNE, set the mode to be the from file, minus setuid
+	 * bits, modified by the umask; arguably wrong, but it makes copying
+	 * executables work right and it's been that way forever.  (The
+	 * other choice is 666 or'ed with the execute bits on the from file
+	 * modified by the umask.)
+	 */
+	if (!dne) {
+		if (nflag) {
+			if (vflag)
+				printf("%s%s not overwritten\n",
+				    to.base, to.path);
+			rval = 1;
+			goto done;
+		} else if (iflag) {
+			(void)fprintf(stderr, "overwrite %s%s? %s",
+			    to.base, to.path, YESNO);
+			checkch = ch = getchar();
+			while (ch != '\n' && ch != EOF)
+				ch = getchar();
+			if (checkch != 'y' && checkch != 'Y') {
+				(void)fprintf(stderr, "not overwritten\n");
+				rval = 1;
+				goto done;
+			}
+		}
+
+		if (fflag) {
+			/* remove existing destination file */
+			(void)unlinkat(to.dir, to.path,
+			    beneath ? AT_RESOLVE_BENEATH : 0);
+			dne = 1;
+		}
+	}
+
+	rval = 0;
+
+	if (lflag) {
+		if (linkat(AT_FDCWD, entp->fts_path, to.dir, to.path, 0) != 0) {
+			warn("%s%s", to.base, to.path);
+			rval = 1;
+		}
+		goto done;
+	}
+
+	if (sflag) {
+		if (symlinkat(entp->fts_path, to.dir, to.path) != 0) {
+			warn("%s%s", to.base, to.path);
+			rval = 1;
+		}
+		goto done;
+	}
+
+	if (!dne) {
+		/* overwrite existing destination file */
+		to_fd = openat(to.dir, to.path,
+		    O_WRONLY | O_TRUNC | (beneath ? O_RESOLVE_BENEATH : 0), 0);
+	} else {
+		/* create new destination file */
+		to_fd = openat(to.dir, to.path,
+		    O_WRONLY | O_TRUNC | O_CREAT |
+		    (beneath ? O_RESOLVE_BENEATH : 0),
+		    fs->st_mode & ~(S_ISUID | S_ISGID));
+	}
+	if (to_fd == -1) {
+		warn("%s%s", to.base, to.path);
+		rval = 1;
+		goto done;
+	}
+
+	wtotal = 0;
+	do {
+		if (use_copy_file_range) {
+			wcount = copy_file_range(from_fd, NULL,
+			    to_fd, NULL, SSIZE_MAX, 0);
+			if (wcount < 0 && errno == EINVAL) {
+				/* probably a non-seekable descriptor */
+				use_copy_file_range = false;
+			}
+		}
+		if (!use_copy_file_range) {
+			wcount = copy_fallback(from_fd, to_fd);
+		}
+		wtotal += wcount;
+		if (info) {
+			info = 0;
+			(void)fprintf(stderr,
+			    "%s -> %s%s %3d%%\n",
+			    entp->fts_path, to.base, to.path,
+			    cp_pct(wtotal, fs->st_size));
+		}
+	} while (wcount > 0);
+	if (wcount < 0) {
+		warn("%s", entp->fts_path);
+		rval = 1;
+	}
+
+	/*
+	 * Don't remove the target even after an error.  The target might
+	 * not be a regular file, or its attributes might be important,
+	 * or its contents might be irreplaceable.  It would only be safe
+	 * to remove it if we created it and its length is 0.
+	 */
+	if (pflag && setfile(fs, to_fd, beneath))
+		rval = 1;
+	if (pflag && preserve_fd_acls(from_fd, to_fd) != 0)
+		rval = 1;
+	if (close(to_fd)) {
+		warn("%s%s", to.base, to.path);
+		rval = 1;
+	}
+
+done:
+	if (from_fd != -1)
+		(void)close(from_fd);
+	return (rval);
+}
+
+int
+copy_link(const FTSENT *p, bool dne, bool beneath)
+{
+	ssize_t len;
+	int atflags = beneath ? AT_RESOLVE_BENEATH : 0;
+	char llink[PATH_MAX];
+
+	if (!dne && nflag) {
+		if (vflag)
+			printf("%s%s not overwritten\n", to.base, to.path);
+		return (1);
+	}
+	if ((len = readlink(p->fts_path, llink, sizeof(llink) - 1)) == -1) {
+		warn("readlink: %s", p->fts_path);
+		return (1);
+	}
+	llink[len] = '\0';
+	if (!dne && unlinkat(to.dir, to.path, atflags) != 0) {
+		warn("unlink: %s%s", to.base, to.path);
+		return (1);
+	}
+	if (symlinkat(llink, to.dir, to.path) != 0) {
+		warn("symlink: %s", llink);
+		return (1);
+	}
+	return (pflag ? setfile(p->fts_statp, -1, beneath) : 0);
+}
+
+int
+copy_fifo(struct stat *from_stat, bool dne, bool beneath)
+{
+	int atflags = beneath ? AT_RESOLVE_BENEATH : 0;
+
+	if (!dne && nflag) {
+		if (vflag)
+			printf("%s%s not overwritten\n", to.base, to.path);
+		return (1);
+	}
+	if (!dne && unlinkat(to.dir, to.path, atflags) != 0) {
+		warn("unlink: %s%s", to.base, to.path);
+		return (1);
+	}
+	if (mkfifoat(to.dir, to.path, from_stat->st_mode) != 0) {
+		warn("mkfifo: %s%s", to.base, to.path);
+		return (1);
+	}
+	return (pflag ? setfile(from_stat, -1, beneath) : 0);
+}
+
+int
+copy_special(struct stat *from_stat, bool dne, bool beneath)
+{
+	int atflags = beneath ? AT_RESOLVE_BENEATH : 0;
+
+	if (!dne && nflag) {
+		if (vflag)
+			printf("%s%s not overwritten\n", to.base, to.path);
+		return (1);
+	}
+	if (!dne && unlinkat(to.dir, to.path, atflags) != 0) {
+		warn("unlink: %s%s", to.base, to.path);
+		return (1);
+	}
+	if (mknodat(to.dir, to.path, from_stat->st_mode, from_stat->st_rdev) != 0) {
+		warn("mknod: %s%s", to.base, to.path);
+		return (1);
+	}
+	return (pflag ? setfile(from_stat, -1, beneath) : 0);
+}
+
+int
+setfile(struct stat *fs, int fd, bool beneath)
+{
+	static struct timespec tspec[2];
+	struct stat ts;
+	int atflags = beneath ? AT_RESOLVE_BENEATH : 0;
+	int rval, gotstat, islink, fdval;
+
+	rval = 0;
+	fdval = fd != -1;
+	islink = !fdval && S_ISLNK(fs->st_mode);
+	if (islink)
+		atflags |= AT_SYMLINK_NOFOLLOW;
+	fs->st_mode &= S_ISUID | S_ISGID | S_ISVTX |
+	    S_IRWXU | S_IRWXG | S_IRWXO;
+
+	tspec[0] = fs->st_atim;
+	tspec[1] = fs->st_mtim;
+	if (fdval ? futimens(fd, tspec) :
+	    utimensat(to.dir, to.path, tspec, atflags)) {
+		warn("utimensat: %s%s", to.base, to.path);
+		rval = 1;
+	}
+	if (fdval ? fstat(fd, &ts) :
+	    fstatat(to.dir, to.path, &ts, atflags)) {
+		gotstat = 0;
+	} else {
+		gotstat = 1;
+		ts.st_mode &= S_ISUID | S_ISGID | S_ISVTX |
+		    S_IRWXU | S_IRWXG | S_IRWXO;
+	}
+	/*
+	 * Changing the ownership probably won't succeed, unless we're root
+	 * or POSIX_CHOWN_RESTRICTED is not set.  Set uid/gid before setting
+	 * the mode; current BSD behavior is to remove all setuid bits on
+	 * chown.  If chown fails, lose setuid/setgid bits.
+	 */
+	if (!gotstat || fs->st_uid != ts.st_uid || fs->st_gid != ts.st_gid) {
+		if (fdval ? fchown(fd, fs->st_uid, fs->st_gid) :
+		    fchownat(to.dir, to.path, fs->st_uid, fs->st_gid, atflags)) {
+			if (errno != EPERM) {
+				warn("chown: %s%s", to.base, to.path);
+				rval = 1;
+			}
+			fs->st_mode &= ~(S_ISUID | S_ISGID);
+		}
+	}
+
+	if (!gotstat || fs->st_mode != ts.st_mode) {
+		if (fdval ? fchmod(fd, fs->st_mode) :
+		    fchmodat(to.dir, to.path, fs->st_mode, atflags)) {
+			warn("chmod: %s%s", to.base, to.path);
+			rval = 1;
+		}
+	}
+
+	if (!Nflag && (!gotstat || fs->st_flags != ts.st_flags)) {
+		if (fdval ? fchflags(fd, fs->st_flags) :
+		    chflagsat(to.dir, to.path, fs->st_flags, atflags)) {
+			/*
+			 * NFS doesn't support chflags; ignore errors unless
+			 * there's reason to believe we're losing bits.  (Note,
+			 * this still won't be right if the server supports
+			 * flags and we were trying to *remove* flags on a file
+			 * that we copied, i.e., that we didn't create.)
+			 */
+			if (errno != EOPNOTSUPP || fs->st_flags != 0) {
+				warn("chflags: %s%s", to.base, to.path);
+				rval = 1;
+			}
+		}
+	}
+
+	return (rval);
+}
+
+int
+preserve_fd_acls(int source_fd, int dest_fd)
+{
+	acl_t acl;
+	acl_type_t acl_type;
+	int acl_supported = 0, ret, trivial;
+
+	ret = fpathconf(source_fd, _PC_ACL_NFS4);
+	if (ret > 0 ) {
+		acl_supported = 1;
+		acl_type = ACL_TYPE_NFS4;
+	} else if (ret < 0 && errno != EINVAL) {
+		warn("fpathconf(..., _PC_ACL_NFS4) failed for %s%s",
+		    to.base, to.path);
+		return (-1);
+	}
+	if (acl_supported == 0) {
+		ret = fpathconf(source_fd, _PC_ACL_EXTENDED);
+		if (ret > 0 ) {
+			acl_supported = 1;
+			acl_type = ACL_TYPE_ACCESS;
+		} else if (ret < 0 && errno != EINVAL) {
+			warn("fpathconf(..., _PC_ACL_EXTENDED) failed for %s%s",
+			    to.base, to.path);
+			return (-1);
+		}
+	}
+	if (acl_supported == 0)
+		return (0);
+
+	acl = acl_get_fd_np(source_fd, acl_type);
+	if (acl == NULL) {
+		warn("failed to get acl entries while setting %s%s",
+		    to.base, to.path);
+		return (-1);
+	}
+	if (acl_is_trivial_np(acl, &trivial)) {
+		warn("acl_is_trivial() failed for %s%s",
+		    to.base, to.path);
+		acl_free(acl);
+		return (-1);
+	}
+	if (trivial) {
+		acl_free(acl);
+		return (0);
+	}
+	if (acl_set_fd_np(dest_fd, acl, acl_type) < 0) {
+		warn("failed to set acl entries for %s%s",
+		    to.base, to.path);
+		acl_free(acl);
+		return (-1);
+	}
+	acl_free(acl);
+	return (0);
+}
+
+int
+preserve_dir_acls(const char *source_dir, const char *dest_dir)
+{
+	int source_fd = -1, dest_fd = -1, ret;
+
+	if ((source_fd = open(source_dir, O_DIRECTORY | O_RDONLY)) < 0) {
+		warn("%s: failed to copy ACLs", source_dir);
+		return (-1);
+	}
+	dest_fd = (*dest_dir == '\0') ? to.dir :
+	    openat(to.dir, dest_dir, O_DIRECTORY, AT_RESOLVE_BENEATH);
+	if (dest_fd < 0) {
+		warn("%s: failed to copy ACLs to %s%s", source_dir,
+		    to.base, dest_dir);
+		close(source_fd);
+		return (-1);
+	}
+	if ((ret = preserve_fd_acls(source_fd, dest_fd)) != 0) {
+		/* preserve_fd_acls() already printed a message */
+	}
+	if (dest_fd != to.dir)
+		close(dest_fd);
+	close(source_fd);
+	return (ret);
+}
+
+void
+usage(void)
+{
+
+	(void)fprintf(stderr, "%s\n%s\n",
+	    "usage: cp [-R [-H | -L | -P]] [-f | -i | -n] [-alpsvx] "
+	    "source_file target_file",
+	    "       cp [-R [-H | -L | -P]] [-f | -i | -n] [-alpsvx] "
+	    "source_file ... "
+	    "target_directory");
+	exit(EX_USAGE);
+}