NAS-141261 / 26.0.0-RC.1 / Serialize rootfs read-only/sysext toggles with a shared lock (by anodos325) (#19070)
Remove the ability for concurrent calls to do things with root
filesystem unlocked (either administratively through
disable-rootfs-protection) or internal middleware callers that do things
in /usr to clobber each other.
Protection takes belt-and-suspenders approach of taking pthread lock,
then taking flock.
Original PR: https://github.com/truenas/middleware/pull/19069
Co-authored-by: Andrew Walker <andrew.walker at truenas.com>
[SelectionDAG] Fold extracts of subvector inserts
Fold extract_subvector(insert_subvector(...)) when the extraction is
outside the inserted subvector or the inserted subvector only amends
the extracted
In particular,
1. vA extract_subvector (vB insert_subvector(vB X, vC Y, C1), C2) =>
vA extract_subvector(X, C2) when [C2, C2 + A) intersect [C1, C1 + C)
is the empty set
2. ... => extract_subvector(Y, C2 - C1) if [C2, C2 + Y) is a subset of
[C1, C1 + C) - an existing simplification
3. ... => vA insert_subvector(vA extract_subvector(vB X, C2), vC Y, C1 - C2)
if [C1, C1 + C) is a subset of [C2, C2 + A) - that is, if you're only
updating the extracted sub-part.
Adds a regresssion tests for an infinite SelectionDAG cycle that is
fixed by a stack of commits that ends with this one.
[3 lines not shown]
[SelectionDAG] Fold subvector inserts into concat operands
Push insert_subvector into the containing CONCAT_VECTORS operand when the insertion is wholly contained there.
AI note: an LLM generated the code and the test, I've read them
Co-Authored-By: OpenAI Codex <codex at openai.com>
[SelectionDAG] Fold extracts spanning concat operands
Factor the extract_subvector-of-CONCAT_VECTORS logic and handle
extracts that cover multiple whole concat operands by rebuilding a
smaller concat directly.
AI note: an LLM generated the code and the test, I've read them
Co-Authored-By: OpenAI Codex <codex at openai.com>
[SelectionDAG] Fold nonzero extract-of-extract indices
Generalize the extract_subvector-of-extract_subvector fold to compose
nonzero indices instead of only handling an outer index of zero.
AI note: an LLM generated the code and the test, I've read them
Co-Authored-By: OpenAI Codex <codex at openai.com>
[SelectionDAG] Track bitcast demanded elements in noundef tests
Bitcasts preserve undef/poison status, but vector bitcasts can change
which source lanes cover a demanded result lane. Map the demanded
element mask through fixed-length vector bitcasts before checking the
source where possible.
AI note: an LLM generated the code and the test, I've read them
Co-Authored-By: OpenAI Codex <codex at openai.com>
[SelectionDAG] Track demanded select elements in noundef checks
Propagate demanded elements through to the two arms of a select, and
check the condition with or without demanded elements depending on if
it's a vector or not.
AI note: an LLM generated the code and the test, I've read them
Co-Authored-By: OpenAI Codex <codex at openai.com>
[SelectionDAG] Look through freeze in undef demanded checks
There were cycles where the freeze combiner and thet
demanded-elements simplification code would get into fights about
whethere the operands to a shuffle or a concat should be
`freeze undef` or `undef` once the simplifier had concluded zero
elements were demanded from some operation. This PR prevents such
cases.
AI note: an LLM generated the code and the test, I've read them
Co-Authored-By: OpenAI Codex <codex at openai.com>
[SelectionDAG] Track demanded concat elements in noundef checks
Teach isGuaranteedNotToBeUndefOrPoison to distribute fixed-length
demanded element masks across CONCAT_VECTORS operands. This is part of
the series of fixes needed to resolve a SelectionDAG hang by making it
possible to prove certain values don't need to be frozen.
AI note: an LLM generated the code and the test, I've read them
Co-Authored-By: OpenAI Codex <codex at openai.com>
[clang] fix assertion for DeducedAsPack DeducedTemplateSpecializationType
This fixes a regression introduced in #186727, which was never released,
so there are no release notes.
Fixes #200418
NAS-141261 / 27.0.0-BETA.1 / Serialize rootfs read-only/sysext toggles with a shared lock (#19069)
Remove the ability for concurrent calls to do things with root
filesystem unlocked (either administratively through
disable-rootfs-protection) or internal middleware callers that do things
in /usr to clobber each other.
Protection takes belt-and-suspenders approach of taking pthread lock,
then taking flock.
(cherry picked from commit 88ff7ff65276f4fd818ceeed562374289181513a)
NAS-141149 / 26.0.0-RC.1 / Use Docker Registries auth when checking for and pulling image updates (by sonicaj) (#19066)
This commit fixes an issue where the image update checker and the
middleware's own image pull ignored the credentials stored in Docker
Registries, so updates to private images (e.g. ghcr.io) were never
detected and pulls 401'd. We now thread the stored registry credentials
through the manifest/token calls and the pull fallback so the bearer
token carries read scope on private repos.
The registry-URI authority normalization that both paths rely on
(stripping scheme/path/slash and collapsing Docker Hub aliases) was
duplicated across app_registry and apps_images with slightly diverging
alias sets, so it now lives in a single
middlewared.utils.docker_registry helper that both import, with unit
tests covering the normalization.
Original PR: https://github.com/truenas/middleware/pull/19059
Co-authored-by: Waqar Ahmed <waqarahmedjoyia at live.com>
