NAS-140766 / 26.0.0-RC.1 / Apply account userns_idmap in container DEFAULT mode (by anodos325) (#18957)
DEFAULT idmap now consults local users/groups with userns_idmap set and
emits passthrough segments alongside the shifted base range, restoring
the 25.10 behavior where apps user (568) and other configured accounts
keep their host UID/GID inside the container. ISOLATED mode unchanged.
Adds idmap functional tests to test_container.py and ports the NFS4 ACL
functional test from 25.10 (deleted with the virt plugin) as
test_container_acl.py.
NOTE: Requires truenas_pylibvirt with multi-entry idmap support.
Original PR: https://github.com/truenas/middleware/pull/18940
Co-authored-by: Andrew Walker <andrew.walker at truenas.com>
[clang][DependencyScanning] Preserve Necessary Preprocessor Callbacks during By-name Lookup (#197731)
The by-name lookup logic uses new dependency collector callbacks per
lookup. The algorithm used to wipe out all callbacks for each query.
This turned out to be perilous. We have two raw pointers in the
preprocessor that point to the callbacks, and removing all callbacks per
query can lead to use-after-free situations through these dangling
pointers. Resetting the dangling pointers to null does not really work
either, since there may be dependencies between the callbacks and other
data structures. An example of this is the `PreprocessingRecord *Record`
callback and the `GlobalPreprocessedEntityMap` in ASTReader. Hence, to
fix the use-after-free issue, we preserve the callbacks that the
preprocessor may hold a raw pointer to.
This is not intended to indicate how we want to handle this in the long
run. We should avoid removing PP callbacks and reset their states across
by-name lookups.
rdar://175362366
[AMDGPU] Drop target requirements in test (#198015)
These were only necessary when the test was in the wrong folder. Now
that the test is in the right folder, it will only be marked as
supported when AMDGPU is enabled as a target, so the additional
requirement in the test is redundant.
[SLP] Preserve profitable trees when subtree trimming would reduce to buildvector-only
In calculateTreeCostAndTrimNonProfitable, the subtree trim loop returns
Invalid when trimming node Idx==1 under an InsertElement root would
leave only a buildvector, to avoid infinite vectorization attempts.
This is too aggressive when the original untrimmed tree is already
profitable (Cost < -SLPCostThreshold). In that case, undo any partial
trims and return the original cost instead of rejecting the tree.
Reviewers: RKSimon, hiraditya, bababuck
Pull Request: https://github.com/llvm/llvm-project/pull/197763
Merge tag 'block-7.1-20260515' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux
Pull block fixes from Jens Axboe:
- NVMe merge request via Keith:
- Fix memory leak on a passthrough integrity mapping failure (Keith)
- Hide secrets behind debug option (Hannes)
- Fix pci use-after-free for host memory buffer (Chia-Lin Kao)
- Fix tcp taregt use-after-free for data digest (Sagi)
- Revert a mistaken quirk (Alan Cui)
- Fix uevent and controller state race condition (Maurizio)
- Fix apple submission queue re-initialization (Nick Chan)
- Three fixes for blk-integrity, fixing an issue with the user data
mapping and two problems with recomputing number of segments
- Two fixes for the iov_iter bounce buffering
- Fix for the handling of dead zoned write plugs
[20 lines not shown]
NAS-140933 / 26.0.0-BETA.2 / krb5.conf: tolerate legacy unsupported libdefaults_aux (by anodos325) (#18958)
Historically TrueNAS has allowed krb5.conf auxiliary parameters via
libdefaults and appdefaults fields with minimal validation.
Validation is required generally for these fields because a broken
krb5.conf can have widely problematict impacts system-wide leading to
production down situations for the support team; however, some
universities have oddball kerberos domains that require some minor
tweaks.
In 25.10 when we transitioned to the new API schema for directory
services we removed a lot of parameters that could get through our
validator that were heavily labelled by the upstream projects as things
no one should *ever* use in production. Among these removed and now
invalid parameters was allow_weak_crypto. Unfortunately, this broke a
community member who had explicitly set this exact parameter, but not in
a nice and fun way, but rather in a way that took many things with it.
[10 lines not shown]
