[NFC] use DenseMap/SmallPtrSet in CacheMetrics and TailDupli… (#205480)
…cation
Swap pointer-keyed std::unordered_map/std::set for their ADT equivalents
on hot paths.
NAS-141527 / 26.0.0-RC.1 / Add disabled on standby status reason (#19185)
Add `TRUECOMMAND_DISABLED_ON_STANDBY_STATUS_REASON` to API.
This fixes an API literal error
```
Jun 23 06:28:48 truenas-b middlewared[3505]: Input should be 'Truecommand serv
ice is connected.', 'Pending Confirmation From iX Portal for Truecommand API Key
.', 'Truecommand service is disabled.', 'Truecommand API Key Disabled by iX Port
al.' or 'Waiting for connection from Truecommand.' [type=literal_error, input_va
lue='Truecommand service is d...d on standby controller', input_type=str]
Jun 23 06:28:48 truenas-b middlewared[3505]: For further information visit h
ttps://errors.pydantic.dev/2.10/v/literal_error
```
[X86] combineAddOfPMADDWD - use MaskedVectorIsZero directly instead of MaskedValueIsZero. NFC. (#205534)
We're setting all demanded bits and just want to know that the high elements in each pair are zero.
netlink: decode netlink message flags symbolically
Generate an nlm_flag table definition for mktable from
netlink/netlink.h, add a sysdecode_nlm_flag() helper to
libsysdecode, and use it when decoding netlink message headers.
This enables mktable to generate netlink message flag lookup tables and
replaces raw hexadecimal output for recognized NLM_F_* flag values
with their symbolic names.
Reviewed by: kp
Signed-off-by: Ishan Agrawal <iagrawal9990 at gmail.com>
Sponsored by: Google LLC (GSoC 2026)
Pull Request: https://github.com/freebsd/freebsd-src/pull/2294
[libc++] Move constexpr/explicit macros to <__configuration/language.h> (#205535)
These macros are essentially a property of the language mode we're in,
so move them to `<__configuration/language.h>`.
NAS-141464 / 26.0.0-RC.1 / Add SCRAM-PLUS channel binding support (by anodos325) (#19188)
Wire up the server side of SCRAM-PLUS (RFC 5929 tls-server-end-point)
channel binding for API-key auth, using the primitives added in
truenas-scram 0.2.0.
- pam_keyring publishes the active UI cert's tls-server-end-point value
as the TRUENAS_SCRAM_PLUS_SERVER_BINDING 'user' key in the uid=0
persistent keyring for pam_truenas to verify against. Idempotent and
best-effort; rotates in place and is cleared when no UI cert is set.
- truenas-api-key.mako passes channel_binding=negotiate, so binding is
honored when offered but never required.
- Regenerate pam on UI-cert redeploy and on a UI-cert switch to keep the
published binding in sync with the served cert.
- ScramPamAuthenticator rejects a client demanding binding (gs2 'p=')
over a non-TLS transport: TLS terminates at nginx, so the binding is
only a hash of the public cert that a cleartext client could replay.
- Bump python3-truenas-scram to >= 0.2.0 and document the behavior in
the AuthSCRAM model.
[9 lines not shown]
Convert nginx proxy forwarding to AF_UNIX
This commit changes our proxy settings for nginx to send to
a dedicated AF_UNIX socket to more precisely delineate nginx
originating connections and localhost ones.
[analyzer][NFC] Take BugReport descriptions as Twine instead of StringRef (#205527)
The constructors of `BugReport`, `BasicBugReport`, and
`PathSensitiveBugReport` previously took the description (and short
description) as `StringRef`. The base class always copies into a
`std::string` member regardless, so taking `const llvm::Twine &` is
strictly more flexible at no storage cost: callers can keep passing
string literals, `StringRef`, `std::string`, `SmallString::str()`, or
`formatv(...).str()` exactly as before, and now they can also pass a
`Twine` concatenation directly without first materializing a temporary
through `SmallString` + `raw_svector_ostream` or `+`/`formatv`.
Assisted-By: claude
[flang][OpenMP][NFC] Hoist variant match-info construction into Semantics (#204387)
Replace the lowering-only `makeVariantMatchInfo` helper with a single
shared `semantics::omp::MakeVariantMatchInfo`. It builds the
VariantMatchInfo from a parsed context selector and returns the optional
non-constant user condition (as before). Update metadirective lowering
to use it and drop the duplicated Lower/OpenMP copy.
Selector features that variant selection cannot yet honour
(target_device selectors, and clause/extension trait properties) are not
match-info concerns, so they are kept out of `MakeVariantMatchInfo`.
Detection lives in a separate, pure helper
`FindUnsupportedSelectorFeature`; the caller diagnoses the feature in
its own terms (metadirective lowering emits a TODO) before building the
match info. `MakeVariantMatchInfo` checks the precondition. NFC for
metadirective.
Co-authored-by: Cursor
[2 lines not shown]
Skip individual domains that vanish while gathering libvirt state
## Problem
`gather_pylibvirt_domains_states` wraps its whole loop in one try/except. If a queried domain is destroyed between `list_domains()` and reading its state (a TOCTOU race), libvirt raises `VIR_ERR_NO_DOMAIN` and the exception unwinds the entire loop, so every still-running domain after it is dropped from the result and reported as STOPPED/`pid: null` until the next poll. It also logged a full WARNING traceback for what is a benign, self-correcting race, and masked genuine errors (e.g. a bug in the per-domain factory) behind that same generic warning.
## Solution
Moved the try/except inside the loop so a vanished domain is skipped individually while the rest of the batch is still reported correctly (a missing entry falls back to STOPPED via `get_pylibvirt_domain_state`). The failure is classified using the new `is_no_domain_error` helper from truenas_pylibvirt: the no-domain race is logged at DEBUG, anything else at ERROR with `exc_info` so genuine bugs stay visible and no longer poison sibling domains.
(cherry picked from commit 883b0dda76b2c7acaf9853fe3cf48cca15955403)
NAS-141503 / 27.0.0-BETA.1 / Skip individual domains that vanish while gathering libvirt state (#19174)
## Problem
`gather_pylibvirt_domains_states` wraps its whole loop in one
try/except. If a queried domain is destroyed between `list_domains()`
and reading its state (a TOCTOU race), libvirt raises
`VIR_ERR_NO_DOMAIN` and the exception unwinds the entire loop, so every
still-running domain after it is dropped from the result and reported as
STOPPED/`pid: null` until the next poll. It also logged a full WARNING
traceback for what is a benign, self-correcting race, and masked genuine
errors (e.g. a bug in the per-domain factory) behind that same generic
warning.
## Solution
Moved the try/except inside the loop so a vanished domain is skipped
individually while the rest of the batch is still reported correctly (a
missing entry falls back to STOPPED via `get_pylibvirt_domain_state`).
The failure is classified using the new `is_no_domain_error` helper from
truenas_pylibvirt: the no-domain race is logged at DEBUG, anything else
at ERROR with `exc_info` so genuine bugs stay visible and no longer
poison sibling domains.
[Allocator] Drop the fast-path null check via a sentinel End (#205485)
Follow-up to #203718. Store `End` as the slab end plus 1 (and 0 for an
empty or moved-from allocator). This removes one condition from the fast
path.
For lld/ELF SymbolTable.cpp (clang++ -O3), the inlined `make<T>()` fast
path loses its `test rax, rax; je` pair; the whole TU's .text shrinks
from 14037 to 13800 bytes.
Aided by Claude Opus 4.8
