NAS-140647 / 26.0.0-BETA.2 / Use domain sid from secrets.tdb for groupmap construction (by anodos325) (#18722)
This commit transitions from using runtime detection of domain SID via
winbindd requests to reading the stored domain SID from the secrets.tdb
file. During reboot and failover process there was a window in which an
unhealthy AD join could cause a failure to resolve the domain admins SID
and subsequently trigger it to be removed from the group_mapping.tdb.
This change robustizes the groupmap setup by not requiring a healthy AD
state.
Original PR: https://github.com/truenas/middleware/pull/18719
Co-authored-by: Andrew Walker <andrew.walker at truenas.com>
[VPlan] Handle calls in VPInstruction:opcodeMayReadOrWriteFromMemory. (#190681)
Retrieve the called function and check its memory attributes, to
determine if a VPInstruction calling a function reads or writes memory.
Use it to strengthen assert in areAllLoadsDereferenceable.
PR: https://github.com/llvm/llvm-project/pull/190681
Merge tag 'edac_urgent_for_7.0' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras
Pull EDAC fix from Borislav Petkov:
- Fix the error path ordering when the driver-private descriptor
allocation fails
* tag 'edac_urgent_for_7.0' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras:
EDAC/mc: Fix error path ordering in edac_mc_alloc()
[clang-format] treat continuation as indent for aligned lines (#191217)
This allows to inherit tabbed indent from the lines we break by the
lines we want to align. Thus in the AlignWithSpaces mode aligned lines
do not generate smaller indent than those they are aligned to.
lockf.1: Organize and provide error numbers
Add error numbers to the exit codes so that readers can decode them
without having to use a separate utility. Organize exits by error code.
Mark up the error constants with the error constant macro, even though
this is really not very helpful because people will search for the error
code, the macro is explicitly for the constants and not the codes.
While where, align and alphabetize the options list as well, fix
misaligned padding in an example, and a one-sentance-per-line error.
MFC after: 3 days
Reported by: Antranig Vartanian <antranigv at freebsd.am>
Differential Revision: https://reviews.freebsd.org/D48470
(cherry picked from commit dd201e407e48ba59bdfa1f71d41acfdac1a9c562)
raw ip: move hash table manipulation to inpcb layer
The SOCK_RAW socket is a multiple receiver socket by its definition. An
incoming packet may be copied to multiple sockets. Thus, incoming packet
handling is expensive. Systems with many thousands of raw sockets usually
have them connect(2)-ed to different destinations. This allows for some
improvement of the input handling, which was introduced by 9ed324c9a588
back in 2008. This optimization was made specifically for L2TP/PPTP VPN
concentrators based on ports/net/mpd5.
This change generalizes the idea of 9ed324c9a588, so that it potentially
can be used with IPv6 raw sockets. This also eliminates last use of the
pcbinfo hash lock outside of in_pcb.c.
While here make a speculative design decision: put into the hash table
sockets that did only connect(2). Previously, we were indexing only
sockets that were protocol bound, did bind(2) and did connect(2). My
speculation is that only the remote IP provides some real entropy into the
hash and local address and proto are expected to be the same for majority
[4 lines not shown]
inpcb: move local address assignment out of in_pcbdisconnect()
The logic of clearing local address at the protocol level makes sense. It
is feature of UDP, not of any protocol, that local address is cleared on
disconnect. This code can be tracked down to pre-FreeBSD times.
For example, for TCP we want a disconnected socket to return previously
used local address with getsockname(2). The TCP has successfully evaded
that by not calling in_pcbdisconnect() and calling in_pcbdetach() in the
very old code and in_pcbdrop() later. After D55661 TCP again has this
potential bug masked. Better make it right than rely on such
unintentional evasions.
The raw IP sockets don't use in_pcbdisconnect(), but they are going to in
the near future. If in_pcbdisconnect() clears local address for them,
that would be a larger bug than just getsockname(). A raw socket may be
bound with bind(2) and then connect(2)ed, and then disconnected, e.g.
connect(INADDR_ANY). And when we run raw IP socket through
in_pcbdisconnect() we don't want to lose local address.
[6 lines not shown]
[Clang][diagtool] Fix memory leak in ShowEnabledWarnings (#191711)
Fix 136-byte memory leak introduced in commit 6dc059ac3c7c. Before
that commit, the TextDiagnosticBuffer was passed to DiagnosticsEngine
constructor which took ownership and managed its lifetime. After the
refactoring, the buffer is no longer passed to DiagnosticsEngine, so
it becomes an orphaned allocation that is never freed. Changed to use
std::unique_ptr for automatic cleanup.
[llubi] Fix invalid printf format specifier for %c (#191713)
Fix ASAN warning about unexpected format specifier %llc introduced
in commit f149ab665a4b. The 'c' format specifier should not have the
'll' length modifier. Separated the 'c' case to use the correct format
without the length modifier, casting to int as required by the standard.
inpcb: retire INP_DROPPED and in_pcbdrop()
The inpcb flag INP_DROPPED served two purposes.
It was used by TCP and subsystems running on top of TCP as a flag that
marks a connection that is now in TCPS_CLOSED, but was in some other state
before (not a new-born connection). Create a new TCP flag TF_DISCONNECTED
for this purpose.
The in_pcbdrop() was a TCP's version of in_pcbdisconnect() that also sets
INP_DROPPED. Use in_pcbdisconnect() instead.
Second purpose of INP_DROPPED was a negative lookup mask in
inp_smr_lock(), as SMR-protected lookup may see inpcbs that had been
removed from the hash. We already have had INP_INHASHLIST that marks
inpcb that is in hash. Convert it into INP_UNCONNECTED with the opposite
meaning. This allows to combine it with INP_FREED for the negative lookup
mask.
[7 lines not shown]
netinet6: remove INP_DROPPED checks from setsockopt(2)
The INP_DROPPED is going to become an internal flag for inpcb. As of now
it means a TCP pcb that is in TCPS_CLOSED. There is nothing wrong with
calling setsockopt(2) on such socket, although has no practical use.
This deletes a piece of code from 56713d16a06c5 / D16201. There is no
description of the panic fixed, but I will speculate that the panic was
about in6p->in6p_outputopts being NULL as the inpcb already went through
in_pcbfree_deferred(). This also can be related to compressed TIME-WAIT,
that is also gone now.
With current locking this shouldn't be possible. An inpcb goes through
in_pcbfree() only with pr_detach method, which is called from sofree(),
and the latter is called on losing the very last socket reference. So, at
the point when in_pcbfree() is called, the socket has lost its file
descriptor reference and there can not be any running setsockopt() on it.
Leave the call to ip6_pcbopt() still embraced with INP_WLOCK(), since we
[9 lines not shown]
inpcb: make in_pcbdisconnect() acquire the hash lock internally
Should be no functional change.
Reviewed by: pouria, markj
Differential Revision: https://reviews.freebsd.org/D55968
