Use domain sid from secrets.tdb for groupmap construction
This commit transitions from using runtime detection of domain
SID via winbindd requests to reading the stored domain SID
from the secrets.tdb file. During reboot and failover process
there was a window in which an unhealthy AD join could cause
a failure to resolve the domain admins SID and subsequently
trigger it to be removed from the group_mapping.tdb. This
change robustizes the groupmap setup by not requiring a
healthy AD state.
(cherry picked from commit e6fbe76f3b325db606f3eea68a5fa53a433f3f49)
NAS-140647 / 27.0.0-BETA.1 / Use domain sid from secrets.tdb for groupmap construction (#18719)
This commit transitions from using runtime detection of domain SID via
winbindd requests to reading the stored domain SID from the secrets.tdb
file. During reboot and failover process there was a window in which an
unhealthy AD join could cause a failure to resolve the domain admins SID
and subsequently trigger it to be removed from the group_mapping.tdb.
This change robustizes the groupmap setup by not requiring a healthy AD
state.
MFV: crypto/openssl: update to 3.5.6
This change brings in version 3.5.6 of OpenSSL, which features
several security fixes (the highest of which is a MEDIUM severity
issue), as well as some miscellaneous feature updates.
Please see the release notes [1] for more details.
PS Apologies for the confusing merge commits -- I was testing out a
new automated update process and failed to catch the commit message
issues until after I pushed the change.
1. https://github.com/openssl/openssl/blob/openssl-3.5.6/NEWS.md
MFC after: 1 day (the security issues warrant a quick backport).
Merge commit 'ab5fc4ac933ff67bc800e774dffce15e2a541e90'
(cherry picked from commit 10a428653ee7216475f1ddce3fb4cbf1200319f8)
crypto/openssl: update artifacts to match 3.5.6 release artifacts
A new manpage and any associated links will be added in the next commit.
MFC after: 1 day (the security issues warrant a quick backport).
MFC with: 10a428653ee7216475f1ddce3fb4cbf1200319f8
(cherry picked from commit 5254e16213ff1bb136ef24e0b0fe30625ac53563)
[RISCV] Split LMUL=8 f16 fixed vector (s/u)ittofp/fpto(s/u)i before promoting. (#191568)
The conversion needs to be done by promoting to f32. If we're already at
LMUL=8, we need to split before we can promote.
nfs_nfsdsocket.c: Allow Copy/Clone from a read-only fs
For some server file system types, such as ZFS, a Copy/Clone
operation can be done across file systems of the same file
system type.
However, without this patch, the Copy/Clone will fail with
EROFS if the input file is on a read-only mounted file system.
This happens because Copy/Clone will try to do a VOP_SETATTR()
of atime to set the atime.
This patch pretends the VOP_SETATTR() of atime worked for
read-only file systems. It fixes a problem when copying
files from a ZFS snapshot.
PR: 294010
(cherry picked from commit b5815ee99a015c6ac118d7e9646d0c95b72e9f2d)
nfs_diskless: Add support for an NFSv4 root fs
Without this patch, diskless root NFS file systems
could only be mounted via NFSv3 (or NFSv2).
This patch adds the basic support needed to mount
a root fs via NFSv4.
At this time, the NFSv4 mount will only work if
the following is done on the NFS server configuration:
- The root directory specified in the "V4:" line in
/etc/exports must be "/". This is needed since the
path to mount must be the same for NFSv3 and NFSv4.
- The NFS server must be configured to do both NFSv3
and NFSv4, since the bootstrap code still uses NFSv3.
- The NFSv4 server must be configured with:
vfs.nfs.enable_uidtostring=1
vfs.nfsd.enable_stringtouid=1
since the NFSv4 root fs cannot be running nfsuserd(8)
when it is booting. (This limitation may be removed
[13 lines not shown]
nfs_nfsdsocket.c: Allow Copy/Clone from a read-only fs
For some server file system types, such as ZFS, a Copy/Clone
operation can be done across file systems of the same file
system type.
However, without this patch, the Copy/Clone will fail with
EROFS if the input file is on a read-only mounted file system.
This happens because Copy/Clone will try to do a VOP_SETATTR()
of atime to set the atime.
This patch pretends the VOP_SETATTR() of atime worked for
read-only file systems. It fixes a problem when copying
files from a ZFS snapshot.
PR: 294010
(cherry picked from commit b5815ee99a015c6ac118d7e9646d0c95b72e9f2d)
Merge tag 'i2c-for-7.0-final' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
Pull i2c fix from Wolfram Sang:
- imx: set dma_slave_config to 0 and avoid uninitialized fields
* tag 'i2c-for-7.0-final' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
i2c: imx: zero-initialize dma_slave_config for eDMA
[LLDB] Silence warnings when building on Windows (#191566)
Fixes a few warnings found while building the LLVM installer with
`llvm/utils/release/build_llvm_release.bat --x64 --version 23.0.0
--skip-checkout --local-python`.
[clang-doc] Avoid merging into default Info types
When merging into arenas, the code assumed that all using a default
constructed info would be safe, since in the merge we replace any
differing data. However, that appears to be a risky assumption, due
to default initialized members participating in comparisons, and
other operations, leading the program to read garbage data in some
cases. Earlier patches added default initializers to these fields,
but we should prefer (which the old code used to do) to just start
with properly initialized and complete data from the start.
This patch updates the remaining Info types to have copy constructors
that support choosing the arena to allocate into. This is already the
strategy used in several places to avoid use after free bugs. Since
the handling is now uniform, we can simplify things a bit at the same
time and extract the cloning operation into a helper, making the logic
very clear.
This should avoid any potential pitfalls or missed cases that resulted
in the errors discover after landing #190054.
