NAS-139909 / 26.0.0-BETA.1 / Validate and sync registration details on token updates (#18298)
This PR adds token validation and registration details synchronization
for TrueNAS Connect. Previously, JWT tokens received during registration
finalization and heartbeat token rotation were stored without validating
required fields, and the heartbeat path did not update
`registration_details` when a new token was received — leaving stale
data in the database. Now both paths use a shared
`decode_and_validate_token` util that verifies the token contains
account/system id before persisting, and `registration_details` is
updated alongside the token to always reflect the current token's
claims.
Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Pull arm64 fixes from Will Deacon:
"The diffstat is dominated by changes to our TLB invalidation errata
handling and the introduction of a new GCS selftest to catch one of
the issues that is fixed here relating to PROT_NONE mappings.
- Fix cpufreq warning due to attempting a cross-call with interrupts
masked when reading local AMU counters
- Fix DEBUG_PREEMPT warning from the delay loop when it tries to
access per-cpu errata workaround state for the virtual counter
- Re-jig and optimise our TLB invalidation errata workarounds in
preparation for more hardware brokenness
- Fix GCS mappings to interact properly with PROT_NONE and to avoid
corrupting the pte on CPUs with FEAT_LPA2
[13 lines not shown]
[mlir][LLVM] Let decomposeValue/composeVale pad out larger types (#183825)
Currently, as pointed out in the reviews for #183405, decomposeValues
and composeValues should be able to emit zexts and truncations for cases
like i48 and vector<3xi16> becoming i32s but currently that's an assert.
This commit fixes that limitation.
Co-authored-by: Claude Opus 4.6 <noreply at anthropic.com>
Merge tag 'pci-v7.0-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci
Pull pci fixes from Bjorn Helgaas:
- Update MAINTAINERS email address (Shawn Guo)
- Refresh cached Endpoint driver MSI Message Address to fix a v7.0
regression when kernel changes the address after firmware has
configured it (Niklas Cassel)
- Flush Endpoint MSI-X writes so they complete before the outbound ATU
entry is unmapped (Niklas Cassel)
- Correct the PCI_CAP_EXP_ENDPOINT_SIZEOF_V2 value, which broke VMM use
of PCI capabilities (Bjorn Helgaas)
* tag 'pci-v7.0-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci:
PCI: Correct PCI_CAP_EXP_ENDPOINT_SIZEOF_V2 value
PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry
[2 lines not shown]
Revert "[VPlan] Remove manual region removal when simplifying for VF and UF. (#181252)"
This reverts commit 9c53215d213189d1f62e8f6ee7ba73a089ac2269.
Appears to cause crashes with ordered reductions, revert while I
investigate
InstCombine: Stop applying nofpclass from use nofpclass attribute
Functionally reverts a80d4329ce96856a02bd279c800c3d08619da4c9, with new test.
This should be applied somewhere, but this is the wrong place.
Fixes regression reported after #182444
[WebAseembly] Fix -Wunused-variable in #181755
This variable ends up being unused in builds without assertions. Mark it
[[maybe_unused]] per the coding standards.
[BOLT][AArch64] Add a unittest for compare-and-branch inversion. (#181177)
Checks that isReversibleBranch() returns false
- when the immediate value is 63 and needs +1 adjustment
- when the immediate value is 0 and needs -1 adjustment
Checks that reverseBranchCondition() adjusts
- the opcode
- the immediate operand if necessary (+/-1)
- the register operands if necessary (swap)
snl: Remove duplicate rta_expires member in route parser
There is no user for `rta_expires` member and it's
duplicate of `rta_expire`.
Reviewed By: melifaro
Differential Revision: https://reviews.freebsd.org/D55445
delete pledge_sysctl() printing of the failing mibs, because it truncates
it's buffer, produces misleading output, and is pointless tty output,
Like with other system calls failuress, the standard pledge_fail() tty output
should lead the user to use ktrace which will provide an accurate view.
from deraadt@; discussed with bluhm
this is errata/7.7/022_pledge_sysctl.patch.sig
delete pledge_sysctl() printing of the failing mibs, because it truncates
it's buffer, produces misleading output, and is pointless tty output,
Like with other system calls failuress, the standard pledge_fail() tty output
should lead the user to use ktrace which will provide an accurate view.
from deraadt@; discussed with bluhm
this is errata/7.8/016_pledge_sysctl.patch.sig
replace pledge "stdio rpath tmppath" with unveil "/tmp" "rwc" to satisfy
mktemp(3) type operations, unveil "/" "r" for reading all over the tree,
and pledge "stdio rpath wpath cpath" to permit both unveils subject to
their own limitations.
pledge "rpath tmppath" is replace with unveil "/" "r", unveil "/tmp" "rwc",
and "rpath wpath cpath"
from deraadt@; ok semarie
This was using pledge "tmppath" with "rpath wpath cpath".
The "tmppath" is not needed.
from deraadt@; ok semarie and others
uses tmpfile(), which is why it used "tmppath", which is why it now
needs "rpath wpath cpath"
from deraadt@; spotted by brynet
Instead of pledge "tmppath rpath", setup a "rwc" unveil on "/tmp", a
"r" unveil on "/", and then pledge "rpath wpath cpath".
[28 lines not shown]
replace pledge "stdio rpath tmppath" with unveil "/tmp" "rwc" to satisfy
mktemp(3) type operations, unveil "/" "r" for reading all over the tree,
and pledge "stdio rpath wpath cpath" to permit both unveils subject to
their own limitations.
pledge "rpath tmppath" is replace with unveil "/" "r", unveil "/tmp" "rwc",
and "rpath wpath cpath"
from deraadt@; ok semarie
This was using pledge "tmppath" with "rpath wpath cpath".
The "tmppath" is not needed.
from deraadt@; ok semarie and others
uses tmpfile(), which is why it used "tmppath", which is why it now
needs "rpath wpath cpath"
from deraadt@; spotted by brynet
Instead of pledge "tmppath rpath", setup a "rwc" unveil on "/tmp", a
"r" unveil on "/", and then pledge "rpath wpath cpath".
[28 lines not shown]
[mlir][cf] Fix crash in simplifyBrToBlockWithSinglePred when branch operand is a block argument of its successor (#183797)
When `simplifyBrToBlockWithSinglePred` merges a block into its sole
predecessor, it calls `inlineBlockBefore` which replaces each block
argument with the corresponding value passed by the branch. If one of
those values is itself a block argument of the successor block, the call
`replaceAllUsesWith(arg, arg)` is a no-op. Any uses of that argument
outside the block (e.g. in a downstream block) are therefore not
replaced, and when the successor block is erased the argument is
destroyed while those uses are still live, triggering the assertion
`use_empty() && "Cannot destroy a value that still has uses\!"` in
`IRObjectWithUseList::~IRObjectWithUseList`.
Guard against this by returning early when any branch operand is a block
argument owned by the destination block.
Fixes #126213
[clang][modulemap] Lazily load module maps by header name (#181916)
After header search has found a header it looks for module maps that
cover that header. This patch uses the parsed representation of module
maps to do this search instead of relying on FileEntryRef lookups after
stating headers in module maps.
This behavior is currently gated behind the
`-fmodules-lazy-load-module-maps` `-cc1` flag.
[clang] fix crash when casting a parenthesized unresolved template-id (#183633)
this fix uses ignoreparens() in checkplaceholderexpr to prevent a crash
when an unresolved template-id is wrapped in parentheses. fixes #183505
Revert "[Metal][HLSL] Add support for dumping reflection" (#183818)
Reverts llvm/llvm-project#181258
`env PATH=""` will prevent finding any binary run by `env`.
[ASan] Document limitations of container overflow checks (#183590)
Mention that partially poisoning stack objects can
lead to false positives and negatives.
See #182720.
---------
Co-authored-by: Saleem Abdulrasool <compnerd at compnerd.org>
