update ABI file for 5.11.22-7-pve

(generated with debian/scripts/abi-generate)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

Makefile

@@ -4,9 +4,9 @@ KERNEL_MIN=11
 KERNEL_PATCHLEVEL=22
 # increment KREL if the ABI changes (abicheck target in debian/rules)
 # rebuild packages with new KREL and run 'make abiupdate'
-KREL=4
+KREL=7
 
-PKGREL=9
+PKGREL=12
 
 KERNEL_MAJMIN=$(KERNEL_MAJ).$(KERNEL_MIN)
 KERNEL_VER=$(KERNEL_MAJMIN).$(KERNEL_PATCHLEVEL)

debian/changelog

@@ -1,3 +1,33 @@
+pve-kernel (5.11.22-12) bullseye; urgency=medium
+
+  * update sources to Ubuntu-5.11.0-41.45
+
+  * bump ABI to 5.11.22-7
+
+ -- Proxmox Support Team <support@proxmox.com>  Sun, 07 Nov 2021 21:46:36 +0100
+
+pve-kernel (5.11.22-11) bullseye; urgency=medium
+
+  * update sources to Ubuntu-5.11.0-39.43
+
+  * bump ABI to 5.11.22-6
+
+  * back port proposed fix for "ocfs2: mount fails with buffer overflow in strlen"
+
+ -- Proxmox Support Team <support@proxmox.com>  Tue, 19 Oct 2021 12:43:14 +0200
+
+pve-kernel (5.11.22-10) bullseye; urgency=medium
+
+  * update sources to Ubuntu-5.11.0-38.42
+
+  * update ZFS to 2.0.6
+
+  * bump ABI to 5.11.22-5
+
+  * fix #3558: backport "bnx2x: Fix enabling network interfaces without VFs"
+
+ -- Proxmox Support Team <support@proxmox.com>  Tue, 28 Sep 2021 08:15:41 +0200
+
 pve-kernel (5.11.22-9) bullseye; urgency=medium
 
   * backport "blk-mq: fix kernel panic during iterating over flush

patches/kernel/0001-Make-mkcompile_h-accept-an-alternate-timestamp-strin.patch

@@ -21,7 +21,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  1 file changed, 7 insertions(+), 3 deletions(-)
 
 diff --git a/scripts/mkcompile_h b/scripts/mkcompile_h
-index 4ae735039daf..5a1abe7b4169 100755
+index a72b154de7b0..4dd111086466 100755
 --- a/scripts/mkcompile_h
 +++ b/scripts/mkcompile_h
 @@ -24,10 +24,14 @@ else

patches/kernel/0003-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch

@@ -75,10 +75,10 @@ index ee85be64b680..a38a8e44422e 100644
  				Safety option to keep boot IRQs enabled. This
  				should never be necessary.
 diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
-index f32e521ade1e..4f3558d0c00a 100644
+index 872cd0cecf6d..127401e15384 100644
 --- a/drivers/pci/quirks.c
 +++ b/drivers/pci/quirks.c
-@@ -192,6 +192,106 @@ static int __init pci_apply_final_quirks(void)
+@@ -193,6 +193,106 @@ static int __init pci_apply_final_quirks(void)
  }
  fs_initcall_sync(pci_apply_final_quirks);
  
@@ -185,8 +185,8 @@ index f32e521ade1e..4f3558d0c00a 100644
  /*
   * Decoding should be disabled for a PCI device during BAR sizing to avoid
   * conflict. But doing so may cause problems on host bridge and perhaps other
-@@ -4857,6 +4957,8 @@ static const struct pci_dev_acs_enabled {
+@@ -4886,6 +4986,8 @@ static const struct pci_dev_acs_enabled {
- 	{ PCI_VENDOR_ID_CAVIUM, PCI_ANY_ID, pci_quirk_cavium_acs },
+ 	{ PCI_VENDOR_ID_CAVIUM, 0xA060, pci_quirk_mf_endpoint_acs },
  	/* APM X-Gene */
  	{ PCI_VENDOR_ID_AMCC, 0xE004, pci_quirk_xgene_acs },
 +	/* Enable overrides for missing ACS capabilities */

patches/kernel/0004-kvm-disable-default-dynamic-halt-polling-growth.patch

@@ -13,7 +13,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
-index 14e6c73a6031..c191c9e50735 100644
+index 16c777d45eb9..8c5341f9a271 100644
 --- a/virt/kvm/kvm_main.c
 +++ b/virt/kvm/kvm_main.c
 @@ -77,7 +77,7 @@ module_param(halt_poll_ns, uint, 0644);

patches/kernel/0005-net-core-downgrade-unregister_netdevice-refcount-lea.patch

@@ -10,10 +10,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/net/core/dev.c b/net/core/dev.c
-index b91b76890cbc..cb7ffc3e848b 100644
+index 5cc9226f8e67..7dd94b012533 100644
 --- a/net/core/dev.c
 +++ b/net/core/dev.c
-@@ -10365,7 +10365,7 @@ static void netdev_wait_allrefs(struct net_device *dev)
+@@ -10392,7 +10392,7 @@ static void netdev_wait_allrefs(struct net_device *dev)
  		refcnt = netdev_refcnt_read(dev);
  
  		if (refcnt && time_after(jiffies, warning_time + 10 * HZ)) {

patches/kernel/0006-io_uring-don-t-block-level-reissue-off-completion-pa.patch

@@ -22,15 +22,16 @@ https://lore.kernel.org/io-uring/20210727165811.284510-3-axboe@kernel.dk/T/#u
 Originally-by: Jens Axboe <axboe@kernel.dk>
 [backport]
 Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 ---
  fs/io_uring.c | 7 +++++++
  1 file changed, 7 insertions(+)
 
 diff --git a/fs/io_uring.c b/fs/io_uring.c
-index a0d42aea3aa1..ce5cf51a5667 100644
+index b9353cf8aab9..50d1920d2536 100644
 --- a/fs/io_uring.c
 +++ b/fs/io_uring.c
-@@ -2731,6 +2731,13 @@ static bool io_rw_reissue(struct io_kiocb *req, long res)
+@@ -2746,6 +2746,13 @@ static bool io_rw_reissue(struct io_kiocb *req, long res)
  	if (percpu_ref_is_dying(&req->ctx->refs))
  		return false;
  

patches/kernel/0006-net-bridge-sync-fdb-to-new-unicast-filtering-ports.patch

@@ -1,68 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Wolfgang Bumiller <w.bumiller@proxmox.com>
-Date: Fri, 2 Jul 2021 14:07:36 +0200
-Subject: [PATCH] net: bridge: sync fdb to new unicast-filtering ports
-
-Since commit 2796d0c648c9 ("bridge: Automatically manage
-port promiscuous mode.")
-bridges with `vlan_filtering 1` and only 1 auto-port don't
-set IFF_PROMISC for unicast-filtering-capable ports.
-
-Normally on port changes `br_manage_promisc` is called to
-update the promisc flags and unicast filters if necessary,
-but it cannot distinguish between *new* ports and ones
-losing their promisc flag, and new ports end up not
-receiving the MAC address list.
-
-Fix this by calling `br_fdb_sync_static` in `br_add_if`
-after the port promisc flags are updated and the unicast
-filter was supposed to have been filled.
-
-Fixes: 2796d0c648c9 ("bridge: Automatically manage port promiscuous mode.")
-Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
----
- net/bridge/br_if.c | 17 ++++++++++++++++-
- 1 file changed, 16 insertions(+), 1 deletion(-)
-
-diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c
-index f7d2f472ae24..6e4a32354a13 100644
---- a/net/bridge/br_if.c
-+++ b/net/bridge/br_if.c
-@@ -562,7 +562,7 @@ int br_add_if(struct net_bridge *br, struct net_device *dev,
- 	struct net_bridge_port *p;
- 	int err = 0;
- 	unsigned br_hr, dev_hr;
--	bool changed_addr;
-+	bool changed_addr, fdb_synced = false;
- 
- 	/* Don't allow bridging non-ethernet like devices. */
- 	if ((dev->flags & IFF_LOOPBACK) ||
-@@ -652,6 +652,19 @@ int br_add_if(struct net_bridge *br, struct net_device *dev,
- 	list_add_rcu(&p->list, &br->port_list);
- 
- 	nbp_update_port_count(br);
-+	if (!br_promisc_port(p) && (p->dev->priv_flags & IFF_UNICAST_FLT)) {
-+		/* When updating the port count we also update all ports'
-+		 * promiscuous mode.
-+		 * A port leaving promiscuous mode normally gets the bridge's
-+		 * fdb synced to the unicast filter (if supported), however,
-+		 * `br_port_clear_promisc` does not distinguish between
-+		 * non-promiscuous ports and *new* ports, so we need to
-+		 * sync explicitly here.
-+		 */
-+		fdb_synced = br_fdb_sync_static(br, p) == 0;
-+		if (!fdb_synced)
-+			netdev_err(dev, "failed to sync bridge static fdb addresses to this port\n");
-+	}
- 
- 	netdev_update_features(br->dev);
- 
-@@ -701,6 +714,8 @@ int br_add_if(struct net_bridge *br, struct net_device *dev,
- 	return 0;
- 
- err7:
-+	if (fdb_synced)
-+		br_fdb_unsync_static(br, p);
- 	list_del_rcu(&p->list);
- 	br_fdb_delete_by_port(br, p, 0, 1);
- 	nbp_update_port_count(br);

patches/kernel/0007-Revert-PCI-Coalesce-host-bridge-contiguous-apertures.patch

@@ -13,12 +13,13 @@ was reverted upstream because of reports similar to
 Link: https://bugzilla.proxmox.com/show_bug.cgi?id=3552
 Link: https://lore.kernel.org/r/20210709231529.GA3270116@roeck-us.net
 Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 ---
- drivers/pci/probe.c | 49 ++++-----------------------------------------
+ drivers/pci/probe.c | 52 +++++----------------------------------------
- 1 file changed, 4 insertions(+), 45 deletions(-)
+ 1 file changed, 5 insertions(+), 47 deletions(-)
 
 diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
-index 04664d4fe4be..be51670572fa 100644
+index b5fdf42c4c2a..be51670572fa 100644
 --- a/drivers/pci/probe.c
 +++ b/drivers/pci/probe.c
 @@ -19,7 +19,6 @@
@@ -29,11 +30,12 @@ index 04664d4fe4be..be51670572fa 100644
  #include "pci.h"
  
  #define CARDBUS_LATENCY_TIMER	176	/* secondary latency timer */
-@@ -875,30 +874,14 @@ static void pci_set_bus_msi_domain(struct pci_bus *bus)
+@@ -875,31 +874,14 @@ static void pci_set_bus_msi_domain(struct pci_bus *bus)
  	dev_set_msi_domain(&bus->dev, d);
  }
  
--static int res_cmp(void *priv, struct list_head *a, struct list_head *b)
+-static int res_cmp(void *priv, const struct list_head *a,
+-		  const struct list_head *b)
 -{
 -	struct resource_entry *entry1, *entry2;
 -
@@ -63,7 +65,7 @@ index 04664d4fe4be..be51670572fa 100644
  	char addr[64], *fmt;
  	const char *name;
  	int err;
-@@ -976,35 +959,11 @@ static int pci_register_host_bridge(struct pci_host_bridge *bridge)
+@@ -977,35 +959,11 @@ static int pci_register_host_bridge(struct pci_host_bridge *bridge)
  	if (nr_node_ids > 1 && pcibus_to_node(bus) == NUMA_NO_NODE)
  		dev_warn(&bus->dev, "Unknown NUMA node; performance will be reduced\n");
  
@@ -90,13 +92,14 @@ index 04664d4fe4be..be51670572fa 100644
 -
  	/* Add initial resources to the bus */
  	resource_list_for_each_entry_safe(window, n, &resources) {
-+		list_move_tail(&window->node, &bridge->windows);
+-		offset = window->offset;
- 		offset = window->offset;
+-		res = window->res;
- 		res = window->res;
 -		if (!res->end)
 -			continue;
 -
--		list_move_tail(&window->node, &bridge->windows);
+ 		list_move_tail(&window->node, &bridge->windows);
++		offset = window->offset;
++		res = window->res;
  
  		if (res->flags & IORESOURCE_BUS)
  			pci_bus_insert_busn_res(bus, bus->number, res->end);

patches/kernel/0008-PCI-Reinstate-PCI-Coalesce-host-bridge-contiguous-ap.patch

@@ -50,9 +50,10 @@ Cc: Guenter Roeck <linux@roeck-us.net>
 Suggested-by: Bjorn Helgaas <bhelgaas@google.com>
 Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
 Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 ---
- drivers/pci/probe.c | 31 +++++++++++++++++++++++++++----
+ drivers/pci/probe.c | 33 ++++++++++++++++++++++++++++-----
- 1 file changed, 27 insertions(+), 4 deletions(-)
+ 1 file changed, 28 insertions(+), 5 deletions(-)
 
 diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
 index be51670572fa..133f5d2b189d 100644
@@ -99,13 +100,14 @@ index be51670572fa..133f5d2b189d 100644
 +
  	/* Add initial resources to the bus */
  	resource_list_for_each_entry_safe(window, n, &resources) {
--		list_move_tail(&window->node, &bridge->windows);
++		offset = window->offset;
- 		offset = window->offset;
++		res = window->res;
- 		res = window->res;
 +		if (!res->end)
 +			continue;
 +
-+		list_move_tail(&window->node, &bridge->windows);
+ 		list_move_tail(&window->node, &bridge->windows);
+-		offset = window->offset;
+-		res = window->res;
  
  		if (res->flags & IORESOURCE_BUS)
  			pci_bus_insert_busn_res(bus, bus->number, res->end);

patches/kernel/0009-ocfs2-mount-fails-with-buffer-overflow-in-strlen.patch

@@ -0,0 +1,76 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Valentin Vidic <vvidic@valentin-vidic.from.hr>
+Date: Wed, 29 Sep 2021 20:06:54 +0200
+Subject: [PATCH] ocfs2: mount fails with buffer overflow in strlen
+
+Starting with kernel 5.11 built with CONFIG_FORTIFY_SOURCE mouting an
+ocfs2 filesystem with either o2cb or pcmk cluster stack fails with the
+trace below. Problem seems to be that strings for cluster stack and
+cluster name are not guaranteed to be null terminated in the disk
+representation, while strlcpy assumes that the source string is always
+null terminated. This causes a read outside of the source string
+triggering the buffer overflow detection.
+
+detected buffer overflow in strlen
+------------[ cut here ]------------
+kernel BUG at lib/string.c:1149!
+invalid opcode: 0000 [#1] SMP PTI
+CPU: 1 PID: 910 Comm: mount.ocfs2 Not tainted 5.14.0-1-amd64 #1
+  Debian 5.14.6-2
+RIP: 0010:fortify_panic+0xf/0x11
+...
+Call Trace:
+ ocfs2_initialize_super.isra.0.cold+0xc/0x18 [ocfs2]
+ ocfs2_fill_super+0x359/0x19b0 [ocfs2]
+ mount_bdev+0x185/0x1b0
+ ? ocfs2_remount+0x440/0x440 [ocfs2]
+ legacy_get_tree+0x27/0x40
+ vfs_get_tree+0x25/0xb0
+ path_mount+0x454/0xa20
+ __x64_sys_mount+0x103/0x140
+ do_syscall_64+0x3b/0xc0
+ entry_SYSCALL_64_after_hwframe+0x44/0xae
+
+Signed-off-by: Valentin Vidic <vvidic@valentin-vidic.from.hr>
+Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ fs/ocfs2/super.c | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/fs/ocfs2/super.c b/fs/ocfs2/super.c
+index 2febc76e9de7..435f82892432 100644
+--- a/fs/ocfs2/super.c
++++ b/fs/ocfs2/super.c
+@@ -2171,11 +2171,17 @@ static int ocfs2_initialize_super(struct super_block *sb,
+ 	}
+ 
+ 	if (ocfs2_clusterinfo_valid(osb)) {
++		/*
++		 * ci_stack and ci_cluster in ocfs2_cluster_info may not be null
++		 * terminated, so make sure no overflow happens here by using
++		 * memcpy. Destination strings will always be null terminated
++		 * because osb is allocated using kzalloc.
++		 */
+ 		osb->osb_stackflags =
+ 			OCFS2_RAW_SB(di)->s_cluster_info.ci_stackflags;
+-		strlcpy(osb->osb_cluster_stack,
++		memcpy(osb->osb_cluster_stack,
+ 		       OCFS2_RAW_SB(di)->s_cluster_info.ci_stack,
+-		       OCFS2_STACK_LABEL_LEN + 1);
++		       OCFS2_STACK_LABEL_LEN);
+ 		if (strlen(osb->osb_cluster_stack) != OCFS2_STACK_LABEL_LEN) {
+ 			mlog(ML_ERROR,
+ 			     "couldn't mount because of an invalid "
+@@ -2184,9 +2190,9 @@ static int ocfs2_initialize_super(struct super_block *sb,
+ 			status = -EINVAL;
+ 			goto bail;
+ 		}
+-		strlcpy(osb->osb_cluster_name,
++		memcpy(osb->osb_cluster_name,
+ 			OCFS2_RAW_SB(di)->s_cluster_info.ci_cluster,
+-			OCFS2_CLUSTER_NAME_LEN + 1);
++			OCFS2_CLUSTER_NAME_LEN);
+ 	} else {
+ 		/* The empty string is identical with classic tools that
+ 		 * don't know about s_cluster_info. */

patches/kernel/0010-blk-mq-fix-kernel-panic-during-iterating-over-flush-.patch

@@ -1,75 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Ming Lei <ming.lei@redhat.com>
-Date: Fri, 10 Sep 2021 14:30:15 +0200
-Subject: [PATCH] blk-mq: fix kernel panic during iterating over flush request
-
-commit c2da19ed50554ce52ecbad3655c98371fe58599f upstream.
-
-For fixing use-after-free during iterating over requests, we grabbed
-request's refcount before calling ->fn in commit 2e315dc07df0 ("blk-mq:
-grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter").
-Turns out this way may cause kernel panic when iterating over one flush
-request:
-
-1) old flush request's tag is just released, and this tag is reused by
-one new request, but ->rqs[] isn't updated yet
-
-2) the flush request can be re-used for submitting one new flush command,
-so blk_rq_init() is called at the same time
-
-3) meantime blk_mq_queue_tag_busy_iter() is called, and old flush request
-is retrieved from ->rqs[tag]; when blk_mq_put_rq_ref() is called,
-flush_rq->end_io may not be updated yet, so NULL pointer dereference
-is triggered in blk_mq_put_rq_ref().
-
-Fix the issue by calling refcount_set(&flush_rq->ref, 1) after
-flush_rq->end_io is set. So far the only other caller of blk_rq_init() is
-scsi_ioctl_reset() in which the request doesn't enter block IO stack and
-the request reference count isn't used, so the change is safe.
-
-Fixes: 2e315dc07df0 ("blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter")
-Reported-by: "Blank-Burian, Markus, Dr." <blankburian@uni-muenster.de>
-Tested-by: "Blank-Burian, Markus, Dr." <blankburian@uni-muenster.de>
-Signed-off-by: Ming Lei <ming.lei@redhat.com>
-Reviewed-by: Christoph Hellwig <hch@lst.de>
-Reviewed-by: John Garry <john.garry@huawei.com>
-Link: https://lore.kernel.org/r/20210811142624.618598-1-ming.lei@redhat.com
-Signed-off-by: Jens Axboe <axboe@kernel.dk>
-Cc: Yi Zhang <yi.zhang@redhat.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- block/blk-core.c  | 1 -
- block/blk-flush.c | 8 ++++++++
- 2 files changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/block/blk-core.c b/block/blk-core.c
-index 7663a9b94b80..debdf9b0bf30 100644
---- a/block/blk-core.c
-+++ b/block/blk-core.c
-@@ -121,7 +121,6 @@ void blk_rq_init(struct request_queue *q, struct request *rq)
- 	rq->internal_tag = BLK_MQ_NO_TAG;
- 	rq->start_time_ns = ktime_get_ns();
- 	rq->part = NULL;
--	refcount_set(&rq->ref, 1);
- 	blk_crypto_rq_set_defaults(rq);
- }
- EXPORT_SYMBOL(blk_rq_init);
-diff --git a/block/blk-flush.c b/block/blk-flush.c
-index e89d007dbf6a..8b11ab3b3762 100644
---- a/block/blk-flush.c
-+++ b/block/blk-flush.c
-@@ -329,6 +329,14 @@ static void blk_kick_flush(struct request_queue *q, struct blk_flush_queue *fq,
- 	flush_rq->rq_flags |= RQF_FLUSH_SEQ;
- 	flush_rq->rq_disk = first_rq->rq_disk;
- 	flush_rq->end_io = flush_end_io;
-+	/*
-+	 * Order WRITE ->end_io and WRITE rq->ref, and its pair is the one
-+	 * implied in refcount_inc_not_zero() called from
-+	 * blk_mq_find_and_get_req(), which orders WRITE/READ flush_rq->ref
-+	 * and READ flush_rq->end_io
-+	 */
-+	smp_wmb();
-+	refcount_set(&flush_rq->ref, 1);
- 
- 	blk_flush_queue_rq(flush_rq, false);
- }

patches/kernel/0011-blk-mq-fix-is_flush_rq.patch

@@ -1,91 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Ming Lei <ming.lei@redhat.com>
-Date: Fri, 10 Sep 2021 14:30:16 +0200
-Subject: [PATCH] blk-mq: fix is_flush_rq
-
-commit a9ed27a764156929efe714033edb3e9023c5f321 upstream.
-
-is_flush_rq() is called from bt_iter()/bt_tags_iter(), and runs the
-following check:
-
-	hctx->fq->flush_rq == req
-
-but the passed hctx from bt_iter()/bt_tags_iter() may be NULL because:
-
-1) memory re-order in blk_mq_rq_ctx_init():
-
-	rq->mq_hctx = data->hctx;
-	...
-	refcount_set(&rq->ref, 1);
-
-OR
-
-2) tag re-use and ->rqs[] isn't updated with new request.
-
-Fix the issue by re-writing is_flush_rq() as:
-
-	return rq->end_io == flush_end_io;
-
-which turns out simpler to follow and immune to data race since we have
-ordered WRITE rq->end_io and refcount_set(&rq->ref, 1).
-
-Fixes: 2e315dc07df0 ("blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter")
-Cc: "Blank-Burian, Markus, Dr." <blankburian@uni-muenster.de>
-Cc: Yufen Yu <yuyufen@huawei.com>
-Signed-off-by: Ming Lei <ming.lei@redhat.com>
-Link: https://lore.kernel.org/r/20210818010925.607383-1-ming.lei@redhat.com
-Signed-off-by: Jens Axboe <axboe@kernel.dk>
-Cc: Yi Zhang <yi.zhang@redhat.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- block/blk-flush.c | 5 +++++
- block/blk-mq.c    | 2 +-
- block/blk.h       | 6 +-----
- 3 files changed, 7 insertions(+), 6 deletions(-)
-
-diff --git a/block/blk-flush.c b/block/blk-flush.c
-index 8b11ab3b3762..705ee6c99020 100644
---- a/block/blk-flush.c
-+++ b/block/blk-flush.c
-@@ -262,6 +262,11 @@ static void flush_end_io(struct request *flush_rq, blk_status_t error)
- 	spin_unlock_irqrestore(&fq->mq_flush_lock, flags);
- }
- 
-+bool is_flush_rq(struct request *rq)
-+{
-+	return rq->end_io == flush_end_io;
-+}
-+
- /**
-  * blk_kick_flush - consider issuing flush request
-  * @q: request_queue being kicked
-diff --git a/block/blk-mq.c b/block/blk-mq.c
-index cb619ec8aaf2..601e40204d06 100644
---- a/block/blk-mq.c
-+++ b/block/blk-mq.c
-@@ -937,7 +937,7 @@ static bool blk_mq_req_expired(struct request *rq, unsigned long *next)
- 
- void blk_mq_put_rq_ref(struct request *rq)
- {
--	if (is_flush_rq(rq, rq->mq_hctx))
-+	if (is_flush_rq(rq))
- 		rq->end_io(rq, 0);
- 	else if (refcount_dec_and_test(&rq->ref))
- 		__blk_mq_free_request(rq);
-diff --git a/block/blk.h b/block/blk.h
-index 7550364c326c..4a4ffd992790 100644
---- a/block/blk.h
-+++ b/block/blk.h
-@@ -43,11 +43,7 @@ static inline void __blk_get_queue(struct request_queue *q)
- 	kobject_get(&q->kobj);
- }
- 
--static inline bool
--is_flush_rq(struct request *req, struct blk_mq_hw_ctx *hctx)
--{
--	return hctx->fq->flush_rq == req;
--}
-+bool is_flush_rq(struct request *req);
- 
- struct blk_flush_queue *blk_alloc_flush_queue(int node, int cmd_size,
- 					      gfp_t flags);

submodules/ubuntu-hirsute

@@ -1 +1 @@
-Subproject commit 9fb3242fa6a38d072949cbaa9183f65d56675231
+Subproject commit 1d5dc9627fe2f51457548f44d1dcbbda26925d8a

submodules/zfsonlinux

@@ -1 +1 @@
-Subproject commit e697cc599230680f1be8bd0c2353ce090f3c3b8e
+Subproject commit 484fdeae51b93e9f33115804e80b9ecd0a70cb27