[PATCH zfsonlinux] d/patches: add further patches for kernel 7.0 compatibility

[PATCH zfsonlinux] d/patches: add further patches for kernel 7.0 compatibility

[Stoiko Ivanov]

noticed that NFS-shares on ZFS with kernel 7.0 return EINVAL on vzdump
backups being stored there. (strace showed that it was a `openat2`
call with O_DIRECTORY, which failed).

looking through the recent changes the following commit:
 d8c08a1ce ("Linux 7.0: also set setlease handler on directories (#18331)")
seemed promising.

Additionally replace the META patch for kernel compat with the one
merged upstream.

tested by building a kernel 7.0 with these patches applied and
verifying that a previously failing vzdump to a NFS-storage on a ZFS
dataset runs through successfully.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
 ...itly-set-setlease-handler-to-kernel-.patch | 26 +++---
 ...ueue_nonrot-renamed-to-blk_queue_rot.patch |  4 +-
 ...ix_acl_to_xattr-now-allocates-memory.patch |  4 +-
 ...ims-for-the-fs_context-based-mount-A.patch |  4 +-
 .../0014-Linux-7.0-WIP-compat-META.patch      | 24 ------
 ...et-setlease-handler-on-directories-1.patch | 36 +++++++++
 ...nf-Remove-copy-from-user-inatomic-AP.patch | 79 +++++++++++++++++++
 ...re-LSMs-get-to-process-mount-options.patch | 67 ++++++++++++++++
 .../patches/0017-Linux-7.0-compat-META.patch  | 28 +++++++
 debian/patches/series                         |  5 +-
 10 files changed, 233 insertions(+), 44 deletions(-)
 delete mode 100644 debian/patches/0014-Linux-7.0-WIP-compat-META.patch
 create mode 100644 debian/patches/0014-Linux-7.0-also-set-setlease-handler-on-directories-1.patch
 create mode 100644 debian/patches/0015-Linux-7.0-autoconf-Remove-copy-from-user-inatomic-AP.patch
 create mode 100644 debian/patches/0016-Linux-7.0-ensure-LSMs-get-to-process-mount-options.patch
 create mode 100644 debian/patches/0017-Linux-7.0-compat-META.patch

diff --git a/debian/patches/0010-Linux-7.0-explicitly-set-setlease-handler-to-kernel-.patch b/debian/patches/0010-Linux-7.0-explicitly-set-setlease-handler-to-kernel-.patch
index bfb563c86..11cc352e0 100644
--- a/debian/patches/0010-Linux-7.0-explicitly-set-setlease-handler-to-kernel-.patch
+++ b/debian/patches/0010-Linux-7.0-explicitly-set-setlease-handler-to-kernel-.patch
@@ -42,7 +42,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 
 diff --git a/config/kernel-filelock.m4 b/config/kernel-filelock.m4
 new file mode 100644
-index 000000000..5e8d7c784
+index 0000000000000000000000000000000000000000..5e8d7c78469227eb769a91a3a8add4d55c1ba58c
 --- /dev/null
 +++ b/config/kernel-filelock.m4
 @@ -0,0 +1,23 @@
@@ -70,7 +70,7 @@ index 000000000..5e8d7c784
 +])
 +
 diff --git a/config/kernel.m4 b/config/kernel.m4
-index eb2e827d5..df1685066 100644
+index eb2e827d5cbf92537993d6d79340431e7b6a3b35..df168506691dec7b9479da12e9ac9e08694853c4 100644
 --- a/config/kernel.m4
 +++ b/config/kernel.m4
 @@ -140,6 +140,7 @@ AC_DEFUN([ZFS_AC_KERNEL_TEST_SRC], [
@@ -90,7 +90,7 @@ index eb2e827d5..df1685066 100644
  		powerpc*)
  			ZFS_AC_KERNEL_CPU_HAS_FEATURE
 diff --git a/module/os/linux/zfs/zpl_file.c b/module/os/linux/zfs/zpl_file.c
-index f7691c02d..30f3e3855 100644
+index f7691c02d1634164c751df9eab36a641fc53a86e..30f3e3855355332aa10402791429cb4dc326f077 100644
 --- a/module/os/linux/zfs/zpl_file.c
 +++ b/module/os/linux/zfs/zpl_file.c
 @@ -43,6 +43,9 @@
@@ -112,7 +112,7 @@ index f7691c02d..30f3e3855 100644
  #ifdef HAVE_VFS_CLONE_FILE_RANGE
  	.clone_file_range	= zpl_clone_file_range,
 diff --git a/scripts/zfs-tests.sh b/scripts/zfs-tests.sh
-index 09a15bafc..697c3f304 100755
+index 09a15bafc27e87a036d547832d80549ffc7da5a6..697c3f304d8150b157935b08e161e7aec531fa54 100755
 --- a/scripts/zfs-tests.sh
 +++ b/scripts/zfs-tests.sh
 @@ -294,6 +294,16 @@ constrain_path() {
@@ -146,7 +146,7 @@ index 09a15bafc..697c3f304 100755
  
  	# Exceptions
 diff --git a/tests/runfiles/linux.run b/tests/runfiles/linux.run
-index a65633dd8..2717bf53d 100644
+index a65633dd8cfb276ff68894f4bcd3ecffcc1bc862..2717bf53d0b1ad1fbb5447a0d8ee20d98efff54b 100644
 --- a/tests/runfiles/linux.run
 +++ b/tests/runfiles/linux.run
 @@ -141,6 +141,10 @@ pre =
@@ -161,7 +161,7 @@ index a65633dd8..2717bf53d 100644
  tests = ['longname_001_pos', 'longname_002_pos', 'longname_003_pos']
  tags = ['functional', 'longname']
 diff --git a/tests/zfs-tests/cmd/.gitignore b/tests/zfs-tests/cmd/.gitignore
-index 62f1684ac..335e4ceba 100644
+index 62f1684acfb4bfafe8e511e2d69f1af13b73ced1..335e4ceba28200b137abce25038a8989263c7663 100644
 --- a/tests/zfs-tests/cmd/.gitignore
 +++ b/tests/zfs-tests/cmd/.gitignore
 @@ -58,3 +58,4 @@
@@ -170,7 +170,7 @@ index 62f1684ac..335e4ceba 100644
  /statx
 +/setlease
 diff --git a/tests/zfs-tests/cmd/Makefile.am b/tests/zfs-tests/cmd/Makefile.am
-index 85c3cf3c3..f07e7fda1 100644
+index 85c3cf3c35a8cdfb6ba7f95ab48d942cdc85e0d9..f07e7fda14fd2c63b500dc14b08922373ea1a189 100644
 --- a/tests/zfs-tests/cmd/Makefile.am
 +++ b/tests/zfs-tests/cmd/Makefile.am
 @@ -132,6 +132,7 @@ scripts_zfs_tests_bin_PROGRAMS += %D%/statx
@@ -183,7 +183,7 @@ index 85c3cf3c3..f07e7fda1 100644
  
 diff --git a/tests/zfs-tests/cmd/setlease.c b/tests/zfs-tests/cmd/setlease.c
 new file mode 100644
-index 000000000..12bcbd91b
+index 0000000000000000000000000000000000000000..12bcbd91beb53750a616aa1604a5d7bd9450af6c
 --- /dev/null
 +++ b/tests/zfs-tests/cmd/setlease.c
 @@ -0,0 +1,126 @@
@@ -314,7 +314,7 @@ index 000000000..12bcbd91b
 +	return (0);
 +}
 diff --git a/tests/zfs-tests/include/commands.cfg b/tests/zfs-tests/include/commands.cfg
-index 1c4d25e15..4ba9aa7c8 100644
+index 1c4d25e152a73d3ea17d59280b66b0df7ef65c37..4ba9aa7c8b676975cb147fc74124488097936823 100644
 --- a/tests/zfs-tests/include/commands.cfg
 +++ b/tests/zfs-tests/include/commands.cfg
 @@ -182,7 +182,7 @@ export ZFS_FILES='zdb
@@ -334,7 +334,7 @@ index 1c4d25e15..4ba9aa7c8 100644
 +export ZFSTEST_FILES_LINUX='
 +    setlease'
 diff --git a/tests/zfs-tests/tests/Makefile.am b/tests/zfs-tests/tests/Makefile.am
-index 99477a743..d14592ffa 100644
+index 99477a74326a5e47bffabdcd89c850f9a3ed3cf4..d14592ffa5d69e37b098213d2ccd97ae0a9d83d5 100644
 --- a/tests/zfs-tests/tests/Makefile.am
 +++ b/tests/zfs-tests/tests/Makefile.am
 @@ -1655,6 +1655,9 @@ nobase_dist_datadir_zfs_tests_tests_SCRIPTS += \
@@ -349,7 +349,7 @@ index 99477a743..d14592ffa 100644
  	functional/l2arc/l2arc_l2miss_pos.ksh \
 diff --git a/tests/zfs-tests/tests/functional/lease/cleanup.ksh b/tests/zfs-tests/tests/functional/lease/cleanup.ksh
 new file mode 100755
-index 000000000..5e73dd349
+index 0000000000000000000000000000000000000000..5e73dd34936e1c6ebc7c1c8a1a7d8274677a4191
 --- /dev/null
 +++ b/tests/zfs-tests/tests/functional/lease/cleanup.ksh
 @@ -0,0 +1,26 @@
@@ -381,7 +381,7 @@ index 000000000..5e73dd349
 +default_cleanup
 diff --git a/tests/zfs-tests/tests/functional/lease/lease_setlease.ksh b/tests/zfs-tests/tests/functional/lease/lease_setlease.ksh
 new file mode 100755
-index 000000000..8647d0199
+index 0000000000000000000000000000000000000000..8647d01995c32f58d3e37fafea0013b7795af0d7
 --- /dev/null
 +++ b/tests/zfs-tests/tests/functional/lease/lease_setlease.ksh
 @@ -0,0 +1,44 @@
@@ -431,7 +431,7 @@ index 000000000..8647d0199
 +log_pass "F_SETLEASE is supported"
 diff --git a/tests/zfs-tests/tests/functional/lease/setup.ksh b/tests/zfs-tests/tests/functional/lease/setup.ksh
 new file mode 100755
-index 000000000..09da91b0f
+index 0000000000000000000000000000000000000000..09da91b0f93f70f98a91107ca687549801a67074
 --- /dev/null
 +++ b/tests/zfs-tests/tests/functional/lease/setup.ksh
 @@ -0,0 +1,27 @@
diff --git a/debian/patches/0011-Linux-7.0-blk_queue_nonrot-renamed-to-blk_queue_rot.patch b/debian/patches/0011-Linux-7.0-blk_queue_nonrot-renamed-to-blk_queue_rot.patch
index 09bd98589..8c5c17946 100644
--- a/debian/patches/0011-Linux-7.0-blk_queue_nonrot-renamed-to-blk_queue_rot.patch
+++ b/debian/patches/0011-Linux-7.0-blk_queue_nonrot-renamed-to-blk_queue_rot.patch
@@ -19,7 +19,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  2 files changed, 30 insertions(+)
 
 diff --git a/config/kernel-blk-queue.m4 b/config/kernel-blk-queue.m4
-index cd2b143e8..c6479b51d 100644
+index cd2b143e89a0892af2e7a1cc40154cfcf1210d44..c6479b51da8c0faef6f54687149644d6cf321e9e 100644
 --- a/config/kernel-blk-queue.m4
 +++ b/config/kernel-blk-queue.m4
 @@ -225,6 +225,30 @@ AC_DEFUN([ZFS_AC_KERNEL_BLK_QUEUE_MAX_HW_SECTORS], [
@@ -69,7 +69,7 @@ index cd2b143e8..c6479b51d 100644
  	ZFS_AC_KERNEL_BLK_MQ_RQ_HCTX
  ])
 diff --git a/module/os/linux/zfs/vdev_disk.c b/module/os/linux/zfs/vdev_disk.c
-index 1bd3500e9..ab7457b04 100644
+index 1bd3500e9f6665b0b23878ca575e57161a5031a7..ab7457b04e2e3bd30167a61f28f6c1aa24bdf8a6 100644
 --- a/module/os/linux/zfs/vdev_disk.c
 +++ b/module/os/linux/zfs/vdev_disk.c
 @@ -445,7 +445,11 @@ vdev_disk_open(vdev_t *v, uint64_t *psize, uint64_t *max_psize,
diff --git a/debian/patches/0012-Linux-7.0-posix_acl_to_xattr-now-allocates-memory.patch b/debian/patches/0012-Linux-7.0-posix_acl_to_xattr-now-allocates-memory.patch
index bb97a96f5..924884801 100644
--- a/debian/patches/0012-Linux-7.0-posix_acl_to_xattr-now-allocates-memory.patch
+++ b/debian/patches/0012-Linux-7.0-posix_acl_to_xattr-now-allocates-memory.patch
@@ -27,7 +27,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  2 files changed, 48 insertions(+)
 
 diff --git a/config/kernel-acl.m4 b/config/kernel-acl.m4
-index 3dbd97948..4393e3ab8 100644
+index 3dbd97948189c1af6487a3ce1d035b46fc0e993e..4393e3ab8b5e0175434f5dc61fdb224ae713774b 100644
 --- a/config/kernel-acl.m4
 +++ b/config/kernel-acl.m4
 @@ -21,6 +21,35 @@ AC_DEFUN([ZFS_AC_KERNEL_POSIX_ACL_EQUIV_MODE_WANTS_UMODE_T], [
@@ -82,7 +82,7 @@ index 3dbd97948..4393e3ab8 100644
  	ZFS_AC_KERNEL_INODE_OPERATIONS_SET_ACL
  ])
 diff --git a/include/os/linux/kernel/linux/xattr_compat.h b/include/os/linux/kernel/linux/xattr_compat.h
-index f2f7e1ed0..39645c190 100644
+index f2f7e1ed017f6002ff2f1b59de25dc3dd6a04785..39645c19094f13b16e12f98ff7afa532b6105d4f 100644
 --- a/include/os/linux/kernel/linux/xattr_compat.h
 +++ b/include/os/linux/kernel/linux/xattr_compat.h
 @@ -130,10 +130,27 @@ zpl_acl_from_xattr(const void *value, int size)
diff --git a/debian/patches/0013-Linux-7.0-add-shims-for-the-fs_context-based-mount-A.patch b/debian/patches/0013-Linux-7.0-add-shims-for-the-fs_context-based-mount-A.patch
index 0ef647a1e..73ccba85a 100644
--- a/debian/patches/0013-Linux-7.0-add-shims-for-the-fs_context-based-mount-A.patch
+++ b/debian/patches/0013-Linux-7.0-add-shims-for-the-fs_context-based-mount-A.patch
@@ -20,7 +20,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  2 files changed, 72 insertions(+), 1 deletion(-)
 
 diff --git a/config/kernel-fst-mount.m4 b/config/kernel-fst-mount.m4
-index 576f5f012..798acf19b 100644
+index 576f5f0129c555b418668762cf183c165b3bf05a..798acf19b79d22adfc59a48a832af757fc4fb47f 100644
 --- a/config/kernel-fst-mount.m4
 +++ b/config/kernel-fst-mount.m4
 @@ -3,6 +3,10 @@ dnl # 2.6.38 API change
@@ -45,7 +45,7 @@ index 576f5f012..798acf19b 100644
          ])
  ])
 diff --git a/module/os/linux/zfs/zpl_super.c b/module/os/linux/zfs/zpl_super.c
-index 347b35250..d509152b6 100644
+index 347b352506e54b0a5b5ff2b3d8fd3d549941183c..d509152b692133f5dd0339e750dba50160e37232 100644
 --- a/module/os/linux/zfs/zpl_super.c
 +++ b/module/os/linux/zfs/zpl_super.c
 @@ -24,6 +24,7 @@
diff --git a/debian/patches/0014-Linux-7.0-WIP-compat-META.patch b/debian/patches/0014-Linux-7.0-WIP-compat-META.patch
deleted file mode 100644
index 856e68d94..000000000
--- a/debian/patches/0014-Linux-7.0-WIP-compat-META.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Thomas Lamprecht <t.lamprecht@proxmox.com>
-Date: Mon, 9 Mar 2026 20:53:31 +0100
-Subject: [PATCH] Linux 7.0 WIP compat: META
-
-Update the META file to reflect compatibility with the 7.0 kernel to
-unblock build of the release candidates.
-
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- META | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/META b/META
-index c6d7e3e94..805ab052f 100644
---- a/META
-+++ b/META
-@@ -6,5 +6,5 @@ Release:       1
- Release-Tags:  relext
- License:       CDDL
- Author:        OpenZFS
--Linux-Maximum: 6.19
-+Linux-Maximum: 7.0
- Linux-Minimum: 4.18
diff --git a/debian/patches/0014-Linux-7.0-also-set-setlease-handler-on-directories-1.patch b/debian/patches/0014-Linux-7.0-also-set-setlease-handler-on-directories-1.patch
new file mode 100644
index 000000000..819c0726a
--- /dev/null
+++ b/debian/patches/0014-Linux-7.0-also-set-setlease-handler-on-directories-1.patch
@@ -0,0 +1,36 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Rob Norris <rob.norris@truenas.com>
+Date: Wed, 18 Mar 2026 09:28:30 +1100
+Subject: [PATCH] Linux 7.0: also set setlease handler on directories (#18331)
+
+It turns out the kernel can also take directory leases, most notably in
+the NFS server. Without a setlease handler on the directory file ops,
+attempts to open a directory over NFS can fail with EINVAL.
+
+Adding a directory setlease handler was missed in 168023b603. This fixes
+that, allowing directories to be properly accessed over NFS.
+
+Sponsored-by: TrueNAS
+Reported-by: Satadru Pramanik <satadru@gmail.com>
+
+Signed-off-by: Rob Norris <rob.norris@truenas.com>
+Reviewed-by: Alexander Motin <alexander.motin@TrueNAS.com>
+Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
+(cherry picked from commit d8c08a1cea6428fa37b3a6585150b10dedfd79b8)
+Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
+---
+ module/os/linux/zfs/zpl_file.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/module/os/linux/zfs/zpl_file.c b/module/os/linux/zfs/zpl_file.c
+index 30f3e3855355332aa10402791429cb4dc326f077..efcb400f196e3595fde85e5cf17be8bcf2d9520d 100644
+--- a/module/os/linux/zfs/zpl_file.c
++++ b/module/os/linux/zfs/zpl_file.c
+@@ -1268,6 +1268,7 @@ const struct file_operations zpl_dir_file_operations = {
+ 	.read		= generic_read_dir,
+ 	.iterate_shared	= zpl_iterate,
+ 	.fsync		= zpl_fsync,
++	.setlease	= generic_setlease,
+ 	.unlocked_ioctl = zpl_ioctl,
+ #ifdef CONFIG_COMPAT
+ 	.compat_ioctl   = zpl_compat_ioctl,
diff --git a/debian/patches/0015-Linux-7.0-autoconf-Remove-copy-from-user-inatomic-AP.patch b/debian/patches/0015-Linux-7.0-autoconf-Remove-copy-from-user-inatomic-AP.patch
new file mode 100644
index 000000000..b0f610085
--- /dev/null
+++ b/debian/patches/0015-Linux-7.0-autoconf-Remove-copy-from-user-inatomic-AP.patch
@@ -0,0 +1,79 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: John Cabaj <john.cabaj@canonical.com>
+Date: Mon, 23 Mar 2026 11:19:41 -0500
+Subject: [PATCH] Linux 7.0: autoconf: Remove copy-from-user-inatomic API
+ checks (#18348) (#18354)
+
+This function was removed in c6442bd3b643: "Removing old code outside
+of 4.18 kernsls", but fails at present on PowerPC builds due to the
+recent inclusion of 6bc9c0a90522: "powerpc: fix KUAP warning in VMX
+usercopy path" in the upstream kernel, which introduces a use of
+cpu_feature_keys[], which is a GPL-only symbol. Removing the API
+check as it doesn't appear necessary.
+
+Signed-off-by: John Cabaj <john.cabaj@canonical.com>
+Reviewed-by: Tony Hutter <hutter2@llnl.gov>
+Reviewed-by: Alexander Motin <alexander.motin@TrueNAS.com>
+(cherry picked from commit 8518e3e809a4ca0d152c24efbd2409772295b056)
+Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
+---
+ config/kernel-copy-from-user-inatomic.m4 | 29 ------------------------
+ config/kernel.m4                         |  2 --
+ 2 files changed, 31 deletions(-)
+ delete mode 100644 config/kernel-copy-from-user-inatomic.m4
+
+diff --git a/config/kernel-copy-from-user-inatomic.m4 b/config/kernel-copy-from-user-inatomic.m4
+deleted file mode 100644
+index fec354b2f38e32e959024bf1d8608c8a7aab5803..0000000000000000000000000000000000000000
+--- a/config/kernel-copy-from-user-inatomic.m4
++++ /dev/null
+@@ -1,29 +0,0 @@
+-dnl #
+-dnl # On certain architectures `__copy_from_user_inatomic`
+-dnl # is a GPL exported variable and cannot be used by OpenZFS.
+-dnl #
+-
+-dnl #
+-dnl # Checking if `__copy_from_user_inatomic` is available.
+-dnl #
+-AC_DEFUN([ZFS_AC_KERNEL_SRC___COPY_FROM_USER_INATOMIC], [
+-	ZFS_LINUX_TEST_SRC([__copy_from_user_inatomic], [
+-		#include <linux/uaccess.h>
+-	], [
+-		int result __attribute__ ((unused)) = __copy_from_user_inatomic(NULL, NULL, 0);
+-	], [], [ZFS_META_LICENSE])
+-])
+-
+-AC_DEFUN([ZFS_AC_KERNEL___COPY_FROM_USER_INATOMIC], [
+-	AC_MSG_CHECKING([whether __copy_from_user_inatomic is available])
+-	ZFS_LINUX_TEST_RESULT([__copy_from_user_inatomic_license], [
+-		AC_MSG_RESULT(yes)
+-	], [
+-		AC_MSG_RESULT(no)
+-		AC_MSG_ERROR([
+-	*** The `__copy_from_user_inatomic()` Linux kernel function is
+-	*** incompatible with the CDDL license and will prevent the module
+-	*** linking stage from succeeding.  OpenZFS cannot be compiled.
+-		])
+-	])
+-])
+diff --git a/config/kernel.m4 b/config/kernel.m4
+index df168506691dec7b9479da12e9ac9e08694853c4..258611467893a0a9666a8da3bdcd78999c765679 100644
+--- a/config/kernel.m4
++++ b/config/kernel.m4
+@@ -118,7 +118,6 @@ AC_DEFUN([ZFS_AC_KERNEL_TEST_SRC], [
+ 	ZFS_AC_KERNEL_SRC_ADD_DISK
+ 	ZFS_AC_KERNEL_SRC_KTHREAD
+ 	ZFS_AC_KERNEL_SRC_ZERO_PAGE
+-	ZFS_AC_KERNEL_SRC___COPY_FROM_USER_INATOMIC
+ 	ZFS_AC_KERNEL_SRC_IDMAP_MNT_API
+ 	ZFS_AC_KERNEL_SRC_IDMAP_NO_USERNS
+ 	ZFS_AC_KERNEL_SRC_IATTR_VFSID
+@@ -242,7 +241,6 @@ AC_DEFUN([ZFS_AC_KERNEL_TEST_RESULT], [
+ 	ZFS_AC_KERNEL_ADD_DISK
+ 	ZFS_AC_KERNEL_KTHREAD
+ 	ZFS_AC_KERNEL_ZERO_PAGE
+-	ZFS_AC_KERNEL___COPY_FROM_USER_INATOMIC
+ 	ZFS_AC_KERNEL_IDMAP_MNT_API
+ 	ZFS_AC_KERNEL_IDMAP_NO_USERNS
+ 	ZFS_AC_KERNEL_IATTR_VFSID
diff --git a/debian/patches/0016-Linux-7.0-ensure-LSMs-get-to-process-mount-options.patch b/debian/patches/0016-Linux-7.0-ensure-LSMs-get-to-process-mount-options.patch
new file mode 100644
index 000000000..45eea3f03
--- /dev/null
+++ b/debian/patches/0016-Linux-7.0-ensure-LSMs-get-to-process-mount-options.patch
@@ -0,0 +1,67 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Rob Norris <rob.norris@truenas.com>
+Date: Tue, 31 Mar 2026 10:44:31 +1100
+Subject: [PATCH] Linux 7.0: ensure LSMs get to process mount options
+
+Normally, kernel gives any LSM registering a `sb_eat_lsm_opts` hook a
+first look at mount options coming in from a userspace mount request.
+The LSM may process and/or remove any options. Whatever is left is
+passed to the filesystem.
+
+This is how the dataset properties `context`, `fscontext`, `defcontext`
+and `rootcontext` are used to configure ZFS mounts for SELinux. libzfs
+will fetch those properties from the dataset, then add them to the mount
+options.
+
+In 0f608aa6ca (#18216) we added our own mount shims to cover the loss of
+the kernel-provided ones. It turns out that if a filesystem provides a
+`.parse_monolithic callback`, it is expected to do _all_ mount option
+parameter processing - the kernel will not get involved at all. Because
+of that, LSMs are never given a chance to process mount options. The
+`context` properties are never seen by SELinux, nor are any other
+options targetting other LSMs.
+
+Fix this by calling `security_sb_eat_lsm_opts()` in
+`zpl_parse_monolithic()`, before we stash the remaining options for
+`zfs_domount()`.
+
+Sponsored-by: TrueNAS
+Reviewed-by: Tony Hutter <hutter2@llnl.gov>
+Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
+Signed-off-by: Rob Norris <rob.norris@truenas.com>
+Closes #18376
+(cherry picked from commit 4155d1533e1ac22057c9d21d57b28f8d36e59359)
+Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
+---
+ module/os/linux/zfs/zpl_super.c | 17 +++++++++++++++--
+ 1 file changed, 15 insertions(+), 2 deletions(-)
+
+diff --git a/module/os/linux/zfs/zpl_super.c b/module/os/linux/zfs/zpl_super.c
+index d509152b692133f5dd0339e750dba50160e37232..5baa4f637cdc2e3cd4f68032f28de686b95200a0 100644
+--- a/module/os/linux/zfs/zpl_super.c
++++ b/module/os/linux/zfs/zpl_super.c
+@@ -524,9 +524,22 @@ zpl_prune_sb(uint64_t nr_to_scan, void *arg)
+ static int
+ zpl_parse_monolithic(struct fs_context *fc, void *data)
+ {
++	if (data == NULL)
++		return (0);
++
++	/*
++	 * Because we supply a .parse_monolithic callback, the kernel does
++	 * no consideration of the options blob at all. Because of this, we
++	 * have to give LSMs a first look at it. They will remove any options
++	 * of interest to them (eg the SELinux *context= options).
++	 */
++	int err = security_sb_eat_lsm_opts((char *)data, &fc->security);
++	if (err)
++		return (err);
++
+ 	/*
+-	 * We do options parsing in zfs_domount(); just stash the options blob
+-	 * in the fs_context so we can pass it down later.
++	 * Whatever is left we stash on in the fs_context so we can pass it
++	 * down to zfs_domount() or zfs_remount() later.
+ 	 */
+ 	fc->fs_private = data;
+ 	return (0);
diff --git a/debian/patches/0017-Linux-7.0-compat-META.patch b/debian/patches/0017-Linux-7.0-compat-META.patch
new file mode 100644
index 000000000..ed1efa6f0
--- /dev/null
+++ b/debian/patches/0017-Linux-7.0-compat-META.patch
@@ -0,0 +1,28 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Brian Behlendorf <behlendorf1@llnl.gov>
+Date: Thu, 16 Apr 2026 16:45:20 -0700
+Subject: [PATCH] Linux 7.0 compat: META
+
+Update the META file to reflect compatibility with the 7.0
+kernel.
+
+Reviewed-by: Tony Hutter <hutter2@llnl.gov>
+Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
+Closes #18435
+(cherry picked from commit d88d9c91dce065c59e2d21aea5a85ba525b6a2f5)
+Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
+---
+ META | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/META b/META
+index c6d7e3e94057c7b6870ebb3818ba0e04141efdd0..805ab052fa8dc1882eb4b6f362225997a03b34ee 100644
+--- a/META
++++ b/META
+@@ -6,5 +6,5 @@ Release:       1
+ Release-Tags:  relext
+ License:       CDDL
+ Author:        OpenZFS
+-Linux-Maximum: 6.19
++Linux-Maximum: 7.0
+ Linux-Minimum: 4.18
diff --git a/debian/patches/series b/debian/patches/series
index 95bf2d047..a437c55e1 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -11,4 +11,7 @@
 0011-Linux-7.0-blk_queue_nonrot-renamed-to-blk_queue_rot.patch
 0012-Linux-7.0-posix_acl_to_xattr-now-allocates-memory.patch
 0013-Linux-7.0-add-shims-for-the-fs_context-based-mount-A.patch
-0014-Linux-7.0-WIP-compat-META.patch
+0014-Linux-7.0-also-set-setlease-handler-on-directories-1.patch
+0015-Linux-7.0-autoconf-Remove-copy-from-user-inatomic-AP.patch
+0016-Linux-7.0-ensure-LSMs-get-to-process-mount-options.patch
+0017-Linux-7.0-compat-META.patch
-- 
2.47.3

applied: [PATCH zfsonlinux] d/patches: add further patches for kernel 7.0 compatibility

[Thomas Lamprecht]

On Mon, 20 Apr 2026 17:24:26 +0200, Stoiko Ivanov wrote:
> noticed that NFS-shares on ZFS with kernel 7.0 return EINVAL on vzdump
> backups being stored there. (strace showed that it was a `openat2`
> call with O_DIRECTORY, which failed).
> 
> looking through the recent changes the following commit:
>  d8c08a1ce ("Linux 7.0: also set setlease handler on directories (#18331)")
> seemed promising.
> 
> [...]

Applied, thanks!

[1/1] d/patches: add further patches for kernel 7.0 compatibility
      commit: e4beb597c36017f12288f22e9d126458643fa014