diff -Nru qemu-6.2+dfsg/debian/changelog qemu-6.2+dfsg/debian/changelog --- qemu-6.2+dfsg/debian/changelog 2023-06-13 11:33:25.000000000 +0000 +++ qemu-6.2+dfsg/debian/changelog 2023-07-03 03:41:41.000000000 +0000 @@ -1,3 +1,10 @@ +qemu (1:6.2+dfsg-2ubuntu6.12) jammy; urgency=medium + + * d/p/use-the-request-length-for-iov-alignment.patch: block: use + the request length for iov alignment (LP: #2025591) + + -- Chengen Du Mon, 03 Jul 2023 03:41:41 +0000 + qemu (1:6.2+dfsg-2ubuntu6.11) jammy-security; urgency=medium * SECURITY UPDATE: user-after-free issue diff -Nru qemu-6.2+dfsg/debian/patches/series qemu-6.2+dfsg/debian/patches/series --- qemu-6.2+dfsg/debian/patches/series 2023-06-13 11:01:15.000000000 +0000 +++ qemu-6.2+dfsg/debian/patches/series 2023-07-03 03:29:26.000000000 +0000 @@ -65,3 +65,4 @@ CVE-2022-4144-4.patch CVE-2022-4144-5.patch CVE-2023-0330.patch +use-the-request-length-for-iov-alignment.patch diff -Nru qemu-6.2+dfsg/debian/patches/use-the-request-length-for-iov-alignment.patch qemu-6.2+dfsg/debian/patches/use-the-request-length-for-iov-alignment.patch --- qemu-6.2+dfsg/debian/patches/use-the-request-length-for-iov-alignment.patch 1970-01-01 00:00:00.000000000 +0000 +++ qemu-6.2+dfsg/debian/patches/use-the-request-length-for-iov-alignment.patch 2023-07-03 03:39:08.000000000 +0000 @@ -0,0 +1,84 @@ +Description: Align the iov length to the logical block size + An iov length needs to be aligned to the logical block size, which may + be larger than the memory alignment. +Author: Keith Busch +Origin: upstream, https://github.com/qemu/qemu/commit/25474d90aa50bd32e0de395a33d8de42dd6f2aef +Bug-Ubuntu: https://bugs.launchpad.net/bugs/2025591 +Last-Update: 2023-07-03 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: qemu-6.2+dfsg/block/file-posix.c +=================================================================== +--- qemu-6.2+dfsg.orig/block/file-posix.c ++++ qemu-6.2+dfsg/block/file-posix.c +@@ -2051,6 +2051,27 @@ static int coroutine_fn raw_thread_pool_ + return thread_pool_submit_co(pool, func, arg); + } + ++/* ++ * Check if all memory in this vector is sector aligned. ++ */ ++static bool bdrv_qiov_is_aligned(BlockDriverState *bs, QEMUIOVector *qiov) ++{ ++ int i; ++ size_t alignment = bdrv_min_mem_align(bs); ++ size_t len = bs->bl.request_alignment; ++ ++ for (i = 0; i < qiov->niov; i++) { ++ if ((uintptr_t) qiov->iov[i].iov_base % alignment) { ++ return false; ++ } ++ if (qiov->iov[i].iov_len % len) { ++ return false; ++ } ++ } ++ ++ return true; ++} ++ + static int coroutine_fn raw_co_prw(BlockDriverState *bs, uint64_t offset, + uint64_t bytes, QEMUIOVector *qiov, int type) + { +Index: qemu-6.2+dfsg/block/io.c +=================================================================== +--- qemu-6.2+dfsg.orig/block/io.c ++++ qemu-6.2+dfsg/block/io.c +@@ -3235,26 +3235,6 @@ void *qemu_try_blockalign0(BlockDriverSt + return mem; + } + +-/* +- * Check if all memory in this vector is sector aligned. +- */ +-bool bdrv_qiov_is_aligned(BlockDriverState *bs, QEMUIOVector *qiov) +-{ +- int i; +- size_t alignment = bdrv_min_mem_align(bs); +- +- for (i = 0; i < qiov->niov; i++) { +- if ((uintptr_t) qiov->iov[i].iov_base % alignment) { +- return false; +- } +- if (qiov->iov[i].iov_len % alignment) { +- return false; +- } +- } +- +- return true; +-} +- + void bdrv_io_plug(BlockDriverState *bs) + { + BdrvChild *child; +Index: qemu-6.2+dfsg/include/block/block.h +=================================================================== +--- qemu-6.2+dfsg.orig/include/block/block.h ++++ qemu-6.2+dfsg/include/block/block.h +@@ -619,7 +619,6 @@ void *qemu_blockalign(BlockDriverState * + void *qemu_blockalign0(BlockDriverState *bs, size_t size); + void *qemu_try_blockalign(BlockDriverState *bs, size_t size); + void *qemu_try_blockalign0(BlockDriverState *bs, size_t size); +-bool bdrv_qiov_is_aligned(BlockDriverState *bs, QEMUIOVector *qiov); + + void bdrv_enable_copy_on_read(BlockDriverState *bs); + void bdrv_disable_copy_on_read(BlockDriverState *bs);