diff -Nru qemu-6.2+dfsg/debian/changelog qemu-6.2+dfsg/debian/changelog
--- qemu-6.2+dfsg/debian/changelog	2022-02-17 08:54:36.000000000 +0000
+++ qemu-6.2+dfsg/debian/changelog	2022-04-08 07:36:34.000000000 +0000
@@ -1,3 +1,12 @@
+qemu (1:6.2+dfsg-2ubuntu6) jammy; urgency=medium
+
+  * debian/control[-in]: no more disable glusterfs in Ubuntu (LP: #1246924)
+  * Fix diff handling on ceph that can cause data corruption (LP: #1968258)
+      - d/p/u/lp-1968258-block-rbd-fix-handling-of-holes-in-.bdrv_co.patch
+      - d/p/u/lp-1968258-block-rbd-workaround-for-ceph-issue-53784.patch
+
+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 08 Apr 2022 09:36:34 +0200
+
 qemu (1:6.2+dfsg-2ubuntu5) jammy; urgency=medium
 
   * d/p/u/tcg-Remove-dh_alias-indirection-for-dh_typecode.patch: fix 32bit
diff -Nru qemu-6.2+dfsg/debian/control qemu-6.2+dfsg/debian/control
--- qemu-6.2+dfsg/debian/control	2022-02-17 08:54:36.000000000 +0000
+++ qemu-6.2+dfsg/debian/control	2022-04-08 07:36:34.000000000 +0000
@@ -59,8 +59,9 @@
  libpixman-1-dev,
 # --enable-rbd		amd64|arm64|armel|armhf|i386|mips64el|mipsel|ppc64el|s390x|ppc64|sparc64
  librbd-dev            [amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x ppc64 sparc64],
-# glusterfs is debian-only since ubuntu/glusterfs is in universe (MIR LP: #1274247)
 # before buster it was glusterfs-common so keep it for now for bpo
+# --enable-glusterfs	linux-any
+ libglusterfs-dev [linux-any] | glusterfs-common [linux-any],
 # --enable-vnc-sasl
  libsasl2-dev,
 # --enable-sdl
diff -Nru qemu-6.2+dfsg/debian/control-in qemu-6.2+dfsg/debian/control-in
--- qemu-6.2+dfsg/debian/control-in	2022-02-17 08:54:36.000000000 +0000
+++ qemu-6.2+dfsg/debian/control-in	2022-04-08 07:36:34.000000000 +0000
@@ -63,10 +63,9 @@
  libpixman-1-dev,
 # --enable-rbd		amd64|arm64|armel|armhf|i386|mips64el|mipsel|ppc64el|s390x|ppc64|sparc64
  librbd-dev            [amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x ppc64 sparc64],
-# glusterfs is debian-only since ubuntu/glusterfs is in universe (MIR LP: #1274247)
 # before buster it was glusterfs-common so keep it for now for bpo
-:debian:# --enable-glusterfs	linux-any
-:debian: libglusterfs-dev [linux-any] | glusterfs-common [linux-any],
+# --enable-glusterfs	linux-any
+ libglusterfs-dev [linux-any] | glusterfs-common [linux-any],
 # --enable-vnc-sasl
  libsasl2-dev,
 # --enable-sdl
diff -Nru qemu-6.2+dfsg/debian/patches/series qemu-6.2+dfsg/debian/patches/series
--- qemu-6.2+dfsg/debian/patches/series	2022-02-17 08:54:36.000000000 +0000
+++ qemu-6.2+dfsg/debian/patches/series	2022-04-08 07:36:34.000000000 +0000
@@ -27,3 +27,5 @@
 ubuntu/lp-1959984-s390x-ipl-support-extended-kernel-command-line-size.patch
 ubuntu/fix-virtiofsd-for-glibc2.35.patch
 ubuntu/tcg-Remove-dh_alias-indirection-for-dh_typecode.patch
+ubuntu/lp-1968258-block-rbd-fix-handling-of-holes-in-.bdrv_co.patch
+ubuntu/lp-1968258-block-rbd-workaround-for-ceph-issue-53784.patch
diff -Nru qemu-6.2+dfsg/debian/patches/ubuntu/lp-1968258-block-rbd-fix-handling-of-holes-in-.bdrv_co.patch qemu-6.2+dfsg/debian/patches/ubuntu/lp-1968258-block-rbd-fix-handling-of-holes-in-.bdrv_co.patch
--- qemu-6.2+dfsg/debian/patches/ubuntu/lp-1968258-block-rbd-fix-handling-of-holes-in-.bdrv_co.patch	1970-01-01 00:00:00.000000000 +0000
+++ qemu-6.2+dfsg/debian/patches/ubuntu/lp-1968258-block-rbd-fix-handling-of-holes-in-.bdrv_co.patch	2022-04-08 07:36:34.000000000 +0000
@@ -0,0 +1,54 @@
+From 9e302f64bb407a9bb097b626da97228c2654cfee Mon Sep 17 00:00:00 2001
+From: Peter Lieven <pl@kamp.de>
+Date: Thu, 13 Jan 2022 15:44:25 +0100
+Subject: [PATCH] block/rbd: fix handling of holes in .bdrv_co_block_status
+
+the assumption that we can't hit a hole if we do not diff against a snapshot was wrong.
+
+We can see a hole in an image if we diff against base if there exists an older snapshot
+of the image and we have discarded blocks in the image where the snapshot has data.
+
+Fix this by simply handling a hole like an unallocated area. There are no callbacks
+for unallocated areas so just bail out if we hit a hole.
+
+Fixes: 0347a8fd4c3faaedf119be04c197804be40a384b
+Suggested-by: Ilya Dryomov <idryomov@gmail.com>
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Peter Lieven <pl@kamp.de>
+Message-Id: <20220113144426.4036493-2-pl@kamp.de>
+Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
+Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+
+Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=9e302f64bb407a9bb097b626da97
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1968258
+Last-Update: 2022-04-08
+
+---
+ block/rbd.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/block/rbd.c b/block/rbd.c
+index def96292e0..20bb896c4a 100644
+--- a/block/rbd.c
++++ b/block/rbd.c
+@@ -1279,11 +1279,11 @@ static int qemu_rbd_diff_iterate_cb(uint64_t offs, size_t len,
+     RBDDiffIterateReq *req = opaque;
+ 
+     assert(req->offs + req->bytes <= offs);
+-    /*
+-     * we do not diff against a snapshot so we should never receive a callback
+-     * for a hole.
+-     */
+-    assert(exists);
++
++    /* treat a hole like an unallocated area and bail out */
++    if (!exists) {
++        return 0;
++    }
+ 
+     if (!req->exists && offs > req->offs) {
+         /*
+-- 
+2.35.1
+
diff -Nru qemu-6.2+dfsg/debian/patches/ubuntu/lp-1968258-block-rbd-workaround-for-ceph-issue-53784.patch qemu-6.2+dfsg/debian/patches/ubuntu/lp-1968258-block-rbd-workaround-for-ceph-issue-53784.patch
--- qemu-6.2+dfsg/debian/patches/ubuntu/lp-1968258-block-rbd-workaround-for-ceph-issue-53784.patch	1970-01-01 00:00:00.000000000 +0000
+++ qemu-6.2+dfsg/debian/patches/ubuntu/lp-1968258-block-rbd-workaround-for-ceph-issue-53784.patch	2022-04-08 07:36:34.000000000 +0000
@@ -0,0 +1,98 @@
+From fc176116cdea816ceb8dd969080b2b95f58edbc0 Mon Sep 17 00:00:00 2001
+From: Peter Lieven <pl@kamp.de>
+Date: Thu, 13 Jan 2022 15:44:26 +0100
+Subject: [PATCH] block/rbd: workaround for ceph issue #53784
+
+librbd had a bug until early 2022 that affected all versions of ceph that
+supported fast-diff. This bug results in reporting of incorrect offsets
+if the offset parameter to rbd_diff_iterate2 is not object aligned.
+
+This patch works around this bug for pre Quincy versions of librbd.
+
+Fixes: 0347a8fd4c3faaedf119be04c197804be40a384b
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Peter Lieven <pl@kamp.de>
+Message-Id: <20220113144426.4036493-3-pl@kamp.de>
+Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
+Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
+Tested-by: Stefano Garzarella <sgarzare@redhat.com>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+
+Origin: upstream, https://git.qemu.org/?p=qemu.git;a=commit;h=fc176116cdea816ceb8dd969080b
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1968258
+Last-Update: 2022-04-08
+
+---
+ block/rbd.c | 42 ++++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 40 insertions(+), 2 deletions(-)
+
+diff --git a/block/rbd.c b/block/rbd.c
+index 20bb896c4a..8f183eba2a 100644
+--- a/block/rbd.c
++++ b/block/rbd.c
+@@ -1320,6 +1320,7 @@ static int coroutine_fn qemu_rbd_co_block_status(BlockDriverState *bs,
+     int status, r;
+     RBDDiffIterateReq req = { .offs = offset };
+     uint64_t features, flags;
++    uint64_t head = 0;
+ 
+     assert(offset + bytes <= s->image_size);
+ 
+@@ -1347,7 +1348,43 @@ static int coroutine_fn qemu_rbd_co_block_status(BlockDriverState *bs,
+         return status;
+     }
+ 
+-    r = rbd_diff_iterate2(s->image, NULL, offset, bytes, true, true,
++#if LIBRBD_VERSION_CODE < LIBRBD_VERSION(1, 17, 0)
++    /*
++     * librbd had a bug until early 2022 that affected all versions of ceph that
++     * supported fast-diff. This bug results in reporting of incorrect offsets
++     * if the offset parameter to rbd_diff_iterate2 is not object aligned.
++     * Work around this bug by rounding down the offset to object boundaries.
++     * This is OK because we call rbd_diff_iterate2 with whole_object = true.
++     * However, this workaround only works for non cloned images with default
++     * striping.
++     *
++     * See: https://tracker.ceph.com/issues/53784
++     */
++
++    /* check if RBD image has non-default striping enabled */
++    if (features & RBD_FEATURE_STRIPINGV2) {
++        return status;
++    }
++
++#pragma GCC diagnostic push
++#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
++    /*
++     * check if RBD image is a clone (= has a parent).
++     *
++     * rbd_get_parent_info is deprecated from Nautilus onwards, but the
++     * replacement rbd_get_parent is not present in Luminous and Mimic.
++     */
++    if (rbd_get_parent_info(s->image, NULL, 0, NULL, 0, NULL, 0) != -ENOENT) {
++        return status;
++    }
++#pragma GCC diagnostic pop
++
++    head = req.offs & (s->object_size - 1);
++    req.offs -= head;
++    bytes += head;
++#endif
++
++    r = rbd_diff_iterate2(s->image, NULL, req.offs, bytes, true, true,
+                           qemu_rbd_diff_iterate_cb, &req);
+     if (r < 0 && r != QEMU_RBD_EXIT_DIFF_ITERATE2) {
+         return status;
+@@ -1366,7 +1403,8 @@ static int coroutine_fn qemu_rbd_co_block_status(BlockDriverState *bs,
+         status = BDRV_BLOCK_ZERO | BDRV_BLOCK_OFFSET_VALID;
+     }
+ 
+-    *pnum = req.bytes;
++    assert(req.bytes > head);
++    *pnum = req.bytes - head;
+     return status;
+ }
+ 
+-- 
+2.35.1
+