diff --git a/SOURCES/kvm-dma-helpers-Initialize-DMAAIOCB-in_cancel-flag.patch b/SOURCES/kvm-dma-helpers-Initialize-DMAAIOCB-in_cancel-flag.patch
new file mode 100644
index 0000000..133e278
--- /dev/null
+++ b/SOURCES/kvm-dma-helpers-Initialize-DMAAIOCB-in_cancel-flag.patch
@@ -0,0 +1,44 @@
+From e8ec08a62a3ffce3deeeecd8e68408d0879f6915 Mon Sep 17 00:00:00 2001
+From: Peter Maydell <peter.maydell@linaro.org>
+Date: Fri, 28 Mar 2014 14:22:49 +0000
+Subject: [PATCH] dma-helpers: Initialize DMAAIOCB in_cancel flag
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Stefano Garzarella <sgarzare@redhat.com>
+RH-MergeRequest: 53: dma-helpers: Initialize DMAAIOCB in_cancel flag
+RH-Commit: [1/1] a729d40a4eae4ff0262764d9003552d1e4d67976
+RH-Bugzilla: 2007036
+RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
+RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
+RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+
+Initialize the dbs->in_cancel flag in dma_bdrv_io(), since qemu_aio_get()
+does not return zero-initialized memory. Spotted by the clang sanitizer
+(which complained when the value loaded in dma_complete() was not valid
+for a bool type); this might have resulted in leaking the AIO block.
+
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+(cherry picked from commit 4d1cb6e6f51b0d8405f701806a203a73e7431fe5)
+Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
+---
+ dma-helpers.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/dma-helpers.c b/dma-helpers.c
+index 272632f367..7335dd71c7 100644
+--- a/dma-helpers.c
++++ b/dma-helpers.c
+@@ -216,6 +216,7 @@ BlockDriverAIOCB *dma_bdrv_io(
+ dbs->sg_cur_index = 0;
+ dbs->sg_cur_byte = 0;
+ dbs->dir = dir;
++ dbs->in_cancel = false;
+ dbs->io_func = io_func;
+ dbs->bh = NULL;
+ qemu_iovec_init(&dbs->iov, sg->nsg);
+--
+2.27.0
+
diff --git a/SPECS/qemu-kvm.spec b/SPECS/qemu-kvm.spec
index 76ebcd6..2e4e935 100644
--- a/SPECS/qemu-kvm.spec
+++ b/SPECS/qemu-kvm.spec
@@ -14,7 +14,7 @@
%global have_usbredir 0
%endif
-%ifnarch s390 s390x %{arm}
+%ifnarch s390 s390x
%global have_librdma 1
%global have_tcmalloc 1
%endif
@@ -41,9 +41,6 @@
%ifarch aarch64
%global kvm_target aarch64
%endif
-%ifarch %{arm}
- %global kvm_target arm
-%endif
#Versions of various parts:
@@ -79,13 +76,13 @@ Obsoletes: %1 < %{obsoletes_version} \
Summary: QEMU is a machine emulator and virtualizer
Name: %{pkgname}%{?pkgsuffix}
Version: 1.5.3
-Release: 175%{?dist}.4
+Release: 175%{?dist}.5
# Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
Epoch: 10
License: GPLv2 and GPLv2+ and CC-BY
Group: Development/Tools
URL: http://www.qemu.org/
-ExclusiveArch: x86_64 %{arm}
+ExclusiveArch: x86_64
Requires: seabios-bin >= 1.7.2.2-5
Requires: sgabios-bin
Requires: seavgabios-bin
@@ -4056,6 +4053,8 @@ Patch1997: kvm-hw-core-loader-Fix-possible-crash-in-rom_copy.patch
Patch1998: kvm-Suppress-prototype-warning-for-nss-headers.patch
# For bz#1917449 - CVE-2020-29443 qemu-kvm: QEMU: ide: atapi: OOB access while processing read commands [rhel-7.9.z]
Patch1999: kvm-ide-atapi-check-logical-block-address-and-read-size-.patch
+# For bz#2007036 - Memory leak when using dma_read/write with virtio-scsi
+Patch2000: kvm-dma-helpers-Initialize-DMAAIOCB-in_cancel-flag.patch
BuildRequires: zlib-devel
@@ -6233,6 +6232,7 @@ tar -xf %{SOURCE21}
%patch1997 -p1
%patch1998 -p1
%patch1999 -p1
+%patch2000 -p1
%build
buildarch="%{kvm_target}-softmmu"
@@ -6678,6 +6678,11 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || :
%{_mandir}/man8/qemu-nbd.8*
%changelog
+* Fri Nov 12 2021 Jon Maloy <jmaloy@redhat.com> - 1.5.3-175.el7_9.5
+- kvm-dma-helpers-Initialize-DMAAIOCB-in_cancel-flag.patch [bz#2007036]
+- Resolves: bz#2007036
+ (Memory leak when using dma_read/write with virtio-scsi)
+
* Fri May 07 2021 Jon Maloy <jmaloy@redhat.com> - 1.5.3-175.el7_9.4
- kvm-ide-atapi-check-logical-block-address-and-read-size-.patch [bz#1917449]
- Resolves: bz#1917449