Bug 970516 - Monitor command acl_add can't insert before last list element
Monitor command acl_add can't insert before last list element
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: qemu-kvm (Show other bugs)
6.4
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Markus Armbruster
Virtualization Bugs
Markus Armbruster
:
Depends On:
Blocks: 990615
  Show dependency treegraph
 
Reported: 2013-06-04 04:36 EDT by Markus Armbruster
Modified: 2013-11-21 01:58 EST (History)
11 users (show)

See Also:
Fixed In Version: qemu-kvm-0.12.1.2-2.390.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 990615 (view as bug list)
Environment:
Last Closed: 2013-11-21 01:58:50 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Markus Armbruster 2013-06-04 04:36:08 EDT
Description of problem:
When you ask acl_add to insert a rule before the last rule in the
list, it appends to the list instead.

How reproducible:
Always

Steps to Reproduce:
1. qemu-kvm -nodefaults -S -vnc :0,acl,sasl -monitor stdio
2. Monitor commands:
    acl_show vnc.username
    acl_add vnc.username drei allow
    acl_show vnc.username
    acl_add vnc.username zwei allow 1
    acl_show vnc.username
    acl_add vnc.username eins allow 1
    acl_show vnc.username

Actual results:

(qemu) acl_show vnc.username
policy: deny
(qemu) acl_add vnc.username drei allow
acl: added rule at position 1
(qemu) acl_show vnc.username
policy: deny
1: allow drei
(qemu) acl_add vnc.username zwei allow 1
acl: added rule at position 2
(qemu) acl_show vnc.username
policy: deny
1: allow drei
2: allow zwei
(qemu) acl_add vnc.username eins allow 1
acl: added rule at position 1
(qemu) acl_show vnc.username
policy: deny
1: allow eins
2: allow drei
3: allow zwei

Expected results:
The second acl_add inserts at position 1, with final result
policy: deny
1: allow eins
2: allow zwei
3: allow drei

Additional info:
Upstream misbehaves the same.

Root cause is an off-by-one in qemu_acl_insert(): when index ==
acl->nentries, it appends instead of inserting before the last list
element.
Comment 2 Chao Yang 2013-06-04 23:12:58 EDT
Providing qa_qck+
Comment 5 Markus Armbruster 2013-06-21 09:23:24 EDT
Proposed upstream fix: http://lists.nongnu.org/archive/html/qemu-devel/2013-06/msg02921.html
Comment 8 Markus Armbruster 2013-06-26 11:46:24 EDT
Upstream commit 4999f3a8a6009de05ba82e58e723277917f16254
Comment 13 mazhang 2013-09-09 01:19:12 EDT
Reproduce this bug on qemu-kvm-0.12.1.2-2.376.el6.x86_64

[root@localhost qemu-kvm-376]# rpm -qa |grep qemu
gpxe-roms-qemu-0.9.7-6.10.el6.noarch
qemu-kvm-tools-0.12.1.2-2.376.el6.x86_64
qemu-kvm-0.12.1.2-2.376.el6.x86_64
qemu-kvm-debuginfo-0.12.1.2-2.376.el6.x86_64
qemu-img-0.12.1.2-2.376.el6.x86_64

Steps to Reproduce:
1. /usr/libexec/qemu-kvm -nodefaults -S -vnc :0,acl,sasl -monitor stdio
2. Monitor commands:
    acl_show vnc.username
    acl_add vnc.username drei allow
    acl_show vnc.username
    acl_add vnc.username zwei allow 1
    acl_show vnc.username
    acl_add vnc.username eins allow 1
    acl_show vnc.username

Actual results:
[root@localhost ~]# /usr/libexec/qemu-kvm -nodefaults -S -vnc :0,acl,sasl -monitor stdio
QEMU 0.12.1 monitor - type 'help' for more information
(qemu) acl_show vnc.username
policy: deny
(qemu) acl_add vnc.username drei allow
acl: added rule at position 1
(qemu) acl_show vnc.username
policy: deny
1: allow drei
(qemu) acl_add vnc.username zwei allow 1
acl: added rule at position 2
(qemu) acl_show vnc.username
policy: deny
1: allow drei
2: allow zwei
(qemu) acl_add vnc.username eins allow 1
acl: added rule at position 1
(qemu) acl_show vnc.username
policy: deny
1: allow eins
2: allow drei
3: allow zwei
(qemu) 

Expected results:
The second acl_add inserts at position 1, with final result
policy: deny
1: allow eins
2: allow zwei
3: allow drei
Comment 14 mazhang 2013-09-09 01:26:04 EDT
Verify this bug on qemu-kvm-0.12.1.2-2.400.el6.x86_64 .

Steps to Reproduce:
1. /usr/libexec/qemu-kvm -nodefaults -S -vnc :0,acl,sasl -monitor stdio
2. Monitor commands:
    acl_show vnc.username
    acl_add vnc.username drei allow
    acl_show vnc.username
    acl_add vnc.username zwei allow 1
    acl_show vnc.username
    acl_add vnc.username eins allow 1
    acl_show vnc.username

Actual results:
[root@localhost ~]# /usr/libexec/qemu-kvm -nodefaults -S -vnc :0,acl,sasl -monitor stdio
QEMU 0.12.1 monitor - type 'help' for more information
(qemu) acl_show vnc.username
policy: deny
(qemu) acl_add vnc.username drei allow
acl: added rule at position 1
(qemu) acl_show vnc.username
policy: deny
1: allow drei
(qemu) acl_add vnc.username zwei allow 1
acl: added rule at position 1
(qemu) acl_show vnc.username
policy: deny
1: allow zwei
2: allow drei
(qemu) acl_add vnc.username eins allow 1
acl: added rule at position 1
(qemu) acl_show vnc.username
policy: deny
1: allow eins
2: allow zwei
3: allow drei
(qemu) 

So this bug has been fixed.
Comment 16 errata-xmlrpc 2013-11-21 01:58:50 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-1553.html

Note You need to log in before you can comment on or make changes to this bug.