On Mon, Feb 12, 2018 at 11:29:21AM +0100, Michal Privoznik wrote:
After 759b4d1b0fe5f we are getting hostname in virLogOnceInit().
Problem with this approach is in the NSS module because the
module calls some internal APIs which occasionally want to log
something. This results in virLogInitialize() to be called which
in turn ends up calling virGetHostnameQuiet() and effectively the
control gets to NSS plugin again which calls some internal APIs
which occasionally want to log something. You can see the
deadlock now.
One way out of this is to call only gethostname() and not whole
virGetHostnameQuiet() machinery.
The extra bits in virGetHostname() only exist for the sake of
the QEMU migration code. The source call gethostname() on the
target host and wants to make sure it doesn't return "localhost"
or something that resolves to "127.0.0.1", otherwise the source
host would end up migrating to itself instead of the actual
target host. We should really just move that extra stuff into
the migration code and leave virGetHostname() simple, instead
of having a virGetHostnameSimple(). That's more than I would
want todo for this CVE fix though, as it would complicate the
backporting. So I feel my patch to inline hostname() call in
the logging code is more suitable in short term, but after
that we could do a big refactor.
Regards,
Daniel
--
|:
https://berrange.com -o-
https://www.flickr.com/photos/dberrange :|
|:
https://libvirt.org -o-
https://fstop138.berrange.com :|
|:
https://entangle-photo.org -o-
https://www.instagram.com/dberrange :|