On 02/12/2018 11:42 AM, Daniel P. Berrangé wrote:
> On Mon, Feb 12, 2018 at 11:29:21AM +0100, Michal Privoznik wrote:
>> After 759b4d1b0fe5f we are getting hostname in virLogOnceInit().
>> Problem with this approach is in the NSS module because the
>> module calls some internal APIs which occasionally want to log
>> something. This results in virLogInitialize() to be called which
>> in turn ends up calling virGetHostnameQuiet() and effectively the
>> control gets to NSS plugin again which calls some internal APIs
>> which occasionally want to log something. You can see the
>> deadlock now.
>>
>> One way out of this is to call only gethostname() and not whole
>> virGetHostnameQuiet() machinery.
> 
> The extra bits in virGetHostname() only exist for the sake of
> the QEMU migration code. The source call gethostname() on the
> target host and wants to make sure it doesn't return "localhost"
> or something that resolves to "127.0.0.1", otherwise the source
> host would end up migrating to itself instead of the actual
> target host.  We should really just move that extra stuff into
> the migration code and leave virGetHostname() simple, instead
> of having a virGetHostnameSimple(). That's more than I would
> want todo for this CVE fix though, as it would complicate the
> backporting. So I feel my patch to inline hostname() call in
> the logging code is more suitable in short term, but after
> that we could do a big refactor.

Okay, lets got with your version then.

Michal

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Reply via email to