On Mon, Feb 12, 2018 at 11:29:21AM +0100, Michal Privoznik wrote: > After 759b4d1b0fe5f we are getting hostname in virLogOnceInit(). > Problem with this approach is in the NSS module because the > module calls some internal APIs which occasionally want to log > something. This results in virLogInitialize() to be called which > in turn ends up calling virGetHostnameQuiet() and effectively the > control gets to NSS plugin again which calls some internal APIs > which occasionally want to log something. You can see the > deadlock now. > > One way out of this is to call only gethostname() and not whole > virGetHostnameQuiet() machinery. The extra bits in virGetHostname() only exist for the sake of the QEMU migration code. The source call gethostname() on the target host and wants to make sure it doesn't return "localhost" or something that resolves to "127.0.0.1", otherwise the source host would end up migrating to itself instead of the actual target host. We should really just move that extra stuff into the migration code and leave virGetHostname() simple, instead of having a virGetHostnameSimple(). That's more than I would want todo for this CVE fix though, as it would complicate the backporting. So I feel my patch to inline hostname() call in the logging code is more suitable in short term, but after that we could do a big refactor. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
