On 02/12/2018 11:42 AM, Daniel P. Berrangé wrote: > On Mon, Feb 12, 2018 at 11:29:21AM +0100, Michal Privoznik wrote: >> After 759b4d1b0fe5f we are getting hostname in virLogOnceInit(). >> Problem with this approach is in the NSS module because the >> module calls some internal APIs which occasionally want to log >> something. This results in virLogInitialize() to be called which >> in turn ends up calling virGetHostnameQuiet() and effectively the >> control gets to NSS plugin again which calls some internal APIs >> which occasionally want to log something. You can see the >> deadlock now. >> >> One way out of this is to call only gethostname() and not whole >> virGetHostnameQuiet() machinery. > > The extra bits in virGetHostname() only exist for the sake of > the QEMU migration code. The source call gethostname() on the > target host and wants to make sure it doesn't return "localhost" > or something that resolves to "127.0.0.1", otherwise the source > host would end up migrating to itself instead of the actual > target host. We should really just move that extra stuff into > the migration code and leave virGetHostname() simple, instead > of having a virGetHostnameSimple(). That's more than I would > want todo for this CVE fix though, as it would complicate the > backporting. So I feel my patch to inline hostname() call in > the logging code is more suitable in short term, but after > that we could do a big refactor. Okay, lets got with your version then. Michal -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
