From nobody Sat Apr 27 16:20:57 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1518430625024240.23139476234417; Mon, 12 Feb 2018 02:17:05 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 298B228214; Mon, 12 Feb 2018 10:17:03 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2124D5C259; Mon, 12 Feb 2018 10:17:02 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 47D4E18033E1; Mon, 12 Feb 2018 10:17:00 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w1CA92KO014992 for ; Mon, 12 Feb 2018 05:09:02 -0500 Received: by smtp.corp.redhat.com (Postfix) id A259A113B64; Mon, 12 Feb 2018 10:09:02 +0000 (UTC) Received: from t460.redhat.com (unknown [10.33.36.4]) by smtp.corp.redhat.com (Postfix) with ESMTP id 15A131009C7; Mon, 12 Feb 2018 10:08:59 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Mon, 12 Feb 2018 10:08:58 +0000 Message-Id: <20180212100858.4540-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: libvir-list@redhat.com Cc: Michal Privoznik Subject: [libvirt] [PATCH] log: fix deadlock obtaining hostname (related CVE-2018-6764) X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Mon, 12 Feb 2018 10:17:04 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 The fix for CVE-2018-6764 introduced a potential deadlock scenario that gets triggered by the NSS module when virGetHostname() calls getaddrinfo to resolve the hostname: #0 0x00007f6e714b57e7 in futex_wait #1 futex_wait_simple #2 __pthread_once_slow #3 0x00007f6e71d16e7d in virOnce #4 0x00007f6e71d0997c in virLogInitialize #5 0x00007f6e71d0a09a in virLogVMessage #6 0x00007f6e71d09ffd in virLogMessage #7 0x00007f6e71d0db22 in virObjectNew #8 0x00007f6e71d0dbf1 in virObjectLockableNew #9 0x00007f6e71d0d3e5 in virMacMapNew #10 0x00007f6e71cdc50a in findLease #11 0x00007f6e71cdcc56 in _nss_libvirt_gethostbyname4_r #12 0x00007f6e724631fc in gaih_inet #13 0x00007f6e72464697 in __GI_getaddrinfo #14 0x00007f6e71d19e81 in virGetHostnameImpl #15 0x00007f6e71d1a057 in virGetHostnameQuiet #16 0x00007f6e71d09936 in virLogOnceInit #17 0x00007f6e71d09952 in virLogOnce #18 0x00007f6e714b5829 in __pthread_once_slow #19 0x00007f6e71d16e7d in virOnce #20 0x00007f6e71d0997c in virLogInitialize #21 0x00007f6e71d0a09a in virLogVMessage #22 0x00007f6e71d09ffd in virLogMessage #23 0x00007f6e71d0db22 in virObjectNew #24 0x00007f6e71d0dbf1 in virObjectLockableNew #25 0x00007f6e71d0d3e5 in virMacMapNew #26 0x00007f6e71cdc50a in findLease #27 0x00007f6e71cdc839 in _nss_libvirt_gethostbyname3_r #28 0x00007f6e71cdc724 in _nss_libvirt_gethostbyname2_r #29 0x00007f6e7248f72f in __gethostbyname2_r #30 0x00007f6e7248f494 in gethostbyname2 #31 0x000056348c30c36d in hosts_keys #32 0x000056348c30b7d2 in main Fortunately the extra stuff virGetHostname does is totally irrelevant to the needs of the logging code, so we can just inline a call to the native hostname() syscall directly. Signed-off-by: Daniel P. Berrang=C3=A9 --- src/util/virlog.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/src/util/virlog.c b/src/util/virlog.c index 8f1e4800dd..4f66cc5e5c 100644 --- a/src/util/virlog.c +++ b/src/util/virlog.c @@ -64,7 +64,7 @@ VIR_LOG_INIT("util.log"); =20 static regex_t *virLogRegex; -static char *virLogHostname; +static char virLogHostname[HOST_NAME_MAX+1]; =20 =20 #define VIR_LOG_DATE_REGEX "[0-9]{4}-[0-9]{2}-[0-9]{2}" @@ -261,6 +261,8 @@ virLogPriorityString(virLogPriority lvl) static int virLogOnceInit(void) { + int r; + if (virMutexInit(&virLogMutex) < 0) return -1; =20 @@ -275,8 +277,17 @@ virLogOnceInit(void) /* We get and remember the hostname early, because at later time * it might not be possible to load NSS modules via getaddrinfo() * (e.g. at container startup the host filesystem will not be - * accessible anymore. */ - virLogHostname =3D virGetHostnameQuiet(); + * accessible anymore. + * Must not use virGetHostname though as that causes re-entrancy + * problems if it triggers logging codepaths + */ + r =3D gethostname(virLogHostname, sizeof(virLogHostname)); + if (r =3D=3D -1) { + ignore_value(virStrcpy(virLogHostname, + "(unknown)", sizeof(virLogHostname))); + } else { + NUL_TERMINATE(virLogHostname); + } =20 virLogUnlock(); return 0; @@ -475,9 +486,6 @@ virLogHostnameString(char **rawmsg, { char *hoststr; =20 - if (!virLogHostname) - return -1; - if (virAsprintfQuiet(&hoststr, "hostname: %s", virLogHostname) < 0) return -1; =20 --=20 2.14.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list