Bug 1002425

Summary:

Smartcard emulation fails with physical smartcard

Product:

Red Hat Enterprise Linux 6

Reporter:

Chao Yang <chayang>

Component:

qemu-kvm

Assignee:

David Blechter <dblechte>

Status:

CLOSED WONTFIX

QA Contact:

Virtualization Bugs <virt-bugs>

Severity:

medium

Docs Contact:

Priority:

high

Version:

6.5

CC:

alon, chayang, dblechte, djasa, juzhang, michen, mkenneth, qzhang, rbalakri, rpacheco, virt-maint

Target Milestone:

Target Release:

---

Hardware:

Unspecified

OS:

Unspecified

Whiteboard:

Fixed In Version:

Doc Type:

If docs needed, set a value

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2017-12-06 12:32:55 UTC

Type:

Bug

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Attachments:

Description	Flags
screenshot of VM	none
system log in windows	none

Description Chao Yang 2013-08-29 07:46:46 UTC

Created attachment 791628 [details]
screenshot of VM

Description of problem:
Booted a guest with smartcard support, connected smartcard reader with a CAC card inserted, connected guest with remote-viewer. But in guest, after installing ESC, there is no working driver for smart card. System log in windows will be attached.

Version-Release number of selected component (if applicable):
qemu-kvm-0.12.1.2-2.398.el6.x86_64
2.6.32-412.el6.x86_64

Client:
libcacard-0.15.0-2.el6.x86_64
esc-1.1.0-26.el6.x86_64

How reproducible:
1/1

Steps to Reproduce:
1. boot a windows 7 64 bit guest with smartcard support:
/usr/libexec/qemu-kvm -name test -M rhel6.5.0 -enable-kvm -cpu host -m 2048 -smp 2,sockets=2,cores=1,threads=1 -nodefaults -netdev tap,id=hostnet0 -device e1000,netdev=hostnet0,id=net0,mac=00:1a:4a:42:76:36,bus=pci.0 -k en-us -vga qxl -spice port=7000,disable-ticketing -chardev spicevmc,name=smartcard,id=ccid -device usb-ccid -device ccid-card-passthru,chardev=ccid -usb -monitor stdio -boot menu=on -drive file=/home/chayang/win-7_x86_64.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none,werror=stop,rerror=stop,aio=native -device ide-drive,bus=ide.0,unit=0,drive=drive-virtio-disk0,id=virtio-disk0 -cdrom en_windows_7_ultimate_with_sp1_x64_dvd_u_677332.iso

2. plug in smart card reader with a CAC card inserted

3. connect to guest with physical smartcard with remote-viewer

4. install ESC in windows

Actual results:
No working driver for Smart Card

Expected results:


Additional info:

Comment 2 Chao Yang 2013-08-29 07:53:30 UTC

Created attachment 791630 [details]
system log in windows

Comment 3 Chao Yang 2013-08-29 08:01:32 UTC

I found following in system log:

Event[383]:
  Log Name: System
  Source: Microsoft-Windows-Smartcard-Server
  Date: 2013-08-29T15:18:40.000
  Event ID: 610
  Task: N/A
  Level: Error
  Opcode: Info
  Keyword: Classic
  User: N/A
  User Name: N/A
  Computer: john-PC
  Description:
Smart Card Reader 'QEMU 0.12.1 QEMU USB CCID 0' rejected IOCTL GET_ATTRIBUTE: The request is not supported.  If this error persists, your smart card or reader may not be functioning correctly.

Command Header: 07 a0 07 00

Comment 5 Chao Yang 2013-08-29 08:22:05 UTC

And I managed to read smartcard with ESC in a bare metal windows 7 64 bit system, the driver for Smart Card works well.

Comment 6 Ademar Reis 2013-09-05 17:40:03 UTC

Reassigning to Alon, who fixed the other smartcard BZ (bug 917860) and is knowledgeable in this area.

Comment 7 Alon Levy 2013-09-09 10:15:29 UTC

Can you please try with libcacard-0.15.0-3.el6.x86_64 (i.e. release 3, not 2) on the client?

Alon

Comment 8 Alon Levy 2013-09-09 10:22:59 UTC

oops, not built yet - sorry, I thought I already did that. Brew build: http://brewweb.devel.redhat.com/brew/taskinfo?taskID=6256807

Comment 9 Chao Yang 2013-09-11 10:43:12 UTC

(In reply to Alon Levy from comment #8)
> oops, not built yet - sorry, I thought I already did that. Brew build:
> http://brewweb.devel.redhat.com/brew/taskinfo?taskID=6256807

I tried, still reproducible. 

A snip of output of remote-viewer:

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: status=36864 sw1=0x90 sw2=0x0 len=7 (total=9)

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: CLS=0x0,INS=0xa4,P1=0x4,P2=0x0,Lc=7,Le=0 select file

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: status=27266 sw1=0x6a sw2=0x82 len=0 (total=2)

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: CLS=0x0,INS=0xa4,P1=0x4,P2=0x0,Lc=7,Le=0 select file

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: status=27266 sw1=0x6a sw2=0x82 len=0 (total=2)

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: CLS=0x0,INS=0xa4,P1=0x4,P2=0x0,Lc=7,Le=0 select file

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: status=24839 sw1=0x61 sw2=0x7 len=0 (total=2)

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: CLS=0x0,INS=0xc0,P1=0x0,P2=0x0,Lc=0,Le=7 get response

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: status=36864 sw1=0x90 sw2=0x0 len=7 (total=9)

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: CLS=0x0,INS=0xa4,P1=0x4,P2=0x0,Lc=7,Le=0 select file

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: status=24839 sw1=0x61 sw2=0x7 len=0 (total=2)

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: CLS=0x0,INS=0xc0,P1=0x0,P2=0x0,Lc=0,Le=7 get response

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: status=36864 sw1=0x90 sw2=0x0 len=7 (total=9)

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: CLS=0x0,INS=0x36,P1=0x0,P2=0x0,Lc=0,Le=100 get certificate

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: status=25599 sw1=0x63 sw2=0xff len=100 (total=102)

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: CLS=0x0,INS=0xa4,P1=0x4,P2=0x0,Lc=7,Le=0 select file

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: status=24839 sw1=0x61 sw2=0x7 len=0 (total=2)

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: CLS=0x0,INS=0xc0,P1=0x0,P2=0x0,Lc=0,Le=7 get response

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: status=36864 sw1=0x90 sw2=0x0 len=7 (total=9)

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: CLS=0x0,INS=0xa4,P1=0x4,P2=0x0,Lc=7,Le=0 select file

(remote-viewer:7942): libcacard-DEBUG: vreader_xfr_bytes: status=27266 sw1=0x6a sw2=0x82 len=0 (total=2)

Comment 11 RHEL Program Management 2013-10-14 02:30:12 UTC

This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.

Comment 12 David Jaša 2014-07-30 14:26:09 UTC

Hi Chao,

I believe that this bug is actually a dupe of bug 961964, do you agree? If I read correctly, the problem you describe regards Windows VMs with ActivClient. If RHEL guest works correctly with the same client setup, it's exactly the same issue.

Comment 13 Chao Yang 2014-08-01 01:27:33 UTC

(In reply to David Jaša from comment #12)
> Hi Chao,
> 
> I believe that this bug is actually a dupe of bug 961964, do you agree? If I
> read correctly, the problem you describe regards Windows VMs with
> ActivClient. If RHEL guest works correctly with the same client setup, it's
> exactly the same issue.

Hi David,

To ensure this bug is a dupe of bug 961964, I have to retest again on a rhel guest. I'll update here once I got the results of both windows and rhel guest on latest qemu-kvm as well as kernel bit.

Comment 15 Chao Yang 2014-08-06 08:12:55 UTC

(In reply to David Jaša from comment #12)
> Hi Chao,
> 
> I believe that this bug is actually a dupe of bug 961964, do you agree? If I
> read correctly, the problem you describe regards Windows VMs with
> ActivClient. If RHEL guest works correctly with the same client setup, it's
> exactly the same issue.

Hi David,

I tested on latest rhel6.6 host, I got "pcscd: winscard.c:362:SCardConnect() Card Not Inserted" in guest dmesg. This didn't happen on host.

Packages involved:
esc-1.1.0-26.el6.x86_64
libcacard-0.15.0-2.el6.x86_6
qemu-kvm-0.12.1.2-2.435.el6.x86_64

Comment 16 Alon Levy 2014-08-18 06:38:44 UTC

Does this happen also with fedora? I no longer have access to bug 961964 but looking at the description again the error seems to be one of the card reader, not of the card emulation (i.e. GET ATTRIBUTE). Fedora would just make it easier to reproduce, debug & fix for me.

Comment 17 Chao Yang 2014-08-21 06:44:16 UTC

(In reply to alevy from comment #16)
> Does this happen also with fedora? I no longer have access to bug 961964 but
> looking at the description again the error seems to be one of the card
> reader, not of the card emulation (i.e. GET ATTRIBUTE). Fedora would just
> make it easier to reproduce, debug & fix for me.

I met same error as Bug 1086791 with F20. And tried F18 as Bug 1024053 told, esc was able to start, but didn't find any card inserted.

Comment 18 Jan Kurik 2017-12-06 12:32:55 UTC

Red Hat Enterprise Linux 6 is in the Production 3 Phase. During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available.

The official life cycle policy can be reviewed here:

http://redhat.com/rhel/lifecycle

This issue does not meet the inclusion criteria for the Production 3 Phase and will be marked as CLOSED/WONTFIX. If this remains a critical requirement, please contact Red Hat Customer Support to request a re-evaluation of the issue, citing a clear business justification. Note that a strong business justification will be required for re-evaluation. Red Hat Customer Support can be contacted via the Red Hat Customer Portal at the following URL:

https://access.redhat.com/