| Summary: | Smartcard: Lock-on-remove only works on 2nd and subsequent removals with Gemalto/Safenet eToken 4100 and Safenet Authentication Client | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Ashish Shah <ashishks> | ||||||
| Component: | gnome-settings-daemon | Assignee: | Rui Matos <rmatos> | ||||||
| Status: | CLOSED WONTFIX | QA Contact: | Desktop QE <desktop-qa-list> | ||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | medium | ||||||||
| Version: | 7.2 | CC: | ashishks, cww, mclasen, rstrode | ||||||
| Target Milestone: | rc | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2016-11-15 22:49:46 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 1203710 | ||||||||
| Attachments: |
|
||||||||
|
Description
Ashish Shah
2016-01-19 16:27:04 UTC
Created attachment 1118351 [details]
gnome-settings-daemon in debug mode
if the user waits 60 seconds before pulling the card out the first time does it work? I see this in the log: Jan 18 21:06:37 rhel72 gnome-session: (gnome-settings-daemon:4182): smartcard-plugin-WARNING **: Couldn't lock screen: Cannot invoke method; proxy is for a well-known name without an owner and proxy was constructed with the G_DBUS_PROXY_FLAGS_DO_NOT_AUTO_START flag That makes me think the shell isn't fully started yet. Customer tried wait for 5 minutes after login and then pulled the card. Still the same behaviour do you have the log from the attempt after waiting 5 minutes ? Can you have them run $ gdbus call --session --dest org.freedesktop.DBus --object-path /org/freedesktop/DBus --method org.freedesktop.DBus.ListNames and post the output ? thanks, can you get the reporter to install debuginfo packages and run gstack a few times in a row on the worker process that's using a 100% cpu ? Also the output of ls -l /proc/WORKERPID/fd As pointed out in comment 9, the main thing shown in the strace is select returning over and over again with fd 17 readable. the select call has a 200ms timeout, but it returns immediately because the readable fd is never read from I guess. It's probably a driver bug, but getting the gstack backtraces would be useful to confirm. Of course if the session got started at all, the smartcard driver code couldn't be getting dispatched anymore, so this is a little mysterious. Created attachment 1131961 [details]
gstack and procfd
all 5 traces show it sitting in poll, so i guess it's not dispatching from poll for very long each time it wakes up. We do see libeTPkcs11 has a couple of dedicated threads it's using. Those threads should have been long destroyed when the pam module finished authentication (pam_pkcs11 calls SECMOD_UnloadUserModule / SECMOD_DestroyModule which should lead to the pkcs11 C_Finalize() call getting called. The driver should clean up any threads then). This really looks like a driver problem, and the driver is closed source, so we can't really investigate much beyond that. Our "supported" smart card configuration are coolkey supported cards. I don't think there's much we can do here but ask the customer to reach out to their smartcard vendor. |