Bug 965152

Summary: Smartcard emulation with Windows guest fails
Product: Red Hat Enterprise Linux 6 Reporter: Idith Tal-Kohen <italkohe>
Component: qemu-kvmAssignee: Alon Levy <alevy>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: high Docs Contact:
Priority: high    
Version: 6.5CC: acathrow, alevy, areis, bsarathy, chayang, cpelland, dblechte, italkohe, juzhang, marcandre.lureau, michen, minovotn, mkenneth, pm-eus, pvdbleek, qzhang, virt-maint, w.vd.velde.04
Target Milestone: rcKeywords: ZStream
Target Release: 6.4   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: qemu-kvm-0.12.1.2-2.355.el6_4.8 Doc Type: Bug Fix
Doc Text:
* Previously, smart card emulation with a Microsoft Windows guest in versions XP, 2003 and 7 failed due to inconsistent Answer To Reset (ATR) file length with a smart card I/0 device error. This update creates an ATR file length with appropriate historical bytes, and disables USB signaling when necessary. Now, smart card emulation is possible, and failures no longer occur in the aforementioned scenario.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2013-10-02 12:08:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 917860, 997544    
Bug Blocks:    

Description Idith Tal-Kohen 2013-05-20 14:24:09 UTC 
This bug has been copied from bug #917860 and has been proposed
to be backported to 6.4 z-stream (EUS).
Comment 4 Qunfang Zhang 2013-05-24 03:01:38 UTC 
Hi, Ademar
As we discussed in bug 917860 comment 12, this bug should be included in the current rhel6.4-z errata 2013:14833. And the rhel6.5 bug 917860 has been in POST status. So just want to confirm with you when this bug fix could get into the official rhel6.4-z build?  As QE need to run a round of acceptance test or some function test if needed in the final z-stream build. And currently the errata is in QE status again with some new bug included.


Thanks,
Qunfang
Comment 5 Qunfang Zhang 2013-05-24 08:03:55 UTC 
(In reply to Qunfang Zhang from comment #4)
> Hi, Ademar
> As we discussed in bug 917860 comment 12, this bug should be included in the
> current rhel6.4-z errata 2013:14833. And the rhel6.5 bug 917860 has been in
> POST status. So just want to confirm with you when this bug fix could get
> into the official rhel6.4-z build?  As QE need to run a round of acceptance
> test or some function test if needed in the final z-stream build. And
> currently the errata is in QE status again with some new bug included.
> 
> 
> Thanks,
> Qunfang

Hi, Ademar
I'm forwarded another mail and I got that this bug will not be in the errata. So please ignore my last comment. Sorry for the noisy.

Thanks,
Qunfang
Comment 10 Chao Yang 2013-08-29 10:55:40 UTC 
Reproduced and verified this bug.

Steps:
1. launch a windows 7 x86_64 guest with smartcard support:
# /usr/libexec/qemu-kvm -name test -M rhel6.4.0 -enable-kvm -cpu host -m 2048 -smp 2,sockets=2,cores=1,threads=1 -nodefaults -netdev tap,id=hostnet0 -device e1000,netdev=hostnet0,id=net0,mac=22:33:4a:42:76:36,bus=pci.0 -k en-us -vga qxl -spice port=7000,disable-ticketing -chardev spicevmc,name=smartcard,id=ccid -device usb-ccid -device ccid-card-passthru,chardev=ccid -usb -monitor stdio -boot menu=on -drive file=/home/chayang/win-7_x86_64.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none,werror=stop,rerror=stop,aio=native -device ide-drive,bus=ide.0,unit=0,drive=drive-virtio-disk0,id=virtio-disk0 -cdrom en_windows_7_ultimate_with_sp1_x64_dvd_u_677332.iso 

2. create certificates on client:
# certutil -x -t "CT,CT,CT" -S -s "CN=cert1" -n cert1 -d /etc/pki/nssdb/
# certutil -x -t "CT,CT,CT" -S -s "CN=cert2" -n cert2 -d /etc/pki/nssdb/
# certutil -x -t "CT,CT,CT" -S -s "CN=cert3" -n cert3 -d /etc/pki/nssdb/

# certutil -L -d /etc/pki/nssdb/

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

cert3                                                        CTu,Cu,Cu
cert1                                                        CTu,Cu,Cu
cert2                                                        CTu,Cu,Cu

3. connect to guest with remote-viewer:
remote-viewer spice://xxxx:7000 --spice-smartcard --spice-smartcard-db /etc/pki/nssdb/ --spice-smartcard-certificates cert1,cert2,cert3

4. run ESC in guest


Reproduction:
------------
With qemu-kvm-0.12.1.2-2.355.el6.x86_64. ECS cannot view certificates. And in system log:
Event[82]:
  Log Name: System
  Source: Microsoft-Windows-Smartcard-Server
  Date: 2013-08-29T10:19:22.000
  Event ID: 610
  Task: N/A
  Level: Error
  Opcode: Info
  Keyword: Classic
  User: N/A
  User Name: N/A
  Computer: test-PC
  Description:
Smart Card Reader 'QEMU 0.12.1 QEMU USB CCID 0' rejected IOCTL TRANSMIT: The request could not be performed because of an I/O device error.  If this error persists, your smart card or reader may not be functioning correctly.

Event[86]:
  Log Name: System
  Source: WudfUsbccidDriver
  Date: 2013-08-29T10:19:22.031
  Event ID: 5
  Task: Driver
  Level: Error
  Opcode: General
  Keyword: N/A
  User: S-1-5-19
  User Name: NT AUTHORITY\LOCAL SERVICE
  Computer: test-PC
  Description:
Unexpected size.

Event[87]:
  Log Name: System
  Source: WudfUsbccidDriver
  Date: 2013-08-29T10:19:22.031
  Event ID: 10
  Task: Driver
  Level: Error
  Opcode: Ioctl
  Keyword: N/A
  User: S-1-5-19
  User Name: NT AUTHORITY\LOCAL SERVICE
  Computer: test-PC
  Description:
Request[0](CLS=0x0,INS=0xa4,P1=0x4,P2=0x0,Lc=9,Le=0,.NETServiceMethod=0x0)

Event[88]:
  Log Name: System
  Source: WudfUsbccidDriver
  Date: 2013-08-29T10:19:22.484
  Event ID: 5
  Task: Driver
  Level: Error
  Opcode: General
  Keyword: N/A
  User: S-1-5-19
  User Name: NT AUTHORITY\LOCAL SERVICE
  Computer: test-PC
  Description:
Unexpected size.


Verifications:
-------------
With qemu-kvm-0.12.1.2-2.355.el6_4.8.x86_64.rpm. ESC can view certificates correctly. 

No related WudfUsbccidDriver error any more:
Event[63]:
  Log Name: System
  Source: WudfUsbccidDriver
  Date: 2013-08-29T10:40:51.312
  Event ID: 104
  Task: Driver
  Level: Information
  Opcode: General
  Keyword: N/A
  User: S-1-5-19
  User Name: NT AUTHORITY\LOCAL SERVICE
  Computer: test-PC
  Description:
The Smartcard reader reported the following class descriptor (part 1).

Event[64]:
  Log Name: System
  Source: WudfUsbccidDriver
  Date: 2013-08-29T10:40:51.312
  Event ID: 105
  Task: Driver
  Level: Information
  Opcode: General
  Keyword: N/A
  User: S-1-5-19
  User Name: NT AUTHORITY\LOCAL SERVICE
  Computer: test-PC
  Description:
The Smartcard reader reported the following class descriptor (part 2).
Comment 11 Chao Yang 2013-08-29 10:59:14 UTC 
Based on above, this issue has been fixed.
Comment 14 errata-xmlrpc 2013-10-02 12:08:44 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1401.html