Bug 1211970 - smart card emulation doesn't work with USB3 (nec-xhci) controller
Summary: smart card emulation doesn't work with USB3 (nec-xhci) controller
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: qemu-kvm-rhev
Version: 7.2
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: rc
: 7.2
Assignee: Gerd Hoffmann
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks: 1243731
TreeView+ depends on / blocked
 
Reported: 2015-04-15 10:29 UTC by David Jaša
Modified: 2021-03-14 07:36 UTC (History)
16 users (show)

Fixed In Version: qemu-kvm-rhev-2.3.0-15.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1243731 (view as bug list)
Environment:
Last Closed: 2015-12-04 16:37:57 UTC
Target Upstream Version:

Attachments (Terms of Use)
log of logging into the system using smartcard, log is full of EREMOTEIO messages (57.27 KB, text/plain)
2015-07-21 14:54 UTC, David Jaša 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:2546 0 normal SHIPPED_LIVE qemu-kvm-rhev bug fix and enhancement update 2015-12-04 21:11:56 UTC

Description David Jaša 2015-04-15 10:29:50 UTC 
Description of problem:
smart card emulation doesn't work with USB3 (nec-xhci) controller

Version-Release number of selected component (if applicable):
qemu-kvm-1.5.3-86.el7_1.1.x86_64

How reproducible:
always

Steps to Reproduce:
1. set up a VM with smartcard controller and USB3 controller:
    <controller type='usb' index='0' model='nec-xhci'/>
    <smartcard mode='passthrough' type='spicevmc'>
      <address type='ccid' controller='0' slot='0'/>
    </smartcard>
2. connect to the VM (virt-viewer $VM_NAME --spice-smartcard)
3.

Actual results:
smartcard emulation doesn't work. Examples of what is printed to qemu log with both QEMU_CCID_PASSTHRU_DEBUG and QEMU_CCID_DEBUG set to 4 is below

Expected results:
smartcard works just as it works with default controller (USB2 or in domain xml, ich9-ehci/ich9-uhci)

Additional info:
examples of qemu log:
-- 8< --
usb-ccid: ccid_handle_bulk_out 65 GetSlotStatus
usb-ccid: ccid_reserve_recv_buf: QUEUE: reserve 10 bytes
usb-ccid: ccid_calc_status: status = 0
usb-ccid: ccid_bulk_in_copy_to_guest: 10/10 req/act to guest (BULK_IN)
usb-ccid: ccid_bulk_in_copy_to_guest: 10/2 req/act to guest (BULK_IN)
usb-ccid: ccid_bulk_in_copy_to_guest: returning short (EREMOTEIO) 2 < 10
-- 8< --
usb-ccid: ccid_handle_bulk_out 65 GetSlotStatus
usb-ccid: ccid_reserve_recv_buf: QUEUE: reserve 10 bytes
usb-ccid: ccid_calc_status: status = 0
usb-ccid: ccid_bulk_in_copy_to_guest: 10/10 req/act to guest (BULK_IN)
usb-ccid: ccid_bulk_in_copy_to_guest: 10/10 req/act to guest (BULK_IN)
usb-ccid: ccid_handle_bulk_out 65 GetSlotStatus
usb-ccid: ccid_reserve_recv_buf: QUEUE: reserve 10 bytes
usb-ccid: ccid_calc_status: status = 0
usb-ccid: ccid_bulk_in_copy_to_guest: 10/10 req/act to guest (BULK_IN)
usb-ccid: ccid_handle_bulk_out 62 IccPowerOn
usb-ccid: ccid_handle_bulk_out: PowerOn: 0
usb-ccid: ccid_write_data_block_atr: atr contains protocol=0
usb-ccid: ccid_reserve_recv_buf: QUEUE: reserve 22 bytes
usb-ccid: ccid_calc_status: status = 0
usb-ccid: ccid_bulk_in_copy_to_guest: 259/22 req/act to guest (BULK_IN)
usb-ccid: ccid_bulk_in_copy_to_guest: returning short (EREMOTEIO) 22 < 259

usb-ccid: ccid_handle_bulk_out 6f XfrBlock
usb-ccid: ccid_on_apdu_from_guest: seq 27, len 14
usb-ccid: usb-ccid: pending answers:usb-ccid: 0:27
usb-ccid: ccid_bulk_in_copy_to_guest: returning short (EREMOTEIO) 0 < 273
usb-ccid: APDU returned to guest 2 (answer seq 27, slot 0)
usb-ccid: usb-ccid: pending answers:usb-ccid:  empty
usb-ccid: ccid_reserve_recv_buf: QUEUE: reserve 12 bytes
usb-ccid: ccid_calc_status: status = 0
Comment 1 Gerd Hoffmann 2015-04-28 08:05:50 UTC 
http://patchwork.ozlabs.org/patch/465422/
Comment 2 Ademar Reis 2015-07-15 14:19:48 UTC 
(In reply to Gerd Hoffmann from comment #1)
> http://patchwork.ozlabs.org/patch/465422/

I don't see this patch upstream yet... What's the plan? Should I devel_ack+ this BZ?
Comment 3 Gerd Hoffmann 2015-07-16 06:26:37 UTC 
upstream commit 4e8cfbe1143d8384387595b500212d7a7f11aeae
Comment 4 Gerd Hoffmann 2015-07-16 07:00:13 UTC 
backport posted.
Comment 6 Gerd Hoffmann 2015-07-16 14:38:31 UTC 
please test this scratch build:
http://brewweb.devel.redhat.com/brew/taskinfo?taskID=9529070
Comment 7 Gerd Hoffmann 2015-07-17 12:17:33 UTC 
new patch posted.
Comment 8 David Jaša 2015-07-21 14:52:09 UTC 
(In reply to Gerd Hoffmann from comment #6)
> please test this scratch build:
> http://brewweb.devel.redhat.com/brew/taskinfo?taskID=9529070

The scratch build fixes the problem at my system. The "ccid_bulk_in_copy_to_guest: returning short (EREMOTEIO)" messages keep being printed by qemu however (I'm not sure if they're significant though).
Comment 9 David Jaša 2015-07-21 14:54:17 UTC 
Created attachment 1054428 [details]
log of logging into the system using smartcard, log is full of EREMOTEIO messages
Comment 10 Miroslav Rezanina 2015-08-05 08:19:21 UTC 
Fix included in qemu-kvm-rhev-2.3.0-15.el7
Comment 12 Yanhui Ma 2015-08-13 08:46:43 UTC 
reproduce the issue:
host info:
3.10.0-303.el7.x86_64
qemu-kvm-rhev-2.3.0-12.el7.x86_64

steps:
1.boot up a rhel7.2 guest with smartcard controller and USB3 controller:
-device nec-usb-xhci -chardev spicevmc,name=smartcard,id=ccid -device usb-ccid -device ccid-card-passthru,chardev=ccid
2.in both host and guest
#yum groupinstall "smart card support"
 #yum remove '*openct*'
 #service pcscd start
3.plug in the reader before you run remote-viewer on host.
  remote-viewer --spice-smartcard spice://$IP:7000
4. open Smart Card Manager application in  guest

actual results:
Smart Card Manager application can not find the samrt card in guest.

verify the issue:
host info:
3.10.0-303.el7.x86_64
qemu-kvm-rhev-2.3.0-15.el7.x86_64

steps:
the same as above

actual results:
Smart Card Manager application can find the samrt card in guest.
Comment 13 Pei Zhang 2015-08-17 07:39:50 UTC 
Verify this issue from libvirt :

verify version:
libvirt-1.2.17-5.el7.x86_64
qemu-kvm-rhev-2.3.0-17.el7.x86_64

verify steps:

1.prepare env
both host and guest : 
# yum groupinstall "smart card support"
# service pcscd start 
Redirecting to /bin/systemctl start  pcscd.service

Plug physical smart card to host .
check in host :
Application ---> SystemTools ---> Smart Card Manager

2.define and start guest with following XML configuration.  

#virsh dumpxml r708 
usb3.0 controller:

<controller type='usb' index='0' model='nec-xhci'>
      <alias name='usb'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
    </controller>

ccid controller :
<controller type='ccid' index='0'>
      <alias name='ccid0'/>
    </controller>

smart card passthrough :
 <smartcard mode='passthrough' type='spicevmc'>
      <alias name='smartcard0'/>
      <address type='ccid' controller='0' slot='0'/>
    </smartcard>

spice graphic:
  <graphics type='spice' autoport='yes' listen='0.0.0.0'>
      <listen type='address' address='0.0.0.0'/>
    </graphics>

2.1 check qemu cli, make sure guest's qemu cli like following  :
-device nec-usb-xhci,id=usb,bus=pci.0,addr=0x6 
-device usb-ccid,id=ccid0 
-chardev spicevmc,id=charsmartcard0,name=smartcard
-device ccid-card-passthru,chardev=charsmartcard0,id=smartcard0,bus=ccid0.0

3.start guest to check
#virsh start r708
#virsh domdisplay r708

3.2 using remote-viewer to check, must with "--spice-smartcard"
# remote-viewer --spice-smartcard spice://$host-IP:5901

check in guest :
Application ---> SystemTools ---> Smart Card Manager
smartcard enrolled.
Comment 14 juzhang 2015-08-17 09:01:55 UTC 
According to comment12 and commnet13, set this issue as verified.
Comment 16 errata-xmlrpc 2015-12-04 16:37:57 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2546.html
Note You need to log in before you can comment on or make changes to this bug.