Created attachment 1713995 [details] domain XML Description of problem: When I try to start a VM with a passthrough smartcard: <smartcard mode="passthrough" type="spicevmc"> <alias name="ua-ab2f5a34-e893-430d-a4e1-02a8ae5463fe" /> </smartcard> libvirt refuses to start the VM with the message: unsupported configuration: this QEMU binary lacks smartcard passthrough mode support Version-Release number of selected component (if applicable): libvirt-daemon-6.6.0-4.module+el8.3.0+7883+3d717aa8.x86_64 qemu-kvm-5.1.0-4.module+el8.3.0+7846+ae9b566f.x86_64 kernel-4.18.0-234.el8.x86_64 spice-server-0.14.3-3.el8.x86_64 How reproducible: 100% Steps to Reproduce: 1. Try to start a VM with a passthrough smartcard. Actual results: The VM fails to start. Expected results: The VM starts and the smartcard is available. Additional info: It works with AV 8.2. I don't know whether the bug is in libvirt, QEMU or elsewhere. Please reassign to the right product if needed. Attaching the complete domain XML.
I checked with Mirek who was handling the rebases of QEMU for RHEL-AV 8.3.0 to QEMU 5.1.0 and the smartcard support is supposed to be enabled. It seems the feature detection in libvirt is not working for some reason, even though it works just fine upstream.
I met this issue before, please install package libcacard and try again. Note: After installing package libcacard, pls remember to rm /var/cache/libvirt/qemu/capabilities/*.xml and restart libvirtd. It is an issue in downstream qemu spec file as my colleague hhan pointed out: 1. # ldd /usr/libexec/qemu-kvm linux-vdso.so.1 (0x00007ffc7e36d000) libseccomp.so.2 => /lib64/libseccomp.so.2 (0x00007fc4216bf000) libgio-2.0.so.0 => /lib64/libgio-2.0.so.0 (0x00007fc421316000) libgobject-2.0.so.0 => /lib64/libgobject-2.0.so.0 (0x00007fc4210c3000) libglib-2.0.so.0 => /lib64/libglib-2.0.so.0 (0x00007fc420daa000) libvirglrenderer.so.1 => /lib64/libvirglrenderer.so.1 (0x00007fc420b2f000) libusb-1.0.so.0 => /lib64/libusb-1.0.so.0 (0x00007fc420914000) librdmacm.so.1 => /lib64/librdmacm.so.1 (0x00007fc4206fa000) libibverbs.so.1 => /lib64/libibverbs.so.1 (0x00007fc4204de000) libibumad.so.3 => /lib64/libibumad.so.3 (0x00007fc4202d4000) libepoxy.so.0 => /lib64/libepoxy.so.0 (0x00007fc41ffa4000) libgbm.so.1 => /lib64/libgbm.so.1 (0x00007fc41fd93000) libaio.so.1 => /lib64/libaio.so.1 (0x00007fc41fb90000) libpixman-1.so.0 => /lib64/libpixman-1.so.0 (0x00007fc41f8e8000) libutil.so.1 => /lib64/libutil.so.1 (0x00007fc41f6e4000) libnuma.so.1 => /lib64/libnuma.so.1 (0x00007fc41f4d8000) libpng16.so.16 => /lib64/libpng16.so.16 (0x00007fc41f2a3000) libz.so.1 => /lib64/libz.so.1 (0x00007fc41f08c000) libsasl2.so.3 => /lib64/libsasl2.so.3 (0x00007fc41ee6e000) 2. Get the keyword of these libraries, and match the requirement of the libraries: For example libpng: ~ grep '^Requires.*png' ~/rpmbuild/SPECS/qemu-kvm.spec So libpng dependency is missing. So if libpng is not installed and the code of qemu-kvm reaches the symbols of libpng, it will cause the error like "cannot open shared object file: No such file or directory"
(In reply to Fangge Jin from comment #2) > I met this issue before, please install package libcacard and try again. > Note: > After installing package libcacard, pls remember to rm > /var/cache/libvirt/qemu/capabilities/*.xml and restart libvirtd. Thank you, it works. So should libcacard be added to qemu-kvm dependencies? Which team should take care of this bug?
(In reply to Milan Zamazal from comment #3) > (In reply to Fangge Jin from comment #2) > > I met this issue before, please install package libcacard and try again. > > Note: > > After installing package libcacard, pls remember to rm > > /var/cache/libvirt/qemu/capabilities/*.xml and restart libvirtd. > > Thank you, it works. So should libcacard be added to qemu-kvm dependencies? > Which team should take care of this bug? Yes, libcacard should be a dependency of qemu-kvm, I just asked qemu-kvm qe to see whether there is existing bugzilla against qemu-kvm component for this issue.
Seems qemu loses the libcacard dependency. qemu-kvm-5.1.0-9.module+el8.3.0+8182+ac9ced32.x86_64 # ldd /usr/libexec/qemu-kvm | grep card no output here # grep "Requires.*card" qemu-kvm.spec BuildRequires: libcacard-devel
It's not just adding "Requires: libcacard" - requires a deeper investigation. Not digging too much: qemu-kvm always got the libcacard dependency automatically at rpm level. Looks like it's not getting it anymore. Seems like there's a new SO file 'hw-usb-smartcard.so' in the package, which wasn't present in AV-8.2. but the spec building system should be able to infer the dependency from there, and that's not working. For what's worth: Two dependencies disappeared from AV-8.3 (when comparing to AV-8.2). rpmdiff complained about it: https://rpmdiff.engineering.redhat.com/run/461889/14/ libusbredirparser.so.1 and libcacard.so.0. Both options seems to be present in the configure line of the package. So, as the work to be done on this BZ, we need to investigate why the system is not able to infer the dependency automatically.
For the record: /usr/lib64/qemu-kvm/ contains some qemu SO files: But some of them, like hw-display-qxl.so, hw-usb-redirect.so and hw-usb-smartcard.so don't have the execution bit set. And, looks like the automatic rpm dependency solver can't infer dependency of .so files if the execution bit is not set. Bug identified, just needs a patch...
QA_ACK, please?
Most important thing here is to make shure that the original usecase "start a VM with a passthrough smartcard" works.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (virt:8.3 bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:5137