RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 965152 - Smartcard emulation with Windows guest fails
Summary: Smartcard emulation with Windows guest fails
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: qemu-kvm
Version: 6.5
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: 6.4
Assignee: Alon Levy
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On: 917860 997544
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-05-20 14:24 UTC by Idith Tal-Kohen
Modified: 2013-12-05 10:18 UTC (History)
18 users (show)

Fixed In Version: qemu-kvm-0.12.1.2-2.355.el6_4.8
Doc Type: Bug Fix
Doc Text:
* Previously, smart card emulation with a Microsoft Windows guest in versions XP, 2003 and 7 failed due to inconsistent Answer To Reset (ATR) file length with a smart card I/0 device error. This update creates an ATR file length with appropriate historical bytes, and disables USB signaling when necessary. Now, smart card emulation is possible, and failures no longer occur in the aforementioned scenario.
Clone Of:
Environment:
Last Closed: 2013-10-02 12:08:44 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2013:1401 0 normal SHIPPED_LIVE qemu-kvm bug fix update 2013-10-02 16:06:35 UTC

Description Idith Tal-Kohen 2013-05-20 14:24:09 UTC 
This bug has been copied from bug #917860 and has been proposed
to be backported to 6.4 z-stream (EUS).
Comment 4 Qunfang Zhang 2013-05-24 03:01:38 UTC 
Hi, Ademar
As we discussed in bug 917860 comment 12, this bug should be included in the current rhel6.4-z errata 2013:14833. And the rhel6.5 bug 917860 has been in POST status. So just want to confirm with you when this bug fix could get into the official rhel6.4-z build?  As QE need to run a round of acceptance test or some function test if needed in the final z-stream build. And currently the errata is in QE status again with some new bug included.


Thanks,
Qunfang
Comment 5 Qunfang Zhang 2013-05-24 08:03:55 UTC 
(In reply to Qunfang Zhang from comment #4)
> Hi, Ademar
> As we discussed in bug 917860 comment 12, this bug should be included in the
> current rhel6.4-z errata 2013:14833. And the rhel6.5 bug 917860 has been in
> POST status. So just want to confirm with you when this bug fix could get
> into the official rhel6.4-z build?  As QE need to run a round of acceptance
> test or some function test if needed in the final z-stream build. And
> currently the errata is in QE status again with some new bug included.
> 
> 
> Thanks,
> Qunfang

Hi, Ademar
I'm forwarded another mail and I got that this bug will not be in the errata. So please ignore my last comment. Sorry for the noisy.

Thanks,
Qunfang
Comment 10 Chao Yang 2013-08-29 10:55:40 UTC 
Reproduced and verified this bug.

Steps:
1. launch a windows 7 x86_64 guest with smartcard support:
# /usr/libexec/qemu-kvm -name test -M rhel6.4.0 -enable-kvm -cpu host -m 2048 -smp 2,sockets=2,cores=1,threads=1 -nodefaults -netdev tap,id=hostnet0 -device e1000,netdev=hostnet0,id=net0,mac=22:33:4a:42:76:36,bus=pci.0 -k en-us -vga qxl -spice port=7000,disable-ticketing -chardev spicevmc,name=smartcard,id=ccid -device usb-ccid -device ccid-card-passthru,chardev=ccid -usb -monitor stdio -boot menu=on -drive file=/home/chayang/win-7_x86_64.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none,werror=stop,rerror=stop,aio=native -device ide-drive,bus=ide.0,unit=0,drive=drive-virtio-disk0,id=virtio-disk0 -cdrom en_windows_7_ultimate_with_sp1_x64_dvd_u_677332.iso 

2. create certificates on client:
# certutil -x -t "CT,CT,CT" -S -s "CN=cert1" -n cert1 -d /etc/pki/nssdb/
# certutil -x -t "CT,CT,CT" -S -s "CN=cert2" -n cert2 -d /etc/pki/nssdb/
# certutil -x -t "CT,CT,CT" -S -s "CN=cert3" -n cert3 -d /etc/pki/nssdb/

# certutil -L -d /etc/pki/nssdb/

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

cert3                                                        CTu,Cu,Cu
cert1                                                        CTu,Cu,Cu
cert2                                                        CTu,Cu,Cu

3. connect to guest with remote-viewer:
remote-viewer spice://xxxx:7000 --spice-smartcard --spice-smartcard-db /etc/pki/nssdb/ --spice-smartcard-certificates cert1,cert2,cert3

4. run ESC in guest


Reproduction:
------------
With qemu-kvm-0.12.1.2-2.355.el6.x86_64. ECS cannot view certificates. And in system log:
Event[82]:
  Log Name: System
  Source: Microsoft-Windows-Smartcard-Server
  Date: 2013-08-29T10:19:22.000
  Event ID: 610
  Task: N/A
  Level: Error
  Opcode: Info
  Keyword: Classic
  User: N/A
  User Name: N/A
  Computer: test-PC
  Description:
Smart Card Reader 'QEMU 0.12.1 QEMU USB CCID 0' rejected IOCTL TRANSMIT: The request could not be performed because of an I/O device error.  If this error persists, your smart card or reader may not be functioning correctly.

Event[86]:
  Log Name: System
  Source: WudfUsbccidDriver
  Date: 2013-08-29T10:19:22.031
  Event ID: 5
  Task: Driver
  Level: Error
  Opcode: General
  Keyword: N/A
  User: S-1-5-19
  User Name: NT AUTHORITY\LOCAL SERVICE
  Computer: test-PC
  Description:
Unexpected size.

Event[87]:
  Log Name: System
  Source: WudfUsbccidDriver
  Date: 2013-08-29T10:19:22.031
  Event ID: 10
  Task: Driver
  Level: Error
  Opcode: Ioctl
  Keyword: N/A
  User: S-1-5-19
  User Name: NT AUTHORITY\LOCAL SERVICE
  Computer: test-PC
  Description:
Request[0](CLS=0x0,INS=0xa4,P1=0x4,P2=0x0,Lc=9,Le=0,.NETServiceMethod=0x0)

Event[88]:
  Log Name: System
  Source: WudfUsbccidDriver
  Date: 2013-08-29T10:19:22.484
  Event ID: 5
  Task: Driver
  Level: Error
  Opcode: General
  Keyword: N/A
  User: S-1-5-19
  User Name: NT AUTHORITY\LOCAL SERVICE
  Computer: test-PC
  Description:
Unexpected size.


Verifications:
-------------
With qemu-kvm-0.12.1.2-2.355.el6_4.8.x86_64.rpm. ESC can view certificates correctly. 

No related WudfUsbccidDriver error any more:
Event[63]:
  Log Name: System
  Source: WudfUsbccidDriver
  Date: 2013-08-29T10:40:51.312
  Event ID: 104
  Task: Driver
  Level: Information
  Opcode: General
  Keyword: N/A
  User: S-1-5-19
  User Name: NT AUTHORITY\LOCAL SERVICE
  Computer: test-PC
  Description:
The Smartcard reader reported the following class descriptor (part 1).

Event[64]:
  Log Name: System
  Source: WudfUsbccidDriver
  Date: 2013-08-29T10:40:51.312
  Event ID: 105
  Task: Driver
  Level: Information
  Opcode: General
  Keyword: N/A
  User: S-1-5-19
  User Name: NT AUTHORITY\LOCAL SERVICE
  Computer: test-PC
  Description:
The Smartcard reader reported the following class descriptor (part 2).
Comment 11 Chao Yang 2013-08-29 10:59:14 UTC 
Based on above, this issue has been fixed.
Comment 14 errata-xmlrpc 2013-10-02 12:08:44 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1401.html
Note You need to log in before you can comment on or make changes to this bug.