Le 21/12/18 à 13:40, Michael Tokarev a écrit :
21.12.2018 15:27, Laurent Bigonville пишет:
Package: qemu-system-x86
Version: 1:3.1+dfsg-1
Severity: important
Hi,
When starting a domain that has a virtual smartcard reader configured
as "host", kvm crashes.
to reproduce, run as root the following commands to setup the NSS db
(certutil is in libnss3-tools):
mkdir -p /etc/pki/nssdb
certutil -N -d /etc/pki/nssdb
certutil -N -d dbm:/etc/pki/nssdb/
chmod 644 /etc/pki/nssdb/*
This is not sufficient, since qemu also wants 3 certificates to be
present. Qemu should not start, it reports
ccid-card-emulated: failed to initialize vcard
with empty db.
IIRC it was working with the previous version (2.12)
Please show your qemu command line. Note that `host' smartcard is a
libvirt term, qemu does not have such thing.
qemu-system-x86_64 -enable-kvm -name guest=win10,debug-threads=on -S -object
secret,id=masterKey0,format=raw,file=/var/lib/libvirt/qemu/domain-3-win10/master-key.aes
-machine pc-i440fx-2.11,accel=kvm,usb=off,vmport=off,dump-guest-core=off -cpu
Broadwell-IBRS,vme=on,ss=on,f16c=on,rdrand=on,hypervisor=on,arat=on,tsc_adjust=on,umip=on,ssbd=on,xsaveopt=on,pdpe1gb=on,abm=on,hv_time,hv_relaxed,hv_vapic,hv_spinlocks=0x1fff
-m 4096 -realtime mlock=off -smp 2,sockets=2,cores=1,threads=1 -uuid
2109c1d6-edb0-4e2e-bd6a-cd7e38d303f2 -no-user-config -nodefaults -chardev
socket,id=charmonitor,fd=26,server,nowait -mon
chardev=charmonitor,id=monitor,mode=control -rtc base=localtime,driftfix=slew
-global kvm-pit.lost_tick_policy=delay -no-hpet -no-shutdown -global
PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1 -boot strict=on -device
ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x5.0x7 -device
ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x5
-device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x5.0x1
-device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x5.0x2
-device virtio-scsi-pci,id=scsi0,bus=pci.0,addr=0x8 -device
virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x6 -device
usb-ccid,id=ccid0,bus=usb.0,port=4 -drive
file=/var/lib/libvirt/images/win10.qcow2,format=qcow2,if=none,id=drive-scsi0-0-0-1,discard=unmap
-device
scsi-hd,bus=scsi0.0,channel=0,scsi-id=0,lun=1,drive=drive-scsi0-0-0-1,id=scsi0-0-0-1,bootindex=1
-drive if=none,id=drive-ide0-0-1,readonly=on -device
ide-cd,bus=ide.0,unit=1,drive=drive-ide0-0-1,id=ide0-0-1 -netdev
tap,fd=28,id=hostnet0 -device
rtl8139,netdev=hostnet0,id=net0,mac=52:54:00:b4:0f:cc,bus=pci.0,addr=0x3
-device ccid-card-emulated,backend=nss-emulated,id=smartcard0,bus=ccid0.0
-chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0
-chardev spicevmc,id=charchannel0,name=vdagent -device
virtserialport,bus=virtio-serial0.0,nr=2,chardev=charchannel0,id=channel0,name=com.redhat.spice.0
-device usb-tablet,id=input0,bus=usb.0,port=1 -spice
port=0,disable-ticketing,image-compression=off,seamless-migration=on -device
qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,vram64_size_mb=0,vgamem_mb=16,max_outputs=1,bus=pci.0,addr=0x2
-device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device
hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -chardev
spicevmc,id=charredir0,name=usbredir -device
usb-redir,chardev=charredir0,id=redir0,bus=usb.0,port=2 -chardev
spicevmc,id=charredir1,name=usbredir -device
usb-redir,chardev=charredir1,id=redir1,bus=usb.0,port=3 -device
virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x7 -sandbox
on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny -msg
timestamp=on
