On Wed, 2018-08-08 at 14:08 -0400, Jason Andryuk wrote: > On Wed, Aug 8, 2018 at 11:33 AM Jakub Jelen <jjelen@xxxxxxxxxx> > wrote: > > > > On Wed, 2018-08-08 at 16:51 +0200, Marc-André Lureau wrote: > > > Hi > > > > > > On Tue, Jul 24, 2018 at 8:34 PM, Jason Andryuk < > > > jandryuk@xxxxxxxxx> > > > wrote: > > > > If a command fails, card_status will not match > > > > VCARD_DONE. That > > > > will > > > > trigger the assert and abort the process. Instead, handle > > > > VCARD_FAIL and > > > > return an error in that case. Client software can then deal > > > > with > > > > the > > > > error, and we continue running to handle future commands. > > > > > > > > This can be triggered by removing the physical smartcard mid- > > > > operation. > > > > > > There are other paths, like invalid instruction on > > > cac_common_process_apdu_read() > > > > The invalid instructions should return valid response with error > > indicated in SW (status words). The referenced function has the > > default > > VCARD_FAIL value is in the code somehow bogus in case we would like > > to > > fail early or fail to handle some case (?). > > > > The VCARD_FAIL option is really about more serious issues as Jason > > is > > pointing out. > > > > Handling the error here, rather than segfaulting in assert later > > sounds > > like a good idea. But from reading the code, I still can not find a > > path where we could encounter this value here. > > > > From what I see, all the paths here return either VCARD_DONE. Can > > you > > advice during which operation did you encounter this error? > > My setup is qemu <-> vscclient <-> pcscd with passthru: > vscclient -e 'use_hw=yes hw_type=passthru' > > In a Windows VM, I ran `certutil -scinfo` from a cmd window. While > it > was running, I pulled out my smart card. Without my patch, vscclient > terminates. With it, vscclient continues running. > > The call stack is: > vreader_xfr_bytes > vcard_process_apdu > vcard_process_applet_apdu > apdu_cb > > apdu_cb can return VCARD_FAIL for send_receive or > vcard_response_new_data failure. > > So you think src/capcsc.c:apdu_cb() should return VCARD_DONE but use > vcard_response_set_status_bytes to write an appropriate status word? I was referring mostly to the card emulation code which I know better and which is safe in this way it returns the correct status words. I don't know much about the passthrough mode. But you are right -- it can return VCARD_FAIL in case of the transmit to the real card fails and I believe failing this way is a correct thing to do. Acked-by: Jakub Jelen <jjelen@xxxxxxxxxx> > Is there a better tool than vscclient for passing through a physical > smart card to a VM? Spice isn't an option for my VM setup. Regards, -- Jakub Jelen Software Engineer Security Technologies Red Hat, Inc. _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel