Page MenuHome GnuPG

Windows: hard lockup of scdaemon
Open, HighPublic

Description

Hard lockup of scdaemon is observed.
"Hard" means that gpgconf --kill scdeamon cannot kill the process, but manual killing is required.

If it's not "hard", that is, the case where gpgconf --kill scdaemon can kill the process, it's considered fixed by T7386 (see T7378 and T7044).

This situation can be artificially created (even on POSIX machine), see T7323. Note that this situation is only under extreme scenario.

If it's clear that the lockup is due to the output non-consumption of client, please put information on T7323.
Otherwise, for other cases, please put information here.

If the log of Kleo (like the one in T7378) is available, it helps debugging.

Event Timeline

gniibe created this task.

As of 2024-11-18, my hypothesis is:

  • there are some sort of race conditions between PC/SC + card reader (or its driver) + smartcard + scdaemon on Windows, at least at initial use after boot
  • because of this, SCardConnect of PC/SC call wrongly fails (somehow confirmed by @ebo's experiments + @gniibe's speculation), or wrongly never returns (@gniibe's guess, side info: its slowness is observed in T7400).

If there is a case of SCardConnect never returns, it's true that scdaemon results hard lockup.
With the hard lockup of scdaemon, gpg -K or gpgsm -K also hangs, because KEYINFO command never returns.
gpgconf --kill scdaemon never gets success.

(For experienced users', this kind of behavior (used to be)/is common with smartcards and its card readers. They know it's not that reliable in some situations actually. And they just kill-and-reset all related programs around smartcard manually as a normal breathing.)

We need to accept/prepare the situation of SCardConnect never returns because of other factors (PC/SC + card reader (or its driver) + smartcard).
While it is not common any more with modern token implementation, the issue might still exist with some card/card reder/its driver. It could be more likely in 32-bit old proprietary driver.

Hard lockup should be avoided. In particular, following conditions should meet:

  • gpgconf --kill scdaemon can kill scdaemon
  • KEYINFO requests can be answered for other connections of scdaemon

If so, Kleo will be OK even with the problem.

Besides,

  • by other connections, even if one USB connection of one card reader behaves badly/wrongly, it would be good for scdaemon to keep working correctly for other existing use of good card reader
  • timeout of SCardConnect could be supported by scdaemon, it must not be fatal (with SCardConnect never returns)