Comments (14)
What PKCS#11 library are you using?
What do you do to get the 100% CPU load?
from pam_pkcs11.
- Version 0.6.8.4
- After lightdm login i get lightdm process at 100% or after tty login where i get login process at 100%
$ top
PID USUÁRIO PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
31593 root 20 0 621132 23604 20348 S 100,0 0,3 1:22.65 lightdm
$ ps -aux | grep 31593
7276786+ 1041 0.0 0.0 14544 1092 pts/1 S+ 10:41 0:00 grep --color=auto 31593
root 31593 97.9 0.2 621132 23604 ? SLl 10:32 8:39 lightdm --session-child 11 18
from pam_pkcs11.
I am talking about the PKCS#11 library that you have configured in the pam_pkcs11 configuration file /etc/pam_pkcs11.conf
file.
Look for the use_pkcs11_module =
line in the configuration file.
from pam_pkcs11.
pkcs11_module aladdin {
module = /usr/lib/libeTPkcs11.so
description = "Aladdin eTokenPRO";
slot_num = 0;
support_threads = true;
ca_dir = /etc/pam_pkcs11/cacerts;
crl_dir = /etc/pam_pkcs11/crls;
cert_policy = ca,crl_auto,signature;
}
from pam_pkcs11.
I would suspect a problem in the /usr/lib/libeTPkcs11.so
library.
Can you attach gdb to the lightdm process to get a backtrace and know what function is taking 100% of CPU?
from pam_pkcs11.
I try but dont know how to start lightdm with debug enable and gdb cant find debug symbols.
from pam_pkcs11.
Please copy/paste the gdb backtrace.
from pam_pkcs11.
I have the same problem.
strace -p 17135
strace: Process 17135 attached
wait4(17247,
gdb -p 17135
gdb -p 17135
GNU gdb (Ubuntu 7.11.1-0ubuntu1~16.04) 7.11.1
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word".
Attaching to process 17135
[New LWP 17140]
[New LWP 17142]
[New LWP 17231]
[New LWP 17232]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
0x00007f709f21af7b in __waitpid (pid=17247, stat_loc=0x7fffb91398a0, options=0) at ../sysdeps/unix/sysv/linux/waitpid.c:29
29 ../sysdeps/unix/sysv/linux/waitpid.c: No such file or directory.
(gdb) bt
#0 0x00007f709f21af7b in __waitpid (pid=17247, stat_loc=0x7fffb91398a0, options=0) at ../sysdeps/unix/sysv/linux/waitpid.c:29
#1 0x000000000041c8b6 in ?? ()
#2 0x00000000004083a5 in ?? ()
#3 0x00007f709ee61830 in __libc_start_main (main=0x4076c0, argc=4, argv=0x7fffb9139eb8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffb9139ea8)
at ../csu/libc-start.c:291
#4 0x0000000000408c69 in ?? ()
(gdb) quit
top
17135 root 20 0 550648 18596 16028 S 100,0 0,2 25:27.41 lightdm
ps -ef
root 17073 1 0 11:41 ? 00:00:00 /usr/sbin/lightdm -d
root 17080 17073 0 11:41 tty7 00:00:13 /usr/lib/xorg/Xorg -core :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch
root 17135 17073 89 11:41 ? 00:26:18 lightdm --session-child 12 19
from pam_pkcs11.
@khorkin what PKCS#11 library are you using with pam_pkcs11?
from pam_pkcs11.
The same SafeNet 9.1.7 library /usr/lib/libeTPkcs11.so
from pam_pkcs11.
I suggest to report the problem to the libeTPkcs11.so PCKS#11 library provider: SafeNet.
from pam_pkcs11.
I can confirm that with the newest libeTPkcs11.so (SAC 10.0.0 version) the 100% CPU usage issue is still present with lightdm (Ubuntu 16.04) but can also occur at a simple sudo auth, I will check it further when I can and will report it to Gemalto (Safenet). To cross-check it, I configured the P11 library of cryptovision's scInterface (libcvP11.so - version: 6.6.19) instead, and there is no 100% cpu issue with that.
from pam_pkcs11.
I can verify that the issue is still present with lightdm (Ubuntu 16.04) and SAC 10.0.60.0. @makadizsolt Any results from the report to Gemalto?
from pam_pkcs11.
It looks like the problem is with libeTPkcs11.so and not with pam_pkcs11.
Closing.
from pam_pkcs11.
Related Issues (20)
- C_Sign fails with 0x00000007 after inserting pin HOT 9
- Endless Loop on signature size HOT 10
- pkcs11_make_hash_link util does not work HOT 1
- CRLs online fail to process after download and offline ones cause a segfault HOT 6
- PKCS11 module crashes when no CRL defined for card HOT 2
- EVP_VerifyFinal() failed with EC cert on 0.6.11 HOT 5
- make pkcs11_module option "slot_description" a substring match
- A lot of patches...
- Provide pam-auth-update configuration file?
- cannot build on fedora 32 HOT 1
- Segmentation fault (core dumped) with Estonian ID card HOT 2
- EVP_VerifyFinal() failed: error:0D078079:asn1 encoding routines:asn1_item_embed_d2i:field missing HOT 6
- Possible openssh_mapper error with SSH v1 key
- EVP_VerifyFinal() failed: invalid padding
- pkcs11_make_hash_link fails when file names contain whitespaces HOT 4
- mapper heap-buffer-overflow HOT 2
- ldap_get_certificate(): no matching entries
- Check crl_offline failed when openssl works HOT 1
- Crl_online even if all certificates are available on crl URI
- verify_crl() failed: getting the issuer's public key failed
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pam_pkcs11.