Red Hat Bugzilla – Bug 248716
Module MPPE cause kernel panic.
Last modified: 2008-05-21 10:46:34 EDT
Description of problem:
Module mppe cause kernel panic after few seconds. I installed pptpd x86_64 ,
when i connect from clients my server machine freezes. I had to hard reboot.
Same configuration works ok on x86 architecture.
Version-Release number of selected component (if applicable):
2.6.18-8.x ( x86_64 version)
Steps to Reproduce:
1. Start pptpd service
2. connect from 1 windows client
Server completely freezes with kernel panic
Estabilish vpn tunnel
This bug was also filed on Centos bugzilla ( you can also find a kdump there):
I can confirm this i386 2.6.18-8.1.8 works ok
same setup on x86_64 produces panic listed on centos bug tracker
I reproduced the bug on x86_64. Narrowed it down to
Created attachment 199981 [details]
Don't allocate InterimKey on the stack, because then virt_to_page doesn't work
on it. Not yet sure if it's expected or an unintended side-effect of
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release. Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products. This request is not yet committed for inclusion in an Update
Created attachment 202531 [details]
a better fix
After discussing it with others, I came to the conclusion that trying
virt_to_page on a stack-allocated buffer is indeed a bug. This patch fixes
mppe_rekey to avoid doing that. As a bonus, it gets rid of one memcpy and saves
a bit of stack space. I sent a patch to upstream too. I tested only the
upstream version. This one is only compile-tested so far.
I've uploaded a testing kernel with the patch to:
Could you verify it fixes the bug for you?
thank you for your work, the kernel run perfectly! :-)
Could you please publish also the *-devel package?
Thank you very much.
OK, here it is:
But note that this kernel build didn't go through any QA tests, so I don't
recommend it for production use.
I installed the patch "a better fix" on kernel series 2.6.18-8.1.10 and it run!.
Will this patch be included in next kernel release?
First it has to be accepted upstream. It's in -mm now and Andrew Morton will
probably send it to Linus for 2.6.24. Then it can be included in a RHEL Update
Release (5.x). I don't expect the patch to make it into a RHEL 5.0 kernel bugfix
release, unless a customer needs it.
But we need to get working VPN. Now I cannot use it. We buy product and then we
cannot get fixes.
if you are a Red Hat Enterprise Linux user, would you please use Customer
Support and file a request in the Issue Tracker. Include the number of this
Bugzilla bug in the description of your issue. Support should be able to
provide you with a fixed and still supported kernel, or at least push for
earlier inclusion of the fix into a standard release.
If you are not our customer, you can still simply recompile the kernel source
RPM to which you include the patch I provided here.
Anyway, I don't recommend using VPNs based on PPTP. PPTP has several known
security flaws. Consider using other VPN solutions, e.g. IPsec or OpenVPN.
Could I connect to existing servers using IPsec or OpenVPN instead of PPTP?
No. They are different protocols. To a PPTP server you can only connect with a
> I don't expect the patch to make it into a RHEL 5.0 kernel bugfix
> release, unless a customer needs it.
> To a PPTP server you can only connect with a PPTP client.
So, RHEL5 currently DOESN'T work with most of Windows and some BSD\Linux
servers, doesn't work with most ISP (because lot of them using PPTP), and Red
Hat company really thinking, that customers don't need this ability?
Please, help me to understand, WHAT we should say to our ISPs and admins of
some servers? "Guys, PPTP is a bad way. Even if your server works fine and you
already have hundreds clients, you should remove your software and install
Please, add this patch to updates, we don't want to add this "must have" patch
and recompile kernel for every new version.
You can download this test kernel from http://people.redhat.com/dzickus/el5
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.