Description of problem: Module mppe cause kernel panic after few seconds. I installed pptpd x86_64 , when i connect from clients my server machine freezes. I had to hard reboot. Same configuration works ok on x86 architecture. Version-Release number of selected component (if applicable): 2.6.18-8.x ( x86_64 version) How reproducible: always Steps to Reproduce: 1. Start pptpd service 2. connect from 1 windows client 3. Actual results: Server completely freezes with kernel panic Expected results: Estabilish vpn tunnel Additional info: This bug was also filed on Centos bugzilla ( you can also find a kdump there): http://bugs.centos.org/view.php?id=2076
I can confirm this i386 2.6.18-8.1.8 works ok same setup on x86_64 produces panic listed on centos bug tracker
I reproduced the bug on x86_64. Narrowed it down to linux-2.6-x86-relocatable.patch.
Created attachment 199981 [details] workaround patch Don't allocate InterimKey on the stack, because then virt_to_page doesn't work on it. Not yet sure if it's expected or an unintended side-effect of linux-2.6-x86-relocatable.patch.
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
Created attachment 202531 [details] a better fix After discussing it with others, I came to the conclusion that trying virt_to_page on a stack-allocated buffer is indeed a bug. This patch fixes mppe_rekey to avoid doing that. As a bonus, it gets rid of one memcpy and saves a bit of stack space. I sent a patch to upstream too. I tested only the upstream version. This one is only compile-tested so far.
Seby, I've uploaded a testing kernel with the patch to: http://disk.jabbim.cz/michich@jabber.cz/kernel-2.6.18-49.el5.bz248716.x86_64.rpm Could you verify it fixes the bug for you? Thanks, Michal
Hi Michael, thank you for your work, the kernel run perfectly! :-) Could you please publish also the *-devel package? Thank you very much.
OK, here it is: http://disk.jabbim.cz/michich@jabber.cz/kernel-devel-2.6.18-49.el5.bz248716.x86_64.rpm But note that this kernel build didn't go through any QA tests, so I don't recommend it for production use.
I installed the patch "a better fix" on kernel series 2.6.18-8.1.10 and it run!. Will this patch be included in next kernel release? Thank you.
First it has to be accepted upstream. It's in -mm now and Andrew Morton will probably send it to Linus for 2.6.24. Then it can be included in a RHEL Update Release (5.x). I don't expect the patch to make it into a RHEL 5.0 kernel bugfix release, unless a customer needs it.
But we need to get working VPN. Now I cannot use it. We buy product and then we cannot get fixes.
V., if you are a Red Hat Enterprise Linux user, would you please use Customer Support and file a request in the Issue Tracker. Include the number of this Bugzilla bug in the description of your issue. Support should be able to provide you with a fixed and still supported kernel, or at least push for earlier inclusion of the fix into a standard release. If you are not our customer, you can still simply recompile the kernel source RPM to which you include the patch I provided here. Anyway, I don't recommend using VPNs based on PPTP. PPTP has several known security flaws. Consider using other VPN solutions, e.g. IPsec or OpenVPN.
Could I connect to existing servers using IPsec or OpenVPN instead of PPTP?
No. They are different protocols. To a PPTP server you can only connect with a PPTP client.
> I don't expect the patch to make it into a RHEL 5.0 kernel bugfix > release, unless a customer needs it. > To a PPTP server you can only connect with a PPTP client. So, RHEL5 currently DOESN'T work with most of Windows and some BSD\Linux servers, doesn't work with most ISP (because lot of them using PPTP), and Red Hat company really thinking, that customers don't need this ability? Please, help me to understand, WHAT we should say to our ISPs and admins of some servers? "Guys, PPTP is a bad way. Even if your server works fine and you already have hundreds clients, you should remove your software and install _this_." Please, add this patch to updates, we don't want to add this "must have" patch and recompile kernel for every new version. Thank you!
in 2.6.18-60.el5 You can download this test kernel from http://people.redhat.com/dzickus/el5
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2008-0314.html