Bug 248716 - Module MPPE cause kernel panic.
Module MPPE cause kernel panic.
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel (Show other bugs)
x86_64 Linux
low Severity high
: ---
: ---
Assigned To: Michal Schmidt
Martin Jenner
Depends On:
Blocks: 425461
  Show dependency treegraph
Reported: 2007-07-18 09:07 EDT by Seby Carta
Modified: 2008-05-21 10:46 EDT (History)
1 user (show)

See Also:
Fixed In Version: RHBA-2008-0314
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-05-21 10:46:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
workaround patch (1008 bytes, patch)
2007-09-19 15:15 EDT, Michal Schmidt
no flags Details | Diff
a better fix (1.83 KB, patch)
2007-09-21 12:18 EDT, Michal Schmidt
no flags Details | Diff

  None (edit)
Description Seby Carta 2007-07-18 09:07:52 EDT
Description of problem:

Module mppe cause kernel panic after few seconds. I installed pptpd x86_64 ,
when i connect from clients my server machine freezes. I had to hard reboot. 
Same configuration works ok on x86 architecture.

Version-Release number of selected component (if applicable):
2.6.18-8.x ( x86_64 version)

How reproducible:

Steps to Reproduce:
1. Start pptpd service
2. connect from 1 windows client 
Actual results:

Server completely freezes with kernel panic

Expected results:

Estabilish vpn tunnel

Additional info:

This bug was also filed on Centos bugzilla ( you can also find a kdump there):
Comment 1 Johannes Maybaum 2007-09-14 09:59:15 EDT
I can confirm this i386 2.6.18-8.1.8 works ok
same setup on x86_64 produces panic listed on centos bug tracker
Comment 2 Michal Schmidt 2007-09-19 09:49:23 EDT
I reproduced the bug on x86_64. Narrowed it down to 
Comment 3 Michal Schmidt 2007-09-19 15:15:09 EDT
Created attachment 199981 [details]
workaround patch

Don't allocate InterimKey on the stack, because then virt_to_page doesn't work
on it. Not yet sure if it's expected or an unintended side-effect of
Comment 4 RHEL Product and Program Management 2007-09-20 11:06:18 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
Comment 5 Michal Schmidt 2007-09-21 12:18:35 EDT
Created attachment 202531 [details]
a better fix

After discussing it with others, I came to the conclusion that trying
virt_to_page on a stack-allocated buffer is indeed a bug. This patch fixes
mppe_rekey to avoid doing that. As a bonus, it gets rid of one memcpy and saves
a bit of stack space. I sent a patch to upstream too. I tested only the
upstream version. This one is only compile-tested so far.
Comment 6 Michal Schmidt 2007-09-24 05:29:49 EDT

I've uploaded a testing kernel with the patch to:

Could you verify it fixes the bug for you?

Comment 7 Seby Carta 2007-09-24 05:57:35 EDT
Hi Michael,
thank you for your work, the kernel run perfectly! :-)
Could you please publish also the *-devel package? 
Thank you very much.
Comment 8 Michal Schmidt 2007-09-24 06:28:55 EDT
OK, here it is:

But note that this kernel build didn't go through any QA tests, so I don't
recommend it for production use.
Comment 9 Seby Carta 2007-09-25 09:37:01 EDT
I installed the patch "a better fix" on kernel series  2.6.18-8.1.10 and it run!.
Will this patch be included in next kernel release?
Thank you.
Comment 10 Michal Schmidt 2007-09-25 10:10:06 EDT
First it has to be accepted upstream. It's in -mm now and Andrew Morton will
probably send it to Linus for 2.6.24. Then it can be included in a RHEL Update
Release (5.x). I don't expect the patch to make it into a RHEL 5.0 kernel bugfix
release, unless a customer needs it.
Comment 11 V 2007-09-28 10:18:09 EDT
But we need to get working VPN. Now I cannot use it. We buy product and then we 
cannot get fixes.
Comment 12 Michal Schmidt 2007-09-28 12:13:38 EDT

if you are a Red Hat Enterprise Linux user, would you please use Customer 
Support and file a request in the Issue Tracker. Include the number of this 
Bugzilla bug in the description of your issue. Support should be able to 
provide you with a fixed and still supported kernel, or at least push for 
earlier inclusion of the fix into a standard release.

If you are not our customer, you can still simply recompile the kernel source 
RPM to which you include the patch I provided here.

Anyway, I don't recommend using VPNs based on PPTP. PPTP has several known 
security flaws. Consider using other VPN solutions, e.g. IPsec or OpenVPN.
Comment 13 Sotnik Dmitrij 2007-09-28 12:57:33 EDT
Could I connect to existing servers using IPsec or OpenVPN instead of PPTP?
Comment 14 Michal Schmidt 2007-09-28 19:04:28 EDT
No. They are different protocols. To a PPTP server you can only connect with a 
PPTP client.
Comment 15 Sotnik Dmitrij 2007-09-29 05:06:10 EDT
> I don't expect the patch to make it into a RHEL 5.0 kernel bugfix
> release, unless a customer needs it.

> To a PPTP server you can only connect with a PPTP client.

So, RHEL5 currently DOESN'T work with most of Windows and some BSD\Linux 
servers, doesn't work with most ISP (because lot of them using PPTP), and Red 
Hat company really thinking, that customers don't need this ability?

Please, help me to understand, WHAT we should say to our ISPs and admins of 
some servers? "Guys, PPTP is a bad way. Even if your server works fine and you 
already have hundreds clients, you should remove your software and install 

Please, add this patch to updates, we don't want to add this "must have" patch 
and recompile kernel for every new version.

Thank you!
Comment 17 Don Zickus 2007-12-14 13:38:32 EST
in 2.6.18-60.el5
You can download this test kernel from http://people.redhat.com/dzickus/el5
Comment 20 errata-xmlrpc 2008-05-21 10:46:34 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.