<br>This patch fixed the problem.<div>thanks!<br><div class="gmail_quote">2011/3/31 David McCullough <span dir="ltr">&lt;<a href="mailto:david_mccullough@mcafee.com">david_mccullough@mcafee.com</a>&gt;</span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im"><br>
Jivin Zhiping Liu lays it down ...<br>
</div>&gt; produced by following:<br>
<br>
Thanks for that,  we are doing a double ipsec_dev_put which I think is the<br>
problem.  try the attached patch and see how that goes.<br>
<br>
Cheers,<br>
Davidm<br>
<div><div></div><div class="h5"><br>
&gt; 1.kernel version: latest stable 2.6.38.1<br>
&gt;<br>
&gt; PL-SMS ~ # uname -r<br>
&gt; 2.6.38.1<br>
&gt; PL-SMS ~ #<br>
&gt;<br>
&gt; 2.ipsec config file:<br>
&gt;<br>
&gt; PL-SMS openswan-2.6.33 # cat /etc/ipsec.conf<br>
&gt; # /etc/ipsec.conf - Openswan IPsec configuration file<br>
&gt;<br>
&gt; # This file:  /usr/local/share/doc/openswan/ipsec.conf-sample<br>
&gt; #<br>
&gt; # Manual:     ipsec.conf.5<br>
&gt;<br>
&gt;<br>
&gt; version 2.0     # conforms to second version of ipsec.conf specification<br>
&gt;<br>
&gt; # basic configuration<br>
&gt; config setup<br>
&gt;       # Do not set debug options to debug configuration issues!<br>
&gt;       # plutodebug / klipsdebug = &quot;all&quot;, &quot;none&quot; or a combation from below:<br>
&gt;       # &quot;raw crypt parsing emitting control klips pfkey natt x509 dpd private&quot;<br>
&gt;       # eg:<br>
&gt;       # plutodebug=&quot;control parsing&quot;<br>
&gt;       #<br>
&gt;       # enable to get logs per-peer<br>
&gt;       # plutoopts=&quot;--perpeerlog&quot;<br>
&gt;       #<br>
&gt;       # Again: only enable plutodebug or klipsdebug when asked by a developer<br>
&gt;       #<br>
&gt;       # NAT-TRAVERSAL support, see README.NAT-Traversal<br>
&gt;       nat_traversal=yes<br>
&gt;       # exclude networks used on server side by adding %v4:!a.b.c.0/24<br>
&gt;       virtual_private=%v4:<a href="http://10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12" target="_blank">10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12</a><br>
&gt;       # OE is now off by default. Uncomment and change to on, to enable.<br>
&gt;       oe=off<br>
&gt;       # which IPsec stack to use. auto will try netkey, then klips then mast<br>
&gt;       protostack=mast<br>
&gt;<br>
&gt;<br>
&gt; # Add connections here<br>
&gt;<br>
&gt; # sample VPN connection<br>
&gt; # for more examples, see /etc/ipsec.d/examples/<br>
&gt; #conn sample<br>
&gt; #      # Left security gateway, subnet behind it, nexthop toward right.<br>
&gt; #      left=10.0.0.1<br>
&gt; #      leftsubnet=<a href="http://172.16.0.0/24" target="_blank">172.16.0.0/24</a><br>
&gt; #      leftnexthop=10.22.33.44<br>
&gt; #      # Right security gateway, subnet behind it, nexthop toward left.<br>
&gt; #      right=10.12.12.1<br>
&gt; #      rightsubnet=<a href="http://192.168.0.0/24" target="_blank">192.168.0.0/24</a><br>
&gt; #      rightnexthop=10.101.102.103<br>
&gt; #      # To authorize this connection, but not actually start it,<br>
&gt; #      # at startup, uncomment this.<br>
&gt; #      #auto=add<br>
&gt;<br>
&gt; PL-SMS openswan-2.6.33 #<br>
&gt;<br>
&gt; 3.how to produce kernel oops<br>
&gt;<br>
&gt;<br>
&gt; PL-SMS ~ # modprobe ipsec<br>
&gt; PL-SMS ~ # rmmod ipsec<br>
&gt; Killed<br>
&gt; PL-SMS ~ # lsmod<br>
&gt; Module                  Size  Used by<br>
&gt; ipsec                 311608  0<br>
&gt; PL-SMS ~ #<br>
&gt;<br>
&gt; 4.kernel dmesg shows:<br>
&gt;<br>
&gt; BUG: unable to handle kernel NULL pointer dereference at   (null)<br>
&gt; IP: [&lt;f8101a59&gt;] ipsec_mast_cleanup_devices+0x2f/0x4a [ipsec]<br>
&gt; *pde = 00000000<br>
&gt; Oops: 0002 [#1]<br>
&gt; last sysfs file: /sys/devices/virtual/net/ipsec0/address<br>
&gt; Modules linked in: ipsec(-)<br>
&gt;<br>
&gt; Pid: 3387, comm: rmmod Not tainted 2.6.38.1 #5 System manufacturer System Product Name/M2A-VM<br>
&gt; EIP: 0060:[&lt;f8101a59&gt;] EFLAGS: 00010246 CPU: 0<br>
&gt; EIP is at ipsec_mast_cleanup_devices+0x2f/0x4a [ipsec]<br>
&gt; EAX: 00000000 EBX: 00000000 ECX: f5b1bef8 EDX: 00000001<br>
&gt; ESI: 00000000 EDI: 00000880 EBP: f5b1bf2c ESP: f5b1bf28<br>
&gt;  DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068<br>
&gt; Process rmmod (pid: 3387, ti=f5b1a000 task=f5f14c80 task.ti=f5b1a000)<br>
&gt; Stack:<br>
&gt;  f813aa40 f5b1bf4c f80f4013 f5b1bf54 f5b1bf4c c103aa8b f813aa40 00000000<br>
&gt;  00000880 f5b1bfac c103a479 65737069 00000063 f5b2edc0 f5b1bf70 c10599db<br>
&gt;  f5b2edc0 f5eb9380 f5b1bf9c c105a315 ffffffff b77aa000 b77ab000 f5b2ecc4<br>
&gt; Call Trace:<br>
&gt;  [&lt;f80f4013&gt;] cleanup_module+0x13/0x12a [ipsec]<br>
&gt;  [&lt;c103aa8b&gt;] ? __try_stop_module+0xf/0x4c<br>
&gt;  [&lt;c103a479&gt;] sys_delete_module+0x17c/0x1cf<br>
&gt;  [&lt;c10599db&gt;] ? remove_vma+0x41/0x47<br>
&gt;  [&lt;c105a315&gt;] ? do_munmap+0x1de/0x20c<br>
&gt;  [&lt;c1002710&gt;] sysenter_do_call+0x12/0x26<br>
&gt; Code: 31 db eb 35 8b 14 9d 60 c0 13 f8 85 d2 74 29 8b 82 d8 01 00 00 ff 08 89 d0 e8 c7 57 18 c9 8b 04 9d 60 c0 13 f8 8b 80 d8 01 00 00 &lt;ff&gt; 08 c7 04 9d 60 c0 13 f8 00 00 00 00 43 3b 1d e8 8c 13 f8 7e<br>
&gt; EIP: [&lt;f8101a59&gt;] ipsec_mast_cleanup_devices+0x2f/0x4a [ipsec] SS:ESP 0068:f5b1bf28<br>
&gt; CR2: 0000000000000000<br>
&gt; ---[ end trace 01ae9d869f653d55 ]---<br>
&gt; PL-SMS ~ #<br>
&gt;<br>
&gt; thanks for you reply!<br>
&gt;<br>
&gt; 2011/3/31 David McCullough &lt;<a href="mailto:david_mccullough@mcafee.com">david_mccullough@mcafee.com</a>&gt;<br>
&gt;<br>
&gt;<br>
&gt;       Jivin Zhiping Liu lays it down ...<br>
&gt;<br>
&gt;       &gt; Hi all:<br>
&gt;       &gt;<br>
&gt;       &gt; I don&#39;t know if anyone have found out this before,but it&#39;s obviously a bug in file: linux/net/ipsec/ipsec_mast.c<br>
&gt;       &gt;<br>
&gt;       &gt;<br>
&gt;       &gt; 1085 int<br>
&gt;       &gt; 1086 ipsec_mast_init_devices(void)<br>
&gt;       &gt; 1087 {<br>
&gt;       &gt; 1088         /*<br>
&gt;       &gt; 1089          * mast0 is used for transport mode stuff, and generally is<br>
&gt;       &gt; 1090          * the default unless the user decides to create more.<br>
&gt;       &gt; 1091          */<br>
&gt;       &gt; 1092         ipsec_mast_createnum(0);<br>
&gt;       &gt; 1093<br>
&gt;       &gt; 1094         return 0;<br>
&gt;       &gt; 1095 }<br>
&gt;       &gt;<br>
&gt;       &gt; line 1092 set mast device num (mastdevices_max) to 0.<br>
&gt;       &gt;<br>
&gt;       &gt; if we do a rmmod ipsec now ,in ipsec_mast_cleanup_devices<br>
&gt;       &gt;<br>
&gt;       &gt; 1098 int<br>
&gt;       &gt; 1099 ipsec_mast_cleanup_devices(void)<br>
&gt;       &gt; 1100 {<br>
&gt;       &gt; 1101         int error = 0;<br>
&gt;       &gt; 1102         int i;<br>
&gt;       &gt; 1103         struct net_device *dev_mast;<br>
&gt;       &gt; 1104<br>
&gt;       &gt; 1105         for(i = 0; i &lt;= mastdevices_max; i++) {<br>
&gt;       &gt; 1106                 if(mastdevices[i]!=NULL) {<br>
&gt;       &gt; 1107                         dev_mast = mastdevices[i];<br>
&gt;       &gt; 1108                         //lzp add<br>
&gt;       &gt; 1109                         if (!dev_mast)<br>
&gt;       &gt; 1110                                 printk(KERN_WARNING &quot;dev_mast null&quot;);<br>
&gt;       &gt; 1111                         ipsec_dev_put(dev_mast);<br>
&gt;       &gt; 1112                         unregister_netdev(dev_mast);<br>
&gt;       &gt; 1113 #ifndef alloc_netdev<br>
&gt;       &gt; 1114                         kfree(dev_mast-&gt;priv);<br>
&gt;       &gt; 1115                         dev_mast-&gt;priv=NULL;<br>
&gt;       &gt; 1116 #endif<br>
&gt;       &gt; 1117                         ipsec_dev_put(mastdevices[i]);<br>
&gt;       &gt; 1118                         mastdevices[i]=NULL;<br>
&gt;       &gt; 1119                 }<br>
&gt;       &gt; 1120         }<br>
&gt;       &gt; 1121         return error;<br>
&gt;       &gt; 1122 }<br>
&gt;       &gt;<br>
&gt;       &gt; we will clean up mastdevices[0],which is not initialize yet.<br>
&gt;<br>
&gt;<br>
&gt;       It will be initialised because ipsec_mast_createnum initialises it.<br>
&gt;<br>
&gt;       The code at 1106 checks if it&#39;s non-NULL before cleaning it up,  so this is<br>
&gt;       safe also as mastdevices will be initialised to all 0&#39;s, and we always set it<br>
&gt;       back to NULL when we clean up.<br>
&gt;<br>
&gt;<br>
&gt;       &gt; change to this fix the problem<br>
&gt;       &gt; 1085 int<br>
&gt;       &gt; 1086 ipsec_mast_init_devices(void)<br>
&gt;       &gt; 1087 {<br>
&gt;       &gt; 1088         /*<br>
&gt;       &gt; 1089          * mast0 is used for transport mode stuff, and generally is<br>
&gt;       &gt; 1090          * the default unless the user decides to create more.<br>
&gt;       &gt; 1091          */<br>
&gt;       &gt; 1092         ipsec_mast_createnum(-1);<br>
&gt;       &gt; 1093<br>
&gt;       &gt; 1094         return 0;<br>
&gt;       &gt; 1095 }<br>
&gt;<br>
&gt;<br>
&gt;       This will almost certainly cause a problem as we will index into mastdevices<br>
&gt;       with -1 which is bad.<br>
&gt;<br>
&gt;       Do you have a kernel oops that points to a problem here?  That might helps<br>
&gt;       because as it stands I don&#39;t see a problem with that particular code path,<br>
&gt;<br>
&gt;       Cheers,<br>
&gt;       Davidm<br>
&gt;<br>
&gt;<br>
&gt;       --<br>
&gt;       David McCullough,      <a href="mailto:david_mccullough@mcafee.com">david_mccullough@mcafee.com</a>,  Ph:+61 734352815<br>
&gt;       McAfee - SnapGear      <a href="http://www.mcafee.com" target="_blank">http://www.mcafee.com</a>         <a href="http://www.uCdot.org" target="_blank">http://www.uCdot.org</a><br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt; --<br>
&gt;<br>
&gt;<br>
&gt;<br>
<br>
</div></div>--<br>
<div><div></div><div class="h5">David McCullough,      <a href="mailto:david_mccullough@mcafee.com">david_mccullough@mcafee.com</a>,  Ph:+61 734352815<br>
McAfee - SnapGear      <a href="http://www.mcafee.com" target="_blank">http://www.mcafee.com</a>         <a href="http://www.uCdot.org" target="_blank">http://www.uCdot.org</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>--<br>
</div>