On Wed, Jan 8, 2020 at 5:58 PM Carl George carl@redhat.com wrote:
Thanks Matt for sending the patch to the list. This is moving forward inside Red Hat, and will be included in a future kernel package. We can't say for sure when this will happen, but the fix has been accepted. We're still ironing out the details for the CentOS Stream external contribution pipeline, so please bear with us.
On Thu, Dec 12, 2019 at 2:03 PM Matt Dees matt.dees@netprotect.com wrote:
Hi All!
We have been dealing with a memory leak in the kernel for IKEv2 and IPSec connections relating to a memory leak in xfrm support on both el8 and el7. The symptom of this issue is that memory will continue allocating in slab over time making a box oom after too many connections.
As per some external discussions I am sending the patch + bug report on to this list. It has already been accepted into upstream kernels (4.19 included) and is a pretty straight forward backport. I have tested and installed this on a few centos8 systems to validate that this does indeed solve the memory leak issue.
rbz# 1780470
-- Carl George
In the meantime, the centosplus kernel (kernel-plus) for the upcoming CentOS 8.1.1911 includes this patch, so users can give it a try.
Akemi