Hi All!
We have been dealing with a memory leak in the kernel for IKEv2 and IPSec connections relating to a memory leak in xfrm support on both el8 and el7. The symptom of this issue is that memory will continue allocating in slab over time making a box oom after too many connections.
As per some external discussions I am sending the patch + bug report on to this list. It has already been accepted into upstream kernels (4.19 included) and is a pretty straight forward backport. I have tested and installed this on a few centos8 systems to validate that this does indeed solve the memory leak issue.
rbz# 1780470
Can you open a ticket at https://bugs.centos.org/main_page.php ?
On 12/12/19 2:03 PM, Matt Dees wrote:
Hi All!
We have been dealing with a memory leak in the kernel for IKEv2 and IPSec connections relating to a memory leak in xfrm support on both el8 and el7. The symptom of this issue is that memory will continue allocating in slab over time making a box oom after too many connections.
As per some external discussions I am sending the patch + bug report on to this list. It has already been accepted into upstream kernels (4.19 included) and is a pretty straight forward backport. I have tested and installed this on a few centos8 systems to validate that this does indeed solve the memory leak issue.
rbz# 1780470
CentOS-devel mailing list CentOS-devel@centos.org https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.centos.org_mailma...
Thanks Matt for sending the patch to the list. This is moving forward
inside Red Hat, and will be included in a future kernel package. We can't
say for sure when this will happen, but the fix has been accepted. We're
still ironing out the details for the CentOS Stream external contribution
pipeline, so please bear with us.
On Thu, Dec 12, 2019 at 2:03 PM Matt Dees matt.dees@netprotect.com wrote:
Hi All!
We have been dealing with a memory leak in the kernel for IKEv2 and IPSec connections relating to a memory leak in xfrm support on both el8 and el7. The symptom of this issue is that memory will continue allocating in slab over time making a box oom after too many connections.
As per some external discussions I am sending the patch + bug report on to this list. It has already been accepted into upstream kernels (4.19 included) and is a pretty straight forward backport. I have tested and installed this on a few centos8 systems to validate that this does indeed solve the memory leak issue.
rbz# 1780470
CentOS-devel mailing list CentOS-devel@centos.org https://lists.centos.org/mailman/listinfo/centos-devel
On Wed, Jan 8, 2020 at 5:58 PM Carl George carl@redhat.com wrote:
Thanks Matt for sending the patch to the list. This is moving forward inside Red Hat, and will be included in a future kernel package. We can't say for sure when this will happen, but the fix has been accepted. We're still ironing out the details for the CentOS Stream external contribution pipeline, so please bear with us.
On Thu, Dec 12, 2019 at 2:03 PM Matt Dees matt.dees@netprotect.com wrote:
Hi All!
We have been dealing with a memory leak in the kernel for IKEv2 and IPSec connections relating to a memory leak in xfrm support on both el8 and el7. The symptom of this issue is that memory will continue allocating in slab over time making a box oom after too many connections.
As per some external discussions I am sending the patch + bug report on to this list. It has already been accepted into upstream kernels (4.19 included) and is a pretty straight forward backport. I have tested and installed this on a few centos8 systems to validate that this does indeed solve the memory leak issue.
rbz# 1780470
-- Carl George
In the meantime, the centosplus kernel (kernel-plus) for the upcoming CentOS 8.1.1911 includes this patch, so users can give it a try.
Akemi
kernel-4.18.0-177.el8 has been pushed to CentOS 8 Stream, which includes a fix for this issue.
https://lists.centos.org/pipermail/centos-devel/2020-February/036574.html
On Wed, Jan 8, 2020 at 8:35 PM Akemi Yagi amyagi@gmail.com wrote:
On Wed, Jan 8, 2020 at 5:58 PM Carl George carl@redhat.com wrote:
Thanks Matt for sending the patch to the list. This is moving forward inside Red Hat, and will be included in a future kernel package. We can't say for sure when this will happen, but the fix has been accepted. We're still ironing out the details for the CentOS Stream external contribution pipeline, so please bear with us.
On Thu, Dec 12, 2019 at 2:03 PM Matt Dees matt.dees@netprotect.com wrote:
Hi All!
We have been dealing with a memory leak in the kernel for IKEv2 and IPSec connections relating to a memory leak in xfrm support on both el8 and el7. The symptom of this issue is that memory will continue allocating in slab over time making a box oom after too many connections.
As per some external discussions I am sending the patch + bug report on to this list. It has already been accepted into upstream kernels (4.19 included) and is a pretty straight forward backport. I have tested and installed this on a few centos8 systems to validate that this does indeed solve the memory leak issue.
rbz# 1780470
-- Carl George
In the meantime, the centosplus kernel (kernel-plus) for the upcoming CentOS 8.1.1911 includes this patch, so users can give it a try.
Akemi _______________________________________________ CentOS-devel mailing list CentOS-devel@centos.org https://lists.centos.org/mailman/listinfo/centos-devel
-
Akemi Yagi -
Carl George -
Matt Dees -
Pat Riehecky