[CentOS-devel] Backport of xfrm kernel bugfix

Matt Dees

matt.dees at netprotect.com
Thu Dec 12 20:03:13 UTC 2019

Hi All!

We have been dealing with a memory leak in the kernel for IKEv2 and IPSec
connections relating to a memory leak in xfrm support on both el8 and el7.
The symptom of this issue is that memory will continue allocating in slab
over time making a box oom after too many connections.

As per some external discussions I am sending the patch + bug report on to
this list. It has already been accepted into upstream kernels (4.19
included) and is a pretty straight forward backport. I have tested and
installed this on a few centos8 systems to validate that this does indeed
solve the memory leak issue.

rbz# 1780470
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20191212/28479f8b/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: xfrm_fix_memleak.patch
Type: text/x-patch
Size: 1354 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20191212/28479f8b/attachment-0002.bin>

More information about the CentOS-devel mailing list