[CentOS-devel] Backport of xfrm kernel bugfix

Tue Feb 18 21:33:28 UTC 2020
Carl George <carl at redhat.com>

kernel-4.18.0-177.el8 has been pushed to CentOS 8 Stream, which
includes a fix for this issue.

https://lists.centos.org/pipermail/centos-devel/2020-February/036574.html

On Wed, Jan 8, 2020 at 8:35 PM Akemi Yagi <amyagi at gmail.com> wrote:
>
> On Wed, Jan 8, 2020 at 5:58 PM Carl George <carl at redhat.com> wrote:
> >
> > Thanks Matt for sending the patch to the list.  This is moving forward
> > inside Red Hat, and will be included in a future kernel package.  We can't
> > say for sure when this will happen, but the fix has been accepted.  We're
> > still ironing out the details for the CentOS Stream external contribution
> > pipeline, so please bear with us.
> >
> > On Thu, Dec 12, 2019 at 2:03 PM Matt Dees <matt.dees at netprotect.com> wrote:
> >>
> >> Hi All!
> >>
> >> We have been dealing with a memory leak in the kernel for IKEv2 and IPSec connections relating to a memory leak in xfrm support on both el8 and el7. The symptom of this issue is that memory will continue allocating in slab over time making a box oom after too many connections.
> >>
> >> As per some external discussions I am sending the patch + bug report on to this list. It has already been accepted into upstream kernels (4.19 included) and is a pretty straight forward backport. I have tested and installed this on a few centos8 systems to validate that this does indeed solve the memory leak issue.
> >>
> >> rbz# 1780470
> > --
> > Carl George
>
> In the meantime, the centosplus kernel (kernel-plus) for the upcoming
> CentOS 8.1.1911 includes this patch, so users can give it a try.
>
> Akemi
> _______________________________________________
> CentOS-devel mailing list
> CentOS-devel at centos.org
> https://lists.centos.org/mailman/listinfo/centos-devel
>


-- 
Carl George