kernel-4.18.0-177.el8 has been pushed to CentOS 8 Stream, which includes a fix for this issue. https://lists.centos.org/pipermail/centos-devel/2020-February/036574.html On Wed, Jan 8, 2020 at 8:35 PM Akemi Yagi <amyagi at gmail.com> wrote: > > On Wed, Jan 8, 2020 at 5:58 PM Carl George <carl at redhat.com> wrote: > > > > Thanks Matt for sending the patch to the list. This is moving forward > > inside Red Hat, and will be included in a future kernel package. We can't > > say for sure when this will happen, but the fix has been accepted. We're > > still ironing out the details for the CentOS Stream external contribution > > pipeline, so please bear with us. > > > > On Thu, Dec 12, 2019 at 2:03 PM Matt Dees <matt.dees at netprotect.com> wrote: > >> > >> Hi All! > >> > >> We have been dealing with a memory leak in the kernel for IKEv2 and IPSec connections relating to a memory leak in xfrm support on both el8 and el7. The symptom of this issue is that memory will continue allocating in slab over time making a box oom after too many connections. > >> > >> As per some external discussions I am sending the patch + bug report on to this list. It has already been accepted into upstream kernels (4.19 included) and is a pretty straight forward backport. I have tested and installed this on a few centos8 systems to validate that this does indeed solve the memory leak issue. > >> > >> rbz# 1780470 > > -- > > Carl George > > In the meantime, the centosplus kernel (kernel-plus) for the upcoming > CentOS 8.1.1911 includes this patch, so users can give it a try. > > Akemi > _______________________________________________ > CentOS-devel mailing list > CentOS-devel at centos.org > https://lists.centos.org/mailman/listinfo/centos-devel > -- Carl George