On Wed, Jan 8, 2020 at 5:58 PM Carl George <carl at redhat.com> wrote: > > Thanks Matt for sending the patch to the list. This is moving forward > inside Red Hat, and will be included in a future kernel package. We can't > say for sure when this will happen, but the fix has been accepted. We're > still ironing out the details for the CentOS Stream external contribution > pipeline, so please bear with us. > > On Thu, Dec 12, 2019 at 2:03 PM Matt Dees <matt.dees at netprotect.com> wrote: >> >> Hi All! >> >> We have been dealing with a memory leak in the kernel for IKEv2 and IPSec connections relating to a memory leak in xfrm support on both el8 and el7. The symptom of this issue is that memory will continue allocating in slab over time making a box oom after too many connections. >> >> As per some external discussions I am sending the patch + bug report on to this list. It has already been accepted into upstream kernels (4.19 included) and is a pretty straight forward backport. I have tested and installed this on a few centos8 systems to validate that this does indeed solve the memory leak issue. >> >> rbz# 1780470 > -- > Carl George In the meantime, the centosplus kernel (kernel-plus) for the upcoming CentOS 8.1.1911 includes this patch, so users can give it a try. Akemi