IPSec / xfrm memory leak found
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Hi everybody.
there is a memory leak in the current kernels since 4.15 (maybe olders as well) in combination with IPSec. I verified it with kernel linux-meta 4.15.0.70.72 on Ubuntu 18.04.
As Strongswan is used and users login / logout, being connected and doing traffic memory gets lost. After a while no memory is left over and OOM killer starts it work.
After some debugging and asking in the Strongswan irc channel I was informed that there was a memory leak found in net/xfrm/
https:/
I applied this patch against the linux-meta 4.15.0.70.72 and it fixes the issue.
Tested and verified on and with:
Ubuntu 18.04.3 LTS
strongswan-
linux-image-
Here are some additional information:
https://<email address hidden>/
https:/
it also is reproducible with hwe and hwe-edge kernel as well as with other strongswan version. I also backported latest Ubuntu version of strongswan to 18.04 which has same behavior. On a completely different system (Gentoo) it also is the case. So I'm really sure that this is related to the reported kernel thing which is already solve in current mainline
affects: | linux-meta (Ubuntu) → linux (Ubuntu) |
package was not taken correctly