diff options
| author | Demi Marie Obenour <demiobenour@gmail.com> | 2026-05-23 15:43:04 -0400 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2026-05-29 14:05:30 +0800 |
| commit | 5624ea54f3ba5c83d2e5503411a31a8be0278c1e (patch) | |
| tree | e08921d9a9676bbda625e55be29d4a6a59d1cfef /Documentation | |
| parent | 7524070f26d8d347c26787dc297fb844baa26abf (diff) | |
| download | linux-next-history-5624ea54f3ba5c83d2e5503411a31a8be0278c1e.tar.gz | |
crypto: af_alg - Document that it is *always* slower
Without support for zero-copy or off-CPU offloads, AF_ALG is always
slower than software cryptography. Its only advantage is that it might
save code size. However, this is largely mitigated by lightweight
userspace cryptographic libraries.
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'Documentation')
| -rw-r--r-- | Documentation/crypto/userspace-if.rst | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/Documentation/crypto/userspace-if.rst b/Documentation/crypto/userspace-if.rst index b31117d4415dd..ab93300c8e045 100644 --- a/Documentation/crypto/userspace-if.rst +++ b/Documentation/crypto/userspace-if.rst @@ -28,8 +28,8 @@ functionality than that. It actually provides access to all software algorithms. This includes arbitrary compositions of different algorithms created via a complex template system, as well as algorithms that only make sense as internal -implementation details of other algorithms. It also includes full zero-copy -support, which is difficult for the kernel to implement securely. +implementation details of other algorithms. In the past, it also included full +zero-copy support, which was difficult for the kernel to implement securely. Ultimately, these algorithms are just math computations. They use the same instructions that userspace programs already have access to, just accessed in a @@ -38,6 +38,21 @@ much more convoluted and less efficient way. Indeed, userspace code is nearly always what is being used anyway. These same algorithms are widely implemented in userspace crypto libraries. +Even when zero-copy and off-CPU accelerators were supported, AF_ALG was usually +much slower than optimized software cryptography in userspace. This was +especially true for the small message sizes usually seen in performance-critical +workloads. While it was possible to demonstrate performance wins for hashing +large files on embedded devices, it is hard to imagine a situation where this +would be performance-critical. + +Nowadays, AF_ALG no longer supports zero-copy or off-CPU accelerators. +Therefore, it is *always* slower than an optimized userspace implementation, +even for large messages. The only possible advantage left is that it avoids +duplicating code between kernel and userspace. However, userspace +implementations, especially hardware-accelerated ones, do not need to be large. +Just because OpenSSL is huge does not mean that all userspace cryptography +libraries are. + Meanwhile, AF_ALG hasn't been withstanding modern vulnerability discovery tools such as syzbot and large language models. It receives a steady stream of CVEs. Some of the examples include: |