diff options
| author | Demi Marie Obenour <demiobenour@gmail.com> | 2026-05-23 15:43:03 -0400 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2026-05-29 14:05:30 +0800 |
| commit | 7524070f26d8d347c26787dc297fb844baa26abf (patch) | |
| tree | 74f0a7b9a2e653829cdc6a4f2991458e6f5f6c0d /Documentation | |
| parent | fcc77d33a34cf271702e8daafb6c593e4626776d (diff) | |
| download | linux-next-history-7524070f26d8d347c26787dc297fb844baa26abf.tar.gz | |
crypto: af_alg - Drop support for off-CPU cryptography
AF_ALG is deprecated and exposed to unprivileged userspace. Only
use the least buggy algorithm implementations: the pure software ones.
This removes one of the main advantages of AF_ALG, which is the
ability to use it with off-CPU accelerators. However, using off-CPU
accelerators has huge overheads, both in performance and attack surface.
I have yet to see real-world, performance-critical workloads where using
an accelerator via AF_ALG is actually a win over doing cryptography in
userspace.
If using an off-CPU accelerator really does turn out to be a win, a new
API should be developed that is actually a good fit for it.
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'Documentation')
| -rw-r--r-- | Documentation/crypto/userspace-if.rst | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/Documentation/crypto/userspace-if.rst b/Documentation/crypto/userspace-if.rst index ea1b1b3f4049f..b31117d4415dd 100644 --- a/Documentation/crypto/userspace-if.rst +++ b/Documentation/crypto/userspace-if.rst @@ -9,7 +9,8 @@ symmetric cipher, AEAD, and RNG algorithms that are implemented in kernel-mode code. AF_ALG is insecure and is deprecated. Originally added to the kernel in 2010, -most kernel developers now consider it to be a mistake. +most kernel developers now consider it to be a mistake. Support for hardware +accelerators, which was the original purpose of AF_ALG, has been removed. AF_ALG continues to be supported only for backwards compatibility. On systems where no programs using AF_ALG remain, the support for it should be disabled by @@ -59,6 +60,10 @@ Some of the examples include: - CVE-2013-7421 - CVE-2011-4081 +Hardware accelerator drivers are frequently buggy. To reduce attack surface, +AF_ALG now only provides access to algorithms implemented in software. This +means that AF_ALG no longer fulfills its original purpose. + It is recommended that, whenever possible, userspace programs be migrated to userspace crypto code (which again, is what is normally used anyway) and ``CONFIG_CRYPTO_USER_API_*`` be disabled. On systems that use SELinux, SELinux |