On Mon, May 04, 2026 at 03:53:28PM -0700, Eric Biggers wrote:
> The zero-copy support is one of the riskiest aspects of AF_ALG. It
> allows userspace to request cryptographic operations directly on
> pagecache pages of files like the 'su' binary. It also allows userspace
> to concurrently modify the memory which is being operated on, a recipe
> for TOCTOU vulnerabilities.
>
> While zero-copy support is more valuable in other areas of the kernel
> like the frequently used networking and file I/O code, it has far less
> value in AF_ALG, which is a niche UAPI. AF_ALG primarily just exists
> for backwards compatibility with a small set of userspace programs such
> as 'iwd' that haven't yet been fixed to use userspace crypto code.
>
> Originally AF_ALG was intended to be used to access hardware crypto
> accelerators. However, it isn't an efficient interface for that anyway,
> and it turned out to be rarely used in this way in practice.
>
> Thus, the risks of the zero-copy support in AF_ALG vastly outweigh its
> benefits. Let's just remove it.
>
> This commit removes it from the "skcipher" and "aead" algorithm types.
> "hash" will be handled separately.
>
> This is a soft break, not a hard break. Even after this commit, it
> still works to use splice() or sendfile() to transfer data to an AF_ALG
> request socket from a pipe or any file, respectively. What changes is
> just that the kernel now makes an internal, stable copy of the data
> before doing the crypto operation. So performance is slightly reduced,
> but the UAPI isn't broken. And, very importantly, it's much safer.
>
> Tested with libkcapi/test.sh. All its test cases still pass. I also
> verified that this would have prevented the copy.fail exploit as well.
> I also used a custom test program to verify that sendfile() still works.
>
> Fixes: 8ff590903d5f ("crypto: algif_skcipher - User-space interface for
> skcipher operations")
> Fixes: 400c40cf78da ("crypto: algif - add AEAD support")
> Reported-by: Taeyang Lee <[email protected]>
> Link: https://copy.fail/
> Reported-by: Feng Ning <[email protected]>
> Closes: https://lore.kernel.org/r/[email protected]
> Reviewed-by: Demi Marie Obenour <[email protected]>
> Cc: [email protected]
> Signed-off-by: Eric Biggers <[email protected]>
> ---
>
> v3: improved explanation
> v2: added tags
>
> Documentation/crypto/userspace-if.rst | 31 ++----------
> crypto/af_alg.c | 73 +++++++++------------------
> crypto/algif_aead.c | 8 +--
> 3 files changed, 33 insertions(+), 79 deletions(-)
Patch applied. Thanks.
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
