Re: [PATCH] crypto: af_alg - Remove zero-copy support from AF_ALG

Next message: Sean Christopherson: "Re: [PATCH] x86/virt: Fix RCU lockdep splat in emergency virt callback path"
Previous message: John Harrison: "Re: [v3,5/7] drm: writeback: Modify params for drm_writeback_get_out_fence"
In reply to: &#x24B6;l&#xEF; P&#x262E;latel: "Re: [PATCH] crypto: af_alg - Remove zero-copy support from AF_ALG"
Next in thread: &#x24B6;l&#xEF; P&#x262E;latel: "Re: [PATCH] crypto: af_alg - Remove zero-copy support from AF_ALG"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Eric Biggers

Date: Mon May 04 2026 - 13:51:30 EST

On Mon, May 04, 2026 at 04:07:45PM +0000, Ⓐlï P☮latel wrote:
> Syd sandbox uses AF_ALG zero-copy for its Force Sandboxing[1] and Crypt Sandboxing[1].
> Zero-copy means Syd does not have to copy sandbox process data into its own address
> space providing safety and security. Switching to read/write rather than pipes and
> splice breaks a fundamental safety guarantee for the sandbox. Please do not break
> userspace.
>
> Will sendfile(2) continue to work?
>
> [1]: https://man.exherbo.org/syd.7.html#Force_Sandboxing
> [2]: https://man.exherbo.org/syd.7.html#Crypt_Sandboxing

It's very unclear what that feature (which I don't think anyone knew
even existed) is trying to accomplish. Regardless, this patch doesn't
break the splice or sendfile syscalls. It just makes them run a bit
more slowly since the kernel will copy the data internally. So I think
your concern isn't justified.

> How can i test? Please help me.

If this is a feature you care about, perhaps you know how to test it?

- Eric