Re: [PATCH] crypto: af_alg - Remove zero-copy support from AF_ALG

Next message: Simo Sorce: "Re: [PATCH] crypto: af_alg - Document the deprecation of AF_ALG"
Previous message: Eric Biggers: "Re: [PATCH] crypto: af_alg - Document the deprecation of AF_ALG"
In reply to: Eric Biggers: "Re: [PATCH] crypto: af_alg - Remove zero-copy support from AF_ALG"
Next in thread: Eric Biggers: "Re: [PATCH] crypto: af_alg - Remove zero-copy support from AF_ALG"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Ⓐlï P☮latel

Date: Mon May 04 2026 - 14:32:25 EST

On Monday, 4 May 2026 at 19:51, Eric Biggers <ebiggers@xxxxxxxxxx> wrote:

> On Mon, May 04, 2026 at 04:07:45PM +0000, Ⓐlï P☮latel wrote:
> > Syd sandbox uses AF_ALG zero-copy for its Force Sandboxing[1] and Crypt Sandboxing[1].
> > Zero-copy means Syd does not have to copy sandbox process data into its own address
> > space providing safety and security. Switching to read/write rather than pipes and
> > splice breaks a fundamental safety guarantee for the sandbox. Please do not break
> > userspace.
> >
> > Will sendfile(2) continue to work?
> >
> > [1]: https://man.exherbo.org/syd.7.html#Force_Sandboxing
> > [2]: https://man.exherbo.org/syd.7.html#Crypt_Sandboxing
>

> It's very unclear what that feature (which I don't think anyone knew
> even existed) is trying to accomplish. Regardless, this patch doesn't
> break the splice or sendfile syscalls. It just makes them run a bit
> more slowly since the kernel will copy the data internally. So I think
> your concern isn't justified.
>

> > How can i test? Please help me.
>

> If this is a feature you care about, perhaps you know how to test it?

Thank you very much for the explanation and excuse me I panicked.

> - Eric
>

Best,
Ali

Attachment: publickey - alip@chesswob.org - 0x55838BF3.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature