Re: AF_ALG hardening

Next message: Joel Fernandes: "Re: [PATCH v12 12/22] gpu: nova-core: mm: Add page table entry operation traits"
Previous message: Thorsten Blum: "[PATCH] crypto: ecrdsa - fix unknown OID check in ecrdsa_param_curve"
In reply to: Demi Marie Obenour: "Re: AF_ALG hardening"
Next in thread: Simon Richter: "Re: AF_ALG hardening"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Eric Biggers

Date: Sat May 02 2026 - 15:16:33 EST

On Sat, May 02, 2026 at 12:52:57AM -0400, Demi Marie Obenour wrote:
> > Either way, the first step will be to create the algorithm allowlist,
> > which should happen anyway, regardless of the other changes.
>
> The simplest changes I can see are:
>
> 1. Get rid of zero-copy support (splice()).
> 2. Get rid of AIO support.
> 3. Only allow software implementations.
>
> All of these are really simple. I can send patches, but be warned
> that they would only be compile-tested, as I don't know how to test
> the code.

If you're interested, please send patches, and we'll see where things go
from there. We need to get more people helping with this stuff.

For (1), it probably should work like the way the zero-copy support was
disabled in the 6.1 LTS kernel last year, where (I think) the splice()
syscall still succeeds but it just copies the data.

For (2) and (3), you can find examples of disabling asynchronous crypto
API stuff at
https://lore.kernel.org/linux-fscrypt/20250704070322.20692-1-ebiggers@xxxxxxxxxx/
and
https://lore.kernel.org/linux-fscrypt/20250708181313.66961-1-ebiggers@xxxxxxxxxx/.
Note that to request a synchronous algorithm you have to pass
CRYPTO_ALG_ASYNC (yes, really).

I think there are a few test scripts for AF_ALG in libkcapi. Besides
that AF_ALG is barely tested. So you're in good company.

- Eric