Linux 7.2 Proceeding To Deprecate AF_ALG Due To "Massive Attack Surface", Drops Offloading

The Linux 7.2 kernel is proceeding with a full deprecation of the AF_ALG interface due to a "massive attack surface" that has become increasingly vulnerable to AI and LLM-based discovery tools. Kernel developer Eric Biggers cited a small Python script that "reliably roots most Linux distros" as evidence that the interface is unsustainable, leading to the removal of zero-copy support and off-CPU cryptography offloading in the upcoming release. The changes take effect as the Linux 7.2 merge window opens in mid-June, reflecting the kernel community's response to growing security fallout from AI-assisted vulnerability research.

Linux 7.2 Proceeding To Deprecate AF ALG Due To "Massive Attack Surface", Drops Offloading The Linux kernel's AF ALG interface for user-space applications to directly access the Linux kernel's built-in cryptographic engine is proceeding with a quick deprecation cycle due to a "massive attack surface" with increased vulnerabilities coming to light due to AI/LLM-based tooling. With the upcoming Linux 7.2 kernel, AF ALG is being deprecated in full. Eric Biggers explains in In addition to the deprecation, for Linux 7.2 AF ALG will already be Additionally, as of this past week, The Linux 7.2 merge window should be kicking off in mid-June with many changes abound: both many new kernel features and also further dealing with the fallout from growing AI/LLM discoveries. With the upcoming Linux 7.2 kernel, AF ALG is being deprecated in full. Eric Biggers explains in a patch https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git/commit/?id=a67afb1884ba815079bd43d5c998e155e03b08b6 queued to the kernel's cryptographic subsystem "cryptodev" tree:"AF ALG is almost completely unnecessary, and it exposes a massive attack surface that hasn't been standing up to modern vulnerability discovery tools. The latest one even has its own website, providing a small Python script that reliably roots most Linux distros: https://copy.fail/ This isn't sustainable, especially as LLMs have accelerated the rate the vulnerabilities are coming in. The effort that is being put into this thing is vastly disproportional to the few programs that actually use it, and those programs would be better served by userspace code anyway. These issues have been noted in many mailing list discussions already. But until now they haven't been reflected in the documentation or kconfig menu itself, and the vulnerabilities are still coming in. Let's go ahead and document the deprecation." In addition to the deprecation, for Linux 7.2 AF ALG will already be seeing its zero-copy support removed https://www.phoronix.com/news/Linux-AF-ALF-Zero-Copy-Security due to the associated security concerns.Additionally, as of this past week, this patch https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git/commit/?id=7524070f26d8d347c26787dc297fb844baa26abf is moving ahead and dropping off-CPU cryptography support from AF ALG. Making use of hardware-accelerated offloading with crypto accelerators for AF ALG has been deemed too dangerous and thus being removed already for Linux 7.2:"AF ALG is deprecated and exposed to unprivileged userspace. Only use the least buggy algorithm implementations: the pure software ones. This removes one of the main advantages of AF ALG, which is the ability to use it with off-CPU accelerators. However, using off-CPU accelerators has huge overheads, both in performance and attack surface. I have yet to see real-world, performance-critical workloads where using an accelerator via AF ALG is actually a win over doing cryptography in userspace. If using an off-CPU accelerator really does turn out to be a win, a new API should be developed that is actually a good fit for it." The Linux 7.2 merge window should be kicking off in mid-June with many changes abound: both many new kernel features and also further dealing with the fallout from growing AI/LLM discoveries.