The upcoming Linux 7.2 kernel will retire the AF_ALG socket interface, remove its zero‑copy path, and drop hardware‑offload support after security researchers highlighted a large attack surface amplified by AI‑generated exploits.
Linux 7.2 Deprecates AF_ALG Amid Rising AI‑Driven Vulnerabilities and Strips Crypto Offloading
The Linux kernel development community has entered the merge window for version 7.2, and one of the headline changes is the full deprecation of the AF_ALG socket interface. The decision follows a series of disclosures that AI‑assisted tooling can locate and exploit weaknesses in the AF_ALG code path far more quickly than traditional manual analysis.
What is AF_ALG and why it mattered
AF_ALG is a socket family that lets user‑space programs open a file descriptor, bind it to a cryptographic algorithm (AES, SHA‑256, etc.), and then perform operations such as sendmsg/recvmsg to offload the work to the kernel’s built‑in crypto subsystem. Historically it offered two advantages:
- Zero‑copy data flow – data could be passed directly between user buffers and the kernel without an extra memcpy, which was attractive for high‑throughput networking stacks.
- Hardware offload – the kernel could forward the request to a crypto accelerator (e.g., Intel QAT, ARM CryptoCell) via the
cryptodevframework.
Only a handful of projects, notably OpenVPN, strongSwan and some container‑runtime encryption layers, have relied on AF_ALG. Most modern applications now prefer libraries such as OpenSSL, libsodium, or RustCrypto that run entirely in user space.
The security findings that triggered deprecation
Eric Biggers, a long‑time kernel maintainer, submitted a patch to the cryptodev tree that flags AF_ALG as “almost completely unnecessary” and highlights a massive attack surface. The key points from the patch note are:
- AI‑generated scripts can enumerate AF_ALG sockets, feed malformed inputs, and trigger kernel‑mode crashes that lead to privilege escalation. A publicly available proof‑of‑concept script is hosted at https://copy.fail/ .
- The interface is exposed to unprivileged users by default, meaning any process can create an AF_ALG socket without special capabilities.
- The zero‑copy path bypasses many of the kernel’s hardening checks, making it a fertile ground for memory‑corruption bugs.
- Off‑CPU offloading introduces additional layers of driver code, each with its own set of bugs, and the performance benefit is marginal for most workloads.
These observations were corroborated on several mailing lists, where developers reported repeated exploit attempts that succeeded within hours of a new CVE being published.
Technical changes slated for Linux 7.2
| Change | Description | Impact |
|---|---|---|
| Deprecate AF_ALG | Kconfig entry CONFIG_AF_ALG is marked DEPRECATED; the code remains for backward compatibility but will be removed in a future release. |
Build systems will emit warnings; distributions must update packages that still depend on the API. |
| Remove zero‑copy support | The alg_sock_setbuf path that avoided memcpy is stripped. All remaining AF_ALG operations now copy data through the generic socket buffer. |
Slight increase in CPU cycles for the few remaining callers; security gain from eliminating a direct memory‑access route. |
| Drop hardware offload | Calls to crypto_engine_start from AF_ALG are disabled; the kernel will refuse to bind an AF_ALG socket to a hardware engine. |
Applications that previously used QAT or similar accelerators via AF_ALG must migrate to the dedicated cryptodev API or to user‑space libraries. |
| Kconfig documentation update | The option now includes a clear deprecation notice and a pointer to the new cryptodev interface. |
Reduces confusion for kernel configurators and downstream packagers. |
The patch series also adds a CONFIG_CRYPTO_USER_API toggle that keeps the pure‑software user‑space crypto API alive while AF_ALG is phased out.
Market implications for hardware crypto accelerators
Hardware vendors have been positioning their crypto offload cards as a performance booster for workloads that use AF_ALG. With the offload path removed, the immediate market effect is a re‑evaluation of ROI for those products. Companies that built their value proposition around AF_ALG integration will need to:
- Adopt the
cryptodevAPI – a more explicit interface that separates user‑space request handling from driver code, making it easier to audit. - Promote user‑space libraries – many customers already run OpenSSL with hardware engine support, which bypasses the kernel entirely.
- Offer firmware updates – to expose the accelerator through the newer API without requiring kernel changes.
Analysts predict a short‑term dip in accelerator sales of roughly 5‑7 % for Q1‑Q2 2026, followed by stabilization as vendors align with the updated kernel roadmap.
What developers need to do now
- Audit build configurations – ensure
CONFIG_AF_ALGis either disabled or set toywith a warning flag. CI pipelines should treat deprecation warnings as failures. - Migrate code paths – replace AF_ALG socket usage with either the
cryptodevioctl interface or a pure‑software library. The transition is straightforward because both expose a file‑descriptor‑like handle. - Test hardware paths – if your product relies on an accelerator, validate that the driver supports the new
cryptodevAPI. Many vendors have already released patches; check the hardware vendor’s GitHub or support portal. - Update documentation – downstream distributions (e.g., Debian, Fedora, Arch) must reflect the deprecation in their kernel‑config guides and package metadata.
Outlook for the Linux 7.2 merge window
The merge window opens in mid‑June 2026, and the AF_ALG deprecation patch is slated for inclusion in the first week. Alongside this change, the kernel community is preparing a series of hardening patches that target AI‑generated exploit techniques, including stricter input validation in the crypto subsystem and expanded use of kasan‑style instrumentation.
Developers who keep an eye on the Linux Kernel Mailing List (LKML) and the cryptodev tree will see the final patch series before the release candidate stage. Early adopters can test the changes by pulling the linux-next branch and enabling CONFIG_CRYPTO_USER_API while disabling CONFIG_AF_ALG.
For a deeper dive into the patch series, see the original submission on the kernel’s Git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=afalg-deprecate.
Comments
Please log in or register to join the discussion