<feed xmlns='http://www.w3.org/2005/Atom'>
<title>kernel/linux.git/crypto/algif_skcipher.c, branch v7.2-rc1</title>
<subtitle>Linux kernel stable tree (mirror)</subtitle>
<id>https://git.radix-linux.su/kernel/linux.git/atom?h=v7.2-rc1</id>
<link rel='self' href='https://git.radix-linux.su/kernel/linux.git/atom?h=v7.2-rc1'/>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/'/>
<updated>2026-05-29T06:05:30+00:00</updated>
<entry>
<title>crypto: af_alg - Drop support for off-CPU cryptography</title>
<updated>2026-05-29T06:05:30+00:00</updated>
<author>
<name>Demi Marie Obenour</name>
<email>demiobenour@gmail.com</email>
</author>
<published>2026-05-23T19:43:03+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=7524070f26d8d347c26787dc297fb844baa26abf'/>
<id>urn:sha1:7524070f26d8d347c26787dc297fb844baa26abf</id>
<content type='text'>
AF_ALG is deprecated and exposed to unprivileged userspace.  Only
use the least buggy algorithm implementations: the pure software ones.

This removes one of the main advantages of AF_ALG, which is the
ability to use it with off-CPU accelerators.  However, using off-CPU
accelerators has huge overheads, both in performance and attack surface.
I have yet to see real-world, performance-critical workloads where using
an accelerator via AF_ALG is actually a win over doing cryptography in
userspace.

If using an off-CPU accelerator really does turn out to be a win, a new
API should be developed that is actually a good fit for it.

Signed-off-by: Demi Marie Obenour &lt;demiobenour@gmail.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
</entry>
<entry>
<title>net: Remove support for AIO on sockets</title>
<updated>2026-05-29T06:05:30+00:00</updated>
<author>
<name>Demi Marie Obenour</name>
<email>demiobenour@gmail.com</email>
</author>
<published>2026-05-23T19:43:02+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=fcc77d33a34cf271702e8daafb6c593e4626776d'/>
<id>urn:sha1:fcc77d33a34cf271702e8daafb6c593e4626776d</id>
<content type='text'>
The only user of msg-&gt;msg_iocb was AF_ALG, but that's deprecated.
It can be removed entirely at the cost of only supporting synchronous
operations.  This doesn't break userspace, which will silently block
(for a bounded amount of time) in io_submit instead of operating
asynchronously.

This also makes struct msghdr smaller, helping every other caller of
sendmsg().

Signed-off-by: Demi Marie Obenour &lt;demiobenour@gmail.com&gt;
Acked-by: Jakub Kicinski &lt;kuba@kernel.org&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
</entry>
<entry>
<title>crypto: af_alg - limit RX SG extraction by receive buffer budget</title>
<updated>2026-04-03T00:54:14+00:00</updated>
<author>
<name>Douya Le</name>
<email>ldy3087146292@gmail.com</email>
</author>
<published>2026-04-02T15:34:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=8eceab19eba9dcbfd2a0daec72e1bf48aa100170'/>
<id>urn:sha1:8eceab19eba9dcbfd2a0daec72e1bf48aa100170</id>
<content type='text'>
Make af_alg_get_rsgl() limit each RX scatterlist extraction to the
remaining receive buffer budget.

af_alg_get_rsgl() currently uses af_alg_readable() only as a gate
before extracting data into the RX scatterlist. Limit each extraction
to the remaining af_alg_rcvbuf(sk) budget so that receive-side
accounting matches the amount of data attached to the request.

If skcipher cannot obtain enough RX space for at least one chunk while
more data remains to be processed, reject the recvmsg call instead of
rounding the request length down to zero.

Fixes: e870456d8e7c8d57c059ea479b5aadbb55ff4c3a ("crypto: algif_skcipher - overhaul memory management")
Reported-by: Yifan Wu &lt;yifanwucs@gmail.com&gt;
Reported-by: Juefei Pu &lt;tomapufckgml@gmail.com&gt;
Co-developed-by: Yuan Tan &lt;yuantan098@gmail.com&gt;
Signed-off-by: Yuan Tan &lt;yuantan098@gmail.com&gt;
Suggested-by: Xin Liu &lt;bird@lzu.edu.cn&gt;
Signed-off-by: Douya Le &lt;ldy3087146292@gmail.com&gt;
Signed-off-by: Ren Wei &lt;n05ec@lzu.edu.cn&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
</entry>
<entry>
<title>crypto: algif_aead - Revert to operating out-of-place</title>
<updated>2026-03-31T08:11:47+00:00</updated>
<author>
<name>Herbert Xu</name>
<email>herbert@gondor.apana.org.au</email>
</author>
<published>2026-03-26T06:30:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5'/>
<id>urn:sha1:a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5</id>
<content type='text'>
This mostly reverts commit 72548b093ee3 except for the copying of
the associated data.

There is no benefit in operating in-place in algif_aead since the
source and destination come from different mappings.  Get rid of
all the complexity added for in-place operation and just copy the
AD directly.

Fixes: 72548b093ee3 ("crypto: algif_aead - copy AAD from src to dst")
Reported-by: Taeyang Lee &lt;0wn@theori.io&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
</entry>
<entry>
<title>crypto: Add missing MODULE_DESCRIPTION() macros</title>
<updated>2024-05-31T09:34:56+00:00</updated>
<author>
<name>Jeff Johnson</name>
<email>quic_jjohnson@quicinc.com</email>
</author>
<published>2024-05-23T19:47:39+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=7c699fe9a5740a228b2974325e817de28f7b6afd'/>
<id>urn:sha1:7c699fe9a5740a228b2974325e817de28f7b6afd</id>
<content type='text'>
Fix the 'make W=1' warnings:
WARNING: modpost: missing MODULE_DESCRIPTION() in crypto/cast_common.o
WARNING: modpost: missing MODULE_DESCRIPTION() in crypto/af_alg.o
WARNING: modpost: missing MODULE_DESCRIPTION() in crypto/algif_hash.o
WARNING: modpost: missing MODULE_DESCRIPTION() in crypto/algif_skcipher.o
WARNING: modpost: missing MODULE_DESCRIPTION() in crypto/ecc.o
WARNING: modpost: missing MODULE_DESCRIPTION() in crypto/curve25519-generic.o
WARNING: modpost: missing MODULE_DESCRIPTION() in crypto/xor.o
WARNING: modpost: missing MODULE_DESCRIPTION() in crypto/crypto_simd.o

Signed-off-by: Jeff Johnson &lt;quic_jjohnson@quicinc.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
</entry>
<entry>
<title>crypto: algif_skcipher - Fix stream cipher chaining</title>
<updated>2023-12-08T03:59:46+00:00</updated>
<author>
<name>Herbert Xu</name>
<email>herbert@gondor.apana.org.au</email>
</author>
<published>2023-11-29T04:27:04+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=99bd99d3e3a7f73c1c01ef510d48730b3bdd2c4a'/>
<id>urn:sha1:99bd99d3e3a7f73c1c01ef510d48730b3bdd2c4a</id>
<content type='text'>
Unlike algif_aead which is always issued in one go (thus limiting
the maximum size of the request), algif_skcipher has always allowed
unlimited input data by cutting them up as necessary and feeding
the fragments to the underlying algorithm one at a time.

However, because of deficiencies in the API, this has been broken
for most stream ciphers such as arc4 or chacha.  This is because
they have an internal state in addition to the IV that must be
preserved in order to continue processing.

Fix this by using the new skcipher state API.

Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
</entry>
<entry>
<title>sock: Remove -&gt;sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES)</title>
<updated>2023-06-24T22:50:13+00:00</updated>
<author>
<name>David Howells</name>
<email>dhowells@redhat.com</email>
</author>
<published>2023-06-23T22:55:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=dc97391e661009eab46783030d2404c9b6e6f2e7'/>
<id>urn:sha1:dc97391e661009eab46783030d2404c9b6e6f2e7</id>
<content type='text'>
Remove -&gt;sendpage() and -&gt;sendpage_locked().  sendmsg() with
MSG_SPLICE_PAGES should be used instead.  This allows multiple pages and
multipage folios to be passed through.

Signed-off-by: David Howells &lt;dhowells@redhat.com&gt;
Acked-by: Marc Kleine-Budde &lt;mkl@pengutronix.de&gt; # for net/can
cc: Jens Axboe &lt;axboe@kernel.dk&gt;
cc: Matthew Wilcox &lt;willy@infradead.org&gt;
cc: linux-afs@lists.infradead.org
cc: mptcp@lists.linux.dev
cc: rds-devel@oss.oracle.com
cc: tipc-discussion@lists.sourceforge.net
cc: virtualization@lists.linux-foundation.org
Link: https://lore.kernel.org/r/20230623225513.2732256-16-dhowells@redhat.com
Signed-off-by: Jakub Kicinski &lt;kuba@kernel.org&gt;
</content>
</entry>
<entry>
<title>crypto: af_alg: Support MSG_SPLICE_PAGES</title>
<updated>2023-06-08T11:42:34+00:00</updated>
<author>
<name>David Howells</name>
<email>dhowells@redhat.com</email>
</author>
<published>2023-06-06T13:08:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=bf63e250c4b1f21696599e0ab7117f4429dcbdc0'/>
<id>urn:sha1:bf63e250c4b1f21696599e0ab7117f4429dcbdc0</id>
<content type='text'>
Make AF_ALG sendmsg() support MSG_SPLICE_PAGES.  This causes pages to be
spliced from the source iterator.

This allows -&gt;sendpage() to be replaced by something that can handle
multiple multipage folios in a single transaction.

Signed-off-by: David Howells &lt;dhowells@redhat.com&gt;
cc: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
cc: "David S. Miller" &lt;davem@davemloft.net&gt;
cc: Eric Dumazet &lt;edumazet@google.com&gt;
cc: Jakub Kicinski &lt;kuba@kernel.org&gt;
cc: Paolo Abeni &lt;pabeni@redhat.com&gt;
cc: Jens Axboe &lt;axboe@kernel.dk&gt;
cc: Matthew Wilcox &lt;willy@infradead.org&gt;
cc: linux-crypto@vger.kernel.org
cc: netdev@vger.kernel.org
Acked-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Signed-off-by: Paolo Abeni &lt;pabeni@redhat.com&gt;
</content>
</entry>
<entry>
<title>crypto: af_alg: Use extract_iter_to_sg() to create scatterlists</title>
<updated>2023-06-08T11:42:34+00:00</updated>
<author>
<name>David Howells</name>
<email>dhowells@redhat.com</email>
</author>
<published>2023-06-06T13:08:52+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=c1abe6f570aff4b6d396dc551e60570d2f50bd79'/>
<id>urn:sha1:c1abe6f570aff4b6d396dc551e60570d2f50bd79</id>
<content type='text'>
Use extract_iter_to_sg() to decant the destination iterator into a
scatterlist in af_alg_get_rsgl().  af_alg_make_sg() can then be removed.

Signed-off-by: David Howells &lt;dhowells@redhat.com&gt;
cc: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
cc: "David S. Miller" &lt;davem@davemloft.net&gt;
cc: Eric Dumazet &lt;edumazet@google.com&gt;
cc: Jakub Kicinski &lt;kuba@kernel.org&gt;
cc: Paolo Abeni &lt;pabeni@redhat.com&gt;
cc: Jens Axboe &lt;axboe@kernel.dk&gt;
cc: Matthew Wilcox &lt;willy@infradead.org&gt;
cc: linux-crypto@vger.kernel.org
cc: netdev@vger.kernel.org
Acked-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Signed-off-by: Paolo Abeni &lt;pabeni@redhat.com&gt;
</content>
</entry>
<entry>
<title>crypto: algif_skcipher - EBUSY on aio should be an error</title>
<updated>2020-08-21T04:45:26+00:00</updated>
<author>
<name>Herbert Xu</name>
<email>herbert@gondor.apana.org.au</email>
</author>
<published>2020-07-31T07:03:27+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=2a05b029c1ee045b886ebf9efef9985ca23450de'/>
<id>urn:sha1:2a05b029c1ee045b886ebf9efef9985ca23450de</id>
<content type='text'>
I removed the MAY_BACKLOG flag on the aio path a while ago but
the error check still incorrectly interpreted EBUSY as success.
This may cause the submitter to wait for a request that will never
complete.

Fixes: dad419970637 ("crypto: algif_skcipher - Do not set...")
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
</entry>
</feed>
