Table of Contents
Quick Summary
- AF_ALG, a kernel interface for userspace crypto, is being deprecated in Linux Kernel 7.2.
- Kernel developers believe the AF_ALG cryptographic interface creates a large security attack surface while providing little real-world benefit.
- The deprecation isn't really about AF_ALG being broken. It's about the cost-benefit ratio shifting. Userspace libraries like OpenSSL already do the job better, so there's no longer any justification for keeping a privileged kernel interface around just for the few programs that still use it.
Linux Kernel 7.2 Deprecates AF_ALG
Linux kernel developers are moving to deprecate the AF_ALG cryptographic interface as part of an ongoing effort to reduce kernel attack surface and improve overall system security.
AF_ALG allows userspace applications to access cryptographic algorithms implemented by the Linux kernel. While the interface was originally intended to provide convenient access to kernel crypto services and hardware acceleration features, developers now believe it offers limited practical benefits compared to the security risks and maintenance burden it introduces.
Although AF_ALG remains available in current Linux releases, the deprecation process has begun. Recent patches document its deprecation and remove key features such as zero-copy support and hardware accelerator offloading. These changes are expected to appear in Linux Kernel 7.2.
In this article, we'll examine why Linux developers want to retire AF_ALG features, and the security concerns driving the decision.
Editor's note: As of June 2026, Linux 7.1 is in its release-candidate phase (RC6). Linux 7.2 has not been released, and its merge window has not yet opened. The AF_ALG deprecation described in this article is approved and queued in the kernel's cryptographic subsystem tree, targeting the Linux 7.2 merge window expected to open in mid-June 2026, with Linux 7.2 stable anticipated around late August 2026.
Why Linux Kernel Developers Want to Deprecate AF_ALG
Linux developers increasingly face a difficult challenge: vulnerabilities are being discovered faster than ever. Modern analysis tools, including AI-assisted security research and large language models (LLMs), can help identify bugs and potential attack paths much more quickly than in the past.
During the AF_ALG deprecation discussion, Linux kernel developer Eric Biggers pointed to the changing vulnerability landscape and cited recent examples such as the Copy Fail (CVE-2026-31431) vulnerability. For those unaware, Copy Fail is a logic flaw that allows a 732-byte Python script to gain root access on virtually all major Linux distributions running kernels built since 2017.
Eric argues the modern bug-finding techniques are making large kernel attack surfaces increasingly difficult to justify when they provide limited practical value.
As a result, Linux developers are placing greater emphasis on reducing attack surface wherever possible. AF_ALG was cited as an example of a subsystem whose long-term security costs may outweigh its benefits.
The Problem With Zero-Copy Support
One of the first AF_ALG features targeted for removal is its zero-copy capability.
Zero-copy designs can improve performance by allowing the kernel to operate directly on memory provided by userspace applications instead of creating intermediate copies. However, this approach also creates security challenges.
For those wondering, AF_ALG's zero-copy implementation allows userspace to request cryptographic operations directly on page cache pages and makes it possible for memory to be modified while cryptographic operations are still in progress. This creates conditions that can lead to time-of-check-to-time-of-use (TOCTOU) vulnerabilities.
The concern is particularly serious because AF_ALG can operate on file-backed memory mappings. In some scenarios, this could allow an attacker to target sensitive files such as the su binary while cryptographic operations are underway.
To reduce this risk, developers are removing AF_ALG's zero-copy support and replacing it with safer internal kernel copies of the supplied data.
Hardware Offloading Has Not Delivered the Expected Benefits
Another proposed change involves hardware crypto acceleration.
AF_ALG was originally intended to provide access to specialized cryptographic accelerator hardware through the kernel crypto subsystem. In practice, however, developers found that these accelerator drivers add complexity, increase maintenance costs, and introduce additional security risks.
They also noted that AF_ALG is not an especially efficient interface for hardware accelerators, and that such usage turned out to be relatively uncommon in real-world deployments.
As a result, AF_ALG support for cryptographic accelerator offloading is being removed as part of the broader deprecation effort.
Why Developers Are Encouraged to Use Userspace Crypto Libraries
For most applications, userspace cryptographic libraries such as OpenSSL and similar projects already provide mature, well-maintained implementations of common cryptographic algorithms.
Using userspace libraries avoids exposing additional kernel attack surface while simplifying development and maintenance. This aligns with a long-standing Linux design principle: functionality that does not need to run in the kernel should remain in userspace whenever possible.
Developers noted that relatively few applications still depend on AF_ALG. One example mentioned during the discussion is iwd, the Intel wireless daemon. Developers are encouraged to migrate remaining AF_ALG users to userspace cryptographic libraries where practical.
What Linux Users Should Do
For most Linux users, the AF_ALG deprecation itself requires no immediate action. The interface remains available in current releases and the full removal will take place over future kernel versions.
However, page cache vulnerabilities like Copy Fail require urgent attention. All users should apply their distribution's kernel update as soon as possible to protect from these vulnerabilities.
Beyond applying the latest kernel patches, developers and system administrators should begin evaluating whether their software depends on AF_ALG and consider migrating to userspace cryptographic libraries ahead of the eventual removal.
Specific steps to take:
- Patch immediately for Copy Fail and similar bugs: Install the latest kernel update from your Linux distribution. The upstream fix was merged in April 2026 and is available from all major distributions now.
- Interim mitigation for Copy Fail: If an immediate kernel update is not possible, disable the specific vulnerable module by setting
CONFIG_CRYPTO_USER_API_AEAD=nin your kernel config, or blacklisting thealgif_aeadmodule. This blocks the exploited AEAD interface without disabling all of AF_ALG. - Full AF_ALG disable (optional): If none of your applications use AF_ALG at all, disabling the broader
CONFIG_CRYPTO_USER_APIoption removes the entire interface. This is a build-time option for those maintaining custom kernels. - Review AF_ALG dependencies: Identify any applications that rely on AF_ALG and assess migration options ahead of the eventual deprecation landing in a future kernel release.
Final Thoughts
The proposed AF_ALG deprecation reflects a broader trend in Linux kernel development: reducing complexity and removing features that create security risks without providing sufficient real-world benefits.
By eliminating zero-copy support, removing hardware offload functionality, and encouraging migration toward userspace cryptographic libraries, Linux Kernel developers aim to shrink the kernel's attack surface and reduce future security risks.
AF_ALG is not gone yet, but the kernel maintainers are planning to deprecate it. Developers believe its long-term costs outweigh its benefits, and the deprecation process is now underway.
References:
