Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation

[Milan Broz <gmazyland@gmail.com>]

On 5/4/26 8:43 AM, Eric Biggers wrote:
> On Mon, May 04, 2026 at 02:13:01AM -0400, Demi Marie Obenour wrote:
>>> - It is used for benchmarking, where we actually need kernel crypto.
>>>
>>> As it will be used in real dm-crypt mapping later, benchmarking
>>> userspace lib just does not make sense.
>>> (Requiring CAP_SYS_ADMIN here is not such a big issue, and it is
>>> a very rough test - but useful for relative comparison, not for the
>>> real numbers.)
>>
>> Would an API to ask the kernel to benchmark its own algorithms work
>> for this?  That would be a more accurate benchmark as it removes
>> syscall overhead.
> 
> For what it's worth, I've always been frustrated by
> 'cryptsetup benchmark' and the numbers that people report with it
> because they underestimate the fast algorithms so significantly.

Yes, but note that dm-crypt will cause a lot of more slowdown
by processing of requests later, so in the end it is not so different.
It was kind of intentional, it is a cryptsetup benchmark, not a kernel
crypto benchmark  :-)

But seriously, benchmark is a hack, but we need at least something.
You can see AES-NI speedup in comparison to otherwise fast symmetric ciphers,
you can see parallelization in CBC decryption This is still useful for users.

I refused to touch it so at least we can compare relative differences
among kernel versions.

If there is any usable interface that can do better job, we will use it.

In the future, I would need to measure both - userspace crypto and kernel.

Milan