|
|
Subscribe / Log in / New account

Supporting kernel development with large language models

By Jonathan Corbet
June 26, 2025
OSSNA
Kernel development and machine learning seem like vastly different areas of endeavor; there are not, yet, stories circulating about the vibe-coding of new memory-management algorithms. There may well be places where machine learning (and large language models — LLMs — in particular) prove to be helpful on the edges of the kernel project, though. At the 2025 North-American edition of the Open Source Summit, Sasha Levin presented some of the work he has done putting LLMs to work to make the kernel better

[Sasha Levin] An LLM, he began, is really just a pattern-matching engine with a large number of parameters; it is a massive state machine. Unlike the sort of state machine typically seen in the kernel, though, LLMs perform state transitions in a probabilistic, rather than deterministic, manner. Given a series of words, the LLM will produce a possible next word in the sequence. Given "the Linux kernel is written in...", the LLM will almost certainly respond "C". There is a much lower probability, though, that it might say "Rust" or "Python" instead.

An LLM works with a "context window", which is the user-supplied text it can remember while answering questions. A system like Claude has a context window of about 200,000 tokens, which is enough for an entire kernel subsystem.

Levin does not believe that LLMs will replace humans in tasks like kernel development. Instead, an LLM should be viewed as the next generation of fancy compiler. Once upon a time, developers worked in assembly; then higher-level languages came along. Some sneered at this new technology, saying that "real developers" did their own register allocation. But, in time, developers adopted better programming languages and became more productive. An LLM is just another step in that direction; it is not a perfect tool, but it is good enough to improve productivity.

LLM-generated code in the kernel

As an example, he pointed to a patch credited to him that was merged for the 6.15 release. That patch was entirely written by an LLM, changelog included. Levin reviewed and tested it, but did not write the code. This fix, he said, is a good example of what LLMs can do well; they excel at small, well-defined tasks, but cannot be asked to write a new device driver. LLMs also help with writing the commit message, which is often more difficult than writing the patch itself, especially for developers whose native language is not English.

He pointed out a couple of things about the patch itself, excerpted here: 

    -/* must be a power of 2 */
    -#define EVENT_HASHSIZE	128
    +/* 2^7 = 128 */
    +#define EVENT_HASH_BITS 7

The switch from one hash API to another required specifying a size as a power of two rather than a straight number of bits; the LLM took that into account and made the appropriate change. It also realized, later in the patch, that a masking operation was not needed, so it took that operation out. The LLM, he said, generated code that was both correct and efficient.

Another example is the git-resolve script that was merged for 6.16. This script, which came out of a late 2024 discussion on ambiguous commit IDs, will resolve an ambiguous (or even incorrect) ID into a full commit. It, too, was generated with an LLM. Not only does it work, but it includes a full set of self tests, something he noted (with understatement) is unusual for code found in the kernel's scripts directory. LLMs, he said, "won't give you a frowny face" when asked to generate tests. The script includes documentation (also unusual for that directory), and is being used on a daily basis in the kernel community.

Moving on, he introduced the concept of "embeddings", which are a way of representing text within an LLM. They can be thought of as an equivalent to a compiler's internal representation of a program. Embeddings turn human language into vectors that can be processed mathematically. They preserve the semantic meaning of the text, meaning that phrases with similar meanings will "compile" to similar embeddings. That, in turn, allows meaning-based searching. In the kernel context, embeddings can help in searching for either commits or bugs that are similar to a given example.

Another useful LLM technology is "retrieval augmented generation" (RAG). LLMs, he said, have an unfortunate tendency to make things up when they do not know the answer to a question; an LLM will only rarely admit that it does not know something. That can be "really annoying" for generated code; an LLM will make up kernel functions that do not exist, for example. RAG works to ground an LLM in actual knowledge, enabling the model to look up information as needed, much like how humans use documentation. It is also useful to update an LLM with knowledge that came about after its training was done.

For the kernel in particular, RAG can ground the model and teach it about kernel-specific patterns. It also adds explainability, where the model can cite specific examples to justify the decisions it makes. Among other things, RAG allows the model to connect to a Git repository, giving it access to the kernel's development history.

Updates and CVEs

The stable kernels include massive number of patches that have been backported from the mainline; the 5.10 series, for example, has incorporated over 31,000 commits after the initial 5.10 release was made. Maintaining these stable updates requires reviewing around 100 patches per day — every day, with no breaks. Of those, maybe five or ten are suitable for backporting. It is a tedious and frustrating process that does not scale; as a result, important fixes are sure to fall through the cracks.

The "AUTOSEL" tool has been around for some years; it tries to select the mainline commits that should be considered for backporting. The initial version was primitive; it would just look for specific keywords in the changelog. Switching AUTOSEL to an LLM causes it to act like "another stable-kernel maintainer", albeit a special one who remembers every backporting decision that has ever been made. It works by creating an embedding for every commit in the history, then finding similarities with new commits that may be solving the same kind of problem.

AUTOSEL, he noted, is not replacing the stable maintainers, but it does narrow down the set of commits that they must consider. It is able to process hundreds of commits quickly, catching fixes that humans will miss. It also explains its reasoning in each email that is sent to the list (random example) proposing a patch for backporting. When asked to consider a specific commit, he said, AUTOSEL can also recommend similar commits for consideration.

People ask which LLM is being used for AUTOSEL; the answer is "all of them". Each model has its own strengths and weaknesses, so AUTOSEL asks several of them, then allows each to vote on the conclusion. If enough models vote in favor of a backport, it is referred to the humans for consideration.

In early 2024, the kernel project took on the responsibility for assigning its own CVE numbers. The tooling to support this work started as a collection of "bash hacks" that quickly became unmaintainable. So the CVE team decided to convert them to Rust, since "that's what the cool kids do these days". The only problem is that the CVE team members are all kernel developers who are not that proficient in Rust. LLMs are proficient in the language, though, and were able to quickly rewrite the scripts, adding documentation and tests in the process. The new scripts are more maintainable and vastly more efficient.

The CVE process itself is a challenge similar to that of backporting; commits must be reviewed for security relevance, which is another tedious task. It is hard to find people with the requisite expertise to do this work; the people with the needed skills can easily find more rewarding work to do. A purely human-based process thus runs behind, misses important vulnerabilities, while occasionally flagging bugs that are not, in fact, vulnerabilities.

This is, in other words, another job for a machine. The CVE selection is able to share much of the infrastructure used by AUTOSEL, but this time the LLM is being asked to look for commits that somehow resemble previous vulnerability fixes.

He concluded by saying that, using LLMs, the kernel community now has a system that can make use of multiple models, directly access Git repositories, and make use of historical data to answer various types of questions about kernel patches. He provided URLs for AUTOSEL and the commit classifier.

Tim Bird asked whether there is a risk of humans trusting the output from the LLMs too much, allowing errors to creep in. Levin agreed that LLMs can be wrong, but he said that humans can be wrong too, and they often are. Another participant asked about the licensing for code that is emitted by an LLM; Levin said that he has not really thought about the problem, and assumes that, if an LLM produces code, he is free to make use of it.

The last question was whether this infrastructure could be used to examine patches prior to merging in the hope of catching bugs earlier. This is an area that Levin has explored in the past, but that is not a focus currently. He agreed that LLMs could do that work, but it would be a huge job, and LLMs are still too expensive to use in that way. Perhaps in the future, he said, when the price has fallen, that sort of analysis will be possible.

[Thanks to the Linux Foundation for supporting our travel to this event.]

Index entries for this article
KernelDevelopment tools
ConferenceOpen Source Summit North America/2025

to post comments

Assumptions!

Posted Jun 26, 2025 15:20 UTC (Thu) by dmv (subscriber, #168800) [Link] (1 responses)

Levin said that he has not really thought about the problem, and assumes that, if an LLM produces code, he is free to make use of it.

That’s… certainly an assumption. The recent district court rulings on LLMs and copyright law demonstrate this isn’t at all settled yet, and complex legal wrangling lies ahead. But he’s just going to assume it’ll all turn out just so? Seems incautious.

Assumptions!

Posted Jul 15, 2025 19:36 UTC (Tue) by kaesaecracker (subscriber, #126447) [Link]

I guess that's fine for backports and classifying commits, as the original change is applied to the old version? Even in the worst case, you could declare those older versions dead and continue on without the shiny new tools.

Code completely generated by the LLM I would also be cautious about though. Once that code is in the kernel, any follow up changes (or even developers?) may be tainted depending on what courts decide.

An LLM is...

Posted Jun 26, 2025 15:38 UTC (Thu) by dskoll (subscriber, #1630) [Link] (7 responses)

An LLM [...] is really just a pattern-matching engine with a large number of parameters.

Yes, LLMs are pattern-matching engines that require unsustainably-high amounts of energy to train and whose enormous proliferation is likely to have severe environmental impacts, quite apart from the other societal effects.

An LLM is...

Posted Jun 26, 2025 16:00 UTC (Thu) by rsidd (subscriber, #2582) [Link] (3 responses)

This, and they are mostly proprietary products that produce stuff but you don't know how they did it.

For doing academic research, I generally say, use LLMs like wikipedia: verify primary sources before using the answer.

For writing text, I generally say don't. But I can see that it can be a help for those who are not fluent in English.

For writing code, again, verify (as the speaker here did) before using. But the concerns about both energy consumption and IP rights are very real. That said, one has to calculate the energy tradeoff of programmers taking minutes to write a small function, vs LLMs taking milliseconds to do the same thing. (OK, programmers will have to take seconds or a couple minutes to tell the LLM what they want. Not sure how the math works at scale.)

Anyway, these are early days and in a couple years time maybe one can do many such tasks locally on one's laptop, and there may even be a saving of energy per unit of productivity. Plus AI may enable new eco-friendly energy resources and reduce our CO2 emissions (I genuinely think this is a real possibility). But I think the advice of "verify before using" will remain valid.

An LLM is...

Posted Jun 26, 2025 22:41 UTC (Thu) by Wol (subscriber, #4433) [Link] (2 responses)

> For writing code, again, verify (as the speaker here did) before using. But the concerns about both energy consumption and IP rights are very real. That said, one has to calculate the energy tradeoff of programmers taking minutes to write a small function, vs LLMs taking milliseconds to do the same thing. (OK, programmers will have to take seconds or a couple minutes to tell the LLM what they want. Not sure how the math works at scale.)

Well, as a very AI sceptic, I've just had an interesting experience today.

One of my colleagues (a planner who doesn't really know programming) wrote an Excel tool to do job, with a whole bunch of VBA. Cue the usual mis-understanding between the pro programmer who didn't understand what he was trying to do, and the end user who was rubbish at explaining what was required. Fortunately a quick water-cooler chat with a senior Planner and the lightbulb went on.

He'd used an AI to write the code, and it was eight pages of well documented code, so maybe 50% comments, 50% code. But obviously didn't follow our style.

So I took what he'd done, and redid it. My way of course, and probably ended up with 25% comment, 75% code. And only two pages!

So my reaction would be that a half-decent programmer should be able to outperform an AI pretty easily BUT! The fact that an end user could easily write a working proof of concept was brilliant - I was given a working demo of what was required. And the AI used a couple of features I didn't know/understand, so it taught me something. (I also looked at a load of stuff it was doing and thought "why the **** are you doing THAT! :-)

Cheers,
Wol

An LLM is...

Posted Jun 27, 2025 9:17 UTC (Fri) by farnz (subscriber, #17727) [Link]

Also note that one of the great things that comes out when you have a program that meets the user's needs (even if it's otherwise awful - insecure, unreadable, prone to crashing off the happy path etc) is that you can write a fuzz tester to compare the two programs and tell you about differences.

If the differences are acceptable (e.g. user program crashes, yours succeeds), you can ignore them; if they're not (user program outputs a different value to yours), you can turn it into a test case, confirm that it's reasonable with the user (and not a bug in their program), and then fix this failing test in your program.

There's even people out there experimenting with using LLMs to fuzz the differences between a reimplementation and an original program.

But the key power here is having an unreliable oracle (the user's LLM-aided attempt at a program) that you can use to quickly answer questions about what the user "really" wants. That allows you to use your human intelligence to build up a reasonable set of questions to ask the user, using the oracle to answer the dumb questions.

An LLM is...

Posted Jun 29, 2025 13:01 UTC (Sun) by geert (subscriber, #98403) [Link]

So it looks a lot like comparing driver code in a vendor tree with driver code that has ended up in the Linux kernel?

I remember the (buggy) WiFi driver in my first Android tablet: it was three (IIRC) times as large as the driver that ended up upstream.

An LLM doesn't *need* vast power.

Posted Jun 28, 2025 1:51 UTC (Sat) by gmatht (guest, #58961) [Link]

I have used TabbyML happily on an integrated GPU. Obviously there is a trade off with the size of the model, but it is quite possible to use LLMs locally without significantly impairing your battery life.

An LLM is...

Posted Jul 3, 2025 1:55 UTC (Thu) by mbligh (subscriber, #7720) [Link] (1 responses)

So are humans.

An LLM is...

Posted Jul 3, 2025 1:57 UTC (Thu) by dskoll (subscriber, #1630) [Link]

Humans can have other redeeming attributes not shared by LLMs. We also don't need to make a new type of human when we can barely figure out how to deal with the old type.

In addition, LLMs make excellent _critics_.

Posted Jun 26, 2025 16:27 UTC (Thu) by davecb (subscriber, #1574) [Link]

Back in the October 2024 Communications of the ACM, Advait Sarkar wrote "AI Should Challenge, Not Obey.
Let’s transform our robot secretaries into Socratic gadflies" , at
https://cacm.acm.org/opinion/ai-should-challenge-not-obey/

I've used them successfully as "linters" for both code and prose.

No disclosure for LLM-generated patch?

Posted Jun 26, 2025 16:28 UTC (Thu) by lucaswerkmeister (subscriber, #126654) [Link] (15 responses)

> As an example, he pointed to a patch credited to him that was merged for the 6.15 release. That patch was entirely written by an LLM, changelog included.

I’m baffled that he apparently saw no need to disclose this when posting the patch… or am I missing something in the lore links?

No disclosure for LLM-generated patch?

Posted Jun 27, 2025 6:55 UTC (Fri) by drago01 (subscriber, #50715) [Link] (13 responses)

Why is there a need for that?
People tend to overreacting, an LLM is just a tool.

No one discloses which IDE or editor has been used or whether autocomplete has been used or not etc.

In the end of the day what matters is whether the patch is correct or not, which is what reviews are for. The tools used to write it are not that relevant.

No disclosure for LLM-generated patch?

Posted Jun 27, 2025 9:11 UTC (Fri) by Funcan (subscriber, #44209) [Link] (5 responses)

Is there a need for it? Given the legal uncertainty around the copyright status of llm output (see Disney's massive lawsuit for example), I'd say 'yes', and that it might be legally similar to copying code from a proprietary licensed kernel into Linux and passing it off as your own work.

I vaguely remember some llm providers include legal wavers for copyright where they take on the liability, but I can't find one for e.g. copilot right now

No disclosure for LLM-generated patch?

Posted Jun 27, 2025 10:51 UTC (Fri) by mb (subscriber, #50428) [Link] (3 responses)

LLMs don't usually copy, though.

If you as a human learn from proprietary code and then write Open Source with that knowledge, it's not copying unless you actually copy code sections. Same goes for LLMs. If it produces a copy, then it copied. Otherwise it didn't.

No disclosure for LLM-generated patch?

Posted Jun 27, 2025 11:47 UTC (Fri) by laarmen (subscriber, #63948) [Link] (1 responses)

This is not as simple as you make it out to be, at least in the eyes of some people. That's why you have clean-room rules such as https://gitlab.winehq.org/wine/wine/-/wikis/Clean-Room-Gu...

No disclosure for LLM-generated patch?

Posted Jun 27, 2025 12:57 UTC (Fri) by mb (subscriber, #50428) [Link]

Clean-room is a *tool* to make accidental/unintentional copying less likely.

It's in no way required to avoid copyright problems.
Just don't copy and then you are safe.
Learning is not copying.

And you can also use that concept with LLMs, if you want.
Just feed the output from one LLM into the input of another LLM and you basically get the same thing as with two human clean-room teams.

No disclosure for LLM-generated patch?

Posted Jul 1, 2025 9:51 UTC (Tue) by cyphar (subscriber, #110703) [Link]

Copyright law isn't this simple. For one, it is established law that only humans can create copyrightable works and the copyright of the output of programs is based on the copyright of the input (if the input is sufficiently creative). Copyright in its current form is entirely based on "human supremacy" when it comes to capability of artistic expression, and so comparing examples where humans do something equivalent is not (in the current legal framework) actually legally equivalent. Maybe that will change in the future, but that is the current case law in the US AFAIK (and probably most other countries).

You could just as easily argue that LLMs produce something equivalent to a generative collage of all of their training data, which (given the current case law on programs and copyright) would mean that the copyright status of the training data would be transferred to the collage. You would thus need to make an argument for a fair use exemption for the output, which your example would not pass muster.

However, this is not the only issue at play here -- to submit code to Linux you need to sign the DCO, which the commit author did with their Signed-off-by line. However, none of the sections of the DCO can be applied to LLM-produced code, and so the Signed-off-by is invalid regardless of the legal questions about copyright and LLM code.

No disclosure for LLM-generated patch?

Posted Jun 27, 2025 16:57 UTC (Fri) by geofft (subscriber, #59789) [Link]

> I vaguely remember some llm providers include legal wavers for copyright where they take on the liability, but I can't find one for e.g. copilot right now

https://blogs.microsoft.com/on-the-issues/2023/09/07/copi...

"Specifically, if a third party sues a commercial customer for copyright infringement for using Microsoft’s Copilots or the output they generate, we will defend the customer and pay the amount of any adverse judgments or settlements that result from the lawsuit, as long as the customer used the guardrails and content filters we have built into our products."

See also https://learn.microsoft.com/en-us/legal/cognitive-service... . The exact legal text seems to be the "Customer Copyright Commitment" section of https://www.microsoft.com/licensing/terms/product/ForOnli...

No disclosure for LLM-generated patch?

Posted Jun 27, 2025 10:45 UTC (Fri) by excors (subscriber, #95769) [Link] (3 responses)

> In the end of the day what matters is whether the patch is correct or not, which is what reviews are for. The tools used to write it are not that relevant.

One problem is that reviewers typically assume the patch was submitted in good faith, and look for the kinds of errors that good-faith humans typically make (which the reviewer has learned through many years of experience, debugging their own code and other people's code).

If e.g. Jia Tan started submitting patches to your project, you wouldn't say "I know he deliberately introduced a subtle backdoor into OpenSSH and he's probably a front for a national intelligence service, but he also submitted plenty of genuinely useful patches while building up trust, so let's welcome him and just review all his patches carefully before accepting them". You'd understand that your review process is not infallible and he's going to try to sneak something past it, with malicious patches that look as non-suspicious as possible, so it's not worth the risk and you would simply ban him. Linux banned a whole university for a clumsy version of that: https://lwn.net/Articles/853717/. The source of a patch _does_ matter.

Similarly, LLMs generate code with errors that are not what a good-faith human would typically make, so they're not the kind of errors that reviewers are looking out for. A human isn't going to hallucinate a whole API and write a professional-looking well-documented patch that calls it, but an LLM will eagerly do so. In the best case, it'll waste reviewers' time as they try to figure out what the nonsense means. In the worst case there will be more subtle inhuman bugs that get missed because nobody is thinking to look for them.

At the same time, the explicit goal of generating code with LLMs is to make developers more productive at writing patches, meaning there will be more patches to review and reviewers will be under even more pressure. And in the long term there will be fewer new reviewers, because none of the junior developers who outsourced their understanding of the code to an LLM will be learning enough to take on that role. I think writing code is already the easiest and most enjoyable part of software development, so it seems like the worst part to be trying to automate away.

No disclosure for LLM-generated patch?

Posted Jun 27, 2025 13:38 UTC (Fri) by drago01 (subscriber, #50715) [Link] (1 responses)

Well one of the reviewers would be the patch submitter, who used the LLM to save time.

If you don't trust that person and don't review his submission in detail the problem is unrelated to whether a LLM has been used or not.

No disclosure for LLM-generated patch?

Posted Jun 27, 2025 15:10 UTC (Fri) by SLi (subscriber, #53131) [Link]

Exactly. The submitter takes the responsibility for the sanity of the submissions. If it is bad, that's on them. It doesn't matter that they found it convenient to edit the scheluder code in MS Word.

No disclosure for LLM-generated patch?

Posted Jun 27, 2025 14:02 UTC (Fri) by martinfick (subscriber, #4455) [Link]

If these junior programmers are reviewing the output of the LLM before submitting the code for inclusion, doesn't that mean this would be helping get more coders to become reviewers sooner? Perhaps this will actually help resolve the reviewer crisis by making reading code finally a more common skill then writing it?

No disclosure for LLM-generated patch?

Posted Jun 29, 2025 15:30 UTC (Sun) by nevets (subscriber, #11875) [Link] (2 responses)

As the maintainer that took that patch from Sasha, this is the first I've learned that it was completely created by an LLM. But it definitely looked like it was created by some kind of script. When I first saw the patch, I figured it was found and or created by some new static analyzer (like Coccinelle). I guess I wasn't wrong.

I was going to even ask Sasha if this came from some new tool. I think I should have. And yes, it would have been nice if Sasha mentioned that it was completely created by an LLM because I would have taken a deeper look at it. It appears (from comments below) that it does indeed have a slight bug. Which I would have caught if I had know this was 100% generated, as I would not have trusted the patch as much as I did thinking Sasha did the work.

No disclosure for LLM-generated patch?

Posted Jun 29, 2025 23:31 UTC (Sun) by sashal (✭ supporter ✭, #81842) [Link] (1 responses)

As the author of hashtable.h, and the person who sent the patch to Steve, I missed it too.

For that matter, the reason I felt comfortable sending this patch out is because I know hashtable.h.

Maybe we should have a tag for tool generated patches, but OTOH we had checkpatch.pl and Coccinelle generated patches for over a decade, so why start now?

Is it an issue with the patch? Sure.

Am I surprised that LWN comments are bikeshedding over a lost __read_mostly? Not really...

No disclosure for LLM-generated patch?

Posted Jun 30, 2025 2:26 UTC (Mon) by nevets (subscriber, #11875) [Link]

For both checkpatch.pl and Coccinelle generated patches, there isn't a tag, but pretty much every case (or it should be every case) it is stated in the change log that the patch was created by a script. You left that out. I've submitted a few Coccinelle generated patches, and every time I not only state that it was produced by Coccinelle, I add to the change log the script that I fed Coccinelle to produce the patch. This allows others to know if I did the script correctly or not.

The missing "__read_mostly" is a red herring. The real issue is transparency. We should not be submitting AI generated patches without explicitly stating how it was generated. As I mentioned. If I had known it was 100% a script, I may have been a bit more critical over the patch. I shouldn't be finding this out by reading LWN articles.

No disclosure for LLM-generated patch?

Posted Jul 2, 2025 4:31 UTC (Wed) by cyphar (subscriber, #110703) [Link]

Another interesting question is whether the Signed-off-by line can be considered valid in this case, since I don't think any reasonable reading of the DCO would apply to LLM-produced code.

You didn't write it yourself, you don't know in what manner it was based on previous works (or their licenses), and even if you argue that the LLM directly gave you the code (despite not being a person), the LLM cannot certify the licensing status of the code (and would probably refuse to do so, even if asked).

ReviewGPT

Posted Jun 26, 2025 17:03 UTC (Thu) by adobriyan (subscriber, #30858) [Link] (3 responses)

> -static struct hlist_head event_hash[EVENT_HASHSIZE] __read_mostly;
> +static DEFINE_HASHTABLE(event_hash, EVENT_HASH_BITS);

@sashal

Restore "event_hash" section placement removed in commit 391dda1bd7c56de62b96126214f040fe8965561b.

Use different DEFINE_HASHTABLE macro variant to do that.

Send the fix to linux-kernel mailing list, Cc Linux tracing subsystem maintainers.

Mention it is minor fix for commit 391dda1bd7c56de62b96126214f040fe8965561b.

ReviewGPT

Posted Jun 26, 2025 19:28 UTC (Thu) by comex (subscriber, #71521) [Link] (2 responses)

(Disclaimer: I am not sashal.)

…In other words, you're saying that the patch is buggy because it drops the __read_mostly attribute (which places the data in a different section).

That's a good reminder of how untrustworthy LLMs still are. Even for such a simple patch, the LLM was still able to make a subtle mistake.

To be fair, a human could definitely make the same mistake. And whatever humans reviewed this patch apparently did miss the mistake. But I think a human would be at least less likely to make the mistake in the first place.

Also, it's not a *major* mistake. __read_mostly is just a performance hint. It shouldn't make much difference for a large structure like event_hash, since only the start and end of it can possibly share a cache line with other variables. Dropping __read_mostly might even be an improvement, given the relatively-recent guidelines to "be mindful and selective of [__read_mostly's] use" and limit it to "tightly packed" data [1], which a large sparse hash table is not.

Still, if dropping __read_mostly had been intentional, the commit message would have mentioned it. Since it doesn't, this is a mistake all right.

[1] https://github.com/torvalds/linux/blob/e34a79b96ab9d49ed8...

ReviewGPT

Posted Jun 26, 2025 19:40 UTC (Thu) by adobriyan (subscriber, #30858) [Link]

Readmostliness and API conversion are separate issues.

DEFINE_READ_MOSTLY_HASHTABLE exists and LLM missed it.

If someone knows other LLM commits, post them, we'll see what they are worth.

ReviewGPT

Posted Jun 29, 2025 15:47 UTC (Sun) by nevets (subscriber, #11875) [Link]

As the maintainer that pulled Sasha's patch, I missed the removal of the "__read_mostly" because I thought Sasha had written it, and that's not something that he would have lightly removed without mentioning it.

I first thought that's even a bug as the hash is set up at boot or module load or unload and doesn't get changed other than that. But it likely could be removed because it's only for the trace output and that's not performance critical. But it should have been a separate patch.

What about trust?

Posted Jun 26, 2025 21:23 UTC (Thu) by cengizIO (subscriber, #106222) [Link] (6 responses)

‘Signed-off-by’ implies both authorship and responsibility. Yes, he claims responsibility, but what about authorship? Where did the AI model originally copy that code from? Copying an LLM generated response and tagging it as one’s own is certainly not the right direction for an ecosystem built solely on earned trust.

What about trust?

Posted Jun 26, 2025 21:39 UTC (Thu) by bluca (subscriber, #118303) [Link] (4 responses)

An LLM is not a database, it doesn't "copy" it from anywhere. It's explained how it works in the article itself.

What about trust?

Posted Jun 27, 2025 10:46 UTC (Fri) by paulj (subscriber, #341) [Link] (3 responses)

An LLM is literally a database of fine-grained features found in a data-set. A quite sophisticated one that captures the relationships between features and their likelyhood, over varying and overlapping spans of features.

The LLM weights are a function of and a transformation of the data that was fed in. No more, no less.

What about trust?

Posted Jun 27, 2025 10:49 UTC (Fri) by paulj (subscriber, #341) [Link] (2 responses)

Oh, and at inference time you are combining that "trained" data-base with your own context window (a fraction the size of the data-set), to have the LLM extend that context window to produce something that 'follows' from the 2.

What about trust?

Posted Jun 27, 2025 11:34 UTC (Fri) by bluca (subscriber, #118303) [Link] (1 responses)

As I said, it's not copying from a database, which was implied by the post I answered to

What about trust?

Posted Jun 30, 2025 22:40 UTC (Mon) by koh (subscriber, #101482) [Link]

There was no mentioning of "database" in the post you replied to. You invented that notion. As with nearly all your comments, they are in a subtle but quite fundamental way: wrong. And yes, LLMs do copy, too, see e.g. Q_rsqrt. It's called overfitting in the corresponding terminology.

What about trust?

Posted Jun 26, 2025 21:45 UTC (Thu) by laurent.pinchart (subscriber, #71290) [Link]

> ‘Signed-off-by’ implies both authorship and responsibility.

That is not quite exact. Quoting Documentation/process/submitting-patches.rst,

> The sign-off is a simple line at the end of the explanation for the
> patch, which certifies that you wrote it or otherwise have the right to
> pass it on as an open-source patch. The rules are pretty simple: if you
> can certify the below:
>
> Developer's Certificate of Origin 1.1
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> By making a contribution to this project, I certify that:
>
> (a) The contribution was created in whole or in part by me and I
> have the right to submit it under the open source license
> indicated in the file; or
>
> (b) The contribution is based upon previous work that, to the best
> of my knowledge, is covered under an appropriate open source
> license and I have the right under that license to submit that
> work with modifications, whether created in whole or in part
> by me, under the same open source license (unless I am
> permitted to submit under a different license), as indicated
> in the file; or
>
> (c) The contribution was provided directly to me by some other
> person who certified (a), (b) or (c) and I have not modified
> it.
>
> (d) I understand and agree that this project and the contribution
> are public and that a record of the contribution (including all
> personal information I submit with it, including my sign-off) is
> maintained indefinitely and may be redistributed consistent with
> this project or the open source license(s) involved.

Whether or not a patch generated by an LLM qualifies for (a) or (b) is being debated, but authorship is not required to add a Signed-off-by line.

I hope it continues to improve

Posted Jun 27, 2025 6:44 UTC (Fri) by wtarreau (subscriber, #51152) [Link]

I've been a long-time supporter of AUTOSEL. Not necessarily the implementation itself or initial quality but the project in general and the pursued goals. I've seen it criticized a lot regarding the supposed low accuracy, but people are seeing it as a computer program and do not accept mistakes that they would happily forgive from a human. Such tools are not regular, predictable programs. They work because they're as bogus as a human, but more constant. When well tuned, they can get better at such tasks.

I think that only those who have dealt with huge patch reviews know how unreliable we become after reading a few hundred patches. Your attention declines, sometimes you respond yes or no mechanically, then suddenly you realize you did it without thinking, just because the patch looked like a previously selected one etc. When I was maintaining the extended 3.10 kernel, I had to review around 6000 patches in a week-end that I was already picking from the previous stable branch (i.e. they had already been considered for stable by someone more knowledgeable, I was not reviewing mainline). It was a super difficult task. Sometimes I had to stop to go eat something, walk around, listen to the radio for a moment, before coming back ot the task. Tasks like this are pushing humans to their limits, and that's precisely where such tools can be great: not only they save you from suffering, but they can help you be better at what you're doing.

For haproxy, we maintain stable branches and have to periodically review mainline patches and consider whether or not they're suitable for backporting. The task is the same and we figured over the years that the sole reason for not doing a stable release for a long time was the huge number of patches having to be reviewed. I have developed a preselection and review process in the same spirit as autosel (we exchanged a little bit with Sasha about our respective projects a while ago), and similarly it gives me a yes/no/uncertain/wait verdict with a short justification for the choice. It has become extremely helpful, to the point that I occasionally prefer to turn to that page to understand the purpose of a series because it gives me concise summaries and impact evaluation. Obviously sometimes it's wrong, that's why I can re-adjust the verdict myself. But it turned what used to be a day-long of really painful work into a tens of minutes task with much higher accuracy than before. While I hoped that about 2/3 of selected patches would be good, I was amazed to see that the level of overlap between my manual choices and the bot is around 98-99%! It's exactly like having someone else do that job for you where you just have to glance over it and check if nothing obvious seems to be missing. And thanks to this we can now emit stable releases more often. Also in terms of energy, since some are wondering and it's legit, our bot consumes roughly 30s of CPU per patch. For our recent 3.2 release, this means 10 hours of CPU over 6 months (or 20 hours a year). It's only a Ryzen 5800, no GPU involved, we all consume way more than this by compiling or others by playing games. It's even possible that it actually saves energy by reducing the number of required debugging / bisecting of stable releases!

It's important to make people understand that these tools are assistants which never get bored and for which you don't need to have any form of compassion. The human must have the final choice of course, but seeing the mechanical boring job being mostly done by the bot is super helpful, and significantly improves the work quality and conditions for those in charge of the task. I.e. it's no longer that much a punishment to work on a stable release.

Keep up the good work Sasha!

Human authorship?

Posted Jun 27, 2025 12:34 UTC (Fri) by jani (subscriber, #74547) [Link] (14 responses)

I keep wondering about copyright on works that lack human authorship. I'm not talking about what went into the sausage machine, but rather what comes out.

Famously, the owner of the camera didn't get the copyright on a selfie that a monkey took: https://en.wikipedia.org/wiki/Monkey_selfie_copyright_dis...

Obviously derivative works of copyleft code need to remain copyleft, regardless of who, or rather what, produces the modifications. But what about all new work? If an LLM produces something, how can anyone claim copyright on the result? Even if the LLM prompt is a work of art, how can the end result be? So how would you protect your vibe coding results?

Human authorship?

Posted Jun 28, 2025 2:44 UTC (Sat) by NYKevin (subscriber, #129325) [Link] (5 responses)

A wrinkle here is the fact that photos in general receive copyright protection, despite the fact that the average photographer is just pointing and shooting a phone at something that looks neat, and the device is doing all the work. The usual justification is that the photographer exercises discretion over lighting, framing, viewing angle, etc., but the average person is hardly doing any of that, at least not intentionally.

The Copyright Office has said that anything produced by an AI is ineligible for copyright protection, except to the extent it incorporates a human's work (e.g. because somebody photoshopped it after the fact). I'm... not entirely convinced they're right about that. Or at least, I'm not convinced it can be squared with the existing law on photos (and many similar kinds of less-creative works).

Human authorship?

Posted Jun 29, 2025 8:41 UTC (Sun) by interalia (subscriber, #26615) [Link] (4 responses)

I'm just a casual photographer who's used point-and-shoots pretty much my entire life, but I think any casual photographer still frames the photo to get the subject they want, adjusts the angle, and tries to ensure the subjects are lit. Sure, it's not a particularly rich or complex creative choice, but we/they still make them and it's definitely intentional.

Even if it's dubious in some cases right now, what do you think the appropriate input bar ought to be for photos to receive copyright protection? But that said, I do get what you mean that the minimal input on point-and-shoot photos seems comparable to the minimal input given to an LLM AI to produce something and hard to reconcile why one deserves protection but the other doesn't.

Human authorship?

Posted Jun 30, 2025 19:01 UTC (Mon) by NYKevin (subscriber, #129325) [Link] (3 responses)

> I'm just a casual photographer who's used point-and-shoots pretty much my entire life, but I think any casual photographer still frames the photo to get the subject they want, adjusts the angle, and tries to ensure the subjects are lit. Sure, it's not a particularly rich or complex creative choice, but we/they still make them and it's definitely intentional.

Replace "casual photographer" with "LLM user" and replace "frames the photo, adjusts the angle, etc." with "writes the prompt, tries multiple iterations, asks the LLM to refine it, etc." and maybe that will make the problem more apparent. This is even more of an issue for image generators, where we have to consider a more elaborate family of techniques such as inpainting, textual inversion, and ControlNet-like inputs. The amount of creative control a StableDiffusion user can exert over the output, when using all of those tools, is probably greater than the amount of creative control the average point-and-shoot photographer can exert without professional equipment.

> Even if it's dubious in some cases right now, what do you think the appropriate input bar ought to be for photos to receive copyright protection? But that said, I do get what you mean that the minimal input on point-and-shoot photos seems comparable to the minimal input given to an LLM AI to produce something and hard to reconcile why one deserves protection but the other doesn't.

Exactly. I don't believe the Copyright Office's position is logically coherent, and I think sooner or later some judge is going to point that out. As for where the bar ought to be, I have no idea, but it seems a bit late to change the rules for photos now, so probably it ends up being fairly low. I'm not sure we're going to get copyright protection for simple one-off "type a prompt and use the first output" cases, but anything more elaborate than that remains a grey area at best.

Human authorship?

Posted Jun 30, 2025 20:05 UTC (Mon) by Wol (subscriber, #4433) [Link] (2 responses)

The other problem, even with photography, is that the amount of creative input varies massively. And the further back in time you go, the more effort it took to even "point and shoot". Today, you point a snartphone at a bunch of friends, and the AI will take a good shot for you.

Go back to the start of common digital photography (maybe Y2K, with your typical camera being measured in K-pixels, and a 1.3MP camera being very hi-def, you still needed a fair bit of nouce, zooming, framing, to try and give you a decent chance of post-processing (if you wanted to).

A bit earlier (early 90s) I had a mid-range SLR (F90), with a good zoom and flash-gun. It still took a fair bit of creative input in selecting the shot, but the camera took good care of making sure the shot itself was good.

Go back to the 70s/80s, the Zenith was a popular camera that basically had no smarts whatsoever. In order to take a shot as good as the F90, you had to choose the f-stop and shutter speed, balance the flash against daylight, basically doing a lot of work.

Go further back to medium format, and you needed a tripod ...

With *both* AI and photography, the more you put in, the more you get out (well, that's true of life :-)

And (iirc the parent context correctly) if someone says "the output of an AI is not copyrightable", what are they going to say when someone argues "the *input* *is* copyrightable, and the output is *clearly* *derivative*". If the output of photography is copyrightable, even with minimal creative input, while the output of an AI is not even with massive creative input, then something is pretty blatantly wrong.

Cheers,
Wol

Human authorship?

Posted Jul 1, 2025 10:46 UTC (Tue) by anselm (subscriber, #2796) [Link] (1 responses)

If the output of photography is copyrightable, even with minimal creative input, while the output of an AI is not even with massive creative input, then something is pretty blatantly wrong.

At least here in Germany, copyright law differentiates between run-of-the-mill snapshot photography and photography as art, based on a “threshold of originality”. The latter gets full copyright protection and the former doesn't – there is still some protection but, for example, it doesn't last as long as it would otherwise.

IMHO, the analogy with photography falls flat because a point-and-shoot camera will, to all intents and purposes, produce reproducible results given the same framing, lighting conditions, etc. (which is generally considered a feature if you're a photographer). AIUI, with AI there is no unique deterministic relationship between the prompt you're entering and what the AI produces. If you feed your AI image generator (or what have you) the same prompt twice in a row you will probably get different results, so the output does not depend solely on the human effort on the input side. To my understanding this would conflict, e.g., with German copyright law, which stipulates – at least for now – that copyright protection is available exclusively for “personal intellectual creations” by human beings.

Human authorship?

Posted Jul 1, 2025 17:49 UTC (Tue) by excors (subscriber, #95769) [Link]

> AIUI, with AI there is no unique deterministic relationship between the prompt you're entering and what the AI produces. If you feed your AI image generator (or what have you) the same prompt twice in a row you will probably get different results, so the output does not depend solely on the human effort on the input side.

It generally isn't non-deterministic, but it is pseudorandom. The input includes the prompt plus a PRNG seed; if you use the same prompt and seed, and sufficiently similar software and hardware, then you should get exactly the same output. (Some UIs might not let you set the seed, but that's just a UI limitation.)

With image generators there's also some coherence across prompts: if you use the same seed with two similar but different prompts, you'll probably get similar but different outputs. So you can generate a bunch of images with one prompt across many arbitrary seeds, pick your favourite, then reuse the seed and tweak the prompt to get a variation on that image; it's not completely chaotic and unpredictable. (They work by starting with an image of pure noise, then progressively denoising it guided by the prompt. Using the same seed means starting with the same noise, and it seems a lot of the output's high-level structure is determined by that noise and is preserved through all the denoising.)

Human authorship?

Posted Jul 1, 2025 10:30 UTC (Tue) by paulj (subscriber, #341) [Link] (7 responses)

Does this mean that companies moving to AI-coding will be producing code they hold no copyright over (because being machine produced, there simply is no [new] copyright created in the output)? If someone produces an app / a piece of software that is 100% AI generated, will others be able to redistribute as they wish?

Human authorship?

Posted Jul 1, 2025 11:14 UTC (Tue) by jani (subscriber, #74547) [Link] (1 responses)

I think at this point the only thing we can say with any certainty is that we're going to see plenty of litigation and lobbying to protect corporate interests, both for LLM input *and* output.

Human authorship?

Posted Jul 1, 2025 16:18 UTC (Tue) by paulj (subscriber, #341) [Link]

It's going to be fascinating. There are corporate interests on both sides of this fence - in a number of cases, the /same/ corporate. ;) Different jurisdictions may well come to different answers too.

Human authorship?

Posted Jul 1, 2025 16:00 UTC (Tue) by kleptog (subscriber, #1183) [Link]

At least in NL law, the copyright belongs to the person that made the creative choices. In other words, no AI tool can ever produce anything copyrightable by itself. The user who made the creative choices that lead to the output has the copyright. This is the same principle that prevents Microsoft from claiming copyright over your Word documents, or a compiler writer claiming copyright over your binaries.

If those companies somewhere in the chain include a human who is deciding which AI output is acceptable and which isn't, then that would be copyrightable. Even if they were just writing a program that did the evaluation for them. Although I expect the actual protection to be somewhat commensurate to the amount of effort. And if you're talking to a chatbot, the output is copyright of the person typing.

This is Civil Law, so by statute and no court case can change that. At best the courts can prod the legislature to tell them the law might need updating, but that's it. The US being Common Law however is likely to attract a lot of litigation, unless the legislature explicitly goes to fix it.

Human authorship?

Posted Jul 1, 2025 18:37 UTC (Tue) by Cyberax (✭ supporter ✭, #52523) [Link] (3 responses)

It's likely that only non-trivial _prompts_ will be copyrighted.

I can see that in future source code repos will have the LLM-generated source code along with the list of prompts that resulted in it. And then lawyers will argue where exactly the copyright protection is going to stop. E.g. if a prompt "a website with the list of issues extracted from Bugzilla" is creative enough or if it's just a statement of requirements.

Human authorship?

Posted Jul 2, 2025 13:43 UTC (Wed) by kleptog (subscriber, #1183) [Link] (2 responses)

> It's likely that only non-trivial _prompts_ will be copyrighted.

If the prompt is copyrightable, then the output is too. An LLM is just a tool. Photos don't lose copyright by feeding them through a tool, so why would an LLM be any different? You'd have to somehow argue that an LLM is somehow a fundamentally different kind of tool than anything else you use to process text, which I don't think is a supportable idea.

Human authorship?

Posted Jul 2, 2025 14:24 UTC (Wed) by jani (subscriber, #74547) [Link]

> If the prompt is copyrightable, then the output is too.

It's just not that clear cut: https://www.skadden.com/insights/publications/2025/02/cop...

Human authorship?

Posted Jul 2, 2025 18:55 UTC (Wed) by Cyberax (✭ supporter ✭, #52523) [Link]

But _where_ does the copyright start? A prompt may be copyrightable if it's specific enough. And edits made by humans to the generated code are likely to be copyrightable.

But suppose we have this case, you build a web service to track sleep times using an LLM. And then I build a service to track the blood sugar data using an LLM.

The source code for them ends up 95% identical, just because there are so many ways to generate a simple CRUD app and we both used the same LLM version. And if you had looked at these two code bases 15 years ago, it would have been a clear-cut case of copyright infringement.

But clearly, this can't be the case anymore. Mere similarity of the code can't be used as an argument when LLMs are at play.

On (not) replacing humans

Posted Jun 27, 2025 15:30 UTC (Fri) by SLi (subscriber, #53131) [Link]

> Levin does not believe that LLMs will replace humans in tasks like kernel development.

I think this is an interesting claim; not because I think it's right or wrong, but because it's a nontrivial prediction, and a quite common one, with no explicitly expressed rationale.

Now there's enough leeway in the language to make it hard to agree on what it might mean. For one, what does "replacing humans" mean? Did compilers replace programmers? After all, people don't need to write programs (i.e. assembly) any more; instead they write these fancy higher level descriptions of the program, and the compiler intelligently does the programming. At least that's how I think it would have been viewed at a time. Or did the emergence of compilers lead to there being less programmers?

But also there are probably unstated assumptions and predictions of the capabilities of LLMs behind this kind of stances. Either extrapolation from the trajectory of LLMs so far, or even deeper stances like "LLMs are fundamentally unable of creating anything new", or beliefs—justified or not—that humans are necessarily better than any algorithm that can exist.

I don't mean to imply that these stances are ridiculous. They may well turn out to be true. And in the other direction, things that don't seem realistic sometimes work out.

I did some LLM stuff before GPT-3 was a thing. It seemed bewildering. I think it's safe to say that nobody in the field predicted the generalizing capabilities of language models.

For a long time, machine learning models meant training a model on data that was pretty similar to what you want to predict on (like creditworthiness). That was not too mind bending.

Then people started to talk about _few-shot learning_, meaning that you'd maybe only need to give a model five examples of what you want to do, and it would understand enough and be generalist enough to handle that. That sounded like scifi.

Then, next there was one-shot learning. Surely *that* could not work.

And the biggest surprise? Zero-shot learning. You just tell the model what you want it to do. I really don't think even people who researched LLMs predicted that before they started to see curious patterns in slightly less capable (by today's standards) language models.

Now, a few years later? GPT-3 feels like something which surely has been there since maybe 90s. It doesn't feel magical anymore, and the mistakes it made are ridiculous compared today's models.

Why was he not laughed out?

Posted Jun 29, 2025 23:44 UTC (Sun) by mirabilos (subscriber, #84359) [Link]

And, even more importantly, why was his ability to submit patches not revoked for submitting AI slop under his own name?

This is a DCO breach at the *very* least, plus outright lying and violation of community standards.


Copyright © 2025, Eklektix, Inc.
This article may be redistributed under the terms of the Creative Commons CC BY-SA 4.0 license
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds