lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <202507301042.C7A6FE5ABB@keescook>
Date: Wed, 30 Jul 2025 10:51:09 -0700
From: Kees Cook <kees@...nel.org>
To: "Dr. David Alan Gilbert" <linux@...blig.org>
Cc: Steven Rostedt <rostedt@...dmis.org>,
	Lorenzo Stoakes <lorenzo.stoakes@...cle.com>,
	Greg KH <greg@...ah.com>, Sasha Levin <sashal@...nel.org>,
	corbet@....net, linux-doc@...r.kernel.org,
	workflows@...r.kernel.org, josh@...htriplett.org,
	konstantin@...uxfoundation.org, linux-kernel@...r.kernel.org,
	Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: [PATCH 0/4] Add agent coding assistant configuration to Linux
 kernel

On Wed, Jul 30, 2025 at 04:40:39PM +0000, Dr. David Alan Gilbert wrote:
>   b) There's a whole spectrum of:
>       i) AI wrote the whole patch based on a vague requirement
>      ii) AI is in the editor and tab completes stuff
>     iii) AI suggests fixes/changes
>     which do you care about?

There is a vast spectrum between i) and ii). For the 2 KUnit patches[1]
I sent, I had already taught the LLM about KUnit (via Documentation/),
and I walked the LLM through the API in question, then asked it to produce
a KUnit test. It spat out the core structure with proposed tests, and
it iterated on running the tests to make sure the tests were passing,
adjusting its assumptions about the API. I took that result and went
through it test by test to tweak edge cases, add additional checks, etc,
etc. By character count, those 2 are probably 70% written by the LLM.

For the atomisp fix[2], that was, by characters, 100% LLM, but I gave it
specific code style adjustments and guided it to examine the problem
correctly. Should it be considered "AI wrote the whole patch"? Maybe,
maybe not.

-Kees

[1] https://lore.kernel.org/lkml/202507301008.E109EB0F@keescook/
[2] https://lore.kernel.org/lkml/20250724080756.work.741-kees@kernel.org/

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ