news
LWN on Kernel, File Systems, and Trusted Publishing
-
LWN ☛ Moving beyond fork() + exec() [LWN.net]
Since the earliest days of Unix, two of the core process-oriented system calls have been fork(), which creates a child process as a copy of the parent, and exec(), which runs a new program in the place of the current one. In Linux kernels, those system calls are better known as clone() and execve(), but the core functionality remains the same. While there is elegance to this process-creation model, there are shortcomings as well. A recent proposal from Li Chen to add "spawn templates" to the kernel will not be accepted in its current form, but it may point the way toward a new process-creation primitive in the future.
fork() is a relatively expensive system call; it must copy the entire process state (including memory) for the child process. Many optimizations have been made over the years, but a fork is still a fundamentally costly operation. To make things worse, a fork() call is often immediately followed by an exec(), which will discard all of that memory that was so carefully copied for the child. Attempts (such as vfork()) have been made over the years to optimize for this case, but the pattern still is more expensive than it could be.
-
LWN ☛ Splicing out vmsplice() [LWN.net]
The splice() and vmsplice() system calls are meant to improve performance for certain data-movement tasks by minimizing (or avoiding altogether) system calls and the copying of data. They also have a long history of security problems. The recent flood of LLM-discovered vulnerabilities has drawn attention, once again, to splice() and vmsplice(); as a result, they may end up being removed altogether.
-
LWN ☛ BPF loop verification with scalar evolution [LWN.net]
The BPF verifier has, in the course of wrestling with the difficult problem of statically analyzing loops, grown special support for many kinds of loops over its history, but its fundamental approach to simple for loops has not changed. When it encounters a loop, it evaluates it, iteration by iteration, until reaching an exit condition — a process that can cause the verifier to mistakenly hit the limit on the number of allowed instructions where a better implementation would not. Eduard Zingerman spoke at the 2026 Linux Storage, Filesystem, Memory-Management, and BPF Summit about his in-progress work on improving the verifier's treatment of loops, especially nested loops.
His ultimate goal, as explained in his slides, is to enable the verifier to handle typical for and while loops in a single pass, without needing to iterate over the loop. To accomplish this, he plans to use a technique called scalar evolution to calculate the range of values that variables can possibly take on inside the loop, and then check whether the loop body is safe with the values in that range.
-
LWN ☛ An update on fanotify [LWN.net]
In a filesystem-track session at the 2026 Linux Storage, Filesystem, Memory Management, and BPF Summit, Amir Goldstein updated attendees on the fanotify filesystem-event monitoring subsystem. He wanted to describe changes that had come in the last year or so, as well as upcoming features and some remaining challenges in his efforts to use fanotify for hierarchical storage management (HSM). Fanotify is the user-space API for monitoring files, directories, and filesystems for events of various sorts (e.g. opening or deleting a file).
-
LWN ☛ Eliminating long-lived credentials with trusted publishing [LWN.net]
Trusted publishing is an authentication mechanism that relies on short-lived credentials to reduce the risk of supply-chain attacks. At the 2026 Open Source Summit North America, Mike Fiedler walked the audience through why trusted publishing exists, how it works, and made the case for its adoption. It is not a silver bullet against all attacks, but it does offer protection against theft of long-lived credentials used to publish to package registries.
Fiedler is employed by the Python Software Foundation (PSF) as the safety and security engineer for the Python Package Index (PyPI). This is a role, he said, that did not exist before he took the job three years ago. It exists thanks to funding from the Linux Foundation's Alpha-Omega initiative. Everything he would be covering in his talk, he said, exists ""pretty much because somebody is paid full time to think about these things"".
He asked whether the audience was familiar with PyPI, or if they had ever installed anything using pip. Most, if not all, of the hands in the room were raised at that point. Fiedler said that he had asked if anyone knew about PyPI at a data-science conference and got blank faces; but when he asked if they had ever used pip install, everyone raised their hand.