Re: [PATCH] killswitch: add per-function short-circuit mitigation primitive

Next message: David Hildenbrand (Arm): "Re: [PATCH v3] dma-contiguous: setup default numa cma area if not configured explicitly"
Previous message: Kevin Brodsky: "Re: [PATCH] x86/xen: Tolerate nested XEN_LAZY_MMU entering/leaving"
In reply to: Sasha Levin: "Re: [PATCH] killswitch: add per-function short-circuit mitigation primitive"
Next in thread: Sasha Levin: "Re: [PATCH] killswitch: add per-function short-circuit mitigation primitive"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Andrew Morton

Date: Fri May 08 2026 - 16:56:38 EST

On Thu, 7 May 2026 03:05:45 -0400 Sasha Levin <sashal@xxxxxxxxxx> wrote:

> When a (security) issue goes public, fleets stay exposed until a patched kernel
> is built, distributed, and rebooted into.
>
> For many such issues the simplest mitigation is to stop calling the buggy
> function. Killswitch provides that. An admin writes:
>
> echo "engage af_alg_sendmsg -1" \
> > /sys/kernel/security/killswitch/control

It certainly sounds useful, but what would I know. How do we hunt down
suitable operations people (aka "target audience") to find out how
useful this is to them?

Also,

> 19 files changed, 1451 insertions(+), 1 deletion(-)

wowzers. I'm looking at samples/livepatch/livepatch-sample.c wondering
"why"?