Re: [PATCH v2] killswitch: add per-function short-circuit mitigation primitive

Next message: l1za0 . sec: "[PATCH] jfs: fix use-after-free in jfs_lazycommit"
Previous message: Sasha Levin: "Re: [PATCH v2] killswitch: add per-function short-circuit mitigation primitive"
In reply to: Sasha Levin: "[PATCH v2] killswitch: add per-function short-circuit mitigation primitive"
Next in thread: Sasha Levin: "Re: [PATCH v2] killswitch: add per-function short-circuit mitigation primitive"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Florian Weimer

Date: Sat May 09 2026 - 08:36:01 EST

* Sasha Levin:

> When a kernel (security) issue goes public, fleets stay exposed until a patched
> kernel is built, distributed, and rebooted into.
>
> For many such issues the simplest mitigation is to stop calling the buggy
> function. Killswitch provides that. An admin writes:
>
> echo "engage af_alg_sendmsg -1" \
> > /sys/kernel/security/killswitch/control
>
> After this, af_alg_sendmsg() returns -EPERM on every call without
> running its body. The mitigation takes effect immediately, and is dropped on
> the next reboot -- by which point a patched kernel is hopefully in place.

Do you expect this to be safe to enable in kernel lockdown mode (i.e.,
with typical Secure Boot configurations in distributions)?