On Thu, May 7, 2026 at 3:05 AM Sasha Levin <[email protected]> wrote: > > When a (security) issue goes public, fleets stay exposed until a patched > kernel > is built, distributed, and rebooted into. > > For many such issues the simplest mitigation is to stop calling the buggy > function. Killswitch provides that. An admin writes: > > echo "engage af_alg_sendmsg -1" \ > > /sys/kernel/security/killswitch/control > > After this, af_alg_sendmsg() returns -EPERM on every call without > running its body. The mitigation takes effect immediately, and is dropped on > the next reboot. > > A lot of recent kernel issues sit in code paths most installs only have > enabled > to support a relative minority of users: AF_ALG, ksmbd, nf_tables, vsock, > ax25, > and friends. > > For most users, the cost of "this socket family stops working for the day" is > much smaller than the cost of running a known vulnerable kernel until the fix > land. > > Assisted-by: Claude:claude-opus-4-7 > Signed-off-by: Sasha Levin <[email protected]> > --- > Documentation/admin-guide/index.rst | 1 + > Documentation/admin-guide/killswitch.rst | 159 ++++ > Documentation/admin-guide/tainted-kernels.rst | 8 + > MAINTAINERS | 11 + > include/linux/killswitch.h | 19 + > include/linux/panic.h | 3 +- > init/Kconfig | 2 + > kernel/Kconfig.killswitch | 31 + > kernel/Makefile | 1 + > kernel/killswitch.c | 798 ++++++++++++++++++ > kernel/panic.c | 1 + > lib/Kconfig.debug | 13 + > lib/Makefile | 1 + > lib/test_killswitch.c | 85 ++ > tools/testing/selftests/Makefile | 1 + > tools/testing/selftests/killswitch/.gitignore | 1 + > tools/testing/selftests/killswitch/Makefile | 8 + > .../selftests/killswitch/cve_31431_test.c | 162 ++++ > .../selftests/killswitch/killswitch_test.sh | 147 ++++ > 19 files changed, 1451 insertions(+), 1 deletion(-) > create mode 100644 Documentation/admin-guide/killswitch.rst > create mode 100644 include/linux/killswitch.h > create mode 100644 kernel/Kconfig.killswitch > create mode 100644 kernel/killswitch.c > create mode 100644 lib/test_killswitch.c > create mode 100644 tools/testing/selftests/killswitch/.gitignore > create mode 100644 tools/testing/selftests/killswitch/Makefile > create mode 100644 tools/testing/selftests/killswitch/cve_31431_test.c > create mode 100755 tools/testing/selftests/killswitch/killswitch_test.sh
If we made Lockdown an LSM, we should probably also make killswitch an LSM. For the LSM crowd who might be seeing this for the first time, the original thread can be found on lore via the link below: https://lore.kernel.org/all/[email protected] -- paul-moore.com
