Re: [PATCH] killswitch: add per-function short-circuit mitigation primitive

Next message: Joshua Crofts: "Re: [PATCH 0/8] iio: magnetometer: ak8975: driver cleanup"
Previous message: Andrew Lunn: "Re: [PATCH net-next 10/12] net: stmmac: tc956x: add TC956x/QPS615 support"
Next in thread: Joshua Peisach: "Re: [PATCH] killswitch: add per-function short-circuit mitigation primitive"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Sasha Levin

Date: Fri May 08 2026 - 09:45:30 EST

On Thu, May 07, 2026 at 09:21:15AM -0600, Jonathan Corbet wrote:

Sasha Levin <sashal@xxxxxxxxxx> writes:

When a (security) issue goes public, fleets stay exposed until a patched kernel
is built, distributed, and rebooted into.

For many such issues the simplest mitigation is to stop calling the buggy
function. Killswitch provides that. An admin writes:

echo "engage af_alg_sendmsg -1" \
> /sys/kernel/security/killswitch/control

After this, af_alg_sendmsg() returns -EPERM on every call without
running its body. The mitigation takes effect immediately, and is dropped on
the next reboot.

A quick look suggests that you're not checking lockdown status. I don't
doubt for a second that this thing could be used to bypass lockdown - by
shorting out security_locked_down() if nothing else. I'm guessing that
might not prove entirely popular.

Hmm... Good point. I'll respin a v2 adressing this and Greg's comments.

--
Thanks,
Sasha