On Fri, May 08, 2026 at 01:56:30PM -0700, Andrew Morton wrote:
On Thu, 7 May 2026 03:05:45 -0400 Sasha Levin <[email protected]> wrote:
When a (security) issue goes public, fleets stay exposed until a patched kernel
is built, distributed, and rebooted into.
For many such issues the simplest mitigation is to stop calling the buggy
function. Killswitch provides that. An admin writes:
echo "engage af_alg_sendmsg -1" \
> /sys/kernel/security/killswitch/control
It certainly sounds useful, but what would I know. How do we hunt down
suitable operations people (aka "target audience") to find out how
useful this is to them?
I'm not entierly sure here... If folks have suggestions on folks to loop in,
that'll be great!
19 files changed, 1451 insertions(+), 1 deletion(-)
wowzers. I'm looking at samples/livepatch/livepatch-sample.c wondering
"why"?
Yup, a bit chunky, but over half of it is documentation and testing, and the
actual functional code is largely the securityfs interface.
--
Thanks,
Sasha
