Re: [PATCH v3] killswitch: add per-function short-circuit mitigation primitive

[Song Liu]

On Sun, May 17, 2026 at 6:49 AM Sasha Levin <sas...@kernel.org> wrote:
>
> When a kernel (security) issue goes public, fleets stay exposed until a 
> patched
> kernel is built, distributed, and rebooted into.
>
> For many such issues the simplest mitigation is to stop calling the buggy
> function. Killswitch provides that. An admin writes:
>
>     echo "engage af_alg_sendmsg -1" \
>         > /sys/kernel/security/killswitch/control
>

With v3, we hit this with fentry and killswitch on the same function:

[root@(none) /]# bpftrace -e 'fentry:security_file_open {@count+=1;}' &
[1] 295
Attached 1 probe
[root@(none) /]# echo 'engage security_file_open 0' >
/sys/kernel/security/killswitch/control
[   97.112360] killswitch: engage security_file_open=0 uid=0
auid=4294967295 ses=4294967295 comm=bash
[   97.120766] BUG: unable to handle page fault for address: ffffffffb5855043
[   97.121212] #PF: supervisor read access in kernel mode
[   97.121517] #PF: error_code(0x0000) - not-present page
[   97.121710] PGD 4a76067 P4D 4a77067 PUD 4a78063 PMD 0
[   97.121710] Oops: Oops: 0000 [#1] SMP NOPTI
[   97.121710] CPU: 1 UID: 0 PID: 430 Comm: bash Tainted: G
     N H 7.1.0-rc4+ #195 PREEMPT(full)
[   97.121710] Tainted: [N]=TEST, [H]=KILLSWITCH
[   97.121710] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[   97.121710] RIP: 0010:fd_install+0x1c/0x220
[   97.121710] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f
1e fa 0f 1f 44 00 00 65 48 8b 15 47 a0 a4 04 41 54 55 53 48 8b 9a 70
0a 00 00 <f6> 46 43 01 0f 85 62 01 00 00 41 89 fc 48 89 f5 65 ff 05 3d
a0 a4
[   97.121710] RSP: 0018:ffa0000000f2fe70 EFLAGS: 00010286
[   97.121710] RAX: ffffffffb5855000 RBX: ff11000100911c40 RCX: 0000000000000000
[   97.121710] RDX: ff110001045349c0 RSI: ffffffffb5855000 RDI: 0000000000000003
[   97.121710] RBP: ff11000100be81c0 R08: 0000000000000001 R09: 0000000000000000
[   97.121710] R10: 0000000000000001 R11: 00000000000008c2 R12: 0000000000000003
[   97.121710] R13: 00000000ffffff9c R14: 0000000000000101 R15: 0000000000000000
[   97.121710] FS:  00007fb231d4d740(0000) GS:ff110001b5855000(0000)
knlGS:0000000000000000
[   97.121710] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   97.121710] CR2: ffffffffb5855043 CR3: 0000000114513002 CR4: 0000000000771ef0
[   97.121710] PKRU: 00000000
[   97.121710] Call Trace:
[   97.121710]  <TASK>
[   97.121710]  do_sys_openat2+0x7f/0xe0
[   97.121710]  __x64_sys_openat+0x56/0xa0
[   97.121710]  do_syscall_64+0xc4/0xf20
[   97.121710]  ? srso_alias_return_thunk+0x5/0xfbef5
[   97.121710]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   97.121710] RIP: 0033:0x7fb231e4ee1b
[   97.121710] Code: 25 00 00 41 00 3d 00 00 41 00 74 4b 64 8b 04 25
18 00 00 00 85 c0 75 67 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00
00 0f 05 <48> 3d 00 f0 ff ff 0f 87 91 00 00 00 48 8b 54 24 28 64 48 2b
14 25
[   97.121710] RSP: 002b:00007ffefe160770 EFLAGS: 00000246 ORIG_RAX:
0000000000000101
[   97.121710] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fb231e4ee1b
[   97.121710] RDX: 0000000000000000 RSI: 000055616f0411d0 RDI: 00000000ffffff9c
[   97.121710] RBP: 000055616f0411d0 R08: 000055616f046b60 R09: 0064692d656e6968
[   97.121710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   97.121710] R13: 000055616f03cb20 R14: 000055616f039310 R15: 0000000000000000
[   97.121710]  </TASK>
[   97.121710] Modules linked in:
[   97.121710] CR2: ffffffffb5855043
[   97.121710] ---[ end trace 0000000000000000 ]---
[   97.121710] RIP: 0010:fd_install+0x1c/0x220
[   97.121710] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f
1e fa 0f 1f 44 00 00 65 48 8b 15 47 a0 a4 04 41 54 55 53 48 8b 9a 70
0a 00 00 <f6> 46 43 01 0f 85 62 01 00 00 41 89 fc 48 89 f5 65 ff 05 3d
a0 a4
[   97.121710] RSP: 0018:ffa0000000f2fe70 EFLAGS: 00010286
[   97.121710] RAX: ffffffffb5855000 RBX: ff11000100911c40 RCX: 0000000000000000
[   97.121710] RDX: ff110001045349c0 RSI: ffffffffb5855000 RDI: 0000000000000003
[   97.121710] RBP: ff11000100be81c0 R08: 0000000000000001 R09: 0000000000000000
[   97.121710] R10: 0000000000000001 R11: 00000000000008c2 R12: 0000000000000003
[   97.121710] R13: 00000000ffffff9c R14: 0000000000000101 R15: 0000000000000000
[   97.121710] FS:  00007fb231d4d740(0000) GS:ff110001b5855000(0000)
knlGS:0000000000000000
[   97.121710] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   97.121710] CR2: ffffffffb5855043 CR3: 0000000114513002 CR4: 0000000000771ef0
[   97.121710] PKRU: 00000000
[   97.121710] Kernel panic - not syncing: Fatal exception
[   97.121710] Kernel Offset: disabled