Sasha Levin submitted a patch adding a per‑function short‑circuit mitigation primitive, killswitch, to the Linux kernel. The feature lets an operator force any traced function to return a predetermined value without executing its body, providing a stop‑gap while a fix is prepared. Because the change hooks at the kprobe layer, no kernel rebuild is required. Engagement occurs via /sys/kernel/security/killswitch/control and persists until reboot or disengage.

Enabling the code requires CONFIG_KILLSWITCH, which depends on SECURITYFS, KPROBES with ftrace, and FUNCTION_ERROR_INJECTION. Once engaged, the kernel logs a KERN_WARNING with the symbol, return value, hit count and operator identity. The first successful engagement sets the TAINT_KILLSWITCH flag (character “H”), ensuring any subsequent oops can be traced back to the mitigation. The taint flag also appears in /proc/sys/kernel/tainted output.

Administrators can disable entire socket families such as AF_ALG, ksmbd or nf_tables by engaging their top‑level entry point—e.g., echo "engage af_alg_sendmsg -1" > control—causing every call to fail with -EPERM instantly. This approach effectively trades a day's loss of specific functionality for protecting fleets from known vulnerable kernels, and the mitigation disappears automatically on reboot.