# killswitch

> **TL;DR.** A killswitch is a per-function short-circuit mitigation primitive proposed for the Linux kernel that lets privileged administrators instantly disable a vulnerable code path at runtime — without rebooting or patching — by installing a kprobe that intercepts calls and returns a fixed error.

- **Category:** Linux / Security / Kernel Infrastructure
- **Stage:** validating
- **Age:** 40 days
- **Origin date:** 2026-05-07
- **First detected:** 2026-05-09
- **Canonical URL:** https://earlyterms.com/term/killswitch
- **Sources:** 7 primary URLs

## Definition

A killswitch is a per-function short-circuit mitigation primitive proposed for the Linux kernel that lets privileged administrators instantly disable a vulnerable code path at runtime — without rebooting or patching — by installing a kprobe that intercepts calls and returns a fixed error.

NVIDIA engineer and Linux stable co-maintainer Sasha Levin submitted the patch on May 7, 2026, as a direct response to the Copy Fail (CVE-2026-31431) and Dirty Frag (CVE-2026-43284, CVE-2026-43500) vulnerability disclosures. Exposed via `/sys/kernel/security/killswitch/control`, it accepts `engage <symbol> <retval>` commands targeting code paths like `AF_ALG`, `ksmbd`, `nf_tables`, `vsock`, and `ax25`.

## Analogy

Think of it as a circuit breaker for kernel functions: flip it open and the vulnerable path fails fast until the real fix lands.

## Why it's emerging now

Two back-to-back Linux kernel zero-days — Copy Fail (April 29) and Dirty Frag (May 7) — exposed a structural gap: vulnerabilities go public before distro patches ship. Sasha Levin proposed 'killswitch' as a runtime per-function disable primitive to bridge that window, filing the patch the same day Dirty Frag was disclosed.

## Related terms

- *related:* kpatch
- *related:* eBPF-LSM
- *related:* kprobes
- *related:* seccomp
- *related:* Copy Fail (CVE-2026-31431)
- *related:* Dirty Frag
- *related:* live patching
- *related:* securityfs
- *related:* function error injection
- *related:* agent-traps

## Sources

1. [LKML patch — Sasha Levin: Killswitch Per-function short-circuit mitigation primitive](https://lwn.net/ml/all/20260507070547.2268452-1-sashal@kernel.org/)
2. [LWN.net — killswitch for short-term emergency vulnerability mitigation](https://lwn.net/Articles/1071861/)
3. [Linuxiac — Linux Kernel Killswitch Proposed After Recent Vulnerability Disclosures](https://linuxiac.com/linux-kernel-killswitch-proposed-after-recent-vulnerability-disclosures/)
4. [Hacker News — Killswitch: Per-function short-circuit mitigation primitive](https://news.ycombinator.com/item?id=48073394)
5. [The Hacker News — Dirty Frag LPE (CVE-2026-43284, CVE-2026-43500)](https://thehackernews.com/2026/05/linux-kernel-dirty-frag-lpe-exploit.html)
6. [Ubuntu Security — Fixes for Copy Fail (CVE-2026-31431)](https://ubuntu.com/blog/copy-fail-vulnerability-fixes-available)
7. [Cloudflare Blog — How Cloudflare responded to Copy Fail](https://blog.cloudflare.com/copy-fail-linux-vulnerability-mitigation/)

---
_Generated by EarlyTerms · https://earlyterms.com/term/killswitch_