[PATCH] killswitch: add per-function short-circuit mitigation primitive
Summary
The Linux kernel patch introduces a killswitch to short-circuit a function, enabling immediate CVE mitigation by returning a fixed value. It includes a securityfs-based admin interface to engage/disengage per-function paths, taint tracking, and per-call hit counters, with tests and documentation. The article discusses tradeoffs of rapid mitigation versus potential side effects and best practices for deployment.