"Sasha Levin, an NVIDIA engineer and Linux stable kernel co-maintainer, submitted the patch. It allows system administrators to temporarily disable a vulnerable kernel function while awaiting a security update.
The concept is simple: if a dangerous code path is identified, the kernel can be instructed to stop using that function. Instead of executing normally, the function would return an error. While this does not resolve the underlying bug, it can block access to the vulnerable path until a patched kernel is available."
edit: wonder if this would be cumbersome or false-positive prone? guess we will see. good concept
So here is the issue. Yes the function is disabled. But what if there is an application that uses the function? Or a service that depends on the working of that function? That would mean crashes or worse data loss.
Most, if not all, vulnerabilities have temporary fixes/work arounds which can be used. For example in the recent dirty-frag the workaround was to disable a few kernel modules and blacklist them. For those who cannot implement the fix, in case dirty-frag that would be folks using VPN and AndrewFileSystem, proper Intrusion detection systems can do the needfull.
This kill-switch proposal might not be a good solution. This only use case where this kill switch helps is when someone under attack and need an immediate stop to the attack. Albeit at cost of unquantifiable instability and data loss. But the point of attack might be to do exactly that. Not to steal. But to disrupt services.