Kernel Address Sanitizer (KASAN) is a fast memory corruption detector for the Linux kernel. KASAN detects out-of-bounds, use-after-free, and invalid-free bugs in slab, page_alloc, vmalloc, stack, and global memory.
KASAN has 3 modes:
- Generic KASAN, which is intended to be used for debugging. This mode is supported by many CPU architectures.
- Software Tag-Based KASAN, which is intended for testing in near-production environments. This mode has a lower RAM overhead than the Generic mode but is only supported on arm64.
- Hardware Tag-Based KASAN, which intended to be used in production as an in-field bug detector or a security mitigation. This mode is based on the Arm Memory Tagging Extension and is expected to have a very low performance overhead.
For more details about each mode, see the kernel documentation and these talks:
- Sanitizing the Linux kernel at Linux Security Summit Europe 2022
- Memory Tagging for the kernel: Tag-Based KASAN [video] at Android Security Symposium 2020
- Mitigating Linux kernel memory corruptions with Arm Memory Tagging [video] at Linux Security Summit 2021
See KFENCE for an alternative sampling-based low-overhead memory corruption detector that can be used in production environments.
Configuration
CONFIG_KASAN=y
CONFIG_KASAN_GENERIC=yOptionally, you can pass KASAN specific parameters at boot time to control its behavior:
kasane=1 # Enable KASAN
kasan-out-of-bounds=on # Report out-of-bounds access
kasan-use-after-free=on # Report use-after-free bugsCheck kernel logs (dmesg command) or system logs (/var/log/messages, /var/log/syslog) for KASAN reports.