Status: Upstream; in mainline since 4.0
Documentation: Documentation/dev-tools/kasan.rst
Found bugs: here
Contacts: Andrey Konovalov <@xairy>, Alexander Potapenko <@ramosian-glider>, Dmitry Vyukov <@dvyukov>
Kernel Address Sanitizer (KASAN) is a fast memory corruption detector for the Linux kernel. KASAN detects out-of-bounds, use-after-free, and invalid-free bugs in slab, page_alloc, vmalloc, stack, and global memory.
KASAN has 3 modes:
-
Generic KASAN, which is intended to be used for debugging. This mode is supported by many CPU architectures.
-
Software Tag-Based KASAN, which is intended for testing in near-production environments. This mode has a lower RAM overhead than the Generic mode but is only supported on arm64.
-
Hardware Tag-Based KASAN, which intended to be used in production as an in-field bug detector or a security mitigation. This mode is based on the Arm Memory Tagging Extension and is expected to have a very low performance overhead.
For more details about each mode, see the kernel documentation and these talks:
-
Sanitizing the Linux kernel at Linux Security Summit Europe 2022
-
Memory Tagging for the kernel: Tag-Based KASAN [video] at Android Security Symposium 2020
-
Mitigating Linux kernel memory corruptions with Arm Memory Tagging [video] at Linux Security Summit 2021
See KFENCE for an alternative sampling-based low-overhead memory corruption detector that can be used in production enviroments.