Skip to content

Latest commit

 

History

History
36 lines (21 loc) · 2.62 KB

KASAN.md

File metadata and controls

36 lines (21 loc) · 2.62 KB

Kernel Address Sanitizer (KASAN)

Status: Upstream; in mainline since 4.0

Documentation: Documentation/dev-tools/kasan.rst

Found bugs: here

Contacts: Andrey Konovalov <@xairy>, Alexander Potapenko <@ramosian-glider>, Dmitry Vyukov <@dvyukov>

Overview

Kernel Address Sanitizer (KASAN) is a fast memory corruption detector for the Linux kernel. KASAN detects out-of-bounds, use-after-free, and invalid-free bugs in slab, page_alloc, vmalloc, stack, and global memory.

KASAN has 3 modes:

  • Generic KASAN, which is intended to be used for debugging. This mode is supported by many CPU architectures.

  • Software Tag-Based KASAN, which is intended for testing in near-production environments. This mode has a lower RAM overhead than the Generic mode but is only supported on arm64.

  • Hardware Tag-Based KASAN, which intended to be used in production as an in-field bug detector or a security mitigation. This mode is based on the Arm Memory Tagging Extension and is expected to have a very low performance overhead.

For more details about each mode, see the kernel documentation and these talks:

See KFENCE for an alternative sampling-based low-overhead memory corruption detector that can be used in production enviroments.