KASAN
===============

* In this section, you are going to learn

.. panels::
        :container: container pb-4
        :column: col-lg-12 p-2
        :card: shadow

        What is KASAN ?

.. panels::
        :container: container pb-4
        :column: col-lg-12 p-2
        :card: shadow

        Use of KASAN to detect stack corruption in kernel space ?

Basics
------------

.. panels::
        :container: container pb-4
        :column: col-lg-12 p-2
        :card: shadow

        * KASAN is Kernel Address Sanitizer
        * Linux kernel reference : https://www.kernel.org/doc/html/latest/dev-tools/kasan.html

System used for Testing
---------------------------

The testing was performed on a localized development environment. The results
captured in this document reflect a custom-built kernel version 6.19.9.

.. list-table::
   :widths: 30 70
   :header-rows: 1

   * - Parameter
     - Details
   * - **Kernel Version**
     - 6.19.9 #1 SMP PREEMPT_DYNAMIC Wed Mar 25 2026
   * - **Architecture**
     - x86_64 (64-bit Intel/AMD)
   * - **Operating System**
     - Ubuntu 22.04.5 LTS (Jammy Jellyfish)

.. code-block:: bash

   test@test:~/kasan$ uname -a
   Linux test 6.19.9 #1 SMP PREEMPT_DYNAMIC Wed Mar 25 13:33:21 IST 2026 x86_64 GNU/Linux

.. code-block:: bash

   test@test:~/kasan$ lsb_release -a
   Distributor ID: Ubuntu
   Description:    Ubuntu 22.04.5 LTS
   Release:        22.04
   Codename:       jammy

Pre-requisites: Kernel Configuration
--------------------------------------

Memory sanitization is not active by default in all production kernels due to
performance overhead. For this test to succeed, the following ``Kconfig``
symbols must be enabled during the kernel compilation process:

.. list-table::
   :widths: 30 70
   :header-rows: 1

   * - Kconfig Option
     - Functional Description
   * - **CONFIG_KASAN=y**
     - The base framework for address sanitization. Uses shadow memory to track the safety of every memory byte.
   * - **CONFIG_KASAN_STACK=y**
     - **Mandatory.** Enables the compiler to instrument the stack by adding "redzones" around local variables.
   * - **CONFIG_KASAN_INLINE=y**
     - Optimizes performance by inlining memory checks directly into assembly instead of calling external handlers.
   * - **CONFIG_STACKTRACE=y**
     - Required for the kernel to "walk" the stack and produce the human-readable **Call Trace** in logs.

You can verify your current environment using the following command:

.. code-block:: bash

   test@test:~/kasan$ grep -E "CONFIG_KASAN|CONFIG_KASAN_STACK|CONFIG_KASAN_INLINE|CONFIG_STACKTRACE" /boot/config-$(uname -r)

**Verified Configuration Output:**

.. code-block:: bash

   CONFIG_STACKTRACE_SUPPORT=y
   CONFIG_KASAN_SHADOW_OFFSET=0xdffffc0000000000
   # CONFIG_STACKTRACE_BUILD_ID is not set
   CONFIG_KASAN=y
   CONFIG_KASAN_GENERIC=y
   # CONFIG_KASAN_OUTLINE is not set
   CONFIG_KASAN_INLINE=y
   CONFIG_KASAN_STACK=y
   CONFIG_KASAN_VMALLOC=y
   CONFIG_KASAN_EXTRA_INFO=y
   CONFIG_STACKTRACE=y

KASAN Examples
----------------------

.. toctree::
        :maxdepth: 1
        :hidden:
        :includehidden:

        kasan/kasan_stack_test