KASAN
In this section, you are going to learn
What is KASAN ?
Use of KASAN to detect stack corruption in kernel space ?
Basics
KASAN is Kernel Address Sanitizer
Linux kernel reference : https://www.kernel.org/doc/html/latest/dev-tools/kasan.html
System used for Testing
The testing was performed on a localized development environment. The results captured in this document reflect a custom-built kernel version 6.19.9.
Parameter |
Details |
|---|---|
Kernel Version |
6.19.9 #1 SMP PREEMPT_DYNAMIC Wed Mar 25 2026 |
Architecture |
x86_64 (64-bit Intel/AMD) |
Operating System |
Ubuntu 22.04.5 LTS (Jammy Jellyfish) |
test@test:~/kasan$ uname -a
Linux test 6.19.9 #1 SMP PREEMPT_DYNAMIC Wed Mar 25 13:33:21 IST 2026 x86_64 GNU/Linux
test@test:~/kasan$ lsb_release -a
Distributor ID: Ubuntu
Description: Ubuntu 22.04.5 LTS
Release: 22.04
Codename: jammy
Pre-requisites: Kernel Configuration
Memory sanitization is not active by default in all production kernels due to
performance overhead. For this test to succeed, the following Kconfig
symbols must be enabled during the kernel compilation process:
Kconfig Option |
Functional Description |
|---|---|
CONFIG_KASAN=y |
The base framework for address sanitization. Uses shadow memory to track the safety of every memory byte. |
CONFIG_KASAN_STACK=y |
Mandatory. Enables the compiler to instrument the stack by adding “redzones” around local variables. |
CONFIG_KASAN_INLINE=y |
Optimizes performance by inlining memory checks directly into assembly instead of calling external handlers. |
CONFIG_STACKTRACE=y |
Required for the kernel to “walk” the stack and produce the human-readable Call Trace in logs. |
You can verify your current environment using the following command:
test@test:~/kasan$ grep -E "CONFIG_KASAN|CONFIG_KASAN_STACK|CONFIG_KASAN_INLINE|CONFIG_STACKTRACE" /boot/config-$(uname -r)
Verified Configuration Output:
CONFIG_STACKTRACE_SUPPORT=y
CONFIG_KASAN_SHADOW_OFFSET=0xdffffc0000000000
# CONFIG_STACKTRACE_BUILD_ID is not set
CONFIG_KASAN=y
CONFIG_KASAN_GENERIC=y
# CONFIG_KASAN_OUTLINE is not set
CONFIG_KASAN_INLINE=y
CONFIG_KASAN_STACK=y
CONFIG_KASAN_VMALLOC=y
CONFIG_KASAN_EXTRA_INFO=y
CONFIG_STACKTRACE=y