[go: up one dir, main page]
|
|
Log in / Subscribe / Register

Defending against Rowhammer in the kernel

Defending against Rowhammer in the kernel

Posted Oct 28, 2016 21:17 UTC (Fri) by mst@redhat.com (guest, #60682)
Parent article: Defending against Rowhammer in the kernel

> ... the only proper solution appears to be to increase the memory refresh rate ...
I think ecc memory effectively addresses the problem too - isn't this true?

to post comments

ECC memory

Posted Oct 28, 2016 21:21 UTC (Fri) by corbet (editor, #1) [Link] (5 responses)

I've run across statements to the effect that, since rowhammer can flip multiple bits, ECC memory is not, by itself, a complete defense. But that's about all I know...

ECC memory

Posted Oct 28, 2016 22:57 UTC (Fri) by nix (subscriber, #2304) [Link] (4 responses)

See the original paper, <https://users.ece.cmu.edu/~yoonguk/papers/kim-isca14.pdf>, section 6.3. Summary: it doesn't help -- well, it may well convert attacks into DoSes for systems that panic on multi-bit errors, but it will definitely cause many uncorrectable errors, since ECCRAM is designed on the assumption of independent, uncorrelated errors, and the errors induced by rowhammer are most definitely neither independent nor uncorrelated.

ECC memory

Posted Oct 28, 2016 23:17 UTC (Fri) by ploxiln (subscriber, #58395) [Link] (3 responses)

ECC memory makes an un-correctable multi-bit error which causes a crash much more likely than an un-detectable pattern of 3+ simultaneous bit flips. Crashing the system (often with some indication somewhere of "un-correctable memory error") is a notable improvement over successful exploitation.

ECC memory

Posted Oct 31, 2016 12:09 UTC (Mon) by hmh (subscriber, #3838) [Link] (2 responses)

Actually, it doesn't even have to crash the system. It will report an UE, which on some platforms with better RAS, AFAIK, actually results in the kernel looking at what uses that page, and force-killing it instead.

Obviously, if the one using that page is the kernel, it has to Oops, but...

ECC memory

Posted Nov 5, 2016 3:28 UTC (Sat) by mikemol (guest, #83507) [Link] (1 responses)

Interesting. That turns Rowhammer into a means of killing someone else's process without the necessary privileges.

ECC memory

Posted Nov 7, 2016 22:37 UTC (Mon) by JanC_ (guest, #34940) [Link]

Maybe we can add a kernel feature that signals the process that something is wrong with its memory, and if it can correct it, it's allowed to go on… ;)

Defending against Rowhammer in the kernel

Posted Oct 28, 2016 23:33 UTC (Fri) by thestinger (guest, #91827) [Link] (1 responses)

The hardware mitigation for rowhammer is LPDDR4's optional TRR feature (target row refresh). The memory manufacturers can still screw things up by caring more about performance (timings) and yields than creating a robust product. ECC is nice as an extra layer, but it's not a direct mitigation. It can often turn rowhammer into a denial of service instead of something worse, but it's not a guarantee.

Defending against Rowhammer in the kernel

Posted Oct 31, 2016 6:35 UTC (Mon) by marcH (subscriber, #57642) [Link]

> The memory manufacturers can still screw things up by caring more about performance (timings) and yields than creating a robust product.

So like software!

(coming next: a car analogy)


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds