Date: Mon, 09 Mar 2015 22:38:22 +0100 From: Willem Jan Withagen <wjw@digiware.nl> To: Dmitry Morozovsky <marck@rinet.ru>, freebsd-security@FreeBSD.org Subject: Re: DRAM Rowhammer exploits Message-ID: <54FE12CE.1000401@digiware.nl> In-Reply-To: <alpine.BSF.2.00.1503092248580.38285@woozle.rinet.ru> References: <alpine.BSF.2.00.1503092248580.38285@woozle.rinet.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On 09/03/2015 20:49, Dmitry Morozovsky wrote: > Dear colleagues, > > any thoughts we're vulnerable to this? > > http://googleprojectzero.blogspot.ch/2015/03/exploiting-dram-rowhammer-bug-to-gain.html > As pointed out is this a hardware originated problem, not really fixable by software. Only EEC should be able to catch this. Which is mostly used on hardware for servers. And luckily that is probably also the most likely platforms on which "unidentified third parties" can run this. As no sensible PAAS/Hardware provider would forgo the use of ECC. :) I would expect this type of test to appear in tools like memtest86. Giving you in indication in advance of the the possible problem. Next to that I see a few points where we could possibly mitigate this. As I read the article, the problem is not present if the refresh frequency is doubled. This sort of indicates that manufacturers are (a bit) to optimistic about the required RAM refresh cycles. 1) If possible reprogram the RAM referesh cycle time as it is setup by the BIOS. It will reduce the available memory by an unmeasurable fraction. 2) It would be possible to build a RAM refresh thread in the kernel reading every RAM memory within a certain time frame. Thus forgoing the refresh recycle time set by the BIOS. This will require some cycles in the kernel, costing some CPU and some memory bandwidth. Big disadvantage could be that it will cause some serious thrashing of the cache content if these writes go thru the cache flowed by a cacheflush. --WjW
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54FE12CE.1000401>