Hacker News new | ask | show | jobs
by zsmi 1677 days ago
> Rowhammer is a physical flaw in how memory cells in DRAM are laid out

It's not really a flaw, more like a consequence of how memory cells are laid out. I mean most people want lots of bits in their DRAM. Maximizing this parameter necessitates that some will be in close proximity.
1 comments
woodruffw 1677 days ago
To my (non-EE) mind, the flaw is the electrical leakage between the cells. Tight packing is a consequence of economic forces, but I assume there are also technical solutions that allow for tight packing (but either offset the performance or cost gains). Is that assumption wrong? (Genuinely asking!)
link
zsmi 1677 days ago
There was a good paper on it in 2014. [1] They describe the RowHammer attack as: opening and closing (activation and precharge) a DRAM row (aggressor row) at a high enough rate (hammering) such that it can cause bit-flips in physically nearby rows (victim row).

Colloquially, it's basically a change in voltage in one place can indirectly cause a change in voltage in another place via capacitive coupling. Capacitance increases proportional to the inverse of the separating distance so only in recent years have things shrunk to the size that makes it an issue.

Since having less bits in DRAM is basically not an option most mitigation techniques that I know of remove the possibility of hammering: possibilities include the OS, memory system controller, or DRAM controller changes.

[1] https://users.ece.cmu.edu/~yoonguk/papers/kim-isca14.pdf

link
woodruffw 1677 days ago
Much appreciated, thank you.
link
tlb 1677 days ago
DRAM cells also decay over time (~ 60 milliseconds), but memory controllers have some logic to refresh every row on a regular schedule so it's not an issue.

They should also have logic to refresh adjacent rows if some number of consecutive accesses to a small group of rows is detected. This is rare in normal workloads, because those accesses normally come from cache. It's lame of chipmakers to not fix this. The fix would requires the DRAM controller (integrated into modern CPUs) to know more about the internals of DRAMs than they currently do.

link
zsmi 1677 days ago
In theory DDR5/LPDDR5 added a controller command for RowHammer mitigation but I haven't had time to research it yet.

See: https://arxiv.org/pdf/2108.06703.pdf

link