Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

From: Daniel Micay
Date: Tue Nov 01 2016 - 03:20:37 EST

On Tue, 2016-11-01 at 07:33 +0100, Ingo Molnar wrote:
> * Pavel Machek <pavel@xxxxxx> wrote:
> > I'm not going to buy broken hardware just for a test.
> Can you suggest a method to find heavily rowhammer affected hardware?
> Only byÂ
> testing it, or are there some chipset IDs ranges or dmidecode info
> that willÂ
> pinpoint potentially affected machines?
> Thanks,
> Ingo

You can read the memory timing values, but you can't know if they're
reasonable for that hardware. Higher quality memory can have better
timings without being broken. The only relevant information would be the
memory model, combined with an expensive / time consuming effort to
build a blacklist based on testing. It doesn't seem realistic, unless
it's done in a coarse way based on brand and the date information.

I don't know how to get this data on Linux. The CPU-Z tool for Windows
knows how to obtain it but it's based on a proprietary library.

You definitely don't need to buy broken hardware to test a broken
hardware setup though. You just need a custom computer build where
motherboards expose the memory timing configuration. You can make it
more vulnerable by raising the refresh period (tREF). I wanted to play
around with that but haven't gotten around to it.

Attachment: signature.asc
Description: This is a digitally signed message part