Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

Hi! > On Fri, Oct 28, 2016 at 03:05:22PM +0100, Mark Rutland wrote: > > > > > > * the precise semantics of performance counter events varies drastically > > > > across implementations. PERF_COUNT_HW_CACHE_MISSES, might only map to > > > > one particular level of cache, and/or may not be

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

Hi! > On Fri, Oct 28, 2016 at 03:05:22PM +0100, Mark Rutland wrote: > > > > > > * the precise semantics of performance counter events varies drastically > > > > across implementations. PERF_COUNT_HW_CACHE_MISSES, might only map to > > > > one particular level of cache, and/or may not be

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

On 01.11.2016 09:10, Pavel Machek wrote: cpu family : 6 model: 23 model name : Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz stepping : 10 microcode: 0xa07 so rowhammerjs/native is not available for this system. Bit mapping for memory hash functions would

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

On 01.11.2016 09:10, Pavel Machek wrote: cpu family : 6 model: 23 model name : Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz stepping : 10 microcode: 0xa07 so rowhammerjs/native is not available for this system. Bit mapping for memory hash functions would

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

Hi! > * Pavel Machek wrote: > > > I'm not going to buy broken hardware just for a test. > > Can you suggest a method to find heavily rowhammer affected hardware? Only by > testing it, or are there some chipset IDs ranges or dmidecode info that will > pinpoint potentially

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

Hi! > * Pavel Machek wrote: > > > I'm not going to buy broken hardware just for a test. > > Can you suggest a method to find heavily rowhammer affected hardware? Only by > testing it, or are there some chipset IDs ranges or dmidecode info that will > pinpoint potentially affected machines?

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

On 01.11.2016 07:33, Ingo Molnar wrote: Can you suggest a method to find heavily rowhammer affected hardware? Only by testing it, or are there some chipset IDs ranges or dmidecode info that will pinpoint potentially affected machines? I have worked with many different systems both on running

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

On 01.11.2016 07:33, Ingo Molnar wrote: Can you suggest a method to find heavily rowhammer affected hardware? Only by testing it, or are there some chipset IDs ranges or dmidecode info that will pinpoint potentially affected machines? I have worked with many different systems both on running

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

On Tue, 2016-11-01 at 07:33 +0100, Ingo Molnar wrote: > * Pavel Machek wrote: > > > I'm not going to buy broken hardware just for a test. > > Can you suggest a method to find heavily rowhammer affected hardware? > Only by  > testing it, or are there some chipset IDs ranges or

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

On Tue, 2016-11-01 at 07:33 +0100, Ingo Molnar wrote: > * Pavel Machek wrote: > > > I'm not going to buy broken hardware just for a test. > > Can you suggest a method to find heavily rowhammer affected hardware? > Only by  > testing it, or are there some chipset IDs ranges or dmidecode info >

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

* Pavel Machek wrote: > I'm not going to buy broken hardware just for a test. Can you suggest a method to find heavily rowhammer affected hardware? Only by testing it, or are there some chipset IDs ranges or dmidecode info that will pinpoint potentially affected machines?

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

* Pavel Machek wrote: > I'm not going to buy broken hardware just for a test. Can you suggest a method to find heavily rowhammer affected hardware? Only by testing it, or are there some chipset IDs ranges or dmidecode info that will pinpoint potentially affected machines? Thanks,

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

On Mon, Oct 31, 2016 at 10:13:03PM +0100, Pavel Machek wrote: > On Mon 2016-10-31 14:47:39, Mark Rutland wrote: > > On Mon, Oct 31, 2016 at 09:27:05AM +0100, Pavel Machek wrote: > > > > On Fri, Oct 28, 2016 at 01:21:36PM +0200, Pavel Machek wrote: > > > > > > Has this been tested on a system

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

On Mon, Oct 31, 2016 at 10:13:03PM +0100, Pavel Machek wrote: > On Mon 2016-10-31 14:47:39, Mark Rutland wrote: > > On Mon, Oct 31, 2016 at 09:27:05AM +0100, Pavel Machek wrote: > > > > On Fri, Oct 28, 2016 at 01:21:36PM +0200, Pavel Machek wrote: > > > > > > Has this been tested on a system

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

On Mon 2016-10-31 14:47:39, Mark Rutland wrote: > On Mon, Oct 31, 2016 at 09:27:05AM +0100, Pavel Machek wrote: > > > On Fri, Oct 28, 2016 at 01:21:36PM +0200, Pavel Machek wrote: > > > > > Has this been tested on a system vulnerable to rowhammer, and if so, > > > > > was > > > > > it reliable in

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

On Mon 2016-10-31 14:47:39, Mark Rutland wrote: > On Mon, Oct 31, 2016 at 09:27:05AM +0100, Pavel Machek wrote: > > > On Fri, Oct 28, 2016 at 01:21:36PM +0200, Pavel Machek wrote: > > > > > Has this been tested on a system vulnerable to rowhammer, and if so, > > > > > was > > > > > it reliable in

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

On Mon, Oct 31, 2016 at 09:27:05AM +0100, Pavel Machek wrote: > > On Fri, Oct 28, 2016 at 01:21:36PM +0200, Pavel Machek wrote: > > > > Has this been tested on a system vulnerable to rowhammer, and if so, was > > > > it reliable in mitigating the issue? > > > I do not have vulnerable machine near

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

On Mon, Oct 31, 2016 at 09:27:05AM +0100, Pavel Machek wrote: > > On Fri, Oct 28, 2016 at 01:21:36PM +0200, Pavel Machek wrote: > > > > Has this been tested on a system vulnerable to rowhammer, and if so, was > > > > it reliable in mitigating the issue? > > > I do not have vulnerable machine near

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

Hi! > On Fri, Oct 28, 2016 at 01:21:36PM +0200, Pavel Machek wrote: > > > Has this been tested on a system vulnerable to rowhammer, and if so, was > > > it reliable in mitigating the issue? > > > > > > Which particular attack codebase was it tested against? > > > > I have rowhammer-test here, >

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

Hi! > On Fri, Oct 28, 2016 at 01:21:36PM +0200, Pavel Machek wrote: > > > Has this been tested on a system vulnerable to rowhammer, and if so, was > > > it reliable in mitigating the issue? > > > > > > Which particular attack codebase was it tested against? > > > > I have rowhammer-test here, >

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

On 30.10.2016 00:01, Pavel Machek wrote: Hmm, maybe I'm glad I don't have a new machine :-). I assume you still get _some_ bitflips with generic "rowhammer"? 1 or 2 every 20-30 minutes...

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

On 30.10.2016 00:01, Pavel Machek wrote: Hmm, maybe I'm glad I don't have a new machine :-). I assume you still get _some_ bitflips with generic "rowhammer"? 1 or 2 every 20-30 minutes...

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

On Sat 2016-10-29 23:49:57, Daniel Gruss wrote: > On 29.10.2016 23:45, Pavel Machek wrote: > >indy/sandy/haswell/skylake, so I'll just use the generic version...?) > > yes, generic might work, but i never tested it on anything that old... > > on my system i have >30 bit flips per second (ivy

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

On Sat 2016-10-29 23:49:57, Daniel Gruss wrote: > On 29.10.2016 23:45, Pavel Machek wrote: > >indy/sandy/haswell/skylake, so I'll just use the generic version...?) > > yes, generic might work, but i never tested it on anything that old... > > on my system i have >30 bit flips per second (ivy

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

On 29.10.2016 23:45, Pavel Machek wrote: indy/sandy/haswell/skylake, so I'll just use the generic version...?) yes, generic might work, but i never tested it on anything that old... on my system i have >30 bit flips per second (ivy bridge i5-3xxx) with the rowhammer-ivy test... sometimes

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

On 29.10.2016 23:45, Pavel Machek wrote: indy/sandy/haswell/skylake, so I'll just use the generic version...?) yes, generic might work, but i never tested it on anything that old... on my system i have >30 bit flips per second (ivy bridge i5-3xxx) with the rowhammer-ivy test... sometimes

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

On Sat 2016-10-29 23:07:59, Daniel Gruss wrote: > On 29.10.2016 23:05, Pavel Machek wrote: > >So far I did bzip2 and kernel compilation. I believe I can prevent > >flips in rowhammer-test with bzip2 going from 4 seconds to 5 > >seconds... let me see. > > can you prevent bitflips in this one? >

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

On Sat 2016-10-29 23:07:59, Daniel Gruss wrote: > On 29.10.2016 23:05, Pavel Machek wrote: > >So far I did bzip2 and kernel compilation. I believe I can prevent > >flips in rowhammer-test with bzip2 going from 4 seconds to 5 > >seconds... let me see. > > can you prevent bitflips in this one? >

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

On 29.10.2016 23:05, Pavel Machek wrote: So far I did bzip2 and kernel compilation. I believe I can prevent flips in rowhammer-test with bzip2 going from 4 seconds to 5 seconds... let me see. can you prevent bitflips in this one? https://github.com/IAIK/rowhammerjs/tree/master/native Ok,

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

On 29.10.2016 23:05, Pavel Machek wrote: So far I did bzip2 and kernel compilation. I believe I can prevent flips in rowhammer-test with bzip2 going from 4 seconds to 5 seconds... let me see. can you prevent bitflips in this one? https://github.com/IAIK/rowhammerjs/tree/master/native Ok,

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

Hi! On Sat 2016-10-29 22:05:16, Daniel Gruss wrote: > On 29.10.2016 21:42, Pavel Machek wrote: > >Congratulations. Now I'd like to take away your toys :-). > > I'm would like you to do that, but I'm very confident you're not successful > the way your starting ;) :-). Lets see. > >Not in my

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

Hi! On Sat 2016-10-29 22:05:16, Daniel Gruss wrote: > On 29.10.2016 21:42, Pavel Machek wrote: > >Congratulations. Now I'd like to take away your toys :-). > > I'm would like you to do that, but I'm very confident you're not successful > the way your starting ;) :-). Lets see. > >Not in my

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

On 29.10.2016 21:42, Pavel Machek wrote: Congratulations. Now I'd like to take away your toys :-). I'm would like you to do that, but I'm very confident you're not successful the way your starting ;) Not in my testing. Have you tried music/video reencoding? Games? Anything that works

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

On 29.10.2016 21:42, Pavel Machek wrote: Congratulations. Now I'd like to take away your toys :-). I'm would like you to do that, but I'm very confident you're not successful the way your starting ;) Not in my testing. Have you tried music/video reencoding? Games? Anything that works

Re: Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

Hi! > I think that this idea to mitigate Rowhammer is not a good approach. Well.. it does not have to be good if it is the best we have. > I wrote Rowhammer.js (we published a paper on that) and I had the first > reproducible bit flips on DDR4 at both, increased and default refresh rates >

Re: Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

Hi! > I think that this idea to mitigate Rowhammer is not a good approach. Well.. it does not have to be good if it is the best we have. > I wrote Rowhammer.js (we published a paper on that) and I had the first > reproducible bit flips on DDR4 at both, increased and default refresh rates >

Re: Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

I think that this idea to mitigate Rowhammer is not a good approach. I wrote Rowhammer.js (we published a paper on that) and I had the first reproducible bit flips on DDR4 at both, increased and default refresh rates (published in our DRAMA paper). We have researched the number of cache

Re: Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

I think that this idea to mitigate Rowhammer is not a good approach. I wrote Rowhammer.js (we published a paper on that) and I had the first reproducible bit flips on DDR4 at both, increased and default refresh rates (published in our DRAMA paper). We have researched the number of cache

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

On Fri, Oct 28, 2016 at 08:30:14PM +0200, Pavel Machek wrote: > Would you (or someone) have pointer to good documentation source on > available performance counters? The Intel SDM has a section on them and the AMD Bios and Kernel Developers Guide does too. That is, they contain lists of

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

On Fri, Oct 28, 2016 at 08:30:14PM +0200, Pavel Machek wrote: > Would you (or someone) have pointer to good documentation source on > available performance counters? The Intel SDM has a section on them and the AMD Bios and Kernel Developers Guide does too. That is, they contain lists of

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

On Fri 2016-10-28 16:18:40, Peter Zijlstra wrote: > On Fri, Oct 28, 2016 at 03:05:22PM +0100, Mark Rutland wrote: > > > > > > * the precise semantics of performance counter events varies drastically > > > > across implementations. PERF_COUNT_HW_CACHE_MISSES, might only map to > > > > one

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

On Fri 2016-10-28 16:18:40, Peter Zijlstra wrote: > On Fri, Oct 28, 2016 at 03:05:22PM +0100, Mark Rutland wrote: > > > > > > * the precise semantics of performance counter events varies drastically > > > > across implementations. PERF_COUNT_HW_CACHE_MISSES, might only map to > > > > one

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

Hi! > On Fri, Oct 28, 2016 at 01:21:36PM +0200, Pavel Machek wrote: > > > Has this been tested on a system vulnerable to rowhammer, and if so, was > > > it reliable in mitigating the issue? > > > > > > Which particular attack codebase was it tested against? > > > > I have rowhammer-test here, >

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

Hi! > On Fri, Oct 28, 2016 at 01:21:36PM +0200, Pavel Machek wrote: > > > Has this been tested on a system vulnerable to rowhammer, and if so, was > > > it reliable in mitigating the issue? > > > > > > Which particular attack codebase was it tested against? > > > > I have rowhammer-test here, >

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

On Fri, Oct 28, 2016 at 03:05:22PM +0100, Mark Rutland wrote: > > > > * the precise semantics of performance counter events varies drastically > > > across implementations. PERF_COUNT_HW_CACHE_MISSES, might only map to > > > one particular level of cache, and/or may not be implemented on all

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

On Fri, Oct 28, 2016 at 03:05:22PM +0100, Mark Rutland wrote: > > > > * the precise semantics of performance counter events varies drastically > > > across implementations. PERF_COUNT_HW_CACHE_MISSES, might only map to > > > one particular level of cache, and/or may not be implemented on all

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

Hi, On Fri, Oct 28, 2016 at 01:21:36PM +0200, Pavel Machek wrote: > > Has this been tested on a system vulnerable to rowhammer, and if so, was > > it reliable in mitigating the issue? > > > > Which particular attack codebase was it tested against? > > I have rowhammer-test here, > > commit

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

Hi, On Fri, Oct 28, 2016 at 01:21:36PM +0200, Pavel Machek wrote: > > Has this been tested on a system vulnerable to rowhammer, and if so, was > > it reliable in mitigating the issue? > > > > Which particular attack codebase was it tested against? > > I have rowhammer-test here, > > commit

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

Hi! > I missed the original, so I've lost some context. You can read it on lkml, but I guess you did not lose anything important. > Has this been tested on a system vulnerable to rowhammer, and if so, was > it reliable in mitigating the issue? > > Which particular attack codebase was it tested

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

Hi! > I missed the original, so I've lost some context. You can read it on lkml, but I guess you did not lose anything important. > Has this been tested on a system vulnerable to rowhammer, and if so, was > it reliable in mitigating the issue? > > Which particular attack codebase was it tested

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

Hi, I missed the original, so I've lost some context. Has this been tested on a system vulnerable to rowhammer, and if so, was it reliable in mitigating the issue? Which particular attack codebase was it tested against? On Thu, Oct 27, 2016 at 11:27:47PM +0200, Pavel Machek wrote: > ---

Re: [kernel-hardening] rowhammer protection [was Re: Getting interrupt every million cache misses]

Hi, I missed the original, so I've lost some context. Has this been tested on a system vulnerable to rowhammer, and if so, was it reliable in mitigating the issue? Which particular attack codebase was it tested against? On Thu, Oct 27, 2016 at 11:27:47PM +0200, Pavel Machek wrote: > ---