Michael S wrote:
> On Tue, 13 Feb 2024 11:24:10 -0500
> EricP <
ThatWould...@thevillage.com> wrote:
>> Michael S wrote:
>>> On Tue, 13 Feb 2024 00:19:18 +0000
>>>
mitch...@aol.com (MitchAlsup1) wrote:
>>>> RowPress depends on keeping the row open too long--clearly evident
>>>> in the charts in the document.
>>>>
>>> Clarification for casual observers that didn't bother to read Row
>>> Press paper: RowPress attack does not depends on keeping row open
>>> continuously.
>>> Short interruptions actually greatly improve effectiveness of attack
>>> significantly increasing BER for a given duration of attack. After
>>> all, RowPress *is* a variant of RowHammer.
>> RowPress documents that keeping the aggressor row open longer lowers
>> the limit on the adjacent rows before opens (RowHammers) causes bit
>> flips.
>
> Correct, but irrelevant.
It was kinda the whole point of the RowPress paper.
>> Also the paper notes that DRAM manufacturers, eg Micron and
>> Samsung, already document that keeping a row open longer can cause
>> read-disturbance. What's new is the paper documents the interaction
>> between row activation time and the subsequent number of opens
>> (RowHammers) needed to flip a bit.
>>
>
> Correct and relevant, but not to the issue at hand which is criticism
> of Mitch's ideas of mitigation.
>
>> Also note that different bits are susceptible to RowPress and
>> RowHammer. See section 4.3
>>
>> RowPress Amplifying Read Disturbance in Modern DRAM Chips, 2023
>>
https://people.inf.ethz.ch/omutlu/pub/RowPress_isca23.pdf
I just found out that there are two different versions of the RowPress
paper and I was looking at the older one. The updated version is:
RowPress: Amplifying Read Disturbance in Modern DRAM Chips, 2023
https://arxiv.org/pdf/2306.17061.pdf
>>> For a given interruption rate, longer interruptions reduce
>>> effectiveness of attack, but not dramatically so. For example, for
>>> most practically important interruption rate of 128 KHz
>>> (period=7.81 usec) increasing duration of off interval from
>>> absolute minimum allowed by protocol (~50ns) to 2 usec reduces
>>> efficiency of attack only by factor of 2 o 3.
>> Reduced by a factor of up to 363. Under figure 1.
>>
>> "We observe that as tAggON increases, compared to the most effective
>> RowHammer pattern, the most effective Row-Press pattern reduces ACmin
>> 1) by 17.6× on average (up to 40.7×) when tAggON is as large as the
>> refresh interval (7.8 μs),
>> 2) by 159.4× on average (up to 363.8×) when tAggON is 70.2 μs,
>> the maximum allowed tAggON, and
>> 3) down to only one activation for an extreme tAggON of 30 ms
>> (highlighted by dashed red boxes).
>>
>> Also see "Obsv. 1. RowPress significantly reduces ACmin as tAggON
>> increases."
>>
>
> ACmin by itself is a wrong measure of efficiency of attack.
I'm not interested in the efficiency of the attack.
ACmin, the minimum absolute count of opens above which we lose data
is the number I'm interested in.
> The right measure is reciprocal of the total duration of attack.
> At any given duty cycle reciprocal of the total duration of attack
> grows with increased rate of interruptions (a.k.a. hammering rate).
> The general trend is the same as for all other RH variants, the only
> difference that dependency on hammering rate is somewhat weaker.
>
> Relatively weak influence of duty cycle itself is shown in figure 22.
Looking at figure 22 on the arxiv version of the paper,
this is a completely different test. This test was to explain the
discrepancy between the RowPress results and the earlier cited papers.
BER is the fraction of DRAM cells in a DRAM row that experience bitflips.
Its a different measure because RowPress detects when ANY data loss begins,
not the fraction of lost data bits (efficiency) after it kicks in.
Obsv 16 explains it, the BER for the bottom two lines,
which are the ones with a long total tA2A, goes up in all graphs
by between a factor of 10 to about 500, which is the RowPress effect.
To my eye what this test shows is the PRE phase may *heal* some of the
damaging effects that the ACT phase causes, but only to a certain point.
Possibly the PRE phase scavenges the ACT hot injection carriers.
> The practical significance of RowPress is due to two factors.
> (1) is the factor is the one you mentioned above - it can flip
> different bits from those flippable by other RH variants.
> (2) is that it is not affected at all by DDR4 TRR
> attempt of mitigation.
I take away something completely different: there are multiple interacting
error mechanisms at work here. RowHammer and RowPress are likely
completely different physics and fixing one won't fix the other.
It also suggests there may be other similar mechanisms waiting to be found.
> The third, less important factor is that RowPress appears quite robust
> to differences between major manufacturers.
>
> However, one should not overlook that efficiency of RowPress attacks
> when measured by the most important criterion of BER per duration of
> attack is many times lower than earlier techniques of double-sided and
> multi-sided hammering.
For me the BER is irrelevant if it is above 0.0.
I want to know where the errors start which is ACmin.