Feasibility of Row-hammering a Raspberry Pi

[Andrew Nguyen]

Hi,

I am a software engineering student at the University of Adelaide and am attempting to rowhammer the DRAM of a Raspberry Pi model B. 

Our initial program that is based of the strategy used by the google/rowhammer-test is failing to induce bit-flips. 

My question is, is it even possible to rowhammer on the ARM architecture? or any other insights into the matter would also be helpful.

Kind Regards,

Andrew

[Mark Seaborn]

32-bit ARM has a cache-line-flush instruction that you can use instead of x86's CLFLUSH.  However, it's not usable from userland processes.  So you might want to try writing a small kernel module that tries to do row hammering using this instruction, using random address selection.

If you try that, you should check how many memory accesses you can do per 64ms refresh period.  It might be that ARM's cache-line-flush instruction slows down memory accesses more than x86's CLFLUSH does.

Cheers,

Mark

[4449...@qq.com]

I thought Raspberry Pi only contains DDR2, in order to get rowhammer happen, perhaps you wanna use DDR3 memory. What do you think?

在 2015年10月28日星期三 UTC-4下午11:08:23，Andrew Nguyen写道：