Rowhammer for ARM

1,225 views
Skip to first unread message

srikan...@gmail.com

unread,
Jan 8, 2016, 5:52:38 AM1/8/16
to rowhammer-discuss
Hi All, 

Is there any support available on ARM from rowhammer team? 

Does anyone ported the current rowhammer to ARM? If yes, can you help in pointing to the code.

Thank you.


sttu...@gmail.com

unread,
Apr 20, 2016, 12:17:10 PM4/20/16
to rowhammer-discuss, srikan...@gmail.com
As far as I understand the Rowhammer Exploit, it won't work on ARM since ARM doesn't have CLFLUSH, which is necessary to run the exploit.

Matthew Hicks

unread,
Apr 20, 2016, 12:22:46 PM4/20/16
to sttu...@gmail.com, rowhammer-discuss, srikan...@gmail.com
Not true. CLFLUSH makes it easier to cause flips, but it is by no
means a necessary condition.

For example, see this paper:
http://www.impedimenttoprogress.com/storage/publications/anvil-software-based.pdf
> --
> You received this message because you are subscribed to the Google Groups
> "rowhammer-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to rowhammer-disc...@googlegroups.com.
> To post to this group, send email to rowhamme...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/rowhammer-discuss/40399754-a4c0-4859-a784-d542756f3365%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

$rik@nth

unread,
Apr 21, 2016, 12:02:53 AM4/21/16
to Matthew Hicks, sttu...@gmail.com, rowhammer-discuss
On Wed, Apr 20, 2016 at 9:52 PM, Matthew Hicks <mdh...@gmail.com> wrote:
> Not true. CLFLUSH makes it easier to cause flips, but it is by no
> means a necessary condition.
What changes can be done over CLFLUSH to make run on ARM aarch?
--
Thanks & Regards,
M.Srikanth Kumar.

jdjd...@gmail.com

unread,
Jun 20, 2016, 10:28:08 AM6/20/16
to rowhammer-discuss
I am also interested in seeing a poc for aarch.

damian.du...@gmail.com

unread,
Sep 2, 2016, 1:08:36 PM9/2/16
to rowhammer-discuss, srikan...@gmail.com
x86's clflush instruction can easily be used to bypass the cache and allow for uncached DRAM access, but It is by no means the only useful instruction. An additional possibility are non-temporal instructions (see: "A New Approch for Rowhammer Attacks").

Fortunately there were no equivalent instruction on ARM which could have been used, but this has changed with ARMv8. ARMv8 introduced non-temporal loads and stores which may be used to archieve the same (see: https://developer.arm.com/docs/den0024/latest/6-the-a64-instruction-set/63-memory-access-instructions/638-non-temporal-load-and-store-pair).

It would be great if anyone can verify this on an ARMv8 devices, e.g. on the ODROID C2 with a recent Linux.

Measuring the cache misses may help during the analysis, since there might be no bit flips on this particular device.

$rik@nth

unread,
Sep 2, 2016, 9:43:43 PM9/2/16
to damian.du...@gmail.com, rowhammer-discuss
Hi, 

I can help in validating the change of anyone can share the necessary changes.

lorde...@gmail.com

unread,
Oct 26, 2016, 3:26:57 AM10/26/16
to rowhammer-discuss, srikan...@gmail.com
Hi all,

There have been a new example of rowhammer on Android and thus arm called Drammer.
Here is the link for more information :
https://www.vusec.net/projects/drammer/
and the paper :
https://vvdveen.com/publications/drammer.pdf
Have a nice day.

$rik@nth

unread,
Nov 25, 2016, 5:49:35 AM11/25/16
to lorde...@gmail.com, rowhammer-discuss
I am unable to cross compile the source using Android toolchain.
Getting below error

help if you can give me some Android.mk file which will be easier.

tools/drammer$ /local/mnt/workspace2/android-ndk-r13b/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/bin/arm-linux-androideabi-g++
-I/local/mnt/workspace2/android-ndk-r13b/sources/cxx-stl/llvm-libc++/include
--sysroot=/local/mnt/workspace2/android-ndk-r13b/platforms/android-24/arch-arm
-std=c++11 -O3 -Wall -I/local/mnt/workspace2/tools/drammer/../include
-c -o rh-test.o rh-test.cc
In file included from rh-test.cc:34:0:
helper.h: In function 'uintptr_t get_phys_addr(uintptr_t)':
helper.h:80:90: warning: format '%p' expects argument of type 'void*',
but argument 2 has type 'uintptr_t {aka unsigned int}' [-Wformat=]
printf("page not present? virtual address: %p | value: %p\n",
virtual_addr, value);

^
helper.h:80:90: warning: format '%p' expects argument of type 'void*',
but argument 3 has type 'uint64_t {aka long long unsigned int}'
[-Wformat=]
helper.h: In function 'uint64_t
compute_median(std::__ndk1::vector<long long unsigned int>&)':
helper.h:89:10: error: invalid use of incomplete type 'class
std::__ndk1::vector<long long unsigned int>'
if (v.size() == 0) return 0;
^
In file included from
/local/mnt/workspace2/android-ndk-r13b/sources/cxx-stl/llvm-libc++/include/iterator:343:0,
from
/local/mnt/workspace2/android-ndk-r13b/sources/cxx-stl/llvm-libc++/include/memory:606,
from
/local/mnt/workspace2/android-ndk-r13b/sources/cxx-stl/llvm-libc++/include/algorithm:634,
from rh-test.cc:17:
/local/mnt/workspace2/android-ndk-r13b/sources/cxx-stl/llvm-libc++/include/iosfwd:200:29:
error: declaration of 'class std::__ndk1::vector<long long unsigned
int>'
class _LIBCPP_TYPE_VIS_ONLY vector;
^
In file included from rh-test.cc:34:0:
helper.h:90:27: error: variable 'std::__ndk1::vector<long long
unsigned int> tmp' has initializer but incomplete type
std::vector<uint64_t> tmp = v;
^

tiemo...@gmail.com

unread,
Jun 29, 2018, 12:57:45 AM6/29/18
to rowhammer-discuss
Boguess 
Reply all
Reply to author
Forward
0 new messages