Reply to post: Address mapping

Oh, great, now there's a SECOND remote Rowhammer exploit

Anonymous Coward
Anonymous Coward

Address mapping

Anyone like to 'speculate' on how easy it is for the remote code to find relevant chunks of DRAM where an undetected (never mind uncorrected) bit flip might lead to an actual visible security risk?

Now rewire the address bus between processor and DRAM, e.g. renumber the address lines. The processor doesn't care, it writes to an address and gets the same data back, just as it always did. The board level design might have to care, (e.g. DMA-capable stuff if there is any).

Now make that address bus rewiring programmable (e.g. selectable at power-up time), so that e.g. any given OS kernel address may map to different DRAM rows and columns depending on the direction of the wind or whatever.

Now what are the odds that Rowhammer-style attacks are meaningful? Genuine question, all valid and trustworthy input gratefully received.

Back in the days of 2708->2764 eproms and things like DataIO programmers, this effect was frequently achieved unintentionally at one place I knew, when the in-house programming software had forgotten to account for the non-standard use of address line numbering on their system designs. All the stuff was programmed correctly, it just wasn't in the correct order (to paraphrase).

Might something similar be relevant here (considering DRAM address lines instead of EPROM)?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon