DOCSLIB.ORG

ABSTRACT Exploiting Unused Storage Resources to Enhance

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
ABSTRACT Exploiting Unused Storage Resources to Enhance ABSTRACT Exploiting Unused Storage Resources to Enhance Systems’ Energy Efficiency, Performance, and Fault-Tolerance by Hai Huang Chair: Kang G. Shin The invention of better fabrication materials and processes in solid-state devices has led to unprecedented technological breakthroughs in computer hardware. Today’s system software, however, often cannot take full advantage of the hardware’s rapidly improving capabilities, thus resulting in idling resources, e.g., unoccupied memory and disk space. To make hardware operate more efficiently and to reduce the amount of idle resources, this thesis proposes several techniques that can harness such resources to the benefit of users. Although there are many different types of hardware resources, this thesis focuses on the reclamation of idle resources in the storage hierarchy. First, we implemented a pure software technique to reduce the power dissipation of main memory. By aggregating un- mapped and unused memory pages and powering down unused memory ranks, a signifi- cant amount of energy can be saved with little or no performance degradation. Next, we explored several architectural-level solutions that can more aggressively reduce energy, but at the expense of performance. We also developed techniques to exploit unused disk capacity to improve disks’ perfor- mance and energy-efficiency. These techniques are realized in our implementation of the Free Space File System (FS2). Unlike traditional file systems where extra disk space is not used, FS2 actively makes use of it to hold replicas of temporally-related data blocks that were poorly placed by the underlying file system. Using contiguous regions of free disk space to place related data blocks closer to one another enables disk heads to work more efficiently. Free disk space may also be used to enhance the fault-tolerance of disks. The placement of replicas is shown to be critical to both the fault-tolerance and performance of file systems that make use of replicas. However, without a thorough understanding of how disks fail and how data become corrupted when failures occur, good data placement strategies are difficult to devise. We studied a large number of failed disks and analyzed their failure characteristics. This characterization study will help design more fault-tolerant file systems that can take advantage of today’s large capacity hard drives. ii Exploiting Unused Storage Resources to Enhance Systems’ Energy Efficiency, Performance, and Fault-Tolerance by Hai Huang A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy (Computer Science and Engineering) in The University of Michigan 2006 Doctoral Committee: Professor Kang G. Shin, Chair Professor Peter Chen Associate Professor Dawn Tilbury Assistant Professor Jason Flinn c Hai Huang 2006 All Rights Reserved To my parents. ii ACKNOWLEDGEMENTS First, I would like to thank my advisor, Professor Kang G. Shin, for his guidance and support during my six years at U of M. This work would not be possible without his enor- mous amount of patience and understanding, for which, I am deeply grateful. I would also like to thank Professors Peter M. Chen, Jason Flinn, and Dawn Tilbury for serving on my thesis committee. I am most indebted to my parents, my mother Mei L. Jin and my father Yong K. Huang, who have stood by me from the beginning and supported me with unconditional love. During my six years of graduate school, in spite of their long drives across states and some bad weather conditions, they would come and visit me very often, just to encourage me to keep going. This thesis is dedicated to them. I would also like to express my sincere thanks to all my officemates—those who are still here and those who have already left, for their friendship. I would like to especially thank Babu Pillai for his help during my early years in graduate school and collaboration on several projects, John Reumann for being my technical sounding board, Hani Jamjoom, Cheng Jin, Haining Wang, Cong Yu, Zhiheng Wang, Songkuk Kim, Howard Tsai, Mo- hamed El Gendy, Jian Wu, Wei Sun, Zhigang Chen, and Jisoo Yang, just for being good friends. Finally, I would like to thank my fianc´ee, Xiaoyu Jia, for her patience, tolerance, and constant encouragement. Having her with me has made this journey much less painful and a lot more fun. iii TABLE OF CONTENTS DEDICATION ..................................... ii ACKNOWLEDGEMENTS .............................. iii LIST OF TABLES ...................................viii LIST OF FIGURES .................................. x CHAPTERS 1 Introduction ................................. 15 1.1 Resource-RichHardware . 15 1.2 PrimaryResearchContributions. 19 1.2.1 EnergyManagement . 19 1.2.2 PerformanceImprovement . 23 1.2.3 Fault-ToleranceEnhancement. 23 1.3 ThesisOverviewandOrganization . 24 2 Power-AwareVirtualMemory . 26 2.1 Motivation.............................. 26 2.2 MemorySystemModel . 27 2.2.1 DynamicRandomAccessMemory . 28 2.2.2 Double-DataRateDRAM . 29 2.3 Power-AwareVirtualMemory. 32 2.3.1 TrackingActiveRanks . 33 2.3.2 ReducingActiveSetSize . 34 2.3.3 ANUMAManagementLayer . 35 2.3.4 HidingLatency ....................... 36 2.4 PAVMImplementation . 38 2.4.1 InitialImplementation. 38 2.4.2 SharedMemoryIssues . 40 2.4.3 AggregationofSharedLibraries . 42 2.4.4 PageMigration ....................... 44 2.4.5 ReducingMigrationOverhead . 46 2.5 Evaluation.............................. 47 iv 2.5.1 SimulationSetup . 48 2.5.2 SPECBenchmarks . 49 2.5.3 PowerManagementTechniques . 51 2.5.4 Results............................ 52 2.6 Discussion:DMAandKernelThreads . 56 2.7 Conclusions ............................. 57 3 Software-Directed Memory Power Management . .. 59 3.1 Motivation.............................. 59 3.2 Overview .............................. 60 3.3 PMUArchitecture.......................... 61 3.3.1 DesignofaContext-AwarePMU . 64 3.3.2 CooperationwithPAVM . 67 3.3.3 Summary .......................... 67 3.4 Evaluation.............................. 68 3.4.1 SyntheticWorkload . 68 3.4.2 SPECBenchmarks . 74 3.4.3 SensitivityAnalysis . 78 3.5 Conclusions ............................. 79 4 ActiveMemory-TrafficReshaping. 81 4.1 Motivation.............................. 81 4.2 MemoryInterleaving . 82 4.3 Activevs.PassivePowerManagement . 84 4.4 MemoryTrafficReshaping . 86 4.4.1 HotRanksandColdRanks . 87 4.4.2 ReducingMigrationOverhead . 88 4.4.3 Implementation . 90 4.5 Evaluation.............................. 90 4.5.1 RankInterleaving . 91 4.5.2 MemoryTrafficReshaping . 93 4.6 Conclusions ............................. 97 5 FS2:FreeSpaceFileSystem. 98 5.1 Motivation.............................. 98 5.1.1 MotivatingExample. 99 5.1.2 DynamicManagementofDiskLayout . 101 5.2 Background .............................104 5.2.1 MechanicalComponents . .104 5.2.2 ControllerComponents . .107 5.2.3 Performance, Fault-Tolerance, and Power . 107 5.3 Design................................109 5.3.1 AvailabilityofFreeDiskSpace . 110 5.3.2 BlockReplication . .112 5.3.3 KeepingTrackofReplicas . .113 v 5.4 Prototype ..............................115 5.4.1 BlockDeviceImplementation . 115 5.4.2 FileSystemImplementation . 118 5.4.3 User-levelTools. .119 5.5 ExperimentalEvaluation . .120 5.5.1 ExperimentalSetup . .121 5.5.2 EvaluationMethodology . .121 5.5.3 TheTPC-WBenchmark . .124 5.5.4 CVS.............................132 5.5.5 StartingXServerandKDE . .133 5.5.6 SURGE ...........................134 5.6 Discussion..............................135 5.6.1 DegreeofReplication. .135 5.6.2 ReducingReplicationOverhead . 136 5.6.3 Multi-DiskIssues . .136 5.6.4 JournalingFileSystem . .137 5.7 Conclusions .............................137 6 DiskFailureCharacterization . 139 6.1 Motivation..............................139 6.2 ProbingforPhysicalGeometry . .142 6.3 ACaseStudyofFailedDisks . .145 6.3.1 Overview ..........................146 6.3.2 IBMDeskstar75GXP. .148 6.3.3 IBMUltrastar36LZX. .155 6.3.4 WesternDigitalCaviar205BA . 157 6.3.5 WesternDigitalCaviarWD400BB . 158 6.3.6 Maxtor4K020H1 . .159 6.3.7 QuantumFireballLCT10 . .160 6.3.8 QuantumFireballCX10.2A. .162 6.4 Conclusions .............................163 7 RelatedWork.................................165 7.1 Energy................................165 7.1.1 Microprocessor . .165 7.1.2 Disk .............................166 7.1.3 Memory...........................166 7.1.4 WirelessDevice. .168 7.1.5 System............................168 7.2 Performance .............................169 7.2.1 Microprocessor . .169 7.2.2 Disk .............................169 7.2.3 GraphicsProcessor . .171 7.3 Fault-Tolerance . .. .. .. .. .. .. .. .172 7.3.1 Disk .............................172 vi 8 ConclusionsandFutureWork . .173 8.1 Conclusions .............................173 8.2 FutureWork .............................174 BIBLIOGRAPHY ...................................176 vii LIST OF TABLES Table 1.1 Processortrend[95]. ............................. 16 1.2 DRAMtrend[95]. .............................. 16 1.3 Magneticdisktrend[95]. 17 1.4 LocalAreaNetworktrend[95].. .. 17 2.1 A snapshot of processes’ rank usage pattern using the primitive implemen- tation of PAVM. The notation a(b) indicates a process has b pages allocated on an active rank a............................... 41 2.2 EffectofaggregatingpagesusedbyDLLs.. ..... 43 2.3 EffectofDLLaggregationwithpagemigration. ....... 45 2.4 System parameters used in Mambo. All cache lines are 128 Byteslong. 49 2.5 Summary of the low memory-intensive and high memory-intensive work- loads.
Load more

Recommended publications
  • Bundling Spatially Correlated Prefetches for Improved Main Memory Row Buffer Locality
    Bundling Spatially Correlated Prefetches for Improved Main Memory Row Buffer Locality by Patrick Judd A thesis submitted in conformity with the requirements for the degree of Master of Applied Science Graduate Department of Electrical and Computer Engineering University of Toronto © Copyright by Patrick Judd 2014 Bundling Spatially Correlated Prefetches for Improved Main Memory Row Buffer Locality Patrick Judd Masters of Applied Science Graduate Department of Electrical and Computer Engineering University of Toronto 2014 Abstract Row buffer locality is a consequence of programs ’ inherent spatial locality that the memory system can easily exploit for significant performance gains and power savings. However, as the number of cores on a chip increases, request streams become interleaved more frequently and row buffer locality is lost. Prefetching can help mitigate this effect, but more spatial locality remains to be recovered. In this thesis we propose Prefetch Bundling, a scheme which tags spatially correlated prefetches with information to allow the memory controller to prevent prefetches from becoming interleaved. We evaluate this scheme with a simple scheduling policy and show that it improves the row hit rate by 11%. Unfortunately, the simplicity of the scheduling policy does not translate these row hits to improved performance or power savings. However, future work may build on this framework and develop more balanced policies that leverage the row locality of Prefetch Bundling. ii Acknowledgments There are many people to thank as I reflect back on my Master’s degree. First and foremost I must thank my supervisor, Andreas Moshovos, for his support, confidence in my abilities, and most of all for his ability to keep me grounded during stressful and trying times.
    [Show full text]
  • PC Hardware Contents
    PC Hardware Contents 1 Computer hardware 1 1.1 Von Neumann architecture ...................................... 1 1.2 Sales .................................................. 1 1.3 Different systems ........................................... 2 1.3.1 Personal computer ...................................... 2 1.3.2 Mainframe computer ..................................... 3 1.3.3 Departmental computing ................................... 4 1.3.4 Supercomputer ........................................ 4 1.4 See also ................................................ 4 1.5 References ............................................... 4 1.6 External links ............................................. 4 2 Central processing unit 5 2.1 History ................................................. 5 2.1.1 Transistor and integrated circuit CPUs ............................ 6 2.1.2 Microprocessors ....................................... 7 2.2 Operation ............................................... 8 2.2.1 Fetch ............................................. 8 2.2.2 Decode ............................................ 8 2.2.3 Execute ............................................ 9 2.3 Design and implementation ...................................... 9 2.3.1 Control unit .......................................... 9 2.3.2 Arithmetic logic unit ..................................... 9 2.3.3 Integer range ......................................... 10 2.3.4 Clock rate ........................................... 10 2.3.5 Parallelism .........................................
    [Show full text]
  • Bundling Spatially Correlated Prefetches for Improved Main Memory Row Buffer Locality
    Bundling Spatially Correlated Prefetches for Improved Main Memory Row Buffer Locality by Patrick Judd A thesis submitted in conformity with the requirements for the degree of Master of Applied Science Graduate Department of Electrical and Computer Engineering University of Toronto © Copyright by Patrick Judd 2014 Bundling Spatially Correlated Prefetches for Improved Main Memory Row Buffer Locality Patrick Judd Masters of Applied Science Graduate Department of Electrical and Computer Engineering University of Toronto 2014 Abstract Row buffer locality is a consequence of programs ’ inherent spatial locality that the memory system can easily exploit for significant performance gains and power savings. However, as the number of cores on a chip increases, request streams become interleaved more frequently and row buffer locality is lost. Prefetching can help mitigate this effect, but more spatial locality remains to be recovered. In this thesis we propose Prefetch Bundling, a scheme which tags spatially correlated prefetches with information to allow the memory controller to prevent prefetches from becoming interleaved. We evaluate this scheme with a simple scheduling policy and show that it improves the row hit rate by 11%. Unfortunately, the simplicity of the scheduling policy does not translate these row hits to improved performance or power savings. However, future work may build on this framework and develop more balanced policies that leverage the row locality of Prefetch Bundling. ii Acknowledgments There are many people to thank as I reflect back on my Master’s degree. First and foremost I must thank my supervisor, Andreas Moshovos, for his support, confidence in my abilities, and most of all for his ability to keep me grounded during stressful and trying times.
    [Show full text]
  • Are We Susceptible to Rowhammer? an End-To-End Methodology for Cloud Providers
    Are We Susceptible to Rowhammer? An End-to-End Methodology for Cloud Providers Lucian Cojocar, Jeremie Kimxy, Minesh Patelx, Lillian Tsaiz, Stefan Saroiu, Alec Wolman, and Onur Mutluxy Microsoft Research, xETH Zurich,¨ yCMU, zMIT Abstract—Cloud providers are concerned that Rowhammer poses vendors claim that their memory is safe against Rowhammer a potentially critical threat to their servers, yet today they lack a attacks; these claims are delivered to cloud providers with each systematic way to test whether the DRAM used in their servers is new DRAM feature: DDR4 [77], ECC-equipped DRAM [33], vulnerable to Rowhammer attacks. This paper presents an end- to-end methodology to determine if cloud servers are susceptible [31], and TRR-equipped DRAM [81], [33]. There is a large to these attacks. With our methodology, a cloud provider can gap between a proof-of-concept exploit carried out in a re- construct worst-case testing conditions for DRAM. search lab and an actual attack in the wild. In fact, no evidence We apply our methodology to three classes of servers from a indicates that Rowhammer attacks have been carried out in major cloud provider. Our findings show that none of the CPU practice. In the absence of attacks in the wild, one could easily instruction sequences used in prior work to mount Rowhammer attacks create worst-case DRAM testing conditions. To address dismiss Rowhammer as a credible threat. this limitation, we develop an instruction sequence that lever- This confusion is further fed by the lack of a system- ages microarchitectural side-effects to “hammer” DRAM at a atic methodology to test for Rowhammer.
    [Show full text]
  • Defeating Software Mitigations Against Rowhammer Tatar, Andrei; Giuffrida, Cristiano; Bos, Herbert; Razavi, Kaveh
    VU Research Portal Defeating software mitigations against rowhammer Tatar, Andrei; Giuffrida, Cristiano; Bos, Herbert; Razavi, Kaveh published in Research in Attacks, Intrusions, and Defenses 2018 DOI (link to publisher) 10.1007/978-3-030-00470-5_3 document version Publisher's PDF, also known as Version of record document license Article 25fa Dutch Copyright Act Link to publication in VU Research Portal citation for published version (APA) Tatar, A., Giuffrida, C., Bos, H., & Razavi, K. (2018). Defeating software mitigations against rowhammer: A surgical precision hammer. In M. Bailey, S. Ioannidis, M. Stamatogiannakis, & T. Holz (Eds.), Research in Attacks, Intrusions, and Defenses: 21st International Symposium, RAID 2018, Proceedings (pp. 47-66). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11050). Springer/Verlag. https://doi.org/10.1007/978-3-030-00470-5_3 General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal ? Take down policy If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim.
    [Show full text]
  • Defeating Software Mitigations Against Rowhammer Tatar, Andrei; Giuffrida, Cristiano; Bos, Herbert; Razavi, Kaveh
    VU Research Portal Defeating software mitigations against rowhammer Tatar, Andrei; Giuffrida, Cristiano; Bos, Herbert; Razavi, Kaveh published in Research in Attacks, Intrusions, and Defenses 2018 DOI (link to publisher) 10.1007/978-3-030-00470-5_3 document version Publisher's PDF, also known as Version of record document license Article 25fa Dutch Copyright Act Link to publication in VU Research Portal citation for published version (APA) Tatar, A., Giuffrida, C., Bos, H., & Razavi, K. (2018). Defeating software mitigations against rowhammer: A surgical precision hammer. In M. Bailey, S. Ioannidis, M. Stamatogiannakis, & T. Holz (Eds.), Research in Attacks, Intrusions, and Defenses: 21st International Symposium, RAID 2018, Proceedings (pp. 47-66). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11050). Springer/Verlag. https://doi.org/10.1007/978-3-030-00470-5_3 General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal ? Take down policy If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim.
    [Show full text]
  • On the Viability of Memory Forensics in Compromised Environments
    On the Viability of Memory Forensics in Compromised Environments Zur Praktikabilit¨atvon Hauptspeicherforensik in kompromittierten Umgebungen Der Technischen Fakult¨atder Friedrich-Alexander-Universit¨at Erlangen-N¨urnberg zur Erlangung des Grades DOKTOR-INGENIEUR vorgelegt von Johannes Stuettgen aus Herdecke Als Dissertation genehmigt von der Technischen Fakult¨atder Friedrich-Alexander-Universit¨at Erlangen-N¨urnberg Tag der m¨undlichen Pr¨ufung: 28.05.2015 Vorsitzende des Promotionsorgans: Prof. Dr.-Ing. habil. Marion Merklein Gutachter: Prof. Dr.-Ing. Felix Freiling Prof. Dr. Michael Meier Abstract Memory forensics has become a powerful tool for the detection and analysis of ma- licious software. It provides investigators with an impartial view of a system, expos- ing hidden processes, threads, and network connections, by acquiring and analyzing physical memory. Because malicious software must be at least partially resident in memory in order to execute, it cannot remove all its traces from RAM. However, the memory acquisition process is vulnerable to subversion in compromised envi- ronments. Malicious software can employ anti-forensic techniques to intercept the acquisition and filter memory contents while they are copied. In this thesis, we analyze 12 popular memory acquisition tools for Windows, Linux, and Mac OS X, and study their implementation in regard to how they enumerate and map memory. We find that all of the analyzed programs use the operating system to perform these tasks, and further illustrate this by implementing an open source memory acquisition framework for Mac OS X. In a survey of kernel rootkit techniques, that prevent or filter physical memory access, we show that all 12 tested programs are vulnerable to anti-forensics, because they rely on the operating system for critical functions.
    [Show full text]
  • (12) United States Patent (10) Patent No.: US 8,171,377 B2 Dell Et Al
    US008171377B2 (12) United States Patent (10) Patent No.: US 8,171,377 B2 Dell et al. (45) Date of Patent: May 1, 2012 (54) SYSTEM TO IMPROVE MEMORY 6.732,289 B1 5/2004 Talagala et al. ................... T14?6 RELIABILITY AND ASSOCATED METHODS 6.738,947 B1* 5/2004 Maeda ......... T14f785 6.851,086 B2 2/2005 Szymanski ........ T14f781 7,017,099 B2 3/2006 Micheloni et al. ............ 714/752 (75) Inventors: Timothy J. Dell, Colchester, VT (US); 7,047.478 B2 5/2006 Gregorietal. ... 714,773 Luis A. Lastras-Montano, Cortlandt 7,100,096 B2 8/2006 Webb, Jr. et al. ............... 714.52 Manor, NY (US); Barry M. Trager, 7,117,421 B1 10/2006 Danilak .. T14f763 Yorktown Heights, NY (US); Shmuel 7.356,753 B2 * 4/2008 Chen ............................. 714/755 Winograd, Scarsdale, NY (US) (Continued) (73) Assignee: International Business Machines FOREIGN PATENT DOCUMENTS Corporation, Armonk, NY (US) JP 100911394 4f1998 WO WO2005062478 A1 7/2005 (*) Notice: Subject to any disclaimer, the term of this patent is extended or adjusted under 35 OTHER PUBLICATIONS U.S.C. 154(b) by 1127 days. IEEE (Signal Processing Systems Design and Implementation, SIPS 06), Wei Liu et al., “Low-Power High-Throughput BCH Error Cor (21) Appl. No.: 12/023,374 rection VLSI Design for Multi-Level Cell NAND Flash Memories”, pp. 303-308, Oct. 2006. (22) Filed: Jan. 31, 2008 (Continued) (65) Prior Publication Data Primary Examiner — Fritz Alphonse US 2010/0287.445A1 Nov. 11, 2010 (74) Attorney, Agent, or Firm — Ido Tuchman (51) Int. Cl. GI IC 29/00 (2006.01) (57) ABSTRACT (52) U.S.
    [Show full text]
  • Oracle® Spatial and Graph Map Visualization Developer's Guide
    Oracle® Spatial and Graph Map Visualization Developer's Guide 18c E87774-01 February 2018 Oracle Spatial and Graph Map Visualization Developer's Guide, 18c E87774-01 Copyright © 2001, 2018, Oracle and/or its affiliates. All rights reserved. Primary Author: Chuck Murray Contributors: Joao Paiva, L.J. Qian, Jayant Sharma, Honglei Zhu This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency- specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs.
    [Show full text]
  • Exploiting the DRAM Rowhammer Bug to Gain Kernel Privileges
    Exploiting the DRAM rowhammer bug to gain kernel privileges Mark Seaborn, sandbox builder and breaker with contributions by Thomas Dullien, reverse engineer 9th March 2015 This article was originally published on the Google Project Zero blog. Contents Overview Introduction to the rowhammer problem Refining the selection of addresses to hammer Using the physical address mapping Random address selection Selecting addresses using timing Double­sided hammering Exploiting rowhammer bit flips NaCl sandbox escape Kernel privilege escalation Break it down: exploit steps Exploiting write access to page tables Routes for causing row hammering Experimental results Testing your own machine Mitigations Targeted refreshes of adjacent rows BIOS updates and increasing refresh rates Monitoring for row hammering using perf counters On disclosures On exploitability of bugs On vulnerability of machines Conclusion Credits Overview “Rowhammer” is a problem with some recent DRAM devices in which repeatedly accessing a row of memory can cause bit flips in adjacent rows. We tested a selection of laptops and found that a subset of them exhibited the problem. We built two working privilege escalation exploits that use this effect. One exploit uses rowhammer­induced bit flips to gain kernel privileges on x86­64 Linux when run as an unprivileged userland process. When run on a machine vulnerable to the rowhammer problem, the process was able to induce bit flips in page table entries (PTEs). It was able to use this to gain write access to its own page table, and hence gain read­write access to all of physical memory. We don’t know for sure how many machines are vulnerable to this attack, or how many existing vulnerable machines are fixable.
    [Show full text]
  • (12) Patent Application Publication (10) Pub. No.: US 2010/0293438 A1 Lastras-Montano Et Al
    US 2010O293438A1 (19) United States (12) Patent Application Publication (10) Pub. No.: US 2010/0293438 A1 Lastras-Montano et al. (43) Pub. Date: Nov. 18, 2010 (54) SYSTEM TO IMPROVE ERROR (73) Assignee: INTERNATIONAL BUSINESS CORRECTION USING VARIABLE LATENCY MACHINES CORPORATION, AND ASSOCATED METHODS Armonk, NY (US) (21) Appl. No.: 12/023.546 (75) Inventors: Luis A. Lastras-Montano, 1-1. Cortlandt Manor, NY (US); Piyush (22) Filed: Jan. 31, 2008 C. Patel, Cary, NC (US); Eric E. Publication Classification Retter, Austin, TX (US); Barry M. (51) Int. Cl. Trager, Yorktown Heights, NY H03M, 3/05 (2006.01) S. Mits; Snmuel WAEaWinograd, Cary, G06F II/It (2006.01) Scarsdale, NY (US); Kenneth L. (52) U.S. Cl. .................. 714/763; 714/E11.034; 714/785 Wright, Austin, TX (US) (57) ABSTRACT A system to improve error correction may include a fast Correspondence Address: decoder to process data packets until the fast decoder finds an IBM CORPORATION uncorrectable error in a data packet at which point a request ROCHESTER PLAW DEPT.917 for at least two data packets is generated. The system may also 3605 HIGHWAY 52 NORTH include a slow decoder to possibly correct the uncorrectable ROCHESTER, MN 55901-7829 (US) error in a data packet based upon the at least two data packets. 812 CHANNEL BUFFER FAST DECODER MARKING INFO SCORE 802- NEW ERROR CE, NCSE MARKING MARKING INFO LOCATION AND ENSUEFA INFO PREPROCESSING 804 MAGNITUDE CALCULATION MODIFIED COMPUTATION so 806 SYNDROME Eir ERROR 72B SYNDROME COMPUTATION MAGNITUDE CEON GENERATION COMPUTATION OPTIONAL FOR KNOWN SYNDROME LOCATIONS 811 BYPASS 807 SYNDROME BYPASS SELECT Patent Application Publication Nov.
    [Show full text]
  • Comptia® A+ Core 1 (220-1001) and Core 2 (220-1002) Cert Guide Fifth Edition
    CompTIA® A+ Core 1 (220-1001) and Core 2 (220-1002) Cert Guide Fifth Edition Rick McDonald CompTIA® A+ Core 1 (220-1001) and Core 2 (220-1002) Cert Guide Editor-in-Chief Fifth Edition Mark Taub Rick McDonald Product Line Manager Copyright © 2020 Pearson Education, Inc. Brett Bartow Published by: Pearson Education Acquisitions Editor 221 River Street Paul Carlstroem Hoboken, NJ 07030 Managing Editor All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any Sandra Schroeder information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review. Development Editor Christopher Cleveland ISBN-13: 978-0-7897-6051-7 ISBN-10: 0-7897-6051-7 Project Editor Library of Congress Control Number: 2019908201 Mandie Frank ScoutAutomatedPrintCode Copy Editor Kitty Wilson Warning and Disclaimer This book is designed to provide information about the CompTIA Core 1 (220-1001) and Technical Editors Core 2 (220-1002) A+ exams. Every effort has been made to make this book as complete and Chris Crayton accurate as possible, but no warranty or fi tness is implied. The information provided is on an “as is” basis. The author and the publisher shall have neither liability nor responsibility to any Editorial Assistant person or entity with respect to any loss or damages arising from the information contained in Cindy Teeters this book or from the use of the supplemental online content or programs accompanying it. Microsoft and/or its respective suppliers make no representations about the suitability Designer of the information contained in the documents and related graphics published as part of Chuti Prasertsith the services for any purpose all such documents and related graphics are provided “as is” without warranty of any kind.
    [Show full text]