The RowHammer Problem and Other Issues We May Face as Memory Becomes Denser Onur Mutlu ETH Zurich¨ [email protected] https://people.inf.ethz.ch/omutlu Abstract—As memory scales down to smaller technology nodes, failure mechanisms emerge that threaten its correct operation. If such new failure mechanisms emerge that threaten its correct op- failure mechanisms are not anticipated and corrected, they can not eration. If such failure mechanisms are not anticipated and only degrade system reliability and availability, but also, perhaps corrected, they can not only degrade system reliability and even more importantly, open up security vulnerabilities: a malicious availability but also, perhaps even more importantly, open up attacker can exploit the exposed failure mechanism to take over the security vulnerabilities: a malicious attacker can exploit the entire system. As such, new failure mechanisms in memory can exposed failure mechanism to take over the entire system. As become practical and significant threats to system security. such, new failure mechanisms in memory can become practical We first discuss the RowHammer problem in DRAM, as a prime and significant threats to system security. example of such a failure mechanism. We believe RowHammer is In this work, we discuss the RowHammer problem in DRAM, the first demonstration of how a circuit-level failure mechanism which is a prime (and perhaps the first) example of how a in DRAM can cause a practical and widespread system security circuit-level failure mechanism in DRAM can cause a practical vulnerability (SectionII). After analyzing RowHammer in detail, we and widespread system security vulnerability. RowHammer, as describe solutions to it (Section II-C). We then turn our attention it is popularly referred to, is the phenomenon that repeatedly to other vulnerabilities that may be present or become present in accessing a row in a modern DRAM chip causes bit flips in DRAM and other types of memories (Section III), e.g., NAND flash physically-adjacent rows at consistently predictable bit locations. memory or Phase Change Memory, that can potentially threaten the It is caused by a hardware failure mechanism called DRAM foundations of secure systems, as the memory technologies scale disturbance errors, which is a manifestation of circuit-level cell- to higher densities. We conclude by describing and advocating a to-cell interference in a scaled memory technology. Researchers principled approach to memory reliability and security research that from Google Project Zero recently demonstrated that this hard- can enable us to better anticipate and prevent such vulnerabilities ware failure mechanism can be effectively exploited by user-level (SectionIV). programs to gain kernel privileges on real systems. Several other recent works demonstrated other practical attacks exploiting RowHammer. These include remote takeover of a server vul- II. THE ROWHAMMER PROBLEM nerable to RowHammer, takeover of a victim virtual machine by another virtual machine running on the same system, and Memory isolation is a key property of a reliable and secure takeover of a mobile device by a malicious user-level application computing system. An access to one memory address should not have that requires no permissions. unintended side effects on data stored in other addresses. However, as We analyze the root causes of the RowHammer problem process technology scales down to smaller dimensions, memory chips and examine various solutions. We also discuss what other become more vulnerable to disturbance, a phenomenon in which vulnerabilities may be lurking in DRAM and other types of different memory cells interfere with each others’ operation. We have memories, e.g., NAND flash memory or Phase Change Memory, shown, in our ISCA 2014 paper [53], the existence of disturbance that can potentially threaten the foundations of secure systems, as errors in commodity DRAM chips that are sold and used in the field the memory technologies scale to higher densities. We conclude today. Repeatedly reading from the same address in DRAM could by describing and advocating a principled approach to memory corrupt data in nearby addresses. Specifically, when a DRAM row reliability and security research that can enable us to better is opened (i.e., activated) and closed (i.e., precharged) repeatedly anticipate and prevent such vulnerabilities. (i.e., hammered), enough times within a DRAM refresh interval, one or more bits in physically-adjacent DRAM rows can be flipped I. INTRODUCTION to the wrong value. This DRAM failure mode is now popularly called RowHammer [55, 99,1,2, 57, 10, 33, 89, 90, 13, 86, 98]. Memory is a key component of all modern computing systems, Using an FPGA-based experimental DRAM testing infrastructure, often determining the overall performance, energy efficiency, and which we originally developed for testing retention time issues in reliability characteristics of the entire system. The push for increasing DRAM [69],1 we tested 129 DRAM modules manufactured by the density of modern memory technologies via technology scaling, three major manufacturers (A, B, C) in seven recent years (2008– which has resulted in higher capacity (i.e., density) memory and 2014) and found that 110 of them exhibited RowHammer errors, the storage at lower cost, has enabled large leaps in the performance earliest of which dates back to 2010. This is illustrated in Figure1, of modern computers [77]. This positive trend is clearly visible which shows the error rates we found in all 129 modules we tested in especially the dominant main memory and solid-state storage where modules are categorized based on manufacturing date.2 In technologies of today, i.e., DRAM [62, 28] and NAND flash mem- particular, all DRAM modules from 2012–2013 were vulnerable to ory [16], respectively. Unfortunately, the same push has also greatly RowHammer, indicating that RowHammer is a recent phenomenon decreased the reliability of modern memory technologies, due to affecting more advanced process technology generations. the increasingly smaller memory cell size and increasingly smaller amount of charge that is maintainable in the cell, which makes the memory cell much more vulnerable to various failure mechanisms 1This infrastructure is currently released to the public, and is described in and noise and interference sources, both in DRAM [69, 53, 46, 45] detail in our HPCA 2017 paper [39]. The infrastructure has enabled many and NAND flash [16, 20, 19, 22, 24, 17, 18, 23, 21, 72]. studies [63, 69, 53, 39, 28, 47, 46, 84, 48] into the failure and performance In this work, and the associated invited special session talk, characteristics of modern DRAM, which were previously not well understood. we discuss the effects of reduced memory reliability on system 2Test details and experimental setup, along with a listing of all modules security. As memory scales down to smaller technology nodes, new and their characteristics, are reported in our original RowHammer paper [53]. 1 A Modules B Modules C Modules 6 in the victim virtual machine’s memory space [86]. Or, a malicious 10 application that requires no permissions can take control of a mobile 105 device by exploiting RowHammer, as demonstrated in real Android devices [98]. Or, an attacker can gain arbitrary read and write access 104 in a web browser by exploiting RowHammer together with memory Cells deduplication, as demonstrated on a real Microsoft Windows 10 9 103 system [13]. As such, the RowHammer problem has widespread 10 2 and profound real implications on system security, threatening the 10 foundations of memory isolation on top of which modern system 101 security principles are built. As described above, RowHammer has recently been the subject of Errors per 100 many popular analyses and discussions on hardware-induced security problems [55, 99,1,2, 35, 57, 10, 33, 98, 86, 13, 90] as well as the 0 prime vulnerability exploited by various software-level attacks that 2008 2009 2010 2011 2012 2013 2014 rely on no permissions or software vulnerabilities [33, 98, 86, 13]. Module Manufacture Date As a result of the severity of the security problem, several major system manufacturers increased DRAM refresh rates to reduce the Fig. 1: RowHammer error rate vs. manufacturing dates of 129 DRAM probability of occurrence of RowHammer [9, 40, 67, 32]. And, modules we tested (reproduced from [53]). multiple memory test programs have been augmented to test for RowHammer errors [80,8, 98]. Unfortunately, some recent reports suggest that even state-of-the-art DDR4 DRAM chips are vulnerable to RowHammer [57], which suggests that the security vulnerabilities A. User-Level RowHammer might continue in the current generation of DRAM chips as well. We have also demonstrated that a very simple user-level pro- As such, it is critical to investigate solutions to the RowHammer gram [53,3] can reliably and consistently induce RowHammer vulnerability. errors in three commodity AMD and Intel systems using vulnerable C. Solutions to RowHammer DRAM modules. We released the source code of this program [3], which Google Project Zero later enhanced [4]. Using our user- Given that it is such a critical vulnerability, it is important to find level RowHammer test program, we showed that RowHammer errors both immediate and long-term solutions to the RowHammer problem violate two invariants that memory should provide: (i) a read access (as well as related problems that might cause similar vulnerabilities). should not modify data at any address and (ii) a write access should The goal of the immediate solutions is to ensure that existing systems modify data only at the address that it is supposed to write to. As are patched such that the vulnerable DRAM devices that are already long as a row is repeatedly opened, both read and write accesses in the field cannot be exploited. The goal of the long-term solutions can induce RowHammer errors, all of which occur in rows other is to ensure that future DRAM devices do not suffer from the than the one that is being accessed.