-
Notifications
You must be signed in to change notification settings - Fork 0
/
notes.txt
31 lines (19 loc) · 2.05 KB
/
notes.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
mmap(NULL, memory_size, PROT_READ | PROT_WRITE,
MAP_POPULATE | MAP_ANONYMOUS | MAP_PRIVATE | MAP_HUGETLB, -1, 0);
MAP_HUGETLB is used to allocate pages of size 2MB: https://www.kernel.org/doc/Documentation/vm/hugetlbpage.txt
need root privelege to configure it
/proc/self/pagemap also needs sudo access
From rowhammer blog:
How can we pick pairs of addresses that satisfy the “different row, same bank” requirements?
One possibility is to use knowledge of how the CPU’s memory controller maps physical addresses to DRAM’s row, column and bank numbers, along with knowledge of either:
The absolute physical addresses of memory we have access to. Linux allows this via /proc/PID/pagemap.
The relative physical addresses of memory we have access to. Linux can allow this via its support for “huge pages”, which cover 2MB of contiguous physical address space per page. Whereas a normal 4k page is smaller than a typical DRAM row, a 2MB page will typically cover multiple rows, some of which will be in the same bank.
Yoongu Kim et al take this approach. They pick Y = X + 8MByte based on knowledge of the physical address mapping used by the memory controllers in Intel and AMD’s CPUs.
-----------------------------------------
Create histogram to figure out latencies of row buffer hits (fast access due to same bank, same row or different banks) and row buffer conflicts (same buffer, different rows) (put latencies into bucket )
This will give you the timings that you need to classify different addresses into either row buffer hit or conflict.
Say you found address X, Y has row buffer conflict. Take address A which has a row buffer hit with X but conflict with Y. This gives you column bit
get the index where either top decile or max appears and use that to create a second address
print the 2 addresses (convert to physical address) and compare the bits and check if it matches the bank address mapping typically used
once that is figured out you can construct any 2 addresses given address n that lie in the same bank but are n + 1 and n - 1 rows away
then hammer