
Rowhammer-test – Test DRAM for bit flips caused by the rowhammer problem (2015) - based2
https://github.com/google/rowhammer-test
======
r721
Last versions of MemTest86 (>6.0) have Row hammer test too:

"Version 6.0.0 13/Feb/2015

New Features

New "Hammer Test" for detecting disturbance errors caused by charge leakage
when repeatedly accessing addresses in the same memory bank but different rows
in a short period of time."

[http://www.memtest86.com/support/ver_history.htm](http://www.memtest86.com/support/ver_history.htm)

~~~
wolf550e
Even more enhancement in newer versions:

"Version 7.0 20/July/2016

New Features Row Hammer Test (Test 13) now uses double-sided hammering and
random data patterns in an attempt to expose more RAM modules susceptible to
disturbance errors."

------
throwaway41597
Beware that running this will corrupt your RAM, you'll have to reboot.

~~~
r721
And even "cause bit flips in data that gets written back to disc". I think
MemTest86's "create bootable CD/USB for testing" approach is safer.

------
faragon
That's scary. So all DDR3, an probably most DDR4 memories are affected by
that. Anyone knows if ECC is protection enough?

~~~
masklinn
It is not, at least for DDR3: "How Rowhammer Could Be Used to Exploit
Weaknesses in Computer Hardware"[0] tested ECC and rowhammered it.

ECC can only reliably detect single and double-bit errors (in 64bit spans, and
it can only correct single-bit errors), anything beyond that and detection is
up to chance. ECC is a mitigation factor, but ultimately not a protection.

[0]
[http://www.thirdio.com/rowhammer.pdf](http://www.thirdio.com/rowhammer.pdf)

~~~
blockoperation
ECC could also help to raise the alarm when you're under attack – the chances
of flipping enough bits to evade ECC (and have them be the right bits to pull
off your exploit) without getting a few detectable flips in the process must
be quite slim.

~~~
msbarnett
> ECC could also help to raise the alarm when you're under attack – the
> chances of flipping enough bits to evade ECC (and have them be the right
> bits to pull off your exploit) without getting a few detectable flips in the
> process must be quite slim.

I'd strongly suggest reading the linked paper. The upshot is: no, the chances
are actually quite good that ECC won't save you by raising the alarm, because
of the poor job most vendors do of surfacing ECC errors.

------
Retr0spectrum
Roughly how long do I need to run this for to be sure that I'm safe?

------
okket
Last commit: 11 Aug 2015, maybe add (2015) to the headline?

~~~
BoorishBears
That's a stretch...

