Rowhammer attacks that corrupt level-1 page tables to gain kernel privilege are the most detrimental to system security and hard to mitigate. However, recently proposed software-only mitigations are not effective against such kernel privilege escalation attacks. In this paper, we propose an effective and practical software-only defense, called SoftTRR, to protect page tables from all existing rowhammer attacks on x86. The key idea of SoftTRR is to refresh the rows occupied by page tables when a suspicious rowhammer activity is detected. SoftTRR is motivated by DRAM-chip-based target row refresh (ChipTRR) but eliminates its main security limitation (i.e., ChipTRR tracks a limited number of rows and thus can be bypassed by many-sided hammer). Specifically, SoftTRR protects an unlimited number of page tables by tracking memory accesses to the rows that are in close proximity to page-table rows and refreshing the page-table rows once the tracked access count exceeds a pre-defined threshold. We implement a prototype of SoftTRR as a loadable kernel module, and evaluate its security effectiveness, performance overhead, and memory consumption. The experimental results show that SoftTRR protects page tables from real-world rowhammer attacks and incurs small performance overhead as well as memory cost.

中文翻译：

---

SoftTRR：使用纯软件目标行刷新保护页表免受RowHammer攻击

破坏1级页表以获得内核特权的Rowhammer攻击对系统安全性最不利，并且难以缓解。但是，最近提出的仅软件缓解措施对这种内核特权升级攻击无效。在本文中，我们提出了一种有效且实用的纯软件防御，称为SoftTRR，以保护页表免受x86上所有现有的行锤式攻击。SoftTRR的关键思想是在检测到可疑的rowhammer活动时刷新页表占用的行。SoftTRR受基于DRAM芯片的目标行刷新（ChipTRR）的推动，但消除了其主要的安全限制（即ChipTRR跟踪有限的行数，因此可以被多面锤绕过）。具体来说，SoftTRR通过跟踪对与页表行非常接近的行的内存访问，并在跟踪的访问计数超过预定义的阈值后刷新页表行，从而保护了无限数量的页表。我们将SoftTRR的原型实现为可加载的内核模块，并评估其安全性，性能开销和内存消耗。实验结果表明，SoftTRR保护页表免受现实中的行锤攻击，并导致较小的性能开销以及内存成本。