cache and syphilis
play

Cache and Syphilis RootedCON 2019 Haswell (4th generation) - PowerPoint PPT Presentation

Apr 28, 2023 •441 likes •1.02k views

Cache and Syphilis RootedCON 2019 Haswell (4th generation) architecture Cache latencies: L1 ~5 cycles L2 ~12 cycles L3 ~50 cycles DRAM ~50 cycles + 50 ns (RAM) Coherence: Inclusive vs. non-inclusive vs. exclusive

  1. Cache and Syphilis RootedCON 2019

  3. Haswell (4th generation) architecture Cache latencies: ● L1 ~5 cycles ● L2 ~12 cycles ● L3 ~50 cycles ● DRAM ~50 cycles + 50 ns (RAM) Coherence: ● Inclusive vs. non-inclusive vs. exclusive

  4. /microarchitectural_attacks Cache Attacks Rowhammer Evict+Time, Prime+Probe , Flush+Reload, etc. GPU MMU and TLB Port contention Meltdown Memory deduplication Foreshadow

  5. /rowhammer Single Event Upsets (SEUs) in electronics first proposed in 1962 (J.T. Wallmark and S.M. Marcus) ● Cosmic rays can limit the scaling of devices Can random bit-flips in physical memory be exploited? Rowhammer allows to induce random bit-flips via software in an often repeatable fashion ● repetition is what makes exploitation reliable Some real exploits: ● NaCl bit-flip in x86 instructions to a non 32-byte-aligned address ● Linux Kernel bit-flip in physical frame number of PTE with R/W permission ● RSA keys (ssh and apt-get): bit-flip in public key allows easy factorization ● Trusted Zone bit-flip in private key, recover secret from signature ● Opcode flipping bit-flip to ignore privilege checks in setuid binaries

  6. /rowhammer Dual In-line Memory Module front of DIMM: rank 0 channel 0 back of DIMM: rank 1 Serial Presence Detect (SPD) chip bank 0 channel 1 row 0 row 1 row 2 Bank = matrix of cells Row “activation” ... Cell = capacitor + transistor = 1-bit Cells leak charge, need to refresh row N Cells grouped into rows Refresh rate ~64ms Typical row size: 8K row buffer

  7. /rowhammer Hammering a row = repeatedly activating a row ● Higher storage capacity -> Higher cell density -> Lower isolation bank ● An aggressor row that is repeatedly activated can cause victim row 0 row’s cells to bit-flip. row 1 ● Defective cells are randomly distributed row 2 ... row N loop: mov (A), %eax // Read from address A (row 1) row buffer mov (B), %ebx // Read from address B (row k) clflush (A) // Flush A from cache clflush (B) // Flush B from cache jmp loop

  8. /spectre-v1 ● instruction fetch ● out-of-order execution ● branch prediction ● speculative execution

  9. /spectre-v1 victim_func: # void victim_func(int offset) { mov eax, dword ptr [rip + arr1_size] # cmp rax, rdi # if (offset < arr1_size) { jbe .OOB # lea rax, [rip + arr1] # movzx eax, byte ptr [rdi + rax] # eax = arr1[offset]; shl rax, 6 # rax = rax * 64; lea rcx, [rip + arr2] # mov al, byte ptr [rax + rcx] # al = arr2[rax]; and byte ptr [rip + temp], al # temp = temp & al; .OOB: # } ret # return; # } arr1_size: .long 16 # 0x10 .size arr1_size, 4 arr1: .ascii "\001\002\003\004\005\006\007\b\t\n\013\f\r\016\017\020" .size arr1, 16 temp: .byte 0 # 0x0 .size temp, 1 arr2: .comm arr2,131072,16

  10. /caches ● Memory splitted in “blocks” (64B) ● Set-associative cache ( n ways) ● Physically vs. virtually indexed ● Blocks “collide” in a cache set ● Replacement policy

  11. /caches ● Memory splitted in “blocks” (64B) ● Set-associative cache ( n ways) ● Physically vs. virtually indexed ● Blocks “collide” in a cache set ● Replacement policy Example: How many sets there are in a 6MB 12-way cache? 6*1024*1024 / (12*64) = 8192 sets We need 13 set-index bits! (w/o slicing)

  12. 4K toy RAM /caches 0 A 1 B 2 C 3 D ... 512 bytes 4-way toy cache load @192 // @00001 1 000000 (3) 4 E load @264 // @00010 0 001000 (4) 5 F load @324 // @00010 1 000100 (5) Set 0 Set 1 load @096 // @00000 1 100000 (1) 6 G load @003 // @00000 0 000010 (0) 7 H load @464 // @00011 1 010000 (7) load @324 // @00010 1 000100 (5) 8 I load @576 // @00100 1 000000 (9) 9 J ... 10 K 11 L 12 M 13 N 14 O 15 P 16 Q ...

  13. 4K toy RAM /caches 0 A 1 B 2 C 3 D ... 512 bytes 4-way toy cache load @192 // @00001 1 000000 (3) 4 E load @264 // @00010 0 001000 (4) 5 F load @324 // @00010 1 000100 (5) Set 0 Set 1 load @096 // @00000 1 100000 (1) 6 G load @003 // @00000 0 000010 (0) 7 H load @464 // @00011 1 010000 (7) load @324 // @00010 1 000100 (5) 8 I load @576 // @00100 1 000000 (9) 9 J ... 10 K 11 L 12 M 13 N 14 O 15 P 16 Q ...

  14. 4K toy RAM /caches 0 A 1 B 2 C 3 D ... 512 bytes 4-way toy cache load @192 // @00001 1 000000 (3) 4 E load @264 // @00010 0 001000 (4) 5 F load @324 // @00010 1 000100 (5) Set 0 Set 1 load @096 // @00000 1 100000 (1) 6 G load @003 // @00000 0 000010 (0) 7 H load @464 // @00011 1 010000 (7) load @324 // @00010 1 000100 (5) 8 I load @576 // @00100 1 000000 (9) 9 J ... 10 K 11 L 12 M MISS! 13 N 14 O 15 P 16 Q ...

  15. 4K toy RAM /caches 0 A 1 B 2 C 3 D ... 512 bytes 4-way toy cache load @192 // @00001 1 000000 (3) 4 E load @264 // @00010 0 001000 (4) 5 F load @324 // @00010 1 000100 (5) Set 0 Set 1 load @096 // @00000 1 100000 (1) 6 G load @003 // @00000 0 000010 (0) 7 H D load @464 // @00011 1 010000 (7) load @324 // @00010 1 000100 (5) 8 I load @576 // @00100 1 000000 (9) 9 J ... 10 K 11 L 12 M 13 N 14 O 15 P 16 Q ...

  16. 4K toy RAM /caches 0 A 1 B 2 C 3 D ... 512 bytes 4-way toy cache load @192 // @00001 1 000000 (3) 4 E load @264 // @00010 0 001000 (4) 5 F load @324 // @00010 1 000100 (5) Set 0 Set 1 load @096 // @00000 1 100000 (1) 6 G load @003 // @00000 0 000010 (0) 7 H D load @464 // @00011 1 010000 (7) load @324 // @00010 1 000100 (5) 8 I load @576 // @00100 1 000000 (9) 9 J ... 10 K 11 L 12 M MISS! 13 N 14 O 15 P 16 Q ...

  17. 4K toy RAM /caches 0 A 1 B 2 C 3 D ... 512 bytes 4-way toy cache load @192 // @00001 1 000000 (3) 4 E load @264 // @00010 0 001000 (4) 5 F load @324 // @00010 1 000100 (5) Set 0 Set 1 load @096 // @00000 1 100000 (1) 6 G load @003 // @00000 0 000010 (0) 7 H E D load @464 // @00011 1 010000 (7) load @324 // @00010 1 000100 (5) 8 I load @576 // @00100 1 000000 (9) 9 J ... 10 K 11 L 12 M 13 N 14 O 15 P 16 Q ...

  18. 4K toy RAM /caches 0 A 1 B 2 C 3 D ... 512 bytes 4-way toy cache load @192 // @00001 1 000000 (3) 4 E load @264 // @00010 0 001000 (4) 5 F load @324 // @00010 1 000100 (5) Set 0 Set 1 load @096 // @00000 1 100000 (1) 6 G load @003 // @00000 0 000010 (0) 7 H E D load @464 // @00011 1 010000 (7) load @324 // @00010 1 000100 (5) 8 I load @576 // @00100 1 000000 (9) 9 J ... 10 K 11 L 12 M MISS! 13 N 14 O 15 P 16 Q ...

  19. 4K toy RAM /caches 0 A 1 B 2 C 3 D ... 512 bytes 4-way toy cache load @192 // @00001 1 000000 (3) 4 E load @264 // @00010 0 001000 (4) 5 F load @324 // @00010 1 000100 (5) Set 0 Set 1 load @096 // @00000 1 100000 (1) 6 G load @003 // @00000 0 000010 (0) 7 H E D load @464 // @00011 1 010000 (7) load @324 // @00010 1 000100 (5) 8 I F load @576 // @00100 1 000000 (9) 9 J ... 10 K 11 L 12 M 13 N 14 O 15 P 16 Q ...

  20. 4K toy RAM /caches 0 A 1 B 2 C 3 D ... 512 bytes 4-way toy cache load @192 // @00001 1 000000 (3) 4 E load @264 // @00010 0 001000 (4) 5 F load @324 // @00010 1 000100 (5) Set 0 Set 1 load @096 // @00000 1 100000 (1) 6 G load @003 // @00000 0 000010 (0) 7 H E D load @464 // @00011 1 010000 (7) load @324 // @00010 1 000100 (5) 8 I F load @576 // @00100 1 000000 (9) 9 J ... 10 K 11 L 12 M MISS! 13 N 14 O 15 P 16 Q ...

  21. 4K toy RAM /caches 0 A 1 B 2 C 3 D ... 512 bytes 4-way toy cache load @192 // @00001 1 000000 (3) 4 E load @264 // @00010 0 001000 (4) 5 F load @324 // @00010 1 000100 (5) Set 0 Set 1 load @096 // @00000 1 100000 (1) 6 G load @003 // @00000 0 000010 (0) 7 H E D load @464 // @00011 1 010000 (7) load @324 // @00010 1 000100 (5) 8 I F load @576 // @00100 1 000000 (9) 9 J ... B 10 K 11 L 12 M 13 N 14 O 15 P 16 Q ...

  22. 4K toy RAM /caches 0 A 1 B 2 C 3 D ... 512 bytes 4-way toy cache load @192 // @00001 1 000000 (3) 4 E load @264 // @00010 0 001000 (4) 5 F load @324 // @00010 1 000100 (5) Set 0 Set 1 load @096 // @00000 1 100000 (1) 6 G load @003 // @00000 0 000010 (0) 7 H E D load @464 // @00011 1 010000 (7) load @324 // @00010 1 000100 (5) 8 I F load @576 // @00100 1 000000 (9) 9 J ... B 10 K 11 L 12 M MISS! 13 N 14 O 15 P 16 Q ...

  23. 4K toy RAM /caches 0 A 1 B 2 C 3 D ... 512 bytes 4-way toy cache load @192 // @00001 1 000000 (3) 4 E load @264 // @00010 0 001000 (4) 5 F load @324 // @00010 1 000100 (5) Set 0 Set 1 load @096 // @00000 1 100000 (1) 6 G load @003 // @00000 0 000010 (0) 7 H E D load @464 // @00011 1 010000 (7) load @324 // @00010 1 000100 (5) 8 I A F load @576 // @00100 1 000000 (9) 9 J ... B 10 K 11 L 12 M 13 N 14 O 15 P 16 Q ...

  24. 4K toy RAM /caches 0 A 1 B 2 C 3 D ... 512 bytes 4-way toy cache load @192 // @00001 1 000000 (3) 4 E load @264 // @00010 0 001000 (4) 5 F load @324 // @00010 1 000100 (5) Set 0 Set 1 load @096 // @00000 1 100000 (1) 6 G load @003 // @00000 0 000010 (0) 7 H E D load @464 // @00011 1 010000 (7) load @324 // @00010 1 000100 (5) 8 I A F load @576 // @00100 1 000000 (9) 9 J ... B 10 K 11 L 12 M MISS! 13 N 14 O 15 P 16 Q ...

Recommend

Update on Congenital Syphilis Elimination efforts, Chicago, IL Irina Tabidze, MD, MPH HIV/STI

Update on Congenital Syphilis Elimination efforts, Chicago, IL Irina Tabidze, MD, MPH HIV/STI

Update on Congenital Syphilis Elimination efforts, Chicago, IL Irina Tabidze, MD, MPH HIV/STI Bureau Syphilis in Pregnancy Syphilis is a sexually transmitted disease caused by the bacterium Treponema pallidum . Perinatal transmission

391 views • 15 slides
1 Classifying cache misses Cache Organization Classifying misses by causes (3Cs) Cache size,

1 Classifying cache misses Cache Organization Classifying misses by causes (3Cs) Cache size,

Cache Performance Metrics Cache miss rate: number of cache misses divided by number of accesses Lecture 14: Hardware Approaches for Cache Optimizations Cache hit time: the time between sending address and data returning from cache Cache

608 views • 4 slides
Web Cache Consistency Web Cache Consistency Web Cache Consistency Web Cache Consistency

Web Cache Consistency Web Cache Consistency Web Cache Consistency Web Cache Consistency

Web Cache Consistency Web Cache Consistency Web Cache Consistency Web Cache Consistency Requirements of performance, availability, and disconnected operation require us to relax the goal of semantic transparency. - HTTP 1.1 specification

598 views • 13 slides
L09: Cache Name: ID: Question: Direct Mapping Cache Hit Rate Consider a 4-block empty Cache,

L09: Cache Name: ID: Question: Direct Mapping Cache Hit Rate Consider a 4-block empty Cache,

L09: Cache Name: ID: Question: Direct Mapping Cache Hit Rate Consider a 4-block empty Cache, and all blocks initially marked as not valid , Given the main memory word addresses 0 1 2 3 4 3 4 15, calculate Cache hit rate. Cache Index

654 views • 9 slides
HIV/Syphilis dual test in Kenya Dr. Githuka George PMTCT Program Manager Ministry of Health,

HIV/Syphilis dual test in Kenya Dr. Githuka George PMTCT Program Manager Ministry of Health,

Optimizing maternal retesting and lessons learned using the HIV/Syphilis dual test in Kenya Dr. Githuka George PMTCT Program Manager Ministry of Health, Kenya Outline Introduction/Background HIV testing strategies Dual HIV/Syphilis

1.11k views • 14 slides
What Is Memory Hierarchy A typical memory hierarchy today: Lecture 13: Cache Basics and Cache

What Is Memory Hierarchy A typical memory hierarchy today: Lecture 13: Cache Basics and Cache

What Is Memory Hierarchy A typical memory hierarchy today: Lecture 13: Cache Basics and Cache Performance Proc/Regs L1-Cache Bigger Faster L2-Cache Memory hierarchy concept, cache L3-Cache (optional) design fundamentals, set-associative

303 views • 4 slides
Coinfections with HBV, HCV and Syphilis in MSM with known date of HIV 1-seroconversion in Germany

Coinfections with HBV, HCV and Syphilis in MSM with known date of HIV 1-seroconversion in Germany

Coinfections with HBV, HCV and Syphilis in MSM with known date of HIV 1-seroconversion in Germany Klaus Jansen Barbara Bartmeyer, Claus Bock, Claudia Kcherer, Osamah Hamouda, Karolin Meixenberger, Ramona Scheufele, Michael Thamm Robert

168 views • 16 slides
Cache Performance Associativity Replacement Samira Khan Cache Performance March 28,

Cache Performance Associativity Replacement Samira Khan Cache Performance March 28,

3/28/17 Agenda Review from last lecture Cache access Cache Performance Associativity Replacement Samira Khan Cache Performance March 28, 2017 Direct-Mapped Cache: Placement and Access Cache Abstraction and Metrics 00 | 000

518 views • 16 slides
Plan Hierarchical memories and their impact on our programs 1 Cache Memories, Cache Complexity

Plan Hierarchical memories and their impact on our programs 1 Cache Memories, Cache Complexity

Plan Hierarchical memories and their impact on our programs 1 Cache Memories, Cache Complexity Cache Analysis in Practice 2 Marc Moreno Maza The Ideal-Cache Model 3 University of Western Ontario, London, Ontario (Canada) Cache Complexity

632 views • 25 slides
Generations of Cache 1980: no cache in proc; 1989 first Intel proc with a cache on chip.

Generations of Cache 1980: no cache in proc; 1989 first Intel proc with a cache on chip.

Generations of Cache 1980: no cache in proc; 1989 first Intel proc with a cache on chip. 1995 2-level cache on chip Instructions Per Cycle Lost to Memory 1st Alpha 340 ns/5.0 ns = 68 clks x 2 or 136 2nd Alpha 266 ns/3.3 ns

588 views • 46 slides
Caches Electronic Computers M Caches 1 Cache LOCALITY PRINCIPLE (SPATIAL AND TEMPORAL)

Caches Electronic Computers M Caches 1 Cache LOCALITY PRINCIPLE (SPATIAL AND TEMPORAL)

Caches Electronic Computers M Caches 1 Cache LOCALITY PRINCIPLE (SPATIAL AND TEMPORAL) WORKING SET CPU Cache Registers Cache I lev. Cache II lev. Cache III lev. Memory Disk Tape The cache is a memory with an access time some

572 views • 55 slides
1 Locate set Cache Read Example: Direct Mapped Cache (E = 1) Check if any line in set

1 Locate set Cache Read Example: Direct Mapped Cache (E = 1) Check if any line in set

Today Cache memory organization and operation Performance impact of caches Cache Memories The memory mountain Rearranging loops to improve spatial locality Using blocking to improve temporal locality CSci 2021: Machine

102 views • 8 slides
CSE378 - Cache Performance metrics for caches Parameters for cache design Basic performance

CSE378 - Cache Performance metrics for caches Parameters for cache design Basic performance

CSE378 - Cache Performance metrics for caches Parameters for cache design Basic performance metric: hit ratio h Goal: Have h as high as possible without paying too much for T cache h = Number of memory references that hit in the cache /

427 views • 6 slides
Memory Hierarchy: Cache Memory hierarchy Cache basics Locality Cache organization Cache-aware

Memory Hierarchy: Cache Memory hierarchy Cache basics Locality Cache organization Cache-aware

Memory Hierarchy: Cache Memory hierarchy Cache basics Locality Cache organization Cache-aware programming How does execution time grow with SIZE? int[] array = new int[SIZE]; fillArrayRandomly(array); int s = 0; for (int i = 0; i &lt;

847 views • 48 slides
Direct Map Cache and Set Associative Cache (Revision) Lecture 14 CDA 3103 07-07-2014 Example 1

Direct Map Cache and Set Associative Cache (Revision) Lecture 14 CDA 3103 07-07-2014 Example 1

Direct Map Cache and Set Associative Cache (Revision) Lecture 14 CDA 3103 07-07-2014 Example 1 A set-associative cache consists of 64 lines, or slots, divided into four-line sets. Main memory contains 4K blocks of 128 words each. Show the

357 views • 19 slides
Cache Creek Placer Area Fee Proposal History of Placer Mining at Cache Creek Prospecting in

Cache Creek Placer Area Fee Proposal History of Placer Mining at Cache Creek Prospecting in

Cache Creek Placer Area Fee Proposal History of Placer Mining at Cache Creek Prospecting in Colorado began in 1858 1859, First discovery of gold in Cache Creek Park 1860, Campbell and Shoewalter excavated their first pits in Cache

298 views • 13 slides
Cache Memory Chapter 17 S. Dandamudi Outline Introduction Types of cache misses

Cache Memory Chapter 17 S. Dandamudi Outline Introduction Types of cache misses

Cache Memory Chapter 17 S. Dandamudi Outline Introduction Types of cache misses How cache memory works Types of caches Why cache memory works Example implementations Cache design basics Pentium PowerPC

813 views • 28 slides
Cache Memory Chapter 17 S. Dandamudi Outline Introduction Types of cache misses

Cache Memory Chapter 17 S. Dandamudi Outline Introduction Types of cache misses

Cache Memory Chapter 17 S. Dandamudi Outline Introduction Types of cache misses How cache memory works Types of caches Why cache memory works Example implementations Pentium Cache design basics PowerPC

802 views • 56 slides
Public Health Challenges of Syphilis Prevention Same, same but different Sol olom omon on M

Public Health Challenges of Syphilis Prevention Same, same but different Sol olom omon on M

Public Health Challenges of Syphilis Prevention Same, same but different Sol olom omon on M M, Mayer K r K. Evol olution on of the s he syph philis epi epidem emic a among men who have s sex w with m men. Sexual Hea Health 201

328 views • 7 slides
Cache Memories, Cache Complexity Marc Moreno Maza University of Western Ontario, London, Ontario

Cache Memories, Cache Complexity Marc Moreno Maza University of Western Ontario, London, Ontario

Cache Memories, Cache Complexity Marc Moreno Maza University of Western Ontario, London, Ontario (Canada) CS3101 and CS4402-9635 Plan Hierarchical memories and their impact on our programs Cache Analysis in Practice The Ideal-Cache Model

1.18k views • 100 slides
General Cache Mechanics CPU Block: unit of data in cache and memory. (a.k.a. line) Memory

General Cache Mechanics CPU Block: unit of data in cache and memory. (a.k.a. line) Memory

General Cache Mechanics CPU Block: unit of data in cache and memory. (a.k.a. line) Memory Hierarchy: Cache Smaller, faster, more expensive. Cache 8 9 14 3 Stores subset of memory blocks . (lines) Data is moved in block units Memory

467 views • 8 slides
Macrolides in Genital Infections Syphilis Erythromycin: ineffective in neurosyphilis no longer

Macrolides in Genital Infections Syphilis Erythromycin: ineffective in neurosyphilis no longer

Macrolides in Genital Infections Syphilis Erythromycin: ineffective in neurosyphilis no longer recommended for treatment Azithromycin: limited data, more required 500 mg daily x 10 role to be determined? Other agents: animal data only no

123 views • 8 slides
1 Trace Cache Summary of Reducing Cache Hit Time Trace: a dynamic sequence of Small and simple

1 Trace Cache Summary of Reducing Cache Hit Time Trace: a dynamic sequence of Small and simple

Improving Cache Performance 1. Reducing miss rates 3. Reducing miss penalty or miss rates via parallelism Larger block size Lecture 18: Reducing Cache Hit Non-blocking caches larger cache size Time and Main Memory Design

285 views • 3 slides
Cache Performance Samira Khan March 28, 2017 Agenda Review from last lecture Cache

Cache Performance Samira Khan March 28, 2017 Agenda Review from last lecture Cache

Cache Performance Samira Khan March 28, 2017 Agenda Review from last lecture Cache access Associativity Replacement Cache Performance Cache Abstraction and Metrics Address Tag Store Data Store (stores (is the address in

904 views • 61 slides

More recommend