Today, many computational workloads are performed by virtual machines in shared-computing environments (e.g., cloud-computing environments). In typical shared-computing environments, several virtual machines may run in isolation from one another yet use the same physical resources. The sharing of physical resources by virtual machines often results in significant reductions in the amount of physical resources (e.g., physical hardware, rack space, and cooling) that must be allocated to run many conventional computational workloads.
In a typical shared-computing environment, virtual machines may be allocated virtual memory in amounts that exceed the amount of available physical memory (a concept that is often referred to as memory overcommitment). Overcommitment of memory may be possible since (i) a typical virtual machine does not use all the virtual memory that has been allocated to it and (ii) unused virtual memory may not consume physical memory. Overcommitment of memory may also be possible because one or more pages of virtual memory of two or more virtual machines may, in some circumstances, share or be mapped to the same page frame in physical memory.
In many shared-computing environments, virtual machines often execute the same operating systems, run the same applications, and/or process the same data such that one or more pages of virtual memory of the virtual machines may contain identical data. To reduce the amount of physical memory that is used by the virtual machines, some shared-computing environments may monitor physical memory for identical page frames and, when identical page frames are detected, de-duplicate the identical page frames by (i) retaining one of the page frames as read-only memory, (ii) remapping the pages of virtual memory that were mapped to the other page frames to the retained page frame, and (iii) releasing the other page frames. If a virtual machine attempts to write data to a page of virtual memory that is backed by a shared page frame in physical memory, a typical shared-computing environment may use a copy-on-write mechanism that remaps the page of virtual memory to a new duplicate page frame in physical memory before committing the virtual machine's write to physical memory.
Unfortunately, recent discoveries of the Rowhammer dynamic random-access memory (DRAM) bug that plagues some types of physical memory and its associated exploits (e.g., Flip Feng Shui) have caused many shared-computing providers to forgo physical-memory de-duplication. The Rowhammer DRAM bug generally refers to a hardware bug that plagues certain types of DRAM whose row-based configurations are flawed in such a way that repeated read accesses from one physical row of memory may induce bit flips (i.e., single bit errors) in adjacent physical rows of memory. Malicious attacks based on this flaw are often referred to as modification attacks. In conventional shared-computing environments, a malicious virtual machine may use a modification attack to induce a bit flip in a page of virtual memory of a target virtual machine that is mapped to a shared page frame and that contains data that is sensitive to bit flips. The instant disclosure, therefore, identifies and addresses a need for systems and methods for detecting rowhammer attacks and other modification attacks on shared physical memory.