Hardware

3004 readers

52 users here now

All things related to technology hardware, with a focus on computing hardware.

Rules (Click to Expand):

Follow the Lemmy.world Rules - https://mastodon.world/about
Be kind. No bullying, harassment, racism, sexism etc. against other users.
No Spam, illegal content, or NSFW content.
Please stay on topic, adjacent topics (e.g. software) are fine if they are strongly relevant to technology hardware. Another example would be business news for hardware-focused companies.
Please try and post original sources when possible (as opposed to summaries).
If posting an archived version of the article, please include a URL link to the original article in the body of the post.

Some other hardware communities across Lemmy:

Augmented Reality - !augmented_reality@lemmy.world
Gaming Laptops - !gaminglaptops@lemmy.world
Laptops - !laptops@lemmy.world
Linux Hardware - !linuxhardware@programming.dev
Mechanical Keyboards - !mechanical_keyboards@programming.dev
Microcontrollers - !microcontrollers@lemux.minnix.dev
Monitors - !monitors@piefed.social
Raspberry Pi - !raspberry_pi@programming.dev
Retro Computing - !retrocomputing@lemmy.sdf.org
Single Board Computers - !sbcs@lemux.minnix.dev
Virtual Reality - !virtualreality@lemmy.world

Icon by "icon lauk" under CC BY 3.0

founded 2 years ago

MODERATORS

Alphane_Moon@lemmy.world

Nvidia chips become the first GPUs to fall to Rowhammer bit-flip attacks (arstechnica.com)

submitted 6 days ago by Alphane_Moon@lemmy.world to c/hardware@lemmy.world

4 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] tal@lemmy.today 1 points 6 days ago* (last edited 6 days ago) (2 children)

The researchers’ proof-of-concept exploit was able to tamper with deep neural network models used in machine learning for things like autonomous driving, healthcare applications, and medical imaging for analyzing MRI scans. GPUHammer flips a single bit in the exponent of a model weight—for example in y, where a floating point is represented as x times 2y. The single bit flip can increase the exponent value by 16. The result is an altering of the model weight by a whopping 216, degrading model accuracy from 80 percent to 0.1 percent, said Gururaj Saileshwar, an assistant professor at the University of Toronto and co-author of an academic paper demonstrating the attack.

Rowhammer attacks present a threat to memory inside the typical laptop or desktop computer in a home or office, but most Rowhammer research in recent years has focused on the threat inside cloud environments. That's because these environments often allot the same physical CPU or GPU to multiple users. A malicious attacker can run Rowhammer code on a cloud instance that has the potential to tamper with the data a CPU or GPU is processing on behalf of a different cloud customer. Saileshwar said that Amazon Web Services and smaller providers such as Runpod and Lambda Cloud all provide A6000s instances. (He added that AWS enables a defense that prevents GPUhammer from working.)

Well, if you can afford twice the computation cost, you can run a computation twice to validate that the result is the same, and re-run if they differ. I suspect that corrupting GPU memory in a reproducible way is going to be a lot harder, so defeating that should be pretty hard. That won't require hardware changes.

[–] Alphane_Moon@lemmy.world 2 points 6 days ago

I would even go as far speculating that Nvidia is not even going to bother with hardware changes. Especially considering AWS (and other cloud providers?) have mitigation approaches.

load more comments (1 replies)