This is a proof-of-concept implementation of Memory Band-Aid focusing on the userspace-kernelspace boundary. Memory Band-Aid rate-limits excessive DRAM accesses via quality-of-service hardware features to mitigate many-sided Rowhammer attacks. Please refer to our paper for more details:

@inproceedings{Fiedler2026MBA,
 author = {Fiedler, Carina and Juffinger, Jonas and Neela, Sudheendra Raghav and Heckel, Martin and Weissteiner, Hannes and Yağlıkçı, Abdullah Giray and Adamsky, Florian and Gruss, Daniel},
 booktitle = {NDSS},
 title = {{Memory Band-Aid: A Principled Rowhammer Defense-in-Depth}},
 year = {2026}
}

The kernel patch mba_kernel.patch for Ubuntu 24.04, kernel version linux-hwe-6.11.0 switches between an untrusted class-of-service (COS ID = 0) for userspace programs and a trusted class-of-service (COS ID = 1) for kernel workloads on each context switch. The priviledged userspace program mba_config.py can be used to configure the corresponding bandwidth restrictions globally.