In most modern implementations, this means for every 64-bit word stored in RAM, there are eight checking bits. A single bit error—a 0 flipped to 1, or a 1 flipped to 0—can be both detected and corrected automatically. Two bits flipped in the same word can be detected but not corrected. Three or more bits flipped in the same word will probably be detected, but detection is not guaranteed.
Bit flips can happen for many reasons, beginning with cosmic-ray impact or simple hardware failure. A large-scale study of Google servers found that roughly 32 percent of all servers (and 8 percent of all DIMMs) in Google's fleet experience at least one memory error per year. But the vast majority of these are single-bit errors—and since Google is using server CPUs and ECC RAM, this means the machines in question keep right on trucking. //
Even when ECC can't actively prevent a Rowhammer attack from having an impact on the system—for example, when it flips multiple bits in one word—it can at least alert the system of the problem and, in most cases, prevent the Rowhammer attack from doing anything other than causing downtime. (Most ECC systems are configured to halt the entire machine if an uncorrectable error is detected.) //
Torvalds takes the bold position that the lack of ECC RAM in consumer technology is Intel's fault due to the company's policy of artificial market segmentation. Intel has a vested interest in pushing deeper-pocketed businesses toward its more expensive—and profitable—server-grade CPUs rather than letting those entities effectively use the necessarily lower-margin consumer parts.
Removing support for ECC RAM from CPUs that aren't targeted directly at the server world is one of the ways Intel has kept those markets strongly segmented. Torvalds' argument here is that Intel's refusal to support ECC RAM in its consumer-targeted parts—along with its de facto near-monopoly in that space—is the real reason that ECC is nearly unavailable outside the server space.
