Typical in-DRAM Rowhammer mitigation operates by identifying aggressor rows and refreshing a limited number of victim rows on either side of the aggressor row. The number of victim rows is specified by the {\em Blast Radius}. JEDEC recently introduced state-of-the-art Rowhammer defense, which includes {\em Per-Row-Activation-Counting (PRAC)} to identify the aggressor rows and {\em Alert-Back-Off (ABO)} to allow the DRAM chip to obtain time to refresh two victim rows on either side of the aggressor row. The implicit assumption in PRAC is that charge loss beyond the two victim rows is negligibly small and does not represent a threat to the security of PRAC. In this paper, we develop {\em Blast-Radius Attack (BR-Attacks)} that can amplify even a small amount of leakage at distant rows to cause charge loss equivalent to 3x-178x than is permissible under the specified threshold. The goal of our paper is to develop an in-DRAM mitigation that provides secure Rowhammer defense without relying on the Blast Radius.

We observe that as subarrays are spatially isolated from each other, activity in one subarray does not cause charge leakage in rows of another subarray. To develop Blast-Radius-Free Rowhammer mitigation, we propose {\em SALT (Subarray-Level Tracking-and-Mitigation)}. SALT tracks activation counts per subarray and when the count exceeds a specified value, it triggers ABO to obtain time for refreshing a portion of the subarray. SALT limits the maximum number of activations to the subarray before all rows are guaranteed to be refreshed, thus providing {\em Blast-Radius-Freedom}. To reduce the slowdown from ABO, SALT-C coordinates the demand refresh operations such that ABO is not required if the activations to the subarray are below what can be handled by the demand refresh, thus reducing ABO by 18x. SALT-C not only provides stronger security than PRAC due to Blast-Radius-Freedom, but also has 50x lower storage overheads and lower slowdown (0.5% vs 1.7%) than PRAC.