
Arbitrary Host Memory Reads/Writes via PCIe DMA despite IOMMU on Linux - MrBuddyCasino
https://twitter.com/whitequark/status/1098584674346168322
======
MrBuddyCasino
An explanation on why this is an issue: any device plugged into the PCIe bus
is able read and write the host memory as it pleases. How?

DMA (Direct Memory Access) is a way for peripheral devices to access main
memory while circumventing the CPU. This is common and an important
performance optimization, and no problem in itself. The IOMMU makes sure that
this is restricted to certain memory ranges used for communicating with a
device, so there is no security issue.

But it turns out that if the ATS (Address Translation Services) bit is set on
a PCIe device, the IOMMU is rendered useless. The device now has free access!

