Linux Kernel IOMMU VT-d Device Translation Flush Vulnerability

A vulnerability in the Linux kernel's IOMMU VT-d implementation can lead to system instability. The issue arises because the kernel skips ATS invalidation for disconnected PCIe devices, which can cause hard lockups when a device link goes down due to faults. This problem is exacerbated in high-load conditions, where the current method of checking device connectivity can introduce delays that disrupt resource management for virtual machines.

Impact

The vulnerability can cause a hard lockup of the system, disrupting normal operations and resource management, particularly in virtualized environments under high load.

Reproduction

The vulnerability can be reproduced by connecting a virtual machine to a PCIe device that is faulty or disconnected. When the VM attempts to access the device, the link-down can cause a hard lockup. Executing 'virsh destroy' to release resources and isolate the fault triggers the lockup while the system tries to release the group file descriptor.

Remediation

The vulnerability has been addressed in upstream Linux commits. Users can apply the patches from these commits to their Linux kernel to mitigate the issue.