Linux Kernel IOMMU VT-d Vulnerability in PCIe Device Management Can Cause Host Lockup

A vulnerability in the Linux kernel's IOMMU VT-d handling can lead to a system hard-lock when a PCIe endpoint, with Address Translation Services (ATS) enabled and passed through to userspace applications like QEMU or DPDK, loses its link connection. This issue arises because the Intel IOMMU, when not in scalable mode or with the mode unsupported, waits indefinitely for an ATS invalidation that cannot be completed, causing the system to freeze. The problem can occur with unexpected link removals or faults, particularly when managing devices through the PCI Express Hot Plug (PCIEHP) interface.

Impact

Exploitation of this vulnerability can cause a complete system lockup, requiring a manual reboot to recover.

Reproduction

To reproduce this vulnerability, pass a PCIe endpoint with ATS enabled to a userspace application that utilizes DPDK or QEMU. Once the application is running, disconnect the PCIe link either by surprise removal or by inducing a link fault. If the Intel IOMMU is not in scalable mode, the host system will hard-lock, waiting indefinitely for an ATS invalidation that cannot be completed. This can also be reproduced by using the 'virsh destroy' command on a process that has lost its PCIe link connection, which will similarly cause the host to hard-lock.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.