On Thu, Apr 18, 2019 at 09:37:58AM +0000, David Laight wrote: > From: Jerome Glisse > > Sent: 16 April 2019 16:33 > ... > > I am no expert but i am guessing your FPGA set the request field in the > > PCIE TLP write packet to 00:00.0 and this might work when IOMMU is off but > > might not work when IOMMU is on ie when IOMMU is on your device should set > > the request field to the FPGA PCIE id so that the IOMMU knows for which > > device the PCIE write or read packet is and thus against which IOMMU page > > table. > > Interesting. > Does that mean that a malicious PCIe device can send write TLP > that contain the 'wrong' id (IIRC that is bus:dev:fn) and so > write to areas that it shouldn't access?
Yes it does, they are bunch of paper on that look for IOMMU DMA attack. > > For any degree of security the PCIe bridge nearest the target > needs to verify the id as well. > Actually all bridges need to verify the 'bus' part. > Then boards with 'dodgy' bridges can only write to locations > that other dev:fn on the same board can access. Yes they should but it has a cost and AFAIK no bridges, not even the root port, does that. PCIE bandwidth is big and it means a lot of packets can go through a PCIE switch or PCIE bridge and i believe that such PCIE packet inspection have been considered too costly. Afterall if someone can plug a rogue device to your computer (ignoring laptop) then he can do more harm with easier method. FGPA accelerator as PCIE device, might open a door for clever and _resourceful_ people to try to use them as a remote vector attack. Cheers, Jérôme
