An explanation on why this is an issue: any device plugged into the PCIe bus is able read and write the host memory as it pleases. How?
DMA (Direct Memory Access) is a way for peripheral devices to access main memory while circumventing the CPU. This is common and an important performance optimization, and no problem in itself. The IOMMU makes sure that this is restricted to certain memory ranges used for communicating with a device, so there is no security issue.
But it turns out that if the ATS (Address Translation Services) bit is set on a PCIe device, the IOMMU is rendered useless. The device now has free access!
DMA (Direct Memory Access) is a way for peripheral devices to access main memory while circumventing the CPU. This is common and an important performance optimization, and no problem in itself. The IOMMU makes sure that this is restricted to certain memory ranges used for communicating with a device, so there is no security issue.
But it turns out that if the ATS (Address Translation Services) bit is set on a PCIe device, the IOMMU is rendered useless. The device now has free access!