Deferred DMA Attack: A Threat for Bypassing the IOMMU in Dynamic Hypervisors

The Input–Output Memory Management Unit (IOMMU) is a crucial hardware component for enforcing access control for bus-master devices on the main memory. When properly configured by a hypervisor, it provides reliable protection against Direct Memory Access (DMA) attacks from untrusted Virtual Machines (VMs) that control DMA-capable devices. Without an IOMMU, a malicious VM could instruct a DMA-capable device that it controls to access memory locations that the VM itself cannot access. This paper describes a novel DMA attack that allows bypassing the access control enforced by an IOMMU and may threaten some dynamic hypervisors. The DMA attack exploits the reallocation of DMA-capable devices when a VM is destroyed and a delay before the device effectively performs DMA. By leveraging a DMA-capable device under its control, this DMA attack potentially enables a malicious VM to breach hypervisor isolation and bypass the IOMMU-enforced access control. The wide applicability of the attack is impacted by constraints at the hypervisor, device, and platform levels. However, to support practicability, we present a proof-of-concept (PoC) implementation of the attack on a hypervisor, using a common DMA-capable device in a realistic attack scenario. Finally, the applicability of the attack on other hypervisors and potential mitigation strategies are also discussed. This paper aims to raise awareness of a threat posed by this DMA attack and to encourage practitioners to evaluate and test their systems for such flaws.