Bug 216970

Created attachment 303656 [details]
Upload text data to vfio-pci passthrough GPU VRAM with using nvatools

1) Release of Ubuntu
  Host - Ubuntu 20.04.5 LTS / Release : 20.04
  Guest - Ubuntu 18.04.6 LTS / Release : 18.04

2) Kernel version
  Host - 5.15.0-57-generic
  Guest - 5.4.0-137-generic

3) Version of the package
libpciaccess0:
  Installed: 0.16-0ubuntu1
  Candidate: 0.16-0ubuntu1

libpciaccess-dev:
  Installed: 0.16-0ubuntu1
  Candidate: 0.16-0ubuntu1

4) Expected to happen
When the virtual machine is running, the Host could not access the virtual machine's pci passthrough device via libpciaccess.

5) Happened instead
When the virtual machine is running, the host can access the virtual machine's pci passthrough device via libpciaccess.

In this case, host can interrupt passthrough pci device, or access passthrough pci device memory to leak virtual machine data.

We checked this by creating a virtual machine using vfio-pci passthrough GPU in QEMU.

In addition, when running GPU applications such as CUDA in a virtual machine, we found that data inside passthrough GPU VRAM can be accessed from the host via libpciaccess(nvatools).

We proceeded as follows.
 1. Create and run VMs with vfio-pci passthrough GPU.

 2. Upload text data from the host via nvatools to the VRAM on the passthrough GPU.

 3. The VM can see the text data in the GPU VRAM.