Preface: The GPU can not only receive transactions, but it can also initiate transactions. Which also means it has access to DRAM memory too.
How can the GPU communicate to the CPU? Well, both have access to DRAM memory. The CPU can store information in DRAM memory (0x8000_0000 – 0x0000_0000) and then write to a register in the GPU (0x9000_0000 – 0x8000_0000) to inform the GPU that the information is ready.
Background: ARM produce designs for a GPU called “Mali”. This is incorporated in many SoCs and thus devices. It is used in a number of devices that can run Debian. There are four major revisions of Mali GPUs: Utgard, Midgard, Bifrost, and Valhall.
There are only two hardware implementations of GPUs that are particularly popular in Android devices: ARM Mali and Qualcomm Adreno.
The Android and Linux version of the Mali GPUs Device Driver provide low-level access to the Mali GPUs that are part of the Bifrost family.
July 2021 Collabora announced that they reverse engineered the Valhall instruction set of the Mali-G78 GPU using a Samsung Galaxy S21 smartphone. If the mainline Linux and GPU drivers are not rooted, this cannot be done on the device. Turns out they just use It comes to reverse engineer instructions and do some testing by modifying compiled shaders and GPU data structures.
Remark: The Input/Output Memory Management Unit (IOMMU) is a hardware extension to control memory accesses of I/O devices. The IOMMU prevents malicious devices from performing arbitrary Direct Memory Access (DMA) operations and can be used to isolate device drivers.
Vulnerability details: An Arm product family through 2022-08-12 mail GPU kernel driver allows non-privileged users to make improper GPU processing operations to gain access to already freed memory.
In certain circumstances, some versions of the Mali GPU Kernel driver can become compromised.
Midgard GPU Kernel Driver: All versions from r4p0 – r31p0
Bifrost GPU Kernel Driver: All versions from r0p0 – r38p1, and r39p0
Valhall GPU Kernel Driver: All versions from r19p0 – r38p1, and r39p0
Resolution: This issue is fixed in Bifrost and Valhall GPU Kernel Driver r38p2 and r40p0. It will be fixed in future Midgard release. Users are recommended to upgrade if they are impacted by this issue.
Official announcement: Please refer to the link for details – https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities#Technical-Specifications