...except that their drivers don't use it. Yes, there's a IOMMU in modern CPU. No, current GPU drivers don't use it fully. (According to several source about this proof-of-concept neither Nvidia's nor AMD's drivers do properly use IOMMU to isolate de GPU. They basically just grant the device wholesale access to the memory).
I misunderstood you due to bad verbiage: "No, current GPU drivers don't use it fully." The driver has nothing to do with enabling the IOMMU.
The IOMMU automatically maps a device into its own virtual address space. This prevents a random device from reading arbitrary memory outside of its virtual space. The kernel then uses a table provided by the IOMMU to figure out where things actually are in physical address space. BUT if a driver for that device allows it to read random memory locations, then there is a problem. I assume this stems from the newer GPGPU and HSA functionality which aims to reduce overhead by allowing the video card to read certain memory locations directly instead of copying.
The driver does not have to enable the IOMMU, that is automatic. The driver lives in kernel space and from there can do what it damn well pleases in terms of reading/writing memory if the developer inserts such functionality. The driver isn't disabling the IOMMU or failing to enable it, it is allowing the malicious code to read arbitrary memory through vulnerabilities at the kernel level. This bypasses the IOMMU, not disables it. The only protection would be to better enforce memory access privileges in the kernel and/or remove the arbitrary memory access problem.
A good analogy would be a quarantine facility with individual outer doors for each room, each of which is occupied by a single patient (a device). Patients can come and go as they please using their doors. But inside the facility, there is a hall which connects all of the rooms via a locked door for each room (IOMMU). Patients cant open that door but someone with a key can (the kernel). From the hall, a nurse can visit any patient(driver). But a patient can not leave the room through the locked door without that nurse. This isolates the patients from each other. *BUT* if the patient fools the nurse into allowing them into the hall, or the nurse allows them to wander out of the door, then all bets are off. That is what is happening here, the malicious code running on the GPU is fooling the nurse (driver) into leaving the room and wandering into another.
The kernel is the weak spot of any OS. It marshals userspace code and prevents it from reading arbitrary memory and segments users. But once inside the kernel, code can do whatever the kernel allows which is pretty much anything. I can write a module that allows arbitrary memory access from userspace if I wanted.