-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Thu, Apr 20, 2017 at 07:05:40AM -0700, je wrote: > Hello, > > Intel GVT-g is Intels mediated pass-through technology for graphics > virtualization. Mediated pass-through allows to share a graphics card with > multiple guests [1]. Intel GVT-g was formerly known as XenGT. However, > GVT-g was added to the mainline kernel 4.10 [2] and have since seen > improvements [3]. > > Are there any plans to support GVT-g in upcoming Qubes OS releases? Did you > do any experiments with GVT-g and QubesOS?
Currently not. While this may look very attractive, it also have a huge attack surface - especially the mediating part running in device model. There are at least two things to be concerned about: - exploiting some bug there to break out into dom0, - exploiting some bug there to steal/subvert data of other VM using the same GPU The first one could be somehow mitigated by sandboxing it in a separate VM - like we do with qemu for HVM domains. But it wouldn't prevent the second kind of attack, which is especially severe if you have only one GPU. This also require a lot of research what other parts of the system could be affected by such a complex feature. This all doesn't mean we will never add such a feature - using this technology, or some other future one. But probably it will not be enabled by default. And surely it will not be in the near future - since our resources are limited, we focus on things improving security of Qubes OS, not loosening it. > If you did not do any experiments with GVT-g and QubesOS, than I would > really like to see a GSoC project which evaluates the Intel GVT-g > technology in Qubes OS. Because Intel GVT-g could be maybe used to enable > Android and WebGL development in Qubes OS. Furthermore, proper GPU > acceleration support could improve or enable many use cases which require > GPU acceleration. Well, this indeed may be a good candidate for GSoC project. I'm somehow sceptical if this as a whole could be framed as such (IMO it's much more than 3 months of work), but some parts probably yes. Anyway for this is for the next year - deadline for projects submission for this year already have passed. > [1] https://01.org/igvt-g > > [2] > http://www.phoronix.com/scan.php?page=news_item&px=Intel-GVT-G-Linux-4.10-State > > [3] > http://www.phoronix.com/scan.php?page=news_item&px=Intel-GVT-g-Linux-4.12-Slated > - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJY+MrMAAoJENuP0xzK19csm6EH/jhI3O7/l0byXOZdV1jt/Q/f OpaVZo7DbHLgV6lyQpt++N56jlk+4MBJo1o26qfi6JhItBAMjtS8CGEzWtWVGCiX /4BQw02rAEqJMhAFE+H7jRamf9TDUCw17PVS//hPs1btW9ccPRls/x7zaHSgRsQ+ Y2GLOGGXvkFygiixzPhR8Bf3pzngWESznF2qRxGMCkycs+068efRTshJ+bhmZkOq fB5Ml1BO7xdCUWOhgMZmaIRKiiIKqeHVpDpOjrRQXeh6Q1Hx1wRU8bXXZu6GFFdx LzRfj6464Wr1iKeceZ4hEj2/fjmGH8zyzE/RJiu/GvNhkOGfjCCSsR0BhI1XvnU= =OCFo -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170420145052.GG29767%40mail-itl. For more options, visit https://groups.google.com/d/optout.
