On Thu, May 25, 2017 at 9:58 AM, je <[email protected]> wrote: > On Thursday, April 20, 2017 at 10:50:58 AM UTC-4, Marek Marczykowski-Górecki >> On Thu, Apr 20, 2017 at 07:05:40AM -0700, je wrote: >> > Intel GVT-g is Intels mediated pass-through technology for graphics >> > virtualization. Mediated pass-through allows to share a graphics card >> > with >> > multiple guests [1]. Intel GVT-g was formerly known as XenGT. However, >> > GVT-g was added to the mainline kernel 4.10 [2] and have since seen >> > improvements [3]. >> > >> > Are there any plans to support GVT-g in upcoming Qubes OS releases? Did >> > you >> > do any experiments with GVT-g and QubesOS? >> >> Currently not. While this may look very attractive, it also have a huge >> attack surface - especially the mediating part running in device model. >> There are at least two things to be concerned about: >> - exploiting some bug there to break out into dom0, >> - exploiting some bug there to steal/subvert data of other VM using the >> same GPU >> >> >> >> The first one could be somehow mitigated by sandboxing it in a separate >> VM - like we do with qemu for HVM domains. But it wouldn't prevent the >> second kind of attack, which is especially severe if you have only one >> GPU. >> This also require a lot of research what other parts of the system could >> be affected by such a complex feature. >> >> This all doesn't mean we will never add such a feature - using this >> technology, or some other future one. But probably it will not be >> enabled by default. And surely it will not be in the near future - since >> our resources are limited, we focus on things improving security of >> Qubes OS, not loosening it. >> >> >> > If you did not do any experiments with GVT-g and QubesOS, than I would >> > really like to see a GSoC project which evaluates the Intel GVT-g >> > technology in Qubes OS. Because Intel GVT-g could be maybe used to >> > enable >> > Android and WebGL development in Qubes OS. Furthermore, proper GPU >> > acceleration support could improve or enable many use cases which >> > require >> > GPU acceleration. >> >> Well, this indeed may be a good candidate for GSoC project. I'm somehow >> sceptical if this as a whole could be framed as such (IMO it's much more >> than 3 months of work), but some parts probably yes. Anyway for this is >> for the next year - deadline for projects submission for this year >> already have passed. > > > I think that GPU virtualization is a very new field. I would not consider > this as a feature anytime soon in Qubes OS. However, I think Qubes OS should > explore new technologies in this area soon as they appear. Currently it is > not really possible to play games, use 3D rendering applications or use > WebGL. I tried once to play a simple WebGL based tower game on Qubes OS. It > was just painful. Whereas the same game was running very fast on an Alcatel > OneTouch FirefoxOS phone > (http://www.gsmarena.com/alcatel_one_touch_fire-5319.php). My Intel i7-3x > running Qubes OS should have been able to surpass the performance of my > phone by far. > > What I was thinking about is, to have a page for QubesOS with proposals > which can be used for GSoC students, students or researches which have to > write a thesis. We could call it Qubes OS Research Lab. The proposals should > be around interesting and novel research topics in virtualization, such as > GPU virtualization, Unikernels, separation of Desktop Environment and Dom0, > introspection/forensics and many more. I think students would be interested > to work on topics which allow them to contribute to an open source project > and work together with a community.
There is the GSoC Ideas List page [1] which already lists many projects similar to those you describe. Feel free to suggest more ideas there in the form of pull requests against [2]. If you think it should be split into categories (perhaps: "implementation improvements", and "exploratory work" or so) then feel free to submit a PR doing that as well. Cheers, Jean-Philippe (a person who started contributing to Qubes as a student) [1]: https://www.qubes-os.org/gsoc/ [2]: https://github.com/QubesOS/qubesos.github.io/blob/master/pages/gsoc.md -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/CABQWM_BFaZxvK%2B8XDLiSGoTPLdCbOQd4f0Lzy-KT1%3Dt0pMygcQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
