On 2020-02-11 17:51, Marek Marczykowski-Górecki wrote: > On Thu, Feb 06, 2020 at 02:53:09PM +0300, Ivan Kardykov wrote: >> Greetings, > >> there is an update of our experimental GVT-g integration with Qubes. > >> Code was slightly improved to get rid of qemu. Vgpu init routine was >> moved to libxl and it works with stubdomain. > > >> https://github.com/tabit-pro/tabit-qubes-repo > > This is really interesting development! > Can you say something more about it? Specifically: > > 1. What a VM have access to really? Full GPU, some context? If a > context, how is it enforced? > > 2. What components are involved in GPU commands processing and how are > they isolated? >
In theory [1] I see that each VM has access to frame and command buffers in system memory. The command buffer reused across VMs with smart shadowing and GVT framework validates graphics memory addresses before they used by the GPU. Access to the privileged resources (GPU Page Table Entries and I/O registers) is handled by xengt module, based on trap-and-emulation. Render context switching is used per vGPU. In practice, security audit is the matter of our further experiments. [1] https://www.usenix.org/system/files/conference/atc14/atc14-paper-tian.pdf > 3. Is it possible to enable it only for some VMs - in a way outside of VM > control? > We made several changes to the existing implementation to use it with qubes via qvm-features (video-model): - Patch to libxl creates vGPU instance via sysfs, during hvm domain execution. - Stubdomain part extends video model to prevent unnecessary initialization of emulated VGA. - Libvirt configuration adapted to parse xengt parameters. --- Regads, IK tabit.pro -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/a2c9b683-171f-6186-9a4c-4e0eca739802%40tabit.pro.
signature.asc
Description: OpenPGP digital signature
