Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

For the record: Oracle does not consider that the 3D feature should be enabled when the VM is untrusted. It's still classified as experimental and will likely be so for another decade at least.


They don't say anything about untrusted VMs or security in the documentation (https://www.virtualbox.org/manual/topics/guestadditions.html...).


It does say it is experimental. In any case, my remark comes from my discussions with Oracle.


https://news.ycombinator.com/item?id=43067347 :

> Still hoping for SR-IOV in retail GPUs.

> Not sure about vCPU functionality in GPUs

> Process isolation on vCPUs with or without SR-IOV is probably not as advanced as secure enclave approaches

[Which just fell to post-spectre side channels]

>> Is there sufficient process isolation in GPUs?

/? Sr-iov iommu: https://www.google.com/search?q=sr-iov+iommu

Is there branch prediction in GPUs? What about other side channels between insufficiently-isolated GPU processes?

I see that vgpu_unlock no longer works for technical reasons.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: