
Sugar: Secure GPU Acceleration in Web Browsers [pdf] - lainon
https://www.ics.uci.edu/~ardalan/papers/Yao_ASPLOS18.pdf
======
monocasa
Given that GPUs already have full MMUs without going all the way to
virtualization, I guess I don't see what virtualization is doing here
intrinsically with the nested MMU context. Particularly for open source
drivers like Intel's that they're using, we should just fix the bugs that are
allowing you to map other process's vram. Virtualization still needs to
communicate to the compositor overt IPC, so you end up with the same attack
surface either way. It's like fixing Win95's half assed process isolation with
virtualization rather than just having a cleaner process model.

Like, I'm sure they fixed the bugs they were looking at, but virtualization
isn't magical security juice you can sprinkle over stuff. In fact it increases
your attack surface in a lot of ways.

~~~
stuntkite
Not really the point of the paper's pitch, but I work for a company that does
cloud GPU stuff. Currently, we have no safe way to share GPUs and over-
provision them in the cloud in a cluster deploy. So we have one GPU per
kubernetes pod. There are all sorts of problems with that. The idea of vGPUs
is very exciting to me. I would like to test this out.

~~~
srcmap
[https://www.youtube.com/watch?v=_CQmomyOiRM](https://www.youtube.com/watch?v=_CQmomyOiRM)

This seems to claims vGPU works with NVidia Grid.

The real issue you're facing is with over-provision them?

~~~
stuntkite
Yeah, it's industry wide. We work directly with nvidia. They use our product.
I thought the paper was interesting, definitely not a magic bullet for the
problem. You used to be able to over provision with kubernetes 1.8 and before,
but they fixed that useful bug for good reasons. I expect we'll have an
official solution in Q1 next year, but I'm always on the look out to explore
related implementations.

------
tokyodude
This is very cool.

That said, unless I'm missing something the claim of solving bug issues was
kind of BS. I looked through more than half of the chrome bugs and most of
them were actual bugs in chrome or angle that had absolutely nothing GPU
specific about them.

In other words they could (and do) happen with all code as in

    
    
        const void* p = malloc(10);
        memset(p, 0, 11);  // oops
    

Nothing GPU specific about that code and nothing as far as I can tell that
sugar will prevent (as in sugar could have exactly the same types of bugs).

Still, they claim to be getting great perf and less code so all of that is a
win.

