lxd icon indicating copy to clipboard operation
lxd copied to clipboard
verified publisher icon canonical

Make VM GPU device optional

Open simondeziel opened this issue 1 year ago • 2 comments

The VM GPU device is not always needed and having it enabled comes with additional memory overhead and bigger attack surface. Being able to easily disable it would make it simple to pack more VMs on any given host.

The bigger attack surface is probably due to GPUs being complex beast which lead to hypervisor-escapes in the past (https://census-labs.com/media/straightouttavmware-wp.pdf).

simondeziel avatar Feb 06 '24 16:02 simondeziel

@simondeziel is this a known security issue in QEMU 8.1?

tomponline avatar Feb 21 '24 13:02 tomponline

@tomponline no, this is just to highlight that vGPU comes with additional attack surface and memory usage that'd be nice to make optional.

simondeziel avatar Feb 21 '24 13:02 simondeziel