"Untrusted guest systems should not be allowed to use the 3D acceleration features of Oracle VM VirtualBox, just as untrusted host software should not be allowed to use 3D acceleration. Drivers for 3D hardware are generally too complex to be made properly secure and any software which is allowed to access them may be able to compromise the operating system running them. In addition, enabling 3D acceleration gives the guest direct access to a large body of additional program code in the Oracle VM VirtualBox host process which it might conceivably be able to use to crash the virtual machine."
You could say the Same about non IOMMU CPU virtualization. The problem here is AMD and Nvidias disgusting greed that has held back security by at least a decade. GPU virtualization (vGPU/MxGPU) is supported but only if you pay ridiculous enterprise licensing. This should be a first class feature like VT-d and would enable a usable Qubes desktop and Microsoft's VBS.
elliotkillick|4 years ago
GPU virtualization is a very difficult thing to do securely, I think VirtualBox said it best in their hardware 3D acceleration documentation (https://docs.oracle.com/en/virtualization/virtualbox/6.0/use...):
"Untrusted guest systems should not be allowed to use the 3D acceleration features of Oracle VM VirtualBox, just as untrusted host software should not be allowed to use 3D acceleration. Drivers for 3D hardware are generally too complex to be made properly secure and any software which is allowed to access them may be able to compromise the operating system running them. In addition, enabling 3D acceleration gives the guest direct access to a large body of additional program code in the Oracle VM VirtualBox host process which it might conceivably be able to use to crash the virtual machine."
It's currently a problem yet to be solved.
shadilay|4 years ago
https://en.wikipedia.org/wiki/GPU_virtualization#Mediated_pa...
MS also killed RemoteFX because of security.