Abstract
Recently, the use of GPU-intensive applications such as machine learning is increasing in the cloud virtual machine environment. To mitigate high virtualization overhead from GPU devices emulation, PCI pass-through technologies are introduced, which allows of direct access to physical device from the guest OS. QEMU, a virtual machine monitor, implements multiple PCI pass-through methods, and VFIO is one of popular options for virtual GPU devices. Although VFIO with PCI pass-through virtualization provides efficient GPU performance on the guest OS, there is a concern for the device isolation between the virtual machine boundary. If an attacker in the host OS can access the GPU used by the virtual machine, the attacker can compromise the integrity and confidentiality of the virtual machine. In this paper, we analyze and demonstrate the vulnerability in the current GPU pass-through devices, which can breach the user data in the GPU's VRAM, and compromise the guest PCI configuration.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
