I apologize in advance, I’m going to take this off-topic, into general talk and specific speculation about SR-IOV… bear with me, if interested
I’m not very knowledgeable about SR-IOV, and strictly speaking what you’ve said is correct - one domain can’t share a GPU for display, based on what I’ve read as well
But if I add a pedantic qualifier to what you said, and butcher your words up a little more, I can use it as an excuse to speculate/ask about SR-IOV and reduction of attack surface
GPU can only be used for display purposes by 1 system^H^H^H^H^H^H VM a time
What I’m alluding to is that some GPUs do support sharing the resources of one physical PCI device to many VMs via creation of multiple SR-IOV Virtual Functions
My understanding of VFs is that they’re logical PCI devices, represented with the same PCI BDF, except each with their own BDF function number
I believe VFs are considered effective as security boundaries when configured correctly, which makes them relevant to Qubes.
Aside from facilitating sharing of GPU resources across multiple domains, I’m wondering if there may be security benefits by creating and passing through a VF of a GPU to a single VM rather than the “full” physical PCI device. Maybe that would improve attack surface? Using it only for that purpose, not necessarily sharing it across multiple VMs
The well-known limiting factor of SR-IOV is that the hardware (NIC, GPU, NVME) must explicitly support SR-IOV, and the CPU as well. I have a NIC supporting SR-IOV, but not GPU. And there are only a small few NVME drives supporting it currently
Hopefully someone finds this topic interesting because I’m very far off topic now. And, once more, I’m far from an expert on the topic, so any pros please correct where I have it wrong. And add what you know if you don’t mind
More towards the topic of Qubes, specifically, because VFs appear as their own PCI device, I’m (maybe naively or incorrectly) assuming that if the device and libvirt can do it, Qubes can do it. It may not be straightforward or convenient, but I think it’s doable on Qubes. For sharing GPU compute, NICs and NVME
I’m mainly interested in creating a single VF for my NIC and passing the VF through to sys-net, if it effectively reduces attack surface
Ditto for NVME and GPU, but neither of mine support SR-IOV 
Back to regularly scheduled programming 
Some related posts
Interesting Qubes forum post about NIC VFs
Off-site post about libvirt and SR-IOV (on KVM)
Libvirt docs on SR-IOV networking
… I’m clearly not the first one to discuss SR-IOV on Qubes. I may be the one to have most recently discovered it, though