On Wed, Sep 28, 2022 at 05:01:26PM +0000, Alyssa Ross wrote:
> The virtio-bindings changes update the bindings for recent kernels,
> and the vhost change is cherry-picked from crosvm's fork of the crate
> to add support for their custom extensions.
>
> Signed-off-by: Alyssa Ross <alyssa.ross@unikie.com>

Known issue: cloud-hypervisor with a GPU device doesn't work if the
seccomp sandbox is enabled.  Workaround is --seccomp log, or the
following additional diff, which I'll include in the next version of
this series when I submit it:

diff --git c/virtio-devices/src/seccomp_filters.rs w/virtio-devices/src/seccomp_filters.rs
index 45a27750..a1ec89d8 100644
--- c/virtio-devices/src/seccomp_filters.rs
+++ w/virtio-devices/src/seccomp_filters.rs
@@ -170,7 +170,11 @@ fn virtio_vhost_fs_thread_rules() -> Vec<(i64, Vec<SeccompRule>)> {
 }
 
 fn virtio_vhost_gpu_thread_rules() -> Vec<(i64, Vec<SeccompRule>)> {
-    vec![(libc::SYS_getcwd, vec![])]
+    vec![
+        (libc::SYS_getcwd, vec![]),
+        (libc::SYS_recvmsg, vec![]),
+        (libc::SYS_sendmsg, vec![]),
+    ]
 }
 
 fn virtio_vhost_net_ctl_thread_rules() -> Vec<(i64, Vec<SeccompRule>)> {