x86: vtd: Check for pending faults after reprogramming the reporting CPU

There is a risk of reporting a fault event late when racing with with
reprogamming steps, or even missing it completely.

Reported-by: Valentine Sinitsyn <valentine.sinitsyn@gmail.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>

diff --git a/hypervisor/arch/x86/vtd.c b/hypervisor/arch/x86/vtd.c
index 8b533a78c52d36fb4495943c4ad0aab920f0f96f..8c95c2fcfb0168b17ff2df6bc2c6539b410cf423 100644 (file)
--- a/hypervisor/arch/x86/vtd.c
+++ b/hypervisor/arch/x86/vtd.c
@@ -194,6 +194,15 @@ static void vtd_init_fault_nmi(void)
                /* Unmask events */
                mmio_write32_field(reg_base + VTD_FECTL_REG, VTD_FECTL_IM, 0);
        }
+
+       /*
+        * There is a race window between setting the new reporting CPU ID and
+        * updating the target programming in the register. If a fault hits us
+        * in this window and no other NMIs arrive after that, the event will
+        * not be reported. Address this by triggering an NMI on the new
+        * reporting CPU.
+        */
+       apic_send_nmi_ipi(cpu_data);
 }
 
 static void *vtd_get_fault_rec_reg_addr(void *reg_base)