Changeset 47786 in vbox

Timestamp:

Aug 16, 2013 8:59:32 AM (12 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

88047

Message:

PGM: Added a new page type for the VT-x APIC access page MMIO alias instead of abusing the MMIO2 aliasing. There are important differences, we can safely access the MMIO2 page when aliased and save time doing so, while the alias created by IOMMMIOMapMMIOHCPage must not be accessed outside the VT-x execution AFAIK.

Location:

trunk/src/VBox/VMM

Files:

• VMMAll/PGMAllHandler.cpp (modified) (7 diffs)
• VMMAll/PGMAllPhys.cpp (modified) (13 diffs)
• VMMR3/FTM.cpp (modified) (1 diff)
• VMMR3/PGM.cpp (modified) (1 diff)
• VMMR3/PGMDbg.cpp (modified) (2 diffs)
• VMMR3/PGMPhys.cpp (modified) (20 diffs)
• VMMR3/PGMSavedState.cpp (modified) (11 diffs)
• include/PGMInternal.h (modified) (7 diffs)
• include/internal/pgm.h (modified) (2 diffs)

trunk/src/VBox/VMM/VMMAll/PGMAllHandler.cpp

@@ -424 +424 @@
 void pgmHandlerPhysicalResetAliasedPage(PVM pVM, PPGMPAGE pPage, RTGCPHYS GCPhysPage, bool fDoAccounting)
 {
-    Assert(PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_MMIO2_ALIAS_MMIO);
+    Assert(   PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_MMIO2_ALIAS_MMIO
+           || PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_SPECIAL_ALIAS_MMIO);
     Assert(PGM_PAGE_GET_HNDL_PHYS_STATE(pPage) == PGM_PAGE_HNDL_PHYS_STATE_DISABLED);
 
@@ -495 +496 @@
         if (RT_SUCCESS(rc))
         {
-            /* Reset MMIO2 for MMIO pages to MMIO, since this aliasing is our business.
+            /* Reset aliased MMIO pages to MMIO, since this aliasing is our business.
                (We don't flip MMIO to RAM though, that's PGMPhys.cpp's job.)  */
-            if (PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_MMIO2_ALIAS_MMIO)
+            if (   PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_MMIO2_ALIAS_MMIO
+                || PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_SPECIAL_ALIAS_MMIO)
             {
                 Assert(pCur->cAliasedPages > 0);
@@ -888 +890 @@
                         while (cLeft-- > 0)
                         {
-                            if (PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_MMIO2_ALIAS_MMIO)
+                            if (   PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_MMIO2_ALIAS_MMIO
+                                || PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_SPECIAL_ALIAS_MMIO)
                             {
                                 Assert(pCur->cAliasedPages > 0);
@@ -1134 +1137 @@
 
 /**
- * Replaces an MMIO page with an arbitrary HC page.
- *
- * This is a worker for IOMMMIOMapMMIO2Page that works in a similar way to
- * PGMHandlerPhysicalPageTempOff but for an MMIO page. Since an MMIO page has no
- * backing, the caller must provide a replacement page. For various reasons the
- * replacement page must be an MMIO2 page.
+ * Replaces an MMIO page with an arbitrary HC page in the shadow page tables.
+ *
+ * This differs from PGMHandlerPhysicalPageAlias in that the page doesn't need
+ * to be a known MMIO2 page and that only shadow paging may access the page.
+ * The latter distinction is important because the only use for this feature is
+ * for mapping the special APIC access page that VT-x uses to detect APIC MMIO
+ * operations, the page is shared between all guest CPUs and actually not
+ * written to. At least at the moment.
  *
  * The caller must do required page table modifications. You can get away
@@ -1147 +1152 @@
  * Call PGMHandlerPhysicalReset() to restore the MMIO page.
  *
- * The caller may still get handler callback even after this call and must be
- * able to deal correctly with such calls. The reason for these callbacks are
- * either that we're executing in the recompiler (which doesn't know about this
- * arrangement) or that we've been restored from saved state (where we won't
- * save the change).
  *
  * @returns VBox status code.
@@ -1194 +1194 @@
             {
                 pgmUnlock(pVM);
-                AssertMsgReturn(PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_MMIO2_ALIAS_MMIO,
+                AssertMsgReturn(PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_SPECIAL_ALIAS_MMIO,
                                 ("GCPhysPage=%RGp %R[pgmpage]\n", GCPhysPage, pPage),
                                 VERR_PGM_PHYS_NOT_MMIO2);
@@ -1203 +1203 @@
             /*
              * Do the actual remapping here.
-             * This page now serves as an alias for the backing memory specified.
+             * This page now serves as an alias for the backing memory
+             * specified as far as shadow paging is concerned.
              */
             LogFlow(("PGMHandlerPhysicalPageAlias: %RGp (%R[pgmpage]) alias for %RHp\n",
                      GCPhysPage, pPage, HCPhysPageRemap));
             PGM_PAGE_SET_HCPHYS(pVM, pPage, HCPhysPageRemap);
-            PGM_PAGE_SET_TYPE(pVM, pPage, PGMPAGETYPE_MMIO2_ALIAS_MMIO);
+            PGM_PAGE_SET_TYPE(pVM, pPage, PGMPAGETYPE_SPECIAL_ALIAS_MMIO);
             PGM_PAGE_SET_STATE(pVM, pPage, PGM_PAGE_STATE_ALLOCATED);
-            /** @todo hack alert
-             *  This needs to be done properly. Currently we get away with it as the recompiler directly calls
-             *  IOM read and write functions. Access through PGMPhysRead/Write will crash the process.
-             */
             PGM_PAGE_SET_PAGEID(pVM, pPage, NIL_GMM_PAGEID);
             PGM_PAGE_SET_HNDL_PHYS_STATE(pPage, PGM_PAGE_HNDL_PHYS_STATE_DISABLED);

trunk/src/VBox/VMM/VMMAll/PGMAllPhys.cpp

@@ -571 +571 @@
     PGM_LOCK_ASSERT_OWNER(pVM);
     AssertMsg(PGM_PAGE_IS_ZERO(pPage) || PGM_PAGE_IS_SHARED(pPage), ("%R[pgmpage] %RGp\n", pPage, GCPhys));
-    Assert(!PGM_PAGE_IS_MMIO(pPage));
+    Assert(!PGM_PAGE_IS_MMIO_OR_ALIAS(pPage));
 
 # ifdef PGM_WITH_LARGE_PAGES
@@ -620 +620 @@
     PGM_LOCK_ASSERT_OWNER(pVM);
     AssertMsg(PGM_PAGE_IS_ZERO(pPage) || PGM_PAGE_IS_SHARED(pPage), ("%R[pgmpage] %RGp\n", pPage, GCPhys));
-    Assert(!PGM_PAGE_IS_MMIO(pPage));
+    Assert(!PGM_PAGE_IS_MMIO_OR_ALIAS(pPage));
 
     uint32_t iHandyPage = --pVM->pgm.s.cHandyPages;
@@ -1028 +1028 @@
 
     /*
-     * Special case: ZERO and MMIO2 pages.
-     */
+     * Special cases: MMIO2, ZERO and specially aliased MMIO pages.
+     */
+    if (   PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_MMIO2
+        || PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_MMIO2_ALIAS_MMIO)
+    {
+        /* Fend off the VT-x APIC access page hack. */
+        AssertLogRelReturn(PGM_PAGE_GET_PAGEID(pPage) == NIL_GMM_PAGEID, VERR_PGM_MAP_MMIO2_ALIAS_MMIO);
+
+        /* Decode the page id to a page in a MMIO2 ram range. */
+        uint8_t  idMmio2 = PGM_MMIO2_PAGEID_GET_MMIO2_ID(PGM_PAGE_GET_PAGEID(pPage));
+        uint32_t iPage   = PGM_MMIO2_PAGEID_GET_IDX(PGM_PAGE_GET_PAGEID(pPage));
+        AssertLogRelReturn((uint8_t)(idMmio2 - 1U)< RT_ELEMENTS(pVM->pgm.s.CTX_SUFF(apMmio2Ranges)),
+                            VERR_PGM_PHYS_PAGE_MAP_MMIO2_IPE);
+        PPGMMMIO2RANGE pMmio2Range = pVM->pgm.s.CTX_SUFF(apMmio2Ranges)[idMmio2 - 1];
+        AssertLogRelReturn(pMmio2Range, VERR_PGM_PHYS_PAGE_MAP_MMIO2_IPE);
+        AssertLogRelReturn(pMmio2Range->idMmio2 == idMmio2, VERR_PGM_PHYS_PAGE_MAP_MMIO2_IPE);
+        AssertLogRelReturn(iPage < (pMmio2Range->RamRange.cb >> PAGE_SHIFT), VERR_PGM_PHYS_PAGE_MAP_MMIO2_IPE);
+        *ppv = (uint8_t *)pMmio2Range->RamRange.pvR3 + ((uintptr_t)iPage << PAGE_SHIFT);
+        *ppMap = NULL;
+        return VINF_SUCCESS;
+    }
+
     const uint32_t idChunk = PGM_PAGE_GET_CHUNKID(pPage);
     if (idChunk == NIL_GMM_CHUNKID)
     {
-        AssertMsgReturn(PGM_PAGE_GET_PAGEID(pPage) == NIL_GMM_PAGEID, ("pPage=%R[pgmpage]\n", pPage), VERR_PGM_PHYS_PAGE_MAP_IPE_1);
-        if (PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_MMIO2)
-        {
-            /* Lookup the MMIO2 range and use pvR3 to calc the address. */
-            PPGMRAMRANGE pRam = pgmPhysGetRange(pVM, GCPhys);
-            AssertMsgReturn(pRam || !pRam->pvR3, ("pRam=%p pPage=%R[pgmpage]\n", pRam, pPage), VERR_PGM_PHYS_PAGE_MAP_IPE_2);
-            *ppv = (void *)((uintptr_t)pRam->pvR3 + (uintptr_t)((GCPhys & ~(RTGCPHYS)PAGE_OFFSET_MASK) - pRam->GCPhys));
-        }
-        else if (PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_MMIO2_ALIAS_MMIO)
-        {
-            /** @todo deal with aliased MMIO2 pages somehow...
-             * One solution would be to seed MMIO2 pages to GMM and get unique Page IDs for
-             * them, that would also avoid this mess. It would actually be kind of
-             * elegant... */
-            AssertLogRelMsgFailedReturn(("%RGp\n", GCPhys), VERR_PGM_MAP_MMIO2_ALIAS_MMIO);
-        }
-        else
-        {
-            /** @todo handle MMIO2 */
-            AssertMsgReturn(PGM_PAGE_IS_ZERO(pPage), ("pPage=%R[pgmpage]\n", pPage), VERR_PGM_PHYS_PAGE_MAP_IPE_3);
-            AssertMsgReturn(PGM_PAGE_GET_HCPHYS(pPage) == pVM->pgm.s.HCPhysZeroPg,
-                            ("pPage=%R[pgmpage]\n", pPage),
+        AssertMsgReturn(PGM_PAGE_GET_PAGEID(pPage) == NIL_GMM_PAGEID, ("pPage=%R[pgmpage]\n", pPage),
+                        VERR_PGM_PHYS_PAGE_MAP_IPE_1);
+        if (!PGM_PAGE_IS_SPECIAL_ALIAS_MMIO(pPage))
+        {
+            AssertMsgReturn(PGM_PAGE_IS_ZERO(pPage), ("pPage=%R[pgmpage]\n", pPage),
+                            VERR_PGM_PHYS_PAGE_MAP_IPE_3);
+            AssertMsgReturn(PGM_PAGE_GET_HCPHYS(pPage)== pVM->pgm.s.HCPhysZeroPg, ("pPage=%R[pgmpage]\n", pPage),
                             VERR_PGM_PHYS_PAGE_MAP_IPE_4);
             *ppv = pVM->pgm.s.CTXALLSUFF(pvZeroPg);
+        }
+        else
+        {
+            static uint8_t s_abPlayItSafe[0x1000*2];  /* I don't dare return the zero page at the moment. */
+            *ppv = (uint8_t *)((uintptr_t)&s_abPlayItSafe[0x1000] & ~(uintptr_t)0xfff);
         }
         *ppMap = NULL;
@@ -1684 +1694 @@
     if (RT_SUCCESS(rc))
     {
-        if (RT_UNLIKELY(PGM_PAGE_IS_MMIO(pPage)))
+        if (RT_UNLIKELY(PGM_PAGE_IS_MMIO_OR_SPECIAL_ALIAS(pPage)))
             rc = VERR_PGM_PHYS_PAGE_RESERVED;
         else
@@ -1716 +1726 @@
         /* MMIO pages doesn't have any readable backing. */
         PPGMPAGE pPage = pTlbe->pPage;
-        if (RT_UNLIKELY(PGM_PAGE_IS_MMIO(pPage)))
+        if (RT_UNLIKELY(PGM_PAGE_IS_MMIO_OR_SPECIAL_ALIAS(pPage)))
             rc = VERR_PGM_PHYS_PAGE_RESERVED;
         else
@@ -2099 +2109 @@
     PPGMPHYSHANDLER pPhys = NULL;
 #endif
-    if (PGM_PAGE_GET_HNDL_PHYS_STATE(pPage) == PGM_PAGE_HNDL_PHYS_STATE_ALL)
+    if (   PGM_PAGE_GET_HNDL_PHYS_STATE(pPage) == PGM_PAGE_HNDL_PHYS_STATE_ALL
+        || PGM_PAGE_IS_MMIO_OR_SPECIAL_ALIAS(pPage))
     {
 #ifdef IN_RING3
@@ -2236 +2247 @@
                  * Any ALL access handlers?
                  */
-                if (RT_UNLIKELY(PGM_PAGE_HAS_ACTIVE_ALL_HANDLERS(pPage)))
+                if (RT_UNLIKELY(   PGM_PAGE_HAS_ACTIVE_ALL_HANDLERS(pPage)
+                                || PGM_PAGE_IS_SPECIAL_ALIAS_MMIO(pPage)))
                 {
                     int rc = pgmPhysReadHandler(pVM, pPage, pRam->GCPhys + off, pvBuf, cb);
@@ -2335 +2347 @@
      * the heavy usage of full page handlers in the page pool.
      */
-    if (    !PGM_PAGE_HAS_ACTIVE_VIRTUAL_HANDLERS(pPage)
-        ||  PGM_PAGE_IS_MMIO(pPage) /* screw virtual handlers on MMIO pages */)
+    if (   !PGM_PAGE_HAS_ACTIVE_VIRTUAL_HANDLERS(pPage)
+        || PGM_PAGE_IS_MMIO_OR_SPECIAL_ALIAS(pPage) /* screw virtual handlers on MMIO pages */)
     {
         PPGMPHYSHANDLER pCur = pgmHandlerPhysicalLookup(pVM, GCPhys);
@@ -2356 +2368 @@
 #else  /* IN_RING3 */
             Log5(("pgmPhysWriteHandler: GCPhys=%RGp cbRange=%#x pPage=%R[pgmpage] phys %s\n", GCPhys, cbRange, pPage, R3STRING(pCur->pszDesc) ));
-            if (!PGM_PAGE_IS_MMIO(pPage))
+            if (!PGM_PAGE_IS_MMIO_OR_SPECIAL_ALIAS(pPage))
                 rc = pgmPhysGCPhys2CCPtrInternal(pVM, pPage, GCPhys, &pvDst, &PgMpLck);
             else
@@ -2404 +2416 @@
         }
         /* else: the handler is somewhere else in the page, deal with it below. */
-        Assert(!PGM_PAGE_IS_MMIO(pPage)); /* MMIO handlers are all PAGE_SIZEed! */
+        Assert(!PGM_PAGE_IS_MMIO_OR_ALIAS(pPage)); /* MMIO handlers are all PAGE_SIZEed! */
     }
     /*
@@ -2771 +2783 @@
                  * Any active WRITE or ALL access handlers?
                  */
-                if (PGM_PAGE_HAS_ACTIVE_HANDLERS(pPage))
+                if (   PGM_PAGE_HAS_ACTIVE_HANDLERS(pPage)
+                    || PGM_PAGE_IS_SPECIAL_ALIAS_MMIO(pPage))
                 {
                     int rc = pgmPhysWriteHandler(pVM, pPage, pRam->GCPhys + off, pvBuf, cb);
@@ -4039 +4052 @@
         if (PGM_PAGE_IS_BALLOONED(pPage))
             rc = VERR_PGM_PHYS_TLB_CATCH_WRITE;
+        else if (PGM_PAGE_IS_SPECIAL_ALIAS_MMIO(pPage))
+            rc = VERR_PGM_PHYS_TLB_CATCH_ALL;
         else if (   !PGM_PAGE_HAS_ANY_HANDLERS(pPage)
                  || (fByPassHandlers && !PGM_PAGE_IS_MMIO(pPage)) )
@@ -4151 +4166 @@
         if (PGM_PAGE_IS_BALLOONED(pPage))
             rc = VERR_PGM_PHYS_TLB_CATCH_WRITE;
+        else if (PGM_PAGE_IS_SPECIAL_ALIAS_MMIO(pPage))
+            rc = VERR_PGM_PHYS_TLB_CATCH_ALL;
         else if (   !PGM_PAGE_HAS_ANY_HANDLERS(pPage)
                  || (fByPassHandlers && !PGM_PAGE_IS_MMIO(pPage)) )

trunk/src/VBox/VMM/VMMR3/FTM.cpp

@@ -717 +717 @@
 
     case PGMPAGETYPE_MMIO2_ALIAS_MMIO:
+    case PGMPAGETYPE_SPECIAL_ALIAS_MMIO:
         AssertFailed();
         break;

trunk/src/VBox/VMM/VMMR3/PGM.cpp

@@ -3952 +3952 @@
                     default:
                         AssertFailed();
+                    case PGMPAGETYPE_MMIO:
                     case PGMPAGETYPE_MMIO2_ALIAS_MMIO:
-                    case PGMPAGETYPE_MMIO:
+                    case PGMPAGETYPE_SPECIAL_ALIAS_MMIO:
                         if (fIncZeroPgs)
                         {

trunk/src/VBox/VMM/VMMR3/PGMDbg.cpp

@@ -661 +661 @@
                 if (   (   !PGM_PAGE_IS_ZERO(pPage)
                         || fAllZero)
-                    && !PGM_PAGE_IS_MMIO(pPage)
-                    && PGM_PAGE_GET_TYPE(pPage) != PGMPAGETYPE_MMIO2_ALIAS_MMIO
+                    && !PGM_PAGE_IS_MMIO_OR_ALIAS(pPage)
                     && !PGM_PAGE_IS_BALLOONED(pPage))
                 {
@@ -807 +806 @@
                 && (   !PGM_PAGE_IS_ZERO(pPage)
                     || fAllZero)
-                && !PGM_PAGE_IS_MMIO(pPage)
-                && PGM_PAGE_GET_TYPE(pPage) != PGMPAGETYPE_MMIO2_ALIAS_MMIO
+                && !PGM_PAGE_IS_MMIO_OR_ALIAS(pPage)
                 && !PGM_PAGE_IS_BALLOONED(pPage))
             {

trunk/src/VBox/VMM/VMMR3/PGMPhys.cpp

@@ -144 +144 @@
                  * delegate the job to EMT.
                  */
-                if (PGM_PAGE_HAS_ACTIVE_ALL_HANDLERS(pPage))
+                if (   PGM_PAGE_HAS_ACTIVE_ALL_HANDLERS(pPage)
+                    || PGM_PAGE_IS_SPECIAL_ALIAS_MMIO(pPage))
                 {
                     pgmUnlock(pVM);
@@ -151 +152 @@
                                                    pVM, &GCPhys, pvBuf, cbRead);
                 }
-                Assert(!PGM_PAGE_IS_MMIO(pPage));
+                Assert(!PGM_PAGE_IS_MMIO_OR_SPECIAL_ALIAS(pPage));
 
                 /*
@@ -282 +283 @@
                  */
                 if (    PGM_PAGE_HAS_ACTIVE_HANDLERS(pPage)
-                    ||  PGM_PAGE_GET_STATE(pPage) != PGM_PAGE_STATE_ALLOCATED)
+                    ||  PGM_PAGE_GET_STATE(pPage) != PGM_PAGE_STATE_ALLOCATED
+                    ||  PGM_PAGE_IS_SPECIAL_ALIAS_MMIO(pPage))
                 {
                     if (    PGM_PAGE_GET_STATE(pPage) == PGM_PAGE_STATE_WRITE_MONITORED
@@ -295 +297 @@
                     }
                 }
-                Assert(!PGM_PAGE_IS_MMIO(pPage));
+                Assert(!PGM_PAGE_IS_MMIO_OR_SPECIAL_ALIAS(pPage));
 
                 /*
@@ -378 +380 @@
         AssertFatalRC(rc2);
         PPGMPAGE pPage = pTlbe->pPage;
-        if (PGM_PAGE_IS_MMIO(pPage))
+        if (PGM_PAGE_IS_MMIO_OR_SPECIAL_ALIAS(pPage))
         {
             PGMPhysReleasePageMappingLock(pVM, pLock);
@@ -449 +451 @@
     {
         PPGMPAGE pPage = pTlbe->pPage;
-        if (PGM_PAGE_IS_MMIO(pPage))
+        if (PGM_PAGE_IS_MMIO_OR_SPECIAL_ALIAS(pPage))
             rc = VERR_PGM_PHYS_PAGE_RESERVED;
         else
@@ -552 +554 @@
 #if 1
         /* MMIO pages doesn't have any readable backing. */
-        if (PGM_PAGE_IS_MMIO(pPage))
+        if (PGM_PAGE_IS_MMIO_OR_SPECIAL_ALIAS(pPage))
             rc = VERR_PGM_PHYS_PAGE_RESERVED;
 #else
@@ -1979 +1981 @@
 
                     case PGMPAGETYPE_MMIO2_ALIAS_MMIO:
+                    case PGMPAGETYPE_SPECIAL_ALIAS_MMIO: /** @todo perhaps leave the special page alone?  I don't think VT-x copes with this code. */
                         pgmHandlerPhysicalResetAliasedPage(pVM, pPage, pRam->GCPhys + ((RTGCPHYS)iPage << PAGE_SHIFT),
                                                            true /*fDoAccounting*/);
@@ -2032 +2035 @@
 
                     case PGMPAGETYPE_MMIO2_ALIAS_MMIO:
+                    case PGMPAGETYPE_SPECIAL_ALIAS_MMIO: /** @todo perhaps leave the special page alone?  I don't think VT-x copes with this code. */
                         pgmHandlerPhysicalResetAliasedPage(pVM, pPage, pRam->GCPhys + ((RTGCPHYS)iPage << PAGE_SHIFT),
                                                            true /*fDoAccounting*/);
@@ -2127 +2131 @@
 
                 case PGMPAGETYPE_MMIO2_ALIAS_MMIO:
+                case PGMPAGETYPE_SPECIAL_ALIAS_MMIO:
                 case PGMPAGETYPE_MMIO2:
                 case PGMPAGETYPE_ROM_SHADOW: /* handled by pgmR3PhysRomReset. */
@@ -2149 +2154 @@
     return VINF_SUCCESS;
 }
+
 
 /**
@@ -2363 +2369 @@
                 {
                     PPGMPAGE    pPage    = &pRam->aPages[iPage];
-                    if (    PGM_PAGE_GET_TYPE(pPage) != PGMPAGETYPE_MMIO
+                    if (   !PGM_PAGE_IS_MMIO_OR_ALIAS(pPage)
                         /*|| not-out-of-action later */)
                     {
                         fAllMMIO = false;
-                        Assert(PGM_PAGE_GET_TYPE(pPage) != PGMPAGETYPE_MMIO2_ALIAS_MMIO);
                         AssertMsgFailed(("%RGp %R[pgmpage]\n", pRam->GCPhys + ((RTGCPHYS)iPage << PAGE_SHIFT), pPage));
                         break;
                     }
-                    Assert(PGM_PAGE_IS_ZERO(pPage));
+                    Assert(   PGM_PAGE_IS_ZERO(pPage)
+                           || PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_MMIO2_ALIAS_MMIO
+                           || PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_SPECIAL_ALIAS_MMIO);
                     pPage++;
                 }
@@ -2409 +2416 @@
                 {
                     PPGMPAGE pPage = &pRam->aPages[iPage];
-                    AssertMsg(PGM_PAGE_IS_MMIO(pPage), ("%RGp %R[pgmpage]\n", pRam->GCPhys + ((RTGCPHYS)iPage << PAGE_SHIFT), pPage));
-                    AssertMsg(PGM_PAGE_IS_ZERO(pPage), ("%RGp %R[pgmpage]\n", pRam->GCPhys + ((RTGCPHYS)iPage << PAGE_SHIFT), pPage));
-                    if (PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_MMIO)
+                    AssertMsg(   (PGM_PAGE_IS_MMIO(pPage) && PGM_PAGE_IS_ZERO(pPage))
+                              || PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_MMIO2_ALIAS_MMIO
+                              || PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_SPECIAL_ALIAS_MMIO,
+                              ("%RGp %R[pgmpage]\n", pRam->GCPhys + ((RTGCPHYS)iPage << PAGE_SHIFT), pPage));
+                    if (PGM_PAGE_IS_MMIO_OR_ALIAS(pPage))
                         PGM_PAGE_SET_TYPE(pVM, pPage, PGMPAGETYPE_RAM);
                 }
@@ -2488 +2497 @@
  * @param   pszDesc         The description.
  */
-VMMR3DECL(int) PGMR3PhysMMIO2Register(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS cb, uint32_t fFlags, void **ppv, const char *pszDesc)
+VMMR3DECL(int) PGMR3PhysMMIO2Register(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS cb, uint32_t fFlags,
+                                      void **ppv, const char *pszDesc)
 {
     /*
@@ -2506 +2516 @@
     const uint32_t cPages = cb >> PAGE_SHIFT;
     AssertLogRelReturn(((RTGCPHYS)cPages << PAGE_SHIFT) == cb, VERR_INVALID_PARAMETER);
-    AssertLogRelReturn(cPages <= INT32_MAX / 2, VERR_NO_MEMORY);
+    AssertLogRelReturn(cPages <= PGM_MMIO2_MAX_PAGE_COUNT, VERR_NO_MEMORY);
 
     /*
@@ -2517 +2527 @@
             return VERR_NO_MEMORY;
     }
+
+    /*
+     * Allocate an MMIO2 range ID (not freed on failure).
+     * The zero ID is not used as it could be confused with NIL_GMM_PAGEID.
+     */
+    pgmLock(pVM);
+    uint8_t idMmio2 = pVM->pgm.s.cMmio2Regions + 1;
+    if (idMmio2 > PGM_MMIO2_MAX_RANGES)
+    {
+        pgmUnlock(pVM);
+        AssertLogRelFailedReturn(VERR_PGM_TOO_MANY_MMIO2_RANGES);
+    }
+    pVM->pgm.s.cMmio2Regions = idMmio2;
+    pgmUnlock(pVM);
 
     /*
@@ -2549 +2573 @@
                 pNew->iRegion               = iRegion;
                 pNew->idSavedState          = UINT8_MAX;
+                pNew->idMmio2               = idMmio2;
                 pNew->RamRange.pSelfR0      = MMHyperCCToR0(pVM, &pNew->RamRange);
                 pNew->RamRange.pSelfRC      = MMHyperCCToRC(pVM, &pNew->RamRange);
@@ -2563 +2588 @@
                 {
                     PGM_PAGE_INIT(&pNew->RamRange.aPages[iPage],
-                                  paPages[iPage].Phys, NIL_GMM_PAGEID,
+                                  paPages[iPage].Phys,
+                                  PGM_MMIO2_PAGEID_MAKE(idMmio2, iPage),
                                   PGMPAGETYPE_MMIO2, PGM_PAGE_STATE_ALLOCATED);
                 }
@@ -2575 +2601 @@
                  * Since there is no particular order, just push it.
                  */
+                /** @todo we can save us the linked list now, just search the lookup table... */
                 pgmLock(pVM);
+                Assert(pVM->pgm.s.apMmio2RangesR3[idMmio2] == NULL);
+                Assert(pVM->pgm.s.apMmio2RangesR0[idMmio2] == NIL_RTR0PTR);
                 pNew->pNextR3 = pVM->pgm.s.pMmio2RangesR3;
                 pVM->pgm.s.pMmio2RangesR3 = pNew;
+                pVM->pgm.s.apMmio2RangesR3[idMmio2] = pNew;
+                pVM->pgm.s.apMmio2RangesR0[idMmio2] = MMHyperCCToR0(pVM, pNew);
                 pgmUnlock(pVM);
 
@@ -2650 +2681 @@
                 pVM->pgm.s.pMmio2RangesR3 = pNext;
             pCur->pNextR3 = NULL;
+
+            uint8_t idMmio2 = pCur->idMmio2;
+            Assert(pVM->pgm.s.apMmio2RangesR3[idMmio2] == pCur);
+            pVM->pgm.s.apMmio2RangesR3[idMmio2] = NULL;
+            pVM->pgm.s.apMmio2RangesR0[idMmio2] = NIL_RTR0PTR;
 
             /*

trunk/src/VBox/VMM/VMMR3/PGMSavedState.cpp

@@ -103 +103 @@
 /** The CRC-32 for a zero half page. */
 #define PGM_STATE_CRC32_ZERO_HALF_PAGE  UINT32_C(0xf1e8ba9e)
+
+
+
+/** @name Old Page types used in older saved states.
+ * @{  */
+/** Old saved state: The usual invalid zero entry. */
+#define PGMPAGETYPE_OLD_INVALID             0
+/** Old saved state: RAM page. (RWX) */
+#define PGMPAGETYPE_OLD_RAM                 1
+/** Old saved state: MMIO2 page. (RWX) */
+#define PGMPAGETYPE_OLD_MMIO2               1
+/** Old saved state: MMIO2 page aliased over an MMIO page. (RWX)
+ * See PGMHandlerPhysicalPageAlias(). */
+#define PGMPAGETYPE_OLD_MMIO2_ALIAS_MMIO    2
+/** Old saved state: Shadowed ROM. (RWX) */
+#define PGMPAGETYPE_OLD_ROM_SHADOW          3
+/** Old saved state: ROM page. (R-X) */
+#define PGMPAGETYPE_OLD_ROM                 4
+/** Old saved state: MMIO page. (---) */
+#define PGMPAGETYPE_OLD_MMIO                5
+/** @}  */
 
 
@@ -1156 +1177 @@
 
                         case PGMPAGETYPE_MMIO:
+                        case PGMPAGETYPE_SPECIAL_ALIAS_MMIO:
                             paLSPages[iPage].fZero   = 0;
                             paLSPages[iPage].fShared = 0;
@@ -2172 +2194 @@
 
 /**
+ * Compares a page with an old save type value.
+ *
+ * @returns true if equal, false if not.
+ * @param   pPage           The page to compare.
+ * @param   uOldType        The old type value from the saved state.
+ */
+DECLINLINE(bool) pgmR3CompareNewAndOldPageTypes(PPGMPAGE pPage, uint8_t uOldType)
+{
+    uint8_t uOldPageType;
+    switch (PGM_PAGE_GET_TYPE(pPage))
+    {
+        case PGMPAGETYPE_INVALID:               uOldPageType = PGMPAGETYPE_OLD_INVALID; break;
+        case PGMPAGETYPE_RAM:                   uOldPageType = PGMPAGETYPE_OLD_RAM; break;
+        case PGMPAGETYPE_MMIO2:                 uOldPageType = PGMPAGETYPE_OLD_MMIO2; break;
+        case PGMPAGETYPE_MMIO2_ALIAS_MMIO:      uOldPageType = PGMPAGETYPE_OLD_MMIO2_ALIAS_MMIO; break;
+        case PGMPAGETYPE_ROM_SHADOW:            uOldPageType = PGMPAGETYPE_OLD_ROM_SHADOW; break;
+        case PGMPAGETYPE_ROM:                   uOldPageType = PGMPAGETYPE_OLD_ROM; break;
+        case PGMPAGETYPE_SPECIAL_ALIAS_MMIO:    /* fall thru */
+        case PGMPAGETYPE_MMIO:                  uOldPageType = PGMPAGETYPE_OLD_MMIO; break;
+        default:
+            AssertFailed();
+            uOldPageType = PGMPAGETYPE_OLD_INVALID;
+            break;
+    }
+    return uOldPageType == uOldType;
+}
+
+
+/**
  * Loads a page without any bits in the saved state, i.e. making sure it's
  * really zero.
@@ -2177 +2228 @@
  * @returns VBox status code.
  * @param   pVM             Pointer to the VM.
- * @param   uType           The page type or PGMPAGETYPE_INVALID (old saved
+ * @param   uOldType        The page type or PGMPAGETYPE_OLD_INVALID (old saved
  *                          state).
  * @param   pPage           The guest page tracking structure.
@@ -2183 +2234 @@
  * @param   pRam            The ram range (logging).
  */
-static int pgmR3LoadPageZeroOld(PVM pVM, uint8_t uType, PPGMPAGE pPage, RTGCPHYS GCPhys, PPGMRAMRANGE pRam)
-{
-    if (    PGM_PAGE_GET_TYPE(pPage) != uType
-        &&  uType != PGMPAGETYPE_INVALID)
+static int pgmR3LoadPageZeroOld(PVM pVM, uint8_t uOldType, PPGMPAGE pPage, RTGCPHYS GCPhys, PPGMRAMRANGE pRam)
+{
+    if (   uOldType != PGMPAGETYPE_OLD_INVALID
+        && !pgmR3CompareNewAndOldPageTypes(pPage, uOldType))
         return VERR_SSM_UNEXPECTED_DATA;
 
@@ -2207 +2258 @@
  * @param   pVM             Pointer to the VM.
  * @param   pSSM            The SSM handle.
- * @param   uType           The page type or PGMPAGETYEP_INVALID (old saved
+ * @param   uOldType        The page type or PGMPAGETYPE_OLD_INVALID (old saved
  *                          state).
  * @param   pPage           The guest page tracking structure.
@@ -2213 +2264 @@
  * @param   pRam            The ram range (logging).
  */
-static int pgmR3LoadPageBitsOld(PVM pVM, PSSMHANDLE pSSM, uint8_t uType, PPGMPAGE pPage, RTGCPHYS GCPhys, PPGMRAMRANGE pRam)
+static int pgmR3LoadPageBitsOld(PVM pVM, PSSMHANDLE pSSM, uint8_t uOldType, PPGMPAGE pPage, RTGCPHYS GCPhys, PPGMRAMRANGE pRam)
 {
     /*
      * Match up the type, dealing with MMIO2 aliases (dropped).
      */
-    AssertLogRelMsgReturn(   PGM_PAGE_GET_TYPE(pPage) == uType
-                          || uType == PGMPAGETYPE_INVALID
+    AssertLogRelMsgReturn(   uOldType == PGMPAGETYPE_INVALID
+                          || pgmR3CompareNewAndOldPageTypes(pPage, uOldType)
                           /* kudge for the expanded PXE bios (r67885) - @bugref{5687}: */
-                          || (   uType == PGMPAGETYPE_RAM
+                          || (   uOldType == PGMPAGETYPE_OLD_RAM
                               && GCPhys >= 0xed000
                               && GCPhys <= 0xeffff
@@ -2251 +2302 @@
  * @param   pVM             Pointer to the VM.
  * @param   pSSM            The SSM handle.
- * @param   uType           The page type.
+ * @param   uOldType        The page type.
  * @param   pPage           The page.
  * @param   GCPhys          The page address.
  * @param   pRam            The RAM range (for error messages).
  */
-static int pgmR3LoadPageOld(PVM pVM, PSSMHANDLE pSSM, uint8_t uType, PPGMPAGE pPage, RTGCPHYS GCPhys, PPGMRAMRANGE pRam)
+static int pgmR3LoadPageOld(PVM pVM, PSSMHANDLE pSSM, uint8_t uOldType, PPGMPAGE pPage, RTGCPHYS GCPhys, PPGMRAMRANGE pRam)
 {
     uint8_t uState;
@@ -2262 +2313 @@
     AssertLogRelMsgRCReturn(rc, ("pPage=%R[pgmpage] GCPhys=%#x %s rc=%Rrc\n", pPage, GCPhys, pRam->pszDesc, rc), rc);
     if (uState == 0 /* zero */)
-        rc = pgmR3LoadPageZeroOld(pVM, uType, pPage, GCPhys, pRam);
+        rc = pgmR3LoadPageZeroOld(pVM, uOldType, pPage, GCPhys, pRam);
     else if (uState == 1)
-        rc = pgmR3LoadPageBitsOld(pVM, pSSM, uType, pPage, GCPhys, pRam);
+        rc = pgmR3LoadPageBitsOld(pVM, pSSM, uOldType, pPage, GCPhys, pRam);
     else
         rc = VERR_PGM_INVALID_SAVED_PAGE_STATE;
-    AssertLogRelMsgRCReturn(rc, ("pPage=%R[pgmpage] uState=%d uType=%d GCPhys=%RGp %s rc=%Rrc\n",
-                                 pPage, uState, uType, GCPhys, pRam->pszDesc, rc),
+    AssertLogRelMsgRCReturn(rc, ("pPage=%R[pgmpage] uState=%d uOldType=%d GCPhys=%RGp %s rc=%Rrc\n",
+                                 pPage, uState, uOldType, GCPhys, pRam->pszDesc, rc),
                             rc);
     return VINF_SUCCESS;
@@ -2440 +2491 @@
                 RTGCPHYS const  GCPhysPage = ((RTGCPHYS)iPage << PAGE_SHIFT) + pRam->GCPhys;
                 PPGMPAGE        pPage      = &pRam->aPages[iPage];
-                uint8_t         uType;
-                rc = SSMR3GetU8(pSSM, &uType);
+                uint8_t         uOldType;
+                rc = SSMR3GetU8(pSSM, &uOldType);
                 AssertLogRelMsgRCReturn(rc, ("pPage=%R[pgmpage] iPage=%#x GCPhysPage=%#x %s\n", pPage, iPage, GCPhysPage, pRam->pszDesc), rc);
-                if (uType == PGMPAGETYPE_ROM_SHADOW)
+                if (uOldType == PGMPAGETYPE_OLD_ROM_SHADOW)
                     rc = pgmR3LoadShadowedRomPageOld(pVM, pSSM, pPage, GCPhysPage, pRam);
                 else
-                    rc = pgmR3LoadPageOld(pVM, pSSM, uType, pPage, GCPhysPage, pRam);
+                    rc = pgmR3LoadPageOld(pVM, pSSM, uOldType, pPage, GCPhysPage, pRam);
                 AssertLogRelMsgRCReturn(rc, ("rc=%Rrc iPage=%#x GCPhysPage=%#x %s\n", rc, iPage, GCPhysPage, pRam->pszDesc), rc);
             }
@@ -2494 +2545 @@
                         if (fPresent)
                         {
-                            if (PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_MMIO)
+                            if (   PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_MMIO
+                                || PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_SPECIAL_ALIAS_MMIO)
                                 rc = pgmR3LoadPageToDevNullOld(pSSM);
                             else

trunk/src/VBox/VMM/include/PGMInternal.h

@@ -731 +731 @@
         uint64_t    u10PteIdx           : 10;
 
-        /** The GMM page ID. */
+        /** The GMM page ID.
+         * @remarks In the current implementation, MMIO2 and pages aliased to
+         *          MMIO2 pages will be exploiting this field to calculate the
+         *          ring-3 mapping address corresponding to the page.
+         *          Later we may consider including MMIO2 management into GMM. */
         uint32_t    idPage;
         /** Usage tracking (page pool). */
@@ -962 +966 @@
 
 /**
- * Checks if the page is marked for MMIO.
+ * Checks if the page is marked for MMIO, no MMIO2 aliasing.
  * @returns true/false.
  * @param   a_pPage     Pointer to the physical guest page tracking structure.
  */
 #define PGM_PAGE_IS_MMIO(a_pPage)               ( (a_pPage)->s.uTypeY == PGMPAGETYPE_MMIO )
+
+/**
+ * Checks if the page is marked for MMIO, including both aliases.
+ * @returns true/false.
+ * @param   a_pPage     Pointer to the physical guest page tracking structure.
+ */
+#define PGM_PAGE_IS_MMIO_OR_ALIAS(a_pPage)      (   (a_pPage)->s.uTypeY == PGMPAGETYPE_MMIO \
+                                                 || (a_pPage)->s.uTypeY == PGMPAGETYPE_MMIO2_ALIAS_MMIO \
+                                                 || (a_pPage)->s.uTypeY == PGMPAGETYPE_SPECIAL_ALIAS_MMIO \
+                                                 )
+
+/**
+ * Checks if the page is marked for MMIO, including special aliases.
+ * @returns true/false.
+ * @param   a_pPage     Pointer to the physical guest page tracking structure.
+ */
+#define PGM_PAGE_IS_MMIO_OR_SPECIAL_ALIAS(a_pPage) (   (a_pPage)->s.uTypeY == PGMPAGETYPE_MMIO \
+                                                    || (a_pPage)->s.uTypeY == PGMPAGETYPE_SPECIAL_ALIAS_MMIO )
+
+/**
+ * Checks if the page is a special aliased MMIO page.
+ * @returns true/false.
+ * @param   a_pPage     Pointer to the physical guest page tracking structure.
+ */
+#define PGM_PAGE_IS_SPECIAL_ALIAS_MMIO(a_pPage) ( (a_pPage)->s.uTypeY == PGMPAGETYPE_SPECIAL_ALIAS_MMIO )
 
 /**
@@ -1585 +1614 @@
     /** The saved state range ID. */
     uint8_t                             idSavedState;
+    /** MMIO2 range identifier, for page IDs (PGMPAGE::s.idPage). */
+    uint8_t                             idMmio2;
     /** Alignment padding for putting the ram range on a PGMPAGE alignment boundary. */
-    uint8_t                             abAlignment[HC_ARCH_BITS == 32 ? 12 : 12];
+    uint8_t                             abAlignment[HC_ARCH_BITS == 32 ? 11 : 11];
     /** Live save per page tracking data. */
     R3PTRTYPE(PPGMLIVESAVEMMIO2PAGE)    paLSPages;
@@ -1595 +1626 @@
 typedef PGMMMIO2RANGE *PPGMMMIO2RANGE;
 
+/** @name Intenal MMIO2 constants.
+ * @{ */
+/** The maximum number of MMIO2 ranges. */
+#define PGM_MMIO2_MAX_RANGES                        8
+/** The maximum number of pages in a MMIO2 range. */
+#define PGM_MMIO2_MAX_PAGE_COUNT                    UINT32_C(0x00ffffff)
+/** Makes a MMIO2 page ID out of a MMIO2 range ID and page index number. */
+#define PGM_MMIO2_PAGEID_MAKE(a_idMmio2, a_iPage)   ( ((uint32_t)(a_idMmio2) << 24) | (uint32_t)(a_iPage) )
+/** Gets the MMIO2 range ID from an MMIO2 page ID.  */
+#define PGM_MMIO2_PAGEID_GET_MMIO2_ID(a_idPage)     ( (uint8_t)((a_idPage) >> 24) )
+/** Gets the MMIO2 page index from an MMIO2 page ID.  */
+#define PGM_MMIO2_PAGEID_GET_IDX(a_idPage)          ( ((a_idPage) & UINT32_C(0x00ffffff)) )
+/** @} */
 
 
@@ -3087 +3131 @@
     /** Set if PCI passthrough is enabled. */
     bool                            fPciPassthrough;
+    /** The number of MMIO2 regions (serves as the next MMIO2 ID). */
+    uint8_t                         cMmio2Regions;
     /** Alignment padding that makes the next member start on a 8 byte boundary. */
-    bool                            afAlignment1[3];
+    bool                            afAlignment1[2];
 
     /** Indicates that PGMR3FinalizeMappings has been called and that further
@@ -3144 +3190 @@
     R3PTRTYPE(PPGMMODEDATA)         paModeData;
     RTR3PTR                         R3PtrAlignment0;
+    /** MMIO2 lookup array for ring-3.  Indexed by idMmio2 minus 1.  */
+    R3PTRTYPE(PPGMMMIO2RANGE)       apMmio2RangesR3[PGM_MMIO2_MAX_RANGES];
 
     /** RAM range TLB for R0. */
@@ -3163 +3211 @@
     R0PTRTYPE(PPGMROMRANGE)         pRomRangesR0;
     RTR0PTR                         R0PtrAlignment0;
-
+    /** MMIO2 lookup array for ring-3.  Indexed by idMmio2 minus 1.  */
+    R0PTRTYPE(PPGMMMIO2RANGE)       apMmio2RangesR0[PGM_MMIO2_MAX_RANGES];
 
     /** RAM range TLB for RC. */

trunk/src/VBox/VMM/include/internal/pgm.h

@@ -46 +46 @@
      * See PGMHandlerPhysicalPageAlias(). */
     PGMPAGETYPE_MMIO2_ALIAS_MMIO,
+    /** Special page aliased over an MMIO page. (RWX)
+     * See PGMHandlerPhysicalPageAliasHC(), but this is generally only used for
+     * VT-x's APIC access page at the moment.  Treated as MMIO by everyone except
+     * the shadow paging code. */
+    PGMPAGETYPE_SPECIAL_ALIAS_MMIO,
     /** Shadowed ROM. (RWX) */
     PGMPAGETYPE_ROM_SHADOW,
@@ -55 +60 @@
     PGMPAGETYPE_END
 } PGMPAGETYPE;
-AssertCompile(PGMPAGETYPE_END <= 7);
+AssertCompile(PGMPAGETYPE_END == 8);
 
 VMMDECL(PGMPAGETYPE) PGMPhysGetPageType(PVM pVM, RTGCPHYS GCPhys);