VirtualBox

source: vbox/trunk/src/VBox/VMM/PGMPhys.cpp@ 31895

Last change on this file since 31895 was 31895, checked in by vboxsync, 15 years ago

FT updates
  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
File size: 146.3 KB
Line 
1/* $Id: PGMPhys.cpp 31895 2010-08-24 09:00:14Z vboxsync $ */
2/** @file
3 * PGM - Page Manager and Monitor, Physical Memory Addressing.
4 */
5
6/*
7 * Copyright (C) 2006-2007 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18
19/*******************************************************************************
20* Header Files *
21*******************************************************************************/
22#define LOG_GROUP LOG_GROUP_PGM_PHYS
23#include <VBox/pgm.h>
24#include <VBox/iom.h>
25#include <VBox/mm.h>
26#include <VBox/stam.h>
27#include <VBox/rem.h>
28#include <VBox/pdmdev.h>
29#include "PGMInternal.h"
30#include <VBox/vm.h>
31#include "PGMInline.h"
32#include <VBox/sup.h>
33#include <VBox/param.h>
34#include <VBox/err.h>
35#include <VBox/log.h>
36#include <iprt/assert.h>
37#include <iprt/alloc.h>
38#include <iprt/asm.h>
39#include <iprt/thread.h>
40#include <iprt/string.h>
41
42
43/*******************************************************************************
44* Defined Constants And Macros *
45*******************************************************************************/
46/** The number of pages to free in one batch. */
47#define PGMPHYS_FREE_PAGE_BATCH_SIZE 128
48
49
50/*******************************************************************************
51* Internal Functions *
52*******************************************************************************/
53static DECLCALLBACK(int) pgmR3PhysRomWriteHandler(PVM pVM, RTGCPHYS GCPhys, void *pvPhys, void *pvBuf, size_t cbBuf, PGMACCESSTYPE enmAccessType, void *pvUser);
54
55
56/*
57 * PGMR3PhysReadU8-64
58 * PGMR3PhysWriteU8-64
59 */
60#define PGMPHYSFN_READNAME PGMR3PhysReadU8
61#define PGMPHYSFN_WRITENAME PGMR3PhysWriteU8
62#define PGMPHYS_DATASIZE 1
63#define PGMPHYS_DATATYPE uint8_t
64#include "PGMPhysRWTmpl.h"
65
66#define PGMPHYSFN_READNAME PGMR3PhysReadU16
67#define PGMPHYSFN_WRITENAME PGMR3PhysWriteU16
68#define PGMPHYS_DATASIZE 2
69#define PGMPHYS_DATATYPE uint16_t
70#include "PGMPhysRWTmpl.h"
71
72#define PGMPHYSFN_READNAME PGMR3PhysReadU32
73#define PGMPHYSFN_WRITENAME PGMR3PhysWriteU32
74#define PGMPHYS_DATASIZE 4
75#define PGMPHYS_DATATYPE uint32_t
76#include "PGMPhysRWTmpl.h"
77
78#define PGMPHYSFN_READNAME PGMR3PhysReadU64
79#define PGMPHYSFN_WRITENAME PGMR3PhysWriteU64
80#define PGMPHYS_DATASIZE 8
81#define PGMPHYS_DATATYPE uint64_t
82#include "PGMPhysRWTmpl.h"
83
84
85/**
86 * EMT worker for PGMR3PhysReadExternal.
87 */
88static DECLCALLBACK(int) pgmR3PhysReadExternalEMT(PVM pVM, PRTGCPHYS pGCPhys, void *pvBuf, size_t cbRead)
89{
90 PGMPhysRead(pVM, *pGCPhys, pvBuf, cbRead);
91 return VINF_SUCCESS;
92}
93
94
95/**
96 * Write to physical memory, external users.
97 *
98 * @returns VBox status code.
99 * @retval VINF_SUCCESS.
100 *
101 * @param pVM VM Handle.
102 * @param GCPhys Physical address to write to.
103 * @param pvBuf What to write.
104 * @param cbWrite How many bytes to write.
105 *
106 * @thread Any but EMTs.
107 */
108VMMR3DECL(int) PGMR3PhysReadExternal(PVM pVM, RTGCPHYS GCPhys, void *pvBuf, size_t cbRead)
109{
110 VM_ASSERT_OTHER_THREAD(pVM);
111
112 AssertMsgReturn(cbRead > 0, ("don't even think about reading zero bytes!\n"), VINF_SUCCESS);
113 LogFlow(("PGMR3PhysReadExternal: %RGp %d\n", GCPhys, cbRead));
114
115 pgmLock(pVM);
116
117 /*
118 * Copy loop on ram ranges.
119 */
120 PPGMRAMRANGE pRam = pVM->pgm.s.CTX_SUFF(pRamRanges);
121 for (;;)
122 {
123 /* Find range. */
124 while (pRam && GCPhys > pRam->GCPhysLast)
125 pRam = pRam->CTX_SUFF(pNext);
126 /* Inside range or not? */
127 if (pRam && GCPhys >= pRam->GCPhys)
128 {
129 /*
130 * Must work our way thru this page by page.
131 */
132 RTGCPHYS off = GCPhys - pRam->GCPhys;
133 while (off < pRam->cb)
134 {
135 unsigned iPage = off >> PAGE_SHIFT;
136 PPGMPAGE pPage = &pRam->aPages[iPage];
137
138 /*
139 * If the page has an ALL access handler, we'll have to
140 * delegate the job to EMT.
141 */
142 if (PGM_PAGE_HAS_ACTIVE_ALL_HANDLERS(pPage))
143 {
144 pgmUnlock(pVM);
145
146 return VMR3ReqCallWait(pVM, VMCPUID_ANY, (PFNRT)pgmR3PhysReadExternalEMT, 4,
147 pVM, &GCPhys, pvBuf, cbRead);
148 }
149 Assert(!PGM_PAGE_IS_MMIO(pPage));
150
151 /*
152 * Simple stuff, go ahead.
153 */
154 size_t cb = PAGE_SIZE - (off & PAGE_OFFSET_MASK);
155 if (cb > cbRead)
156 cb = cbRead;
157 const void *pvSrc;
158 int rc = pgmPhysGCPhys2CCPtrInternalReadOnly(pVM, pPage, pRam->GCPhys + off, &pvSrc);
159 if (RT_SUCCESS(rc))
160 memcpy(pvBuf, pvSrc, cb);
161 else
162 {
163 AssertLogRelMsgFailed(("pgmPhysGCPhys2CCPtrInternalReadOnly failed on %RGp / %R[pgmpage] -> %Rrc\n",
164 pRam->GCPhys + off, pPage, rc));
165 memset(pvBuf, 0xff, cb);
166 }
167
168 /* next page */
169 if (cb >= cbRead)
170 {
171 pgmUnlock(pVM);
172 return VINF_SUCCESS;
173 }
174 cbRead -= cb;
175 off += cb;
176 GCPhys += cb;
177 pvBuf = (char *)pvBuf + cb;
178 } /* walk pages in ram range. */
179 }
180 else
181 {
182 LogFlow(("PGMPhysRead: Unassigned %RGp size=%u\n", GCPhys, cbRead));
183
184 /*
185 * Unassigned address space.
186 */
187 if (!pRam)
188 break;
189 size_t cb = pRam->GCPhys - GCPhys;
190 if (cb >= cbRead)
191 {
192 memset(pvBuf, 0xff, cbRead);
193 break;
194 }
195 memset(pvBuf, 0xff, cb);
196
197 cbRead -= cb;
198 pvBuf = (char *)pvBuf + cb;
199 GCPhys += cb;
200 }
201 } /* Ram range walk */
202
203 pgmUnlock(pVM);
204
205 return VINF_SUCCESS;
206}
207
208
209/**
210 * EMT worker for PGMR3PhysWriteExternal.
211 */
212static DECLCALLBACK(int) pgmR3PhysWriteExternalEMT(PVM pVM, PRTGCPHYS pGCPhys, const void *pvBuf, size_t cbWrite)
213{
214 /** @todo VERR_EM_NO_MEMORY */
215 PGMPhysWrite(pVM, *pGCPhys, pvBuf, cbWrite);
216 return VINF_SUCCESS;
217}
218
219
220/**
221 * Write to physical memory, external users.
222 *
223 * @returns VBox status code.
224 * @retval VINF_SUCCESS.
225 * @retval VERR_EM_NO_MEMORY.
226 *
227 * @param pVM VM Handle.
228 * @param GCPhys Physical address to write to.
229 * @param pvBuf What to write.
230 * @param cbWrite How many bytes to write.
231 * @param pszWho Who is writing. For tracking down who is writing
232 * after we've saved the state.
233 *
234 * @thread Any but EMTs.
235 */
236VMMDECL(int) PGMR3PhysWriteExternal(PVM pVM, RTGCPHYS GCPhys, const void *pvBuf, size_t cbWrite, const char *pszWho)
237{
238 VM_ASSERT_OTHER_THREAD(pVM);
239
240 AssertMsg(!pVM->pgm.s.fNoMorePhysWrites,
241 ("Calling PGMR3PhysWriteExternal after pgmR3Save()! GCPhys=%RGp cbWrite=%#x pszWho=%s\n",
242 GCPhys, cbWrite, pszWho));
243 AssertMsgReturn(cbWrite > 0, ("don't even think about writing zero bytes!\n"), VINF_SUCCESS);
244 LogFlow(("PGMR3PhysWriteExternal: %RGp %d\n", GCPhys, cbWrite));
245
246 pgmLock(pVM);
247
248 /*
249 * Copy loop on ram ranges, stop when we hit something difficult.
250 */
251 PPGMRAMRANGE pRam = pVM->pgm.s.CTX_SUFF(pRamRanges);
252 for (;;)
253 {
254 /* Find range. */
255 while (pRam && GCPhys > pRam->GCPhysLast)
256 pRam = pRam->CTX_SUFF(pNext);
257 /* Inside range or not? */
258 if (pRam && GCPhys >= pRam->GCPhys)
259 {
260 /*
261 * Must work our way thru this page by page.
262 */
263 RTGCPTR off = GCPhys - pRam->GCPhys;
264 while (off < pRam->cb)
265 {
266 RTGCPTR iPage = off >> PAGE_SHIFT;
267 PPGMPAGE pPage = &pRam->aPages[iPage];
268
269 /*
270 * Is the page problematic, we have to do the work on the EMT.
271 *
272 * Allocating writable pages and access handlers are
273 * problematic, write monitored pages are simple and can be
274 * dealth with here.
275 */
276 if ( PGM_PAGE_HAS_ACTIVE_HANDLERS(pPage)
277 || PGM_PAGE_GET_STATE(pPage) != PGM_PAGE_STATE_ALLOCATED)
278 {
279 if ( PGM_PAGE_GET_STATE(pPage) == PGM_PAGE_STATE_WRITE_MONITORED
280 && !PGM_PAGE_HAS_ACTIVE_HANDLERS(pPage))
281 pgmPhysPageMakeWriteMonitoredWritable(pVM, pPage);
282 else
283 {
284 pgmUnlock(pVM);
285
286 return VMR3ReqCallWait(pVM, VMCPUID_ANY, (PFNRT)pgmR3PhysWriteExternalEMT, 4,
287 pVM, &GCPhys, pvBuf, cbWrite);
288 }
289 }
290 Assert(!PGM_PAGE_IS_MMIO(pPage));
291
292 /*
293 * Simple stuff, go ahead.
294 */
295 size_t cb = PAGE_SIZE - (off & PAGE_OFFSET_MASK);
296 if (cb > cbWrite)
297 cb = cbWrite;
298 void *pvDst;
299 int rc = pgmPhysGCPhys2CCPtrInternal(pVM, pPage, pRam->GCPhys + off, &pvDst);
300 if (RT_SUCCESS(rc))
301 memcpy(pvDst, pvBuf, cb);
302 else
303 AssertLogRelMsgFailed(("pgmPhysGCPhys2CCPtrInternal failed on %RGp / %R[pgmpage] -> %Rrc\n",
304 pRam->GCPhys + off, pPage, rc));
305
306 /* next page */
307 if (cb >= cbWrite)
308 {
309 pgmUnlock(pVM);
310 return VINF_SUCCESS;
311 }
312
313 cbWrite -= cb;
314 off += cb;
315 GCPhys += cb;
316 pvBuf = (const char *)pvBuf + cb;
317 } /* walk pages in ram range */
318 }
319 else
320 {
321 /*
322 * Unassigned address space, skip it.
323 */
324 if (!pRam)
325 break;
326 size_t cb = pRam->GCPhys - GCPhys;
327 if (cb >= cbWrite)
328 break;
329 cbWrite -= cb;
330 pvBuf = (const char *)pvBuf + cb;
331 GCPhys += cb;
332 }
333 } /* Ram range walk */
334
335 pgmUnlock(pVM);
336 return VINF_SUCCESS;
337}
338
339
340/**
341 * VMR3ReqCall worker for PGMR3PhysGCPhys2CCPtrExternal to make pages writable.
342 *
343 * @returns see PGMR3PhysGCPhys2CCPtrExternal
344 * @param pVM The VM handle.
345 * @param pGCPhys Pointer to the guest physical address.
346 * @param ppv Where to store the mapping address.
347 * @param pLock Where to store the lock.
348 */
349static DECLCALLBACK(int) pgmR3PhysGCPhys2CCPtrDelegated(PVM pVM, PRTGCPHYS pGCPhys, void **ppv, PPGMPAGEMAPLOCK pLock)
350{
351 /*
352 * Just hand it to PGMPhysGCPhys2CCPtr and check that it's not a page with
353 * an access handler after it succeeds.
354 */
355 int rc = pgmLock(pVM);
356 AssertRCReturn(rc, rc);
357
358 rc = PGMPhysGCPhys2CCPtr(pVM, *pGCPhys, ppv, pLock);
359 if (RT_SUCCESS(rc))
360 {
361 PPGMPAGEMAPTLBE pTlbe;
362 int rc2 = pgmPhysPageQueryTlbe(&pVM->pgm.s, *pGCPhys, &pTlbe);
363 AssertFatalRC(rc2);
364 PPGMPAGE pPage = pTlbe->pPage;
365 if (PGM_PAGE_IS_MMIO(pPage))
366 {
367 PGMPhysReleasePageMappingLock(pVM, pLock);
368 rc = VERR_PGM_PHYS_PAGE_RESERVED;
369 }
370 else if ( PGM_PAGE_HAS_ACTIVE_HANDLERS(pPage)
371#ifdef PGMPOOL_WITH_OPTIMIZED_DIRTY_PT
372 || pgmPoolIsDirtyPage(pVM, *pGCPhys)
373#endif
374 )
375 {
376 /* We *must* flush any corresponding pgm pool page here, otherwise we'll
377 * not be informed about writes and keep bogus gst->shw mappings around.
378 */
379 pgmPoolFlushPageByGCPhys(pVM, *pGCPhys);
380 Assert(!PGM_PAGE_HAS_ACTIVE_HANDLERS(pPage));
381 /** @todo r=bird: return VERR_PGM_PHYS_PAGE_RESERVED here if it still has
382 * active handlers, see the PGMR3PhysGCPhys2CCPtrExternal docs. */
383 }
384 }
385
386 pgmUnlock(pVM);
387 return rc;
388}
389
390
391/**
392 * Requests the mapping of a guest page into ring-3, external threads.
393 *
394 * When you're done with the page, call PGMPhysReleasePageMappingLock() ASAP to
395 * release it.
396 *
397 * This API will assume your intention is to write to the page, and will
398 * therefore replace shared and zero pages. If you do not intend to modify the
399 * page, use the PGMR3PhysGCPhys2CCPtrReadOnlyExternal() API.
400 *
401 * @returns VBox status code.
402 * @retval VINF_SUCCESS on success.
403 * @retval VERR_PGM_PHYS_PAGE_RESERVED it it's a valid page but has no physical
404 * backing or if the page has any active access handlers. The caller
405 * must fall back on using PGMR3PhysWriteExternal.
406 * @retval VERR_PGM_INVALID_GC_PHYSICAL_ADDRESS if it's not a valid physical address.
407 *
408 * @param pVM The VM handle.
409 * @param GCPhys The guest physical address of the page that should be mapped.
410 * @param ppv Where to store the address corresponding to GCPhys.
411 * @param pLock Where to store the lock information that PGMPhysReleasePageMappingLock needs.
412 *
413 * @remark Avoid calling this API from within critical sections (other than the
414 * PGM one) because of the deadlock risk when we have to delegating the
415 * task to an EMT.
416 * @thread Any.
417 */
418VMMR3DECL(int) PGMR3PhysGCPhys2CCPtrExternal(PVM pVM, RTGCPHYS GCPhys, void **ppv, PPGMPAGEMAPLOCK pLock)
419{
420 AssertPtr(ppv);
421 AssertPtr(pLock);
422
423 Assert(VM_IS_EMT(pVM) || !PGMIsLockOwner(pVM));
424
425 int rc = pgmLock(pVM);
426 AssertRCReturn(rc, rc);
427
428 /*
429 * Query the Physical TLB entry for the page (may fail).
430 */
431 PPGMPAGEMAPTLBE pTlbe;
432 rc = pgmPhysPageQueryTlbe(&pVM->pgm.s, GCPhys, &pTlbe);
433 if (RT_SUCCESS(rc))
434 {
435 PPGMPAGE pPage = pTlbe->pPage;
436 if (PGM_PAGE_IS_MMIO(pPage))
437 rc = VERR_PGM_PHYS_PAGE_RESERVED;
438 else
439 {
440 /*
441 * If the page is shared, the zero page, or being write monitored
442 * it must be converted to an page that's writable if possible.
443 * We can only deal with write monitored pages here, the rest have
444 * to be on an EMT.
445 */
446 if ( PGM_PAGE_HAS_ACTIVE_HANDLERS(pPage)
447 || PGM_PAGE_GET_STATE(pPage) != PGM_PAGE_STATE_ALLOCATED
448#ifdef PGMPOOL_WITH_OPTIMIZED_DIRTY_PT
449 || pgmPoolIsDirtyPage(pVM, GCPhys)
450#endif
451 )
452 {
453 if ( PGM_PAGE_GET_STATE(pPage) == PGM_PAGE_STATE_WRITE_MONITORED
454 && !PGM_PAGE_HAS_ACTIVE_HANDLERS(pPage)
455#ifdef PGMPOOL_WITH_OPTIMIZED_DIRTY_PT
456 && !pgmPoolIsDirtyPage(pVM, GCPhys)
457#endif
458 )
459 pgmPhysPageMakeWriteMonitoredWritable(pVM, pPage);
460 else
461 {
462 pgmUnlock(pVM);
463
464 return VMR3ReqCallWait(pVM, VMCPUID_ANY, (PFNRT)pgmR3PhysGCPhys2CCPtrDelegated, 4,
465 pVM, &GCPhys, ppv, pLock);
466 }
467 }
468
469 /*
470 * Now, just perform the locking and calculate the return address.
471 */
472 PPGMPAGEMAP pMap = pTlbe->pMap;
473 if (pMap)
474 pMap->cRefs++;
475
476 unsigned cLocks = PGM_PAGE_GET_WRITE_LOCKS(pPage);
477 if (RT_LIKELY(cLocks < PGM_PAGE_MAX_LOCKS - 1))
478 {
479 if (cLocks == 0)
480 pVM->pgm.s.cWriteLockedPages++;
481 PGM_PAGE_INC_WRITE_LOCKS(pPage);
482 }
483 else if (cLocks != PGM_PAGE_GET_WRITE_LOCKS(pPage))
484 {
485 PGM_PAGE_INC_WRITE_LOCKS(pPage);
486 AssertMsgFailed(("%RGp / %R[pgmpage] is entering permanent write locked state!\n", GCPhys, pPage));
487 if (pMap)
488 pMap->cRefs++; /* Extra ref to prevent it from going away. */
489 }
490
491 *ppv = (void *)((uintptr_t)pTlbe->pv | (uintptr_t)(GCPhys & PAGE_OFFSET_MASK));
492 pLock->uPageAndType = (uintptr_t)pPage | PGMPAGEMAPLOCK_TYPE_WRITE;
493 pLock->pvMap = pMap;
494 }
495 }
496
497 pgmUnlock(pVM);
498 return rc;
499}
500
501
502/**
503 * Requests the mapping of a guest page into ring-3, external threads.
504 *
505 * When you're done with the page, call PGMPhysReleasePageMappingLock() ASAP to
506 * release it.
507 *
508 * @returns VBox status code.
509 * @retval VINF_SUCCESS on success.
510 * @retval VERR_PGM_PHYS_PAGE_RESERVED it it's a valid page but has no physical
511 * backing or if the page as an active ALL access handler. The caller
512 * must fall back on using PGMPhysRead.
513 * @retval VERR_PGM_INVALID_GC_PHYSICAL_ADDRESS if it's not a valid physical address.
514 *
515 * @param pVM The VM handle.
516 * @param GCPhys The guest physical address of the page that should be mapped.
517 * @param ppv Where to store the address corresponding to GCPhys.
518 * @param pLock Where to store the lock information that PGMPhysReleasePageMappingLock needs.
519 *
520 * @remark Avoid calling this API from within critical sections (other than
521 * the PGM one) because of the deadlock risk.
522 * @thread Any.
523 */
524VMMR3DECL(int) PGMR3PhysGCPhys2CCPtrReadOnlyExternal(PVM pVM, RTGCPHYS GCPhys, void const **ppv, PPGMPAGEMAPLOCK pLock)
525{
526 int rc = pgmLock(pVM);
527 AssertRCReturn(rc, rc);
528
529 /*
530 * Query the Physical TLB entry for the page (may fail).
531 */
532 PPGMPAGEMAPTLBE pTlbe;
533 rc = pgmPhysPageQueryTlbe(&pVM->pgm.s, GCPhys, &pTlbe);
534 if (RT_SUCCESS(rc))
535 {
536 PPGMPAGE pPage = pTlbe->pPage;
537#if 1
538 /* MMIO pages doesn't have any readable backing. */
539 if (PGM_PAGE_IS_MMIO(pPage))
540 rc = VERR_PGM_PHYS_PAGE_RESERVED;
541#else
542 if (PGM_PAGE_HAS_ACTIVE_ALL_HANDLERS(pPage))
543 rc = VERR_PGM_PHYS_PAGE_RESERVED;
544#endif
545 else
546 {
547 /*
548 * Now, just perform the locking and calculate the return address.
549 */
550 PPGMPAGEMAP pMap = pTlbe->pMap;
551 if (pMap)
552 pMap->cRefs++;
553
554 unsigned cLocks = PGM_PAGE_GET_READ_LOCKS(pPage);
555 if (RT_LIKELY(cLocks < PGM_PAGE_MAX_LOCKS - 1))
556 {
557 if (cLocks == 0)
558 pVM->pgm.s.cReadLockedPages++;
559 PGM_PAGE_INC_READ_LOCKS(pPage);
560 }
561 else if (cLocks != PGM_PAGE_GET_READ_LOCKS(pPage))
562 {
563 PGM_PAGE_INC_READ_LOCKS(pPage);
564 AssertMsgFailed(("%RGp / %R[pgmpage] is entering permanent readonly locked state!\n", GCPhys, pPage));
565 if (pMap)
566 pMap->cRefs++; /* Extra ref to prevent it from going away. */
567 }
568
569 *ppv = (void *)((uintptr_t)pTlbe->pv | (uintptr_t)(GCPhys & PAGE_OFFSET_MASK));
570 pLock->uPageAndType = (uintptr_t)pPage | PGMPAGEMAPLOCK_TYPE_READ;
571 pLock->pvMap = pMap;
572 }
573 }
574
575 pgmUnlock(pVM);
576 return rc;
577}
578
579
580/**
581 * Relinks the RAM ranges using the pSelfRC and pSelfR0 pointers.
582 *
583 * Called when anything was relocated.
584 *
585 * @param pVM Pointer to the shared VM structure.
586 */
587void pgmR3PhysRelinkRamRanges(PVM pVM)
588{
589 PPGMRAMRANGE pCur;
590
591#ifdef VBOX_STRICT
592 for (pCur = pVM->pgm.s.pRamRangesR3; pCur; pCur = pCur->pNextR3)
593 {
594 Assert((pCur->fFlags & PGM_RAM_RANGE_FLAGS_FLOATING) || pCur->pSelfR0 == MMHyperCCToR0(pVM, pCur));
595 Assert((pCur->fFlags & PGM_RAM_RANGE_FLAGS_FLOATING) || pCur->pSelfRC == MMHyperCCToRC(pVM, pCur));
596 Assert((pCur->GCPhys & PAGE_OFFSET_MASK) == 0);
597 Assert((pCur->GCPhysLast & PAGE_OFFSET_MASK) == PAGE_OFFSET_MASK);
598 Assert((pCur->cb & PAGE_OFFSET_MASK) == 0);
599 Assert(pCur->cb == pCur->GCPhysLast - pCur->GCPhys + 1);
600 for (PPGMRAMRANGE pCur2 = pVM->pgm.s.pRamRangesR3; pCur2; pCur2 = pCur2->pNextR3)
601 Assert( pCur2 == pCur
602 || strcmp(pCur2->pszDesc, pCur->pszDesc)); /** @todo fix MMIO ranges!! */
603 }
604#endif
605
606 pCur = pVM->pgm.s.pRamRangesR3;
607 if (pCur)
608 {
609 pVM->pgm.s.pRamRangesR0 = pCur->pSelfR0;
610 pVM->pgm.s.pRamRangesRC = pCur->pSelfRC;
611
612 for (; pCur->pNextR3; pCur = pCur->pNextR3)
613 {
614 pCur->pNextR0 = pCur->pNextR3->pSelfR0;
615 pCur->pNextRC = pCur->pNextR3->pSelfRC;
616 }
617
618 Assert(pCur->pNextR0 == NIL_RTR0PTR);
619 Assert(pCur->pNextRC == NIL_RTRCPTR);
620 }
621 else
622 {
623 Assert(pVM->pgm.s.pRamRangesR0 == NIL_RTR0PTR);
624 Assert(pVM->pgm.s.pRamRangesRC == NIL_RTRCPTR);
625 }
626 ASMAtomicIncU32(&pVM->pgm.s.idRamRangesGen);
627}
628
629
630/**
631 * Links a new RAM range into the list.
632 *
633 * @param pVM Pointer to the shared VM structure.
634 * @param pNew Pointer to the new list entry.
635 * @param pPrev Pointer to the previous list entry. If NULL, insert as head.
636 */
637static void pgmR3PhysLinkRamRange(PVM pVM, PPGMRAMRANGE pNew, PPGMRAMRANGE pPrev)
638{
639 AssertMsg(pNew->pszDesc, ("%RGp-%RGp\n", pNew->GCPhys, pNew->GCPhysLast));
640 Assert((pNew->fFlags & PGM_RAM_RANGE_FLAGS_FLOATING) || pNew->pSelfR0 == MMHyperCCToR0(pVM, pNew));
641 Assert((pNew->fFlags & PGM_RAM_RANGE_FLAGS_FLOATING) || pNew->pSelfRC == MMHyperCCToRC(pVM, pNew));
642
643 pgmLock(pVM);
644
645 PPGMRAMRANGE pRam = pPrev ? pPrev->pNextR3 : pVM->pgm.s.pRamRangesR3;
646 pNew->pNextR3 = pRam;
647 pNew->pNextR0 = pRam ? pRam->pSelfR0 : NIL_RTR0PTR;
648 pNew->pNextRC = pRam ? pRam->pSelfRC : NIL_RTRCPTR;
649
650 if (pPrev)
651 {
652 pPrev->pNextR3 = pNew;
653 pPrev->pNextR0 = pNew->pSelfR0;
654 pPrev->pNextRC = pNew->pSelfRC;
655 }
656 else
657 {
658 pVM->pgm.s.pRamRangesR3 = pNew;
659 pVM->pgm.s.pRamRangesR0 = pNew->pSelfR0;
660 pVM->pgm.s.pRamRangesRC = pNew->pSelfRC;
661 }
662 ASMAtomicIncU32(&pVM->pgm.s.idRamRangesGen);
663 pgmUnlock(pVM);
664}
665
666
667/**
668 * Unlink an existing RAM range from the list.
669 *
670 * @param pVM Pointer to the shared VM structure.
671 * @param pRam Pointer to the new list entry.
672 * @param pPrev Pointer to the previous list entry. If NULL, insert as head.
673 */
674static void pgmR3PhysUnlinkRamRange2(PVM pVM, PPGMRAMRANGE pRam, PPGMRAMRANGE pPrev)
675{
676 Assert(pPrev ? pPrev->pNextR3 == pRam : pVM->pgm.s.pRamRangesR3 == pRam);
677 Assert((pRam->fFlags & PGM_RAM_RANGE_FLAGS_FLOATING) || pRam->pSelfR0 == MMHyperCCToR0(pVM, pRam));
678 Assert((pRam->fFlags & PGM_RAM_RANGE_FLAGS_FLOATING) || pRam->pSelfRC == MMHyperCCToRC(pVM, pRam));
679
680 pgmLock(pVM);
681
682 PPGMRAMRANGE pNext = pRam->pNextR3;
683 if (pPrev)
684 {
685 pPrev->pNextR3 = pNext;
686 pPrev->pNextR0 = pNext ? pNext->pSelfR0 : NIL_RTR0PTR;
687 pPrev->pNextRC = pNext ? pNext->pSelfRC : NIL_RTRCPTR;
688 }
689 else
690 {
691 Assert(pVM->pgm.s.pRamRangesR3 == pRam);
692 pVM->pgm.s.pRamRangesR3 = pNext;
693 pVM->pgm.s.pRamRangesR0 = pNext ? pNext->pSelfR0 : NIL_RTR0PTR;
694 pVM->pgm.s.pRamRangesRC = pNext ? pNext->pSelfRC : NIL_RTRCPTR;
695 }
696 ASMAtomicIncU32(&pVM->pgm.s.idRamRangesGen);
697 pgmUnlock(pVM);
698}
699
700
701/**
702 * Unlink an existing RAM range from the list.
703 *
704 * @param pVM Pointer to the shared VM structure.
705 * @param pRam Pointer to the new list entry.
706 */
707static void pgmR3PhysUnlinkRamRange(PVM pVM, PPGMRAMRANGE pRam)
708{
709 pgmLock(pVM);
710
711 /* find prev. */
712 PPGMRAMRANGE pPrev = NULL;
713 PPGMRAMRANGE pCur = pVM->pgm.s.pRamRangesR3;
714 while (pCur != pRam)
715 {
716 pPrev = pCur;
717 pCur = pCur->pNextR3;
718 }
719 AssertFatal(pCur);
720
721 pgmR3PhysUnlinkRamRange2(pVM, pRam, pPrev);
722 pgmUnlock(pVM);
723}
724
725
726/**
727 * Frees a range of pages, replacing them with ZERO pages of the specified type.
728 *
729 * @returns VBox status code.
730 * @param pVM The VM handle.
731 * @param pRam The RAM range in which the pages resides.
732 * @param GCPhys The address of the first page.
733 * @param GCPhysLast The address of the last page.
734 * @param uType The page type to replace then with.
735 */
736static int pgmR3PhysFreePageRange(PVM pVM, PPGMRAMRANGE pRam, RTGCPHYS GCPhys, RTGCPHYS GCPhysLast, uint8_t uType)
737{
738 Assert(PGMIsLockOwner(pVM));
739 uint32_t cPendingPages = 0;
740 PGMMFREEPAGESREQ pReq;
741 int rc = GMMR3FreePagesPrepare(pVM, &pReq, PGMPHYS_FREE_PAGE_BATCH_SIZE, GMMACCOUNT_BASE);
742 AssertLogRelRCReturn(rc, rc);
743
744 /* Iterate the pages. */
745 PPGMPAGE pPageDst = &pRam->aPages[(GCPhys - pRam->GCPhys) >> PAGE_SHIFT];
746 uint32_t cPagesLeft = ((GCPhysLast - GCPhys) >> PAGE_SHIFT) + 1;
747 while (cPagesLeft-- > 0)
748 {
749 rc = pgmPhysFreePage(pVM, pReq, &cPendingPages, pPageDst, GCPhys);
750 AssertLogRelRCReturn(rc, rc); /* We're done for if this goes wrong. */
751
752 PGM_PAGE_SET_TYPE(pPageDst, uType);
753
754 GCPhys += PAGE_SIZE;
755 pPageDst++;
756 }
757
758 if (cPendingPages)
759 {
760 rc = GMMR3FreePagesPerform(pVM, pReq, cPendingPages);
761 AssertLogRelRCReturn(rc, rc);
762 }
763 GMMR3FreePagesCleanup(pReq);
764
765 return rc;
766}
767
768#if HC_ARCH_BITS == 64 && (defined(RT_OS_WINDOWS) || defined(RT_OS_SOLARIS) || defined(RT_OS_LINUX) || defined(RT_OS_FREEBSD))
769/**
770 * Rendezvous callback used by PGMR3ChangeMemBalloon that changes the memory balloon size
771 *
772 * This is only called on one of the EMTs while the other ones are waiting for
773 * it to complete this function.
774 *
775 * @returns VINF_SUCCESS (VBox strict status code).
776 * @param pVM The VM handle.
777 * @param pVCpu The VMCPU for the EMT we're being called on. Unused.
778 * @param pvUser User parameter
779 */
780static DECLCALLBACK(VBOXSTRICTRC) pgmR3PhysChangeMemBalloonRendezvous(PVM pVM, PVMCPU pVCpu, void *pvUser)
781{
782 uintptr_t *paUser = (uintptr_t *)pvUser;
783 bool fInflate = !!paUser[0];
784 unsigned cPages = paUser[1];
785 RTGCPHYS *paPhysPage = (RTGCPHYS *)paUser[2];
786 uint32_t cPendingPages = 0;
787 PGMMFREEPAGESREQ pReq;
788 int rc;
789
790 Log(("pgmR3PhysChangeMemBalloonRendezvous: %s %x pages\n", (fInflate) ? "inflate" : "deflate", cPages));
791 pgmLock(pVM);
792
793 if (fInflate)
794 {
795 /* Flush the PGM pool cache as we might have stale references to pages that we just freed. */
796 pgmR3PoolClearAllRendezvous(pVM, pVCpu, NULL);
797
798 /* Replace pages with ZERO pages. */
799 rc = GMMR3FreePagesPrepare(pVM, &pReq, PGMPHYS_FREE_PAGE_BATCH_SIZE, GMMACCOUNT_BASE);
800 if (RT_FAILURE(rc))
801 {
802 pgmUnlock(pVM);
803 AssertLogRelRC(rc);
804 return rc;
805 }
806
807 /* Iterate the pages. */
808 for (unsigned i = 0; i < cPages; i++)
809 {
810 PPGMPAGE pPage = pgmPhysGetPage(&pVM->pgm.s, paPhysPage[i]);
811 if ( pPage == NULL
812 || pPage->uTypeY != PGMPAGETYPE_RAM)
813 {
814 Log(("pgmR3PhysChangeMemBalloonRendezvous: invalid physical page %RGp pPage->u3Type=%d\n", paPhysPage[i], (pPage) ? pPage->uTypeY : 0));
815 break;
816 }
817
818 LogFlow(("balloon page: %RGp\n", paPhysPage[i]));
819
820 /* Flush the shadow PT if this page was previously used as a guest page table. */
821 pgmPoolFlushPageByGCPhys(pVM, paPhysPage[i]);
822
823 rc = pgmPhysFreePage(pVM, pReq, &cPendingPages, pPage, paPhysPage[i]);
824 if (RT_FAILURE(rc))
825 {
826 pgmUnlock(pVM);
827 AssertLogRelRC(rc);
828 return rc;
829 }
830 Assert(PGM_PAGE_IS_ZERO(pPage));
831 PGM_PAGE_SET_STATE(pPage, PGM_PAGE_STATE_BALLOONED);
832 }
833
834 if (cPendingPages)
835 {
836 rc = GMMR3FreePagesPerform(pVM, pReq, cPendingPages);
837 if (RT_FAILURE(rc))
838 {
839 pgmUnlock(pVM);
840 AssertLogRelRC(rc);
841 return rc;
842 }
843 }
844 GMMR3FreePagesCleanup(pReq);
845 }
846 else
847 {
848 /* Iterate the pages. */
849 for (unsigned i = 0; i < cPages; i++)
850 {
851 PPGMPAGE pPage = pgmPhysGetPage(&pVM->pgm.s, paPhysPage[i]);
852 AssertBreak(pPage && pPage->uTypeY == PGMPAGETYPE_RAM);
853
854 LogFlow(("Free ballooned page: %RGp\n", paPhysPage[i]));
855
856 Assert(PGM_PAGE_IS_BALLOONED(pPage));
857
858 /* Change back to zero page. */
859 PGM_PAGE_SET_STATE(pPage, PGM_PAGE_STATE_ZERO);
860 }
861
862 /* Note that we currently do not map any ballooned pages in our shadow page tables, so no need to flush the pgm pool. */
863 }
864
865 /* Notify GMM about the balloon change. */
866 rc = GMMR3BalloonedPages(pVM, (fInflate) ? GMMBALLOONACTION_INFLATE : GMMBALLOONACTION_DEFLATE, cPages);
867 if (RT_SUCCESS(rc))
868 {
869 if (!fInflate)
870 {
871 Assert(pVM->pgm.s.cBalloonedPages >= cPages);
872 pVM->pgm.s.cBalloonedPages -= cPages;
873 }
874 else
875 pVM->pgm.s.cBalloonedPages += cPages;
876 }
877
878 pgmUnlock(pVM);
879
880 /* Flush the recompiler's TLB as well. */
881 for (VMCPUID i = 0; i < pVM->cCpus; i++)
882 CPUMSetChangedFlags(&pVM->aCpus[i], CPUM_CHANGED_GLOBAL_TLB_FLUSH);
883
884 AssertLogRelRC(rc);
885 return rc;
886}
887
888/**
889 * Frees a range of ram pages, replacing them with ZERO pages; helper for PGMR3PhysFreeRamPages
890 *
891 * @returns VBox status code.
892 * @param pVM The VM handle.
893 * @param fInflate Inflate or deflate memory balloon
894 * @param cPages Number of pages to free
895 * @param paPhysPage Array of guest physical addresses
896 */
897static DECLCALLBACK(void) pgmR3PhysChangeMemBalloonHelper(PVM pVM, bool fInflate, unsigned cPages, RTGCPHYS *paPhysPage)
898{
899 uintptr_t paUser[3];
900
901 paUser[0] = fInflate;
902 paUser[1] = cPages;
903 paUser[2] = (uintptr_t)paPhysPage;
904 int rc = VMMR3EmtRendezvous(pVM, VMMEMTRENDEZVOUS_FLAGS_TYPE_ONCE, pgmR3PhysChangeMemBalloonRendezvous, (void *)paUser);
905 AssertRC(rc);
906
907 /* Made a copy in PGMR3PhysFreeRamPages; free it here. */
908 RTMemFree(paPhysPage);
909}
910#endif
911
912/**
913 * Inflate or deflate a memory balloon
914 *
915 * @returns VBox status code.
916 * @param pVM The VM handle.
917 * @param fInflate Inflate or deflate memory balloon
918 * @param cPages Number of pages to free
919 * @param paPhysPage Array of guest physical addresses
920 */
921VMMR3DECL(int) PGMR3PhysChangeMemBalloon(PVM pVM, bool fInflate, unsigned cPages, RTGCPHYS *paPhysPage)
922{
923 /* This must match GMMR0Init; currently we only support memory ballooning on all 64-bit hosts except Mac OS X */
924#if HC_ARCH_BITS == 64 && (defined(RT_OS_WINDOWS) || defined(RT_OS_SOLARIS) || defined(RT_OS_LINUX) || defined(RT_OS_FREEBSD))
925 int rc;
926
927 /* Older additions (ancient non-functioning balloon code) pass wrong physical addresses. */
928 AssertReturn(!(paPhysPage[0] & 0xfff), VERR_INVALID_PARAMETER);
929
930 /* We own the IOM lock here and could cause a deadlock by waiting for another VCPU that is blocking on the IOM lock.
931 * In the SMP case we post a request packet to postpone the job.
932 */
933 if (pVM->cCpus > 1)
934 {
935 unsigned cbPhysPage = cPages * sizeof(paPhysPage[0]);
936 RTGCPHYS *paPhysPageCopy = (RTGCPHYS *)RTMemAlloc(cbPhysPage);
937 AssertReturn(paPhysPageCopy, VERR_NO_MEMORY);
938
939 memcpy(paPhysPageCopy, paPhysPage, cbPhysPage);
940
941 rc = VMR3ReqCallNoWait(pVM, VMCPUID_ANY_QUEUE, (PFNRT)pgmR3PhysChangeMemBalloonHelper, 4, pVM, fInflate, cPages, paPhysPageCopy);
942 AssertRC(rc);
943 }
944 else
945 {
946 uintptr_t paUser[3];
947
948 paUser[0] = fInflate;
949 paUser[1] = cPages;
950 paUser[2] = (uintptr_t)paPhysPage;
951 rc = VMMR3EmtRendezvous(pVM, VMMEMTRENDEZVOUS_FLAGS_TYPE_ONCE, pgmR3PhysChangeMemBalloonRendezvous, (void *)paUser);
952 AssertRC(rc);
953 }
954 return rc;
955#else
956 return VERR_NOT_IMPLEMENTED;
957#endif
958}
959
960/**
961 * Rendezvous callback used by PGMR3WriteProtectRAM that write protects all physical RAM
962 *
963 * This is only called on one of the EMTs while the other ones are waiting for
964 * it to complete this function.
965 *
966 * @returns VINF_SUCCESS (VBox strict status code).
967 * @param pVM The VM handle.
968 * @param pVCpu The VMCPU for the EMT we're being called on. Unused.
969 * @param pvUser User parameter
970 */
971static DECLCALLBACK(VBOXSTRICTRC) pgmR3PhysWriteProtectRAMRendezvous(PVM pVM, PVMCPU pVCpu, void *pvUser)
972{
973 int rc = VINF_SUCCESS;
974
975 pgmLock(pVM);
976#ifdef PGMPOOL_WITH_OPTIMIZED_DIRTY_PT
977 pgmPoolResetDirtyPages(pVM);
978#endif
979
980 /** @todo pointless to write protect the physical page pointed to by RSP. */
981
982 /*
983 * Clear all the GCPhys links and rebuild the phys ext free list.
984 */
985 for (PPGMRAMRANGE pRam = pVM->pgm.s.CTX_SUFF(pRamRanges);
986 pRam;
987 pRam = pRam->CTX_SUFF(pNext))
988 {
989 if (!PGM_RAM_RANGE_IS_AD_HOC(pRam))
990 {
991 unsigned iPage = pRam->cb >> PAGE_SHIFT;
992 while (iPage-- > 0)
993 {
994 PPGMPAGE pPage = &pRam->aPages[iPage];
995 if (RT_LIKELY(PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_RAM))
996 {
997 /*
998 * A RAM page.
999 */
1000 switch (PGM_PAGE_GET_STATE(pPage))
1001 {
1002 case PGM_PAGE_STATE_ALLOCATED:
1003 /** @todo Optimize this: Don't always re-enable write
1004 * monitoring if the page is known to be very busy. */
1005 if (PGM_PAGE_IS_WRITTEN_TO(pPage))
1006 PGM_PAGE_CLEAR_WRITTEN_TO(pPage);
1007
1008 PGM_PAGE_SET_STATE(pPage, PGM_PAGE_STATE_WRITE_MONITORED);
1009 break;
1010
1011 case PGM_PAGE_STATE_SHARED:
1012 AssertFailed();
1013 break;
1014
1015 case PGM_PAGE_STATE_WRITE_MONITORED: /* nothing to change. */
1016 default:
1017 break;
1018 }
1019 }
1020 }
1021 }
1022 }
1023 pgmR3PoolWriteProtectPages(pVM);
1024 PGM_INVL_ALL_VCPU_TLBS(pVM);
1025 for (VMCPUID idCpu = 0; idCpu < pVM->cCpus; idCpu++)
1026 CPUMSetChangedFlags(&pVM->aCpus[idCpu], CPUM_CHANGED_GLOBAL_TLB_FLUSH);
1027
1028 pgmUnlock(pVM);
1029 return rc;
1030}
1031
1032/**
1033 * Protect all physical RAM to monitor writes
1034 *
1035 * @returns VBox status code.
1036 * @param pVM The VM handle.
1037 */
1038VMMR3DECL(int) PGMR3PhysWriteProtectRAM(PVM pVM)
1039{
1040 VM_ASSERT_EMT_RETURN(pVM, VERR_VM_THREAD_NOT_EMT);
1041
1042 int rc = VMMR3EmtRendezvous(pVM, VMMEMTRENDEZVOUS_FLAGS_TYPE_ONCE, pgmR3PhysWriteProtectRAMRendezvous, NULL);
1043 AssertRC(rc);
1044 return rc;
1045}
1046
1047/**
1048 * Query the amount of free memory inside VMMR0
1049 *
1050 * @returns VBox status code.
1051 * @param pVM The VM handle.
1052 * @param puTotalAllocSize Pointer to total allocated memory inside VMMR0 (in bytes)
1053 * @param puTotalFreeSize Pointer to total free (allocated but not used yet) memory inside VMMR0 (in bytes)
1054 * @param puTotalBalloonSize Pointer to total ballooned memory inside VMMR0 (in bytes)
1055 * @param puTotalSharedSize Pointer to total shared memory inside VMMR0 (in bytes)
1056 */
1057VMMR3DECL(int) PGMR3QueryVMMMemoryStats(PVM pVM, uint64_t *puTotalAllocSize, uint64_t *puTotalFreeSize, uint64_t *puTotalBalloonSize, uint64_t *puTotalSharedSize)
1058{
1059 int rc;
1060
1061 uint64_t cAllocPages = 0, cFreePages = 0, cBalloonPages = 0, cSharedPages = 0;
1062 rc = GMMR3QueryHypervisorMemoryStats(pVM, &cAllocPages, &cFreePages, &cBalloonPages, &cSharedPages);
1063 AssertRCReturn(rc, rc);
1064
1065 if (puTotalAllocSize)
1066 *puTotalAllocSize = cAllocPages * _4K;
1067
1068 if (puTotalFreeSize)
1069 *puTotalFreeSize = cFreePages * _4K;
1070
1071 if (puTotalBalloonSize)
1072 *puTotalBalloonSize = cBalloonPages * _4K;
1073
1074 if (puTotalSharedSize)
1075 *puTotalSharedSize = cSharedPages * _4K;
1076
1077 Log(("PGMR3QueryVMMMemoryStats: all=%x free=%x ballooned=%x shared=%x\n", cAllocPages, cFreePages, cBalloonPages, cSharedPages));
1078 return VINF_SUCCESS;
1079}
1080
1081/**
1082 * Query memory stats for the VM
1083 *
1084 * @returns VBox status code.
1085 * @param pVM The VM handle.
1086 * @param puTotalAllocSize Pointer to total allocated memory inside the VM (in bytes)
1087 * @param puTotalFreeSize Pointer to total free (allocated but not used yet) memory inside the VM (in bytes)
1088 * @param puTotalBalloonSize Pointer to total ballooned memory inside the VM (in bytes)
1089 * @param puTotalSharedSize Pointer to total shared memory inside the VM (in bytes)
1090 */
1091VMMR3DECL(int) PGMR3QueryMemoryStats(PVM pVM, uint64_t *pulTotalMem, uint64_t *pulPrivateMem, uint64_t *puTotalSharedMem, uint64_t *puTotalZeroMem)
1092{
1093 if (pulTotalMem)
1094 *pulTotalMem = (uint64_t)pVM->pgm.s.cAllPages * _4K;
1095
1096 if (pulPrivateMem)
1097 *pulPrivateMem = (uint64_t)pVM->pgm.s.cPrivatePages * _4K;
1098
1099 if (puTotalSharedMem)
1100 *puTotalSharedMem = (uint64_t)pVM->pgm.s.cReusedSharedPages * _4K;
1101
1102 if (puTotalZeroMem)
1103 *puTotalZeroMem = (uint64_t)pVM->pgm.s.cZeroPages * _4K;
1104
1105 Log(("PGMR3QueryMemoryStats: all=%x private=%x reused=%x zero=%x\n", pVM->pgm.s.cAllPages, pVM->pgm.s.cPrivatePages, pVM->pgm.s.cReusedSharedPages, pVM->pgm.s.cZeroPages));
1106 return VINF_SUCCESS;
1107}
1108
1109/**
1110 * PGMR3PhysRegisterRam worker that initializes and links a RAM range.
1111 *
1112 * @param pVM The VM handle.
1113 * @param pNew The new RAM range.
1114 * @param GCPhys The address of the RAM range.
1115 * @param GCPhysLast The last address of the RAM range.
1116 * @param RCPtrNew The RC address if the range is floating. NIL_RTRCPTR
1117 * if in HMA.
1118 * @param R0PtrNew Ditto for R0.
1119 * @param pszDesc The description.
1120 * @param pPrev The previous RAM range (for linking).
1121 */
1122static void pgmR3PhysInitAndLinkRamRange(PVM pVM, PPGMRAMRANGE pNew, RTGCPHYS GCPhys, RTGCPHYS GCPhysLast,
1123 RTRCPTR RCPtrNew, RTR0PTR R0PtrNew, const char *pszDesc, PPGMRAMRANGE pPrev)
1124{
1125 /*
1126 * Initialize the range.
1127 */
1128 pNew->pSelfR0 = R0PtrNew != NIL_RTR0PTR ? R0PtrNew : MMHyperCCToR0(pVM, pNew);
1129 pNew->pSelfRC = RCPtrNew != NIL_RTRCPTR ? RCPtrNew : MMHyperCCToRC(pVM, pNew);
1130 pNew->GCPhys = GCPhys;
1131 pNew->GCPhysLast = GCPhysLast;
1132 pNew->cb = GCPhysLast - GCPhys + 1;
1133 pNew->pszDesc = pszDesc;
1134 pNew->fFlags = RCPtrNew != NIL_RTRCPTR ? PGM_RAM_RANGE_FLAGS_FLOATING : 0;
1135 pNew->pvR3 = NULL;
1136 pNew->paLSPages = NULL;
1137
1138 uint32_t const cPages = pNew->cb >> PAGE_SHIFT;
1139 RTGCPHYS iPage = cPages;
1140 while (iPage-- > 0)
1141 PGM_PAGE_INIT_ZERO(&pNew->aPages[iPage], pVM, PGMPAGETYPE_RAM);
1142
1143 /* Update the page count stats. */
1144 pVM->pgm.s.cZeroPages += cPages;
1145 pVM->pgm.s.cAllPages += cPages;
1146
1147 /*
1148 * Link it.
1149 */
1150 pgmR3PhysLinkRamRange(pVM, pNew, pPrev);
1151}
1152
1153
1154/**
1155 * Relocate a floating RAM range.
1156 *
1157 * @copydoc FNPGMRELOCATE.
1158 */
1159static DECLCALLBACK(bool) pgmR3PhysRamRangeRelocate(PVM pVM, RTGCPTR GCPtrOld, RTGCPTR GCPtrNew, PGMRELOCATECALL enmMode, void *pvUser)
1160{
1161 PPGMRAMRANGE pRam = (PPGMRAMRANGE)pvUser;
1162 Assert(pRam->fFlags & PGM_RAM_RANGE_FLAGS_FLOATING);
1163 Assert(pRam->pSelfRC == GCPtrOld + PAGE_SIZE);
1164
1165 switch (enmMode)
1166 {
1167 case PGMRELOCATECALL_SUGGEST:
1168 return true;
1169 case PGMRELOCATECALL_RELOCATE:
1170 {
1171 /* Update myself and then relink all the ranges. */
1172 pgmLock(pVM);
1173 pRam->pSelfRC = (RTRCPTR)(GCPtrNew + PAGE_SIZE);
1174 pgmR3PhysRelinkRamRanges(pVM);
1175 pgmUnlock(pVM);
1176 return true;
1177 }
1178
1179 default:
1180 AssertFailedReturn(false);
1181 }
1182}
1183
1184
1185/**
1186 * PGMR3PhysRegisterRam worker that registers a high chunk.
1187 *
1188 * @returns VBox status code.
1189 * @param pVM The VM handle.
1190 * @param GCPhys The address of the RAM.
1191 * @param cRamPages The number of RAM pages to register.
1192 * @param cbChunk The size of the PGMRAMRANGE guest mapping.
1193 * @param iChunk The chunk number.
1194 * @param pszDesc The RAM range description.
1195 * @param ppPrev Previous RAM range pointer. In/Out.
1196 */
1197static int pgmR3PhysRegisterHighRamChunk(PVM pVM, RTGCPHYS GCPhys, uint32_t cRamPages,
1198 uint32_t cbChunk, uint32_t iChunk, const char *pszDesc,
1199 PPGMRAMRANGE *ppPrev)
1200{
1201 const char *pszDescChunk = iChunk == 0
1202 ? pszDesc
1203 : MMR3HeapAPrintf(pVM, MM_TAG_PGM_PHYS, "%s (#%u)", pszDesc, iChunk + 1);
1204 AssertReturn(pszDescChunk, VERR_NO_MEMORY);
1205
1206 /*
1207 * Allocate memory for the new chunk.
1208 */
1209 size_t const cChunkPages = RT_ALIGN_Z(RT_UOFFSETOF(PGMRAMRANGE, aPages[cRamPages]), PAGE_SIZE) >> PAGE_SHIFT;
1210 PSUPPAGE paChunkPages = (PSUPPAGE)RTMemTmpAllocZ(sizeof(SUPPAGE) * cChunkPages);
1211 AssertReturn(paChunkPages, VERR_NO_TMP_MEMORY);
1212 RTR0PTR R0PtrChunk = NIL_RTR0PTR;
1213 void *pvChunk = NULL;
1214 int rc = SUPR3PageAllocEx(cChunkPages, 0 /*fFlags*/, &pvChunk,
1215#ifdef VBOX_WITH_2X_4GB_ADDR_SPACE
1216 VMMIsHwVirtExtForced(pVM) ? &R0PtrChunk : NULL,
1217#else
1218 NULL,
1219#endif
1220 paChunkPages);
1221 if (RT_SUCCESS(rc))
1222 {
1223#ifdef VBOX_WITH_2X_4GB_ADDR_SPACE
1224 if (!VMMIsHwVirtExtForced(pVM))
1225 R0PtrChunk = NIL_RTR0PTR;
1226#else
1227 R0PtrChunk = (uintptr_t)pvChunk;
1228#endif
1229 memset(pvChunk, 0, cChunkPages << PAGE_SHIFT);
1230
1231 PPGMRAMRANGE pNew = (PPGMRAMRANGE)pvChunk;
1232
1233 /*
1234 * Create a mapping and map the pages into it.
1235 * We push these in below the HMA.
1236 */
1237 RTGCPTR GCPtrChunkMap = pVM->pgm.s.GCPtrPrevRamRangeMapping - cbChunk;
1238 rc = PGMR3MapPT(pVM, GCPtrChunkMap, cbChunk, 0 /*fFlags*/, pgmR3PhysRamRangeRelocate, pNew, pszDescChunk);
1239 if (RT_SUCCESS(rc))
1240 {
1241 pVM->pgm.s.GCPtrPrevRamRangeMapping = GCPtrChunkMap;
1242
1243 RTGCPTR const GCPtrChunk = GCPtrChunkMap + PAGE_SIZE;
1244 RTGCPTR GCPtrPage = GCPtrChunk;
1245 for (uint32_t iPage = 0; iPage < cChunkPages && RT_SUCCESS(rc); iPage++, GCPtrPage += PAGE_SIZE)
1246 rc = PGMMap(pVM, GCPtrPage, paChunkPages[iPage].Phys, PAGE_SIZE, 0);
1247 if (RT_SUCCESS(rc))
1248 {
1249 /*
1250 * Ok, init and link the range.
1251 */
1252 pgmR3PhysInitAndLinkRamRange(pVM, pNew, GCPhys, GCPhys + ((RTGCPHYS)cRamPages << PAGE_SHIFT) - 1,
1253 (RTRCPTR)GCPtrChunk, R0PtrChunk, pszDescChunk, *ppPrev);
1254 *ppPrev = pNew;
1255 }
1256 }
1257
1258 if (RT_FAILURE(rc))
1259 SUPR3PageFreeEx(pvChunk, cChunkPages);
1260 }
1261
1262 RTMemTmpFree(paChunkPages);
1263 return rc;
1264}
1265
1266
1267/**
1268 * Sets up a range RAM.
1269 *
1270 * This will check for conflicting registrations, make a resource
1271 * reservation for the memory (with GMM), and setup the per-page
1272 * tracking structures (PGMPAGE).
1273 *
1274 * @returns VBox stutus code.
1275 * @param pVM Pointer to the shared VM structure.
1276 * @param GCPhys The physical address of the RAM.
1277 * @param cb The size of the RAM.
1278 * @param pszDesc The description - not copied, so, don't free or change it.
1279 */
1280VMMR3DECL(int) PGMR3PhysRegisterRam(PVM pVM, RTGCPHYS GCPhys, RTGCPHYS cb, const char *pszDesc)
1281{
1282 /*
1283 * Validate input.
1284 */
1285 Log(("PGMR3PhysRegisterRam: GCPhys=%RGp cb=%RGp pszDesc=%s\n", GCPhys, cb, pszDesc));
1286 AssertReturn(RT_ALIGN_T(GCPhys, PAGE_SIZE, RTGCPHYS) == GCPhys, VERR_INVALID_PARAMETER);
1287 AssertReturn(RT_ALIGN_T(cb, PAGE_SIZE, RTGCPHYS) == cb, VERR_INVALID_PARAMETER);
1288 AssertReturn(cb > 0, VERR_INVALID_PARAMETER);
1289 RTGCPHYS GCPhysLast = GCPhys + (cb - 1);
1290 AssertMsgReturn(GCPhysLast > GCPhys, ("The range wraps! GCPhys=%RGp cb=%RGp\n", GCPhys, cb), VERR_INVALID_PARAMETER);
1291 AssertPtrReturn(pszDesc, VERR_INVALID_POINTER);
1292 VM_ASSERT_EMT_RETURN(pVM, VERR_VM_THREAD_NOT_EMT);
1293
1294 pgmLock(pVM);
1295
1296 /*
1297 * Find range location and check for conflicts.
1298 * (We don't lock here because the locking by EMT is only required on update.)
1299 */
1300 PPGMRAMRANGE pPrev = NULL;
1301 PPGMRAMRANGE pRam = pVM->pgm.s.pRamRangesR3;
1302 while (pRam && GCPhysLast >= pRam->GCPhys)
1303 {
1304 if ( GCPhysLast >= pRam->GCPhys
1305 && GCPhys <= pRam->GCPhysLast)
1306 AssertLogRelMsgFailedReturn(("%RGp-%RGp (%s) conflicts with existing %RGp-%RGp (%s)\n",
1307 GCPhys, GCPhysLast, pszDesc,
1308 pRam->GCPhys, pRam->GCPhysLast, pRam->pszDesc),
1309 VERR_PGM_RAM_CONFLICT);
1310
1311 /* next */
1312 pPrev = pRam;
1313 pRam = pRam->pNextR3;
1314 }
1315
1316 /*
1317 * Register it with GMM (the API bitches).
1318 */
1319 const RTGCPHYS cPages = cb >> PAGE_SHIFT;
1320 int rc = MMR3IncreaseBaseReservation(pVM, cPages);
1321 if (RT_FAILURE(rc))
1322 {
1323 pgmUnlock(pVM);
1324 return rc;
1325 }
1326
1327 if ( GCPhys >= _4G
1328 && cPages > 256)
1329 {
1330 /*
1331 * The PGMRAMRANGE structures for the high memory can get very big.
1332 * In order to avoid SUPR3PageAllocEx allocation failures due to the
1333 * allocation size limit there and also to avoid being unable to find
1334 * guest mapping space for them, we split this memory up into 4MB in
1335 * (potential) raw-mode configs and 16MB chunks in forced AMD-V/VT-x
1336 * mode.
1337 *
1338 * The first and last page of each mapping are guard pages and marked
1339 * not-present. So, we've got 4186112 and 16769024 bytes available for
1340 * the PGMRAMRANGE structure.
1341 *
1342 * Note! The sizes used here will influence the saved state.
1343 */
1344 uint32_t cbChunk;
1345 uint32_t cPagesPerChunk;
1346 if (VMMIsHwVirtExtForced(pVM))
1347 {
1348 cbChunk = 16U*_1M;
1349 cPagesPerChunk = 1048048; /* max ~1048059 */
1350 AssertCompile(sizeof(PGMRAMRANGE) + sizeof(PGMPAGE) * 1048048 < 16U*_1M - PAGE_SIZE * 2);
1351 }
1352 else
1353 {
1354 cbChunk = 4U*_1M;
1355 cPagesPerChunk = 261616; /* max ~261627 */
1356 AssertCompile(sizeof(PGMRAMRANGE) + sizeof(PGMPAGE) * 261616 < 4U*_1M - PAGE_SIZE * 2);
1357 }
1358 AssertRelease(RT_UOFFSETOF(PGMRAMRANGE, aPages[cPagesPerChunk]) + PAGE_SIZE * 2 <= cbChunk);
1359
1360 RTGCPHYS cPagesLeft = cPages;
1361 RTGCPHYS GCPhysChunk = GCPhys;
1362 uint32_t iChunk = 0;
1363 while (cPagesLeft > 0)
1364 {
1365 uint32_t cPagesInChunk = cPagesLeft;
1366 if (cPagesInChunk > cPagesPerChunk)
1367 cPagesInChunk = cPagesPerChunk;
1368
1369 rc = pgmR3PhysRegisterHighRamChunk(pVM, GCPhysChunk, cPagesInChunk, cbChunk, iChunk, pszDesc, &pPrev);
1370 AssertRCReturn(rc, rc);
1371
1372 /* advance */
1373 GCPhysChunk += (RTGCPHYS)cPagesInChunk << PAGE_SHIFT;
1374 cPagesLeft -= cPagesInChunk;
1375 iChunk++;
1376 }
1377 }
1378 else
1379 {
1380 /*
1381 * Allocate, initialize and link the new RAM range.
1382 */
1383 const size_t cbRamRange = RT_OFFSETOF(PGMRAMRANGE, aPages[cPages]);
1384 PPGMRAMRANGE pNew;
1385 rc = MMR3HyperAllocOnceNoRel(pVM, cbRamRange, 0, MM_TAG_PGM_PHYS, (void **)&pNew);
1386 AssertLogRelMsgRCReturn(rc, ("cbRamRange=%zu\n", cbRamRange), rc);
1387
1388 pgmR3PhysInitAndLinkRamRange(pVM, pNew, GCPhys, GCPhysLast, NIL_RTRCPTR, NIL_RTR0PTR, pszDesc, pPrev);
1389 }
1390 PGMPhysInvalidatePageMapTLB(pVM);
1391 pgmUnlock(pVM);
1392
1393 /*
1394 * Notify REM.
1395 */
1396 REMR3NotifyPhysRamRegister(pVM, GCPhys, cb, REM_NOTIFY_PHYS_RAM_FLAGS_RAM);
1397
1398 return VINF_SUCCESS;
1399}
1400
1401
1402/**
1403 * Worker called by PGMR3InitFinalize if we're configured to pre-allocate RAM.
1404 *
1405 * We do this late in the init process so that all the ROM and MMIO ranges have
1406 * been registered already and we don't go wasting memory on them.
1407 *
1408 * @returns VBox status code.
1409 *
1410 * @param pVM Pointer to the shared VM structure.
1411 */
1412int pgmR3PhysRamPreAllocate(PVM pVM)
1413{
1414 Assert(pVM->pgm.s.fRamPreAlloc);
1415 Log(("pgmR3PhysRamPreAllocate: enter\n"));
1416
1417 /*
1418 * Walk the RAM ranges and allocate all RAM pages, halt at
1419 * the first allocation error.
1420 */
1421 uint64_t cPages = 0;
1422 uint64_t NanoTS = RTTimeNanoTS();
1423 pgmLock(pVM);
1424 for (PPGMRAMRANGE pRam = pVM->pgm.s.pRamRangesR3; pRam; pRam = pRam->pNextR3)
1425 {
1426 PPGMPAGE pPage = &pRam->aPages[0];
1427 RTGCPHYS GCPhys = pRam->GCPhys;
1428 uint32_t cLeft = pRam->cb >> PAGE_SHIFT;
1429 while (cLeft-- > 0)
1430 {
1431 if (PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_RAM)
1432 {
1433 switch (PGM_PAGE_GET_STATE(pPage))
1434 {
1435 case PGM_PAGE_STATE_ZERO:
1436 {
1437 int rc = pgmPhysAllocPage(pVM, pPage, GCPhys);
1438 if (RT_FAILURE(rc))
1439 {
1440 LogRel(("PGM: RAM Pre-allocation failed at %RGp (in %s) with rc=%Rrc\n", GCPhys, pRam->pszDesc, rc));
1441 pgmUnlock(pVM);
1442 return rc;
1443 }
1444 cPages++;
1445 break;
1446 }
1447
1448 case PGM_PAGE_STATE_BALLOONED:
1449 case PGM_PAGE_STATE_ALLOCATED:
1450 case PGM_PAGE_STATE_WRITE_MONITORED:
1451 case PGM_PAGE_STATE_SHARED:
1452 /* nothing to do here. */
1453 break;
1454 }
1455 }
1456
1457 /* next */
1458 pPage++;
1459 GCPhys += PAGE_SIZE;
1460 }
1461 }
1462 pgmUnlock(pVM);
1463 NanoTS = RTTimeNanoTS() - NanoTS;
1464
1465 LogRel(("PGM: Pre-allocated %llu pages in %llu ms\n", cPages, NanoTS / 1000000));
1466 Log(("pgmR3PhysRamPreAllocate: returns VINF_SUCCESS\n"));
1467 return VINF_SUCCESS;
1468}
1469
1470
1471/**
1472 * Resets (zeros) the RAM.
1473 *
1474 * ASSUMES that the caller owns the PGM lock.
1475 *
1476 * @returns VBox status code.
1477 * @param pVM Pointer to the shared VM structure.
1478 */
1479int pgmR3PhysRamReset(PVM pVM)
1480{
1481 Assert(PGMIsLockOwner(pVM));
1482
1483 /* Reset the memory balloon. */
1484 int rc = GMMR3BalloonedPages(pVM, GMMBALLOONACTION_RESET, 0);
1485 AssertRC(rc);
1486
1487#ifdef VBOX_WITH_PAGE_SHARING
1488 /* Clear all registered shared modules. */
1489 rc = GMMR3ResetSharedModules(pVM);
1490 AssertRC(rc);
1491#endif
1492 /* Reset counters. */
1493 pVM->pgm.s.cReusedSharedPages = 0;
1494 pVM->pgm.s.cBalloonedPages = 0;
1495
1496 /*
1497 * We batch up pages that should be freed instead of calling GMM for
1498 * each and every one of them.
1499 */
1500 uint32_t cPendingPages = 0;
1501 PGMMFREEPAGESREQ pReq;
1502 rc = GMMR3FreePagesPrepare(pVM, &pReq, PGMPHYS_FREE_PAGE_BATCH_SIZE, GMMACCOUNT_BASE);
1503 AssertLogRelRCReturn(rc, rc);
1504
1505 /*
1506 * Walk the ram ranges.
1507 */
1508 for (PPGMRAMRANGE pRam = pVM->pgm.s.pRamRangesR3; pRam; pRam = pRam->pNextR3)
1509 {
1510 uint32_t iPage = pRam->cb >> PAGE_SHIFT;
1511 AssertMsg(((RTGCPHYS)iPage << PAGE_SHIFT) == pRam->cb, ("%RGp %RGp\n", (RTGCPHYS)iPage << PAGE_SHIFT, pRam->cb));
1512
1513 if (!pVM->pgm.s.fRamPreAlloc)
1514 {
1515 /* Replace all RAM pages by ZERO pages. */
1516 while (iPage-- > 0)
1517 {
1518 PPGMPAGE pPage = &pRam->aPages[iPage];
1519 switch (PGM_PAGE_GET_TYPE(pPage))
1520 {
1521 case PGMPAGETYPE_RAM:
1522 /* Do not replace pages part of a 2 MB continuous range with zero pages, but zero them instead. */
1523 if (PGM_PAGE_GET_PDE_TYPE(pPage) == PGM_PAGE_PDE_TYPE_PDE)
1524 {
1525 void *pvPage;
1526 rc = pgmPhysPageMap(pVM, pPage, pRam->GCPhys + ((RTGCPHYS)iPage << PAGE_SHIFT), &pvPage);
1527 AssertLogRelRCReturn(rc, rc);
1528 ASMMemZeroPage(pvPage);
1529 }
1530 else
1531 if (PGM_PAGE_IS_BALLOONED(pPage))
1532 {
1533 /* Turn into a zero page; the balloon status is lost when the VM reboots. */
1534 PGM_PAGE_SET_STATE(pPage, PGM_PAGE_STATE_ZERO);
1535 }
1536 else
1537 if (!PGM_PAGE_IS_ZERO(pPage))
1538 {
1539 rc = pgmPhysFreePage(pVM, pReq, &cPendingPages, pPage, pRam->GCPhys + ((RTGCPHYS)iPage << PAGE_SHIFT));
1540 AssertLogRelRCReturn(rc, rc);
1541 }
1542 break;
1543
1544 case PGMPAGETYPE_MMIO2_ALIAS_MMIO:
1545 pgmHandlerPhysicalResetAliasedPage(pVM, pPage, pRam->GCPhys + ((RTGCPHYS)iPage << PAGE_SHIFT));
1546 break;
1547
1548 case PGMPAGETYPE_MMIO2:
1549 case PGMPAGETYPE_ROM_SHADOW: /* handled by pgmR3PhysRomReset. */
1550 case PGMPAGETYPE_ROM:
1551 case PGMPAGETYPE_MMIO:
1552 break;
1553 default:
1554 AssertFailed();
1555 }
1556 } /* for each page */
1557 }
1558 else
1559 {
1560 /* Zero the memory. */
1561 while (iPage-- > 0)
1562 {
1563 PPGMPAGE pPage = &pRam->aPages[iPage];
1564 switch (PGM_PAGE_GET_TYPE(pPage))
1565 {
1566 case PGMPAGETYPE_RAM:
1567 switch (PGM_PAGE_GET_STATE(pPage))
1568 {
1569 case PGM_PAGE_STATE_ZERO:
1570 break;
1571
1572 case PGM_PAGE_STATE_BALLOONED:
1573 /* Turn into a zero page; the balloon status is lost when the VM reboots. */
1574 PGM_PAGE_SET_STATE(pPage, PGM_PAGE_STATE_ZERO);
1575 break;
1576
1577 case PGM_PAGE_STATE_SHARED:
1578 case PGM_PAGE_STATE_WRITE_MONITORED:
1579 rc = pgmPhysPageMakeWritable(pVM, pPage, pRam->GCPhys + ((RTGCPHYS)iPage << PAGE_SHIFT));
1580 AssertLogRelRCReturn(rc, rc);
1581 /* no break */
1582
1583 case PGM_PAGE_STATE_ALLOCATED:
1584 {
1585 void *pvPage;
1586 rc = pgmPhysPageMap(pVM, pPage, pRam->GCPhys + ((RTGCPHYS)iPage << PAGE_SHIFT), &pvPage);
1587 AssertLogRelRCReturn(rc, rc);
1588 ASMMemZeroPage(pvPage);
1589 break;
1590 }
1591 }
1592 break;
1593
1594 case PGMPAGETYPE_MMIO2_ALIAS_MMIO:
1595 pgmHandlerPhysicalResetAliasedPage(pVM, pPage, pRam->GCPhys + ((RTGCPHYS)iPage << PAGE_SHIFT));
1596 break;
1597
1598 case PGMPAGETYPE_MMIO2:
1599 case PGMPAGETYPE_ROM_SHADOW:
1600 case PGMPAGETYPE_ROM:
1601 case PGMPAGETYPE_MMIO:
1602 break;
1603 default:
1604 AssertFailed();
1605
1606 }
1607 } /* for each page */
1608 }
1609
1610 }
1611
1612 /*
1613 * Finish off any pages pending freeing.
1614 */
1615 if (cPendingPages)
1616 {
1617 rc = GMMR3FreePagesPerform(pVM, pReq, cPendingPages);
1618 AssertLogRelRCReturn(rc, rc);
1619 }
1620 GMMR3FreePagesCleanup(pReq);
1621
1622 return VINF_SUCCESS;
1623}
1624
1625/**
1626 * Frees all RAM during VM termination
1627 *
1628 * ASSUMES that the caller owns the PGM lock.
1629 *
1630 * @returns VBox status code.
1631 * @param pVM Pointer to the shared VM structure.
1632 */
1633int pgmR3PhysRamTerm(PVM pVM)
1634{
1635 Assert(PGMIsLockOwner(pVM));
1636
1637 /* Reset the memory balloon. */
1638 int rc = GMMR3BalloonedPages(pVM, GMMBALLOONACTION_RESET, 0);
1639 AssertRC(rc);
1640
1641#ifdef VBOX_WITH_PAGE_SHARING
1642 /* Clear all registered shared modules. */
1643 rc = GMMR3ResetSharedModules(pVM);
1644 AssertRC(rc);
1645#endif
1646
1647 /*
1648 * We batch up pages that should be freed instead of calling GMM for
1649 * each and every one of them.
1650 */
1651 uint32_t cPendingPages = 0;
1652 PGMMFREEPAGESREQ pReq;
1653 rc = GMMR3FreePagesPrepare(pVM, &pReq, PGMPHYS_FREE_PAGE_BATCH_SIZE, GMMACCOUNT_BASE);
1654 AssertLogRelRCReturn(rc, rc);
1655
1656 /*
1657 * Walk the ram ranges.
1658 */
1659 for (PPGMRAMRANGE pRam = pVM->pgm.s.pRamRangesR3; pRam; pRam = pRam->pNextR3)
1660 {
1661 uint32_t iPage = pRam->cb >> PAGE_SHIFT;
1662 AssertMsg(((RTGCPHYS)iPage << PAGE_SHIFT) == pRam->cb, ("%RGp %RGp\n", (RTGCPHYS)iPage << PAGE_SHIFT, pRam->cb));
1663
1664 /* Replace all RAM pages by ZERO pages. */
1665 while (iPage-- > 0)
1666 {
1667 PPGMPAGE pPage = &pRam->aPages[iPage];
1668 switch (PGM_PAGE_GET_TYPE(pPage))
1669 {
1670 case PGMPAGETYPE_RAM:
1671 /* Free all shared pages. Private pages are automatically freed during GMM VM cleanup. */
1672 if (PGM_PAGE_IS_SHARED(pPage))
1673 {
1674 rc = pgmPhysFreePage(pVM, pReq, &cPendingPages, pPage, pRam->GCPhys + ((RTGCPHYS)iPage << PAGE_SHIFT));
1675 AssertLogRelRCReturn(rc, rc);
1676 }
1677 break;
1678
1679 case PGMPAGETYPE_MMIO2_ALIAS_MMIO:
1680 case PGMPAGETYPE_MMIO2:
1681 case PGMPAGETYPE_ROM_SHADOW: /* handled by pgmR3PhysRomReset. */
1682 case PGMPAGETYPE_ROM:
1683 case PGMPAGETYPE_MMIO:
1684 break;
1685 default:
1686 AssertFailed();
1687 }
1688 } /* for each page */
1689 }
1690
1691 /*
1692 * Finish off any pages pending freeing.
1693 */
1694 if (cPendingPages)
1695 {
1696 rc = GMMR3FreePagesPerform(pVM, pReq, cPendingPages);
1697 AssertLogRelRCReturn(rc, rc);
1698 }
1699 GMMR3FreePagesCleanup(pReq);
1700 return VINF_SUCCESS;
1701}
1702
1703/**
1704 * This is the interface IOM is using to register an MMIO region.
1705 *
1706 * It will check for conflicts and ensure that a RAM range structure
1707 * is present before calling the PGMR3HandlerPhysicalRegister API to
1708 * register the callbacks.
1709 *
1710 * @returns VBox status code.
1711 *
1712 * @param pVM Pointer to the shared VM structure.
1713 * @param GCPhys The start of the MMIO region.
1714 * @param cb The size of the MMIO region.
1715 * @param pfnHandlerR3 The address of the ring-3 handler. (IOMR3MMIOHandler)
1716 * @param pvUserR3 The user argument for R3.
1717 * @param pfnHandlerR0 The address of the ring-0 handler. (IOMMMIOHandler)
1718 * @param pvUserR0 The user argument for R0.
1719 * @param pfnHandlerRC The address of the RC handler. (IOMMMIOHandler)
1720 * @param pvUserRC The user argument for RC.
1721 * @param pszDesc The description of the MMIO region.
1722 */
1723VMMR3DECL(int) PGMR3PhysMMIORegister(PVM pVM, RTGCPHYS GCPhys, RTGCPHYS cb,
1724 R3PTRTYPE(PFNPGMR3PHYSHANDLER) pfnHandlerR3, RTR3PTR pvUserR3,
1725 R0PTRTYPE(PFNPGMR0PHYSHANDLER) pfnHandlerR0, RTR0PTR pvUserR0,
1726 RCPTRTYPE(PFNPGMRCPHYSHANDLER) pfnHandlerRC, RTRCPTR pvUserRC,
1727 R3PTRTYPE(const char *) pszDesc)
1728{
1729 /*
1730 * Assert on some assumption.
1731 */
1732 VM_ASSERT_EMT(pVM);
1733 AssertReturn(!(cb & PAGE_OFFSET_MASK), VERR_INVALID_PARAMETER);
1734 AssertReturn(!(GCPhys & PAGE_OFFSET_MASK), VERR_INVALID_PARAMETER);
1735 AssertPtrReturn(pszDesc, VERR_INVALID_POINTER);
1736 AssertReturn(*pszDesc, VERR_INVALID_PARAMETER);
1737
1738 /*
1739 * Make sure there's a RAM range structure for the region.
1740 */
1741 int rc;
1742 RTGCPHYS GCPhysLast = GCPhys + (cb - 1);
1743 bool fRamExists = false;
1744 PPGMRAMRANGE pRamPrev = NULL;
1745 PPGMRAMRANGE pRam = pVM->pgm.s.pRamRangesR3;
1746 while (pRam && GCPhysLast >= pRam->GCPhys)
1747 {
1748 if ( GCPhysLast >= pRam->GCPhys
1749 && GCPhys <= pRam->GCPhysLast)
1750 {
1751 /* Simplification: all within the same range. */
1752 AssertLogRelMsgReturn( GCPhys >= pRam->GCPhys
1753 && GCPhysLast <= pRam->GCPhysLast,
1754 ("%RGp-%RGp (MMIO/%s) falls partly outside %RGp-%RGp (%s)\n",
1755 GCPhys, GCPhysLast, pszDesc,
1756 pRam->GCPhys, pRam->GCPhysLast, pRam->pszDesc),
1757 VERR_PGM_RAM_CONFLICT);
1758
1759 /* Check that it's all RAM or MMIO pages. */
1760 PCPGMPAGE pPage = &pRam->aPages[(GCPhys - pRam->GCPhys) >> PAGE_SHIFT];
1761 uint32_t cLeft = cb >> PAGE_SHIFT;
1762 while (cLeft-- > 0)
1763 {
1764 AssertLogRelMsgReturn( PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_RAM
1765 || PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_MMIO,
1766 ("%RGp-%RGp (MMIO/%s): %RGp is not a RAM or MMIO page - type=%d desc=%s\n",
1767 GCPhys, GCPhysLast, pszDesc, PGM_PAGE_GET_TYPE(pPage), pRam->pszDesc),
1768 VERR_PGM_RAM_CONFLICT);
1769 pPage++;
1770 }
1771
1772 /* Looks good. */
1773 fRamExists = true;
1774 break;
1775 }
1776
1777 /* next */
1778 pRamPrev = pRam;
1779 pRam = pRam->pNextR3;
1780 }
1781 PPGMRAMRANGE pNew;
1782 if (fRamExists)
1783 {
1784 pNew = NULL;
1785
1786 /*
1787 * Make all the pages in the range MMIO/ZERO pages, freeing any
1788 * RAM pages currently mapped here. This might not be 100% correct
1789 * for PCI memory, but we're doing the same thing for MMIO2 pages.
1790 */
1791 rc = pgmLock(pVM);
1792 if (RT_SUCCESS(rc))
1793 {
1794 rc = pgmR3PhysFreePageRange(pVM, pRam, GCPhys, GCPhysLast, PGMPAGETYPE_MMIO);
1795 pgmUnlock(pVM);
1796 }
1797 AssertRCReturn(rc, rc);
1798
1799 /* Force a PGM pool flush as guest ram references have been changed. */
1800 /** todo; not entirely SMP safe; assuming for now the guest takes care of this internally (not touch mapped mmio while changing the mapping). */
1801 PVMCPU pVCpu = VMMGetCpu(pVM);
1802 pVCpu->pgm.s.fSyncFlags |= PGM_SYNC_CLEAR_PGM_POOL;
1803 VMCPU_FF_SET(pVCpu, VMCPU_FF_PGM_SYNC_CR3);
1804 }
1805 else
1806 {
1807 pgmLock(pVM);
1808
1809 /*
1810 * No RAM range, insert an ad hoc one.
1811 *
1812 * Note that we don't have to tell REM about this range because
1813 * PGMHandlerPhysicalRegisterEx will do that for us.
1814 */
1815 Log(("PGMR3PhysMMIORegister: Adding ad hoc MMIO range for %RGp-%RGp %s\n", GCPhys, GCPhysLast, pszDesc));
1816
1817 const uint32_t cPages = cb >> PAGE_SHIFT;
1818 const size_t cbRamRange = RT_OFFSETOF(PGMRAMRANGE, aPages[cPages]);
1819 rc = MMHyperAlloc(pVM, RT_OFFSETOF(PGMRAMRANGE, aPages[cPages]), 16, MM_TAG_PGM_PHYS, (void **)&pNew);
1820 AssertLogRelMsgRCReturn(rc, ("cbRamRange=%zu\n", cbRamRange), rc);
1821
1822 /* Initialize the range. */
1823 pNew->pSelfR0 = MMHyperCCToR0(pVM, pNew);
1824 pNew->pSelfRC = MMHyperCCToRC(pVM, pNew);
1825 pNew->GCPhys = GCPhys;
1826 pNew->GCPhysLast = GCPhysLast;
1827 pNew->cb = cb;
1828 pNew->pszDesc = pszDesc;
1829 pNew->fFlags = PGM_RAM_RANGE_FLAGS_AD_HOC_MMIO;
1830 pNew->pvR3 = NULL;
1831 pNew->paLSPages = NULL;
1832
1833 uint32_t iPage = cPages;
1834 while (iPage-- > 0)
1835 PGM_PAGE_INIT_ZERO(&pNew->aPages[iPage], pVM, PGMPAGETYPE_MMIO);
1836 Assert(PGM_PAGE_GET_TYPE(&pNew->aPages[0]) == PGMPAGETYPE_MMIO);
1837
1838 /* update the page count stats. */
1839 pVM->pgm.s.cPureMmioPages += cPages;
1840 pVM->pgm.s.cAllPages += cPages;
1841
1842 /* link it */
1843 pgmR3PhysLinkRamRange(pVM, pNew, pRamPrev);
1844
1845 pgmUnlock(pVM);
1846 }
1847
1848 /*
1849 * Register the access handler.
1850 */
1851 rc = PGMHandlerPhysicalRegisterEx(pVM, PGMPHYSHANDLERTYPE_MMIO, GCPhys, GCPhysLast,
1852 pfnHandlerR3, pvUserR3,
1853 pfnHandlerR0, pvUserR0,
1854 pfnHandlerRC, pvUserRC, pszDesc);
1855 if ( RT_FAILURE(rc)
1856 && !fRamExists)
1857 {
1858 pVM->pgm.s.cPureMmioPages -= cb >> PAGE_SHIFT;
1859 pVM->pgm.s.cAllPages -= cb >> PAGE_SHIFT;
1860
1861 /* remove the ad hoc range. */
1862 pgmR3PhysUnlinkRamRange2(pVM, pNew, pRamPrev);
1863 pNew->cb = pNew->GCPhys = pNew->GCPhysLast = NIL_RTGCPHYS;
1864 MMHyperFree(pVM, pRam);
1865 }
1866 PGMPhysInvalidatePageMapTLB(pVM);
1867
1868 return rc;
1869}
1870
1871
1872/**
1873 * This is the interface IOM is using to register an MMIO region.
1874 *
1875 * It will take care of calling PGMHandlerPhysicalDeregister and clean up
1876 * any ad hoc PGMRAMRANGE left behind.
1877 *
1878 * @returns VBox status code.
1879 * @param pVM Pointer to the shared VM structure.
1880 * @param GCPhys The start of the MMIO region.
1881 * @param cb The size of the MMIO region.
1882 */
1883VMMR3DECL(int) PGMR3PhysMMIODeregister(PVM pVM, RTGCPHYS GCPhys, RTGCPHYS cb)
1884{
1885 VM_ASSERT_EMT(pVM);
1886
1887 /*
1888 * First deregister the handler, then check if we should remove the ram range.
1889 */
1890 int rc = PGMHandlerPhysicalDeregister(pVM, GCPhys);
1891 if (RT_SUCCESS(rc))
1892 {
1893 RTGCPHYS GCPhysLast = GCPhys + (cb - 1);
1894 PPGMRAMRANGE pRamPrev = NULL;
1895 PPGMRAMRANGE pRam = pVM->pgm.s.pRamRangesR3;
1896 while (pRam && GCPhysLast >= pRam->GCPhys)
1897 {
1898 /** @todo We're being a bit too careful here. rewrite. */
1899 if ( GCPhysLast == pRam->GCPhysLast
1900 && GCPhys == pRam->GCPhys)
1901 {
1902 Assert(pRam->cb == cb);
1903
1904 /*
1905 * See if all the pages are dead MMIO pages.
1906 */
1907 uint32_t const cPages = cb >> PAGE_SHIFT;
1908 bool fAllMMIO = true;
1909 uint32_t iPage = 0;
1910 uint32_t cLeft = cPages;
1911 while (cLeft-- > 0)
1912 {
1913 PPGMPAGE pPage = &pRam->aPages[iPage];
1914 if ( PGM_PAGE_GET_TYPE(pPage) != PGMPAGETYPE_MMIO
1915 /*|| not-out-of-action later */)
1916 {
1917 fAllMMIO = false;
1918 Assert(PGM_PAGE_GET_TYPE(pPage) != PGMPAGETYPE_MMIO2_ALIAS_MMIO);
1919 AssertMsgFailed(("%RGp %R[pgmpage]\n", pRam->GCPhys + ((RTGCPHYS)iPage << PAGE_SHIFT), pPage));
1920 break;
1921 }
1922 Assert(PGM_PAGE_IS_ZERO(pPage));
1923 pPage++;
1924 }
1925 if (fAllMMIO)
1926 {
1927 /*
1928 * Ad-hoc range, unlink and free it.
1929 */
1930 Log(("PGMR3PhysMMIODeregister: Freeing ad hoc MMIO range for %RGp-%RGp %s\n",
1931 GCPhys, GCPhysLast, pRam->pszDesc));
1932
1933 pVM->pgm.s.cAllPages -= cPages;
1934 pVM->pgm.s.cPureMmioPages -= cPages;
1935
1936 pgmR3PhysUnlinkRamRange2(pVM, pRam, pRamPrev);
1937 pRam->cb = pRam->GCPhys = pRam->GCPhysLast = NIL_RTGCPHYS;
1938 MMHyperFree(pVM, pRam);
1939 break;
1940 }
1941 }
1942
1943 /*
1944 * Range match? It will all be within one range (see PGMAllHandler.cpp).
1945 */
1946 if ( GCPhysLast >= pRam->GCPhys
1947 && GCPhys <= pRam->GCPhysLast)
1948 {
1949 Assert(GCPhys >= pRam->GCPhys);
1950 Assert(GCPhysLast <= pRam->GCPhysLast);
1951
1952 /*
1953 * Turn the pages back into RAM pages.
1954 */
1955 uint32_t iPage = (GCPhys - pRam->GCPhys) >> PAGE_SHIFT;
1956 uint32_t cLeft = cb >> PAGE_SHIFT;
1957 while (cLeft--)
1958 {
1959 PPGMPAGE pPage = &pRam->aPages[iPage];
1960 AssertMsg(PGM_PAGE_IS_MMIO(pPage), ("%RGp %R[pgmpage]\n", pRam->GCPhys + ((RTGCPHYS)iPage << PAGE_SHIFT), pPage));
1961 AssertMsg(PGM_PAGE_IS_ZERO(pPage), ("%RGp %R[pgmpage]\n", pRam->GCPhys + ((RTGCPHYS)iPage << PAGE_SHIFT), pPage));
1962 if (PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_MMIO)
1963 PGM_PAGE_SET_TYPE(pPage, PGMPAGETYPE_RAM);
1964 }
1965 break;
1966 }
1967
1968 /* next */
1969 pRamPrev = pRam;
1970 pRam = pRam->pNextR3;
1971 }
1972 }
1973
1974 /* Force a PGM pool flush as guest ram references have been changed. */
1975 /** todo; not entirely SMP safe; assuming for now the guest takes care of this internally (not touch mapped mmio while changing the mapping). */
1976 PVMCPU pVCpu = VMMGetCpu(pVM);
1977 pVCpu->pgm.s.fSyncFlags |= PGM_SYNC_CLEAR_PGM_POOL;
1978 VMCPU_FF_SET(pVCpu, VMCPU_FF_PGM_SYNC_CR3);
1979
1980 PGMPhysInvalidatePageMapTLB(pVM);
1981 return rc;
1982}
1983
1984
1985/**
1986 * Locate a MMIO2 range.
1987 *
1988 * @returns Pointer to the MMIO2 range.
1989 * @param pVM Pointer to the shared VM structure.
1990 * @param pDevIns The device instance owning the region.
1991 * @param iRegion The region.
1992 */
1993DECLINLINE(PPGMMMIO2RANGE) pgmR3PhysMMIO2Find(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion)
1994{
1995 /*
1996 * Search the list.
1997 */
1998 for (PPGMMMIO2RANGE pCur = pVM->pgm.s.pMmio2RangesR3; pCur; pCur = pCur->pNextR3)
1999 if ( pCur->pDevInsR3 == pDevIns
2000 && pCur->iRegion == iRegion)
2001 return pCur;
2002 return NULL;
2003}
2004
2005
2006/**
2007 * Allocate and register an MMIO2 region.
2008 *
2009 * As mentioned elsewhere, MMIO2 is just RAM spelled differently. It's RAM
2010 * associated with a device. It is also non-shared memory with a permanent
2011 * ring-3 mapping and page backing (presently).
2012 *
2013 * A MMIO2 range may overlap with base memory if a lot of RAM is configured for
2014 * the VM, in which case we'll drop the base memory pages. Presently we will
2015 * make no attempt to preserve anything that happens to be present in the base
2016 * memory that is replaced, this is of course incorrectly but it's too much
2017 * effort.
2018 *
2019 * @returns VBox status code.
2020 * @retval VINF_SUCCESS on success, *ppv pointing to the R3 mapping of the
2021 * memory.
2022 * @retval VERR_ALREADY_EXISTS if the region already exists.
2023 *
2024 * @param pVM Pointer to the shared VM structure.
2025 * @param pDevIns The device instance owning the region.
2026 * @param iRegion The region number. If the MMIO2 memory is a PCI
2027 * I/O region this number has to be the number of that
2028 * region. Otherwise it can be any number safe
2029 * UINT8_MAX.
2030 * @param cb The size of the region. Must be page aligned.
2031 * @param fFlags Reserved for future use, must be zero.
2032 * @param ppv Where to store the pointer to the ring-3 mapping of
2033 * the memory.
2034 * @param pszDesc The description.
2035 */
2036VMMR3DECL(int) PGMR3PhysMMIO2Register(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS cb, uint32_t fFlags, void **ppv, const char *pszDesc)
2037{
2038 /*
2039 * Validate input.
2040 */
2041 VM_ASSERT_EMT_RETURN(pVM, VERR_VM_THREAD_NOT_EMT);
2042 AssertPtrReturn(pDevIns, VERR_INVALID_PARAMETER);
2043 AssertReturn(iRegion <= UINT8_MAX, VERR_INVALID_PARAMETER);
2044 AssertPtrReturn(ppv, VERR_INVALID_POINTER);
2045 AssertPtrReturn(pszDesc, VERR_INVALID_POINTER);
2046 AssertReturn(*pszDesc, VERR_INVALID_PARAMETER);
2047 AssertReturn(pgmR3PhysMMIO2Find(pVM, pDevIns, iRegion) == NULL, VERR_ALREADY_EXISTS);
2048 AssertReturn(!(cb & PAGE_OFFSET_MASK), VERR_INVALID_PARAMETER);
2049 AssertReturn(cb, VERR_INVALID_PARAMETER);
2050 AssertReturn(!fFlags, VERR_INVALID_PARAMETER);
2051
2052 const uint32_t cPages = cb >> PAGE_SHIFT;
2053 AssertLogRelReturn(((RTGCPHYS)cPages << PAGE_SHIFT) == cb, VERR_INVALID_PARAMETER);
2054 AssertLogRelReturn(cPages <= INT32_MAX / 2, VERR_NO_MEMORY);
2055
2056 /*
2057 * For the 2nd+ instance, mangle the description string so it's unique.
2058 */
2059 if (pDevIns->iInstance > 0) /** @todo Move to PDMDevHlp.cpp and use a real string cache. */
2060 {
2061 pszDesc = MMR3HeapAPrintf(pVM, MM_TAG_PGM_PHYS, "%s [%u]", pszDesc, pDevIns->iInstance);
2062 if (!pszDesc)
2063 return VERR_NO_MEMORY;
2064 }
2065
2066 /*
2067 * Try reserve and allocate the backing memory first as this is what is
2068 * most likely to fail.
2069 */
2070 int rc = MMR3AdjustFixedReservation(pVM, cPages, pszDesc);
2071 if (RT_SUCCESS(rc))
2072 {
2073 void *pvPages;
2074 PSUPPAGE paPages = (PSUPPAGE)RTMemTmpAlloc(cPages * sizeof(SUPPAGE));
2075 if (RT_SUCCESS(rc))
2076 rc = SUPR3PageAllocEx(cPages, 0 /*fFlags*/, &pvPages, NULL /*pR0Ptr*/, paPages);
2077 if (RT_SUCCESS(rc))
2078 {
2079 memset(pvPages, 0, cPages * PAGE_SIZE);
2080
2081 /*
2082 * Create the MMIO2 range record for it.
2083 */
2084 const size_t cbRange = RT_OFFSETOF(PGMMMIO2RANGE, RamRange.aPages[cPages]);
2085 PPGMMMIO2RANGE pNew;
2086 rc = MMR3HyperAllocOnceNoRel(pVM, cbRange, 0, MM_TAG_PGM_PHYS, (void **)&pNew);
2087 AssertLogRelMsgRC(rc, ("cbRamRange=%zu\n", cbRange));
2088 if (RT_SUCCESS(rc))
2089 {
2090 pNew->pDevInsR3 = pDevIns;
2091 pNew->pvR3 = pvPages;
2092 //pNew->pNext = NULL;
2093 //pNew->fMapped = false;
2094 //pNew->fOverlapping = false;
2095 pNew->iRegion = iRegion;
2096 pNew->idSavedState = UINT8_MAX;
2097 pNew->RamRange.pSelfR0 = MMHyperCCToR0(pVM, &pNew->RamRange);
2098 pNew->RamRange.pSelfRC = MMHyperCCToRC(pVM, &pNew->RamRange);
2099 pNew->RamRange.GCPhys = NIL_RTGCPHYS;
2100 pNew->RamRange.GCPhysLast = NIL_RTGCPHYS;
2101 pNew->RamRange.pszDesc = pszDesc;
2102 pNew->RamRange.cb = cb;
2103 pNew->RamRange.fFlags = PGM_RAM_RANGE_FLAGS_AD_HOC_MMIO2;
2104 pNew->RamRange.pvR3 = pvPages;
2105 //pNew->RamRange.paLSPages = NULL;
2106
2107 uint32_t iPage = cPages;
2108 while (iPage-- > 0)
2109 {
2110 PGM_PAGE_INIT(&pNew->RamRange.aPages[iPage],
2111 paPages[iPage].Phys, NIL_GMM_PAGEID,
2112 PGMPAGETYPE_MMIO2, PGM_PAGE_STATE_ALLOCATED);
2113 }
2114
2115 /* update page count stats */
2116 pVM->pgm.s.cAllPages += cPages;
2117 pVM->pgm.s.cPrivatePages += cPages;
2118
2119 /*
2120 * Link it into the list.
2121 * Since there is no particular order, just push it.
2122 */
2123 pgmLock(pVM);
2124 pNew->pNextR3 = pVM->pgm.s.pMmio2RangesR3;
2125 pVM->pgm.s.pMmio2RangesR3 = pNew;
2126 pgmUnlock(pVM);
2127
2128 *ppv = pvPages;
2129 RTMemTmpFree(paPages);
2130 PGMPhysInvalidatePageMapTLB(pVM);
2131 return VINF_SUCCESS;
2132 }
2133
2134 SUPR3PageFreeEx(pvPages, cPages);
2135 }
2136 RTMemTmpFree(paPages);
2137 MMR3AdjustFixedReservation(pVM, -(int32_t)cPages, pszDesc);
2138 }
2139 if (pDevIns->iInstance > 0)
2140 MMR3HeapFree((void *)pszDesc);
2141 return rc;
2142}
2143
2144
2145/**
2146 * Deregisters and frees an MMIO2 region.
2147 *
2148 * Any physical (and virtual) access handlers registered for the region must
2149 * be deregistered before calling this function.
2150 *
2151 * @returns VBox status code.
2152 * @param pVM Pointer to the shared VM structure.
2153 * @param pDevIns The device instance owning the region.
2154 * @param iRegion The region. If it's UINT32_MAX it'll be a wildcard match.
2155 */
2156VMMR3DECL(int) PGMR3PhysMMIO2Deregister(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion)
2157{
2158 /*
2159 * Validate input.
2160 */
2161 VM_ASSERT_EMT_RETURN(pVM, VERR_VM_THREAD_NOT_EMT);
2162 AssertPtrReturn(pDevIns, VERR_INVALID_PARAMETER);
2163 AssertReturn(iRegion <= UINT8_MAX || iRegion == UINT32_MAX, VERR_INVALID_PARAMETER);
2164
2165 pgmLock(pVM);
2166 int rc = VINF_SUCCESS;
2167 unsigned cFound = 0;
2168 PPGMMMIO2RANGE pPrev = NULL;
2169 PPGMMMIO2RANGE pCur = pVM->pgm.s.pMmio2RangesR3;
2170 while (pCur)
2171 {
2172 if ( pCur->pDevInsR3 == pDevIns
2173 && ( iRegion == UINT32_MAX
2174 || pCur->iRegion == iRegion))
2175 {
2176 cFound++;
2177
2178 /*
2179 * Unmap it if it's mapped.
2180 */
2181 if (pCur->fMapped)
2182 {
2183 int rc2 = PGMR3PhysMMIO2Unmap(pVM, pCur->pDevInsR3, pCur->iRegion, pCur->RamRange.GCPhys);
2184 AssertRC(rc2);
2185 if (RT_FAILURE(rc2) && RT_SUCCESS(rc))
2186 rc = rc2;
2187 }
2188
2189 /*
2190 * Unlink it
2191 */
2192 PPGMMMIO2RANGE pNext = pCur->pNextR3;
2193 if (pPrev)
2194 pPrev->pNextR3 = pNext;
2195 else
2196 pVM->pgm.s.pMmio2RangesR3 = pNext;
2197 pCur->pNextR3 = NULL;
2198
2199 /*
2200 * Free the memory.
2201 */
2202 int rc2 = SUPR3PageFreeEx(pCur->pvR3, pCur->RamRange.cb >> PAGE_SHIFT);
2203 AssertRC(rc2);
2204 if (RT_FAILURE(rc2) && RT_SUCCESS(rc))
2205 rc = rc2;
2206
2207 uint32_t const cPages = pCur->RamRange.cb >> PAGE_SHIFT;
2208 rc2 = MMR3AdjustFixedReservation(pVM, -(int32_t)cPages, pCur->RamRange.pszDesc);
2209 AssertRC(rc2);
2210 if (RT_FAILURE(rc2) && RT_SUCCESS(rc))
2211 rc = rc2;
2212
2213 /* we're leaking hyper memory here if done at runtime. */
2214#ifdef VBOX_STRICT
2215 VMSTATE const enmState = VMR3GetState(pVM);
2216 AssertMsg( enmState == VMSTATE_POWERING_OFF
2217 || enmState == VMSTATE_POWERING_OFF_LS
2218 || enmState == VMSTATE_OFF
2219 || enmState == VMSTATE_OFF_LS
2220 || enmState == VMSTATE_DESTROYING
2221 || enmState == VMSTATE_TERMINATED
2222 || enmState == VMSTATE_CREATING
2223 , ("%s\n", VMR3GetStateName(enmState)));
2224#endif
2225 /*rc = MMHyperFree(pVM, pCur);
2226 AssertRCReturn(rc, rc); - not safe, see the alloc call. */
2227
2228
2229 /* update page count stats */
2230 pVM->pgm.s.cAllPages -= cPages;
2231 pVM->pgm.s.cPrivatePages -= cPages;
2232
2233 /* next */
2234 pCur = pNext;
2235 }
2236 else
2237 {
2238 pPrev = pCur;
2239 pCur = pCur->pNextR3;
2240 }
2241 }
2242 PGMPhysInvalidatePageMapTLB(pVM);
2243 pgmUnlock(pVM);
2244 return !cFound && iRegion != UINT32_MAX ? VERR_NOT_FOUND : rc;
2245}
2246
2247
2248/**
2249 * Maps a MMIO2 region.
2250 *
2251 * This is done when a guest / the bios / state loading changes the
2252 * PCI config. The replacing of base memory has the same restrictions
2253 * as during registration, of course.
2254 *
2255 * @returns VBox status code.
2256 *
2257 * @param pVM Pointer to the shared VM structure.
2258 * @param pDevIns The
2259 */
2260VMMR3DECL(int) PGMR3PhysMMIO2Map(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS GCPhys)
2261{
2262 /*
2263 * Validate input
2264 */
2265 VM_ASSERT_EMT_RETURN(pVM, VERR_VM_THREAD_NOT_EMT);
2266 AssertPtrReturn(pDevIns, VERR_INVALID_PARAMETER);
2267 AssertReturn(iRegion <= UINT8_MAX, VERR_INVALID_PARAMETER);
2268 AssertReturn(GCPhys != NIL_RTGCPHYS, VERR_INVALID_PARAMETER);
2269 AssertReturn(GCPhys != 0, VERR_INVALID_PARAMETER);
2270 AssertReturn(!(GCPhys & PAGE_OFFSET_MASK), VERR_INVALID_PARAMETER);
2271
2272 PPGMMMIO2RANGE pCur = pgmR3PhysMMIO2Find(pVM, pDevIns, iRegion);
2273 AssertReturn(pCur, VERR_NOT_FOUND);
2274 AssertReturn(!pCur->fMapped, VERR_WRONG_ORDER);
2275 Assert(pCur->RamRange.GCPhys == NIL_RTGCPHYS);
2276 Assert(pCur->RamRange.GCPhysLast == NIL_RTGCPHYS);
2277
2278 const RTGCPHYS GCPhysLast = GCPhys + pCur->RamRange.cb - 1;
2279 AssertReturn(GCPhysLast > GCPhys, VERR_INVALID_PARAMETER);
2280
2281 /*
2282 * Find our location in the ram range list, checking for
2283 * restriction we don't bother implementing yet (partially overlapping).
2284 */
2285 bool fRamExists = false;
2286 PPGMRAMRANGE pRamPrev = NULL;
2287 PPGMRAMRANGE pRam = pVM->pgm.s.pRamRangesR3;
2288 while (pRam && GCPhysLast >= pRam->GCPhys)
2289 {
2290 if ( GCPhys <= pRam->GCPhysLast
2291 && GCPhysLast >= pRam->GCPhys)
2292 {
2293 /* completely within? */
2294 AssertLogRelMsgReturn( GCPhys >= pRam->GCPhys
2295 && GCPhysLast <= pRam->GCPhysLast,
2296 ("%RGp-%RGp (MMIO2/%s) falls partly outside %RGp-%RGp (%s)\n",
2297 GCPhys, GCPhysLast, pCur->RamRange.pszDesc,
2298 pRam->GCPhys, pRam->GCPhysLast, pRam->pszDesc),
2299 VERR_PGM_RAM_CONFLICT);
2300 fRamExists = true;
2301 break;
2302 }
2303
2304 /* next */
2305 pRamPrev = pRam;
2306 pRam = pRam->pNextR3;
2307 }
2308 if (fRamExists)
2309 {
2310 PPGMPAGE pPage = &pRam->aPages[(GCPhys - pRam->GCPhys) >> PAGE_SHIFT];
2311 uint32_t cPagesLeft = pCur->RamRange.cb >> PAGE_SHIFT;
2312 while (cPagesLeft-- > 0)
2313 {
2314 AssertLogRelMsgReturn(PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_RAM,
2315 ("%RGp isn't a RAM page (%d) - mapping %RGp-%RGp (MMIO2/%s).\n",
2316 GCPhys, PGM_PAGE_GET_TYPE(pPage), GCPhys, GCPhysLast, pCur->RamRange.pszDesc),
2317 VERR_PGM_RAM_CONFLICT);
2318 pPage++;
2319 }
2320 }
2321 Log(("PGMR3PhysMMIO2Map: %RGp-%RGp fRamExists=%RTbool %s\n",
2322 GCPhys, GCPhysLast, fRamExists, pCur->RamRange.pszDesc));
2323
2324 /*
2325 * Make the changes.
2326 */
2327 pgmLock(pVM);
2328
2329 pCur->RamRange.GCPhys = GCPhys;
2330 pCur->RamRange.GCPhysLast = GCPhysLast;
2331 pCur->fMapped = true;
2332 pCur->fOverlapping = fRamExists;
2333
2334 if (fRamExists)
2335 {
2336/** @todo use pgmR3PhysFreePageRange here. */
2337 uint32_t cPendingPages = 0;
2338 PGMMFREEPAGESREQ pReq;
2339 int rc = GMMR3FreePagesPrepare(pVM, &pReq, PGMPHYS_FREE_PAGE_BATCH_SIZE, GMMACCOUNT_BASE);
2340 AssertLogRelRCReturn(rc, rc);
2341
2342 /* replace the pages, freeing all present RAM pages. */
2343 PPGMPAGE pPageSrc = &pCur->RamRange.aPages[0];
2344 PPGMPAGE pPageDst = &pRam->aPages[(GCPhys - pRam->GCPhys) >> PAGE_SHIFT];
2345 uint32_t cPagesLeft = pCur->RamRange.cb >> PAGE_SHIFT;
2346 while (cPagesLeft-- > 0)
2347 {
2348 rc = pgmPhysFreePage(pVM, pReq, &cPendingPages, pPageDst, GCPhys);
2349 AssertLogRelRCReturn(rc, rc); /* We're done for if this goes wrong. */
2350
2351 RTHCPHYS const HCPhys = PGM_PAGE_GET_HCPHYS(pPageSrc);
2352 PGM_PAGE_SET_HCPHYS(pPageDst, HCPhys);
2353 PGM_PAGE_SET_TYPE(pPageDst, PGMPAGETYPE_MMIO2);
2354 PGM_PAGE_SET_STATE(pPageDst, PGM_PAGE_STATE_ALLOCATED);
2355 PGM_PAGE_SET_PDE_TYPE(pPageDst, PGM_PAGE_PDE_TYPE_DONTCARE);
2356 PGM_PAGE_SET_PTE_INDEX(pPageDst, 0);
2357 PGM_PAGE_SET_TRACKING(pPageDst, 0);
2358
2359 pVM->pgm.s.cZeroPages--;
2360 GCPhys += PAGE_SIZE;
2361 pPageSrc++;
2362 pPageDst++;
2363 }
2364
2365 /* Flush physical page map TLB. */
2366 PGMPhysInvalidatePageMapTLB(pVM);
2367
2368 if (cPendingPages)
2369 {
2370 rc = GMMR3FreePagesPerform(pVM, pReq, cPendingPages);
2371 AssertLogRelRCReturn(rc, rc);
2372 }
2373 GMMR3FreePagesCleanup(pReq);
2374
2375 /* Force a PGM pool flush as guest ram references have been changed. */
2376 /** todo; not entirely SMP safe; assuming for now the guest takes care of this internally (not touch mapped mmio while changing the mapping). */
2377 PVMCPU pVCpu = VMMGetCpu(pVM);
2378 pVCpu->pgm.s.fSyncFlags |= PGM_SYNC_CLEAR_PGM_POOL;
2379 VMCPU_FF_SET(pVCpu, VMCPU_FF_PGM_SYNC_CR3);
2380
2381 pgmUnlock(pVM);
2382 }
2383 else
2384 {
2385 RTGCPHYS cb = pCur->RamRange.cb;
2386
2387 /* Clear the tracking data of pages we're going to reactivate. */
2388 PPGMPAGE pPageSrc = &pCur->RamRange.aPages[0];
2389 uint32_t cPagesLeft = pCur->RamRange.cb >> PAGE_SHIFT;
2390 while (cPagesLeft-- > 0)
2391 {
2392 PGM_PAGE_SET_TRACKING(pPageSrc, 0);
2393 PGM_PAGE_SET_PTE_INDEX(pPageSrc, 0);
2394 pPageSrc++;
2395 }
2396
2397 /* link in the ram range */
2398 pgmR3PhysLinkRamRange(pVM, &pCur->RamRange, pRamPrev);
2399 pgmUnlock(pVM);
2400
2401 REMR3NotifyPhysRamRegister(pVM, GCPhys, cb, REM_NOTIFY_PHYS_RAM_FLAGS_MMIO2);
2402 }
2403
2404 PGMPhysInvalidatePageMapTLB(pVM);
2405 return VINF_SUCCESS;
2406}
2407
2408
2409/**
2410 * Unmaps a MMIO2 region.
2411 *
2412 * This is done when a guest / the bios / state loading changes the
2413 * PCI config. The replacing of base memory has the same restrictions
2414 * as during registration, of course.
2415 */
2416VMMR3DECL(int) PGMR3PhysMMIO2Unmap(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS GCPhys)
2417{
2418 /*
2419 * Validate input
2420 */
2421 VM_ASSERT_EMT_RETURN(pVM, VERR_VM_THREAD_NOT_EMT);
2422 AssertPtrReturn(pDevIns, VERR_INVALID_PARAMETER);
2423 AssertReturn(iRegion <= UINT8_MAX, VERR_INVALID_PARAMETER);
2424 AssertReturn(GCPhys != NIL_RTGCPHYS, VERR_INVALID_PARAMETER);
2425 AssertReturn(GCPhys != 0, VERR_INVALID_PARAMETER);
2426 AssertReturn(!(GCPhys & PAGE_OFFSET_MASK), VERR_INVALID_PARAMETER);
2427
2428 PPGMMMIO2RANGE pCur = pgmR3PhysMMIO2Find(pVM, pDevIns, iRegion);
2429 AssertReturn(pCur, VERR_NOT_FOUND);
2430 AssertReturn(pCur->fMapped, VERR_WRONG_ORDER);
2431 AssertReturn(pCur->RamRange.GCPhys == GCPhys, VERR_INVALID_PARAMETER);
2432 Assert(pCur->RamRange.GCPhysLast != NIL_RTGCPHYS);
2433
2434 Log(("PGMR3PhysMMIO2Unmap: %RGp-%RGp %s\n",
2435 pCur->RamRange.GCPhys, pCur->RamRange.GCPhysLast, pCur->RamRange.pszDesc));
2436
2437 /*
2438 * Unmap it.
2439 */
2440 pgmLock(pVM);
2441
2442 RTGCPHYS GCPhysRangeREM;
2443 RTGCPHYS cbRangeREM;
2444 bool fInformREM;
2445 if (pCur->fOverlapping)
2446 {
2447 /* Restore the RAM pages we've replaced. */
2448 PPGMRAMRANGE pRam = pVM->pgm.s.pRamRangesR3;
2449 while (pRam->GCPhys > pCur->RamRange.GCPhysLast)
2450 pRam = pRam->pNextR3;
2451
2452 PPGMPAGE pPageDst = &pRam->aPages[(pCur->RamRange.GCPhys - pRam->GCPhys) >> PAGE_SHIFT];
2453 uint32_t cPagesLeft = pCur->RamRange.cb >> PAGE_SHIFT;
2454 while (cPagesLeft-- > 0)
2455 {
2456 PGM_PAGE_INIT_ZERO(pPageDst, pVM, PGMPAGETYPE_RAM);
2457 pVM->pgm.s.cZeroPages++;
2458 pPageDst++;
2459 }
2460
2461 /* Flush physical page map TLB. */
2462 PGMPhysInvalidatePageMapTLB(pVM);
2463
2464 GCPhysRangeREM = NIL_RTGCPHYS; /* shuts up gcc */
2465 cbRangeREM = RTGCPHYS_MAX; /* ditto */
2466 fInformREM = false;
2467 }
2468 else
2469 {
2470 GCPhysRangeREM = pCur->RamRange.GCPhys;
2471 cbRangeREM = pCur->RamRange.cb;
2472 fInformREM = true;
2473
2474 pgmR3PhysUnlinkRamRange(pVM, &pCur->RamRange);
2475 }
2476
2477 pCur->RamRange.GCPhys = NIL_RTGCPHYS;
2478 pCur->RamRange.GCPhysLast = NIL_RTGCPHYS;
2479 pCur->fOverlapping = false;
2480 pCur->fMapped = false;
2481
2482 /* Force a PGM pool flush as guest ram references have been changed. */
2483 /** todo; not entirely SMP safe; assuming for now the guest takes care of this internally (not touch mapped mmio while changing the mapping). */
2484 PVMCPU pVCpu = VMMGetCpu(pVM);
2485 pVCpu->pgm.s.fSyncFlags |= PGM_SYNC_CLEAR_PGM_POOL;
2486 VMCPU_FF_SET(pVCpu, VMCPU_FF_PGM_SYNC_CR3);
2487
2488 PGMPhysInvalidatePageMapTLB(pVM);
2489 pgmUnlock(pVM);
2490
2491 if (fInformREM)
2492 REMR3NotifyPhysRamDeregister(pVM, GCPhysRangeREM, cbRangeREM);
2493
2494 return VINF_SUCCESS;
2495}
2496
2497
2498/**
2499 * Checks if the given address is an MMIO2 base address or not.
2500 *
2501 * @returns true/false accordingly.
2502 * @param pVM Pointer to the shared VM structure.
2503 * @param pDevIns The owner of the memory, optional.
2504 * @param GCPhys The address to check.
2505 */
2506VMMR3DECL(bool) PGMR3PhysMMIO2IsBase(PVM pVM, PPDMDEVINS pDevIns, RTGCPHYS GCPhys)
2507{
2508 /*
2509 * Validate input
2510 */
2511 VM_ASSERT_EMT_RETURN(pVM, false);
2512 AssertPtrReturn(pDevIns, false);
2513 AssertReturn(GCPhys != NIL_RTGCPHYS, false);
2514 AssertReturn(GCPhys != 0, false);
2515 AssertReturn(!(GCPhys & PAGE_OFFSET_MASK), false);
2516
2517 /*
2518 * Search the list.
2519 */
2520 pgmLock(pVM);
2521 for (PPGMMMIO2RANGE pCur = pVM->pgm.s.pMmio2RangesR3; pCur; pCur = pCur->pNextR3)
2522 if (pCur->RamRange.GCPhys == GCPhys)
2523 {
2524 Assert(pCur->fMapped);
2525 pgmUnlock(pVM);
2526 return true;
2527 }
2528 pgmUnlock(pVM);
2529 return false;
2530}
2531
2532
2533/**
2534 * Gets the HC physical address of a page in the MMIO2 region.
2535 *
2536 * This is API is intended for MMHyper and shouldn't be called
2537 * by anyone else...
2538 *
2539 * @returns VBox status code.
2540 * @param pVM Pointer to the shared VM structure.
2541 * @param pDevIns The owner of the memory, optional.
2542 * @param iRegion The region.
2543 * @param off The page expressed an offset into the MMIO2 region.
2544 * @param pHCPhys Where to store the result.
2545 */
2546VMMR3DECL(int) PGMR3PhysMMIO2GetHCPhys(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS off, PRTHCPHYS pHCPhys)
2547{
2548 /*
2549 * Validate input
2550 */
2551 VM_ASSERT_EMT_RETURN(pVM, VERR_VM_THREAD_NOT_EMT);
2552 AssertPtrReturn(pDevIns, VERR_INVALID_PARAMETER);
2553 AssertReturn(iRegion <= UINT8_MAX, VERR_INVALID_PARAMETER);
2554
2555 pgmLock(pVM);
2556 PPGMMMIO2RANGE pCur = pgmR3PhysMMIO2Find(pVM, pDevIns, iRegion);
2557 AssertReturn(pCur, VERR_NOT_FOUND);
2558 AssertReturn(off < pCur->RamRange.cb, VERR_INVALID_PARAMETER);
2559
2560 PCPGMPAGE pPage = &pCur->RamRange.aPages[off >> PAGE_SHIFT];
2561 *pHCPhys = PGM_PAGE_GET_HCPHYS(pPage);
2562 pgmUnlock(pVM);
2563 return VINF_SUCCESS;
2564}
2565
2566
2567/**
2568 * Maps a portion of an MMIO2 region into kernel space (host).
2569 *
2570 * The kernel mapping will become invalid when the MMIO2 memory is deregistered
2571 * or the VM is terminated.
2572 *
2573 * @return VBox status code.
2574 *
2575 * @param pVM Pointer to the shared VM structure.
2576 * @param pDevIns The device owning the MMIO2 memory.
2577 * @param iRegion The region.
2578 * @param off The offset into the region. Must be page aligned.
2579 * @param cb The number of bytes to map. Must be page aligned.
2580 * @param pszDesc Mapping description.
2581 * @param pR0Ptr Where to store the R0 address.
2582 */
2583VMMR3DECL(int) PGMR3PhysMMIO2MapKernel(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS off, RTGCPHYS cb,
2584 const char *pszDesc, PRTR0PTR pR0Ptr)
2585{
2586 /*
2587 * Validate input.
2588 */
2589 VM_ASSERT_EMT_RETURN(pVM, VERR_VM_THREAD_NOT_EMT);
2590 AssertPtrReturn(pDevIns, VERR_INVALID_PARAMETER);
2591 AssertReturn(iRegion <= UINT8_MAX, VERR_INVALID_PARAMETER);
2592
2593 PPGMMMIO2RANGE pCur = pgmR3PhysMMIO2Find(pVM, pDevIns, iRegion);
2594 AssertReturn(pCur, VERR_NOT_FOUND);
2595 AssertReturn(off < pCur->RamRange.cb, VERR_INVALID_PARAMETER);
2596 AssertReturn(cb <= pCur->RamRange.cb, VERR_INVALID_PARAMETER);
2597 AssertReturn(off + cb <= pCur->RamRange.cb, VERR_INVALID_PARAMETER);
2598
2599 /*
2600 * Pass the request on to the support library/driver.
2601 */
2602 int rc = SUPR3PageMapKernel(pCur->pvR3, off, cb, 0, pR0Ptr);
2603
2604 return rc;
2605}
2606
2607
2608/**
2609 * Registers a ROM image.
2610 *
2611 * Shadowed ROM images requires double the amount of backing memory, so,
2612 * don't use that unless you have to. Shadowing of ROM images is process
2613 * where we can select where the reads go and where the writes go. On real
2614 * hardware the chipset provides means to configure this. We provide
2615 * PGMR3PhysProtectROM() for this purpose.
2616 *
2617 * A read-only copy of the ROM image will always be kept around while we
2618 * will allocate RAM pages for the changes on demand (unless all memory
2619 * is configured to be preallocated).
2620 *
2621 * @returns VBox status.
2622 * @param pVM VM Handle.
2623 * @param pDevIns The device instance owning the ROM.
2624 * @param GCPhys First physical address in the range.
2625 * Must be page aligned!
2626 * @param cbRange The size of the range (in bytes).
2627 * Must be page aligned!
2628 * @param pvBinary Pointer to the binary data backing the ROM image.
2629 * This must be exactly \a cbRange in size.
2630 * @param fFlags Mask of flags. PGMPHYS_ROM_FLAGS_SHADOWED
2631 * and/or PGMPHYS_ROM_FLAGS_PERMANENT_BINARY.
2632 * @param pszDesc Pointer to description string. This must not be freed.
2633 *
2634 * @remark There is no way to remove the rom, automatically on device cleanup or
2635 * manually from the device yet. This isn't difficult in any way, it's
2636 * just not something we expect to be necessary for a while.
2637 */
2638VMMR3DECL(int) PGMR3PhysRomRegister(PVM pVM, PPDMDEVINS pDevIns, RTGCPHYS GCPhys, RTGCPHYS cb,
2639 const void *pvBinary, uint32_t fFlags, const char *pszDesc)
2640{
2641 Log(("PGMR3PhysRomRegister: pDevIns=%p GCPhys=%RGp(-%RGp) cb=%RGp pvBinary=%p fFlags=%#x pszDesc=%s\n",
2642 pDevIns, GCPhys, GCPhys + cb, cb, pvBinary, fFlags, pszDesc));
2643
2644 /*
2645 * Validate input.
2646 */
2647 AssertPtrReturn(pDevIns, VERR_INVALID_PARAMETER);
2648 AssertReturn(RT_ALIGN_T(GCPhys, PAGE_SIZE, RTGCPHYS) == GCPhys, VERR_INVALID_PARAMETER);
2649 AssertReturn(RT_ALIGN_T(cb, PAGE_SIZE, RTGCPHYS) == cb, VERR_INVALID_PARAMETER);
2650 RTGCPHYS GCPhysLast = GCPhys + (cb - 1);
2651 AssertReturn(GCPhysLast > GCPhys, VERR_INVALID_PARAMETER);
2652 AssertPtrReturn(pvBinary, VERR_INVALID_PARAMETER);
2653 AssertPtrReturn(pszDesc, VERR_INVALID_POINTER);
2654 AssertReturn(!(fFlags & ~(PGMPHYS_ROM_FLAGS_SHADOWED | PGMPHYS_ROM_FLAGS_PERMANENT_BINARY)), VERR_INVALID_PARAMETER);
2655 VM_ASSERT_STATE_RETURN(pVM, VMSTATE_CREATING, VERR_VM_INVALID_VM_STATE);
2656
2657 const uint32_t cPages = cb >> PAGE_SHIFT;
2658
2659 /*
2660 * Find the ROM location in the ROM list first.
2661 */
2662 PPGMROMRANGE pRomPrev = NULL;
2663 PPGMROMRANGE pRom = pVM->pgm.s.pRomRangesR3;
2664 while (pRom && GCPhysLast >= pRom->GCPhys)
2665 {
2666 if ( GCPhys <= pRom->GCPhysLast
2667 && GCPhysLast >= pRom->GCPhys)
2668 AssertLogRelMsgFailedReturn(("%RGp-%RGp (%s) conflicts with existing %RGp-%RGp (%s)\n",
2669 GCPhys, GCPhysLast, pszDesc,
2670 pRom->GCPhys, pRom->GCPhysLast, pRom->pszDesc),
2671 VERR_PGM_RAM_CONFLICT);
2672 /* next */
2673 pRomPrev = pRom;
2674 pRom = pRom->pNextR3;
2675 }
2676
2677 /*
2678 * Find the RAM location and check for conflicts.
2679 *
2680 * Conflict detection is a bit different than for RAM
2681 * registration since a ROM can be located within a RAM
2682 * range. So, what we have to check for is other memory
2683 * types (other than RAM that is) and that we don't span
2684 * more than one RAM range (layz).
2685 */
2686 bool fRamExists = false;
2687 PPGMRAMRANGE pRamPrev = NULL;
2688 PPGMRAMRANGE pRam = pVM->pgm.s.pRamRangesR3;
2689 while (pRam && GCPhysLast >= pRam->GCPhys)
2690 {
2691 if ( GCPhys <= pRam->GCPhysLast
2692 && GCPhysLast >= pRam->GCPhys)
2693 {
2694 /* completely within? */
2695 AssertLogRelMsgReturn( GCPhys >= pRam->GCPhys
2696 && GCPhysLast <= pRam->GCPhysLast,
2697 ("%RGp-%RGp (%s) falls partly outside %RGp-%RGp (%s)\n",
2698 GCPhys, GCPhysLast, pszDesc,
2699 pRam->GCPhys, pRam->GCPhysLast, pRam->pszDesc),
2700 VERR_PGM_RAM_CONFLICT);
2701 fRamExists = true;
2702 break;
2703 }
2704
2705 /* next */
2706 pRamPrev = pRam;
2707 pRam = pRam->pNextR3;
2708 }
2709 if (fRamExists)
2710 {
2711 PPGMPAGE pPage = &pRam->aPages[(GCPhys - pRam->GCPhys) >> PAGE_SHIFT];
2712 uint32_t cPagesLeft = cPages;
2713 while (cPagesLeft-- > 0)
2714 {
2715 AssertLogRelMsgReturn(PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_RAM,
2716 ("%RGp (%R[pgmpage]) isn't a RAM page - registering %RGp-%RGp (%s).\n",
2717 pRam->GCPhys + ((RTGCPHYS)(uintptr_t)(pPage - &pRam->aPages[0]) << PAGE_SHIFT),
2718 pPage, GCPhys, GCPhysLast, pszDesc), VERR_PGM_RAM_CONFLICT);
2719 Assert(PGM_PAGE_IS_ZERO(pPage));
2720 pPage++;
2721 }
2722 }
2723
2724 /*
2725 * Update the base memory reservation if necessary.
2726 */
2727 uint32_t cExtraBaseCost = fRamExists ? 0 : cPages;
2728 if (fFlags & PGMPHYS_ROM_FLAGS_SHADOWED)
2729 cExtraBaseCost += cPages;
2730 if (cExtraBaseCost)
2731 {
2732 int rc = MMR3IncreaseBaseReservation(pVM, cExtraBaseCost);
2733 if (RT_FAILURE(rc))
2734 return rc;
2735 }
2736
2737 /*
2738 * Allocate memory for the virgin copy of the RAM.
2739 */
2740 PGMMALLOCATEPAGESREQ pReq;
2741 int rc = GMMR3AllocatePagesPrepare(pVM, &pReq, cPages, GMMACCOUNT_BASE);
2742 AssertRCReturn(rc, rc);
2743
2744 for (uint32_t iPage = 0; iPage < cPages; iPage++)
2745 {
2746 pReq->aPages[iPage].HCPhysGCPhys = GCPhys + (iPage << PAGE_SHIFT);
2747 pReq->aPages[iPage].idPage = NIL_GMM_PAGEID;
2748 pReq->aPages[iPage].idSharedPage = NIL_GMM_PAGEID;
2749 }
2750
2751 pgmLock(pVM);
2752 rc = GMMR3AllocatePagesPerform(pVM, pReq);
2753 pgmUnlock(pVM);
2754 if (RT_FAILURE(rc))
2755 {
2756 GMMR3AllocatePagesCleanup(pReq);
2757 return rc;
2758 }
2759
2760 /*
2761 * Allocate the new ROM range and RAM range (if necessary).
2762 */
2763 PPGMROMRANGE pRomNew;
2764 rc = MMHyperAlloc(pVM, RT_OFFSETOF(PGMROMRANGE, aPages[cPages]), 0, MM_TAG_PGM_PHYS, (void **)&pRomNew);
2765 if (RT_SUCCESS(rc))
2766 {
2767 PPGMRAMRANGE pRamNew = NULL;
2768 if (!fRamExists)
2769 rc = MMHyperAlloc(pVM, RT_OFFSETOF(PGMRAMRANGE, aPages[cPages]), sizeof(PGMPAGE), MM_TAG_PGM_PHYS, (void **)&pRamNew);
2770 if (RT_SUCCESS(rc))
2771 {
2772 pgmLock(pVM);
2773
2774 /*
2775 * Initialize and insert the RAM range (if required).
2776 */
2777 PPGMROMPAGE pRomPage = &pRomNew->aPages[0];
2778 if (!fRamExists)
2779 {
2780 pRamNew->pSelfR0 = MMHyperCCToR0(pVM, pRamNew);
2781 pRamNew->pSelfRC = MMHyperCCToRC(pVM, pRamNew);
2782 pRamNew->GCPhys = GCPhys;
2783 pRamNew->GCPhysLast = GCPhysLast;
2784 pRamNew->cb = cb;
2785 pRamNew->pszDesc = pszDesc;
2786 pRamNew->fFlags = PGM_RAM_RANGE_FLAGS_AD_HOC_ROM;
2787 pRamNew->pvR3 = NULL;
2788 pRamNew->paLSPages = NULL;
2789
2790 PPGMPAGE pPage = &pRamNew->aPages[0];
2791 for (uint32_t iPage = 0; iPage < cPages; iPage++, pPage++, pRomPage++)
2792 {
2793 PGM_PAGE_INIT(pPage,
2794 pReq->aPages[iPage].HCPhysGCPhys,
2795 pReq->aPages[iPage].idPage,
2796 PGMPAGETYPE_ROM,
2797 PGM_PAGE_STATE_ALLOCATED);
2798
2799 pRomPage->Virgin = *pPage;
2800 }
2801
2802 pVM->pgm.s.cAllPages += cPages;
2803 pgmR3PhysLinkRamRange(pVM, pRamNew, pRamPrev);
2804 }
2805 else
2806 {
2807 PPGMPAGE pPage = &pRam->aPages[(GCPhys - pRam->GCPhys) >> PAGE_SHIFT];
2808 for (uint32_t iPage = 0; iPage < cPages; iPage++, pPage++, pRomPage++)
2809 {
2810 PGM_PAGE_SET_TYPE(pPage, PGMPAGETYPE_ROM);
2811 PGM_PAGE_SET_HCPHYS(pPage, pReq->aPages[iPage].HCPhysGCPhys);
2812 PGM_PAGE_SET_STATE(pPage, PGM_PAGE_STATE_ALLOCATED);
2813 PGM_PAGE_SET_PAGEID(pPage, pReq->aPages[iPage].idPage);
2814 PGM_PAGE_SET_PDE_TYPE(pPage, PGM_PAGE_PDE_TYPE_DONTCARE);
2815 PGM_PAGE_SET_PTE_INDEX(pPage, 0);
2816 PGM_PAGE_SET_TRACKING(pPage, 0);
2817
2818 pRomPage->Virgin = *pPage;
2819 }
2820
2821 pRamNew = pRam;
2822
2823 pVM->pgm.s.cZeroPages -= cPages;
2824 }
2825 pVM->pgm.s.cPrivatePages += cPages;
2826
2827 /* Flush physical page map TLB. */
2828 PGMPhysInvalidatePageMapTLB(pVM);
2829
2830 pgmUnlock(pVM);
2831
2832
2833 /*
2834 * !HACK ALERT! REM + (Shadowed) ROM ==> mess.
2835 *
2836 * If it's shadowed we'll register the handler after the ROM notification
2837 * so we get the access handler callbacks that we should. If it isn't
2838 * shadowed we'll do it the other way around to make REM use the built-in
2839 * ROM behavior and not the handler behavior (which is to route all access
2840 * to PGM atm).
2841 */
2842 if (fFlags & PGMPHYS_ROM_FLAGS_SHADOWED)
2843 {
2844 REMR3NotifyPhysRomRegister(pVM, GCPhys, cb, NULL, true /* fShadowed */);
2845 rc = PGMR3HandlerPhysicalRegister(pVM,
2846 fFlags & PGMPHYS_ROM_FLAGS_SHADOWED
2847 ? PGMPHYSHANDLERTYPE_PHYSICAL_ALL
2848 : PGMPHYSHANDLERTYPE_PHYSICAL_WRITE,
2849 GCPhys, GCPhysLast,
2850 pgmR3PhysRomWriteHandler, pRomNew,
2851 NULL, "pgmPhysRomWriteHandler", MMHyperCCToR0(pVM, pRomNew),
2852 NULL, "pgmPhysRomWriteHandler", MMHyperCCToRC(pVM, pRomNew), pszDesc);
2853 }
2854 else
2855 {
2856 rc = PGMR3HandlerPhysicalRegister(pVM,
2857 fFlags & PGMPHYS_ROM_FLAGS_SHADOWED
2858 ? PGMPHYSHANDLERTYPE_PHYSICAL_ALL
2859 : PGMPHYSHANDLERTYPE_PHYSICAL_WRITE,
2860 GCPhys, GCPhysLast,
2861 pgmR3PhysRomWriteHandler, pRomNew,
2862 NULL, "pgmPhysRomWriteHandler", MMHyperCCToR0(pVM, pRomNew),
2863 NULL, "pgmPhysRomWriteHandler", MMHyperCCToRC(pVM, pRomNew), pszDesc);
2864 REMR3NotifyPhysRomRegister(pVM, GCPhys, cb, NULL, false /* fShadowed */);
2865 }
2866 if (RT_SUCCESS(rc))
2867 {
2868 pgmLock(pVM);
2869
2870 /*
2871 * Copy the image over to the virgin pages.
2872 * This must be done after linking in the RAM range.
2873 */
2874 PPGMPAGE pRamPage = &pRamNew->aPages[(GCPhys - pRamNew->GCPhys) >> PAGE_SHIFT];
2875 for (uint32_t iPage = 0; iPage < cPages; iPage++, pRamPage++)
2876 {
2877 void *pvDstPage;
2878 rc = pgmPhysPageMap(pVM, pRamPage, GCPhys + (iPage << PAGE_SHIFT), &pvDstPage);
2879 if (RT_FAILURE(rc))
2880 {
2881 VMSetError(pVM, rc, RT_SRC_POS, "Failed to map virgin ROM page at %RGp", GCPhys);
2882 break;
2883 }
2884 memcpy(pvDstPage, (const uint8_t *)pvBinary + (iPage << PAGE_SHIFT), PAGE_SIZE);
2885 }
2886 if (RT_SUCCESS(rc))
2887 {
2888 /*
2889 * Initialize the ROM range.
2890 * Note that the Virgin member of the pages has already been initialized above.
2891 */
2892 pRomNew->GCPhys = GCPhys;
2893 pRomNew->GCPhysLast = GCPhysLast;
2894 pRomNew->cb = cb;
2895 pRomNew->fFlags = fFlags;
2896 pRomNew->idSavedState = UINT8_MAX;
2897#ifdef VBOX_STRICT
2898 pRomNew->pvOriginal = fFlags & PGMPHYS_ROM_FLAGS_PERMANENT_BINARY
2899 ? pvBinary : RTMemDup(pvBinary, cPages * PAGE_SIZE);
2900#else
2901 pRomNew->pvOriginal = fFlags & PGMPHYS_ROM_FLAGS_PERMANENT_BINARY ? pvBinary : NULL;
2902#endif
2903 pRomNew->pszDesc = pszDesc;
2904
2905 for (unsigned iPage = 0; iPage < cPages; iPage++)
2906 {
2907 PPGMROMPAGE pPage = &pRomNew->aPages[iPage];
2908 pPage->enmProt = PGMROMPROT_READ_ROM_WRITE_IGNORE;
2909 PGM_PAGE_INIT_ZERO(&pPage->Shadow, pVM, PGMPAGETYPE_ROM_SHADOW);
2910 }
2911
2912 /* update the page count stats for the shadow pages. */
2913 if (fFlags & PGMPHYS_ROM_FLAGS_SHADOWED)
2914 {
2915 pVM->pgm.s.cZeroPages += cPages;
2916 pVM->pgm.s.cAllPages += cPages;
2917 }
2918
2919 /*
2920 * Insert the ROM range, tell REM and return successfully.
2921 */
2922 pRomNew->pNextR3 = pRom;
2923 pRomNew->pNextR0 = pRom ? MMHyperCCToR0(pVM, pRom) : NIL_RTR0PTR;
2924 pRomNew->pNextRC = pRom ? MMHyperCCToRC(pVM, pRom) : NIL_RTRCPTR;
2925
2926 if (pRomPrev)
2927 {
2928 pRomPrev->pNextR3 = pRomNew;
2929 pRomPrev->pNextR0 = MMHyperCCToR0(pVM, pRomNew);
2930 pRomPrev->pNextRC = MMHyperCCToRC(pVM, pRomNew);
2931 }
2932 else
2933 {
2934 pVM->pgm.s.pRomRangesR3 = pRomNew;
2935 pVM->pgm.s.pRomRangesR0 = MMHyperCCToR0(pVM, pRomNew);
2936 pVM->pgm.s.pRomRangesRC = MMHyperCCToRC(pVM, pRomNew);
2937 }
2938
2939 PGMPhysInvalidatePageMapTLB(pVM);
2940 GMMR3AllocatePagesCleanup(pReq);
2941 pgmUnlock(pVM);
2942 return VINF_SUCCESS;
2943 }
2944
2945 /* bail out */
2946
2947 pgmUnlock(pVM);
2948 int rc2 = PGMHandlerPhysicalDeregister(pVM, GCPhys);
2949 AssertRC(rc2);
2950 pgmLock(pVM);
2951 }
2952
2953 if (!fRamExists)
2954 {
2955 pgmR3PhysUnlinkRamRange2(pVM, pRamNew, pRamPrev);
2956 MMHyperFree(pVM, pRamNew);
2957 }
2958 }
2959 MMHyperFree(pVM, pRomNew);
2960 }
2961
2962 /** @todo Purge the mapping cache or something... */
2963 GMMR3FreeAllocatedPages(pVM, pReq);
2964 GMMR3AllocatePagesCleanup(pReq);
2965 pgmUnlock(pVM);
2966 return rc;
2967}
2968
2969
2970/**
2971 * \#PF Handler callback for ROM write accesses.
2972 *
2973 * @returns VINF_SUCCESS if the handler have carried out the operation.
2974 * @returns VINF_PGM_HANDLER_DO_DEFAULT if the caller should carry out the access operation.
2975 * @param pVM VM Handle.
2976 * @param GCPhys The physical address the guest is writing to.
2977 * @param pvPhys The HC mapping of that address.
2978 * @param pvBuf What the guest is reading/writing.
2979 * @param cbBuf How much it's reading/writing.
2980 * @param enmAccessType The access type.
2981 * @param pvUser User argument.
2982 */
2983static DECLCALLBACK(int) pgmR3PhysRomWriteHandler(PVM pVM, RTGCPHYS GCPhys, void *pvPhys, void *pvBuf, size_t cbBuf,
2984 PGMACCESSTYPE enmAccessType, void *pvUser)
2985{
2986 PPGMROMRANGE pRom = (PPGMROMRANGE)pvUser;
2987 const uint32_t iPage = (GCPhys - pRom->GCPhys) >> PAGE_SHIFT;
2988 Assert(iPage < (pRom->cb >> PAGE_SHIFT));
2989 PPGMROMPAGE pRomPage = &pRom->aPages[iPage];
2990 Log5(("pgmR3PhysRomWriteHandler: %d %c %#08RGp %#04zx\n", pRomPage->enmProt, enmAccessType == PGMACCESSTYPE_READ ? 'R' : 'W', GCPhys, cbBuf));
2991
2992 if (enmAccessType == PGMACCESSTYPE_READ)
2993 {
2994 switch (pRomPage->enmProt)
2995 {
2996 /*
2997 * Take the default action.
2998 */
2999 case PGMROMPROT_READ_ROM_WRITE_IGNORE:
3000 case PGMROMPROT_READ_RAM_WRITE_IGNORE:
3001 case PGMROMPROT_READ_ROM_WRITE_RAM:
3002 case PGMROMPROT_READ_RAM_WRITE_RAM:
3003 return VINF_PGM_HANDLER_DO_DEFAULT;
3004
3005 default:
3006 AssertMsgFailedReturn(("enmProt=%d iPage=%d GCPhys=%RGp\n",
3007 pRom->aPages[iPage].enmProt, iPage, GCPhys),
3008 VERR_INTERNAL_ERROR);
3009 }
3010 }
3011 else
3012 {
3013 Assert(enmAccessType == PGMACCESSTYPE_WRITE);
3014 switch (pRomPage->enmProt)
3015 {
3016 /*
3017 * Ignore writes.
3018 */
3019 case PGMROMPROT_READ_ROM_WRITE_IGNORE:
3020 case PGMROMPROT_READ_RAM_WRITE_IGNORE:
3021 return VINF_SUCCESS;
3022
3023 /*
3024 * Write to the RAM page.
3025 */
3026 case PGMROMPROT_READ_ROM_WRITE_RAM:
3027 case PGMROMPROT_READ_RAM_WRITE_RAM: /* yes this will get here too, it's *way* simpler that way. */
3028 {
3029 /* This should be impossible now, pvPhys doesn't work cross page anylonger. */
3030 Assert(((GCPhys - pRom->GCPhys + cbBuf - 1) >> PAGE_SHIFT) == iPage);
3031
3032 /*
3033 * Take the lock, do lazy allocation, map the page and copy the data.
3034 *
3035 * Note that we have to bypass the mapping TLB since it works on
3036 * guest physical addresses and entering the shadow page would
3037 * kind of screw things up...
3038 */
3039 int rc = pgmLock(pVM);
3040 AssertRC(rc);
3041
3042 PPGMPAGE pShadowPage = &pRomPage->Shadow;
3043 if (!PGMROMPROT_IS_ROM(pRomPage->enmProt))
3044 {
3045 pShadowPage = pgmPhysGetPage(&pVM->pgm.s, GCPhys);
3046 AssertLogRelReturn(pShadowPage, VERR_INTERNAL_ERROR);
3047 }
3048
3049 void *pvDstPage;
3050 rc = pgmPhysPageMakeWritableAndMap(pVM, pShadowPage, GCPhys & X86_PTE_PG_MASK, &pvDstPage);
3051 if (RT_SUCCESS(rc))
3052 {
3053 memcpy((uint8_t *)pvDstPage + (GCPhys & PAGE_OFFSET_MASK), pvBuf, cbBuf);
3054 pRomPage->LiveSave.fWrittenTo = true;
3055 }
3056
3057 pgmUnlock(pVM);
3058 return rc;
3059 }
3060
3061 default:
3062 AssertMsgFailedReturn(("enmProt=%d iPage=%d GCPhys=%RGp\n",
3063 pRom->aPages[iPage].enmProt, iPage, GCPhys),
3064 VERR_INTERNAL_ERROR);
3065 }
3066 }
3067}
3068
3069
3070/**
3071 * Called by PGMR3Reset to reset the shadow, switch to the virgin,
3072 * and verify that the virgin part is untouched.
3073 *
3074 * This is done after the normal memory has been cleared.
3075 *
3076 * ASSUMES that the caller owns the PGM lock.
3077 *
3078 * @param pVM The VM handle.
3079 */
3080int pgmR3PhysRomReset(PVM pVM)
3081{
3082 Assert(PGMIsLockOwner(pVM));
3083 for (PPGMROMRANGE pRom = pVM->pgm.s.pRomRangesR3; pRom; pRom = pRom->pNextR3)
3084 {
3085 const uint32_t cPages = pRom->cb >> PAGE_SHIFT;
3086
3087 if (pRom->fFlags & PGMPHYS_ROM_FLAGS_SHADOWED)
3088 {
3089 /*
3090 * Reset the physical handler.
3091 */
3092 int rc = PGMR3PhysRomProtect(pVM, pRom->GCPhys, pRom->cb, PGMROMPROT_READ_ROM_WRITE_IGNORE);
3093 AssertRCReturn(rc, rc);
3094
3095 /*
3096 * What we do with the shadow pages depends on the memory
3097 * preallocation option. If not enabled, we'll just throw
3098 * out all the dirty pages and replace them by the zero page.
3099 */
3100 if (!pVM->pgm.s.fRamPreAlloc)
3101 {
3102 /* Free the dirty pages. */
3103 uint32_t cPendingPages = 0;
3104 PGMMFREEPAGESREQ pReq;
3105 rc = GMMR3FreePagesPrepare(pVM, &pReq, PGMPHYS_FREE_PAGE_BATCH_SIZE, GMMACCOUNT_BASE);
3106 AssertRCReturn(rc, rc);
3107
3108 for (uint32_t iPage = 0; iPage < cPages; iPage++)
3109 if ( !PGM_PAGE_IS_ZERO(&pRom->aPages[iPage].Shadow)
3110 && !PGM_PAGE_IS_BALLOONED(&pRom->aPages[iPage].Shadow))
3111 {
3112 Assert(PGM_PAGE_GET_STATE(&pRom->aPages[iPage].Shadow) == PGM_PAGE_STATE_ALLOCATED);
3113 rc = pgmPhysFreePage(pVM, pReq, &cPendingPages, &pRom->aPages[iPage].Shadow,
3114 pRom->GCPhys + (iPage << PAGE_SHIFT));
3115 AssertLogRelRCReturn(rc, rc);
3116 }
3117
3118 if (cPendingPages)
3119 {
3120 rc = GMMR3FreePagesPerform(pVM, pReq, cPendingPages);
3121 AssertLogRelRCReturn(rc, rc);
3122 }
3123 GMMR3FreePagesCleanup(pReq);
3124 }
3125 else
3126 {
3127 /* clear all the shadow pages. */
3128 for (uint32_t iPage = 0; iPage < cPages; iPage++)
3129 {
3130 Assert(!PGM_PAGE_IS_ZERO(&pRom->aPages[iPage].Shadow));
3131 Assert(!PGM_PAGE_IS_BALLOONED(&pRom->aPages[iPage].Shadow));
3132 void *pvDstPage;
3133 const RTGCPHYS GCPhys = pRom->GCPhys + (iPage << PAGE_SHIFT);
3134 rc = pgmPhysPageMakeWritableAndMap(pVM, &pRom->aPages[iPage].Shadow, GCPhys, &pvDstPage);
3135 if (RT_FAILURE(rc))
3136 break;
3137 ASMMemZeroPage(pvDstPage);
3138 }
3139 AssertRCReturn(rc, rc);
3140 }
3141 }
3142
3143#ifdef VBOX_STRICT
3144 /*
3145 * Verify that the virgin page is unchanged if possible.
3146 */
3147 if (pRom->pvOriginal)
3148 {
3149 uint8_t const *pbSrcPage = (uint8_t const *)pRom->pvOriginal;
3150 for (uint32_t iPage = 0; iPage < cPages; iPage++, pbSrcPage += PAGE_SIZE)
3151 {
3152 const RTGCPHYS GCPhys = pRom->GCPhys + (iPage << PAGE_SHIFT);
3153 void const *pvDstPage;
3154 int rc = pgmPhysPageMapReadOnly(pVM, &pRom->aPages[iPage].Virgin, GCPhys, &pvDstPage);
3155 if (RT_FAILURE(rc))
3156 break;
3157 if (memcmp(pvDstPage, pbSrcPage, PAGE_SIZE))
3158 LogRel(("pgmR3PhysRomReset: %RGp rom page changed (%s) - loaded saved state?\n",
3159 GCPhys, pRom->pszDesc));
3160 }
3161 }
3162#endif
3163 }
3164
3165 return VINF_SUCCESS;
3166}
3167
3168
3169/**
3170 * Called by PGMR3Term to free resources.
3171 *
3172 * ASSUMES that the caller owns the PGM lock.
3173 *
3174 * @param pVM The VM handle.
3175 */
3176void pgmR3PhysRomTerm(PVM pVM)
3177{
3178#ifdef RT_STRICT
3179 /*
3180 * Free the heap copy of the original bits.
3181 */
3182 for (PPGMROMRANGE pRom = pVM->pgm.s.pRomRangesR3; pRom; pRom = pRom->pNextR3)
3183 {
3184 if ( pRom->pvOriginal
3185 && !(pRom->fFlags & PGMPHYS_ROM_FLAGS_PERMANENT_BINARY))
3186 {
3187 RTMemFree((void *)pRom->pvOriginal);
3188 pRom->pvOriginal = NULL;
3189 }
3190 }
3191#endif
3192}
3193
3194
3195/**
3196 * Change the shadowing of a range of ROM pages.
3197 *
3198 * This is intended for implementing chipset specific memory registers
3199 * and will not be very strict about the input. It will silently ignore
3200 * any pages that are not the part of a shadowed ROM.
3201 *
3202 * @returns VBox status code.
3203 * @retval VINF_PGM_SYNC_CR3
3204 *
3205 * @param pVM Pointer to the shared VM structure.
3206 * @param GCPhys Where to start. Page aligned.
3207 * @param cb How much to change. Page aligned.
3208 * @param enmProt The new ROM protection.
3209 */
3210VMMR3DECL(int) PGMR3PhysRomProtect(PVM pVM, RTGCPHYS GCPhys, RTGCPHYS cb, PGMROMPROT enmProt)
3211{
3212 /*
3213 * Check input
3214 */
3215 if (!cb)
3216 return VINF_SUCCESS;
3217 AssertReturn(!(GCPhys & PAGE_OFFSET_MASK), VERR_INVALID_PARAMETER);
3218 AssertReturn(!(cb & PAGE_OFFSET_MASK), VERR_INVALID_PARAMETER);
3219 RTGCPHYS GCPhysLast = GCPhys + (cb - 1);
3220 AssertReturn(GCPhysLast > GCPhys, VERR_INVALID_PARAMETER);
3221 AssertReturn(enmProt >= PGMROMPROT_INVALID && enmProt <= PGMROMPROT_END, VERR_INVALID_PARAMETER);
3222
3223 /*
3224 * Process the request.
3225 */
3226 pgmLock(pVM);
3227 int rc = VINF_SUCCESS;
3228 bool fFlushTLB = false;
3229 for (PPGMROMRANGE pRom = pVM->pgm.s.pRomRangesR3; pRom; pRom = pRom->pNextR3)
3230 {
3231 if ( GCPhys <= pRom->GCPhysLast
3232 && GCPhysLast >= pRom->GCPhys
3233 && (pRom->fFlags & PGMPHYS_ROM_FLAGS_SHADOWED))
3234 {
3235 /*
3236 * Iterate the relevant pages and make necessary the changes.
3237 */
3238 bool fChanges = false;
3239 uint32_t const cPages = pRom->GCPhysLast <= GCPhysLast
3240 ? pRom->cb >> PAGE_SHIFT
3241 : (GCPhysLast - pRom->GCPhys + 1) >> PAGE_SHIFT;
3242 for (uint32_t iPage = (GCPhys - pRom->GCPhys) >> PAGE_SHIFT;
3243 iPage < cPages;
3244 iPage++)
3245 {
3246 PPGMROMPAGE pRomPage = &pRom->aPages[iPage];
3247 if (PGMROMPROT_IS_ROM(pRomPage->enmProt) != PGMROMPROT_IS_ROM(enmProt))
3248 {
3249 fChanges = true;
3250
3251 /* flush references to the page. */
3252 PPGMPAGE pRamPage = pgmPhysGetPage(&pVM->pgm.s, pRom->GCPhys + (iPage << PAGE_SHIFT));
3253 int rc2 = pgmPoolTrackFlushGCPhys(pVM, pRom->GCPhys + (iPage << PAGE_SHIFT), pRamPage, &fFlushTLB);
3254 if (rc2 != VINF_SUCCESS && (rc == VINF_SUCCESS || RT_FAILURE(rc2)))
3255 rc = rc2;
3256
3257 PPGMPAGE pOld = PGMROMPROT_IS_ROM(pRomPage->enmProt) ? &pRomPage->Virgin : &pRomPage->Shadow;
3258 PPGMPAGE pNew = PGMROMPROT_IS_ROM(pRomPage->enmProt) ? &pRomPage->Shadow : &pRomPage->Virgin;
3259
3260 *pOld = *pRamPage;
3261 *pRamPage = *pNew;
3262 /** @todo preserve the volatile flags (handlers) when these have been moved out of HCPhys! */
3263 }
3264 pRomPage->enmProt = enmProt;
3265 }
3266
3267 /*
3268 * Reset the access handler if we made changes, no need
3269 * to optimize this.
3270 */
3271 if (fChanges)
3272 {
3273 int rc2 = PGMHandlerPhysicalReset(pVM, pRom->GCPhys);
3274 if (RT_FAILURE(rc2))
3275 {
3276 pgmUnlock(pVM);
3277 AssertRC(rc);
3278 return rc2;
3279 }
3280 }
3281
3282 /* Advance - cb isn't updated. */
3283 GCPhys = pRom->GCPhys + (cPages << PAGE_SHIFT);
3284 }
3285 }
3286 pgmUnlock(pVM);
3287 if (fFlushTLB)
3288 PGM_INVL_ALL_VCPU_TLBS(pVM);
3289
3290 return rc;
3291}
3292
3293
3294/**
3295 * Sets the Address Gate 20 state.
3296 *
3297 * @param pVCpu The VCPU to operate on.
3298 * @param fEnable True if the gate should be enabled.
3299 * False if the gate should be disabled.
3300 */
3301VMMDECL(void) PGMR3PhysSetA20(PVMCPU pVCpu, bool fEnable)
3302{
3303 LogFlow(("PGMR3PhysSetA20 %d (was %d)\n", fEnable, pVCpu->pgm.s.fA20Enabled));
3304 if (pVCpu->pgm.s.fA20Enabled != fEnable)
3305 {
3306 pVCpu->pgm.s.fA20Enabled = fEnable;
3307 pVCpu->pgm.s.GCPhysA20Mask = ~(RTGCPHYS)(!fEnable << 20);
3308 REMR3A20Set(pVCpu->pVMR3, pVCpu, fEnable);
3309 /** @todo we're not handling this correctly for VT-x / AMD-V. See #2911 */
3310 }
3311}
3312
3313#ifdef PGM_WITH_LARGE_ADDRESS_SPACE_ON_32_BIT_HOST
3314/**
3315 * Tree enumeration callback for dealing with age rollover.
3316 * It will perform a simple compression of the current age.
3317 */
3318static DECLCALLBACK(int) pgmR3PhysChunkAgeingRolloverCallback(PAVLU32NODECORE pNode, void *pvUser)
3319{
3320 Assert(PGMIsLockOwner((PVM)pvUser));
3321 /* Age compression - ASSUMES iNow == 4. */
3322 PPGMCHUNKR3MAP pChunk = (PPGMCHUNKR3MAP)pNode;
3323 if (pChunk->iAge >= UINT32_C(0xffffff00))
3324 pChunk->iAge = 3;
3325 else if (pChunk->iAge >= UINT32_C(0xfffff000))
3326 pChunk->iAge = 2;
3327 else if (pChunk->iAge)
3328 pChunk->iAge = 1;
3329 else /* iAge = 0 */
3330 pChunk->iAge = 4;
3331 return 0;
3332}
3333
3334
3335/**
3336 * Tree enumeration callback that updates the chunks that have
3337 * been used since the last
3338 */
3339static DECLCALLBACK(int) pgmR3PhysChunkAgeingCallback(PAVLU32NODECORE pNode, void *pvUser)
3340{
3341 PPGMCHUNKR3MAP pChunk = (PPGMCHUNKR3MAP)pNode;
3342 if (!pChunk->iAge)
3343 {
3344 PVM pVM = (PVM)pvUser;
3345 pChunk->iAge = pVM->pgm.s.ChunkR3Map.iNow;
3346 }
3347 return 0;
3348}
3349
3350
3351/**
3352 * Performs ageing of the ring-3 chunk mappings.
3353 *
3354 * @param pVM The VM handle.
3355 */
3356VMMR3DECL(void) PGMR3PhysChunkAgeing(PVM pVM)
3357{
3358 pgmLock(pVM);
3359 pVM->pgm.s.ChunkR3Map.AgeingCountdown = RT_MIN(pVM->pgm.s.ChunkR3Map.cMax / 4, 1024);
3360 pVM->pgm.s.ChunkR3Map.iNow++;
3361 if (pVM->pgm.s.ChunkR3Map.iNow == 0)
3362 {
3363 pVM->pgm.s.ChunkR3Map.iNow = 4;
3364 RTAvlU32DoWithAll(&pVM->pgm.s.ChunkR3Map.pTree, true /*fFromLeft*/, pgmR3PhysChunkAgeingRolloverCallback, pVM);
3365 }
3366 else
3367 RTAvlU32DoWithAll(&pVM->pgm.s.ChunkR3Map.pTree, true /*fFromLeft*/, pgmR3PhysChunkAgeingCallback, pVM);
3368 pgmUnlock(pVM);
3369}
3370
3371
3372/**
3373 * The structure passed in the pvUser argument of pgmR3PhysChunkUnmapCandidateCallback().
3374 */
3375typedef struct PGMR3PHYSCHUNKUNMAPCB
3376{
3377 PVM pVM; /**< The VM handle. */
3378 PPGMCHUNKR3MAP pChunk; /**< The chunk to unmap. */
3379 uint32_t iLastAge; /**< Highest age found so far. */
3380} PGMR3PHYSCHUNKUNMAPCB, *PPGMR3PHYSCHUNKUNMAPCB;
3381
3382
3383/**
3384 * Callback used to find the mapping that's been unused for
3385 * the longest time.
3386 */
3387static DECLCALLBACK(int) pgmR3PhysChunkUnmapCandidateCallback(PAVLU32NODECORE pNode, void *pvUser)
3388{
3389 PPGMCHUNKR3MAP pChunk = (PPGMCHUNKR3MAP)pNode;
3390 PPGMR3PHYSCHUNKUNMAPCB pArg = (PPGMR3PHYSCHUNKUNMAPCB)pvUser;
3391
3392 if ( pChunk->iAge
3393 && !pChunk->cRefs
3394 && pArg->iLastAge < pChunk->iAge)
3395 {
3396 /*
3397 * Check that it's not in any of the TLBs.
3398 */
3399 PVM pVM = pArg->pVM;
3400 for (unsigned i = 0; i < RT_ELEMENTS(pVM->pgm.s.ChunkR3Map.Tlb.aEntries); i++)
3401 if (pVM->pgm.s.ChunkR3Map.Tlb.aEntries[i].pChunk == pChunk)
3402 {
3403 pChunk = NULL;
3404 break;
3405 }
3406 if (pChunk)
3407 for (unsigned i = 0; i < RT_ELEMENTS(pVM->pgm.s.PhysTlbHC.aEntries); i++)
3408 if (pVM->pgm.s.PhysTlbHC.aEntries[i].pMap == pChunk)
3409 {
3410 pChunk = NULL;
3411 break;
3412 }
3413 if (pChunk)
3414 {
3415 pArg->pChunk = pChunk;
3416 pArg->iLastAge = pChunk->iAge;
3417 }
3418 }
3419 return 0;
3420}
3421
3422
3423/**
3424 * Finds a good candidate for unmapping when the ring-3 mapping cache is full.
3425 *
3426 * The candidate will not be part of any TLBs, so no need to flush
3427 * anything afterwards.
3428 *
3429 * @returns Chunk id.
3430 * @param pVM The VM handle.
3431 */
3432static int32_t pgmR3PhysChunkFindUnmapCandidate(PVM pVM)
3433{
3434 Assert(PGMIsLockOwner(pVM));
3435
3436 /*
3437 * Do tree ageing first?
3438 */
3439 if (pVM->pgm.s.ChunkR3Map.AgeingCountdown-- == 0)
3440 {
3441 STAM_PROFILE_START(&pVM->pgm.s.CTX_SUFF(pStats)->StatChunkAging, a);
3442 PGMR3PhysChunkAgeing(pVM);
3443 STAM_PROFILE_STOP(&pVM->pgm.s.CTX_SUFF(pStats)->StatChunkAging, a);
3444 }
3445
3446 /*
3447 * Enumerate the age tree starting with the left most node.
3448 */
3449 STAM_PROFILE_START(&pVM->pgm.s.CTX_SUFF(pStats)->StatChunkFindCandidate, a);
3450 PGMR3PHYSCHUNKUNMAPCB Args;
3451 Args.pVM = pVM;
3452 Args.pChunk = NULL;
3453 Args.iLastAge = 0;
3454 RTAvlU32DoWithAll(&pVM->pgm.s.ChunkR3Map.pTree, true /*fFromLeft*/, pgmR3PhysChunkUnmapCandidateCallback, &Args);
3455 Assert(Args.pChunk);
3456 if (Args.pChunk)
3457 {
3458 STAM_PROFILE_STOP(&pVM->pgm.s.CTX_SUFF(pStats)->StatChunkFindCandidate, a);
3459 return Args.pChunk->Core.Key;
3460 }
3461
3462 STAM_PROFILE_STOP(&pVM->pgm.s.CTX_SUFF(pStats)->StatChunkFindCandidate, a);
3463 return INT32_MAX;
3464}
3465
3466/**
3467 * Rendezvous callback used by pgmR3PhysUnmapChunk that unmaps a chunk
3468 *
3469 * This is only called on one of the EMTs while the other ones are waiting for
3470 * it to complete this function.
3471 *
3472 * @returns VINF_SUCCESS (VBox strict status code).
3473 * @param pVM The VM handle.
3474 * @param pVCpu The VMCPU for the EMT we're being called on. Unused.
3475 * @param pvUser User pointer. Unused
3476 *
3477 */
3478DECLCALLBACK(VBOXSTRICTRC) pgmR3PhysUnmapChunkRendezvous(PVM pVM, PVMCPU pVCpu, void *pvUser)
3479{
3480 int rc = VINF_SUCCESS;
3481 pgmLock(pVM);
3482
3483 if (pVM->pgm.s.ChunkR3Map.c >= pVM->pgm.s.ChunkR3Map.cMax)
3484 {
3485 /* Flush the pgm pool cache; call the internal rendezvous handler as we're already in a rendezvous handler here. */
3486 /* todo: also not really efficient to unmap a chunk that contains PD or PT pages. */
3487 pgmR3PoolClearAllRendezvous(pVM, &pVM->aCpus[0], NULL /* no need to flush the REM TLB as we already did that above */);
3488
3489 /*
3490 * Request the ring-0 part to unmap a chunk to make space in the mapping cache.
3491 */
3492 GMMMAPUNMAPCHUNKREQ Req;
3493 Req.Hdr.u32Magic = SUPVMMR0REQHDR_MAGIC;
3494 Req.Hdr.cbReq = sizeof(Req);
3495 Req.pvR3 = NULL;
3496 Req.idChunkMap = NIL_GMM_CHUNKID;
3497 Req.idChunkUnmap = pgmR3PhysChunkFindUnmapCandidate(pVM);
3498
3499 if (Req.idChunkUnmap != INT32_MAX)
3500 {
3501 STAM_PROFILE_START(&pVM->pgm.s.CTX_SUFF(pStats)->StatChunkUnmap, a);
3502 rc = VMMR3CallR0(pVM, VMMR0_DO_GMM_MAP_UNMAP_CHUNK, 0, &Req.Hdr);
3503 STAM_PROFILE_STOP(&pVM->pgm.s.CTX_SUFF(pStats)->StatChunkUnmap, a);
3504 if (RT_SUCCESS(rc))
3505 {
3506 /* remove the unmapped one. */
3507 PPGMCHUNKR3MAP pUnmappedChunk = (PPGMCHUNKR3MAP)RTAvlU32Remove(&pVM->pgm.s.ChunkR3Map.pTree, Req.idChunkUnmap);
3508 AssertRelease(pUnmappedChunk);
3509 pUnmappedChunk->pv = NULL;
3510 pUnmappedChunk->Core.Key = UINT32_MAX;
3511#ifdef VBOX_WITH_2X_4GB_ADDR_SPACE
3512 MMR3HeapFree(pUnmappedChunk);
3513#else
3514 MMR3UkHeapFree(pVM, pUnmappedChunk, MM_TAG_PGM_CHUNK_MAPPING);
3515#endif
3516 pVM->pgm.s.ChunkR3Map.c--;
3517 pVM->pgm.s.cUnmappedChunks++;
3518
3519 /* Flush dangling PGM pointers (R3 & R0 ptrs to GC physical addresses) */
3520 /* todo: we should not flush chunks which include cr3 mappings. */
3521 for (VMCPUID idCpu = 0; idCpu < pVM->cCpus; idCpu++)
3522 {
3523 PPGMCPU pPGM = &pVM->aCpus[idCpu].pgm.s;
3524
3525 pPGM->pGst32BitPdR3 = NULL;
3526 pPGM->pGstPaePdptR3 = NULL;
3527 pPGM->pGstAmd64Pml4R3 = NULL;
3528#ifndef VBOX_WITH_2X_4GB_ADDR_SPACE
3529 pPGM->pGst32BitPdR0 = NIL_RTR0PTR;
3530 pPGM->pGstPaePdptR0 = NIL_RTR0PTR;
3531 pPGM->pGstAmd64Pml4R0 = NIL_RTR0PTR;
3532#endif
3533 for (unsigned i = 0; i < RT_ELEMENTS(pPGM->apGstPaePDsR3); i++)
3534 {
3535 pPGM->apGstPaePDsR3[i] = NULL;
3536#ifndef VBOX_WITH_2X_4GB_ADDR_SPACE
3537 pPGM->apGstPaePDsR0[i] = NIL_RTR0PTR;
3538#endif
3539 }
3540
3541 /* Flush REM TLBs. */
3542 CPUMSetChangedFlags(&pVM->aCpus[idCpu], CPUM_CHANGED_GLOBAL_TLB_FLUSH);
3543 }
3544
3545 /* Flush REM translation blocks. */
3546 REMFlushTBs(pVM);
3547 }
3548 }
3549 }
3550 pgmUnlock(pVM);
3551 return rc;
3552}
3553
3554/**
3555 * Unmap a chunk to free up virtual address space (request packet handler for pgmR3PhysChunkMap)
3556 *
3557 * @returns VBox status code.
3558 * @param pVM The VM to operate on.
3559 */
3560void pgmR3PhysUnmapChunk(PVM pVM)
3561{
3562 int rc = VMMR3EmtRendezvous(pVM, VMMEMTRENDEZVOUS_FLAGS_TYPE_ONCE, pgmR3PhysUnmapChunkRendezvous, NULL);
3563 AssertRC(rc);
3564}
3565#endif /* PGM_WITH_LARGE_ADDRESS_SPACE_ON_32_BIT_HOST */
3566
3567/**
3568 * Maps the given chunk into the ring-3 mapping cache.
3569 *
3570 * This will call ring-0.
3571 *
3572 * @returns VBox status code.
3573 * @param pVM The VM handle.
3574 * @param idChunk The chunk in question.
3575 * @param ppChunk Where to store the chunk tracking structure.
3576 *
3577 * @remarks Called from within the PGM critical section.
3578 * @remarks Can be called from any thread!
3579 */
3580int pgmR3PhysChunkMap(PVM pVM, uint32_t idChunk, PPPGMCHUNKR3MAP ppChunk)
3581{
3582 int rc;
3583
3584 Assert(PGMIsLockOwner(pVM));
3585 /*
3586 * Allocate a new tracking structure first.
3587 */
3588#ifdef VBOX_WITH_2X_4GB_ADDR_SPACE
3589 PPGMCHUNKR3MAP pChunk = (PPGMCHUNKR3MAP)MMR3HeapAllocZ(pVM, MM_TAG_PGM_CHUNK_MAPPING, sizeof(*pChunk));
3590#else
3591 PPGMCHUNKR3MAP pChunk = (PPGMCHUNKR3MAP)MMR3UkHeapAllocZ(pVM, MM_TAG_PGM_CHUNK_MAPPING, sizeof(*pChunk), NULL);
3592#endif
3593 AssertReturn(pChunk, VERR_NO_MEMORY);
3594 pChunk->Core.Key = idChunk;
3595
3596 /*
3597 * Request the ring-0 part to map the chunk in question.
3598 */
3599 GMMMAPUNMAPCHUNKREQ Req;
3600 Req.Hdr.u32Magic = SUPVMMR0REQHDR_MAGIC;
3601 Req.Hdr.cbReq = sizeof(Req);
3602 Req.pvR3 = NULL;
3603 Req.idChunkMap = idChunk;
3604 Req.idChunkUnmap = NIL_GMM_CHUNKID;
3605
3606 /* Must be callable from any thread, so can't use VMMR3CallR0. */
3607 STAM_PROFILE_START(&pVM->pgm.s.CTX_SUFF(pStats)->StatChunkMap, a);
3608 rc = SUPR3CallVMMR0Ex(pVM->pVMR0, NIL_VMCPUID, VMMR0_DO_GMM_MAP_UNMAP_CHUNK, 0, &Req.Hdr);
3609 STAM_PROFILE_STOP(&pVM->pgm.s.CTX_SUFF(pStats)->StatChunkMap, a);
3610 if (RT_SUCCESS(rc))
3611 {
3612 /*
3613 * Update the tree.
3614 */
3615 /* insert the new one. */
3616 AssertPtr(Req.pvR3);
3617 pChunk->pv = Req.pvR3;
3618 bool fRc = RTAvlU32Insert(&pVM->pgm.s.ChunkR3Map.pTree, &pChunk->Core);
3619 AssertRelease(fRc);
3620 pVM->pgm.s.ChunkR3Map.c++;
3621 pVM->pgm.s.cMappedChunks++;
3622
3623 /* If we're running out of virtual address space, then we should unmap another chunk. */
3624 if (pVM->pgm.s.ChunkR3Map.c >= pVM->pgm.s.ChunkR3Map.cMax)
3625 {
3626#ifdef PGM_WITH_LARGE_ADDRESS_SPACE_ON_32_BIT_HOST
3627 /* Postpone the unmap operation (which requires a rendezvous operation) as we own the PGM lock here. */
3628 rc = VMR3ReqCallNoWaitU(pVM->pUVM, VMCPUID_ANY_QUEUE, (PFNRT)pgmR3PhysUnmapChunk, 1, pVM);
3629 AssertRC(rc);
3630#else
3631 AssertFatalFailed(); /* can't happen */
3632#endif
3633 }
3634 }
3635 else
3636 {
3637 AssertRC(rc);
3638#ifdef VBOX_WITH_2X_4GB_ADDR_SPACE
3639 MMR3HeapFree(pChunk);
3640#else
3641 MMR3UkHeapFree(pVM, pChunk, MM_TAG_PGM_CHUNK_MAPPING);
3642#endif
3643 pChunk = NULL;
3644 }
3645
3646 *ppChunk = pChunk;
3647 return rc;
3648}
3649
3650
3651/**
3652 * For VMMCALLRING3_PGM_MAP_CHUNK, considered internal.
3653 *
3654 * @returns see pgmR3PhysChunkMap.
3655 * @param pVM The VM handle.
3656 * @param idChunk The chunk to map.
3657 */
3658VMMR3DECL(int) PGMR3PhysChunkMap(PVM pVM, uint32_t idChunk)
3659{
3660 PPGMCHUNKR3MAP pChunk;
3661 int rc;
3662
3663 pgmLock(pVM);
3664 rc = pgmR3PhysChunkMap(pVM, idChunk, &pChunk);
3665 pgmUnlock(pVM);
3666 return rc;
3667}
3668
3669
3670/**
3671 * Invalidates the TLB for the ring-3 mapping cache.
3672 *
3673 * @param pVM The VM handle.
3674 */
3675VMMR3DECL(void) PGMR3PhysChunkInvalidateTLB(PVM pVM)
3676{
3677 pgmLock(pVM);
3678 for (unsigned i = 0; i < RT_ELEMENTS(pVM->pgm.s.ChunkR3Map.Tlb.aEntries); i++)
3679 {
3680 pVM->pgm.s.ChunkR3Map.Tlb.aEntries[i].idChunk = NIL_GMM_CHUNKID;
3681 pVM->pgm.s.ChunkR3Map.Tlb.aEntries[i].pChunk = NULL;
3682 }
3683 /* The page map TLB references chunks, so invalidate that one too. */
3684 PGMPhysInvalidatePageMapTLB(pVM);
3685 pgmUnlock(pVM);
3686}
3687
3688
3689/**
3690 * Response to VMMCALLRING3_PGM_ALLOCATE_LARGE_PAGE to allocate a large (2MB) page
3691 * for use with a nested paging PDE.
3692 *
3693 * @returns The following VBox status codes.
3694 * @retval VINF_SUCCESS on success.
3695 * @retval VINF_EM_NO_MEMORY if we're out of memory.
3696 *
3697 * @param pVM The VM handle.
3698 * @param GCPhys GC physical start address of the 2 MB range
3699 */
3700VMMR3DECL(int) PGMR3PhysAllocateLargeHandyPage(PVM pVM, RTGCPHYS GCPhys)
3701{
3702 pgmLock(pVM);
3703
3704 STAM_PROFILE_START(&pVM->pgm.s.CTX_SUFF(pStats)->StatAllocLargePage, a);
3705 int rc = VMMR3CallR0(pVM, VMMR0_DO_PGM_ALLOCATE_LARGE_HANDY_PAGE, 0, NULL);
3706 STAM_PROFILE_STOP(&pVM->pgm.s.CTX_SUFF(pStats)->StatAllocLargePage, a);
3707 if (RT_SUCCESS(rc))
3708 {
3709 Assert(pVM->pgm.s.cLargeHandyPages == 1);
3710
3711 uint32_t idPage = pVM->pgm.s.aLargeHandyPage[0].idPage;
3712 RTHCPHYS HCPhys = pVM->pgm.s.aLargeHandyPage[0].HCPhysGCPhys;
3713
3714 void *pv;
3715
3716 /* Map the large page into our address space.
3717 *
3718 * Note: assuming that within the 2 MB range:
3719 * - GCPhys + PAGE_SIZE = HCPhys + PAGE_SIZE (whole point of this exercise)
3720 * - user space mapping is continuous as well
3721 * - page id (GCPhys) + 1 = page id (GCPhys + PAGE_SIZE)
3722 */
3723 rc = pgmPhysPageMapByPageID(pVM, idPage, HCPhys, &pv);
3724 AssertLogRelMsg(RT_SUCCESS(rc), ("idPage=%#x HCPhysGCPhys=%RHp rc=%Rrc\n", idPage, HCPhys, rc));
3725
3726 if (RT_SUCCESS(rc))
3727 {
3728 /*
3729 * Clear the pages.
3730 */
3731 STAM_PROFILE_START(&pVM->pgm.s.CTX_SUFF(pStats)->StatClearLargePage, b);
3732 for (unsigned i = 0; i < _2M/PAGE_SIZE; i++)
3733 {
3734 ASMMemZeroPage(pv);
3735
3736 PPGMPAGE pPage;
3737 rc = pgmPhysGetPageEx(&pVM->pgm.s, GCPhys, &pPage);
3738 AssertRC(rc);
3739
3740 Assert(PGM_PAGE_IS_ZERO(pPage));
3741 STAM_COUNTER_INC(&pVM->pgm.s.CTX_SUFF(pStats)->StatRZPageReplaceZero);
3742 pVM->pgm.s.cZeroPages--;
3743
3744 /*
3745 * Do the PGMPAGE modifications.
3746 */
3747 pVM->pgm.s.cPrivatePages++;
3748 PGM_PAGE_SET_HCPHYS(pPage, HCPhys);
3749 PGM_PAGE_SET_PAGEID(pPage, idPage);
3750 PGM_PAGE_SET_STATE(pPage, PGM_PAGE_STATE_ALLOCATED);
3751 PGM_PAGE_SET_PDE_TYPE(pPage, PGM_PAGE_PDE_TYPE_PDE);
3752 PGM_PAGE_SET_PTE_INDEX(pPage, 0);
3753 PGM_PAGE_SET_TRACKING(pPage, 0);
3754
3755 /* Somewhat dirty assumption that page ids are increasing. */
3756 idPage++;
3757
3758 HCPhys += PAGE_SIZE;
3759 GCPhys += PAGE_SIZE;
3760
3761 pv = (void *)((uintptr_t)pv + PAGE_SIZE);
3762
3763 Log3(("PGMR3PhysAllocateLargePage: idPage=%#x HCPhys=%RGp\n", idPage, HCPhys));
3764 }
3765 STAM_PROFILE_STOP(&pVM->pgm.s.CTX_SUFF(pStats)->StatClearLargePage, b);
3766
3767 /* Flush all TLBs. */
3768 PGM_INVL_ALL_VCPU_TLBS(pVM);
3769 PGMPhysInvalidatePageMapTLB(pVM);
3770 }
3771 pVM->pgm.s.cLargeHandyPages = 0;
3772 }
3773
3774 pgmUnlock(pVM);
3775 return rc;
3776}
3777
3778
3779/**
3780 * Response to VM_FF_PGM_NEED_HANDY_PAGES and VMMCALLRING3_PGM_ALLOCATE_HANDY_PAGES.
3781 *
3782 * This function will also work the VM_FF_PGM_NO_MEMORY force action flag, to
3783 * signal and clear the out of memory condition. When contracted, this API is
3784 * used to try clear the condition when the user wants to resume.
3785 *
3786 * @returns The following VBox status codes.
3787 * @retval VINF_SUCCESS on success. FFs cleared.
3788 * @retval VINF_EM_NO_MEMORY if we're out of memory. The FF is not cleared in
3789 * this case and it gets accompanied by VM_FF_PGM_NO_MEMORY.
3790 *
3791 * @param pVM The VM handle.
3792 *
3793 * @remarks The VINF_EM_NO_MEMORY status is for the benefit of the FF processing
3794 * in EM.cpp and shouldn't be propagated outside TRPM, HWACCM, EM and
3795 * pgmPhysEnsureHandyPage. There is one exception to this in the \#PF
3796 * handler.
3797 */
3798VMMR3DECL(int) PGMR3PhysAllocateHandyPages(PVM pVM)
3799{
3800 pgmLock(pVM);
3801
3802 /*
3803 * Allocate more pages, noting down the index of the first new page.
3804 */
3805 uint32_t iClear = pVM->pgm.s.cHandyPages;
3806 AssertMsgReturn(iClear <= RT_ELEMENTS(pVM->pgm.s.aHandyPages), ("%d", iClear), VERR_INTERNAL_ERROR);
3807 Log(("PGMR3PhysAllocateHandyPages: %d -> %d\n", iClear, RT_ELEMENTS(pVM->pgm.s.aHandyPages)));
3808 int rcAlloc = VINF_SUCCESS;
3809 int rcSeed = VINF_SUCCESS;
3810 int rc = VMMR3CallR0(pVM, VMMR0_DO_PGM_ALLOCATE_HANDY_PAGES, 0, NULL);
3811 while (rc == VERR_GMM_SEED_ME)
3812 {
3813 void *pvChunk;
3814 rcAlloc = rc = SUPR3PageAlloc(GMM_CHUNK_SIZE >> PAGE_SHIFT, &pvChunk);
3815 if (RT_SUCCESS(rc))
3816 {
3817 rcSeed = rc = VMMR3CallR0(pVM, VMMR0_DO_GMM_SEED_CHUNK, (uintptr_t)pvChunk, NULL);
3818 if (RT_FAILURE(rc))
3819 SUPR3PageFree(pvChunk, GMM_CHUNK_SIZE >> PAGE_SHIFT);
3820 }
3821 if (RT_SUCCESS(rc))
3822 rc = VMMR3CallR0(pVM, VMMR0_DO_PGM_ALLOCATE_HANDY_PAGES, 0, NULL);
3823 }
3824
3825 /* todo: we should split this up into an allocate and flush operation. sometimes you want to flush and not allocate more (which will trigger the vm account limit error) */
3826 if ( rc == VERR_GMM_HIT_VM_ACCOUNT_LIMIT
3827 && pVM->pgm.s.cHandyPages > 0)
3828 {
3829 /* Still handy pages left, so don't panic. */
3830 rc = VINF_SUCCESS;
3831 }
3832
3833 if (RT_SUCCESS(rc))
3834 {
3835 AssertMsg(rc == VINF_SUCCESS, ("%Rrc\n", rc));
3836 Assert(pVM->pgm.s.cHandyPages > 0);
3837 VM_FF_CLEAR(pVM, VM_FF_PGM_NEED_HANDY_PAGES);
3838 VM_FF_CLEAR(pVM, VM_FF_PGM_NO_MEMORY);
3839
3840 /*
3841 * Clear the pages.
3842 */
3843 while (iClear < pVM->pgm.s.cHandyPages)
3844 {
3845 PGMMPAGEDESC pPage = &pVM->pgm.s.aHandyPages[iClear];
3846 void *pv;
3847 rc = pgmPhysPageMapByPageID(pVM, pPage->idPage, pPage->HCPhysGCPhys, &pv);
3848 AssertLogRelMsgBreak(RT_SUCCESS(rc), ("idPage=%#x HCPhysGCPhys=%RHp rc=%Rrc\n", pPage->idPage, pPage->HCPhysGCPhys, rc));
3849 ASMMemZeroPage(pv);
3850 iClear++;
3851 Log3(("PGMR3PhysAllocateHandyPages: idPage=%#x HCPhys=%RGp\n", pPage->idPage, pPage->HCPhysGCPhys));
3852 }
3853 }
3854 else
3855 {
3856 uint64_t cAllocPages, cMaxPages, cBalloonPages;
3857
3858 /*
3859 * We should never get here unless there is a genuine shortage of
3860 * memory (or some internal error). Flag the error so the VM can be
3861 * suspended ASAP and the user informed. If we're totally out of
3862 * handy pages we will return failure.
3863 */
3864 /* Report the failure. */
3865 LogRel(("PGM: Failed to procure handy pages; rc=%Rrc rcAlloc=%Rrc rcSeed=%Rrc cHandyPages=%#x\n"
3866 " cAllPages=%#x cPrivatePages=%#x cSharedPages=%#x cZeroPages=%#x\n",
3867 rc, rcAlloc, rcSeed,
3868 pVM->pgm.s.cHandyPages,
3869 pVM->pgm.s.cAllPages,
3870 pVM->pgm.s.cPrivatePages,
3871 pVM->pgm.s.cSharedPages,
3872 pVM->pgm.s.cZeroPages));
3873
3874 if (GMMR3QueryMemoryStats(pVM, &cAllocPages, &cMaxPages, &cBalloonPages) == VINF_SUCCESS)
3875 {
3876 LogRel(("GMM: Statistics:\n"
3877 " Allocated pages: %RX64\n"
3878 " Maximum pages: %RX64\n"
3879 " Ballooned pages: %RX64\n", cAllocPages, cMaxPages, cBalloonPages));
3880 }
3881
3882 if ( rc != VERR_NO_MEMORY
3883 && rc != VERR_LOCK_FAILED)
3884 {
3885 for (uint32_t i = 0; i < RT_ELEMENTS(pVM->pgm.s.aHandyPages); i++)
3886 {
3887 LogRel(("PGM: aHandyPages[#%#04x] = {.HCPhysGCPhys=%RHp, .idPage=%#08x, .idSharedPage=%#08x}\n",
3888 i, pVM->pgm.s.aHandyPages[i].HCPhysGCPhys, pVM->pgm.s.aHandyPages[i].idPage,
3889 pVM->pgm.s.aHandyPages[i].idSharedPage));
3890 uint32_t const idPage = pVM->pgm.s.aHandyPages[i].idPage;
3891 if (idPage != NIL_GMM_PAGEID)
3892 {
3893 for (PPGMRAMRANGE pRam = pVM->pgm.s.pRamRangesR3;
3894 pRam;
3895 pRam = pRam->pNextR3)
3896 {
3897 uint32_t const cPages = pRam->cb >> PAGE_SHIFT;
3898 for (uint32_t iPage = 0; iPage < cPages; iPage++)
3899 if (PGM_PAGE_GET_PAGEID(&pRam->aPages[iPage]) == idPage)
3900 LogRel(("PGM: Used by %RGp %R[pgmpage] (%s)\n",
3901 pRam->GCPhys + ((RTGCPHYS)iPage << PAGE_SHIFT), &pRam->aPages[iPage], pRam->pszDesc));
3902 }
3903 }
3904 }
3905 }
3906
3907 /* Set the FFs and adjust rc. */
3908 VM_FF_SET(pVM, VM_FF_PGM_NEED_HANDY_PAGES);
3909 VM_FF_SET(pVM, VM_FF_PGM_NO_MEMORY);
3910 if ( rc == VERR_NO_MEMORY
3911 || rc == VERR_LOCK_FAILED)
3912 rc = VINF_EM_NO_MEMORY;
3913 }
3914
3915 pgmUnlock(pVM);
3916 return rc;
3917}
3918
3919
3920/**
3921 * Frees the specified RAM page and replaces it with the ZERO page.
3922 *
3923 * This is used by ballooning, remapping MMIO2 and RAM reset.
3924 *
3925 * @param pVM Pointer to the shared VM structure.
3926 * @param pReq Pointer to the request.
3927 * @param pPage Pointer to the page structure.
3928 * @param GCPhys The guest physical address of the page, if applicable.
3929 *
3930 * @remarks The caller must own the PGM lock.
3931 */
3932int pgmPhysFreePage(PVM pVM, PGMMFREEPAGESREQ pReq, uint32_t *pcPendingPages, PPGMPAGE pPage, RTGCPHYS GCPhys)
3933{
3934 /*
3935 * Assert sanity.
3936 */
3937 Assert(PGMIsLockOwner(pVM));
3938 if (RT_UNLIKELY( PGM_PAGE_GET_TYPE(pPage) != PGMPAGETYPE_RAM
3939 && PGM_PAGE_GET_TYPE(pPage) != PGMPAGETYPE_ROM_SHADOW))
3940 {
3941 AssertMsgFailed(("GCPhys=%RGp pPage=%R[pgmpage]\n", GCPhys, pPage));
3942 return VMSetError(pVM, VERR_PGM_PHYS_NOT_RAM, RT_SRC_POS, "GCPhys=%RGp type=%d", GCPhys, PGM_PAGE_GET_TYPE(pPage));
3943 }
3944
3945 if ( PGM_PAGE_IS_ZERO(pPage)
3946 || PGM_PAGE_IS_BALLOONED(pPage))
3947 return VINF_SUCCESS;
3948
3949 const uint32_t idPage = PGM_PAGE_GET_PAGEID(pPage);
3950 Log3(("pgmPhysFreePage: idPage=%#x HCPhys=%RGp pPage=%R[pgmpage]\n", idPage, pPage));
3951 if (RT_UNLIKELY( idPage == NIL_GMM_PAGEID
3952 || idPage > GMM_PAGEID_LAST
3953 || PGM_PAGE_GET_CHUNKID(pPage) == NIL_GMM_CHUNKID))
3954 {
3955 AssertMsgFailed(("GCPhys=%RGp pPage=%R[pgmpage]\n", GCPhys, pPage));
3956 return VMSetError(pVM, VERR_PGM_PHYS_INVALID_PAGE_ID, RT_SRC_POS, "GCPhys=%RGp idPage=%#x", GCPhys, pPage);
3957 }
3958
3959 /* update page count stats. */
3960 if (PGM_PAGE_IS_SHARED(pPage))
3961 pVM->pgm.s.cSharedPages--;
3962 else
3963 pVM->pgm.s.cPrivatePages--;
3964 pVM->pgm.s.cZeroPages++;
3965
3966 /* Deal with write monitored pages. */
3967 if (PGM_PAGE_GET_STATE(pPage) == PGM_PAGE_STATE_WRITE_MONITORED)
3968 {
3969 PGM_PAGE_SET_WRITTEN_TO(pPage);
3970 pVM->pgm.s.cWrittenToPages++;
3971 }
3972
3973 /*
3974 * pPage = ZERO page.
3975 */
3976 PGM_PAGE_SET_HCPHYS(pPage, pVM->pgm.s.HCPhysZeroPg);
3977 PGM_PAGE_SET_STATE(pPage, PGM_PAGE_STATE_ZERO);
3978 PGM_PAGE_SET_PAGEID(pPage, NIL_GMM_PAGEID);
3979 PGM_PAGE_SET_PDE_TYPE(pPage, PGM_PAGE_PDE_TYPE_DONTCARE);
3980 PGM_PAGE_SET_PTE_INDEX(pPage, 0);
3981 PGM_PAGE_SET_TRACKING(pPage, 0);
3982
3983 /* Flush physical page map TLB entry. */
3984 PGMPhysInvalidatePageMapTLBEntry(pVM, GCPhys);
3985
3986 /*
3987 * Make sure it's not in the handy page array.
3988 */
3989 for (uint32_t i = pVM->pgm.s.cHandyPages; i < RT_ELEMENTS(pVM->pgm.s.aHandyPages); i++)
3990 {
3991 if (pVM->pgm.s.aHandyPages[i].idPage == idPage)
3992 {
3993 pVM->pgm.s.aHandyPages[i].idPage = NIL_GMM_PAGEID;
3994 break;
3995 }
3996 if (pVM->pgm.s.aHandyPages[i].idSharedPage == idPage)
3997 {
3998 pVM->pgm.s.aHandyPages[i].idSharedPage = NIL_GMM_PAGEID;
3999 break;
4000 }
4001 }
4002
4003 /*
4004 * Push it onto the page array.
4005 */
4006 uint32_t iPage = *pcPendingPages;
4007 Assert(iPage < PGMPHYS_FREE_PAGE_BATCH_SIZE);
4008 *pcPendingPages += 1;
4009
4010 pReq->aPages[iPage].idPage = idPage;
4011
4012 if (iPage + 1 < PGMPHYS_FREE_PAGE_BATCH_SIZE)
4013 return VINF_SUCCESS;
4014
4015 /*
4016 * Flush the pages.
4017 */
4018 int rc = GMMR3FreePagesPerform(pVM, pReq, PGMPHYS_FREE_PAGE_BATCH_SIZE);
4019 if (RT_SUCCESS(rc))
4020 {
4021 GMMR3FreePagesRePrep(pVM, pReq, PGMPHYS_FREE_PAGE_BATCH_SIZE, GMMACCOUNT_BASE);
4022 *pcPendingPages = 0;
4023 }
4024 return rc;
4025}
4026
4027
4028/**
4029 * Converts a GC physical address to a HC ring-3 pointer, with some
4030 * additional checks.
4031 *
4032 * @returns VBox status code.
4033 * @retval VINF_SUCCESS on success.
4034 * @retval VINF_PGM_PHYS_TLB_CATCH_WRITE and *ppv set if the page has a write
4035 * access handler of some kind.
4036 * @retval VERR_PGM_PHYS_TLB_CATCH_ALL if the page has a handler catching all
4037 * accesses or is odd in any way.
4038 * @retval VERR_PGM_PHYS_TLB_UNASSIGNED if the page doesn't exist.
4039 *
4040 * @param pVM The VM handle.
4041 * @param GCPhys The GC physical address to convert.
4042 * @param fWritable Whether write access is required.
4043 * @param ppv Where to store the pointer corresponding to GCPhys on
4044 * success.
4045 */
4046VMMR3DECL(int) PGMR3PhysTlbGCPhys2Ptr(PVM pVM, RTGCPHYS GCPhys, bool fWritable, void **ppv)
4047{
4048 pgmLock(pVM);
4049
4050 PPGMRAMRANGE pRam;
4051 PPGMPAGE pPage;
4052 int rc = pgmPhysGetPageAndRangeEx(&pVM->pgm.s, GCPhys, &pPage, &pRam);
4053 if (RT_SUCCESS(rc))
4054 {
4055 if (PGM_PAGE_IS_BALLOONED(pPage))
4056 rc = VINF_PGM_PHYS_TLB_CATCH_WRITE;
4057 else if (!PGM_PAGE_HAS_ANY_HANDLERS(pPage))
4058 rc = VINF_SUCCESS;
4059 else
4060 {
4061 if (PGM_PAGE_HAS_ACTIVE_ALL_HANDLERS(pPage)) /* catches MMIO */
4062 rc = VERR_PGM_PHYS_TLB_CATCH_ALL;
4063 else if (PGM_PAGE_HAS_ACTIVE_HANDLERS(pPage))
4064 {
4065 /** @todo Handle TLB loads of virtual handlers so ./test.sh can be made to work
4066 * in -norawr0 mode. */
4067 if (fWritable)
4068 rc = VINF_PGM_PHYS_TLB_CATCH_WRITE;
4069 }
4070 else
4071 {
4072 /* Temporarily disabled physical handler(s), since the recompiler
4073 doesn't get notified when it's reset we'll have to pretend it's
4074 operating normally. */
4075 if (pgmHandlerPhysicalIsAll(pVM, GCPhys))
4076 rc = VERR_PGM_PHYS_TLB_CATCH_ALL;
4077 else
4078 rc = VINF_PGM_PHYS_TLB_CATCH_WRITE;
4079 }
4080 }
4081 if (RT_SUCCESS(rc))
4082 {
4083 int rc2;
4084
4085 /* Make sure what we return is writable. */
4086 if (fWritable)
4087 switch (PGM_PAGE_GET_STATE(pPage))
4088 {
4089 case PGM_PAGE_STATE_ALLOCATED:
4090 break;
4091 case PGM_PAGE_STATE_BALLOONED:
4092 AssertFailed();
4093 break;
4094 case PGM_PAGE_STATE_ZERO:
4095 case PGM_PAGE_STATE_SHARED:
4096 if (rc == VINF_PGM_PHYS_TLB_CATCH_WRITE)
4097 break;
4098 case PGM_PAGE_STATE_WRITE_MONITORED:
4099 rc2 = pgmPhysPageMakeWritable(pVM, pPage, GCPhys & ~(RTGCPHYS)PAGE_OFFSET_MASK);
4100 AssertLogRelRCReturn(rc2, rc2);
4101 break;
4102 }
4103
4104 /* Get a ring-3 mapping of the address. */
4105 PPGMPAGER3MAPTLBE pTlbe;
4106 rc2 = pgmPhysPageQueryTlbe(&pVM->pgm.s, GCPhys, &pTlbe);
4107 AssertLogRelRCReturn(rc2, rc2);
4108 *ppv = (void *)((uintptr_t)pTlbe->pv | (uintptr_t)(GCPhys & PAGE_OFFSET_MASK));
4109 /** @todo mapping/locking hell; this isn't horribly efficient since
4110 * pgmPhysPageLoadIntoTlb will repeat the lookup we've done here. */
4111
4112 Log6(("PGMR3PhysTlbGCPhys2Ptr: GCPhys=%RGp rc=%Rrc pPage=%R[pgmpage] *ppv=%p\n", GCPhys, rc, pPage, *ppv));
4113 }
4114 else
4115 Log6(("PGMR3PhysTlbGCPhys2Ptr: GCPhys=%RGp rc=%Rrc pPage=%R[pgmpage]\n", GCPhys, rc, pPage));
4116
4117 /* else: handler catching all access, no pointer returned. */
4118 }
4119 else
4120 rc = VERR_PGM_PHYS_TLB_UNASSIGNED;
4121
4122 pgmUnlock(pVM);
4123 return rc;
4124}
4125
Note: See TracBrowser for help on using the repository browser.

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette