VirtualBox

source: vbox/trunk/src/VBox/VMM/VMMAll/PGMAllBth.h@ 86651

Last change on this file since 86651 was 86554, checked in by vboxsync, 4 years ago

VMM/PGMAllBth.h: Fixed inverted assertion in InvalidatePage/AMD64AMD64 code. bugref:9746

  • Property svn:eol-style set to native
  • Property svn:keywords set to Id Revision
File size: 199.3 KB
Line 
1/* $Id: PGMAllBth.h 86554 2020-10-13 07:41:08Z vboxsync $ */
2/** @file
3 * VBox - Page Manager, Shadow+Guest Paging Template - All context code.
4 *
5 * @remarks Extended page tables (intel) are built with PGM_GST_TYPE set to
6 * PGM_TYPE_PROT (and PGM_SHW_TYPE set to PGM_TYPE_EPT).
7 * bird: WTF does this mean these days? Looking at PGMAll.cpp it's
8 *
9 * @remarks This file is one big \#ifdef-orgy!
10 *
11 */
12
13/*
14 * Copyright (C) 2006-2020 Oracle Corporation
15 *
16 * This file is part of VirtualBox Open Source Edition (OSE), as
17 * available from http://www.virtualbox.org. This file is free software;
18 * you can redistribute it and/or modify it under the terms of the GNU
19 * General Public License (GPL) as published by the Free Software
20 * Foundation, in version 2 as it comes in the "COPYING" file of the
21 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
22 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
23 */
24
25#ifdef _MSC_VER
26/** @todo we're generating unnecessary code in nested/ept shadow mode and for
27 * real/prot-guest+RC mode. */
28# pragma warning(disable: 4505)
29#endif
30
31
32/*********************************************************************************************************************************
33* Internal Functions *
34*********************************************************************************************************************************/
35RT_C_DECLS_BEGIN
36PGM_BTH_DECL(int, Enter)(PVMCPUCC pVCpu, RTGCPHYS GCPhysCR3);
37#ifndef IN_RING3
38PGM_BTH_DECL(int, Trap0eHandler)(PVMCPUCC pVCpu, RTGCUINT uErr, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, bool *pfLockTaken);
39#endif
40PGM_BTH_DECL(int, InvalidatePage)(PVMCPUCC pVCpu, RTGCPTR GCPtrPage);
41static int PGM_BTH_NAME(SyncPage)(PVMCPUCC pVCpu, GSTPDE PdeSrc, RTGCPTR GCPtrPage, unsigned cPages, unsigned uErr);
42static int PGM_BTH_NAME(CheckDirtyPageFault)(PVMCPUCC pVCpu, uint32_t uErr, PSHWPDE pPdeDst, GSTPDE const *pPdeSrc, RTGCPTR GCPtrPage);
43static int PGM_BTH_NAME(SyncPT)(PVMCPUCC pVCpu, unsigned iPD, PGSTPD pPDSrc, RTGCPTR GCPtrPage);
44#if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE)
45static void PGM_BTH_NAME(SyncPageWorker)(PVMCPUCC pVCpu, PSHWPTE pPteDst, GSTPDE PdeSrc, GSTPTE PteSrc, PPGMPOOLPAGE pShwPage, unsigned iPTDst);
46#else
47static void PGM_BTH_NAME(SyncPageWorker)(PVMCPUCC pVCpu, PSHWPTE pPteDst, RTGCPHYS GCPhysPage, PPGMPOOLPAGE pShwPage, unsigned iPTDst);
48#endif
49PGM_BTH_DECL(int, VerifyAccessSyncPage)(PVMCPUCC pVCpu, RTGCPTR Addr, unsigned fPage, unsigned uErr);
50PGM_BTH_DECL(int, PrefetchPage)(PVMCPUCC pVCpu, RTGCPTR GCPtrPage);
51PGM_BTH_DECL(int, SyncCR3)(PVMCPUCC pVCpu, uint64_t cr0, uint64_t cr3, uint64_t cr4, bool fGlobal);
52#ifdef VBOX_STRICT
53PGM_BTH_DECL(unsigned, AssertCR3)(PVMCPUCC pVCpu, uint64_t cr3, uint64_t cr4, RTGCPTR GCPtr = 0, RTGCPTR cb = ~(RTGCPTR)0);
54#endif
55PGM_BTH_DECL(int, MapCR3)(PVMCPUCC pVCpu, RTGCPHYS GCPhysCR3);
56PGM_BTH_DECL(int, UnmapCR3)(PVMCPUCC pVCpu);
57
58#ifdef IN_RING3
59PGM_BTH_DECL(int, Relocate)(PVMCPUCC pVCpu, RTGCPTR offDelta);
60#endif
61RT_C_DECLS_END
62
63
64
65
66/*
67 * Filter out some illegal combinations of guest and shadow paging, so we can
68 * remove redundant checks inside functions.
69 */
70#if PGM_GST_TYPE == PGM_TYPE_PAE && PGM_SHW_TYPE != PGM_TYPE_PAE \
71 && !PGM_TYPE_IS_NESTED_OR_EPT(PGM_SHW_TYPE) && PGM_SHW_TYPE != PGM_TYPE_NONE
72# error "Invalid combination; PAE guest implies PAE shadow"
73#endif
74
75#if (PGM_GST_TYPE == PGM_TYPE_REAL || PGM_GST_TYPE == PGM_TYPE_PROT) \
76 && !( PGM_SHW_TYPE == PGM_TYPE_32BIT || PGM_SHW_TYPE == PGM_TYPE_PAE || PGM_SHW_TYPE == PGM_TYPE_AMD64 \
77 || PGM_TYPE_IS_NESTED_OR_EPT(PGM_SHW_TYPE) || PGM_SHW_TYPE == PGM_TYPE_NONE)
78# error "Invalid combination; real or protected mode without paging implies 32 bits or PAE shadow paging."
79#endif
80
81#if (PGM_GST_TYPE == PGM_TYPE_32BIT || PGM_GST_TYPE == PGM_TYPE_PAE) \
82 && !( PGM_SHW_TYPE == PGM_TYPE_32BIT || PGM_SHW_TYPE == PGM_TYPE_PAE \
83 || PGM_TYPE_IS_NESTED_OR_EPT(PGM_SHW_TYPE) || PGM_SHW_TYPE == PGM_TYPE_NONE)
84# error "Invalid combination; 32 bits guest paging or PAE implies 32 bits or PAE shadow paging."
85#endif
86
87#if (PGM_GST_TYPE == PGM_TYPE_AMD64 && PGM_SHW_TYPE != PGM_TYPE_AMD64 && !PGM_TYPE_IS_NESTED_OR_EPT(PGM_SHW_TYPE) && PGM_SHW_TYPE != PGM_TYPE_NONE) \
88 || (PGM_SHW_TYPE == PGM_TYPE_AMD64 && PGM_GST_TYPE != PGM_TYPE_AMD64 && PGM_GST_TYPE != PGM_TYPE_PROT)
89# error "Invalid combination; AMD64 guest implies AMD64 shadow and vice versa"
90#endif
91
92
93/**
94 * Enters the shadow+guest mode.
95 *
96 * @returns VBox status code.
97 * @param pVCpu The cross context virtual CPU structure.
98 * @param GCPhysCR3 The physical address from the CR3 register.
99 */
100PGM_BTH_DECL(int, Enter)(PVMCPUCC pVCpu, RTGCPHYS GCPhysCR3)
101{
102 /* Here we deal with allocation of the root shadow page table for real and protected mode during mode switches;
103 * Other modes rely on MapCR3/UnmapCR3 to setup the shadow root page tables.
104 */
105#if ( ( PGM_SHW_TYPE == PGM_TYPE_32BIT \
106 || PGM_SHW_TYPE == PGM_TYPE_PAE \
107 || PGM_SHW_TYPE == PGM_TYPE_AMD64) \
108 && ( PGM_GST_TYPE == PGM_TYPE_REAL \
109 || PGM_GST_TYPE == PGM_TYPE_PROT))
110
111 PVMCC pVM = pVCpu->CTX_SUFF(pVM);
112
113 Assert((HMIsNestedPagingActive(pVM) || VM_IS_NEM_ENABLED(pVM)) == pVM->pgm.s.fNestedPaging);
114 Assert(!pVM->pgm.s.fNestedPaging);
115
116 pgmLock(pVM);
117 /* Note: we only really need shadow paging in real and protected mode for VT-x and AMD-V (excluding nested paging/EPT modes),
118 * but any calls to GC need a proper shadow page setup as well.
119 */
120 /* Free the previous root mapping if still active. */
121 PPGMPOOL pPool = pVM->pgm.s.CTX_SUFF(pPool);
122 PPGMPOOLPAGE pOldShwPageCR3 = pVCpu->pgm.s.CTX_SUFF(pShwPageCR3);
123 if (pOldShwPageCR3)
124 {
125 Assert(pOldShwPageCR3->enmKind != PGMPOOLKIND_FREE);
126
127 /* Mark the page as unlocked; allow flushing again. */
128 pgmPoolUnlockPage(pPool, pVCpu->pgm.s.CTX_SUFF(pShwPageCR3));
129
130# ifndef PGM_WITHOUT_MAPPINGS
131 /* Remove the hypervisor mappings from the shadow page table. */
132 pgmMapDeactivateCR3(pVM, pVCpu->pgm.s.CTX_SUFF(pShwPageCR3));
133# endif
134
135 pgmPoolFreeByPage(pPool, pOldShwPageCR3, NIL_PGMPOOL_IDX, UINT32_MAX);
136 pVCpu->pgm.s.pShwPageCR3R3 = NIL_RTR3PTR;
137 pVCpu->pgm.s.pShwPageCR3R0 = NIL_RTR0PTR;
138 }
139
140 /* construct a fake address. */
141 GCPhysCR3 = RT_BIT_64(63);
142 PPGMPOOLPAGE pNewShwPageCR3;
143 int rc = pgmPoolAlloc(pVM, GCPhysCR3, BTH_PGMPOOLKIND_ROOT, PGMPOOLACCESS_DONTCARE, PGM_A20_IS_ENABLED(pVCpu),
144 NIL_PGMPOOL_IDX, UINT32_MAX, false /*fLockPage*/,
145 &pNewShwPageCR3);
146 AssertRCReturn(rc, rc);
147
148 pVCpu->pgm.s.pShwPageCR3R3 = (R3PTRTYPE(PPGMPOOLPAGE))MMHyperCCToR3(pVM, pNewShwPageCR3);
149 pVCpu->pgm.s.pShwPageCR3R0 = (R0PTRTYPE(PPGMPOOLPAGE))MMHyperCCToR0(pVM, pNewShwPageCR3);
150
151 /* Mark the page as locked; disallow flushing. */
152 pgmPoolLockPage(pPool, pNewShwPageCR3);
153
154 /* Set the current hypervisor CR3. */
155 CPUMSetHyperCR3(pVCpu, PGMGetHyperCR3(pVCpu));
156
157# ifndef PGM_WITHOUT_MAPPINGS
158 /* Apply all hypervisor mappings to the new CR3. */
159 rc = pgmMapActivateCR3(pVM, pNewShwPageCR3);
160# endif
161
162 pgmUnlock(pVM);
163 return rc;
164#else
165 NOREF(pVCpu); NOREF(GCPhysCR3);
166 return VINF_SUCCESS;
167#endif
168}
169
170
171#ifndef IN_RING3
172
173# if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE)
174/**
175 * Deal with a guest page fault.
176 *
177 * @returns Strict VBox status code.
178 * @retval VINF_EM_RAW_GUEST_TRAP
179 * @retval VINF_EM_RAW_EMULATE_INSTR
180 *
181 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
182 * @param pGstWalk The guest page table walk result.
183 * @param uErr The error code.
184 */
185PGM_BTH_DECL(VBOXSTRICTRC, Trap0eHandlerGuestFault)(PVMCPUCC pVCpu, PGSTPTWALK pGstWalk, RTGCUINT uErr)
186{
187# if !defined(PGM_WITHOUT_MAPPINGS) && (PGM_GST_TYPE == PGM_TYPE_32BIT || PGM_GST_TYPE == PGM_TYPE_PAE)
188 /*
189 * Check for write conflicts with our hypervisor mapping.
190 *
191 * If the guest happens to access a non-present page, where our hypervisor
192 * is currently mapped, then we'll create a #PF storm in the guest.
193 */
194 if ( (uErr & (X86_TRAP_PF_P | X86_TRAP_PF_RW)) == (X86_TRAP_PF_P | X86_TRAP_PF_RW)
195 && pgmMapAreMappingsEnabled(pVCpu->CTX_SUFF(pVM))
196 && MMHyperIsInsideArea(pVCpu->CTX_SUFF(pVM), pGstWalk->Core.GCPtr))
197 {
198 /* Force a CR3 sync to check for conflicts and emulate the instruction. */
199 VMCPU_FF_SET(pVCpu, VMCPU_FF_PGM_SYNC_CR3);
200 STAM_STATS({ pVCpu->pgm.s.CTX_SUFF(pStatTrap0eAttribution) = &pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eTime2GuestTrap; });
201 return VINF_EM_RAW_EMULATE_INSTR;
202 }
203# endif
204
205 /*
206 * Calc the error code for the guest trap.
207 */
208 uint32_t uNewErr = GST_IS_NX_ACTIVE(pVCpu)
209 ? uErr & (X86_TRAP_PF_RW | X86_TRAP_PF_US | X86_TRAP_PF_ID)
210 : uErr & (X86_TRAP_PF_RW | X86_TRAP_PF_US);
211 if ( pGstWalk->Core.fRsvdError
212 || pGstWalk->Core.fBadPhysAddr)
213 {
214 uNewErr |= X86_TRAP_PF_RSVD | X86_TRAP_PF_P;
215 Assert(!pGstWalk->Core.fNotPresent);
216 }
217 else if (!pGstWalk->Core.fNotPresent)
218 uNewErr |= X86_TRAP_PF_P;
219 TRPMSetErrorCode(pVCpu, uNewErr);
220
221 LogFlow(("Guest trap; cr2=%RGv uErr=%RGv lvl=%d\n", pGstWalk->Core.GCPtr, uErr, pGstWalk->Core.uLevel));
222 STAM_STATS({ pVCpu->pgm.s.CTX_SUFF(pStatTrap0eAttribution) = &pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eTime2GuestTrap; });
223 return VINF_EM_RAW_GUEST_TRAP;
224}
225# endif /* PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE) */
226
227
228#if !PGM_TYPE_IS_NESTED(PGM_SHW_TYPE) && PGM_SHW_TYPE != PGM_TYPE_NONE
229/**
230 * Deal with a guest page fault.
231 *
232 * The caller has taken the PGM lock.
233 *
234 * @returns Strict VBox status code.
235 *
236 * @param pVCpu The cross context virtual CPU structure of the calling EMT.
237 * @param uErr The error code.
238 * @param pRegFrame The register frame.
239 * @param pvFault The fault address.
240 * @param pPage The guest page at @a pvFault.
241 * @param pGstWalk The guest page table walk result.
242 * @param pfLockTaken PGM lock taken here or not (out). This is true
243 * when we're called.
244 */
245static VBOXSTRICTRC PGM_BTH_NAME(Trap0eHandlerDoAccessHandlers)(PVMCPUCC pVCpu, RTGCUINT uErr, PCPUMCTXCORE pRegFrame,
246 RTGCPTR pvFault, PPGMPAGE pPage, bool *pfLockTaken
247# if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE) || defined(DOXYGEN_RUNNING)
248 , PGSTPTWALK pGstWalk
249# endif
250 )
251{
252# if !PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE)
253 GSTPDE const PdeSrcDummy = { X86_PDE_P | X86_PDE_US | X86_PDE_RW | X86_PDE_A };
254# endif
255 PVMCC pVM = pVCpu->CTX_SUFF(pVM);
256 VBOXSTRICTRC rcStrict;
257
258 if (PGM_PAGE_HAS_ANY_PHYSICAL_HANDLERS(pPage))
259 {
260 /*
261 * Physical page access handler.
262 */
263# if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE)
264 const RTGCPHYS GCPhysFault = pGstWalk->Core.GCPhys;
265# else
266 const RTGCPHYS GCPhysFault = PGM_A20_APPLY(pVCpu, (RTGCPHYS)pvFault);
267# endif
268 PPGMPHYSHANDLER pCur = pgmHandlerPhysicalLookup(pVM, GCPhysFault);
269 if (pCur)
270 {
271 PPGMPHYSHANDLERTYPEINT pCurType = PGMPHYSHANDLER_GET_TYPE(pVM, pCur);
272
273# ifdef PGM_SYNC_N_PAGES
274 /*
275 * If the region is write protected and we got a page not present fault, then sync
276 * the pages. If the fault was caused by a read, then restart the instruction.
277 * In case of write access continue to the GC write handler.
278 *
279 * ASSUMES that there is only one handler per page or that they have similar write properties.
280 */
281 if ( !(uErr & X86_TRAP_PF_P)
282 && pCurType->enmKind == PGMPHYSHANDLERKIND_WRITE)
283 {
284# if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE)
285 rcStrict = PGM_BTH_NAME(SyncPage)(pVCpu, pGstWalk->Pde, pvFault, PGM_SYNC_NR_PAGES, uErr);
286# else
287 rcStrict = PGM_BTH_NAME(SyncPage)(pVCpu, PdeSrcDummy, pvFault, PGM_SYNC_NR_PAGES, uErr);
288# endif
289 if ( RT_FAILURE(rcStrict)
290 || !(uErr & X86_TRAP_PF_RW)
291 || rcStrict == VINF_PGM_SYNCPAGE_MODIFIED_PDE)
292 {
293 AssertMsgRC(rcStrict, ("%Rrc\n", VBOXSTRICTRC_VAL(rcStrict)));
294 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eHandlersOutOfSync);
295 STAM_STATS({ pVCpu->pgm.s.CTX_SUFF(pStatTrap0eAttribution) = &pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eTime2OutOfSyncHndPhys; });
296 return rcStrict;
297 }
298 }
299# endif
300# ifdef PGM_WITH_MMIO_OPTIMIZATIONS
301 /*
302 * If the access was not thru a #PF(RSVD|...) resync the page.
303 */
304 if ( !(uErr & X86_TRAP_PF_RSVD)
305 && pCurType->enmKind != PGMPHYSHANDLERKIND_WRITE
306# if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE)
307 && pGstWalk->Core.fEffectiveRW
308 && !pGstWalk->Core.fEffectiveUS /** @todo Remove pGstWalk->Core.fEffectiveUS and X86_PTE_US further down in the sync code. */
309# endif
310 )
311 {
312# if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE)
313 rcStrict = PGM_BTH_NAME(SyncPage)(pVCpu, pGstWalk->Pde, pvFault, PGM_SYNC_NR_PAGES, uErr);
314# else
315 rcStrict = PGM_BTH_NAME(SyncPage)(pVCpu, PdeSrcDummy, pvFault, PGM_SYNC_NR_PAGES, uErr);
316# endif
317 if ( RT_FAILURE(rcStrict)
318 || rcStrict == VINF_PGM_SYNCPAGE_MODIFIED_PDE)
319 {
320 AssertMsgRC(rcStrict, ("%Rrc\n", VBOXSTRICTRC_VAL(rcStrict)));
321 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eHandlersOutOfSync);
322 STAM_STATS({ pVCpu->pgm.s.CTX_SUFF(pStatTrap0eAttribution) = &pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eTime2OutOfSyncHndPhys; });
323 return rcStrict;
324 }
325 }
326# endif
327
328 AssertMsg( pCurType->enmKind != PGMPHYSHANDLERKIND_WRITE
329 || (pCurType->enmKind == PGMPHYSHANDLERKIND_WRITE && (uErr & X86_TRAP_PF_RW)),
330 ("Unexpected trap for physical handler: %08X (phys=%08x) pPage=%R[pgmpage] uErr=%X, enmKind=%d\n",
331 pvFault, GCPhysFault, pPage, uErr, pCurType->enmKind));
332 if (pCurType->enmKind == PGMPHYSHANDLERKIND_WRITE)
333 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eHandlersPhysWrite);
334 else
335 {
336 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eHandlersPhysAll);
337 if (uErr & X86_TRAP_PF_RSVD) STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eHandlersPhysAllOpt);
338 }
339
340 if (pCurType->CTX_SUFF(pfnPfHandler))
341 {
342 PPGMPOOL pPool = pVM->pgm.s.CTX_SUFF(pPool);
343 void *pvUser = pCur->CTX_SUFF(pvUser);
344
345 STAM_PROFILE_START(&pCur->Stat, h);
346 if (pCur->hType != pPool->hAccessHandlerType)
347 {
348 pgmUnlock(pVM);
349 *pfLockTaken = false;
350 }
351
352 rcStrict = pCurType->CTX_SUFF(pfnPfHandler)(pVM, pVCpu, uErr, pRegFrame, pvFault, GCPhysFault, pvUser);
353
354# ifdef VBOX_WITH_STATISTICS
355 pgmLock(pVM);
356 pCur = pgmHandlerPhysicalLookup(pVM, GCPhysFault);
357 if (pCur)
358 STAM_PROFILE_STOP(&pCur->Stat, h);
359 pgmUnlock(pVM);
360# endif
361 }
362 else
363 rcStrict = VINF_EM_RAW_EMULATE_INSTR;
364
365 STAM_STATS({ pVCpu->pgm.s.CTX_SUFF(pStatTrap0eAttribution) = &pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eTime2HndPhys; });
366 return rcStrict;
367 }
368 }
369
370 /*
371 * There is a handled area of the page, but this fault doesn't belong to it.
372 * We must emulate the instruction.
373 *
374 * To avoid crashing (non-fatal) in the interpreter and go back to the recompiler
375 * we first check if this was a page-not-present fault for a page with only
376 * write access handlers. Restart the instruction if it wasn't a write access.
377 */
378 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eHandlersUnhandled);
379
380 if ( !PGM_PAGE_HAS_ACTIVE_ALL_HANDLERS(pPage)
381 && !(uErr & X86_TRAP_PF_P))
382 {
383# if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE)
384 rcStrict = PGM_BTH_NAME(SyncPage)(pVCpu, pGstWalk->Pde, pvFault, PGM_SYNC_NR_PAGES, uErr);
385# else
386 rcStrict = PGM_BTH_NAME(SyncPage)(pVCpu, PdeSrcDummy, pvFault, PGM_SYNC_NR_PAGES, uErr);
387# endif
388 if ( RT_FAILURE(rcStrict)
389 || rcStrict == VINF_PGM_SYNCPAGE_MODIFIED_PDE
390 || !(uErr & X86_TRAP_PF_RW))
391 {
392 AssertMsgRC(rcStrict, ("%Rrc\n", VBOXSTRICTRC_VAL(rcStrict)));
393 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eHandlersOutOfSync);
394 STAM_STATS({ pVCpu->pgm.s.CTX_SUFF(pStatTrap0eAttribution) = &pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eTime2OutOfSyncHndPhys; });
395 return rcStrict;
396 }
397 }
398
399 /** @todo This particular case can cause quite a lot of overhead. E.g. early stage of kernel booting in Ubuntu 6.06
400 * It's writing to an unhandled part of the LDT page several million times.
401 */
402 rcStrict = PGMInterpretInstruction(pVM, pVCpu, pRegFrame, pvFault);
403 LogFlow(("PGM: PGMInterpretInstruction -> rcStrict=%d pPage=%R[pgmpage]\n", VBOXSTRICTRC_VAL(rcStrict), pPage));
404 STAM_STATS({ pVCpu->pgm.s.CTX_SUFF(pStatTrap0eAttribution) = &pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eTime2HndUnhandled; });
405 return rcStrict;
406} /* if any kind of handler */
407# endif /* !PGM_TYPE_IS_NESTED(PGM_SHW_TYPE) && PGM_SHW_TYPE != PGM_TYPE_NONE*/
408
409
410/**
411 * \#PF Handler for raw-mode guest execution.
412 *
413 * @returns VBox status code (appropriate for trap handling and GC return).
414 *
415 * @param pVCpu The cross context virtual CPU structure.
416 * @param uErr The trap error code.
417 * @param pRegFrame Trap register frame.
418 * @param pvFault The fault address.
419 * @param pfLockTaken PGM lock taken here or not (out)
420 */
421PGM_BTH_DECL(int, Trap0eHandler)(PVMCPUCC pVCpu, RTGCUINT uErr, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, bool *pfLockTaken)
422{
423 PVMCC pVM = pVCpu->CTX_SUFF(pVM); NOREF(pVM);
424
425 *pfLockTaken = false;
426
427# if ( PGM_GST_TYPE == PGM_TYPE_32BIT || PGM_GST_TYPE == PGM_TYPE_REAL || PGM_GST_TYPE == PGM_TYPE_PROT \
428 || PGM_GST_TYPE == PGM_TYPE_PAE || PGM_GST_TYPE == PGM_TYPE_AMD64) \
429 && !PGM_TYPE_IS_NESTED(PGM_SHW_TYPE) \
430 && (PGM_SHW_TYPE != PGM_TYPE_EPT || PGM_GST_TYPE == PGM_TYPE_PROT) \
431 && PGM_SHW_TYPE != PGM_TYPE_NONE
432 int rc;
433
434# if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE)
435 /*
436 * Walk the guest page translation tables and check if it's a guest fault.
437 */
438 GSTPTWALK GstWalk;
439 rc = PGM_GST_NAME(Walk)(pVCpu, pvFault, &GstWalk);
440 if (RT_FAILURE_NP(rc))
441 return VBOXSTRICTRC_TODO(PGM_BTH_NAME(Trap0eHandlerGuestFault)(pVCpu, &GstWalk, uErr));
442
443 /* assert some GstWalk sanity. */
444# if PGM_GST_TYPE == PGM_TYPE_AMD64
445 /*AssertMsg(GstWalk.Pml4e.u == GstWalk.pPml4e->u, ("%RX64 %RX64\n", (uint64_t)GstWalk.Pml4e.u, (uint64_t)GstWalk.pPml4e->u)); - not always true with SMP guests. */
446# endif
447# if PGM_GST_TYPE == PGM_TYPE_AMD64 || PGM_GST_TYPE == PGM_TYPE_PAE
448 /*AssertMsg(GstWalk.Pdpe.u == GstWalk.pPdpe->u, ("%RX64 %RX64\n", (uint64_t)GstWalk.Pdpe.u, (uint64_t)GstWalk.pPdpe->u)); - ditto */
449# endif
450 /*AssertMsg(GstWalk.Pde.u == GstWalk.pPde->u, ("%RX64 %RX64\n", (uint64_t)GstWalk.Pde.u, (uint64_t)GstWalk.pPde->u)); - ditto */
451 /*AssertMsg(GstWalk.Core.fBigPage || GstWalk.Pte.u == GstWalk.pPte->u, ("%RX64 %RX64\n", (uint64_t)GstWalk.Pte.u, (uint64_t)GstWalk.pPte->u)); - ditto */
452 Assert(GstWalk.Core.fSucceeded);
453
454 if (uErr & (X86_TRAP_PF_RW | X86_TRAP_PF_US | X86_TRAP_PF_ID))
455 {
456 if ( ( (uErr & X86_TRAP_PF_RW)
457 && !GstWalk.Core.fEffectiveRW
458 && ( (uErr & X86_TRAP_PF_US)
459 || CPUMIsGuestR0WriteProtEnabled(pVCpu)) )
460 || ((uErr & X86_TRAP_PF_US) && !GstWalk.Core.fEffectiveUS)
461 || ((uErr & X86_TRAP_PF_ID) && GstWalk.Core.fEffectiveNX)
462 )
463 return VBOXSTRICTRC_TODO(PGM_BTH_NAME(Trap0eHandlerGuestFault)(pVCpu, &GstWalk, uErr));
464 }
465
466 /* Take the big lock now before we update flags. */
467 *pfLockTaken = true;
468 pgmLock(pVM);
469
470 /*
471 * Set the accessed and dirty flags.
472 */
473 /** @todo Should probably use cmpxchg logic here as we're potentially racing
474 * other CPUs in SMP configs. (the lock isn't enough, since we take it
475 * after walking and the page tables could be stale already) */
476# if PGM_GST_TYPE == PGM_TYPE_AMD64
477 if (!(GstWalk.Pml4e.u & X86_PML4E_A))
478 {
479 GstWalk.Pml4e.u |= X86_PML4E_A;
480 GST_ATOMIC_OR(&GstWalk.pPml4e->u, X86_PML4E_A);
481 }
482 if (!(GstWalk.Pdpe.u & X86_PDPE_A))
483 {
484 GstWalk.Pdpe.u |= X86_PDPE_A;
485 GST_ATOMIC_OR(&GstWalk.pPdpe->u, X86_PDPE_A);
486 }
487# endif
488 if (GstWalk.Core.fBigPage)
489 {
490 Assert(GstWalk.Pde.u & X86_PDE_PS);
491 if (uErr & X86_TRAP_PF_RW)
492 {
493 if ((GstWalk.Pde.u & (X86_PDE4M_A | X86_PDE4M_D)) != (X86_PDE4M_A | X86_PDE4M_D))
494 {
495 GstWalk.Pde.u |= X86_PDE4M_A | X86_PDE4M_D;
496 GST_ATOMIC_OR(&GstWalk.pPde->u, X86_PDE4M_A | X86_PDE4M_D);
497 }
498 }
499 else
500 {
501 if (!(GstWalk.Pde.u & X86_PDE4M_A))
502 {
503 GstWalk.Pde.u |= X86_PDE4M_A;
504 GST_ATOMIC_OR(&GstWalk.pPde->u, X86_PDE4M_A);
505 }
506 }
507 }
508 else
509 {
510 Assert(!(GstWalk.Pde.u & X86_PDE_PS));
511 if (!(GstWalk.Pde.u & X86_PDE_A))
512 {
513 GstWalk.Pde.u |= X86_PDE_A;
514 GST_ATOMIC_OR(&GstWalk.pPde->u, X86_PDE_A);
515 }
516
517 if (uErr & X86_TRAP_PF_RW)
518 {
519# ifdef VBOX_WITH_STATISTICS
520 if (GstWalk.Pte.u & X86_PTE_D)
521 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,PageAlreadyDirty));
522 else
523 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,DirtiedPage));
524# endif
525 if ((GstWalk.Pte.u & (X86_PTE_A | X86_PTE_D)) != (X86_PTE_A | X86_PTE_D))
526 {
527 GstWalk.Pte.u |= X86_PTE_A | X86_PTE_D;
528 GST_ATOMIC_OR(&GstWalk.pPte->u, X86_PTE_A | X86_PTE_D);
529 }
530 }
531 else
532 {
533 if (!(GstWalk.Pte.u & X86_PTE_A))
534 {
535 GstWalk.Pte.u |= X86_PTE_A;
536 GST_ATOMIC_OR(&GstWalk.pPte->u, X86_PTE_A);
537 }
538 }
539 Assert(GstWalk.Pte.u == GstWalk.pPte->u);
540 }
541 AssertMsg(GstWalk.Pde.u == GstWalk.pPde->u || GstWalk.pPte->u == GstWalk.pPde->u,
542 ("%RX64 %RX64 pPte=%p pPde=%p Pte=%RX64\n", (uint64_t)GstWalk.Pde.u, (uint64_t)GstWalk.pPde->u, GstWalk.pPte, GstWalk.pPde, (uint64_t)GstWalk.pPte->u));
543# else /* !PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE) */
544 GSTPDE const PdeSrcDummy = { X86_PDE_P | X86_PDE_US | X86_PDE_RW | X86_PDE_A}; /** @todo eliminate this */
545
546 /* Take the big lock now. */
547 *pfLockTaken = true;
548 pgmLock(pVM);
549# endif /* !PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE) */
550
551# ifdef PGM_WITH_MMIO_OPTIMIZATIONS
552 /*
553 * If it is a reserved bit fault we know that it is an MMIO (access
554 * handler) related fault and can skip some 200 lines of code.
555 */
556 if (uErr & X86_TRAP_PF_RSVD)
557 {
558 Assert(uErr & X86_TRAP_PF_P);
559 PPGMPAGE pPage;
560# if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE)
561 rc = pgmPhysGetPageEx(pVM, GstWalk.Core.GCPhys, &pPage);
562 if (RT_SUCCESS(rc) && PGM_PAGE_HAS_ACTIVE_ALL_HANDLERS(pPage))
563 return VBOXSTRICTRC_TODO(PGM_BTH_NAME(Trap0eHandlerDoAccessHandlers)(pVCpu, uErr, pRegFrame, pvFault, pPage,
564 pfLockTaken, &GstWalk));
565 rc = PGM_BTH_NAME(SyncPage)(pVCpu, GstWalk.Pde, pvFault, 1, uErr);
566# else
567 rc = pgmPhysGetPageEx(pVM, PGM_A20_APPLY(pVCpu, (RTGCPHYS)pvFault), &pPage);
568 if (RT_SUCCESS(rc) && PGM_PAGE_HAS_ACTIVE_ALL_HANDLERS(pPage))
569 return VBOXSTRICTRC_TODO(PGM_BTH_NAME(Trap0eHandlerDoAccessHandlers)(pVCpu, uErr, pRegFrame, pvFault, pPage,
570 pfLockTaken));
571 rc = PGM_BTH_NAME(SyncPage)(pVCpu, PdeSrcDummy, pvFault, 1, uErr);
572# endif
573 AssertRC(rc);
574 PGM_INVL_PG(pVCpu, pvFault);
575 return rc; /* Restart with the corrected entry. */
576 }
577# endif /* PGM_WITH_MMIO_OPTIMIZATIONS */
578
579 /*
580 * Fetch the guest PDE, PDPE and PML4E.
581 */
582# if PGM_SHW_TYPE == PGM_TYPE_32BIT
583 const unsigned iPDDst = pvFault >> SHW_PD_SHIFT;
584 PX86PD pPDDst = pgmShwGet32BitPDPtr(pVCpu);
585
586# elif PGM_SHW_TYPE == PGM_TYPE_PAE
587 const unsigned iPDDst = (pvFault >> SHW_PD_SHIFT) & SHW_PD_MASK; /* pPDDst index, not used with the pool. */
588 PX86PDPAE pPDDst;
589# if PGM_GST_TYPE == PGM_TYPE_PAE
590 rc = pgmShwSyncPaePDPtr(pVCpu, pvFault, GstWalk.Pdpe.u, &pPDDst);
591# else
592 rc = pgmShwSyncPaePDPtr(pVCpu, pvFault, X86_PDPE_P, &pPDDst); /* RW, US and A are reserved in PAE mode. */
593# endif
594 AssertMsgReturn(rc == VINF_SUCCESS, ("rc=%Rrc\n", rc), RT_FAILURE_NP(rc) ? rc : VERR_IPE_UNEXPECTED_INFO_STATUS);
595
596# elif PGM_SHW_TYPE == PGM_TYPE_AMD64
597 const unsigned iPDDst = ((pvFault >> SHW_PD_SHIFT) & SHW_PD_MASK);
598 PX86PDPAE pPDDst;
599# if PGM_GST_TYPE == PGM_TYPE_PROT /* (AMD-V nested paging) */
600 rc = pgmShwSyncLongModePDPtr(pVCpu, pvFault, X86_PML4E_P | X86_PML4E_RW | X86_PML4E_US | X86_PML4E_A,
601 X86_PDPE_P | X86_PDPE_RW | X86_PDPE_US | X86_PDPE_A, &pPDDst);
602# else
603 rc = pgmShwSyncLongModePDPtr(pVCpu, pvFault, GstWalk.Pml4e.u, GstWalk.Pdpe.u, &pPDDst);
604# endif
605 AssertMsgReturn(rc == VINF_SUCCESS, ("rc=%Rrc\n", rc), RT_FAILURE_NP(rc) ? rc : VERR_IPE_UNEXPECTED_INFO_STATUS);
606
607# elif PGM_SHW_TYPE == PGM_TYPE_EPT
608 const unsigned iPDDst = ((pvFault >> SHW_PD_SHIFT) & SHW_PD_MASK);
609 PEPTPD pPDDst;
610 rc = pgmShwGetEPTPDPtr(pVCpu, pvFault, NULL, &pPDDst);
611 AssertMsgReturn(rc == VINF_SUCCESS, ("rc=%Rrc\n", rc), RT_FAILURE_NP(rc) ? rc : VERR_IPE_UNEXPECTED_INFO_STATUS);
612# endif
613 Assert(pPDDst);
614
615# if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE)
616 /*
617 * Dirty page handling.
618 *
619 * If we successfully correct the write protection fault due to dirty bit
620 * tracking, then return immediately.
621 */
622 if (uErr & X86_TRAP_PF_RW) /* write fault? */
623 {
624 STAM_PROFILE_START(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,DirtyBitTracking), a);
625 rc = PGM_BTH_NAME(CheckDirtyPageFault)(pVCpu, uErr, &pPDDst->a[iPDDst], GstWalk.pPde, pvFault);
626 STAM_PROFILE_STOP(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,DirtyBitTracking), a);
627 if (rc == VINF_PGM_HANDLED_DIRTY_BIT_FAULT)
628 {
629 STAM_STATS({ pVCpu->pgm.s.CTX_SUFF(pStatTrap0eAttribution)
630 = rc == VINF_PGM_HANDLED_DIRTY_BIT_FAULT
631 ? &pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eTime2DirtyAndAccessed
632 : &pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eTime2GuestTrap; });
633 Log8(("Trap0eHandler: returns VINF_SUCCESS\n"));
634 return VINF_SUCCESS;
635 }
636#ifdef DEBUG_bird
637 AssertMsg(GstWalk.Pde.u == GstWalk.pPde->u || GstWalk.pPte->u == GstWalk.pPde->u || pVM->cCpus > 1, ("%RX64 %RX64\n", (uint64_t)GstWalk.Pde.u, (uint64_t)GstWalk.pPde->u)); // - triggers with smp w7 guests.
638 AssertMsg(GstWalk.Core.fBigPage || GstWalk.Pte.u == GstWalk.pPte->u || pVM->cCpus > 1, ("%RX64 %RX64\n", (uint64_t)GstWalk.Pte.u, (uint64_t)GstWalk.pPte->u)); // - ditto.
639#endif
640 }
641
642# if 0 /* rarely useful; leave for debugging. */
643 STAM_COUNTER_INC(&pVCpu->pgm.s.StatRZTrap0ePD[iPDSrc]);
644# endif
645# endif /* PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE) */
646
647 /*
648 * A common case is the not-present error caused by lazy page table syncing.
649 *
650 * It is IMPORTANT that we weed out any access to non-present shadow PDEs
651 * here so we can safely assume that the shadow PT is present when calling
652 * SyncPage later.
653 *
654 * On failure, we ASSUME that SyncPT is out of memory or detected some kind
655 * of mapping conflict and defer to SyncCR3 in R3.
656 * (Again, we do NOT support access handlers for non-present guest pages.)
657 *
658 */
659# if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE)
660 Assert(GstWalk.Pde.u & X86_PDE_P);
661# endif
662 if ( !(uErr & X86_TRAP_PF_P) /* not set means page not present instead of page protection violation */
663 && !SHW_PDE_IS_P(pPDDst->a[iPDDst]))
664 {
665 STAM_STATS({ pVCpu->pgm.s.CTX_SUFF(pStatTrap0eAttribution) = &pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eTime2SyncPT; });
666# if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE)
667 LogFlow(("=>SyncPT %04x = %08RX64\n", (pvFault >> GST_PD_SHIFT) & GST_PD_MASK, (uint64_t)GstWalk.Pde.u));
668 rc = PGM_BTH_NAME(SyncPT)(pVCpu, (pvFault >> GST_PD_SHIFT) & GST_PD_MASK, GstWalk.pPd, pvFault);
669# else
670 LogFlow(("=>SyncPT pvFault=%RGv\n", pvFault));
671 rc = PGM_BTH_NAME(SyncPT)(pVCpu, 0, NULL, pvFault);
672# endif
673 if (RT_SUCCESS(rc))
674 return rc;
675 Log(("SyncPT: %RGv failed!! rc=%Rrc\n", pvFault, rc));
676 VMCPU_FF_SET(pVCpu, VMCPU_FF_PGM_SYNC_CR3); /** @todo no need to do global sync, right? */
677 return VINF_PGM_SYNC_CR3;
678 }
679
680# if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE) && !defined(PGM_WITHOUT_MAPPINGS)
681 /*
682 * Check if this address is within any of our mappings.
683 *
684 * This is *very* fast and it's gonna save us a bit of effort below and prevent
685 * us from screwing ourself with MMIO2 pages which have a GC Mapping (VRam).
686 * (BTW, it's impossible to have physical access handlers in a mapping.)
687 */
688 if (pgmMapAreMappingsEnabled(pVM))
689 {
690 PPGMMAPPING pMapping = pVM->pgm.s.CTX_SUFF(pMappings);
691 for ( ; pMapping; pMapping = pMapping->CTX_SUFF(pNext))
692 {
693 if (pvFault < pMapping->GCPtr)
694 break;
695 if (pvFault - pMapping->GCPtr < pMapping->cb)
696 {
697 /*
698 * The first thing we check is if we've got an undetected conflict.
699 */
700 if (pgmMapAreMappingsFloating(pVM))
701 {
702 unsigned iPT = pMapping->cb >> GST_PD_SHIFT;
703 while (iPT-- > 0)
704 if (GstWalk.pPde[iPT].n.u1Present)
705 {
706 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eConflicts);
707 Log(("Trap0e: Detected Conflict %RGv-%RGv\n", pMapping->GCPtr, pMapping->GCPtrLast));
708 VMCPU_FF_SET(pVCpu, VMCPU_FF_PGM_SYNC_CR3); /** @todo no need to do global sync,right? */
709 STAM_STATS({ pVCpu->pgm.s.CTX_SUFF(pStatTrap0eAttribution) = &pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eTime2Mapping; });
710 return VINF_PGM_SYNC_CR3;
711 }
712 }
713
714 /*
715 * Pretend we're not here and let the guest handle the trap.
716 */
717 TRPMSetErrorCode(pVCpu, uErr & ~X86_TRAP_PF_P);
718 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eGuestPFMapping);
719 LogFlow(("PGM: Mapping access -> route trap to recompiler!\n"));
720 STAM_STATS({ pVCpu->pgm.s.CTX_SUFF(pStatTrap0eAttribution) = &pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eTime2Mapping; });
721 return VINF_EM_RAW_GUEST_TRAP;
722 }
723 }
724 } /* pgmAreMappingsEnabled(&pVM->pgm.s) */
725# endif /* PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE) */
726
727 /*
728 * Check if this fault address is flagged for special treatment,
729 * which means we'll have to figure out the physical address and
730 * check flags associated with it.
731 *
732 * ASSUME that we can limit any special access handling to pages
733 * in page tables which the guest believes to be present.
734 */
735# if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE)
736 RTGCPHYS GCPhys = GstWalk.Core.GCPhys & ~(RTGCPHYS)PAGE_OFFSET_MASK;
737# else
738 RTGCPHYS GCPhys = PGM_A20_APPLY(pVCpu, (RTGCPHYS)pvFault & ~(RTGCPHYS)PAGE_OFFSET_MASK);
739# endif /* PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE) */
740 PPGMPAGE pPage;
741 rc = pgmPhysGetPageEx(pVM, GCPhys, &pPage);
742 if (RT_FAILURE(rc))
743 {
744 /*
745 * When the guest accesses invalid physical memory (e.g. probing
746 * of RAM or accessing a remapped MMIO range), then we'll fall
747 * back to the recompiler to emulate the instruction.
748 */
749 LogFlow(("PGM #PF: pgmPhysGetPageEx(%RGp) failed with %Rrc\n", GCPhys, rc));
750 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eHandlersInvalid);
751 STAM_STATS({ pVCpu->pgm.s.CTX_SUFF(pStatTrap0eAttribution) = &pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eTime2InvalidPhys; });
752 return VINF_EM_RAW_EMULATE_INSTR;
753 }
754
755 /*
756 * Any handlers for this page?
757 */
758 if (PGM_PAGE_HAS_ACTIVE_HANDLERS(pPage))
759# if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE)
760 return VBOXSTRICTRC_TODO(PGM_BTH_NAME(Trap0eHandlerDoAccessHandlers)(pVCpu, uErr, pRegFrame, pvFault, pPage, pfLockTaken,
761 &GstWalk));
762# else
763 return VBOXSTRICTRC_TODO(PGM_BTH_NAME(Trap0eHandlerDoAccessHandlers)(pVCpu, uErr, pRegFrame, pvFault, pPage, pfLockTaken));
764# endif
765
766 /*
767 * We are here only if page is present in Guest page tables and
768 * trap is not handled by our handlers.
769 *
770 * Check it for page out-of-sync situation.
771 */
772 if (!(uErr & X86_TRAP_PF_P))
773 {
774 /*
775 * Page is not present in our page tables. Try to sync it!
776 */
777 if (uErr & X86_TRAP_PF_US)
778 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,PageOutOfSyncUser));
779 else /* supervisor */
780 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,PageOutOfSyncSupervisor));
781
782 if (PGM_PAGE_IS_BALLOONED(pPage))
783 {
784 /* Emulate reads from ballooned pages as they are not present in
785 our shadow page tables. (Required for e.g. Solaris guests; soft
786 ecc, random nr generator.) */
787 rc = VBOXSTRICTRC_TODO(PGMInterpretInstruction(pVM, pVCpu, pRegFrame, pvFault));
788 LogFlow(("PGM: PGMInterpretInstruction balloon -> rc=%d pPage=%R[pgmpage]\n", rc, pPage));
789 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,PageOutOfSyncBallloon));
790 STAM_STATS({ pVCpu->pgm.s.CTX_SUFF(pStatTrap0eAttribution) = &pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eTime2Ballooned; });
791 return rc;
792 }
793
794# if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE)
795 rc = PGM_BTH_NAME(SyncPage)(pVCpu, GstWalk.Pde, pvFault, PGM_SYNC_NR_PAGES, uErr);
796# else
797 rc = PGM_BTH_NAME(SyncPage)(pVCpu, PdeSrcDummy, pvFault, PGM_SYNC_NR_PAGES, uErr);
798# endif
799 if (RT_SUCCESS(rc))
800 {
801 /* The page was successfully synced, return to the guest. */
802 STAM_STATS({ pVCpu->pgm.s.CTX_SUFF(pStatTrap0eAttribution) = &pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eTime2OutOfSync; });
803 return VINF_SUCCESS;
804 }
805 }
806 else /* uErr & X86_TRAP_PF_P: */
807 {
808 /*
809 * Write protected pages are made writable when the guest makes the
810 * first write to it. This happens for pages that are shared, write
811 * monitored or not yet allocated.
812 *
813 * We may also end up here when CR0.WP=0 in the guest.
814 *
815 * Also, a side effect of not flushing global PDEs are out of sync
816 * pages due to physical monitored regions, that are no longer valid.
817 * Assume for now it only applies to the read/write flag.
818 */
819 if (uErr & X86_TRAP_PF_RW)
820 {
821 /*
822 * Check if it is a read-only page.
823 */
824 if (PGM_PAGE_GET_STATE(pPage) != PGM_PAGE_STATE_ALLOCATED)
825 {
826 Log(("PGM #PF: Make writable: %RGp %R[pgmpage] pvFault=%RGp uErr=%#x\n", GCPhys, pPage, pvFault, uErr));
827 Assert(!PGM_PAGE_IS_ZERO(pPage));
828 AssertFatalMsg(!PGM_PAGE_IS_BALLOONED(pPage), ("Unexpected ballooned page at %RGp\n", GCPhys));
829 STAM_STATS({ pVCpu->pgm.s.CTX_SUFF(pStatTrap0eAttribution) = &pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eTime2MakeWritable; });
830
831 rc = pgmPhysPageMakeWritable(pVM, pPage, GCPhys);
832 if (rc != VINF_SUCCESS)
833 {
834 AssertMsg(rc == VINF_PGM_SYNC_CR3 || RT_FAILURE(rc), ("%Rrc\n", rc));
835 return rc;
836 }
837 if (RT_UNLIKELY(VM_FF_IS_SET(pVM, VM_FF_PGM_NO_MEMORY)))
838 return VINF_EM_NO_MEMORY;
839 }
840
841# if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE)
842 /*
843 * Check to see if we need to emulate the instruction if CR0.WP=0.
844 */
845 if ( !GstWalk.Core.fEffectiveRW
846 && (CPUMGetGuestCR0(pVCpu) & (X86_CR0_WP | X86_CR0_PG)) == X86_CR0_PG
847 && CPUMGetGuestCPL(pVCpu) < 3)
848 {
849 Assert((uErr & (X86_TRAP_PF_RW | X86_TRAP_PF_P)) == (X86_TRAP_PF_RW | X86_TRAP_PF_P));
850
851 /*
852 * The Netware WP0+RO+US hack.
853 *
854 * Netware sometimes(/always?) runs with WP0. It has been observed doing
855 * excessive write accesses to pages which are mapped with US=1 and RW=0
856 * while WP=0. This causes a lot of exits and extremely slow execution.
857 * To avoid trapping and emulating every write here, we change the shadow
858 * page table entry to map it as US=0 and RW=1 until user mode tries to
859 * access it again (see further below). We count these shadow page table
860 * changes so we can avoid having to clear the page pool every time the WP
861 * bit changes to 1 (see PGMCr0WpEnabled()).
862 */
863# if (PGM_GST_TYPE == PGM_TYPE_32BIT || PGM_GST_TYPE == PGM_TYPE_PAE) && 1
864 if ( GstWalk.Core.fEffectiveUS
865 && !GstWalk.Core.fEffectiveRW
866 && (GstWalk.Core.fBigPage || (GstWalk.Pde.u & X86_PDE_RW))
867 && pVM->cCpus == 1 /* Sorry, no go on SMP. Add CFGM option? */)
868 {
869 Log(("PGM #PF: Netware WP0+RO+US hack: pvFault=%RGp uErr=%#x (big=%d)\n", pvFault, uErr, GstWalk.Core.fBigPage));
870 rc = pgmShwMakePageSupervisorAndWritable(pVCpu, pvFault, GstWalk.Core.fBigPage, PGM_MK_PG_IS_WRITE_FAULT);
871 if (rc == VINF_SUCCESS || rc == VINF_PGM_SYNC_CR3)
872 {
873 PGM_INVL_PG(pVCpu, pvFault);
874 pVCpu->pgm.s.cNetwareWp0Hacks++;
875 STAM_STATS({ pVCpu->pgm.s.CTX_SUFF(pStatTrap0eAttribution) = &pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eTime2Wp0RoUsHack; });
876 return rc;
877 }
878 AssertMsg(RT_FAILURE_NP(rc), ("%Rrc\n", rc));
879 Log(("pgmShwMakePageSupervisorAndWritable(%RGv) failed with rc=%Rrc - ignored\n", pvFault, rc));
880 }
881# endif
882
883 /* Interpret the access. */
884 rc = VBOXSTRICTRC_TODO(PGMInterpretInstruction(pVM, pVCpu, pRegFrame, pvFault));
885 Log(("PGM #PF: WP0 emulation (pvFault=%RGp uErr=%#x cpl=%d fBig=%d fEffUs=%d)\n", pvFault, uErr, CPUMGetGuestCPL(pVCpu), GstWalk.Core.fBigPage, GstWalk.Core.fEffectiveUS));
886 if (RT_SUCCESS(rc))
887 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eWPEmulInRZ);
888 else
889 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eWPEmulToR3);
890 STAM_STATS({ pVCpu->pgm.s.CTX_SUFF(pStatTrap0eAttribution) = &pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eTime2WPEmulation; });
891 return rc;
892 }
893# endif
894 /// @todo count the above case; else
895 if (uErr & X86_TRAP_PF_US)
896 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,PageOutOfSyncUserWrite));
897 else /* supervisor */
898 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,PageOutOfSyncSupervisorWrite));
899
900 /*
901 * Sync the page.
902 *
903 * Note: Do NOT use PGM_SYNC_NR_PAGES here. That only works if the
904 * page is not present, which is not true in this case.
905 */
906# if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE)
907 rc = PGM_BTH_NAME(SyncPage)(pVCpu, GstWalk.Pde, pvFault, 1, uErr);
908# else
909 rc = PGM_BTH_NAME(SyncPage)(pVCpu, PdeSrcDummy, pvFault, 1, uErr);
910# endif
911 if (RT_SUCCESS(rc))
912 {
913 /*
914 * Page was successfully synced, return to guest but invalidate
915 * the TLB first as the page is very likely to be in it.
916 */
917# if PGM_SHW_TYPE == PGM_TYPE_EPT
918 HMInvalidatePhysPage(pVM, (RTGCPHYS)pvFault);
919# else
920 PGM_INVL_PG(pVCpu, pvFault);
921# endif
922# ifdef VBOX_STRICT
923 RTGCPHYS GCPhys2 = RTGCPHYS_MAX;
924 uint64_t fPageGst = UINT64_MAX;
925 if (!pVM->pgm.s.fNestedPaging)
926 {
927 rc = PGMGstGetPage(pVCpu, pvFault, &fPageGst, &GCPhys2);
928 AssertMsg(RT_SUCCESS(rc) && ((fPageGst & X86_PTE_RW) || ((CPUMGetGuestCR0(pVCpu) & (X86_CR0_WP | X86_CR0_PG)) == X86_CR0_PG && CPUMGetGuestCPL(pVCpu) < 3)), ("rc=%Rrc fPageGst=%RX64\n", rc, fPageGst));
929 LogFlow(("Obsolete physical monitor page out of sync %RGv - phys %RGp flags=%08llx\n", pvFault, GCPhys2, (uint64_t)fPageGst));
930 }
931# if 0 /* Bogus! Triggers incorrectly with w7-64 and later for the SyncPage case: "Pde at %RGv changed behind our back?" */
932 uint64_t fPageShw = 0;
933 rc = PGMShwGetPage(pVCpu, pvFault, &fPageShw, NULL);
934 AssertMsg((RT_SUCCESS(rc) && (fPageShw & X86_PTE_RW)) || pVM->cCpus > 1 /* new monitor can be installed/page table flushed between the trap exit and PGMTrap0eHandler */,
935 ("rc=%Rrc fPageShw=%RX64 GCPhys2=%RGp fPageGst=%RX64 pvFault=%RGv\n", rc, fPageShw, GCPhys2, fPageGst, pvFault));
936# endif
937# endif /* VBOX_STRICT */
938 STAM_STATS({ pVCpu->pgm.s.CTX_SUFF(pStatTrap0eAttribution) = &pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eTime2OutOfSyncHndObs; });
939 return VINF_SUCCESS;
940 }
941 }
942# if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE)
943 /*
944 * Check for Netware WP0+RO+US hack from above and undo it when user
945 * mode accesses the page again.
946 */
947 else if ( GstWalk.Core.fEffectiveUS
948 && !GstWalk.Core.fEffectiveRW
949 && (GstWalk.Core.fBigPage || (GstWalk.Pde.u & X86_PDE_RW))
950 && pVCpu->pgm.s.cNetwareWp0Hacks > 0
951 && (CPUMGetGuestCR0(pVCpu) & (X86_CR0_WP | X86_CR0_PG)) == X86_CR0_PG
952 && CPUMGetGuestCPL(pVCpu) == 3
953 && pVM->cCpus == 1
954 )
955 {
956 Log(("PGM #PF: Undo netware WP0+RO+US hack: pvFault=%RGp uErr=%#x\n", pvFault, uErr));
957 rc = PGM_BTH_NAME(SyncPage)(pVCpu, GstWalk.Pde, pvFault, 1, uErr);
958 if (RT_SUCCESS(rc))
959 {
960 PGM_INVL_PG(pVCpu, pvFault);
961 pVCpu->pgm.s.cNetwareWp0Hacks--;
962 STAM_STATS({ pVCpu->pgm.s.CTX_SUFF(pStatTrap0eAttribution) = &pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZTrap0eTime2Wp0RoUsUnhack; });
963 return VINF_SUCCESS;
964 }
965 }
966# endif /* PGM_WITH_PAGING */
967
968 /** @todo else: why are we here? */
969
970# if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE) && defined(VBOX_STRICT)
971 /*
972 * Check for VMM page flags vs. Guest page flags consistency.
973 * Currently only for debug purposes.
974 */
975 if (RT_SUCCESS(rc))
976 {
977 /* Get guest page flags. */
978 uint64_t fPageGst;
979 int rc2 = PGMGstGetPage(pVCpu, pvFault, &fPageGst, NULL);
980 if (RT_SUCCESS(rc2))
981 {
982 uint64_t fPageShw = 0;
983 rc2 = PGMShwGetPage(pVCpu, pvFault, &fPageShw, NULL);
984
985#if 0
986 /*
987 * Compare page flags.
988 * Note: we have AVL, A, D bits desynced.
989 */
990 AssertMsg( (fPageShw & ~(X86_PTE_A | X86_PTE_D | X86_PTE_AVL_MASK))
991 == (fPageGst & ~(X86_PTE_A | X86_PTE_D | X86_PTE_AVL_MASK))
992 || ( pVCpu->pgm.s.cNetwareWp0Hacks > 0
993 && (fPageShw & ~(X86_PTE_A | X86_PTE_D | X86_PTE_AVL_MASK | X86_PTE_RW | X86_PTE_US))
994 == (fPageGst & ~(X86_PTE_A | X86_PTE_D | X86_PTE_AVL_MASK | X86_PTE_RW | X86_PTE_US))
995 && (fPageShw & (X86_PTE_RW | X86_PTE_US)) == X86_PTE_RW
996 && (fPageGst & (X86_PTE_RW | X86_PTE_US)) == X86_PTE_US),
997 ("Page flags mismatch! pvFault=%RGv uErr=%x GCPhys=%RGp fPageShw=%RX64 fPageGst=%RX64 rc=%d\n",
998 pvFault, (uint32_t)uErr, GCPhys, fPageShw, fPageGst, rc));
99901:01:15.623511 00:08:43.266063 Expression: (fPageShw & ~(X86_PTE_A | X86_PTE_D | X86_PTE_AVL_MASK)) == (fPageGst & ~(X86_PTE_A | X86_PTE_D | X86_PTE_AVL_MASK)) || ( pVCpu->pgm.s.cNetwareWp0Hacks > 0 && (fPageShw & ~(X86_PTE_A | X86_PTE_D | X86_PTE_AVL_MASK | X86_PTE_RW | X86_PTE_US)) == (fPageGst & ~(X86_PTE_A | X86_PTE_D | X86_PTE_AVL_MASK | X86_PTE_RW | X86_PTE_US)) && (fPageShw & (X86_PTE_RW | X86_PTE_US)) == X86_PTE_RW && (fPageGst & (X86_PTE_RW | X86_PTE_US)) == X86_PTE_US)
100001:01:15.623511 00:08:43.266064 Location : e:\vbox\svn\trunk\srcPage flags mismatch! pvFault=fffff801b0d7b000 uErr=11 GCPhys=0000000019b52000 fPageShw=0 fPageGst=77b0000000000121 rc=0
1001
100201:01:15.625516 00:08:43.268051 Expression: (fPageShw & ~(X86_PTE_A | X86_PTE_D | X86_PTE_AVL_MASK)) == (fPageGst & ~(X86_PTE_A | X86_PTE_D | X86_PTE_AVL_MASK)) || ( pVCpu->pgm.s.cNetwareWp0Hacks > 0 && (fPageShw & ~(X86_PTE_A | X86_PTE_D | X86_PTE_AVL_MASK | X86_PTE_RW | X86_PTE_US)) == (fPageGst & ~(X86_PTE_A | X86_PTE_D | X86_PTE_AVL_MASK | X86_PTE_RW | X86_PTE_US)) && (fPageShw & (X86_PTE_RW | X86_PTE_US)) == X86_PTE_RW && (fPageGst & (X86_PTE_RW | X86_PTE_US)) == X86_PTE_US)
100301:01:15.625516 00:08:43.268051 Location :
1004e:\vbox\svn\trunk\srcPage flags mismatch!
1005pvFault=fffff801b0d7b000
1006 uErr=11 X86_TRAP_PF_ID | X86_TRAP_PF_P
1007GCPhys=0000000019b52000
1008fPageShw=0
1009fPageGst=77b0000000000121
1010rc=0
1011#endif
1012
1013 }
1014 else
1015 AssertMsgFailed(("PGMGstGetPage rc=%Rrc\n", rc));
1016 }
1017 else
1018 AssertMsgFailed(("PGMGCGetPage rc=%Rrc\n", rc));
1019# endif /* PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE) && VBOX_STRICT */
1020 }
1021
1022
1023 /*
1024 * If we get here it is because something failed above, i.e. most like guru
1025 * meditiation time.
1026 */
1027 LogRel(("%s: returns rc=%Rrc pvFault=%RGv uErr=%RX64 cs:rip=%04x:%08RX64\n",
1028 __PRETTY_FUNCTION__, rc, pvFault, (uint64_t)uErr, pRegFrame->cs.Sel, pRegFrame->rip));
1029 return rc;
1030
1031# else /* Nested paging, EPT except PGM_GST_TYPE = PROT, NONE. */
1032 NOREF(uErr); NOREF(pRegFrame); NOREF(pvFault);
1033 AssertReleaseMsgFailed(("Shw=%d Gst=%d is not implemented!\n", PGM_SHW_TYPE, PGM_GST_TYPE));
1034 return VERR_PGM_NOT_USED_IN_MODE;
1035# endif
1036}
1037
1038#endif /* !IN_RING3 */
1039
1040
1041/**
1042 * Emulation of the invlpg instruction.
1043 *
1044 *
1045 * @returns VBox status code.
1046 *
1047 * @param pVCpu The cross context virtual CPU structure.
1048 * @param GCPtrPage Page to invalidate.
1049 *
1050 * @remark ASSUMES that the guest is updating before invalidating. This order
1051 * isn't required by the CPU, so this is speculative and could cause
1052 * trouble.
1053 * @remark No TLB shootdown is done on any other VCPU as we assume that
1054 * invlpg emulation is the *only* reason for calling this function.
1055 * (The guest has to shoot down TLB entries on other CPUs itself)
1056 * Currently true, but keep in mind!
1057 *
1058 * @todo Clean this up! Most of it is (or should be) no longer necessary as we catch all page table accesses.
1059 * Should only be required when PGMPOOL_WITH_OPTIMIZED_DIRTY_PT is active (PAE or AMD64 (for now))
1060 */
1061PGM_BTH_DECL(int, InvalidatePage)(PVMCPUCC pVCpu, RTGCPTR GCPtrPage)
1062{
1063#if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE) \
1064 && !PGM_TYPE_IS_NESTED_OR_EPT(PGM_SHW_TYPE) \
1065 && PGM_SHW_TYPE != PGM_TYPE_NONE
1066 int rc;
1067 PVMCC pVM = pVCpu->CTX_SUFF(pVM);
1068 PPGMPOOL pPool = pVM->pgm.s.CTX_SUFF(pPool);
1069
1070 PGM_LOCK_ASSERT_OWNER(pVM);
1071
1072 LogFlow(("InvalidatePage %RGv\n", GCPtrPage));
1073
1074 /*
1075 * Get the shadow PD entry and skip out if this PD isn't present.
1076 * (Guessing that it is frequent for a shadow PDE to not be present, do this first.)
1077 */
1078# if PGM_SHW_TYPE == PGM_TYPE_32BIT
1079 const unsigned iPDDst = (uint32_t)GCPtrPage >> SHW_PD_SHIFT;
1080 PX86PDE pPdeDst = pgmShwGet32BitPDEPtr(pVCpu, GCPtrPage);
1081
1082 /* Fetch the pgm pool shadow descriptor. */
1083 PPGMPOOLPAGE pShwPde = pVCpu->pgm.s.CTX_SUFF(pShwPageCR3);
1084# ifdef IN_RING3 /* Possible we didn't resync yet when called from REM. */
1085 if (!pShwPde)
1086 {
1087 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,InvalidatePageSkipped));
1088 return VINF_SUCCESS;
1089 }
1090# else
1091 Assert(pShwPde);
1092# endif
1093
1094# elif PGM_SHW_TYPE == PGM_TYPE_PAE
1095 const unsigned iPdpt = (uint32_t)GCPtrPage >> X86_PDPT_SHIFT;
1096 PX86PDPT pPdptDst = pgmShwGetPaePDPTPtr(pVCpu);
1097
1098 /* If the shadow PDPE isn't present, then skip the invalidate. */
1099# ifdef IN_RING3 /* Possible we didn't resync yet when called from REM. */
1100 if (!pPdptDst || !(pPdptDst->a[iPdpt].u & X86_PDPE_P))
1101# else
1102 if (!(pPdptDst->a[iPdpt].u & X86_PDPE_P))
1103# endif
1104 {
1105# ifndef PGM_WITHOUT_MAPPINGS
1106 Assert(!pPdptDst || !(pPdptDst->a[iPdpt].u & PGM_PLXFLAGS_MAPPING));
1107# endif
1108 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,InvalidatePageSkipped));
1109 PGM_INVL_PG(pVCpu, GCPtrPage);
1110 return VINF_SUCCESS;
1111 }
1112
1113 /* Fetch the pgm pool shadow descriptor. */
1114 PPGMPOOLPAGE pShwPde = pgmPoolGetPage(pPool, pPdptDst->a[iPdpt].u & X86_PDPE_PG_MASK);
1115 AssertReturn(pShwPde, VERR_PGM_POOL_GET_PAGE_FAILED);
1116
1117 PX86PDPAE pPDDst = (PX86PDPAE)PGMPOOL_PAGE_2_PTR_V2(pVM, pVCpu, pShwPde);
1118 const unsigned iPDDst = (GCPtrPage >> SHW_PD_SHIFT) & SHW_PD_MASK;
1119 PX86PDEPAE pPdeDst = &pPDDst->a[iPDDst];
1120
1121# else /* PGM_SHW_TYPE == PGM_TYPE_AMD64 */
1122 /* PML4 */
1123 /*const unsigned iPml4 = (GCPtrPage >> X86_PML4_SHIFT) & X86_PML4_MASK;*/
1124 const unsigned iPdpt = (GCPtrPage >> X86_PDPT_SHIFT) & X86_PDPT_MASK_AMD64;
1125 const unsigned iPDDst = (GCPtrPage >> SHW_PD_SHIFT) & SHW_PD_MASK;
1126 PX86PDPAE pPDDst;
1127 PX86PDPT pPdptDst;
1128 PX86PML4E pPml4eDst;
1129 rc = pgmShwGetLongModePDPtr(pVCpu, GCPtrPage, &pPml4eDst, &pPdptDst, &pPDDst);
1130 if (rc != VINF_SUCCESS)
1131 {
1132 AssertMsg(rc == VERR_PAGE_DIRECTORY_PTR_NOT_PRESENT || rc == VERR_PAGE_MAP_LEVEL4_NOT_PRESENT, ("Unexpected rc=%Rrc\n", rc));
1133 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,InvalidatePageSkipped));
1134 PGM_INVL_PG(pVCpu, GCPtrPage);
1135 return VINF_SUCCESS;
1136 }
1137 PX86PDEPAE pPdeDst = &pPDDst->a[iPDDst];
1138 Assert(pPDDst);
1139 Assert(pPdptDst->a[iPdpt].u & X86_PDPE_P);
1140
1141 /* Fetch the pgm pool shadow descriptor. */
1142 PPGMPOOLPAGE pShwPde = pgmPoolGetPage(pPool, pPdptDst->a[iPdpt].u & SHW_PDPE_PG_MASK);
1143 Assert(pShwPde);
1144
1145# endif /* PGM_SHW_TYPE == PGM_TYPE_AMD64 */
1146
1147 const SHWPDE PdeDst = *pPdeDst;
1148 if (!(PdeDst.u & X86_PDE_P))
1149 {
1150 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,InvalidatePageSkipped));
1151 PGM_INVL_PG(pVCpu, GCPtrPage);
1152 return VINF_SUCCESS;
1153 }
1154
1155 /*
1156 * Get the guest PD entry and calc big page.
1157 */
1158# if PGM_GST_TYPE == PGM_TYPE_32BIT
1159 PGSTPD pPDSrc = pgmGstGet32bitPDPtr(pVCpu);
1160 const unsigned iPDSrc = (uint32_t)GCPtrPage >> GST_PD_SHIFT;
1161 GSTPDE PdeSrc = pPDSrc->a[iPDSrc];
1162# else /* PGM_GST_TYPE != PGM_TYPE_32BIT */
1163 unsigned iPDSrc = 0;
1164# if PGM_GST_TYPE == PGM_TYPE_PAE
1165 X86PDPE PdpeSrcIgn;
1166 PX86PDPAE pPDSrc = pgmGstGetPaePDPtr(pVCpu, GCPtrPage, &iPDSrc, &PdpeSrcIgn);
1167# else /* AMD64 */
1168 PX86PML4E pPml4eSrcIgn;
1169 X86PDPE PdpeSrcIgn;
1170 PX86PDPAE pPDSrc = pgmGstGetLongModePDPtr(pVCpu, GCPtrPage, &pPml4eSrcIgn, &PdpeSrcIgn, &iPDSrc);
1171# endif
1172 GSTPDE PdeSrc;
1173
1174 if (pPDSrc)
1175 PdeSrc = pPDSrc->a[iPDSrc];
1176 else
1177 PdeSrc.u = 0;
1178# endif /* PGM_GST_TYPE != PGM_TYPE_32BIT */
1179 const bool fWasBigPage = RT_BOOL(PdeDst.u & PGM_PDFLAGS_BIG_PAGE);
1180 const bool fIsBigPage = (PdeSrc.u & X86_PDE_PS) && GST_IS_PSE_ACTIVE(pVCpu);
1181 if (fWasBigPage != fIsBigPage)
1182 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,InvalidatePageSkipped));
1183
1184# ifdef IN_RING3
1185 /*
1186 * If a CR3 Sync is pending we may ignore the invalidate page operation
1187 * depending on the kind of sync and if it's a global page or not.
1188 * This doesn't make sense in GC/R0 so we'll skip it entirely there.
1189 */
1190# ifdef PGM_SKIP_GLOBAL_PAGEDIRS_ON_NONGLOBAL_FLUSH
1191 if ( VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_PGM_SYNC_CR3)
1192 || ( VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_PGM_SYNC_CR3_NON_GLOBAL)
1193 && fIsBigPage
1194 && (PdeSrc.u & X86_PDE4M_G)
1195 )
1196 )
1197# else
1198 if (VM_FF_IS_ANY_SET(pVM, VM_FF_PGM_SYNC_CR3 | VM_FF_PGM_SYNC_CR3_NON_GLOBAL) )
1199# endif
1200 {
1201 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,InvalidatePageSkipped));
1202 return VINF_SUCCESS;
1203 }
1204# endif /* IN_RING3 */
1205
1206 /*
1207 * Deal with the Guest PDE.
1208 */
1209 rc = VINF_SUCCESS;
1210 if (PdeSrc.u & X86_PDE_P)
1211 {
1212 Assert( (PdeSrc.u & X86_PDE_US) == (PdeDst.u & X86_PDE_US)
1213 && ((PdeSrc.u & X86_PDE_RW) || !(PdeDst.u & X86_PDE_RW) || pVCpu->pgm.s.cNetwareWp0Hacks > 0));
1214# ifndef PGM_WITHOUT_MAPPINGS
1215 if (PdeDst.u & PGM_PDFLAGS_MAPPING)
1216 {
1217 /*
1218 * Conflict - Let SyncPT deal with it to avoid duplicate code.
1219 */
1220 Assert(pgmMapAreMappingsEnabled(pVM));
1221 Assert(PGMGetGuestMode(pVCpu) <= PGMMODE_PAE);
1222 rc = PGM_BTH_NAME(SyncPT)(pVCpu, iPDSrc, pPDSrc, GCPtrPage);
1223 }
1224 else
1225# endif /* !PGM_WITHOUT_MAPPINGS */
1226 if (!fIsBigPage)
1227 {
1228 /*
1229 * 4KB - page.
1230 */
1231 PPGMPOOLPAGE pShwPage = pgmPoolGetPage(pPool, PdeDst.u & SHW_PDE_PG_MASK);
1232 RTGCPHYS GCPhys = GST_GET_PDE_GCPHYS(PdeSrc);
1233
1234# if PGM_SHW_TYPE == PGM_TYPE_PAE && PGM_GST_TYPE == PGM_TYPE_32BIT
1235 /* Select the right PDE as we're emulating a 4kb page table with 2 shadow page tables. */
1236 GCPhys = PGM_A20_APPLY(pVCpu, GCPhys | ((iPDDst & 1) * (PAGE_SIZE / 2)));
1237# endif
1238 if (pShwPage->GCPhys == GCPhys)
1239 {
1240 /* Syncing it here isn't 100% safe and it's probably not worth spending time syncing it. */
1241 PSHWPT pPTDst = (PSHWPT)PGMPOOL_PAGE_2_PTR_V2(pVM, pVCpu, pShwPage);
1242
1243 PGSTPT pPTSrc;
1244 rc = PGM_GCPHYS_2_PTR_V2(pVM, pVCpu, GST_GET_PDE_GCPHYS(PdeSrc), &pPTSrc);
1245 if (RT_SUCCESS(rc))
1246 {
1247 const unsigned iPTSrc = (GCPtrPage >> GST_PT_SHIFT) & GST_PT_MASK;
1248 GSTPTE PteSrc = pPTSrc->a[iPTSrc];
1249 const unsigned iPTDst = (GCPtrPage >> SHW_PT_SHIFT) & SHW_PT_MASK;
1250 PGM_BTH_NAME(SyncPageWorker)(pVCpu, &pPTDst->a[iPTDst], PdeSrc, PteSrc, pShwPage, iPTDst);
1251 Log2(("SyncPage: 4K %RGv PteSrc:{P=%d RW=%d U=%d raw=%08llx} PteDst=%08llx %s\n",
1252 GCPtrPage, PteSrc.u & X86_PTE_P,
1253 (PteSrc.u & PdeSrc.u & X86_PTE_RW),
1254 (PteSrc.u & PdeSrc.u & X86_PTE_US),
1255 (uint64_t)PteSrc.u,
1256 SHW_PTE_LOG64(pPTDst->a[iPTDst]),
1257 SHW_PTE_IS_TRACK_DIRTY(pPTDst->a[iPTDst]) ? " Track-Dirty" : ""));
1258 }
1259 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,InvalidatePage4KBPages));
1260 PGM_INVL_PG(pVCpu, GCPtrPage);
1261 }
1262 else
1263 {
1264 /*
1265 * The page table address changed.
1266 */
1267 LogFlow(("InvalidatePage: Out-of-sync at %RGp PdeSrc=%RX64 PdeDst=%RX64 ShwGCPhys=%RGp iPDDst=%#x\n",
1268 GCPtrPage, (uint64_t)PdeSrc.u, (uint64_t)PdeDst.u, pShwPage->GCPhys, iPDDst));
1269 pgmPoolFree(pVM, PdeDst.u & SHW_PDE_PG_MASK, pShwPde->idx, iPDDst);
1270 SHW_PDE_ATOMIC_SET(*pPdeDst, 0);
1271 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,InvalidatePagePDOutOfSync));
1272 PGM_INVL_VCPU_TLBS(pVCpu);
1273 }
1274 }
1275 else
1276 {
1277 /*
1278 * 2/4MB - page.
1279 */
1280 /* Before freeing the page, check if anything really changed. */
1281 PPGMPOOLPAGE pShwPage = pgmPoolGetPage(pPool, PdeDst.u & SHW_PDE_PG_MASK);
1282 RTGCPHYS GCPhys = GST_GET_BIG_PDE_GCPHYS(pVM, PdeSrc);
1283# if PGM_SHW_TYPE == PGM_TYPE_PAE && PGM_GST_TYPE == PGM_TYPE_32BIT
1284 /* Select the right PDE as we're emulating a 4MB page directory with two 2 MB shadow PDEs.*/
1285 GCPhys = PGM_A20_APPLY(pVCpu, GCPhys | (GCPtrPage & (1 << X86_PD_PAE_SHIFT)));
1286# endif
1287 if ( pShwPage->GCPhys == GCPhys
1288 && pShwPage->enmKind == BTH_PGMPOOLKIND_PT_FOR_BIG)
1289 {
1290 /* ASSUMES a the given bits are identical for 4M and normal PDEs */
1291 /** @todo This test is wrong as it cannot check the G bit!
1292 * FIXME */
1293 if ( (PdeSrc.u & (X86_PDE_P | X86_PDE_RW | X86_PDE_US))
1294 == (PdeDst.u & (X86_PDE_P | X86_PDE_RW | X86_PDE_US))
1295 && ( (PdeSrc.u & X86_PDE4M_D) /** @todo rainy day: What about read-only 4M pages? not very common, but still... */
1296 || (PdeDst.u & PGM_PDFLAGS_TRACK_DIRTY)))
1297 {
1298 LogFlow(("Skipping flush for big page containing %RGv (PD=%X .u=%RX64)-> nothing has changed!\n", GCPtrPage, iPDSrc, PdeSrc.u));
1299 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,InvalidatePage4MBPagesSkip));
1300 return VINF_SUCCESS;
1301 }
1302 }
1303
1304 /*
1305 * Ok, the page table is present and it's been changed in the guest.
1306 * If we're in host context, we'll just mark it as not present taking the lazy approach.
1307 * We could do this for some flushes in GC too, but we need an algorithm for
1308 * deciding which 4MB pages containing code likely to be executed very soon.
1309 */
1310 LogFlow(("InvalidatePage: Out-of-sync PD at %RGp PdeSrc=%RX64 PdeDst=%RX64\n",
1311 GCPtrPage, (uint64_t)PdeSrc.u, (uint64_t)PdeDst.u));
1312 pgmPoolFree(pVM, PdeDst.u & SHW_PDE_PG_MASK, pShwPde->idx, iPDDst);
1313 SHW_PDE_ATOMIC_SET(*pPdeDst, 0);
1314 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,InvalidatePage4MBPages));
1315 PGM_INVL_BIG_PG(pVCpu, GCPtrPage);
1316 }
1317 }
1318 else
1319 {
1320 /*
1321 * Page directory is not present, mark shadow PDE not present.
1322 */
1323# ifndef PGM_WITHOUT_MAPPINGS
1324 if (!(PdeDst.u & PGM_PDFLAGS_MAPPING))
1325# endif
1326 {
1327 pgmPoolFree(pVM, PdeDst.u & SHW_PDE_PG_MASK, pShwPde->idx, iPDDst);
1328 SHW_PDE_ATOMIC_SET(*pPdeDst, 0);
1329 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,InvalidatePagePDNPs));
1330 PGM_INVL_PG(pVCpu, GCPtrPage);
1331 }
1332# ifndef PGM_WITHOUT_MAPPINGS
1333 else
1334 {
1335 Assert(pgmMapAreMappingsEnabled(pVM));
1336 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,InvalidatePagePDMappings));
1337 }
1338# endif
1339 }
1340 return rc;
1341
1342#else /* guest real and protected mode, nested + ept, none. */
1343 /* There's no such thing as InvalidatePage when paging is disabled, so just ignore. */
1344 NOREF(pVCpu); NOREF(GCPtrPage);
1345 return VINF_SUCCESS;
1346#endif
1347}
1348
1349#if PGM_SHW_TYPE != PGM_TYPE_NONE
1350
1351/**
1352 * Update the tracking of shadowed pages.
1353 *
1354 * @param pVCpu The cross context virtual CPU structure.
1355 * @param pShwPage The shadow page.
1356 * @param HCPhys The physical page we is being dereferenced.
1357 * @param iPte Shadow PTE index
1358 * @param GCPhysPage Guest physical address (only valid if pShwPage->fDirty is set)
1359 */
1360DECLINLINE(void) PGM_BTH_NAME(SyncPageWorkerTrackDeref)(PVMCPUCC pVCpu, PPGMPOOLPAGE pShwPage, RTHCPHYS HCPhys, uint16_t iPte,
1361 RTGCPHYS GCPhysPage)
1362{
1363 PVMCC pVM = pVCpu->CTX_SUFF(pVM);
1364
1365# if defined(PGMPOOL_WITH_OPTIMIZED_DIRTY_PT) \
1366 && PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE) \
1367 && (PGM_GST_TYPE == PGM_TYPE_PAE || PGM_GST_TYPE == PGM_TYPE_AMD64 || PGM_SHW_TYPE == PGM_TYPE_PAE /* pae/32bit combo */)
1368
1369 /* Use the hint we retrieved from the cached guest PT. */
1370 if (pShwPage->fDirty)
1371 {
1372 PPGMPOOL pPool = pVM->pgm.s.CTX_SUFF(pPool);
1373
1374 Assert(pShwPage->cPresent);
1375 Assert(pPool->cPresent);
1376 pShwPage->cPresent--;
1377 pPool->cPresent--;
1378
1379 PPGMPAGE pPhysPage = pgmPhysGetPage(pVM, GCPhysPage);
1380 AssertRelease(pPhysPage);
1381 pgmTrackDerefGCPhys(pPool, pShwPage, pPhysPage, iPte);
1382 return;
1383 }
1384# else
1385 NOREF(GCPhysPage);
1386# endif
1387
1388 STAM_PROFILE_START(&pVM->pgm.s.CTX_SUFF(pStats)->StatTrackDeref, a);
1389 LogFlow(("SyncPageWorkerTrackDeref: Damn HCPhys=%RHp pShwPage->idx=%#x!!!\n", HCPhys, pShwPage->idx));
1390
1391 /** @todo If this turns out to be a bottle neck (*very* likely) two things can be done:
1392 * 1. have a medium sized HCPhys -> GCPhys TLB (hash?)
1393 * 2. write protect all shadowed pages. I.e. implement caching.
1394 */
1395 /** @todo duplicated in the 2nd half of pgmPoolTracDerefGCPhysHint */
1396
1397 /*
1398 * Find the guest address.
1399 */
1400 for (PPGMRAMRANGE pRam = pVM->pgm.s.CTX_SUFF(pRamRangesX);
1401 pRam;
1402 pRam = pRam->CTX_SUFF(pNext))
1403 {
1404 unsigned iPage = pRam->cb >> PAGE_SHIFT;
1405 while (iPage-- > 0)
1406 {
1407 if (PGM_PAGE_GET_HCPHYS(&pRam->aPages[iPage]) == HCPhys)
1408 {
1409 PPGMPOOL pPool = pVM->pgm.s.CTX_SUFF(pPool);
1410
1411 Assert(pShwPage->cPresent);
1412 Assert(pPool->cPresent);
1413 pShwPage->cPresent--;
1414 pPool->cPresent--;
1415
1416 pgmTrackDerefGCPhys(pPool, pShwPage, &pRam->aPages[iPage], iPte);
1417 STAM_PROFILE_STOP(&pVM->pgm.s.CTX_SUFF(pStats)->StatTrackDeref, a);
1418 return;
1419 }
1420 }
1421 }
1422
1423 for (;;)
1424 AssertReleaseMsgFailed(("HCPhys=%RHp wasn't found!\n", HCPhys));
1425}
1426
1427
1428/**
1429 * Update the tracking of shadowed pages.
1430 *
1431 * @param pVCpu The cross context virtual CPU structure.
1432 * @param pShwPage The shadow page.
1433 * @param u16 The top 16-bit of the pPage->HCPhys.
1434 * @param pPage Pointer to the guest page. this will be modified.
1435 * @param iPTDst The index into the shadow table.
1436 */
1437DECLINLINE(void) PGM_BTH_NAME(SyncPageWorkerTrackAddref)(PVMCPUCC pVCpu, PPGMPOOLPAGE pShwPage, uint16_t u16, PPGMPAGE pPage, const unsigned iPTDst)
1438{
1439 PVMCC pVM = pVCpu->CTX_SUFF(pVM);
1440
1441 /*
1442 * Just deal with the simple first time here.
1443 */
1444 if (!u16)
1445 {
1446 STAM_COUNTER_INC(&pVM->pgm.s.CTX_SUFF(pStats)->StatTrackVirgin);
1447 u16 = PGMPOOL_TD_MAKE(1, pShwPage->idx);
1448 /* Save the page table index. */
1449 PGM_PAGE_SET_PTE_INDEX(pVM, pPage, iPTDst);
1450 }
1451 else
1452 u16 = pgmPoolTrackPhysExtAddref(pVM, pPage, u16, pShwPage->idx, iPTDst);
1453
1454 /* write back */
1455 Log2(("SyncPageWorkerTrackAddRef: u16=%#x->%#x iPTDst=%#x\n", u16, PGM_PAGE_GET_TRACKING(pPage), iPTDst));
1456 PGM_PAGE_SET_TRACKING(pVM, pPage, u16);
1457
1458 /* update statistics. */
1459 pVM->pgm.s.CTX_SUFF(pPool)->cPresent++;
1460 pShwPage->cPresent++;
1461 if (pShwPage->iFirstPresent > iPTDst)
1462 pShwPage->iFirstPresent = iPTDst;
1463}
1464
1465
1466/**
1467 * Modifies a shadow PTE to account for access handlers.
1468 *
1469 * @param pVM The cross context VM structure.
1470 * @param pPage The page in question.
1471 * @param fPteSrc The shadowed flags of the source PTE. Must include the
1472 * A (accessed) bit so it can be emulated correctly.
1473 * @param pPteDst The shadow PTE (output). This is temporary storage and
1474 * does not need to be set atomically.
1475 */
1476DECLINLINE(void) PGM_BTH_NAME(SyncHandlerPte)(PVMCC pVM, PCPGMPAGE pPage, uint64_t fPteSrc, PSHWPTE pPteDst)
1477{
1478 NOREF(pVM); RT_NOREF_PV(fPteSrc);
1479
1480 /** @todo r=bird: Are we actually handling dirty and access bits for pages with access handlers correctly? No.
1481 * Update: \#PF should deal with this before or after calling the handlers. It has all the info to do the job efficiently. */
1482 if (!PGM_PAGE_HAS_ACTIVE_ALL_HANDLERS(pPage))
1483 {
1484 LogFlow(("SyncHandlerPte: monitored page (%R[pgmpage]) -> mark read-only\n", pPage));
1485# if PGM_SHW_TYPE == PGM_TYPE_EPT
1486 pPteDst->u = PGM_PAGE_GET_HCPHYS(pPage) | EPT_E_READ | EPT_E_EXECUTE | EPT_E_TYPE_WB | EPT_E_IGNORE_PAT;
1487# else
1488 if (fPteSrc & X86_PTE_A)
1489 {
1490 SHW_PTE_SET(*pPteDst, fPteSrc | PGM_PAGE_GET_HCPHYS(pPage));
1491 SHW_PTE_SET_RO(*pPteDst);
1492 }
1493 else
1494 SHW_PTE_SET(*pPteDst, 0);
1495# endif
1496 }
1497# ifdef PGM_WITH_MMIO_OPTIMIZATIONS
1498# if PGM_SHW_TYPE == PGM_TYPE_EPT || PGM_SHW_TYPE == PGM_TYPE_PAE || PGM_SHW_TYPE == PGM_TYPE_AMD64
1499 else if ( PGM_PAGE_HAS_ACTIVE_ALL_HANDLERS(pPage)
1500 && ( BTH_IS_NP_ACTIVE(pVM)
1501 || (fPteSrc & (X86_PTE_RW | X86_PTE_US)) == X86_PTE_RW) /** @todo Remove X86_PTE_US here and pGstWalk->Core.fEffectiveUS before the sync page test. */
1502# if PGM_SHW_TYPE == PGM_TYPE_AMD64
1503 && pVM->pgm.s.fLessThan52PhysicalAddressBits
1504# endif
1505 )
1506 {
1507 LogFlow(("SyncHandlerPte: MMIO page -> invalid \n"));
1508# if PGM_SHW_TYPE == PGM_TYPE_EPT
1509 /* 25.2.3.1: Reserved physical address bit -> EPT Misconfiguration (exit 49) */
1510 pPteDst->u = pVM->pgm.s.HCPhysInvMmioPg
1511 /* 25.2.3.1: bits 2:0 = 010b -> EPT Misconfiguration (exit 49) */
1512 | EPT_E_WRITE
1513 /* 25.2.3.1: leaf && 2:0 != 0 && u3Emt in {2, 3, 7} -> EPT Misconfiguration */
1514 | EPT_E_TYPE_INVALID_3;
1515# else
1516 /* Set high page frame bits that MBZ (bankers on PAE, CPU dependent on AMD64). */
1517 SHW_PTE_SET(*pPteDst, pVM->pgm.s.HCPhysInvMmioPg | X86_PTE_PAE_MBZ_MASK_NO_NX | X86_PTE_P);
1518# endif
1519 }
1520# endif
1521# endif /* PGM_WITH_MMIO_OPTIMIZATIONS */
1522 else
1523 {
1524 LogFlow(("SyncHandlerPte: monitored page (%R[pgmpage]) -> mark not present\n", pPage));
1525 SHW_PTE_SET(*pPteDst, 0);
1526 }
1527 /** @todo count these kinds of entries. */
1528}
1529
1530
1531/**
1532 * Creates a 4K shadow page for a guest page.
1533 *
1534 * For 4M pages the caller must convert the PDE4M to a PTE, this includes adjusting the
1535 * physical address. The PdeSrc argument only the flags are used. No page
1536 * structured will be mapped in this function.
1537 *
1538 * @param pVCpu The cross context virtual CPU structure.
1539 * @param pPteDst Destination page table entry.
1540 * @param PdeSrc Source page directory entry (i.e. Guest OS page directory entry).
1541 * Can safely assume that only the flags are being used.
1542 * @param PteSrc Source page table entry (i.e. Guest OS page table entry).
1543 * @param pShwPage Pointer to the shadow page.
1544 * @param iPTDst The index into the shadow table.
1545 *
1546 * @remark Not used for 2/4MB pages!
1547 */
1548# if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE) || defined(DOXYGEN_RUNNING)
1549static void PGM_BTH_NAME(SyncPageWorker)(PVMCPUCC pVCpu, PSHWPTE pPteDst, GSTPDE PdeSrc, GSTPTE PteSrc,
1550 PPGMPOOLPAGE pShwPage, unsigned iPTDst)
1551# else
1552static void PGM_BTH_NAME(SyncPageWorker)(PVMCPUCC pVCpu, PSHWPTE pPteDst, RTGCPHYS GCPhysPage,
1553 PPGMPOOLPAGE pShwPage, unsigned iPTDst)
1554# endif
1555{
1556 PVMCC pVM = pVCpu->CTX_SUFF(pVM);
1557 RTGCPHYS GCPhysOldPage = NIL_RTGCPHYS;
1558
1559# if defined(PGMPOOL_WITH_OPTIMIZED_DIRTY_PT) \
1560 && PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE) \
1561 && (PGM_GST_TYPE == PGM_TYPE_PAE || PGM_GST_TYPE == PGM_TYPE_AMD64 || PGM_SHW_TYPE == PGM_TYPE_PAE /* pae/32bit combo */)
1562
1563 if (pShwPage->fDirty)
1564 {
1565 PPGMPOOL pPool = pVM->pgm.s.CTX_SUFF(pPool);
1566 PGSTPT pGstPT;
1567
1568 /* Note that iPTDst can be used to index the guest PT even in the pae/32bit combo as we copy only half the table; see pgmPoolAddDirtyPage. */
1569 pGstPT = (PGSTPT)&pPool->aDirtyPages[pShwPage->idxDirtyEntry].aPage[0];
1570 GCPhysOldPage = GST_GET_PTE_GCPHYS(pGstPT->a[iPTDst]);
1571 pGstPT->a[iPTDst].u = PteSrc.u;
1572 }
1573# else
1574 Assert(!pShwPage->fDirty);
1575# endif
1576
1577# if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE)
1578 if ( (PteSrc.u & X86_PTE_P)
1579 && GST_IS_PTE_VALID(pVCpu, PteSrc))
1580# endif
1581 {
1582# if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE)
1583 RTGCPHYS GCPhysPage = GST_GET_PTE_GCPHYS(PteSrc);
1584# endif
1585 PGM_A20_ASSERT_MASKED(pVCpu, GCPhysPage);
1586
1587 /*
1588 * Find the ram range.
1589 */
1590 PPGMPAGE pPage;
1591 int rc = pgmPhysGetPageEx(pVM, GCPhysPage, &pPage);
1592 if (RT_SUCCESS(rc))
1593 {
1594 /* Ignore ballooned pages.
1595 Don't return errors or use a fatal assert here as part of a
1596 shadow sync range might included ballooned pages. */
1597 if (PGM_PAGE_IS_BALLOONED(pPage))
1598 {
1599 Assert(!SHW_PTE_IS_P(*pPteDst)); /** @todo user tracking needs updating if this triggers. */
1600 return;
1601 }
1602
1603# ifndef VBOX_WITH_NEW_LAZY_PAGE_ALLOC
1604 /* Make the page writable if necessary. */
1605 if ( PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_RAM
1606 && ( PGM_PAGE_IS_ZERO(pPage)
1607# if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE)
1608 || ( (PteSrc.u & X86_PTE_RW)
1609# else
1610 || ( 1
1611# endif
1612 && PGM_PAGE_GET_STATE(pPage) != PGM_PAGE_STATE_ALLOCATED
1613# ifdef VBOX_WITH_REAL_WRITE_MONITORED_PAGES
1614 && PGM_PAGE_GET_STATE(pPage) != PGM_PAGE_STATE_WRITE_MONITORED
1615# endif
1616# ifdef VBOX_WITH_PAGE_SHARING
1617 && PGM_PAGE_GET_STATE(pPage) != PGM_PAGE_STATE_SHARED
1618# endif
1619 )
1620 )
1621 )
1622 {
1623 rc = pgmPhysPageMakeWritable(pVM, pPage, GCPhysPage);
1624 AssertRC(rc);
1625 }
1626# endif
1627
1628 /*
1629 * Make page table entry.
1630 */
1631 SHWPTE PteDst;
1632# if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE)
1633 uint64_t fGstShwPteFlags = GST_GET_PTE_SHW_FLAGS(pVCpu, PteSrc);
1634# else
1635 uint64_t fGstShwPteFlags = X86_PTE_P | X86_PTE_RW | X86_PTE_US | X86_PTE_A | X86_PTE_D;
1636# endif
1637 if (PGM_PAGE_HAS_ACTIVE_HANDLERS(pPage))
1638 PGM_BTH_NAME(SyncHandlerPte)(pVM, pPage, fGstShwPteFlags, &PteDst);
1639 else
1640 {
1641# if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE)
1642 /*
1643 * If the page or page directory entry is not marked accessed,
1644 * we mark the page not present.
1645 */
1646 if (!(PteSrc.u & X86_PTE_A) || !(PdeSrc.u & X86_PDE_A))
1647 {
1648 LogFlow(("SyncPageWorker: page and or page directory not accessed -> mark not present\n"));
1649 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,AccessedPage));
1650 SHW_PTE_SET(PteDst, 0);
1651 }
1652 /*
1653 * If the page is not flagged as dirty and is writable, then make it read-only, so we can set the dirty bit
1654 * when the page is modified.
1655 */
1656 else if (!(PteSrc.u & X86_PTE_D) && (PdeSrc.u & PteSrc.u & X86_PTE_RW))
1657 {
1658 AssertCompile(X86_PTE_RW == X86_PDE_RW);
1659 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,DirtyPage));
1660 SHW_PTE_SET(PteDst,
1661 fGstShwPteFlags
1662 | PGM_PAGE_GET_HCPHYS(pPage)
1663 | PGM_PTFLAGS_TRACK_DIRTY);
1664 SHW_PTE_SET_RO(PteDst);
1665 }
1666 else
1667# endif
1668 {
1669 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,DirtyPageSkipped));
1670# if PGM_SHW_TYPE == PGM_TYPE_EPT
1671 PteDst.u = PGM_PAGE_GET_HCPHYS(pPage)
1672 | EPT_E_READ | EPT_E_WRITE | EPT_E_EXECUTE | EPT_E_TYPE_WB | EPT_E_IGNORE_PAT;
1673# else
1674 SHW_PTE_SET(PteDst, fGstShwPteFlags | PGM_PAGE_GET_HCPHYS(pPage));
1675# endif
1676 }
1677
1678 /*
1679 * Make sure only allocated pages are mapped writable.
1680 */
1681 if ( SHW_PTE_IS_P_RW(PteDst)
1682 && PGM_PAGE_GET_STATE(pPage) != PGM_PAGE_STATE_ALLOCATED)
1683 {
1684 /* Still applies to shared pages. */
1685 Assert(!PGM_PAGE_IS_ZERO(pPage));
1686 SHW_PTE_SET_RO(PteDst); /** @todo this isn't quite working yet. Why, isn't it? */
1687 Log3(("SyncPageWorker: write-protecting %RGp pPage=%R[pgmpage]at iPTDst=%d\n", GCPhysPage, pPage, iPTDst));
1688 }
1689 }
1690
1691 /*
1692 * Keep user track up to date.
1693 */
1694 if (SHW_PTE_IS_P(PteDst))
1695 {
1696 if (!SHW_PTE_IS_P(*pPteDst))
1697 PGM_BTH_NAME(SyncPageWorkerTrackAddref)(pVCpu, pShwPage, PGM_PAGE_GET_TRACKING(pPage), pPage, iPTDst);
1698 else if (SHW_PTE_GET_HCPHYS(*pPteDst) != SHW_PTE_GET_HCPHYS(PteDst))
1699 {
1700 Log2(("SyncPageWorker: deref! *pPteDst=%RX64 PteDst=%RX64\n", SHW_PTE_LOG64(*pPteDst), SHW_PTE_LOG64(PteDst)));
1701 PGM_BTH_NAME(SyncPageWorkerTrackDeref)(pVCpu, pShwPage, SHW_PTE_GET_HCPHYS(*pPteDst), iPTDst, GCPhysOldPage);
1702 PGM_BTH_NAME(SyncPageWorkerTrackAddref)(pVCpu, pShwPage, PGM_PAGE_GET_TRACKING(pPage), pPage, iPTDst);
1703 }
1704 }
1705 else if (SHW_PTE_IS_P(*pPteDst))
1706 {
1707 Log2(("SyncPageWorker: deref! *pPteDst=%RX64\n", SHW_PTE_LOG64(*pPteDst)));
1708 PGM_BTH_NAME(SyncPageWorkerTrackDeref)(pVCpu, pShwPage, SHW_PTE_GET_HCPHYS(*pPteDst), iPTDst, GCPhysOldPage);
1709 }
1710
1711 /*
1712 * Update statistics and commit the entry.
1713 */
1714# if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE)
1715 if (!(PteSrc.u & X86_PTE_G))
1716 pShwPage->fSeenNonGlobal = true;
1717# endif
1718 SHW_PTE_ATOMIC_SET2(*pPteDst, PteDst);
1719 return;
1720 }
1721
1722/** @todo count these three different kinds. */
1723 Log2(("SyncPageWorker: invalid address in Pte\n"));
1724 }
1725# if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE)
1726 else if (!(PteSrc.u & X86_PTE_P))
1727 Log2(("SyncPageWorker: page not present in Pte\n"));
1728 else
1729 Log2(("SyncPageWorker: invalid Pte\n"));
1730# endif
1731
1732 /*
1733 * The page is not present or the PTE is bad. Replace the shadow PTE by
1734 * an empty entry, making sure to keep the user tracking up to date.
1735 */
1736 if (SHW_PTE_IS_P(*pPteDst))
1737 {
1738 Log2(("SyncPageWorker: deref! *pPteDst=%RX64\n", SHW_PTE_LOG64(*pPteDst)));
1739 PGM_BTH_NAME(SyncPageWorkerTrackDeref)(pVCpu, pShwPage, SHW_PTE_GET_HCPHYS(*pPteDst), iPTDst, GCPhysOldPage);
1740 }
1741 SHW_PTE_ATOMIC_SET(*pPteDst, 0);
1742}
1743
1744
1745/**
1746 * Syncs a guest OS page.
1747 *
1748 * There are no conflicts at this point, neither is there any need for
1749 * page table allocations.
1750 *
1751 * When called in PAE or AMD64 guest mode, the guest PDPE shall be valid.
1752 * When called in AMD64 guest mode, the guest PML4E shall be valid.
1753 *
1754 * @returns VBox status code.
1755 * @returns VINF_PGM_SYNCPAGE_MODIFIED_PDE if it modifies the PDE in any way.
1756 * @param pVCpu The cross context virtual CPU structure.
1757 * @param PdeSrc Page directory entry of the guest.
1758 * @param GCPtrPage Guest context page address.
1759 * @param cPages Number of pages to sync (PGM_SYNC_N_PAGES) (default=1).
1760 * @param uErr Fault error (X86_TRAP_PF_*).
1761 */
1762static int PGM_BTH_NAME(SyncPage)(PVMCPUCC pVCpu, GSTPDE PdeSrc, RTGCPTR GCPtrPage, unsigned cPages, unsigned uErr)
1763{
1764 PVMCC pVM = pVCpu->CTX_SUFF(pVM);
1765 PPGMPOOL pPool = pVM->pgm.s.CTX_SUFF(pPool); NOREF(pPool);
1766 LogFlow(("SyncPage: GCPtrPage=%RGv cPages=%u uErr=%#x\n", GCPtrPage, cPages, uErr));
1767 RT_NOREF_PV(uErr); RT_NOREF_PV(cPages); RT_NOREF_PV(GCPtrPage);
1768
1769 PGM_LOCK_ASSERT_OWNER(pVM);
1770
1771# if ( PGM_GST_TYPE == PGM_TYPE_32BIT \
1772 || PGM_GST_TYPE == PGM_TYPE_PAE \
1773 || PGM_GST_TYPE == PGM_TYPE_AMD64) \
1774 && !PGM_TYPE_IS_NESTED_OR_EPT(PGM_SHW_TYPE)
1775
1776 /*
1777 * Assert preconditions.
1778 */
1779 Assert(PdeSrc.u & X86_PDE_P);
1780 Assert(cPages);
1781# if 0 /* rarely useful; leave for debugging. */
1782 STAM_COUNTER_INC(&pVCpu->pgm.s.StatSyncPagePD[(GCPtrPage >> GST_PD_SHIFT) & GST_PD_MASK]);
1783# endif
1784
1785 /*
1786 * Get the shadow PDE, find the shadow page table in the pool.
1787 */
1788# if PGM_SHW_TYPE == PGM_TYPE_32BIT
1789 const unsigned iPDDst = (GCPtrPage >> SHW_PD_SHIFT) & SHW_PD_MASK;
1790 PX86PDE pPdeDst = pgmShwGet32BitPDEPtr(pVCpu, GCPtrPage);
1791
1792 /* Fetch the pgm pool shadow descriptor. */
1793 PPGMPOOLPAGE pShwPde = pVCpu->pgm.s.CTX_SUFF(pShwPageCR3);
1794 Assert(pShwPde);
1795
1796# elif PGM_SHW_TYPE == PGM_TYPE_PAE
1797 const unsigned iPDDst = (GCPtrPage >> SHW_PD_SHIFT) & SHW_PD_MASK;
1798 PPGMPOOLPAGE pShwPde = NULL;
1799 PX86PDPAE pPDDst;
1800
1801 /* Fetch the pgm pool shadow descriptor. */
1802 int rc2 = pgmShwGetPaePoolPagePD(pVCpu, GCPtrPage, &pShwPde);
1803 AssertRCSuccessReturn(rc2, rc2);
1804 Assert(pShwPde);
1805
1806 pPDDst = (PX86PDPAE)PGMPOOL_PAGE_2_PTR_V2(pVM, pVCpu, pShwPde);
1807 PX86PDEPAE pPdeDst = &pPDDst->a[iPDDst];
1808
1809# elif PGM_SHW_TYPE == PGM_TYPE_AMD64
1810 const unsigned iPDDst = (GCPtrPage >> SHW_PD_SHIFT) & SHW_PD_MASK;
1811 const unsigned iPdpt = (GCPtrPage >> X86_PDPT_SHIFT) & X86_PDPT_MASK_AMD64;
1812 PX86PDPAE pPDDst = NULL; /* initialized to shut up gcc */
1813 PX86PDPT pPdptDst = NULL; /* initialized to shut up gcc */
1814
1815 int rc2 = pgmShwGetLongModePDPtr(pVCpu, GCPtrPage, NULL, &pPdptDst, &pPDDst);
1816 AssertRCSuccessReturn(rc2, rc2);
1817 Assert(pPDDst && pPdptDst);
1818 PX86PDEPAE pPdeDst = &pPDDst->a[iPDDst];
1819# endif
1820 SHWPDE PdeDst = *pPdeDst;
1821
1822 /*
1823 * - In the guest SMP case we could have blocked while another VCPU reused
1824 * this page table.
1825 * - With W7-64 we may also take this path when the A bit is cleared on
1826 * higher level tables (PDPE/PML4E). The guest does not invalidate the
1827 * relevant TLB entries. If we're write monitoring any page mapped by
1828 * the modified entry, we may end up here with a "stale" TLB entry.
1829 */
1830 if (!(PdeDst.u & X86_PDE_P))
1831 {
1832 Log(("CPU%u: SyncPage: Pde at %RGv changed behind our back? (pPdeDst=%p/%RX64) uErr=%#x\n", pVCpu->idCpu, GCPtrPage, pPdeDst, (uint64_t)PdeDst.u, (uint32_t)uErr));
1833 AssertMsg(pVM->cCpus > 1 || (uErr & (X86_TRAP_PF_P | X86_TRAP_PF_RW)) == (X86_TRAP_PF_P | X86_TRAP_PF_RW),
1834 ("Unexpected missing PDE p=%p/%RX64 uErr=%#x\n", pPdeDst, (uint64_t)PdeDst.u, (uint32_t)uErr));
1835 if (uErr & X86_TRAP_PF_P)
1836 PGM_INVL_PG(pVCpu, GCPtrPage);
1837 return VINF_SUCCESS; /* force the instruction to be executed again. */
1838 }
1839
1840 PPGMPOOLPAGE pShwPage = pgmPoolGetPage(pPool, PdeDst.u & SHW_PDE_PG_MASK);
1841 Assert(pShwPage);
1842
1843# if PGM_GST_TYPE == PGM_TYPE_AMD64
1844 /* Fetch the pgm pool shadow descriptor. */
1845 PPGMPOOLPAGE pShwPde = pgmPoolGetPage(pPool, pPdptDst->a[iPdpt].u & X86_PDPE_PG_MASK);
1846 Assert(pShwPde);
1847# endif
1848
1849 /*
1850 * Check that the page is present and that the shadow PDE isn't out of sync.
1851 */
1852 const bool fBigPage = (PdeSrc.u & X86_PDE_PS) && GST_IS_PSE_ACTIVE(pVCpu);
1853 const bool fPdeValid = !fBigPage ? GST_IS_PDE_VALID(pVCpu, PdeSrc) : GST_IS_BIG_PDE_VALID(pVCpu, PdeSrc);
1854 RTGCPHYS GCPhys;
1855 if (!fBigPage)
1856 {
1857 GCPhys = GST_GET_PDE_GCPHYS(PdeSrc);
1858# if PGM_SHW_TYPE == PGM_TYPE_PAE && PGM_GST_TYPE == PGM_TYPE_32BIT
1859 /* Select the right PDE as we're emulating a 4kb page table with 2 shadow page tables. */
1860 GCPhys = PGM_A20_APPLY(pVCpu, GCPhys | ((iPDDst & 1) * (PAGE_SIZE / 2)));
1861# endif
1862 }
1863 else
1864 {
1865 GCPhys = GST_GET_BIG_PDE_GCPHYS(pVM, PdeSrc);
1866# if PGM_SHW_TYPE == PGM_TYPE_PAE && PGM_GST_TYPE == PGM_TYPE_32BIT
1867 /* Select the right PDE as we're emulating a 4MB page directory with two 2 MB shadow PDEs.*/
1868 GCPhys = PGM_A20_APPLY(pVCpu, GCPhys | (GCPtrPage & (1 << X86_PD_PAE_SHIFT)));
1869# endif
1870 }
1871 /** @todo This doesn't check the G bit of 2/4MB pages. FIXME */
1872 if ( fPdeValid
1873 && pShwPage->GCPhys == GCPhys
1874 && (PdeSrc.u & X86_PDE_P)
1875 && (PdeSrc.u & X86_PDE_US) == (PdeDst.u & X86_PDE_US)
1876 && ((PdeSrc.u & X86_PDE_RW) == (PdeDst.u & X86_PDE_RW) || !(PdeDst.u & X86_PDE_RW))
1877# if PGM_WITH_NX(PGM_GST_TYPE, PGM_SHW_TYPE)
1878 && ((PdeSrc.u & X86_PDE_PAE_NX) == (PdeDst.u & X86_PDE_PAE_NX) || !GST_IS_NX_ACTIVE(pVCpu))
1879# endif
1880 )
1881 {
1882 /*
1883 * Check that the PDE is marked accessed already.
1884 * Since we set the accessed bit *before* getting here on a #PF, this
1885 * check is only meant for dealing with non-#PF'ing paths.
1886 */
1887 if (PdeSrc.u & X86_PDE_A)
1888 {
1889 PSHWPT pPTDst = (PSHWPT)PGMPOOL_PAGE_2_PTR_V2(pVM, pVCpu, pShwPage);
1890 if (!fBigPage)
1891 {
1892 /*
1893 * 4KB Page - Map the guest page table.
1894 */
1895 PGSTPT pPTSrc;
1896 int rc = PGM_GCPHYS_2_PTR_V2(pVM, pVCpu, GST_GET_PDE_GCPHYS(PdeSrc), &pPTSrc);
1897 if (RT_SUCCESS(rc))
1898 {
1899# ifdef PGM_SYNC_N_PAGES
1900 Assert(cPages == 1 || !(uErr & X86_TRAP_PF_P));
1901 if ( cPages > 1
1902 && !(uErr & X86_TRAP_PF_P)
1903 && !VM_FF_IS_SET(pVM, VM_FF_PGM_NO_MEMORY))
1904 {
1905 /*
1906 * This code path is currently only taken when the caller is PGMTrap0eHandler
1907 * for non-present pages!
1908 *
1909 * We're setting PGM_SYNC_NR_PAGES pages around the faulting page to sync it and
1910 * deal with locality.
1911 */
1912 unsigned iPTDst = (GCPtrPage >> SHW_PT_SHIFT) & SHW_PT_MASK;
1913# if PGM_SHW_TYPE == PGM_TYPE_PAE && PGM_GST_TYPE == PGM_TYPE_32BIT
1914 /* Select the right PDE as we're emulating a 4kb page table with 2 shadow page tables. */
1915 const unsigned offPTSrc = ((GCPtrPage >> SHW_PD_SHIFT) & 1) * 512;
1916# else
1917 const unsigned offPTSrc = 0;
1918# endif
1919 const unsigned iPTDstEnd = RT_MIN(iPTDst + PGM_SYNC_NR_PAGES / 2, RT_ELEMENTS(pPTDst->a));
1920 if (iPTDst < PGM_SYNC_NR_PAGES / 2)
1921 iPTDst = 0;
1922 else
1923 iPTDst -= PGM_SYNC_NR_PAGES / 2;
1924
1925 for (; iPTDst < iPTDstEnd; iPTDst++)
1926 {
1927 const PGSTPTE pPteSrc = &pPTSrc->a[offPTSrc + iPTDst];
1928
1929 if ( (pPteSrc->u & X86_PTE_P)
1930 && !SHW_PTE_IS_P(pPTDst->a[iPTDst]))
1931 {
1932 RTGCPTR GCPtrCurPage = (GCPtrPage & ~(RTGCPTR)(GST_PT_MASK << GST_PT_SHIFT)) | ((offPTSrc + iPTDst) << PAGE_SHIFT);
1933 NOREF(GCPtrCurPage);
1934 PGM_BTH_NAME(SyncPageWorker)(pVCpu, &pPTDst->a[iPTDst], PdeSrc, *pPteSrc, pShwPage, iPTDst);
1935 Log2(("SyncPage: 4K+ %RGv PteSrc:{P=%d RW=%d U=%d raw=%08llx} PteDst=%08llx%s\n",
1936 GCPtrCurPage, pPteSrc->u & X86_PTE_P,
1937 !!(pPteSrc->u & PdeSrc.u & X86_PTE_RW),
1938 !!(pPteSrc->u & PdeSrc.u & X86_PTE_US),
1939 (uint64_t)pPteSrc->u,
1940 SHW_PTE_LOG64(pPTDst->a[iPTDst]),
1941 SHW_PTE_IS_TRACK_DIRTY(pPTDst->a[iPTDst]) ? " Track-Dirty" : ""));
1942 }
1943 }
1944 }
1945 else
1946# endif /* PGM_SYNC_N_PAGES */
1947 {
1948 const unsigned iPTSrc = (GCPtrPage >> GST_PT_SHIFT) & GST_PT_MASK;
1949 GSTPTE PteSrc = pPTSrc->a[iPTSrc];
1950 const unsigned iPTDst = (GCPtrPage >> SHW_PT_SHIFT) & SHW_PT_MASK;
1951 PGM_BTH_NAME(SyncPageWorker)(pVCpu, &pPTDst->a[iPTDst], PdeSrc, PteSrc, pShwPage, iPTDst);
1952 Log2(("SyncPage: 4K %RGv PteSrc:{P=%d RW=%d U=%d raw=%08llx} PteDst=%08llx %s\n",
1953 GCPtrPage, PteSrc.u & X86_PTE_P,
1954 !!(PteSrc.u & PdeSrc.u & X86_PTE_RW),
1955 !!(PteSrc.u & PdeSrc.u & X86_PTE_US),
1956 (uint64_t)PteSrc.u,
1957 SHW_PTE_LOG64(pPTDst->a[iPTDst]),
1958 SHW_PTE_IS_TRACK_DIRTY(pPTDst->a[iPTDst]) ? " Track-Dirty" : ""));
1959 }
1960 }
1961 else /* MMIO or invalid page: emulated in #PF handler. */
1962 {
1963 LogFlow(("PGM_GCPHYS_2_PTR %RGp failed with %Rrc\n", GCPhys, rc));
1964 Assert(!SHW_PTE_IS_P(pPTDst->a[(GCPtrPage >> SHW_PT_SHIFT) & SHW_PT_MASK]));
1965 }
1966 }
1967 else
1968 {
1969 /*
1970 * 4/2MB page - lazy syncing shadow 4K pages.
1971 * (There are many causes of getting here, it's no longer only CSAM.)
1972 */
1973 /* Calculate the GC physical address of this 4KB shadow page. */
1974 GCPhys = PGM_A20_APPLY(pVCpu, GST_GET_BIG_PDE_GCPHYS(pVM, PdeSrc) | (GCPtrPage & GST_BIG_PAGE_OFFSET_MASK));
1975 /* Find ram range. */
1976 PPGMPAGE pPage;
1977 int rc = pgmPhysGetPageEx(pVM, GCPhys, &pPage);
1978 if (RT_SUCCESS(rc))
1979 {
1980 AssertFatalMsg(!PGM_PAGE_IS_BALLOONED(pPage), ("Unexpected ballooned page at %RGp\n", GCPhys));
1981
1982# ifndef VBOX_WITH_NEW_LAZY_PAGE_ALLOC
1983 /* Try to make the page writable if necessary. */
1984 if ( PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_RAM
1985 && ( PGM_PAGE_IS_ZERO(pPage)
1986 || ( (PdeSrc.u & X86_PDE_RW)
1987 && PGM_PAGE_GET_STATE(pPage) != PGM_PAGE_STATE_ALLOCATED
1988# ifdef VBOX_WITH_REAL_WRITE_MONITORED_PAGES
1989 && PGM_PAGE_GET_STATE(pPage) != PGM_PAGE_STATE_WRITE_MONITORED
1990# endif
1991# ifdef VBOX_WITH_PAGE_SHARING
1992 && PGM_PAGE_GET_STATE(pPage) != PGM_PAGE_STATE_SHARED
1993# endif
1994 )
1995 )
1996 )
1997 {
1998 rc = pgmPhysPageMakeWritable(pVM, pPage, GCPhys);
1999 AssertRC(rc);
2000 }
2001# endif
2002
2003 /*
2004 * Make shadow PTE entry.
2005 */
2006 SHWPTE PteDst;
2007 if (PGM_PAGE_HAS_ACTIVE_HANDLERS(pPage))
2008 PGM_BTH_NAME(SyncHandlerPte)(pVM, pPage, GST_GET_BIG_PDE_SHW_FLAGS_4_PTE(pVCpu, PdeSrc), &PteDst);
2009 else
2010 SHW_PTE_SET(PteDst, GST_GET_BIG_PDE_SHW_FLAGS_4_PTE(pVCpu, PdeSrc) | PGM_PAGE_GET_HCPHYS(pPage));
2011
2012 const unsigned iPTDst = (GCPtrPage >> SHW_PT_SHIFT) & SHW_PT_MASK;
2013 if ( SHW_PTE_IS_P(PteDst)
2014 && !SHW_PTE_IS_P(pPTDst->a[iPTDst]))
2015 PGM_BTH_NAME(SyncPageWorkerTrackAddref)(pVCpu, pShwPage, PGM_PAGE_GET_TRACKING(pPage), pPage, iPTDst);
2016
2017 /* Make sure only allocated pages are mapped writable. */
2018 if ( SHW_PTE_IS_P_RW(PteDst)
2019 && PGM_PAGE_GET_STATE(pPage) != PGM_PAGE_STATE_ALLOCATED)
2020 {
2021 /* Still applies to shared pages. */
2022 Assert(!PGM_PAGE_IS_ZERO(pPage));
2023 SHW_PTE_SET_RO(PteDst); /** @todo this isn't quite working yet... */
2024 Log3(("SyncPage: write-protecting %RGp pPage=%R[pgmpage] at %RGv\n", GCPhys, pPage, GCPtrPage));
2025 }
2026
2027 SHW_PTE_ATOMIC_SET2(pPTDst->a[iPTDst], PteDst);
2028
2029 /*
2030 * If the page is not flagged as dirty and is writable, then make it read-only
2031 * at PD level, so we can set the dirty bit when the page is modified.
2032 *
2033 * ASSUMES that page access handlers are implemented on page table entry level.
2034 * Thus we will first catch the dirty access and set PDE.D and restart. If
2035 * there is an access handler, we'll trap again and let it work on the problem.
2036 */
2037 /** @todo r=bird: figure out why we need this here, SyncPT should've taken care of this already.
2038 * As for invlpg, it simply frees the whole shadow PT.
2039 * ...It's possibly because the guest clears it and the guest doesn't really tell us... */
2040 if ((PdeSrc.u & (X86_PDE4M_D | X86_PDE_RW)) == X86_PDE_RW)
2041 {
2042 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,DirtyPageBig));
2043 PdeDst.u |= PGM_PDFLAGS_TRACK_DIRTY;
2044 PdeDst.u &= ~(SHWUINT)X86_PDE_RW;
2045 }
2046 else
2047 {
2048 PdeDst.u &= ~(SHWUINT)(PGM_PDFLAGS_TRACK_DIRTY | X86_PDE_RW);
2049 PdeDst.u |= PdeSrc.u & X86_PDE_RW;
2050 }
2051 SHW_PDE_ATOMIC_SET2(*pPdeDst, PdeDst);
2052 Log2(("SyncPage: BIG %RGv PdeSrc:{P=%d RW=%d U=%d raw=%08llx} GCPhys=%RGp%s\n",
2053 GCPtrPage, PdeSrc.u & X86_PDE_P, !!(PdeSrc.u & X86_PDE_RW), !!(PdeSrc.u & X86_PDE_US),
2054 (uint64_t)PdeSrc.u, GCPhys, PdeDst.u & PGM_PDFLAGS_TRACK_DIRTY ? " Track-Dirty" : ""));
2055 }
2056 else
2057 {
2058 LogFlow(("PGM_GCPHYS_2_PTR %RGp (big) failed with %Rrc\n", GCPhys, rc));
2059 /** @todo must wipe the shadow page table entry in this
2060 * case. */
2061 }
2062 }
2063 PGM_DYNMAP_UNUSED_HINT(pVCpu, pPdeDst);
2064 return VINF_SUCCESS;
2065 }
2066
2067 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,SyncPagePDNAs));
2068 }
2069 else if (fPdeValid)
2070 {
2071 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,SyncPagePDOutOfSync));
2072 Log2(("SyncPage: Out-Of-Sync PDE at %RGp PdeSrc=%RX64 PdeDst=%RX64 (GCPhys %RGp vs %RGp)\n",
2073 GCPtrPage, (uint64_t)PdeSrc.u, (uint64_t)PdeDst.u, pShwPage->GCPhys, GCPhys));
2074 }
2075 else
2076 {
2077/// @todo STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_MID_Z(Stat,SyncPagePDOutOfSyncAndInvalid));
2078 Log2(("SyncPage: Bad PDE at %RGp PdeSrc=%RX64 PdeDst=%RX64 (GCPhys %RGp vs %RGp)\n",
2079 GCPtrPage, (uint64_t)PdeSrc.u, (uint64_t)PdeDst.u, pShwPage->GCPhys, GCPhys));
2080 }
2081
2082 /*
2083 * Mark the PDE not present. Restart the instruction and let #PF call SyncPT.
2084 * Yea, I'm lazy.
2085 */
2086 pgmPoolFreeByPage(pPool, pShwPage, pShwPde->idx, iPDDst);
2087 SHW_PDE_ATOMIC_SET(*pPdeDst, 0);
2088
2089 PGM_DYNMAP_UNUSED_HINT(pVCpu, pPdeDst);
2090 PGM_INVL_VCPU_TLBS(pVCpu);
2091 return VINF_PGM_SYNCPAGE_MODIFIED_PDE;
2092
2093
2094# elif (PGM_GST_TYPE == PGM_TYPE_REAL || PGM_GST_TYPE == PGM_TYPE_PROT) \
2095 && !PGM_TYPE_IS_NESTED(PGM_SHW_TYPE) \
2096 && (PGM_SHW_TYPE != PGM_TYPE_EPT || PGM_GST_TYPE == PGM_TYPE_PROT)
2097 NOREF(PdeSrc);
2098
2099# ifdef PGM_SYNC_N_PAGES
2100 /*
2101 * Get the shadow PDE, find the shadow page table in the pool.
2102 */
2103# if PGM_SHW_TYPE == PGM_TYPE_32BIT
2104 X86PDE PdeDst = pgmShwGet32BitPDE(pVCpu, GCPtrPage);
2105
2106# elif PGM_SHW_TYPE == PGM_TYPE_PAE
2107 X86PDEPAE PdeDst = pgmShwGetPaePDE(pVCpu, GCPtrPage);
2108
2109# elif PGM_SHW_TYPE == PGM_TYPE_AMD64
2110 const unsigned iPDDst = ((GCPtrPage >> SHW_PD_SHIFT) & SHW_PD_MASK);
2111 const unsigned iPdpt = (GCPtrPage >> X86_PDPT_SHIFT) & X86_PDPT_MASK_AMD64; NOREF(iPdpt);
2112 PX86PDPAE pPDDst = NULL; /* initialized to shut up gcc */
2113 X86PDEPAE PdeDst;
2114 PX86PDPT pPdptDst = NULL; /* initialized to shut up gcc */
2115
2116 int rc = pgmShwGetLongModePDPtr(pVCpu, GCPtrPage, NULL, &pPdptDst, &pPDDst);
2117 AssertRCSuccessReturn(rc, rc);
2118 Assert(pPDDst && pPdptDst);
2119 PdeDst = pPDDst->a[iPDDst];
2120
2121# elif PGM_SHW_TYPE == PGM_TYPE_EPT
2122 const unsigned iPDDst = ((GCPtrPage >> SHW_PD_SHIFT) & SHW_PD_MASK);
2123 PEPTPD pPDDst;
2124 EPTPDE PdeDst;
2125
2126 int rc = pgmShwGetEPTPDPtr(pVCpu, GCPtrPage, NULL, &pPDDst);
2127 if (rc != VINF_SUCCESS)
2128 {
2129 AssertRC(rc);
2130 return rc;
2131 }
2132 Assert(pPDDst);
2133 PdeDst = pPDDst->a[iPDDst];
2134# endif
2135 /* In the guest SMP case we could have blocked while another VCPU reused this page table. */
2136 if (!SHW_PDE_IS_P(PdeDst))
2137 {
2138 AssertMsg(pVM->cCpus > 1, ("Unexpected missing PDE %RX64\n", (uint64_t)PdeDst.u));
2139 Log(("CPU%d: SyncPage: Pde at %RGv changed behind our back!\n", pVCpu->idCpu, GCPtrPage));
2140 return VINF_SUCCESS; /* force the instruction to be executed again. */
2141 }
2142
2143 /* Can happen in the guest SMP case; other VCPU activated this PDE while we were blocking to handle the page fault. */
2144 if (SHW_PDE_IS_BIG(PdeDst))
2145 {
2146 Assert(pVM->pgm.s.fNestedPaging);
2147 Log(("CPU%d: SyncPage: Pde (big:%RX64) at %RGv changed behind our back!\n", pVCpu->idCpu, PdeDst.u, GCPtrPage));
2148 return VINF_SUCCESS;
2149 }
2150
2151 /* Mask away the page offset. */
2152 GCPtrPage &= ~((RTGCPTR)0xfff);
2153
2154 PPGMPOOLPAGE pShwPage = pgmPoolGetPage(pPool, PdeDst.u & SHW_PDE_PG_MASK);
2155 PSHWPT pPTDst = (PSHWPT)PGMPOOL_PAGE_2_PTR_V2(pVM, pVCpu, pShwPage);
2156
2157 Assert(cPages == 1 || !(uErr & X86_TRAP_PF_P));
2158 if ( cPages > 1
2159 && !(uErr & X86_TRAP_PF_P)
2160 && !VM_FF_IS_SET(pVM, VM_FF_PGM_NO_MEMORY))
2161 {
2162 /*
2163 * This code path is currently only taken when the caller is PGMTrap0eHandler
2164 * for non-present pages!
2165 *
2166 * We're setting PGM_SYNC_NR_PAGES pages around the faulting page to sync it and
2167 * deal with locality.
2168 */
2169 unsigned iPTDst = (GCPtrPage >> SHW_PT_SHIFT) & SHW_PT_MASK;
2170 const unsigned iPTDstEnd = RT_MIN(iPTDst + PGM_SYNC_NR_PAGES / 2, RT_ELEMENTS(pPTDst->a));
2171 if (iPTDst < PGM_SYNC_NR_PAGES / 2)
2172 iPTDst = 0;
2173 else
2174 iPTDst -= PGM_SYNC_NR_PAGES / 2;
2175 for (; iPTDst < iPTDstEnd; iPTDst++)
2176 {
2177 if (!SHW_PTE_IS_P(pPTDst->a[iPTDst]))
2178 {
2179 RTGCPTR GCPtrCurPage = PGM_A20_APPLY(pVCpu, (GCPtrPage & ~(RTGCPTR)(SHW_PT_MASK << SHW_PT_SHIFT))
2180 | (iPTDst << PAGE_SHIFT));
2181
2182 PGM_BTH_NAME(SyncPageWorker)(pVCpu, &pPTDst->a[iPTDst], GCPtrCurPage, pShwPage, iPTDst);
2183 Log2(("SyncPage: 4K+ %RGv PteSrc:{P=1 RW=1 U=1} PteDst=%08llx%s\n",
2184 GCPtrCurPage,
2185 SHW_PTE_LOG64(pPTDst->a[iPTDst]),
2186 SHW_PTE_IS_TRACK_DIRTY(pPTDst->a[iPTDst]) ? " Track-Dirty" : ""));
2187
2188 if (RT_UNLIKELY(VM_FF_IS_SET(pVM, VM_FF_PGM_NO_MEMORY)))
2189 break;
2190 }
2191 else
2192 Log4(("%RGv iPTDst=%x pPTDst->a[iPTDst] %RX64\n", (GCPtrPage & ~(RTGCPTR)(SHW_PT_MASK << SHW_PT_SHIFT)) | (iPTDst << PAGE_SHIFT), iPTDst, SHW_PTE_LOG64(pPTDst->a[iPTDst]) ));
2193 }
2194 }
2195 else
2196# endif /* PGM_SYNC_N_PAGES */
2197 {
2198 const unsigned iPTDst = (GCPtrPage >> SHW_PT_SHIFT) & SHW_PT_MASK;
2199 RTGCPTR GCPtrCurPage = PGM_A20_APPLY(pVCpu, (GCPtrPage & ~(RTGCPTR)(SHW_PT_MASK << SHW_PT_SHIFT))
2200 | (iPTDst << PAGE_SHIFT));
2201
2202 PGM_BTH_NAME(SyncPageWorker)(pVCpu, &pPTDst->a[iPTDst], GCPtrCurPage, pShwPage, iPTDst);
2203
2204 Log2(("SyncPage: 4K %RGv PteSrc:{P=1 RW=1 U=1}PteDst=%08llx%s\n",
2205 GCPtrPage,
2206 SHW_PTE_LOG64(pPTDst->a[iPTDst]),
2207 SHW_PTE_IS_TRACK_DIRTY(pPTDst->a[iPTDst]) ? " Track-Dirty" : ""));
2208 }
2209 return VINF_SUCCESS;
2210
2211# else
2212 NOREF(PdeSrc);
2213 AssertReleaseMsgFailed(("Shw=%d Gst=%d is not implemented!\n", PGM_GST_TYPE, PGM_SHW_TYPE));
2214 return VERR_PGM_NOT_USED_IN_MODE;
2215# endif
2216}
2217
2218#endif /* PGM_SHW_TYPE != PGM_TYPE_NONE */
2219#if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE) && PGM_SHW_TYPE != PGM_TYPE_NONE
2220
2221/**
2222 * CheckPageFault helper for returning a page fault indicating a non-present
2223 * (NP) entry in the page translation structures.
2224 *
2225 * @returns VINF_EM_RAW_GUEST_TRAP.
2226 * @param pVCpu The cross context virtual CPU structure.
2227 * @param uErr The error code of the shadow fault. Corrections to
2228 * TRPM's copy will be made if necessary.
2229 * @param GCPtrPage For logging.
2230 * @param uPageFaultLevel For logging.
2231 */
2232DECLINLINE(int) PGM_BTH_NAME(CheckPageFaultReturnNP)(PVMCPUCC pVCpu, uint32_t uErr, RTGCPTR GCPtrPage, unsigned uPageFaultLevel)
2233{
2234 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,DirtyTrackRealPF));
2235 AssertMsg(!(uErr & X86_TRAP_PF_P), ("%#x\n", uErr));
2236 AssertMsg(!(uErr & X86_TRAP_PF_RSVD), ("%#x\n", uErr));
2237 if (uErr & (X86_TRAP_PF_RSVD | X86_TRAP_PF_P))
2238 TRPMSetErrorCode(pVCpu, uErr & ~(X86_TRAP_PF_RSVD | X86_TRAP_PF_P));
2239
2240 Log(("CheckPageFault: real page fault (notp) at %RGv (%d)\n", GCPtrPage, uPageFaultLevel));
2241 RT_NOREF_PV(GCPtrPage); RT_NOREF_PV(uPageFaultLevel);
2242 return VINF_EM_RAW_GUEST_TRAP;
2243}
2244
2245
2246/**
2247 * CheckPageFault helper for returning a page fault indicating a reserved bit
2248 * (RSVD) error in the page translation structures.
2249 *
2250 * @returns VINF_EM_RAW_GUEST_TRAP.
2251 * @param pVCpu The cross context virtual CPU structure.
2252 * @param uErr The error code of the shadow fault. Corrections to
2253 * TRPM's copy will be made if necessary.
2254 * @param GCPtrPage For logging.
2255 * @param uPageFaultLevel For logging.
2256 */
2257DECLINLINE(int) PGM_BTH_NAME(CheckPageFaultReturnRSVD)(PVMCPUCC pVCpu, uint32_t uErr, RTGCPTR GCPtrPage, unsigned uPageFaultLevel)
2258{
2259 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,DirtyTrackRealPF));
2260 if ((uErr & (X86_TRAP_PF_RSVD | X86_TRAP_PF_P)) != (X86_TRAP_PF_RSVD | X86_TRAP_PF_P))
2261 TRPMSetErrorCode(pVCpu, uErr | X86_TRAP_PF_RSVD | X86_TRAP_PF_P);
2262
2263 Log(("CheckPageFault: real page fault (rsvd) at %RGv (%d)\n", GCPtrPage, uPageFaultLevel));
2264 RT_NOREF_PV(GCPtrPage); RT_NOREF_PV(uPageFaultLevel);
2265 return VINF_EM_RAW_GUEST_TRAP;
2266}
2267
2268
2269/**
2270 * CheckPageFault helper for returning a page protection fault (P).
2271 *
2272 * @returns VINF_EM_RAW_GUEST_TRAP.
2273 * @param pVCpu The cross context virtual CPU structure.
2274 * @param uErr The error code of the shadow fault. Corrections to
2275 * TRPM's copy will be made if necessary.
2276 * @param GCPtrPage For logging.
2277 * @param uPageFaultLevel For logging.
2278 */
2279DECLINLINE(int) PGM_BTH_NAME(CheckPageFaultReturnProt)(PVMCPUCC pVCpu, uint32_t uErr, RTGCPTR GCPtrPage, unsigned uPageFaultLevel)
2280{
2281 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,DirtyTrackRealPF));
2282 AssertMsg(uErr & (X86_TRAP_PF_RW | X86_TRAP_PF_US | X86_TRAP_PF_ID), ("%#x\n", uErr));
2283 if ((uErr & (X86_TRAP_PF_P | X86_TRAP_PF_RSVD)) != X86_TRAP_PF_P)
2284 TRPMSetErrorCode(pVCpu, (uErr & ~X86_TRAP_PF_RSVD) | X86_TRAP_PF_P);
2285
2286 Log(("CheckPageFault: real page fault (prot) at %RGv (%d)\n", GCPtrPage, uPageFaultLevel));
2287 RT_NOREF_PV(GCPtrPage); RT_NOREF_PV(uPageFaultLevel);
2288 return VINF_EM_RAW_GUEST_TRAP;
2289}
2290
2291
2292/**
2293 * Handle dirty bit tracking faults.
2294 *
2295 * @returns VBox status code.
2296 * @param pVCpu The cross context virtual CPU structure.
2297 * @param uErr Page fault error code.
2298 * @param pPdeSrc Guest page directory entry.
2299 * @param pPdeDst Shadow page directory entry.
2300 * @param GCPtrPage Guest context page address.
2301 */
2302static int PGM_BTH_NAME(CheckDirtyPageFault)(PVMCPUCC pVCpu, uint32_t uErr, PSHWPDE pPdeDst, GSTPDE const *pPdeSrc,
2303 RTGCPTR GCPtrPage)
2304{
2305 PVMCC pVM = pVCpu->CTX_SUFF(pVM);
2306 PPGMPOOL pPool = pVM->pgm.s.CTX_SUFF(pPool);
2307 NOREF(uErr);
2308
2309 PGM_LOCK_ASSERT_OWNER(pVM);
2310
2311 /*
2312 * Handle big page.
2313 */
2314 if ((pPdeSrc->u & X86_PDE_PS) && GST_IS_PSE_ACTIVE(pVCpu))
2315 {
2316 if ((pPdeDst->u & (X86_PDE_P | PGM_PDFLAGS_TRACK_DIRTY)) == (X86_PDE_P | PGM_PDFLAGS_TRACK_DIRTY))
2317 {
2318 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,DirtyPageTrap));
2319 Assert(pPdeSrc->u & X86_PDE_RW);
2320
2321 /* Note: No need to invalidate this entry on other VCPUs as a stale TLB entry will not harm; write access will simply
2322 * fault again and take this path to only invalidate the entry (see below). */
2323 SHWPDE PdeDst = *pPdeDst;
2324 PdeDst.u &= ~(SHWUINT)PGM_PDFLAGS_TRACK_DIRTY;
2325 PdeDst.u |= X86_PDE_RW | X86_PDE_A;
2326 SHW_PDE_ATOMIC_SET2(*pPdeDst, PdeDst);
2327 PGM_INVL_BIG_PG(pVCpu, GCPtrPage);
2328 return VINF_PGM_HANDLED_DIRTY_BIT_FAULT; /* restarts the instruction. */
2329 }
2330
2331# ifdef IN_RING0
2332 /* Check for stale TLB entry; only applies to the SMP guest case. */
2333 if ( pVM->cCpus > 1
2334 && (pPdeDst->u & (X86_PDE_P | X86_PDE_RW | X86_PDE_A)) == (X86_PDE_P | X86_PDE_RW | X86_PDE_A))
2335 {
2336 PPGMPOOLPAGE pShwPage = pgmPoolGetPage(pPool, pPdeDst->u & SHW_PDE_PG_MASK);
2337 if (pShwPage)
2338 {
2339 PSHWPT pPTDst = (PSHWPT)PGMPOOL_PAGE_2_PTR_V2(pVM, pVCpu, pShwPage);
2340 PSHWPTE pPteDst = &pPTDst->a[(GCPtrPage >> SHW_PT_SHIFT) & SHW_PT_MASK];
2341 if (SHW_PTE_IS_P_RW(*pPteDst))
2342 {
2343 /* Stale TLB entry. */
2344 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,DirtyPageStale));
2345 PGM_INVL_PG(pVCpu, GCPtrPage);
2346 return VINF_PGM_HANDLED_DIRTY_BIT_FAULT; /* restarts the instruction. */
2347 }
2348 }
2349 }
2350# endif /* IN_RING0 */
2351 return VINF_PGM_NO_DIRTY_BIT_TRACKING;
2352 }
2353
2354 /*
2355 * Map the guest page table.
2356 */
2357 PGSTPT pPTSrc;
2358 int rc = PGM_GCPHYS_2_PTR_V2(pVM, pVCpu, GST_GET_PDE_GCPHYS(*pPdeSrc), &pPTSrc);
2359 AssertRCReturn(rc, rc);
2360
2361 if (SHW_PDE_IS_P(*pPdeDst))
2362 {
2363 GSTPTE const *pPteSrc = &pPTSrc->a[(GCPtrPage >> GST_PT_SHIFT) & GST_PT_MASK];
2364 const GSTPTE PteSrc = *pPteSrc;
2365
2366 /*
2367 * Map shadow page table.
2368 */
2369 PPGMPOOLPAGE pShwPage = pgmPoolGetPage(pPool, pPdeDst->u & SHW_PDE_PG_MASK);
2370 if (pShwPage)
2371 {
2372 PSHWPT pPTDst = (PSHWPT)PGMPOOL_PAGE_2_PTR_V2(pVM, pVCpu, pShwPage);
2373 PSHWPTE pPteDst = &pPTDst->a[(GCPtrPage >> SHW_PT_SHIFT) & SHW_PT_MASK];
2374 if (SHW_PTE_IS_P(*pPteDst)) /** @todo Optimize accessed bit emulation? */
2375 {
2376 if (SHW_PTE_IS_TRACK_DIRTY(*pPteDst))
2377 {
2378 PPGMPAGE pPage = pgmPhysGetPage(pVM, GST_GET_PTE_GCPHYS(PteSrc));
2379 SHWPTE PteDst = *pPteDst;
2380
2381 LogFlow(("DIRTY page trap addr=%RGv\n", GCPtrPage));
2382 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,DirtyPageTrap));
2383
2384 Assert(PteSrc.u & X86_PTE_RW);
2385
2386 /* Note: No need to invalidate this entry on other VCPUs as a stale TLB
2387 * entry will not harm; write access will simply fault again and
2388 * take this path to only invalidate the entry.
2389 */
2390 if (RT_LIKELY(pPage))
2391 {
2392 if (PGM_PAGE_HAS_ACTIVE_HANDLERS(pPage))
2393 {
2394 //AssertMsgFailed(("%R[pgmpage] - we don't set PGM_PTFLAGS_TRACK_DIRTY for these pages\n", pPage));
2395 Assert(!PGM_PAGE_HAS_ACTIVE_ALL_HANDLERS(pPage));
2396 /* Assuming write handlers here as the PTE is present (otherwise we wouldn't be here). */
2397 SHW_PTE_SET_RO(PteDst);
2398 }
2399 else
2400 {
2401 if ( PGM_PAGE_GET_STATE(pPage) == PGM_PAGE_STATE_WRITE_MONITORED
2402 && PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_RAM)
2403 {
2404 rc = pgmPhysPageMakeWritable(pVM, pPage, GST_GET_PTE_GCPHYS(PteSrc));
2405 AssertRC(rc);
2406 }
2407 if (PGM_PAGE_GET_STATE(pPage) == PGM_PAGE_STATE_ALLOCATED)
2408 SHW_PTE_SET_RW(PteDst);
2409 else
2410 {
2411 /* Still applies to shared pages. */
2412 Assert(!PGM_PAGE_IS_ZERO(pPage));
2413 SHW_PTE_SET_RO(PteDst);
2414 }
2415 }
2416 }
2417 else
2418 SHW_PTE_SET_RW(PteDst); /** @todo r=bird: This doesn't make sense to me. */
2419
2420 SHW_PTE_SET(PteDst, (SHW_PTE_GET_U(PteDst) | X86_PTE_D | X86_PTE_A) & ~(uint64_t)PGM_PTFLAGS_TRACK_DIRTY);
2421 SHW_PTE_ATOMIC_SET2(*pPteDst, PteDst);
2422 PGM_INVL_PG(pVCpu, GCPtrPage);
2423 return VINF_PGM_HANDLED_DIRTY_BIT_FAULT; /* restarts the instruction. */
2424 }
2425
2426# ifdef IN_RING0
2427 /* Check for stale TLB entry; only applies to the SMP guest case. */
2428 if ( pVM->cCpus > 1
2429 && SHW_PTE_IS_RW(*pPteDst)
2430 && SHW_PTE_IS_A(*pPteDst))
2431 {
2432 /* Stale TLB entry. */
2433 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,DirtyPageStale));
2434 PGM_INVL_PG(pVCpu, GCPtrPage);
2435 return VINF_PGM_HANDLED_DIRTY_BIT_FAULT; /* restarts the instruction. */
2436 }
2437# endif
2438 }
2439 }
2440 else
2441 AssertMsgFailed(("pgmPoolGetPageByHCPhys %RGp failed!\n", pPdeDst->u & SHW_PDE_PG_MASK));
2442 }
2443
2444 return VINF_PGM_NO_DIRTY_BIT_TRACKING;
2445}
2446
2447#endif /* PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE) && PGM_SHW_TYPE != PGM_TYPE_NONE */
2448
2449/**
2450 * Sync a shadow page table.
2451 *
2452 * The shadow page table is not present in the shadow PDE.
2453 *
2454 * Handles mapping conflicts.
2455 *
2456 * This is called by VerifyAccessSyncPage, PrefetchPage, InvalidatePage (on
2457 * conflict), and Trap0eHandler.
2458 *
2459 * A precondition for this method is that the shadow PDE is not present. The
2460 * caller must take the PGM lock before checking this and continue to hold it
2461 * when calling this method.
2462 *
2463 * @returns VBox status code.
2464 * @param pVCpu The cross context virtual CPU structure.
2465 * @param iPDSrc Page directory index.
2466 * @param pPDSrc Source page directory (i.e. Guest OS page directory).
2467 * Assume this is a temporary mapping.
2468 * @param GCPtrPage GC Pointer of the page that caused the fault
2469 */
2470static int PGM_BTH_NAME(SyncPT)(PVMCPUCC pVCpu, unsigned iPDSrc, PGSTPD pPDSrc, RTGCPTR GCPtrPage)
2471{
2472 PVMCC pVM = pVCpu->CTX_SUFF(pVM);
2473 PPGMPOOL pPool = pVM->pgm.s.CTX_SUFF(pPool); NOREF(pPool);
2474
2475#if 0 /* rarely useful; leave for debugging. */
2476 STAM_COUNTER_INC(&pVCpu->pgm.s.StatSyncPtPD[iPDSrc]);
2477#endif
2478 LogFlow(("SyncPT: GCPtrPage=%RGv\n", GCPtrPage)); RT_NOREF_PV(GCPtrPage);
2479
2480 PGM_LOCK_ASSERT_OWNER(pVM);
2481
2482#if ( PGM_GST_TYPE == PGM_TYPE_32BIT \
2483 || PGM_GST_TYPE == PGM_TYPE_PAE \
2484 || PGM_GST_TYPE == PGM_TYPE_AMD64) \
2485 && !PGM_TYPE_IS_NESTED_OR_EPT(PGM_SHW_TYPE) \
2486 && PGM_SHW_TYPE != PGM_TYPE_NONE
2487 int rc = VINF_SUCCESS;
2488
2489 STAM_PROFILE_START(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,SyncPT), a);
2490
2491 /*
2492 * Some input validation first.
2493 */
2494 AssertMsg(iPDSrc == ((GCPtrPage >> GST_PD_SHIFT) & GST_PD_MASK), ("iPDSrc=%x GCPtrPage=%RGv\n", iPDSrc, GCPtrPage));
2495
2496 /*
2497 * Get the relevant shadow PDE entry.
2498 */
2499# if PGM_SHW_TYPE == PGM_TYPE_32BIT
2500 const unsigned iPDDst = GCPtrPage >> SHW_PD_SHIFT;
2501 PSHWPDE pPdeDst = pgmShwGet32BitPDEPtr(pVCpu, GCPtrPage);
2502
2503 /* Fetch the pgm pool shadow descriptor. */
2504 PPGMPOOLPAGE pShwPde = pVCpu->pgm.s.CTX_SUFF(pShwPageCR3);
2505 Assert(pShwPde);
2506
2507# elif PGM_SHW_TYPE == PGM_TYPE_PAE
2508 const unsigned iPDDst = (GCPtrPage >> SHW_PD_SHIFT) & SHW_PD_MASK;
2509 PPGMPOOLPAGE pShwPde = NULL;
2510 PX86PDPAE pPDDst;
2511 PSHWPDE pPdeDst;
2512
2513 /* Fetch the pgm pool shadow descriptor. */
2514 rc = pgmShwGetPaePoolPagePD(pVCpu, GCPtrPage, &pShwPde);
2515 AssertRCSuccessReturn(rc, rc);
2516 Assert(pShwPde);
2517
2518 pPDDst = (PX86PDPAE)PGMPOOL_PAGE_2_PTR_V2(pVM, pVCpu, pShwPde);
2519 pPdeDst = &pPDDst->a[iPDDst];
2520
2521# elif PGM_SHW_TYPE == PGM_TYPE_AMD64
2522 const unsigned iPdpt = (GCPtrPage >> X86_PDPT_SHIFT) & X86_PDPT_MASK_AMD64;
2523 const unsigned iPDDst = (GCPtrPage >> SHW_PD_SHIFT) & SHW_PD_MASK;
2524 PX86PDPAE pPDDst = NULL; /* initialized to shut up gcc */
2525 PX86PDPT pPdptDst = NULL; /* initialized to shut up gcc */
2526 rc = pgmShwGetLongModePDPtr(pVCpu, GCPtrPage, NULL, &pPdptDst, &pPDDst);
2527 AssertRCSuccessReturn(rc, rc);
2528 Assert(pPDDst);
2529 PSHWPDE pPdeDst = &pPDDst->a[iPDDst];
2530
2531# endif
2532 SHWPDE PdeDst = *pPdeDst;
2533
2534# if PGM_GST_TYPE == PGM_TYPE_AMD64
2535 /* Fetch the pgm pool shadow descriptor. */
2536 PPGMPOOLPAGE pShwPde = pgmPoolGetPage(pPool, pPdptDst->a[iPdpt].u & X86_PDPE_PG_MASK);
2537 Assert(pShwPde);
2538# endif
2539
2540# ifndef PGM_WITHOUT_MAPPINGS
2541 /*
2542 * Check for conflicts.
2543 * RC: In case of a conflict we'll go to Ring-3 and do a full SyncCR3.
2544 * R3: Simply resolve the conflict.
2545 */
2546 if (PdeDst.u & PGM_PDFLAGS_MAPPING)
2547 {
2548 Assert(pgmMapAreMappingsEnabled(pVM));
2549# ifndef IN_RING3
2550 Log(("SyncPT: Conflict at %RGv\n", GCPtrPage));
2551 STAM_PROFILE_STOP(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,SyncPT), a);
2552 return VERR_ADDRESS_CONFLICT;
2553
2554# else /* IN_RING3 */
2555 PPGMMAPPING pMapping = pgmGetMapping(pVM, (RTGCPTR)GCPtrPage);
2556 Assert(pMapping);
2557# if PGM_GST_TYPE == PGM_TYPE_32BIT
2558 rc = pgmR3SyncPTResolveConflict(pVM, pMapping, pPDSrc, GCPtrPage & (GST_PD_MASK << GST_PD_SHIFT));
2559# elif PGM_GST_TYPE == PGM_TYPE_PAE
2560 rc = pgmR3SyncPTResolveConflictPAE(pVM, pMapping, GCPtrPage & (GST_PD_MASK << GST_PD_SHIFT));
2561# else
2562 AssertFailed(); NOREF(pMapping); /* can't happen for amd64 */
2563# endif
2564 if (RT_FAILURE(rc))
2565 {
2566 STAM_PROFILE_STOP(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,SyncPT), a);
2567 return rc;
2568 }
2569 PdeDst = *pPdeDst;
2570# endif /* IN_RING3 */
2571 }
2572# endif /* !PGM_WITHOUT_MAPPINGS */
2573 Assert(!SHW_PDE_IS_P(PdeDst)); /* We're only supposed to call SyncPT on PDE!P and conflicts.*/
2574
2575 /*
2576 * Sync the page directory entry.
2577 */
2578 GSTPDE PdeSrc = pPDSrc->a[iPDSrc];
2579 const bool fPageTable = !(PdeSrc.u & X86_PDE_PS) || !GST_IS_PSE_ACTIVE(pVCpu);
2580 if ( (PdeSrc.u & X86_PDE_P)
2581 && (fPageTable ? GST_IS_PDE_VALID(pVCpu, PdeSrc) : GST_IS_BIG_PDE_VALID(pVCpu, PdeSrc)) )
2582 {
2583 /*
2584 * Allocate & map the page table.
2585 */
2586 PSHWPT pPTDst;
2587 PPGMPOOLPAGE pShwPage;
2588 RTGCPHYS GCPhys;
2589 if (fPageTable)
2590 {
2591 GCPhys = GST_GET_PDE_GCPHYS(PdeSrc);
2592# if PGM_SHW_TYPE == PGM_TYPE_PAE && PGM_GST_TYPE == PGM_TYPE_32BIT
2593 /* Select the right PDE as we're emulating a 4kb page table with 2 shadow page tables. */
2594 GCPhys = PGM_A20_APPLY(pVCpu, GCPhys | ((iPDDst & 1) * (PAGE_SIZE / 2)));
2595# endif
2596 rc = pgmPoolAlloc(pVM, GCPhys, BTH_PGMPOOLKIND_PT_FOR_PT, PGMPOOLACCESS_DONTCARE, PGM_A20_IS_ENABLED(pVCpu),
2597 pShwPde->idx, iPDDst, false /*fLockPage*/,
2598 &pShwPage);
2599 }
2600 else
2601 {
2602 PGMPOOLACCESS enmAccess;
2603# if PGM_WITH_NX(PGM_GST_TYPE, PGM_SHW_TYPE)
2604 const bool fNoExecute = (PdeSrc.u & X86_PDE_PAE_NX) && GST_IS_NX_ACTIVE(pVCpu);
2605# else
2606 const bool fNoExecute = false;
2607# endif
2608
2609 GCPhys = GST_GET_BIG_PDE_GCPHYS(pVM, PdeSrc);
2610# if PGM_SHW_TYPE == PGM_TYPE_PAE && PGM_GST_TYPE == PGM_TYPE_32BIT
2611 /* Select the right PDE as we're emulating a 4MB page directory with two 2 MB shadow PDEs.*/
2612 GCPhys = PGM_A20_APPLY(pVCpu, GCPhys | (GCPtrPage & (1 << X86_PD_PAE_SHIFT)));
2613# endif
2614 /* Determine the right kind of large page to avoid incorrect cached entry reuse. */
2615 if (PdeSrc.u & X86_PDE_US)
2616 {
2617 if (PdeSrc.u & X86_PDE_RW)
2618 enmAccess = (fNoExecute) ? PGMPOOLACCESS_USER_RW_NX : PGMPOOLACCESS_USER_RW;
2619 else
2620 enmAccess = (fNoExecute) ? PGMPOOLACCESS_USER_R_NX : PGMPOOLACCESS_USER_R;
2621 }
2622 else
2623 {
2624 if (PdeSrc.u & X86_PDE_RW)
2625 enmAccess = (fNoExecute) ? PGMPOOLACCESS_SUPERVISOR_RW_NX : PGMPOOLACCESS_SUPERVISOR_RW;
2626 else
2627 enmAccess = (fNoExecute) ? PGMPOOLACCESS_SUPERVISOR_R_NX : PGMPOOLACCESS_SUPERVISOR_R;
2628 }
2629 rc = pgmPoolAlloc(pVM, GCPhys, BTH_PGMPOOLKIND_PT_FOR_BIG, enmAccess, PGM_A20_IS_ENABLED(pVCpu),
2630 pShwPde->idx, iPDDst, false /*fLockPage*/,
2631 &pShwPage);
2632 }
2633 if (rc == VINF_SUCCESS)
2634 pPTDst = (PSHWPT)PGMPOOL_PAGE_2_PTR_V2(pVM, pVCpu, pShwPage);
2635 else if (rc == VINF_PGM_CACHED_PAGE)
2636 {
2637 /*
2638 * The PT was cached, just hook it up.
2639 */
2640 if (fPageTable)
2641 PdeDst.u = pShwPage->Core.Key | GST_GET_PDE_SHW_FLAGS(pVCpu, PdeSrc);
2642 else
2643 {
2644 PdeDst.u = pShwPage->Core.Key | GST_GET_BIG_PDE_SHW_FLAGS(pVCpu, PdeSrc);
2645 /* (see explanation and assumptions further down.) */
2646 if ((PdeSrc.u & (X86_PDE_RW | X86_PDE4M_D)) == X86_PDE_RW)
2647 {
2648 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,DirtyPageBig));
2649 PdeDst.u |= PGM_PDFLAGS_TRACK_DIRTY;
2650 PdeDst.u &= ~(SHWUINT)X86_PDE_RW;
2651 }
2652 }
2653 SHW_PDE_ATOMIC_SET2(*pPdeDst, PdeDst);
2654 PGM_DYNMAP_UNUSED_HINT(pVCpu, pPdeDst);
2655 return VINF_SUCCESS;
2656 }
2657 else
2658 AssertMsgFailedReturn(("rc=%Rrc\n", rc), RT_FAILURE_NP(rc) ? rc : VERR_IPE_UNEXPECTED_INFO_STATUS);
2659 /** @todo Why do we bother preserving X86_PDE_AVL_MASK here?
2660 * Both PGM_PDFLAGS_MAPPING and PGM_PDFLAGS_TRACK_DIRTY should be
2661 * irrelevant at this point. */
2662 PdeDst.u &= X86_PDE_AVL_MASK;
2663 PdeDst.u |= pShwPage->Core.Key;
2664
2665 /*
2666 * Page directory has been accessed (this is a fault situation, remember).
2667 */
2668 /** @todo
2669 * Well, when the caller is PrefetchPage or InvalidatePage is isn't a
2670 * fault situation. What's more, the Trap0eHandler has already set the
2671 * accessed bit. So, it's actually just VerifyAccessSyncPage which
2672 * might need setting the accessed flag.
2673 *
2674 * The best idea is to leave this change to the caller and add an
2675 * assertion that it's set already. */
2676 pPDSrc->a[iPDSrc].u |= X86_PDE_A;
2677 if (fPageTable)
2678 {
2679 /*
2680 * Page table - 4KB.
2681 *
2682 * Sync all or just a few entries depending on PGM_SYNC_N_PAGES.
2683 */
2684 Log2(("SyncPT: 4K %RGv PdeSrc:{P=%d RW=%d U=%d raw=%08llx}\n",
2685 GCPtrPage, PdeSrc.u & X86_PTE_P, !!(PdeSrc.u & X86_PTE_RW), !!(PdeSrc.u & X86_PDE_US), (uint64_t)PdeSrc.u));
2686 PGSTPT pPTSrc;
2687 rc = PGM_GCPHYS_2_PTR(pVM, GST_GET_PDE_GCPHYS(PdeSrc), &pPTSrc);
2688 if (RT_SUCCESS(rc))
2689 {
2690 /*
2691 * Start by syncing the page directory entry so CSAM's TLB trick works.
2692 */
2693 PdeDst.u = (PdeDst.u & (SHW_PDE_PG_MASK | X86_PDE_AVL_MASK))
2694 | GST_GET_PDE_SHW_FLAGS(pVCpu, PdeSrc);
2695 SHW_PDE_ATOMIC_SET2(*pPdeDst, PdeDst);
2696 PGM_DYNMAP_UNUSED_HINT(pVCpu, pPdeDst);
2697
2698 /*
2699 * Directory/page user or supervisor privilege: (same goes for read/write)
2700 *
2701 * Directory Page Combined
2702 * U/S U/S U/S
2703 * 0 0 0
2704 * 0 1 0
2705 * 1 0 0
2706 * 1 1 1
2707 *
2708 * Simple AND operation. Table listed for completeness.
2709 *
2710 */
2711 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,SyncPT4K));
2712# ifdef PGM_SYNC_N_PAGES
2713 unsigned iPTBase = (GCPtrPage >> SHW_PT_SHIFT) & SHW_PT_MASK;
2714 unsigned iPTDst = iPTBase;
2715 const unsigned iPTDstEnd = RT_MIN(iPTDst + PGM_SYNC_NR_PAGES / 2, RT_ELEMENTS(pPTDst->a));
2716 if (iPTDst <= PGM_SYNC_NR_PAGES / 2)
2717 iPTDst = 0;
2718 else
2719 iPTDst -= PGM_SYNC_NR_PAGES / 2;
2720# else /* !PGM_SYNC_N_PAGES */
2721 unsigned iPTDst = 0;
2722 const unsigned iPTDstEnd = RT_ELEMENTS(pPTDst->a);
2723# endif /* !PGM_SYNC_N_PAGES */
2724 RTGCPTR GCPtrCur = (GCPtrPage & ~(RTGCPTR)((1 << SHW_PD_SHIFT) - 1))
2725 | ((RTGCPTR)iPTDst << PAGE_SHIFT);
2726# if PGM_SHW_TYPE == PGM_TYPE_PAE && PGM_GST_TYPE == PGM_TYPE_32BIT
2727 /* Select the right PDE as we're emulating a 4kb page table with 2 shadow page tables. */
2728 const unsigned offPTSrc = ((GCPtrPage >> SHW_PD_SHIFT) & 1) * 512;
2729# else
2730 const unsigned offPTSrc = 0;
2731# endif
2732 for (; iPTDst < iPTDstEnd; iPTDst++, GCPtrCur += PAGE_SIZE)
2733 {
2734 const unsigned iPTSrc = iPTDst + offPTSrc;
2735 const GSTPTE PteSrc = pPTSrc->a[iPTSrc];
2736 if (PteSrc.u & X86_PTE_P)
2737 {
2738 PGM_BTH_NAME(SyncPageWorker)(pVCpu, &pPTDst->a[iPTDst], PdeSrc, PteSrc, pShwPage, iPTDst);
2739 Log2(("SyncPT: 4K+ %RGv PteSrc:{P=%d RW=%d U=%d raw=%08llx}%s dst.raw=%08llx iPTSrc=%x PdeSrc.u=%x physpte=%RGp\n",
2740 GCPtrCur,
2741 PteSrc.u & X86_PTE_P,
2742 !!(PteSrc.u & PdeSrc.u & X86_PTE_RW),
2743 !!(PteSrc.u & PdeSrc.u & X86_PTE_US),
2744 (uint64_t)PteSrc.u,
2745 SHW_PTE_IS_TRACK_DIRTY(pPTDst->a[iPTDst]) ? " Track-Dirty" : "", SHW_PTE_LOG64(pPTDst->a[iPTDst]), iPTSrc, PdeSrc.au32[0],
2746 (RTGCPHYS)(GST_GET_PDE_GCPHYS(PdeSrc) + iPTSrc*sizeof(PteSrc)) ));
2747 }
2748 /* else: the page table was cleared by the pool */
2749 } /* for PTEs */
2750 }
2751 }
2752 else
2753 {
2754 /*
2755 * Big page - 2/4MB.
2756 *
2757 * We'll walk the ram range list in parallel and optimize lookups.
2758 * We will only sync one shadow page table at a time.
2759 */
2760 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,SyncPT4M));
2761
2762 /**
2763 * @todo It might be more efficient to sync only a part of the 4MB
2764 * page (similar to what we do for 4KB PDs).
2765 */
2766
2767 /*
2768 * Start by syncing the page directory entry.
2769 */
2770 PdeDst.u = (PdeDst.u & (SHW_PDE_PG_MASK | (X86_PDE_AVL_MASK & ~PGM_PDFLAGS_TRACK_DIRTY)))
2771 | GST_GET_BIG_PDE_SHW_FLAGS(pVCpu, PdeSrc);
2772
2773 /*
2774 * If the page is not flagged as dirty and is writable, then make it read-only
2775 * at PD level, so we can set the dirty bit when the page is modified.
2776 *
2777 * ASSUMES that page access handlers are implemented on page table entry level.
2778 * Thus we will first catch the dirty access and set PDE.D and restart. If
2779 * there is an access handler, we'll trap again and let it work on the problem.
2780 */
2781 /** @todo move the above stuff to a section in the PGM documentation. */
2782 Assert(!(PdeDst.u & PGM_PDFLAGS_TRACK_DIRTY));
2783 if ((PdeSrc.u & (X86_PDE_RW | X86_PDE4M_D)) == X86_PDE_RW)
2784 {
2785 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,DirtyPageBig));
2786 PdeDst.u |= PGM_PDFLAGS_TRACK_DIRTY;
2787 PdeDst.u &= ~(SHWUINT)X86_PDE_RW;
2788 }
2789 SHW_PDE_ATOMIC_SET2(*pPdeDst, PdeDst);
2790 PGM_DYNMAP_UNUSED_HINT(pVCpu, pPdeDst);
2791
2792 /*
2793 * Fill the shadow page table.
2794 */
2795 /* Get address and flags from the source PDE. */
2796 SHWPTE PteDstBase;
2797 SHW_PTE_SET(PteDstBase, GST_GET_BIG_PDE_SHW_FLAGS_4_PTE(pVCpu, PdeSrc));
2798
2799 /* Loop thru the entries in the shadow PT. */
2800 const RTGCPTR GCPtr = (GCPtrPage >> SHW_PD_SHIFT) << SHW_PD_SHIFT; NOREF(GCPtr);
2801 Log2(("SyncPT: BIG %RGv PdeSrc:{P=%d RW=%d U=%d raw=%08llx} Shw=%RGv GCPhys=%RGp %s\n",
2802 GCPtrPage, PdeSrc.u & X86_PDE_P, !!(PdeSrc.u & X86_PDE_RW), !!(PdeSrc.u & X86_PDE_US), (uint64_t)PdeSrc.u, GCPtr,
2803 GCPhys, PdeDst.u & PGM_PDFLAGS_TRACK_DIRTY ? " Track-Dirty" : ""));
2804 PPGMRAMRANGE pRam = pgmPhysGetRangeAtOrAbove(pVM, GCPhys);
2805 unsigned iPTDst = 0;
2806 while ( iPTDst < RT_ELEMENTS(pPTDst->a)
2807 && !VM_FF_IS_SET(pVM, VM_FF_PGM_NO_MEMORY))
2808 {
2809 if (pRam && GCPhys >= pRam->GCPhys)
2810 {
2811# ifndef PGM_WITH_A20
2812 unsigned iHCPage = (GCPhys - pRam->GCPhys) >> PAGE_SHIFT;
2813# endif
2814 do
2815 {
2816 /* Make shadow PTE. */
2817# ifdef PGM_WITH_A20
2818 PPGMPAGE pPage = &pRam->aPages[(GCPhys - pRam->GCPhys) >> PAGE_SHIFT];
2819# else
2820 PPGMPAGE pPage = &pRam->aPages[iHCPage];
2821# endif
2822 SHWPTE PteDst;
2823
2824# ifndef VBOX_WITH_NEW_LAZY_PAGE_ALLOC
2825 /* Try to make the page writable if necessary. */
2826 if ( PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_RAM
2827 && ( PGM_PAGE_IS_ZERO(pPage)
2828 || ( SHW_PTE_IS_RW(PteDstBase)
2829 && PGM_PAGE_GET_STATE(pPage) != PGM_PAGE_STATE_ALLOCATED
2830# ifdef VBOX_WITH_REAL_WRITE_MONITORED_PAGES
2831 && PGM_PAGE_GET_STATE(pPage) != PGM_PAGE_STATE_WRITE_MONITORED
2832# endif
2833# ifdef VBOX_WITH_PAGE_SHARING
2834 && PGM_PAGE_GET_STATE(pPage) != PGM_PAGE_STATE_SHARED
2835# endif
2836 && !PGM_PAGE_IS_BALLOONED(pPage))
2837 )
2838 )
2839 {
2840 rc = pgmPhysPageMakeWritable(pVM, pPage, GCPhys);
2841 AssertRCReturn(rc, rc);
2842 if (VM_FF_IS_SET(pVM, VM_FF_PGM_NO_MEMORY))
2843 break;
2844 }
2845# endif
2846
2847 if (PGM_PAGE_HAS_ACTIVE_HANDLERS(pPage))
2848 PGM_BTH_NAME(SyncHandlerPte)(pVM, pPage, SHW_PTE_GET_U(PteDstBase), &PteDst);
2849 else if (PGM_PAGE_IS_BALLOONED(pPage))
2850 SHW_PTE_SET(PteDst, 0); /* Handle ballooned pages at #PF time. */
2851 else
2852 SHW_PTE_SET(PteDst, PGM_PAGE_GET_HCPHYS(pPage) | SHW_PTE_GET_U(PteDstBase));
2853
2854 /* Only map writable pages writable. */
2855 if ( SHW_PTE_IS_P_RW(PteDst)
2856 && PGM_PAGE_GET_STATE(pPage) != PGM_PAGE_STATE_ALLOCATED)
2857 {
2858 /* Still applies to shared pages. */
2859 Assert(!PGM_PAGE_IS_ZERO(pPage));
2860 SHW_PTE_SET_RO(PteDst); /** @todo this isn't quite working yet... */
2861 Log3(("SyncPT: write-protecting %RGp pPage=%R[pgmpage] at %RGv\n", GCPhys, pPage, (RTGCPTR)(GCPtr | (iPTDst << SHW_PT_SHIFT))));
2862 }
2863
2864 if (SHW_PTE_IS_P(PteDst))
2865 PGM_BTH_NAME(SyncPageWorkerTrackAddref)(pVCpu, pShwPage, PGM_PAGE_GET_TRACKING(pPage), pPage, iPTDst);
2866
2867 /* commit it (not atomic, new table) */
2868 pPTDst->a[iPTDst] = PteDst;
2869 Log4(("SyncPT: BIG %RGv PteDst:{P=%d RW=%d U=%d raw=%08llx}%s\n",
2870 (RTGCPTR)(GCPtr | (iPTDst << SHW_PT_SHIFT)), SHW_PTE_IS_P(PteDst), SHW_PTE_IS_RW(PteDst), SHW_PTE_IS_US(PteDst), SHW_PTE_LOG64(PteDst),
2871 SHW_PTE_IS_TRACK_DIRTY(PteDst) ? " Track-Dirty" : ""));
2872
2873 /* advance */
2874 GCPhys += PAGE_SIZE;
2875 PGM_A20_APPLY_TO_VAR(pVCpu, GCPhys);
2876# ifndef PGM_WITH_A20
2877 iHCPage++;
2878# endif
2879 iPTDst++;
2880 } while ( iPTDst < RT_ELEMENTS(pPTDst->a)
2881 && GCPhys <= pRam->GCPhysLast);
2882
2883 /* Advance ram range list. */
2884 while (pRam && GCPhys > pRam->GCPhysLast)
2885 pRam = pRam->CTX_SUFF(pNext);
2886 }
2887 else if (pRam)
2888 {
2889 Log(("Invalid pages at %RGp\n", GCPhys));
2890 do
2891 {
2892 SHW_PTE_SET(pPTDst->a[iPTDst], 0); /* Invalid page, we must handle them manually. */
2893 GCPhys += PAGE_SIZE;
2894 iPTDst++;
2895 } while ( iPTDst < RT_ELEMENTS(pPTDst->a)
2896 && GCPhys < pRam->GCPhys);
2897 PGM_A20_APPLY_TO_VAR(pVCpu,GCPhys);
2898 }
2899 else
2900 {
2901 Log(("Invalid pages at %RGp (2)\n", GCPhys));
2902 for ( ; iPTDst < RT_ELEMENTS(pPTDst->a); iPTDst++)
2903 SHW_PTE_SET(pPTDst->a[iPTDst], 0); /* Invalid page, we must handle them manually. */
2904 }
2905 } /* while more PTEs */
2906 } /* 4KB / 4MB */
2907 }
2908 else
2909 AssertRelease(!SHW_PDE_IS_P(PdeDst));
2910
2911 STAM_PROFILE_STOP(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,SyncPT), a);
2912 if (RT_FAILURE(rc))
2913 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,SyncPTFailed));
2914 return rc;
2915
2916#elif (PGM_GST_TYPE == PGM_TYPE_REAL || PGM_GST_TYPE == PGM_TYPE_PROT) \
2917 && !PGM_TYPE_IS_NESTED(PGM_SHW_TYPE) \
2918 && (PGM_SHW_TYPE != PGM_TYPE_EPT || PGM_GST_TYPE == PGM_TYPE_PROT) \
2919 && PGM_SHW_TYPE != PGM_TYPE_NONE
2920 NOREF(iPDSrc); NOREF(pPDSrc);
2921
2922 STAM_PROFILE_START(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,SyncPT), a);
2923
2924 /*
2925 * Validate input a little bit.
2926 */
2927 int rc = VINF_SUCCESS;
2928# if PGM_SHW_TYPE == PGM_TYPE_32BIT
2929 const unsigned iPDDst = (GCPtrPage >> SHW_PD_SHIFT) & SHW_PD_MASK;
2930 PSHWPDE pPdeDst = pgmShwGet32BitPDEPtr(pVCpu, GCPtrPage);
2931
2932 /* Fetch the pgm pool shadow descriptor. */
2933 PPGMPOOLPAGE pShwPde = pVCpu->pgm.s.CTX_SUFF(pShwPageCR3);
2934 Assert(pShwPde);
2935
2936# elif PGM_SHW_TYPE == PGM_TYPE_PAE
2937 const unsigned iPDDst = (GCPtrPage >> SHW_PD_SHIFT) & SHW_PD_MASK;
2938 PPGMPOOLPAGE pShwPde = NULL; /* initialized to shut up gcc */
2939 PX86PDPAE pPDDst;
2940 PSHWPDE pPdeDst;
2941
2942 /* Fetch the pgm pool shadow descriptor. */
2943 rc = pgmShwGetPaePoolPagePD(pVCpu, GCPtrPage, &pShwPde);
2944 AssertRCSuccessReturn(rc, rc);
2945 Assert(pShwPde);
2946
2947 pPDDst = (PX86PDPAE)PGMPOOL_PAGE_2_PTR_V2(pVM, pVCpu, pShwPde);
2948 pPdeDst = &pPDDst->a[iPDDst];
2949
2950# elif PGM_SHW_TYPE == PGM_TYPE_AMD64
2951 const unsigned iPdpt = (GCPtrPage >> X86_PDPT_SHIFT) & X86_PDPT_MASK_AMD64;
2952 const unsigned iPDDst = (GCPtrPage >> SHW_PD_SHIFT) & SHW_PD_MASK;
2953 PX86PDPAE pPDDst = NULL; /* initialized to shut up gcc */
2954 PX86PDPT pPdptDst= NULL; /* initialized to shut up gcc */
2955 rc = pgmShwGetLongModePDPtr(pVCpu, GCPtrPage, NULL, &pPdptDst, &pPDDst);
2956 AssertRCSuccessReturn(rc, rc);
2957 Assert(pPDDst);
2958 PSHWPDE pPdeDst = &pPDDst->a[iPDDst];
2959
2960 /* Fetch the pgm pool shadow descriptor. */
2961 PPGMPOOLPAGE pShwPde = pgmPoolGetPage(pPool, pPdptDst->a[iPdpt].u & X86_PDPE_PG_MASK);
2962 Assert(pShwPde);
2963
2964# elif PGM_SHW_TYPE == PGM_TYPE_EPT
2965 const unsigned iPdpt = (GCPtrPage >> EPT_PDPT_SHIFT) & EPT_PDPT_MASK;
2966 const unsigned iPDDst = ((GCPtrPage >> SHW_PD_SHIFT) & SHW_PD_MASK);
2967 PEPTPD pPDDst;
2968 PEPTPDPT pPdptDst;
2969
2970 rc = pgmShwGetEPTPDPtr(pVCpu, GCPtrPage, &pPdptDst, &pPDDst);
2971 if (rc != VINF_SUCCESS)
2972 {
2973 STAM_PROFILE_STOP(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,SyncPT), a);
2974 AssertRC(rc);
2975 return rc;
2976 }
2977 Assert(pPDDst);
2978 PSHWPDE pPdeDst = &pPDDst->a[iPDDst];
2979
2980 /* Fetch the pgm pool shadow descriptor. */
2981 /** @todo r=bird: didn't pgmShwGetEPTPDPtr just do this lookup already? */
2982 PPGMPOOLPAGE pShwPde = pgmPoolGetPage(pPool, pPdptDst->a[iPdpt].u & EPT_PDPTE_PG_MASK);
2983 Assert(pShwPde);
2984# endif
2985 SHWPDE PdeDst = *pPdeDst;
2986
2987# ifndef PGM_WITHOUT_MAPPINGS
2988 Assert(!(PdeDst.u & PGM_PDFLAGS_MAPPING));
2989# endif
2990 Assert(!SHW_PDE_IS_P(PdeDst)); /* We're only supposed to call SyncPT on PDE!P and conflicts.*/
2991
2992# if defined(PGM_WITH_LARGE_PAGES) && PGM_SHW_TYPE != PGM_TYPE_32BIT && PGM_SHW_TYPE != PGM_TYPE_PAE
2993 if ( BTH_IS_NP_ACTIVE(pVM)
2994 && !VM_IS_NEM_ENABLED(pVM)) /** @todo NEM: Large page support. */
2995 {
2996 /* Check if we allocated a big page before for this 2 MB range. */
2997 PPGMPAGE pPage;
2998 rc = pgmPhysGetPageEx(pVM, PGM_A20_APPLY(pVCpu, GCPtrPage & X86_PDE2M_PAE_PG_MASK), &pPage);
2999 if (RT_SUCCESS(rc))
3000 {
3001 RTHCPHYS HCPhys = NIL_RTHCPHYS;
3002 if (PGM_PAGE_GET_PDE_TYPE(pPage) == PGM_PAGE_PDE_TYPE_PDE)
3003 {
3004 if (PGM_A20_IS_ENABLED(pVCpu))
3005 {
3006 STAM_REL_COUNTER_INC(&pVM->pgm.s.StatLargePageReused);
3007 AssertRelease(PGM_PAGE_GET_STATE(pPage) == PGM_PAGE_STATE_ALLOCATED);
3008 HCPhys = PGM_PAGE_GET_HCPHYS(pPage);
3009 }
3010 else
3011 {
3012 PGM_PAGE_SET_PDE_TYPE(pVM, pPage, PGM_PAGE_PDE_TYPE_PDE_DISABLED);
3013 pVM->pgm.s.cLargePagesDisabled++;
3014 }
3015 }
3016 else if ( PGM_PAGE_GET_PDE_TYPE(pPage) == PGM_PAGE_PDE_TYPE_PDE_DISABLED
3017 && PGM_A20_IS_ENABLED(pVCpu))
3018 {
3019 /* Recheck the entire 2 MB range to see if we can use it again as a large page. */
3020 rc = pgmPhysRecheckLargePage(pVM, GCPtrPage, pPage);
3021 if (RT_SUCCESS(rc))
3022 {
3023 Assert(PGM_PAGE_GET_STATE(pPage) == PGM_PAGE_STATE_ALLOCATED);
3024 Assert(PGM_PAGE_GET_PDE_TYPE(pPage) == PGM_PAGE_PDE_TYPE_PDE);
3025 HCPhys = PGM_PAGE_GET_HCPHYS(pPage);
3026 }
3027 }
3028 else if ( PGMIsUsingLargePages(pVM)
3029 && PGM_A20_IS_ENABLED(pVCpu))
3030 {
3031 rc = pgmPhysAllocLargePage(pVM, GCPtrPage);
3032 if (RT_SUCCESS(rc))
3033 {
3034 Assert(PGM_PAGE_GET_STATE(pPage) == PGM_PAGE_STATE_ALLOCATED);
3035 Assert(PGM_PAGE_GET_PDE_TYPE(pPage) == PGM_PAGE_PDE_TYPE_PDE);
3036 HCPhys = PGM_PAGE_GET_HCPHYS(pPage);
3037 }
3038 else
3039 LogFlow(("pgmPhysAllocLargePage failed with %Rrc\n", rc));
3040 }
3041
3042 if (HCPhys != NIL_RTHCPHYS)
3043 {
3044# if PGM_SHW_TYPE == PGM_TYPE_EPT
3045 PdeDst.u = HCPhys | EPT_E_READ | EPT_E_WRITE | EPT_E_EXECUTE | EPT_E_LEAF | EPT_E_IGNORE_PAT | EPT_E_TYPE_WB
3046 | (PdeDst.u & X86_PDE_AVL_MASK) /** @todo do we need this? */;
3047# else
3048 PdeDst.u = HCPhys | X86_PDE_P | X86_PDE_RW | X86_PDE_US | X86_PDE_PS
3049 | (PdeDst.u & X86_PDE_AVL_MASK) /** @todo PGM_PD_FLAGS? */;
3050# endif
3051 SHW_PDE_ATOMIC_SET2(*pPdeDst, PdeDst);
3052
3053 Log(("SyncPT: Use large page at %RGp PDE=%RX64\n", GCPtrPage, PdeDst.u));
3054 /* Add a reference to the first page only. */
3055 PGM_BTH_NAME(SyncPageWorkerTrackAddref)(pVCpu, pShwPde, PGM_PAGE_GET_TRACKING(pPage), pPage, iPDDst);
3056
3057 STAM_PROFILE_STOP(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,SyncPT), a);
3058 return VINF_SUCCESS;
3059 }
3060 }
3061 }
3062# endif /* defined(PGM_WITH_LARGE_PAGES) && PGM_SHW_TYPE != PGM_TYPE_32BIT && PGM_SHW_TYPE != PGM_TYPE_PAE */
3063
3064 /*
3065 * Allocate & map the page table.
3066 */
3067 PSHWPT pPTDst;
3068 PPGMPOOLPAGE pShwPage;
3069 RTGCPHYS GCPhys;
3070
3071 /* Virtual address = physical address */
3072 GCPhys = PGM_A20_APPLY(pVCpu, GCPtrPage & X86_PAGE_4K_BASE_MASK);
3073 rc = pgmPoolAlloc(pVM, GCPhys & ~(RT_BIT_64(SHW_PD_SHIFT) - 1), BTH_PGMPOOLKIND_PT_FOR_PT, PGMPOOLACCESS_DONTCARE,
3074 PGM_A20_IS_ENABLED(pVCpu), pShwPde->idx, iPDDst, false /*fLockPage*/,
3075 &pShwPage);
3076 if ( rc == VINF_SUCCESS
3077 || rc == VINF_PGM_CACHED_PAGE)
3078 pPTDst = (PSHWPT)PGMPOOL_PAGE_2_PTR_V2(pVM, pVCpu, pShwPage);
3079 else
3080 {
3081 STAM_PROFILE_STOP(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,SyncPT), a);
3082 AssertMsgFailedReturn(("rc=%Rrc\n", rc), RT_FAILURE_NP(rc) ? rc : VERR_IPE_UNEXPECTED_INFO_STATUS);
3083 }
3084
3085 if (rc == VINF_SUCCESS)
3086 {
3087 /* New page table; fully set it up. */
3088 Assert(pPTDst);
3089
3090 /* Mask away the page offset. */
3091 GCPtrPage &= ~(RTGCPTR)PAGE_OFFSET_MASK;
3092
3093 for (unsigned iPTDst = 0; iPTDst < RT_ELEMENTS(pPTDst->a); iPTDst++)
3094 {
3095 RTGCPTR GCPtrCurPage = PGM_A20_APPLY(pVCpu, (GCPtrPage & ~(RTGCPTR)(SHW_PT_MASK << SHW_PT_SHIFT))
3096 | (iPTDst << PAGE_SHIFT));
3097
3098 PGM_BTH_NAME(SyncPageWorker)(pVCpu, &pPTDst->a[iPTDst], GCPtrCurPage, pShwPage, iPTDst);
3099 Log2(("SyncPage: 4K+ %RGv PteSrc:{P=1 RW=1 U=1} PteDst=%08llx%s\n",
3100 GCPtrCurPage,
3101 SHW_PTE_LOG64(pPTDst->a[iPTDst]),
3102 SHW_PTE_IS_TRACK_DIRTY(pPTDst->a[iPTDst]) ? " Track-Dirty" : ""));
3103
3104 if (RT_UNLIKELY(VM_FF_IS_SET(pVM, VM_FF_PGM_NO_MEMORY)))
3105 break;
3106 }
3107 }
3108 else
3109 rc = VINF_SUCCESS; /* Cached entry; assume it's still fully valid. */
3110
3111 /* Save the new PDE. */
3112# if PGM_SHW_TYPE == PGM_TYPE_EPT
3113 PdeDst.u = pShwPage->Core.Key | EPT_E_READ | EPT_E_WRITE | EPT_E_EXECUTE
3114 | (PdeDst.u & X86_PDE_AVL_MASK /** @todo do we really need this? */);
3115# else
3116 PdeDst.u = pShwPage->Core.Key | X86_PDE_P | X86_PDE_RW | X86_PDE_US | X86_PDE_A
3117 | (PdeDst.u & X86_PDE_AVL_MASK /** @todo use a PGM_PD_FLAGS define */);
3118# endif
3119 SHW_PDE_ATOMIC_SET2(*pPdeDst, PdeDst);
3120
3121 STAM_PROFILE_STOP(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,SyncPT), a);
3122 if (RT_FAILURE(rc))
3123 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,SyncPTFailed));
3124 return rc;
3125
3126#else
3127 NOREF(iPDSrc); NOREF(pPDSrc);
3128 AssertReleaseMsgFailed(("Shw=%d Gst=%d is not implemented!\n", PGM_SHW_TYPE, PGM_GST_TYPE));
3129 return VERR_PGM_NOT_USED_IN_MODE;
3130#endif
3131}
3132
3133
3134
3135/**
3136 * Prefetch a page/set of pages.
3137 *
3138 * Typically used to sync commonly used pages before entering raw mode
3139 * after a CR3 reload.
3140 *
3141 * @returns VBox status code.
3142 * @param pVCpu The cross context virtual CPU structure.
3143 * @param GCPtrPage Page to invalidate.
3144 */
3145PGM_BTH_DECL(int, PrefetchPage)(PVMCPUCC pVCpu, RTGCPTR GCPtrPage)
3146{
3147#if ( PGM_GST_TYPE == PGM_TYPE_32BIT \
3148 || PGM_GST_TYPE == PGM_TYPE_REAL \
3149 || PGM_GST_TYPE == PGM_TYPE_PROT \
3150 || PGM_GST_TYPE == PGM_TYPE_PAE \
3151 || PGM_GST_TYPE == PGM_TYPE_AMD64 ) \
3152 && !PGM_TYPE_IS_NESTED_OR_EPT(PGM_SHW_TYPE) \
3153 && PGM_SHW_TYPE != PGM_TYPE_NONE
3154 /*
3155 * Check that all Guest levels thru the PDE are present, getting the
3156 * PD and PDE in the processes.
3157 */
3158 int rc = VINF_SUCCESS;
3159# if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE)
3160# if PGM_GST_TYPE == PGM_TYPE_32BIT
3161 const unsigned iPDSrc = (uint32_t)GCPtrPage >> GST_PD_SHIFT;
3162 PGSTPD pPDSrc = pgmGstGet32bitPDPtr(pVCpu);
3163# elif PGM_GST_TYPE == PGM_TYPE_PAE
3164 unsigned iPDSrc;
3165 X86PDPE PdpeSrc;
3166 PGSTPD pPDSrc = pgmGstGetPaePDPtr(pVCpu, GCPtrPage, &iPDSrc, &PdpeSrc);
3167 if (!pPDSrc)
3168 return VINF_SUCCESS; /* not present */
3169# elif PGM_GST_TYPE == PGM_TYPE_AMD64
3170 unsigned iPDSrc;
3171 PX86PML4E pPml4eSrc;
3172 X86PDPE PdpeSrc;
3173 PGSTPD pPDSrc = pgmGstGetLongModePDPtr(pVCpu, GCPtrPage, &pPml4eSrc, &PdpeSrc, &iPDSrc);
3174 if (!pPDSrc)
3175 return VINF_SUCCESS; /* not present */
3176# endif
3177 const GSTPDE PdeSrc = pPDSrc->a[iPDSrc];
3178# else
3179 PGSTPD pPDSrc = NULL;
3180 const unsigned iPDSrc = 0;
3181 GSTPDE const PdeSrc = { X86_PDE_P | X86_PDE_RW | X86_PDE_US | X86_PDE_A }; /* faked so we don't have to #ifdef everything */
3182# endif
3183
3184 if ((PdeSrc.u & (X86_PDE_P | X86_PDE_A)) == (X86_PDE_P | X86_PDE_A))
3185 {
3186 PVMCC pVM = pVCpu->CTX_SUFF(pVM);
3187 pgmLock(pVM);
3188
3189# if PGM_SHW_TYPE == PGM_TYPE_32BIT
3190 const X86PDE PdeDst = pgmShwGet32BitPDE(pVCpu, GCPtrPage);
3191# elif PGM_SHW_TYPE == PGM_TYPE_PAE
3192 const unsigned iPDDst = ((GCPtrPage >> SHW_PD_SHIFT) & SHW_PD_MASK);
3193 PX86PDPAE pPDDst;
3194 X86PDEPAE PdeDst;
3195# if PGM_GST_TYPE != PGM_TYPE_PAE
3196 X86PDPE PdpeSrc;
3197
3198 /* Fake PDPT entry; access control handled on the page table level, so allow everything. */
3199 PdpeSrc.u = X86_PDPE_P; /* rw/us are reserved for PAE pdpte's; accessed bit causes invalid VT-x guest state errors */
3200# endif
3201 rc = pgmShwSyncPaePDPtr(pVCpu, GCPtrPage, PdpeSrc.u, &pPDDst);
3202 if (rc != VINF_SUCCESS)
3203 {
3204 pgmUnlock(pVM);
3205 AssertRC(rc);
3206 return rc;
3207 }
3208 Assert(pPDDst);
3209 PdeDst = pPDDst->a[iPDDst];
3210
3211# elif PGM_SHW_TYPE == PGM_TYPE_AMD64
3212 const unsigned iPDDst = ((GCPtrPage >> SHW_PD_SHIFT) & SHW_PD_MASK);
3213 PX86PDPAE pPDDst;
3214 X86PDEPAE PdeDst;
3215
3216# if PGM_GST_TYPE == PGM_TYPE_PROT
3217 /* AMD-V nested paging */
3218 X86PML4E Pml4eSrc;
3219 X86PDPE PdpeSrc;
3220 PX86PML4E pPml4eSrc = &Pml4eSrc;
3221
3222 /* Fake PML4 & PDPT entry; access control handled on the page table level, so allow everything. */
3223 Pml4eSrc.u = X86_PML4E_P | X86_PML4E_RW | X86_PML4E_US | X86_PML4E_A;
3224 PdpeSrc.u = X86_PDPE_P | X86_PDPE_RW | X86_PDPE_US | X86_PDPE_A;
3225# endif
3226
3227 rc = pgmShwSyncLongModePDPtr(pVCpu, GCPtrPage, pPml4eSrc->u, PdpeSrc.u, &pPDDst);
3228 if (rc != VINF_SUCCESS)
3229 {
3230 pgmUnlock(pVM);
3231 AssertRC(rc);
3232 return rc;
3233 }
3234 Assert(pPDDst);
3235 PdeDst = pPDDst->a[iPDDst];
3236# endif
3237# ifndef PGM_WITHOUT_MAPPINGS
3238 if (!(PdeDst.u & PGM_PDFLAGS_MAPPING))
3239# endif
3240 {
3241 if (!(PdeDst.u & X86_PDE_P))
3242 {
3243 /** @todo r=bird: This guy will set the A bit on the PDE,
3244 * probably harmless. */
3245 rc = PGM_BTH_NAME(SyncPT)(pVCpu, iPDSrc, pPDSrc, GCPtrPage);
3246 }
3247 else
3248 {
3249 /* Note! We used to sync PGM_SYNC_NR_PAGES pages, which triggered assertions in CSAM, because
3250 * R/W attributes of nearby pages were reset. Not sure how that could happen. Anyway, it
3251 * makes no sense to prefetch more than one page.
3252 */
3253 rc = PGM_BTH_NAME(SyncPage)(pVCpu, PdeSrc, GCPtrPage, 1, 0);
3254 if (RT_SUCCESS(rc))
3255 rc = VINF_SUCCESS;
3256 }
3257 }
3258 pgmUnlock(pVM);
3259 }
3260 return rc;
3261
3262#elif PGM_TYPE_IS_NESTED_OR_EPT(PGM_SHW_TYPE) || PGM_SHW_TYPE == PGM_TYPE_NONE
3263 NOREF(pVCpu); NOREF(GCPtrPage);
3264 return VINF_SUCCESS; /* ignore */
3265#else
3266 AssertCompile(0);
3267#endif
3268}
3269
3270
3271
3272
3273/**
3274 * Syncs a page during a PGMVerifyAccess() call.
3275 *
3276 * @returns VBox status code (informational included).
3277 * @param pVCpu The cross context virtual CPU structure.
3278 * @param GCPtrPage The address of the page to sync.
3279 * @param fPage The effective guest page flags.
3280 * @param uErr The trap error code.
3281 * @remarks This will normally never be called on invalid guest page
3282 * translation entries.
3283 */
3284PGM_BTH_DECL(int, VerifyAccessSyncPage)(PVMCPUCC pVCpu, RTGCPTR GCPtrPage, unsigned fPage, unsigned uErr)
3285{
3286 PVMCC pVM = pVCpu->CTX_SUFF(pVM); NOREF(pVM);
3287
3288 LogFlow(("VerifyAccessSyncPage: GCPtrPage=%RGv fPage=%#x uErr=%#x\n", GCPtrPage, fPage, uErr));
3289 RT_NOREF_PV(GCPtrPage); RT_NOREF_PV(fPage); RT_NOREF_PV(uErr);
3290
3291 Assert(!pVM->pgm.s.fNestedPaging);
3292#if ( PGM_GST_TYPE == PGM_TYPE_32BIT \
3293 || PGM_GST_TYPE == PGM_TYPE_REAL \
3294 || PGM_GST_TYPE == PGM_TYPE_PROT \
3295 || PGM_GST_TYPE == PGM_TYPE_PAE \
3296 || PGM_GST_TYPE == PGM_TYPE_AMD64 ) \
3297 && !PGM_TYPE_IS_NESTED_OR_EPT(PGM_SHW_TYPE) \
3298 && PGM_SHW_TYPE != PGM_TYPE_NONE
3299
3300 /*
3301 * Get guest PD and index.
3302 */
3303 /** @todo Performance: We've done all this a jiffy ago in the
3304 * PGMGstGetPage call. */
3305# if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE)
3306# if PGM_GST_TYPE == PGM_TYPE_32BIT
3307 const unsigned iPDSrc = (uint32_t)GCPtrPage >> GST_PD_SHIFT;
3308 PGSTPD pPDSrc = pgmGstGet32bitPDPtr(pVCpu);
3309
3310# elif PGM_GST_TYPE == PGM_TYPE_PAE
3311 unsigned iPDSrc = 0;
3312 X86PDPE PdpeSrc;
3313 PGSTPD pPDSrc = pgmGstGetPaePDPtr(pVCpu, GCPtrPage, &iPDSrc, &PdpeSrc);
3314 if (RT_UNLIKELY(!pPDSrc))
3315 {
3316 Log(("PGMVerifyAccess: access violation for %RGv due to non-present PDPTR\n", GCPtrPage));
3317 return VINF_EM_RAW_GUEST_TRAP;
3318 }
3319
3320# elif PGM_GST_TYPE == PGM_TYPE_AMD64
3321 unsigned iPDSrc = 0; /* shut up gcc */
3322 PX86PML4E pPml4eSrc = NULL; /* ditto */
3323 X86PDPE PdpeSrc;
3324 PGSTPD pPDSrc = pgmGstGetLongModePDPtr(pVCpu, GCPtrPage, &pPml4eSrc, &PdpeSrc, &iPDSrc);
3325 if (RT_UNLIKELY(!pPDSrc))
3326 {
3327 Log(("PGMVerifyAccess: access violation for %RGv due to non-present PDPTR\n", GCPtrPage));
3328 return VINF_EM_RAW_GUEST_TRAP;
3329 }
3330# endif
3331
3332# else /* !PGM_WITH_PAGING */
3333 PGSTPD pPDSrc = NULL;
3334 const unsigned iPDSrc = 0;
3335# endif /* !PGM_WITH_PAGING */
3336 int rc = VINF_SUCCESS;
3337
3338 pgmLock(pVM);
3339
3340 /*
3341 * First check if the shadow pd is present.
3342 */
3343# if PGM_SHW_TYPE == PGM_TYPE_32BIT
3344 PX86PDE pPdeDst = pgmShwGet32BitPDEPtr(pVCpu, GCPtrPage);
3345
3346# elif PGM_SHW_TYPE == PGM_TYPE_PAE
3347 PX86PDEPAE pPdeDst;
3348 const unsigned iPDDst = ((GCPtrPage >> SHW_PD_SHIFT) & SHW_PD_MASK);
3349 PX86PDPAE pPDDst;
3350# if PGM_GST_TYPE != PGM_TYPE_PAE
3351 /* Fake PDPT entry; access control handled on the page table level, so allow everything. */
3352 X86PDPE PdpeSrc;
3353 PdpeSrc.u = X86_PDPE_P; /* rw/us are reserved for PAE pdpte's; accessed bit causes invalid VT-x guest state errors */
3354# endif
3355 rc = pgmShwSyncPaePDPtr(pVCpu, GCPtrPage, PdpeSrc.u, &pPDDst);
3356 if (rc != VINF_SUCCESS)
3357 {
3358 pgmUnlock(pVM);
3359 AssertRC(rc);
3360 return rc;
3361 }
3362 Assert(pPDDst);
3363 pPdeDst = &pPDDst->a[iPDDst];
3364
3365# elif PGM_SHW_TYPE == PGM_TYPE_AMD64
3366 const unsigned iPDDst = ((GCPtrPage >> SHW_PD_SHIFT) & SHW_PD_MASK);
3367 PX86PDPAE pPDDst;
3368 PX86PDEPAE pPdeDst;
3369
3370# if PGM_GST_TYPE == PGM_TYPE_PROT
3371 /* AMD-V nested paging: Fake PML4 & PDPT entry; access control handled on the page table level, so allow everything. */
3372 X86PML4E Pml4eSrc;
3373 X86PDPE PdpeSrc;
3374 PX86PML4E pPml4eSrc = &Pml4eSrc;
3375 Pml4eSrc.u = X86_PML4E_P | X86_PML4E_RW | X86_PML4E_US | X86_PML4E_A;
3376 PdpeSrc.u = X86_PDPE_P | X86_PDPE_RW | X86_PDPE_US | X86_PDPE_A;
3377# endif
3378
3379 rc = pgmShwSyncLongModePDPtr(pVCpu, GCPtrPage, pPml4eSrc->u, PdpeSrc.u, &pPDDst);
3380 if (rc != VINF_SUCCESS)
3381 {
3382 pgmUnlock(pVM);
3383 AssertRC(rc);
3384 return rc;
3385 }
3386 Assert(pPDDst);
3387 pPdeDst = &pPDDst->a[iPDDst];
3388# endif
3389
3390 if (!(pPdeDst->u & X86_PDE_P))
3391 {
3392 rc = PGM_BTH_NAME(SyncPT)(pVCpu, iPDSrc, pPDSrc, GCPtrPage);
3393 if (rc != VINF_SUCCESS)
3394 {
3395 PGM_DYNMAP_UNUSED_HINT(pVCpu, pPdeDst);
3396 pgmUnlock(pVM);
3397 AssertRC(rc);
3398 return rc;
3399 }
3400 }
3401
3402# if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE)
3403 /* Check for dirty bit fault */
3404 rc = PGM_BTH_NAME(CheckDirtyPageFault)(pVCpu, uErr, pPdeDst, &pPDSrc->a[iPDSrc], GCPtrPage);
3405 if (rc == VINF_PGM_HANDLED_DIRTY_BIT_FAULT)
3406 Log(("PGMVerifyAccess: success (dirty)\n"));
3407 else
3408# endif
3409 {
3410# if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE)
3411 GSTPDE PdeSrc = pPDSrc->a[iPDSrc];
3412# else
3413 GSTPDE const PdeSrc = { X86_PDE_P | X86_PDE_RW | X86_PDE_US | X86_PDE_A }; /* faked so we don't have to #ifdef everything */
3414# endif
3415
3416 Assert(rc != VINF_EM_RAW_GUEST_TRAP);
3417 if (uErr & X86_TRAP_PF_US)
3418 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,PageOutOfSyncUser));
3419 else /* supervisor */
3420 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,PageOutOfSyncSupervisor));
3421
3422 rc = PGM_BTH_NAME(SyncPage)(pVCpu, PdeSrc, GCPtrPage, 1, 0);
3423 if (RT_SUCCESS(rc))
3424 {
3425 /* Page was successfully synced */
3426 Log2(("PGMVerifyAccess: success (sync)\n"));
3427 rc = VINF_SUCCESS;
3428 }
3429 else
3430 {
3431 Log(("PGMVerifyAccess: access violation for %RGv rc=%Rrc\n", GCPtrPage, rc));
3432 rc = VINF_EM_RAW_GUEST_TRAP;
3433 }
3434 }
3435 PGM_DYNMAP_UNUSED_HINT(pVCpu, pPdeDst);
3436 pgmUnlock(pVM);
3437 return rc;
3438
3439#else /* PGM_TYPE_IS_NESTED_OR_EPT(PGM_SHW_TYPE) */
3440
3441 AssertLogRelMsgFailed(("Shw=%d Gst=%d is not implemented!\n", PGM_GST_TYPE, PGM_SHW_TYPE));
3442 return VERR_PGM_NOT_USED_IN_MODE;
3443#endif /* PGM_TYPE_IS_NESTED_OR_EPT(PGM_SHW_TYPE) */
3444}
3445
3446
3447/**
3448 * Syncs the paging hierarchy starting at CR3.
3449 *
3450 * @returns VBox status code, R0/RC may return VINF_PGM_SYNC_CR3, no other
3451 * informational status codes.
3452 * @retval VERR_PGM_NO_HYPERVISOR_ADDRESS in raw-mode when we're unable to map
3453 * the VMM into guest context.
3454 * @param pVCpu The cross context virtual CPU structure.
3455 * @param cr0 Guest context CR0 register.
3456 * @param cr3 Guest context CR3 register. Not subjected to the A20
3457 * mask.
3458 * @param cr4 Guest context CR4 register.
3459 * @param fGlobal Including global page directories or not
3460 */
3461PGM_BTH_DECL(int, SyncCR3)(PVMCPUCC pVCpu, uint64_t cr0, uint64_t cr3, uint64_t cr4, bool fGlobal)
3462{
3463 PVMCC pVM = pVCpu->CTX_SUFF(pVM); NOREF(pVM);
3464 NOREF(cr0); NOREF(cr3); NOREF(cr4); NOREF(fGlobal);
3465
3466 LogFlow(("SyncCR3 FF=%d fGlobal=%d\n", !!VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_PGM_SYNC_CR3), fGlobal));
3467
3468#if !PGM_TYPE_IS_NESTED_OR_EPT(PGM_SHW_TYPE) && PGM_SHW_TYPE != PGM_TYPE_NONE
3469# ifdef PGMPOOL_WITH_OPTIMIZED_DIRTY_PT
3470 pgmLock(pVM);
3471 PPGMPOOL pPool = pVM->pgm.s.CTX_SUFF(pPool);
3472 if (pPool->cDirtyPages)
3473 pgmPoolResetDirtyPages(pVM);
3474 pgmUnlock(pVM);
3475# endif
3476#endif /* !NESTED && !EPT */
3477
3478#if PGM_TYPE_IS_NESTED_OR_EPT(PGM_SHW_TYPE) || PGM_SHW_TYPE == PGM_TYPE_NONE
3479 /*
3480 * Nested / EPT / None - No work.
3481 */
3482 Assert(!pgmMapAreMappingsEnabled(pVM));
3483 return VINF_SUCCESS;
3484
3485#elif PGM_SHW_TYPE == PGM_TYPE_AMD64
3486 /*
3487 * AMD64 (Shw & Gst) - No need to check all paging levels; we zero
3488 * out the shadow parts when the guest modifies its tables.
3489 */
3490 Assert(!pgmMapAreMappingsEnabled(pVM));
3491 return VINF_SUCCESS;
3492
3493#else /* !PGM_TYPE_IS_NESTED_OR_EPT(PGM_SHW_TYPE) && PGM_SHW_TYPE != PGM_TYPE_AMD64 */
3494
3495# ifndef PGM_WITHOUT_MAPPINGS
3496 /*
3497 * Check for and resolve conflicts with our guest mappings if they
3498 * are enabled and not fixed.
3499 */
3500 if (pgmMapAreMappingsFloating(pVM))
3501 {
3502 int rc = pgmMapResolveConflicts(pVM);
3503 Assert(rc == VINF_SUCCESS || rc == VINF_PGM_SYNC_CR3);
3504 if (rc == VINF_SUCCESS)
3505 { /* likely */ }
3506 else if (rc == VINF_PGM_SYNC_CR3)
3507 {
3508 LogFlow(("SyncCR3: detected conflict -> VINF_PGM_SYNC_CR3\n"));
3509 return VINF_PGM_SYNC_CR3;
3510 }
3511 else if (RT_FAILURE(rc))
3512 return rc;
3513 else
3514 AssertMsgFailed(("%Rrc\n", rc));
3515 }
3516# else
3517 Assert(!pgmMapAreMappingsEnabled(pVM));
3518# endif
3519 return VINF_SUCCESS;
3520#endif /* !PGM_TYPE_IS_NESTED_OR_EPT(PGM_SHW_TYPE) && PGM_SHW_TYPE != PGM_TYPE_AMD64 */
3521}
3522
3523
3524
3525
3526#ifdef VBOX_STRICT
3527
3528/**
3529 * Checks that the shadow page table is in sync with the guest one.
3530 *
3531 * @returns The number of errors.
3532 * @param pVCpu The cross context virtual CPU structure.
3533 * @param cr3 Guest context CR3 register.
3534 * @param cr4 Guest context CR4 register.
3535 * @param GCPtr Where to start. Defaults to 0.
3536 * @param cb How much to check. Defaults to everything.
3537 */
3538PGM_BTH_DECL(unsigned, AssertCR3)(PVMCPUCC pVCpu, uint64_t cr3, uint64_t cr4, RTGCPTR GCPtr, RTGCPTR cb)
3539{
3540 NOREF(pVCpu); NOREF(cr3); NOREF(cr4); NOREF(GCPtr); NOREF(cb);
3541#if PGM_TYPE_IS_NESTED_OR_EPT(PGM_SHW_TYPE) || PGM_SHW_TYPE == PGM_TYPE_NONE
3542 return 0;
3543#else
3544 unsigned cErrors = 0;
3545 PVMCC pVM = pVCpu->CTX_SUFF(pVM);
3546 PPGMPOOL pPool = pVM->pgm.s.CTX_SUFF(pPool); NOREF(pPool);
3547
3548# if PGM_GST_TYPE == PGM_TYPE_PAE
3549 /** @todo currently broken; crashes below somewhere */
3550 AssertFailed();
3551# endif
3552
3553# if PGM_GST_TYPE == PGM_TYPE_32BIT \
3554 || PGM_GST_TYPE == PGM_TYPE_PAE \
3555 || PGM_GST_TYPE == PGM_TYPE_AMD64
3556
3557 bool fBigPagesSupported = GST_IS_PSE_ACTIVE(pVCpu);
3558 PPGMCPU pPGM = &pVCpu->pgm.s;
3559 RTGCPHYS GCPhysGst; /* page address derived from the guest page tables. */
3560 RTHCPHYS HCPhysShw; /* page address derived from the shadow page tables. */
3561# ifndef IN_RING0
3562 RTHCPHYS HCPhys; /* general usage. */
3563# endif
3564 int rc;
3565
3566 /*
3567 * Check that the Guest CR3 and all its mappings are correct.
3568 */
3569 AssertMsgReturn(pPGM->GCPhysCR3 == PGM_A20_APPLY(pVCpu, cr3 & GST_CR3_PAGE_MASK),
3570 ("Invalid GCPhysCR3=%RGp cr3=%RGp\n", pPGM->GCPhysCR3, (RTGCPHYS)cr3),
3571 false);
3572# if !defined(IN_RING0) && PGM_GST_TYPE != PGM_TYPE_AMD64
3573# if 0
3574# if PGM_GST_TYPE == PGM_TYPE_32BIT
3575 rc = PGMShwGetPage(pVCpu, (RTRCUINTPTR)pPGM->pGst32BitPdRC, NULL, &HCPhysShw);
3576# else
3577 rc = PGMShwGetPage(pVCpu, (RTRCUINTPTR)pPGM->pGstPaePdptRC, NULL, &HCPhysShw);
3578# endif
3579 AssertRCReturn(rc, 1);
3580 HCPhys = NIL_RTHCPHYS;
3581 rc = pgmRamGCPhys2HCPhys(pVM, PGM_A20_APPLY(pVCpu, cr3 & GST_CR3_PAGE_MASK), &HCPhys);
3582 AssertMsgReturn(HCPhys == HCPhysShw, ("HCPhys=%RHp HCPhyswShw=%RHp (cr3)\n", HCPhys, HCPhysShw), false);
3583# endif
3584# if PGM_GST_TYPE == PGM_TYPE_32BIT && defined(IN_RING3)
3585 pgmGstGet32bitPDPtr(pVCpu);
3586 RTGCPHYS GCPhys;
3587 rc = PGMR3DbgR3Ptr2GCPhys(pVM->pUVM, pPGM->pGst32BitPdR3, &GCPhys);
3588 AssertRCReturn(rc, 1);
3589 AssertMsgReturn(PGM_A20_APPLY(pVCpu, cr3 & GST_CR3_PAGE_MASK) == GCPhys, ("GCPhys=%RGp cr3=%RGp\n", GCPhys, (RTGCPHYS)cr3), false);
3590# endif
3591# endif /* !IN_RING0 */
3592
3593 /*
3594 * Get and check the Shadow CR3.
3595 */
3596# if PGM_SHW_TYPE == PGM_TYPE_32BIT
3597 unsigned cPDEs = X86_PG_ENTRIES;
3598 unsigned cIncrement = X86_PG_ENTRIES * PAGE_SIZE;
3599# elif PGM_SHW_TYPE == PGM_TYPE_PAE
3600# if PGM_GST_TYPE == PGM_TYPE_32BIT
3601 unsigned cPDEs = X86_PG_PAE_ENTRIES * 4; /* treat it as a 2048 entry table. */
3602# else
3603 unsigned cPDEs = X86_PG_PAE_ENTRIES;
3604# endif
3605 unsigned cIncrement = X86_PG_PAE_ENTRIES * PAGE_SIZE;
3606# elif PGM_SHW_TYPE == PGM_TYPE_AMD64
3607 unsigned cPDEs = X86_PG_PAE_ENTRIES;
3608 unsigned cIncrement = X86_PG_PAE_ENTRIES * PAGE_SIZE;
3609# endif
3610 if (cb != ~(RTGCPTR)0)
3611 cPDEs = RT_MIN(cb >> SHW_PD_SHIFT, 1);
3612
3613/** @todo call the other two PGMAssert*() functions. */
3614
3615# if PGM_GST_TYPE == PGM_TYPE_AMD64
3616 unsigned iPml4 = (GCPtr >> X86_PML4_SHIFT) & X86_PML4_MASK;
3617
3618 for (; iPml4 < X86_PG_PAE_ENTRIES; iPml4++)
3619 {
3620 PPGMPOOLPAGE pShwPdpt = NULL;
3621 PX86PML4E pPml4eSrc;
3622 PX86PML4E pPml4eDst;
3623 RTGCPHYS GCPhysPdptSrc;
3624
3625 pPml4eSrc = pgmGstGetLongModePML4EPtr(pVCpu, iPml4);
3626 pPml4eDst = pgmShwGetLongModePML4EPtr(pVCpu, iPml4);
3627
3628 /* Fetch the pgm pool shadow descriptor if the shadow pml4e is present. */
3629 if (!(pPml4eDst->u & X86_PML4E_P))
3630 {
3631 GCPtr += _2M * UINT64_C(512) * UINT64_C(512);
3632 continue;
3633 }
3634
3635 pShwPdpt = pgmPoolGetPage(pPool, pPml4eDst->u & X86_PML4E_PG_MASK);
3636 GCPhysPdptSrc = PGM_A20_APPLY(pVCpu, pPml4eSrc->u & X86_PML4E_PG_MASK);
3637
3638 if ((pPml4eSrc->u & X86_PML4E_P) != (pPml4eDst->u & X86_PML4E_P))
3639 {
3640 AssertMsgFailed(("Present bit doesn't match! pPml4eDst.u=%#RX64 pPml4eSrc.u=%RX64\n", pPml4eDst->u, pPml4eSrc->u));
3641 GCPtr += _2M * UINT64_C(512) * UINT64_C(512);
3642 cErrors++;
3643 continue;
3644 }
3645
3646 if (GCPhysPdptSrc != pShwPdpt->GCPhys)
3647 {
3648 AssertMsgFailed(("Physical address doesn't match! iPml4 %d pPml4eDst.u=%#RX64 pPml4eSrc.u=%RX64 Phys %RX64 vs %RX64\n", iPml4, pPml4eDst->u, pPml4eSrc->u, pShwPdpt->GCPhys, GCPhysPdptSrc));
3649 GCPtr += _2M * UINT64_C(512) * UINT64_C(512);
3650 cErrors++;
3651 continue;
3652 }
3653
3654 if ( (pPml4eDst->u & (X86_PML4E_US | X86_PML4E_RW | X86_PML4E_NX))
3655 != (pPml4eSrc->u & (X86_PML4E_US | X86_PML4E_RW | X86_PML4E_NX)))
3656 {
3657 AssertMsgFailed(("User/Write/NoExec bits don't match! pPml4eDst.u=%#RX64 pPml4eSrc.u=%RX64\n", pPml4eDst->u, pPml4eSrc->u));
3658 GCPtr += _2M * UINT64_C(512) * UINT64_C(512);
3659 cErrors++;
3660 continue;
3661 }
3662# else /* PGM_GST_TYPE != PGM_TYPE_AMD64 */
3663 {
3664# endif /* PGM_GST_TYPE != PGM_TYPE_AMD64 */
3665
3666# if PGM_GST_TYPE == PGM_TYPE_AMD64 || PGM_GST_TYPE == PGM_TYPE_PAE
3667 /*
3668 * Check the PDPTEs too.
3669 */
3670 unsigned iPdpt = (GCPtr >> SHW_PDPT_SHIFT) & SHW_PDPT_MASK;
3671
3672 for (;iPdpt <= SHW_PDPT_MASK; iPdpt++)
3673 {
3674 unsigned iPDSrc = 0; /* initialized to shut up gcc */
3675 PPGMPOOLPAGE pShwPde = NULL;
3676 PX86PDPE pPdpeDst;
3677 RTGCPHYS GCPhysPdeSrc;
3678 X86PDPE PdpeSrc;
3679 PdpeSrc.u = 0; /* initialized to shut up gcc 4.5 */
3680# if PGM_GST_TYPE == PGM_TYPE_PAE
3681 PGSTPD pPDSrc = pgmGstGetPaePDPtr(pVCpu, GCPtr, &iPDSrc, &PdpeSrc);
3682 PX86PDPT pPdptDst = pgmShwGetPaePDPTPtr(pVCpu);
3683# else
3684 PX86PML4E pPml4eSrcIgn;
3685 PX86PDPT pPdptDst;
3686 PX86PDPAE pPDDst;
3687 PGSTPD pPDSrc = pgmGstGetLongModePDPtr(pVCpu, GCPtr, &pPml4eSrcIgn, &PdpeSrc, &iPDSrc);
3688
3689 rc = pgmShwGetLongModePDPtr(pVCpu, GCPtr, NULL, &pPdptDst, &pPDDst);
3690 if (rc != VINF_SUCCESS)
3691 {
3692 AssertMsg(rc == VERR_PAGE_DIRECTORY_PTR_NOT_PRESENT, ("Unexpected rc=%Rrc\n", rc));
3693 GCPtr += 512 * _2M;
3694 continue; /* next PDPTE */
3695 }
3696 Assert(pPDDst);
3697# endif
3698 Assert(iPDSrc == 0);
3699
3700 pPdpeDst = &pPdptDst->a[iPdpt];
3701
3702 if (!(pPdpeDst->u & X86_PDPE_P))
3703 {
3704 GCPtr += 512 * _2M;
3705 continue; /* next PDPTE */
3706 }
3707
3708 pShwPde = pgmPoolGetPage(pPool, pPdpeDst->u & X86_PDPE_PG_MASK);
3709 GCPhysPdeSrc = PGM_A20_APPLY(pVCpu, PdpeSrc.u & X86_PDPE_PG_MASK);
3710
3711 if ((pPdpeDst->u & X86_PDPE_P) != (PdpeSrc.u & X86_PDPE_P))
3712 {
3713 AssertMsgFailed(("Present bit doesn't match! pPdpeDst.u=%#RX64 pPdpeSrc.u=%RX64\n", pPdpeDst->u, PdpeSrc.u));
3714 GCPtr += 512 * _2M;
3715 cErrors++;
3716 continue;
3717 }
3718
3719 if (GCPhysPdeSrc != pShwPde->GCPhys)
3720 {
3721# if PGM_GST_TYPE == PGM_TYPE_AMD64
3722 AssertMsgFailed(("Physical address doesn't match! iPml4 %d iPdpt %d pPdpeDst.u=%#RX64 pPdpeSrc.u=%RX64 Phys %RX64 vs %RX64\n", iPml4, iPdpt, pPdpeDst->u, PdpeSrc.u, pShwPde->GCPhys, GCPhysPdeSrc));
3723# else
3724 AssertMsgFailed(("Physical address doesn't match! iPdpt %d pPdpeDst.u=%#RX64 pPdpeSrc.u=%RX64 Phys %RX64 vs %RX64\n", iPdpt, pPdpeDst->u, PdpeSrc.u, pShwPde->GCPhys, GCPhysPdeSrc));
3725# endif
3726 GCPtr += 512 * _2M;
3727 cErrors++;
3728 continue;
3729 }
3730
3731# if PGM_GST_TYPE == PGM_TYPE_AMD64
3732 if ( (pPdpeDst->u & (X86_PDPE_US | X86_PDPE_RW | X86_PDPE_LM_NX))
3733 != (PdpeSrc.u & (X86_PDPE_US | X86_PDPE_RW | X86_PDPE_LM_NX)))
3734 {
3735 AssertMsgFailed(("User/Write/NoExec bits don't match! pPdpeDst.u=%#RX64 pPdpeSrc.u=%RX64\n", pPdpeDst->u, PdpeSrc.u));
3736 GCPtr += 512 * _2M;
3737 cErrors++;
3738 continue;
3739 }
3740# endif
3741
3742# else /* PGM_GST_TYPE != PGM_TYPE_AMD64 && PGM_GST_TYPE != PGM_TYPE_PAE */
3743 {
3744# endif /* PGM_GST_TYPE != PGM_TYPE_AMD64 && PGM_GST_TYPE != PGM_TYPE_PAE */
3745# if PGM_GST_TYPE == PGM_TYPE_32BIT
3746 GSTPD const *pPDSrc = pgmGstGet32bitPDPtr(pVCpu);
3747# if PGM_SHW_TYPE == PGM_TYPE_32BIT
3748 PCX86PD pPDDst = pgmShwGet32BitPDPtr(pVCpu);
3749# endif
3750# endif /* PGM_GST_TYPE == PGM_TYPE_32BIT */
3751 /*
3752 * Iterate the shadow page directory.
3753 */
3754 GCPtr = (GCPtr >> SHW_PD_SHIFT) << SHW_PD_SHIFT;
3755 unsigned iPDDst = (GCPtr >> SHW_PD_SHIFT) & SHW_PD_MASK;
3756
3757 for (;
3758 iPDDst < cPDEs;
3759 iPDDst++, GCPtr += cIncrement)
3760 {
3761# if PGM_SHW_TYPE == PGM_TYPE_PAE
3762 const SHWPDE PdeDst = *pgmShwGetPaePDEPtr(pVCpu, GCPtr);
3763# else
3764 const SHWPDE PdeDst = pPDDst->a[iPDDst];
3765# endif
3766# ifndef PGM_WITHOUT_MAPPINGS
3767 if (PdeDst.u & PGM_PDFLAGS_MAPPING)
3768 {
3769 Assert(pgmMapAreMappingsEnabled(pVM));
3770 if ((PdeDst.u & X86_PDE_AVL_MASK) != PGM_PDFLAGS_MAPPING)
3771 {
3772 AssertMsgFailed(("Mapping shall only have PGM_PDFLAGS_MAPPING set! PdeDst.u=%#RX64\n", (uint64_t)PdeDst.u));
3773 cErrors++;
3774 continue;
3775 }
3776 }
3777 else
3778# endif
3779 if ( (PdeDst.u & X86_PDE_P)
3780 || ((PdeDst.u & (X86_PDE_P | PGM_PDFLAGS_TRACK_DIRTY)) == (X86_PDE_P | PGM_PDFLAGS_TRACK_DIRTY)) )
3781 {
3782 HCPhysShw = PdeDst.u & SHW_PDE_PG_MASK;
3783 PPGMPOOLPAGE pPoolPage = pgmPoolGetPage(pPool, HCPhysShw);
3784 if (!pPoolPage)
3785 {
3786 AssertMsgFailed(("Invalid page table address %RHp at %RGv! PdeDst=%#RX64\n",
3787 HCPhysShw, GCPtr, (uint64_t)PdeDst.u));
3788 cErrors++;
3789 continue;
3790 }
3791 const SHWPT *pPTDst = (const SHWPT *)PGMPOOL_PAGE_2_PTR_V2(pVM, pVCpu, pPoolPage);
3792
3793 if (PdeDst.u & (X86_PDE4M_PWT | X86_PDE4M_PCD))
3794 {
3795 AssertMsgFailed(("PDE flags PWT and/or PCD is set at %RGv! These flags are not virtualized! PdeDst=%#RX64\n",
3796 GCPtr, (uint64_t)PdeDst.u));
3797 cErrors++;
3798 }
3799
3800 if (PdeDst.u & (X86_PDE4M_G | X86_PDE4M_D))
3801 {
3802 AssertMsgFailed(("4K PDE reserved flags at %RGv! PdeDst=%#RX64\n",
3803 GCPtr, (uint64_t)PdeDst.u));
3804 cErrors++;
3805 }
3806
3807 const GSTPDE PdeSrc = pPDSrc->a[(iPDDst >> (GST_PD_SHIFT - SHW_PD_SHIFT)) & GST_PD_MASK];
3808 if (!(PdeSrc.u & X86_PDE_P))
3809 {
3810 AssertMsgFailed(("Guest PDE at %RGv is not present! PdeDst=%#RX64 PdeSrc=%#RX64\n",
3811 GCPtr, (uint64_t)PdeDst.u, (uint64_t)PdeSrc.u));
3812 cErrors++;
3813 continue;
3814 }
3815
3816 if ( !(PdeSrc.u & X86_PDE_PS)
3817 || !fBigPagesSupported)
3818 {
3819 GCPhysGst = GST_GET_PDE_GCPHYS(PdeSrc);
3820# if PGM_SHW_TYPE == PGM_TYPE_PAE && PGM_GST_TYPE == PGM_TYPE_32BIT
3821 GCPhysGst = PGM_A20_APPLY(pVCpu, GCPhysGst | ((iPDDst & 1) * (PAGE_SIZE / 2)));
3822# endif
3823 }
3824 else
3825 {
3826# if PGM_GST_TYPE == PGM_TYPE_32BIT
3827 if (PdeSrc.u & X86_PDE4M_PG_HIGH_MASK)
3828 {
3829 AssertMsgFailed(("Guest PDE at %RGv is using PSE36 or similar! PdeSrc=%#RX64\n",
3830 GCPtr, (uint64_t)PdeSrc.u));
3831 cErrors++;
3832 continue;
3833 }
3834# endif
3835 GCPhysGst = GST_GET_BIG_PDE_GCPHYS(pVM, PdeSrc);
3836# if PGM_SHW_TYPE == PGM_TYPE_PAE && PGM_GST_TYPE == PGM_TYPE_32BIT
3837 GCPhysGst = PGM_A20_APPLY(pVCpu, GCPhysGst | (GCPtr & RT_BIT(X86_PAGE_2M_SHIFT)));
3838# endif
3839 }
3840
3841 if ( pPoolPage->enmKind
3842 != (!(PdeSrc.u & X86_PDE_PS) || !fBigPagesSupported ? BTH_PGMPOOLKIND_PT_FOR_PT : BTH_PGMPOOLKIND_PT_FOR_BIG))
3843 {
3844 AssertMsgFailed(("Invalid shadow page table kind %d at %RGv! PdeSrc=%#RX64\n",
3845 pPoolPage->enmKind, GCPtr, (uint64_t)PdeSrc.u));
3846 cErrors++;
3847 }
3848
3849 PPGMPAGE pPhysPage = pgmPhysGetPage(pVM, GCPhysGst);
3850 if (!pPhysPage)
3851 {
3852 AssertMsgFailed(("Cannot find guest physical address %RGp in the PDE at %RGv! PdeSrc=%#RX64\n",
3853 GCPhysGst, GCPtr, (uint64_t)PdeSrc.u));
3854 cErrors++;
3855 continue;
3856 }
3857
3858 if (GCPhysGst != pPoolPage->GCPhys)
3859 {
3860 AssertMsgFailed(("GCPhysGst=%RGp != pPage->GCPhys=%RGp at %RGv\n",
3861 GCPhysGst, pPoolPage->GCPhys, GCPtr));
3862 cErrors++;
3863 continue;
3864 }
3865
3866 if ( !(PdeSrc.u & X86_PDE_PS)
3867 || !fBigPagesSupported)
3868 {
3869 /*
3870 * Page Table.
3871 */
3872 const GSTPT *pPTSrc;
3873 rc = PGM_GCPHYS_2_PTR_V2(pVM, pVCpu, PGM_A20_APPLY(pVCpu, GCPhysGst & ~(RTGCPHYS)(PAGE_SIZE - 1)),
3874 &pPTSrc);
3875 if (RT_FAILURE(rc))
3876 {
3877 AssertMsgFailed(("Cannot map/convert guest physical address %RGp in the PDE at %RGv! PdeSrc=%#RX64\n",
3878 GCPhysGst, GCPtr, (uint64_t)PdeSrc.u));
3879 cErrors++;
3880 continue;
3881 }
3882 if ( (PdeSrc.u & (X86_PDE_P | X86_PDE_US | X86_PDE_RW/* | X86_PDE_A*/))
3883 != (PdeDst.u & (X86_PDE_P | X86_PDE_US | X86_PDE_RW/* | X86_PDE_A*/)))
3884 {
3885 /// @todo We get here a lot on out-of-sync CR3 entries. The access handler should zap them to avoid false alarms here!
3886 // (This problem will go away when/if we shadow multiple CR3s.)
3887 AssertMsgFailed(("4K PDE flags mismatch at %RGv! PdeSrc=%#RX64 PdeDst=%#RX64\n",
3888 GCPtr, (uint64_t)PdeSrc.u, (uint64_t)PdeDst.u));
3889 cErrors++;
3890 continue;
3891 }
3892 if (PdeDst.u & PGM_PDFLAGS_TRACK_DIRTY)
3893 {
3894 AssertMsgFailed(("4K PDEs cannot have PGM_PDFLAGS_TRACK_DIRTY set! GCPtr=%RGv PdeDst=%#RX64\n",
3895 GCPtr, (uint64_t)PdeDst.u));
3896 cErrors++;
3897 continue;
3898 }
3899
3900 /* iterate the page table. */
3901# if PGM_SHW_TYPE == PGM_TYPE_PAE && PGM_GST_TYPE == PGM_TYPE_32BIT
3902 /* Select the right PDE as we're emulating a 4kb page table with 2 shadow page tables. */
3903 const unsigned offPTSrc = ((GCPtr >> SHW_PD_SHIFT) & 1) * 512;
3904# else
3905 const unsigned offPTSrc = 0;
3906# endif
3907 for (unsigned iPT = 0, off = 0;
3908 iPT < RT_ELEMENTS(pPTDst->a);
3909 iPT++, off += PAGE_SIZE)
3910 {
3911 const SHWPTE PteDst = pPTDst->a[iPT];
3912
3913 /* skip not-present and dirty tracked entries. */
3914 if (!(SHW_PTE_GET_U(PteDst) & (X86_PTE_P | PGM_PTFLAGS_TRACK_DIRTY))) /** @todo deal with ALL handlers and CSAM !P pages! */
3915 continue;
3916 Assert(SHW_PTE_IS_P(PteDst));
3917
3918 const GSTPTE PteSrc = pPTSrc->a[iPT + offPTSrc];
3919 if (!(PteSrc.u & X86_PTE_P))
3920 {
3921# ifdef IN_RING3
3922 PGMAssertHandlerAndFlagsInSync(pVM);
3923 DBGFR3PagingDumpEx(pVM->pUVM, pVCpu->idCpu, DBGFPGDMP_FLAGS_CURRENT_CR3 | DBGFPGDMP_FLAGS_CURRENT_MODE
3924 | DBGFPGDMP_FLAGS_GUEST | DBGFPGDMP_FLAGS_HEADER | DBGFPGDMP_FLAGS_PRINT_CR3,
3925 0, 0, UINT64_MAX, 99, NULL);
3926# endif
3927 AssertMsgFailed(("Out of sync (!P) PTE at %RGv! PteSrc=%#RX64 PteDst=%#RX64 pPTSrc=%RGv iPTSrc=%x PdeSrc=%x physpte=%RGp\n",
3928 GCPtr + off, (uint64_t)PteSrc.u, SHW_PTE_LOG64(PteDst), pPTSrc, iPT + offPTSrc, PdeSrc.au32[0],
3929 (uint64_t)GST_GET_PDE_GCPHYS(PdeSrc) + (iPT + offPTSrc) * sizeof(PteSrc)));
3930 cErrors++;
3931 continue;
3932 }
3933
3934 uint64_t fIgnoreFlags = GST_PTE_PG_MASK | X86_PTE_AVL_MASK | X86_PTE_G | X86_PTE_D | X86_PTE_PWT | X86_PTE_PCD | X86_PTE_PAT;
3935# if 1 /** @todo sync accessed bit properly... */
3936 fIgnoreFlags |= X86_PTE_A;
3937# endif
3938
3939 /* match the physical addresses */
3940 HCPhysShw = SHW_PTE_GET_HCPHYS(PteDst);
3941 GCPhysGst = GST_GET_PTE_GCPHYS(PteSrc);
3942
3943# ifdef IN_RING3
3944 rc = PGMPhysGCPhys2HCPhys(pVM, GCPhysGst, &HCPhys);
3945 if (RT_FAILURE(rc))
3946 {
3947 if (HCPhysShw != MMR3PageDummyHCPhys(pVM)) /** @todo this is wrong. */
3948 {
3949 AssertMsgFailed(("Cannot find guest physical address %RGp at %RGv! PteSrc=%#RX64 PteDst=%#RX64\n",
3950 GCPhysGst, GCPtr + off, (uint64_t)PteSrc.u, SHW_PTE_LOG64(PteDst)));
3951 cErrors++;
3952 continue;
3953 }
3954 }
3955 else if (HCPhysShw != (HCPhys & SHW_PTE_PG_MASK))
3956 {
3957 AssertMsgFailed(("Out of sync (phys) at %RGv! HCPhysShw=%RHp HCPhys=%RHp GCPhysGst=%RGp PteSrc=%#RX64 PteDst=%#RX64\n",
3958 GCPtr + off, HCPhysShw, HCPhys, GCPhysGst, (uint64_t)PteSrc.u, SHW_PTE_LOG64(PteDst)));
3959 cErrors++;
3960 continue;
3961 }
3962# endif
3963
3964 pPhysPage = pgmPhysGetPage(pVM, GCPhysGst);
3965 if (!pPhysPage)
3966 {
3967# ifdef IN_RING3 /** @todo make MMR3PageDummyHCPhys an 'All' function! */
3968 if (HCPhysShw != MMR3PageDummyHCPhys(pVM)) /** @todo this is wrong. */
3969 {
3970 AssertMsgFailed(("Cannot find guest physical address %RGp at %RGv! PteSrc=%#RX64 PteDst=%#RX64\n",
3971 GCPhysGst, GCPtr + off, (uint64_t)PteSrc.u, SHW_PTE_LOG64(PteDst)));
3972 cErrors++;
3973 continue;
3974 }
3975# endif
3976 if (SHW_PTE_IS_RW(PteDst))
3977 {
3978 AssertMsgFailed(("Invalid guest page at %RGv is writable! GCPhysGst=%RGp PteSrc=%#RX64 PteDst=%#RX64\n",
3979 GCPtr + off, GCPhysGst, (uint64_t)PteSrc.u, SHW_PTE_LOG64(PteDst)));
3980 cErrors++;
3981 }
3982 fIgnoreFlags |= X86_PTE_RW;
3983 }
3984 else if (HCPhysShw != PGM_PAGE_GET_HCPHYS(pPhysPage))
3985 {
3986 AssertMsgFailed(("Out of sync (phys) at %RGv! HCPhysShw=%RHp pPhysPage:%R[pgmpage] GCPhysGst=%RGp PteSrc=%#RX64 PteDst=%#RX64\n",
3987 GCPtr + off, HCPhysShw, pPhysPage, GCPhysGst, (uint64_t)PteSrc.u, SHW_PTE_LOG64(PteDst)));
3988 cErrors++;
3989 continue;
3990 }
3991
3992 /* flags */
3993 if (PGM_PAGE_HAS_ACTIVE_HANDLERS(pPhysPage))
3994 {
3995 if (!PGM_PAGE_HAS_ACTIVE_ALL_HANDLERS(pPhysPage))
3996 {
3997 if (SHW_PTE_IS_RW(PteDst))
3998 {
3999 AssertMsgFailed(("WRITE access flagged at %RGv but the page is writable! pPhysPage=%R[pgmpage] PteSrc=%#RX64 PteDst=%#RX64\n",
4000 GCPtr + off, pPhysPage, (uint64_t)PteSrc.u, SHW_PTE_LOG64(PteDst)));
4001 cErrors++;
4002 continue;
4003 }
4004 fIgnoreFlags |= X86_PTE_RW;
4005 }
4006 else
4007 {
4008 if ( SHW_PTE_IS_P(PteDst)
4009# if PGM_SHW_TYPE == PGM_TYPE_EPT || PGM_SHW_TYPE == PGM_TYPE_PAE || PGM_SHW_TYPE == PGM_TYPE_AMD64
4010 && !PGM_PAGE_IS_MMIO(pPhysPage)
4011# endif
4012 )
4013 {
4014 AssertMsgFailed(("ALL access flagged at %RGv but the page is present! pPhysPage=%R[pgmpage] PteSrc=%#RX64 PteDst=%#RX64\n",
4015 GCPtr + off, pPhysPage, (uint64_t)PteSrc.u, SHW_PTE_LOG64(PteDst)));
4016 cErrors++;
4017 continue;
4018 }
4019 fIgnoreFlags |= X86_PTE_P;
4020 }
4021 }
4022 else
4023 {
4024 if ((PteSrc.u & (X86_PTE_RW | X86_PTE_D)) == X86_PTE_RW)
4025 {
4026 if (SHW_PTE_IS_RW(PteDst))
4027 {
4028 AssertMsgFailed(("!DIRTY page at %RGv is writable! PteSrc=%#RX64 PteDst=%#RX64\n",
4029 GCPtr + off, (uint64_t)PteSrc.u, SHW_PTE_LOG64(PteDst)));
4030 cErrors++;
4031 continue;
4032 }
4033 if (!SHW_PTE_IS_TRACK_DIRTY(PteDst))
4034 {
4035 AssertMsgFailed(("!DIRTY page at %RGv is not marked TRACK_DIRTY! PteSrc=%#RX64 PteDst=%#RX64\n",
4036 GCPtr + off, (uint64_t)PteSrc.u, SHW_PTE_LOG64(PteDst)));
4037 cErrors++;
4038 continue;
4039 }
4040 if (SHW_PTE_IS_D(PteDst))
4041 {
4042 AssertMsgFailed(("!DIRTY page at %RGv is marked DIRTY! PteSrc=%#RX64 PteDst=%#RX64\n",
4043 GCPtr + off, (uint64_t)PteSrc.u, SHW_PTE_LOG64(PteDst)));
4044 cErrors++;
4045 }
4046# if 0 /** @todo sync access bit properly... */
4047 if (PteDst.n.u1Accessed != PteSrc.n.u1Accessed)
4048 {
4049 AssertMsgFailed(("!DIRTY page at %RGv is has mismatching accessed bit! PteSrc=%#RX64 PteDst=%#RX64\n",
4050 GCPtr + off, (uint64_t)PteSrc.u, SHW_PTE_LOG64(PteDst)));
4051 cErrors++;
4052 }
4053 fIgnoreFlags |= X86_PTE_RW;
4054# else
4055 fIgnoreFlags |= X86_PTE_RW | X86_PTE_A;
4056# endif
4057 }
4058 else if (SHW_PTE_IS_TRACK_DIRTY(PteDst))
4059 {
4060 /* access bit emulation (not implemented). */
4061 if ((PteSrc.u & X86_PTE_A) || SHW_PTE_IS_P(PteDst))
4062 {
4063 AssertMsgFailed(("PGM_PTFLAGS_TRACK_DIRTY set at %RGv but no accessed bit emulation! PteSrc=%#RX64 PteDst=%#RX64\n",
4064 GCPtr + off, (uint64_t)PteSrc.u, SHW_PTE_LOG64(PteDst)));
4065 cErrors++;
4066 continue;
4067 }
4068 if (!SHW_PTE_IS_A(PteDst))
4069 {
4070 AssertMsgFailed(("!ACCESSED page at %RGv is has the accessed bit set! PteSrc=%#RX64 PteDst=%#RX64\n",
4071 GCPtr + off, (uint64_t)PteSrc.u, SHW_PTE_LOG64(PteDst)));
4072 cErrors++;
4073 }
4074 fIgnoreFlags |= X86_PTE_P;
4075 }
4076# ifdef DEBUG_sandervl
4077 fIgnoreFlags |= X86_PTE_D | X86_PTE_A;
4078# endif
4079 }
4080
4081 if ( (PteSrc.u & ~fIgnoreFlags) != (SHW_PTE_GET_U(PteDst) & ~fIgnoreFlags)
4082 && (PteSrc.u & ~(fIgnoreFlags | X86_PTE_RW)) != (SHW_PTE_GET_U(PteDst) & ~fIgnoreFlags)
4083 )
4084 {
4085 AssertMsgFailed(("Flags mismatch at %RGv! %#RX64 != %#RX64 fIgnoreFlags=%#RX64 PteSrc=%#RX64 PteDst=%#RX64\n",
4086 GCPtr + off, (uint64_t)PteSrc.u & ~fIgnoreFlags, SHW_PTE_LOG64(PteDst) & ~fIgnoreFlags,
4087 fIgnoreFlags, (uint64_t)PteSrc.u, SHW_PTE_LOG64(PteDst)));
4088 cErrors++;
4089 continue;
4090 }
4091 } /* foreach PTE */
4092 }
4093 else
4094 {
4095 /*
4096 * Big Page.
4097 */
4098 uint64_t fIgnoreFlags = X86_PDE_AVL_MASK | GST_PDE_PG_MASK | X86_PDE4M_G | X86_PDE4M_D | X86_PDE4M_PS | X86_PDE4M_PWT | X86_PDE4M_PCD;
4099 if ((PdeSrc.u & (X86_PDE_RW | X86_PDE4M_D)) == X86_PDE_RW)
4100 {
4101 if (PdeDst.u & X86_PDE_RW)
4102 {
4103 AssertMsgFailed(("!DIRTY page at %RGv is writable! PdeSrc=%#RX64 PdeDst=%#RX64\n",
4104 GCPtr, (uint64_t)PdeSrc.u, (uint64_t)PdeDst.u));
4105 cErrors++;
4106 continue;
4107 }
4108 if (!(PdeDst.u & PGM_PDFLAGS_TRACK_DIRTY))
4109 {
4110 AssertMsgFailed(("!DIRTY page at %RGv is not marked TRACK_DIRTY! PteSrc=%#RX64 PteDst=%#RX64\n",
4111 GCPtr, (uint64_t)PdeSrc.u, (uint64_t)PdeDst.u));
4112 cErrors++;
4113 continue;
4114 }
4115# if 0 /** @todo sync access bit properly... */
4116 if (PdeDst.n.u1Accessed != PdeSrc.b.u1Accessed)
4117 {
4118 AssertMsgFailed(("!DIRTY page at %RGv is has mismatching accessed bit! PteSrc=%#RX64 PteDst=%#RX64\n",
4119 GCPtr, (uint64_t)PdeSrc.u, (uint64_t)PdeDst.u));
4120 cErrors++;
4121 }
4122 fIgnoreFlags |= X86_PTE_RW;
4123# else
4124 fIgnoreFlags |= X86_PTE_RW | X86_PTE_A;
4125# endif
4126 }
4127 else if (PdeDst.u & PGM_PDFLAGS_TRACK_DIRTY)
4128 {
4129 /* access bit emulation (not implemented). */
4130 if ((PdeSrc.u & X86_PDE_A) || SHW_PDE_IS_P(PdeDst))
4131 {
4132 AssertMsgFailed(("PGM_PDFLAGS_TRACK_DIRTY set at %RGv but no accessed bit emulation! PdeSrc=%#RX64 PdeDst=%#RX64\n",
4133 GCPtr, (uint64_t)PdeSrc.u, (uint64_t)PdeDst.u));
4134 cErrors++;
4135 continue;
4136 }
4137 if (!SHW_PDE_IS_A(PdeDst))
4138 {
4139 AssertMsgFailed(("!ACCESSED page at %RGv is has the accessed bit set! PdeSrc=%#RX64 PdeDst=%#RX64\n",
4140 GCPtr, (uint64_t)PdeSrc.u, (uint64_t)PdeDst.u));
4141 cErrors++;
4142 }
4143 fIgnoreFlags |= X86_PTE_P;
4144 }
4145
4146 if ((PdeSrc.u & ~fIgnoreFlags) != (PdeDst.u & ~fIgnoreFlags))
4147 {
4148 AssertMsgFailed(("Flags mismatch (B) at %RGv! %#RX64 != %#RX64 fIgnoreFlags=%#RX64 PdeSrc=%#RX64 PdeDst=%#RX64\n",
4149 GCPtr, (uint64_t)PdeSrc.u & ~fIgnoreFlags, (uint64_t)PdeDst.u & ~fIgnoreFlags,
4150 fIgnoreFlags, (uint64_t)PdeSrc.u, (uint64_t)PdeDst.u));
4151 cErrors++;
4152 }
4153
4154 /* iterate the page table. */
4155 for (unsigned iPT = 0, off = 0;
4156 iPT < RT_ELEMENTS(pPTDst->a);
4157 iPT++, off += PAGE_SIZE, GCPhysGst = PGM_A20_APPLY(pVCpu, GCPhysGst + PAGE_SIZE))
4158 {
4159 const SHWPTE PteDst = pPTDst->a[iPT];
4160
4161 if (SHW_PTE_IS_TRACK_DIRTY(PteDst))
4162 {
4163 AssertMsgFailed(("The PTE at %RGv emulating a 2/4M page is marked TRACK_DIRTY! PdeSrc=%#RX64 PteDst=%#RX64\n",
4164 GCPtr + off, (uint64_t)PdeSrc.u, SHW_PTE_LOG64(PteDst)));
4165 cErrors++;
4166 }
4167
4168 /* skip not-present entries. */
4169 if (!SHW_PTE_IS_P(PteDst)) /** @todo deal with ALL handlers and CSAM !P pages! */
4170 continue;
4171
4172 fIgnoreFlags = X86_PTE_PAE_PG_MASK | X86_PTE_AVL_MASK | X86_PTE_PWT | X86_PTE_PCD | X86_PTE_PAT | X86_PTE_D | X86_PTE_A | X86_PTE_G | X86_PTE_PAE_NX;
4173
4174 /* match the physical addresses */
4175 HCPhysShw = SHW_PTE_GET_HCPHYS(PteDst);
4176
4177# ifdef IN_RING3
4178 rc = PGMPhysGCPhys2HCPhys(pVM, GCPhysGst, &HCPhys);
4179 if (RT_FAILURE(rc))
4180 {
4181 if (HCPhysShw != MMR3PageDummyHCPhys(pVM)) /** @todo this is wrong. */
4182 {
4183 AssertMsgFailed(("Cannot find guest physical address %RGp at %RGv! PdeSrc=%#RX64 PteDst=%#RX64\n",
4184 GCPhysGst, GCPtr + off, (uint64_t)PdeSrc.u, SHW_PTE_LOG64(PteDst)));
4185 cErrors++;
4186 }
4187 }
4188 else if (HCPhysShw != (HCPhys & X86_PTE_PAE_PG_MASK))
4189 {
4190 AssertMsgFailed(("Out of sync (phys) at %RGv! HCPhysShw=%RHp HCPhys=%RHp GCPhysGst=%RGp PdeSrc=%#RX64 PteDst=%#RX64\n",
4191 GCPtr + off, HCPhysShw, HCPhys, GCPhysGst, (uint64_t)PdeSrc.u, SHW_PTE_LOG64(PteDst)));
4192 cErrors++;
4193 continue;
4194 }
4195# endif
4196 pPhysPage = pgmPhysGetPage(pVM, GCPhysGst);
4197 if (!pPhysPage)
4198 {
4199# ifdef IN_RING3 /** @todo make MMR3PageDummyHCPhys an 'All' function! */
4200 if (HCPhysShw != MMR3PageDummyHCPhys(pVM)) /** @todo this is wrong. */
4201 {
4202 AssertMsgFailed(("Cannot find guest physical address %RGp at %RGv! PdeSrc=%#RX64 PteDst=%#RX64\n",
4203 GCPhysGst, GCPtr + off, (uint64_t)PdeSrc.u, SHW_PTE_LOG64(PteDst)));
4204 cErrors++;
4205 continue;
4206 }
4207# endif
4208 if (SHW_PTE_IS_RW(PteDst))
4209 {
4210 AssertMsgFailed(("Invalid guest page at %RGv is writable! GCPhysGst=%RGp PdeSrc=%#RX64 PteDst=%#RX64\n",
4211 GCPtr + off, GCPhysGst, (uint64_t)PdeSrc.u, SHW_PTE_LOG64(PteDst)));
4212 cErrors++;
4213 }
4214 fIgnoreFlags |= X86_PTE_RW;
4215 }
4216 else if (HCPhysShw != PGM_PAGE_GET_HCPHYS(pPhysPage))
4217 {
4218 AssertMsgFailed(("Out of sync (phys) at %RGv! HCPhysShw=%RHp pPhysPage=%R[pgmpage] GCPhysGst=%RGp PdeSrc=%#RX64 PteDst=%#RX64\n",
4219 GCPtr + off, HCPhysShw, pPhysPage, GCPhysGst, (uint64_t)PdeSrc.u, SHW_PTE_LOG64(PteDst)));
4220 cErrors++;
4221 continue;
4222 }
4223
4224 /* flags */
4225 if (PGM_PAGE_HAS_ACTIVE_HANDLERS(pPhysPage))
4226 {
4227 if (!PGM_PAGE_HAS_ACTIVE_ALL_HANDLERS(pPhysPage))
4228 {
4229 if (PGM_PAGE_GET_HNDL_PHYS_STATE(pPhysPage) != PGM_PAGE_HNDL_PHYS_STATE_DISABLED)
4230 {
4231 if (SHW_PTE_IS_RW(PteDst))
4232 {
4233 AssertMsgFailed(("WRITE access flagged at %RGv but the page is writable! pPhysPage=%R[pgmpage] PdeSrc=%#RX64 PteDst=%#RX64\n",
4234 GCPtr + off, pPhysPage, (uint64_t)PdeSrc.u, SHW_PTE_LOG64(PteDst)));
4235 cErrors++;
4236 continue;
4237 }
4238 fIgnoreFlags |= X86_PTE_RW;
4239 }
4240 }
4241 else
4242 {
4243 if ( SHW_PTE_IS_P(PteDst)
4244# if PGM_SHW_TYPE == PGM_TYPE_EPT || PGM_SHW_TYPE == PGM_TYPE_PAE || PGM_SHW_TYPE == PGM_TYPE_AMD64
4245 && !PGM_PAGE_IS_MMIO(pPhysPage)
4246# endif
4247 )
4248 {
4249 AssertMsgFailed(("ALL access flagged at %RGv but the page is present! pPhysPage=%R[pgmpage] PdeSrc=%#RX64 PteDst=%#RX64\n",
4250 GCPtr + off, pPhysPage, (uint64_t)PdeSrc.u, SHW_PTE_LOG64(PteDst)));
4251 cErrors++;
4252 continue;
4253 }
4254 fIgnoreFlags |= X86_PTE_P;
4255 }
4256 }
4257
4258 if ( (PdeSrc.u & ~fIgnoreFlags) != (SHW_PTE_GET_U(PteDst) & ~fIgnoreFlags)
4259 && (PdeSrc.u & ~(fIgnoreFlags | X86_PTE_RW)) != (SHW_PTE_GET_U(PteDst) & ~fIgnoreFlags) /* lazy phys handler dereg. */
4260 )
4261 {
4262 AssertMsgFailed(("Flags mismatch (BT) at %RGv! %#RX64 != %#RX64 fIgnoreFlags=%#RX64 PdeSrc=%#RX64 PteDst=%#RX64\n",
4263 GCPtr + off, (uint64_t)PdeSrc.u & ~fIgnoreFlags, SHW_PTE_LOG64(PteDst) & ~fIgnoreFlags,
4264 fIgnoreFlags, (uint64_t)PdeSrc.u, SHW_PTE_LOG64(PteDst)));
4265 cErrors++;
4266 continue;
4267 }
4268 } /* for each PTE */
4269 }
4270 }
4271 /* not present */
4272
4273 } /* for each PDE */
4274
4275 } /* for each PDPTE */
4276
4277 } /* for each PML4E */
4278
4279# ifdef DEBUG
4280 if (cErrors)
4281 LogFlow(("AssertCR3: cErrors=%d\n", cErrors));
4282# endif
4283# endif /* GST is in {32BIT, PAE, AMD64} */
4284 return cErrors;
4285#endif /* !PGM_TYPE_IS_NESTED_OR_EPT(PGM_SHW_TYPE) && PGM_SHW_TYPE != PGM_TYPE_NONE */
4286}
4287#endif /* VBOX_STRICT */
4288
4289
4290/**
4291 * Sets up the CR3 for shadow paging
4292 *
4293 * @returns Strict VBox status code.
4294 * @retval VINF_SUCCESS.
4295 *
4296 * @param pVCpu The cross context virtual CPU structure.
4297 * @param GCPhysCR3 The physical address in the CR3 register. (A20
4298 * mask already applied.)
4299 */
4300PGM_BTH_DECL(int, MapCR3)(PVMCPUCC pVCpu, RTGCPHYS GCPhysCR3)
4301{
4302 PVMCC pVM = pVCpu->CTX_SUFF(pVM); NOREF(pVM);
4303
4304 /* Update guest paging info. */
4305#if PGM_GST_TYPE == PGM_TYPE_32BIT \
4306 || PGM_GST_TYPE == PGM_TYPE_PAE \
4307 || PGM_GST_TYPE == PGM_TYPE_AMD64
4308
4309 LogFlow(("MapCR3: %RGp\n", GCPhysCR3));
4310 PGM_A20_ASSERT_MASKED(pVCpu, GCPhysCR3);
4311
4312 /*
4313 * Map the page CR3 points at.
4314 */
4315 RTHCPTR HCPtrGuestCR3;
4316 pgmLock(pVM);
4317 PPGMPAGE pPageCR3 = pgmPhysGetPage(pVM, GCPhysCR3);
4318 AssertReturn(pPageCR3, VERR_PGM_INVALID_CR3_ADDR);
4319 /** @todo this needs some reworking wrt. locking? */
4320# ifdef VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0
4321 HCPtrGuestCR3 = NIL_RTHCPTR;
4322 int rc = VINF_SUCCESS;
4323# else
4324 int rc = pgmPhysGCPhys2CCPtrInternalDepr(pVM, pPageCR3, GCPhysCR3 & GST_CR3_PAGE_MASK, (void **)&HCPtrGuestCR3); /** @todo r=bird: This GCPhysCR3 masking isn't necessary. */
4325# endif
4326 pgmUnlock(pVM);
4327 if (RT_SUCCESS(rc))
4328 {
4329# if PGM_GST_TYPE == PGM_TYPE_32BIT
4330# ifdef VBOX_WITH_RAM_IN_KERNEL
4331# ifdef IN_RING3
4332 pVCpu->pgm.s.pGst32BitPdR3 = (PX86PD)HCPtrGuestCR3;
4333 pVCpu->pgm.s.pGst32BitPdR0 = NIL_RTR0PTR;
4334# else
4335 pVCpu->pgm.s.pGst32BitPdR3 = NIL_RTR3PTR;
4336 pVCpu->pgm.s.pGst32BitPdR0 = (PX86PD)HCPtrGuestCR3;
4337# endif
4338# else
4339 pVCpu->pgm.s.pGst32BitPdR3 = (R3PTRTYPE(PX86PD))HCPtrGuestCR3;
4340# ifndef VBOX_WITH_2X_4GB_ADDR_SPACE
4341 pVCpu->pgm.s.pGst32BitPdR0 = (R0PTRTYPE(PX86PD))HCPtrGuestCR3;
4342# endif
4343# endif
4344
4345# elif PGM_GST_TYPE == PGM_TYPE_PAE
4346# ifdef VBOX_WITH_RAM_IN_KERNEL
4347# ifdef IN_RING3
4348 pVCpu->pgm.s.pGstPaePdptR3 = (PX86PDPT)HCPtrGuestCR3;
4349 pVCpu->pgm.s.pGstPaePdptR0 = NIL_RTR0PTR;
4350# else
4351 pVCpu->pgm.s.pGstPaePdptR3 = NIL_RTR3PTR;
4352 pVCpu->pgm.s.pGstPaePdptR0 = (PX86PDPT)HCPtrGuestCR3;
4353# endif
4354# else
4355 pVCpu->pgm.s.pGstPaePdptR3 = (R3PTRTYPE(PX86PDPT))HCPtrGuestCR3;
4356# ifndef VBOX_WITH_2X_4GB_ADDR_SPACE
4357 pVCpu->pgm.s.pGstPaePdptR0 = (R0PTRTYPE(PX86PDPT))HCPtrGuestCR3;
4358# endif
4359# endif
4360
4361 /*
4362 * Map the 4 PDs too.
4363 */
4364 PX86PDPT pGuestPDPT = pgmGstGetPaePDPTPtr(pVCpu);
4365 for (unsigned i = 0; i < X86_PG_PAE_PDPE_ENTRIES; i++)
4366 {
4367 pVCpu->pgm.s.aGstPaePdpeRegs[i].u = pGuestPDPT->a[i].u;
4368 if (pGuestPDPT->a[i].u & X86_PDPE_P)
4369 {
4370 RTHCPTR HCPtr;
4371 RTGCPHYS GCPhys = PGM_A20_APPLY(pVCpu, pGuestPDPT->a[i].u & X86_PDPE_PG_MASK);
4372 pgmLock(pVM);
4373 PPGMPAGE pPage = pgmPhysGetPage(pVM, GCPhys);
4374 AssertReturn(pPage, VERR_PGM_INVALID_PDPE_ADDR);
4375# ifdef VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0
4376 HCPtr = NIL_RTHCPTR;
4377 int rc2 = VINF_SUCCESS;
4378# else
4379 int rc2 = pgmPhysGCPhys2CCPtrInternalDepr(pVM, pPage, GCPhys, (void **)&HCPtr);
4380# endif
4381 pgmUnlock(pVM);
4382 if (RT_SUCCESS(rc2))
4383 {
4384# ifdef VBOX_WITH_RAM_IN_KERNEL
4385# ifdef IN_RING3
4386 pVCpu->pgm.s.apGstPaePDsR3[i] = (PX86PDPAE)HCPtr;
4387 pVCpu->pgm.s.apGstPaePDsR0[i] = NIL_RTR0PTR;
4388# else
4389 pVCpu->pgm.s.apGstPaePDsR3[i] = NIL_RTR3PTR;
4390 pVCpu->pgm.s.apGstPaePDsR0[i] = (PX86PDPAE)HCPtr;
4391# endif
4392# else
4393 pVCpu->pgm.s.apGstPaePDsR3[i] = (R3PTRTYPE(PX86PDPAE))HCPtr;
4394# ifndef VBOX_WITH_2X_4GB_ADDR_SPACE
4395 pVCpu->pgm.s.apGstPaePDsR0[i] = (R0PTRTYPE(PX86PDPAE))HCPtr;
4396# endif
4397# endif
4398 pVCpu->pgm.s.aGCPhysGstPaePDs[i] = GCPhys;
4399 continue;
4400 }
4401 AssertMsgFailed(("pgmR3Gst32BitMapCR3: rc2=%d GCPhys=%RGp i=%d\n", rc2, GCPhys, i));
4402 }
4403
4404 pVCpu->pgm.s.apGstPaePDsR3[i] = 0;
4405# ifndef VBOX_WITH_2X_4GB_ADDR_SPACE
4406 pVCpu->pgm.s.apGstPaePDsR0[i] = 0;
4407# endif
4408 pVCpu->pgm.s.aGCPhysGstPaePDs[i] = NIL_RTGCPHYS;
4409 }
4410
4411# elif PGM_GST_TYPE == PGM_TYPE_AMD64
4412# ifdef VBOX_WITH_RAM_IN_KERNEL
4413# ifdef IN_RING3
4414 pVCpu->pgm.s.pGstAmd64Pml4R3 = (PX86PML4)HCPtrGuestCR3;
4415 pVCpu->pgm.s.pGstAmd64Pml4R0 = NIL_RTR0PTR;
4416# else
4417 pVCpu->pgm.s.pGstAmd64Pml4R3 = NIL_RTR3PTR;
4418 pVCpu->pgm.s.pGstAmd64Pml4R0 = (PX86PML4)HCPtrGuestCR3;
4419# endif
4420# else
4421 pVCpu->pgm.s.pGstAmd64Pml4R3 = (R3PTRTYPE(PX86PML4))HCPtrGuestCR3;
4422# ifndef VBOX_WITH_2X_4GB_ADDR_SPACE
4423 pVCpu->pgm.s.pGstAmd64Pml4R0 = (R0PTRTYPE(PX86PML4))HCPtrGuestCR3;
4424# endif
4425# endif
4426# endif
4427 }
4428 else
4429 AssertMsgFailed(("rc=%Rrc GCPhysGuestPD=%RGp\n", rc, GCPhysCR3));
4430
4431#else /* prot/real stub */
4432 int rc = VINF_SUCCESS;
4433#endif
4434
4435 /*
4436 * Update shadow paging info for guest modes with paging (32-bit, PAE, AMD64).
4437 */
4438# if ( ( PGM_SHW_TYPE == PGM_TYPE_32BIT \
4439 || PGM_SHW_TYPE == PGM_TYPE_PAE \
4440 || PGM_SHW_TYPE == PGM_TYPE_AMD64) \
4441 && ( PGM_GST_TYPE != PGM_TYPE_REAL \
4442 && PGM_GST_TYPE != PGM_TYPE_PROT))
4443
4444 Assert(!pVM->pgm.s.fNestedPaging);
4445 PGM_A20_ASSERT_MASKED(pVCpu, GCPhysCR3);
4446
4447 /*
4448 * Update the shadow root page as well since that's not fixed.
4449 */
4450 PPGMPOOL pPool = pVM->pgm.s.CTX_SUFF(pPool);
4451 PPGMPOOLPAGE pOldShwPageCR3 = pVCpu->pgm.s.CTX_SUFF(pShwPageCR3);
4452 PPGMPOOLPAGE pNewShwPageCR3;
4453
4454 pgmLock(pVM);
4455
4456# ifdef PGMPOOL_WITH_OPTIMIZED_DIRTY_PT
4457 if (pPool->cDirtyPages)
4458 pgmPoolResetDirtyPages(pVM);
4459# endif
4460
4461 Assert(!(GCPhysCR3 >> (PAGE_SHIFT + 32)));
4462 rc = pgmPoolAlloc(pVM, GCPhysCR3 & GST_CR3_PAGE_MASK, BTH_PGMPOOLKIND_ROOT, PGMPOOLACCESS_DONTCARE, PGM_A20_IS_ENABLED(pVCpu),
4463 NIL_PGMPOOL_IDX, UINT32_MAX, true /*fLockPage*/,
4464 &pNewShwPageCR3);
4465 AssertFatalRC(rc);
4466 rc = VINF_SUCCESS;
4467
4468 pVCpu->pgm.s.CTX_SUFF(pShwPageCR3) = pNewShwPageCR3;
4469# ifdef IN_RING0
4470 pVCpu->pgm.s.pShwPageCR3R3 = MMHyperCCToR3(pVM, pVCpu->pgm.s.CTX_SUFF(pShwPageCR3));
4471# else
4472 pVCpu->pgm.s.pShwPageCR3R0 = MMHyperCCToR0(pVM, pVCpu->pgm.s.CTX_SUFF(pShwPageCR3));
4473# endif
4474
4475# ifndef PGM_WITHOUT_MAPPINGS
4476 /*
4477 * Apply all hypervisor mappings to the new CR3.
4478 * Note that SyncCR3 will be executed in case CR3 is changed in a guest paging mode; this will
4479 * make sure we check for conflicts in the new CR3 root.
4480 */
4481# if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE)
4482 Assert(VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_PGM_SYNC_CR3_NON_GLOBAL) || VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_PGM_SYNC_CR3));
4483# endif
4484 rc = pgmMapActivateCR3(pVM, pNewShwPageCR3);
4485 AssertRCReturn(rc, rc);
4486# endif
4487
4488 /* Set the current hypervisor CR3. */
4489 CPUMSetHyperCR3(pVCpu, PGMGetHyperCR3(pVCpu));
4490
4491 /* Clean up the old CR3 root. */
4492 if ( pOldShwPageCR3
4493 && pOldShwPageCR3 != pNewShwPageCR3 /* @todo can happen due to incorrect syncing between REM & PGM; find the real cause */)
4494 {
4495 Assert(pOldShwPageCR3->enmKind != PGMPOOLKIND_FREE);
4496# ifndef PGM_WITHOUT_MAPPINGS
4497 /* Remove the hypervisor mappings from the shadow page table. */
4498 pgmMapDeactivateCR3(pVM, pOldShwPageCR3);
4499# endif
4500 /* Mark the page as unlocked; allow flushing again. */
4501 pgmPoolUnlockPage(pPool, pOldShwPageCR3);
4502
4503 pgmPoolFreeByPage(pPool, pOldShwPageCR3, NIL_PGMPOOL_IDX, UINT32_MAX);
4504 }
4505 pgmUnlock(pVM);
4506# else
4507 NOREF(GCPhysCR3);
4508# endif
4509
4510 return rc;
4511}
4512
4513/**
4514 * Unmaps the shadow CR3.
4515 *
4516 * @returns VBox status, no specials.
4517 * @param pVCpu The cross context virtual CPU structure.
4518 */
4519PGM_BTH_DECL(int, UnmapCR3)(PVMCPUCC pVCpu)
4520{
4521 LogFlow(("UnmapCR3\n"));
4522
4523 int rc = VINF_SUCCESS;
4524 PVMCC pVM = pVCpu->CTX_SUFF(pVM); NOREF(pVM);
4525
4526 /*
4527 * Update guest paging info.
4528 */
4529#if PGM_GST_TYPE == PGM_TYPE_32BIT
4530 pVCpu->pgm.s.pGst32BitPdR3 = 0;
4531# ifndef VBOX_WITH_2X_4GB_ADDR_SPACE
4532 pVCpu->pgm.s.pGst32BitPdR0 = 0;
4533# endif
4534
4535#elif PGM_GST_TYPE == PGM_TYPE_PAE
4536 pVCpu->pgm.s.pGstPaePdptR3 = 0;
4537# ifndef VBOX_WITH_2X_4GB_ADDR_SPACE
4538 pVCpu->pgm.s.pGstPaePdptR0 = 0;
4539# endif
4540 for (unsigned i = 0; i < X86_PG_PAE_PDPE_ENTRIES; i++)
4541 {
4542 pVCpu->pgm.s.apGstPaePDsR3[i] = 0;
4543# ifndef VBOX_WITH_2X_4GB_ADDR_SPACE
4544 pVCpu->pgm.s.apGstPaePDsR0[i] = 0;
4545# endif
4546 pVCpu->pgm.s.aGCPhysGstPaePDs[i] = NIL_RTGCPHYS;
4547 }
4548
4549#elif PGM_GST_TYPE == PGM_TYPE_AMD64
4550 pVCpu->pgm.s.pGstAmd64Pml4R3 = 0;
4551# ifndef VBOX_WITH_2X_4GB_ADDR_SPACE
4552 pVCpu->pgm.s.pGstAmd64Pml4R0 = 0;
4553# endif
4554
4555#else /* prot/real mode stub */
4556 /* nothing to do */
4557#endif
4558
4559 /*
4560 * Update shadow paging info.
4561 */
4562#if ( ( PGM_SHW_TYPE == PGM_TYPE_32BIT \
4563 || PGM_SHW_TYPE == PGM_TYPE_PAE \
4564 || PGM_SHW_TYPE == PGM_TYPE_AMD64))
4565# if PGM_GST_TYPE != PGM_TYPE_REAL
4566 Assert(!pVM->pgm.s.fNestedPaging);
4567# endif
4568 pgmLock(pVM);
4569
4570# ifndef PGM_WITHOUT_MAPPINGS
4571 if (pVCpu->pgm.s.CTX_SUFF(pShwPageCR3))
4572 /* Remove the hypervisor mappings from the shadow page table. */
4573 pgmMapDeactivateCR3(pVM, pVCpu->pgm.s.CTX_SUFF(pShwPageCR3));
4574# endif
4575
4576 if (pVCpu->pgm.s.CTX_SUFF(pShwPageCR3))
4577 {
4578 PPGMPOOL pPool = pVM->pgm.s.CTX_SUFF(pPool);
4579
4580# ifdef PGMPOOL_WITH_OPTIMIZED_DIRTY_PT
4581 if (pPool->cDirtyPages)
4582 pgmPoolResetDirtyPages(pVM);
4583# endif
4584
4585 /* Mark the page as unlocked; allow flushing again. */
4586 pgmPoolUnlockPage(pPool, pVCpu->pgm.s.CTX_SUFF(pShwPageCR3));
4587
4588 pgmPoolFreeByPage(pPool, pVCpu->pgm.s.CTX_SUFF(pShwPageCR3), NIL_PGMPOOL_IDX, UINT32_MAX);
4589 pVCpu->pgm.s.pShwPageCR3R3 = 0;
4590 pVCpu->pgm.s.pShwPageCR3R0 = 0;
4591 }
4592
4593 pgmUnlock(pVM);
4594#endif
4595
4596 return rc;
4597}
4598
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette