VirtualBox

source: vbox/trunk/src/VBox/VMM/VMMAll/PGMAllPhys.cpp@ 38082

Last change on this file since 38082 was 37360, checked in by vboxsync, 14 years ago

PGMPhysSimpleReadGCPtr: hrumpf.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
File size: 134.8 KB
Line 
1/* $Id: PGMAllPhys.cpp 37360 2011-06-07 17:28:20Z vboxsync $ */
2/** @file
3 * PGM - Page Manager and Monitor, Physical Memory Addressing.
4 */
5
6/*
7 * Copyright (C) 2006-2007 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18/*******************************************************************************
19* Header Files *
20*******************************************************************************/
21#define LOG_GROUP LOG_GROUP_PGM_PHYS
22#include <VBox/vmm/pgm.h>
23#include <VBox/vmm/trpm.h>
24#include <VBox/vmm/vmm.h>
25#include <VBox/vmm/iom.h>
26#include <VBox/vmm/em.h>
27#include <VBox/vmm/rem.h>
28#include "PGMInternal.h"
29#include <VBox/vmm/vm.h>
30#include "PGMInline.h"
31#include <VBox/param.h>
32#include <VBox/err.h>
33#include <iprt/assert.h>
34#include <iprt/string.h>
35#include <iprt/asm-amd64-x86.h>
36#include <VBox/log.h>
37#ifdef IN_RING3
38# include <iprt/thread.h>
39#endif
40
41
42/*******************************************************************************
43* Defined Constants And Macros *
44*******************************************************************************/
45/** Enable the physical TLB. */
46#define PGM_WITH_PHYS_TLB
47
48
49
50#ifndef IN_RING3
51
52/**
53 * \#PF Handler callback for physical memory accesses without a RC/R0 handler.
54 * This simply pushes everything to the HC handler.
55 *
56 * @returns VBox status code (appropriate for trap handling and GC return).
57 * @param pVM VM Handle.
58 * @param uErrorCode CPU Error code.
59 * @param pRegFrame Trap register frame.
60 * @param pvFault The fault address (cr2).
61 * @param GCPhysFault The GC physical address corresponding to pvFault.
62 * @param pvUser User argument.
63 */
64VMMDECL(int) pgmPhysHandlerRedirectToHC(PVM pVM, RTGCUINT uErrorCode, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, RTGCPHYS GCPhysFault, void *pvUser)
65{
66 return (uErrorCode & X86_TRAP_PF_RW) ? VINF_IOM_HC_MMIO_WRITE : VINF_IOM_HC_MMIO_READ;
67}
68
69
70/**
71 * \#PF Handler callback for Guest ROM range write access.
72 * We simply ignore the writes or fall back to the recompiler if we don't support the instruction.
73 *
74 * @returns VBox status code (appropriate for trap handling and GC return).
75 * @param pVM VM Handle.
76 * @param uErrorCode CPU Error code.
77 * @param pRegFrame Trap register frame.
78 * @param pvFault The fault address (cr2).
79 * @param GCPhysFault The GC physical address corresponding to pvFault.
80 * @param pvUser User argument. Pointer to the ROM range structure.
81 */
82VMMDECL(int) pgmPhysRomWriteHandler(PVM pVM, RTGCUINT uErrorCode, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, RTGCPHYS GCPhysFault, void *pvUser)
83{
84 int rc;
85 PPGMROMRANGE pRom = (PPGMROMRANGE)pvUser;
86 uint32_t iPage = (GCPhysFault - pRom->GCPhys) >> PAGE_SHIFT;
87 PVMCPU pVCpu = VMMGetCpu(pVM);
88
89 Assert(iPage < (pRom->cb >> PAGE_SHIFT));
90 switch (pRom->aPages[iPage].enmProt)
91 {
92 case PGMROMPROT_READ_ROM_WRITE_IGNORE:
93 case PGMROMPROT_READ_RAM_WRITE_IGNORE:
94 {
95 /*
96 * If it's a simple instruction which doesn't change the cpu state
97 * we will simply skip it. Otherwise we'll have to defer it to REM.
98 */
99 uint32_t cbOp;
100 PDISCPUSTATE pDis = &pVCpu->pgm.s.DisState;
101 rc = EMInterpretDisasOne(pVM, pVCpu, pRegFrame, pDis, &cbOp);
102 if ( RT_SUCCESS(rc)
103 && pDis->mode == CPUMODE_32BIT /** @todo why does this matter? */
104 && !(pDis->prefix & (PREFIX_REPNE | PREFIX_REP | PREFIX_SEG)))
105 {
106 switch (pDis->opcode)
107 {
108 /** @todo Find other instructions we can safely skip, possibly
109 * adding this kind of detection to DIS or EM. */
110 case OP_MOV:
111 pRegFrame->rip += cbOp;
112 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZGuestROMWriteHandled);
113 return VINF_SUCCESS;
114 }
115 }
116 else if (RT_UNLIKELY(rc == VERR_INTERNAL_ERROR))
117 return rc;
118 break;
119 }
120
121 case PGMROMPROT_READ_RAM_WRITE_RAM:
122 pRom->aPages[iPage].LiveSave.fWrittenTo = true;
123 rc = PGMHandlerPhysicalPageTempOff(pVM, pRom->GCPhys, GCPhysFault & X86_PTE_PG_MASK);
124 AssertRC(rc);
125 break; /** @todo Must edit the shadow PT and restart the instruction, not use the interpreter! */
126
127 case PGMROMPROT_READ_ROM_WRITE_RAM:
128 /* Handle it in ring-3 because it's *way* easier there. */
129 pRom->aPages[iPage].LiveSave.fWrittenTo = true;
130 break;
131
132 default:
133 AssertMsgFailedReturn(("enmProt=%d iPage=%d GCPhysFault=%RGp\n",
134 pRom->aPages[iPage].enmProt, iPage, GCPhysFault),
135 VERR_INTERNAL_ERROR);
136 }
137
138 STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZGuestROMWriteUnhandled);
139 return VINF_EM_RAW_EMULATE_INSTR;
140}
141
142#endif /* IN_RING3 */
143
144/**
145 * Invalidates the RAM range TLBs.
146 *
147 * @param pVM The VM handle.
148 */
149void pgmPhysInvalidRamRangeTlbs(PVM pVM)
150{
151 pgmLock(pVM);
152 for (uint32_t i = 0; i < PGM_RAMRANGE_TLB_ENTRIES; i++)
153 {
154 pVM->pgm.s.apRamRangesTlbR3[i] = NIL_RTR3PTR;
155 pVM->pgm.s.apRamRangesTlbR0[i] = NIL_RTR0PTR;
156 pVM->pgm.s.apRamRangesTlbRC[i] = NIL_RTRCPTR;
157 }
158 pgmUnlock(pVM);
159}
160
161
162/**
163 * Tests if a value of type RTGCPHYS is negative if the type had been signed
164 * instead of unsigned.
165 *
166 * @returns @c true if negative, @c false if positive or zero.
167 * @param a_GCPhys The value to test.
168 * @todo Move me to iprt/types.h.
169 */
170#define RTGCPHYS_IS_NEGATIVE(a_GCPhys) ((a_GCPhys) & ((RTGCPHYS)1 << (sizeof(RTGCPHYS)*8 - 1)))
171
172
173/**
174 * Slow worker for pgmPhysGetRange.
175 *
176 * @copydoc pgmPhysGetRange
177 */
178PPGMRAMRANGE pgmPhysGetRangeSlow(PVM pVM, RTGCPHYS GCPhys)
179{
180 STAM_COUNTER_INC(&pVM->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,RamRangeTlbMisses));
181
182 PPGMRAMRANGE pRam = pVM->pgm.s.CTX_SUFF(pRamRangeTree);
183 while (pRam)
184 {
185 RTGCPHYS off = GCPhys - pRam->GCPhys;
186 if (off < pRam->cb)
187 {
188 pVM->pgm.s.CTX_SUFF(apRamRangesTlb)[PGM_RAMRANGE_TLB_IDX(GCPhys)] = pRam;
189 return pRam;
190 }
191 if (RTGCPHYS_IS_NEGATIVE(off))
192 pRam = pRam->CTX_SUFF(pLeft);
193 else
194 pRam = pRam->CTX_SUFF(pRight);
195 }
196 return NULL;
197}
198
199
200/**
201 * Slow worker for pgmPhysGetRangeAtOrAbove.
202 *
203 * @copydoc pgmPhysGetRangeAtOrAbove
204 */
205PPGMRAMRANGE pgmPhysGetRangeAtOrAboveSlow(PVM pVM, RTGCPHYS GCPhys)
206{
207 STAM_COUNTER_INC(&pVM->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,RamRangeTlbMisses));
208
209 PPGMRAMRANGE pLastLeft = NULL;
210 PPGMRAMRANGE pRam = pVM->pgm.s.CTX_SUFF(pRamRangeTree);
211 while (pRam)
212 {
213 RTGCPHYS off = GCPhys - pRam->GCPhys;
214 if (off < pRam->cb)
215 {
216 pVM->pgm.s.CTX_SUFF(apRamRangesTlb)[PGM_RAMRANGE_TLB_IDX(GCPhys)] = pRam;
217 return pRam;
218 }
219 if (RTGCPHYS_IS_NEGATIVE(off))
220 {
221 pLastLeft = pRam;
222 pRam = pRam->CTX_SUFF(pLeft);
223 }
224 else
225 pRam = pRam->CTX_SUFF(pRight);
226 }
227 return pLastLeft;
228}
229
230
231/**
232 * Slow worker for pgmPhysGetPage.
233 *
234 * @copydoc pgmPhysGetPage
235 */
236PPGMPAGE pgmPhysGetPageSlow(PVM pVM, RTGCPHYS GCPhys)
237{
238 STAM_COUNTER_INC(&pVM->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,RamRangeTlbMisses));
239
240 PPGMRAMRANGE pRam = pVM->pgm.s.CTX_SUFF(pRamRangeTree);
241 while (pRam)
242 {
243 RTGCPHYS off = GCPhys - pRam->GCPhys;
244 if (off < pRam->cb)
245 {
246 pVM->pgm.s.CTX_SUFF(apRamRangesTlb)[PGM_RAMRANGE_TLB_IDX(GCPhys)] = pRam;
247 return &pRam->aPages[off >> PAGE_SHIFT];
248 }
249
250 if (RTGCPHYS_IS_NEGATIVE(off))
251 pRam = pRam->CTX_SUFF(pLeft);
252 else
253 pRam = pRam->CTX_SUFF(pRight);
254 }
255 return NULL;
256}
257
258
259/**
260 * Slow worker for pgmPhysGetPageEx.
261 *
262 * @copydoc pgmPhysGetPageEx
263 */
264int pgmPhysGetPageExSlow(PVM pVM, RTGCPHYS GCPhys, PPPGMPAGE ppPage)
265{
266 STAM_COUNTER_INC(&pVM->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,RamRangeTlbMisses));
267
268 PPGMRAMRANGE pRam = pVM->pgm.s.CTX_SUFF(pRamRangeTree);
269 while (pRam)
270 {
271 RTGCPHYS off = GCPhys - pRam->GCPhys;
272 if (off < pRam->cb)
273 {
274 pVM->pgm.s.CTX_SUFF(apRamRangesTlb)[PGM_RAMRANGE_TLB_IDX(GCPhys)] = pRam;
275 *ppPage = &pRam->aPages[off >> PAGE_SHIFT];
276 return VINF_SUCCESS;
277 }
278
279 if (RTGCPHYS_IS_NEGATIVE(off))
280 pRam = pRam->CTX_SUFF(pLeft);
281 else
282 pRam = pRam->CTX_SUFF(pRight);
283 }
284
285 *ppPage = NULL;
286 return VERR_PGM_INVALID_GC_PHYSICAL_ADDRESS;
287}
288
289
290/**
291 * Slow worker for pgmPhysGetPageAndRangeEx.
292 *
293 * @copydoc pgmPhysGetPageAndRangeEx
294 */
295int pgmPhysGetPageAndRangeExSlow(PVM pVM, RTGCPHYS GCPhys, PPPGMPAGE ppPage, PPGMRAMRANGE *ppRam)
296{
297 STAM_COUNTER_INC(&pVM->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,RamRangeTlbMisses));
298
299 PPGMRAMRANGE pRam = pVM->pgm.s.CTX_SUFF(pRamRangeTree);
300 while (pRam)
301 {
302 RTGCPHYS off = GCPhys - pRam->GCPhys;
303 if (off < pRam->cb)
304 {
305 pVM->pgm.s.CTX_SUFF(apRamRangesTlb)[PGM_RAMRANGE_TLB_IDX(GCPhys)] = pRam;
306 *ppRam = pRam;
307 *ppPage = &pRam->aPages[off >> PAGE_SHIFT];
308 return VINF_SUCCESS;
309 }
310
311 if (RTGCPHYS_IS_NEGATIVE(off))
312 pRam = pRam->CTX_SUFF(pLeft);
313 else
314 pRam = pRam->CTX_SUFF(pRight);
315 }
316
317 *ppRam = NULL;
318 *ppPage = NULL;
319 return VERR_PGM_INVALID_GC_PHYSICAL_ADDRESS;
320}
321
322
323/**
324 * Checks if Address Gate 20 is enabled or not.
325 *
326 * @returns true if enabled.
327 * @returns false if disabled.
328 * @param pVCpu VMCPU handle.
329 */
330VMMDECL(bool) PGMPhysIsA20Enabled(PVMCPU pVCpu)
331{
332 LogFlow(("PGMPhysIsA20Enabled %d\n", pVCpu->pgm.s.fA20Enabled));
333 return pVCpu->pgm.s.fA20Enabled;
334}
335
336
337/**
338 * Validates a GC physical address.
339 *
340 * @returns true if valid.
341 * @returns false if invalid.
342 * @param pVM The VM handle.
343 * @param GCPhys The physical address to validate.
344 */
345VMMDECL(bool) PGMPhysIsGCPhysValid(PVM pVM, RTGCPHYS GCPhys)
346{
347 PPGMPAGE pPage = pgmPhysGetPage(pVM, GCPhys);
348 return pPage != NULL;
349}
350
351
352/**
353 * Checks if a GC physical address is a normal page,
354 * i.e. not ROM, MMIO or reserved.
355 *
356 * @returns true if normal.
357 * @returns false if invalid, ROM, MMIO or reserved page.
358 * @param pVM The VM handle.
359 * @param GCPhys The physical address to check.
360 */
361VMMDECL(bool) PGMPhysIsGCPhysNormal(PVM pVM, RTGCPHYS GCPhys)
362{
363 PPGMPAGE pPage = pgmPhysGetPage(pVM, GCPhys);
364 return pPage
365 && PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_RAM;
366}
367
368
369/**
370 * Converts a GC physical address to a HC physical address.
371 *
372 * @returns VINF_SUCCESS on success.
373 * @returns VERR_PGM_PHYS_PAGE_RESERVED it it's a valid GC physical
374 * page but has no physical backing.
375 * @returns VERR_PGM_INVALID_GC_PHYSICAL_ADDRESS if it's not a valid
376 * GC physical address.
377 *
378 * @param pVM The VM handle.
379 * @param GCPhys The GC physical address to convert.
380 * @param pHCPhys Where to store the HC physical address on success.
381 */
382VMMDECL(int) PGMPhysGCPhys2HCPhys(PVM pVM, RTGCPHYS GCPhys, PRTHCPHYS pHCPhys)
383{
384 pgmLock(pVM);
385 PPGMPAGE pPage;
386 int rc = pgmPhysGetPageEx(pVM, GCPhys, &pPage);
387 if (RT_SUCCESS(rc))
388 *pHCPhys = PGM_PAGE_GET_HCPHYS(pPage) | (GCPhys & PAGE_OFFSET_MASK);
389 pgmUnlock(pVM);
390 return rc;
391}
392
393
394/**
395 * Invalidates all page mapping TLBs.
396 *
397 * @param pVM The VM handle.
398 */
399void pgmPhysInvalidatePageMapTLB(PVM pVM)
400{
401 pgmLock(pVM);
402 STAM_COUNTER_INC(&pVM->pgm.s.CTX_SUFF(pStats)->StatPageMapTlbFlushes);
403
404 /* Clear the shared R0/R3 TLB completely. */
405 for (unsigned i = 0; i < RT_ELEMENTS(pVM->pgm.s.PhysTlbHC.aEntries); i++)
406 {
407 pVM->pgm.s.PhysTlbHC.aEntries[i].GCPhys = NIL_RTGCPHYS;
408 pVM->pgm.s.PhysTlbHC.aEntries[i].pPage = 0;
409 pVM->pgm.s.PhysTlbHC.aEntries[i].pMap = 0;
410 pVM->pgm.s.PhysTlbHC.aEntries[i].pv = 0;
411 }
412
413 /** @todo clear the RC TLB whenever we add it. */
414
415 pgmUnlock(pVM);
416}
417
418
419/**
420 * Invalidates a page mapping TLB entry
421 *
422 * @param pVM The VM handle.
423 * @param GCPhys GCPhys entry to flush
424 */
425void pgmPhysInvalidatePageMapTLBEntry(PVM pVM, RTGCPHYS GCPhys)
426{
427 PGM_LOCK_ASSERT_OWNER(pVM);
428
429 STAM_COUNTER_INC(&pVM->pgm.s.CTX_SUFF(pStats)->StatPageMapTlbFlushEntry);
430
431#ifdef IN_RC
432 unsigned idx = PGM_PAGER3MAPTLB_IDX(GCPhys);
433 pVM->pgm.s.PhysTlbHC.aEntries[idx].GCPhys = NIL_RTGCPHYS;
434 pVM->pgm.s.PhysTlbHC.aEntries[idx].pPage = 0;
435 pVM->pgm.s.PhysTlbHC.aEntries[idx].pMap = 0;
436 pVM->pgm.s.PhysTlbHC.aEntries[idx].pv = 0;
437#else
438 /* Clear the shared R0/R3 TLB entry. */
439 PPGMPAGEMAPTLBE pTlbe = &pVM->pgm.s.CTXSUFF(PhysTlb).aEntries[PGM_PAGEMAPTLB_IDX(GCPhys)];
440 pTlbe->GCPhys = NIL_RTGCPHYS;
441 pTlbe->pPage = 0;
442 pTlbe->pMap = 0;
443 pTlbe->pv = 0;
444#endif
445
446 /** @todo clear the RC TLB whenever we add it. */
447}
448
449/**
450 * Makes sure that there is at least one handy page ready for use.
451 *
452 * This will also take the appropriate actions when reaching water-marks.
453 *
454 * @returns VBox status code.
455 * @retval VINF_SUCCESS on success.
456 * @retval VERR_EM_NO_MEMORY if we're really out of memory.
457 *
458 * @param pVM The VM handle.
459 *
460 * @remarks Must be called from within the PGM critical section. It may
461 * nip back to ring-3/0 in some cases.
462 */
463static int pgmPhysEnsureHandyPage(PVM pVM)
464{
465 AssertMsg(pVM->pgm.s.cHandyPages <= RT_ELEMENTS(pVM->pgm.s.aHandyPages), ("%d\n", pVM->pgm.s.cHandyPages));
466
467 /*
468 * Do we need to do anything special?
469 */
470#ifdef IN_RING3
471 if (pVM->pgm.s.cHandyPages <= RT_MAX(PGM_HANDY_PAGES_SET_FF, PGM_HANDY_PAGES_R3_ALLOC))
472#else
473 if (pVM->pgm.s.cHandyPages <= RT_MAX(PGM_HANDY_PAGES_SET_FF, PGM_HANDY_PAGES_RZ_TO_R3))
474#endif
475 {
476 /*
477 * Allocate pages only if we're out of them, or in ring-3, almost out.
478 */
479#ifdef IN_RING3
480 if (pVM->pgm.s.cHandyPages <= PGM_HANDY_PAGES_R3_ALLOC)
481#else
482 if (pVM->pgm.s.cHandyPages <= PGM_HANDY_PAGES_RZ_ALLOC)
483#endif
484 {
485 Log(("PGM: cHandyPages=%u out of %u -> allocate more; VM_FF_PGM_NO_MEMORY=%RTbool\n",
486 pVM->pgm.s.cHandyPages, RT_ELEMENTS(pVM->pgm.s.aHandyPages), VM_FF_ISSET(pVM, VM_FF_PGM_NO_MEMORY) ));
487#ifdef IN_RING3
488 int rc = PGMR3PhysAllocateHandyPages(pVM);
489#else
490 int rc = VMMRZCallRing3NoCpu(pVM, VMMCALLRING3_PGM_ALLOCATE_HANDY_PAGES, 0);
491#endif
492 if (RT_UNLIKELY(rc != VINF_SUCCESS))
493 {
494 if (RT_FAILURE(rc))
495 return rc;
496 AssertMsgReturn(rc == VINF_EM_NO_MEMORY, ("%Rrc\n", rc), VERR_IPE_UNEXPECTED_INFO_STATUS);
497 if (!pVM->pgm.s.cHandyPages)
498 {
499 LogRel(("PGM: no more handy pages!\n"));
500 return VERR_EM_NO_MEMORY;
501 }
502 Assert(VM_FF_ISSET(pVM, VM_FF_PGM_NEED_HANDY_PAGES));
503 Assert(VM_FF_ISSET(pVM, VM_FF_PGM_NO_MEMORY));
504#ifdef IN_RING3
505 REMR3NotifyFF(pVM);
506#else
507 VMCPU_FF_SET(VMMGetCpu(pVM), VMCPU_FF_TO_R3); /* paranoia */
508#endif
509 }
510 AssertMsgReturn( pVM->pgm.s.cHandyPages > 0
511 && pVM->pgm.s.cHandyPages <= RT_ELEMENTS(pVM->pgm.s.aHandyPages),
512 ("%u\n", pVM->pgm.s.cHandyPages),
513 VERR_INTERNAL_ERROR);
514 }
515 else
516 {
517 if (pVM->pgm.s.cHandyPages <= PGM_HANDY_PAGES_SET_FF)
518 VM_FF_SET(pVM, VM_FF_PGM_NEED_HANDY_PAGES);
519#ifndef IN_RING3
520 if (pVM->pgm.s.cHandyPages <= PGM_HANDY_PAGES_RZ_TO_R3)
521 {
522 Log(("PGM: VM_FF_TO_R3 - cHandyPages=%u out of %u\n", pVM->pgm.s.cHandyPages, RT_ELEMENTS(pVM->pgm.s.aHandyPages)));
523 VMCPU_FF_SET(VMMGetCpu(pVM), VMCPU_FF_TO_R3);
524 }
525#endif
526 }
527 }
528
529 return VINF_SUCCESS;
530}
531
532
533/**
534 * Replace a zero or shared page with new page that we can write to.
535 *
536 * @returns The following VBox status codes.
537 * @retval VINF_SUCCESS on success, pPage is modified.
538 * @retval VINF_PGM_SYNC_CR3 on success and a page pool flush is pending.
539 * @retval VERR_EM_NO_MEMORY if we're totally out of memory.
540 *
541 * @todo Propagate VERR_EM_NO_MEMORY up the call tree.
542 *
543 * @param pVM The VM address.
544 * @param pPage The physical page tracking structure. This will
545 * be modified on success.
546 * @param GCPhys The address of the page.
547 *
548 * @remarks Must be called from within the PGM critical section. It may
549 * nip back to ring-3/0 in some cases.
550 *
551 * @remarks This function shouldn't really fail, however if it does
552 * it probably means we've screwed up the size of handy pages and/or
553 * the low-water mark. Or, that some device I/O is causing a lot of
554 * pages to be allocated while while the host is in a low-memory
555 * condition. This latter should be handled elsewhere and in a more
556 * controlled manner, it's on the @bugref{3170} todo list...
557 */
558int pgmPhysAllocPage(PVM pVM, PPGMPAGE pPage, RTGCPHYS GCPhys)
559{
560 LogFlow(("pgmPhysAllocPage: %R[pgmpage] %RGp\n", pPage, GCPhys));
561
562 /*
563 * Prereqs.
564 */
565 PGM_LOCK_ASSERT_OWNER(pVM);
566 AssertMsg(PGM_PAGE_IS_ZERO(pPage) || PGM_PAGE_IS_SHARED(pPage), ("%R[pgmpage] %RGp\n", pPage, GCPhys));
567 Assert(!PGM_PAGE_IS_MMIO(pPage));
568
569# ifdef PGM_WITH_LARGE_PAGES
570 /*
571 * Try allocate a large page if applicable.
572 */
573 if ( PGMIsUsingLargePages(pVM)
574 && PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_RAM)
575 {
576 RTGCPHYS GCPhysBase = GCPhys & X86_PDE2M_PAE_PG_MASK;
577 PPGMPAGE pBasePage;
578
579 int rc = pgmPhysGetPageEx(pVM, GCPhysBase, &pBasePage);
580 AssertRCReturn(rc, rc); /* paranoia; can't happen. */
581 if (PGM_PAGE_GET_PDE_TYPE(pBasePage) == PGM_PAGE_PDE_TYPE_DONTCARE)
582 {
583 rc = pgmPhysAllocLargePage(pVM, GCPhys);
584 if (rc == VINF_SUCCESS)
585 return rc;
586 }
587 /* Mark the base as type page table, so we don't check over and over again. */
588 PGM_PAGE_SET_PDE_TYPE(pVM, pBasePage, PGM_PAGE_PDE_TYPE_PT);
589
590 /* fall back to 4KB pages. */
591 }
592# endif
593
594 /*
595 * Flush any shadow page table mappings of the page.
596 * When VBOX_WITH_NEW_LAZY_PAGE_ALLOC isn't defined, there shouldn't be any.
597 */
598 bool fFlushTLBs = false;
599 int rc = pgmPoolTrackUpdateGCPhys(pVM, GCPhys, pPage, true /*fFlushTLBs*/, &fFlushTLBs);
600 AssertMsgReturn(rc == VINF_SUCCESS || rc == VINF_PGM_SYNC_CR3, ("%Rrc\n", rc), RT_FAILURE(rc) ? rc : VERR_IPE_UNEXPECTED_STATUS);
601
602 /*
603 * Ensure that we've got a page handy, take it and use it.
604 */
605 int rc2 = pgmPhysEnsureHandyPage(pVM);
606 if (RT_FAILURE(rc2))
607 {
608 if (fFlushTLBs)
609 PGM_INVL_ALL_VCPU_TLBS(pVM);
610 Assert(rc2 == VERR_EM_NO_MEMORY);
611 return rc2;
612 }
613 /* re-assert preconditions since pgmPhysEnsureHandyPage may do a context switch. */
614 PGM_LOCK_ASSERT_OWNER(pVM);
615 AssertMsg(PGM_PAGE_IS_ZERO(pPage) || PGM_PAGE_IS_SHARED(pPage), ("%R[pgmpage] %RGp\n", pPage, GCPhys));
616 Assert(!PGM_PAGE_IS_MMIO(pPage));
617
618 uint32_t iHandyPage = --pVM->pgm.s.cHandyPages;
619 AssertMsg(iHandyPage < RT_ELEMENTS(pVM->pgm.s.aHandyPages), ("%d\n", iHandyPage));
620 Assert(pVM->pgm.s.aHandyPages[iHandyPage].HCPhysGCPhys != NIL_RTHCPHYS);
621 Assert(!(pVM->pgm.s.aHandyPages[iHandyPage].HCPhysGCPhys & ~X86_PTE_PAE_PG_MASK));
622 Assert(pVM->pgm.s.aHandyPages[iHandyPage].idPage != NIL_GMM_PAGEID);
623 Assert(pVM->pgm.s.aHandyPages[iHandyPage].idSharedPage == NIL_GMM_PAGEID);
624
625 /*
626 * There are one or two action to be taken the next time we allocate handy pages:
627 * - Tell the GMM (global memory manager) what the page is being used for.
628 * (Speeds up replacement operations - sharing and defragmenting.)
629 * - If the current backing is shared, it must be freed.
630 */
631 const RTHCPHYS HCPhys = pVM->pgm.s.aHandyPages[iHandyPage].HCPhysGCPhys;
632 pVM->pgm.s.aHandyPages[iHandyPage].HCPhysGCPhys = GCPhys & ~(RTGCPHYS)PAGE_OFFSET_MASK;
633
634 const void *pvSharedPage = NULL;
635
636 if (PGM_PAGE_IS_SHARED(pPage))
637 {
638 /* Mark this shared page for freeing/dereferencing. */
639 pVM->pgm.s.aHandyPages[iHandyPage].idSharedPage = PGM_PAGE_GET_PAGEID(pPage);
640 Assert(PGM_PAGE_GET_PAGEID(pPage) != NIL_GMM_PAGEID);
641
642 Log(("PGM: Replaced shared page %#x at %RGp with %#x / %RHp\n", PGM_PAGE_GET_PAGEID(pPage),
643 GCPhys, pVM->pgm.s.aHandyPages[iHandyPage].idPage, HCPhys));
644 STAM_COUNTER_INC(&pVM->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,PageReplaceShared));
645 pVM->pgm.s.cSharedPages--;
646
647 /* Grab the address of the page so we can make a copy later on. */
648 rc = pgmPhysGCPhys2CCPtrInternalReadOnly(pVM, pPage, GCPhys, &pvSharedPage);
649 AssertRC(rc);
650 }
651 else
652 {
653 Log2(("PGM: Replaced zero page %RGp with %#x / %RHp\n", GCPhys, pVM->pgm.s.aHandyPages[iHandyPage].idPage, HCPhys));
654 STAM_COUNTER_INC(&pVM->pgm.s.CTX_SUFF(pStats)->StatRZPageReplaceZero);
655 pVM->pgm.s.cZeroPages--;
656 }
657
658 /*
659 * Do the PGMPAGE modifications.
660 */
661 pVM->pgm.s.cPrivatePages++;
662 PGM_PAGE_SET_HCPHYS(pVM, pPage, HCPhys);
663 PGM_PAGE_SET_PAGEID(pVM, pPage, pVM->pgm.s.aHandyPages[iHandyPage].idPage);
664 PGM_PAGE_SET_STATE(pVM, pPage, PGM_PAGE_STATE_ALLOCATED);
665 PGM_PAGE_SET_PDE_TYPE(pVM, pPage, PGM_PAGE_PDE_TYPE_PT);
666 pgmPhysInvalidatePageMapTLBEntry(pVM, GCPhys);
667
668 /* Copy the shared page contents to the replacement page. */
669 if (pvSharedPage)
670 {
671 /* Get the virtual address of the new page. */
672 void *pvNewPage;
673 rc = pgmPhysGCPhys2CCPtrInternal(pVM, pPage, GCPhys, &pvNewPage);
674 AssertRC(rc);
675 if (rc == VINF_SUCCESS)
676 {
677 /** @todo todo write ASMMemCopyPage */
678 memcpy(pvNewPage, pvSharedPage, PAGE_SIZE);
679 }
680 }
681
682 if ( fFlushTLBs
683 && rc != VINF_PGM_GCPHYS_ALIASED)
684 PGM_INVL_ALL_VCPU_TLBS(pVM);
685 return rc;
686}
687
688#ifdef PGM_WITH_LARGE_PAGES
689
690/**
691 * Replace a 2 MB range of zero pages with new pages that we can write to.
692 *
693 * @returns The following VBox status codes.
694 * @retval VINF_SUCCESS on success, pPage is modified.
695 * @retval VINF_PGM_SYNC_CR3 on success and a page pool flush is pending.
696 * @retval VERR_EM_NO_MEMORY if we're totally out of memory.
697 *
698 * @todo Propagate VERR_EM_NO_MEMORY up the call tree.
699 *
700 * @param pVM The VM address.
701 * @param GCPhys The address of the page.
702 *
703 * @remarks Must be called from within the PGM critical section. It may
704 * nip back to ring-3/0 in some cases.
705 */
706int pgmPhysAllocLargePage(PVM pVM, RTGCPHYS GCPhys)
707{
708 RTGCPHYS GCPhysBase = GCPhys & X86_PDE2M_PAE_PG_MASK;
709 LogFlow(("pgmPhysAllocLargePage: %RGp base %RGp\n", GCPhys, GCPhysBase));
710
711 /*
712 * Prereqs.
713 */
714 PGM_LOCK_ASSERT_OWNER(pVM);
715 Assert(PGMIsUsingLargePages(pVM));
716
717 PPGMPAGE pFirstPage;
718 int rc = pgmPhysGetPageEx(pVM, GCPhysBase, &pFirstPage);
719 if ( RT_SUCCESS(rc)
720 && PGM_PAGE_GET_TYPE(pFirstPage) == PGMPAGETYPE_RAM)
721 {
722 unsigned uPDEType = PGM_PAGE_GET_PDE_TYPE(pFirstPage);
723
724 /* Don't call this function for already allocated pages. */
725 Assert(uPDEType != PGM_PAGE_PDE_TYPE_PDE);
726
727 if ( uPDEType == PGM_PAGE_PDE_TYPE_DONTCARE
728 && PGM_PAGE_GET_STATE(pFirstPage) == PGM_PAGE_STATE_ZERO)
729 {
730 /* Lazy approach: check all pages in the 2 MB range.
731 * The whole range must be ram and unallocated. */
732 GCPhys = GCPhysBase;
733 unsigned iPage;
734 for (iPage = 0; iPage < _2M/PAGE_SIZE; iPage++)
735 {
736 PPGMPAGE pSubPage;
737 rc = pgmPhysGetPageEx(pVM, GCPhys, &pSubPage);
738 if ( RT_FAILURE(rc)
739 || PGM_PAGE_GET_TYPE(pSubPage) != PGMPAGETYPE_RAM /* Anything other than ram implies monitoring. */
740 || PGM_PAGE_GET_STATE(pSubPage) != PGM_PAGE_STATE_ZERO) /* Allocated, monitored or shared means we can't use a large page here */
741 {
742 LogFlow(("Found page %RGp with wrong attributes (type=%d; state=%d); cancel check. rc=%d\n", GCPhys, PGM_PAGE_GET_TYPE(pSubPage), PGM_PAGE_GET_STATE(pSubPage), rc));
743 break;
744 }
745 Assert(PGM_PAGE_GET_PDE_TYPE(pSubPage) == PGM_PAGE_PDE_TYPE_DONTCARE);
746 GCPhys += PAGE_SIZE;
747 }
748 if (iPage != _2M/PAGE_SIZE)
749 {
750 /* Failed. Mark as requiring a PT so we don't check the whole thing again in the future. */
751 STAM_REL_COUNTER_INC(&pVM->pgm.s.StatLargePageRefused);
752 PGM_PAGE_SET_PDE_TYPE(pVM, pFirstPage, PGM_PAGE_PDE_TYPE_PT);
753 return VERR_PGM_INVALID_LARGE_PAGE_RANGE;
754 }
755
756 /*
757 * Do the allocation.
758 */
759# ifdef IN_RING3
760 rc = PGMR3PhysAllocateLargeHandyPage(pVM, GCPhysBase);
761# else
762 rc = VMMRZCallRing3NoCpu(pVM, VMMCALLRING3_PGM_ALLOCATE_LARGE_HANDY_PAGE, GCPhysBase);
763# endif
764 if (RT_SUCCESS(rc))
765 {
766 Assert(PGM_PAGE_GET_STATE(pFirstPage) == PGM_PAGE_STATE_ALLOCATED);
767 pVM->pgm.s.cLargePages++;
768 return VINF_SUCCESS;
769 }
770
771 /* If we fail once, it most likely means the host's memory is too
772 fragmented; don't bother trying again. */
773 LogFlow(("pgmPhysAllocLargePage failed with %Rrc\n", rc));
774 PGMSetLargePageUsage(pVM, false);
775 return rc;
776 }
777 }
778 return VERR_PGM_INVALID_LARGE_PAGE_RANGE;
779}
780
781
782/**
783 * Recheck the entire 2 MB range to see if we can use it again as a large page.
784 *
785 * @returns The following VBox status codes.
786 * @retval VINF_SUCCESS on success, the large page can be used again
787 * @retval VERR_PGM_INVALID_LARGE_PAGE_RANGE if it can't be reused
788 *
789 * @param pVM The VM address.
790 * @param GCPhys The address of the page.
791 * @param pLargePage Page structure of the base page
792 */
793int pgmPhysRecheckLargePage(PVM pVM, RTGCPHYS GCPhys, PPGMPAGE pLargePage)
794{
795 STAM_REL_COUNTER_INC(&pVM->pgm.s.StatLargePageRecheck);
796
797 GCPhys &= X86_PDE2M_PAE_PG_MASK;
798
799 /* Check the base page. */
800 Assert(PGM_PAGE_GET_PDE_TYPE(pLargePage) == PGM_PAGE_PDE_TYPE_PDE_DISABLED);
801 if ( PGM_PAGE_GET_STATE(pLargePage) != PGM_PAGE_STATE_ALLOCATED
802 || PGM_PAGE_GET_TYPE(pLargePage) != PGMPAGETYPE_RAM
803 || PGM_PAGE_GET_HNDL_PHYS_STATE(pLargePage) != PGM_PAGE_HNDL_PHYS_STATE_NONE)
804 {
805 LogFlow(("pgmPhysRecheckLargePage: checks failed for base page %x %x %x\n", PGM_PAGE_GET_STATE(pLargePage), PGM_PAGE_GET_TYPE(pLargePage), PGM_PAGE_GET_HNDL_PHYS_STATE(pLargePage)));
806 return VERR_PGM_INVALID_LARGE_PAGE_RANGE;
807 }
808
809 STAM_PROFILE_START(&pVM->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,IsValidLargePage), a);
810 /* Check all remaining pages in the 2 MB range. */
811 unsigned i;
812 GCPhys += PAGE_SIZE;
813 for (i = 1; i < _2M/PAGE_SIZE; i++)
814 {
815 PPGMPAGE pPage;
816 int rc = pgmPhysGetPageEx(pVM, GCPhys, &pPage);
817 AssertRCBreak(rc);
818
819 if ( PGM_PAGE_GET_STATE(pPage) != PGM_PAGE_STATE_ALLOCATED
820 || PGM_PAGE_GET_PDE_TYPE(pPage) != PGM_PAGE_PDE_TYPE_PDE
821 || PGM_PAGE_GET_TYPE(pPage) != PGMPAGETYPE_RAM
822 || PGM_PAGE_GET_HNDL_PHYS_STATE(pPage) != PGM_PAGE_HNDL_PHYS_STATE_NONE)
823 {
824 LogFlow(("pgmPhysRecheckLargePage: checks failed for page %d; %x %x %x\n", i, PGM_PAGE_GET_STATE(pPage), PGM_PAGE_GET_TYPE(pPage), PGM_PAGE_GET_HNDL_PHYS_STATE(pPage)));
825 break;
826 }
827
828 GCPhys += PAGE_SIZE;
829 }
830 STAM_PROFILE_STOP(&pVM->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,IsValidLargePage), a);
831
832 if (i == _2M/PAGE_SIZE)
833 {
834 PGM_PAGE_SET_PDE_TYPE(pVM, pLargePage, PGM_PAGE_PDE_TYPE_PDE);
835 pVM->pgm.s.cLargePagesDisabled--;
836 Log(("pgmPhysRecheckLargePage: page %RGp can be reused!\n", GCPhys - _2M));
837 return VINF_SUCCESS;
838 }
839
840 return VERR_PGM_INVALID_LARGE_PAGE_RANGE;
841}
842
843#endif /* PGM_WITH_LARGE_PAGES */
844
845/**
846 * Deal with a write monitored page.
847 *
848 * @returns VBox strict status code.
849 *
850 * @param pVM The VM address.
851 * @param pPage The physical page tracking structure.
852 *
853 * @remarks Called from within the PGM critical section.
854 */
855void pgmPhysPageMakeWriteMonitoredWritable(PVM pVM, PPGMPAGE pPage)
856{
857 Assert(PGM_PAGE_GET_STATE(pPage) == PGM_PAGE_STATE_WRITE_MONITORED);
858 PGM_PAGE_SET_WRITTEN_TO(pVM, pPage);
859 PGM_PAGE_SET_STATE(pVM, pPage, PGM_PAGE_STATE_ALLOCATED);
860 Assert(pVM->pgm.s.cMonitoredPages > 0);
861 pVM->pgm.s.cMonitoredPages--;
862 pVM->pgm.s.cWrittenToPages++;
863}
864
865
866/**
867 * Deal with pages that are not writable, i.e. not in the ALLOCATED state.
868 *
869 * @returns VBox strict status code.
870 * @retval VINF_SUCCESS on success.
871 * @retval VINF_PGM_SYNC_CR3 on success and a page pool flush is pending.
872 * @retval VERR_PGM_PHYS_PAGE_RESERVED it it's a valid page but has no physical backing.
873 *
874 * @param pVM The VM address.
875 * @param pPage The physical page tracking structure.
876 * @param GCPhys The address of the page.
877 *
878 * @remarks Called from within the PGM critical section.
879 */
880int pgmPhysPageMakeWritable(PVM pVM, PPGMPAGE pPage, RTGCPHYS GCPhys)
881{
882 PGM_LOCK_ASSERT_OWNER(pVM);
883 switch (PGM_PAGE_GET_STATE(pPage))
884 {
885 case PGM_PAGE_STATE_WRITE_MONITORED:
886 pgmPhysPageMakeWriteMonitoredWritable(pVM, pPage);
887 /* fall thru */
888 default: /* to shut up GCC */
889 case PGM_PAGE_STATE_ALLOCATED:
890 return VINF_SUCCESS;
891
892 /*
893 * Zero pages can be dummy pages for MMIO or reserved memory,
894 * so we need to check the flags before joining cause with
895 * shared page replacement.
896 */
897 case PGM_PAGE_STATE_ZERO:
898 if (PGM_PAGE_IS_MMIO(pPage))
899 return VERR_PGM_PHYS_PAGE_RESERVED;
900 /* fall thru */
901 case PGM_PAGE_STATE_SHARED:
902 return pgmPhysAllocPage(pVM, pPage, GCPhys);
903
904 /* Not allowed to write to ballooned pages. */
905 case PGM_PAGE_STATE_BALLOONED:
906 return VERR_PGM_PHYS_PAGE_BALLOONED;
907 }
908}
909
910
911/**
912 * Internal usage: Map the page specified by its GMM ID.
913 *
914 * This is similar to pgmPhysPageMap
915 *
916 * @returns VBox status code.
917 *
918 * @param pVM The VM handle.
919 * @param idPage The Page ID.
920 * @param HCPhys The physical address (for RC).
921 * @param ppv Where to store the mapping address.
922 *
923 * @remarks Called from within the PGM critical section. The mapping is only
924 * valid while your inside this section.
925 */
926int pgmPhysPageMapByPageID(PVM pVM, uint32_t idPage, RTHCPHYS HCPhys, void **ppv)
927{
928 /*
929 * Validation.
930 */
931 PGM_LOCK_ASSERT_OWNER(pVM);
932 AssertReturn(HCPhys && !(HCPhys & PAGE_OFFSET_MASK), VERR_INVALID_PARAMETER);
933 const uint32_t idChunk = idPage >> GMM_CHUNKID_SHIFT;
934 AssertReturn(idChunk != NIL_GMM_CHUNKID, VERR_INVALID_PARAMETER);
935
936#if defined(IN_RC) || defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0)
937 /*
938 * Map it by HCPhys.
939 */
940 return pgmRZDynMapHCPageInlined(VMMGetCpu(pVM), HCPhys, ppv RTLOG_COMMA_SRC_POS);
941
942#else
943 /*
944 * Find/make Chunk TLB entry for the mapping chunk.
945 */
946 PPGMCHUNKR3MAP pMap;
947 PPGMCHUNKR3MAPTLBE pTlbe = &pVM->pgm.s.ChunkR3Map.Tlb.aEntries[PGM_CHUNKR3MAPTLB_IDX(idChunk)];
948 if (pTlbe->idChunk == idChunk)
949 {
950 STAM_COUNTER_INC(&pVM->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,ChunkR3MapTlbHits));
951 pMap = pTlbe->pChunk;
952 }
953 else
954 {
955 STAM_COUNTER_INC(&pVM->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,ChunkR3MapTlbMisses));
956
957 /*
958 * Find the chunk, map it if necessary.
959 */
960 pMap = (PPGMCHUNKR3MAP)RTAvlU32Get(&pVM->pgm.s.ChunkR3Map.pTree, idChunk);
961 if (!pMap)
962 {
963# ifdef IN_RING0
964 int rc = VMMRZCallRing3NoCpu(pVM, VMMCALLRING3_PGM_MAP_CHUNK, idChunk);
965 AssertRCReturn(rc, rc);
966 pMap = (PPGMCHUNKR3MAP)RTAvlU32Get(&pVM->pgm.s.ChunkR3Map.pTree, idChunk);
967 Assert(pMap);
968# else
969 int rc = pgmR3PhysChunkMap(pVM, idChunk, &pMap);
970 if (RT_FAILURE(rc))
971 return rc;
972# endif
973 }
974
975 /*
976 * Enter it into the Chunk TLB.
977 */
978 pTlbe->idChunk = idChunk;
979 pTlbe->pChunk = pMap;
980 pMap->iAge = 0;
981 }
982
983 *ppv = (uint8_t *)pMap->pv + ((idPage &GMM_PAGEID_IDX_MASK) << PAGE_SHIFT);
984 return VINF_SUCCESS;
985#endif
986}
987
988
989/**
990 * Maps a page into the current virtual address space so it can be accessed.
991 *
992 * @returns VBox status code.
993 * @retval VINF_SUCCESS on success.
994 * @retval VERR_PGM_PHYS_PAGE_RESERVED it it's a valid page but has no physical backing.
995 *
996 * @param pVM The VM address.
997 * @param pPage The physical page tracking structure.
998 * @param GCPhys The address of the page.
999 * @param ppMap Where to store the address of the mapping tracking structure.
1000 * @param ppv Where to store the mapping address of the page. The page
1001 * offset is masked off!
1002 *
1003 * @remarks Called from within the PGM critical section.
1004 */
1005static int pgmPhysPageMapCommon(PVM pVM, PPGMPAGE pPage, RTGCPHYS GCPhys, PPPGMPAGEMAP ppMap, void **ppv)
1006{
1007 PGM_LOCK_ASSERT_OWNER(pVM);
1008
1009#if defined(IN_RC) || defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0)
1010 /*
1011 * Just some sketchy GC/R0-darwin code.
1012 */
1013 *ppMap = NULL;
1014 RTHCPHYS HCPhys = PGM_PAGE_GET_HCPHYS(pPage);
1015 Assert(HCPhys != pVM->pgm.s.HCPhysZeroPg);
1016 pgmRZDynMapHCPageInlined(VMMGetCpu(pVM), HCPhys, ppv RTLOG_COMMA_SRC_POS);
1017 return VINF_SUCCESS;
1018
1019#else /* IN_RING3 || IN_RING0 */
1020
1021
1022 /*
1023 * Special case: ZERO and MMIO2 pages.
1024 */
1025 const uint32_t idChunk = PGM_PAGE_GET_CHUNKID(pPage);
1026 if (idChunk == NIL_GMM_CHUNKID)
1027 {
1028 AssertMsgReturn(PGM_PAGE_GET_PAGEID(pPage) == NIL_GMM_PAGEID, ("pPage=%R[pgmpage]\n", pPage), VERR_INTERNAL_ERROR_2);
1029 if (PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_MMIO2)
1030 {
1031 /* Lookup the MMIO2 range and use pvR3 to calc the address. */
1032 PPGMRAMRANGE pRam = pgmPhysGetRange(pVM, GCPhys);
1033 AssertMsgReturn(pRam || !pRam->pvR3, ("pRam=%p pPage=%R[pgmpage]\n", pRam, pPage), VERR_INTERNAL_ERROR_2);
1034 *ppv = (void *)((uintptr_t)pRam->pvR3 + (uintptr_t)((GCPhys & ~(RTGCPHYS)PAGE_OFFSET_MASK) - pRam->GCPhys));
1035 }
1036 else if (PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_MMIO2_ALIAS_MMIO)
1037 {
1038 /** @todo deal with aliased MMIO2 pages somehow...
1039 * One solution would be to seed MMIO2 pages to GMM and get unique Page IDs for
1040 * them, that would also avoid this mess. It would actually be kind of
1041 * elegant... */
1042 AssertLogRelMsgFailedReturn(("%RGp\n", GCPhys), VERR_INTERNAL_ERROR_3);
1043 }
1044 else
1045 {
1046 /** @todo handle MMIO2 */
1047 AssertMsgReturn(PGM_PAGE_IS_ZERO(pPage), ("pPage=%R[pgmpage]\n", pPage), VERR_INTERNAL_ERROR_2);
1048 AssertMsgReturn(PGM_PAGE_GET_HCPHYS(pPage) == pVM->pgm.s.HCPhysZeroPg,
1049 ("pPage=%R[pgmpage]\n", pPage),
1050 VERR_INTERNAL_ERROR_2);
1051 *ppv = pVM->pgm.s.CTXALLSUFF(pvZeroPg);
1052 }
1053 *ppMap = NULL;
1054 return VINF_SUCCESS;
1055 }
1056
1057 /*
1058 * Find/make Chunk TLB entry for the mapping chunk.
1059 */
1060 PPGMCHUNKR3MAP pMap;
1061 PPGMCHUNKR3MAPTLBE pTlbe = &pVM->pgm.s.ChunkR3Map.Tlb.aEntries[PGM_CHUNKR3MAPTLB_IDX(idChunk)];
1062 if (pTlbe->idChunk == idChunk)
1063 {
1064 STAM_COUNTER_INC(&pVM->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,ChunkR3MapTlbHits));
1065 pMap = pTlbe->pChunk;
1066 }
1067 else
1068 {
1069 STAM_COUNTER_INC(&pVM->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,ChunkR3MapTlbMisses));
1070
1071 /*
1072 * Find the chunk, map it if necessary.
1073 */
1074 pMap = (PPGMCHUNKR3MAP)RTAvlU32Get(&pVM->pgm.s.ChunkR3Map.pTree, idChunk);
1075 if (!pMap)
1076 {
1077#ifdef IN_RING0
1078 int rc = VMMRZCallRing3NoCpu(pVM, VMMCALLRING3_PGM_MAP_CHUNK, idChunk);
1079 AssertRCReturn(rc, rc);
1080 pMap = (PPGMCHUNKR3MAP)RTAvlU32Get(&pVM->pgm.s.ChunkR3Map.pTree, idChunk);
1081 Assert(pMap);
1082#else
1083 int rc = pgmR3PhysChunkMap(pVM, idChunk, &pMap);
1084 if (RT_FAILURE(rc))
1085 return rc;
1086#endif
1087 }
1088
1089 /*
1090 * Enter it into the Chunk TLB.
1091 */
1092 pTlbe->idChunk = idChunk;
1093 pTlbe->pChunk = pMap;
1094 pMap->iAge = 0;
1095 }
1096
1097 *ppv = (uint8_t *)pMap->pv + (PGM_PAGE_GET_PAGE_IN_CHUNK(pPage) << PAGE_SHIFT);
1098 *ppMap = pMap;
1099 return VINF_SUCCESS;
1100#endif /* IN_RING3 */
1101}
1102
1103
1104/**
1105 * Combination of pgmPhysPageMakeWritable and pgmPhysPageMapWritable.
1106 *
1107 * This is typically used is paths where we cannot use the TLB methods (like ROM
1108 * pages) or where there is no point in using them since we won't get many hits.
1109 *
1110 * @returns VBox strict status code.
1111 * @retval VINF_SUCCESS on success.
1112 * @retval VINF_PGM_SYNC_CR3 on success and a page pool flush is pending.
1113 * @retval VERR_PGM_PHYS_PAGE_RESERVED it it's a valid page but has no physical backing.
1114 *
1115 * @param pVM The VM address.
1116 * @param pPage The physical page tracking structure.
1117 * @param GCPhys The address of the page.
1118 * @param ppv Where to store the mapping address of the page. The page
1119 * offset is masked off!
1120 *
1121 * @remarks Called from within the PGM critical section. The mapping is only
1122 * valid while your inside this section.
1123 */
1124int pgmPhysPageMakeWritableAndMap(PVM pVM, PPGMPAGE pPage, RTGCPHYS GCPhys, void **ppv)
1125{
1126 int rc = pgmPhysPageMakeWritable(pVM, pPage, GCPhys);
1127 if (RT_SUCCESS(rc))
1128 {
1129 AssertMsg(rc == VINF_SUCCESS || rc == VINF_PGM_SYNC_CR3 /* returned */, ("%Rrc\n", rc));
1130 PPGMPAGEMAP pMapIgnore;
1131 int rc2 = pgmPhysPageMapCommon(pVM, pPage, GCPhys, &pMapIgnore, ppv);
1132 if (RT_FAILURE(rc2)) /* preserve rc */
1133 rc = rc2;
1134 }
1135 return rc;
1136}
1137
1138
1139/**
1140 * Maps a page into the current virtual address space so it can be accessed for
1141 * both writing and reading.
1142 *
1143 * This is typically used is paths where we cannot use the TLB methods (like ROM
1144 * pages) or where there is no point in using them since we won't get many hits.
1145 *
1146 * @returns VBox status code.
1147 * @retval VINF_SUCCESS on success.
1148 * @retval VERR_PGM_PHYS_PAGE_RESERVED it it's a valid page but has no physical backing.
1149 *
1150 * @param pVM The VM address.
1151 * @param pPage The physical page tracking structure. Must be in the
1152 * allocated state.
1153 * @param GCPhys The address of the page.
1154 * @param ppv Where to store the mapping address of the page. The page
1155 * offset is masked off!
1156 *
1157 * @remarks Called from within the PGM critical section. The mapping is only
1158 * valid while your inside this section.
1159 */
1160int pgmPhysPageMap(PVM pVM, PPGMPAGE pPage, RTGCPHYS GCPhys, void **ppv)
1161{
1162 Assert(PGM_PAGE_GET_STATE(pPage) == PGM_PAGE_STATE_ALLOCATED);
1163 PPGMPAGEMAP pMapIgnore;
1164 return pgmPhysPageMapCommon(pVM, pPage, GCPhys, &pMapIgnore, ppv);
1165}
1166
1167
1168/**
1169 * Maps a page into the current virtual address space so it can be accessed for
1170 * reading.
1171 *
1172 * This is typically used is paths where we cannot use the TLB methods (like ROM
1173 * pages) or where there is no point in using them since we won't get many hits.
1174 *
1175 * @returns VBox status code.
1176 * @retval VINF_SUCCESS on success.
1177 * @retval VERR_PGM_PHYS_PAGE_RESERVED it it's a valid page but has no physical backing.
1178 *
1179 * @param pVM The VM address.
1180 * @param pPage The physical page tracking structure.
1181 * @param GCPhys The address of the page.
1182 * @param ppv Where to store the mapping address of the page. The page
1183 * offset is masked off!
1184 *
1185 * @remarks Called from within the PGM critical section. The mapping is only
1186 * valid while your inside this section.
1187 */
1188int pgmPhysPageMapReadOnly(PVM pVM, PPGMPAGE pPage, RTGCPHYS GCPhys, void const **ppv)
1189{
1190 PPGMPAGEMAP pMapIgnore;
1191 return pgmPhysPageMapCommon(pVM, pPage, GCPhys, &pMapIgnore, (void **)ppv);
1192}
1193
1194#if !defined(IN_RC) && !defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0)
1195
1196/**
1197 * Load a guest page into the ring-3 physical TLB.
1198 *
1199 * @returns VBox status code.
1200 * @retval VINF_SUCCESS on success
1201 * @retval VERR_PGM_INVALID_GC_PHYSICAL_ADDRESS if it's not a valid physical address.
1202 * @param pPGM The PGM instance pointer.
1203 * @param GCPhys The guest physical address in question.
1204 */
1205int pgmPhysPageLoadIntoTlb(PVM pVM, RTGCPHYS GCPhys)
1206{
1207 PGM_LOCK_ASSERT_OWNER(pVM);
1208
1209 /*
1210 * Find the ram range and page and hand it over to the with-page function.
1211 * 99.8% of requests are expected to be in the first range.
1212 */
1213 PPGMPAGE pPage = pgmPhysGetPage(pVM, GCPhys);
1214 if (!pPage)
1215 {
1216 STAM_COUNTER_INC(&pVM->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,PageMapTlbMisses));
1217 return VERR_PGM_INVALID_GC_PHYSICAL_ADDRESS;
1218 }
1219
1220 return pgmPhysPageLoadIntoTlbWithPage(pVM, pPage, GCPhys);
1221}
1222
1223
1224/**
1225 * Load a guest page into the ring-3 physical TLB.
1226 *
1227 * @returns VBox status code.
1228 * @retval VINF_SUCCESS on success
1229 * @retval VERR_PGM_INVALID_GC_PHYSICAL_ADDRESS if it's not a valid physical address.
1230 *
1231 * @param pVM The VM handle.
1232 * @param pPage Pointer to the PGMPAGE structure corresponding to
1233 * GCPhys.
1234 * @param GCPhys The guest physical address in question.
1235 */
1236int pgmPhysPageLoadIntoTlbWithPage(PVM pVM, PPGMPAGE pPage, RTGCPHYS GCPhys)
1237{
1238 PGM_LOCK_ASSERT_OWNER(pVM);
1239 STAM_COUNTER_INC(&pVM->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,PageMapTlbMisses));
1240
1241 /*
1242 * Map the page.
1243 * Make a special case for the zero page as it is kind of special.
1244 */
1245 PPGMPAGEMAPTLBE pTlbe = &pVM->pgm.s.CTXSUFF(PhysTlb).aEntries[PGM_PAGEMAPTLB_IDX(GCPhys)];
1246 if ( !PGM_PAGE_IS_ZERO(pPage)
1247 && !PGM_PAGE_IS_BALLOONED(pPage))
1248 {
1249 void *pv;
1250 PPGMPAGEMAP pMap;
1251 int rc = pgmPhysPageMapCommon(pVM, pPage, GCPhys, &pMap, &pv);
1252 if (RT_FAILURE(rc))
1253 return rc;
1254 pTlbe->pMap = pMap;
1255 pTlbe->pv = pv;
1256 Assert(!((uintptr_t)pTlbe->pv & PAGE_OFFSET_MASK));
1257 }
1258 else
1259 {
1260 AssertMsg(PGM_PAGE_GET_HCPHYS(pPage) == pVM->pgm.s.HCPhysZeroPg, ("%RGp/%R[pgmpage]\n", GCPhys, pPage));
1261 pTlbe->pMap = NULL;
1262 pTlbe->pv = pVM->pgm.s.CTXALLSUFF(pvZeroPg);
1263 }
1264#ifdef PGM_WITH_PHYS_TLB
1265 if ( PGM_PAGE_GET_TYPE(pPage) < PGMPAGETYPE_ROM_SHADOW
1266 || PGM_PAGE_GET_TYPE(pPage) > PGMPAGETYPE_ROM)
1267 pTlbe->GCPhys = GCPhys & X86_PTE_PAE_PG_MASK;
1268 else
1269 pTlbe->GCPhys = NIL_RTGCPHYS; /* ROM: Problematic because of the two pages. :-/ */
1270#else
1271 pTlbe->GCPhys = NIL_RTGCPHYS;
1272#endif
1273 pTlbe->pPage = pPage;
1274 return VINF_SUCCESS;
1275}
1276
1277#endif /* !IN_RC && !VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0 */
1278
1279/**
1280 * Internal version of PGMPhysGCPhys2CCPtr that expects the caller to
1281 * own the PGM lock and therefore not need to lock the mapped page.
1282 *
1283 * @returns VBox status code.
1284 * @retval VINF_SUCCESS on success.
1285 * @retval VERR_PGM_PHYS_PAGE_RESERVED it it's a valid page but has no physical backing.
1286 * @retval VERR_PGM_INVALID_GC_PHYSICAL_ADDRESS if it's not a valid physical address.
1287 *
1288 * @param pVM The VM handle.
1289 * @param GCPhys The guest physical address of the page that should be mapped.
1290 * @param pPage Pointer to the PGMPAGE structure for the page.
1291 * @param ppv Where to store the address corresponding to GCPhys.
1292 *
1293 * @internal
1294 */
1295int pgmPhysGCPhys2CCPtrInternal(PVM pVM, PPGMPAGE pPage, RTGCPHYS GCPhys, void **ppv)
1296{
1297 int rc;
1298 AssertReturn(pPage, VERR_INTERNAL_ERROR);
1299 PGM_LOCK_ASSERT_OWNER(pVM);
1300
1301 /*
1302 * Make sure the page is writable.
1303 */
1304 if (RT_UNLIKELY(PGM_PAGE_GET_STATE(pPage) != PGM_PAGE_STATE_ALLOCATED))
1305 {
1306 rc = pgmPhysPageMakeWritable(pVM, pPage, GCPhys);
1307 if (RT_FAILURE(rc))
1308 return rc;
1309 AssertMsg(rc == VINF_SUCCESS || rc == VINF_PGM_SYNC_CR3 /* not returned */, ("%Rrc\n", rc));
1310 }
1311 Assert(PGM_PAGE_GET_HCPHYS(pPage) != 0);
1312
1313 /*
1314 * Get the mapping address.
1315 */
1316#if defined(IN_RC) || defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0)
1317 void *pv;
1318 rc = pgmRZDynMapHCPageInlined(VMMGetCpu(pVM),
1319 PGM_PAGE_GET_HCPHYS(pPage),
1320 &pv
1321 RTLOG_COMMA_SRC_POS);
1322 if (RT_FAILURE(rc))
1323 return rc;
1324 *ppv = (void *)((uintptr_t)pv | (uintptr_t)(GCPhys & PAGE_OFFSET_MASK));
1325#else
1326 PPGMPAGEMAPTLBE pTlbe;
1327 rc = pgmPhysPageQueryTlbeWithPage(pVM, pPage, GCPhys, &pTlbe);
1328 if (RT_FAILURE(rc))
1329 return rc;
1330 *ppv = (void *)((uintptr_t)pTlbe->pv | (uintptr_t)(GCPhys & PAGE_OFFSET_MASK));
1331#endif
1332 return VINF_SUCCESS;
1333}
1334
1335
1336/**
1337 * Internal version of PGMPhysGCPhys2CCPtrReadOnly that expects the caller to
1338 * own the PGM lock and therefore not need to lock the mapped page.
1339 *
1340 * @returns VBox status code.
1341 * @retval VINF_SUCCESS on success.
1342 * @retval VERR_PGM_PHYS_PAGE_RESERVED it it's a valid page but has no physical backing.
1343 * @retval VERR_PGM_INVALID_GC_PHYSICAL_ADDRESS if it's not a valid physical address.
1344 *
1345 * @param pVM The VM handle.
1346 * @param GCPhys The guest physical address of the page that should be mapped.
1347 * @param pPage Pointer to the PGMPAGE structure for the page.
1348 * @param ppv Where to store the address corresponding to GCPhys.
1349 *
1350 * @internal
1351 */
1352int pgmPhysGCPhys2CCPtrInternalReadOnly(PVM pVM, PPGMPAGE pPage, RTGCPHYS GCPhys, const void **ppv)
1353{
1354 AssertReturn(pPage, VERR_INTERNAL_ERROR);
1355 PGM_LOCK_ASSERT_OWNER(pVM);
1356 Assert(PGM_PAGE_GET_HCPHYS(pPage) != 0);
1357
1358 /*
1359 * Get the mapping address.
1360 */
1361#if defined(IN_RC) || defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0)
1362 void *pv;
1363 int rc = pgmRZDynMapHCPageInlined(VMMGetCpu(pVM),
1364 PGM_PAGE_GET_HCPHYS(pPage),
1365 &pv
1366 RTLOG_COMMA_SRC_POS); /** @todo add a read only flag? */
1367 if (RT_FAILURE(rc))
1368 return rc;
1369 *ppv = (void *)((uintptr_t)pv | (uintptr_t)(GCPhys & PAGE_OFFSET_MASK));
1370#else
1371 PPGMPAGEMAPTLBE pTlbe;
1372 int rc = pgmPhysPageQueryTlbeWithPage(pVM, pPage, GCPhys, &pTlbe);
1373 if (RT_FAILURE(rc))
1374 return rc;
1375 *ppv = (void *)((uintptr_t)pTlbe->pv | (uintptr_t)(GCPhys & PAGE_OFFSET_MASK));
1376#endif
1377 return VINF_SUCCESS;
1378}
1379
1380
1381/**
1382 * Requests the mapping of a guest page into the current context.
1383 *
1384 * This API should only be used for very short term, as it will consume
1385 * scarse resources (R0 and GC) in the mapping cache. When you're done
1386 * with the page, call PGMPhysReleasePageMappingLock() ASAP to release it.
1387 *
1388 * This API will assume your intention is to write to the page, and will
1389 * therefore replace shared and zero pages. If you do not intend to modify
1390 * the page, use the PGMPhysGCPhys2CCPtrReadOnly() API.
1391 *
1392 * @returns VBox status code.
1393 * @retval VINF_SUCCESS on success.
1394 * @retval VERR_PGM_PHYS_PAGE_RESERVED it it's a valid page but has no physical backing.
1395 * @retval VERR_PGM_INVALID_GC_PHYSICAL_ADDRESS if it's not a valid physical address.
1396 *
1397 * @param pVM The VM handle.
1398 * @param GCPhys The guest physical address of the page that should be mapped.
1399 * @param ppv Where to store the address corresponding to GCPhys.
1400 * @param pLock Where to store the lock information that PGMPhysReleasePageMappingLock needs.
1401 *
1402 * @remarks The caller is responsible for dealing with access handlers.
1403 * @todo Add an informational return code for pages with access handlers?
1404 *
1405 * @remark Avoid calling this API from within critical sections (other than the
1406 * PGM one) because of the deadlock risk. External threads may need to
1407 * delegate jobs to the EMTs.
1408 * @thread Any thread.
1409 */
1410VMMDECL(int) PGMPhysGCPhys2CCPtr(PVM pVM, RTGCPHYS GCPhys, void **ppv, PPGMPAGEMAPLOCK pLock)
1411{
1412 int rc = pgmLock(pVM);
1413 AssertRCReturn(rc, rc);
1414
1415#if defined(IN_RC) || defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0)
1416 /*
1417 * Find the page and make sure it's writable.
1418 */
1419 PPGMPAGE pPage;
1420 rc = pgmPhysGetPageEx(pVM, GCPhys, &pPage);
1421 if (RT_SUCCESS(rc))
1422 {
1423 if (RT_UNLIKELY(PGM_PAGE_GET_STATE(pPage) != PGM_PAGE_STATE_ALLOCATED))
1424 rc = pgmPhysPageMakeWritable(pVM, pPage, GCPhys);
1425 if (RT_SUCCESS(rc))
1426 {
1427 AssertMsg(rc == VINF_SUCCESS || rc == VINF_PGM_SYNC_CR3 /* not returned */, ("%Rrc\n", rc));
1428
1429 PVMCPU pVCpu = VMMGetCpu(pVM);
1430 void *pv;
1431 rc = pgmRZDynMapHCPageInlined(pVCpu,
1432 PGM_PAGE_GET_HCPHYS(pPage),
1433 &pv
1434 RTLOG_COMMA_SRC_POS);
1435 if (RT_SUCCESS(rc))
1436 {
1437 AssertRCSuccess(rc);
1438
1439 pv = (void *)((uintptr_t)pv | (uintptr_t)(GCPhys & PAGE_OFFSET_MASK));
1440 *ppv = pv;
1441 pLock->pvPage = pv;
1442 pLock->pVCpu = pVCpu;
1443 }
1444 }
1445 }
1446
1447#else /* IN_RING3 || IN_RING0 */
1448 /* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */
1449 /** @todo : This can be dangerous if abused for more than one page; the ring-3 mapping is only valid for ranges that do NOT cross a chunk boundary. */
1450 /* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */
1451
1452 /*
1453 * Query the Physical TLB entry for the page (may fail).
1454 */
1455 PPGMPAGEMAPTLBE pTlbe;
1456 rc = pgmPhysPageQueryTlbe(pVM, GCPhys, &pTlbe);
1457 if (RT_SUCCESS(rc))
1458 {
1459 /*
1460 * If the page is shared, the zero page, or being write monitored
1461 * it must be converted to a page that's writable if possible.
1462 */
1463 PPGMPAGE pPage = pTlbe->pPage;
1464 if (RT_UNLIKELY(PGM_PAGE_GET_STATE(pPage) != PGM_PAGE_STATE_ALLOCATED))
1465 {
1466 rc = pgmPhysPageMakeWritable(pVM, pPage, GCPhys);
1467 if (RT_SUCCESS(rc))
1468 {
1469 AssertMsg(rc == VINF_SUCCESS || rc == VINF_PGM_SYNC_CR3 /* not returned */, ("%Rrc\n", rc));
1470 rc = pgmPhysPageQueryTlbeWithPage(pVM, pPage, GCPhys, &pTlbe);
1471 }
1472 }
1473 if (RT_SUCCESS(rc))
1474 {
1475 /*
1476 * Now, just perform the locking and calculate the return address.
1477 */
1478 PPGMPAGEMAP pMap = pTlbe->pMap;
1479 if (pMap)
1480 pMap->cRefs++;
1481
1482 unsigned cLocks = PGM_PAGE_GET_WRITE_LOCKS(pPage);
1483 if (RT_LIKELY(cLocks < PGM_PAGE_MAX_LOCKS - 1))
1484 {
1485 if (cLocks == 0)
1486 pVM->pgm.s.cWriteLockedPages++;
1487 PGM_PAGE_INC_WRITE_LOCKS(pPage);
1488 }
1489 else if (cLocks != PGM_PAGE_GET_WRITE_LOCKS(pPage))
1490 {
1491 PGM_PAGE_INC_WRITE_LOCKS(pPage);
1492 AssertMsgFailed(("%RGp / %R[pgmpage] is entering permanent write locked state!\n", GCPhys, pPage));
1493 if (pMap)
1494 pMap->cRefs++; /* Extra ref to prevent it from going away. */
1495 }
1496
1497 *ppv = (void *)((uintptr_t)pTlbe->pv | (uintptr_t)(GCPhys & PAGE_OFFSET_MASK));
1498 pLock->uPageAndType = (uintptr_t)pPage | PGMPAGEMAPLOCK_TYPE_WRITE;
1499 pLock->pvMap = pMap;
1500 }
1501 }
1502
1503#endif /* IN_RING3 || IN_RING0 */
1504 pgmUnlock(pVM);
1505 return rc;
1506}
1507
1508
1509/**
1510 * Requests the mapping of a guest page into the current context.
1511 *
1512 * This API should only be used for very short term, as it will consume
1513 * scarse resources (R0 and GC) in the mapping cache. When you're done
1514 * with the page, call PGMPhysReleasePageMappingLock() ASAP to release it.
1515 *
1516 * @returns VBox status code.
1517 * @retval VINF_SUCCESS on success.
1518 * @retval VERR_PGM_PHYS_PAGE_RESERVED it it's a valid page but has no physical backing.
1519 * @retval VERR_PGM_INVALID_GC_PHYSICAL_ADDRESS if it's not a valid physical address.
1520 *
1521 * @param pVM The VM handle.
1522 * @param GCPhys The guest physical address of the page that should be mapped.
1523 * @param ppv Where to store the address corresponding to GCPhys.
1524 * @param pLock Where to store the lock information that PGMPhysReleasePageMappingLock needs.
1525 *
1526 * @remarks The caller is responsible for dealing with access handlers.
1527 * @todo Add an informational return code for pages with access handlers?
1528 *
1529 * @remark Avoid calling this API from within critical sections (other than
1530 * the PGM one) because of the deadlock risk.
1531 * @thread Any thread.
1532 */
1533VMMDECL(int) PGMPhysGCPhys2CCPtrReadOnly(PVM pVM, RTGCPHYS GCPhys, void const **ppv, PPGMPAGEMAPLOCK pLock)
1534{
1535 int rc = pgmLock(pVM);
1536 AssertRCReturn(rc, rc);
1537
1538#if defined(IN_RC) || defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0)
1539 /*
1540 * Find the page and make sure it's readable.
1541 */
1542 PPGMPAGE pPage;
1543 rc = pgmPhysGetPageEx(pVM, GCPhys, &pPage);
1544 if (RT_SUCCESS(rc))
1545 {
1546 if (RT_UNLIKELY(PGM_PAGE_IS_MMIO(pPage)))
1547 rc = VERR_PGM_PHYS_PAGE_RESERVED;
1548 else
1549 {
1550 PVMCPU pVCpu = VMMGetCpu(pVM);
1551 void *pv;
1552 rc = pgmRZDynMapHCPageInlined(pVCpu,
1553 PGM_PAGE_GET_HCPHYS(pPage),
1554 &pv
1555 RTLOG_COMMA_SRC_POS); /** @todo add a read only flag? */
1556 if (RT_SUCCESS(rc))
1557 {
1558 AssertRCSuccess(rc);
1559
1560 pv = (void *)((uintptr_t)pv | (uintptr_t)(GCPhys & PAGE_OFFSET_MASK));
1561 *ppv = pv;
1562 pLock->pvPage = pv;
1563 pLock->pVCpu = pVCpu;
1564 }
1565 }
1566 }
1567
1568#else /* IN_RING3 || IN_RING0 */
1569
1570 /* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */
1571 /** @todo : This can be dangerous if abused for more than one page; the ring-3 mapping is only valid for ranges that do NOT cross a chunk boundary. */
1572 /* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */
1573
1574 /*
1575 * Query the Physical TLB entry for the page (may fail).
1576 */
1577 PPGMPAGEMAPTLBE pTlbe;
1578 rc = pgmPhysPageQueryTlbe(pVM, GCPhys, &pTlbe);
1579 if (RT_SUCCESS(rc))
1580 {
1581 /* MMIO pages doesn't have any readable backing. */
1582 PPGMPAGE pPage = pTlbe->pPage;
1583 if (RT_UNLIKELY(PGM_PAGE_IS_MMIO(pPage)))
1584 rc = VERR_PGM_PHYS_PAGE_RESERVED;
1585 else
1586 {
1587 /*
1588 * Now, just perform the locking and calculate the return address.
1589 */
1590 PPGMPAGEMAP pMap = pTlbe->pMap;
1591 if (pMap)
1592 pMap->cRefs++;
1593
1594 unsigned cLocks = PGM_PAGE_GET_READ_LOCKS(pPage);
1595 if (RT_LIKELY(cLocks < PGM_PAGE_MAX_LOCKS - 1))
1596 {
1597 if (cLocks == 0)
1598 pVM->pgm.s.cReadLockedPages++;
1599 PGM_PAGE_INC_READ_LOCKS(pPage);
1600 }
1601 else if (cLocks != PGM_PAGE_GET_READ_LOCKS(pPage))
1602 {
1603 PGM_PAGE_INC_READ_LOCKS(pPage);
1604 AssertMsgFailed(("%RGp / %R[pgmpage] is entering permanent readonly locked state!\n", GCPhys, pPage));
1605 if (pMap)
1606 pMap->cRefs++; /* Extra ref to prevent it from going away. */
1607 }
1608
1609 *ppv = (void *)((uintptr_t)pTlbe->pv | (uintptr_t)(GCPhys & PAGE_OFFSET_MASK));
1610 pLock->uPageAndType = (uintptr_t)pPage | PGMPAGEMAPLOCK_TYPE_READ;
1611 pLock->pvMap = pMap;
1612 }
1613 }
1614
1615#endif /* IN_RING3 || IN_RING0 */
1616 pgmUnlock(pVM);
1617 return rc;
1618}
1619
1620
1621/**
1622 * Requests the mapping of a guest page given by virtual address into the current context.
1623 *
1624 * This API should only be used for very short term, as it will consume
1625 * scarse resources (R0 and GC) in the mapping cache. When you're done
1626 * with the page, call PGMPhysReleasePageMappingLock() ASAP to release it.
1627 *
1628 * This API will assume your intention is to write to the page, and will
1629 * therefore replace shared and zero pages. If you do not intend to modify
1630 * the page, use the PGMPhysGCPtr2CCPtrReadOnly() API.
1631 *
1632 * @returns VBox status code.
1633 * @retval VINF_SUCCESS on success.
1634 * @retval VERR_PAGE_TABLE_NOT_PRESENT if the page directory for the virtual address isn't present.
1635 * @retval VERR_PAGE_NOT_PRESENT if the page at the virtual address isn't present.
1636 * @retval VERR_PGM_PHYS_PAGE_RESERVED it it's a valid page but has no physical backing.
1637 * @retval VERR_PGM_INVALID_GC_PHYSICAL_ADDRESS if it's not a valid physical address.
1638 *
1639 * @param pVCpu VMCPU handle.
1640 * @param GCPhys The guest physical address of the page that should be mapped.
1641 * @param ppv Where to store the address corresponding to GCPhys.
1642 * @param pLock Where to store the lock information that PGMPhysReleasePageMappingLock needs.
1643 *
1644 * @remark Avoid calling this API from within critical sections (other than
1645 * the PGM one) because of the deadlock risk.
1646 * @thread EMT
1647 */
1648VMMDECL(int) PGMPhysGCPtr2CCPtr(PVMCPU pVCpu, RTGCPTR GCPtr, void **ppv, PPGMPAGEMAPLOCK pLock)
1649{
1650 VM_ASSERT_EMT(pVCpu->CTX_SUFF(pVM));
1651 RTGCPHYS GCPhys;
1652 int rc = PGMPhysGCPtr2GCPhys(pVCpu, GCPtr, &GCPhys);
1653 if (RT_SUCCESS(rc))
1654 rc = PGMPhysGCPhys2CCPtr(pVCpu->CTX_SUFF(pVM), GCPhys, ppv, pLock);
1655 return rc;
1656}
1657
1658
1659/**
1660 * Requests the mapping of a guest page given by virtual address into the current context.
1661 *
1662 * This API should only be used for very short term, as it will consume
1663 * scarse resources (R0 and GC) in the mapping cache. When you're done
1664 * with the page, call PGMPhysReleasePageMappingLock() ASAP to release it.
1665 *
1666 * @returns VBox status code.
1667 * @retval VINF_SUCCESS on success.
1668 * @retval VERR_PAGE_TABLE_NOT_PRESENT if the page directory for the virtual address isn't present.
1669 * @retval VERR_PAGE_NOT_PRESENT if the page at the virtual address isn't present.
1670 * @retval VERR_PGM_PHYS_PAGE_RESERVED it it's a valid page but has no physical backing.
1671 * @retval VERR_PGM_INVALID_GC_PHYSICAL_ADDRESS if it's not a valid physical address.
1672 *
1673 * @param pVCpu VMCPU handle.
1674 * @param GCPhys The guest physical address of the page that should be mapped.
1675 * @param ppv Where to store the address corresponding to GCPhys.
1676 * @param pLock Where to store the lock information that PGMPhysReleasePageMappingLock needs.
1677 *
1678 * @remark Avoid calling this API from within critical sections (other than
1679 * the PGM one) because of the deadlock risk.
1680 * @thread EMT
1681 */
1682VMMDECL(int) PGMPhysGCPtr2CCPtrReadOnly(PVMCPU pVCpu, RTGCPTR GCPtr, void const **ppv, PPGMPAGEMAPLOCK pLock)
1683{
1684 VM_ASSERT_EMT(pVCpu->CTX_SUFF(pVM));
1685 RTGCPHYS GCPhys;
1686 int rc = PGMPhysGCPtr2GCPhys(pVCpu, GCPtr, &GCPhys);
1687 if (RT_SUCCESS(rc))
1688 rc = PGMPhysGCPhys2CCPtrReadOnly(pVCpu->CTX_SUFF(pVM), GCPhys, ppv, pLock);
1689 return rc;
1690}
1691
1692
1693/**
1694 * Release the mapping of a guest page.
1695 *
1696 * This is the counter part of PGMPhysGCPhys2CCPtr, PGMPhysGCPhys2CCPtrReadOnly
1697 * PGMPhysGCPtr2CCPtr and PGMPhysGCPtr2CCPtrReadOnly.
1698 *
1699 * @param pVM The VM handle.
1700 * @param pLock The lock structure initialized by the mapping function.
1701 */
1702VMMDECL(void) PGMPhysReleasePageMappingLock(PVM pVM, PPGMPAGEMAPLOCK pLock)
1703{
1704#if defined(IN_RC) || defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0)
1705 Assert(pLock->pvPage != NULL);
1706 Assert(pLock->pVCpu == VMMGetCpu(pVM));
1707 PGM_DYNMAP_UNUSED_HINT(pLock->pVCpu, pLock->pvPage);
1708 pLock->pVCpu = NULL;
1709 pLock->pvPage = NULL;
1710
1711#else
1712 PPGMPAGEMAP pMap = (PPGMPAGEMAP)pLock->pvMap;
1713 PPGMPAGE pPage = (PPGMPAGE)(pLock->uPageAndType & ~PGMPAGEMAPLOCK_TYPE_MASK);
1714 bool fWriteLock = (pLock->uPageAndType & PGMPAGEMAPLOCK_TYPE_MASK) == PGMPAGEMAPLOCK_TYPE_WRITE;
1715
1716 pLock->uPageAndType = 0;
1717 pLock->pvMap = NULL;
1718
1719 pgmLock(pVM);
1720 if (fWriteLock)
1721 {
1722 unsigned cLocks = PGM_PAGE_GET_WRITE_LOCKS(pPage);
1723 Assert(cLocks > 0);
1724 if (RT_LIKELY(cLocks > 0 && cLocks < PGM_PAGE_MAX_LOCKS))
1725 {
1726 if (cLocks == 1)
1727 {
1728 Assert(pVM->pgm.s.cWriteLockedPages > 0);
1729 pVM->pgm.s.cWriteLockedPages--;
1730 }
1731 PGM_PAGE_DEC_WRITE_LOCKS(pPage);
1732 }
1733
1734 if (PGM_PAGE_GET_STATE(pPage) == PGM_PAGE_STATE_WRITE_MONITORED)
1735 {
1736 PGM_PAGE_SET_WRITTEN_TO(pVM, pPage);
1737 PGM_PAGE_SET_STATE(pVM, pPage, PGM_PAGE_STATE_ALLOCATED);
1738 Assert(pVM->pgm.s.cMonitoredPages > 0);
1739 pVM->pgm.s.cMonitoredPages--;
1740 pVM->pgm.s.cWrittenToPages++;
1741 }
1742 }
1743 else
1744 {
1745 unsigned cLocks = PGM_PAGE_GET_READ_LOCKS(pPage);
1746 Assert(cLocks > 0);
1747 if (RT_LIKELY(cLocks > 0 && cLocks < PGM_PAGE_MAX_LOCKS))
1748 {
1749 if (cLocks == 1)
1750 {
1751 Assert(pVM->pgm.s.cReadLockedPages > 0);
1752 pVM->pgm.s.cReadLockedPages--;
1753 }
1754 PGM_PAGE_DEC_READ_LOCKS(pPage);
1755 }
1756 }
1757
1758 if (pMap)
1759 {
1760 Assert(pMap->cRefs >= 1);
1761 pMap->cRefs--;
1762 pMap->iAge = 0;
1763 }
1764 pgmUnlock(pVM);
1765#endif /* IN_RING3 */
1766}
1767
1768
1769/**
1770 * Converts a GC physical address to a HC ring-3 pointer.
1771 *
1772 * @returns VINF_SUCCESS on success.
1773 * @returns VERR_PGM_PHYS_PAGE_RESERVED it it's a valid GC physical
1774 * page but has no physical backing.
1775 * @returns VERR_PGM_INVALID_GC_PHYSICAL_ADDRESS if it's not a valid
1776 * GC physical address.
1777 * @returns VERR_PGM_GCPHYS_RANGE_CROSSES_BOUNDARY if the range crosses
1778 * a dynamic ram chunk boundary
1779 *
1780 * @param pVM The VM handle.
1781 * @param GCPhys The GC physical address to convert.
1782 * @param cbRange Physical range
1783 * @param pR3Ptr Where to store the R3 pointer on success.
1784 *
1785 * @deprecated Avoid when possible!
1786 */
1787VMMDECL(int) PGMPhysGCPhys2R3Ptr(PVM pVM, RTGCPHYS GCPhys, RTUINT cbRange, PRTR3PTR pR3Ptr)
1788{
1789/** @todo this is kind of hacky and needs some more work. */
1790#ifndef DEBUG_sandervl
1791 VM_ASSERT_EMT(pVM); /* no longer safe for use outside the EMT thread! */
1792#endif
1793
1794 Log(("PGMPhysGCPhys2R3Ptr(,%RGp,%#x,): dont use this API!\n", GCPhys, cbRange)); /** @todo eliminate this API! */
1795#if defined(IN_RC) || defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0)
1796 AssertFailedReturn(VERR_NOT_IMPLEMENTED);
1797#else
1798 pgmLock(pVM);
1799
1800 PPGMRAMRANGE pRam;
1801 PPGMPAGE pPage;
1802 int rc = pgmPhysGetPageAndRangeEx(pVM, GCPhys, &pPage, &pRam);
1803 if (RT_SUCCESS(rc))
1804 rc = pgmPhysGCPhys2CCPtrInternal(pVM, pPage, GCPhys, (void **)pR3Ptr);
1805
1806 pgmUnlock(pVM);
1807 Assert(rc <= VINF_SUCCESS);
1808 return rc;
1809#endif
1810}
1811
1812
1813#ifdef VBOX_STRICT
1814/**
1815 * PGMPhysGCPhys2R3Ptr convenience for use with assertions.
1816 *
1817 * @returns The R3Ptr, NIL_RTR3PTR on failure.
1818 * @param pVM The VM handle.
1819 * @param GCPhys The GC Physical address.
1820 * @param cbRange Physical range.
1821 *
1822 * @deprecated Avoid when possible.
1823 */
1824VMMDECL(RTR3PTR) PGMPhysGCPhys2R3PtrAssert(PVM pVM, RTGCPHYS GCPhys, RTUINT cbRange)
1825{
1826 RTR3PTR R3Ptr;
1827 int rc = PGMPhysGCPhys2R3Ptr(pVM, GCPhys, cbRange, &R3Ptr);
1828 if (RT_SUCCESS(rc))
1829 return R3Ptr;
1830 return NIL_RTR3PTR;
1831}
1832#endif /* VBOX_STRICT */
1833
1834
1835/**
1836 * Converts a guest pointer to a GC physical address.
1837 *
1838 * This uses the current CR3/CR0/CR4 of the guest.
1839 *
1840 * @returns VBox status code.
1841 * @param pVCpu The VMCPU Handle
1842 * @param GCPtr The guest pointer to convert.
1843 * @param pGCPhys Where to store the GC physical address.
1844 */
1845VMMDECL(int) PGMPhysGCPtr2GCPhys(PVMCPU pVCpu, RTGCPTR GCPtr, PRTGCPHYS pGCPhys)
1846{
1847 int rc = PGM_GST_PFN(GetPage,pVCpu)(pVCpu, (RTGCUINTPTR)GCPtr, NULL, pGCPhys);
1848 if (pGCPhys && RT_SUCCESS(rc))
1849 *pGCPhys |= (RTGCUINTPTR)GCPtr & PAGE_OFFSET_MASK;
1850 return rc;
1851}
1852
1853
1854/**
1855 * Converts a guest pointer to a HC physical address.
1856 *
1857 * This uses the current CR3/CR0/CR4 of the guest.
1858 *
1859 * @returns VBox status code.
1860 * @param pVCpu The VMCPU Handle
1861 * @param GCPtr The guest pointer to convert.
1862 * @param pHCPhys Where to store the HC physical address.
1863 */
1864VMMDECL(int) PGMPhysGCPtr2HCPhys(PVMCPU pVCpu, RTGCPTR GCPtr, PRTHCPHYS pHCPhys)
1865{
1866 PVM pVM = pVCpu->CTX_SUFF(pVM);
1867 RTGCPHYS GCPhys;
1868 int rc = PGM_GST_PFN(GetPage,pVCpu)(pVCpu, (RTGCUINTPTR)GCPtr, NULL, &GCPhys);
1869 if (RT_SUCCESS(rc))
1870 rc = PGMPhysGCPhys2HCPhys(pVM, GCPhys | ((RTGCUINTPTR)GCPtr & PAGE_OFFSET_MASK), pHCPhys);
1871 return rc;
1872}
1873
1874
1875
1876#undef LOG_GROUP
1877#define LOG_GROUP LOG_GROUP_PGM_PHYS_ACCESS
1878
1879
1880#ifdef IN_RING3
1881/**
1882 * Cache PGMPhys memory access
1883 *
1884 * @param pVM VM Handle.
1885 * @param pCache Cache structure pointer
1886 * @param GCPhys GC physical address
1887 * @param pbHC HC pointer corresponding to physical page
1888 *
1889 * @thread EMT.
1890 */
1891static void pgmPhysCacheAdd(PVM pVM, PGMPHYSCACHE *pCache, RTGCPHYS GCPhys, uint8_t *pbR3)
1892{
1893 uint32_t iCacheIndex;
1894
1895 Assert(VM_IS_EMT(pVM));
1896
1897 GCPhys = PHYS_PAGE_ADDRESS(GCPhys);
1898 pbR3 = (uint8_t *)PAGE_ADDRESS(pbR3);
1899
1900 iCacheIndex = ((GCPhys >> PAGE_SHIFT) & PGM_MAX_PHYSCACHE_ENTRIES_MASK);
1901
1902 ASMBitSet(&pCache->aEntries, iCacheIndex);
1903
1904 pCache->Entry[iCacheIndex].GCPhys = GCPhys;
1905 pCache->Entry[iCacheIndex].pbR3 = pbR3;
1906}
1907#endif /* IN_RING3 */
1908
1909
1910/**
1911 * Deals with reading from a page with one or more ALL access handlers.
1912 *
1913 * @returns VBox status code. Can be ignored in ring-3.
1914 * @retval VINF_SUCCESS.
1915 * @retval VERR_PGM_PHYS_WR_HIT_HANDLER in R0 and GC, NEVER in R3.
1916 *
1917 * @param pVM The VM handle.
1918 * @param pPage The page descriptor.
1919 * @param GCPhys The physical address to start reading at.
1920 * @param pvBuf Where to put the bits we read.
1921 * @param cb How much to read - less or equal to a page.
1922 */
1923static int pgmPhysReadHandler(PVM pVM, PPGMPAGE pPage, RTGCPHYS GCPhys, void *pvBuf, size_t cb)
1924{
1925 /*
1926 * The most frequent access here is MMIO and shadowed ROM.
1927 * The current code ASSUMES all these access handlers covers full pages!
1928 */
1929
1930 /*
1931 * Whatever we do we need the source page, map it first.
1932 */
1933 const void *pvSrc = NULL;
1934 int rc = pgmPhysGCPhys2CCPtrInternalReadOnly(pVM, pPage, GCPhys, &pvSrc);
1935 if (RT_FAILURE(rc))
1936 {
1937 AssertLogRelMsgFailed(("pgmPhysGCPhys2CCPtrInternalReadOnly failed on %RGp / %R[pgmpage] -> %Rrc\n",
1938 GCPhys, pPage, rc));
1939 memset(pvBuf, 0xff, cb);
1940 return VINF_SUCCESS;
1941 }
1942 rc = VINF_PGM_HANDLER_DO_DEFAULT;
1943
1944 /*
1945 * Deal with any physical handlers.
1946 */
1947 PPGMPHYSHANDLER pPhys = NULL;
1948 if (PGM_PAGE_GET_HNDL_PHYS_STATE(pPage) == PGM_PAGE_HNDL_PHYS_STATE_ALL)
1949 {
1950#ifdef IN_RING3
1951 pPhys = pgmHandlerPhysicalLookup(pVM, GCPhys);
1952 AssertReleaseMsg(pPhys, ("GCPhys=%RGp cb=%#x\n", GCPhys, cb));
1953 Assert(GCPhys >= pPhys->Core.Key && GCPhys <= pPhys->Core.KeyLast);
1954 Assert((pPhys->Core.Key & PAGE_OFFSET_MASK) == 0);
1955 Assert((pPhys->Core.KeyLast & PAGE_OFFSET_MASK) == PAGE_OFFSET_MASK);
1956 Assert(pPhys->CTX_SUFF(pfnHandler));
1957
1958 PFNPGMR3PHYSHANDLER pfnHandler = pPhys->CTX_SUFF(pfnHandler);
1959 void *pvUser = pPhys->CTX_SUFF(pvUser);
1960
1961 Log5(("pgmPhysReadHandler: GCPhys=%RGp cb=%#x pPage=%R[pgmpage] phys %s\n", GCPhys, cb, pPage, R3STRING(pPhys->pszDesc) ));
1962 STAM_PROFILE_START(&pPhys->Stat, h);
1963 PGM_LOCK_ASSERT_OWNER(pVM);
1964 /* Release the PGM lock as MMIO handlers take the IOM lock. (deadlock prevention) */
1965 pgmUnlock(pVM);
1966 rc = pfnHandler(pVM, GCPhys, (void *)pvSrc, pvBuf, cb, PGMACCESSTYPE_READ, pvUser);
1967 pgmLock(pVM);
1968# ifdef VBOX_WITH_STATISTICS
1969 pPhys = pgmHandlerPhysicalLookup(pVM, GCPhys);
1970 if (pPhys)
1971 STAM_PROFILE_STOP(&pPhys->Stat, h);
1972# else
1973 pPhys = NULL; /* might not be valid anymore. */
1974# endif
1975 AssertLogRelMsg(rc == VINF_SUCCESS || rc == VINF_PGM_HANDLER_DO_DEFAULT, ("rc=%Rrc GCPhys=%RGp\n", rc, GCPhys));
1976#else
1977 /* In R0 and RC the callbacks cannot handle this context, so we'll fail. */
1978 //AssertReleaseMsgFailed(("Wrong API! GCPhys=%RGp cb=%#x\n", GCPhys, cb));
1979 return VERR_PGM_PHYS_WR_HIT_HANDLER;
1980#endif
1981 }
1982
1983 /*
1984 * Deal with any virtual handlers.
1985 */
1986 if (PGM_PAGE_GET_HNDL_VIRT_STATE(pPage) == PGM_PAGE_HNDL_VIRT_STATE_ALL)
1987 {
1988 unsigned iPage;
1989 PPGMVIRTHANDLER pVirt;
1990
1991 int rc2 = pgmHandlerVirtualFindByPhysAddr(pVM, GCPhys, &pVirt, &iPage);
1992 AssertReleaseMsg(RT_SUCCESS(rc2), ("GCPhys=%RGp cb=%#x rc2=%Rrc\n", GCPhys, cb, rc2));
1993 Assert((pVirt->Core.Key & PAGE_OFFSET_MASK) == 0);
1994 Assert((pVirt->Core.KeyLast & PAGE_OFFSET_MASK) == PAGE_OFFSET_MASK);
1995 Assert(GCPhys >= pVirt->aPhysToVirt[iPage].Core.Key && GCPhys <= pVirt->aPhysToVirt[iPage].Core.KeyLast);
1996
1997#ifdef IN_RING3
1998 if (pVirt->pfnHandlerR3)
1999 {
2000 if (!pPhys)
2001 Log5(("pgmPhysReadHandler: GCPhys=%RGp cb=%#x pPage=%R[pgmpage] virt %s\n", GCPhys, cb, pPage, R3STRING(pVirt->pszDesc) ));
2002 else
2003 Log(("pgmPhysReadHandler: GCPhys=%RGp cb=%#x pPage=%R[pgmpage] phys/virt %s/%s\n", GCPhys, cb, pPage, R3STRING(pVirt->pszDesc), R3STRING(pPhys->pszDesc) ));
2004 RTGCUINTPTR GCPtr = ((RTGCUINTPTR)pVirt->Core.Key & PAGE_BASE_GC_MASK)
2005 + (iPage << PAGE_SHIFT)
2006 + (GCPhys & PAGE_OFFSET_MASK);
2007
2008 STAM_PROFILE_START(&pVirt->Stat, h);
2009 rc2 = pVirt->CTX_SUFF(pfnHandler)(pVM, GCPtr, (void *)pvSrc, pvBuf, cb, PGMACCESSTYPE_READ, /*pVirt->CTX_SUFF(pvUser)*/ NULL);
2010 STAM_PROFILE_STOP(&pVirt->Stat, h);
2011 if (rc2 == VINF_SUCCESS)
2012 rc = VINF_SUCCESS;
2013 AssertLogRelMsg(rc2 == VINF_SUCCESS || rc2 == VINF_PGM_HANDLER_DO_DEFAULT, ("rc=%Rrc GCPhys=%RGp pPage=%R[pgmpage] %s\n", rc2, GCPhys, pPage, pVirt->pszDesc));
2014 }
2015 else
2016 Log5(("pgmPhysReadHandler: GCPhys=%RGp cb=%#x pPage=%R[pgmpage] virt %s [no handler]\n", GCPhys, cb, pPage, R3STRING(pVirt->pszDesc) ));
2017#else
2018 /* In R0 and RC the callbacks cannot handle this context, so we'll fail. */
2019 //AssertReleaseMsgFailed(("Wrong API! GCPhys=%RGp cb=%#x\n", GCPhys, cb));
2020 return VERR_PGM_PHYS_WR_HIT_HANDLER;
2021#endif
2022 }
2023
2024 /*
2025 * Take the default action.
2026 */
2027 if (rc == VINF_PGM_HANDLER_DO_DEFAULT)
2028 memcpy(pvBuf, pvSrc, cb);
2029 return rc;
2030}
2031
2032
2033/**
2034 * Read physical memory.
2035 *
2036 * This API respects access handlers and MMIO. Use PGMPhysSimpleReadGCPhys() if you
2037 * want to ignore those.
2038 *
2039 * @returns VBox status code. Can be ignored in ring-3.
2040 * @retval VINF_SUCCESS.
2041 * @retval VERR_PGM_PHYS_WR_HIT_HANDLER in R0 and GC, NEVER in R3.
2042 *
2043 * @param pVM VM Handle.
2044 * @param GCPhys Physical address start reading from.
2045 * @param pvBuf Where to put the read bits.
2046 * @param cbRead How many bytes to read.
2047 */
2048VMMDECL(int) PGMPhysRead(PVM pVM, RTGCPHYS GCPhys, void *pvBuf, size_t cbRead)
2049{
2050 AssertMsgReturn(cbRead > 0, ("don't even think about reading zero bytes!\n"), VINF_SUCCESS);
2051 LogFlow(("PGMPhysRead: %RGp %d\n", GCPhys, cbRead));
2052
2053 STAM_COUNTER_INC(&pVM->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,PhysRead));
2054 STAM_COUNTER_ADD(&pVM->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,PhysReadBytes), cbRead);
2055
2056 pgmLock(pVM);
2057
2058 /*
2059 * Copy loop on ram ranges.
2060 */
2061 PPGMRAMRANGE pRam = pgmPhysGetRangeAtOrAbove(pVM, GCPhys);
2062 for (;;)
2063 {
2064 /* Inside range or not? */
2065 if (pRam && GCPhys >= pRam->GCPhys)
2066 {
2067 /*
2068 * Must work our way thru this page by page.
2069 */
2070 RTGCPHYS off = GCPhys - pRam->GCPhys;
2071 while (off < pRam->cb)
2072 {
2073 unsigned iPage = off >> PAGE_SHIFT;
2074 PPGMPAGE pPage = &pRam->aPages[iPage];
2075 size_t cb = PAGE_SIZE - (off & PAGE_OFFSET_MASK);
2076 if (cb > cbRead)
2077 cb = cbRead;
2078
2079 /*
2080 * Any ALL access handlers?
2081 */
2082 if (RT_UNLIKELY(PGM_PAGE_HAS_ACTIVE_ALL_HANDLERS(pPage)))
2083 {
2084 int rc = pgmPhysReadHandler(pVM, pPage, pRam->GCPhys + off, pvBuf, cb);
2085 if (RT_FAILURE(rc))
2086 {
2087 pgmUnlock(pVM);
2088 return rc;
2089 }
2090 }
2091 else
2092 {
2093 /*
2094 * Get the pointer to the page.
2095 */
2096 const void *pvSrc;
2097 int rc = pgmPhysGCPhys2CCPtrInternalReadOnly(pVM, pPage, pRam->GCPhys + off, &pvSrc);
2098 if (RT_SUCCESS(rc))
2099 memcpy(pvBuf, pvSrc, cb);
2100 else
2101 {
2102 AssertLogRelMsgFailed(("pgmPhysGCPhys2CCPtrInternalReadOnly failed on %RGp / %R[pgmpage] -> %Rrc\n",
2103 pRam->GCPhys + off, pPage, rc));
2104 memset(pvBuf, 0xff, cb);
2105 }
2106 }
2107
2108 /* next page */
2109 if (cb >= cbRead)
2110 {
2111 pgmUnlock(pVM);
2112 return VINF_SUCCESS;
2113 }
2114 cbRead -= cb;
2115 off += cb;
2116 pvBuf = (char *)pvBuf + cb;
2117 } /* walk pages in ram range. */
2118
2119 GCPhys = pRam->GCPhysLast + 1;
2120 }
2121 else
2122 {
2123 LogFlow(("PGMPhysRead: Unassigned %RGp size=%u\n", GCPhys, cbRead));
2124
2125 /*
2126 * Unassigned address space.
2127 */
2128 size_t cb = pRam ? pRam->GCPhys - GCPhys : ~(size_t)0;
2129 if (cb >= cbRead)
2130 {
2131 memset(pvBuf, 0xff, cbRead);
2132 break;
2133 }
2134 memset(pvBuf, 0xff, cb);
2135
2136 cbRead -= cb;
2137 pvBuf = (char *)pvBuf + cb;
2138 GCPhys += cb;
2139 }
2140
2141 /* Advance range if necessary. */
2142 while (pRam && GCPhys > pRam->GCPhysLast)
2143 pRam = pRam->CTX_SUFF(pNext);
2144 } /* Ram range walk */
2145
2146 pgmUnlock(pVM);
2147 return VINF_SUCCESS;
2148}
2149
2150
2151/**
2152 * Deals with writing to a page with one or more WRITE or ALL access handlers.
2153 *
2154 * @returns VBox status code. Can be ignored in ring-3.
2155 * @retval VINF_SUCCESS.
2156 * @retval VERR_PGM_PHYS_WR_HIT_HANDLER in R0 and GC, NEVER in R3.
2157 *
2158 * @param pVM The VM handle.
2159 * @param pPage The page descriptor.
2160 * @param GCPhys The physical address to start writing at.
2161 * @param pvBuf What to write.
2162 * @param cbWrite How much to write - less or equal to a page.
2163 */
2164static int pgmPhysWriteHandler(PVM pVM, PPGMPAGE pPage, RTGCPHYS GCPhys, void const *pvBuf, size_t cbWrite)
2165{
2166 void *pvDst = NULL;
2167 int rc;
2168
2169 /*
2170 * Give priority to physical handlers (like #PF does).
2171 *
2172 * Hope for a lonely physical handler first that covers the whole
2173 * write area. This should be a pretty frequent case with MMIO and
2174 * the heavy usage of full page handlers in the page pool.
2175 */
2176 if ( !PGM_PAGE_HAS_ACTIVE_VIRTUAL_HANDLERS(pPage)
2177 || PGM_PAGE_IS_MMIO(pPage) /* screw virtual handlers on MMIO pages */)
2178 {
2179 PPGMPHYSHANDLER pCur = pgmHandlerPhysicalLookup(pVM, GCPhys);
2180 if (pCur)
2181 {
2182 Assert(GCPhys >= pCur->Core.Key && GCPhys <= pCur->Core.KeyLast);
2183 Assert(pCur->CTX_SUFF(pfnHandler));
2184
2185 size_t cbRange = pCur->Core.KeyLast - GCPhys + 1;
2186 if (cbRange > cbWrite)
2187 cbRange = cbWrite;
2188
2189#ifndef IN_RING3
2190 /* In R0 and RC the callbacks cannot handle this context, so we'll fail. */
2191 NOREF(cbRange);
2192 //AssertReleaseMsgFailed(("Wrong API! GCPhys=%RGp cbRange=%#x\n", GCPhys, cbRange));
2193 return VERR_PGM_PHYS_WR_HIT_HANDLER;
2194
2195#else /* IN_RING3 */
2196 Log5(("pgmPhysWriteHandler: GCPhys=%RGp cbRange=%#x pPage=%R[pgmpage] phys %s\n", GCPhys, cbRange, pPage, R3STRING(pCur->pszDesc) ));
2197 if (!PGM_PAGE_IS_MMIO(pPage))
2198 rc = pgmPhysGCPhys2CCPtrInternal(pVM, pPage, GCPhys, &pvDst);
2199 else
2200 rc = VINF_SUCCESS;
2201 if (RT_SUCCESS(rc))
2202 {
2203 PFNPGMR3PHYSHANDLER pfnHandler = pCur->CTX_SUFF(pfnHandler);
2204 void *pvUser = pCur->CTX_SUFF(pvUser);
2205
2206 STAM_PROFILE_START(&pCur->Stat, h);
2207 PGM_LOCK_ASSERT_OWNER(pVM);
2208 /* Release the PGM lock as MMIO handlers take the IOM lock. (deadlock prevention) */
2209 pgmUnlock(pVM);
2210 rc = pfnHandler(pVM, GCPhys, pvDst, (void *)pvBuf, cbRange, PGMACCESSTYPE_WRITE, pvUser);
2211 pgmLock(pVM);
2212# ifdef VBOX_WITH_STATISTICS
2213 pCur = pgmHandlerPhysicalLookup(pVM, GCPhys);
2214 if (pCur)
2215 STAM_PROFILE_STOP(&pCur->Stat, h);
2216# else
2217 pCur = NULL; /* might not be valid anymore. */
2218# endif
2219 if (rc == VINF_PGM_HANDLER_DO_DEFAULT)
2220 memcpy(pvDst, pvBuf, cbRange);
2221 else
2222 AssertLogRelMsg(rc == VINF_SUCCESS || rc == VINF_PGM_HANDLER_DO_DEFAULT, ("rc=%Rrc GCPhys=%RGp pPage=%R[pgmpage] %s\n", rc, GCPhys, pPage, (pCur) ? pCur->pszDesc : ""));
2223 }
2224 else
2225 AssertLogRelMsgFailedReturn(("pgmPhysGCPhys2CCPtrInternal failed on %RGp / %R[pgmpage] -> %Rrc\n",
2226 GCPhys, pPage, rc), rc);
2227 if (RT_LIKELY(cbRange == cbWrite))
2228 return VINF_SUCCESS;
2229
2230 /* more fun to be had below */
2231 cbWrite -= cbRange;
2232 GCPhys += cbRange;
2233 pvBuf = (uint8_t *)pvBuf + cbRange;
2234 pvDst = (uint8_t *)pvDst + cbRange;
2235#endif /* IN_RING3 */
2236 }
2237 /* else: the handler is somewhere else in the page, deal with it below. */
2238 Assert(!PGM_PAGE_IS_MMIO(pPage)); /* MMIO handlers are all PAGE_SIZEed! */
2239 }
2240 /*
2241 * A virtual handler without any interfering physical handlers.
2242 * Hopefully it'll convert the whole write.
2243 */
2244 else if (!PGM_PAGE_HAS_ACTIVE_PHYSICAL_HANDLERS(pPage))
2245 {
2246 unsigned iPage;
2247 PPGMVIRTHANDLER pCur;
2248 rc = pgmHandlerVirtualFindByPhysAddr(pVM, GCPhys, &pCur, &iPage);
2249 if (RT_SUCCESS(rc))
2250 {
2251 size_t cbRange = (PAGE_OFFSET_MASK & pCur->Core.KeyLast) - (PAGE_OFFSET_MASK & GCPhys) + 1;
2252 if (cbRange > cbWrite)
2253 cbRange = cbWrite;
2254
2255#ifndef IN_RING3
2256 /* In R0 and RC the callbacks cannot handle this context, so we'll fail. */
2257 NOREF(cbRange);
2258 //AssertReleaseMsgFailed(("Wrong API! GCPhys=%RGp cbRange=%#x\n", GCPhys, cbRange));
2259 return VERR_PGM_PHYS_WR_HIT_HANDLER;
2260
2261#else /* IN_RING3 */
2262
2263 Log5(("pgmPhysWriteHandler: GCPhys=%RGp cbRange=%#x pPage=%R[pgmpage] virt %s\n", GCPhys, cbRange, pPage, R3STRING(pCur->pszDesc) ));
2264 rc = pgmPhysGCPhys2CCPtrInternal(pVM, pPage, GCPhys, &pvDst);
2265 if (RT_SUCCESS(rc))
2266 {
2267 rc = VINF_PGM_HANDLER_DO_DEFAULT;
2268 if (pCur->pfnHandlerR3)
2269 {
2270 RTGCUINTPTR GCPtr = ((RTGCUINTPTR)pCur->Core.Key & PAGE_BASE_GC_MASK)
2271 + (iPage << PAGE_SHIFT)
2272 + (GCPhys & PAGE_OFFSET_MASK);
2273
2274 STAM_PROFILE_START(&pCur->Stat, h);
2275 rc = pCur->CTX_SUFF(pfnHandler)(pVM, GCPtr, pvDst, (void *)pvBuf, cbRange, PGMACCESSTYPE_WRITE, /*pCur->CTX_SUFF(pvUser)*/ NULL);
2276 STAM_PROFILE_STOP(&pCur->Stat, h);
2277 }
2278 if (rc == VINF_PGM_HANDLER_DO_DEFAULT)
2279 memcpy(pvDst, pvBuf, cbRange);
2280 else
2281 AssertLogRelMsg(rc == VINF_SUCCESS, ("rc=%Rrc GCPhys=%RGp pPage=%R[pgmpage] %s\n", rc, GCPhys, pPage, pCur->pszDesc));
2282 }
2283 else
2284 AssertLogRelMsgFailedReturn(("pgmPhysGCPhys2CCPtrInternal failed on %RGp / %R[pgmpage] -> %Rrc\n",
2285 GCPhys, pPage, rc), rc);
2286 if (RT_LIKELY(cbRange == cbWrite))
2287 return VINF_SUCCESS;
2288
2289 /* more fun to be had below */
2290 cbWrite -= cbRange;
2291 GCPhys += cbRange;
2292 pvBuf = (uint8_t *)pvBuf + cbRange;
2293 pvDst = (uint8_t *)pvDst + cbRange;
2294#endif
2295 }
2296 /* else: the handler is somewhere else in the page, deal with it below. */
2297 }
2298
2299 /*
2300 * Deal with all the odd ends.
2301 */
2302
2303 /* We need a writable destination page. */
2304 if (!pvDst)
2305 {
2306 rc = pgmPhysGCPhys2CCPtrInternal(pVM, pPage, GCPhys, &pvDst);
2307 AssertLogRelMsgReturn(RT_SUCCESS(rc),
2308 ("pgmPhysGCPhys2CCPtrInternal failed on %RGp / %R[pgmpage] -> %Rrc\n",
2309 GCPhys, pPage, rc), rc);
2310 }
2311
2312 /* The loop state (big + ugly). */
2313 unsigned iVirtPage = 0;
2314 PPGMVIRTHANDLER pVirt = NULL;
2315 uint32_t offVirt = PAGE_SIZE;
2316 uint32_t offVirtLast = PAGE_SIZE;
2317 bool fMoreVirt = PGM_PAGE_HAS_ACTIVE_VIRTUAL_HANDLERS(pPage);
2318
2319 PPGMPHYSHANDLER pPhys = NULL;
2320 uint32_t offPhys = PAGE_SIZE;
2321 uint32_t offPhysLast = PAGE_SIZE;
2322 bool fMorePhys = PGM_PAGE_HAS_ACTIVE_PHYSICAL_HANDLERS(pPage);
2323
2324 /* The loop. */
2325 for (;;)
2326 {
2327 /*
2328 * Find the closest handler at or above GCPhys.
2329 */
2330 if (fMoreVirt && !pVirt)
2331 {
2332 rc = pgmHandlerVirtualFindByPhysAddr(pVM, GCPhys, &pVirt, &iVirtPage);
2333 if (RT_SUCCESS(rc))
2334 {
2335 offVirt = 0;
2336 offVirtLast = (pVirt->aPhysToVirt[iVirtPage].Core.KeyLast & PAGE_OFFSET_MASK) - (GCPhys & PAGE_OFFSET_MASK);
2337 }
2338 else
2339 {
2340 PPGMPHYS2VIRTHANDLER pVirtPhys;
2341 pVirtPhys = (PPGMPHYS2VIRTHANDLER)RTAvlroGCPhysGetBestFit(&pVM->pgm.s.CTX_SUFF(pTrees)->PhysToVirtHandlers,
2342 GCPhys, true /* fAbove */);
2343 if ( pVirtPhys
2344 && (pVirtPhys->Core.Key >> PAGE_SHIFT) == (GCPhys >> PAGE_SHIFT))
2345 {
2346 /* ASSUME that pVirtPhys only covers one page. */
2347 Assert((pVirtPhys->Core.Key >> PAGE_SHIFT) == (pVirtPhys->Core.KeyLast >> PAGE_SHIFT));
2348 Assert(pVirtPhys->Core.Key > GCPhys);
2349
2350 pVirt = (PPGMVIRTHANDLER)((uintptr_t)pVirtPhys + pVirtPhys->offVirtHandler);
2351 iVirtPage = pVirtPhys - &pVirt->aPhysToVirt[0]; Assert(iVirtPage == 0);
2352 offVirt = (pVirtPhys->Core.Key & PAGE_OFFSET_MASK) - (GCPhys & PAGE_OFFSET_MASK);
2353 offVirtLast = (pVirtPhys->Core.KeyLast & PAGE_OFFSET_MASK) - (GCPhys & PAGE_OFFSET_MASK);
2354 }
2355 else
2356 {
2357 pVirt = NULL;
2358 fMoreVirt = false;
2359 offVirt = offVirtLast = PAGE_SIZE;
2360 }
2361 }
2362 }
2363
2364 if (fMorePhys && !pPhys)
2365 {
2366 pPhys = pgmHandlerPhysicalLookup(pVM, GCPhys);
2367 if (pPhys)
2368 {
2369 offPhys = 0;
2370 offPhysLast = pPhys->Core.KeyLast - GCPhys; /* ASSUMES < 4GB handlers... */
2371 }
2372 else
2373 {
2374 pPhys = (PPGMPHYSHANDLER)RTAvlroGCPhysGetBestFit(&pVM->pgm.s.CTX_SUFF(pTrees)->PhysHandlers,
2375 GCPhys, true /* fAbove */);
2376 if ( pPhys
2377 && pPhys->Core.Key <= GCPhys + (cbWrite - 1))
2378 {
2379 offPhys = pPhys->Core.Key - GCPhys;
2380 offPhysLast = pPhys->Core.KeyLast - GCPhys; /* ASSUMES < 4GB handlers... */
2381 }
2382 else
2383 {
2384 pPhys = NULL;
2385 fMorePhys = false;
2386 offPhys = offPhysLast = PAGE_SIZE;
2387 }
2388 }
2389 }
2390
2391 /*
2392 * Handle access to space without handlers (that's easy).
2393 */
2394 rc = VINF_PGM_HANDLER_DO_DEFAULT;
2395 uint32_t cbRange = (uint32_t)cbWrite;
2396 if (offPhys && offVirt)
2397 {
2398 if (cbRange > offPhys)
2399 cbRange = offPhys;
2400 if (cbRange > offVirt)
2401 cbRange = offVirt;
2402 Log5(("pgmPhysWriteHandler: GCPhys=%RGp cbRange=%#x pPage=%R[pgmpage] miss\n", GCPhys, cbRange, pPage));
2403 }
2404 /*
2405 * Physical handler.
2406 */
2407 else if (!offPhys && offVirt)
2408 {
2409 if (cbRange > offPhysLast + 1)
2410 cbRange = offPhysLast + 1;
2411 if (cbRange > offVirt)
2412 cbRange = offVirt;
2413#ifdef IN_RING3
2414 PFNPGMR3PHYSHANDLER pfnHandler = pPhys->CTX_SUFF(pfnHandler);
2415 void *pvUser = pPhys->CTX_SUFF(pvUser);
2416
2417 Log5(("pgmPhysWriteHandler: GCPhys=%RGp cbRange=%#x pPage=%R[pgmpage] phys %s\n", GCPhys, cbRange, pPage, R3STRING(pPhys->pszDesc) ));
2418 STAM_PROFILE_START(&pPhys->Stat, h);
2419 PGM_LOCK_ASSERT_OWNER(pVM);
2420 /* Release the PGM lock as MMIO handlers take the IOM lock. (deadlock prevention) */
2421 pgmUnlock(pVM);
2422 rc = pfnHandler(pVM, GCPhys, pvDst, (void *)pvBuf, cbRange, PGMACCESSTYPE_WRITE, pvUser);
2423 pgmLock(pVM);
2424# ifdef VBOX_WITH_STATISTICS
2425 pPhys = pgmHandlerPhysicalLookup(pVM, GCPhys);
2426 if (pPhys)
2427 STAM_PROFILE_STOP(&pPhys->Stat, h);
2428# else
2429 pPhys = NULL; /* might not be valid anymore. */
2430# endif
2431 AssertLogRelMsg(rc == VINF_SUCCESS || rc == VINF_PGM_HANDLER_DO_DEFAULT, ("rc=%Rrc GCPhys=%RGp pPage=%R[pgmpage] %s\n", rc, GCPhys, pPage, (pPhys) ? pPhys->pszDesc : ""));
2432#else
2433 /* In R0 and RC the callbacks cannot handle this context, so we'll fail. */
2434 NOREF(cbRange);
2435 //AssertReleaseMsgFailed(("Wrong API! GCPhys=%RGp cbRange=%#x\n", GCPhys, cbRange));
2436 return VERR_PGM_PHYS_WR_HIT_HANDLER;
2437#endif
2438 }
2439 /*
2440 * Virtual handler.
2441 */
2442 else if (offPhys && !offVirt)
2443 {
2444 if (cbRange > offVirtLast + 1)
2445 cbRange = offVirtLast + 1;
2446 if (cbRange > offPhys)
2447 cbRange = offPhys;
2448#ifdef IN_RING3
2449 Log5(("pgmPhysWriteHandler: GCPhys=%RGp cbRange=%#x pPage=%R[pgmpage] phys %s\n", GCPhys, cbRange, pPage, R3STRING(pVirt->pszDesc) ));
2450 if (pVirt->pfnHandlerR3)
2451 {
2452 RTGCUINTPTR GCPtr = ((RTGCUINTPTR)pVirt->Core.Key & PAGE_BASE_GC_MASK)
2453 + (iVirtPage << PAGE_SHIFT)
2454 + (GCPhys & PAGE_OFFSET_MASK);
2455 STAM_PROFILE_START(&pVirt->Stat, h);
2456 rc = pVirt->CTX_SUFF(pfnHandler)(pVM, GCPtr, pvDst, (void *)pvBuf, cbRange, PGMACCESSTYPE_WRITE, /*pCur->CTX_SUFF(pvUser)*/ NULL);
2457 STAM_PROFILE_STOP(&pVirt->Stat, h);
2458 AssertLogRelMsg(rc == VINF_SUCCESS || rc == VINF_PGM_HANDLER_DO_DEFAULT, ("rc=%Rrc GCPhys=%RGp pPage=%R[pgmpage] %s\n", rc, GCPhys, pPage, pVirt->pszDesc));
2459 }
2460 pVirt = NULL;
2461#else
2462 /* In R0 and RC the callbacks cannot handle this context, so we'll fail. */
2463 NOREF(cbRange);
2464 //AssertReleaseMsgFailed(("Wrong API! GCPhys=%RGp cbRange=%#x\n", GCPhys, cbRange));
2465 return VERR_PGM_PHYS_WR_HIT_HANDLER;
2466#endif
2467 }
2468 /*
2469 * Both... give the physical one priority.
2470 */
2471 else
2472 {
2473 Assert(!offPhys && !offVirt);
2474 if (cbRange > offVirtLast + 1)
2475 cbRange = offVirtLast + 1;
2476 if (cbRange > offPhysLast + 1)
2477 cbRange = offPhysLast + 1;
2478
2479#ifdef IN_RING3
2480 if (pVirt->pfnHandlerR3)
2481 Log(("pgmPhysWriteHandler: overlapping phys and virt handlers at %RGp %R[pgmpage]; cbRange=%#x\n", GCPhys, pPage, cbRange));
2482 Log5(("pgmPhysWriteHandler: GCPhys=%RGp cbRange=%#x pPage=%R[pgmpage] phys/virt %s/%s\n", GCPhys, cbRange, pPage, R3STRING(pPhys->pszDesc), R3STRING(pVirt->pszDesc) ));
2483
2484 PFNPGMR3PHYSHANDLER pfnHandler = pPhys->CTX_SUFF(pfnHandler);
2485 void *pvUser = pPhys->CTX_SUFF(pvUser);
2486
2487 STAM_PROFILE_START(&pPhys->Stat, h);
2488 PGM_LOCK_ASSERT_OWNER(pVM);
2489 /* Release the PGM lock as MMIO handlers take the IOM lock. (deadlock prevention) */
2490 pgmUnlock(pVM);
2491 rc = pfnHandler(pVM, GCPhys, pvDst, (void *)pvBuf, cbRange, PGMACCESSTYPE_WRITE, pvUser);
2492 pgmLock(pVM);
2493# ifdef VBOX_WITH_STATISTICS
2494 pPhys = pgmHandlerPhysicalLookup(pVM, GCPhys);
2495 if (pPhys)
2496 STAM_PROFILE_STOP(&pPhys->Stat, h);
2497# else
2498 pPhys = NULL; /* might not be valid anymore. */
2499# endif
2500 AssertLogRelMsg(rc == VINF_SUCCESS || rc == VINF_PGM_HANDLER_DO_DEFAULT, ("rc=%Rrc GCPhys=%RGp pPage=%R[pgmpage] %s\n", rc, GCPhys, pPage, (pPhys) ? pPhys->pszDesc : ""));
2501 if (pVirt->pfnHandlerR3)
2502 {
2503
2504 RTGCUINTPTR GCPtr = ((RTGCUINTPTR)pVirt->Core.Key & PAGE_BASE_GC_MASK)
2505 + (iVirtPage << PAGE_SHIFT)
2506 + (GCPhys & PAGE_OFFSET_MASK);
2507 STAM_PROFILE_START(&pVirt->Stat, h2);
2508 int rc2 = pVirt->CTX_SUFF(pfnHandler)(pVM, GCPtr, pvDst, (void *)pvBuf, cbRange, PGMACCESSTYPE_WRITE, /*pCur->CTX_SUFF(pvUser)*/ NULL);
2509 STAM_PROFILE_STOP(&pVirt->Stat, h2);
2510 if (rc2 == VINF_SUCCESS && rc == VINF_PGM_HANDLER_DO_DEFAULT)
2511 rc = VINF_SUCCESS;
2512 else
2513 AssertLogRelMsg(rc2 == VINF_SUCCESS || rc2 == VINF_PGM_HANDLER_DO_DEFAULT, ("rc=%Rrc GCPhys=%RGp pPage=%R[pgmpage] %s\n", rc, GCPhys, pPage, pVirt->pszDesc));
2514 }
2515 pPhys = NULL;
2516 pVirt = NULL;
2517#else
2518 /* In R0 and RC the callbacks cannot handle this context, so we'll fail. */
2519 NOREF(cbRange);
2520 //AssertReleaseMsgFailed(("Wrong API! GCPhys=%RGp cbRange=%#x\n", GCPhys, cbRange));
2521 return VERR_PGM_PHYS_WR_HIT_HANDLER;
2522#endif
2523 }
2524 if (rc == VINF_PGM_HANDLER_DO_DEFAULT)
2525 memcpy(pvDst, pvBuf, cbRange);
2526
2527 /*
2528 * Advance if we've got more stuff to do.
2529 */
2530 if (cbRange >= cbWrite)
2531 return VINF_SUCCESS;
2532
2533 cbWrite -= cbRange;
2534 GCPhys += cbRange;
2535 pvBuf = (uint8_t *)pvBuf + cbRange;
2536 pvDst = (uint8_t *)pvDst + cbRange;
2537
2538 offPhys -= cbRange;
2539 offPhysLast -= cbRange;
2540 offVirt -= cbRange;
2541 offVirtLast -= cbRange;
2542 }
2543}
2544
2545
2546/**
2547 * Write to physical memory.
2548 *
2549 * This API respects access handlers and MMIO. Use PGMPhysSimpleWriteGCPhys() if you
2550 * want to ignore those.
2551 *
2552 * @returns VBox status code. Can be ignored in ring-3.
2553 * @retval VINF_SUCCESS.
2554 * @retval VERR_PGM_PHYS_WR_HIT_HANDLER in R0 and GC, NEVER in R3.
2555 *
2556 * @param pVM VM Handle.
2557 * @param GCPhys Physical address to write to.
2558 * @param pvBuf What to write.
2559 * @param cbWrite How many bytes to write.
2560 */
2561VMMDECL(int) PGMPhysWrite(PVM pVM, RTGCPHYS GCPhys, const void *pvBuf, size_t cbWrite)
2562{
2563 AssertMsg(!pVM->pgm.s.fNoMorePhysWrites, ("Calling PGMPhysWrite after pgmR3Save()!\n"));
2564 AssertMsgReturn(cbWrite > 0, ("don't even think about writing zero bytes!\n"), VINF_SUCCESS);
2565 LogFlow(("PGMPhysWrite: %RGp %d\n", GCPhys, cbWrite));
2566
2567 STAM_COUNTER_INC(&pVM->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,PhysWrite));
2568 STAM_COUNTER_ADD(&pVM->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,PhysWriteBytes), cbWrite);
2569
2570 pgmLock(pVM);
2571
2572 /*
2573 * Copy loop on ram ranges.
2574 */
2575 PPGMRAMRANGE pRam = pgmPhysGetRangeAtOrAbove(pVM, GCPhys);
2576 for (;;)
2577 {
2578 /* Inside range or not? */
2579 if (pRam && GCPhys >= pRam->GCPhys)
2580 {
2581 /*
2582 * Must work our way thru this page by page.
2583 */
2584 RTGCPTR off = GCPhys - pRam->GCPhys;
2585 while (off < pRam->cb)
2586 {
2587 RTGCPTR iPage = off >> PAGE_SHIFT;
2588 PPGMPAGE pPage = &pRam->aPages[iPage];
2589 size_t cb = PAGE_SIZE - (off & PAGE_OFFSET_MASK);
2590 if (cb > cbWrite)
2591 cb = cbWrite;
2592
2593 /*
2594 * Any active WRITE or ALL access handlers?
2595 */
2596 if (PGM_PAGE_HAS_ACTIVE_HANDLERS(pPage))
2597 {
2598 int rc = pgmPhysWriteHandler(pVM, pPage, pRam->GCPhys + off, pvBuf, cb);
2599 if (RT_FAILURE(rc))
2600 {
2601 pgmUnlock(pVM);
2602 return rc;
2603 }
2604 }
2605 else
2606 {
2607 /*
2608 * Get the pointer to the page.
2609 */
2610 void *pvDst;
2611 int rc = pgmPhysGCPhys2CCPtrInternal(pVM, pPage, pRam->GCPhys + off, &pvDst);
2612 if (RT_SUCCESS(rc))
2613 {
2614 Assert(!PGM_PAGE_IS_BALLOONED(pPage));
2615 memcpy(pvDst, pvBuf, cb);
2616 }
2617 else
2618 /* Ignore writes to ballooned pages. */
2619 if (!PGM_PAGE_IS_BALLOONED(pPage))
2620 AssertLogRelMsgFailed(("pgmPhysGCPhys2CCPtrInternal failed on %RGp / %R[pgmpage] -> %Rrc\n",
2621 pRam->GCPhys + off, pPage, rc));
2622 }
2623
2624 /* next page */
2625 if (cb >= cbWrite)
2626 {
2627 pgmUnlock(pVM);
2628 return VINF_SUCCESS;
2629 }
2630
2631 cbWrite -= cb;
2632 off += cb;
2633 pvBuf = (const char *)pvBuf + cb;
2634 } /* walk pages in ram range */
2635
2636 GCPhys = pRam->GCPhysLast + 1;
2637 }
2638 else
2639 {
2640 /*
2641 * Unassigned address space, skip it.
2642 */
2643 if (!pRam)
2644 break;
2645 size_t cb = pRam->GCPhys - GCPhys;
2646 if (cb >= cbWrite)
2647 break;
2648 cbWrite -= cb;
2649 pvBuf = (const char *)pvBuf + cb;
2650 GCPhys += cb;
2651 }
2652
2653 /* Advance range if necessary. */
2654 while (pRam && GCPhys > pRam->GCPhysLast)
2655 pRam = pRam->CTX_SUFF(pNext);
2656 } /* Ram range walk */
2657
2658 pgmUnlock(pVM);
2659 return VINF_SUCCESS;
2660}
2661
2662
2663/**
2664 * Read from guest physical memory by GC physical address, bypassing
2665 * MMIO and access handlers.
2666 *
2667 * @returns VBox status.
2668 * @param pVM VM handle.
2669 * @param pvDst The destination address.
2670 * @param GCPhysSrc The source address (GC physical address).
2671 * @param cb The number of bytes to read.
2672 */
2673VMMDECL(int) PGMPhysSimpleReadGCPhys(PVM pVM, void *pvDst, RTGCPHYS GCPhysSrc, size_t cb)
2674{
2675 /*
2676 * Treat the first page as a special case.
2677 */
2678 if (!cb)
2679 return VINF_SUCCESS;
2680
2681 /* map the 1st page */
2682 void const *pvSrc;
2683 PGMPAGEMAPLOCK Lock;
2684 int rc = PGMPhysGCPhys2CCPtrReadOnly(pVM, GCPhysSrc, &pvSrc, &Lock);
2685 if (RT_FAILURE(rc))
2686 return rc;
2687
2688 /* optimize for the case where access is completely within the first page. */
2689 size_t cbPage = PAGE_SIZE - (GCPhysSrc & PAGE_OFFSET_MASK);
2690 if (RT_LIKELY(cb <= cbPage))
2691 {
2692 memcpy(pvDst, pvSrc, cb);
2693 PGMPhysReleasePageMappingLock(pVM, &Lock);
2694 return VINF_SUCCESS;
2695 }
2696
2697 /* copy to the end of the page. */
2698 memcpy(pvDst, pvSrc, cbPage);
2699 PGMPhysReleasePageMappingLock(pVM, &Lock);
2700 GCPhysSrc += cbPage;
2701 pvDst = (uint8_t *)pvDst + cbPage;
2702 cb -= cbPage;
2703
2704 /*
2705 * Page by page.
2706 */
2707 for (;;)
2708 {
2709 /* map the page */
2710 rc = PGMPhysGCPhys2CCPtrReadOnly(pVM, GCPhysSrc, &pvSrc, &Lock);
2711 if (RT_FAILURE(rc))
2712 return rc;
2713
2714 /* last page? */
2715 if (cb <= PAGE_SIZE)
2716 {
2717 memcpy(pvDst, pvSrc, cb);
2718 PGMPhysReleasePageMappingLock(pVM, &Lock);
2719 return VINF_SUCCESS;
2720 }
2721
2722 /* copy the entire page and advance */
2723 memcpy(pvDst, pvSrc, PAGE_SIZE);
2724 PGMPhysReleasePageMappingLock(pVM, &Lock);
2725 GCPhysSrc += PAGE_SIZE;
2726 pvDst = (uint8_t *)pvDst + PAGE_SIZE;
2727 cb -= PAGE_SIZE;
2728 }
2729 /* won't ever get here. */
2730}
2731
2732
2733/**
2734 * Write to guest physical memory referenced by GC pointer.
2735 * Write memory to GC physical address in guest physical memory.
2736 *
2737 * This will bypass MMIO and access handlers.
2738 *
2739 * @returns VBox status.
2740 * @param pVM VM handle.
2741 * @param GCPhysDst The GC physical address of the destination.
2742 * @param pvSrc The source buffer.
2743 * @param cb The number of bytes to write.
2744 */
2745VMMDECL(int) PGMPhysSimpleWriteGCPhys(PVM pVM, RTGCPHYS GCPhysDst, const void *pvSrc, size_t cb)
2746{
2747 LogFlow(("PGMPhysSimpleWriteGCPhys: %RGp %zu\n", GCPhysDst, cb));
2748
2749 /*
2750 * Treat the first page as a special case.
2751 */
2752 if (!cb)
2753 return VINF_SUCCESS;
2754
2755 /* map the 1st page */
2756 void *pvDst;
2757 PGMPAGEMAPLOCK Lock;
2758 int rc = PGMPhysGCPhys2CCPtr(pVM, GCPhysDst, &pvDst, &Lock);
2759 if (RT_FAILURE(rc))
2760 return rc;
2761
2762 /* optimize for the case where access is completely within the first page. */
2763 size_t cbPage = PAGE_SIZE - (GCPhysDst & PAGE_OFFSET_MASK);
2764 if (RT_LIKELY(cb <= cbPage))
2765 {
2766 memcpy(pvDst, pvSrc, cb);
2767 PGMPhysReleasePageMappingLock(pVM, &Lock);
2768 return VINF_SUCCESS;
2769 }
2770
2771 /* copy to the end of the page. */
2772 memcpy(pvDst, pvSrc, cbPage);
2773 PGMPhysReleasePageMappingLock(pVM, &Lock);
2774 GCPhysDst += cbPage;
2775 pvSrc = (const uint8_t *)pvSrc + cbPage;
2776 cb -= cbPage;
2777
2778 /*
2779 * Page by page.
2780 */
2781 for (;;)
2782 {
2783 /* map the page */
2784 rc = PGMPhysGCPhys2CCPtr(pVM, GCPhysDst, &pvDst, &Lock);
2785 if (RT_FAILURE(rc))
2786 return rc;
2787
2788 /* last page? */
2789 if (cb <= PAGE_SIZE)
2790 {
2791 memcpy(pvDst, pvSrc, cb);
2792 PGMPhysReleasePageMappingLock(pVM, &Lock);
2793 return VINF_SUCCESS;
2794 }
2795
2796 /* copy the entire page and advance */
2797 memcpy(pvDst, pvSrc, PAGE_SIZE);
2798 PGMPhysReleasePageMappingLock(pVM, &Lock);
2799 GCPhysDst += PAGE_SIZE;
2800 pvSrc = (const uint8_t *)pvSrc + PAGE_SIZE;
2801 cb -= PAGE_SIZE;
2802 }
2803 /* won't ever get here. */
2804}
2805
2806
2807/**
2808 * Read from guest physical memory referenced by GC pointer.
2809 *
2810 * This function uses the current CR3/CR0/CR4 of the guest and will
2811 * bypass access handlers and not set any accessed bits.
2812 *
2813 * @returns VBox status.
2814 * @param pVCpu Handle to the current virtual CPU.
2815 * @param pvDst The destination address.
2816 * @param GCPtrSrc The source address (GC pointer).
2817 * @param cb The number of bytes to read.
2818 */
2819VMMDECL(int) PGMPhysSimpleReadGCPtr(PVMCPU pVCpu, void *pvDst, RTGCPTR GCPtrSrc, size_t cb)
2820{
2821 PVM pVM = pVCpu->CTX_SUFF(pVM);
2822/** @todo fix the macro / state handling: VMCPU_ASSERT_EMT_OR_GURU(pVCpu); */
2823
2824 /*
2825 * Treat the first page as a special case.
2826 */
2827 if (!cb)
2828 return VINF_SUCCESS;
2829
2830 STAM_COUNTER_INC(&pVM->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,PhysSimpleRead));
2831 STAM_COUNTER_ADD(&pVM->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,PhysSimpleReadBytes), cb);
2832
2833 /* Take the PGM lock here, because many called functions take the lock for a very short period. That's counter-productive
2834 * when many VCPUs are fighting for the lock.
2835 */
2836 pgmLock(pVM);
2837
2838 /* map the 1st page */
2839 void const *pvSrc;
2840 PGMPAGEMAPLOCK Lock;
2841 int rc = PGMPhysGCPtr2CCPtrReadOnly(pVCpu, GCPtrSrc, &pvSrc, &Lock);
2842 if (RT_FAILURE(rc))
2843 {
2844 pgmUnlock(pVM);
2845 return rc;
2846 }
2847
2848 /* optimize for the case where access is completely within the first page. */
2849 size_t cbPage = PAGE_SIZE - ((RTGCUINTPTR)GCPtrSrc & PAGE_OFFSET_MASK);
2850 if (RT_LIKELY(cb <= cbPage))
2851 {
2852 memcpy(pvDst, pvSrc, cb);
2853 PGMPhysReleasePageMappingLock(pVM, &Lock);
2854 pgmUnlock(pVM);
2855 return VINF_SUCCESS;
2856 }
2857
2858 /* copy to the end of the page. */
2859 memcpy(pvDst, pvSrc, cbPage);
2860 PGMPhysReleasePageMappingLock(pVM, &Lock);
2861 GCPtrSrc = (RTGCPTR)((RTGCUINTPTR)GCPtrSrc + cbPage);
2862 pvDst = (uint8_t *)pvDst + cbPage;
2863 cb -= cbPage;
2864
2865 /*
2866 * Page by page.
2867 */
2868 for (;;)
2869 {
2870 /* map the page */
2871 rc = PGMPhysGCPtr2CCPtrReadOnly(pVCpu, GCPtrSrc, &pvSrc, &Lock);
2872 if (RT_FAILURE(rc))
2873 {
2874 pgmUnlock(pVM);
2875 return rc;
2876 }
2877
2878 /* last page? */
2879 if (cb <= PAGE_SIZE)
2880 {
2881 memcpy(pvDst, pvSrc, cb);
2882 PGMPhysReleasePageMappingLock(pVM, &Lock);
2883 pgmUnlock(pVM);
2884 return VINF_SUCCESS;
2885 }
2886
2887 /* copy the entire page and advance */
2888 memcpy(pvDst, pvSrc, PAGE_SIZE);
2889 PGMPhysReleasePageMappingLock(pVM, &Lock);
2890 GCPtrSrc = (RTGCPTR)((RTGCUINTPTR)GCPtrSrc + PAGE_SIZE);
2891 pvDst = (uint8_t *)pvDst + PAGE_SIZE;
2892 cb -= PAGE_SIZE;
2893 }
2894 /* won't ever get here. */
2895}
2896
2897
2898/**
2899 * Write to guest physical memory referenced by GC pointer.
2900 *
2901 * This function uses the current CR3/CR0/CR4 of the guest and will
2902 * bypass access handlers and not set dirty or accessed bits.
2903 *
2904 * @returns VBox status.
2905 * @param pVCpu Handle to the current virtual CPU.
2906 * @param GCPtrDst The destination address (GC pointer).
2907 * @param pvSrc The source address.
2908 * @param cb The number of bytes to write.
2909 */
2910VMMDECL(int) PGMPhysSimpleWriteGCPtr(PVMCPU pVCpu, RTGCPTR GCPtrDst, const void *pvSrc, size_t cb)
2911{
2912 PVM pVM = pVCpu->CTX_SUFF(pVM);
2913 VMCPU_ASSERT_EMT(pVCpu);
2914
2915 /*
2916 * Treat the first page as a special case.
2917 */
2918 if (!cb)
2919 return VINF_SUCCESS;
2920
2921 STAM_COUNTER_INC(&pVM->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,PhysSimpleWrite));
2922 STAM_COUNTER_ADD(&pVM->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,PhysSimpleWriteBytes), cb);
2923
2924 /* map the 1st page */
2925 void *pvDst;
2926 PGMPAGEMAPLOCK Lock;
2927 int rc = PGMPhysGCPtr2CCPtr(pVCpu, GCPtrDst, &pvDst, &Lock);
2928 if (RT_FAILURE(rc))
2929 return rc;
2930
2931 /* optimize for the case where access is completely within the first page. */
2932 size_t cbPage = PAGE_SIZE - ((RTGCUINTPTR)GCPtrDst & PAGE_OFFSET_MASK);
2933 if (RT_LIKELY(cb <= cbPage))
2934 {
2935 memcpy(pvDst, pvSrc, cb);
2936 PGMPhysReleasePageMappingLock(pVM, &Lock);
2937 return VINF_SUCCESS;
2938 }
2939
2940 /* copy to the end of the page. */
2941 memcpy(pvDst, pvSrc, cbPage);
2942 PGMPhysReleasePageMappingLock(pVM, &Lock);
2943 GCPtrDst = (RTGCPTR)((RTGCUINTPTR)GCPtrDst + cbPage);
2944 pvSrc = (const uint8_t *)pvSrc + cbPage;
2945 cb -= cbPage;
2946
2947 /*
2948 * Page by page.
2949 */
2950 for (;;)
2951 {
2952 /* map the page */
2953 rc = PGMPhysGCPtr2CCPtr(pVCpu, GCPtrDst, &pvDst, &Lock);
2954 if (RT_FAILURE(rc))
2955 return rc;
2956
2957 /* last page? */
2958 if (cb <= PAGE_SIZE)
2959 {
2960 memcpy(pvDst, pvSrc, cb);
2961 PGMPhysReleasePageMappingLock(pVM, &Lock);
2962 return VINF_SUCCESS;
2963 }
2964
2965 /* copy the entire page and advance */
2966 memcpy(pvDst, pvSrc, PAGE_SIZE);
2967 PGMPhysReleasePageMappingLock(pVM, &Lock);
2968 GCPtrDst = (RTGCPTR)((RTGCUINTPTR)GCPtrDst + PAGE_SIZE);
2969 pvSrc = (const uint8_t *)pvSrc + PAGE_SIZE;
2970 cb -= PAGE_SIZE;
2971 }
2972 /* won't ever get here. */
2973}
2974
2975
2976/**
2977 * Write to guest physical memory referenced by GC pointer and update the PTE.
2978 *
2979 * This function uses the current CR3/CR0/CR4 of the guest and will
2980 * bypass access handlers but will set any dirty and accessed bits in the PTE.
2981 *
2982 * If you don't want to set the dirty bit, use PGMPhysSimpleWriteGCPtr().
2983 *
2984 * @returns VBox status.
2985 * @param pVCpu Handle to the current virtual CPU.
2986 * @param GCPtrDst The destination address (GC pointer).
2987 * @param pvSrc The source address.
2988 * @param cb The number of bytes to write.
2989 */
2990VMMDECL(int) PGMPhysSimpleDirtyWriteGCPtr(PVMCPU pVCpu, RTGCPTR GCPtrDst, const void *pvSrc, size_t cb)
2991{
2992 PVM pVM = pVCpu->CTX_SUFF(pVM);
2993 VMCPU_ASSERT_EMT(pVCpu);
2994
2995 /*
2996 * Treat the first page as a special case.
2997 * Btw. this is the same code as in PGMPhyssimpleWriteGCPtr excep for the PGMGstModifyPage.
2998 */
2999 if (!cb)
3000 return VINF_SUCCESS;
3001
3002 /* map the 1st page */
3003 void *pvDst;
3004 PGMPAGEMAPLOCK Lock;
3005 int rc = PGMPhysGCPtr2CCPtr(pVCpu, GCPtrDst, &pvDst, &Lock);
3006 if (RT_FAILURE(rc))
3007 return rc;
3008
3009 /* optimize for the case where access is completely within the first page. */
3010 size_t cbPage = PAGE_SIZE - ((RTGCUINTPTR)GCPtrDst & PAGE_OFFSET_MASK);
3011 if (RT_LIKELY(cb <= cbPage))
3012 {
3013 memcpy(pvDst, pvSrc, cb);
3014 PGMPhysReleasePageMappingLock(pVM, &Lock);
3015 rc = PGMGstModifyPage(pVCpu, GCPtrDst, 1, X86_PTE_A | X86_PTE_D, ~(uint64_t)(X86_PTE_A | X86_PTE_D)); AssertRC(rc);
3016 return VINF_SUCCESS;
3017 }
3018
3019 /* copy to the end of the page. */
3020 memcpy(pvDst, pvSrc, cbPage);
3021 PGMPhysReleasePageMappingLock(pVM, &Lock);
3022 rc = PGMGstModifyPage(pVCpu, GCPtrDst, 1, X86_PTE_A | X86_PTE_D, ~(uint64_t)(X86_PTE_A | X86_PTE_D)); AssertRC(rc);
3023 GCPtrDst = (RTGCPTR)((RTGCUINTPTR)GCPtrDst + cbPage);
3024 pvSrc = (const uint8_t *)pvSrc + cbPage;
3025 cb -= cbPage;
3026
3027 /*
3028 * Page by page.
3029 */
3030 for (;;)
3031 {
3032 /* map the page */
3033 rc = PGMPhysGCPtr2CCPtr(pVCpu, GCPtrDst, &pvDst, &Lock);
3034 if (RT_FAILURE(rc))
3035 return rc;
3036
3037 /* last page? */
3038 if (cb <= PAGE_SIZE)
3039 {
3040 memcpy(pvDst, pvSrc, cb);
3041 PGMPhysReleasePageMappingLock(pVM, &Lock);
3042 rc = PGMGstModifyPage(pVCpu, GCPtrDst, 1, X86_PTE_A | X86_PTE_D, ~(uint64_t)(X86_PTE_A | X86_PTE_D)); AssertRC(rc);
3043 return VINF_SUCCESS;
3044 }
3045
3046 /* copy the entire page and advance */
3047 memcpy(pvDst, pvSrc, PAGE_SIZE);
3048 PGMPhysReleasePageMappingLock(pVM, &Lock);
3049 rc = PGMGstModifyPage(pVCpu, GCPtrDst, 1, X86_PTE_A | X86_PTE_D, ~(uint64_t)(X86_PTE_A | X86_PTE_D)); AssertRC(rc);
3050 GCPtrDst = (RTGCPTR)((RTGCUINTPTR)GCPtrDst + PAGE_SIZE);
3051 pvSrc = (const uint8_t *)pvSrc + PAGE_SIZE;
3052 cb -= PAGE_SIZE;
3053 }
3054 /* won't ever get here. */
3055}
3056
3057
3058/**
3059 * Read from guest physical memory referenced by GC pointer.
3060 *
3061 * This function uses the current CR3/CR0/CR4 of the guest and will
3062 * respect access handlers and set accessed bits.
3063 *
3064 * @returns VBox status.
3065 * @param pVCpu Handle to the current virtual CPU.
3066 * @param pvDst The destination address.
3067 * @param GCPtrSrc The source address (GC pointer).
3068 * @param cb The number of bytes to read.
3069 * @thread The vCPU EMT.
3070 */
3071VMMDECL(int) PGMPhysReadGCPtr(PVMCPU pVCpu, void *pvDst, RTGCPTR GCPtrSrc, size_t cb)
3072{
3073 RTGCPHYS GCPhys;
3074 uint64_t fFlags;
3075 int rc;
3076 PVM pVM = pVCpu->CTX_SUFF(pVM);
3077 VMCPU_ASSERT_EMT(pVCpu);
3078
3079 /*
3080 * Anything to do?
3081 */
3082 if (!cb)
3083 return VINF_SUCCESS;
3084
3085 LogFlow(("PGMPhysReadGCPtr: %RGv %zu\n", GCPtrSrc, cb));
3086
3087 /*
3088 * Optimize reads within a single page.
3089 */
3090 if (((RTGCUINTPTR)GCPtrSrc & PAGE_OFFSET_MASK) + cb <= PAGE_SIZE)
3091 {
3092 /* Convert virtual to physical address + flags */
3093 rc = PGM_GST_PFN(GetPage,pVCpu)(pVCpu, (RTGCUINTPTR)GCPtrSrc, &fFlags, &GCPhys);
3094 AssertMsgRCReturn(rc, ("GetPage failed with %Rrc for %RGv\n", rc, GCPtrSrc), rc);
3095 GCPhys |= (RTGCUINTPTR)GCPtrSrc & PAGE_OFFSET_MASK;
3096
3097 /* mark the guest page as accessed. */
3098 if (!(fFlags & X86_PTE_A))
3099 {
3100 rc = PGMGstModifyPage(pVCpu, GCPtrSrc, 1, X86_PTE_A, ~(uint64_t)(X86_PTE_A));
3101 AssertRC(rc);
3102 }
3103
3104 return PGMPhysRead(pVM, GCPhys, pvDst, cb);
3105 }
3106
3107 /*
3108 * Page by page.
3109 */
3110 for (;;)
3111 {
3112 /* Convert virtual to physical address + flags */
3113 rc = PGM_GST_PFN(GetPage,pVCpu)(pVCpu, (RTGCUINTPTR)GCPtrSrc, &fFlags, &GCPhys);
3114 AssertMsgRCReturn(rc, ("GetPage failed with %Rrc for %RGv\n", rc, GCPtrSrc), rc);
3115 GCPhys |= (RTGCUINTPTR)GCPtrSrc & PAGE_OFFSET_MASK;
3116
3117 /* mark the guest page as accessed. */
3118 if (!(fFlags & X86_PTE_A))
3119 {
3120 rc = PGMGstModifyPage(pVCpu, GCPtrSrc, 1, X86_PTE_A, ~(uint64_t)(X86_PTE_A));
3121 AssertRC(rc);
3122 }
3123
3124 /* copy */
3125 size_t cbRead = PAGE_SIZE - ((RTGCUINTPTR)GCPtrSrc & PAGE_OFFSET_MASK);
3126 rc = PGMPhysRead(pVM, GCPhys, pvDst, cbRead);
3127 if (cbRead >= cb || RT_FAILURE(rc))
3128 return rc;
3129
3130 /* next */
3131 cb -= cbRead;
3132 pvDst = (uint8_t *)pvDst + cbRead;
3133 GCPtrSrc += cbRead;
3134 }
3135}
3136
3137
3138/**
3139 * Write to guest physical memory referenced by GC pointer.
3140 *
3141 * This function uses the current CR3/CR0/CR4 of the guest and will
3142 * respect access handlers and set dirty and accessed bits.
3143 *
3144 * @returns VBox status.
3145 * @retval VINF_SUCCESS.
3146 * @retval VERR_PGM_PHYS_WR_HIT_HANDLER in R0 and GC, NEVER in R3.
3147 *
3148 * @param pVCpu Handle to the current virtual CPU.
3149 * @param GCPtrDst The destination address (GC pointer).
3150 * @param pvSrc The source address.
3151 * @param cb The number of bytes to write.
3152 */
3153VMMDECL(int) PGMPhysWriteGCPtr(PVMCPU pVCpu, RTGCPTR GCPtrDst, const void *pvSrc, size_t cb)
3154{
3155 RTGCPHYS GCPhys;
3156 uint64_t fFlags;
3157 int rc;
3158 PVM pVM = pVCpu->CTX_SUFF(pVM);
3159 VMCPU_ASSERT_EMT(pVCpu);
3160
3161 /*
3162 * Anything to do?
3163 */
3164 if (!cb)
3165 return VINF_SUCCESS;
3166
3167 LogFlow(("PGMPhysWriteGCPtr: %RGv %zu\n", GCPtrDst, cb));
3168
3169 /*
3170 * Optimize writes within a single page.
3171 */
3172 if (((RTGCUINTPTR)GCPtrDst & PAGE_OFFSET_MASK) + cb <= PAGE_SIZE)
3173 {
3174 /* Convert virtual to physical address + flags */
3175 rc = PGM_GST_PFN(GetPage,pVCpu)(pVCpu, (RTGCUINTPTR)GCPtrDst, &fFlags, &GCPhys);
3176 AssertMsgRCReturn(rc, ("GetPage failed with %Rrc for %RGv\n", rc, GCPtrDst), rc);
3177 GCPhys |= (RTGCUINTPTR)GCPtrDst & PAGE_OFFSET_MASK;
3178
3179 /* Mention when we ignore X86_PTE_RW... */
3180 if (!(fFlags & X86_PTE_RW))
3181 Log(("PGMPhysGCPtr2GCPhys: Writing to RO page %RGv %#x\n", GCPtrDst, cb));
3182
3183 /* Mark the guest page as accessed and dirty if necessary. */
3184 if ((fFlags & (X86_PTE_A | X86_PTE_D)) != (X86_PTE_A | X86_PTE_D))
3185 {
3186 rc = PGMGstModifyPage(pVCpu, GCPtrDst, 1, X86_PTE_A | X86_PTE_D, ~(uint64_t)(X86_PTE_A | X86_PTE_D));
3187 AssertRC(rc);
3188 }
3189
3190 return PGMPhysWrite(pVM, GCPhys, pvSrc, cb);
3191 }
3192
3193 /*
3194 * Page by page.
3195 */
3196 for (;;)
3197 {
3198 /* Convert virtual to physical address + flags */
3199 rc = PGM_GST_PFN(GetPage,pVCpu)(pVCpu, (RTGCUINTPTR)GCPtrDst, &fFlags, &GCPhys);
3200 AssertMsgRCReturn(rc, ("GetPage failed with %Rrc for %RGv\n", rc, GCPtrDst), rc);
3201 GCPhys |= (RTGCUINTPTR)GCPtrDst & PAGE_OFFSET_MASK;
3202
3203 /* Mention when we ignore X86_PTE_RW... */
3204 if (!(fFlags & X86_PTE_RW))
3205 Log(("PGMPhysGCPtr2GCPhys: Writing to RO page %RGv %#x\n", GCPtrDst, cb));
3206
3207 /* Mark the guest page as accessed and dirty if necessary. */
3208 if ((fFlags & (X86_PTE_A | X86_PTE_D)) != (X86_PTE_A | X86_PTE_D))
3209 {
3210 rc = PGMGstModifyPage(pVCpu, GCPtrDst, 1, X86_PTE_A | X86_PTE_D, ~(uint64_t)(X86_PTE_A | X86_PTE_D));
3211 AssertRC(rc);
3212 }
3213
3214 /* copy */
3215 size_t cbWrite = PAGE_SIZE - ((RTGCUINTPTR)GCPtrDst & PAGE_OFFSET_MASK);
3216 rc = PGMPhysWrite(pVM, GCPhys, pvSrc, cbWrite);
3217 if (cbWrite >= cb || RT_FAILURE(rc))
3218 return rc;
3219
3220 /* next */
3221 cb -= cbWrite;
3222 pvSrc = (uint8_t *)pvSrc + cbWrite;
3223 GCPtrDst += cbWrite;
3224 }
3225}
3226
3227
3228/**
3229 * Performs a read of guest virtual memory for instruction emulation.
3230 *
3231 * This will check permissions, raise exceptions and update the access bits.
3232 *
3233 * The current implementation will bypass all access handlers. It may later be
3234 * changed to at least respect MMIO.
3235 *
3236 *
3237 * @returns VBox status code suitable to scheduling.
3238 * @retval VINF_SUCCESS if the read was performed successfully.
3239 * @retval VINF_EM_RAW_GUEST_TRAP if an exception was raised but not dispatched yet.
3240 * @retval VINF_TRPM_XCPT_DISPATCHED if an exception was raised and dispatched.
3241 *
3242 * @param pVCpu Handle to the current virtual CPU.
3243 * @param pCtxCore The context core.
3244 * @param pvDst Where to put the bytes we've read.
3245 * @param GCPtrSrc The source address.
3246 * @param cb The number of bytes to read. Not more than a page.
3247 *
3248 * @remark This function will dynamically map physical pages in GC. This may unmap
3249 * mappings done by the caller. Be careful!
3250 */
3251VMMDECL(int) PGMPhysInterpretedRead(PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, void *pvDst, RTGCUINTPTR GCPtrSrc, size_t cb)
3252{
3253 PVM pVM = pVCpu->CTX_SUFF(pVM);
3254 Assert(cb <= PAGE_SIZE);
3255 VMCPU_ASSERT_EMT(pVCpu);
3256
3257/** @todo r=bird: This isn't perfect!
3258 * -# It's not checking for reserved bits being 1.
3259 * -# It's not correctly dealing with the access bit.
3260 * -# It's not respecting MMIO memory or any other access handlers.
3261 */
3262 /*
3263 * 1. Translate virtual to physical. This may fault.
3264 * 2. Map the physical address.
3265 * 3. Do the read operation.
3266 * 4. Set access bits if required.
3267 */
3268 int rc;
3269 unsigned cb1 = PAGE_SIZE - (GCPtrSrc & PAGE_OFFSET_MASK);
3270 if (cb <= cb1)
3271 {
3272 /*
3273 * Not crossing pages.
3274 */
3275 RTGCPHYS GCPhys;
3276 uint64_t fFlags;
3277 rc = PGM_GST_PFN(GetPage,pVCpu)(pVCpu, GCPtrSrc, &fFlags, &GCPhys);
3278 if (RT_SUCCESS(rc))
3279 {
3280 /** @todo we should check reserved bits ... */
3281 void *pvSrc;
3282 rc = PGM_GCPHYS_2_PTR_V2(pVM, pVCpu, GCPhys, &pvSrc);
3283 switch (rc)
3284 {
3285 case VINF_SUCCESS:
3286 Log(("PGMPhysInterpretedRead: pvDst=%p pvSrc=%p cb=%d\n", pvDst, (uint8_t *)pvSrc + (GCPtrSrc & PAGE_OFFSET_MASK), cb));
3287 memcpy(pvDst, (uint8_t *)pvSrc + (GCPtrSrc & PAGE_OFFSET_MASK), cb);
3288 break;
3289 case VERR_PGM_PHYS_PAGE_RESERVED:
3290 case VERR_PGM_INVALID_GC_PHYSICAL_ADDRESS:
3291 memset(pvDst, 0, cb); /** @todo this is wrong, it should be 0xff */
3292 break;
3293 default:
3294 return rc;
3295 }
3296
3297 /** @todo access bit emulation isn't 100% correct. */
3298 if (!(fFlags & X86_PTE_A))
3299 {
3300 rc = PGMGstModifyPage(pVCpu, GCPtrSrc, 1, X86_PTE_A, ~(uint64_t)X86_PTE_A);
3301 AssertRC(rc);
3302 }
3303 return VINF_SUCCESS;
3304 }
3305 }
3306 else
3307 {
3308 /*
3309 * Crosses pages.
3310 */
3311 size_t cb2 = cb - cb1;
3312 uint64_t fFlags1;
3313 RTGCPHYS GCPhys1;
3314 uint64_t fFlags2;
3315 RTGCPHYS GCPhys2;
3316 rc = PGM_GST_PFN(GetPage,pVCpu)(pVCpu, GCPtrSrc, &fFlags1, &GCPhys1);
3317 if (RT_SUCCESS(rc))
3318 rc = PGM_GST_PFN(GetPage,pVCpu)(pVCpu, GCPtrSrc + cb1, &fFlags2, &GCPhys2);
3319 if (RT_SUCCESS(rc))
3320 {
3321 /** @todo we should check reserved bits ... */
3322 AssertMsgFailed(("cb=%d cb1=%d cb2=%d GCPtrSrc=%RGv\n", cb, cb1, cb2, GCPtrSrc));
3323 void *pvSrc1;
3324 rc = PGM_GCPHYS_2_PTR_V2(pVM, pVCpu, GCPhys1, &pvSrc1);
3325 switch (rc)
3326 {
3327 case VINF_SUCCESS:
3328 memcpy(pvDst, (uint8_t *)pvSrc1 + (GCPtrSrc & PAGE_OFFSET_MASK), cb1);
3329 break;
3330 case VERR_PGM_INVALID_GC_PHYSICAL_ADDRESS:
3331 memset(pvDst, 0, cb1); /** @todo this is wrong, it should be 0xff */
3332 break;
3333 default:
3334 return rc;
3335 }
3336
3337 void *pvSrc2;
3338 rc = PGM_GCPHYS_2_PTR_V2(pVM, pVCpu, GCPhys2, &pvSrc2);
3339 switch (rc)
3340 {
3341 case VINF_SUCCESS:
3342 memcpy((uint8_t *)pvDst + cb1, pvSrc2, cb2);
3343 break;
3344 case VERR_PGM_INVALID_GC_PHYSICAL_ADDRESS:
3345 memset((uint8_t *)pvDst + cb1, 0, cb2); /** @todo this is wrong, it should be 0xff */
3346 break;
3347 default:
3348 return rc;
3349 }
3350
3351 if (!(fFlags1 & X86_PTE_A))
3352 {
3353 rc = PGMGstModifyPage(pVCpu, GCPtrSrc, 1, X86_PTE_A, ~(uint64_t)X86_PTE_A);
3354 AssertRC(rc);
3355 }
3356 if (!(fFlags2 & X86_PTE_A))
3357 {
3358 rc = PGMGstModifyPage(pVCpu, GCPtrSrc + cb1, 1, X86_PTE_A, ~(uint64_t)X86_PTE_A);
3359 AssertRC(rc);
3360 }
3361 return VINF_SUCCESS;
3362 }
3363 }
3364
3365 /*
3366 * Raise a #PF.
3367 */
3368 uint32_t uErr;
3369
3370 /* Get the current privilege level. */
3371 uint32_t cpl = CPUMGetGuestCPL(pVCpu, pCtxCore);
3372 switch (rc)
3373 {
3374 case VINF_SUCCESS:
3375 uErr = (cpl >= 2) ? X86_TRAP_PF_RSVD | X86_TRAP_PF_US : X86_TRAP_PF_RSVD;
3376 break;
3377
3378 case VERR_PAGE_NOT_PRESENT:
3379 case VERR_PAGE_TABLE_NOT_PRESENT:
3380 uErr = (cpl >= 2) ? X86_TRAP_PF_US : 0;
3381 break;
3382
3383 default:
3384 AssertMsgFailed(("rc=%Rrc GCPtrSrc=%RGv cb=%#x\n", rc, GCPtrSrc, cb));
3385 return rc;
3386 }
3387 Log(("PGMPhysInterpretedRead: GCPtrSrc=%RGv cb=%#x -> #PF(%#x)\n", GCPtrSrc, cb, uErr));
3388 return TRPMRaiseXcptErrCR2(pVCpu, pCtxCore, X86_XCPT_PF, uErr, GCPtrSrc);
3389}
3390
3391
3392/**
3393 * Performs a read of guest virtual memory for instruction emulation.
3394 *
3395 * This will check permissions, raise exceptions and update the access bits.
3396 *
3397 * The current implementation will bypass all access handlers. It may later be
3398 * changed to at least respect MMIO.
3399 *
3400 *
3401 * @returns VBox status code suitable to scheduling.
3402 * @retval VINF_SUCCESS if the read was performed successfully.
3403 * @retval VINF_EM_RAW_GUEST_TRAP if an exception was raised but not dispatched yet.
3404 * @retval VINF_TRPM_XCPT_DISPATCHED if an exception was raised and dispatched.
3405 *
3406 * @param pVCpu Handle to the current virtual CPU.
3407 * @param pCtxCore The context core.
3408 * @param pvDst Where to put the bytes we've read.
3409 * @param GCPtrSrc The source address.
3410 * @param cb The number of bytes to read. Not more than a page.
3411 * @param fRaiseTrap If set the trap will be raised on as per spec, if clear
3412 * an appropriate error status will be returned (no
3413 * informational at all).
3414 *
3415 *
3416 * @remarks Takes the PGM lock.
3417 * @remarks A page fault on the 2nd page of the access will be raised without
3418 * writing the bits on the first page since we're ASSUMING that the
3419 * caller is emulating an instruction access.
3420 * @remarks This function will dynamically map physical pages in GC. This may
3421 * unmap mappings done by the caller. Be careful!
3422 */
3423VMMDECL(int) PGMPhysInterpretedReadNoHandlers(PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, void *pvDst, RTGCUINTPTR GCPtrSrc, size_t cb,
3424 bool fRaiseTrap)
3425{
3426 PVM pVM = pVCpu->CTX_SUFF(pVM);
3427 Assert(cb <= PAGE_SIZE);
3428 VMCPU_ASSERT_EMT(pVCpu);
3429
3430 /*
3431 * 1. Translate virtual to physical. This may fault.
3432 * 2. Map the physical address.
3433 * 3. Do the read operation.
3434 * 4. Set access bits if required.
3435 */
3436 int rc;
3437 unsigned cb1 = PAGE_SIZE - (GCPtrSrc & PAGE_OFFSET_MASK);
3438 if (cb <= cb1)
3439 {
3440 /*
3441 * Not crossing pages.
3442 */
3443 RTGCPHYS GCPhys;
3444 uint64_t fFlags;
3445 rc = PGM_GST_PFN(GetPage,pVCpu)(pVCpu, GCPtrSrc, &fFlags, &GCPhys);
3446 if (RT_SUCCESS(rc))
3447 {
3448 if (1) /** @todo we should check reserved bits ... */
3449 {
3450 const void *pvSrc;
3451 PGMPAGEMAPLOCK Lock;
3452 rc = PGMPhysGCPhys2CCPtrReadOnly(pVM, GCPhys, &pvSrc, &Lock);
3453 switch (rc)
3454 {
3455 case VINF_SUCCESS:
3456 Log(("PGMPhysInterpretedReadNoHandlers: pvDst=%p pvSrc=%p (%RGv) cb=%d\n",
3457 pvDst, (const uint8_t *)pvSrc + (GCPtrSrc & PAGE_OFFSET_MASK), GCPtrSrc, cb));
3458 memcpy(pvDst, (const uint8_t *)pvSrc + (GCPtrSrc & PAGE_OFFSET_MASK), cb);
3459 PGMPhysReleasePageMappingLock(pVM, &Lock);
3460 break;
3461 case VERR_PGM_PHYS_PAGE_RESERVED:
3462 case VERR_PGM_INVALID_GC_PHYSICAL_ADDRESS:
3463 memset(pvDst, 0xff, cb);
3464 break;
3465 default:
3466 AssertMsgFailed(("%Rrc\n", rc));
3467 AssertReturn(RT_FAILURE(rc), VERR_IPE_UNEXPECTED_INFO_STATUS);
3468 return rc;
3469 }
3470
3471 if (!(fFlags & X86_PTE_A))
3472 {
3473 /** @todo access bit emulation isn't 100% correct. */
3474 rc = PGMGstModifyPage(pVCpu, GCPtrSrc, 1, X86_PTE_A, ~(uint64_t)X86_PTE_A);
3475 AssertRC(rc);
3476 }
3477 return VINF_SUCCESS;
3478 }
3479 }
3480 }
3481 else
3482 {
3483 /*
3484 * Crosses pages.
3485 */
3486 size_t cb2 = cb - cb1;
3487 uint64_t fFlags1;
3488 RTGCPHYS GCPhys1;
3489 uint64_t fFlags2;
3490 RTGCPHYS GCPhys2;
3491 rc = PGM_GST_PFN(GetPage,pVCpu)(pVCpu, GCPtrSrc, &fFlags1, &GCPhys1);
3492 if (RT_SUCCESS(rc))
3493 {
3494 rc = PGM_GST_PFN(GetPage,pVCpu)(pVCpu, GCPtrSrc + cb1, &fFlags2, &GCPhys2);
3495 if (RT_SUCCESS(rc))
3496 {
3497 if (1) /** @todo we should check reserved bits ... */
3498 {
3499 const void *pvSrc;
3500 PGMPAGEMAPLOCK Lock;
3501 rc = PGMPhysGCPhys2CCPtrReadOnly(pVM, GCPhys1, &pvSrc, &Lock);
3502 switch (rc)
3503 {
3504 case VINF_SUCCESS:
3505 Log(("PGMPhysInterpretedReadNoHandlers: pvDst=%p pvSrc=%p (%RGv) cb=%d [2]\n",
3506 pvDst, (const uint8_t *)pvSrc + (GCPtrSrc & PAGE_OFFSET_MASK), GCPtrSrc, cb1));
3507 memcpy(pvDst, (const uint8_t *)pvSrc + (GCPtrSrc & PAGE_OFFSET_MASK), cb1);
3508 PGMPhysReleasePageMappingLock(pVM, &Lock);
3509 break;
3510 case VERR_PGM_PHYS_PAGE_RESERVED:
3511 case VERR_PGM_INVALID_GC_PHYSICAL_ADDRESS:
3512 memset(pvDst, 0xff, cb1);
3513 break;
3514 default:
3515 AssertMsgFailed(("%Rrc\n", rc));
3516 AssertReturn(RT_FAILURE(rc), VERR_IPE_UNEXPECTED_INFO_STATUS);
3517 return rc;
3518 }
3519
3520 rc = PGMPhysGCPhys2CCPtrReadOnly(pVM, GCPhys2, &pvSrc, &Lock);
3521 switch (rc)
3522 {
3523 case VINF_SUCCESS:
3524 memcpy((uint8_t *)pvDst + cb1, pvSrc, cb2);
3525 PGMPhysReleasePageMappingLock(pVM, &Lock);
3526 break;
3527 case VERR_PGM_PHYS_PAGE_RESERVED:
3528 case VERR_PGM_INVALID_GC_PHYSICAL_ADDRESS:
3529 memset((uint8_t *)pvDst + cb1, 0xff, cb2);
3530 break;
3531 default:
3532 AssertMsgFailed(("%Rrc\n", rc));
3533 AssertReturn(RT_FAILURE(rc), VERR_IPE_UNEXPECTED_INFO_STATUS);
3534 return rc;
3535 }
3536
3537 if (!(fFlags1 & X86_PTE_A))
3538 {
3539 rc = PGMGstModifyPage(pVCpu, GCPtrSrc, 1, X86_PTE_A, ~(uint64_t)X86_PTE_A);
3540 AssertRC(rc);
3541 }
3542 if (!(fFlags2 & X86_PTE_A))
3543 {
3544 rc = PGMGstModifyPage(pVCpu, GCPtrSrc + cb1, 1, X86_PTE_A, ~(uint64_t)X86_PTE_A);
3545 AssertRC(rc);
3546 }
3547 return VINF_SUCCESS;
3548 }
3549 /* sort out which page */
3550 }
3551 else
3552 GCPtrSrc += cb1; /* fault on 2nd page */
3553 }
3554 }
3555
3556 /*
3557 * Raise a #PF if we're allowed to do that.
3558 */
3559 /* Calc the error bits. */
3560 uint32_t cpl = CPUMGetGuestCPL(pVCpu, pCtxCore);
3561 uint32_t uErr;
3562 switch (rc)
3563 {
3564 case VINF_SUCCESS:
3565 uErr = (cpl >= 2) ? X86_TRAP_PF_RSVD | X86_TRAP_PF_US : X86_TRAP_PF_RSVD;
3566 rc = VERR_ACCESS_DENIED;
3567 break;
3568
3569 case VERR_PAGE_NOT_PRESENT:
3570 case VERR_PAGE_TABLE_NOT_PRESENT:
3571 uErr = (cpl >= 2) ? X86_TRAP_PF_US : 0;
3572 break;
3573
3574 default:
3575 AssertMsgFailed(("rc=%Rrc GCPtrSrc=%RGv cb=%#x\n", rc, GCPtrSrc, cb));
3576 AssertReturn(RT_FAILURE(rc), VERR_IPE_UNEXPECTED_INFO_STATUS);
3577 return rc;
3578 }
3579 if (fRaiseTrap)
3580 {
3581 Log(("PGMPhysInterpretedReadNoHandlers: GCPtrSrc=%RGv cb=%#x -> Raised #PF(%#x)\n", GCPtrSrc, cb, uErr));
3582 return TRPMRaiseXcptErrCR2(pVCpu, pCtxCore, X86_XCPT_PF, uErr, GCPtrSrc);
3583 }
3584 Log(("PGMPhysInterpretedReadNoHandlers: GCPtrSrc=%RGv cb=%#x -> #PF(%#x) [!raised]\n", GCPtrSrc, cb, uErr));
3585 return rc;
3586}
3587
3588
3589/**
3590 * Performs a write to guest virtual memory for instruction emulation.
3591 *
3592 * This will check permissions, raise exceptions and update the dirty and access
3593 * bits.
3594 *
3595 * @returns VBox status code suitable to scheduling.
3596 * @retval VINF_SUCCESS if the read was performed successfully.
3597 * @retval VINF_EM_RAW_GUEST_TRAP if an exception was raised but not dispatched yet.
3598 * @retval VINF_TRPM_XCPT_DISPATCHED if an exception was raised and dispatched.
3599 *
3600 * @param pVCpu Handle to the current virtual CPU.
3601 * @param pCtxCore The context core.
3602 * @param GCPtrDst The destination address.
3603 * @param pvSrc What to write.
3604 * @param cb The number of bytes to write. Not more than a page.
3605 * @param fRaiseTrap If set the trap will be raised on as per spec, if clear
3606 * an appropriate error status will be returned (no
3607 * informational at all).
3608 *
3609 * @remarks Takes the PGM lock.
3610 * @remarks A page fault on the 2nd page of the access will be raised without
3611 * writing the bits on the first page since we're ASSUMING that the
3612 * caller is emulating an instruction access.
3613 * @remarks This function will dynamically map physical pages in GC. This may
3614 * unmap mappings done by the caller. Be careful!
3615 */
3616VMMDECL(int) PGMPhysInterpretedWriteNoHandlers(PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, RTGCPTR GCPtrDst, const void *pvSrc,
3617 size_t cb, bool fRaiseTrap)
3618{
3619 Assert(cb <= PAGE_SIZE);
3620 PVM pVM = pVCpu->CTX_SUFF(pVM);
3621 VMCPU_ASSERT_EMT(pVCpu);
3622
3623 /*
3624 * 1. Translate virtual to physical. This may fault.
3625 * 2. Map the physical address.
3626 * 3. Do the write operation.
3627 * 4. Set access bits if required.
3628 */
3629 /** @todo Since this method is frequently used by EMInterpret or IOM
3630 * upon a write fault to an write access monitored page, we can
3631 * reuse the guest page table walking from the \#PF code. */
3632 int rc;
3633 unsigned cb1 = PAGE_SIZE - (GCPtrDst & PAGE_OFFSET_MASK);
3634 if (cb <= cb1)
3635 {
3636 /*
3637 * Not crossing pages.
3638 */
3639 RTGCPHYS GCPhys;
3640 uint64_t fFlags;
3641 rc = PGM_GST_PFN(GetPage,pVCpu)(pVCpu, GCPtrDst, &fFlags, &GCPhys);
3642 if (RT_SUCCESS(rc))
3643 {
3644 if ( (fFlags & X86_PTE_RW) /** @todo Also check reserved bits. */
3645 || ( !(CPUMGetGuestCR0(pVCpu) & X86_CR0_WP)
3646 && CPUMGetGuestCPL(pVCpu, pCtxCore) <= 2) ) /** @todo it's 2, right? Check cpl check below as well. */
3647 {
3648 void *pvDst;
3649 PGMPAGEMAPLOCK Lock;
3650 rc = PGMPhysGCPhys2CCPtr(pVM, GCPhys, &pvDst, &Lock);
3651 switch (rc)
3652 {
3653 case VINF_SUCCESS:
3654 Log(("PGMPhysInterpretedWriteNoHandlers: pvDst=%p (%RGv) pvSrc=%p cb=%d\n",
3655 (uint8_t *)pvDst + (GCPtrDst & PAGE_OFFSET_MASK), GCPtrDst, pvSrc, cb));
3656 memcpy((uint8_t *)pvDst + (GCPtrDst & PAGE_OFFSET_MASK), pvSrc, cb);
3657 PGMPhysReleasePageMappingLock(pVM, &Lock);
3658 break;
3659 case VERR_PGM_PHYS_PAGE_RESERVED:
3660 case VERR_PGM_INVALID_GC_PHYSICAL_ADDRESS:
3661 /* bit bucket */
3662 break;
3663 default:
3664 AssertMsgFailed(("%Rrc\n", rc));
3665 AssertReturn(RT_FAILURE(rc), VERR_IPE_UNEXPECTED_INFO_STATUS);
3666 return rc;
3667 }
3668
3669 if (!(fFlags & (X86_PTE_A | X86_PTE_D)))
3670 {
3671 /** @todo dirty & access bit emulation isn't 100% correct. */
3672 rc = PGMGstModifyPage(pVCpu, GCPtrDst, 1, X86_PTE_A | X86_PTE_D, ~(uint64_t)(X86_PTE_A | X86_PTE_D));
3673 AssertRC(rc);
3674 }
3675 return VINF_SUCCESS;
3676 }
3677 rc = VERR_ACCESS_DENIED;
3678 }
3679 }
3680 else
3681 {
3682 /*
3683 * Crosses pages.
3684 */
3685 size_t cb2 = cb - cb1;
3686 uint64_t fFlags1;
3687 RTGCPHYS GCPhys1;
3688 uint64_t fFlags2;
3689 RTGCPHYS GCPhys2;
3690 rc = PGM_GST_PFN(GetPage,pVCpu)(pVCpu, GCPtrDst, &fFlags1, &GCPhys1);
3691 if (RT_SUCCESS(rc))
3692 {
3693 rc = PGM_GST_PFN(GetPage,pVCpu)(pVCpu, GCPtrDst + cb1, &fFlags2, &GCPhys2);
3694 if (RT_SUCCESS(rc))
3695 {
3696 if ( ( (fFlags1 & X86_PTE_RW) /** @todo Also check reserved bits. */
3697 && (fFlags2 & X86_PTE_RW))
3698 || ( !(CPUMGetGuestCR0(pVCpu) & X86_CR0_WP)
3699 && CPUMGetGuestCPL(pVCpu, pCtxCore) <= 2) )
3700 {
3701 void *pvDst;
3702 PGMPAGEMAPLOCK Lock;
3703 rc = PGMPhysGCPhys2CCPtr(pVM, GCPhys1, &pvDst, &Lock);
3704 switch (rc)
3705 {
3706 case VINF_SUCCESS:
3707 Log(("PGMPhysInterpretedWriteNoHandlers: pvDst=%p (%RGv) pvSrc=%p cb=%d\n",
3708 (uint8_t *)pvDst + (GCPtrDst & PAGE_OFFSET_MASK), GCPtrDst, pvSrc, cb1));
3709 memcpy((uint8_t *)pvDst + (GCPtrDst & PAGE_OFFSET_MASK), pvSrc, cb1);
3710 PGMPhysReleasePageMappingLock(pVM, &Lock);
3711 break;
3712 case VERR_PGM_PHYS_PAGE_RESERVED:
3713 case VERR_PGM_INVALID_GC_PHYSICAL_ADDRESS:
3714 /* bit bucket */
3715 break;
3716 default:
3717 AssertMsgFailed(("%Rrc\n", rc));
3718 AssertReturn(RT_FAILURE(rc), VERR_IPE_UNEXPECTED_INFO_STATUS);
3719 return rc;
3720 }
3721
3722 rc = PGMPhysGCPhys2CCPtr(pVM, GCPhys2, &pvDst, &Lock);
3723 switch (rc)
3724 {
3725 case VINF_SUCCESS:
3726 memcpy(pvDst, (const uint8_t *)pvSrc + cb1, cb2);
3727 PGMPhysReleasePageMappingLock(pVM, &Lock);
3728 break;
3729 case VERR_PGM_PHYS_PAGE_RESERVED:
3730 case VERR_PGM_INVALID_GC_PHYSICAL_ADDRESS:
3731 /* bit bucket */
3732 break;
3733 default:
3734 AssertMsgFailed(("%Rrc\n", rc));
3735 AssertReturn(RT_FAILURE(rc), VERR_IPE_UNEXPECTED_INFO_STATUS);
3736 return rc;
3737 }
3738
3739 if (!(fFlags1 & (X86_PTE_A | X86_PTE_RW)))
3740 {
3741 rc = PGMGstModifyPage(pVCpu, GCPtrDst, 1, (X86_PTE_A | X86_PTE_RW), ~(uint64_t)(X86_PTE_A | X86_PTE_RW));
3742 AssertRC(rc);
3743 }
3744 if (!(fFlags2 & (X86_PTE_A | X86_PTE_RW)))
3745 {
3746 rc = PGMGstModifyPage(pVCpu, GCPtrDst + cb1, 1, (X86_PTE_A | X86_PTE_RW), ~(uint64_t)(X86_PTE_A | X86_PTE_RW));
3747 AssertRC(rc);
3748 }
3749 return VINF_SUCCESS;
3750 }
3751 if ((fFlags1 & (X86_PTE_RW)) == X86_PTE_RW)
3752 GCPtrDst += cb1; /* fault on the 2nd page. */
3753 rc = VERR_ACCESS_DENIED;
3754 }
3755 else
3756 GCPtrDst += cb1; /* fault on the 2nd page. */
3757 }
3758 }
3759
3760 /*
3761 * Raise a #PF if we're allowed to do that.
3762 */
3763 /* Calc the error bits. */
3764 uint32_t uErr;
3765 uint32_t cpl = CPUMGetGuestCPL(pVCpu, pCtxCore);
3766 switch (rc)
3767 {
3768 case VINF_SUCCESS:
3769 uErr = (cpl >= 2) ? X86_TRAP_PF_RSVD | X86_TRAP_PF_US : X86_TRAP_PF_RSVD;
3770 rc = VERR_ACCESS_DENIED;
3771 break;
3772
3773 case VERR_ACCESS_DENIED:
3774 uErr = (cpl >= 2) ? X86_TRAP_PF_RW | X86_TRAP_PF_US : X86_TRAP_PF_RW;
3775 break;
3776
3777 case VERR_PAGE_NOT_PRESENT:
3778 case VERR_PAGE_TABLE_NOT_PRESENT:
3779 uErr = (cpl >= 2) ? X86_TRAP_PF_US : 0;
3780 break;
3781
3782 default:
3783 AssertMsgFailed(("rc=%Rrc GCPtrDst=%RGv cb=%#x\n", rc, GCPtrDst, cb));
3784 AssertReturn(RT_FAILURE(rc), VERR_IPE_UNEXPECTED_INFO_STATUS);
3785 return rc;
3786 }
3787 if (fRaiseTrap)
3788 {
3789 Log(("PGMPhysInterpretedWriteNoHandlers: GCPtrDst=%RGv cb=%#x -> Raised #PF(%#x)\n", GCPtrDst, cb, uErr));
3790 return TRPMRaiseXcptErrCR2(pVCpu, pCtxCore, X86_XCPT_PF, uErr, GCPtrDst);
3791 }
3792 Log(("PGMPhysInterpretedWriteNoHandlers: GCPtrDst=%RGv cb=%#x -> #PF(%#x) [!raised]\n", GCPtrDst, cb, uErr));
3793 return rc;
3794}
3795
3796
3797/**
3798 * Return the page type of the specified physical address.
3799 *
3800 * @returns The page type.
3801 * @param pVM VM Handle.
3802 * @param GCPhys Guest physical address
3803 */
3804VMMDECL(PGMPAGETYPE) PGMPhysGetPageType(PVM pVM, RTGCPHYS GCPhys)
3805{
3806 pgmLock(pVM);
3807 PPGMPAGE pPage = pgmPhysGetPage(pVM, GCPhys);
3808 PGMPAGETYPE enmPgType = pPage ? (PGMPAGETYPE)PGM_PAGE_GET_TYPE(pPage) : PGMPAGETYPE_INVALID;
3809 pgmUnlock(pVM);
3810
3811 return enmPgType;
3812}
3813
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette