VirtualBox

source: vbox/trunk/src/VBox/VMM/VMMAll/PGMAllPool.cpp@ 9507

Last change on this file since 9507 was 9341, checked in by vboxsync, 17 years ago

Format specifiers again...

  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
File size: 125.4 KB
Line 
1/* $Id: PGMAllPool.cpp 9341 2008-06-03 08:22:06Z vboxsync $ */
2/** @file
3 * PGM Shadow Page Pool.
4 */
5
6/*
7 * Copyright (C) 2006-2007 Sun Microsystems, Inc.
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
18 * Clara, CA 95054 USA or visit http://www.sun.com if you need
19 * additional information or have any questions.
20 */
21
22
23/*******************************************************************************
24* Header Files *
25*******************************************************************************/
26#define LOG_GROUP LOG_GROUP_PGM_POOL
27#include <VBox/pgm.h>
28#include <VBox/mm.h>
29#include <VBox/em.h>
30#include <VBox/cpum.h>
31#ifdef IN_GC
32# include <VBox/patm.h>
33#endif
34#include "PGMInternal.h"
35#include <VBox/vm.h>
36#include <VBox/disopcode.h>
37
38#include <VBox/log.h>
39#include <VBox/err.h>
40#include <iprt/asm.h>
41
42
43/*******************************************************************************
44* Internal Functions *
45*******************************************************************************/
46__BEGIN_DECLS
47static void pgmPoolFlushAllInt(PPGMPOOL pPool);
48#ifdef PGMPOOL_WITH_USER_TRACKING
49DECLINLINE(unsigned) pgmPoolTrackGetShadowEntrySize(PGMPOOLKIND enmKind);
50DECLINLINE(unsigned) pgmPoolTrackGetGuestEntrySize(PGMPOOLKIND enmKind);
51static void pgmPoolTrackDeref(PPGMPOOL pPool, PPGMPOOLPAGE pPage);
52#endif
53#ifdef PGMPOOL_WITH_GCPHYS_TRACKING
54static void pgmPoolTracDerefGCPhysHint(PPGMPOOL pPool, PPGMPOOLPAGE pPage, RTHCPHYS HCPhys, RTGCPHYS GCPhysHint);
55#endif
56#ifdef PGMPOOL_WITH_CACHE
57static int pgmPoolTrackAddUser(PPGMPOOL pPool, PPGMPOOLPAGE pPage, uint16_t iUser, uint16_t iUserTable);
58#endif
59#ifdef PGMPOOL_WITH_MONITORING
60static void pgmPoolMonitorModifiedRemove(PPGMPOOL pPool, PPGMPOOLPAGE pPage);
61#endif
62#ifndef IN_RING3
63DECLEXPORT(int) pgmPoolAccessHandler(PVM pVM, RTGCUINT uErrorCode, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, RTGCPHYS GCPhysFault, void *pvUser);
64#endif
65__END_DECLS
66
67
68/**
69 * Checks if the specified page pool kind is for a 4MB or 2MB guest page.
70 *
71 * @returns true if it's the shadow of a 4MB or 2MB guest page, otherwise false.
72 * @param enmKind The page kind.
73 */
74DECLINLINE(bool) pgmPoolIsBigPage(PGMPOOLKIND enmKind)
75{
76 switch (enmKind)
77 {
78 case PGMPOOLKIND_32BIT_PT_FOR_32BIT_4MB:
79 case PGMPOOLKIND_PAE_PT_FOR_32BIT_4MB:
80 case PGMPOOLKIND_PAE_PT_FOR_PAE_2MB:
81 return true;
82 default:
83 return false;
84 }
85}
86
87
88#ifdef IN_GC
89/**
90 * Maps a pool page into the current context.
91 *
92 * @returns Pointer to the mapping.
93 * @param pVM The VM handle.
94 * @param pPage The page to map.
95 */
96void *pgmGCPoolMapPage(PVM pVM, PPGMPOOLPAGE pPage)
97{
98 /* general pages. */
99 if (pPage->idx >= PGMPOOL_IDX_FIRST)
100 {
101 Assert(pPage->idx < pVM->pgm.s.pPoolGC->cCurPages);
102 void *pv;
103 int rc = PGMGCDynMapHCPage(pVM, pPage->Core.Key, &pv);
104 AssertReleaseRC(rc);
105 return pv;
106 }
107
108 /* special pages. */
109 switch (pPage->idx)
110 {
111 case PGMPOOL_IDX_PD:
112 return pVM->pgm.s.pGC32BitPD;
113 case PGMPOOL_IDX_PAE_PD:
114 case PGMPOOL_IDX_PAE_PD_0:
115 return pVM->pgm.s.apGCPaePDs[0];
116 case PGMPOOL_IDX_PAE_PD_1:
117 return pVM->pgm.s.apGCPaePDs[1];
118 case PGMPOOL_IDX_PAE_PD_2:
119 return pVM->pgm.s.apGCPaePDs[2];
120 case PGMPOOL_IDX_PAE_PD_3:
121 return pVM->pgm.s.apGCPaePDs[3];
122 case PGMPOOL_IDX_PDPT:
123 return pVM->pgm.s.pGCPaePDPT;
124 default:
125 AssertReleaseMsgFailed(("Invalid index %d\n", pPage->idx));
126 return NULL;
127 }
128}
129#endif /* IN_GC */
130
131
132#ifdef PGMPOOL_WITH_MONITORING
133/**
134 * Determin the size of a write instruction.
135 * @returns number of bytes written.
136 * @param pDis The disassembler state.
137 */
138static unsigned pgmPoolDisasWriteSize(PDISCPUSTATE pDis)
139{
140 /*
141 * This is very crude and possibly wrong for some opcodes,
142 * but since it's not really supposed to be called we can
143 * probably live with that.
144 */
145 return DISGetParamSize(pDis, &pDis->param1);
146}
147
148
149/**
150 * Flushes a chain of pages sharing the same access monitor.
151 *
152 * @returns VBox status code suitable for scheduling.
153 * @param pPool The pool.
154 * @param pPage A page in the chain.
155 */
156int pgmPoolMonitorChainFlush(PPGMPOOL pPool, PPGMPOOLPAGE pPage)
157{
158 LogFlow(("pgmPoolMonitorChainFlush: Flush page %VGp type=%d\n", pPage->GCPhys, pPage->enmKind));
159
160 /*
161 * Find the list head.
162 */
163 uint16_t idx = pPage->idx;
164 if (pPage->iMonitoredPrev != NIL_PGMPOOL_IDX)
165 {
166 while (pPage->iMonitoredPrev != NIL_PGMPOOL_IDX)
167 {
168 idx = pPage->iMonitoredPrev;
169 Assert(idx != pPage->idx);
170 pPage = &pPool->aPages[idx];
171 }
172 }
173
174 /*
175 * Itereate the list flushing each shadow page.
176 */
177 int rc = VINF_SUCCESS;
178 for (;;)
179 {
180 idx = pPage->iMonitoredNext;
181 Assert(idx != pPage->idx);
182 if (pPage->idx >= PGMPOOL_IDX_FIRST)
183 {
184 int rc2 = pgmPoolFlushPage(pPool, pPage);
185 if (rc2 == VERR_PGM_POOL_CLEARED && rc == VINF_SUCCESS)
186 rc = VINF_PGM_SYNC_CR3;
187 }
188 /* next */
189 if (idx == NIL_PGMPOOL_IDX)
190 break;
191 pPage = &pPool->aPages[idx];
192 }
193 return rc;
194}
195
196
197/**
198 * Wrapper for getting the current context pointer to the entry being modified.
199 *
200 * @returns Pointer to the current context mapping of the entry.
201 * @param pPool The pool.
202 * @param pvFault The fault virtual address.
203 * @param GCPhysFault The fault physical address.
204 * @param cbEntry The entry size.
205 */
206#ifdef IN_RING3
207DECLINLINE(const void *) pgmPoolMonitorGCPtr2CCPtr(PPGMPOOL pPool, RTHCPTR pvFault, RTGCPHYS GCPhysFault, const unsigned cbEntry)
208#else
209DECLINLINE(const void *) pgmPoolMonitorGCPtr2CCPtr(PPGMPOOL pPool, RTGCPTR pvFault, RTGCPHYS GCPhysFault, const unsigned cbEntry)
210#endif
211{
212#ifdef IN_GC
213 return (const void *)((RTGCUINTPTR)pvFault & ~(RTGCUINTPTR)(cbEntry - 1));
214
215#elif defined(IN_RING0)
216 void *pvRet;
217 int rc = pgmRamGCPhys2HCPtr(&pPool->pVMHC->pgm.s, GCPhysFault & ~(RTGCPHYS)(cbEntry - 1), &pvRet);
218 AssertFatalRCSuccess(rc);
219 return pvRet;
220
221#elif defined(IN_RING3)
222 return (RTHCPTR)((uintptr_t)pvFault & ~(RTHCUINTPTR)(cbEntry - 1));
223#else
224# error "huh?"
225#endif
226}
227
228
229/**
230 * Process shadow entries before they are changed by the guest.
231 *
232 * For PT entries we will clear them. For PD entries, we'll simply check
233 * for mapping conflicts and set the SyncCR3 FF if found.
234 *
235 * @param pPool The pool.
236 * @param pPage The head page.
237 * @param GCPhysFault The guest physical fault address.
238 * @param uAddress In R0 and GC this is the guest context fault address (flat).
239 * In R3 this is the host context 'fault' address.
240 * @param pCpu The disassembler state for figuring out the write size.
241 * This need not be specified if the caller knows we won't do cross entry accesses.
242 */
243#ifdef IN_RING3
244void pgmPoolMonitorChainChanging(PPGMPOOL pPool, PPGMPOOLPAGE pPage, RTGCPHYS GCPhysFault, RTHCPTR pvAddress, PDISCPUSTATE pCpu)
245#else
246void pgmPoolMonitorChainChanging(PPGMPOOL pPool, PPGMPOOLPAGE pPage, RTGCPHYS GCPhysFault, RTGCPTR pvAddress, PDISCPUSTATE pCpu)
247#endif
248{
249 Assert(pPage->iMonitoredPrev == NIL_PGMPOOL_IDX);
250 const unsigned off = GCPhysFault & PAGE_OFFSET_MASK;
251
252 LogFlow(("pgmPoolMonitorChainChanging: %VGv phys=%VGp kind=%d\n", pvAddress, GCPhysFault, pPage->enmKind));
253
254 for (;;)
255 {
256 union
257 {
258 void *pv;
259 PX86PT pPT;
260 PX86PTPAE pPTPae;
261 PX86PD pPD;
262 PX86PDPAE pPDPae;
263 PX86PDPT pPDPT;
264 } uShw;
265 uShw.pv = PGMPOOL_PAGE_2_PTR(pPool->CTXSUFF(pVM), pPage);
266
267 switch (pPage->enmKind)
268 {
269 case PGMPOOLKIND_32BIT_PT_FOR_32BIT_PT:
270 {
271 const unsigned iShw = off / sizeof(X86PTE);
272 if (uShw.pPT->a[iShw].n.u1Present)
273 {
274# ifdef PGMPOOL_WITH_GCPHYS_TRACKING
275 PCX86PTE pGstPte = (PCX86PTE)pgmPoolMonitorGCPtr2CCPtr(pPool, pvAddress, GCPhysFault, sizeof(*pGstPte));
276 Log4(("pgmPoolMonitorChainChanging 32_32: deref %VHp GCPhys %VGp\n", uShw.pPT->a[iShw].u & X86_PTE_PAE_PG_MASK, pGstPte->u & X86_PTE_PG_MASK));
277 pgmPoolTracDerefGCPhysHint(pPool, pPage,
278 uShw.pPT->a[iShw].u & X86_PTE_PAE_PG_MASK,
279 pGstPte->u & X86_PTE_PG_MASK);
280# endif
281 uShw.pPT->a[iShw].u = 0;
282 }
283 break;
284 }
285
286 /* page/2 sized */
287 case PGMPOOLKIND_PAE_PT_FOR_32BIT_PT:
288 if (!((off ^ pPage->GCPhys) & (PAGE_SIZE / 2)))
289 {
290 const unsigned iShw = (off / sizeof(X86PTE)) & (X86_PG_PAE_ENTRIES - 1);
291 if (uShw.pPTPae->a[iShw].n.u1Present)
292 {
293# ifdef PGMPOOL_WITH_GCPHYS_TRACKING
294 PCX86PTE pGstPte = (PCX86PTE)pgmPoolMonitorGCPtr2CCPtr(pPool, pvAddress, GCPhysFault, sizeof(*pGstPte));
295 Log4(("pgmPoolMonitorChainChanging pae_32: deref %VHp GCPhys %VGp\n", uShw.pPT->a[iShw].u & X86_PTE_PAE_PG_MASK, pGstPte->u & X86_PTE_PG_MASK));
296 pgmPoolTracDerefGCPhysHint(pPool, pPage,
297 uShw.pPTPae->a[iShw].u & X86_PTE_PAE_PG_MASK,
298 pGstPte->u & X86_PTE_PG_MASK);
299# endif
300 uShw.pPTPae->a[iShw].u = 0;
301 }
302 }
303 break;
304
305 case PGMPOOLKIND_PAE_PT_FOR_PAE_PT:
306 {
307 const unsigned iShw = off / sizeof(X86PTEPAE);
308 if (uShw.pPTPae->a[iShw].n.u1Present)
309 {
310# ifdef PGMPOOL_WITH_GCPHYS_TRACKING
311 PCX86PTEPAE pGstPte = (PCX86PTEPAE)pgmPoolMonitorGCPtr2CCPtr(pPool, pvAddress, GCPhysFault, sizeof(*pGstPte));
312 Log4(("pgmPoolMonitorChainChanging pae_32: deref %VHp GCPhys %VGp\n", uShw.pPT->a[iShw].u & X86_PTE_PAE_PG_MASK, pGstPte->u & X86_PTE_PAE_PG_MASK));
313 pgmPoolTracDerefGCPhysHint(pPool, pPage,
314 uShw.pPTPae->a[iShw].u & X86_PTE_PAE_PG_MASK,
315 pGstPte->u & X86_PTE_PAE_PG_MASK);
316# endif
317 uShw.pPTPae->a[iShw].u = 0;
318 }
319 break;
320 }
321
322 case PGMPOOLKIND_ROOT_32BIT_PD:
323 {
324 const unsigned iShw = off / sizeof(X86PTE); // ASSUMING 32-bit guest paging!
325 if (uShw.pPD->a[iShw].u & PGM_PDFLAGS_MAPPING)
326 {
327 Assert(pgmMapAreMappingsEnabled(&pPool->CTXSUFF(pVM)->pgm.s));
328 VM_FF_SET(pPool->CTXSUFF(pVM), VM_FF_PGM_SYNC_CR3);
329 LogFlow(("pgmPoolMonitorChainChanging: Detected conflict at iShw=%#x!\n", iShw));
330 }
331 /* paranoia / a bit assumptive. */
332 else if ( pCpu
333 && (off & 3)
334 && (off & 3) + pgmPoolDisasWriteSize(pCpu) > 4)
335 {
336 const unsigned iShw2 = (off + pgmPoolDisasWriteSize(pCpu) - 1) / sizeof(X86PTE);
337 if ( iShw2 != iShw
338 && iShw2 < ELEMENTS(uShw.pPD->a)
339 && uShw.pPD->a[iShw2].u & PGM_PDFLAGS_MAPPING)
340 {
341 Assert(pgmMapAreMappingsEnabled(&pPool->CTXSUFF(pVM)->pgm.s));
342 VM_FF_SET(pPool->CTXSUFF(pVM), VM_FF_PGM_SYNC_CR3);
343 LogFlow(("pgmPoolMonitorChainChanging: Detected conflict at iShw2=%#x!\n", iShw2));
344 }
345 }
346#if 0 /* useful when running PGMAssertCR3(), a bit too troublesome for general use (TLBs). */
347 if ( uShw.pPD->a[iShw].n.u1Present
348 && !VM_FF_ISSET(pPool->CTXSUFF(pVM), VM_FF_PGM_SYNC_CR3))
349 {
350 LogFlow(("pgmPoolMonitorChainChanging: iShw=%#x: %RX32 -> freeing it!\n", iShw, uShw.pPD->a[iShw].u));
351# ifdef IN_GC /* TLB load - we're pushing things a bit... */
352 ASMProbeReadByte(pvAddress);
353# endif
354 pgmPoolFree(pPool->CTXSUFF(pVM), uShw.pPD->a[iShw].u & X86_PDE_PG_MASK, pPage->idx, iShw);
355 uShw.pPD->a[iShw].u = 0;
356 }
357#endif
358 break;
359 }
360
361 case PGMPOOLKIND_ROOT_PAE_PD:
362 {
363 unsigned iShw = (off / sizeof(X86PTE)) * 2; // ASSUMING 32-bit guest paging!
364 for (unsigned i = 0; i < 2; i++, iShw++)
365 {
366 if ((uShw.pPDPae->a[iShw].u & (PGM_PDFLAGS_MAPPING | X86_PDE_P)) == (PGM_PDFLAGS_MAPPING | X86_PDE_P))
367 {
368 Assert(pgmMapAreMappingsEnabled(&pPool->CTXSUFF(pVM)->pgm.s));
369 VM_FF_SET(pPool->CTXSUFF(pVM), VM_FF_PGM_SYNC_CR3);
370 LogFlow(("pgmPoolMonitorChainChanging: Detected conflict at iShw=%#x!\n", iShw));
371 }
372 /* paranoia / a bit assumptive. */
373 else if ( pCpu
374 && (off & 3)
375 && (off & 3) + pgmPoolDisasWriteSize(pCpu) > 4)
376 {
377 const unsigned iShw2 = iShw + 2;
378 if ( iShw2 < ELEMENTS(uShw.pPDPae->a)
379 && (uShw.pPDPae->a[iShw2].u & (PGM_PDFLAGS_MAPPING | X86_PDE_P)) == (PGM_PDFLAGS_MAPPING | X86_PDE_P))
380 {
381 Assert(pgmMapAreMappingsEnabled(&pPool->CTXSUFF(pVM)->pgm.s));
382 VM_FF_SET(pPool->CTXSUFF(pVM), VM_FF_PGM_SYNC_CR3);
383 LogFlow(("pgmPoolMonitorChainChanging: Detected conflict at iShw2=%#x!\n", iShw2));
384 }
385 }
386#if 0 /* useful when running PGMAssertCR3(), a bit too troublesome for general use (TLBs). */
387 if ( uShw.pPDPae->a[iShw].n.u1Present
388 && !VM_FF_ISSET(pPool->CTXSUFF(pVM), VM_FF_PGM_SYNC_CR3))
389 {
390 LogFlow(("pgmPoolMonitorChainChanging: iShw=%#x: %RX64 -> freeing it!\n", iShw, uShw.pPDPae->a[iShw].u));
391# ifdef IN_GC /* TLB load - we're pushing things a bit... */
392 ASMProbeReadByte(pvAddress);
393# endif
394 pgmPoolFree(pPool->CTXSUFF(pVM), uShw.pPDPae->a[iShw].u & X86_PDE_PAE_PG_MASK, pPage->idx, iShw);
395 uShw.pPDPae->a[iShw].u = 0;
396 }
397#endif
398 }
399 break;
400 }
401
402 case PGMPOOLKIND_PAE_PD_FOR_PAE_PD:
403 {
404 const unsigned iShw = off / sizeof(X86PTEPAE);
405 if (uShw.pPDPae->a[iShw].u & PGM_PDFLAGS_MAPPING)
406 {
407 Assert(pgmMapAreMappingsEnabled(&pPool->CTXSUFF(pVM)->pgm.s));
408 VM_FF_SET(pPool->CTXSUFF(pVM), VM_FF_PGM_SYNC_CR3);
409 LogFlow(("pgmPoolMonitorChainChanging: Detected conflict at iShw=%#x!\n", iShw));
410 }
411 /* paranoia / a bit assumptive. */
412 else if ( pCpu
413 && (off & 7)
414 && (off & 7) + pgmPoolDisasWriteSize(pCpu) > sizeof(X86PTEPAE))
415 {
416 const unsigned iShw2 = (off + pgmPoolDisasWriteSize(pCpu) - 1) / sizeof(X86PTEPAE);
417 if ( iShw2 != iShw
418 && iShw2 < ELEMENTS(uShw.pPDPae->a)
419 && uShw.pPDPae->a[iShw2].u & PGM_PDFLAGS_MAPPING)
420 {
421 Assert(pgmMapAreMappingsEnabled(&pPool->CTXSUFF(pVM)->pgm.s));
422 VM_FF_SET(pPool->CTXSUFF(pVM), VM_FF_PGM_SYNC_CR3);
423 LogFlow(("pgmPoolMonitorChainChanging: Detected conflict at iShw2=%#x!\n", iShw2));
424 }
425 }
426#if 0 /* useful when running PGMAssertCR3(), a bit too troublesome for general use (TLBs). */
427 if ( uShw.pPDPae->a[iShw].n.u1Present
428 && !VM_FF_ISSET(pPool->CTXSUFF(pVM), VM_FF_PGM_SYNC_CR3))
429 {
430 LogFlow(("pgmPoolMonitorChainChanging: iShw=%#x: %RX32 -> freeing it!\n", iShw, uShw.pPDPae->a[iShw].u));
431# ifdef IN_GC /* TLB load - we're pushing things a bit... */
432 ASMProbeReadByte(pvAddress);
433# endif
434 pgmPoolFree(pPool->CTXSUFF(pVM), uShwpPDPae->a[iShw].u & X86_PDE_PG_MASK, pPage->idx, iShw);
435 uShw.pPDPae->a[iShw].u = 0;
436 }
437#endif
438 break;
439 }
440
441 case PGMPOOLKIND_ROOT_PDPT:
442 {
443 /* Hopefully this doesn't happen very often:
444 * - touching unused parts of the page
445 * - messing with the bits of pd pointers without changing the physical address
446 */
447 const unsigned iShw = off / sizeof(X86PDPE);
448 if (iShw < X86_PG_PAE_PDPE_ENTRIES) /* don't use ELEMENTS(uShw.pPDPT->a), because that's for long mode only */
449 {
450 if (uShw.pPDPT->a[iShw].u & PGM_PLXFLAGS_MAPPING)
451 {
452 Assert(pgmMapAreMappingsEnabled(&pPool->CTXSUFF(pVM)->pgm.s));
453 VM_FF_SET(pPool->CTXSUFF(pVM), VM_FF_PGM_SYNC_CR3);
454 LogFlow(("pgmPoolMonitorChainChanging: Detected conflict at iShw=%#x!\n", iShw));
455 }
456 /* paranoia / a bit assumptive. */
457 else if ( pCpu
458 && (off & 7)
459 && (off & 7) + pgmPoolDisasWriteSize(pCpu) > sizeof(X86PDPE))
460 {
461 const unsigned iShw2 = (off + pgmPoolDisasWriteSize(pCpu) - 1) / sizeof(X86PDPE);
462 if ( iShw2 != iShw
463 && iShw2 < X86_PG_PAE_PDPE_ENTRIES
464 && uShw.pPDPT->a[iShw2].u & PGM_PLXFLAGS_MAPPING)
465 {
466 Assert(pgmMapAreMappingsEnabled(&pPool->CTXSUFF(pVM)->pgm.s));
467 VM_FF_SET(pPool->CTXSUFF(pVM), VM_FF_PGM_SYNC_CR3);
468 LogFlow(("pgmPoolMonitorChainChanging: Detected conflict at iShw2=%#x!\n", iShw2));
469 }
470 }
471 }
472 break;
473 }
474
475 default:
476 AssertFatalMsgFailed(("enmKind=%d\n", pPage->enmKind));
477 }
478
479 /* next */
480 if (pPage->iMonitoredNext == NIL_PGMPOOL_IDX)
481 return;
482 pPage = &pPool->aPages[pPage->iMonitoredNext];
483 }
484}
485
486
487# ifndef IN_RING3
488/**
489 * Checks if a access could be a fork operation in progress.
490 *
491 * Meaning, that the guest is setuping up the parent process for Copy-On-Write.
492 *
493 * @returns true if it's likly that we're forking, otherwise false.
494 * @param pPool The pool.
495 * @param pCpu The disassembled instruction.
496 * @param offFault The access offset.
497 */
498DECLINLINE(bool) pgmPoolMonitorIsForking(PPGMPOOL pPool, PDISCPUSTATE pCpu, unsigned offFault)
499{
500 /*
501 * i386 linux is using btr to clear X86_PTE_RW.
502 * The functions involved are (2.6.16 source inspection):
503 * clear_bit
504 * ptep_set_wrprotect
505 * copy_one_pte
506 * copy_pte_range
507 * copy_pmd_range
508 * copy_pud_range
509 * copy_page_range
510 * dup_mmap
511 * dup_mm
512 * copy_mm
513 * copy_process
514 * do_fork
515 */
516 if ( pCpu->pCurInstr->opcode == OP_BTR
517 && !(offFault & 4)
518 /** @todo Validate that the bit index is X86_PTE_RW. */
519 )
520 {
521 STAM_COUNTER_INC(&pPool->CTXMID(StatMonitor,Fork));
522 return true;
523 }
524 return false;
525}
526
527
528/**
529 * Determin whether the page is likely to have been reused.
530 *
531 * @returns true if we consider the page as being reused for a different purpose.
532 * @returns false if we consider it to still be a paging page.
533 * @param pPage The page in question.
534 * @param pCpu The disassembly info for the faulting insturction.
535 * @param pvFault The fault address.
536 *
537 * @remark The REP prefix check is left to the caller because of STOSD/W.
538 */
539DECLINLINE(bool) pgmPoolMonitorIsReused(PPGMPOOLPAGE pPage, PDISCPUSTATE pCpu, RTGCPTR pvFault)
540{
541 switch (pCpu->pCurInstr->opcode)
542 {
543 case OP_PUSH:
544 Log4(("pgmPoolMonitorIsReused: PUSH\n"));
545 return true;
546 case OP_PUSHF:
547 Log4(("pgmPoolMonitorIsReused: PUSHF\n"));
548 return true;
549 case OP_PUSHA:
550 Log4(("pgmPoolMonitorIsReused: PUSHA\n"));
551 return true;
552 case OP_FXSAVE:
553 Log4(("pgmPoolMonitorIsReused: FXSAVE\n"));
554 return true;
555 case OP_MOVNTI: /* solaris - block_zero_no_xmm */
556 Log4(("pgmPoolMonitorIsReused: MOVNTI\n"));
557 return true;
558 case OP_MOVNTDQ: /* solaris - hwblkclr & hwblkpagecopy */
559 Log4(("pgmPoolMonitorIsReused: MOVNTDQ\n"));
560 return true;
561 }
562 if ( (pCpu->param1.flags & USE_REG_GEN32)
563 && (pCpu->param1.base.reg_gen == USE_REG_ESP))
564 {
565 Log4(("pgmPoolMonitorIsReused: ESP\n"));
566 return true;
567 }
568
569 //if (pPage->fCR3Mix)
570 // return false;
571 return false;
572}
573
574
575/**
576 * Flushes the page being accessed.
577 *
578 * @returns VBox status code suitable for scheduling.
579 * @param pVM The VM handle.
580 * @param pPool The pool.
581 * @param pPage The pool page (head).
582 * @param pCpu The disassembly of the write instruction.
583 * @param pRegFrame The trap register frame.
584 * @param GCPhysFault The fault address as guest physical address.
585 * @param pvFault The fault address.
586 */
587static int pgmPoolAccessHandlerFlush(PVM pVM, PPGMPOOL pPool, PPGMPOOLPAGE pPage, PDISCPUSTATE pCpu,
588 PCPUMCTXCORE pRegFrame, RTGCPHYS GCPhysFault, RTGCPTR pvFault)
589{
590 /*
591 * First, do the flushing.
592 */
593 int rc = pgmPoolMonitorChainFlush(pPool, pPage);
594
595 /*
596 * Emulate the instruction (xp/w2k problem, requires pc/cr2/sp detection).
597 */
598 uint32_t cbWritten;
599 int rc2 = EMInterpretInstructionCPU(pVM, pCpu, pRegFrame, pvFault, &cbWritten);
600 if (VBOX_SUCCESS(rc2))
601 pRegFrame->eip += pCpu->opsize;
602 else if (rc2 == VERR_EM_INTERPRETER)
603 {
604#ifdef IN_GC
605 if (PATMIsPatchGCAddr(pVM, (RTRCPTR)pRegFrame->eip))
606 {
607 LogFlow(("pgmPoolAccessHandlerPTWorker: Interpretation failed for patch code %04x:%RGv, ignoring.\n",
608 pRegFrame->cs, (RTGCPTR)pRegFrame->eip));
609 rc = VINF_SUCCESS;
610 STAM_COUNTER_INC(&pPool->StatMonitorGCIntrFailPatch2);
611 }
612 else
613#endif
614 {
615 rc = VINF_EM_RAW_EMULATE_INSTR;
616 STAM_COUNTER_INC(&pPool->CTXMID(StatMonitor,EmulateInstr));
617 }
618 }
619 else
620 rc = rc2;
621
622 /* See use in pgmPoolAccessHandlerSimple(). */
623 PGM_INVL_GUEST_TLBS();
624
625 LogFlow(("pgmPoolAccessHandlerPT: returns %Vrc (flushed)\n", rc));
626 return rc;
627
628}
629
630
631/**
632 * Handles the STOSD write accesses.
633 *
634 * @returns VBox status code suitable for scheduling.
635 * @param pVM The VM handle.
636 * @param pPool The pool.
637 * @param pPage The pool page (head).
638 * @param pCpu The disassembly of the write instruction.
639 * @param pRegFrame The trap register frame.
640 * @param GCPhysFault The fault address as guest physical address.
641 * @param pvFault The fault address.
642 */
643DECLINLINE(int) pgmPoolAccessHandlerSTOSD(PVM pVM, PPGMPOOL pPool, PPGMPOOLPAGE pPage, PDISCPUSTATE pCpu,
644 PCPUMCTXCORE pRegFrame, RTGCPHYS GCPhysFault, RTGCPTR pvFault)
645{
646 /*
647 * Increment the modification counter and insert it into the list
648 * of modified pages the first time.
649 */
650 if (!pPage->cModifications++)
651 pgmPoolMonitorModifiedInsert(pPool, pPage);
652
653 /*
654 * Execute REP STOSD.
655 *
656 * This ASSUMES that we're not invoked by Trap0e on in a out-of-sync
657 * write situation, meaning that it's safe to write here.
658 */
659 RTGCUINTPTR pu32 = (RTGCUINTPTR)pvFault;
660 while (pRegFrame->ecx)
661 {
662 pgmPoolMonitorChainChanging(pPool, pPage, GCPhysFault, (RTGCPTR)pu32, NULL);
663#ifdef IN_GC
664 *(uint32_t *)pu32 = pRegFrame->eax;
665#else
666 PGMPhysWriteGCPhys(pVM, GCPhysFault, &pRegFrame->eax, 4);
667#endif
668 pu32 += 4;
669 GCPhysFault += 4;
670 pRegFrame->edi += 4;
671 pRegFrame->ecx--;
672 }
673 pRegFrame->eip += pCpu->opsize;
674
675 /* See use in pgmPoolAccessHandlerSimple(). */
676 PGM_INVL_GUEST_TLBS();
677
678 LogFlow(("pgmPoolAccessHandlerSTOSD: returns\n"));
679 return VINF_SUCCESS;
680}
681
682
683/**
684 * Handles the simple write accesses.
685 *
686 * @returns VBox status code suitable for scheduling.
687 * @param pVM The VM handle.
688 * @param pPool The pool.
689 * @param pPage The pool page (head).
690 * @param pCpu The disassembly of the write instruction.
691 * @param pRegFrame The trap register frame.
692 * @param GCPhysFault The fault address as guest physical address.
693 * @param pvFault The fault address.
694 */
695DECLINLINE(int) pgmPoolAccessHandlerSimple(PVM pVM, PPGMPOOL pPool, PPGMPOOLPAGE pPage, PDISCPUSTATE pCpu,
696 PCPUMCTXCORE pRegFrame, RTGCPHYS GCPhysFault, RTGCPTR pvFault)
697{
698 /*
699 * Increment the modification counter and insert it into the list
700 * of modified pages the first time.
701 */
702 if (!pPage->cModifications++)
703 pgmPoolMonitorModifiedInsert(pPool, pPage);
704
705 /*
706 * Clear all the pages. ASSUMES that pvFault is readable.
707 */
708 pgmPoolMonitorChainChanging(pPool, pPage, GCPhysFault, pvFault, pCpu);
709
710 /*
711 * Interpret the instruction.
712 */
713 uint32_t cb;
714 int rc = EMInterpretInstructionCPU(pVM, pCpu, pRegFrame, pvFault, &cb);
715 if (VBOX_SUCCESS(rc))
716 pRegFrame->eip += pCpu->opsize;
717 else if (rc == VERR_EM_INTERPRETER)
718 {
719 LogFlow(("pgmPoolAccessHandlerPTWorker: Interpretation failed for patch code %04x:%RGv - opcode=%d\n",
720 pRegFrame->cs, (RTGCPTR)pRegFrame->eip, pCpu->pCurInstr->opcode));
721 rc = VINF_EM_RAW_EMULATE_INSTR;
722 STAM_COUNTER_INC(&pPool->CTXMID(StatMonitor,EmulateInstr));
723 }
724
725 /*
726 * Quick hack, with logging enabled we're getting stale
727 * code TLBs but no data TLB for EIP and crash in EMInterpretDisasOne.
728 * Flushing here is BAD and expensive, I think EMInterpretDisasOne will
729 * have to be fixed to support this. But that'll have to wait till next week.
730 *
731 * An alternative is to keep track of the changed PTEs together with the
732 * GCPhys from the guest PT. This may proove expensive though.
733 *
734 * At the moment, it's VITAL that it's done AFTER the instruction interpreting
735 * because we need the stale TLBs in some cases (XP boot). This MUST be fixed properly!
736 */
737 PGM_INVL_GUEST_TLBS();
738
739 LogFlow(("pgmPoolAccessHandlerSimple: returns %Vrc cb=%d\n", rc, cb));
740 return rc;
741}
742
743
744/**
745 * \#PF Handler callback for PT write accesses.
746 *
747 * @returns VBox status code (appropriate for GC return).
748 * @param pVM VM Handle.
749 * @param uErrorCode CPU Error code.
750 * @param pRegFrame Trap register frame.
751 * NULL on DMA and other non CPU access.
752 * @param pvFault The fault address (cr2).
753 * @param GCPhysFault The GC physical address corresponding to pvFault.
754 * @param pvUser User argument.
755 */
756DECLEXPORT(int) pgmPoolAccessHandler(PVM pVM, RTGCUINT uErrorCode, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault, RTGCPHYS GCPhysFault, void *pvUser)
757{
758 STAM_PROFILE_START(&pVM->pgm.s.CTXSUFF(pPool)->CTXSUFF(StatMonitor), a);
759 PPGMPOOL pPool = pVM->pgm.s.CTXSUFF(pPool);
760 PPGMPOOLPAGE pPage = (PPGMPOOLPAGE)pvUser;
761 LogFlow(("pgmPoolAccessHandler: pvFault=%VGv pPage=%p:{.idx=%d} GCPhysFault=%VGp\n", pvFault, pPage, pPage->idx, GCPhysFault));
762
763 /*
764 * We should ALWAYS have the list head as user parameter. This
765 * is because we use that page to record the changes.
766 */
767 Assert(pPage->iMonitoredPrev == NIL_PGMPOOL_IDX);
768
769 /*
770 * Disassemble the faulting instruction.
771 */
772 DISCPUSTATE Cpu;
773 int rc = EMInterpretDisasOne(pVM, pRegFrame, &Cpu, NULL);
774 AssertRCReturn(rc, rc);
775
776 /*
777 * Check if it's worth dealing with.
778 */
779 bool fReused = false;
780 if ( ( pPage->cModifications < 48 /** @todo #define */ /** @todo need to check that it's not mapping EIP. */ /** @todo adjust this! */
781 || pPage->fCR3Mix)
782 && !(fReused = pgmPoolMonitorIsReused(pPage, &Cpu, pvFault))
783 && !pgmPoolMonitorIsForking(pPool, &Cpu, GCPhysFault & PAGE_OFFSET_MASK))
784 {
785 /*
786 * Simple instructions, no REP prefix.
787 */
788 if (!(Cpu.prefix & (PREFIX_REP | PREFIX_REPNE)))
789 {
790 rc = pgmPoolAccessHandlerSimple(pVM, pPool, pPage, &Cpu, pRegFrame, GCPhysFault, pvFault);
791 STAM_PROFILE_STOP_EX(&pVM->pgm.s.CTXSUFF(pPool)->CTXSUFF(StatMonitor), &pPool->CTXMID(StatMonitor,Handled), a);
792 return rc;
793 }
794
795 /*
796 * Windows is frequently doing small memset() operations (netio test 4k+).
797 * We have to deal with these or we'll kill the cache and performance.
798 */
799 if ( Cpu.pCurInstr->opcode == OP_STOSWD
800 && CPUMGetGuestCPL(pVM, pRegFrame) == 0
801 && pRegFrame->ecx <= 0x20
802 && pRegFrame->ecx * 4 <= PAGE_SIZE - ((uintptr_t)pvFault & PAGE_OFFSET_MASK)
803 && !((uintptr_t)pvFault & 3)
804 && (pRegFrame->eax == 0 || pRegFrame->eax == 0x80) /* the two values observed. */
805 && Cpu.mode == CPUMODE_32BIT
806 && Cpu.opmode == CPUMODE_32BIT
807 && Cpu.addrmode == CPUMODE_32BIT
808 && Cpu.prefix == PREFIX_REP
809 && !pRegFrame->eflags.Bits.u1DF
810 )
811 {
812 rc = pgmPoolAccessHandlerSTOSD(pVM, pPool, pPage, &Cpu, pRegFrame, GCPhysFault, pvFault);
813 STAM_PROFILE_STOP_EX(&pVM->pgm.s.CTXSUFF(pPool)->CTXSUFF(StatMonitor), &pPool->CTXMID(StatMonitor,RepStosd), a);
814 return rc;
815 }
816
817 /* REP prefix, don't bother. */
818 STAM_COUNTER_INC(&pPool->CTXMID(StatMonitor,RepPrefix));
819 Log4(("pgmPoolAccessHandler: eax=%#x ecx=%#x edi=%#x esi=%#x eip=%#x opcode=%d prefix=%#x\n",
820 pRegFrame->eax, pRegFrame->ecx, pRegFrame->edi, pRegFrame->esi, pRegFrame->eip, Cpu.pCurInstr->opcode, Cpu.prefix));
821 }
822
823 /*
824 * Not worth it, so flush it.
825 *
826 * If we considered it to be reused, don't to back to ring-3
827 * to emulate failed instructions since we usually cannot
828 * interpret then. This may be a bit risky, in which case
829 * the reuse detection must be fixed.
830 */
831 rc = pgmPoolAccessHandlerFlush(pVM, pPool, pPage, &Cpu, pRegFrame, GCPhysFault, pvFault);
832 if (rc == VINF_EM_RAW_EMULATE_INSTR && fReused)
833 rc = VINF_SUCCESS;
834 STAM_PROFILE_STOP_EX(&pVM->pgm.s.CTXSUFF(pPool)->CTXSUFF(StatMonitor), &pPool->CTXMID(StatMonitor,FlushPage), a);
835 return rc;
836}
837
838# endif /* !IN_RING3 */
839#endif /* PGMPOOL_WITH_MONITORING */
840
841
842
843#ifdef PGMPOOL_WITH_CACHE
844/**
845 * Inserts a page into the GCPhys hash table.
846 *
847 * @param pPool The pool.
848 * @param pPage The page.
849 */
850DECLINLINE(void) pgmPoolHashInsert(PPGMPOOL pPool, PPGMPOOLPAGE pPage)
851{
852 Log3(("pgmPoolHashInsert: %VGp\n", pPage->GCPhys));
853 Assert(pPage->GCPhys != NIL_RTGCPHYS); Assert(pPage->iNext == NIL_PGMPOOL_IDX);
854 uint16_t iHash = PGMPOOL_HASH(pPage->GCPhys);
855 pPage->iNext = pPool->aiHash[iHash];
856 pPool->aiHash[iHash] = pPage->idx;
857}
858
859
860/**
861 * Removes a page from the GCPhys hash table.
862 *
863 * @param pPool The pool.
864 * @param pPage The page.
865 */
866DECLINLINE(void) pgmPoolHashRemove(PPGMPOOL pPool, PPGMPOOLPAGE pPage)
867{
868 Log3(("pgmPoolHashRemove: %VGp\n", pPage->GCPhys));
869 uint16_t iHash = PGMPOOL_HASH(pPage->GCPhys);
870 if (pPool->aiHash[iHash] == pPage->idx)
871 pPool->aiHash[iHash] = pPage->iNext;
872 else
873 {
874 uint16_t iPrev = pPool->aiHash[iHash];
875 for (;;)
876 {
877 const int16_t i = pPool->aPages[iPrev].iNext;
878 if (i == pPage->idx)
879 {
880 pPool->aPages[iPrev].iNext = pPage->iNext;
881 break;
882 }
883 if (i == NIL_PGMPOOL_IDX)
884 {
885 AssertReleaseMsgFailed(("GCPhys=%VGp idx=%#x\n", pPage->GCPhys, pPage->idx));
886 break;
887 }
888 iPrev = i;
889 }
890 }
891 pPage->iNext = NIL_PGMPOOL_IDX;
892}
893
894
895/**
896 * Frees up one cache page.
897 *
898 * @returns VBox status code.
899 * @retval VINF_SUCCESS on success.
900 * @retval VERR_PGM_POOL_CLEARED if the deregistration of a physical handler will cause a light weight pool flush.
901 * @param pPool The pool.
902 * @param iUser The user index.
903 */
904static int pgmPoolCacheFreeOne(PPGMPOOL pPool, uint16_t iUser)
905{
906#ifndef IN_GC
907 const PVM pVM = pPool->CTXSUFF(pVM);
908#endif
909 Assert(pPool->iAgeHead != pPool->iAgeTail); /* We shouldn't be here if there < 2 cached entries! */
910 STAM_COUNTER_INC(&pPool->StatCacheFreeUpOne);
911
912 /*
913 * Select one page from the tail of the age list.
914 */
915 uint16_t iToFree = pPool->iAgeTail;
916 if (iToFree == iUser)
917 iToFree = pPool->aPages[iToFree].iAgePrev;
918/* This is the alternative to the SyncCR3 pgmPoolCacheUsed calls.
919 if (pPool->aPages[iToFree].iUserHead != NIL_PGMPOOL_USER_INDEX)
920 {
921 uint16_t i = pPool->aPages[iToFree].iAgePrev;
922 for (unsigned j = 0; j < 10 && i != NIL_PGMPOOL_USER_INDEX; j++, i = pPool->aPages[i].iAgePrev)
923 {
924 if (pPool->aPages[iToFree].iUserHead == NIL_PGMPOOL_USER_INDEX)
925 continue;
926 iToFree = i;
927 break;
928 }
929 }
930*/
931 Assert(iToFree != iUser);
932 AssertRelease(iToFree != NIL_PGMPOOL_IDX);
933
934 int rc = pgmPoolFlushPage(pPool, &pPool->aPages[iToFree]);
935 if (rc == VINF_SUCCESS)
936 PGM_INVL_GUEST_TLBS(); /* see PT handler. */
937 return rc;
938}
939
940
941/**
942 * Checks if a kind mismatch is really a page being reused
943 * or if it's just normal remappings.
944 *
945 * @returns true if reused and the cached page (enmKind1) should be flushed
946 * @returns false if not reused.
947 * @param enmKind1 The kind of the cached page.
948 * @param enmKind2 The kind of the requested page.
949 */
950static bool pgmPoolCacheReusedByKind(PGMPOOLKIND enmKind1, PGMPOOLKIND enmKind2)
951{
952 switch (enmKind1)
953 {
954 /*
955 * Never reuse them. There is no remapping in non-paging mode.
956 */
957 case PGMPOOLKIND_32BIT_PT_FOR_PHYS:
958 case PGMPOOLKIND_PAE_PT_FOR_PHYS:
959 return true;
960
961 /*
962 * It's perfectly fine to reuse these, except for PAE and non-paging stuff.
963 */
964 case PGMPOOLKIND_PAE_PT_FOR_32BIT_4MB:
965 case PGMPOOLKIND_32BIT_PT_FOR_32BIT_4MB:
966 case PGMPOOLKIND_32BIT_PT_FOR_32BIT_PT:
967 case PGMPOOLKIND_PAE_PT_FOR_32BIT_PT:
968 case PGMPOOLKIND_PAE_PD_FOR_32BIT_PD:
969 switch (enmKind2)
970 {
971 case PGMPOOLKIND_PAE_PD_FOR_PAE_PD:
972 case PGMPOOLKIND_PAE_PT_FOR_PAE_PT:
973 case PGMPOOLKIND_64BIT_PDPT_FOR_64BIT_PDPT:
974 case PGMPOOLKIND_PAE_PT_FOR_PAE_2MB:
975 case PGMPOOLKIND_32BIT_PT_FOR_PHYS:
976 case PGMPOOLKIND_PAE_PT_FOR_PHYS:
977 return true;
978 default:
979 return false;
980 }
981
982 /*
983 * It's perfectly fine to reuse these, except for PAE and non-paging stuff.
984 */
985 case PGMPOOLKIND_PAE_PD_FOR_PAE_PD:
986 case PGMPOOLKIND_PAE_PT_FOR_PAE_PT:
987 case PGMPOOLKIND_64BIT_PDPT_FOR_64BIT_PDPT:
988 case PGMPOOLKIND_PAE_PT_FOR_PAE_2MB:
989 switch (enmKind2)
990 {
991 case PGMPOOLKIND_PAE_PT_FOR_32BIT_4MB:
992 case PGMPOOLKIND_32BIT_PT_FOR_32BIT_4MB:
993 case PGMPOOLKIND_32BIT_PT_FOR_32BIT_PT:
994 case PGMPOOLKIND_PAE_PT_FOR_32BIT_PT:
995 case PGMPOOLKIND_PAE_PD_FOR_32BIT_PD:
996 case PGMPOOLKIND_32BIT_PT_FOR_PHYS:
997 case PGMPOOLKIND_PAE_PT_FOR_PHYS:
998 return true;
999 default:
1000 return false;
1001 }
1002
1003 /*
1004 * These cannot be flushed, and it's common to reuse the PDs as PTs.
1005 */
1006 case PGMPOOLKIND_ROOT_32BIT_PD:
1007 case PGMPOOLKIND_ROOT_PAE_PD:
1008 case PGMPOOLKIND_ROOT_PDPT:
1009 case PGMPOOLKIND_ROOT_PML4:
1010 return false;
1011
1012 default:
1013 AssertFatalMsgFailed(("enmKind1=%d\n", enmKind1));
1014 }
1015}
1016
1017
1018/**
1019 * Attempts to satisfy a pgmPoolAlloc request from the cache.
1020 *
1021 * @returns VBox status code.
1022 * @retval VINF_PGM_CACHED_PAGE on success.
1023 * @retval VERR_FILE_NOT_FOUND if not found.
1024 * @param pPool The pool.
1025 * @param GCPhys The GC physical address of the page we're gonna shadow.
1026 * @param enmKind The kind of mapping.
1027 * @param iUser The shadow page pool index of the user table.
1028 * @param iUserTable The index into the user table (shadowed).
1029 * @param ppPage Where to store the pointer to the page.
1030 */
1031static int pgmPoolCacheAlloc(PPGMPOOL pPool, RTGCPHYS GCPhys, PGMPOOLKIND enmKind, uint16_t iUser, uint16_t iUserTable, PPPGMPOOLPAGE ppPage)
1032{
1033#ifndef IN_GC
1034 const PVM pVM = pPool->CTXSUFF(pVM);
1035#endif
1036 /*
1037 * Look up the GCPhys in the hash.
1038 */
1039 unsigned i = pPool->aiHash[PGMPOOL_HASH(GCPhys)];
1040 Log3(("pgmPoolCacheAlloc: %VGp kind %d iUser=%d iUserTable=%x SLOT=%d\n", GCPhys, enmKind, iUser, iUserTable, i));
1041 if (i != NIL_PGMPOOL_IDX)
1042 {
1043 do
1044 {
1045 PPGMPOOLPAGE pPage = &pPool->aPages[i];
1046 Log3(("pgmPoolCacheAlloc: slot %d found page %VGp\n", i, pPage->GCPhys));
1047 if (pPage->GCPhys == GCPhys)
1048 {
1049 if ((PGMPOOLKIND)pPage->enmKind == enmKind)
1050 {
1051 int rc = pgmPoolTrackAddUser(pPool, pPage, iUser, iUserTable);
1052 if (VBOX_SUCCESS(rc))
1053 {
1054 *ppPage = pPage;
1055 STAM_COUNTER_INC(&pPool->StatCacheHits);
1056 return VINF_PGM_CACHED_PAGE;
1057 }
1058 return rc;
1059 }
1060
1061 /*
1062 * The kind is different. In some cases we should now flush the page
1063 * as it has been reused, but in most cases this is normal remapping
1064 * of PDs as PT or big pages using the GCPhys field in a slightly
1065 * different way than the other kinds.
1066 */
1067 if (pgmPoolCacheReusedByKind((PGMPOOLKIND)pPage->enmKind, enmKind))
1068 {
1069 STAM_COUNTER_INC(&pPool->StatCacheKindMismatches);
1070 pgmPoolFlushPage(pPool, pPage); /* ASSUMES that VERR_PGM_POOL_CLEARED will be returned by pgmPoolTracInsert. */
1071 PGM_INVL_GUEST_TLBS(); /* see PT handler. */
1072 break;
1073 }
1074 }
1075
1076 /* next */
1077 i = pPage->iNext;
1078 } while (i != NIL_PGMPOOL_IDX);
1079 }
1080
1081 Log3(("pgmPoolCacheAlloc: Missed GCPhys=%RGp enmKind=%d\n", GCPhys, enmKind));
1082 STAM_COUNTER_INC(&pPool->StatCacheMisses);
1083 return VERR_FILE_NOT_FOUND;
1084}
1085
1086
1087/**
1088 * Inserts a page into the cache.
1089 *
1090 * @param pPool The pool.
1091 * @param pPage The cached page.
1092 * @param fCanBeCached Set if the page is fit for caching from the caller's point of view.
1093 */
1094static void pgmPoolCacheInsert(PPGMPOOL pPool, PPGMPOOLPAGE pPage, bool fCanBeCached)
1095{
1096 /*
1097 * Insert into the GCPhys hash if the page is fit for that.
1098 */
1099 Assert(!pPage->fCached);
1100 if (fCanBeCached)
1101 {
1102 pPage->fCached = true;
1103 pgmPoolHashInsert(pPool, pPage);
1104 Log3(("pgmPoolCacheInsert: Caching %p:{.Core=%RHp, .idx=%d, .enmKind=%d, GCPhys=%RGp}\n",
1105 pPage, pPage->Core.Key, pPage->idx, pPage->enmKind, pPage->GCPhys));
1106 STAM_COUNTER_INC(&pPool->StatCacheCacheable);
1107 }
1108 else
1109 {
1110 Log3(("pgmPoolCacheInsert: Not caching %p:{.Core=%RHp, .idx=%d, .enmKind=%d, GCPhys=%RGp}\n",
1111 pPage, pPage->Core.Key, pPage->idx, pPage->enmKind, pPage->GCPhys));
1112 STAM_COUNTER_INC(&pPool->StatCacheUncacheable);
1113 }
1114
1115 /*
1116 * Insert at the head of the age list.
1117 */
1118 pPage->iAgePrev = NIL_PGMPOOL_IDX;
1119 pPage->iAgeNext = pPool->iAgeHead;
1120 if (pPool->iAgeHead != NIL_PGMPOOL_IDX)
1121 pPool->aPages[pPool->iAgeHead].iAgePrev = pPage->idx;
1122 else
1123 pPool->iAgeTail = pPage->idx;
1124 pPool->iAgeHead = pPage->idx;
1125}
1126
1127
1128/**
1129 * Flushes a cached page.
1130 *
1131 * @param pPool The pool.
1132 * @param pPage The cached page.
1133 */
1134static void pgmPoolCacheFlushPage(PPGMPOOL pPool, PPGMPOOLPAGE pPage)
1135{
1136 Log3(("pgmPoolCacheFlushPage: %VGp\n", pPage->GCPhys));
1137
1138 /*
1139 * Remove the page from the hash.
1140 */
1141 if (pPage->fCached)
1142 {
1143 pPage->fCached = false;
1144 pgmPoolHashRemove(pPool, pPage);
1145 }
1146 else
1147 Assert(pPage->iNext == NIL_PGMPOOL_IDX);
1148
1149 /*
1150 * Remove it from the age list.
1151 */
1152 if (pPage->iAgeNext != NIL_PGMPOOL_IDX)
1153 pPool->aPages[pPage->iAgeNext].iAgePrev = pPage->iAgePrev;
1154 else
1155 pPool->iAgeTail = pPage->iAgePrev;
1156 if (pPage->iAgePrev != NIL_PGMPOOL_IDX)
1157 pPool->aPages[pPage->iAgePrev].iAgeNext = pPage->iAgeNext;
1158 else
1159 pPool->iAgeHead = pPage->iAgeNext;
1160 pPage->iAgeNext = NIL_PGMPOOL_IDX;
1161 pPage->iAgePrev = NIL_PGMPOOL_IDX;
1162}
1163#endif /* PGMPOOL_WITH_CACHE */
1164
1165
1166#ifdef PGMPOOL_WITH_MONITORING
1167/**
1168 * Looks for pages sharing the monitor.
1169 *
1170 * @returns Pointer to the head page.
1171 * @returns NULL if not found.
1172 * @param pPool The Pool
1173 * @param pNewPage The page which is going to be monitored.
1174 */
1175static PPGMPOOLPAGE pgmPoolMonitorGetPageByGCPhys(PPGMPOOL pPool, PPGMPOOLPAGE pNewPage)
1176{
1177#ifdef PGMPOOL_WITH_CACHE
1178 /*
1179 * Look up the GCPhys in the hash.
1180 */
1181 RTGCPHYS GCPhys = pNewPage->GCPhys & ~(RTGCPHYS)(PAGE_SIZE - 1);
1182 unsigned i = pPool->aiHash[PGMPOOL_HASH(GCPhys)];
1183 if (i == NIL_PGMPOOL_IDX)
1184 return NULL;
1185 do
1186 {
1187 PPGMPOOLPAGE pPage = &pPool->aPages[i];
1188 if ( pPage->GCPhys - GCPhys < PAGE_SIZE
1189 && pPage != pNewPage)
1190 {
1191 switch (pPage->enmKind)
1192 {
1193 case PGMPOOLKIND_32BIT_PT_FOR_32BIT_PT:
1194 case PGMPOOLKIND_PAE_PT_FOR_32BIT_PT:
1195 case PGMPOOLKIND_PAE_PT_FOR_PAE_PT:
1196 case PGMPOOLKIND_PAE_PD_FOR_32BIT_PD:
1197 case PGMPOOLKIND_PAE_PD_FOR_PAE_PD:
1198 case PGMPOOLKIND_64BIT_PDPT_FOR_64BIT_PDPT:
1199 case PGMPOOLKIND_ROOT_32BIT_PD:
1200 case PGMPOOLKIND_ROOT_PAE_PD:
1201 case PGMPOOLKIND_ROOT_PDPT:
1202 case PGMPOOLKIND_ROOT_PML4:
1203 {
1204 /* find the head */
1205 while (pPage->iMonitoredPrev != NIL_PGMPOOL_IDX)
1206 {
1207 Assert(pPage->iMonitoredPrev != pPage->idx);
1208 pPage = &pPool->aPages[pPage->iMonitoredPrev];
1209 }
1210 return pPage;
1211 }
1212
1213 /* ignore, no monitoring. */
1214 case PGMPOOLKIND_32BIT_PT_FOR_32BIT_4MB:
1215 case PGMPOOLKIND_PAE_PT_FOR_PAE_2MB:
1216 case PGMPOOLKIND_PAE_PT_FOR_32BIT_4MB:
1217 case PGMPOOLKIND_32BIT_PT_FOR_PHYS:
1218 case PGMPOOLKIND_PAE_PT_FOR_PHYS:
1219 break;
1220 default:
1221 AssertFatalMsgFailed(("enmKind=%d idx=%d\n", pPage->enmKind, pPage->idx));
1222 }
1223 }
1224
1225 /* next */
1226 i = pPage->iNext;
1227 } while (i != NIL_PGMPOOL_IDX);
1228#endif
1229 return NULL;
1230}
1231
1232/**
1233 * Enabled write monitoring of a guest page.
1234 *
1235 * @returns VBox status code.
1236 * @retval VINF_SUCCESS on success.
1237 * @retval VERR_PGM_POOL_CLEARED if the registration of the physical handler will cause a light weight pool flush.
1238 * @param pPool The pool.
1239 * @param pPage The cached page.
1240 */
1241static int pgmPoolMonitorInsert(PPGMPOOL pPool, PPGMPOOLPAGE pPage)
1242{
1243 LogFlow(("pgmPoolMonitorInsert %VGp\n", pPage->GCPhys & ~(RTGCPHYS)(PAGE_SIZE - 1)));
1244
1245 /*
1246 * Filter out the relevant kinds.
1247 */
1248 switch (pPage->enmKind)
1249 {
1250 case PGMPOOLKIND_32BIT_PT_FOR_32BIT_PT:
1251 case PGMPOOLKIND_PAE_PT_FOR_32BIT_PT:
1252 case PGMPOOLKIND_PAE_PD_FOR_PAE_PD:
1253 case PGMPOOLKIND_PAE_PT_FOR_PAE_PT:
1254 case PGMPOOLKIND_ROOT_PDPT:
1255 break;
1256
1257 case PGMPOOLKIND_32BIT_PT_FOR_32BIT_4MB:
1258 case PGMPOOLKIND_PAE_PT_FOR_32BIT_4MB:
1259 case PGMPOOLKIND_PAE_PT_FOR_PAE_2MB:
1260 case PGMPOOLKIND_32BIT_PT_FOR_PHYS:
1261 case PGMPOOLKIND_PAE_PT_FOR_PHYS:
1262 /* Nothing to monitor here. */
1263 return VINF_SUCCESS;
1264
1265 case PGMPOOLKIND_ROOT_32BIT_PD:
1266 case PGMPOOLKIND_ROOT_PAE_PD:
1267#ifdef PGMPOOL_WITH_MIXED_PT_CR3
1268 break;
1269#endif
1270 case PGMPOOLKIND_PAE_PD_FOR_32BIT_PD:
1271 case PGMPOOLKIND_64BIT_PDPT_FOR_64BIT_PDPT:
1272 case PGMPOOLKIND_ROOT_PML4:
1273 default:
1274 AssertFatalMsgFailed(("This can't happen! enmKind=%d\n", pPage->enmKind));
1275 }
1276
1277 /*
1278 * Install handler.
1279 */
1280 int rc;
1281 PPGMPOOLPAGE pPageHead = pgmPoolMonitorGetPageByGCPhys(pPool, pPage);
1282 if (pPageHead)
1283 {
1284 Assert(pPageHead != pPage); Assert(pPageHead->iMonitoredNext != pPage->idx);
1285 Assert(pPageHead->iMonitoredPrev != pPage->idx);
1286 pPage->iMonitoredPrev = pPageHead->idx;
1287 pPage->iMonitoredNext = pPageHead->iMonitoredNext;
1288 if (pPageHead->iMonitoredNext != NIL_PGMPOOL_IDX)
1289 pPool->aPages[pPageHead->iMonitoredNext].iMonitoredPrev = pPage->idx;
1290 pPageHead->iMonitoredNext = pPage->idx;
1291 rc = VINF_SUCCESS;
1292 }
1293 else
1294 {
1295 Assert(pPage->iMonitoredNext == NIL_PGMPOOL_IDX); Assert(pPage->iMonitoredPrev == NIL_PGMPOOL_IDX);
1296 PVM pVM = pPool->CTXSUFF(pVM);
1297 const RTGCPHYS GCPhysPage = pPage->GCPhys & ~(RTGCPHYS)(PAGE_SIZE - 1);
1298 rc = PGMHandlerPhysicalRegisterEx(pVM, PGMPHYSHANDLERTYPE_PHYSICAL_WRITE,
1299 GCPhysPage, GCPhysPage + (PAGE_SIZE - 1),
1300 pPool->pfnAccessHandlerR3, MMHyperCCToR3(pVM, pPage),
1301 pPool->pfnAccessHandlerR0, MMHyperCCToR0(pVM, pPage),
1302 pPool->pfnAccessHandlerGC, MMHyperCCToGC(pVM, pPage),
1303 pPool->pszAccessHandler);
1304 /** @todo we should probably deal with out-of-memory conditions here, but for now increasing
1305 * the heap size should suffice. */
1306 AssertFatalRC(rc);
1307 if (pVM->pgm.s.fSyncFlags & PGM_SYNC_CLEAR_PGM_POOL)
1308 rc = VERR_PGM_POOL_CLEARED;
1309 }
1310 pPage->fMonitored = true;
1311 return rc;
1312}
1313
1314
1315/**
1316 * Disables write monitoring of a guest page.
1317 *
1318 * @returns VBox status code.
1319 * @retval VINF_SUCCESS on success.
1320 * @retval VERR_PGM_POOL_CLEARED if the deregistration of the physical handler will cause a light weight pool flush.
1321 * @param pPool The pool.
1322 * @param pPage The cached page.
1323 */
1324static int pgmPoolMonitorFlush(PPGMPOOL pPool, PPGMPOOLPAGE pPage)
1325{
1326 /*
1327 * Filter out the relevant kinds.
1328 */
1329 switch (pPage->enmKind)
1330 {
1331 case PGMPOOLKIND_32BIT_PT_FOR_32BIT_PT:
1332 case PGMPOOLKIND_PAE_PT_FOR_32BIT_PT:
1333 case PGMPOOLKIND_PAE_PD_FOR_PAE_PD:
1334 case PGMPOOLKIND_PAE_PT_FOR_PAE_PT:
1335 case PGMPOOLKIND_ROOT_PDPT:
1336 break;
1337
1338 case PGMPOOLKIND_32BIT_PT_FOR_32BIT_4MB:
1339 case PGMPOOLKIND_PAE_PT_FOR_32BIT_4MB:
1340 case PGMPOOLKIND_PAE_PT_FOR_PAE_2MB:
1341 case PGMPOOLKIND_32BIT_PT_FOR_PHYS:
1342 case PGMPOOLKIND_PAE_PT_FOR_PHYS:
1343 /* Nothing to monitor here. */
1344 return VINF_SUCCESS;
1345
1346 case PGMPOOLKIND_ROOT_32BIT_PD:
1347 case PGMPOOLKIND_ROOT_PAE_PD:
1348#ifdef PGMPOOL_WITH_MIXED_PT_CR3
1349 break;
1350#endif
1351 case PGMPOOLKIND_PAE_PD_FOR_32BIT_PD:
1352 case PGMPOOLKIND_64BIT_PDPT_FOR_64BIT_PDPT:
1353 case PGMPOOLKIND_ROOT_PML4:
1354 default:
1355 AssertFatalMsgFailed(("This can't happen! enmKind=%d\n", pPage->enmKind));
1356 }
1357
1358 /*
1359 * Remove the page from the monitored list or uninstall it if last.
1360 */
1361 const PVM pVM = pPool->CTXSUFF(pVM);
1362 int rc;
1363 if ( pPage->iMonitoredNext != NIL_PGMPOOL_IDX
1364 || pPage->iMonitoredPrev != NIL_PGMPOOL_IDX)
1365 {
1366 if (pPage->iMonitoredPrev == NIL_PGMPOOL_IDX)
1367 {
1368 PPGMPOOLPAGE pNewHead = &pPool->aPages[pPage->iMonitoredNext];
1369 pNewHead->iMonitoredPrev = NIL_PGMPOOL_IDX;
1370 pNewHead->fCR3Mix = pPage->fCR3Mix;
1371 rc = PGMHandlerPhysicalChangeCallbacks(pVM, pPage->GCPhys & ~(RTGCPHYS)(PAGE_SIZE - 1),
1372 pPool->pfnAccessHandlerR3, MMHyperCCToR3(pVM, pNewHead),
1373 pPool->pfnAccessHandlerR0, MMHyperCCToR0(pVM, pNewHead),
1374 pPool->pfnAccessHandlerGC, MMHyperCCToGC(pVM, pNewHead),
1375 pPool->pszAccessHandler);
1376 AssertFatalRCSuccess(rc);
1377 pPage->iMonitoredNext = NIL_PGMPOOL_IDX;
1378 }
1379 else
1380 {
1381 pPool->aPages[pPage->iMonitoredPrev].iMonitoredNext = pPage->iMonitoredNext;
1382 if (pPage->iMonitoredNext != NIL_PGMPOOL_IDX)
1383 {
1384 pPool->aPages[pPage->iMonitoredNext].iMonitoredPrev = pPage->iMonitoredPrev;
1385 pPage->iMonitoredNext = NIL_PGMPOOL_IDX;
1386 }
1387 pPage->iMonitoredPrev = NIL_PGMPOOL_IDX;
1388 rc = VINF_SUCCESS;
1389 }
1390 }
1391 else
1392 {
1393 rc = PGMHandlerPhysicalDeregister(pVM, pPage->GCPhys & ~(RTGCPHYS)(PAGE_SIZE - 1));
1394 AssertFatalRC(rc);
1395 if (pVM->pgm.s.fSyncFlags & PGM_SYNC_CLEAR_PGM_POOL)
1396 rc = VERR_PGM_POOL_CLEARED;
1397 }
1398 pPage->fMonitored = false;
1399
1400 /*
1401 * Remove it from the list of modified pages (if in it).
1402 */
1403 pgmPoolMonitorModifiedRemove(pPool, pPage);
1404
1405 return rc;
1406}
1407
1408
1409#ifdef PGMPOOL_WITH_MIXED_PT_CR3
1410/**
1411 * Set or clear the fCR3Mix attribute in a chain of monitored pages.
1412 *
1413 * @param pPool The Pool.
1414 * @param pPage A page in the chain.
1415 * @param fCR3Mix The new fCR3Mix value.
1416 */
1417static void pgmPoolMonitorChainChangeCR3Mix(PPGMPOOL pPool, PPGMPOOLPAGE pPage, bool fCR3Mix)
1418{
1419 /* current */
1420 pPage->fCR3Mix = fCR3Mix;
1421
1422 /* before */
1423 int16_t idx = pPage->iMonitoredPrev;
1424 while (idx != NIL_PGMPOOL_IDX)
1425 {
1426 pPool->aPages[idx].fCR3Mix = fCR3Mix;
1427 idx = pPool->aPages[idx].iMonitoredPrev;
1428 }
1429
1430 /* after */
1431 idx = pPage->iMonitoredNext;
1432 while (idx != NIL_PGMPOOL_IDX)
1433 {
1434 pPool->aPages[idx].fCR3Mix = fCR3Mix;
1435 idx = pPool->aPages[idx].iMonitoredNext;
1436 }
1437}
1438
1439
1440/**
1441 * Installs or modifies monitoring of a CR3 page (special).
1442 *
1443 * We're pretending the CR3 page is shadowed by the pool so we can use the
1444 * generic mechanisms in detecting chained monitoring. (This also gives us a
1445 * tast of what code changes are required to really pool CR3 shadow pages.)
1446 *
1447 * @returns VBox status code.
1448 * @param pPool The pool.
1449 * @param idxRoot The CR3 (root) page index.
1450 * @param GCPhysCR3 The (new) CR3 value.
1451 */
1452int pgmPoolMonitorMonitorCR3(PPGMPOOL pPool, uint16_t idxRoot, RTGCPHYS GCPhysCR3)
1453{
1454 Assert(idxRoot != NIL_PGMPOOL_IDX && idxRoot < PGMPOOL_IDX_FIRST);
1455 PPGMPOOLPAGE pPage = &pPool->aPages[idxRoot];
1456 LogFlow(("pgmPoolMonitorMonitorCR3: idxRoot=%d pPage=%p:{.GCPhys=%VGp, .fMonitored=%d} GCPhysCR3=%VGp\n",
1457 idxRoot, pPage, pPage->GCPhys, pPage->fMonitored, GCPhysCR3));
1458
1459 /*
1460 * The unlikely case where it already matches.
1461 */
1462 if (pPage->GCPhys == GCPhysCR3)
1463 {
1464 Assert(pPage->fMonitored);
1465 return VINF_SUCCESS;
1466 }
1467
1468 /*
1469 * Flush the current monitoring and remove it from the hash.
1470 */
1471 int rc = VINF_SUCCESS;
1472 if (pPage->fMonitored)
1473 {
1474 pgmPoolMonitorChainChangeCR3Mix(pPool, pPage, false);
1475 rc = pgmPoolMonitorFlush(pPool, pPage);
1476 if (rc == VERR_PGM_POOL_CLEARED)
1477 rc = VINF_SUCCESS;
1478 else
1479 AssertFatalRC(rc);
1480 pgmPoolHashRemove(pPool, pPage);
1481 }
1482
1483 /*
1484 * Monitor the page at the new location and insert it into the hash.
1485 */
1486 pPage->GCPhys = GCPhysCR3;
1487 int rc2 = pgmPoolMonitorInsert(pPool, pPage);
1488 if (rc2 != VERR_PGM_POOL_CLEARED)
1489 {
1490 AssertFatalRC(rc2);
1491 if (rc2 != VINF_SUCCESS && rc == VINF_SUCCESS)
1492 rc = rc2;
1493 }
1494 pgmPoolHashInsert(pPool, pPage);
1495 pgmPoolMonitorChainChangeCR3Mix(pPool, pPage, true);
1496 return rc;
1497}
1498
1499
1500/**
1501 * Removes the monitoring of a CR3 page (special).
1502 *
1503 * @returns VBox status code.
1504 * @param pPool The pool.
1505 * @param idxRoot The CR3 (root) page index.
1506 */
1507int pgmPoolMonitorUnmonitorCR3(PPGMPOOL pPool, uint16_t idxRoot)
1508{
1509 Assert(idxRoot != NIL_PGMPOOL_IDX && idxRoot < PGMPOOL_IDX_FIRST);
1510 PPGMPOOLPAGE pPage = &pPool->aPages[idxRoot];
1511 LogFlow(("pgmPoolMonitorUnmonitorCR3: idxRoot=%d pPage=%p:{.GCPhys=%VGp, .fMonitored=%d}\n",
1512 idxRoot, pPage, pPage->GCPhys, pPage->fMonitored));
1513
1514 if (!pPage->fMonitored)
1515 return VINF_SUCCESS;
1516
1517 pgmPoolMonitorChainChangeCR3Mix(pPool, pPage, false);
1518 int rc = pgmPoolMonitorFlush(pPool, pPage);
1519 if (rc != VERR_PGM_POOL_CLEARED)
1520 AssertFatalRC(rc);
1521 else
1522 rc = VINF_SUCCESS;
1523 pgmPoolHashRemove(pPool, pPage);
1524 Assert(!pPage->fMonitored);
1525 pPage->GCPhys = NIL_RTGCPHYS;
1526 return rc;
1527}
1528#endif /* PGMPOOL_WITH_MIXED_PT_CR3 */
1529
1530
1531/**
1532 * Inserts the page into the list of modified pages.
1533 *
1534 * @param pPool The pool.
1535 * @param pPage The page.
1536 */
1537void pgmPoolMonitorModifiedInsert(PPGMPOOL pPool, PPGMPOOLPAGE pPage)
1538{
1539 Log3(("pgmPoolMonitorModifiedInsert: idx=%d\n", pPage->idx));
1540 AssertMsg( pPage->iModifiedNext == NIL_PGMPOOL_IDX
1541 && pPage->iModifiedPrev == NIL_PGMPOOL_IDX
1542 && pPool->iModifiedHead != pPage->idx,
1543 ("Next=%d Prev=%d idx=%d cModifications=%d Head=%d cModifiedPages=%d\n",
1544 pPage->iModifiedNext, pPage->iModifiedPrev, pPage->idx, pPage->cModifications,
1545 pPool->iModifiedHead, pPool->cModifiedPages));
1546
1547 pPage->iModifiedNext = pPool->iModifiedHead;
1548 if (pPool->iModifiedHead != NIL_PGMPOOL_IDX)
1549 pPool->aPages[pPool->iModifiedHead].iModifiedPrev = pPage->idx;
1550 pPool->iModifiedHead = pPage->idx;
1551 pPool->cModifiedPages++;
1552#ifdef VBOX_WITH_STATISTICS
1553 if (pPool->cModifiedPages > pPool->cModifiedPagesHigh)
1554 pPool->cModifiedPagesHigh = pPool->cModifiedPages;
1555#endif
1556}
1557
1558
1559/**
1560 * Removes the page from the list of modified pages and resets the
1561 * moficiation counter.
1562 *
1563 * @param pPool The pool.
1564 * @param pPage The page which is believed to be in the list of modified pages.
1565 */
1566static void pgmPoolMonitorModifiedRemove(PPGMPOOL pPool, PPGMPOOLPAGE pPage)
1567{
1568 Log3(("pgmPoolMonitorModifiedRemove: idx=%d cModifications=%d\n", pPage->idx, pPage->cModifications));
1569 if (pPool->iModifiedHead == pPage->idx)
1570 {
1571 Assert(pPage->iModifiedPrev == NIL_PGMPOOL_IDX);
1572 pPool->iModifiedHead = pPage->iModifiedNext;
1573 if (pPage->iModifiedNext != NIL_PGMPOOL_IDX)
1574 {
1575 pPool->aPages[pPage->iModifiedNext].iModifiedPrev = NIL_PGMPOOL_IDX;
1576 pPage->iModifiedNext = NIL_PGMPOOL_IDX;
1577 }
1578 pPool->cModifiedPages--;
1579 }
1580 else if (pPage->iModifiedPrev != NIL_PGMPOOL_IDX)
1581 {
1582 pPool->aPages[pPage->iModifiedPrev].iModifiedNext = pPage->iModifiedNext;
1583 if (pPage->iModifiedNext != NIL_PGMPOOL_IDX)
1584 {
1585 pPool->aPages[pPage->iModifiedNext].iModifiedPrev = pPage->iModifiedPrev;
1586 pPage->iModifiedNext = NIL_PGMPOOL_IDX;
1587 }
1588 pPage->iModifiedPrev = NIL_PGMPOOL_IDX;
1589 pPool->cModifiedPages--;
1590 }
1591 else
1592 Assert(pPage->iModifiedPrev == NIL_PGMPOOL_IDX);
1593 pPage->cModifications = 0;
1594}
1595
1596
1597/**
1598 * Zaps the list of modified pages, resetting their modification counters in the process.
1599 *
1600 * @param pVM The VM handle.
1601 */
1602void pgmPoolMonitorModifiedClearAll(PVM pVM)
1603{
1604 PPGMPOOL pPool = pVM->pgm.s.CTXSUFF(pPool);
1605 LogFlow(("pgmPoolMonitorModifiedClearAll: cModifiedPages=%d\n", pPool->cModifiedPages));
1606
1607 unsigned cPages = 0; NOREF(cPages);
1608 uint16_t idx = pPool->iModifiedHead;
1609 pPool->iModifiedHead = NIL_PGMPOOL_IDX;
1610 while (idx != NIL_PGMPOOL_IDX)
1611 {
1612 PPGMPOOLPAGE pPage = &pPool->aPages[idx];
1613 idx = pPage->iModifiedNext;
1614 pPage->iModifiedNext = NIL_PGMPOOL_IDX;
1615 pPage->iModifiedPrev = NIL_PGMPOOL_IDX;
1616 pPage->cModifications = 0;
1617 Assert(++cPages);
1618 }
1619 AssertMsg(cPages == pPool->cModifiedPages, ("%d != %d\n", cPages, pPool->cModifiedPages));
1620 pPool->cModifiedPages = 0;
1621}
1622
1623
1624/**
1625 * Clear all shadow pages and clear all modification counters.
1626 *
1627 * @param pVM The VM handle.
1628 * @remark Should only be used when monitoring is available, thus placed in
1629 * the PGMPOOL_WITH_MONITORING #ifdef.
1630 */
1631void pgmPoolClearAll(PVM pVM)
1632{
1633 PPGMPOOL pPool = pVM->pgm.s.CTXSUFF(pPool);
1634 STAM_PROFILE_START(&pPool->StatClearAll, c);
1635 LogFlow(("pgmPoolClearAll: cUsedPages=%d\n", pPool->cUsedPages));
1636
1637 /*
1638 * Iterate all the pages until we've encountered all that in use.
1639 * This is simple but not quite optimal solution.
1640 */
1641 unsigned cModifiedPages = 0; NOREF(cModifiedPages);
1642 unsigned cLeft = pPool->cUsedPages;
1643 unsigned iPage = pPool->cCurPages;
1644 while (--iPage >= PGMPOOL_IDX_FIRST)
1645 {
1646 PPGMPOOLPAGE pPage = &pPool->aPages[iPage];
1647 if (pPage->GCPhys != NIL_RTGCPHYS)
1648 {
1649 switch (pPage->enmKind)
1650 {
1651 /*
1652 * We only care about shadow page tables.
1653 */
1654 case PGMPOOLKIND_32BIT_PT_FOR_32BIT_PT:
1655 case PGMPOOLKIND_32BIT_PT_FOR_32BIT_4MB:
1656 case PGMPOOLKIND_PAE_PT_FOR_32BIT_PT:
1657 case PGMPOOLKIND_PAE_PT_FOR_32BIT_4MB:
1658 case PGMPOOLKIND_PAE_PT_FOR_PAE_PT:
1659 case PGMPOOLKIND_PAE_PT_FOR_PAE_2MB:
1660 case PGMPOOLKIND_32BIT_PT_FOR_PHYS:
1661 case PGMPOOLKIND_PAE_PT_FOR_PHYS:
1662 {
1663#ifdef PGMPOOL_WITH_USER_TRACKING
1664 if (pPage->cPresent)
1665#endif
1666 {
1667 void *pvShw = PGMPOOL_PAGE_2_PTR(pPool->CTXSUFF(pVM), pPage);
1668 STAM_PROFILE_START(&pPool->StatZeroPage, z);
1669 ASMMemZeroPage(pvShw);
1670 STAM_PROFILE_STOP(&pPool->StatZeroPage, z);
1671#ifdef PGMPOOL_WITH_USER_TRACKING
1672 pPage->cPresent = 0;
1673 pPage->iFirstPresent = ~0;
1674#endif
1675 }
1676 }
1677 /* fall thru */
1678
1679 default:
1680 Assert(!pPage->cModifications || ++cModifiedPages);
1681 Assert(pPage->iModifiedNext == NIL_PGMPOOL_IDX || pPage->cModifications);
1682 Assert(pPage->iModifiedPrev == NIL_PGMPOOL_IDX || pPage->cModifications);
1683 pPage->iModifiedNext = NIL_PGMPOOL_IDX;
1684 pPage->iModifiedPrev = NIL_PGMPOOL_IDX;
1685 pPage->cModifications = 0;
1686 break;
1687
1688 }
1689 if (!--cLeft)
1690 break;
1691 }
1692 }
1693
1694 /* swipe the special pages too. */
1695 for (iPage = PGMPOOL_IDX_FIRST_SPECIAL; iPage < PGMPOOL_IDX_FIRST; iPage++)
1696 {
1697 PPGMPOOLPAGE pPage = &pPool->aPages[iPage];
1698 if (pPage->GCPhys != NIL_RTGCPHYS)
1699 {
1700 Assert(!pPage->cModifications || ++cModifiedPages);
1701 Assert(pPage->iModifiedNext == NIL_PGMPOOL_IDX || pPage->cModifications);
1702 Assert(pPage->iModifiedPrev == NIL_PGMPOOL_IDX || pPage->cModifications);
1703 pPage->iModifiedNext = NIL_PGMPOOL_IDX;
1704 pPage->iModifiedPrev = NIL_PGMPOOL_IDX;
1705 pPage->cModifications = 0;
1706 }
1707 }
1708
1709#ifndef DEBUG_michael
1710 AssertMsg(cModifiedPages == pPool->cModifiedPages, ("%d != %d\n", cModifiedPages, pPool->cModifiedPages));
1711#endif
1712 pPool->iModifiedHead = NIL_PGMPOOL_IDX;
1713 pPool->cModifiedPages = 0;
1714
1715#ifdef PGMPOOL_WITH_GCPHYS_TRACKING
1716 /*
1717 * Clear all the GCPhys links and rebuild the phys ext free list.
1718 */
1719 for (PPGMRAMRANGE pRam = pPool->CTXSUFF(pVM)->pgm.s.CTXALLSUFF(pRamRanges);
1720 pRam;
1721 pRam = CTXALLSUFF(pRam->pNext))
1722 {
1723 unsigned iPage = pRam->cb >> PAGE_SHIFT;
1724 while (iPage-- > 0)
1725 pRam->aPages[iPage].HCPhys &= MM_RAM_FLAGS_NO_REFS_MASK; /** @todo PAGE FLAGS */
1726 }
1727
1728 pPool->iPhysExtFreeHead = 0;
1729 PPGMPOOLPHYSEXT paPhysExts = pPool->CTXSUFF(paPhysExts);
1730 const unsigned cMaxPhysExts = pPool->cMaxPhysExts;
1731 for (unsigned i = 0; i < cMaxPhysExts; i++)
1732 {
1733 paPhysExts[i].iNext = i + 1;
1734 paPhysExts[i].aidx[0] = NIL_PGMPOOL_IDX;
1735 paPhysExts[i].aidx[1] = NIL_PGMPOOL_IDX;
1736 paPhysExts[i].aidx[2] = NIL_PGMPOOL_IDX;
1737 }
1738 paPhysExts[cMaxPhysExts - 1].iNext = NIL_PGMPOOL_PHYSEXT_INDEX;
1739#endif
1740
1741
1742 pPool->cPresent = 0;
1743 STAM_PROFILE_STOP(&pPool->StatClearAll, c);
1744}
1745#endif /* PGMPOOL_WITH_MONITORING */
1746
1747
1748#ifdef PGMPOOL_WITH_USER_TRACKING
1749/**
1750 * Frees up at least one user entry.
1751 *
1752 * @returns VBox status code.
1753 * @retval VINF_SUCCESS if successfully added.
1754 * @retval VERR_PGM_POOL_FLUSHED if the pool was flushed.
1755 * @param pPool The pool.
1756 * @param iUser The user index.
1757 */
1758static int pgmPoolTrackFreeOneUser(PPGMPOOL pPool, uint16_t iUser)
1759{
1760 STAM_COUNTER_INC(&pPool->StatTrackFreeUpOneUser);
1761#ifdef PGMPOOL_WITH_CACHE
1762 /*
1763 * Just free cached pages in a braindead fashion.
1764 */
1765 /** @todo walk the age list backwards and free the first with usage. */
1766 int rc = VINF_SUCCESS;
1767 do
1768 {
1769 int rc2 = pgmPoolCacheFreeOne(pPool, iUser);
1770 if (VBOX_FAILURE(rc2) && rc == VINF_SUCCESS)
1771 rc = rc2;
1772 } while (pPool->iUserFreeHead == NIL_PGMPOOL_USER_INDEX);
1773 return rc;
1774#else
1775 /*
1776 * Lazy approach.
1777 */
1778 pgmPoolFlushAllInt(pPool);
1779 return VERR_PGM_POOL_FLUSHED;
1780#endif
1781}
1782
1783
1784/**
1785 * Inserts a page into the cache.
1786 *
1787 * This will create user node for the page, insert it into the GCPhys
1788 * hash, and insert it into the age list.
1789 *
1790 * @returns VBox status code.
1791 * @retval VINF_SUCCESS if successfully added.
1792 * @retval VERR_PGM_POOL_FLUSHED if the pool was flushed.
1793 * @retval VERR_PGM_POOL_CLEARED if the deregistration of the physical handler will cause a light weight pool flush.
1794 * @param pPool The pool.
1795 * @param pPage The cached page.
1796 * @param GCPhys The GC physical address of the page we're gonna shadow.
1797 * @param iUser The user index.
1798 * @param iUserTable The user table index.
1799 */
1800DECLINLINE(int) pgmPoolTrackInsert(PPGMPOOL pPool, PPGMPOOLPAGE pPage, RTGCPHYS GCPhys, uint16_t iUser, uint16_t iUserTable)
1801{
1802 int rc = VINF_SUCCESS;
1803 PPGMPOOLUSER pUser = pPool->CTXSUFF(paUsers);
1804
1805 LogFlow(("pgmPoolTrackInsert iUser %d iUserTable %d\n", iUser, iUserTable));
1806
1807 /*
1808 * Find free a user node.
1809 */
1810 uint16_t i = pPool->iUserFreeHead;
1811 if (i == NIL_PGMPOOL_USER_INDEX)
1812 {
1813 int rc = pgmPoolTrackFreeOneUser(pPool, iUser);
1814 if (VBOX_FAILURE(rc))
1815 return rc;
1816 i = pPool->iUserFreeHead;
1817 }
1818
1819 /*
1820 * Unlink the user node from the free list,
1821 * initialize and insert it into the user list.
1822 */
1823 pPool->iUserFreeHead = pUser[i].iNext;
1824 pUser[i].iNext = NIL_PGMPOOL_USER_INDEX;
1825 pUser[i].iUser = iUser;
1826 pUser[i].iUserTable = iUserTable;
1827 pPage->iUserHead = i;
1828
1829 /*
1830 * Insert into cache and enable monitoring of the guest page if enabled.
1831 *
1832 * Until we implement caching of all levels, including the CR3 one, we'll
1833 * have to make sure we don't try monitor & cache any recursive reuse of
1834 * a monitored CR3 page. Because all windows versions are doing this we'll
1835 * have to be able to do combined access monitoring, CR3 + PT and
1836 * PD + PT (guest PAE).
1837 *
1838 * Update:
1839 * We're now cooperating with the CR3 monitor if an uncachable page is found.
1840 */
1841#if defined(PGMPOOL_WITH_MONITORING) || defined(PGMPOOL_WITH_CACHE)
1842# ifdef PGMPOOL_WITH_MIXED_PT_CR3
1843 const bool fCanBeMonitored = true;
1844# else
1845 bool fCanBeMonitored = pPool->CTXSUFF(pVM)->pgm.s.GCPhysGstCR3Monitored == NIL_RTGCPHYS
1846 || (GCPhys & X86_PTE_PAE_PG_MASK) != (pPool->CTXSUFF(pVM)->pgm.s.GCPhysGstCR3Monitored & X86_PTE_PAE_PG_MASK)
1847 || pgmPoolIsBigPage((PGMPOOLKIND)pPage->enmKind);
1848# endif
1849# ifdef PGMPOOL_WITH_CACHE
1850 pgmPoolCacheInsert(pPool, pPage, fCanBeMonitored); /* This can be expanded. */
1851# endif
1852 if (fCanBeMonitored)
1853 {
1854# ifdef PGMPOOL_WITH_MONITORING
1855 rc = pgmPoolMonitorInsert(pPool, pPage);
1856 if (rc == VERR_PGM_POOL_CLEARED)
1857 {
1858 /* 'Failed' - free the usage, and keep it in the cache (if enabled). */
1859# ifndef PGMPOOL_WITH_CACHE
1860 pgmPoolMonitorFlush(pPool, pPage);
1861 rc = VERR_PGM_POOL_FLUSHED;
1862# endif
1863 pPage->iUserHead = NIL_PGMPOOL_USER_INDEX;
1864 pUser[i].iNext = pPool->iUserFreeHead;
1865 pUser[i].iUser = NIL_PGMPOOL_IDX;
1866 pPool->iUserFreeHead = i;
1867 }
1868 }
1869# endif
1870#endif /* PGMPOOL_WITH_MONITORING */
1871 return rc;
1872}
1873
1874
1875# ifdef PGMPOOL_WITH_CACHE /* (only used when the cache is enabled.) */
1876/**
1877 * Adds a user reference to a page.
1878 *
1879 * This will
1880 * This will move the page to the head of the
1881 *
1882 * @returns VBox status code.
1883 * @retval VINF_SUCCESS if successfully added.
1884 * @retval VERR_PGM_POOL_FLUSHED if the pool was flushed.
1885 * @param pPool The pool.
1886 * @param pPage The cached page.
1887 * @param iUser The user index.
1888 * @param iUserTable The user table.
1889 */
1890static int pgmPoolTrackAddUser(PPGMPOOL pPool, PPGMPOOLPAGE pPage, uint16_t iUser, uint16_t iUserTable)
1891{
1892 PPGMPOOLUSER paUsers = pPool->CTXSUFF(paUsers);
1893
1894 LogFlow(("pgmPoolTrackAddUser iUser %d iUserTable %d\n", iUser, iUserTable));
1895# ifdef VBOX_STRICT
1896 /*
1897 * Check that the entry doesn't already exists.
1898 */
1899 if (pPage->iUserHead != NIL_PGMPOOL_USER_INDEX)
1900 {
1901 uint16_t i = pPage->iUserHead;
1902 do
1903 {
1904 Assert(i < pPool->cMaxUsers);
1905 AssertMsg(paUsers[i].iUser != iUser || paUsers[i].iUserTable != iUserTable, ("%x %x vs new %x %x\n", paUsers[i].iUser, paUsers[i].iUserTable, iUser, iUserTable));
1906 i = paUsers[i].iNext;
1907 } while (i != NIL_PGMPOOL_USER_INDEX);
1908 }
1909# endif
1910
1911 /*
1912 * Allocate a user node.
1913 */
1914 uint16_t i = pPool->iUserFreeHead;
1915 if (i == NIL_PGMPOOL_USER_INDEX)
1916 {
1917 int rc = pgmPoolTrackFreeOneUser(pPool, iUser);
1918 if (VBOX_FAILURE(rc))
1919 return rc;
1920 i = pPool->iUserFreeHead;
1921 }
1922 pPool->iUserFreeHead = paUsers[i].iNext;
1923
1924 /*
1925 * Initialize the user node and insert it.
1926 */
1927 paUsers[i].iNext = pPage->iUserHead;
1928 paUsers[i].iUser = iUser;
1929 paUsers[i].iUserTable = iUserTable;
1930 pPage->iUserHead = i;
1931
1932# ifdef PGMPOOL_WITH_CACHE
1933 /*
1934 * Tell the cache to update its replacement stats for this page.
1935 */
1936 pgmPoolCacheUsed(pPool, pPage);
1937# endif
1938 return VINF_SUCCESS;
1939}
1940# endif /* PGMPOOL_WITH_CACHE */
1941
1942
1943/**
1944 * Frees a user record associated with a page.
1945 *
1946 * This does not clear the entry in the user table, it simply replaces the
1947 * user record to the chain of free records.
1948 *
1949 * @param pPool The pool.
1950 * @param HCPhys The HC physical address of the shadow page.
1951 * @param iUser The shadow page pool index of the user table.
1952 * @param iUserTable The index into the user table (shadowed).
1953 */
1954static void pgmPoolTrackFreeUser(PPGMPOOL pPool, PPGMPOOLPAGE pPage, uint16_t iUser, uint16_t iUserTable)
1955{
1956 /*
1957 * Unlink and free the specified user entry.
1958 */
1959 PPGMPOOLUSER paUsers = pPool->CTXSUFF(paUsers);
1960
1961 /* Special: For PAE and 32-bit paging, there are usually no more than one user. */
1962 uint16_t i = pPage->iUserHead;
1963 if ( i != NIL_PGMPOOL_USER_INDEX
1964 && paUsers[i].iUser == iUser
1965 && paUsers[i].iUserTable == iUserTable)
1966 {
1967 pPage->iUserHead = paUsers[i].iNext;
1968
1969 paUsers[i].iUser = NIL_PGMPOOL_IDX;
1970 paUsers[i].iNext = pPool->iUserFreeHead;
1971 pPool->iUserFreeHead = i;
1972 return;
1973 }
1974
1975 /* General: Linear search. */
1976 uint16_t iPrev = NIL_PGMPOOL_USER_INDEX;
1977 while (i != NIL_PGMPOOL_USER_INDEX)
1978 {
1979 if ( paUsers[i].iUser == iUser
1980 && paUsers[i].iUserTable == iUserTable)
1981 {
1982 if (iPrev != NIL_PGMPOOL_USER_INDEX)
1983 paUsers[iPrev].iNext = paUsers[i].iNext;
1984 else
1985 pPage->iUserHead = paUsers[i].iNext;
1986
1987 paUsers[i].iUser = NIL_PGMPOOL_IDX;
1988 paUsers[i].iNext = pPool->iUserFreeHead;
1989 pPool->iUserFreeHead = i;
1990 return;
1991 }
1992 iPrev = i;
1993 i = paUsers[i].iNext;
1994 }
1995
1996 /* Fatal: didn't find it */
1997 AssertFatalMsgFailed(("Didn't find the user entry! iUser=%#x iUserTable=%#x GCPhys=%VGp\n",
1998 iUser, iUserTable, pPage->GCPhys));
1999}
2000
2001
2002/**
2003 * Gets the entry size of a shadow table.
2004 *
2005 * @param enmKind The kind of page.
2006 *
2007 * @returns The size of the entry in bytes. That is, 4 or 8.
2008 * @returns If the kind is not for a table, an assertion is raised and 0 is
2009 * returned.
2010 */
2011DECLINLINE(unsigned) pgmPoolTrackGetShadowEntrySize(PGMPOOLKIND enmKind)
2012{
2013 switch (enmKind)
2014 {
2015 case PGMPOOLKIND_32BIT_PT_FOR_32BIT_PT:
2016 case PGMPOOLKIND_32BIT_PT_FOR_PHYS:
2017 case PGMPOOLKIND_32BIT_PT_FOR_32BIT_4MB:
2018 case PGMPOOLKIND_ROOT_32BIT_PD:
2019 return 4;
2020
2021 case PGMPOOLKIND_PAE_PT_FOR_PHYS:
2022 case PGMPOOLKIND_PAE_PT_FOR_32BIT_PT:
2023 case PGMPOOLKIND_PAE_PT_FOR_32BIT_4MB:
2024 case PGMPOOLKIND_PAE_PT_FOR_PAE_PT:
2025 case PGMPOOLKIND_PAE_PT_FOR_PAE_2MB:
2026 case PGMPOOLKIND_PAE_PD_FOR_32BIT_PD:
2027 case PGMPOOLKIND_PAE_PD_FOR_PAE_PD:
2028 case PGMPOOLKIND_64BIT_PDPT_FOR_64BIT_PDPT:
2029 case PGMPOOLKIND_ROOT_PAE_PD:
2030 case PGMPOOLKIND_ROOT_PDPT:
2031 case PGMPOOLKIND_ROOT_PML4:
2032 return 8;
2033
2034 default:
2035 AssertFatalMsgFailed(("enmKind=%d\n", enmKind));
2036 }
2037}
2038
2039
2040/**
2041 * Gets the entry size of a guest table.
2042 *
2043 * @param enmKind The kind of page.
2044 *
2045 * @returns The size of the entry in bytes. That is, 0, 4 or 8.
2046 * @returns If the kind is not for a table, an assertion is raised and 0 is
2047 * returned.
2048 */
2049DECLINLINE(unsigned) pgmPoolTrackGetGuestEntrySize(PGMPOOLKIND enmKind)
2050{
2051 switch (enmKind)
2052 {
2053 case PGMPOOLKIND_32BIT_PT_FOR_32BIT_PT:
2054 case PGMPOOLKIND_32BIT_PT_FOR_32BIT_4MB:
2055 case PGMPOOLKIND_ROOT_32BIT_PD:
2056 case PGMPOOLKIND_PAE_PT_FOR_32BIT_PT:
2057 case PGMPOOLKIND_PAE_PT_FOR_32BIT_4MB:
2058 case PGMPOOLKIND_PAE_PD_FOR_32BIT_PD:
2059 return 4;
2060
2061 case PGMPOOLKIND_PAE_PT_FOR_PAE_PT:
2062 case PGMPOOLKIND_PAE_PT_FOR_PAE_2MB:
2063 case PGMPOOLKIND_PAE_PD_FOR_PAE_PD:
2064 case PGMPOOLKIND_64BIT_PDPT_FOR_64BIT_PDPT:
2065 case PGMPOOLKIND_ROOT_PAE_PD:
2066 case PGMPOOLKIND_ROOT_PDPT:
2067 case PGMPOOLKIND_ROOT_PML4:
2068 return 8;
2069
2070 case PGMPOOLKIND_32BIT_PT_FOR_PHYS:
2071 case PGMPOOLKIND_PAE_PT_FOR_PHYS:
2072 /** @todo can we return 0? (nobody is calling this...) */
2073 return 0;
2074
2075 default:
2076 AssertFatalMsgFailed(("enmKind=%d\n", enmKind));
2077 }
2078}
2079
2080
2081#ifdef PGMPOOL_WITH_GCPHYS_TRACKING
2082/**
2083 * Scans one shadow page table for mappings of a physical page.
2084 *
2085 * @param pVM The VM handle.
2086 * @param pPhysPage The guest page in question.
2087 * @param iShw The shadow page table.
2088 * @param cRefs The number of references made in that PT.
2089 */
2090static void pgmPoolTrackFlushGCPhysPTInt(PVM pVM, PCPGMPAGE pPhysPage, uint16_t iShw, uint16_t cRefs)
2091{
2092 LogFlow(("pgmPoolTrackFlushGCPhysPT: HCPhys=%RHp iShw=%d cRefs=%d\n", pPhysPage->HCPhys, iShw, cRefs));
2093 PPGMPOOL pPool = pVM->pgm.s.CTXSUFF(pPool);
2094
2095 /*
2096 * Assert sanity.
2097 */
2098 Assert(cRefs == 1);
2099 AssertFatalMsg(iShw < pPool->cCurPages && iShw != NIL_PGMPOOL_IDX, ("iShw=%d\n", iShw));
2100 PPGMPOOLPAGE pPage = &pPool->aPages[iShw];
2101
2102 /*
2103 * Then, clear the actual mappings to the page in the shadow PT.
2104 */
2105 switch (pPage->enmKind)
2106 {
2107 case PGMPOOLKIND_32BIT_PT_FOR_32BIT_PT:
2108 case PGMPOOLKIND_32BIT_PT_FOR_32BIT_4MB:
2109 case PGMPOOLKIND_32BIT_PT_FOR_PHYS:
2110 {
2111 const uint32_t u32 = PGM_PAGE_GET_HCPHYS(pPhysPage) | X86_PTE_P;
2112 PX86PT pPT = (PX86PT)PGMPOOL_PAGE_2_PTR(pVM, pPage);
2113 for (unsigned i = pPage->iFirstPresent; i < ELEMENTS(pPT->a); i++)
2114 if ((pPT->a[i].u & (X86_PTE_PG_MASK | X86_PTE_P)) == u32)
2115 {
2116 Log4(("pgmPoolTrackFlushGCPhysPTs: i=%d pte=%RX32 cRefs=%#x\n", i, pPT->a[i], cRefs));
2117 pPT->a[i].u = 0;
2118 cRefs--;
2119 if (!cRefs)
2120 return;
2121 }
2122#if defined(DEBUG) && !defined(IN_RING0) ///@todo RTLogPrintf is missing in R0.
2123 RTLogPrintf("cRefs=%d iFirstPresent=%d cPresent=%d\n", cRefs, pPage->iFirstPresent, pPage->cPresent);
2124 for (unsigned i = 0; i < ELEMENTS(pPT->a); i++)
2125 if ((pPT->a[i].u & (X86_PTE_PG_MASK | X86_PTE_P)) == u32)
2126 {
2127 RTLogPrintf("i=%d cRefs=%d\n", i, cRefs--);
2128 pPT->a[i].u = 0;
2129 }
2130#endif
2131 AssertFatalMsgFailed(("cRefs=%d iFirstPresent=%d cPresent=%d\n", cRefs, pPage->iFirstPresent, pPage->cPresent));
2132 break;
2133 }
2134
2135 case PGMPOOLKIND_PAE_PT_FOR_32BIT_PT:
2136 case PGMPOOLKIND_PAE_PT_FOR_32BIT_4MB:
2137 case PGMPOOLKIND_PAE_PT_FOR_PAE_PT:
2138 case PGMPOOLKIND_PAE_PT_FOR_PAE_2MB:
2139 case PGMPOOLKIND_PAE_PT_FOR_PHYS:
2140 {
2141 const uint64_t u64 = PGM_PAGE_GET_HCPHYS(pPhysPage) | X86_PTE_P;
2142 PX86PTPAE pPT = (PX86PTPAE)PGMPOOL_PAGE_2_PTR(pVM, pPage);
2143 for (unsigned i = pPage->iFirstPresent; i < ELEMENTS(pPT->a); i++)
2144 if ((pPT->a[i].u & (X86_PTE_PAE_PG_MASK | X86_PTE_P)) == u64)
2145 {
2146 Log4(("pgmPoolTrackFlushGCPhysPTs: i=%d pte=%RX64 cRefs=%#x\n", i, pPT->a[i], cRefs));
2147 pPT->a[i].u = 0;
2148 cRefs--;
2149 if (!cRefs)
2150 return;
2151 }
2152#if defined(DEBUG) && !defined(IN_RING0) ///@todo RTLogPrintf is missing in R0.
2153 RTLogPrintf("cRefs=%d iFirstPresent=%d cPresent=%d\n", cRefs, pPage->iFirstPresent, pPage->cPresent);
2154 for (unsigned i = 0; i < ELEMENTS(pPT->a); i++)
2155 if ((pPT->a[i].u & (X86_PTE_PAE_PG_MASK | X86_PTE_P)) == u64)
2156 {
2157 RTLogPrintf("i=%d cRefs=%d\n", i, cRefs--);
2158 pPT->a[i].u = 0;
2159 }
2160#endif
2161 AssertFatalMsgFailed(("cRefs=%d iFirstPresent=%d cPresent=%d\n", cRefs, pPage->iFirstPresent, pPage->cPresent));
2162 break;
2163 }
2164
2165 default:
2166 AssertFatalMsgFailed(("enmKind=%d iShw=%d\n", pPage->enmKind, iShw));
2167 }
2168}
2169
2170
2171/**
2172 * Scans one shadow page table for mappings of a physical page.
2173 *
2174 * @param pVM The VM handle.
2175 * @param pPhysPage The guest page in question.
2176 * @param iShw The shadow page table.
2177 * @param cRefs The number of references made in that PT.
2178 */
2179void pgmPoolTrackFlushGCPhysPT(PVM pVM, PPGMPAGE pPhysPage, uint16_t iShw, uint16_t cRefs)
2180{
2181 PPGMPOOL pPool = pVM->pgm.s.CTXSUFF(pPool); NOREF(pPool);
2182 LogFlow(("pgmPoolTrackFlushGCPhysPT: HCPhys=%RHp iShw=%d cRefs=%d\n", pPhysPage->HCPhys, iShw, cRefs));
2183 STAM_PROFILE_START(&pPool->StatTrackFlushGCPhysPT, f);
2184 pgmPoolTrackFlushGCPhysPTInt(pVM, pPhysPage, iShw, cRefs);
2185 pPhysPage->HCPhys &= MM_RAM_FLAGS_NO_REFS_MASK; /** @todo PAGE FLAGS */
2186 STAM_PROFILE_STOP(&pPool->StatTrackFlushGCPhysPT, f);
2187}
2188
2189
2190/**
2191 * Flushes a list of shadow page tables mapping the same physical page.
2192 *
2193 * @param pVM The VM handle.
2194 * @param pPhysPage The guest page in question.
2195 * @param iPhysExt The physical cross reference extent list to flush.
2196 */
2197void pgmPoolTrackFlushGCPhysPTs(PVM pVM, PPGMPAGE pPhysPage, uint16_t iPhysExt)
2198{
2199 PPGMPOOL pPool = pVM->pgm.s.CTXSUFF(pPool);
2200 STAM_PROFILE_START(&pPool->StatTrackFlushGCPhysPTs, f);
2201 LogFlow(("pgmPoolTrackFlushGCPhysPTs: HCPhys=%RHp iPhysExt\n", pPhysPage->HCPhys, iPhysExt));
2202
2203 const uint16_t iPhysExtStart = iPhysExt;
2204 PPGMPOOLPHYSEXT pPhysExt;
2205 do
2206 {
2207 Assert(iPhysExt < pPool->cMaxPhysExts);
2208 pPhysExt = &pPool->CTXSUFF(paPhysExts)[iPhysExt];
2209 for (unsigned i = 0; i < ELEMENTS(pPhysExt->aidx); i++)
2210 if (pPhysExt->aidx[i] != NIL_PGMPOOL_IDX)
2211 {
2212 pgmPoolTrackFlushGCPhysPTInt(pVM, pPhysPage, pPhysExt->aidx[i], 1);
2213 pPhysExt->aidx[i] = NIL_PGMPOOL_IDX;
2214 }
2215
2216 /* next */
2217 iPhysExt = pPhysExt->iNext;
2218 } while (iPhysExt != NIL_PGMPOOL_PHYSEXT_INDEX);
2219
2220 /* insert the list into the free list and clear the ram range entry. */
2221 pPhysExt->iNext = pPool->iPhysExtFreeHead;
2222 pPool->iPhysExtFreeHead = iPhysExtStart;
2223 pPhysPage->HCPhys &= MM_RAM_FLAGS_NO_REFS_MASK; /** @todo PAGE FLAGS */
2224
2225 STAM_PROFILE_STOP(&pPool->StatTrackFlushGCPhysPTs, f);
2226}
2227#endif /* PGMPOOL_WITH_GCPHYS_TRACKING */
2228
2229
2230/**
2231 * Scans all shadow page tables for mappings of a physical page.
2232 *
2233 * This may be slow, but it's most likely more efficient than cleaning
2234 * out the entire page pool / cache.
2235 *
2236 * @returns VBox status code.
2237 * @retval VINF_SUCCESS if all references has been successfully cleared.
2238 * @retval VINF_PGM_GCPHYS_ALIASED if we're better off with a CR3 sync and
2239 * a page pool cleaning.
2240 *
2241 * @param pVM The VM handle.
2242 * @param pPhysPage The guest page in question.
2243 */
2244int pgmPoolTrackFlushGCPhysPTsSlow(PVM pVM, PPGMPAGE pPhysPage)
2245{
2246 PPGMPOOL pPool = pVM->pgm.s.CTXSUFF(pPool);
2247 STAM_PROFILE_START(&pPool->StatTrackFlushGCPhysPTsSlow, s);
2248 LogFlow(("pgmPoolTrackFlushGCPhysPTsSlow: cUsedPages=%d cPresent=%d HCPhys=%RHp\n",
2249 pPool->cUsedPages, pPool->cPresent, pPhysPage->HCPhys));
2250
2251#if 1
2252 /*
2253 * There is a limit to what makes sense.
2254 */
2255 if (pPool->cPresent > 1024)
2256 {
2257 LogFlow(("pgmPoolTrackFlushGCPhysPTsSlow: giving up... (cPresent=%d)\n", pPool->cPresent));
2258 STAM_PROFILE_STOP(&pPool->StatTrackFlushGCPhysPTsSlow, s);
2259 return VINF_PGM_GCPHYS_ALIASED;
2260 }
2261#endif
2262
2263 /*
2264 * Iterate all the pages until we've encountered all that in use.
2265 * This is simple but not quite optimal solution.
2266 */
2267 const uint64_t u64 = PGM_PAGE_GET_HCPHYS(pPhysPage) | X86_PTE_P;
2268 const uint32_t u32 = u64;
2269 unsigned cLeft = pPool->cUsedPages;
2270 unsigned iPage = pPool->cCurPages;
2271 while (--iPage >= PGMPOOL_IDX_FIRST)
2272 {
2273 PPGMPOOLPAGE pPage = &pPool->aPages[iPage];
2274 if (pPage->GCPhys != NIL_RTGCPHYS)
2275 {
2276 switch (pPage->enmKind)
2277 {
2278 /*
2279 * We only care about shadow page tables.
2280 */
2281 case PGMPOOLKIND_32BIT_PT_FOR_32BIT_PT:
2282 case PGMPOOLKIND_32BIT_PT_FOR_32BIT_4MB:
2283 case PGMPOOLKIND_32BIT_PT_FOR_PHYS:
2284 {
2285 unsigned cPresent = pPage->cPresent;
2286 PX86PT pPT = (PX86PT)PGMPOOL_PAGE_2_PTR(pVM, pPage);
2287 for (unsigned i = pPage->iFirstPresent; i < ELEMENTS(pPT->a); i++)
2288 if (pPT->a[i].n.u1Present)
2289 {
2290 if ((pPT->a[i].u & (X86_PTE_PG_MASK | X86_PTE_P)) == u32)
2291 {
2292 //Log4(("pgmPoolTrackFlushGCPhysPTsSlow: idx=%d i=%d pte=%RX32\n", iPage, i, pPT->a[i]));
2293 pPT->a[i].u = 0;
2294 }
2295 if (!--cPresent)
2296 break;
2297 }
2298 break;
2299 }
2300
2301 case PGMPOOLKIND_PAE_PT_FOR_32BIT_PT:
2302 case PGMPOOLKIND_PAE_PT_FOR_32BIT_4MB:
2303 case PGMPOOLKIND_PAE_PT_FOR_PAE_PT:
2304 case PGMPOOLKIND_PAE_PT_FOR_PAE_2MB:
2305 case PGMPOOLKIND_PAE_PT_FOR_PHYS:
2306 {
2307 unsigned cPresent = pPage->cPresent;
2308 PX86PTPAE pPT = (PX86PTPAE)PGMPOOL_PAGE_2_PTR(pVM, pPage);
2309 for (unsigned i = pPage->iFirstPresent; i < ELEMENTS(pPT->a); i++)
2310 if (pPT->a[i].n.u1Present)
2311 {
2312 if ((pPT->a[i].u & (X86_PTE_PAE_PG_MASK | X86_PTE_P)) == u64)
2313 {
2314 //Log4(("pgmPoolTrackFlushGCPhysPTsSlow: idx=%d i=%d pte=%RX64\n", iPage, i, pPT->a[i]));
2315 pPT->a[i].u = 0;
2316 }
2317 if (!--cPresent)
2318 break;
2319 }
2320 break;
2321 }
2322 }
2323 if (!--cLeft)
2324 break;
2325 }
2326 }
2327
2328 pPhysPage->HCPhys &= MM_RAM_FLAGS_NO_REFS_MASK; /** @todo PAGE FLAGS */
2329 STAM_PROFILE_STOP(&pPool->StatTrackFlushGCPhysPTsSlow, s);
2330 return VINF_SUCCESS;
2331}
2332
2333
2334/**
2335 * Clears the user entry in a user table.
2336 *
2337 * This is used to remove all references to a page when flushing it.
2338 */
2339static void pgmPoolTrackClearPageUser(PPGMPOOL pPool, PPGMPOOLPAGE pPage, PCPGMPOOLUSER pUser)
2340{
2341 Assert(pUser->iUser != NIL_PGMPOOL_IDX);
2342 Assert(pUser->iUser < pPool->cCurPages);
2343
2344 /*
2345 * Map the user page.
2346 */
2347 PPGMPOOLPAGE pUserPage = &pPool->aPages[pUser->iUser];
2348 union
2349 {
2350 uint64_t *pau64;
2351 uint32_t *pau32;
2352 } u;
2353 u.pau64 = (uint64_t *)PGMPOOL_PAGE_2_PTR(pPool->CTXSUFF(pVM), pUserPage);
2354
2355#ifdef VBOX_STRICT
2356 /*
2357 * Some sanity checks.
2358 */
2359 switch (pUserPage->enmKind)
2360 {
2361 case PGMPOOLKIND_ROOT_32BIT_PD:
2362 Assert(!(u.pau32[pUser->iUser] & PGM_PDFLAGS_MAPPING));
2363 Assert(pUser->iUserTable < X86_PG_ENTRIES);
2364 break;
2365 case PGMPOOLKIND_ROOT_PAE_PD:
2366 Assert(!(u.pau64[pUser->iUser] & PGM_PDFLAGS_MAPPING));
2367 Assert(pUser->iUserTable < 2048 && pUser->iUser == PGMPOOL_IDX_PAE_PD);
2368 break;
2369 case PGMPOOLKIND_ROOT_PDPT:
2370 Assert(!(u.pau64[pUser->iUserTable] & PGM_PLXFLAGS_PERMANENT));
2371 Assert(pUser->iUserTable < 4);
2372 break;
2373 case PGMPOOLKIND_PAE_PD_FOR_32BIT_PD:
2374 case PGMPOOLKIND_PAE_PD_FOR_PAE_PD:
2375 Assert(pUser->iUserTable < X86_PG_PAE_ENTRIES);
2376 break;
2377 case PGMPOOLKIND_64BIT_PDPT_FOR_64BIT_PDPT:
2378 case PGMPOOLKIND_ROOT_PML4:
2379 Assert(!(u.pau64[pUser->iUserTable] & PGM_PLXFLAGS_PERMANENT));
2380 Assert(pUser->iUserTable < X86_PG_PAE_ENTRIES);
2381 break;
2382 default:
2383 AssertMsgFailed(("enmKind=%d\n", pUserPage->enmKind));
2384 break;
2385 }
2386#endif /* VBOX_STRICT */
2387
2388 /*
2389 * Clear the entry in the user page.
2390 */
2391 switch (pUserPage->enmKind)
2392 {
2393 /* 32-bit entries */
2394 case PGMPOOLKIND_ROOT_32BIT_PD:
2395 u.pau32[pUser->iUserTable] = 0;
2396 break;
2397
2398 /* 64-bit entries */
2399 case PGMPOOLKIND_ROOT_PAE_PD:
2400 case PGMPOOLKIND_ROOT_PDPT:
2401 case PGMPOOLKIND_PAE_PD_FOR_32BIT_PD:
2402 case PGMPOOLKIND_PAE_PD_FOR_PAE_PD:
2403 case PGMPOOLKIND_64BIT_PDPT_FOR_64BIT_PDPT:
2404 case PGMPOOLKIND_ROOT_PML4:
2405 u.pau64[pUser->iUserTable] = 0;
2406 break;
2407
2408 default:
2409 AssertFatalMsgFailed(("enmKind=%d iUser=%#x iUserTable=%#x\n", pUserPage->enmKind, pUser->iUser, pUser->iUserTable));
2410 }
2411}
2412
2413
2414/**
2415 * Clears all users of a page.
2416 */
2417static void pgmPoolTrackClearPageUsers(PPGMPOOL pPool, PPGMPOOLPAGE pPage)
2418{
2419 /*
2420 * Free all the user records.
2421 */
2422 PPGMPOOLUSER paUsers = pPool->CTXSUFF(paUsers);
2423 uint16_t i = pPage->iUserHead;
2424 while (i != NIL_PGMPOOL_USER_INDEX)
2425 {
2426 /* Clear enter in user table. */
2427 pgmPoolTrackClearPageUser(pPool, pPage, &paUsers[i]);
2428
2429 /* Free it. */
2430 const uint16_t iNext = paUsers[i].iNext;
2431 paUsers[i].iUser = NIL_PGMPOOL_IDX;
2432 paUsers[i].iNext = pPool->iUserFreeHead;
2433 pPool->iUserFreeHead = i;
2434
2435 /* Next. */
2436 i = iNext;
2437 }
2438 pPage->iUserHead = NIL_PGMPOOL_USER_INDEX;
2439}
2440
2441
2442#ifdef PGMPOOL_WITH_GCPHYS_TRACKING
2443/**
2444 * Allocates a new physical cross reference extent.
2445 *
2446 * @returns Pointer to the allocated extent on success. NULL if we're out of them.
2447 * @param pVM The VM handle.
2448 * @param piPhysExt Where to store the phys ext index.
2449 */
2450PPGMPOOLPHYSEXT pgmPoolTrackPhysExtAlloc(PVM pVM, uint16_t *piPhysExt)
2451{
2452 PPGMPOOL pPool = pVM->pgm.s.CTXSUFF(pPool);
2453 uint16_t iPhysExt = pPool->iPhysExtFreeHead;
2454 if (iPhysExt == NIL_PGMPOOL_PHYSEXT_INDEX)
2455 {
2456 STAM_COUNTER_INC(&pPool->StamTrackPhysExtAllocFailures);
2457 return NULL;
2458 }
2459 PPGMPOOLPHYSEXT pPhysExt = &pPool->CTXSUFF(paPhysExts)[iPhysExt];
2460 pPool->iPhysExtFreeHead = pPhysExt->iNext;
2461 pPhysExt->iNext = NIL_PGMPOOL_PHYSEXT_INDEX;
2462 *piPhysExt = iPhysExt;
2463 return pPhysExt;
2464}
2465
2466
2467/**
2468 * Frees a physical cross reference extent.
2469 *
2470 * @param pVM The VM handle.
2471 * @param iPhysExt The extent to free.
2472 */
2473void pgmPoolTrackPhysExtFree(PVM pVM, uint16_t iPhysExt)
2474{
2475 PPGMPOOL pPool = pVM->pgm.s.CTXSUFF(pPool);
2476 Assert(iPhysExt < pPool->cMaxPhysExts);
2477 PPGMPOOLPHYSEXT pPhysExt = &pPool->CTXSUFF(paPhysExts)[iPhysExt];
2478 for (unsigned i = 0; i < ELEMENTS(pPhysExt->aidx); i++)
2479 pPhysExt->aidx[i] = NIL_PGMPOOL_IDX;
2480 pPhysExt->iNext = pPool->iPhysExtFreeHead;
2481 pPool->iPhysExtFreeHead = iPhysExt;
2482}
2483
2484
2485/**
2486 * Frees a physical cross reference extent.
2487 *
2488 * @param pVM The VM handle.
2489 * @param iPhysExt The extent to free.
2490 */
2491void pgmPoolTrackPhysExtFreeList(PVM pVM, uint16_t iPhysExt)
2492{
2493 PPGMPOOL pPool = pVM->pgm.s.CTXSUFF(pPool);
2494
2495 const uint16_t iPhysExtStart = iPhysExt;
2496 PPGMPOOLPHYSEXT pPhysExt;
2497 do
2498 {
2499 Assert(iPhysExt < pPool->cMaxPhysExts);
2500 pPhysExt = &pPool->CTXSUFF(paPhysExts)[iPhysExt];
2501 for (unsigned i = 0; i < ELEMENTS(pPhysExt->aidx); i++)
2502 pPhysExt->aidx[i] = NIL_PGMPOOL_IDX;
2503
2504 /* next */
2505 iPhysExt = pPhysExt->iNext;
2506 } while (iPhysExt != NIL_PGMPOOL_PHYSEXT_INDEX);
2507
2508 pPhysExt->iNext = pPool->iPhysExtFreeHead;
2509 pPool->iPhysExtFreeHead = iPhysExtStart;
2510}
2511
2512/**
2513 * Insert a reference into a list of physical cross reference extents.
2514 *
2515 * @returns The new ram range flags (top 16-bits).
2516 *
2517 * @param pVM The VM handle.
2518 * @param iPhysExt The physical extent index of the list head.
2519 * @param iShwPT The shadow page table index.
2520 *
2521 */
2522static uint16_t pgmPoolTrackPhysExtInsert(PVM pVM, uint16_t iPhysExt, uint16_t iShwPT)
2523{
2524 PPGMPOOL pPool = pVM->pgm.s.CTXSUFF(pPool);
2525 PPGMPOOLPHYSEXT paPhysExts = pPool->CTXSUFF(paPhysExts);
2526
2527 /* special common case. */
2528 if (paPhysExts[iPhysExt].aidx[2] == NIL_PGMPOOL_IDX)
2529 {
2530 paPhysExts[iPhysExt].aidx[2] = iShwPT;
2531 STAM_COUNTER_INC(&pVM->pgm.s.StatTrackAliasedMany);
2532 LogFlow(("pgmPoolTrackPhysExtAddref: %d:{,,%d}\n", iPhysExt, iShwPT));
2533 return iPhysExt | (MM_RAM_FLAGS_CREFS_PHYSEXT << (MM_RAM_FLAGS_CREFS_SHIFT - MM_RAM_FLAGS_IDX_SHIFT));
2534 }
2535
2536 /* general treatment. */
2537 const uint16_t iPhysExtStart = iPhysExt;
2538 unsigned cMax = 15;
2539 for (;;)
2540 {
2541 Assert(iPhysExt < pPool->cMaxPhysExts);
2542 for (unsigned i = 0; i < ELEMENTS(paPhysExts[iPhysExt].aidx); i++)
2543 if (paPhysExts[iPhysExt].aidx[i] == NIL_PGMPOOL_IDX)
2544 {
2545 paPhysExts[iPhysExt].aidx[i] = iShwPT;
2546 STAM_COUNTER_INC(&pVM->pgm.s.StatTrackAliasedMany);
2547 LogFlow(("pgmPoolTrackPhysExtAddref: %d:{%d} i=%d cMax=%d\n", iPhysExt, iShwPT, i, cMax));
2548 return iPhysExtStart | (MM_RAM_FLAGS_CREFS_PHYSEXT << (MM_RAM_FLAGS_CREFS_SHIFT - MM_RAM_FLAGS_IDX_SHIFT));
2549 }
2550 if (!--cMax)
2551 {
2552 STAM_COUNTER_INC(&pVM->pgm.s.StatTrackOverflows);
2553 pgmPoolTrackPhysExtFreeList(pVM, iPhysExtStart);
2554 LogFlow(("pgmPoolTrackPhysExtAddref: overflow (1) iShwPT=%d\n", iShwPT));
2555 return MM_RAM_FLAGS_IDX_OVERFLOWED | (MM_RAM_FLAGS_CREFS_PHYSEXT << (MM_RAM_FLAGS_CREFS_SHIFT - MM_RAM_FLAGS_IDX_SHIFT));
2556 }
2557 }
2558
2559 /* add another extent to the list. */
2560 PPGMPOOLPHYSEXT pNew = pgmPoolTrackPhysExtAlloc(pVM, &iPhysExt);
2561 if (!pNew)
2562 {
2563 STAM_COUNTER_INC(&pVM->pgm.s.StatTrackOverflows);
2564 pgmPoolTrackPhysExtFreeList(pVM, iPhysExtStart);
2565 return MM_RAM_FLAGS_IDX_OVERFLOWED | (MM_RAM_FLAGS_CREFS_PHYSEXT << (MM_RAM_FLAGS_CREFS_SHIFT - MM_RAM_FLAGS_IDX_SHIFT));
2566 }
2567 pNew->iNext = iPhysExtStart;
2568 pNew->aidx[0] = iShwPT;
2569 LogFlow(("pgmPoolTrackPhysExtAddref: added new extent %d:{%d}->%d\n", iPhysExt, iShwPT, iPhysExtStart));
2570 return iPhysExt | (MM_RAM_FLAGS_CREFS_PHYSEXT << (MM_RAM_FLAGS_CREFS_SHIFT - MM_RAM_FLAGS_IDX_SHIFT));
2571}
2572
2573
2574/**
2575 * Add a reference to guest physical page where extents are in use.
2576 *
2577 * @returns The new ram range flags (top 16-bits).
2578 *
2579 * @param pVM The VM handle.
2580 * @param u16 The ram range flags (top 16-bits).
2581 * @param iShwPT The shadow page table index.
2582 */
2583uint16_t pgmPoolTrackPhysExtAddref(PVM pVM, uint16_t u16, uint16_t iShwPT)
2584{
2585 if ((u16 >> (MM_RAM_FLAGS_CREFS_SHIFT - MM_RAM_FLAGS_IDX_SHIFT)) != MM_RAM_FLAGS_CREFS_PHYSEXT)
2586 {
2587 /*
2588 * Convert to extent list.
2589 */
2590 Assert((u16 >> (MM_RAM_FLAGS_CREFS_SHIFT - MM_RAM_FLAGS_IDX_SHIFT)) == 1);
2591 uint16_t iPhysExt;
2592 PPGMPOOLPHYSEXT pPhysExt = pgmPoolTrackPhysExtAlloc(pVM, &iPhysExt);
2593 if (pPhysExt)
2594 {
2595 LogFlow(("pgmPoolTrackPhysExtAddref: new extent: %d:{%d, %d}\n", iPhysExt, u16 & MM_RAM_FLAGS_IDX_MASK, iShwPT));
2596 STAM_COUNTER_INC(&pVM->pgm.s.StatTrackAliased);
2597 pPhysExt->aidx[0] = u16 & MM_RAM_FLAGS_IDX_MASK;
2598 pPhysExt->aidx[1] = iShwPT;
2599 u16 = iPhysExt | (MM_RAM_FLAGS_CREFS_PHYSEXT << (MM_RAM_FLAGS_CREFS_SHIFT - MM_RAM_FLAGS_IDX_SHIFT));
2600 }
2601 else
2602 u16 = MM_RAM_FLAGS_IDX_OVERFLOWED | (MM_RAM_FLAGS_CREFS_PHYSEXT << (MM_RAM_FLAGS_CREFS_SHIFT - MM_RAM_FLAGS_IDX_SHIFT));
2603 }
2604 else if (u16 != (MM_RAM_FLAGS_IDX_OVERFLOWED | (MM_RAM_FLAGS_CREFS_PHYSEXT << (MM_RAM_FLAGS_CREFS_SHIFT - MM_RAM_FLAGS_IDX_SHIFT))))
2605 {
2606 /*
2607 * Insert into the extent list.
2608 */
2609 u16 = pgmPoolTrackPhysExtInsert(pVM, u16 & MM_RAM_FLAGS_IDX_MASK, iShwPT);
2610 }
2611 else
2612 STAM_COUNTER_INC(&pVM->pgm.s.StatTrackAliasedLots);
2613 return u16;
2614}
2615
2616
2617/**
2618 * Clear references to guest physical memory.
2619 *
2620 * @param pPool The pool.
2621 * @param pPage The page.
2622 * @param pPhysPage Pointer to the aPages entry in the ram range.
2623 */
2624void pgmPoolTrackPhysExtDerefGCPhys(PPGMPOOL pPool, PPGMPOOLPAGE pPage, PPGMPAGE pPhysPage)
2625{
2626 const unsigned cRefs = pPhysPage->HCPhys >> MM_RAM_FLAGS_CREFS_SHIFT; /** @todo PAGE FLAGS */
2627 AssertFatalMsg(cRefs == MM_RAM_FLAGS_CREFS_PHYSEXT, ("cRefs=%d HCPhys=%RHp pPage=%p:{.idx=%d}\n", cRefs, pPhysPage->HCPhys, pPage, pPage->idx));
2628
2629 uint16_t iPhysExt = (pPhysPage->HCPhys >> MM_RAM_FLAGS_IDX_SHIFT) & MM_RAM_FLAGS_IDX_MASK;
2630 if (iPhysExt != MM_RAM_FLAGS_IDX_OVERFLOWED)
2631 {
2632 uint16_t iPhysExtPrev = NIL_PGMPOOL_PHYSEXT_INDEX;
2633 PPGMPOOLPHYSEXT paPhysExts = pPool->CTXSUFF(paPhysExts);
2634 do
2635 {
2636 Assert(iPhysExt < pPool->cMaxPhysExts);
2637
2638 /*
2639 * Look for the shadow page and check if it's all freed.
2640 */
2641 for (unsigned i = 0; i < ELEMENTS(paPhysExts[iPhysExt].aidx); i++)
2642 {
2643 if (paPhysExts[iPhysExt].aidx[i] == pPage->idx)
2644 {
2645 paPhysExts[iPhysExt].aidx[i] = NIL_PGMPOOL_IDX;
2646
2647 for (i = 0; i < ELEMENTS(paPhysExts[iPhysExt].aidx); i++)
2648 if (paPhysExts[iPhysExt].aidx[i] != NIL_PGMPOOL_IDX)
2649 {
2650 LogFlow(("pgmPoolTrackPhysExtDerefGCPhys: HCPhys=%RX64 idx=%d\n", pPhysPage->HCPhys, pPage->idx));
2651 return;
2652 }
2653
2654 /* we can free the node. */
2655 PVM pVM = pPool->CTXSUFF(pVM);
2656 const uint16_t iPhysExtNext = paPhysExts[iPhysExt].iNext;
2657 if ( iPhysExtPrev == NIL_PGMPOOL_PHYSEXT_INDEX
2658 && iPhysExtNext == NIL_PGMPOOL_PHYSEXT_INDEX)
2659 {
2660 /* lonely node */
2661 pgmPoolTrackPhysExtFree(pVM, iPhysExt);
2662 LogFlow(("pgmPoolTrackPhysExtDerefGCPhys: HCPhys=%RX64 idx=%d lonely\n", pPhysPage->HCPhys, pPage->idx));
2663 pPhysPage->HCPhys &= MM_RAM_FLAGS_NO_REFS_MASK; /** @todo PAGE FLAGS */
2664 }
2665 else if (iPhysExtPrev == NIL_PGMPOOL_PHYSEXT_INDEX)
2666 {
2667 /* head */
2668 LogFlow(("pgmPoolTrackPhysExtDerefGCPhys: HCPhys=%RX64 idx=%d head\n", pPhysPage->HCPhys, pPage->idx));
2669 pPhysPage->HCPhys = (pPhysPage->HCPhys & MM_RAM_FLAGS_NO_REFS_MASK) /** @todo PAGE FLAGS */
2670 | ((uint64_t)MM_RAM_FLAGS_CREFS_PHYSEXT << MM_RAM_FLAGS_CREFS_SHIFT)
2671 | ((uint64_t)iPhysExtNext << MM_RAM_FLAGS_IDX_SHIFT);
2672 pgmPoolTrackPhysExtFree(pVM, iPhysExt);
2673 }
2674 else
2675 {
2676 /* in list */
2677 LogFlow(("pgmPoolTrackPhysExtDerefGCPhys: HCPhys=%RX64 idx=%d\n", pPhysPage->HCPhys, pPage->idx));
2678 paPhysExts[iPhysExtPrev].iNext = iPhysExtNext;
2679 pgmPoolTrackPhysExtFree(pVM, iPhysExt);
2680 }
2681 iPhysExt = iPhysExtNext;
2682 return;
2683 }
2684 }
2685
2686 /* next */
2687 iPhysExtPrev = iPhysExt;
2688 iPhysExt = paPhysExts[iPhysExt].iNext;
2689 } while (iPhysExt != NIL_PGMPOOL_PHYSEXT_INDEX);
2690
2691 AssertFatalMsgFailed(("not-found! cRefs=%d HCPhys=%RHp pPage=%p:{.idx=%d}\n", cRefs, pPhysPage->HCPhys, pPage, pPage->idx));
2692 }
2693 else /* nothing to do */
2694 LogFlow(("pgmPoolTrackPhysExtDerefGCPhys: HCPhys=%RX64\n", pPhysPage->HCPhys));
2695}
2696
2697
2698
2699/**
2700 * Clear references to guest physical memory.
2701 *
2702 * This is the same as pgmPoolTracDerefGCPhys except that the guest physical address
2703 * is assumed to be correct, so the linear search can be skipped and we can assert
2704 * at an earlier point.
2705 *
2706 * @param pPool The pool.
2707 * @param pPage The page.
2708 * @param HCPhys The host physical address corresponding to the guest page.
2709 * @param GCPhys The guest physical address corresponding to HCPhys.
2710 */
2711static void pgmPoolTracDerefGCPhys(PPGMPOOL pPool, PPGMPOOLPAGE pPage, RTHCPHYS HCPhys, RTGCPHYS GCPhys)
2712{
2713 /*
2714 * Walk range list.
2715 */
2716 PPGMRAMRANGE pRam = pPool->CTXSUFF(pVM)->pgm.s.CTXALLSUFF(pRamRanges);
2717 while (pRam)
2718 {
2719 RTGCPHYS off = GCPhys - pRam->GCPhys;
2720 if (off < pRam->cb)
2721 {
2722 /* does it match? */
2723 const unsigned iPage = off >> PAGE_SHIFT;
2724 Assert(PGM_PAGE_GET_HCPHYS(&pRam->aPages[iPage]));
2725 if (PGM_PAGE_GET_HCPHYS(&pRam->aPages[iPage]) == HCPhys)
2726 {
2727 pgmTrackDerefGCPhys(pPool, pPage, &pRam->aPages[iPage]);
2728 return;
2729 }
2730 break;
2731 }
2732 pRam = CTXALLSUFF(pRam->pNext);
2733 }
2734 AssertFatalMsgFailed(("HCPhys=%VHp GCPhys=%VGp\n", HCPhys, GCPhys));
2735}
2736
2737
2738/**
2739 * Clear references to guest physical memory.
2740 *
2741 * @param pPool The pool.
2742 * @param pPage The page.
2743 * @param HCPhys The host physical address corresponding to the guest page.
2744 * @param GCPhysHint The guest physical address which may corresponding to HCPhys.
2745 */
2746static void pgmPoolTracDerefGCPhysHint(PPGMPOOL pPool, PPGMPOOLPAGE pPage, RTHCPHYS HCPhys, RTGCPHYS GCPhysHint)
2747{
2748 /*
2749 * Walk range list.
2750 */
2751 PPGMRAMRANGE pRam = pPool->CTXSUFF(pVM)->pgm.s.CTXALLSUFF(pRamRanges);
2752 while (pRam)
2753 {
2754 RTGCPHYS off = GCPhysHint - pRam->GCPhys;
2755 if (off < pRam->cb)
2756 {
2757 /* does it match? */
2758 const unsigned iPage = off >> PAGE_SHIFT;
2759 Assert(PGM_PAGE_GET_HCPHYS(&pRam->aPages[iPage]));
2760 if (PGM_PAGE_GET_HCPHYS(&pRam->aPages[iPage]) == HCPhys)
2761 {
2762 pgmTrackDerefGCPhys(pPool, pPage, &pRam->aPages[iPage]);
2763 return;
2764 }
2765 break;
2766 }
2767 pRam = CTXALLSUFF(pRam->pNext);
2768 }
2769
2770 /*
2771 * Damn, the hint didn't work. We'll have to do an expensive linear search.
2772 */
2773 STAM_COUNTER_INC(&pPool->StatTrackLinearRamSearches);
2774 pRam = pPool->CTXSUFF(pVM)->pgm.s.CTXALLSUFF(pRamRanges);
2775 while (pRam)
2776 {
2777 unsigned iPage = pRam->cb >> PAGE_SHIFT;
2778 while (iPage-- > 0)
2779 {
2780 if (PGM_PAGE_GET_HCPHYS(&pRam->aPages[iPage]) == HCPhys)
2781 {
2782 Log4(("pgmPoolTracDerefGCPhysHint: Linear HCPhys=%VHp GCPhysHint=%VGp GCPhysReal=%VGp\n",
2783 HCPhys, GCPhysHint, pRam->GCPhys + (iPage << PAGE_SHIFT)));
2784 pgmTrackDerefGCPhys(pPool, pPage, &pRam->aPages[iPage]);
2785 return;
2786 }
2787 }
2788 pRam = CTXALLSUFF(pRam->pNext);
2789 }
2790
2791 AssertFatalMsgFailed(("HCPhys=%VHp GCPhysHint=%VGp\n", HCPhys, GCPhysHint));
2792}
2793
2794
2795/**
2796 * Clear references to guest physical memory in a 32-bit / 32-bit page table.
2797 *
2798 * @param pPool The pool.
2799 * @param pPage The page.
2800 * @param pShwPT The shadow page table (mapping of the page).
2801 * @param pGstPT The guest page table.
2802 */
2803DECLINLINE(void) pgmPoolTrackDerefPT32Bit32Bit(PPGMPOOL pPool, PPGMPOOLPAGE pPage, PX86PT pShwPT, PCX86PT pGstPT)
2804{
2805 for (unsigned i = pPage->iFirstPresent; i < ELEMENTS(pShwPT->a); i++)
2806 if (pShwPT->a[i].n.u1Present)
2807 {
2808 Log4(("pgmPoolTrackDerefPT32Bit32Bit: i=%d pte=%RX32 hint=%RX32\n",
2809 i, pShwPT->a[i].u & X86_PTE_PG_MASK, pGstPT->a[i].u & X86_PTE_PG_MASK));
2810 pgmPoolTracDerefGCPhysHint(pPool, pPage, pShwPT->a[i].u & X86_PTE_PG_MASK, pGstPT->a[i].u & X86_PTE_PG_MASK);
2811 if (!--pPage->cPresent)
2812 break;
2813 }
2814}
2815
2816
2817/**
2818 * Clear references to guest physical memory in a PAE / 32-bit page table.
2819 *
2820 * @param pPool The pool.
2821 * @param pPage The page.
2822 * @param pShwPT The shadow page table (mapping of the page).
2823 * @param pGstPT The guest page table (just a half one).
2824 */
2825DECLINLINE(void) pgmPoolTrackDerefPTPae32Bit(PPGMPOOL pPool, PPGMPOOLPAGE pPage, PX86PTPAE pShwPT, PCX86PT pGstPT)
2826{
2827 for (unsigned i = 0; i < ELEMENTS(pShwPT->a); i++)
2828 if (pShwPT->a[i].n.u1Present)
2829 {
2830 Log4(("pgmPoolTrackDerefPTPae32Bit: i=%d pte=%RX32 hint=%RX32\n",
2831 i, pShwPT->a[i].u & X86_PTE_PAE_PG_MASK, pGstPT->a[i].u & X86_PTE_PG_MASK));
2832 pgmPoolTracDerefGCPhysHint(pPool, pPage, pShwPT->a[i].u & X86_PTE_PAE_PG_MASK, pGstPT->a[i].u & X86_PTE_PG_MASK);
2833 }
2834}
2835
2836
2837/**
2838 * Clear references to guest physical memory in a PAE / PAE page table.
2839 *
2840 * @param pPool The pool.
2841 * @param pPage The page.
2842 * @param pShwPT The shadow page table (mapping of the page).
2843 * @param pGstPT The guest page table.
2844 */
2845DECLINLINE(void) pgmPoolTrackDerefPTPaePae(PPGMPOOL pPool, PPGMPOOLPAGE pPage, PX86PTPAE pShwPT, PCX86PTPAE pGstPT)
2846{
2847 for (unsigned i = 0; i < ELEMENTS(pShwPT->a); i++)
2848 if (pShwPT->a[i].n.u1Present)
2849 {
2850 Log4(("pgmPoolTrackDerefPTPaePae: i=%d pte=%RX32 hint=%RX32\n",
2851 i, pShwPT->a[i].u & X86_PTE_PAE_PG_MASK, pGstPT->a[i].u & X86_PTE_PAE_PG_MASK));
2852 pgmPoolTracDerefGCPhysHint(pPool, pPage, pShwPT->a[i].u & X86_PTE_PAE_PG_MASK, pGstPT->a[i].u & X86_PTE_PAE_PG_MASK);
2853 }
2854}
2855
2856
2857/**
2858 * Clear references to guest physical memory in a 32-bit / 4MB page table.
2859 *
2860 * @param pPool The pool.
2861 * @param pPage The page.
2862 * @param pShwPT The shadow page table (mapping of the page).
2863 */
2864DECLINLINE(void) pgmPoolTrackDerefPT32Bit4MB(PPGMPOOL pPool, PPGMPOOLPAGE pPage, PX86PT pShwPT)
2865{
2866 RTGCPHYS GCPhys = pPage->GCPhys;
2867 for (unsigned i = 0; i < ELEMENTS(pShwPT->a); i++, GCPhys += PAGE_SIZE)
2868 if (pShwPT->a[i].n.u1Present)
2869 {
2870 Log4(("pgmPoolTrackDerefPT32Bit4MB: i=%d pte=%RX32 GCPhys=%RGp\n",
2871 i, pShwPT->a[i].u & X86_PTE_PG_MASK, GCPhys));
2872 pgmPoolTracDerefGCPhys(pPool, pPage, pShwPT->a[i].u & X86_PTE_PG_MASK, GCPhys);
2873 }
2874}
2875
2876
2877/**
2878 * Clear references to guest physical memory in a PAE / 2/4MB page table.
2879 *
2880 * @param pPool The pool.
2881 * @param pPage The page.
2882 * @param pShwPT The shadow page table (mapping of the page).
2883 */
2884DECLINLINE(void) pgmPoolTrackDerefPTPaeBig(PPGMPOOL pPool, PPGMPOOLPAGE pPage, PX86PTPAE pShwPT)
2885{
2886 RTGCPHYS GCPhys = pPage->GCPhys;
2887 for (unsigned i = 0; i < ELEMENTS(pShwPT->a); i++, GCPhys += PAGE_SIZE)
2888 if (pShwPT->a[i].n.u1Present)
2889 {
2890 Log4(("pgmPoolTrackDerefPTPae32Bit: i=%d pte=%RX32 hint=%RX32\n",
2891 i, pShwPT->a[i].u & X86_PTE_PAE_PG_MASK, GCPhys));
2892 pgmPoolTracDerefGCPhys(pPool, pPage, pShwPT->a[i].u & X86_PTE_PAE_PG_MASK, GCPhys);
2893 }
2894}
2895#endif /* PGMPOOL_WITH_GCPHYS_TRACKING */
2896
2897
2898/**
2899 * Clear references to shadowed pages in a PAE page directory.
2900 *
2901 * @param pPool The pool.
2902 * @param pPage The page.
2903 * @param pShwPD The shadow page directory (mapping of the page).
2904 */
2905DECLINLINE(void) pgmPoolTrackDerefPDPae(PPGMPOOL pPool, PPGMPOOLPAGE pPage, PX86PDPAE pShwPD)
2906{
2907 for (unsigned i = 0; i < ELEMENTS(pShwPD->a); i++)
2908 {
2909 if (pShwPD->a[i].n.u1Present)
2910 {
2911 PPGMPOOLPAGE pSubPage = (PPGMPOOLPAGE)RTAvloHCPhysGet(&pPool->HCPhysTree, pShwPD->a[i].u & X86_PDE_PAE_PG_MASK);
2912 if (pSubPage)
2913 pgmPoolTrackFreeUser(pPool, pSubPage, pPage->idx, i);
2914 else
2915 AssertFatalMsgFailed(("%RX64\n", pShwPD->a[i].u & X86_PDE_PAE_PG_MASK));
2916 /** @todo 64-bit guests: have to ensure that we're not exhausting the dynamic mappings! */
2917 }
2918 }
2919}
2920
2921
2922/**
2923 * Clear references to shadowed pages in a 64-bit page directory pointer table.
2924 *
2925 * @param pPool The pool.
2926 * @param pPage The page.
2927 * @param pShwPDPT The shadow page directory pointer table (mapping of the page).
2928 */
2929DECLINLINE(void) pgmPoolTrackDerefPDPT64Bit(PPGMPOOL pPool, PPGMPOOLPAGE pPage, PX86PDPT pShwPDPT)
2930{
2931 for (unsigned i = 0; i < ELEMENTS(pShwPDPT->a); i++)
2932 {
2933 if (pShwPDPT->a[i].n.u1Present)
2934 {
2935 PPGMPOOLPAGE pSubPage = (PPGMPOOLPAGE)RTAvloHCPhysGet(&pPool->HCPhysTree, pShwPDPT->a[i].u & X86_PDPE_PG_MASK);
2936 if (pSubPage)
2937 pgmPoolTrackFreeUser(pPool, pSubPage, pPage->idx, i);
2938 else
2939 AssertFatalMsgFailed(("%RX64\n", pShwPDPT->a[i].u & X86_PDPE_PG_MASK));
2940 /** @todo 64-bit guests: have to ensure that we're not exhausting the dynamic mappings! */
2941 }
2942 }
2943}
2944
2945
2946/**
2947 * Clears all references made by this page.
2948 *
2949 * This includes other shadow pages and GC physical addresses.
2950 *
2951 * @param pPool The pool.
2952 * @param pPage The page.
2953 */
2954static void pgmPoolTrackDeref(PPGMPOOL pPool, PPGMPOOLPAGE pPage)
2955{
2956 /*
2957 * Map the shadow page and take action according to the page kind.
2958 */
2959 void *pvShw = PGMPOOL_PAGE_2_PTR(pPool->CTXSUFF(pVM), pPage);
2960 switch (pPage->enmKind)
2961 {
2962#ifdef PGMPOOL_WITH_GCPHYS_TRACKING
2963 case PGMPOOLKIND_32BIT_PT_FOR_32BIT_PT:
2964 {
2965 STAM_PROFILE_START(&pPool->StatTrackDerefGCPhys, g);
2966 void *pvGst;
2967 int rc = PGM_GCPHYS_2_PTR(pPool->CTXSUFF(pVM), pPage->GCPhys, &pvGst); AssertReleaseRC(rc);
2968 pgmPoolTrackDerefPT32Bit32Bit(pPool, pPage, (PX86PT)pvShw, (PCX86PT)pvGst);
2969 STAM_PROFILE_STOP(&pPool->StatTrackDerefGCPhys, g);
2970 break;
2971 }
2972
2973 case PGMPOOLKIND_PAE_PT_FOR_32BIT_PT:
2974 {
2975 STAM_PROFILE_START(&pPool->StatTrackDerefGCPhys, g);
2976 void *pvGst;
2977 int rc = PGM_GCPHYS_2_PTR_EX(pPool->CTXSUFF(pVM), pPage->GCPhys, &pvGst); AssertReleaseRC(rc);
2978 pgmPoolTrackDerefPTPae32Bit(pPool, pPage, (PX86PTPAE)pvShw, (PCX86PT)pvGst);
2979 STAM_PROFILE_STOP(&pPool->StatTrackDerefGCPhys, g);
2980 break;
2981 }
2982
2983 case PGMPOOLKIND_PAE_PT_FOR_PAE_PT:
2984 {
2985 STAM_PROFILE_START(&pPool->StatTrackDerefGCPhys, g);
2986 void *pvGst;
2987 int rc = PGM_GCPHYS_2_PTR(pPool->CTXSUFF(pVM), pPage->GCPhys, &pvGst); AssertReleaseRC(rc);
2988 pgmPoolTrackDerefPTPaePae(pPool, pPage, (PX86PTPAE)pvShw, (PCX86PTPAE)pvGst);
2989 STAM_PROFILE_STOP(&pPool->StatTrackDerefGCPhys, g);
2990 break;
2991 }
2992
2993 case PGMPOOLKIND_32BIT_PT_FOR_PHYS: /* treat it like a 4 MB page */
2994 case PGMPOOLKIND_32BIT_PT_FOR_32BIT_4MB:
2995 {
2996 STAM_PROFILE_START(&pPool->StatTrackDerefGCPhys, g);
2997 pgmPoolTrackDerefPT32Bit4MB(pPool, pPage, (PX86PT)pvShw);
2998 STAM_PROFILE_STOP(&pPool->StatTrackDerefGCPhys, g);
2999 break;
3000 }
3001
3002 case PGMPOOLKIND_PAE_PT_FOR_PHYS: /* treat it like a 4 MB page */
3003 case PGMPOOLKIND_PAE_PT_FOR_PAE_2MB:
3004 case PGMPOOLKIND_PAE_PT_FOR_32BIT_4MB:
3005 {
3006 STAM_PROFILE_START(&pPool->StatTrackDerefGCPhys, g);
3007 pgmPoolTrackDerefPTPaeBig(pPool, pPage, (PX86PTPAE)pvShw);
3008 STAM_PROFILE_STOP(&pPool->StatTrackDerefGCPhys, g);
3009 break;
3010 }
3011
3012#else /* !PGMPOOL_WITH_GCPHYS_TRACKING */
3013 case PGMPOOLKIND_32BIT_PT_FOR_32BIT_PT:
3014 case PGMPOOLKIND_PAE_PT_FOR_32BIT_PT:
3015 case PGMPOOLKIND_PAE_PT_FOR_PAE_PT:
3016 case PGMPOOLKIND_32BIT_PT_FOR_32BIT_4MB:
3017 case PGMPOOLKIND_PAE_PT_FOR_PAE_2MB:
3018 case PGMPOOLKIND_PAE_PT_FOR_32BIT_4MB:
3019 case PGMPOOLKIND_32BIT_PT_FOR_PHYS:
3020 case PGMPOOLKIND_PAE_PT_FOR_PHYS:
3021 break;
3022#endif /* !PGMPOOL_WITH_GCPHYS_TRACKING */
3023
3024 case PGMPOOLKIND_PAE_PD_FOR_32BIT_PD:
3025 case PGMPOOLKIND_PAE_PD_FOR_PAE_PD:
3026 pgmPoolTrackDerefPDPae(pPool, pPage, (PX86PDPAE)pvShw);
3027 break;
3028
3029 case PGMPOOLKIND_64BIT_PDPT_FOR_64BIT_PDPT:
3030 pgmPoolTrackDerefPDPT64Bit(pPool, pPage, (PX86PDPT)pvShw);
3031 break;
3032
3033 default:
3034 AssertFatalMsgFailed(("enmKind=%d\n", pPage->enmKind));
3035 }
3036
3037 /* paranoia, clear the shadow page. Remove this laser (i.e. let Alloc and ClearAll do it). */
3038 STAM_PROFILE_START(&pPool->StatZeroPage, z);
3039 ASMMemZeroPage(pvShw);
3040 STAM_PROFILE_STOP(&pPool->StatZeroPage, z);
3041 pPage->fZeroed = true;
3042}
3043#endif /* PGMPOOL_WITH_USER_TRACKING */
3044
3045
3046/**
3047 * Flushes all the special root pages as part of a pgmPoolFlushAllInt operation.
3048 *
3049 * @param pPool The pool.
3050 */
3051static void pgmPoolFlushAllSpecialRoots(PPGMPOOL pPool)
3052{
3053 /*
3054 * These special pages are all mapped into the indexes 1..PGMPOOL_IDX_FIRST.
3055 */
3056 Assert(NIL_PGMPOOL_IDX == 0);
3057 for (unsigned i = 1; i < PGMPOOL_IDX_FIRST; i++)
3058 {
3059 /*
3060 * Get the page address.
3061 */
3062 PPGMPOOLPAGE pPage = &pPool->aPages[i];
3063 union
3064 {
3065 uint64_t *pau64;
3066 uint32_t *pau32;
3067 } u;
3068 u.pau64 = (uint64_t *)PGMPOOL_PAGE_2_PTR(pPool->CTXSUFF(pVM), pPage);
3069
3070 /*
3071 * Mark stuff not present.
3072 */
3073 switch (pPage->enmKind)
3074 {
3075 case PGMPOOLKIND_ROOT_32BIT_PD:
3076 for (unsigned iPage = 0; iPage < X86_PG_ENTRIES; iPage++)
3077 if ((u.pau32[iPage] & (PGM_PDFLAGS_MAPPING | X86_PDE_P)) == X86_PDE_P)
3078 u.pau32[iPage] = 0;
3079 break;
3080
3081 case PGMPOOLKIND_ROOT_PAE_PD:
3082 for (unsigned iPage = 0; iPage < X86_PG_PAE_ENTRIES * X86_PG_PAE_PDPE_ENTRIES; iPage++)
3083 if ((u.pau64[iPage] & (PGM_PDFLAGS_MAPPING | X86_PDE_P)) == X86_PDE_P)
3084 u.pau64[iPage] = 0;
3085 break;
3086
3087 case PGMPOOLKIND_ROOT_PML4:
3088 for (unsigned iPage = 0; iPage < X86_PG_PAE_ENTRIES; iPage++)
3089 if ((u.pau64[iPage] & (PGM_PLXFLAGS_PERMANENT | X86_PML4E_P)) == X86_PML4E_P)
3090 u.pau64[iPage] = 0;
3091 break;
3092
3093 case PGMPOOLKIND_ROOT_PDPT:
3094 /* Not root of shadowed pages currently, ignore it. */
3095 break;
3096 }
3097 }
3098
3099 /*
3100 * Paranoia (to be removed), flag a global CR3 sync.
3101 */
3102 VM_FF_SET(pPool->CTXSUFF(pVM), VM_FF_PGM_SYNC_CR3);
3103}
3104
3105
3106/**
3107 * Flushes the entire cache.
3108 *
3109 * It will assert a global CR3 flush (FF) and assumes the caller is aware of this
3110 * and execute this CR3 flush.
3111 *
3112 * @param pPool The pool.
3113 */
3114static void pgmPoolFlushAllInt(PPGMPOOL pPool)
3115{
3116 STAM_PROFILE_START(&pPool->StatFlushAllInt, a);
3117 LogFlow(("pgmPoolFlushAllInt:\n"));
3118
3119 /*
3120 * If there are no pages in the pool, there is nothing to do.
3121 */
3122 if (pPool->cCurPages <= PGMPOOL_IDX_FIRST)
3123 {
3124 STAM_PROFILE_STOP(&pPool->StatFlushAllInt, a);
3125 return;
3126 }
3127
3128 /*
3129 * Nuke the free list and reinsert all pages into it.
3130 */
3131 for (unsigned i = pPool->cCurPages - 1; i >= PGMPOOL_IDX_FIRST; i--)
3132 {
3133 PPGMPOOLPAGE pPage = &pPool->aPages[i];
3134
3135#ifdef IN_RING3
3136 Assert(pPage->Core.Key == MMPage2Phys(pPool->pVMHC, pPage->pvPageHC));
3137#endif
3138#ifdef PGMPOOL_WITH_MONITORING
3139 if (pPage->fMonitored)
3140 pgmPoolMonitorFlush(pPool, pPage);
3141 pPage->iModifiedNext = NIL_PGMPOOL_IDX;
3142 pPage->iModifiedPrev = NIL_PGMPOOL_IDX;
3143 pPage->iMonitoredNext = NIL_PGMPOOL_IDX;
3144 pPage->iMonitoredPrev = NIL_PGMPOOL_IDX;
3145 pPage->cModifications = 0;
3146#endif
3147 pPage->GCPhys = NIL_RTGCPHYS;
3148 pPage->enmKind = PGMPOOLKIND_FREE;
3149 Assert(pPage->idx == i);
3150 pPage->iNext = i + 1;
3151 pPage->fZeroed = false; /* This could probably be optimized, but better safe than sorry. */
3152 pPage->fSeenNonGlobal = false;
3153 pPage->fMonitored= false;
3154 pPage->fCached = false;
3155 pPage->fReusedFlushPending = false;
3156 pPage->fCR3Mix = false;
3157#ifdef PGMPOOL_WITH_USER_TRACKING
3158 pPage->iUserHead = NIL_PGMPOOL_USER_INDEX;
3159#endif
3160#ifdef PGMPOOL_WITH_CACHE
3161 pPage->iAgeNext = NIL_PGMPOOL_IDX;
3162 pPage->iAgePrev = NIL_PGMPOOL_IDX;
3163#endif
3164 }
3165 pPool->aPages[pPool->cCurPages - 1].iNext = NIL_PGMPOOL_IDX;
3166 pPool->iFreeHead = PGMPOOL_IDX_FIRST;
3167 pPool->cUsedPages = 0;
3168
3169#ifdef PGMPOOL_WITH_USER_TRACKING
3170 /*
3171 * Zap and reinitialize the user records.
3172 */
3173 pPool->cPresent = 0;
3174 pPool->iUserFreeHead = 0;
3175 PPGMPOOLUSER paUsers = pPool->CTXSUFF(paUsers);
3176 const unsigned cMaxUsers = pPool->cMaxUsers;
3177 for (unsigned i = 0; i < cMaxUsers; i++)
3178 {
3179 paUsers[i].iNext = i + 1;
3180 paUsers[i].iUser = NIL_PGMPOOL_IDX;
3181 paUsers[i].iUserTable = 0xfffe;
3182 }
3183 paUsers[cMaxUsers - 1].iNext = NIL_PGMPOOL_USER_INDEX;
3184#endif
3185
3186#ifdef PGMPOOL_WITH_GCPHYS_TRACKING
3187 /*
3188 * Clear all the GCPhys links and rebuild the phys ext free list.
3189 */
3190 for (PPGMRAMRANGE pRam = pPool->CTXSUFF(pVM)->pgm.s.CTXALLSUFF(pRamRanges);
3191 pRam;
3192 pRam = CTXALLSUFF(pRam->pNext))
3193 {
3194 unsigned iPage = pRam->cb >> PAGE_SHIFT;
3195 while (iPage-- > 0)
3196 pRam->aPages[iPage].HCPhys &= MM_RAM_FLAGS_NO_REFS_MASK; /** @todo PAGE FLAGS */
3197 }
3198
3199 pPool->iPhysExtFreeHead = 0;
3200 PPGMPOOLPHYSEXT paPhysExts = pPool->CTXSUFF(paPhysExts);
3201 const unsigned cMaxPhysExts = pPool->cMaxPhysExts;
3202 for (unsigned i = 0; i < cMaxPhysExts; i++)
3203 {
3204 paPhysExts[i].iNext = i + 1;
3205 paPhysExts[i].aidx[0] = NIL_PGMPOOL_IDX;
3206 paPhysExts[i].aidx[1] = NIL_PGMPOOL_IDX;
3207 paPhysExts[i].aidx[2] = NIL_PGMPOOL_IDX;
3208 }
3209 paPhysExts[cMaxPhysExts - 1].iNext = NIL_PGMPOOL_PHYSEXT_INDEX;
3210#endif
3211
3212#ifdef PGMPOOL_WITH_MONITORING
3213 /*
3214 * Just zap the modified list.
3215 */
3216 pPool->cModifiedPages = 0;
3217 pPool->iModifiedHead = NIL_PGMPOOL_IDX;
3218#endif
3219
3220#ifdef PGMPOOL_WITH_CACHE
3221 /*
3222 * Clear the GCPhys hash and the age list.
3223 */
3224 for (unsigned i = 0; i < ELEMENTS(pPool->aiHash); i++)
3225 pPool->aiHash[i] = NIL_PGMPOOL_IDX;
3226 pPool->iAgeHead = NIL_PGMPOOL_IDX;
3227 pPool->iAgeTail = NIL_PGMPOOL_IDX;
3228#endif
3229
3230 /*
3231 * Flush all the special root pages.
3232 * Reinsert active pages into the hash and ensure monitoring chains are correct.
3233 */
3234 pgmPoolFlushAllSpecialRoots(pPool);
3235 for (unsigned i = PGMPOOL_IDX_FIRST_SPECIAL; i < PGMPOOL_IDX_FIRST; i++)
3236 {
3237 PPGMPOOLPAGE pPage = &pPool->aPages[i];
3238 pPage->iNext = NIL_PGMPOOL_IDX;
3239#ifdef PGMPOOL_WITH_MONITORING
3240 pPage->iModifiedNext = NIL_PGMPOOL_IDX;
3241 pPage->iModifiedPrev = NIL_PGMPOOL_IDX;
3242 pPage->cModifications = 0;
3243 /* ASSUMES that we're not sharing with any of the other special pages (safe for now). */
3244 pPage->iMonitoredNext = NIL_PGMPOOL_IDX;
3245 pPage->iMonitoredPrev = NIL_PGMPOOL_IDX;
3246 if (pPage->fMonitored)
3247 {
3248 PVM pVM = pPool->CTXSUFF(pVM);
3249 int rc = PGMHandlerPhysicalChangeCallbacks(pVM, pPage->GCPhys & ~(RTGCPHYS)(PAGE_SIZE - 1),
3250 pPool->pfnAccessHandlerR3, MMHyperCCToR3(pVM, pPage),
3251 pPool->pfnAccessHandlerR0, MMHyperCCToR0(pVM, pPage),
3252 pPool->pfnAccessHandlerGC, MMHyperCCToGC(pVM, pPage),
3253 pPool->pszAccessHandler);
3254 AssertFatalRCSuccess(rc);
3255# ifdef PGMPOOL_WITH_CACHE
3256 pgmPoolHashInsert(pPool, pPage);
3257# endif
3258 }
3259#endif
3260#ifdef PGMPOOL_WITH_USER_TRACKING
3261 Assert(pPage->iUserHead == NIL_PGMPOOL_USER_INDEX); /* for now */
3262#endif
3263#ifdef PGMPOOL_WITH_CACHE
3264 Assert(pPage->iAgeNext == NIL_PGMPOOL_IDX);
3265 Assert(pPage->iAgePrev == NIL_PGMPOOL_IDX);
3266#endif
3267 }
3268
3269 STAM_PROFILE_STOP(&pPool->StatFlushAllInt, a);
3270}
3271
3272
3273/**
3274 * Flushes a pool page.
3275 *
3276 * This moves the page to the free list after removing all user references to it.
3277 * In GC this will cause a CR3 reload if the page is traced back to an active root page.
3278 *
3279 * @returns VBox status code.
3280 * @retval VINF_SUCCESS on success.
3281 * @retval VERR_PGM_POOL_CLEARED if the deregistration of the physical handler will cause a light weight pool flush.
3282 * @param pPool The pool.
3283 * @param HCPhys The HC physical address of the shadow page.
3284 */
3285int pgmPoolFlushPage(PPGMPOOL pPool, PPGMPOOLPAGE pPage)
3286{
3287 int rc = VINF_SUCCESS;
3288 STAM_PROFILE_START(&pPool->StatFlushPage, f);
3289 LogFlow(("pgmPoolFlushPage: pPage=%p:{.Key=%VHp, .idx=%d, .enmKind=%d, .GCPhys=%VGp}\n",
3290 pPage, pPage->Core.Key, pPage->idx, pPage->enmKind, pPage->GCPhys));
3291
3292 /*
3293 * Quietly reject any attempts at flushing any of the special root pages.
3294 */
3295 if (pPage->idx < PGMPOOL_IDX_FIRST)
3296 {
3297 Log(("pgmPoolFlushPage: specaial root page, rejected. enmKind=%d idx=%d\n", pPage->enmKind, pPage->idx));
3298 return VINF_SUCCESS;
3299 }
3300
3301 /*
3302 * Mark the page as being in need of a ASMMemZeroPage().
3303 */
3304 pPage->fZeroed = false;
3305
3306#ifdef PGMPOOL_WITH_USER_TRACKING
3307 /*
3308 * Clear the page.
3309 */
3310 pgmPoolTrackClearPageUsers(pPool, pPage);
3311 STAM_PROFILE_START(&pPool->StatTrackDeref,a);
3312 pgmPoolTrackDeref(pPool, pPage);
3313 STAM_PROFILE_STOP(&pPool->StatTrackDeref,a);
3314#endif
3315
3316#ifdef PGMPOOL_WITH_CACHE
3317 /*
3318 * Flush it from the cache.
3319 */
3320 pgmPoolCacheFlushPage(pPool, pPage);
3321#endif /* PGMPOOL_WITH_CACHE */
3322
3323#ifdef PGMPOOL_WITH_MONITORING
3324 /*
3325 * Deregistering the monitoring.
3326 */
3327 if (pPage->fMonitored)
3328 rc = pgmPoolMonitorFlush(pPool, pPage);
3329#endif
3330
3331 /*
3332 * Free the page.
3333 */
3334 Assert(pPage->iNext == NIL_PGMPOOL_IDX);
3335 pPage->iNext = pPool->iFreeHead;
3336 pPool->iFreeHead = pPage->idx;
3337 pPage->enmKind = PGMPOOLKIND_FREE;
3338 pPage->GCPhys = NIL_RTGCPHYS;
3339 pPage->fReusedFlushPending = false;
3340
3341 pPool->cUsedPages--;
3342 STAM_PROFILE_STOP(&pPool->StatFlushPage, f);
3343 return rc;
3344}
3345
3346
3347/**
3348 * Frees a usage of a pool page.
3349 *
3350 * The caller is responsible to updating the user table so that it no longer
3351 * references the shadow page.
3352 *
3353 * @param pPool The pool.
3354 * @param HCPhys The HC physical address of the shadow page.
3355 * @param iUser The shadow page pool index of the user table.
3356 * @param iUserTable The index into the user table (shadowed).
3357 */
3358void pgmPoolFreeByPage(PPGMPOOL pPool, PPGMPOOLPAGE pPage, uint16_t iUser, uint16_t iUserTable)
3359{
3360 STAM_PROFILE_START(&pPool->StatFree, a);
3361 LogFlow(("pgmPoolFreeByPage: pPage=%p:{.Key=%VHp, .idx=%d, enmKind=%d} iUser=%#x iUserTable=%#x\n",
3362 pPage, pPage->Core.Key, pPage->idx, pPage->enmKind, iUser, iUserTable));
3363 Assert(pPage->idx >= PGMPOOL_IDX_FIRST);
3364#ifdef PGMPOOL_WITH_USER_TRACKING
3365 pgmPoolTrackFreeUser(pPool, pPage, iUser, iUserTable);
3366#endif
3367#ifdef PGMPOOL_WITH_CACHE
3368 if (!pPage->fCached)
3369#endif
3370 pgmPoolFlushPage(pPool, pPage); /* ASSUMES that VERR_PGM_POOL_CLEARED can be ignored here. */
3371 STAM_PROFILE_STOP(&pPool->StatFree, a);
3372}
3373
3374
3375/**
3376 * Makes one or more free page free.
3377 *
3378 * @returns VBox status code.
3379 * @retval VINF_SUCCESS on success.
3380 * @retval VERR_PGM_POOL_FLUSHED if the pool was flushed.
3381 *
3382 * @param pPool The pool.
3383 * @param iUser The user of the page.
3384 */
3385static int pgmPoolMakeMoreFreePages(PPGMPOOL pPool, uint16_t iUser)
3386{
3387 LogFlow(("pgmPoolMakeMoreFreePages: iUser=%#x\n", iUser));
3388
3389 /*
3390 * If the pool isn't full grown yet, expand it.
3391 */
3392 if (pPool->cCurPages < pPool->cMaxPages)
3393 {
3394 STAM_PROFILE_ADV_SUSPEND(&pPool->StatAlloc, a);
3395#ifdef IN_RING3
3396 int rc = PGMR3PoolGrow(pPool->pVMHC);
3397#else
3398 int rc = CTXALLMID(VMM, CallHost)(pPool->CTXSUFF(pVM), VMMCALLHOST_PGM_POOL_GROW, 0);
3399#endif
3400 if (VBOX_FAILURE(rc))
3401 return rc;
3402 STAM_PROFILE_ADV_RESUME(&pPool->StatAlloc, a);
3403 if (pPool->iFreeHead != NIL_PGMPOOL_IDX)
3404 return VINF_SUCCESS;
3405 }
3406
3407#ifdef PGMPOOL_WITH_CACHE
3408 /*
3409 * Free one cached page.
3410 */
3411 return pgmPoolCacheFreeOne(pPool, iUser);
3412#else
3413 /*
3414 * Flush the pool.
3415 * If we have tracking enabled, it should be possible to come up with
3416 * a cheap replacement strategy...
3417 */
3418 pgmPoolFlushAllInt(pPool);
3419 return VERR_PGM_POOL_FLUSHED;
3420#endif
3421}
3422
3423
3424/**
3425 * Allocates a page from the pool.
3426 *
3427 * This page may actually be a cached page and not in need of any processing
3428 * on the callers part.
3429 *
3430 * @returns VBox status code.
3431 * @retval VINF_SUCCESS if a NEW page was allocated.
3432 * @retval VINF_PGM_CACHED_PAGE if a CACHED page was returned.
3433 * @retval VERR_PGM_POOL_FLUSHED if the pool was flushed.
3434 * @param pVM The VM handle.
3435 * @param GCPhys The GC physical address of the page we're gonna shadow.
3436 * For 4MB and 2MB PD entries, it's the first address the
3437 * shadow PT is covering.
3438 * @param enmKind The kind of mapping.
3439 * @param iUser The shadow page pool index of the user table.
3440 * @param iUserTable The index into the user table (shadowed).
3441 * @param ppPage Where to store the pointer to the page. NULL is stored here on failure.
3442 */
3443int pgmPoolAlloc(PVM pVM, RTGCPHYS GCPhys, PGMPOOLKIND enmKind, uint16_t iUser, uint16_t iUserTable, PPPGMPOOLPAGE ppPage)
3444{
3445 PPGMPOOL pPool = pVM->pgm.s.CTXSUFF(pPool);
3446 STAM_PROFILE_ADV_START(&pPool->StatAlloc, a);
3447 LogFlow(("pgmPoolAlloc: GCPhys=%VGp enmKind=%d iUser=%#x iUserTable=%#x\n", GCPhys, enmKind, iUser, iUserTable));
3448 *ppPage = NULL;
3449
3450#ifdef PGMPOOL_WITH_CACHE
3451 if (pPool->fCacheEnabled)
3452 {
3453 int rc2 = pgmPoolCacheAlloc(pPool, GCPhys, enmKind, iUser, iUserTable, ppPage);
3454 if (VBOX_SUCCESS(rc2))
3455 {
3456 STAM_PROFILE_ADV_STOP(&pPool->StatAlloc, a);
3457 LogFlow(("pgmPoolAlloc: returns %Vrc *ppPage=%p:{.Key=%VHp, .idx=%d}\n", rc2, *ppPage, (*ppPage)->Core.Key, (*ppPage)->idx));
3458 return rc2;
3459 }
3460 }
3461#endif
3462
3463 /*
3464 * Allocate a new one.
3465 */
3466 int rc = VINF_SUCCESS;
3467 uint16_t iNew = pPool->iFreeHead;
3468 if (iNew == NIL_PGMPOOL_IDX)
3469 {
3470 rc = pgmPoolMakeMoreFreePages(pPool, iUser);
3471 if (VBOX_FAILURE(rc))
3472 {
3473 if (rc != VERR_PGM_POOL_CLEARED)
3474 {
3475 Log(("pgmPoolAlloc: returns %Vrc (Free)\n", rc));
3476 STAM_PROFILE_ADV_STOP(&pPool->StatAlloc, a);
3477 return rc;
3478 }
3479 rc = VERR_PGM_POOL_FLUSHED;
3480 }
3481 iNew = pPool->iFreeHead;
3482 AssertReleaseReturn(iNew != NIL_PGMPOOL_IDX, VERR_INTERNAL_ERROR);
3483 }
3484
3485 /* unlink the free head */
3486 PPGMPOOLPAGE pPage = &pPool->aPages[iNew];
3487 pPool->iFreeHead = pPage->iNext;
3488 pPage->iNext = NIL_PGMPOOL_IDX;
3489
3490 /*
3491 * Initialize it.
3492 */
3493 pPool->cUsedPages++; /* physical handler registration / pgmPoolTrackFlushGCPhysPTsSlow requirement. */
3494 pPage->enmKind = enmKind;
3495 pPage->GCPhys = GCPhys;
3496 pPage->fSeenNonGlobal = false; /* Set this to 'true' to disable this feature. */
3497 pPage->fMonitored = false;
3498 pPage->fCached = false;
3499 pPage->fReusedFlushPending = false;
3500 pPage->fCR3Mix = false;
3501#ifdef PGMPOOL_WITH_MONITORING
3502 pPage->cModifications = 0;
3503 pPage->iModifiedNext = NIL_PGMPOOL_IDX;
3504 pPage->iModifiedPrev = NIL_PGMPOOL_IDX;
3505#endif
3506#ifdef PGMPOOL_WITH_USER_TRACKING
3507 pPage->cPresent = 0;
3508 pPage->iFirstPresent = ~0;
3509
3510 /*
3511 * Insert into the tracking and cache. If this fails, free the page.
3512 */
3513 int rc3 = pgmPoolTrackInsert(pPool, pPage, GCPhys, iUser, iUserTable);
3514 if (VBOX_FAILURE(rc3))
3515 {
3516 if (rc3 != VERR_PGM_POOL_CLEARED)
3517 {
3518 pPool->cUsedPages--;
3519 pPage->enmKind = PGMPOOLKIND_FREE;
3520 pPage->GCPhys = NIL_RTGCPHYS;
3521 pPage->iNext = pPool->iFreeHead;
3522 pPool->iFreeHead = pPage->idx;
3523 STAM_PROFILE_ADV_STOP(&pPool->StatAlloc, a);
3524 Log(("pgmPoolAlloc: returns %Vrc (Insert)\n", rc3));
3525 return rc3;
3526 }
3527 rc = VERR_PGM_POOL_FLUSHED;
3528 }
3529#endif /* PGMPOOL_WITH_USER_TRACKING */
3530
3531 /*
3532 * Commit the allocation, clear the page and return.
3533 */
3534#ifdef VBOX_WITH_STATISTICS
3535 if (pPool->cUsedPages > pPool->cUsedPagesHigh)
3536 pPool->cUsedPagesHigh = pPool->cUsedPages;
3537#endif
3538
3539 if (!pPage->fZeroed)
3540 {
3541 STAM_PROFILE_START(&pPool->StatZeroPage, z);
3542 void *pv = PGMPOOL_PAGE_2_PTR(pVM, pPage);
3543 ASMMemZeroPage(pv);
3544 STAM_PROFILE_STOP(&pPool->StatZeroPage, z);
3545 }
3546
3547 *ppPage = pPage;
3548 LogFlow(("pgmPoolAlloc: returns %Vrc *ppPage=%p:{.Key=%VHp, .idx=%d, .fCached=%RTbool, .fMonitored=%RTbool}\n",
3549 rc, pPage, pPage->Core.Key, pPage->idx, pPage->fCached, pPage->fMonitored));
3550 STAM_PROFILE_ADV_STOP(&pPool->StatAlloc, a);
3551 return rc;
3552}
3553
3554
3555/**
3556 * Frees a usage of a pool page.
3557 *
3558 * @param pVM The VM handle.
3559 * @param HCPhys The HC physical address of the shadow page.
3560 * @param iUser The shadow page pool index of the user table.
3561 * @param iUserTable The index into the user table (shadowed).
3562 */
3563void pgmPoolFree(PVM pVM, RTHCPHYS HCPhys, uint16_t iUser, uint16_t iUserTable)
3564{
3565 LogFlow(("pgmPoolFree: HCPhys=%VHp iUser=%#x iUserTable=%#x\n", HCPhys, iUser, iUserTable));
3566 PPGMPOOL pPool = pVM->pgm.s.CTXSUFF(pPool);
3567 pgmPoolFreeByPage(pPool, pgmPoolGetPage(pPool, HCPhys), iUser, iUserTable);
3568}
3569
3570
3571/**
3572 * Gets a in-use page in the pool by it's physical address.
3573 *
3574 * @returns Pointer to the page.
3575 * @param pVM The VM handle.
3576 * @param HCPhys The HC physical address of the shadow page.
3577 * @remark This function will NEVER return NULL. It will assert if HCPhys is invalid.
3578 */
3579PPGMPOOLPAGE pgmPoolGetPageByHCPhys(PVM pVM, RTHCPHYS HCPhys)
3580{
3581 /** @todo profile this! */
3582 PPGMPOOL pPool = pVM->pgm.s.CTXSUFF(pPool);
3583 PPGMPOOLPAGE pPage = pgmPoolGetPage(pPool, HCPhys);
3584 Log3(("pgmPoolGetPageByHCPhys: HCPhys=%VHp -> %p:{.idx=%d .GCPhys=%VGp .enmKind=%d}\n",
3585 HCPhys, pPage, pPage->idx, pPage->GCPhys, pPage->enmKind));
3586 return pPage;
3587}
3588
3589
3590/**
3591 * Flushes the entire cache.
3592 *
3593 * It will assert a global CR3 flush (FF) and assumes the caller is aware of this
3594 * and execute this CR3 flush.
3595 *
3596 * @param pPool The pool.
3597 */
3598void pgmPoolFlushAll(PVM pVM)
3599{
3600 LogFlow(("pgmPoolFlushAll:\n"));
3601 pgmPoolFlushAllInt(pVM->pgm.s.CTXSUFF(pPool));
3602}
3603
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette