Changeset 105440 in vbox for trunk

Timestamp:

Jul 23, 2024 10:50:17 AM (6 months ago)

Author:

vboxsync

Message:

VMM/IEM: Added some simple TLB tracing (disabled by default). bugref:10727

Location:

trunk/src/VBox/VMM

Files:

• VMMAll/IEMAll.cpp (modified) (8 diffs)
• VMMAll/IEMAllCImpl.cpp (modified) (6 diffs)
• VMMR3/IEMR3.cpp (modified) (8 diffs)
• include/IEMInline.h (modified) (1 diff)
• include/IEMInternal-armv8.h (modified) (2 diffs)
• include/IEMInternal.h (modified) (4 diffs)

trunk/src/VBox/VMM/VMMAll/IEMAll.cpp

@@ -727 +727 @@
     pVCpu->iem.s.cbInstrBufTotal = 0;
     iemTlbInvalidateOne<a_fGlobal>(&pVCpu->iem.s.CodeTlb);
+    if (a_fGlobal)
+        IEMTLBTRACE_FLUSH_GLOBAL(pVCpu, pVCpu->iem.s.CodeTlb.uTlbRevision, pVCpu->iem.s.CodeTlb.uTlbRevisionGlobal, false);
+    else
+        IEMTLBTRACE_FLUSH(pVCpu, pVCpu->iem.s.CodeTlb.uTlbRevision, false);
 # endif
 
 # ifdef IEM_WITH_DATA_TLB
     iemTlbInvalidateOne<a_fGlobal>(&pVCpu->iem.s.DataTlb);
+    if (a_fGlobal)
+        IEMTLBTRACE_FLUSH_GLOBAL(pVCpu, pVCpu->iem.s.DataTlb.uTlbRevision, pVCpu->iem.s.DataTlb.uTlbRevisionGlobal, true);
+    else
+        IEMTLBTRACE_FLUSH(pVCpu, pVCpu->iem.s.DataTlb.uTlbRevision, true);
 # endif
 #else
@@ -895 +903 @@
 VMM_INT_DECL(void) IEMTlbInvalidatePage(PVMCPUCC pVCpu, RTGCPTR GCPtr)
 {
+    IEMTLBTRACE_INVLPG(pVCpu, GCPtr);
 #if defined(IEM_WITH_CODE_TLB) || defined(IEM_WITH_DATA_TLB)
     Log10(("IEMTlbInvalidatePage: GCPtr=%RGv\n", GCPtr));
@@ -1240 +1249 @@
                 if (WalkFast.fInfo & PGM_WALKINFO_BIG_PAGE)
                     iemTlbLoadedLargePage<false>(&pVCpu->iem.s.CodeTlb, uTagNoRev, RT_BOOL(pVCpu->cpum.GstCtx.cr4 & X86_CR4_PAE));
+                IEMTLBTRACE_LOAD(pVCpu, GCPtrFirst, false);
             }
             else
@@ -1247 +1257 @@
                 if (WalkFast.fInfo & PGM_WALKINFO_BIG_PAGE)
                     iemTlbLoadedLargePage<true>(&pVCpu->iem.s.CodeTlb, uTagNoRev, RT_BOOL(pVCpu->cpum.GstCtx.cr4 & X86_CR4_PAE));
+                IEMTLBTRACE_LOAD_GLOBAL(pVCpu, GCPtrFirst, false);
             }
             pTlbe->fFlagsAndPhysRev = (~WalkFast.fEffective & (X86_PTE_US | X86_PTE_RW | X86_PTE_D | X86_PTE_A))
@@ -6788 +6799 @@
                 if (WalkFast.fInfo & PGM_WALKINFO_BIG_PAGE)
                     iemTlbLoadedLargePage<false>(&pVCpu->iem.s.DataTlb, uTagNoRev, RT_BOOL(pVCpu->cpum.GstCtx.cr4 & X86_CR4_PAE));
+                IEMTLBTRACE_LOAD(pVCpu, GCPtrMem, true);
             }
             else
@@ -6795 +6807 @@
                 if (WalkFast.fInfo & PGM_WALKINFO_BIG_PAGE)
                     iemTlbLoadedLargePage<true>(&pVCpu->iem.s.DataTlb, uTagNoRev, RT_BOOL(pVCpu->cpum.GstCtx.cr4 & X86_CR4_PAE));
+                IEMTLBTRACE_LOAD_GLOBAL(pVCpu, GCPtrMem, true);
             }
         }
@@ -7184 +7197 @@
                 if (WalkFast.fInfo & PGM_WALKINFO_BIG_PAGE)
                     iemTlbLoadedLargePage<false>(&pVCpu->iem.s.DataTlb, uTagNoRev, RT_BOOL(pVCpu->cpum.GstCtx.cr4 & X86_CR4_PAE));
+                IEMTLBTRACE_LOAD(pVCpu, GCPtrMem, true);
             }
             else
@@ -7194 +7208 @@
                 if (WalkFast.fInfo & PGM_WALKINFO_BIG_PAGE)
                     iemTlbLoadedLargePage<true>(&pVCpu->iem.s.DataTlb, uTagNoRev, RT_BOOL(pVCpu->cpum.GstCtx.cr4 & X86_CR4_PAE));
+                IEMTLBTRACE_LOAD_GLOBAL(pVCpu, GCPtrMem, true);
             }
         }

trunk/src/VBox/VMM/VMMAll/IEMAllCImpl.cpp

@@ -5989 +5989 @@
             }
 
+            IEMTLBTRACE_LOAD_CR0(pVCpu, uNewCrX, uOldCrX);
+
             /*
              * Inform PGM.
@@ -6110 +6112 @@
             }
 
+            IEMTLBTRACE_LOAD_CR3(pVCpu, uNewCrX, pVCpu->cpum.GstCtx.cr3);
+
             /* Inform PGM. */
             if (pVCpu->cpum.GstCtx.cr0 & X86_CR0_PG)
@@ -6201 +6205 @@
                 }
             }
+
+            IEMTLBTRACE_LOAD_CR4(pVCpu, uNewCrX, uOldCrX);
 
             /*
@@ -6880 +6886 @@
      * Fetch the invpcid descriptor from guest memory.
      */
+/** @todo Check if the entire 128 bits are always read for all types.  Check for invalid types as well. */
     RTUINT128U uDesc;
     VBOXSTRICTRC rcStrict = iemMemFetchDataU128(pVCpu, &uDesc, iEffSeg, GCPtrInvpcidDesc);
@@ -6914 +6921 @@
 
                 /* Invalidate mappings for the linear address tagged with PCID except global translations. */
+/** @todo PGMFlushTLB is overkill for X86_INVPCID_TYPE_INDV_ADDR. Add a fGlobal parameter
+ * to PGMInvalidatePage or add a new function to support this variation of invlpg. */
                 PGMFlushTLB(pVCpu, uCr3, false /* fGlobal */);
                 break;
@@ -7286 +7295 @@
     }
 #endif
+
+    if (idMsr == MSR_K6_EFER)
+        IEMTLBTRACE_LOAD_EFER(pVCpu, uValue.u, pVCpu->cpum.GstCtx.msrEFER);
 
     /*

trunk/src/VBox/VMM/VMMR3/IEMR3.cpp

@@ -50 +50 @@
 #include <iprt/assert.h>
 #include <iprt/getopt.h>
+#ifdef IEM_WITH_TLB_TRACE
+# include <iprt/mem.h>
+#endif
 #include <iprt/string.h>
 
@@ -64 +67 @@
 static FNDBGFINFOARGVINT iemR3InfoITlb;
 static FNDBGFINFOARGVINT iemR3InfoDTlb;
+#ifdef IEM_WITH_TLB_TRACE
+static FNDBGFINFOARGVINT iemR3InfoTlbTrace;
+#endif
 #if defined(VBOX_WITH_IEM_RECOMPILER) && !defined(VBOX_VMM_TARGET_ARMV8)
 static FNDBGFINFOARGVINT iemR3InfoTb;
@@ -203 +209 @@
     for (VMCPUID idCpu = 0; idCpu < pVM->cCpus; idCpu++)
     {
-        PVMCPU pVCpu = pVM->apCpusR3[idCpu];
+        PVMCPU const pVCpu = pVM->apCpusR3[idCpu];
         AssertCompile(sizeof(pVCpu->iem.s) <= sizeof(pVCpu->iem.padding)); /* (tstVMStruct can't do it's job w/o instruction stats) */
 
@@ -286 +292 @@
          */
         pVCpu->iem.s.uTbNativeRecompileAtUsedCount = uTbNativeRecompileAtUsedCount;
+#endif
+
+#ifdef IEM_WITH_TLB_TRACE
+        /*
+         * Allocate trace buffer.
+         */
+        pVCpu->iem.s.idxTlbTraceEntry      = 0;
+        pVCpu->iem.s.cTlbTraceEntriesShift = 19;//16;
+        pVCpu->iem.s.paTlbTraceEntries     = (PIEMTLBTRACEENTRY)RTMemPageAlloc(  RT_BIT_Z(pVCpu->iem.s.cTlbTraceEntriesShift)
+                                                                               * sizeof(*pVCpu->iem.s.paTlbTraceEntries));
+        AssertLogRelReturn(pVCpu->iem.s.paTlbTraceEntries, VERR_NO_PAGE_MEMORY);
 #endif
     }
@@ -958 +975 @@
     DBGFR3InfoRegisterInternalArgv(pVM, "itlb", "IEM instruction TLB", iemR3InfoITlb, DBGFINFO_FLAGS_RUN_ON_EMT);
     DBGFR3InfoRegisterInternalArgv(pVM, "dtlb", "IEM instruction TLB", iemR3InfoDTlb, DBGFINFO_FLAGS_RUN_ON_EMT);
+#ifdef IEM_WITH_TLB_TRACE
+    DBGFR3InfoRegisterInternalArgv(pVM, "tlbtrace", "IEM TLB trace log", iemR3InfoTlbTrace, DBGFINFO_FLAGS_RUN_ON_EMT);
+#endif
 #if defined(VBOX_WITH_IEM_RECOMPILER) && !defined(VBOX_VMM_TARGET_ARMV8)
     DBGFR3InfoRegisterInternalArgv(pVM, "tb",   "IEM translation block", iemR3InfoTb, DBGFINFO_FLAGS_RUN_ON_EMT);
@@ -972 +992 @@
 {
     NOREF(pVM);
+#ifdef IEM_WITH_TLB_TRACE
+    for (VMCPUID idCpu = 0; idCpu < pVM->cCpus; idCpu++)
+    {
+        PVMCPU const pVCpu = pVM->apCpusR3[idCpu];
+        RTMemPageFree(pVCpu->iem.s.paTlbTraceEntries,
+                      RT_BIT_Z(pVCpu->iem.s.cTlbTraceEntriesShift) * sizeof(*pVCpu->iem.s.paTlbTraceEntries));
+    }
+#endif
     return VINF_SUCCESS;
 }
@@ -1162 +1190 @@
 #endif
 
-    pHlp->pfnPrintf(pHlp, "%0*x: %s %#018RX64 -> %RGp / %p / %#05x %s%s%s%s%s%s%s/%s%s%s%s/%s %s%s\n",
-                    RT_ELEMENTS(pTlb->aEntries) >= 0x1000 ? 4 : RT_ELEMENTS(pTlb->aEntries) >= 0x100 ? 3 : 2, uSlot,
+    pHlp->pfnPrintf(pHlp, IEMTLB_SLOT_FMT ": %s %#018RX64 -> %RGp / %p / %#05x %s%s%s%s%s%s%s/%s%s%s%s/%s %s%s\n",
+                    uSlot,
                     (pTlbe->uTag & IEMTLB_REVISION_MASK) == uTlbRevision ? "valid  "
                     : (pTlbe->uTag & IEMTLB_REVISION_MASK) == 0          ? "empty  "
@@ -1410 +1438 @@
 }
 
+
+#ifdef IEM_WITH_TLB_TRACE
+/**
+ * @callback_method_impl{FNDBGFINFOARGVINT, tlbtrace}
+ */
+static DECLCALLBACK(void) iemR3InfoTlbTrace(PVM pVM, PCDBGFINFOHLP pHlp, int cArgs, char **papszArgs)
+{
+    /*
+     * Parse arguments.
+     */
+    static RTGETOPTDEF const s_aOptions[] =
+    {
+        { "--cpu",                      'c', RTGETOPT_REQ_UINT32  },
+        { "--vcpu",                     'c', RTGETOPT_REQ_UINT32  },
+        { "--last",                     'l', RTGETOPT_REQ_UINT32  },
+        { "--limit",                    'l', RTGETOPT_REQ_UINT32  },
+        { "--stop-at-global-flush",     'g', RTGETOPT_REQ_NOTHING },
+    };
+
+    RTGETOPTSTATE State;
+    int rc = RTGetOptInit(&State, cArgs, papszArgs, s_aOptions, RT_ELEMENTS(s_aOptions), 0 /*iFirst*/, 0 /*fFlags*/);
+    AssertRCReturnVoid(rc);
+
+    uint32_t        cLimit             = UINT32_MAX;
+    bool            fStopAtGlobalFlush = false;
+    PVMCPU const    pVCpuCall          = VMMGetCpu(pVM);
+    PVMCPU          pVCpu              = pVCpuCall;
+    if (!pVCpu)
+        pVCpu = VMMGetCpuById(pVM, 0);
+
+    RTGETOPTUNION   ValueUnion;
+    while ((rc = RTGetOpt(&State, &ValueUnion)) != 0)
+    {
+        switch (rc)
+        {
+            case 'c':
+                if (ValueUnion.u32 >= pVM->cCpus)
+                    pHlp->pfnPrintf(pHlp, "error: Invalid CPU ID: %u\n", ValueUnion.u32);
+                else if (!pVCpu || pVCpu->idCpu != ValueUnion.u32)
+                    pVCpu = VMMGetCpuById(pVM, ValueUnion.u32);
+                break;
+
+            case 'l':
+                cLimit = ValueUnion.u32;
+                break;
+
+            case 'g':
+                fStopAtGlobalFlush = true;
+                break;
+
+            case 'h':
+                pHlp->pfnPrintf(pHlp,
+                                "Usage: info tlbtrace [options]\n"
+                                "\n"
+                                "Options:\n"
+                                "  -c<n>, --cpu=<n>, --vcpu=<n>\n"
+                                "    Selects the CPU which TLB trace we're looking at. Default: Caller / 0\n"
+                                "  -l<n>, --last=<n>\n"
+                                "    Limit display to the last N entries. Default: all\n"
+                                "  -g,--stop-at-global-flush\n"
+                                "    Stop after the first global flush entry.\n"
+                                );
+                return;
+
+            default:
+                pHlp->pfnGetOptError(pHlp, rc, &ValueUnion, &State);
+                return;
+        }
+    }
+
+    /*
+     * Get the details.
+     */
+    AssertReturnVoid(pVCpu);
+    Assert(pVCpu->iem.s.cTlbTraceEntriesShift <= 28);
+    uint32_t            idx         = pVCpu->iem.s.idxTlbTraceEntry;
+    uint32_t const      cShift      = RT_MIN(pVCpu->iem.s.cTlbTraceEntriesShift, 28);
+    uint32_t const      fMask       = RT_BIT_32(cShift) - 1;
+    uint32_t            cLeft       = RT_MIN(RT_MIN(idx, RT_BIT_32(cShift)), cLimit);
+    PCIEMTLBTRACEENTRY  paEntries   = pVCpu->iem.s.paTlbTraceEntries;
+    if (cLeft && paEntries)
+    {
+        /*
+         * Display the entries.
+         */
+        pHlp->pfnPrintf(pHlp, "TLB Trace for CPU %u:\n", pVCpu->idCpu);
+        while (cLeft-- > 0)
+        {
+            PCIEMTLBTRACEENTRY const pCur = &paEntries[--idx & fMask];
+            switch (pCur->enmType)
+            {
+                case kIemTlbTraceType_InvlPg:
+                    pHlp->pfnPrintf(pHlp, "%u: %016RX64 invlpg %RGv slot=" IEMTLB_SLOT_FMT "\n",
+                                    idx, pCur->rip, pCur->u64Param, (uint32_t)IEMTLB_ADDR_TO_EVEN_INDEX(pCur->u64Param));
+                    break;
+                case kIemTlbTraceType_Flush:
+                    pHlp->pfnPrintf(pHlp, "%u: %016RX64 flush %s rev=%#RX64\n", idx, pCur->rip,
+                                    pCur->bParam ? "data" : "code", pCur->u64Param);
+                    break;
+                case kIemTlbTraceType_FlushGlobal:
+                    pHlp->pfnPrintf(pHlp, "%u: %016RX64 flush %s rev=%#RX64 grev=%#RX64\n", idx, pCur->rip,
+                                    pCur->bParam ? "data" : "code", pCur->u64Param, pCur->u64Param2);
+                    if (fStopAtGlobalFlush)
+                        return;
+                    break;
+                case kIemTlbTraceType_Load:
+                    pHlp->pfnPrintf(pHlp, "%u: %016RX64 load %s %RGv slot=" IEMTLB_SLOT_FMT "\n",
+                                    idx, pCur->rip, pCur->bParam ? "data" : "code",
+                                    pCur->u64Param, (uint32_t)IEMTLB_ADDR_TO_EVEN_INDEX(pCur->u64Param));
+                    break;
+                case kIemTlbTraceType_LoadGlobal:
+                    pHlp->pfnPrintf(pHlp, "%u: %016RX64 load %s %RGv slot=" IEMTLB_SLOT_FMT " (global)\n",
+                                    idx, pCur->rip, pCur->bParam ? "data" : "code",
+                                    pCur->u64Param, (uint32_t)IEMTLB_ADDR_TO_EVEN_INDEX(pCur->u64Param));
+                    break;
+                case kIemTlbTraceType_Load_Cr0:
+                    pHlp->pfnPrintf(pHlp, "%u: %016RX64 load cr0 %08RX64 (was %08RX64)\n",
+                                    idx, pCur->rip, pCur->u64Param, pCur->u64Param2);
+                    break;
+                case kIemTlbTraceType_Load_Cr3:
+                    pHlp->pfnPrintf(pHlp, "%u: %016RX64 load cr3 %016RX64 (was %016RX64)\n",
+                                    idx, pCur->rip, pCur->u64Param, pCur->u64Param2);
+                    break;
+                case kIemTlbTraceType_Load_Cr4:
+                    pHlp->pfnPrintf(pHlp, "%u: %016RX64 load cr4 %08RX64 (was %08RX64)\n",
+                                    idx, pCur->rip, pCur->u64Param, pCur->u64Param2);
+                    break;
+                case kIemTlbTraceType_Load_Efer:
+                    pHlp->pfnPrintf(pHlp, "%u: %016RX64 load efer %016RX64 (was %016RX64)\n",
+                                    idx, pCur->rip, pCur->u64Param, pCur->u64Param2);
+                    break;
+                case kIemTlbTraceType_Invalid:
+                    pHlp->pfnPrintf(pHlp, "%u: Invalid!\n");
+                    break;
+            }
+        }
+    }
+    else
+        pHlp->pfnPrintf(pHlp, "No trace entries to display\n");
+}
+#endif /* IEM_WITH_TLB_TRACE */
+
 #if defined(VBOX_WITH_IEM_RECOMPILER) && !defined(VBOX_VMM_TARGET_ARMV8)
 /**

trunk/src/VBox/VMM/include/IEMInline.h

@@ -4798 +4798 @@
 #endif /* VBOX_WITH_NESTED_HWVIRT_VMX */
 
+#if defined(IEM_WITH_TLB_TRACE) && defined(IN_RING3)
+/**
+ * Adds an entry to the TLB trace buffer.
+ *
+ * @note Don't use directly, only via the IEMTLBTRACE_XXX macros.
+ */
+DECLINLINE(void) iemTlbTrace(PVMCPU pVCpu, IEMTLBTRACETYPE enmType, uint64_t u64Param, uint64_t u64Param2 = 0,
+                             uint8_t bParam = 0 /*, uint32_t u32Param = 0, uint16_t u16Param = 0 */)
+{
+    uint32_t const          fMask  = RT_BIT_32(pVCpu->iem.s.cTlbTraceEntriesShift) - 1;
+    PIEMTLBTRACEENTRY const pEntry = &pVCpu->iem.s.paTlbTraceEntries[pVCpu->iem.s.idxTlbTraceEntry++ & fMask];
+    pEntry->u64Param  = u64Param;
+    pEntry->u64Param2 = u64Param2;
+    pEntry->u16Param  = 0; //u16Param;
+    pEntry->u32Param  = 0; //u32Param;
+    pEntry->bParam    = bParam;
+    pEntry->enmType   = enmType;
+    pEntry->rip       = pVCpu->cpum.GstCtx.rip + pVCpu->cpum.GstCtx.cs.u64Base;
+}
+#endif
+
 #endif /* !VMM_INCLUDED_SRC_include_IEMInline_h */

trunk/src/VBox/VMM/include/IEMInternal-armv8.h

@@ -301 +301 @@
 
 
+/** The TLB size (power of two).
+ * We initially chose 256 because that way we can obtain the result directly
+ * from a 8-bit register without an additional AND instruction.
+ * See also @bugref{10687}. */
+#define IEMTLB_ENTRY_COUNT                      256
+#define IEMTLB_ENTRY_COUNT_AS_POWER_OF_TWO      8
+
+/** TLB slot format spec (assumes uint32_t or unsigned value). */
+#if IEMTLB_ENTRY_COUNT <= 0x100 / 2
+# define IEMTLB_SLOT_FMT    "%02x"
+#elif IEMTLB_ENTRY_COUNT <= 0x1000 / 2
+# define IEMTLB_SLOT_FMT    "%03x"
+#elif IEMTLB_ENTRY_COUNT <= 0x10000 / 2
+# define IEMTLB_SLOT_FMT    "%04x"
+#else
+# define IEMTLB_SLOT_FMT    "%05x"
+#endif
+
+
 /**
  * An IEM TLB.
@@ -311 +330 @@
      * We've choosen 256 because that way we can obtain the result directly from a
      * 8-bit register without an additional AND instruction. */
-    IEMTLBENTRY         aEntries[256];
+    IEMTLBENTRY         aEntries[IEMTLB_ENTRY_COUNT];
     /** The TLB revision.
      * This is actually only 28 bits wide (see IEMTLBENTRY::uTag) and is incremented

trunk/src/VBox/VMM/include/IEMInternal.h

@@ -527 +527 @@
                                      | IEMTLBE_F_PHYS_REV )
 
+
 /** The TLB size (power of two).
  * We initially chose 256 because that way we can obtain the result directly
@@ -535 +536 @@
 # define IEMTLB_ENTRY_COUNT_AS_POWER_OF_TWO      8
 #else
-# define IEMTLB_ENTRY_COUNT                      8192
-# define IEMTLB_ENTRY_COUNT_AS_POWER_OF_TWO      13
+# define IEMTLB_ENTRY_COUNT                      16384
+# define IEMTLB_ENTRY_COUNT_AS_POWER_OF_TWO      14
 #endif
 AssertCompile(RT_BIT_32(IEMTLB_ENTRY_COUNT_AS_POWER_OF_TWO) == IEMTLB_ENTRY_COUNT);
+
+/** TLB slot format spec (assumes uint32_t or unsigned value). */
+#if IEMTLB_ENTRY_COUNT <= 0x100 / 2
+# define IEMTLB_SLOT_FMT    "%02x"
+#elif IEMTLB_ENTRY_COUNT <= 0x1000 / 2
+# define IEMTLB_SLOT_FMT    "%03x"
+#elif IEMTLB_ENTRY_COUNT <= 0x10000 / 2
+# define IEMTLB_SLOT_FMT    "%04x"
+#else
+# define IEMTLB_SLOT_FMT    "%05x"
+#endif
+
 
 /**
@@ -700 +713 @@
  */
 #define IEMTLB_TAG_TO_EVEN_ENTRY(a_pTlb, a_uTag)    ( &(a_pTlb)->aEntries[IEMTLB_TAG_TO_EVEN_INDEX(a_uTag)] )
+
+/** Converts a GC address to an even TLB index. */
+#define IEMTLB_ADDR_TO_EVEN_INDEX(a_GCPtr)  IEMTLB_TAG_TO_EVEN_INDEX(IEMTLB_CALC_TAG_NO_REV(a_GCPtr))
+
+
+/** @def IEM_WITH_TLB_TRACE
+ * Enables the TLB tracing.
+ * Adjust buffer size in IEMR3Init. */
+#if defined(DOXYGEN_RUNNING) || 0
+# define IEM_WITH_TLB_TRACE
+#endif
+
+#ifdef IEM_WITH_TLB_TRACE
+
+/** TLB trace entry types. */
+typedef enum : uint8_t
+{
+    kIemTlbTraceType_Invalid,
+    kIemTlbTraceType_InvlPg,
+    kIemTlbTraceType_Flush,
+    kIemTlbTraceType_FlushGlobal,
+    kIemTlbTraceType_Load,
+    kIemTlbTraceType_LoadGlobal,
+    kIemTlbTraceType_Load_Cr0,
+    kIemTlbTraceType_Load_Cr3,
+    kIemTlbTraceType_Load_Cr4,
+    kIemTlbTraceType_Load_Efer
+} IEMTLBTRACETYPE;
+
+/** TLB trace entry. */
+typedef struct IEMTLBTRACEENTRY
+{
+    /** The flattened RIP for the event. */
+    uint64_t            rip;
+    /** The event type. */
+    IEMTLBTRACETYPE     enmType;
+    /** Byte parameter - typically used as 'bool fDataTlb'.  */
+    uint8_t             bParam;
+    /** 16-bit parameter value. */
+    uint16_t            u16Param;
+    /** 32-bit parameter value. */
+    uint32_t            u32Param;
+    /** 64-bit parameter value. */
+    uint64_t            u64Param;
+    /** 64-bit parameter value. */
+    uint64_t            u64Param2;
+} IEMTLBTRACEENTRY;
+AssertCompileSize(IEMTLBTRACEENTRY, 32);
+/** Pointer to a TLB trace entry. */
+typedef IEMTLBTRACEENTRY *PIEMTLBTRACEENTRY;
+/** Pointer to a const TLB trace entry. */
+typedef IEMTLBTRACEENTRY const *PCIEMTLBTRACEENTRY;
+#endif /* !IEM_WITH_TLB_TRACE */
+
+#if defined(IEM_WITH_TLB_TRACE) && defined(IN_RING3)
+# define IEMTLBTRACE_INVLPG(a_pVCpu, a_GCPtr)               iemTlbTrace(a_pVCpu, kIemTlbTraceType_InvlPg, a_GCPtr)
+# define IEMTLBTRACE_FLUSH(a_pVCpu, a_uRev, a_fDataTlb)     iemTlbTrace(a_pVCpu, kIemTlbTraceType_Flush, a_uRev, 0, a_fDataTlb)
+# define IEMTLBTRACE_FLUSH_GLOBAL(a_pVCpu, a_uRev, a_uGRev, a_fDataTlb) \
+    iemTlbTrace(a_pVCpu, kIemTlbTraceType_FlushGlobal, a_uRev, a_uGRev, a_fDataTlb)
+# define IEMTLBTRACE_LOAD(a_pVCpu, a_GCPtr, a_fDataTlb)     iemTlbTrace(a_pVCpu, kIemTlbTraceType_Load, a_GCPtr, 0, a_fDataTlb)
+# define IEMTLBTRACE_LOAD_GLOBAL(a_pVCpu, a_GCPtr, a_fDataTlb) \
+    iemTlbTrace(a_pVCpu, kIemTlbTraceType_LoadGlobal, a_GCPtr, 0, a_fDataTlb)
+# define IEMTLBTRACE_LOAD_CR0(a_pVCpu, a_uNew, a_uOld)      iemTlbTrace(a_pVCpu, kIemTlbTraceType_Load_Cr0, a_uNew, a_uOld)
+# define IEMTLBTRACE_LOAD_CR3(a_pVCpu, a_uNew, a_uOld)      iemTlbTrace(a_pVCpu, kIemTlbTraceType_Load_Cr3, a_uNew, a_uOld)
+# define IEMTLBTRACE_LOAD_CR4(a_pVCpu, a_uNew, a_uOld)      iemTlbTrace(a_pVCpu, kIemTlbTraceType_Load_Cr4, a_uNew, a_uOld)
+# define IEMTLBTRACE_LOAD_EFER(a_pVCpu, a_uNew, a_uOld)     iemTlbTrace(a_pVCpu, kIemTlbTraceType_Load_Efer, a_uNew, a_uOld)
+#else
+# define IEMTLBTRACE_INVLPG(a_pVCpu, a_GCPtr)                           do { } while (0)
+# define IEMTLBTRACE_FLUSH(a_pVCpu, a_uRev, a_fDataTlb)                 do { } while (0)
+# define IEMTLBTRACE_FLUSH_GLOBAL(a_pVCpu, a_uRev, a_uGRev, a_fDataTlb) do { } while (0)
+# define IEMTLBTRACE_LOAD(a_pVCpu, a_GCPtr, a_fDataTlb)                 do { } while (0)
+# define IEMTLBTRACE_LOAD_GLOBAL(a_pVCpu, a_GCPtr, a_fDataTlb)          do { } while (0)
+# define IEMTLBTRACE_LOAD_CR0(a_pVCpu, a_uNew, a_uOld)                  do { } while (0)
+# define IEMTLBTRACE_LOAD_CR3(a_pVCpu, a_uNew, a_uOld)                  do { } while (0)
+# define IEMTLBTRACE_LOAD_CR4(a_pVCpu, a_uNew, a_uOld)                  do { } while (0)
+# define IEMTLBTRACE_LOAD_EFER(a_pVCpu, a_uNew, a_uOld)                 do { } while (0)
+#endif
 
 
@@ -2236 +2326 @@
     /** @} */
 
+#ifdef IEM_WITH_TLB_TRACE
+    uint64_t                au64Padding[3];
+#else
     uint64_t                au64Padding[5];
+#endif
     /** @} */
+
+#ifdef IEM_WITH_TLB_TRACE
+    /** The end (next) trace entry. */
+    uint32_t                idxTlbTraceEntry;
+    /** Number of trace entries allocated expressed as a power of two. */
+    uint32_t                cTlbTraceEntriesShift;
+    /** The trace entries. */
+    PIEMTLBTRACEENTRY       paTlbTraceEntries;
+#endif
 
     /** Data TLB.