Changeset 13025 in vbox for trunk

Timestamp:

Oct 7, 2008 7:28:54 AM (16 years ago)

Author:

vboxsync

Message:

Updates for EPT.

Location:

trunk/src/VBox/VMM

Files:

• HWACCM.cpp (modified) (2 diffs)
• HWACCMInternal.h (modified) (5 diffs)
• VMMAll/HWACCMAll.cpp (modified) (3 diffs)
• VMMR0/HWACCMR0.cpp (modified) (9 diffs)
• VMMR0/HWSVMR0.cpp (modified) (12 diffs)
• VMMR0/HWVMXR0.cpp (modified) (17 diffs)

trunk/src/VBox/VMM/HWACCM.cpp

@@ -521 +521 @@
             if (pVM->hwaccm.s.vmx.msr.vmx_proc_ctls2.n.allowed1 & VMX_VMCS_CTRL_PROC_EXEC2_EPT)
                 pVM->hwaccm.s.fNestedPaging = pVM->hwaccm.s.fAllowNestedPaging;
+
+            if (pVM->hwaccm.s.vmx.msr.vmx_proc_ctls2.n.allowed1 & VMX_VMCS_CTRL_PROC_EXEC2_VPID)
+                pVM->hwaccm.s.vmx.fVPID = true;
 #endif
 
@@ -609 +612 @@
             LogRel(("HWACMM: cpuid 0x80000001.u32AMDFeatureEDX = %VX32\n", pVM->hwaccm.s.cpuid.u32AMDFeatureEDX));
             LogRel(("HWACCM: SVM revision                      = %X\n", pVM->hwaccm.s.svm.u32Rev));
-            LogRel(("HWACCM: SVM max ASID                      = %d\n", pVM->hwaccm.s.svm.u32MaxASID));
+            LogRel(("HWACCM: SVM max ASID                      = %d\n", pVM->hwaccm.s.uMaxASID));
             LogRel(("HWACCM: SVM features                      = %X\n", pVM->hwaccm.s.svm.u32Features));
 

trunk/src/VBox/VMM/HWACCMInternal.h

@@ -138 +138 @@
 
     RTR0MEMOBJ  pMemObj;
-    /* Current ASID (AMD-V only) */
+    /* Current ASID (AMD-V)/VPID (Intel) */
     uint32_t    uCurrentASID;
     /* TLB flush count */
@@ -185 +185 @@
     bool                        fAllowNestedPaging;
 
+    /** Set if we need to flush the TLB during the world switch. */
+    bool                        fForceTLBFlush;
+
+    /** Old style FPU reporting trap mask override performed (optimization) */
+    bool                        fFPUOldStyleOverride;
+
     /** Explicit alignment padding to make 32-bit gcc align u64RegisterMask
      *  naturally. */
-    bool                        padding[3+4];
+    bool                        padding[1];
 
     /** HWACCM_CHANGED_* flags. */
-    uint32_t                    fContextUseFlags;
-
-    /** Old style FPU reporting trap mask override performed (optimization) */
-    uint32_t                    fFPUOldStyleOverride;
+    RTUINT                      fContextUseFlags;
+
+    /* Id of the last cpu we were executing code on (NIL_RTCPUID for the first time) */
+    RTCPUID                     idLastCpu;
+
+    /* TLB flush count */
+    RTUINT                      cTLBFlushes;
+
+    /* Current ASID in use by the VM */
+    RTUINT                      uCurrentASID;
+
+    /** Maximum ASID allowed. */
+    RTUINT                      uMaxASID;
 
     /** And mask for copying register contents. */
@@ -207 +222 @@
         /** Set if we can use VMXResume to execute guest code. */
         bool                        fResumeVM;
+
+        /** Set if VPID is supported. */
+        bool                        fVPID;
 
         /** R0 memory object for the VM control structure (VMCS). */
@@ -344 +362 @@
         /** Set if erratum 170 affects the AMD cpu. */
         bool                        fAlwaysFlushTLB;
-        /** Set if we need to flush the TLB during the world switch. */
-        bool                        fForceTLBFlush;
-
-        /* Id of the last cpu we were executing code on (NIL_RTCPUID for the first time) */
-        RTCPUID                     idLastCpu;
-
-        /* TLB flush count */
-        uint32_t                    cTLBFlushes;
-
-        /* Current ASID in use by the VM */
-        uint32_t                    uCurrentASID;
 
         /** R0 memory object for the VM control block (VMCB). */
@@ -389 +396 @@
         /** SVM revision. */
         uint32_t                    u32Rev;
-
-        /** Maximum ASID allowed. */
-        uint32_t                    u32MaxASID;
 
         /** SVM feature bits from cpuid 0x8000000a */

trunk/src/VBox/VMM/VMMAll/HWACCMAll.cpp

@@ -53 +53 @@
 VMMDECL(int) HWACCMInvalidatePage(PVM pVM, RTGCPTR GCVirt)
 {
-    /** @todo Intel for nested paging */
 #ifdef IN_RING0
-    if (pVM->hwaccm.s.svm.fSupported)
-        return SVMR0InvalidatePage(pVM, GCVirt);
+    if (pVM->hwaccm.s.vmx.fSupported)
+        return VMXR0InvalidatePage(pVM, GCVirt);
+
+    Assert(pVM->hwaccm.s.svm.fSupported);
+    return SVMR0InvalidatePage(pVM, GCVirt);
 #endif
 
@@ -70 +72 @@
 VMMDECL(int) HWACCMFlushTLB(PVM pVM)
 {
-    /** @todo Intel for nested paging */
-    if (pVM->hwaccm.s.svm.fSupported)
-    {
-        LogFlow(("HWACCMFlushTLB\n"));
-        pVM->hwaccm.s.svm.fForceTLBFlush = true;
-        STAM_COUNTER_INC(&pVM->hwaccm.s.StatFlushTLBManual);
-    }
+    LogFlow(("HWACCMFlushTLB\n"));
+
+    pVM->hwaccm.s.fForceTLBFlush = true;
+    STAM_COUNTER_INC(&pVM->hwaccm.s.StatFlushTLBManual);
     return VINF_SUCCESS;
 }
@@ -121 +120 @@
 
 #ifdef IN_RING0
-    /** @todo Intel for nested paging */
-    if (pVM->hwaccm.s.svm.fSupported)
-    {
-        SVMR0InvalidatePhysPage(pVM, GCPhys);
-    }
+    if (pVM->hwaccm.s.vmx.fSupported)
+        return VMXR0InvalidatePhysPage(pVM, GCPhys);
+
+    Assert(pVM->hwaccm.s.svm.fSupported);
+    SVMR0InvalidatePhysPage(pVM, GCPhys);
 #else
     HWACCMFlushTLB(pVM);

trunk/src/VBox/VMM/VMMR0/HWACCMR0.cpp

@@ -74 +74 @@
     DECLR0CALLBACKMEMBER(int, pfnSetupVM, (PVM pVM));
 
+    /** Maximum ASID allowed. */
+    uint32_t                  uMaxASID;
+
     struct
     {
@@ -111 +114 @@
         uint32_t                    u32Rev;
 
-        /** Maximum ASID allowed. */
-        uint32_t                    u32MaxASID;
-
         /** SVM feature bits from cpuid 0x8000000a */
         uint32_t                    u32Features;
@@ -224 +224 @@
                         HWACCMR0Globals.vmx.msr.vmx_cr4_fixed1  = ASMRdMsr(MSR_IA32_VMX_CR4_FIXED1);
                         HWACCMR0Globals.vmx.msr.vmx_vmcs_enum   = ASMRdMsr(MSR_IA32_VMX_VMCS_ENUM);
+                        /* VPID 16 bits ASID. */
+                        HWACCMR0Globals.uMaxASID                = 0x10000; /* exclusive */
 
                         if (HWACCMR0Globals.vmx.msr.vmx_proc_ctls.n.allowed1 & VMX_VMCS_CTRL_PROC_EXEC_USE_SECONDARY_EXEC_CTRL)
@@ -331 +333 @@
                 {
                     /* Query AMD features. */
-                    ASMCpuId(0x8000000A, &HWACCMR0Globals.svm.u32Rev, &HWACCMR0Globals.svm.u32MaxASID, &u32Dummy, &HWACCMR0Globals.svm.u32Features);
+                    ASMCpuId(0x8000000A, &HWACCMR0Globals.svm.u32Rev, &HWACCMR0Globals.uMaxASID, &u32Dummy, &HWACCMR0Globals.svm.u32Features);
 
                     HWACCMR0Globals.svm.fSupported = true;
@@ -591 +593 @@
     pCpu->fFlushTLB = true;
 
+    pCpu->uCurrentASID = 0;   /* we'll aways increment this the first time (host uses ASID 0) */
+    pCpu->cTLBFlushes  = 0;
+
     /* Should never happen */
-    if (!HWACCMR0Globals.aCpuInfo[idCpu].pMemObj)
+    if (!pCpu->pMemObj)
     {
         AssertFailed();
@@ -599 +604 @@
     }
 
-    pvPageCpu    = RTR0MemObjAddress(HWACCMR0Globals.aCpuInfo[idCpu].pMemObj);
-    pPageCpuPhys = RTR0MemObjGetPagePhysAddr(HWACCMR0Globals.aCpuInfo[idCpu].pMemObj, 0);
+    pvPageCpu    = RTR0MemObjAddress(pCpu->pMemObj);
+    pPageCpuPhys = RTR0MemObjGetPagePhysAddr(pCpu->pMemObj, 0);
 
     paRc[idCpu]  = HWACCMR0Globals.pfnEnableCpu(pCpu, pVM, pvPageCpu, pPageCpuPhys);
     AssertRC(paRc[idCpu]);
     if (VBOX_SUCCESS(paRc[idCpu]))
-        HWACCMR0Globals.aCpuInfo[idCpu].fConfigured = true;
+        pCpu->fConfigured = true;
 
     return;
@@ -620 +625 @@
 static DECLCALLBACK(void) HWACCMR0DisableCPU(RTCPUID idCpu, void *pvUser1, void *pvUser2)
 {
-    void    *pvPageCpu;
-    RTHCPHYS pPageCpuPhys;
-    int     *paRc = (int *)pvUser1;
+    void           *pvPageCpu;
+    RTHCPHYS        pPageCpuPhys;
+    int            *paRc = (int *)pvUser1;
+    PHWACCM_CPUINFO pCpu = &HWACCMR0Globals.aCpuInfo[idCpu];
 
     Assert(idCpu == (RTCPUID)RTMpCpuIdToSetIndex(idCpu)); /// @todo fix idCpu == index assumption (rainy day)
     Assert(idCpu < RT_ELEMENTS(HWACCMR0Globals.aCpuInfo));
 
-    if (!HWACCMR0Globals.aCpuInfo[idCpu].pMemObj)
+    if (!pCpu->pMemObj)
         return;
 
-    pvPageCpu    = RTR0MemObjAddress(HWACCMR0Globals.aCpuInfo[idCpu].pMemObj);
-    pPageCpuPhys = RTR0MemObjGetPagePhysAddr(HWACCMR0Globals.aCpuInfo[idCpu].pMemObj, 0);
-
-    paRc[idCpu] = HWACCMR0Globals.pfnDisableCpu(&HWACCMR0Globals.aCpuInfo[idCpu], pvPageCpu, pPageCpuPhys);
+    pvPageCpu    = RTR0MemObjAddress(pCpu->pMemObj);
+    pPageCpuPhys = RTR0MemObjGetPagePhysAddr(pCpu->pMemObj, 0);
+
+    paRc[idCpu] = HWACCMR0Globals.pfnDisableCpu(pCpu, pvPageCpu, pPageCpuPhys);
     AssertRC(paRc[idCpu]);
     HWACCMR0Globals.aCpuInfo[idCpu].fConfigured = false;
+
+    pCpu->uCurrentASID = 0;
+
     return;
 }
@@ -676 +685 @@
     pVM->hwaccm.s.vmx.msr.vmx_eptcaps       = HWACCMR0Globals.vmx.msr.vmx_eptcaps;
     pVM->hwaccm.s.svm.u32Rev                = HWACCMR0Globals.svm.u32Rev;
-    pVM->hwaccm.s.svm.u32MaxASID            = HWACCMR0Globals.svm.u32MaxASID;
     pVM->hwaccm.s.svm.u32Features           = HWACCMR0Globals.svm.u32Features;
     pVM->hwaccm.s.cpuid.u32AMDFeatureECX    = HWACCMR0Globals.cpuid.u32AMDFeatureECX;
@@ -684 +692 @@
     pVM->hwaccm.s.idEnteredCpu              = NIL_RTCPUID;
 #endif
+
+    pVM->hwaccm.s.uMaxASID                  = HWACCMR0Globals.uMaxASID;
+
+    /* Invalidate the last cpu we were running on. */
+    pVM->hwaccm.s.idLastCpu                 = NIL_RTCPUID;
+
+    /* we'll aways increment this the first time (host uses ASID 0) */
+    pVM->hwaccm.s.uCurrentASID              = 0;
 
     /* Init a VT-x or AMD-V VM. */

trunk/src/VBox/VMM/VMMR0/HWSVMR0.cpp

@@ -86 +86 @@
     ASMWrMsr(MSR_K8_VM_HSAVE_PA, pPageCpuPhys);
 
-    pCpu->uCurrentASID = 0;   /* we'll aways increment this the first time (host uses ASID 0) */
-    pCpu->cTLBFlushes  = 0;
     return VINF_SUCCESS;
 }
@@ -114 +112 @@
     /* Invalidate host state physical address. */
     ASMWrMsr(MSR_K8_VM_HSAVE_PA, 0);
-    pCpu->uCurrentASID = 0;
 
     return VINF_SUCCESS;
@@ -203 +200 @@
         pVM->hwaccm.s.svm.fAlwaysFlushTLB = true;
     }
-
-    /* Invalidate the last cpu we were running on. */
-    pVM->hwaccm.s.svm.idLastCpu    = NIL_RTCPUID;
-
-    /* we'll aways increment this the first time (host uses ASID 0) */
-    pVM->hwaccm.s.svm.uCurrentASID = 0;
     return VINF_SUCCESS;
 }
@@ -917 +908 @@
 #ifdef LOG_ENABLED
     pCpu = HWACCMR0GetCurrentCpu();
-    if (    pVM->hwaccm.s.svm.idLastCpu != pCpu->idCpu
-        ||  pVM->hwaccm.s.svm.cTLBFlushes != pCpu->cTLBFlushes)
-    {
-        if (pVM->hwaccm.s.svm.idLastCpu != pCpu->idCpu)
-            Log(("Force TLB flush due to rescheduling to a different cpu (%d vs %d)\n", pVM->hwaccm.s.svm.idLastCpu, pCpu->idCpu));
+    if (    pVM->hwaccm.s.idLastCpu   != pCpu->idCpu
+        ||  pVM->hwaccm.s.cTLBFlushes != pCpu->cTLBFlushes)
+    {
+        if (pVM->hwaccm.s.idLastCpu != pCpu->idCpu)
+            Log(("Force TLB flush due to rescheduling to a different cpu (%d vs %d)\n", pVM->hwaccm.s.idLastCpu, pCpu->idCpu));
         else
-            Log(("Force TLB flush due to changed TLB flush count (%x vs %x)\n", pVM->hwaccm.s.svm.cTLBFlushes, pCpu->cTLBFlushes));
+            Log(("Force TLB flush due to changed TLB flush count (%x vs %x)\n", pVM->hwaccm.s.cTLBFlushes, pCpu->cTLBFlushes));
     }
     if (pCpu->fFlushTLB)
@@ -949 +940 @@
     /* Force a TLB flush for the first world switch if the current cpu differs from the one we ran on last. */
     /* Note that this can happen both for start and resume due to long jumps back to ring 3. */
-    if (    pVM->hwaccm.s.svm.idLastCpu != pCpu->idCpu
+    if (    pVM->hwaccm.s.idLastCpu != pCpu->idCpu
             /* if the tlb flush count has changed, another VM has flushed the TLB of this cpu, so we can't use our current ASID anymore. */
-        ||  pVM->hwaccm.s.svm.cTLBFlushes != pCpu->cTLBFlushes)
+        ||  pVM->hwaccm.s.cTLBFlushes != pCpu->cTLBFlushes)
     {
         /* Force a TLB flush on VM entry. */
-        pVM->hwaccm.s.svm.fForceTLBFlush = true;
+        pVM->hwaccm.s.fForceTLBFlush = true;
     }
     else
         Assert(!pCpu->fFlushTLB || pVM->hwaccm.s.svm.fAlwaysFlushTLB);
 
-    pVM->hwaccm.s.svm.idLastCpu = pCpu->idCpu;
+    pVM->hwaccm.s.idLastCpu = pCpu->idCpu;
 
     /* Make sure we flush the TLB when required. Switch ASID to achieve the same thing, but without actually flushing the whole TLB (which is expensive). */
-    if (    pVM->hwaccm.s.svm.fForceTLBFlush
+    if (    pVM->hwaccm.s.fForceTLBFlush
         && !pVM->hwaccm.s.svm.fAlwaysFlushTLB)
     {
-        if (    ++pCpu->uCurrentASID >= pVM->hwaccm.s.svm.u32MaxASID
+        if (    ++pCpu->uCurrentASID >= pVM->hwaccm.s.uMaxASID
             ||  pCpu->fFlushTLB)
         {
@@ -976 +967 @@
             STAM_COUNTER_INC(&pVM->hwaccm.s.StatFlushASID);
 
-        pVM->hwaccm.s.svm.cTLBFlushes  = pCpu->cTLBFlushes;
-        pVM->hwaccm.s.svm.uCurrentASID = pCpu->uCurrentASID;
+        pVM->hwaccm.s.cTLBFlushes  = pCpu->cTLBFlushes;
+        pVM->hwaccm.s.uCurrentASID = pCpu->uCurrentASID;
     }
     else
@@ -984 +975 @@
 
         /* We never increase uCurrentASID in the fAlwaysFlushTLB (erratum 170) case. */
-        if (!pCpu->uCurrentASID || !pVM->hwaccm.s.svm.uCurrentASID)
-            pVM->hwaccm.s.svm.uCurrentASID = pCpu->uCurrentASID = 1;
-
-        Assert(!pVM->hwaccm.s.svm.fAlwaysFlushTLB || pVM->hwaccm.s.svm.fForceTLBFlush);
-        pVMCB->ctrl.TLBCtrl.n.u1TLBFlush = pVM->hwaccm.s.svm.fForceTLBFlush;
-    }
-    AssertMsg(pVM->hwaccm.s.svm.cTLBFlushes == pCpu->cTLBFlushes, ("Flush count mismatch for cpu %d (%x vs %x)\n", pCpu->idCpu, pVM->hwaccm.s.svm.cTLBFlushes, pCpu->cTLBFlushes));
-    AssertMsg(pCpu->uCurrentASID >= 1 && pCpu->uCurrentASID < pVM->hwaccm.s.svm.u32MaxASID, ("cpu%d uCurrentASID = %x\n", pCpu->idCpu, pCpu->uCurrentASID));
-    AssertMsg(pVM->hwaccm.s.svm.uCurrentASID >= 1 && pVM->hwaccm.s.svm.uCurrentASID < pVM->hwaccm.s.svm.u32MaxASID, ("cpu%d VM uCurrentASID = %x\n", pCpu->idCpu, pVM->hwaccm.s.svm.uCurrentASID));
-    pVMCB->ctrl.TLBCtrl.n.u32ASID = pVM->hwaccm.s.svm.uCurrentASID;
+        if (!pCpu->uCurrentASID || !pVM->hwaccm.s.uCurrentASID)
+            pVM->hwaccm.s.uCurrentASID = pCpu->uCurrentASID = 1;
+
+        Assert(!pVM->hwaccm.s.svm.fAlwaysFlushTLB || pVM->hwaccm.s.fForceTLBFlush);
+        pVMCB->ctrl.TLBCtrl.n.u1TLBFlush = pVM->hwaccm.s.fForceTLBFlush;
+    }
+    AssertMsg(pVM->hwaccm.s.cTLBFlushes == pCpu->cTLBFlushes, ("Flush count mismatch for cpu %d (%x vs %x)\n", pCpu->idCpu, pVM->hwaccm.s.cTLBFlushes, pCpu->cTLBFlushes));
+    AssertMsg(pCpu->uCurrentASID >= 1 && pCpu->uCurrentASID < pVM->hwaccm.s.uMaxASID, ("cpu%d uCurrentASID = %x\n", pCpu->idCpu, pCpu->uCurrentASID));
+    AssertMsg(pVM->hwaccm.s.uCurrentASID >= 1 && pVM->hwaccm.s.uCurrentASID < pVM->hwaccm.s.uMaxASID, ("cpu%d VM uCurrentASID = %x\n", pCpu->idCpu, pVM->hwaccm.s.uCurrentASID));
+    pVMCB->ctrl.TLBCtrl.n.u32ASID = pVM->hwaccm.s.uCurrentASID;
 
 #ifdef VBOX_WITH_STATISTICS
@@ -1004 +995 @@
     /* In case we execute a goto ResumeExecution later on. */
     pVM->hwaccm.s.svm.fResumeVM      = true;
-    pVM->hwaccm.s.svm.fForceTLBFlush = pVM->hwaccm.s.svm.fAlwaysFlushTLB;
+    pVM->hwaccm.s.fForceTLBFlush = pVM->hwaccm.s.svm.fAlwaysFlushTLB;
 
     Assert(sizeof(pVM->hwaccm.s.svm.pVMCBPhys) == 8);
@@ -1661 +1652 @@
 
             /* Must be set by PGMSyncCR3 */
-            Assert(PGMGetGuestMode(pVM) <= PGMMODE_PROTECTED || pVM->hwaccm.s.svm.fForceTLBFlush);
+            Assert(PGMGetGuestMode(pVM) <= PGMMODE_PROTECTED || pVM->hwaccm.s.fForceTLBFlush);
         }
         if (rc == VINF_SUCCESS)
@@ -2059 +2050 @@
     Assert(pVM->hwaccm.s.svm.fSupported);
 
-    LogFlow(("SVMR0Enter cpu%d last=%d asid=%d\n", pCpu->idCpu, pVM->hwaccm.s.svm.idLastCpu, pVM->hwaccm.s.svm.uCurrentASID));
+    LogFlow(("SVMR0Enter cpu%d last=%d asid=%d\n", pCpu->idCpu, pVM->hwaccm.s.idLastCpu, pVM->hwaccm.s.uCurrentASID));
     pVM->hwaccm.s.svm.fResumeVM = false;
 
@@ -2195 +2186 @@
 VMMR0DECL(int) SVMR0InvalidatePage(PVM pVM, RTGCPTR GCVirt)
 {
-    bool fFlushPending = pVM->hwaccm.s.svm.fAlwaysFlushTLB | pVM->hwaccm.s.svm.fForceTLBFlush;
+    bool fFlushPending = pVM->hwaccm.s.svm.fAlwaysFlushTLB | pVM->hwaccm.s.fForceTLBFlush;
 
     /* Skip it if a TLB flush is already pending. */
@@ -2227 +2218 @@
 VMMR0DECL(int) SVMR0InvalidatePhysPage(PVM pVM, RTGCPHYS GCPhys)
 {
-    bool fFlushPending = pVM->hwaccm.s.svm.fAlwaysFlushTLB | pVM->hwaccm.s.svm.fForceTLBFlush;
+    bool fFlushPending = pVM->hwaccm.s.svm.fAlwaysFlushTLB | pVM->hwaccm.s.fForceTLBFlush;
 
     Assert(pVM->hwaccm.s.fNestedPaging);

trunk/src/VBox/VMM/VMMR0/HWVMXR0.cpp

@@ -275 +275 @@
     val = val | VMX_VMCS_CTRL_PROC_EXEC_CONTROLS_HLT_EXIT
               | VMX_VMCS_CTRL_PROC_EXEC_CONTROLS_TSC_OFFSET
-              | VMX_VMCS_CTRL_PROC_EXEC_CONTROLS_INVLPG_EXIT
               | VMX_VMCS_CTRL_PROC_EXEC_CONTROLS_MOV_DR_EXIT
               | VMX_VMCS_CTRL_PROC_EXEC_CONTROLS_UNCOND_IO_EXIT
               | VMX_VMCS_CTRL_PROC_EXEC_CONTROLS_MWAIT_EXIT;    /* don't execute mwait or else we'll idle inside the guest (host thinks the cpu load is high) */
+
+    /* Without nested paging we should intercept invlpg and cr3 mov instructions. */
+    if (!pVM->hwaccm.s.fNestedPaging)
+        val |=   VMX_VMCS_CTRL_PROC_EXEC_CONTROLS_INVLPG_EXIT
+               | VMX_VMCS_CTRL_PROC_EXEC_CONTROLS_CR3_LOAD_EXIT
+               | VMX_VMCS_CTRL_PROC_EXEC_CONTROLS_CR3_STORE_EXIT;
 
     /* Note: VMX_VMCS_CTRL_PROC_EXEC_CONTROLS_MWAIT_EXIT might cause a vmlaunch failure with an invalid control fields error. (combined with some other exit reasons) */
@@ -321 +326 @@
         val |= VMX_VMCS_CTRL_PROC_EXEC2_WBINVD_EXIT;
 
+#ifdef HWACCM_VTX_WITH_EPT
+        if (pVM->hwaccm.s.fNestedPaging)
+            val |= VMX_VMCS_CTRL_PROC_EXEC2_EPT;
+#endif
         /* Mask away the bits that the CPU doesn't support */
         /** @todo make sure they don't conflict with the above requirements. */
@@ -362 +371 @@
      */
     pVM->hwaccm.s.vmx.u32TrapMask = HWACCM_VMX_TRAP_MASK;
+#ifndef DEBUG
+    if (pVM->hwaccm.s.fNestedPaging)
+        pVM->hwaccm.s.vmx.u32TrapMask &= ~RT_BIT(X86_XCPT_PF);   /* no longer need to intercept #PF. */
+#endif
     rc = VMXWriteVMCS(VMX_VMCS_CTRL_EXCEPTION_BITMAP, pVM->hwaccm.s.vmx.u32TrapMask);
     AssertRC(rc);
@@ -994 +1007 @@
         /* Note: protected mode & paging are always enabled; we use them for emulating real and protected mode without paging too. */
         val |= X86_CR0_PE | X86_CR0_PG;
-        /* Note: We must also set this as we rely on protecting various pages for which supervisor writes must be caught. */
-        val |= X86_CR0_WP;
+        if (!pVM->hwaccm.s.fNestedPaging)
+        {
+            /* Note: We must also set this as we rely on protecting various pages for which supervisor writes must be caught. */
+            val |= X86_CR0_WP;
+        }
 
         /* Always enable caching. */
@@ -1027 +1043 @@
         /* Set the required bits in cr4 too (currently X86_CR4_VMXE). */
         val = pCtx->cr4 | (uint32_t)pVM->hwaccm.s.vmx.msr.vmx_cr4_fixed0;
-        switch(pVM->hwaccm.s.enmShadowMode)
-        {
-        case PGMMODE_REAL:          /* Real mode                 -> emulated using v86 mode */
-        case PGMMODE_PROTECTED:     /* Protected mode, no paging -> emulated using identity mapping. */
-        case PGMMODE_32_BIT:        /* 32-bit paging. */
-            break;
-
-        case PGMMODE_PAE:           /* PAE paging. */
-        case PGMMODE_PAE_NX:        /* PAE paging with NX enabled. */
-            /** @todo use normal 32 bits paging */
-            val |= X86_CR4_PAE;
-            break;
-
-        case PGMMODE_AMD64:         /* 64-bit AMD paging (long mode). */
-        case PGMMODE_AMD64_NX:      /* 64-bit AMD paging (long mode) with NX enabled. */
+
+        if (!pVM->hwaccm.s.fNestedPaging)
+        {
+            switch(pVM->hwaccm.s.enmShadowMode)
+            {
+            case PGMMODE_REAL:          /* Real mode                 -> emulated using v86 mode */
+            case PGMMODE_PROTECTED:     /* Protected mode, no paging -> emulated using identity mapping. */
+            case PGMMODE_32_BIT:        /* 32-bit paging. */
+                break;
+
+            case PGMMODE_PAE:           /* PAE paging. */
+            case PGMMODE_PAE_NX:        /* PAE paging with NX enabled. */
+                /** @todo use normal 32 bits paging */
+                val |= X86_CR4_PAE;
+                break;
+
+            case PGMMODE_AMD64:         /* 64-bit AMD paging (long mode). */
+            case PGMMODE_AMD64_NX:      /* 64-bit AMD paging (long mode) with NX enabled. */
 #ifdef VBOX_ENABLE_64_BITS_GUESTS
-            break;
+                break;
 #else
-            AssertFailed();
-            return VERR_PGM_UNSUPPORTED_SHADOW_PAGING_MODE;
-#endif
-        default:                   /* shut up gcc */
-            AssertFailed();
-            return VERR_PGM_UNSUPPORTED_SHADOW_PAGING_MODE;
-        }
+                AssertFailed();
+                return VERR_PGM_UNSUPPORTED_SHADOW_PAGING_MODE;
+#endif
+            default:                   /* shut up gcc */
+                AssertFailed();
+                return VERR_PGM_UNSUPPORTED_SHADOW_PAGING_MODE;
+            }
+        }
+
 #ifdef HWACCM_VMX_EMULATE_REALMODE
         /* Real mode emulation using v86 mode with CR4.VME (interrupt redirection using the int bitmap in the TSS) */
@@ -1080 +1101 @@
     if (pVM->hwaccm.s.fContextUseFlags & HWACCM_CHANGED_GUEST_CR3)
     {
-        /* Save our shadow CR3 register. */
         val = PGMGetHyperCR3(pVM);
         Assert(val);
+        if (pVM->hwaccm.s.fNestedPaging)
+        {
+#if HC_ARCH_BITS == 64
+            rc = VMXWriteVMCS(VMX_VMCS_CTRL_EPTP_FULL, val);
+#else
+            rc = VMXWriteVMCS(VMX_VMCS_CTRL_EPTP_FULL, val);
+            rc = VMXWriteVMCS(VMX_VMCS_CTRL_EPTP_HIGH, val);
+#endif
+            AssertRC(rc);
+
+            /* Save the real guest CR3 in VMX_VMCS_GUEST_CR3 */
+            val = pCtx->cr3;
+        }
+        /* Save our shadow CR3 register. */
         rc = VMXWriteVMCS(VMX_VMCS_GUEST_CR3, val);
         AssertRC(rc);
@@ -1255 +1289 @@
     RTGCUINTPTR errCode, instrInfo, uInterruptState;
     bool        fSyncTPR = false;
+    PHWACCM_CPUINFO pCpu = 0;
     unsigned    cResume = 0;
 #ifdef VBOX_STRICT
@@ -1412 +1447 @@
     }
 
+#ifdef LOG_ENABLED
+    pCpu = HWACCMR0GetCurrentCpu();
+    if (    pVM->hwaccm.s.idLastCpu   != pCpu->idCpu
+        ||  pVM->hwaccm.s.cTLBFlushes != pCpu->cTLBFlushes)
+    {
+        if (pVM->hwaccm.s.idLastCpu != pCpu->idCpu)
+            Log(("Force TLB flush due to rescheduling to a different cpu (%d vs %d)\n", pVM->hwaccm.s.idLastCpu, pCpu->idCpu));
+        else
+            Log(("Force TLB flush due to changed TLB flush count (%x vs %x)\n", pVM->hwaccm.s.cTLBFlushes, pCpu->cTLBFlushes));
+    }
+    if (pCpu->fFlushTLB)
+        Log(("Force TLB flush: first time cpu %d is used -> flush\n", pCpu->idCpu));
+#endif
+
     /*
      * NOTE: DO NOT DO ANYTHING AFTER THIS POINT THAT MIGHT JUMP BACK TO RING 3!
@@ -1432 +1481 @@
         STAM_PROFILE_ADV_STOP(&pVM->hwaccm.s.StatEntry, x);
         goto end;
+    }
+
+    /* Deal with tagged TLBs if VPID is supported. */
+    if (pVM->hwaccm.s.vmx.fVPID)
+    {
+        pCpu = HWACCMR0GetCurrentCpu();
+        /* Force a TLB flush for the first world switch if the current cpu differs from the one we ran on last. */
+        /* Note that this can happen both for start and resume due to long jumps back to ring 3. */
+        if (    pVM->hwaccm.s.idLastCpu != pCpu->idCpu
+                /* if the tlb flush count has changed, another VM has flushed the TLB of this cpu, so we can't use our current ASID anymore. */
+            ||  pVM->hwaccm.s.cTLBFlushes != pCpu->cTLBFlushes)
+        {
+            /* Force a TLB flush on VM entry. */
+            pVM->hwaccm.s.fForceTLBFlush = true;
+        }
+        else
+            Assert(!pCpu->fFlushTLB);
+
+        pVM->hwaccm.s.idLastCpu = pCpu->idCpu;
+
+        /* Make sure we flush the TLB when required. Switch ASID to achieve the same thing, but without actually flushing the whole TLB (which is expensive). */
+        if (pVM->hwaccm.s.fForceTLBFlush)
+        {
+            if (    ++pCpu->uCurrentASID >= pVM->hwaccm.s.uMaxASID
+                ||  pCpu->fFlushTLB)
+            {
+                pCpu->fFlushTLB                  = false;
+                pCpu->uCurrentASID               = 1;       /* start at 1; host uses 0 */
+                pCpu->cTLBFlushes++;
+            }
+            else
+            {
+                STAM_COUNTER_INC(&pVM->hwaccm.s.StatFlushASID);
+                pVM->hwaccm.s.fForceTLBFlush     = false;
+            }
+
+            pVM->hwaccm.s.cTLBFlushes  = pCpu->cTLBFlushes;
+            pVM->hwaccm.s.uCurrentASID = pCpu->uCurrentASID;
+        }
+        else
+        {
+            Assert(!pCpu->fFlushTLB);
+
+            if (!pCpu->uCurrentASID || !pVM->hwaccm.s.uCurrentASID)
+                pVM->hwaccm.s.uCurrentASID = pCpu->uCurrentASID = 1;
+        }
+        AssertMsg(pVM->hwaccm.s.cTLBFlushes == pCpu->cTLBFlushes, ("Flush count mismatch for cpu %d (%x vs %x)\n", pCpu->idCpu, pVM->hwaccm.s.cTLBFlushes, pCpu->cTLBFlushes));
+        AssertMsg(pCpu->uCurrentASID >= 1 && pCpu->uCurrentASID < pVM->hwaccm.s.uMaxASID, ("cpu%d uCurrentASID = %x\n", pCpu->idCpu, pCpu->uCurrentASID));
+        AssertMsg(pVM->hwaccm.s.uCurrentASID >= 1 && pVM->hwaccm.s.uCurrentASID < pVM->hwaccm.s.uMaxASID, ("cpu%d VM uCurrentASID = %x\n", pCpu->idCpu, pVM->hwaccm.s.uCurrentASID));
+
+        rc  = VMXWriteVMCS(VMX_VMCS_GUEST_FIELD_VPID, pVM->hwaccm.s.uCurrentASID);
+        AssertRC(rc);
+
+        if (pVM->hwaccm.s.fForceTLBFlush)
+        {
+
+        }
+
+#ifdef VBOX_WITH_STATISTICS
+        if (pVM->hwaccm.s.fForceTLBFlush)
+            STAM_COUNTER_INC(&pVM->hwaccm.s.StatFlushTLBWorldSwitch);
+        else
+            STAM_COUNTER_INC(&pVM->hwaccm.s.StatNoFlushTLBWorldSwitch);
+#endif
+
     }
 
@@ -1463 +1577 @@
 
     /* In case we execute a goto ResumeExecution later on. */
-    pVM->hwaccm.s.vmx.fResumeVM = true;
+    pVM->hwaccm.s.vmx.fResumeVM  = true;
+    pVM->hwaccm.s.fForceTLBFlush = false;
 
     /*
@@ -1675 +1790 @@
     CPUMSetGuestCR4(pVM, val);
 
+    /* Can be updated behind our back in the nested paging case. */
     CPUMSetGuestCR2(pVM, ASMGetCR2());
+
+    /* Note: no reason to sync back the CRx registers. They can't be changed by the guest. */
+    /* Note: only in the nested paging case can CR3 & CR4 be changed by the guest. */
+    if (pVM->hwaccm.s.fNestedPaging)
+    {
+        VMXReadVMCS(VMX_VMCS_GUEST_CR3, &val);
+
+        if (val != pCtx->cr3)
+        {
+            CPUMSetGuestCR3(pVM, val);
+            PGMUpdateCR3(pVM, val);
+        }
+    }
 
     /* Sync back DR7 here. */
@@ -1857 +1986 @@
             case X86_XCPT_PF: /* Page fault */
             {
-                Log2(("Page fault at %VGv error code %x\n", exitQualification ,errCode));
+#ifdef DEBUG
+                if (pVM->hwaccm.s.fNestedPaging)
+                {   /* A genuine pagefault.
+                     * Forward the trap to the guest by injecting the exception and resuming execution.
+                     */
+                    Log(("Guest page fault at %VGv cr2=%VGv error code %x rsp=%VGv\n", (RTGCPTR)pCtx->rip, exitQualification, errCode, (RTGCPTR)pCtx->rsp));
+
+                    STAM_COUNTER_INC(&pVM->hwaccm.s.StatExitGuestPF);
+                    /* The error code might have been changed. */
+                    errCode = TRPMGetErrorCode(pVM);
+
+                    TRPMResetTrap(pVM);
+
+                    /* Now we must update CR2. */
+                    pCtx->cr2 = exitQualification;
+                    rc = VMXR0InjectEvent(pVM, pCtx, VMX_VMCS_CTRL_ENTRY_IRQ_INFO_FROM_EXIT_INT_INFO(intInfo), cbInstr, errCode);
+                    AssertRC(rc);
+
+                    STAM_PROFILE_ADV_STOP(&pVM->hwaccm.s.StatExit, x);
+                    goto ResumeExecution;
+                }
+#endif
+                Assert(!pVM->hwaccm.s.fNestedPaging);
+
+                Log2(("Page fault at %VGv error code %x\n", exitQualification, errCode));
                 /* Exit qualification contains the linear address of the page fault. */
                 TRPMAssertTrap(pVM, X86_XCPT_PF, TRPM_TRAP);
@@ -2056 +2209 @@
     }
 
+    case VMX_EXIT_EPT_VIOLATION:        /* 48 EPT violation. An attempt to access memory with a guest-physical address was disallowed by the configuration of the EPT paging structures. */
+    {
+        Log2(("EPT Page fault at %VGv error code %x\n", exitQualification ,errCode));
+        Assert(pVM->hwaccm.s.fNestedPaging);
+
+        /* Exit qualification contains the linear address of the page fault. */
+        TRPMAssertTrap(pVM, X86_XCPT_PF, TRPM_TRAP);
+        TRPMSetErrorCode(pVM, errCode);
+        TRPMSetFaultAddress(pVM, exitQualification );
+
+        /* Handle the pagefault trap for the nested shadow table. */
+        rc = PGMR0Trap0eHandlerNestedPaging(pVM, PGMMODE_EPT, errCode, CPUMCTX2CORE(pCtx), exitQualification );
+        Log2(("PGMR0Trap0eHandlerNestedPaging %VGv returned %Vrc\n", pCtx->rip, rc));
+        if (rc == VINF_SUCCESS)
+        {   /* We've successfully synced our shadow pages, so let's just continue execution. */
+            Log2(("Shadow page fault at %VGv cr2=%VGp error code %x\n", pCtx->rip, exitQualification , errCode));
+            STAM_COUNTER_INC(&pVM->hwaccm.s.StatExitShadowPF);
+
+            TRPMResetTrap(pVM);
+
+            STAM_PROFILE_ADV_STOP(&pVM->hwaccm.s.StatExit, x);
+            goto ResumeExecution;
+        }
+
+#ifdef VBOX_STRICT
+        if (rc != VINF_EM_RAW_EMULATE_INSTR)
+            LogFlow(("PGMTrap0eHandlerNestedPaging failed with %d\n", rc));
+#endif
+        /* Need to go back to the recompiler to emulate the instruction. */
+        TRPMResetTrap(pVM);
+        break;
+    }
+
     case VMX_EXIT_IRQ_WINDOW:           /* 7 Interrupt window. */
         /* Clear VM-exit on IF=1 change. */
@@ -2113 +2299 @@
     {
         Log2(("VMX: invlpg\n"));
+        Assert(!pVM->hwaccm.s.fNestedPaging);
+
         STAM_COUNTER_INC(&pVM->hwaccm.s.StatExitInvpg);
         rc = EMInterpretInvlpg(pVM, CPUMCTX2CORE(pCtx), exitQualification);
@@ -2165 +2353 @@
                 break;
             case 3:
+                Assert(!pVM->hwaccm.s.fNestedPaging);
                 pVM->hwaccm.s.fContextUseFlags |= HWACCM_CHANGED_GUEST_CR3;
                 break;
@@ -2191 +2380 @@
             Log2(("VMX: mov x, crx\n"));
             STAM_COUNTER_INC(&pVM->hwaccm.s.StatExitCRxRead);
+
+            Assert(!pVM->hwaccm.s.fNestedPaging || VMX_EXIT_QUALIFICATION_CRX_REGISTER(exitQualification) != USE_REG_CR3);
 
             /* CR8 reads only cause an exit when the TPR shadow feature isn't present. */
@@ -2692 +2883 @@
 }
 
+/**
+ * Invalidates a guest page
+ *
+ * @returns VBox status code.
+ * @param   pVM         The VM to operate on.
+ * @param   GCVirt      Page to invalidate
+ */
+VMMR0DECL(int) VMXR0InvalidatePage(PVM pVM, RTGCPTR GCVirt)
+{
+    bool fFlushPending = pVM->hwaccm.s.fForceTLBFlush;
+
+    /* @todo Only relevant if we want to use VPID. */
+
+    /* Skip it if a TLB flush is already pending. */
+    if (!fFlushPending)
+    {
+    }
+    return VINF_SUCCESS;
+}
+
+/**
+ * Invalidates a guest page by physical address
+ *
+ * NOTE: Assumes the current instruction references this physical page though a virtual address!!
+ *
+ * @returns VBox status code.
+ * @param   pVM         The VM to operate on.
+ * @param   GCPhys      Page to invalidate
+ */
+VMMR0DECL(int) VMXR0InvalidatePhysPage(PVM pVM, RTGCPHYS GCPhys)
+{
+    bool fFlushPending = pVM->hwaccm.s.fForceTLBFlush;
+
+    Assert(pVM->hwaccm.s.fNestedPaging);
+
+    /* Skip it if a TLB flush is already pending. */
+    if (!fFlushPending)
+    {
+    }
+    return VINF_SUCCESS;
+}