Changeset 16376 in vbox

Timestamp:

Jan 29, 2009 4:46:31 PM (16 years ago)

Author:

vboxsync

Message:

Paging updates. Deal with mode switches and cr3 updates.

Location:

trunk/src/VBox/VMM

Files:

• PGM.cpp (modified) (8 diffs)
• PGMBth.h (modified) (1 diff)
• PGMInternal.h (modified) (1 diff)
• PGMShw.h (modified) (3 diffs)
• VMMAll/PGMAllBth.h (modified) (2 diffs)
• VMMAll/PGMAllMap.cpp (modified) (2 diffs)
• VMMAll/PGMAllPool.cpp (modified) (2 diffs)

trunk/src/VBox/VMM/PGM.cpp

@@ -685 +685 @@
 #define PGM_BTH_NAME_R0_STR(name)   PGM_BTH_NAME_R0_32BIT_REAL_STR(name)
 #define BTH_PGMPOOLKIND_PT_FOR_PT   PGMPOOLKIND_32BIT_PT_FOR_PHYS
+#define BTH_PGMPOOLKIND_ROOT        PGMPOOLKIND_32BIT_PD_PHYS_REAL
 #include "PGMBth.h"
 #include "PGMGst.h"
 #undef BTH_PGMPOOLKIND_PT_FOR_PT
+#undef BTH_PGMPOOLKIND_ROOT
 #undef PGM_BTH_NAME
 #undef PGM_BTH_NAME_RC_STR
@@ -705 +707 @@
 #define PGM_BTH_NAME_R0_STR(name)   PGM_BTH_NAME_R0_32BIT_PROT_STR(name)
 #define BTH_PGMPOOLKIND_PT_FOR_PT   PGMPOOLKIND_32BIT_PT_FOR_PHYS
+#define BTH_PGMPOOLKIND_ROOT        PGMPOOLKIND_32BIT_PD_PHYS_PROT
 #include "PGMBth.h"
 #include "PGMGst.h"
 #undef BTH_PGMPOOLKIND_PT_FOR_PT
+#undef BTH_PGMPOOLKIND_ROOT
 #undef PGM_BTH_NAME
 #undef PGM_BTH_NAME_RC_STR
@@ -726 +730 @@
 #define BTH_PGMPOOLKIND_PT_FOR_PT   PGMPOOLKIND_32BIT_PT_FOR_32BIT_PT
 #define BTH_PGMPOOLKIND_PT_FOR_BIG  PGMPOOLKIND_32BIT_PT_FOR_32BIT_4MB
+#define BTH_PGMPOOLKIND_ROOT        PGMPOOLKIND_32BIT_PD
 #include "PGMBth.h"
 #include "PGMGst.h"
 #undef BTH_PGMPOOLKIND_PT_FOR_BIG
 #undef BTH_PGMPOOLKIND_PT_FOR_PT
+#undef BTH_PGMPOOLKIND_ROOT
 #undef PGM_BTH_NAME
 #undef PGM_BTH_NAME_RC_STR
@@ -763 +769 @@
 #define PGM_BTH_NAME_R0_STR(name)   PGM_BTH_NAME_R0_PAE_REAL_STR(name)
 #define BTH_PGMPOOLKIND_PT_FOR_PT   PGMPOOLKIND_PAE_PT_FOR_PHYS
+#define BTH_PGMPOOLKIND_ROOT        PGMPOOLKIND_PAE_PDPT_PHYS_REAL
 #include "PGMBth.h"
 #undef BTH_PGMPOOLKIND_PT_FOR_PT
+#undef BTH_PGMPOOLKIND_ROOT
 #undef PGM_BTH_NAME
 #undef PGM_BTH_NAME_RC_STR
@@ -782 +790 @@
 #define PGM_BTH_NAME_R0_STR(name)   PGM_BTH_NAME_R0_PAE_PROT_STR(name)
 #define BTH_PGMPOOLKIND_PT_FOR_PT   PGMPOOLKIND_PAE_PT_FOR_PHYS
+#define BTH_PGMPOOLKIND_ROOT        PGMPOOLKIND_PAE_PDPT_PHYS_PROT
 #include "PGMBth.h"
 #undef BTH_PGMPOOLKIND_PT_FOR_PT
+#undef BTH_PGMPOOLKIND_ROOT
 #undef PGM_BTH_NAME
 #undef PGM_BTH_NAME_RC_STR
@@ -802 +812 @@
 #define BTH_PGMPOOLKIND_PT_FOR_PT   PGMPOOLKIND_PAE_PT_FOR_32BIT_PT
 #define BTH_PGMPOOLKIND_PT_FOR_BIG  PGMPOOLKIND_PAE_PT_FOR_32BIT_4MB
+#define BTH_PGMPOOLKIND_ROOT        PGMPOOLKIND_PAE_PDPT_FOR_32BIT
 #include "PGMBth.h"
 #undef BTH_PGMPOOLKIND_PT_FOR_BIG
 #undef BTH_PGMPOOLKIND_PT_FOR_PT
+#undef BTH_PGMPOOLKIND_ROOT
 #undef PGM_BTH_NAME
 #undef PGM_BTH_NAME_RC_STR
@@ -823 +835 @@
 #define BTH_PGMPOOLKIND_PT_FOR_PT   PGMPOOLKIND_PAE_PT_FOR_PAE_PT
 #define BTH_PGMPOOLKIND_PT_FOR_BIG  PGMPOOLKIND_PAE_PT_FOR_PAE_2MB
+#define BTH_PGMPOOLKIND_ROOT        PGMPOOLKIND_PAE_PDPT
 #include "PGMBth.h"
 #include "PGMGst.h"
 #undef BTH_PGMPOOLKIND_PT_FOR_BIG
 #undef BTH_PGMPOOLKIND_PT_FOR_PT
+#undef BTH_PGMPOOLKIND_ROOT
 #undef PGM_BTH_NAME
 #undef PGM_BTH_NAME_RC_STR
@@ -861 +875 @@
 # define BTH_PGMPOOLKIND_PT_FOR_PT  PGMPOOLKIND_PAE_PT_FOR_PAE_PT
 # define BTH_PGMPOOLKIND_PT_FOR_BIG PGMPOOLKIND_PAE_PT_FOR_PAE_2MB
+# define BTH_PGMPOOLKIND_ROOT       PGMPOOLKIND_64BIT_PML4
 # include "PGMBth.h"
 # include "PGMGst.h"
 # undef BTH_PGMPOOLKIND_PT_FOR_BIG
 # undef BTH_PGMPOOLKIND_PT_FOR_PT
+# undef BTH_PGMPOOLKIND_ROOT
 # undef PGM_BTH_NAME
 # undef PGM_BTH_NAME_RC_STR

trunk/src/VBox/VMM/PGMBth.h

@@ -130 +130 @@
 PGM_BTH_DECL(int, Enter)(PVM pVM, RTGCPHYS GCPhysCR3)
 {
+#ifdef VBOX_WITH_PGMPOOL_PAGING_ONLY
+    /* Here we deal with allocation of the root shadow page table for real and protected mode during mode switches;
+     * Other modes rely on MapCR3/UnmapCR3 to setup the shadow root page tables. 
+     */
+# if  (   (   PGM_SHW_TYPE == PGM_TYPE_32BITS \
+           || PGM_SHW_TYPE == PGM_TYPE_PAE    \
+           || PGM_SHW_TYPE == PGM_TYPE_AMD64) \
+       && (   PGM_GST_TYPE == PGM_TYPE_REAL   \
+           && PGM_GST_TYPE == PGM_TYPE_PROT))
+
+    Assert(!HWACCMIsNestedPagingActive(pVM));
+    /* We only need shadow paging in real and protected mode for VT-x and AMD-V (excluding nested paging/EPT modes) */
+    if (HWACCMR3IsActive(pVM))
+    {
+        /* Free the previous root mapping if still active. */
+        PPGMPOOL pPool = pVM->pgm.s.CTX_SUFF(pPool);
+        if (pVM->pgm.s.CTX_SUFF(pShwPageCR3))
+        {
+            /* It might have been freed already by a pool flush (see e.g. PGMR3MappingsUnfix). */
+            /** @todo Coordinate this better with the pool. */
+            if (pVM->pgm.s.CTX_SUFF(pShwPageCR3)->enmKind != PGMPOOLKIND_FREE)
+                pgmPoolFreeByPage(pPool, pVM->pgm.s.CTX_SUFF(pShwPageCR3), pVM->pgm.s.CTX_SUFF(pShwPageCR3)->iUser, pVM->pgm.s.CTX_SUFF(pShwPageCR3)->iUserTable);
+            pVM->pgm.s.pShwPageCR3R3 = 0;
+            pVM->pgm.s.pShwPageCR3R0 = 0;
+            pVM->pgm.s.pShwRootR3    = 0;
+#  ifndef VBOX_WITH_2X_4GB_ADDR_SPACE
+            pVM->pgm.s.pShwRootR0    = 0;
+#  endif
+            pVM->pgm.s.HCPhysShwCR3  = 0;
+        }
+
+        /* contruct a fake address */
+#  if PGM_GST_TYPE == PGM_TYPE_REAL 
+        RTGCPHYS GCPhysCR3 = RT_BIT_64(63);
+#  else
+        RTGCPHYS GCPhysCR3 = RT_BIT_64(63) | RT_BIT_64(62);
+#  endif
+        int rc = pgmPoolAlloc(pVM, GCPhysCR3, BTH_PGMPOOLKIND_ROOT, SHW_POOL_ROOT_IDX, GCPhysCR3 >> PAGE_SHIFT, &pVM->pgm.s.CTX_SUFF(pShwPageCR3));
+        if (rc == VERR_PGM_POOL_FLUSHED)
+        {
+            Log(("Bth-Enter: PGM pool flushed -> signal sync cr3\n"));
+            Assert(VM_FF_ISSET(pVM, VM_FF_PGM_SYNC_CR3));
+            return VINF_PGM_SYNC_CR3;
+        }
+        AssertRCReturn(rc, rc);
+#  ifdef IN_RING0
+        pVM->pgm.s.pShwPageCR3R3 = MMHyperCCToR3(pVM, pVM->pgm.s.CTX_SUFF(pShwPageCR3));
+#  else
+        pVM->pgm.s.pShwPageCR3R0 = MMHyperCCToR0(pVM, pVM->pgm.s.CTX_SUFF(pShwPageCR3));
+#  endif
+        pVM->pgm.s.pShwRootR3    = (R3PTRTYPE(void *))pVM->pgm.s.CTX_SUFF(pShwPageCR3)->pvPageR3;
+        Assert(pVM->pgm.s.pShwRootR3);
+#  ifndef VBOX_WITH_2X_4GB_ADDR_SPACE
+        pVM->pgm.s.pShwRootR0    = (R0PTRTYPE(void *))PGMPOOL_PAGE_2_PTR(pPool->CTX_SUFF(pVM), pVM->pgm.s.CTX_SUFF(pShwPageCR3));
+#  endif
+        pVM->pgm.s.HCPhysShwCR3  = pVM->pgm.s.CTX_SUFF(pShwPageCR3)->Core.Key;
+    }
+# endif
+#else
     /* nothing special to do here - InitData does the job. */
+#endif
     return VINF_SUCCESS;
 }

trunk/src/VBox/VMM/PGMInternal.h

@@ -1623 +1623 @@
     uint16_t            iAgePrev;
 #endif /* PGMPOOL_WITH_CACHE */
+    /* The shadow page pool index of the user table as specified during allocation; useful for freeing root pages */
+    uint16_t            iUser;
+    /* The index into the user table (shadowed) as specified during allocation; useful for freeing root pages. */
+    uint32_t            iUserTable;
     /** Used to indicate that the page is zeroed. */
     bool                fZeroed;

trunk/src/VBox/VMM/PGMShw.h

@@ -37 +37 @@
 #undef SHW_PT_SHIFT
 #undef SHW_PT_MASK
+#undef SHW_TOTAL_PD_ENTRIES
+#undef SHW_PDPT_SHIFT
+#undef SHW_PDPT_MASK
+#undef SHW_PDPE_PG_MASK
 #undef SHW_POOL_ROOT_IDX
 
@@ -51 +55 @@
 # define SHW_PD_SHIFT           X86_PD_SHIFT
 # define SHW_PD_MASK            X86_PD_MASK
+# define SHW_TOTAL_PD_ENTRIES   X86_PG_ENTRIES
 # define SHW_PTE_PG_MASK        X86_PTE_PG_MASK
 # define SHW_PT_SHIFT           X86_PT_SHIFT
 # define SHW_PT_MASK            X86_PT_MASK
 # define SHW_POOL_ROOT_IDX      PGMPOOL_IDX_PD
+
+#elif PGM_SHW_TYPE == PGM_TYPE_EPT
+# define SHWPT                  EPTPT
+# define PSHWPT                 PEPTPT
+# define SHWPTE                 EPTPTE
+# define PSHWPTE                PEPTPTE
+# define SHWPD                  EPTPD
+# define PSHWPD                 PEPTPD
+# define SHWPDE                 EPTPDE
+# define PSHWPDE                PEPTPDE
+# define SHW_PDE_PG_MASK        EPT_PDE_PG_MASK
+# define SHW_PD_SHIFT           EPT_PD_SHIFT
+# define SHW_PD_MASK            EPT_PD_MASK
+# define SHW_PTE_PG_MASK        EPT_PTE_PG_MASK
+# define SHW_PT_SHIFT           EPT_PT_SHIFT
+# define SHW_PT_MASK            EPT_PT_MASK
+# define SHW_PDPT_SHIFT         EPT_PDPT_SHIFT
+# define SHW_PDPT_MASK          EPT_PDPT_MASK
+# define SHW_PDPE_PG_MASK       EPT_PDPE_PG_MASK
+# define SHW_TOTAL_PD_ENTRIES   (EPT_PG_AMD64_ENTRIES*EPT_PG_AMD64_PDPE_ENTRIES)
+# define SHW_POOL_ROOT_IDX      PGMPOOL_IDX_NESTED_ROOT      /* do not use! exception is real mode & protected mode without paging. */
+
 #else
 # define SHWPT                  X86PTPAE
@@ -70 +97 @@
 # define SHW_PT_SHIFT           X86_PT_PAE_SHIFT
 # define SHW_PT_MASK            X86_PT_PAE_MASK
-# define SHW_POOL_ROOT_IDX      PGMPOOL_IDX_PAE_PD
+
+# if PGM_SHW_TYPE == PGM_TYPE_AMD64
+#  define SHW_PDPT_SHIFT        X86_PDPT_SHIFT
+#  define SHW_PDPT_MASK         X86_PDPT_MASK_AMD64
+#  define SHW_PDPE_PG_MASK      X86_PDPE_PG_MASK
+#  define SHW_TOTAL_PD_ENTRIES  (X86_PG_AMD64_ENTRIES*X86_PG_AMD64_PDPE_ENTRIES)
+#  define SHW_POOL_ROOT_IDX     PGMPOOL_IDX_AMD64_CR3
+
+# else /* 32 bits PAE mode */
+#  define SHW_PDPT_SHIFT        X86_PDPT_SHIFT
+#  define SHW_PDPT_MASK         X86_PDPT_MASK_PAE
+#  define SHW_PDPE_PG_MASK      X86_PDPE_PG_MASK
+#  define SHW_TOTAL_PD_ENTRIES  (X86_PG_PAE_ENTRIES*X86_PG_PAE_PDPE_ENTRIES)
+#  ifdef VBOX_WITH_PGMPOOL_PAGING_ONLY
+#  define SHW_POOL_ROOT_IDX     PGMPOOL_IDX_PDPT
+#  else
+#  define SHW_POOL_ROOT_IDX     PGMPOOL_IDX_PAE_PD
+#  endif
+
+# endif
 #endif
 

trunk/src/VBox/VMM/VMMAll/PGMAllBth.h

@@ -4556 +4556 @@
 
 #ifdef VBOX_WITH_PGMPOOL_PAGING_ONLY
-    /* Update shadow paging info. */
-# if    PGM_SHW_TYPE == PGM_TYPE_32BITS \
-     || PGM_SHW_TYPE == PGM_TYPE_PAE    \
-     || PGM_SHW_TYPE == PGM_TYPE_AMD64
-
-    if (!HWACCMIsNestedPagingActive(pVM))
-    {
-        /* Apply all hypervisor mappings to the new CR3. */
-        PGMMapActivateAll(pVM);
-
-        /*
-         * Update the shadow root page as well since that's not fixed.
-         */
-        PPGMPOOL pPool = pVM->pgm.s.CTX_SUFF(pPool);
-        if (pVM->pgm.s.CTX_SUFF(pShwPageCR3))
-        {
-            /* It might have been freed already by a pool flush (see e.g. PGMR3MappingsUnfix). */
-            /** @todo Coordinate this better with the pool. */
-            if (pVM->pgm.s.CTX_SUFF(pShwPageCR3)->enmKind != PGMPOOLKIND_FREE)
-                pgmPoolFreeByPage(pPool, pVM->pgm.s.CTX_SUFF(pShwPageCR3), SHW_POOL_ROOT_IDX, pVM->pgm.s.CTX_SUFF(pShwPageCR3)->GCPhys >> PAGE_SHIFT);
-            pVM->pgm.s.pShwPageCR3R3 = 0;
-            pVM->pgm.s.pShwPageCR3R0 = 0;
-            pVM->pgm.s.pShwRootR3    = 0;
+    /* Update shadow paging info for guest modes with paging (32, pae, 64). */
+# if  (   (   PGM_SHW_TYPE == PGM_TYPE_32BITS \
+           || PGM_SHW_TYPE == PGM_TYPE_PAE    \
+           || PGM_SHW_TYPE == PGM_TYPE_AMD64) \
+       && (   PGM_GST_TYPE != PGM_TYPE_REAL   \
+           && PGM_GST_TYPE != PGM_TYPE_PROT))
+
+    Assert(!HWACCMIsNestedPagingActive(pVM));
+
+    /* Apply all hypervisor mappings to the new CR3. */
+    PGMMapActivateAll(pVM);
+
+    /*
+     * Update the shadow root page as well since that's not fixed.
+     */
+    PPGMPOOL pPool = pVM->pgm.s.CTX_SUFF(pPool);
+    if (pVM->pgm.s.CTX_SUFF(pShwPageCR3))
+    {
+        /* It might have been freed already by a pool flush (see e.g. PGMR3MappingsUnfix). */
+        /** @todo Coordinate this better with the pool. */
+        if (pVM->pgm.s.CTX_SUFF(pShwPageCR3)->enmKind != PGMPOOLKIND_FREE)
+            pgmPoolFreeByPage(pPool, pVM->pgm.s.CTX_SUFF(pShwPageCR3), pVM->pgm.s.CTX_SUFF(pShwPageCR3)->iUser, pVM->pgm.s.CTX_SUFF(pShwPageCR3)->iUserTable);
+        pVM->pgm.s.pShwPageCR3R3 = 0;
+        pVM->pgm.s.pShwPageCR3R0 = 0;
+        pVM->pgm.s.pShwRootR3    = 0;
 #  ifndef VBOX_WITH_2X_4GB_ADDR_SPACE
-            pVM->pgm.s.pShwRootR0    = 0;
-#  endif
-            pVM->pgm.s.HCPhysShwCR3  = 0;
-        }
-
-        Assert(!(GCPhysCR3 >> (PAGE_SHIFT + 32)));
-        rc = pgmPoolAlloc(pVM, GCPhysCR3, BTH_PGMPOOLKIND_ROOT, SHW_POOL_ROOT_IDX, GCPhysCR3 >> PAGE_SHIFT, &pVM->pgm.s.CTX_SUFF(pShwPageCR3));
-        if (rc == VERR_PGM_POOL_FLUSHED)
-        {
-            Log(("MapCR3: PGM pool flushed -> signal sync cr3\n"));
-            Assert(VM_FF_ISSET(pVM, VM_FF_PGM_SYNC_CR3));
-            return VINF_PGM_SYNC_CR3;
-        }
-        AssertRCReturn(rc, rc);
+        pVM->pgm.s.pShwRootR0    = 0;
+#  endif
+        pVM->pgm.s.HCPhysShwCR3  = 0;
+    }
+
+    Assert(!(GCPhysCR3 >> (PAGE_SHIFT + 32)));
+    rc = pgmPoolAlloc(pVM, GCPhysCR3, BTH_PGMPOOLKIND_ROOT, SHW_POOL_ROOT_IDX, GCPhysCR3 >> PAGE_SHIFT, &pVM->pgm.s.CTX_SUFF(pShwPageCR3));
+    if (rc == VERR_PGM_POOL_FLUSHED)
+    {
+        Log(("MapCR3: PGM pool flushed -> signal sync cr3\n"));
+        Assert(VM_FF_ISSET(pVM, VM_FF_PGM_SYNC_CR3));
+        return VINF_PGM_SYNC_CR3;
+    }
+    AssertRCReturn(rc, rc);
 #  ifdef IN_RING0
-        pVM->pgm.s.pShwPageCR3R3 = MMHyperCCToR3(pVM, pVM->pgm.s.CTX_SUFF(pShwPageCR3));
+    pVM->pgm.s.pShwPageCR3R3 = MMHyperCCToR3(pVM, pVM->pgm.s.CTX_SUFF(pShwPageCR3));
 #  else
-        pVM->pgm.s.pShwPageCR3R0 = MMHyperCCToR0(pVM, pVM->pgm.s.CTX_SUFF(pShwPageCR3));
-#  endif
-        pVM->pgm.s.pShwRootR3    = (R3PTRTYPE(void *))pVM->pgm.s.CTX_SUFF(pShwPageCR3)->pvPageR3;
-        Assert(pVM->pgm.s.pShwRootR3);
+    pVM->pgm.s.pShwPageCR3R0 = MMHyperCCToR0(pVM, pVM->pgm.s.CTX_SUFF(pShwPageCR3));
+#  endif
+    pVM->pgm.s.pShwRootR3    = (R3PTRTYPE(void *))pVM->pgm.s.CTX_SUFF(pShwPageCR3)->pvPageR3;
+    Assert(pVM->pgm.s.pShwRootR3);
 #  ifndef VBOX_WITH_2X_4GB_ADDR_SPACE
-        pVM->pgm.s.pShwRootR0    = (R0PTRTYPE(void *))PGMPOOL_PAGE_2_PTR(pPool->CTX_SUFF(pVM), pVM->pgm.s.CTX_SUFF(pShwPageCR3));
-#  endif
-        pVM->pgm.s.HCPhysShwCR3  = pVM->pgm.s.CTX_SUFF(pShwPageCR3)->Core.Key;
-        rc = VINF_SUCCESS; /* clear it - pgmPoolAlloc returns hints. */
-    }
+    pVM->pgm.s.pShwRootR0    = (R0PTRTYPE(void *))PGMPOOL_PAGE_2_PTR(pPool->CTX_SUFF(pVM), pVM->pgm.s.CTX_SUFF(pShwPageCR3));
+#  endif
+    pVM->pgm.s.HCPhysShwCR3  = pVM->pgm.s.CTX_SUFF(pShwPageCR3)->Core.Key;
+    rc = VINF_SUCCESS; /* clear it - pgmPoolAlloc returns hints. */
 # endif
 #endif /* VBOX_WITH_PGMPOOL_PAGING_ONLY */
@@ -4678 +4679 @@
 #ifdef VBOX_WITH_PGMPOOL_PAGING_ONLY
     /* Update shadow paging info. */
-# if    PGM_SHW_TYPE == PGM_TYPE_32BITS \
-     || PGM_SHW_TYPE == PGM_TYPE_PAE    \
-     || PGM_SHW_TYPE == PGM_TYPE_AMD64
-
-    if (!HWACCMIsNestedPagingActive(pVM))
-    {
-        /* @todo: dangerous as it's the current CR3! */
-        /* Remove the hypervisor mappings from the shadow page table. */
-        PGMMapDeactivateAll(pVM);
-
-        pVM->pgm.s.pShwRootR3 = 0;
+# if  (   (   PGM_SHW_TYPE == PGM_TYPE_32BITS \
+           || PGM_SHW_TYPE == PGM_TYPE_PAE    \
+           || PGM_SHW_TYPE == PGM_TYPE_AMD64) \
+       && (   PGM_GST_TYPE != PGM_TYPE_REAL   \
+           && PGM_GST_TYPE != PGM_TYPE_PROT))
+
+    Assert(!HWACCMIsNestedPagingActive(pVM));
+
+    /* @todo: dangerous as it's the current CR3! */
+    /* Remove the hypervisor mappings from the shadow page table. */
+    PGMMapDeactivateAll(pVM);
+
+    pVM->pgm.s.pShwRootR3 = 0;
 #  ifndef VBOX_WITH_2X_4GB_ADDR_SPACE
-        pVM->pgm.s.pShwRootR0 = 0;
-#  endif
-        pVM->pgm.s.HCPhysShwCR3 = 0;
-        if (pVM->pgm.s.CTX_SUFF(pShwPageCR3))
-        {
-            PPGMPOOL pPool = pVM->pgm.s.CTX_SUFF(pPool);
-            pgmPoolFreeByPage(pPool, pVM->pgm.s.CTX_SUFF(pShwPageCR3), SHW_POOL_ROOT_IDX, pVM->pgm.s.CTX_SUFF(pShwPageCR3)->GCPhys >> PAGE_SHIFT);
-            pVM->pgm.s.pShwPageCR3R3 = 0;
-            pVM->pgm.s.pShwPageCR3R0 = 0;
-        }
+    pVM->pgm.s.pShwRootR0 = 0;
+#  endif
+    pVM->pgm.s.HCPhysShwCR3 = 0;
+    if (pVM->pgm.s.CTX_SUFF(pShwPageCR3))
+    {
+        PPGMPOOL pPool = pVM->pgm.s.CTX_SUFF(pPool);
+        pgmPoolFreeByPage(pPool, pVM->pgm.s.CTX_SUFF(pShwPageCR3), pVM->pgm.s.CTX_SUFF(pShwPageCR3)->iUser, pVM->pgm.s.CTX_SUFF(pShwPageCR3)->iUserTable);
+        pVM->pgm.s.pShwPageCR3R3 = 0;
+        pVM->pgm.s.pShwPageCR3R0 = 0;
     }
 # endif

trunk/src/VBox/VMM/VMMAll/PGMAllMap.cpp

@@ -374 +374 @@
         return VINF_SUCCESS;
 
+    Assert(PGMGetGuestMode(pVM) >= PGMMODE_32_BIT && PGMGetGuestMode(pVM) <= PGMMODE_PAE_NX);
+
     /*
      * Iterate mappings.
@@ -401 +403 @@
         return VINF_SUCCESS;
 
+    Assert(PGMGetGuestMode(pVM) >= PGMMODE_32_BIT && PGMGetGuestMode(pVM) <= PGMMODE_PAE_NX);
+
     /*
      * Iterate mappings.

trunk/src/VBox/VMM/VMMAll/PGMAllPool.cpp

@@ -4018 +4018 @@
     if (PGMGetHyperCR3(pPool->CTX_SUFF(pVM)) == pPage->Core.Key)
     {
+#ifdef VBOX_WITH_PGMPOOL_PAGING_ONLY
         AssertMsg(pPage->enmKind == PGMPOOLKIND_64BIT_PML4,
                   ("Can't free the shadow CR3! (%RHp vs %RHp kind=%d\n", PGMGetHyperCR3(pPool->CTX_SUFF(pVM)), pPage->Core.Key, pPage->enmKind));
+#endif
         Log(("pgmPoolFlushPage: current active shadow CR3, rejected. enmKind=%d idx=%d\n", pPage->enmKind, pPage->idx));
         return VINF_SUCCESS;
@@ -4242 +4244 @@
     pPage->fReusedFlushPending = false;
     pPage->fCR3Mix = false;
+    pPage->iUser = iUser;
+    pPage->iUserTable = iUserTable;
 #ifdef PGMPOOL_WITH_MONITORING
     pPage->cModifications = 0;