Changeset 17432 in vbox for trunk/src/VBox

Timestamp:

Mar 6, 2009 2:04:24 AM (16 years ago)

Author:

vboxsync

Message:

PGM,GMM: Filling in missing bits and fixing some bugs.

Location:

trunk/src/VBox/VMM

Files:

• GMM.cpp (modified) (2 diffs)
• PGMHandler.cpp (modified) (4 diffs)
• PGMInternal.h (modified) (2 diffs)
• PGMPhys.cpp (modified) (15 diffs)
• VMMAll/PGMAll.cpp (modified) (2 diffs)
• VMMAll/PGMAllBth.h (modified) (2 diffs)
• VMMAll/PGMAllHandler.cpp (modified) (3 diffs)
• VMMAll/PGMAllPhys.cpp (modified) (12 diffs)

trunk/src/VBox/VMM/GMM.cpp

@@ -160 +160 @@
         return VERR_NO_TMP_MEMORY;
 
-    pReq->Hdr.u32Magic = SUPVMMR0REQHDR_MAGIC;
-    pReq->Hdr.cbReq = cb;
-    pReq->enmAccount = enmAccount;
-    pReq->cPages = cPages;
+    pReq->Hdr.u32Magic  = SUPVMMR0REQHDR_MAGIC;
+    pReq->Hdr.cbReq     = cb;
+    pReq->enmAccount    = enmAccount;
+    pReq->cPages        = cPages;
     NOREF(pVM);
+    *ppReq = pReq;
     return VINF_SUCCESS;
+}
+
+
+/**
+ * Re-prepares a GMMR0FreePages request.
+ *
+ * @returns VINF_SUCCESS or VERR_NO_TMP_MEMORY.
+ * @param       pVM         Pointer to the shared VM structure.
+ * @param       pReq        A request buffer previously returned by
+ *                          GMMR3FreePagesPrepare().
+ * @param       cPages      The number of pages originally passed to
+ *                          GMMR3FreePagesPrepare().
+ * @param       enmAccount  The account to charge.
+ */
+GMMR3DECL(void) GMMR3FreePagesRePrep(PVM pVM, PGMMFREEPAGESREQ pReq, uint32_t cPages, GMMACCOUNT enmAccount)
+{
+    Assert(pReq->Hdr.u32Magic == SUPVMMR0REQHDR_MAGIC);
+    pReq->Hdr.cbReq     = RT_OFFSETOF(GMMFREEPAGESREQ, aPages[cPages]);
+    pReq->enmAccount    = enmAccount;
+    pReq->cPages        = cPages;
+    NOREF(pVM);
 }
 
@@ -174 +196 @@
  *
  * @returns VBox status code.
- * @param   pVM         Pointer to the shared VM structure.
- * @param   pReq        Pointer to the request (returned by GMMR3FreePagesPrepare).
- */
-GMMR3DECL(int) GMMR3FreePagesPerform(PVM pVM, PGMMFREEPAGESREQ pReq)
-{
+ * @param   pVM             Pointer to the shared VM structure.
+ * @param   pReq            Pointer to the request (returned by GMMR3FreePagesPrepare).
+ * @param   cActualPages    The number of pages actually freed.
+ */
+GMMR3DECL(int) GMMR3FreePagesPerform(PVM pVM, PGMMFREEPAGESREQ pReq, uint32_t cActualPages)
+{
+    /*
+     * Adjust the request if we ended up with fewer pages than anticipated.
+     */
+    if (cActualPages != pReq->cPages)
+    {
+        AssertReturn(cActualPages < pReq->cPages, VERR_INTERNAL_ERROR);
+        if (!cActualPages)
+            return VINF_SUCCESS;
+        pReq->cPages = cActualPages;
+        pReq->Hdr.cbReq = RT_OFFSETOF(GMMFREEPAGESREQ, aPages[cActualPages]);
+    }
+
+    /*
+     * Do the job.
+     */
     int rc = VMMR3CallR0(pVM, VMMR0_DO_GMM_FREE_PAGES, 0, &pReq->Hdr);
     if (RT_SUCCESS(rc))

trunk/src/VBox/VMM/PGMHandler.cpp

@@ -97 +97 @@
     if (!pszModRC)
         pszModRC = VMMGC_MAIN_MODULE_NAME;
-
     if (!pszModR0)
         pszModR0 = VMMR0_MAIN_MODULE_NAME;
+#ifdef VBOX_WITH_NEW_PHYS_CODE
+    AssertPtrReturn(pfnHandlerR3, VERR_INVALID_POINTER);
+    AssertPtrReturn(pszHandlerR0, VERR_INVALID_POINTER);
+    AssertPtrReturn(pszHandlerRC, VERR_INVALID_POINTER);
+#endif
 
     /*
@@ -106 +110 @@
     R0PTRTYPE(PFNPGMR0PHYSHANDLER) pfnHandlerR0 = NIL_RTR0PTR;
     int rc = VINF_SUCCESS;
-    if (pszHandlerR0)
-        rc = PDMR3LdrGetSymbolR0Lazy(pVM, pszModR0, pszHandlerR0, &pfnHandlerR0);
+#ifndef VBOX_WITH_NEW_PHYS_CODE
+  if (pszHandlerR0)
+#endif
+    rc = PDMR3LdrGetSymbolR0Lazy(pVM, pszModR0, pszHandlerR0, &pfnHandlerR0);
     if (RT_SUCCESS(rc))
     {
@@ -114 +120 @@
          */
         RTRCPTR pfnHandlerRC = NIL_RTRCPTR;
-        if (pszHandlerRC)
-            rc = PDMR3LdrGetSymbolRCLazy(pVM, pszModRC, pszHandlerRC, &pfnHandlerRC);
+#ifndef VBOX_WITH_NEW_PHYS_CODE
+      if (pszHandlerRC)
+#endif
+        rc = PDMR3LdrGetSymbolRCLazy(pVM, pszModRC, pszHandlerRC, &pfnHandlerRC);
 
         if (RT_SUCCESS(rc))
@@ -290 +298 @@
     {
         case PGMVIRTHANDLERTYPE_ALL:
+            AssertReleaseMsgFailedReturn(("PGMVIRTHANDLERTYPE_ALL: not implemented\n"), VERR_NOT_IMPLEMENTED);
+            break;
         case PGMVIRTHANDLERTYPE_WRITE:
             if (!pfnHandlerR3)

trunk/src/VBox/VMM/PGMInternal.h

@@ -1055 +1055 @@
 typedef PGMRAMRANGE *PPGMRAMRANGE;
 
+#ifndef VBOX_WITH_NEW_PHYS_CODE
 /** Return hc ptr corresponding to the ram range and physical offset */
 #define PGMRAMRANGE_GETHCPTR(pRam, off) \
     (pRam->fFlags & MM_RAM_FLAGS_DYNAMIC_ALLOC) ? (RTHCPTR)((pRam)->paChunkR3Ptrs[(off) >> PGM_DYNAMIC_CHUNK_SHIFT] + ((off) & PGM_DYNAMIC_CHUNK_OFFSET_MASK)) \
                                                 : (RTHCPTR)((RTR3UINTPTR)(pRam)->pvR3 + (off));
+#endif
 
 /**
@@ -3040 +3042 @@
 
 
-void            pgmPhysFreePage(PVM pVM, PPGMPAGE pPage, RTGCPHYS GCPhys);
 int             pgmPhysPageLoadIntoTlb(PPGM pPGM, RTGCPHYS GCPhys);
 int             pgmPhysPageLoadIntoTlbWithPage(PPGM pPGM, PPGMPAGE pPage, RTGCPHYS GCPhys);

trunk/src/VBox/VMM/PGMPhys.cpp

@@ -47 +47 @@
 
 /*******************************************************************************
+*   Defined Constants And Macros                                               *
+*******************************************************************************/
+/** The number of pages to free in one batch. */
+#define PGMPHYS_FREE_PAGE_BATCH_SIZE    128
+
+
+/*******************************************************************************
 *   Internal Functions                                                         *
 *******************************************************************************/
 static DECLCALLBACK(int) pgmR3PhysRomWriteHandler(PVM pVM, RTGCPHYS GCPhys, void *pvPhys, void *pvBuf, size_t cbBuf, PGMACCESSTYPE enmAccessType, void *pvUser);
-
+static int pgmPhysFreePage(PVM pVM, PGMMFREEPAGESREQ pReq, uint32_t *pcPendingPages, PPGMPAGE pPage, RTGCPHYS GCPhys);
 
 
@@ -284 +291 @@
 int pgmR3PhysRamReset(PVM pVM)
 {
+#ifdef VBOX_WITH_NEW_PHYS_CODE
+    /*
+     * We batch up pages before freeing them.
+     */
+    uint32_t            cPendingPages = 0;
+    PGMMFREEPAGESREQ    pReq;
+    int rc = GMMR3FreePagesPrepare(pVM, &pReq, PGMPHYS_FREE_PAGE_BATCH_SIZE, GMMACCOUNT_BASE);
+    AssertLogRelRCReturn(rc, rc);
+#endif
+
     /*
      * Walk the ram ranges.
@@ -291 +308 @@
         uint32_t    iPage = pRam->cb >> PAGE_SHIFT; Assert((RTGCPHYS)iPage << PAGE_SHIFT == pRam->cb);
 #ifdef VBOX_WITH_NEW_PHYS_CODE
-        int         rc;
         if (!pVM->pgm.s.fRamPreAlloc)
         {
@@ -302 +318 @@
                     case PGMPAGETYPE_RAM:
                         if (!PGM_PAGE_IS_ZERO(pPage))
-                            pgmPhysFreePage(pVM, pPage, pRam->GCPhys + ((RTGCPHYS)iPage << PAGE_SHIFT));
+                        {
+                            rc = pgmPhysFreePage(pVM, pReq, &cPendingPages, pPage, pRam->GCPhys + ((RTGCPHYS)iPage << PAGE_SHIFT));
+                            AssertLogRelRCReturn(rc, rc);
+                        }
                         break;
 
@@ -379 +398 @@
     }
 
+#ifdef VBOX_WITH_NEW_PHYS_CODE
+    /*
+     * Finish off any pages pending freeing.
+     */
+    if (cPendingPages)
+    {
+        rc = GMMR3FreePagesPerform(pVM, pReq, cPendingPages);
+        AssertLogRelRCReturn(rc, rc);
+    }
+    GMMR3FreePagesCleanup(pReq);
+#endif
+
+
     return VINF_SUCCESS;
 }
@@ -910 +942 @@
     if (fRamExists)
     {
+        uint32_t            cPendingPages = 0;
+        PGMMFREEPAGESREQ    pReq;
+        int rc = GMMR3FreePagesPrepare(pVM, &pReq, PGMPHYS_FREE_PAGE_BATCH_SIZE, GMMACCOUNT_BASE);
+        AssertLogRelRCReturn(rc, rc);
+
         /* replace the pages, freeing all present RAM pages. */
         PPGMPAGE pPageSrc = &pCur->RamRange.aPages[0];
@@ -916 +953 @@
         while (cPagesLeft-- > 0)
         {
-            pgmPhysFreePage(pVM, pPageDst, GCPhys);
+            rc = pgmPhysFreePage(pVM, pReq, &cPendingPages, pPageDst, GCPhys);
+            AssertLogRelRCReturn(rc, rc); /* We're done for if this goes wrong. */
 
             RTHCPHYS const HCPhys = PGM_PAGE_GET_HCPHYS(pPageSrc);
@@ -927 +965 @@
             pPageDst++;
         }
+
+        if (cPendingPages)
+        {
+            rc = GMMR3FreePagesPerform(pVM, pReq, cPendingPages);
+            AssertLogRelRCReturn(rc, rc);
+        }
+        GMMR3FreePagesCleanup(pReq);
     }
     else
@@ -981 +1026 @@
             pRam = pRam->pNextR3;
 
-#ifdef RT_STRICT
         RTHCPHYS const HCPhysZeroPg = pVM->pgm.s.HCPhysZeroPg;
-#endif
         Assert(HCPhysZeroPg != 0 && HCPhysZeroPg != NIL_RTHCPHYS);
         PPGMPAGE pPageDst = &pRam->aPages[(pCur->RamRange.GCPhys - pRam->GCPhys) >> PAGE_SHIFT];
@@ -989 +1032 @@
         while (cPagesLeft-- > 0)
         {
-            PGM_PAGE_SET_HCPHYS(pPageDst, pVM->pgm.s.HCPhysZeroPg);
+            PGM_PAGE_SET_HCPHYS(pPageDst, HCPhysZeroPg);
             PGM_PAGE_SET_TYPE(pPageDst, PGMPAGETYPE_RAM);
             PGM_PAGE_SET_STATE(pPageDst, PGM_PAGE_STATE_ZERO);
+            PGM_PAGE_SET_PAGEID(pPageDst, NIL_GMM_PAGEID);
 
             pPageDst++;
@@ -1454 +1498 @@
 static DECLCALLBACK(int) pgmR3PhysRomWriteHandler(PVM pVM, RTGCPHYS GCPhys, void *pvPhys, void *pvBuf, size_t cbBuf, PGMACCESSTYPE enmAccessType, void *pvUser)
 {
-    PPGMROMRANGE    pRom = (PPGMROMRANGE)pvUser;
-    const uint32_t  iPage = GCPhys - pRom->GCPhys;
+    PPGMROMRANGE    pRom     = (PPGMROMRANGE)pvUser;
+    const uint32_t  iPage    = (GCPhys - pRom->GCPhys) >> PAGE_SHIFT;
     Assert(iPage < (pRom->cb >> PAGE_SHIFT));
     PPGMROMPAGE     pRomPage = &pRom->aPages[iPage];
@@ -1566 +1610 @@
                         }
 
-                    rc = GMMR3FreePagesPerform(pVM, pReq);
+                    rc = GMMR3FreePagesPerform(pVM, pReq, cDirty);
                     GMMR3FreePagesCleanup(pReq);
                     AssertRCReturn(rc, rc);
@@ -2456 +2500 @@
 
 /**
+ * Frees the specified RAM page and replaces it with the ZERO page.
+ *
+ * This is used by ballooning, remapping MMIO2 and RAM reset.
+ *
+ * @param   pVM         Pointer to the shared VM structure.
+ * @param   pReq        Pointer to the request.
+ * @param   pPage       Pointer to the page structure.
+ * @param   GCPhys      The guest physical address of the page, if applicable.
+ *
+ * @remarks The caller must own the PGM lock.
+ */
+static int pgmPhysFreePage(PVM pVM, PGMMFREEPAGESREQ pReq, uint32_t *pcPendingPages, PPGMPAGE pPage, RTGCPHYS GCPhys)
+{
+    /*
+     * Assert sanity.
+     */
+    Assert(PDMCritSectIsOwner(&pVM->pgm.s.CritSect));
+    if (RT_UNLIKELY(PGM_PAGE_GET_TYPE(pPage) != PGMPAGETYPE_RAM))
+    {
+        AssertMsgFailed(("GCPhys=%RGp pPage=%R[pgmpage]\n", GCPhys, pPage));
+        return VMSetError(pVM, VERR_PGM_PHYS_NOT_RAM, RT_SRC_POS, "GCPhys=%RGp type=%d", GCPhys, PGM_PAGE_GET_TYPE(pPage));
+    }
+
+    if (PGM_PAGE_GET_STATE(pPage) == PGM_PAGE_STATE_ZERO)
+        return VINF_SUCCESS;
+
+    const uint32_t idPage = PGM_PAGE_GET_PAGEID(pPage);
+    if (RT_UNLIKELY(    idPage == NIL_GMM_PAGEID
+                    ||  idPage > GMM_PAGEID_LAST
+                    ||  PGM_PAGE_GET_CHUNKID(pPage) == NIL_GMM_CHUNKID))
+    {
+        AssertMsgFailed(("GCPhys=%RGp pPage=%R[pgmpage]\n", GCPhys, pPage));
+        return VMSetError(pVM, VERR_PGM_PHYS_INVALID_PAGE_ID, RT_SRC_POS, "GCPhys=%RGp idPage=%#x", GCPhys, pPage);
+    }
+
+    /*
+     * pPage = ZERO page.
+     */
+    PGM_PAGE_SET_HCPHYS(pPage, pVM->pgm.s.HCPhysZeroPg);
+    PGM_PAGE_SET_STATE(pPage, PGM_PAGE_STATE_ZERO);
+    PGM_PAGE_SET_PAGEID(pPage, NIL_GMM_PAGEID);
+
+    /*
+     * Make sure it's not in the handy page array.
+     */
+    uint32_t i = pVM->pgm.s.cHandyPages;
+    while (i < RT_ELEMENTS(pVM->pgm.s.aHandyPages))
+    {
+        if (pVM->pgm.s.aHandyPages[i].idPage == idPage)
+        {
+            pVM->pgm.s.aHandyPages[i].idPage = NIL_GMM_PAGEID;
+            break;
+        }
+        if (pVM->pgm.s.aHandyPages[i].idSharedPage == idPage)
+        {
+            pVM->pgm.s.aHandyPages[i].idSharedPage = NIL_GMM_PAGEID;
+            break;
+        }
+        i++;
+    }
+
+    /*
+     * Push it onto the page array.
+     */
+    uint32_t iPage = *pcPendingPages;
+    Assert(iPage < PGMPHYS_FREE_PAGE_BATCH_SIZE);
+    *pcPendingPages += 1;
+
+    pReq->aPages[iPage].idPage = idPage;
+
+    if (iPage + 1 < PGMPHYS_FREE_PAGE_BATCH_SIZE)
+        return VINF_SUCCESS;
+
+    /*
+     * Flush the pages.
+     */
+    int rc = GMMR3FreePagesPerform(pVM, pReq, PGMPHYS_FREE_PAGE_BATCH_SIZE);
+    if (RT_SUCCESS(rc))
+    {
+        GMMR3FreePagesRePrep(pVM, pReq, PGMPHYS_FREE_PAGE_BATCH_SIZE, GMMACCOUNT_BASE);
+        *pcPendingPages = 0;
+    }
+    return rc;
+}
+
+
+/**
  * Converts a GC physical address to a HC ring-3 pointer, with some
  * additional checks.
@@ -2509 +2640 @@
                 {
                     case PGM_PAGE_STATE_ALLOCATED:
+                        break;
                     case PGM_PAGE_STATE_ZERO:
-                        break;
                     case PGM_PAGE_STATE_SHARED:
                     case PGM_PAGE_STATE_WRITE_MONITORED:
@@ -2525 +2656 @@
             /** @todo mapping/locking hell; this isn't horribly efficient since
              *        pgmPhysPageLoadIntoTlb will repeate the lookup we've done here. */
-        }
+
+            Log6(("PGMR3PhysTlbGCPhys2Ptr: GCPhys=%RGp rc=%Rrc pPage=%R[pgmpage] *ppv=%p\n", GCPhys, rc, pPage, *ppv));
+        }
+        else
+            Log6(("PGMR3PhysTlbGCPhys2Ptr: GCPhys=%RGp rc=%Rrc pPage=%R[pgmpage]\n", GCPhys, rc, pPage));
+
         /* else: handler catching all access, no pointer returned. */
 

trunk/src/VBox/VMM/VMMAll/PGMAll.cpp

@@ -2462 +2462 @@
 VMMDECL(int) PGMRegisterStringFormatTypes(void)
 {
-#ifdef LOG_ENABLED
+#if !defined(IN_R0) || defined(LOG_ENABLED)
     int         rc = VINF_SUCCESS;
     unsigned    i;
@@ -2496 +2496 @@
 VMMDECL(void) PGMDeregisterStringFormatTypes(void)
 {
-#ifdef LOG_ENABLED
+#if !defined(IN_R0) || defined(LOG_ENABLED)
     for (unsigned i = 0; i < RT_ELEMENTS(g_aPgmFormatTypes); i++)
         RTStrFormatTypeDeregister(g_aPgmFormatTypes[i].szType);

trunk/src/VBox/VMM/VMMAll/PGMAllBth.h

@@ -4509 +4509 @@
     int rc = VERR_INTERNAL_ERROR;
 #  else
+    pgmLock(pVM);
     PPGMPAGE pPage = pgmPhysGetPage(&pVM->pgm.s, GCPhysCR3);
     AssertReturn(pPage, VERR_INTERNAL_ERROR);
     int rc = pgmPhysGCPhys2CCPtrInternal(pVM, pPage, GCPhysCR3 & GST_CR3_PAGE_MASK, (void **)&HCPtrGuestCR3);
     HCPhysGuestCR3 = PGM_PAGE_GET_HCPHYS(pPage);
+    pgmUnlock(pVM);
 #  endif
 # else  /* !VBOX_WITH_NEW_PHYS_CODE */
@@ -4558 +4560 @@
                     int rc2 = VERR_INTERNAL_ERROR;
 #   else
+                    pgmLock(pVM);
                     PPGMPAGE pPage = pgmPhysGetPage(&pVM->pgm.s, GCPhys);
                     AssertReturn(pPage, VERR_INTERNAL_ERROR);
                     int rc2 = pgmPhysGCPhys2CCPtrInternal(pVM, pPage, GCPhys, (void **)&HCPtr);
                     HCPhys = PGM_PAGE_GET_HCPHYS(pPage);
+                    pgmUnlock(pVM);
 #   endif
 #  else  /* !VBOX_WITH_NEW_PHYS_CODE */

trunk/src/VBox/VMM/VMMAll/PGMAllHandler.cpp

@@ -74 +74 @@
  * @param   pfnHandlerR0    The R0 handler.
  * @param   pvUserR0        User argument to the R0 handler.
- * @param   pfnHandlerGC    The RC handler.
+ * @param   pfnHandlerRC    The RC handler.
  * @param   pvUserRC        User argument to the RC handler. This can be a value
  *                          less that 0x10000 or a (non-null) pointer that is
@@ -95 +95 @@
     switch (enmType)
     {
+        case PGMPHYSHANDLERTYPE_PHYSICAL_WRITE:
+            break;
         case PGMPHYSHANDLERTYPE_MMIO:
-        case PGMPHYSHANDLERTYPE_PHYSICAL_WRITE:
         case PGMPHYSHANDLERTYPE_PHYSICAL_ALL:
+            /* Simplification in PGMPhysRead among other places. */
+            AssertMsgReturn(!(GCPhys & PAGE_OFFSET_MASK), ("%RGp\n", GCPhys), VERR_INVALID_PARAMETER);
+            AssertMsgReturn((GCPhysLast & PAGE_OFFSET_MASK) == PAGE_OFFSET_MASK, ("%RGp\n", GCPhysLast), VERR_INVALID_PARAMETER);
             break;
         default:
@@ -107 +111 @@
                     ("Not RC pointer! pvUserRC=%RRv\n", pvUserRC),
                     VERR_INVALID_PARAMETER);
+    AssertMsgReturn(    (RTR0UINTPTR)pvUserR0 < 0x10000
+                    ||  MMHyperR3ToR0(pVM, MMHyperR0ToR3(pVM, pvUserR0)) == pvUserR0,
+                    ("Not R0 pointer! pvUserR0=%RHv\n", pvUserR0),
+                    VERR_INVALID_PARAMETER);
+#ifdef VBOX_WITH_NEW_PHYS_CODE
+    AssertPtrReturn(pfnHandlerR3, VERR_INVALID_POINTER);
+    AssertReturn(pfnHandlerR0, VERR_INVALID_PARAMETER);
+    AssertReturn(pfnHandlerRC, VERR_INVALID_PARAMETER);
+#else
     AssertReturn(pfnHandlerR3 || pfnHandlerR0 || pfnHandlerRC, VERR_INVALID_PARAMETER);
+#endif
 
     /*

trunk/src/VBox/VMM/VMMAll/PGMAllPhys.cpp

@@ -258 +258 @@
 
 /**
- * Frees the specified RAM page.
- *
- * This is used by ballooning and remapping MMIO2.
- *
- * @param   pVM         Pointer to the shared VM structure.
- * @param   pPage       Pointer to the page structure.
- * @param   GCPhys      The guest physical address of the page, if applicable.
- */
-void pgmPhysFreePage(PVM pVM, PPGMPAGE pPage, RTGCPHYS GCPhys)
-{
-    AssertFatal(PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_RAM);
-
-    /** @todo implement this... */
-    AssertFatalFailed();
-}
-
-
-/**
  * Makes sure that there is at least one handy page ready for use.
  *
@@ -380 +362 @@
 int pgmPhysAllocPage(PVM pVM, PPGMPAGE pPage, RTGCPHYS GCPhys)
 {
+    LogFlow(("pgmPhysAllocPage: %R[pgmpage] %RGp\n", pPage, GCPhys));
+
     /*
      * Ensure that we've got a page handy, take it and use it.
@@ -407 +391 @@
      */
     const RTHCPHYS HCPhys = pVM->pgm.s.aHandyPages[iHandyPage].HCPhysGCPhys;
-    pVM->pgm.s.aHandyPages[iHandyPage].HCPhysGCPhys = GCPhys;
+    pVM->pgm.s.aHandyPages[iHandyPage].HCPhysGCPhys = GCPhys & ~(RTGCPHYS)PAGE_OFFSET_MASK;
 
     if (PGM_PAGE_IS_SHARED(pPage))
@@ -952 +936 @@
             PPGMPAGEMAP pMap = pTlbe->pMap;
             pMap->cRefs++;
-#if 0 /** @Todo implement locking properly */
+#if 0 /** @todo implement locking properly */
             if (RT_LIKELY(pPage->cLocks != PGM_PAGE_MAX_LOCKS))
                 if (RT_UNLIKELY(++pPage->cLocks == PGM_PAGE_MAX_LOCKS))
@@ -1041 +1025 @@
 VMMDECL(int) PGMPhysGCPtr2CCPtr(PVM pVM, RTGCPTR GCPtr, void **ppv, PPGMPAGEMAPLOCK pLock)
 {
+    VM_ASSERT_EMT(pVM);
     RTGCPHYS GCPhys;
     int rc = PGMPhysGCPtr2GCPhys(pVM, GCPtr, &GCPhys);
@@ -1074 +1059 @@
 VMMDECL(int) PGMPhysGCPtr2CCPtrReadOnly(PVM pVM, RTGCPTR GCPtr, void const **ppv, PPGMPAGEMAPLOCK pLock)
 {
+    VM_ASSERT_EMT(pVM);
     RTGCPHYS GCPhys;
     int rc = PGMPhysGCPtr2GCPhys(pVM, GCPtr, &GCPhys);
@@ -1157 +1143 @@
     AssertFailedReturn(VERR_NOT_IMPLEMENTED);
 # else
+    pgmLock(pVM);
+
     PPGMRAMRANGE pRam;
     PPGMPAGE pPage;
     int rc = pgmPhysGetPageAndRangeEx(&pVM->pgm.s, GCPhys, &pPage, &pRam);
-    if (RT_FAILURE(rc))
-        return rc;
-
-    void *pv;
-    rc = pgmPhysGCPhys2CCPtrInternal(pVM, pPage, GCPhys, &pv);
-    if (RT_FAILURE(rc))
-        return rc;
-    *pR3Ptr = (RTR3PTR)pv;
-    return VINF_SUCCESS;
+    if (RT_SUCCESS(rc))
+        rc = pgmPhysGCPhys2CCPtrInternal(pVM, pPage, GCPhys, (void **)&pR3Ptr);
+
+    pgmUnlock(pVM);
+    Assert(rc <= VINF_SUCCESS);
+    return rc;
 # endif
 
@@ -1283 +1268 @@
  * @param   GCPtr       The guest pointer to convert.
  * @param   pR3Ptr      Where to store the R3 virtual address.
+ *
+ * @deprecated
  */
 VMMDECL(int) PGMPhysGCPtr2R3Ptr(PVM pVM, RTGCPTR GCPtr, PRTR3PTR pR3Ptr)
@@ -1298 +1285 @@
 
 
-/**
- * Converts a guest virtual address to a HC ring-3 pointer by specfied CR3 and
- * flags.
- *
- * @returns VBox status code.
- * @param   pVM         The VM Handle
- * @param   GCPtr       The guest pointer to convert.
- * @param   cr3         The guest CR3.
- * @param   fFlags      Flags used for interpreting the PD correctly: X86_CR4_PSE and X86_CR4_PAE
- * @param   pR3Ptr      Where to store the R3 pointer.
- *
- * @remark  This function is used by the REM at a time where PGM could
- *          potentially not be in sync. It could also be used by a
- *          future DBGF API to cpu state independent conversions.
- */
-VMMDECL(int) PGMPhysGCPtr2R3PtrByGstCR3(PVM pVM, RTGCPTR GCPtr, uint64_t cr3, unsigned fFlags, PRTR3PTR pR3Ptr)
-{
-#ifdef VBOX_WITH_NEW_PHYS_CODE
-    VM_ASSERT_EMT(pVM); /* no longer safe for use outside the EMT thread! */
-#endif
-    /*
-     * PAE or 32-bit?
-     */
-    Assert(!CPUMIsGuestInLongMode(pVM));
-
-    int rc;
-    if (!(fFlags & X86_CR4_PAE))
-    {
-        PX86PD pPD;
-        rc = PGM_GCPHYS_2_PTR(pVM, cr3 & X86_CR3_PAGE_MASK, &pPD);
-        if (RT_SUCCESS(rc))
-        {
-            X86PDE Pde = pPD->a[(RTGCUINTPTR)GCPtr >> X86_PD_SHIFT];
-            if (Pde.n.u1Present)
-            {
-                if ((fFlags & X86_CR4_PSE) && Pde.b.u1Size)
-                {   /* (big page) */
-                    rc = PGMPhysGCPhys2R3Ptr(pVM, pgmGstGet4MBPhysPage(&pVM->pgm.s, Pde) | ((RTGCUINTPTR)GCPtr & X86_PAGE_4M_OFFSET_MASK),
-                                             1 /* we always stay within one page */, pR3Ptr);
-                }
-                else
-                {   /* (normal page) */
-                    PX86PT pPT;
-                    rc = PGM_GCPHYS_2_PTR(pVM, Pde.u & X86_PDE_PG_MASK, &pPT);
-                    if (RT_SUCCESS(rc))
-                    {
-                        X86PTE Pte = pPT->a[((RTGCUINTPTR)GCPtr >> X86_PT_SHIFT) & X86_PT_MASK];
-                        if (Pte.n.u1Present)
-                            return PGMPhysGCPhys2R3Ptr(pVM, (Pte.u & X86_PTE_PG_MASK) | ((RTGCUINTPTR)GCPtr & PAGE_OFFSET_MASK),
-                                                       1 /* we always stay within one page */, pR3Ptr);
-                        rc = VERR_PAGE_NOT_PRESENT;
-                    }
-                }
-            }
-            else
-                rc = VERR_PAGE_TABLE_NOT_PRESENT;
-        }
-    }
-    else
-    {
-        /** @todo long mode! */
-        Assert(PGMGetGuestMode(pVM) < PGMMODE_AMD64);
-
-        PX86PDPT pPdpt;
-        rc = PGM_GCPHYS_2_PTR(pVM, cr3 & X86_CR3_PAE_PAGE_MASK, &pPdpt);
-        if (RT_SUCCESS(rc))
-        {
-            X86PDPE Pdpe = pPdpt->a[((RTGCUINTPTR)GCPtr >> X86_PDPT_SHIFT) & X86_PDPT_MASK_PAE];
-            if (Pdpe.n.u1Present)
-            {
-                PX86PDPAE pPD;
-                rc = PGM_GCPHYS_2_PTR(pVM, Pdpe.u & X86_PDPE_PG_MASK, &pPD);
-                if (RT_SUCCESS(rc))
-                {
-                    X86PDEPAE Pde = pPD->a[((RTGCUINTPTR)GCPtr >> X86_PD_PAE_SHIFT) & X86_PD_PAE_MASK];
-                    if (Pde.n.u1Present)
-                    {
-                        if ((fFlags & X86_CR4_PSE) && Pde.b.u1Size)
-                        {   /* (big page) */
-                            rc = PGMPhysGCPhys2R3Ptr(pVM, (Pde.u & X86_PDE2M_PAE_PG_MASK) | ((RTGCUINTPTR)GCPtr & X86_PAGE_2M_OFFSET_MASK),
-                                                     1 /* we always stay within one page */, pR3Ptr);
-                        }
-                        else
-                        {   /* (normal page) */
-                            PX86PTPAE pPT;
-                            rc = PGM_GCPHYS_2_PTR(pVM, (Pde.u & X86_PDE_PAE_PG_MASK), &pPT);
-                            if (RT_SUCCESS(rc))
-                            {
-                                X86PTEPAE Pte = pPT->a[((RTGCUINTPTR)GCPtr >> X86_PT_PAE_SHIFT) & X86_PT_PAE_MASK];
-                                if (Pte.n.u1Present)
-                                    return PGMPhysGCPhys2R3Ptr(pVM, (Pte.u & X86_PTE_PAE_PG_MASK) | ((RTGCUINTPTR)GCPtr & PAGE_OFFSET_MASK),
-                                                               1 /* we always stay within one page */, pR3Ptr);
-                                rc = VERR_PAGE_NOT_PRESENT;
-                            }
-                        }
-                    }
-                    else
-                        rc = VERR_PAGE_TABLE_NOT_PRESENT;
-                }
-            }
-            else
-                rc = VERR_PAGE_TABLE_NOT_PRESENT;
-        }
-    }
-    return rc;
-}
-
 
 #undef LOG_GROUP
@@ -1439 +1319 @@
 #endif /* IN_RING3 */
 
-
 #ifdef VBOX_WITH_NEW_PHYS_CODE
+
 /**
  * Deals with reading from a page with one or more ALL access handlers.
@@ -1448 +1328 @@
  * @param   GCPhys      The physical address to start reading at.
  * @param   pvBuf       Where to put the bits we read.
- * @param   cbRead      How much to read - less or equal to a page.
- */
-static void pgmPhysReadHandler(PVM pVM, PPGMPAGE pPage, RTGCPHYS GCPhys, void *pvBuf, size_t cbRead)
-{
-    AssertFailed();
+ * @param   cb          How much to read - less or equal to a page.
+ */
+static void pgmPhysReadHandler(PVM pVM, PPGMPAGE pPage, RTGCPHYS GCPhys, void *pvBuf, size_t cb)
+{
+    /*
+     * The most frequent access here is MMIO and shadowed ROM.
+     *
+     * The current code ASSUMES all these access handlers are page sized
+     * and that we do NOT use any virtual ones.
+     */
+    if (    PGM_PAGE_GET_HNDL_PHYS_STATE(pPage) == PGM_PAGE_HNDL_PHYS_STATE_ALL
+        &&  PGM_PAGE_GET_HNDL_VIRT_STATE(pPage) != PGM_PAGE_HNDL_VIRT_STATE_ALL)
+    {
+#ifdef IN_RING3
+        PPGMPHYSHANDLER pCur = (PPGMPHYSHANDLER)RTAvlroGCPhysRangeGet(&pVM->pgm.s.CTX_SUFF(pTrees)->PhysHandlers, GCPhys);
+        AssertReleaseMsg(pCur, ("GCPhys=%RGp cb=%#x\n", GCPhys, cb));
+        Assert(GCPhys >= pCur->Core.Key && GCPhys <= pCur->Core.KeyLast);
+        Assert(pCur->CTX_SUFF(pfnHandler));
+
+        const void *pvSrc;
+        int rc = pgmPhysGCPhys2CCPtrInternalReadOnly(pVM, pPage, GCPhys, &pvSrc);
+        if (RT_SUCCESS(rc))
+        {
+            STAM_PROFILE_START(&pCur->Stat, h);
+            int rc = pCur->CTX_SUFF(pfnHandler)(pVM, GCPhys, (void *)pvSrc, pvBuf, cb, PGMACCESSTYPE_READ, pCur->CTX_SUFF(pvUser));
+            STAM_PROFILE_STOP(&pCur->Stat, h);
+            if (rc == VINF_PGM_HANDLER_DO_DEFAULT)
+                memcpy(pvBuf, pvSrc, cb);
+            else
+                AssertLogRelMsg(rc == VINF_SUCCESS, ("rc=%Rrc GCPhys=%RGp\n", rc, GCPhys));
+        }
+        else
+        {
+            AssertLogRelMsgFailed(("pgmPhysGCPhys2CCPtrInternalReadOnly failed on %RGp / %R[pgmpage] -> %Rrc\n",
+                                   GCPhys, pPage, rc));
+            memset(pvBuf, 0xff, cb);
+        }
+#else
+        AssertReleaseMsgFailed(("Wrong API! GCPhys=%RGp cb=%#x\n", GCPhys, cb));
+#endif
+    }
+    else
+        AssertReleaseMsgFailed(("ALL access virtual handlers are not implemented here\n"));
 }
 
@@ -1836 +1754 @@
 static void pgmPhysWriteHandler(PVM pVM, PPGMPAGE pPage, RTGCPHYS GCPhys, void const *pvBuf, size_t cbWrite)
 {
-    AssertFailed();
+    void *pvDst = NULL;
+
+    /*
+     * Give priority to physical handlers (like #PF does).
+     *
+     * Hope for a lonely physical handler first that covers the whole
+     * write area. This should be a pretty frequent case with MMIO and
+     * the heavy usage of full page handlers in the page pool.
+     */
+    if (!PGM_PAGE_HAS_ACTIVE_VIRTUAL_HANDLERS(pPage))
+    {
+        PPGMPHYSHANDLER pCur = (PPGMPHYSHANDLER)RTAvlroGCPhysRangeGet(&pVM->pgm.s.CTX_SUFF(pTrees)->PhysHandlers, GCPhys);
+        if (pCur)
+        {
+            Assert(GCPhys >= pCur->Core.Key && GCPhys <= pCur->Core.KeyLast);
+            Assert(pCur->CTX_SUFF(pfnHandler));
+
+            size_t cbRange = pCur->Core.KeyLast - GCPhys + 1;
+            if (cbRange > cbWrite)
+                cbRange = cbWrite;
+
+#ifdef IN_RING3
+            int rc = pgmPhysGCPhys2CCPtrInternal(pVM, pPage, GCPhys, &pvDst);
+            if (RT_SUCCESS(rc))
+            {
+                STAM_PROFILE_START(&pCur->Stat, h);
+                rc = pCur->CTX_SUFF(pfnHandler)(pVM, GCPhys, pvDst, (void *)pvBuf, cbRange, PGMACCESSTYPE_WRITE, pCur->CTX_SUFF(pvUser));
+                STAM_PROFILE_STOP(&pCur->Stat, h);
+                if (rc == VINF_PGM_HANDLER_DO_DEFAULT)
+                    memcpy(pvDst, pvBuf, cbRange);
+                else
+                    AssertLogRelMsg(rc == VINF_SUCCESS, ("rc=%Rrc GCPhys=%RGp %s\n", rc, GCPhys, pCur->pszDesc));
+            }
+            else
+                AssertLogRelMsgFailed(("pgmPhysGCPhys2CCPtrInternal failed on %RGp / %R[pgmpage] -> %Rrc\n",
+                                       GCPhys, pPage, rc));
+#else
+            AssertReleaseMsgFailed(("Wrong API! GCPhys=%RGp cbRange=%#x\n", GCPhys, cbRange));
+#endif
+            if (RT_LIKELY(cbRange == cbWrite))
+                return;
+
+            /* more fun to be had below */
+            GCPhys  += cbRange;
+            cbWrite -= cbRange;
+            pvBuf    = (uint8_t *)pvBuf + cbRange;
+        }
+        /* else: the handler is somewhere else in the page, deal with it below. */
+    }
+    /*
+     * A virtual handler without any interfering physical handlers.
+     * Hopefully it'll conver the whole write.
+     */
+    else if (!PGM_PAGE_HAS_ACTIVE_PHYSICAL_HANDLERS(pPage))
+    {
+        unsigned        iPage;
+        PPGMVIRTHANDLER pCur;
+        int rc = pgmHandlerVirtualFindByPhysAddr(pVM, GCPhys, &pCur, &iPage);
+        if (RT_SUCCESS(rc))
+        {
+            size_t cbRange = (PAGE_OFFSET_MASK & pCur->Core.KeyLast) - (PAGE_OFFSET_MASK & GCPhys) + 1;
+            if (cbRange > cbWrite)
+                cbRange = cbWrite;
+
+#ifdef IN_RING3
+            int rc = pgmPhysGCPhys2CCPtrInternal(pVM, pPage, GCPhys, &pvDst);
+            if (RT_SUCCESS(rc))
+            {
+                rc = VINF_PGM_HANDLER_DO_DEFAULT;
+                if (pCur->pfnHandlerR3)
+                {
+                    RTGCUINTPTR GCPtr = ((RTGCUINTPTR)pCur->Core.Key & PAGE_BASE_GC_MASK)
+                                      + (iPage << PAGE_SHIFT)
+                                      + (GCPhys & PAGE_OFFSET_MASK);
+
+                    STAM_PROFILE_START(&pCur->Stat, h);
+                    rc = pCur->CTX_SUFF(pfnHandler)(pVM, GCPtr, pvDst, (void *)pvBuf, cbRange, PGMACCESSTYPE_WRITE, /*pCur->CTX_SUFF(pvUser)*/ NULL);
+                    STAM_PROFILE_STOP(&pCur->Stat, h);
+                }
+                if (rc == VINF_PGM_HANDLER_DO_DEFAULT)
+                    memcpy(pvDst, pvBuf, cbRange);
+                else
+                    AssertLogRelMsg(rc == VINF_SUCCESS, ("rc=%Rrc GCPhys=%RGp %s\n", rc, GCPhys, pCur->pszDesc));
+            }
+            else
+                AssertLogRelMsgFailed(("pgmPhysGCPhys2CCPtrInternal failed on %RGp / %R[pgmpage] -> %Rrc\n",
+                                       GCPhys, pPage, rc));
+#else
+            AssertReleaseMsgFailed(("Wrong API! GCPhys=%RGp cb=%#x\n", GCPhys, cbRange));
+#endif
+            if (RT_LIKELY(cbRange == cbWrite))
+                return;
+
+            /* more fun to be had below */
+            GCPhys  += cbRange;
+            cbWrite -= cbRange;
+            pvBuf    = (uint8_t *)pvBuf + cbRange;
+        }
+        /* else: the handler is somewhere else in the page, deal with it below. */
+    }
+
+    /*
+     * Deal with all the odd ends.
+     */
+    while (cbWrite > 0)
+    {
+        AssertReleaseMsgFailed(("%RGp %#x %R[pgmpage]\n", GCPhys, cbWrite, pPage));
+    }
 }