Changeset 2120 in vbox for trunk

Timestamp:

Apr 17, 2007 8:40:33 AM (18 years ago)

Author:

vboxsync

Message:

Real and protected mode without paging changes. Currently not yet used.

File:

• trunk/src/VBox/VMM/VMMAll/PGMAllBth.h (modified) (50 diffs)

trunk/src/VBox/VMM/VMMAll/PGMAllBth.h

@@ -54 +54 @@
 PGM_BTH_DECL(int, Trap0eHandler)(PVM pVM, RTGCUINT uErr, PCPUMCTXCORE pRegFrame, RTGCPTR pvFault)
 {
-#if PGM_GST_TYPE == PGM_TYPE_32BIT
+#if (PGM_GST_TYPE == PGM_TYPE_32BIT ||  PGM_GST_TYPE == PGM_TYPE_REAL ||  PGM_GST_TYPE == PGM_TYPE_PROT) && PGM_SHW_TYPE != PGM_TYPE_AMD64
+
 # if PGM_SHW_TYPE != PGM_TYPE_32BIT && PGM_SHW_TYPE != PGM_TYPE_PAE
 #  error "32-bit guest mode is only implemented for 32-bit and PAE shadow modes."
@@ -75 +76 @@
      */
     int             rc;
+# if PGM_WITH_PAGING(PGM_GST_TYPE)
     PVBOXPD         pPDSrc = CTXSUFF(pVM->pgm.s.pGuestPD);
-    const unsigned  iPDSrc = (uintptr_t)pvFault >> GST_PD_SHIFT;
-    const unsigned  iPDDst = (uintptr_t)pvFault >> SHW_PD_SHIFT;
+    const unsigned  iPDSrc = (RTGCUINTPTR)pvFault >> GST_PD_SHIFT;
+# else
+    PVBOXPD         pPDSrc = NULL;
+    const unsigned  iPDSrc = 0;
+# endif
+
+    const unsigned  iPDDst = (RTGCUINTPTR)pvFault >> SHW_PD_SHIFT;
 # if PGM_SHW_TYPE == PGM_TYPE_32BIT
     PX86PD          pPDDst = pVM->pgm.s.CTXMID(p,32BitPD);
@@ -87 +94 @@
     uint32_t cpl = CPUMGetGuestCPL(pVM, pRegFrame);
 
-# ifdef PGM_SYNC_DIRTY_BIT
+# if PGM_WITH_PAGING(PGM_GST_TYPE)
+#  ifdef PGM_SYNC_DIRTY_BIT
     /*
      * If we successfully correct the write protection fault due to dirty bit
@@ -103 +111 @@
         return rc == VINF_PGM_HANDLED_DIRTY_BIT_FAULT ? VINF_SUCCESS : rc;
     }
-# endif
+#  endif
+
     STAM_COUNTER_INC(&pVM->pgm.s.StatGCTrap0ePD[iPDSrc]);
+# endif /* PGM_WITH_PAGING(PGM_GST_TYPE) */
 
     /*
@@ -117 +127 @@
      *
      */
+# if PGM_WITH_PAGING(PGM_GST_TYPE)
     VBOXPDE PdeSrc = pPDSrc->a[iPDSrc];
+# else
+    VBOXPDE PdeSrc;
+    PdeSrc.au32[0]      = 0; /* faked so we don't have to #ifdef everything */
+    PdeSrc.n.u1Present  = 1;
+    PdeSrc.n.u1Write    = 1;
+    PdeSrc.n.u1Accessed = 1;
+# endif
     if (    !(uErr & X86_TRAP_PF_P) /* not set means page not present instead of page protection violation */
         &&  !pPDDst->a[iPDDst].n.u1Present
-        &&  PdeSrc.n.u1Present)
+        &&  PdeSrc.n.u1Present
+       )
 
     {
@@ -138 +157 @@
     }
 
+# if PGM_WITH_PAGING(PGM_GST_TYPE)
     /*
      * Check if this address is within any of our mappings.
@@ -151 +171 @@
         for ( ; pMapping; pMapping = CTXSUFF(pMapping->pNext))
         {
-            if ((uintptr_t)pvFault < (uintptr_t)pMapping->GCPtr)
+            if ((RTGCUINTPTR)pvFault < (RTGCUINTPTR)pMapping->GCPtr)
                 break;
-            if ((uintptr_t)pvFault - (uintptr_t)pMapping->GCPtr < pMapping->cb)
+            if ((RTGCUINTPTR)pvFault - (RTGCUINTPTR)pMapping->GCPtr < pMapping->cb)
             {
                 /*
@@ -178 +198 @@
                 if (    pCur
                     &&  pCur->enmType != PGMVIRTHANDLERTYPE_EIP
-                    &&  (uintptr_t)pvFault - (uintptr_t)pCur->GCPtr < pCur->cb
+                    &&  (RTGCUINTPTR)pvFault - (RTGCUINTPTR)pCur->GCPtr < pCur->cb
                     &&  (    uErr & X86_TRAP_PF_RW
                          ||  (   pCur->enmType != PGMVIRTHANDLERTYPE_WRITE
                               && pCur->enmType != PGMVIRTHANDLERTYPE_HYPERVISOR) ) ) /** r=bird: <- this is probably wrong. */
                 {
-#ifdef IN_GC
+#  ifdef IN_GC
                     STAM_PROFILE_START(&pCur->Stat, h);
-                    rc = CTXSUFF(pCur->pfnHandler)(pVM, uErr, pRegFrame, pvFault, pCur->GCPtr, (uintptr_t)pvFault - (uintptr_t)pCur->GCPtr);
+                    rc = CTXSUFF(pCur->pfnHandler)(pVM, uErr, pRegFrame, pvFault, pCur->GCPtr, (RTGCUINTPTR)pvFault - (RTGCUINTPTR)pCur->GCPtr);
                     STAM_PROFILE_STOP(&pCur->Stat, h);
-#else
+#  else
                     AssertFailed();
                     rc = VINF_EM_RAW_EMULATE_INSTR; /* can't happen with VMX */
-#endif
+#  endif
                     STAM_COUNTER_INC(&pVM->pgm.s.StatTrap0eMapHandler);
                     STAM_PROFILE_STOP(&pVM->pgm.s.StatMapping, a);
@@ -208 +228 @@
                         if (    pCur
                             &&  pCur->enmType == PGMVIRTHANDLERTYPE_EIP
-                            &&  (uintptr_t)pvEIP - (uintptr_t)pCur->GCPtr < pCur->cb)
+                            &&  (RTGCUINTPTR)pvEIP - (RTGCUINTPTR)pCur->GCPtr < pCur->cb)
                         {
-#ifdef IN_GC
+#  ifdef IN_GC
                             STAM_PROFILE_START(&pCur->Stat, h);
-                            rc = CTXSUFF(pCur->pfnHandler)(pVM, uErr, pRegFrame, pvFault, pCur->GCPtr, (uintptr_t)pvEIP - (uintptr_t)pCur->GCPtr);
+                            rc = CTXSUFF(pCur->pfnHandler)(pVM, uErr, pRegFrame, pvFault, pCur->GCPtr, (RTGCUINTPTR)pvEIP - (RTGCUINTPTR)pCur->GCPtr);
                             STAM_PROFILE_STOP(&pCur->Stat, h);
-#else
+#  else
                             AssertFailed();
                             rc = VINF_EM_RAW_EMULATE_INSTR; /* can't happen with VMX */
-#endif
+#  endif
                             STAM_COUNTER_INC(&pVM->pgm.s.StatTrap0eMapHandler);
                             STAM_PROFILE_STOP(&pVM->pgm.s.StatMapping, a);
@@ -237 +257 @@
         STAM_PROFILE_STOP(&pVM->pgm.s.StatMapping, a);
     } /* pgmAreMappingsEnabled(&pVM->pgm.s) */
+# endif /* PGM_WITH_PAGING(PGM_GST_TYPE) */
 
     /*
@@ -249 +270 @@
     {
         RTGCPHYS    GCPhys = ~0U;
+
+# if PGM_WITH_PAGING(PGM_GST_TYPE)
         uint32_t    cr4 = CPUMGetGuestCR4(pVM);
         if (    PdeSrc.b.u1Size
@@ -257 +280 @@
         {
             PVBOXPT pPTSrc;
-# ifdef IN_GC
+#  ifdef IN_GC
             rc = PGMGCDynMapGCPage(pVM, PdeSrc.u & X86_PDE_PG_MASK, (void **)&pPTSrc);
-# else
+#  else
             pPTSrc = (PVBOXPT)MMPhysGCPhys2HCVirt(pVM, PdeSrc.u & X86_PDE_PG_MASK, sizeof(*pPTSrc));
             if (pPTSrc == 0)
                 rc = VERR_PGM_INVALID_GC_PHYSICAL_ADDRESS;
-# endif
+#  endif
             if (VBOX_SUCCESS(rc))
             {
-                unsigned iPTESrc = ((uintptr_t)pvFault >> PAGE_SHIFT) & PTE_MASK;
+                unsigned iPTESrc = ((RTGCUINTPTR)pvFault >> PAGE_SHIFT) & PTE_MASK;
                 if (pPTSrc->a[iPTESrc].n.u1Present)
                     GCPhys = pPTSrc->a[iPTESrc].u & X86_PTE_PG_MASK;
             }
         }
+# else
+        /* No paging so the fault address is the physical address */
+        GCPhys = (RTGCPHYS)((RTGCUINTPTR)pvFault & ~PAGE_OFFSET_MASK);
+# endif /* PGM_WITH_PAGING(PGM_GST_TYPE) */
 
         /*
@@ -290 +317 @@
                          * Physical page access handler.
                          */
-                        const RTGCPHYS  GCPhysFault = GCPhys | ((uintptr_t)pvFault & PAGE_OFFSET_MASK);
+                        const RTGCPHYS  GCPhysFault = GCPhys | ((RTGCUINTPTR)pvFault & PAGE_OFFSET_MASK);
                         PPGMPHYSHANDLER pCur = (PPGMPHYSHANDLER)RTAvlroGCPhysRangeGet(&CTXSUFF(pVM->pgm.s.pTrees)->PhysHandlers, GCPhysFault);
                         if (pCur)
@@ -346 +373 @@
                         }
                     }
+# if PGM_WITH_PAGING(PGM_GST_TYPE)
                     else
                     {
@@ -383 +411 @@
                         if (pCur)
                         {
-                            AssertMsg(!((uintptr_t)pvFault - (uintptr_t)pCur->GCPtr < pCur->cb)
+                            AssertMsg(!((RTGCUINTPTR)pvFault - (RTGCUINTPTR)pCur->GCPtr < pCur->cb)
                                       || (     pCur->enmType != PGMVIRTHANDLERTYPE_WRITE
                                            || !(uErr & X86_TRAP_PF_P)
@@ -390 +418 @@
 
                             if (    pCur->enmType != PGMVIRTHANDLERTYPE_EIP
-                                &&  (uintptr_t)pvFault - (uintptr_t)pCur->GCPtr < pCur->cb
+                                &&  (RTGCUINTPTR)pvFault - (RTGCUINTPTR)pCur->GCPtr < pCur->cb
                                 &&  (    uErr & X86_TRAP_PF_RW
                                      ||  (   pCur->enmType != PGMVIRTHANDLERTYPE_WRITE
                                           && pCur->enmType != PGMVIRTHANDLERTYPE_HYPERVISOR) ) ) /** @todo r=bird: _HYPERVISOR is impossible here because of mapping check. */
                             {
-#ifdef IN_GC
+#  ifdef IN_GC
                                 STAM_PROFILE_START(&pCur->Stat, h);
-                                rc = CTXSUFF(pCur->pfnHandler)(pVM, uErr, pRegFrame, pvFault, pCur->GCPtr, (uintptr_t)pvFault - (uintptr_t)pCur->GCPtr);
+                                rc = CTXSUFF(pCur->pfnHandler)(pVM, uErr, pRegFrame, pvFault, pCur->GCPtr, (RTGCUINTPTR)pvFault - (RTGCUINTPTR)pCur->GCPtr);
                                 STAM_PROFILE_STOP(&pCur->Stat, h);
-#else
+#  else
                                 rc = VINF_EM_RAW_EMULATE_INSTR; /** @todo for VMX */
-#endif
+#  endif
                                 STAM_COUNTER_INC(&pVM->pgm.s.StatHandlersVirtual);
                                 STAM_PROFILE_STOP(&pVM->pgm.s.StatHandlers, b);
@@ -414 +442 @@
                             PPGMVIRTHANDLER pCur;
                             unsigned        iPage;
-                            rc = pgmHandlerVirtualFindByPhysAddr(pVM, GCPhys + ((uintptr_t)pvFault & PAGE_OFFSET_MASK),
+                            rc = pgmHandlerVirtualFindByPhysAddr(pVM, GCPhys + ((RTGCUINTPTR)pvFault & PAGE_OFFSET_MASK),
                                                                  &pCur, &iPage);
                             Assert(VBOX_SUCCESS(rc) || !pCur);
@@ -424 +452 @@
                             {
                                 Assert((pCur->aPhysToVirt[iPage].Core.Key & X86_PTE_PAE_PG_MASK) == GCPhys);
-#ifdef IN_GC
-                                uintptr_t off = (iPage << PAGE_SHIFT) + ((uintptr_t)pvFault & PAGE_OFFSET_MASK) - ((uintptr_t)pCur->GCPtr & PAGE_OFFSET_MASK);
+#  ifdef IN_GC
+                                RTGCUINTPTR off = (iPage << PAGE_SHIFT) + ((RTGCUINTPTR)pvFault & PAGE_OFFSET_MASK) - ((RTGCUINTPTR)pCur->GCPtr & PAGE_OFFSET_MASK);
                                 Assert(off < pCur->cb);
                                 STAM_PROFILE_START(&pCur->Stat, h);
                                 rc = CTXSUFF(pCur->pfnHandler)(pVM, uErr, pRegFrame, pvFault, pCur->GCPtr, off);
                                 STAM_PROFILE_STOP(&pCur->Stat, h);
-#else
+#  else
                                 rc = VINF_EM_RAW_EMULATE_INSTR; /** @todo for VMX */
-#endif
+#  endif
                                 STAM_COUNTER_INC(&pVM->pgm.s.StatHandlersVirtualByPhys);
                                 STAM_PROFILE_STOP(&pVM->pgm.s.StatHandlers, b);
@@ -440 +468 @@
                         }
                     }
+# endif /* PGM_WITH_PAGING(PGM_GST_TYPE) */
 
                     /*
@@ -479 +508 @@
                 } /* if any kind of handler */
 
+# if PGM_WITH_PAGING(PGM_GST_TYPE)
                 if (uErr & X86_TRAP_PF_P)
                 {
@@ -491 +521 @@
                     if (pCur)
                     {
-                        AssertMsg(   !((uintptr_t)pvFault - (uintptr_t)pCur->GCPtr < pCur->cb)
+                        AssertMsg(   !((RTGCUINTPTR)pvFault - (RTGCUINTPTR)pCur->GCPtr < pCur->cb)
                                   || (    pCur->enmType != PGMVIRTHANDLERTYPE_WRITE
                                        || !(uErr & X86_TRAP_PF_P)
@@ -498 +528 @@
 
                         if (    pCur->enmType != PGMVIRTHANDLERTYPE_EIP
-                            &&  (uintptr_t)pvFault - (uintptr_t)pCur->GCPtr < pCur->cb
+                            &&  (RTGCUINTPTR)pvFault - (RTGCUINTPTR)pCur->GCPtr < pCur->cb
                             &&  (    uErr & X86_TRAP_PF_RW
                                  ||  (   pCur->enmType != PGMVIRTHANDLERTYPE_WRITE
                                       && pCur->enmType != PGMVIRTHANDLERTYPE_HYPERVISOR) ) ) /** @todo r=bird: _HYPERVISOR is impossible here because of mapping check. */
                         {
-#ifdef IN_GC
+#  ifdef IN_GC
                             STAM_PROFILE_START(&pCur->Stat, h);
-                            rc = CTXSUFF(pCur->pfnHandler)(pVM, uErr, pRegFrame, pvFault, pCur->GCPtr, (uintptr_t)pvFault - (uintptr_t)pCur->GCPtr);
+                            rc = CTXSUFF(pCur->pfnHandler)(pVM, uErr, pRegFrame, pvFault, pCur->GCPtr, (RTGCUINTPTR)pvFault - (RTGCUINTPTR)pCur->GCPtr);
                             STAM_PROFILE_STOP(&pCur->Stat, h);
-#else
+#  else
                             rc = VINF_EM_RAW_EMULATE_INSTR; /** @todo for VMX */
-#endif
+#  endif
                             STAM_COUNTER_INC(&pVM->pgm.s.StatHandlersVirtualUnmarked);
                             STAM_PROFILE_STOP(&pVM->pgm.s.StatHandlers, b);
@@ -517 +547 @@
                     }
                 }
+# endif /* PGM_WITH_PAGING(PGM_GST_TYPE) */
             }
             STAM_PROFILE_STOP(&pVM->pgm.s.StatHandlers, b);
@@ -547 +578 @@
                      pvFault, pRegFrame->eip, PdeSrc.n.u1User, fPageGst, GCPhys, CSAMDoesPageNeedScanning(pVM, (RTGCPTR)pRegFrame->eip)));
 #  endif /* LOG_ENABLED */
-
-#  ifndef IN_RING0
+ 
+#  if PGM_WITH_PAGING(PGM_GST_TYPE) && !defined(IN_RING0)
                 if (cpl == 0)
                 {
@@ -559 +590 @@
                         if (    pvFault == (RTGCPTR)pRegFrame->eip
                             ||  (RTGCUINTPTR)pvFault - pRegFrame->eip < 8    /* instruction crossing a page boundary */
-#ifdef CSAM_DETECT_NEW_CODE_PAGES
+#   ifdef CSAM_DETECT_NEW_CODE_PAGES
                             ||  (   !PATMIsPatchGCAddr(pVM, (RTGCPTR)pRegFrame->eip) 
                                  && CSAMDoesPageNeedScanning(pVM, (RTGCPTR)pRegFrame->eip))   /* any new code we encounter here */
-#endif /* CSAM_DETECT_NEW_CODE_PAGES */
+#   endif /* CSAM_DETECT_NEW_CODE_PAGES */
                            )
                         {
@@ -584 +615 @@
                             }
                         }
-#ifdef CSAM_DETECT_NEW_CODE_PAGES
+#   ifdef CSAM_DETECT_NEW_CODE_PAGES
                         else
                         if (    uErr == X86_TRAP_PF_RW
@@ -615 +646 @@
                             }                            
                         }
-#endif  /* CSAM_DETECT_NEW_CODE_PAGES */
+#   endif  /* CSAM_DETECT_NEW_CODE_PAGES */
 
                         /*
@@ -625 +656 @@
                     }
                 }
-#  endif
+#  endif /* PGM_WITH_PAGING(PGM_GST_TYPE) */
                 rc = PGM_BTH_NAME(SyncPage)(pVM, PdeSrc, (RTGCUINTPTR)pvFault, PGM_SYNC_NR_PAGES, uErr);
                 if (VBOX_SUCCESS(rc))
@@ -728 +759 @@
 
 
+# if PGM_WITH_PAGING(PGM_GST_TYPE)
     /*
      * Check if it's in a EIP based virtual page access handler range.
@@ -744 +776 @@
             if (    pCur
                 &&  pCur->enmType == PGMVIRTHANDLERTYPE_EIP
-                &&  (uintptr_t)pvEIP - (uintptr_t)pCur->GCPtr < pCur->cb)
+                &&  (RTGCUINTPTR)pvEIP - (RTGCUINTPTR)pCur->GCPtr < pCur->cb)
             {
                 LogFlow(("EIP handler\n"));
-#ifdef IN_GC
+#  ifdef IN_GC
                 STAM_PROFILE_START(&pCur->Stat, h);
-                rc = CTXSUFF(pCur->pfnHandler)(pVM, uErr, pRegFrame, pvFault, pCur->GCPtr, (uintptr_t)pvEIP - (uintptr_t)pCur->GCPtr);
+                rc = CTXSUFF(pCur->pfnHandler)(pVM, uErr, pRegFrame, pvFault, pCur->GCPtr, (RTGCUINTPTR)pvEIP - (RTGCUINTPTR)pCur->GCPtr);
                 STAM_PROFILE_STOP(&pCur->Stat, h);
-#else
+#  else
                 rc = VINF_EM_RAW_EMULATE_INSTR; /** @todo for VMX */
-#endif
+#  endif
                 STAM_PROFILE_STOP(&pVM->pgm.s.StatEIPHandlers, d);
                 return rc;
@@ -767 +799 @@
     STAM_COUNTER_INC(&pVM->pgm.s.StatGCTrap0eUnhandled);
     return VINF_EM_RAW_GUEST_TRAP;
+# else
+    /* present, but not a monitored page; perhaps the guest is probing physical memory */
+    return VINF_EM_RAW_EMULATE_INSTR;
+# endif /* PGM_WITH_PAGING(PGM_GST_TYPE) */
+
 
 #else /* PGM_GST_TYPE != PGM_TYPE_32BIT */
@@ -1021 +1058 @@
 
 #else /* guest real and protected mode */
-
+    /* There's no such thing when paging is disabled. */
     return VINF_SUCCESS;
 #endif
@@ -1506 +1543 @@
     return VINF_PGM_SYNCPAGE_MODIFIED_PDE;
 
+#elif PGM_GST_TYPE == PGM_TYPE_REAL || PGM_GST_TYPE == PGM_TYPE_PROT
+
+# ifdef PGM_SYNC_N_PAGES
+    /*
+     * Get the shadow PDE, find the shadow page table in the pool.
+     */
+    const unsigned iPDDst = GCPtrPage >> SHW_PD_SHIFT;
+# if PGM_SHW_TYPE == PGM_TYPE_32BIT
+    X86PDE          PdeDst = pVM->pgm.s.CTXMID(p,32BitPD)->a[iPDDst];
+# else /* PAE */
+    X86PDEPAE       PdeDst = pVM->pgm.s.CTXMID(ap,PaePDs)[0]->a[iPDDst];
+# endif
+    Assert(PdeDst.n.u1Present);
+    PPGMPOOLPAGE    pShwPage = pgmPoolGetPageByHCPhys(pVM, PdeDst.u & SHW_PDE_PG_MASK);
+    PSHWPT pPTDst = (PSHWPT)PGMPOOL_PAGE_2_PTR(pVM, pShwPage);
+
+#  if PGM_SHW_TYPE == PGM_TYPE_32BIT
+    const unsigned  offPTSrc  = 0;
+#  else
+    const unsigned  offPTSrc  = ((GCPtrPage >> SHW_PD_SHIFT) & 1) * 512;
+#  endif
+
+    Assert(cPages == 1 || !(uErr & X86_TRAP_PF_P));
+    if (cPages > 1 && !(uErr & X86_TRAP_PF_P))
+    {
+        /*
+         * This code path is currently only taken when the caller is PGMTrap0eHandler
+         * for non-present pages!
+         *
+         * We're setting PGM_SYNC_NR_PAGES pages around the faulting page to sync it and
+         * deal with locality.
+         */
+        unsigned        iPTDst    = (GCPtrPage >> SHW_PT_SHIFT) & SHW_PT_MASK;
+        const unsigned  iPTDstEnd = RT_MIN(iPTDst + PGM_SYNC_NR_PAGES / 2, ELEMENTS(pPTDst->a));
+        if (iPTDst < PGM_SYNC_NR_PAGES / 2)
+            iPTDst = 0;
+        else
+            iPTDst -= PGM_SYNC_NR_PAGES / 2;
+        for (; iPTDst < iPTDstEnd; iPTDst++)
+        {
+            if (!pPTDst->a[iPTDst].n.u1Present)
+            {
+                VBOXPTE PteSrc;
+
+                RTGCUINTPTR GCPtrCurPage = ((RTGCUINTPTR)GCPtrPage & ~(RTGCUINTPTR)(X86_PT_MASK << X86_PT_SHIFT)) | ((offPTSrc + iPTDst) << PAGE_SHIFT);
+
+                /* Fake the page table entry */
+                PteSrc.u = GCPtrCurPage;
+                PteSrc.n.u1Present  = 1;
+                PteSrc.n.u1Dirty    = 1;
+                PteSrc.n.u1Accessed = 1;
+                PteSrc.n.u1Write    = 1;
+
+                PGM_BTH_NAME(SyncPageWorker)(pVM, &pPTDst->a[iPTDst], PdeSrc, PteSrc, pShwPage, iPTDst);
+
+                Log2(("SyncPage: 4K+ %VGv PteSrc:{P=%d RW=%d U=%d raw=%08llx} PteDst=%08llx%s\n",
+                      GCPtrCurPage, PteSrc.n.u1Present, 
+                      PteSrc.n.u1Write & PdeSrc.n.u1Write,
+                      PteSrc.n.u1User & PdeSrc.n.u1User, 
+                      (uint64_t)PteSrc.u,
+                      (uint64_t)pPTDst->a[iPTDst].u,
+                      pPTDst->a[iPTDst].u & PGM_PTFLAGS_TRACK_DIRTY ? " Track-Dirty" : "")); 
+            }
+        }
+    }
+    else
+# endif /* PGM_SYNC_N_PAGES */
+    {
+        VBOXPTE PteSrc;
+        const unsigned iPTDst = (GCPtrPage >> SHW_PT_SHIFT) & SHW_PT_MASK;
+        RTGCUINTPTR GCPtrCurPage = ((RTGCUINTPTR)GCPtrPage & ~(RTGCUINTPTR)(X86_PT_MASK << X86_PT_SHIFT)) | ((offPTSrc + iPTDst) << PAGE_SHIFT);
+
+        /* Fake the page table entry */
+        PteSrc.u = GCPtrCurPage;
+        PteSrc.n.u1Present  = 1;
+        PteSrc.n.u1Dirty    = 1;
+        PteSrc.n.u1Accessed = 1;
+        PteSrc.n.u1Write    = 1;
+        PGM_BTH_NAME(SyncPageWorker)(pVM, &pPTDst->a[iPTDst], PdeSrc, PteSrc, pShwPage, iPTDst);
+
+        Log2(("SyncPage: 4K  %VGv PteSrc:{P=%d RW=%d U=%d raw=%08llx}%s\n",
+              GCPtrPage, PteSrc.n.u1Present, 
+              PteSrc.n.u1Write & PdeSrc.n.u1Write,
+              PteSrc.n.u1User & PdeSrc.n.u1User, 
+              (uint64_t)PteSrc.u,
+              pPTDst->a[iPTDst].u & PGM_PTFLAGS_TRACK_DIRTY ? " Track-Dirty" : ""));
+    }
+    return VINF_SUCCESS;
+
 #else /* PGM_GST_TYPE != PGM_TYPE_32BIT */
-
     AssertReleaseMsgFailed(("Shw=%d Gst=%d is not implemented!\n", PGM_GST_TYPE, PGM_SHW_TYPE));
     return VERR_INTERNAL_ERROR;
@@ -1515 +1640 @@
 
 
-#ifdef PGM_SYNC_DIRTY_BIT
+#if PGM_WITH_PAGING(PGM_GST_TYPE)
+
+# ifdef PGM_SYNC_DIRTY_BIT
 
 /**
@@ -1541 +1668 @@
         ||  ((uErr & X86_TRAP_PF_US) && !pPdeSrc->n.u1User) )
     {
-#ifdef IN_GC
+#  ifdef IN_GC
         STAM_COUNTER_INC(&pVM->pgm.s.StatGCDirtyTrackRealPF);
-#endif
+#  endif
         STAM_PROFILE_STOP(&pVM->pgm.s.CTXMID(Stat, DirtyBitTracking), a);
         LogFlow(("CheckPageFault: real page fault at %VGv (1)\n", GCPtrPage));
@@ -1629 +1756 @@
            )
         {
-#ifdef IN_GC
+#  ifdef IN_GC
             STAM_COUNTER_INC(&pVM->pgm.s.StatGCDirtyTrackRealPF);
-#endif
+#  endif
             STAM_PROFILE_STOP(&pVM->pgm.s.CTXMID(Stat,DirtyBitTracking), a);
             LogFlow(("CheckPageFault: real page fault at %VGv PteSrc.u=%08x (2)\n", GCPtrPage, PteSrc.u));
@@ -1658 +1785 @@
         {
             /* Write access, so mark guest entry as dirty. */
-#if defined(IN_GC) && defined(VBOX_WITH_STATISTICS)
+#  if defined(IN_GC) && defined(VBOX_WITH_STATISTICS)
             if (!pPteSrc->n.u1Dirty)
                 STAM_COUNTER_INC(&pVM->pgm.s.StatGCDirtiedPage);
             else
                 STAM_COUNTER_INC(&pVM->pgm.s.StatGCPageAlreadyDirty);
-#endif
+#  endif
             pPteSrc->n.u1Dirty = 1;
 
@@ -1690 +1817 @@
                     {
                         LogFlow(("DIRTY page trap addr=%VGv\n", GCPtrPage));
-#ifdef VBOX_STRICT
+#  ifdef VBOX_STRICT
                         RTHCPHYS HCPhys;
                         rc = PGMRamGCPhys2HCPhysWithFlags(&pVM->pgm.s, pPteSrc->u & X86_PTE_PG_MASK, &HCPhys);
@@ -1696 +1823 @@
                             AssertMsg(!(HCPhys & (MM_RAM_FLAGS_PHYSICAL_ALL | MM_RAM_FLAGS_VIRTUAL_ALL | MM_RAM_FLAGS_PHYSICAL_WRITE | MM_RAM_FLAGS_VIRTUAL_WRITE)),
                                       ("Unexpected dirty bit tracking on monitored page %VGv (phys %VGp)!!!!!!\n", GCPtrPage, pPteSrc->u & X86_PTE_PAE_PG_MASK));
-#endif
+#  endif
                         STAM_COUNTER_INC(&pVM->pgm.s.CTXMID(Stat,DirtyPageTrap));
 
@@ -1716 +1843 @@
         }
 /** @todo Optimize accessed bit emulation? */
-#ifdef VBOX_STRICT
+#  ifdef VBOX_STRICT
         /*
          * Sanity check.
@@ -1731 +1858 @@
                 LogFlow(("Writable present page %VGv not marked for dirty bit tracking!!!\n", GCPtrPage));
         }
-#endif /* VBOX_STRICT */
+#  endif /* VBOX_STRICT */
         STAM_PROFILE_STOP(&pVM->pgm.s.CTXMID(Stat,DirtyBitTracking), a);
         return VINF_PGM_NO_DIRTY_BIT_TRACKING;
@@ -1740 +1867 @@
 }
 
-#endif
+# endif
+
+#endif /* PGM_WITH_PAGING(PGM_GST_TYPE) */
 
 
@@ -1876 +2005 @@
         pPDSrc->a[iPDSrc].n.u1Accessed = 1;
 # endif
-
         if (fPageTable)
         {
@@ -2033 +2161 @@
                             if (RT_UNLIKELY(!(pRam->aHCPhys[iHCPage] & X86_PTE_PAE_PG_MASK)))
                             {
-#ifdef IN_RING3
+# ifdef IN_RING3
                                 int rc = pgmr3PhysGrowRange(pVM, GCPhys);
-#else
+# else
                                 int rc = CTXALLMID(VMM, CallHost)(pVM, VMMCALLHOST_PGM_RAM_GROW_RANGE, GCPhys);
-#endif
+# endif
                                 if (rc != VINF_SUCCESS)
                                     return rc;
@@ -2055 +2183 @@
                                 PteDst.u = 0;
                         }
-#ifndef IN_RING0
+# ifndef IN_RING0
                         /*
                          * Assuming kernel code will be marked as supervisor and not as user level and executed
@@ -2064 +2192 @@
                                  &&  CSAMDoesPageNeedScanning(pVM, (RTGCPTR)(GCPtr | (iPTDst << SHW_PT_SHIFT))))
                             PteDst.u = 0;
-#endif
+# endif
                         else
                             PteDst.u = (HCPhys & X86_PTE_PAE_PG_MASK) | PteDstBase.u;
@@ -2110 +2238 @@
 # ifdef IN_GC
     if (VBOX_FAILURE(rc))
-        STAM_COUNTER_INC(&pVM->pgm.s.CTXMID(Stat,SyncPTFailed));
-# endif
+      STAM_COUNTER_INC(&pVM->pgm.s.CTXMID(Stat,SyncPTFailed));
+# endif
+    return rc;
+
+#elif PGM_GST_TYPE == PGM_TYPE_REAL || PGM_GST_TYPE == PGM_TYPE_PROT
+
+    int     rc     = VINF_SUCCESS;
+
+    /*
+     * Validate input a little bit.
+     */
+# if PGM_SHW_TYPE == PGM_TYPE_32BIT
+    PX86PD          pPDDst = pVM->pgm.s.CTXMID(p,32BitPD);
+# else
+    PX86PDPAE       pPDDst = pVM->pgm.s.CTXMID(ap,PaePDs)[0];
+# endif
+    const unsigned  iPDDst = GCPtrPage >> SHW_PD_SHIFT;
+    PSHWPDE         pPdeDst = &pPDDst->a[iPDDst];
+    SHWPDE          PdeDst = *pPdeDst;
+
+    Assert(!(PdeDst.u & PGM_PDFLAGS_MAPPING));
+    Assert(!PdeDst.n.u1Present); /* We're only supposed to call SyncPT on PDE!P and conflicts.*/
+
+    VBOXPDE PdeSrc;
+    PdeSrc.au32[0]      = 0; /* faked so we don't have to #ifdef everything */
+    PdeSrc.n.u1Present  = 1;
+    PdeSrc.n.u1Write    = 1;
+    PdeSrc.n.u1Accessed = 1;
+
+    /*
+     * Allocate & map the page table.
+     */
+    PSHWPT          pPTDst;
+    PPGMPOOLPAGE    pShwPage;
+    RTGCPHYS        GCPhys;
+
+    /* Virtual address = physical address */
+    GCPhys = GCPtrPage & X86_PAGE_4K_BASE_MASK_32;
+    rc = pgmPoolAlloc(pVM, GCPhys, BTH_PGMPOOLKIND_PT_FOR_PT, SHW_POOL_ROOT_IDX, iPDDst, &pShwPage);
+
+    if (    rc == VINF_SUCCESS 
+        ||  rc == VINF_PGM_CACHED_PAGE)
+        pPTDst = (PSHWPT)PGMPOOL_PAGE_2_PTR(pVM, pShwPage);
+    else
+        AssertMsgFailedReturn(("rc=%Vrc\n", rc), VERR_INTERNAL_ERROR);
+
+    PdeDst.u &= X86_PDE_AVL_MASK;
+    PdeDst.u |= pShwPage->Core.Key;
+    PdeDst.n.u1Present = 1;
+    *pPdeDst = PdeDst;
+
+    rc = PGM_BTH_NAME(SyncPage)(pVM, PdeSrc, (RTGCUINTPTR)GCPtrPage, PGM_SYNC_NR_PAGES, 0 /* page not present */);
+    STAM_PROFILE_STOP(&pVM->pgm.s.CTXMID(Stat,SyncPT), a);
     return rc;
 
@@ -2136 +2315 @@
 PGM_BTH_DECL(int, PrefetchPage)(PVM pVM, RTGCUINTPTR GCPtrPage)
 {
-#if PGM_GST_TYPE == PGM_TYPE_32BIT
+#if (PGM_GST_TYPE == PGM_TYPE_32BIT ||  PGM_GST_TYPE == PGM_TYPE_REAL ||  PGM_GST_TYPE == PGM_TYPE_PROT) && PGM_SHW_TYPE != PGM_TYPE_AMD64
 
 # if PGM_SHW_TYPE != PGM_TYPE_32BIT && PGM_SHW_TYPE != PGM_TYPE_PAE
@@ -2147 +2326 @@
      */
     int             rc      = VINF_SUCCESS;
-    PVBOXPD         pPDSrc  = CTXSUFF(pVM->pgm.s.pGuestPD);
-    const unsigned  iPDSrc  = GCPtrPage >> GST_PD_SHIFT;
-    const VBOXPDE   PdeSrc  = pPDSrc->a[iPDSrc];
+# if PGM_WITH_PAGING(PGM_GST_TYPE)
+    PVBOXPD         pPDSrc = CTXSUFF(pVM->pgm.s.pGuestPD);
+    const unsigned  iPDSrc = (RTGCUINTPTR)GCPtrPage >> GST_PD_SHIFT;
+# else
+    PVBOXPD         pPDSrc = NULL;
+    const unsigned  iPDSrc = 0;
+# endif
+
+# if PGM_WITH_PAGING(PGM_GST_TYPE)
+    const VBOXPDE PdeSrc = pPDSrc->a[iPDSrc];
+# else
+    VBOXPDE PdeSrc;
+    PdeSrc.au32[0]      = 0; /* faked so we don't have to #ifdef everything */
+    PdeSrc.n.u1Present  = 1;
+    PdeSrc.n.u1Write    = 1;
+    PdeSrc.n.u1Accessed = 1;
+# endif
+
 # ifdef PGM_SYNC_ACCESSED_BIT
     if (PdeSrc.n.u1Present && PdeSrc.n.u1Accessed)
@@ -2261 +2455 @@
     }
     return rc;
+
+#elif PGM_GST_TYPE == PGM_TYPE_REAL || PGM_GST_TYPE == PGM_TYPE_PROT
+    /* Everything is allowed */
+    return VINF_SUCCESS;
 
 #else /* PGM_GST_TYPE != PGM_TYPE_32BIT */