Changeset 22343 in vbox for trunk/src/VBox/VMM

Timestamp:

Aug 19, 2009 12:40:16 PM (15 years ago)

Author:

vboxsync

Message:

Attempt to detect full page table initialization early on.

Location:

trunk/src/VBox/VMM

Files:

• PGMInternal.h (modified) (4 diffs)
• PGMPool.cpp (modified) (2 diffs)
• VMMAll/PGMAllPool.cpp (modified) (10 diffs)

trunk/src/VBox/VMM/PGMInternal.h

@@ -1609 +1609 @@
 #endif
     RTGCPHYS            GCPhys;
+
+    /** Access handler statistics to determine whether the guest is (re)initializing a page table. */
+    RTGCPTR             pvLastAccessHandlerRip;
+    RTGCPTR             pvLastAccessHandlerFault;
+    uint64_t            cLastAccessHandlerCount;
+
     /** The kind of page we're shadowing. (This is really a PGMPOOLKIND enum.) */
     uint8_t             enmKind;
@@ -1792 +1798 @@
     /** Profiling the pgmPoolFlushPage calls made from the RC/R0 access handler. */
     STAMPROFILE                 StatMonitorRZFlushPage;
+    /* Times we've detected a page table reinit. */
+    STAMCOUNTER                 StatMonitorRZFlushReinit;
     /** Times we've detected fork(). */
     STAMCOUNTER                 StatMonitorRZFork;
@@ -1811 +1819 @@
     /** Profiling the pgmPoolFlushPage calls made from the R3 access handler. */
     STAMPROFILE                 StatMonitorR3FlushPage;
+    /* Times we've detected a page table reinit. */
+    STAMCOUNTER                 StatMonitorR3FlushReinit;
     /** Times we've detected fork(). */
     STAMCOUNTER                 StatMonitorR3Fork;
@@ -2729 +2739 @@
         uint8_t                     abDisStatePadding[DISCPUSTATE_PADDING_SIZE];
     };
+
+    /* Count the number of pgm pool access handler calls. */
+    uint64_t                        cPoolAccessHandler;
 
     /** @name Release Statistics

trunk/src/VBox/VMM/PGMPool.cpp

@@ -344 +344 @@
     STAM_REG(pVM, &pPool->StatMonitorRZEmulateInstr,    STAMTYPE_COUNTER,   "/PGM/Pool/Monitor/RZ/EmulateInstr",    STAMUNIT_OCCURENCES,     "Times we've failed interpreting the instruction.");
     STAM_REG(pVM, &pPool->StatMonitorRZFlushPage,       STAMTYPE_PROFILE,   "/PGM/Pool/Monitor/RZ/FlushPage",       STAMUNIT_TICKS_PER_CALL, "Profiling the pgmPoolFlushPage calls made from the RC/R0 access handler.");
+    STAM_REG(pVM, &pPool->StatMonitorRZFlushReinit,     STAMTYPE_COUNTER,   "/PGM/Pool/Monitor/RZ/FlushReinit",     STAMUNIT_OCCURENCES,     "Times we've detected a page table reinit.");
     STAM_REG(pVM, &pPool->StatMonitorRZFork,            STAMTYPE_COUNTER,   "/PGM/Pool/Monitor/RZ/Fork",            STAMUNIT_OCCURENCES,     "Times we've detected fork().");
     STAM_REG(pVM, &pPool->StatMonitorRZHandled,         STAMTYPE_PROFILE,   "/PGM/Pool/Monitor/RZ/Handled",         STAMUNIT_TICKS_PER_CALL, "Profiling the RC/R0 access we've handled (except REP STOSD).");
@@ -353 +354 @@
     STAM_REG(pVM, &pPool->StatMonitorR3EmulateInstr,    STAMTYPE_COUNTER,   "/PGM/Pool/Monitor/R3/EmulateInstr",    STAMUNIT_OCCURENCES,     "Times we've failed interpreting the instruction.");
     STAM_REG(pVM, &pPool->StatMonitorR3FlushPage,       STAMTYPE_PROFILE,   "/PGM/Pool/Monitor/R3/FlushPage",       STAMUNIT_TICKS_PER_CALL, "Profiling the pgmPoolFlushPage calls made from the R3 access handler.");
+    STAM_REG(pVM, &pPool->StatMonitorR3FlushReinit,     STAMTYPE_COUNTER,   "/PGM/Pool/Monitor/R3/FlushReinit",     STAMUNIT_OCCURENCES,     "Times we've detected a page table reinit.");
     STAM_REG(pVM, &pPool->StatMonitorR3Fork,            STAMTYPE_COUNTER,   "/PGM/Pool/Monitor/R3/Fork",            STAMUNIT_OCCURENCES,     "Times we've detected fork().");
     STAM_REG(pVM, &pPool->StatMonitorR3Handled,         STAMTYPE_PROFILE,   "/PGM/Pool/Monitor/R3/Handled",         STAMUNIT_TICKS_PER_CALL, "Profiling the R3 access we've handled (except REP STOSD).");

trunk/src/VBox/VMM/VMMAll/PGMAllPool.cpp

@@ -820 +820 @@
  * @returns false if we consider it to still be a paging page.
  * @param   pVM         VM Handle.
+ * @param   pVCpu       VMCPU Handle.
  * @param   pRegFrame   Trap register frame.
  * @param   pDis        The disassembly info for the faulting instruction.
@@ -826 +827 @@
  * @remark  The REP prefix check is left to the caller because of STOSD/W.
  */
-DECLINLINE(bool) pgmPoolMonitorIsReused(PVM pVM, PCPUMCTXCORE pRegFrame, PDISCPUSTATE pDis, RTGCPTR pvFault)
+DECLINLINE(bool) pgmPoolMonitorIsReused(PVM pVM, PVMCPU pVCpu, PCPUMCTXCORE pRegFrame, PDISCPUSTATE pDis, RTGCPTR pvFault)
 {
 #ifndef IN_RC
@@ -840 +841 @@
     NOREF(pVM); NOREF(pvFault);
 #endif
+
+    LogFlow(("Reused instr %RGv %d at %RGv param1.flags=%x param1.reg=%d\n", pRegFrame->rip, pDis->pCurInstr->opcode, pvFault, pDis->param1.flags,  pDis->param1.base.reg_gen));
+
+    /* Non-supervisor mode write means it's used for something else. */
+    if (CPUMGetGuestCPL(pVCpu, pRegFrame) != 0)
+        return true;
 
     switch (pDis->pCurInstr->opcode)
@@ -961 +968 @@
                                           PCPUMCTXCORE pRegFrame, RTGCPHYS GCPhysFault, RTGCPTR pvFault)
 {
-    unsigned uIncrement;
+    unsigned uIncrement = pDis->param1.size;
 
     Assert(pDis->mode == CPUMODE_32BIT || pDis->mode == CPUMODE_64BIT);
     Assert(pRegFrame->rcx <= 0x20);
 
-    if (pDis->mode == CPUMODE_32BIT)
-        uIncrement = 4;
+#ifdef VBOX_STRICT
+    if (pDis->opmode == CPUMODE_32BIT)
+        Assert(uIncrement == 4);
     else
-        uIncrement = 8;
+        Assert(uIncrement == 8);
+#endif
 
     Log3(("pgmPoolAccessHandlerSTOSD\n"));
@@ -1107 +1116 @@
     PPGMPOOLPAGE    pPage = (PPGMPOOLPAGE)pvUser;
     PVMCPU          pVCpu = VMMGetCpu(pVM);
+    unsigned        cMaxModifications;
 
     LogFlow(("pgmPoolAccessHandler: pvFault=%RGv pPage=%p:{.idx=%d} GCPhysFault=%RGp\n", pvFault, pPage, pPage->idx, GCPhysFault));
@@ -1135 +1145 @@
     Assert(pPage->iMonitoredPrev == NIL_PGMPOOL_IDX);
 
+    /* Maximum nr of modifications depends on the guest mode. */
+    if (pDis->mode == CPUMODE_32BIT)
+        cMaxModifications = 32;
+    else
+        cMaxModifications = 16;
+
+    /*
+     * Incremental page table updates should weight more than random ones.
+     * (Only applies when started from offset 0)
+     */
+    pVCpu->pgm.s.cPoolAccessHandler++;
+    if (    pPage->pvLastAccessHandlerRip >= pRegFrame->rip - 0x40      /* observed loops in Windows 7 x64 */
+        &&  pPage->pvLastAccessHandlerRip <  pRegFrame->rip + 0x40
+        &&  pvFault == (pPage->pvLastAccessHandlerFault + pDis->param1.size)
+        &&  pVCpu->pgm.s.cPoolAccessHandler == (pPage->cLastAccessHandlerCount + 1))
+    {
+        Log(("Possible page reuse cMods=%d -> %d\n", pPage->cModifications, (pPage->cModifications + 2) * 2));
+        pPage->cModifications           = (pPage->cModifications + 1) * 2;
+        pPage->pvLastAccessHandlerFault = pvFault;
+        pPage->cLastAccessHandlerCount  = pVCpu->pgm.s.cPoolAccessHandler;
+        if (pPage->cModifications > cMaxModifications)
+            STAM_COUNTER_INC(&pPool->CTX_MID_Z(StatMonitor,FlushReinit));
+    }
+
     /*
      * Check if it's worth dealing with.
      */
     bool fReused = false;
-    if (    (   pPage->cModifications < 48   /** @todo #define */ /** @todo need to check that it's not mapping EIP. */ /** @todo adjust this! */
+    if (    (   pPage->cModifications < cMaxModifications   /** @todo #define */ /** @todo need to check that it's not mapping EIP. */ /** @todo adjust this! */
              || pgmPoolIsPageLocked(&pVM->pgm.s, pPage)
             )
-        &&  !(fReused = pgmPoolMonitorIsReused(pVM, pRegFrame, pDis, pvFault))
+        &&  !(fReused = pgmPoolMonitorIsReused(pVM, pVCpu, pRegFrame, pDis, pvFault))
         &&  !pgmPoolMonitorIsForking(pPool, pDis, GCPhysFault & PAGE_OFFSET_MASK))
     {
@@ -1151 +1185 @@
         {
              rc = pgmPoolAccessHandlerSimple(pVM, pVCpu, pPool, pPage, pDis, pRegFrame, GCPhysFault, pvFault);
+
+             /* A mov instruction to change the first page table entry will be remembered so we can detect
+              * full page table changes early on. This will reduce the amount of unnecessary traps we'll take.
+              */
+             if (   rc == VINF_SUCCESS
+                 && pDis->pCurInstr->opcode == OP_MOV
+                 && (pvFault & PAGE_OFFSET_MASK) == 0)
+             {
+                 pPage->pvLastAccessHandlerFault = pvFault;
+                 pPage->cLastAccessHandlerCount  = pVCpu->pgm.s.cPoolAccessHandler;
+                 pPage->pvLastAccessHandlerRip   = pRegFrame->rip;
+             }
+             else
+             if (pPage->pvLastAccessHandlerFault == pvFault)
+             {
+                 /* ignore the 2nd write to this page table entry. */
+                 pPage->cLastAccessHandlerCount  = pVCpu->pgm.s.cPoolAccessHandler;
+             }
+             else
+             {
+                 pPage->pvLastAccessHandlerFault = 0;
+                 pPage->pvLastAccessHandlerRip   = 0;
+             }
+
              STAM_PROFILE_STOP_EX(&pVM->pgm.s.CTX_SUFF(pPool)->CTX_SUFF_Z(StatMonitor), &pPool->CTX_MID_Z(StatMonitor,Handled), a);
              pgmUnlock(pVM);
@@ -1161 +1219 @@
          */
         if (    pDis->pCurInstr->opcode == OP_STOSWD
-            &&  CPUMGetGuestCPL(pVCpu, pRegFrame) == 0
             &&  !pRegFrame->eflags.Bits.u1DF
             &&  pDis->opmode == pDis->mode
@@ -1183 +1240 @@
                 &&  pDis->prefix == (PREFIX_REP | PREFIX_REX)
                 &&  pRegFrame->rcx <= 0x20
-                &&  pRegFrame->rcx * 4 <= PAGE_SIZE - ((uintptr_t)pvFault & PAGE_OFFSET_MASK)
-                &&  !((uintptr_t)pvFault & 3)
+                &&  pRegFrame->rcx * 8 <= PAGE_SIZE - ((uintptr_t)pvFault & PAGE_OFFSET_MASK)
+                &&  !((uintptr_t)pvFault & 7)
                 &&  (pRegFrame->rax == 0 || pRegFrame->rax == 0x80) /* the two values observed. */
                 )
@@ -4162 +4219 @@
     pPage->cPresent = 0;
     pPage->iFirstPresent = ~0;
+    pPage->pvLastAccessHandlerFault = 0;
+    pPage->cLastAccessHandlerCount  = 0;
+    pPage->pvLastAccessHandlerRip   = 0;
 
     /*