Support

Timestamp:

Sep 14, 2007 2:59:15 PM (17 years ago)

Author:

vboxsync

Message:

Redid the supdrv interface. works on windows and linux while the other OSes still needs some adjusting/testing. internal networking is temporarily broken as the SUPCallVMMR0Ex interface is being reworked (this is what all this is really about).

Location:

trunk/src/VBox/HostDrivers/Support

Files:

: 16 edited

SUPDRV.h (modified) (2 diffs)
SUPDRVIOC.h (modified) (6 diffs)
SUPDRVShared.c (modified) (125 diffs)
SUPLib.cpp (modified) (36 diffs)
SUPLibInternal.h (modified) (1 diff)
darwin/SUPDrv-darwin.cpp (modified) (3 diffs)
darwin/SUPLib-darwin.cpp (modified) (3 diffs)
freebsd/SUPDrv-freebsd.c (modified) (2 diffs)
freebsd/SUPLib-freebsd.cpp (modified) (3 diffs)
linux/SUPDrv-linux.c (modified) (35 diffs)
linux/SUPLib-linux.cpp (modified) (1 diff)
os2/SUPLib-os2.cpp (modified) (1 diff)
solaris/SUPDrv-solaris.c (modified) (8 diffs)
solaris/SUPLib-solaris.cpp (modified) (4 diffs)
win/SUPDrv-win.cpp (modified) (22 diffs)
win/SUPLib-win.cpp (modified) (3 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/src/VBox/HostDrivers/Support/SUPDRV.h

-              r4755
+              r4800
 /* dprintf */
 #if (defined(DEBUG) && !defined(NO_LOGGING)) || defined(RT_OS_FREEBSD)
+/* bird debugging - #if (defined(DEBUG) && !defined(NO_LOGGING)) || defined(RT_OS_FREEBSD)
 # ifdef LOG_TO_COM
 #  include <VBox/log.h>
 #  define dprintf(a) RTLogComPrintf a
 # else
+# else */
 #  define dprintf(a) OSDBGPRINT(a)
 # endif
+/*# endif
 #else
 # define dprintf(a) do {} while (0)
 #endif
+#endif*/
 /* dprintf2 - extended logging. */
 #if defined(RT_OS_DARWIN) || defined(RT_OS_OS2) || defined(RT_OS_FREEBSD)
+#if 1//bird defined(RT_OS_DARWIN) || defined(RT_OS_OS2) || defined(RT_OS_FREEBSD)
 # define dprintf2 dprintf
 #else
 …
 *   Shared Functions                                                           *
 *******************************************************************************/
+int  VBOXCALL   supdrvIOCtl(unsigned uIOCtl, PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession,
+                            void *pvIn, unsigned cbIn, void *pvOut, unsigned cbOut, unsigned *pcbReturned);
+int  VBOXCALL   supdrvIOCtl(uintptr_t uIOCtl, PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPREQHDR pReqHdr);
 #ifdef VBOX_WITHOUT_IDT_PATCHING
 int  VBOXCALL   supdrvIOCtlFast(unsigned uIOCtl, PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession);
+int  VBOXCALL   supdrvIOCtlFast(uintptr_t uIOCtl, PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession);
 #endif
 int  VBOXCALL   supdrvInitDevExt(PSUPDRVDEVEXT pDevExt);
 int  VBOXCALL   supdrvDeleteDevExt(PSUPDRVDEVEXT pDevExt);
+void VBOXCALL   supdrvDeleteDevExt(PSUPDRVDEVEXT pDevExt);
 int  VBOXCALL   supdrvCreateSession(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION *ppSession);
 void VBOXCALL   supdrvCloseSession(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession);

trunk/src/VBox/HostDrivers/Support/SUPDRVIOC.h

-              r4755
+              r4800
  */
 #ifndef __SUPDRVIOC_h__
 #define __SUPDRVIOC_h__
+#ifndef ___SUPDRVIOC_h___
+#define ___SUPDRVIOC_h___
 /*
 …
 #ifdef RT_OS_WINDOWS
-# define SUP_CTL_CODE(Function)         CTL_CODE(FILE_DEVICE_UNKNOWN, (Function) | SUP_IOCTL_FLAG, METHOD_BUFFERED, FILE_WRITE_ACCESS)
-# define SUP_CTL_CODE_FAST(Function)    CTL_CODE(FILE_DEVICE_UNKNOWN, (Function) | SUP_IOCTL_FLAG, METHOD_NEITHER, FILE_WRITE_ACCESS)
-/** @todo get rid of this duplication of window header #defines! */
 # ifndef CTL_CODE
+#  define CTL_CODE(DeviceType, Function, Method, Access) \
+    ( ((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method) )
+#  include <Windows.h>
 # endif
+# ifndef METHOD_BUFFERED
+#  define METHOD_BUFFERED        0
+# endif
+# ifndef METHOD_NEITHER
+#  define METHOD_NEITHER         3
+# endif
+# ifndef FILE_WRITE_ACCESS
+#  define FILE_WRITE_ACCESS      0x0002
+# endif
+# ifndef FILE_DEVICE_UNKNOWN
+#  define FILE_DEVICE_UNKNOWN    0x00000022
+# endif
+  /* Automatic buffering, size not encoded. */
+# define SUP_CTL_CODE_SIZE(Function, Size)      CTL_CODE(FILE_DEVICE_UNKNOWN, (Function) | SUP_IOCTL_FLAG, METHOD_BUFFERED, FILE_WRITE_ACCESS)
+# define SUP_CTL_CODE_BIG(Function)             CTL_CODE(FILE_DEVICE_UNKNOWN, (Function) | SUP_IOCTL_FLAG, METHOD_BUFFERED, FILE_WRITE_ACCESS)
+# define SUP_CTL_CODE_FAST(Function)            CTL_CODE(FILE_DEVICE_UNKNOWN, (Function) | SUP_IOCTL_FLAG, METHOD_NEITHER,  FILE_WRITE_ACCESS)
+# define SUP_CTL_CODE_NO_SIZE(uIOCtl)           (uIOCtl)
+#elif defined(RT_OS_SOLARIS)
+  /* No automatic buffering, size limited to 255 bytes. */
+# include <sys/ioccom.h>
+# define SUP_CTL_CODE_SIZE(Function, Size)      _IOWRN('V', (Function) | SUP_IOCTL_FLAG, sizeof(SUPREQHDR))
+# define SUP_CTL_CODE_BIG(Function)             _IO(   'V', (Function) | SUP_IOCTL_FLAG)
+# define SUP_CTL_CODE_FAST(Function)            _IO(   'V', (Function) | SUP_IOCTL_FLAG)
+# define SUP_CTL_CODE_NO_SIZE(uIOCtl)           (uIOCtl)
 #elif defined(RT_OS_OS2)
+# define SUP_CTL_CATEGORY               0xc0
+# define SUP_CTL_CODE(Function)         ((unsigned char)(Function))
+# define SUP_CTL_CATEGORY_FAST          0xc1
+# define SUP_CTL_CODE_FAST(Function)    ((unsigned char)(Function))
+  /* No automatic buffering, size not encoded. */
+# define SUP_CTL_CATEGORY                       0xc0
+# define SUP_CTL_CODE_SIZE(Function, Size)      ((unsigned char)(Function))
+# define SUP_CTL_CODE_BIG(Function)             ((unsigned char)(Function))
+# define SUP_CTL_CATEGORY_FAST                  0xc1
+# define SUP_CTL_CODE_FAST(Function)            ((unsigned char)(Function))
+# define SUP_CTL_CODE_NO_SIZE(uIOCtl)           (uIOCtl)
 #elif defined(RT_OS_LINUX)
+# ifdef RT_ARCH_X86 /** @todo With the next major version change, drop this branch. */
+#  define SUP_CTL_CODE(Function) \
+    ( (3U << 30) | ((0x22) << 8) | ((Function) | SUP_IOCTL_FLAG) | (sizeof(SUPDRVIOCTLDATA) << 16) )
+#  define SUP_CTL_CODE_FAST(Function) \
+    ( (3U << 30) | ((0x22) << 8) | ((Function) | SUP_IOCTL_FLAG) | (0 << 16) )
+# else
+#  include <linux/ioctl.h>
+#  if 1 /* figure out when this changed. */
+#   define SUP_CTL_CODE(Function)         _IOWR('V', (Function) | SUP_IOCTL_FLAG, SUPDRVIOCTLDATA)
+#   define SUP_CTL_CODE_FAST(Function)    _IO(  'V', (Function) | SUP_IOCTL_FLAG)
+#  else /* now: _IO_BAD and _IOWR_BAD */
+#   define SUP_CTL_CODE(Function)         _IOWR('V', (Function) | SUP_IOCTL_FLAG, sizeof(SUPDRVIOCTLDATA))
+#   define SUP_CTL_CODE_FAST(Function)    _IO(  'V', (Function) | SUP_IOCTL_FLAG)
+#  endif
+# endif
+  /* No automatic buffering, size limited to 16KB. */
+# include <linux/ioctl.h>
+# define SUP_CTL_CODE_SIZE(Function, Size)      _IOC(_IOC_READ | _IOC_WRITE, 'V', (Function) | SUP_IOCTL_FLAG, (Size))
+# define SUP_CTL_CODE_BIG(Function)             _IO('V', (Function) | SUP_IOCTL_FLAG)
+# define SUP_CTL_CODE_FAST(Function)            _IO('V', (Function) | SUP_IOCTL_FLAG)
+# define SUP_CTL_CODE_NO_SIZE(uIOCtl)           ((uIOCtl) & ~IOCSIZE_MASK)
 #elif defined(RT_OS_L4)
+# define SUP_CTL_CODE(Function) \
+    ( (3U << 30) | ((0x22) << 8) | ((Function) | SUP_IOCTL_FLAG) | (sizeof(SUPDRVIOCTLDATA) << 16) )
+# define SUP_CTL_CODE_FAST(Function) \
+    ( (3U << 30) | ((0x22) << 8) | ((Function) | SUP_IOCTL_FLAG) | (0 << 16) )
+#else /* BSD */
+  /* Implemented in suplib, no worries. */
+# define SUP_CTL_CODE_SIZE(Function, Size)      (Function)
+# define SUP_CTL_CODE_BIG(Function)             (Function)
+# define SUP_CTL_CODE_FAST(Function)            (Function)
+# define SUP_CTL_CODE_NO_SIZE(uIOCtl)           (uIOCtl)
+#else /* BSD Like */
+  /* Automatic buffering, size limited to 4KB on *BSD and 8KB on Darwin - commands the limit, 4KB. */
 # include <sys/ioccom.h>
+# define SUP_CTL_CODE(Function)         _IOWR('V', (Function) | SUP_IOCTL_FLAG, SUPDRVIOCTLDATA)
+# define SUP_CTL_CODE_FAST(Function)    _IO(  'V', (Function) | SUP_IOCTL_FLAG)
+# define SUP_CTL_CODE_SIZE(Function, Size)      _IOC(IOC_INOUT, 'V', (Function) | SUP_IOCTL_FLAG, (Size))
+# define SUP_CTL_CODE_BIG(Function)             _IO('V', (Function) | SUP_IOCTL_FLAG)
+# define SUP_CTL_CODE_FAST(Function)            _IO('V', (Function) | SUP_IOCTL_FLAG)
+# define SUP_CTL_CODE_NO_SIZE(uIOCtl)           ( (uIOCtl) & ~_IOC(0,0,0,IOCPARM_MASK) )
 #endif
-/** Negotiate cookie. */
-#define SUP_IOCTL_COOKIE            SUP_CTL_CODE( 1)
-/** Query SUPR0 functions. */
-#define SUP_IOCTL_QUERY_FUNCS       SUP_CTL_CODE( 2)
-/** Install IDT patch for calling processor. */
-#define SUP_IOCTL_IDT_INSTALL       SUP_CTL_CODE( 3)
-/** Remove IDT patch for calling processor. */
-#define SUP_IOCTL_IDT_REMOVE        SUP_CTL_CODE( 4)
-/** Pin down physical pages. */
-#define SUP_IOCTL_PINPAGES          SUP_CTL_CODE( 5)
-/** Unpin physical pages. */
-#define SUP_IOCTL_UNPINPAGES        SUP_CTL_CODE( 6)
-/** Allocate contious memory. */
-#define SUP_IOCTL_CONT_ALLOC        SUP_CTL_CODE( 7)
-/** Free contious memory. */
-#define SUP_IOCTL_CONT_FREE         SUP_CTL_CODE( 8)
-/** Open an image. */
-#define SUP_IOCTL_LDR_OPEN          SUP_CTL_CODE( 9)
-/** Upload the image bits. */
-#define SUP_IOCTL_LDR_LOAD          SUP_CTL_CODE(10)
-/** Free an image. */
-#define SUP_IOCTL_LDR_FREE          SUP_CTL_CODE(11)
-/** Get address of a symbol within an image. */
-#define SUP_IOCTL_LDR_GET_SYMBOL    SUP_CTL_CODE(12)
-/** Call the R0 VMM Entry point. */
-#define SUP_IOCTL_CALL_VMMR0        SUP_CTL_CODE(14)
-/** Get the host paging mode. */
-#define SUP_IOCTL_GET_PAGING_MODE   SUP_CTL_CODE(15)
-/** Allocate memory below 4GB (physically). */
-#define SUP_IOCTL_LOW_ALLOC         SUP_CTL_CODE(16)
-/** Free low memory. */
-#define SUP_IOCTL_LOW_FREE          SUP_CTL_CODE(17)
-/** Map the GIP into user space. */
-#define SUP_IOCTL_GIP_MAP           SUP_CTL_CODE(18)
-/** Unmap the GIP. */
-#define SUP_IOCTL_GIP_UNMAP         SUP_CTL_CODE(19)
-/** Set the VM handle for doing fast call ioctl calls. */
-#define SUP_IOCTL_SET_VM_FOR_FAST   SUP_CTL_CODE(20)
-/** Allocate memory and map into the user process. */
-#define SUP_IOCTL_PAGE_ALLOC        SUP_CTL_CODE(21)
-/** Free memory allocated with SUP_IOCTL_PAGE_ALLOC. */
-#define SUP_IOCTL_PAGE_FREE         SUP_CTL_CODE(22)
 /** Fast path IOCtl: VMMR0_DO_RAW_RUN */
 #define SUP_IOCTL_FAST_DO_RAW_RUN   SUP_CTL_CODE_FAST(64)
+#define SUP_IOCTL_FAST_DO_RAW_RUN               SUP_CTL_CODE_FAST(64)
 /** Fast path IOCtl: VMMR0_DO_HWACC_RUN */
 #define SUP_IOCTL_FAST_DO_HWACC_RUN SUP_CTL_CODE_FAST(65)
+#define SUP_IOCTL_FAST_DO_HWACC_RUN             SUP_CTL_CODE_FAST(65)
 /** Just a NOP call for profiling the latency of a fast ioctl call to VMMR0. */
+#define SUP_IOCTL_FAST_DO_NOP       SUP_CTL_CODE_FAST(66)
+#define SUP_IOCTL_FAST_DO_NOP                   SUP_CTL_CODE_FAST(66)
 …
 #endif
+#ifndef RT_OS_WINDOWS
 /**
+ * Structure used by OSes with less advanced ioctl interfaces, i.e. most
+ * Unix like OSes :-)
+ */
+typedef struct SUPDRVIOCTLDATA
+{
+    void           *pvIn;
+    unsigned long   cbIn;
+    void           *pvOut;
+    unsigned long   cbOut;
+#ifdef RT_OS_OS2
+    int             rc;
+#endif
+} SUPDRVIOCTLDATA, *PSUPDRVIOCTLDATA;
+#endif
+/** SUPCOOKIE_IN magic word. */
+#define SUPCOOKIE_MAGIC             "The Magic Word!"
+/** Current interface version.
+ * The upper 16-bit is the major version, the the lower the minor version.
+ * When incompatible changes are made, the upper major number has to be changed. */
+#define SUPDRVIOC_VERSION           0x00050001
+/** SUP_IOCTL_COOKIE Input. */
+typedef struct SUPCOOKIE_IN
+{
+    /** Magic word. */
+    char            szMagic[16];
+    /** The requested interface version number. */
+    uint32_t        u32ReqVersion;
+    /** The minimum interface version number. */
+    uint32_t        u32MinVersion;
+} SUPCOOKIE_IN, *PSUPCOOKIE_IN;
+/** SUP_IOCTL_COOKIE Output. */
+typedef struct SUPCOOKIE_OUT
+ * Common In/Out header.
+ */
+typedef struct SUPREQHDR
+{
     /** Cookie. */
 …
     /** Session cookie. */
     uint32_t        u32SessionCookie;
+    /** Interface version for this session. */
+    uint32_t        u32SessionVersion;
+    /** The actual interface version in the driver. */
+    uint32_t        u32DriverVersion;
+    /** Number of functions available for the SUP_IOCTL_QUERY_FUNCS request. */
+    uint32_t        cFunctions;
+    /** Session handle. */
+    R0PTRTYPE(PSUPDRVSESSION)   pSession;
+} SUPCOOKIE_OUT, *PSUPCOOKIE_OUT;
+/** SUP_IOCTL_QUERY_FUNCS Input. */
+typedef struct SUPQUERYFUNCS_IN
+{
+    /** Cookie. */
+    uint32_t        u32Cookie;
+    /** Session cookie. */
+    uint32_t        u32SessionCookie;
+} SUPQUERYFUNCS_IN, *PSUPQUERYFUNCS_IN;
+/** Function. */
+    /** The size of the input. */
+    uint32_t        cbIn;
+    /** The size of the output. */
+    uint32_t        cbOut;
+    /** Flags. See SUPREQHDR_FLAGS_* for details and values. */
+    uint32_t        fFlags;
+    /** The VBox status code of the operation, out direction only. */
+    int32_t         rc;
+} SUPREQHDR;
+/** Pointer to a IOC header. */
+typedef SUPREQHDR *PSUPREQHDR;
+/** @name SUPREQHDR::fFlags values
+ * @{  */
+/** Masks out the magic value.  */
+#define SUPREQHDR_FLAGS_MAGIC_MASK                      UINT32_C(0xff0000ff)
+/** The generic mask. */
+#define SUPREQHDR_FLAGS_GEN_MASK                        UINT32_C(0x0000ff00)
+/** The request specific mask. */
+#define SUPREQHDR_FLAGS_REQ_MASK                        UINT32_C(0x00ff0000)
+/** There is extra input that needs copying on some platforms. */
+#define SUPREQHDR_FLAGS_EXTRA_IN                        UINT32_C(0x00000100)
+/** There is extra output that needs copying on some platforms. */
+#define SUPREQHDR_FLAGS_EXTRA_OUT                       UINT32_C(0x00000200)
+/** The magic value. */
+#define SUPREQHDR_FLAGS_MAGIC                           UINT32_C(0x42000042)
+/** The default value. Use this when no special stuff is requested. */
+#define SUPREQHDR_FLAGS_DEFAULT                         SUPREQHDR_FLAGS_MAGIC
+/** @} */
+/** @name SUP_IOCTL_COOKIE
+ * @{
+ */
+/** Negotiate cookie. */
+#define SUP_IOCTL_COOKIE                                SUP_CTL_CODE_SIZE(1, SUP_IOCTL_COOKIE_SIZE)
+/** The request size. */
+#define SUP_IOCTL_COOKIE_SIZE                           sizeof(SUPCOOKIE)
+/** The SUPREQHDR::cbIn value. */
+#define SUP_IOCTL_COOKIE_SIZE_IN                        sizeof(SUPREQHDR) + RT_SIZEOFMEMB(SUPCOOKIE, u.In)
+/** The SUPREQHDR::cbOut value. */
+#define SUP_IOCTL_COOKIE_SIZE_OUT                       sizeof(SUPREQHDR) + RT_SIZEOFMEMB(SUPCOOKIE, u.Out)
+/** SUPCOOKIE_IN magic word. */
+#define SUPCOOKIE_MAGIC                                 "The Magic Word!"
+/** The initial cookie. */
+#define SUPCOOKIE_INITIAL_COOKIE                        0x69726f74 /* 'tori' */
+/** Current interface version.
+ * The upper 16-bit is the major version, the the lower the minor version.
+ * When incompatible changes are made, the upper major number has to be changed. */
+#define SUPDRVIOC_VERSION                               0x00060000
+/** SUP_IOCTL_COOKIE. */
+typedef struct SUPCOOKIE
+{
+    /** The header.
+     * u32Cookie must be set to SUPCOOKIE_INITIAL_COOKIE.
+     * u32SessionCookie should be set to some random value. */
+    SUPREQHDR               Hdr;
+    union
+    {
+        struct
+        {
+            /** Magic word. */
+            char            szMagic[16];
+            /** The requested interface version number. */
+            uint32_t        u32ReqVersion;
+            /** The minimum interface version number. */
+            uint32_t        u32MinVersion;
+        } In;
+        struct
+        {
+            /** Cookie. */
+            uint32_t        u32Cookie;
+            /** Session cookie. */
+            uint32_t        u32SessionCookie;
+            /** Interface version for this session. */
+            uint32_t        u32SessionVersion;
+            /** The actual interface version in the driver. */
+            uint32_t        u32DriverVersion;
+            /** Number of functions available for the SUP_IOCTL_QUERY_FUNCS request. */
+            uint32_t        cFunctions;
+            /** Session handle. */
+            R0PTRTYPE(PSUPDRVSESSION)   pSession;
+        } Out;
+    } u;
+} SUPCOOKIE, *PSUPCOOKIE;
+/** @} */
+/** @name SUP_IOCTL_QUERY_FUNCS
+ * Query SUPR0 functions.
+ * @{
+ */
+#define SUP_IOCTL_QUERY_FUNCS(cFuncs)                   SUP_CTL_CODE_SIZE(2, SUP_IOCTL_QUERY_FUNCS_SIZE(cFuncs))
+#define SUP_IOCTL_QUERY_FUNCS_SIZE(cFuncs)              RT_OFFSETOF(SUPQUERYFUNCS, u.Out.aFunctions[(cFuncs)])
+#define SUP_IOCTL_QUERY_FUNCS_SIZE_IN                   sizeof(SUPREQHDR)
+#define SUP_IOCTL_QUERY_FUNCS_SIZE_OUT(cFuncs)          SUP_IOCTL_QUERY_FUNCS_SIZE(cFuncs)
+/** A function. */
 typedef struct SUPFUNC
+{
 …
 } SUPFUNC, *PSUPFUNC;
+/** SUP_IOCTL_QUERY_FUNCS Output. */
+typedef struct SUPQUERYFUNCS_OUT
+{
+    /** Number of functions returned. */
+    uint32_t        cFunctions;
+    /** Array of functions. */
+    SUPFUNC         aFunctions[1];
+} SUPQUERYFUNCS_OUT, *PSUPQUERYFUNCS_OUT;
+/** SUP_IOCTL_IDT_INSTALL Input. */
+typedef struct SUPIDTINSTALL_IN
+{
+    /** Cookie. */
+    uint32_t        u32Cookie;
+    /** Session cookie. */
+    uint32_t        u32SessionCookie;
+} SUPIDTINSTALL_IN, *PSUPIDTINSTALL_IN;
+/** SUP_IOCTL_IDT_INSTALL Output. */
+typedef struct SUPIDTINSTALL_OUT
+{
+    /** Cookie. */
+    uint8_t         u8Idt;
+} SUPIDTINSTALL_OUT, *PSUPIDTINSTALL_OUT;
+/** SUP_IOCTL_IDT_REMOVE Input. */
+typedef struct SUPIDTREMOVE_IN
+{
+    /** Cookie. */
+    uint32_t        u32Cookie;
+    /** Session cookie. */
+    uint32_t        u32SessionCookie;
+} SUPIDTREMOVE_IN, *PSUPIDTREMOVE_IN;
+/** SUP_IOCTL_PINPAGES Input. */
+typedef struct SUPPINPAGES_IN
+{
+    /** Cookie. */
+    uint32_t        u32Cookie;
+    /** Session cookie. */
+    uint32_t        u32SessionCookie;
+    /** Start of page range. Must be PAGE aligned. */
+    RTR3PTR         pvR3;
+    /** Size of the range. Must be PAGE aligned. */
+    uint32_t        cPages;
+} SUPPINPAGES_IN, *PSUPPINPAGES_IN;
+/** SUP_IOCTL_PINPAGES Output. */
+typedef struct SUPPINPAGES_OUT
+{
+    /** Array of pages. */
+    SUPPAGE         aPages[1];
+} SUPPINPAGES_OUT, *PSUPPINPAGES_OUT;
+/** SUP_IOCTL_UNPINPAGES Input. */
+typedef struct SUPUNPINPAGES_IN
+{
+    /** Cookie. */
+    uint32_t        u32Cookie;
+    /** Session cookie. */
+    uint32_t        u32SessionCookie;
+    /** Start of page range of a range previuosly pinned. */
+    RTR3PTR         pvR3;
+} SUPUNPINPAGES_IN, *PSUPUNPINPAGES_IN;
+/** SUP_IOCTL_CONT_ALLOC Input. */
+typedef struct SUPCONTALLOC_IN
+{
+    /** Cookie. */
+    uint32_t        u32Cookie;
+    /** Session cookie. */
+    uint32_t        u32SessionCookie;
+    /** Number of bytes to allocate. */
+    uint32_t        cPages;
+} SUPCONTALLOC_IN, *PSUPCONTALLOC_IN;
+/** SUP_IOCTL_CONT_ALLOC Output. */
+typedef struct SUPCONTALLOC_OUT
+{
+    /** The address of the ring-0 mapping of the allocated memory. */
+    RTR0PTR         pvR0;
+    /** The address of the ring-3 mapping of the allocated memory. */
+    RTR3PTR         pvR3;
+    /** The physical address of the allocation. */
+    RTHCPHYS        HCPhys;
+} SUPCONTALLOC_OUT, *PSUPCONTALLOC_OUT;
+/** SUP_IOCTL_CONT_FREE Input. */
+typedef struct SUPCONTFREE_IN
+{
+    /** Cookie. */
+    uint32_t        u32Cookie;
+    /** Session cookie. */
+    uint32_t        u32SessionCookie;
+    /** The ring-3 address of the memory to free. */
+    RTR3PTR         pvR3;
+} SUPCONTFREE_IN, *PSUPCONTFREE_IN;
+/** SUP_IOCTL_LDR_OPEN Input. */
+typedef struct SUPLDROPEN_IN
+{
+    /** Cookie. */
+    uint32_t        u32Cookie;
+    /** Session cookie. */
+    uint32_t        u32SessionCookie;
+    /** Size of the image we'll be loading. */
+    uint32_t        cbImage;
+    /** Image name.
+     * This is the NAME of the image, not the file name. It is used
+     * to share code with other processes. (Max len is 32 chars!)  */
+    char            szName[32];
+} SUPLDROPEN_IN, *PSUPLDROPEN_IN;
+/** SUP_IOCTL_LDR_OPEN Output. */
+typedef struct SUPLDROPEN_OUT
+{
+    /** The base address of the image. */
+    RTR0PTR         pvImageBase;
+    /** Indicate whether or not the image requires loading. */
+    bool            fNeedsLoading;
+} SUPLDROPEN_OUT, *PSUPLDROPEN_OUT;
+typedef struct SUPQUERYFUNCS
+{
+    /** The header. */
+    SUPREQHDR               Hdr;
+    union
+    {
+        struct
+        {
+            /** Number of functions returned. */
+            uint32_t        cFunctions;
+            /** Array of functions. */
+            SUPFUNC         aFunctions[1];
+        } Out;
+    } u;
+} SUPQUERYFUNCS, *PSUPQUERYFUNCS;
+/** @} */
+/** @name SUP_IOCTL_IDT_INSTALL
+ * Install IDT patch for calling processor.
+ * @{
+ */
+#define SUP_IOCTL_IDT_INSTALL                           SUP_CTL_CODE_SIZE(3, SUP_IOCTL_IDT_INSTALL_SIZE)
+#define SUP_IOCTL_IDT_INSTALL_SIZE                      sizeof(SUPIDTINSTALL)
+#define SUP_IOCTL_IDT_INSTALL_SIZE_IN                   sizeof(SUPREQHDR)
+#define SUP_IOCTL_IDT_INSTALL_SIZE_OUT                  sizeof(SUPIDTINSTALL)
+typedef struct SUPIDTINSTALL
+{
+    /** The header. */
+    SUPREQHDR               Hdr;
+    union
+    {
+        struct
+        {
+            /** The IDT entry number. */
+            uint8_t         u8Idt;
+        } Out;
+    } u;
+} SUPIDTINSTALL, *PSUPIDTINSTALL;
+/** @} */
+/** @name SUP_IOCTL_IDT_REMOVE
+ * Remove IDT patch for calling processor.
+ * @{
+ */
+#define SUP_IOCTL_IDT_REMOVE                            SUP_CTL_CODE_SIZE(4, SUP_IOCTL_IDT_REMOVE_SIZE)
+#define SUP_IOCTL_IDT_REMOVE_SIZE                       sizeof(SUPIDTREMOVE)
+#define SUP_IOCTL_IDT_REMOVE_SIZE_IN                    sizeof(SUPIDTREMOVE)
+#define SUP_IOCTL_IDT_REMOVE_SIZE_OUT                   sizeof(SUPIDTREMOVE)
+typedef struct SUPIDTREMOVE
+{
+    /** The header. */
+    SUPREQHDR               Hdr;
+} SUPIDTREMOVE, *PSUPIDTREMOVE;
+/** @}*/
+/** @name SUP_IOCTL_LDR_OPEN
+ * Open an image.
+ * @{
+ */
+#define SUP_IOCTL_LDR_OPEN                              SUP_CTL_CODE_SIZE(5, SUP_IOCTL_LDR_OPEN_SIZE)
+#define SUP_IOCTL_LDR_OPEN_SIZE                         sizeof(SUPLDROPEN)
+#define SUP_IOCTL_LDR_OPEN_SIZE_IN                      sizeof(SUPLDROPEN)
+#define SUP_IOCTL_LDR_OPEN_SIZE_OUT                     (sizeof(SUPREQHDR) + RT_SIZEOFMEMB(SUPLDROPEN, u.Out))
+typedef struct SUPLDROPEN
+{
+    /** The header. */
+    SUPREQHDR               Hdr;
+    union
+    {
+        struct
+        {
+            /** Size of the image we'll be loading. */
+            uint32_t        cbImage;
+            /** Image name.
+             * This is the NAME of the image, not the file name. It is used
+             * to share code with other processes. (Max len is 32 chars!)  */
+            char            szName[32];
+        } In;
+        struct
+        {
+            /** The base address of the image. */
+            RTR0PTR         pvImageBase;
+            /** Indicate whether or not the image requires loading. */
+            bool            fNeedsLoading;
+        } Out;
+    } u;
+} SUPLDROPEN, *PSUPLDROPEN;
+/** @} */
+/** @name SUP_IOCTL_LDR_LOAD
+ * Upload the image bits.
+ * @{
+ */
+#define SUP_IOCTL_LDR_LOAD                              SUP_CTL_CODE_BIG(6)
+#define SUP_IOCTL_LDR_LOAD_SIZE(cbImage)                RT_OFFSETOF(SUPLDRLOAD, u.In.achImage[cbImage])
+#define SUP_IOCTL_LDR_LOAD_SIZE_IN(cbImage)             RT_OFFSETOF(SUPLDRLOAD, u.In.achImage[cbImage])
+#define SUP_IOCTL_LDR_LOAD_SIZE_OUT                     sizeof(SUPREQHDR)
 /**
 …
 } SUPLDRSYM, *PSUPLDRSYM;
+/** SUP_IOCTL_LDR_LOAD Input. */
+typedef struct SUPLDRLOAD_IN
+{
+    /** Cookie. */
+    uint32_t        u32Cookie;
+    /** Session cookie. */
+    uint32_t        u32SessionCookie;
+    /** The address of module initialization function. Similar to _DLL_InitTerm(hmod, 0). */
+    PFNR0MODULEINIT pfnModuleInit;
+    /** The address of module termination function. Similar to _DLL_InitTerm(hmod, 1). */
+    PFNR0MODULETERM pfnModuleTerm;
+    /** Special entry points. */
+    union
+    {
+        struct
+        {
+            /** The module handle (i.e. address). */
+            RTR0PTR         pvVMMR0;
+            /** Address of VMMR0Entry function. */
+            RTR0PTR         pvVMMR0Entry;
+        } VMMR0;
+    }               EP;
+    /** Address. */
+    RTR0PTR         pvImageBase;
+    /** Entry point type. */
+    enum { EP_NOTHING, EP_VMMR0 }
+                    eEPType;
+    /** The offset of the symbol table. */
+    uint32_t        offSymbols;
+    /** The number of entries in the symbol table. */
+    uint32_t        cSymbols;
+    /** The offset of the string table. */
+    uint32_t        offStrTab;
+    /** Size of the string table. */
+    uint32_t        cbStrTab;
+    /** Size of image (including string and symbol tables). */
+    uint32_t        cbImage;
+    /** The image data. */
+    char            achImage[1];
+} SUPLDRLOAD_IN, *PSUPLDRLOAD_IN;
+/** SUP_IOCTL_LDR_FREE Input. */
+typedef struct SUPLDRFREE_IN
+{
+    /** Cookie. */
+    uint32_t        u32Cookie;
+    /** Session cookie. */
+    uint32_t        u32SessionCookie;
+    /** Address. */
+    RTR0PTR         pvImageBase;
+} SUPLDRFREE_IN, *PSUPLDRFREE_IN;
+/** SUP_IOCTL_LDR_GET_SYMBOL Input. */
+typedef struct SUPLDRGETSYMBOL_IN
+{
+    /** Cookie. */
+    uint32_t        u32Cookie;
+    /** Session cookie. */
+    uint32_t        u32SessionCookie;
+    /** Address. */
+    RTR0PTR         pvImageBase;
+    /** The symbol name (variable length). */
+    char            szSymbol[1];
+} SUPLDRGETSYMBOL_IN, *PSUPLDRGETSYMBOL_IN;
+/** SUP_IOCTL_LDR_GET_SYMBOL Output. */
+typedef struct SUPLDRGETSYMBOL_OUT
+{
+    /** The symbol address. */
+    RTR0PTR         pvSymbol;
+} SUPLDRGETSYMBOL_OUT, *PSUPLDRGETSYMBOL_OUT;
+/** SUP_IOCTL_CALL_VMMR0 Input. */
+typedef struct SUPCALLVMMR0_IN
+{
+    /** Cookie. */
+    uint32_t        u32Cookie;
+    /** Session cookie. */
+    uint32_t        u32SessionCookie;
+    /** The VM handle. */
+    PVMR0           pVMR0;
+    /** Which operation to execute. */
+    uint32_t        uOperation;
+    /** The size of the buffer pointed to by pvArg. */
+    uint32_t        cbArg;
+    /** Argument to that operation. */
+    RTR3PTR         pvArg;
+} SUPCALLVMMR0_IN, *PSUPCALLVMMR0_IN;
+/** SUP_IOCTL_CALL_VMMR0 Output. */
+typedef struct SUPCALLVMMR0_OUT
+{
+    /** The VBox status code for the operation. */
+    int32_t         rc;
+} SUPCALLVMMR0_OUT, *PSUPCALLVMMR0_OUT;
+/** SUP_IOCTL_GET_PAGING_MODE Input. */
+typedef struct SUPGETPAGINGMODE_IN
+{
+    /** Cookie. */
+    uint32_t        u32Cookie;
+    /** Session cookie. */
+    uint32_t        u32SessionCookie;
+} SUPGETPAGINGMODE_IN, *PSUPGETPAGINGMODE_IN;
+/** SUP_IOCTL_GET_PAGING_MODE Output. */
+typedef struct SUPGETPAGINGMODE_OUT
+{
+    /** The paging mode. */
+    SUPPAGINGMODE       enmMode;
+} SUPGETPAGINGMODE_OUT, *PSUPGETPAGINGMODE_OUT;
+/** SUP_IOCTL_LOW_ALLOC Input. */
+typedef struct SUPLOWALLOC_IN
+{
+    /** Cookie. */
+    uint32_t        u32Cookie;
+    /** Session cookie. */
+    uint32_t        u32SessionCookie;
+    /** Number of pages to allocate. */
+    uint32_t        cPages;
+} SUPLOWALLOC_IN, *PSUPLOWALLOC_IN;
+/** SUP_IOCTL_LOW_ALLOC Output. */
+typedef struct SUPLOWALLOC_OUT
+{
+    /** The ring-3 address of the allocated memory. */
+    RTR3PTR         pvR3;
+    /** The ring-0 address of the allocated memory. */
+    RTR0PTR         pvR0;
+    /** Array of pages. */
+    SUPPAGE         aPages[1];
+} SUPLOWALLOC_OUT, *PSUPLOWALLOC_OUT;
+/** SUP_IOCTL_LOW_FREE Input. */
+typedef struct SUPLOWFREE_IN
+{
+    /** Cookie. */
+    uint32_t        u32Cookie;
+    /** Session cookie. */
+    uint32_t        u32SessionCookie;
+    /** The ring-3 address of the memory to free. */
+    RTR3PTR         pvR3;
+} SUPLOWFREE_IN, *PSUPLOWFREE_IN;
+/** SUP_IOCTL_GIP_MAP Input. */
+typedef struct SUPGIPMAP_IN
+{
+    /** Cookie. */
+    uint32_t        u32Cookie;
+    /** Session cookie. */
+    uint32_t        u32SessionCookie;
+} SUPGIPMAP_IN, *PSUPGIPMAP_IN;
+/** SUP_IOCTL_GIP_MAP Output. */
+typedef struct SUPGIPMAP_OUT
+{
+    /** Pointer to the read-only usermode GIP mapping for this session. */
+    R3PTRTYPE(PSUPGLOBALINFOPAGE)   pGipR3;
+    /** Pointer to the supervisor mode GIP mapping. */
+    R0PTRTYPE(PSUPGLOBALINFOPAGE)   pGipR0;
+    /** The physical address of the GIP. */
+    RTHCPHYS                        HCPhysGip;
+} SUPGIPMAP_OUT, *PSUPGIPMAP_OUT;
+/** SUP_IOCTL_GIP_UNMAP Input. */
+typedef struct SUPGIPUNMAP_IN
+{
+    /** Cookie. */
+    uint32_t        u32Cookie;
+    /** Session cookie. */
+    uint32_t        u32SessionCookie;
+} SUPGIPUNMAP_IN, *PSUPGIPUNMAP_IN;
+/** SUP_IOCTL_SET_VM_FOR_FAST Input. */
+typedef struct SUPSETVMFORFAST_IN
+{
+    /** Cookie. */
+    uint32_t        u32Cookie;
+    /** Session cookie. */
+    uint32_t        u32SessionCookie;
+    /** The ring-0 VM handle (pointer). */
+    PVMR0           pVMR0;
+} SUPSETVMFORFAST_IN, *PSUPSETVMFORFAST_IN;
+typedef struct SUPALLOCPAGE_IN
+{
+    /** Cookie. */
+    uint32_t        u32Cookie;
+    /** Session cookie. */
+    uint32_t        u32SessionCookie;
+    /** Number of pages to allocate */
+    uint32_t        cPages;
+} SUPALLOCPAGE_IN, *PSUPALLOCPAGE_IN;
+typedef struct SUPALLOCPAGE_OUT
+{
+    /** Cookie. */
+    uint32_t            u32Cookie;
+    /** Returned ring-3 address */
+    R3PTRTYPE(void *)   pvR3;
+} SUPALLOCPAGE_OUT, *PSUPALLOCPAGE_OUT;
+typedef struct SUPFREEPAGE_IN
+{
+    /** Cookie. */
+    uint32_t            u32Cookie;
+    /** Session cookie. */
+    uint32_t        u32SessionCookie;
+    /** Address of memory range to free */
+    R3PTRTYPE(void *)   pvR3;
+} SUPFREEPAGE_IN, *PSUPFREEPAGE_IN;
+typedef struct SUPLDRLOAD
+{
+    /** The header. */
+    SUPREQHDR               Hdr;
+    union
+    {
+        struct
+        {
+            /** The address of module initialization function. Similar to _DLL_InitTerm(hmod, 0). */
+            PFNR0MODULEINIT pfnModuleInit;
+            /** The address of module termination function. Similar to _DLL_InitTerm(hmod, 1). */
+            PFNR0MODULETERM pfnModuleTerm;
+            /** Special entry points. */
+            union
+            {
+                struct
+                {
+                    /** The module handle (i.e. address). */
+                    RTR0PTR         pvVMMR0;
+                    /** Address of VMMR0Entry function. */
+                    RTR0PTR         pvVMMR0Entry;
+                } VMMR0;
+            }               EP;
+            /** Address. */
+            RTR0PTR         pvImageBase;
+            /** Entry point type. */
+            enum { EP_NOTHING, EP_VMMR0 }
+                            eEPType;
+            /** The offset of the symbol table. */
+            uint32_t        offSymbols;
+            /** The number of entries in the symbol table. */
+            uint32_t        cSymbols;
+            /** The offset of the string table. */
+            uint32_t        offStrTab;
+            /** Size of the string table. */
+            uint32_t        cbStrTab;
+            /** Size of image (including string and symbol tables). */
+            uint32_t        cbImage;
+            /** The image data. */
+            char            achImage[1];
+        } In;
+    } u;
+} SUPLDRLOAD, *PSUPLDRLOAD;
+/** @} */
+/** @name SUP_IOCTL_LDR_FREE
+ * Free an image.
+ * @{
+ */
+#define SUP_IOCTL_LDR_FREE                              SUP_CTL_CODE_SIZE(7, SUP_IOCTL_LDR_FREE_SIZE)
+#define SUP_IOCTL_LDR_FREE_SIZE                         sizeof(SUPLDRFREE)
+#define SUP_IOCTL_LDR_FREE_SIZE_IN                      sizeof(SUPLDRFREE)
+#define SUP_IOCTL_LDR_FREE_SIZE_OUT                     sizeof(SUPREQHDR)
+typedef struct SUPLDRFREE
+{
+    /** The header. */
+    SUPREQHDR               Hdr;
+    union
+    {
+        struct
+        {
+            /** Address. */
+            RTR0PTR         pvImageBase;
+        } In;
+    } u;
+} SUPLDRFREE, *PSUPLDRFREE;
+/** @} */
+/** @name SUP_IOCTL_LDR_GET_SYMBOL
+ * Get address of a symbol within an image.
+ * @{
+ */
+#define SUP_IOCTL_LDR_GET_SYMBOL                        SUP_CTL_CODE_SIZE(8, SUP_IOCTL_LDR_GET_SYMBOL_SIZE)
+#define SUP_IOCTL_LDR_GET_SYMBOL_SIZE                   sizeof(SUPLDRGETSYMBOL)
+#define SUP_IOCTL_LDR_GET_SYMBOL_SIZE_IN                sizeof(SUPLDRGETSYMBOL)
+#define SUP_IOCTL_LDR_GET_SYMBOL_SIZE_OUT               (sizeof(SUPREQHDR) + RT_SIZEOFMEMB(SUPLDRGETSYMBOL, u.Out))
+typedef struct SUPLDRGETSYMBOL
+{
+    /** The header. */
+    SUPREQHDR               Hdr;
+    union
+    {
+        struct
+        {
+            /** Address. */
+            RTR0PTR         pvImageBase;
+            /** The symbol name. */
+            char            szSymbol[64];
+        } In;
+        struct
+        {
+            /** The symbol address. */
+            RTR0PTR         pvSymbol;
+        } Out;
+    } u;
+} SUPLDRGETSYMBOL, *PSUPLDRGETSYMBOL;
+/** @} */
+/** @name SUP_IOCTL_CALL_VMMR0
+ * Call the R0 VMM Entry point.
+ *
+ * @todo Might have to convert this to a big request...
+ * @{
+ */
+#define SUP_IOCTL_CALL_VMMR0(cbReq)                     SUP_CTL_CODE_SIZE(9, SUP_IOCTL_CALL_VMMR0_SIZE(cbReq))
+#define SUP_IOCTL_CALL_VMMR0_SIZE(cbReq)                RT_OFFSETOF(SUPCALLVMMR0, abReqPkt[cbReq])
+#define SUP_IOCTL_CALL_VMMR0_SIZE_IN(cbReq)             SUP_IOCTL_CALL_VMMR0_SIZE(cbReq)
+#define SUP_IOCTL_CALL_VMMR0_SIZE_OUT(cbReq)            SUP_IOCTL_CALL_VMMR0_SIZE(cbReq)
+typedef struct SUPCALLVMMR0
+{
+    /** The header. */
+    SUPREQHDR               Hdr;
+    union
+    {
+        struct
+        {
+            /** The VM handle. */
+            PVMR0           pVMR0;
+            /** Which operation to execute. */
+            uint32_t        uOperation;
+#if R0_ARCH_BITS == 64
+            /** Alignment. */
+            uint32_t        u32Reserved;
+#endif
+            /** Argument to use when no request packet is supplied. */
+            RTR0UINTPTR     uArg;
+        } In;
+    } u;
+    /** The VMMR0Entry request packet. */
+    uint8_t                 abReqPkt[1];
+} SUPCALLVMMR0, *PSUPCALLVMMR0;
+/** @} */
+/** @name SUP_IOCTL_LOW_ALLOC
+ * Allocate memory below 4GB (physically).
+ * @{
+ */
+#define SUP_IOCTL_LOW_ALLOC                             SUP_CTL_CODE_BIG(10)
+#define SUP_IOCTL_LOW_ALLOC_SIZE(cPages)                RT_OFFSETOF(SUPLOWALLOC, u.Out.aPages[cPages])
+#define SUP_IOCTL_LOW_ALLOC_SIZE_IN                     (sizeof(SUPREQHDR) + RT_SIZEOFMEMB(SUPLOWALLOC, u.In))
+#define SUP_IOCTL_LOW_ALLOC_SIZE_OUT(cPages)            SUP_IOCTL_LOW_ALLOC_SIZE(cPages)
+typedef struct SUPLOWALLOC
+{
+    /** The header. */
+    SUPREQHDR               Hdr;
+    union
+    {
+        struct
+        {
+            /** Number of pages to allocate. */
+            uint32_t        cPages;
+        } In;
+        struct
+        {
+            /** The ring-3 address of the allocated memory. */
+            RTR3PTR         pvR3;
+            /** The ring-0 address of the allocated memory. */
+            RTR0PTR         pvR0;
+            /** Array of pages. */
+            RTHCPHYS        aPages[1];
+        } Out;
+    } u;
+} SUPLOWALLOC, *PSUPLOWALLOC;
+/** @} */
+/** @name SUP_IOCTL_LOW_FREE
+ * Free low memory.
+ * @{
+ */
+#define SUP_IOCTL_LOW_FREE                              SUP_CTL_CODE_SIZE(11, SUP_IOCTL_LOW_FREE_SIZE)
+#define SUP_IOCTL_LOW_FREE_SIZE                         sizeof(SUPLOWFREE)
+#define SUP_IOCTL_LOW_FREE_SIZE_IN                      sizeof(SUPLOWFREE)
+#define SUP_IOCTL_LOW_FREE_SIZE_OUT                     sizeof(SUPREQHDR)
+typedef struct SUPLOWFREE
+{
+    /** The header. */
+    SUPREQHDR               Hdr;
+    union
+    {
+        struct
+        {
+            /** The ring-3 address of the memory to free. */
+            RTR3PTR         pvR3;
+        } In;
+    } u;
+} SUPLOWFREE, *PSUPLOWFREE;
+/** @} */
+/** @name SUP_IOCTL_PAGE_ALLOC
+ * Allocate memory and map into the user process.
+ * The memory is of course locked.
+ * @{
+ */
+#define SUP_IOCTL_PAGE_ALLOC                            SUP_CTL_CODE_BIG(12)
+#define SUP_IOCTL_PAGE_ALLOC_SIZE(cPages)               RT_OFFSETOF(SUPPAGEALLOC, u.Out.aPages[cPages])
+#define SUP_IOCTL_PAGE_ALLOC_SIZE_IN                    (sizeof(SUPREQHDR) + RT_SIZEOFMEMB(SUPPAGEALLOC, u.In))
+#define SUP_IOCTL_PAGE_ALLOC_SIZE_OUT(cPages)           SUP_IOCTL_PAGE_ALLOC_SIZE(cPages)
+typedef struct SUPPAGEALLOC
+{
+    /** The header. */
+    SUPREQHDR               Hdr;
+    union
+    {
+        struct
+        {
+            /** Number of pages to allocate */
+            uint32_t        cPages;
+        } In;
+        struct
+        {
+            /** Returned ring-3 address. */
+            RTR3PTR         pvR3;
+            /** The physical addresses of the allocated pages. */
+            RTHCPHYS        aPages[1];
+        } Out;
+    } u;
+} SUPPAGEALLOC, *PSUPPAGEALLOC;
+/** @} */
+/** @name SUP_IOCTL_PAGE_FREE
+ * Free memory allocated with SUP_IOCTL_PAGE_ALLOC.
+ * @{
+ */
+#define SUP_IOCTL_PAGE_FREE                             SUP_CTL_CODE_SIZE(13, SUP_IOCTL_PAGE_FREE_SIZE_IN)
+#define SUP_IOCTL_PAGE_FREE_SIZE                        sizeof(SUPPAGEFREE)
+#define SUP_IOCTL_PAGE_FREE_SIZE_IN                     sizeof(SUPPAGEFREE)
+#define SUP_IOCTL_PAGE_FREE_SIZE_OUT                    sizeof(SUPREQHDR)
+typedef struct SUPPAGEFREE
+{
+    /** The header. */
+    SUPREQHDR               Hdr;
+    union
+    {
+        struct
+        {
+            /** Address of memory range to free. */
+            RTR3PTR         pvR3;
+        } In;
+    } u;
+} SUPPAGEFREE, *PSUPPAGEFREE;
+/** @} */
+/** @name SUP_IOCTL_PAGE_LOCK
+ * Pin down physical pages.
+ * @{
+ */
+#define SUP_IOCTL_PAGE_LOCK                             SUP_CTL_CODE_BIG(14)
+#define SUP_IOCTL_PAGE_LOCK_SIZE(cPages)                (RT_MAX((size_t)SUP_IOCTL_PAGE_LOCK_SIZE_IN, (size_t)SUP_IOCTL_PAGE_LOCK_SIZE_OUT(cPages)))
+#define SUP_IOCTL_PAGE_LOCK_SIZE_IN                     (sizeof(SUPREQHDR) + RT_SIZEOFMEMB(SUPPAGELOCK, u.In))
+#define SUP_IOCTL_PAGE_LOCK_SIZE_OUT(cPages)            RT_OFFSETOF(SUPPAGELOCK, u.Out.aPages[cPages])
+typedef struct SUPPAGELOCK
+{
+    /** The header. */
+    SUPREQHDR               Hdr;
+    union
+    {
+        struct
+        {
+            /** Start of page range. Must be PAGE aligned. */
+            RTR3PTR         pvR3;
+            /** The range size given as a page count. */
+            uint32_t        cPages;
+        } In;
+        struct
+        {
+            /** Array of pages. */
+            RTHCPHYS        aPages[1];
+        } Out;
+    } u;
+} SUPPAGELOCK, *PSUPPAGELOCK;
+/** @} */
+/** @name SUP_IOCTL_PAGE_UNLOCK
+ * Unpin physical pages.
+ * @{ */
+#define SUP_IOCTL_PAGE_UNLOCK                           SUP_CTL_CODE_SIZE(15, SUP_IOCTL_PAGE_UNLOCK_SIZE)
+#define SUP_IOCTL_PAGE_UNLOCK_SIZE                      sizeof(SUPPAGEUNLOCK)
+#define SUP_IOCTL_PAGE_UNLOCK_SIZE_IN                   sizeof(SUPPAGEUNLOCK)
+#define SUP_IOCTL_PAGE_UNLOCK_SIZE_OUT                  sizeof(SUPREQHDR)
+typedef struct SUPPAGEUNLOCK
+{
+    /** The header. */
+    SUPREQHDR               Hdr;
+    union
+    {
+        struct
+        {
+            /** Start of page range of a range previuosly pinned. */
+            RTR3PTR         pvR3;
+        } In;
+    } u;
+} SUPPAGEUNLOCK, *PSUPPAGEUNLOCK;
+/** @} */
+/** @name SUP_IOCTL_CONT_ALLOC
+ * Allocate contious memory.
+ * @{
+ */
+#define SUP_IOCTL_CONT_ALLOC                            SUP_CTL_CODE_SIZE(16, SUP_IOCTL_CONT_ALLOC_SIZE)
+#define SUP_IOCTL_CONT_ALLOC_SIZE                       sizeof(SUPCONTALLOC)
+#define SUP_IOCTL_CONT_ALLOC_SIZE_IN                    (sizeof(SUPREQHDR) + RT_SIZEOFMEMB(SUPCONTALLOC, u.In))
+#define SUP_IOCTL_CONT_ALLOC_SIZE_OUT                   sizeof(SUPCONTALLOC)
+typedef struct SUPCONTALLOC
+{
+    /** The header. */
+    SUPREQHDR               Hdr;
+    union
+    {
+        struct
+        {
+            /** The allocation size given as a page count. */
+            uint32_t        cPages;
+        } In;
+        struct
+        {
+            /** The address of the ring-0 mapping of the allocated memory. */
+            RTR0PTR         pvR0;
+            /** The address of the ring-3 mapping of the allocated memory. */
+            RTR3PTR         pvR3;
+            /** The physical address of the allocation. */
+            RTHCPHYS        HCPhys;
+        } Out;
+    } u;
+} SUPCONTALLOC, *PSUPCONTALLOC;
+/** @} */
+/** @name SUP_IOCTL_CONT_FREE Input.
+ * @{
+ */
+/** Free contious memory. */
+#define SUP_IOCTL_CONT_FREE                             SUP_CTL_CODE_SIZE(17, SUP_IOCTL_CONT_FREE_SIZE)
+#define SUP_IOCTL_CONT_FREE_SIZE                        sizeof(SUPCONTFREE)
+#define SUP_IOCTL_CONT_FREE_SIZE_IN                     sizeof(SUPCONTFREE)
+#define SUP_IOCTL_CONT_FREE_SIZE_OUT                    sizeof(SUPREQHDR)
+typedef struct SUPCONTFREE
+{
+    /** The header. */
+    SUPREQHDR               Hdr;
+    union
+    {
+        struct
+        {
+            /** The ring-3 address of the memory to free. */
+            RTR3PTR         pvR3;
+        } In;
+    } u;
+} SUPCONTFREE, *PSUPCONTFREE;
+/** @} */
+/** @name SUP_IOCTL_GET_PAGING_MODE
+ * Get the host paging mode.
+ * @{
+ */
+#define SUP_IOCTL_GET_PAGING_MODE                       SUP_CTL_CODE_SIZE(18, SUP_IOCTL_GET_PAGING_MODE_SIZE)
+#define SUP_IOCTL_GET_PAGING_MODE_SIZE                  sizeof(SUPGETPAGINGMODE)
+#define SUP_IOCTL_GET_PAGING_MODE_SIZE_IN               sizeof(SUPREQHDR)
+#define SUP_IOCTL_GET_PAGING_MODE_SIZE_OUT              sizeof(SUPGETPAGINGMODE)
+typedef struct SUPGETPAGINGMODE
+{
+    /** The header. */
+    SUPREQHDR               Hdr;
+    union
+    {
+        struct
+        {
+            /** The paging mode. */
+            SUPPAGINGMODE   enmMode;
+        } Out;
+    } u;
+} SUPGETPAGINGMODE, *PSUPGETPAGINGMODE;
+/** @} */
+/** @name SUP_IOCTL_SET_VM_FOR_FAST
+ * Set the VM handle for doing fast call ioctl calls.
+ * @{
+ */
+#define SUP_IOCTL_SET_VM_FOR_FAST                       SUP_CTL_CODE_SIZE(19, SUP_IOCTL_SET_VM_FOR_FAST_SIZE)
+#define SUP_IOCTL_SET_VM_FOR_FAST_SIZE                  sizeof(SUPSETVMFORFAST)
+#define SUP_IOCTL_SET_VM_FOR_FAST_SIZE_IN               sizeof(SUPSETVMFORFAST)
+#define SUP_IOCTL_SET_VM_FOR_FAST_SIZE_OUT              sizeof(SUPREQHDR)
+typedef struct SUPSETVMFORFAST
+{
+    /** The header. */
+    SUPREQHDR               Hdr;
+    union
+    {
+        struct
+        {
+            /** The ring-0 VM handle (pointer). */
+            PVMR0           pVMR0;
+        } In;
+    } u;
+} SUPSETVMFORFAST, *PSUPSETVMFORFAST;
+/** @} */
+/** @name SUP_IOCTL_GIP_MAP
+ * Map the GIP into user space.
+ * @{
+ */
+#define SUP_IOCTL_GIP_MAP                               SUP_CTL_CODE_SIZE(20, SUP_IOCTL_GIP_MAP_SIZE)
+#define SUP_IOCTL_GIP_MAP_SIZE                          sizeof(SUPGIPMAP)
+#define SUP_IOCTL_GIP_MAP_SIZE_IN                       sizeof(SUPREQHDR)
+#define SUP_IOCTL_GIP_MAP_SIZE_OUT                      sizeof(SUPGIPMAP)
+typedef struct SUPGIPMAP
+{
+    /** The header. */
+    SUPREQHDR               Hdr;
+    union
+    {
+        struct
+        {
+            /** The physical address of the GIP. */
+            RTHCPHYS        HCPhysGip;
+            /** Pointer to the read-only usermode GIP mapping for this session. */
+            R3PTRTYPE(PSUPGLOBALINFOPAGE)   pGipR3;
+            /** Pointer to the supervisor mode GIP mapping. */
+            R0PTRTYPE(PSUPGLOBALINFOPAGE)   pGipR0;
+        } Out;
+    } u;
+} SUPGIPMAP, *PSUPGIPMAP;
+/** @} */
+/** @name SUP_IOCTL_GIP_UNMAP
+ * Unmap the GIP.
+ * @{
+ */
+#define SUP_IOCTL_GIP_UNMAP                             SUP_CTL_CODE_SIZE(21, SUP_IOCTL_GIP_UNMAP_SIZE)
+#define SUP_IOCTL_GIP_UNMAP_SIZE                        sizeof(SUPGIPUNMAP)
+#define SUP_IOCTL_GIP_UNMAP_SIZE_IN                     sizeof(SUPGIPUNMAP)
+#define SUP_IOCTL_GIP_UNMAP_SIZE_OUT                    sizeof(SUPGIPUNMAP)
+typedef struct SUPGIPUNMAP
+{
+    /** The header. */
+    SUPREQHDR               Hdr;
+} SUPGIPUNMAP, *PSUPGIPUNMAP;
+/** @} */
 #pragma pack()                          /* paranoia */

trunk/src/VBox/HostDrivers/Support/SUPDRVShared.c

-              r4792
+              r4800
 #define GIP_UPDATEHZ_RECALC_FREQ            0x800
+/**
+ * Validates a session pointer.
+ *
+ * @returns true/false accordingly.
+ * @param   pSession    The session.
+ */
+#define SUP_IS_SESSION_VALID(pSession)  \
+    (   VALID_PTR(pSession) \
+     && pSession->u32Cookie == BIRD_INV)
 /*******************************************************************************
 …
 #ifdef USE_NEW_OS_INTERFACE_FOR_MM
     { "SUPR0PageAlloc",                         (void *)SUPR0PageAlloc },
-    { "SUPR0PageGetPhys",                       (void *)SUPR0PageGetPhys },
     { "SUPR0PageFree",                          (void *)SUPR0PageFree },
 #endif
 …
 *   Internal Functions                                                         *
 *******************************************************************************/
-__BEGIN_DECLS
 static int      supdrvMemAdd(PSUPDRVMEMREF pMem, PSUPDRVSESSION pSession);
 static int      supdrvMemRelease(PSUPDRVSESSION pSession, RTHCUINTPTR uPtr, SUPDRVMEMREFTYPE eType);
 #ifndef VBOX_WITHOUT_IDT_PATCHING
 static int      supdrvIOCtl_IdtInstall(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPIDTINSTALL_IN pIn, PSUPIDTINSTALL_OUT pOut);
+static int      supdrvIOCtl_IdtInstall(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPIDTINSTALL pReq);
 static PSUPDRVPATCH supdrvIdtPatchOne(PSUPDRVDEVEXT pDevExt, PSUPDRVPATCH pPatch);
 static int      supdrvIOCtl_IdtRemoveAll(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession);
 …
 static void     supdrvIdtWrite(volatile void *pvIdtEntry, const SUPDRVIDTE *pNewIDTEntry);
 #endif /* !VBOX_WITHOUT_IDT_PATCHING */
 static int      supdrvIOCtl_LdrOpen(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPLDROPEN_IN pIn, PSUPLDROPEN_OUT pOut);
 static int      supdrvIOCtl_LdrLoad(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPLDRLOAD_IN pIn);
 static int      supdrvIOCtl_LdrFree(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPLDRFREE_IN pIn);
 static int      supdrvIOCtl_LdrGetSymbol(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPLDRGETSYMBOL_IN pIn, PSUPLDRGETSYMBOL_OUT pOut);
+static int      supdrvIOCtl_LdrOpen(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPLDROPEN pReq);
+static int      supdrvIOCtl_LdrLoad(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPLDRLOAD pReq);
+static int      supdrvIOCtl_LdrFree(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPLDRFREE pReq);
+static int      supdrvIOCtl_LdrGetSymbol(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPLDRGETSYMBOL pReq);
 static int      supdrvLdrSetR0EP(PSUPDRVDEVEXT pDevExt, void *pvVMMR0, void *pvVMMR0Entry);
 static void     supdrvLdrUnsetR0EP(PSUPDRVDEVEXT pDevExt);
 static void     supdrvLdrAddUsage(PSUPDRVSESSION pSession, PSUPDRVLDRIMAGE pImage);
 static void     supdrvLdrFree(PSUPDRVDEVEXT pDevExt, PSUPDRVLDRIMAGE pImage);
 static int      supdrvIOCtl_GetPagingMode(PSUPGETPAGINGMODE_OUT pOut);
+static SUPPAGINGMODE supdrvIOCtl_GetPagingMode(void);
 static SUPGIPMODE supdrvGipDeterminTscMode(void);
+#ifdef RT_OS_WINDOWS
+static int      supdrvPageGetPhys(PSUPDRVSESSION pSession, RTR3PTR pvR3, uint32_t cPages, PRTHCPHYS paPages);
+static bool     supdrvPageWasLockedByPageAlloc(PSUPDRVSESSION pSession, RTR3PTR pvR3);
+#endif
 #ifdef USE_NEW_OS_INTERFACE_FOR_GIP
 static int      supdrvGipCreate(PSUPDRVDEVEXT pDevExt);
 static int      supdrvGipDestroy(PSUPDRVDEVEXT pDevExt);
+static void     supdrvGipDestroy(PSUPDRVDEVEXT pDevExt);
 static DECLCALLBACK(void) supdrvGipTimer(PRTTIMER pTimer, void *pvUser);
 #endif
-__END_DECLS
 /**
  * Initializes the device extentsion structure.
+ *
+ * @returns 0 on success.
+ * @returns SUPDRV_ERR_ on failure.
+ * @returns IPRT status code.
  * @param   pDevExt     The device extension to initialize.
  */
 …
                 if (RT_SUCCESS(rc))
+                {
                     pDevExt->u32Cookie = BIRD;
                     return 0;
+                    pDevExt->u32Cookie = BIRD;  /** @todo make this random? */
+                    return VINF_SUCCESS;
+                }
 #else
                 pDevExt->u32Cookie = BIRD;
                 return 0;
+                return VINF_SUCCESS;
 #endif
+            }
 …
+}
 /**
  * Delete the device extension (e.g. cleanup members).
+ *
- * @returns 0.
  * @param   pDevExt     The device extension to delete.
  */
 int VBOXCALL supdrvDeleteDevExt(PSUPDRVDEVEXT pDevExt)
+void VBOXCALL supdrvDeleteDevExt(PSUPDRVDEVEXT pDevExt)
+{
 #ifndef VBOX_WITHOUT_IDT_PATCHING
 …
      * Free lists.
      */
 #ifndef VBOX_WITHOUT_IDT_PATCHING
     /* patches */
 …
     supdrvGipDestroy(pDevExt);
 #endif
-    return 0;
+}
 …
  * Create session.
+ *
+ * @returns 0 on success.
+ * @returns SUPDRV_ERR_ on failure.
+ * @returns IPRT status code.
  * @param   pDevExt     Device extension.
  * @param   ppSession   Where to store the pointer to the session data.
 …
      * Allocate memory for the session data.
      */
     int rc = SUPDRV_ERR_NO_MEMORY;
+    int rc = VERR_NO_MEMORY;
     PSUPDRVSESSION pSession = *ppSession = (PSUPDRVSESSION)RTMemAllocZ(sizeof(*pSession));
     if (pSession)
 …
             dprintf(("Created session %p initial cookie=%#x\n", pSession, pSession->u32Cookie));
             return 0;
+            return VINF_SUCCESS;
+        }
 …
          * Check and unlock all entries in the bundle.
          */
         for (i = 0; i < sizeof(pBundle->aMem) / sizeof(pBundle->aMem[0]); i++)
+        for (i = 0; i < RT_ELEMENTS(pBundle->aMem); i++)
+        {
 #ifdef USE_NEW_OS_INTERFACE_FOR_MM
 …
+            {
                 int rc;
                 dprintf2(("eType=%d pvR0=%p pvR3=%p cb=%d\n", pBundle->aMem[i].eType,
                           RTR0MemObjAddress(pBundle->aMem[i].MapObj), RTR0MemObjAddressR3(pBundle->aMem[i].MapObjR3), RTR0MemObjSize(pBundle->aMem[i].MemObj)));
+                dprintf2(("eType=%d pvR0=%p pvR3=%p cb=%ld\n", pBundle->aMem[i].eType, RTR0MemObjAddress(pBundle->aMem[i].MemObj),
+                          (void *)RTR0MemObjAddressR3(pBundle->aMem[i].MapObjR3), (long)RTR0MemObjSize(pBundle->aMem[i].MemObj)));
                 if (pBundle->aMem[i].MapObjR3 != NIL_RTR0MEMOBJ)
+                {
 …
  * Fast path I/O Control worker.
+ *
+ * @returns 0 on success.
+ * @returns One of the SUPDRV_ERR_* on failure.
+ * @returns VBox status code that should be passed down to ring-3 unchanged.
  * @param   uIOCtl      Function number.
  * @param   pDevExt     Device extention.
  * @param   pSession    Session data.
  */
 int  VBOXCALL   supdrvIOCtlFast(unsigned uIOCtl, PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession)
+int VBOXCALL supdrvIOCtlFast(uintptr_t uIOCtl, PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession)
+{
     /*
 …
+ *
  * @returns 0 on success.
+ * @returns One of the SUPDRV_ERR_* on failure.
+ * @returns VERR_INVALID_PARAMETER if the request is invalid.
+ *
  * @param   uIOCtl      Function number.
  * @param   pDevExt     Device extention.
  * @param   pSession    Session data.
+ * @param   pvIn        Input data.
+ * @param   cbIn        Size of input data.
+ * @param   pvOut       Output data.
+ *                      IMPORTANT! This buffer may be shared with the input
+ *                                 data, thus no writing before done reading
+ *                                 input data!!!
+ * @param   cbOut       Size of output data.
+ * @param   pcbReturned Size of the returned data.
+ */
+int VBOXCALL supdrvIOCtl(unsigned int uIOCtl, PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession,
+                         void *pvIn, unsigned cbIn, void *pvOut, unsigned cbOut, unsigned *pcbReturned)
+{
+    *pcbReturned = 0;
+    switch (uIOCtl)
+    {
+        case SUP_IOCTL_COOKIE:
+        {
+            PSUPCOOKIE_IN  pIn = (PSUPCOOKIE_IN)pvIn;
+            PSUPCOOKIE_OUT pOut = (PSUPCOOKIE_OUT)pvOut;
+ * @param   pReqHdr     The request header.
+ */
+int VBOXCALL supdrvIOCtl(uintptr_t uIOCtl, PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPREQHDR pReqHdr)
+{
+    /*
+     * Validate the request.
+     */
+    /* this first check could probably be omitted as its also done by the OS specific code... */
+    if (RT_UNLIKELY(    (pReqHdr->fFlags & SUPREQHDR_FLAGS_MAGIC_MASK) != SUPREQHDR_FLAGS_MAGIC
+                    ||  pReqHdr->cbIn < sizeof(*pReqHdr)
+                    ||  pReqHdr->cbOut < sizeof(*pReqHdr)))
+    {
+        OSDBGPRINT(("vboxdrv: Bad ioctl request header; cbIn=%#lx cbOut=%#lx fFlags=%#lx\n",
+                    (long)pReqHdr->cbIn, (long)pReqHdr->cbOut, (long)pReqHdr->fFlags));
+        return VERR_INVALID_PARAMETER;
+    }
+    if (RT_UNLIKELY(uIOCtl == SUP_IOCTL_COOKIE))
+    {
+        if (pReqHdr->u32Cookie != SUPCOOKIE_INITIAL_COOKIE)
+        {
+            OSDBGPRINT(("SUP_IOCTL_COOKIE: bad cookie %#lx\n", (long)pReqHdr->u32Cookie));
+            return VERR_INVALID_PARAMETER;
+        }
+    }
+    else if (RT_UNLIKELY(    pReqHdr->u32Cookie != pDevExt->u32Cookie
+                         ||  pReqHdr->u32SessionCookie != pSession->u32Cookie))
+    {
+        OSDBGPRINT(("vboxdrv: bad cookie %#lx / %#lx.\n", (long)pReqHdr->u32Cookie, (long)pReqHdr->u32SessionCookie));
+        return VERR_INVALID_PARAMETER;
+    }
+/*
+ * Validation macros
+ */
+#define REQ_CHECK_SIZES_EX(Name, cbInExpect, cbOutExpect) \
+    do { \
+        if (RT_UNLIKELY(pReqHdr->cbIn != (cbInExpect) || pReqHdr->cbOut != (cbOutExpect))) \
+        { \
+            OSDBGPRINT(( #Name ": Invalid input/output sizes. cbIn=%ld expected %ld. cbOut=%ld expected %ld.\n", \
+                        (long)pReq->Hdr.cbIn, (long)(cbInExpect), (long)pReq->Hdr.cbOut, (long)(cbOutExpect))); \
+            return pReq->Hdr.rc = VERR_INVALID_PARAMETER; \
+        } \
+    } while (0)
+#define REQ_CHECK_SIZES(Name) REQ_CHECK_SIZES_EX(Name, Name ## _SIZE_IN, Name ## _SIZE_OUT)
+#define REQ_CHECK_SIZE_IN(Name, cbInExpect) \
+    do { \
+        if (RT_UNLIKELY(pReqHdr->cbIn != (cbInExpect))) \
+        { \
+            OSDBGPRINT(( #Name ": Invalid input/output sizes. cbIn=%ld expected %ld.\n", \
+                        (long)pReq->Hdr.cbIn, (long)(cbInExpect))); \
+            return pReq->Hdr.rc = VERR_INVALID_PARAMETER; \
+        } \
+    } while (0)
+#define REQ_CHECK_SIZE_OUT(Name, cbOutExpect) \
+    do { \
+        if (RT_UNLIKELY(pReqHdr->cbOut != (cbOutExpect))) \
+        { \
+            OSDBGPRINT(( #Name ": Invalid input/output sizes. cbOut=%ld expected %ld.\n", \
+                        (long)pReq->Hdr.cbOut, (long)(cbOutExpect))); \
+            return pReq->Hdr.rc = VERR_INVALID_PARAMETER; \
+        } \
+    } while (0)
+#define REQ_CHECK_EXPR(Name, expr) \
+    do { \
+        if (RT_UNLIKELY(!(expr))) \
+        { \
+            OSDBGPRINT(( #Name ": %s\n", #expr)); \
+            return pReq->Hdr.rc = VERR_INVALID_PARAMETER; \
+        } \
+    } while (0)
+#define REQ_CHECK_EXPR_FMT(expr, fmt) \
+    do { \
+        if (RT_UNLIKELY(!(expr))) \
+        { \
+            OSDBGPRINT( fmt ); \
+            return pReq->Hdr.rc = VERR_INVALID_PARAMETER; \
+        } \
+    } while (0)
+    /*
+     * The switch.
+     */
+    switch (SUP_CTL_CODE_NO_SIZE(uIOCtl))
+    {
+        case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_COOKIE):
+        {
+            PSUPCOOKIE pReq = (PSUPCOOKIE)pReqHdr;
+            REQ_CHECK_SIZES(SUP_IOCTL_COOKIE);
+            if (strncmp(pReq->u.In.szMagic, SUPCOOKIE_MAGIC, sizeof(pReq->u.In.szMagic)))
+            {
+                OSDBGPRINT(("SUP_IOCTL_COOKIE: invalid magic %.16s\n", pReq->u.In.szMagic));
+                pReq->Hdr.rc = VERR_INVALID_MAGIC;
+                return 0;
+            }
+#if 0
             /*
+             * Validate.
+             * Call out to the OS specific code and let it do permission checks on the
+             * client process.
              */
+            if (    cbIn != sizeof(*pIn)
+                ||  cbOut != sizeof(*pOut))
+            if (!supdrvOSValidateClientProcess(pDevExt, pSession))
+            {
+                OSDBGPRINT(("SUP_IOCTL_COOKIE: Invalid input/output sizes. cbIn=%ld expected %ld. cbOut=%ld expected %ld.\n",
+                            (long)cbIn, (long)sizeof(*pIn), (long)cbOut, (long)sizeof(*pOut)));
+                return SUPDRV_ERR_INVALID_PARAM;
+                pReq->u.Out.u32Cookie         = 0xffffffff;
+                pReq->u.Out.u32SessionCookie  = 0xffffffff;
+                pReq->u.Out.u32SessionVersion = 0xffffffff;
+                pReq->u.Out.u32DriverVersion  = SUPDRVIOC_VERSION;
+                pReq->u.Out.pSession          = NULL;
+                pReq->u.Out.cFunctions        = 0;
+                pReq->Hdr.rc = VERR_PERMISSION_DENIED;
+                return 0;
+            }
+            if (strncmp(pIn->szMagic, SUPCOOKIE_MAGIC, sizeof(pIn->szMagic)))
+            {
+                OSDBGPRINT(("SUP_IOCTL_COOKIE: invalid magic %.16s\n", pIn->szMagic));
+                return SUPDRV_ERR_INVALID_MAGIC;
+            }
+#endif
             /*
 …
              * The current logic is very simple, match the major interface version.
              */
             if (    pIn->u32MinVersion > SUPDRVIOC_VERSION
                 ||  (pIn->u32MinVersion & 0xffff0000) != (SUPDRVIOC_VERSION & 0xffff0000))
+            if (    pReq->u.In.u32MinVersion > SUPDRVIOC_VERSION
+                ||  (pReq->u.In.u32MinVersion & 0xffff0000) != (SUPDRVIOC_VERSION & 0xffff0000))
+            {
                 OSDBGPRINT(("SUP_IOCTL_COOKIE: Version mismatch. Requested: %#x  Min: %#x  Current: %#x\n",
                             pIn->u32ReqVersion, pIn->u32MinVersion, SUPDRVIOC_VERSION));
                 pOut->u32Cookie         = 0xffffffff;
                 pOut->u32SessionCookie  = 0xffffffff;
                 pOut->u32SessionVersion = 0xffffffff;
                 pOut->u32DriverVersion  = SUPDRVIOC_VERSION;
                 pOut->pSession          = NULL;
                 pOut->cFunctions        = 0;
                 *pcbReturned = sizeof(*pOut);
                 return SUPDRV_ERR_VERSION_MISMATCH;
+                            pReq->u.In.u32ReqVersion, pReq->u.In.u32MinVersion, SUPDRVIOC_VERSION));
+                pReq->u.Out.u32Cookie         = 0xffffffff;
+                pReq->u.Out.u32SessionCookie  = 0xffffffff;
+                pReq->u.Out.u32SessionVersion = 0xffffffff;
+                pReq->u.Out.u32DriverVersion  = SUPDRVIOC_VERSION;
+                pReq->u.Out.pSession          = NULL;
+                pReq->u.Out.cFunctions        = 0;
+                pReq->Hdr.rc = VERR_VERSION_MISMATCH;
+                return 0;
+            }
 …
              *      u32SessionVersion <= u32ReqVersion!
              */
             /** @todo A more secure cookie negotiation? */
             pOut->u32Cookie         = pDevExt->u32Cookie;
             pOut->u32SessionCookie  = pSession->u32Cookie;
             pOut->u32SessionVersion = SUPDRVIOC_VERSION;
             pOut->u32DriverVersion  = SUPDRVIOC_VERSION;
             pOut->pSession          = pSession;
             pOut->cFunctions        = sizeof(g_aFunctions) / sizeof(g_aFunctions[0]);
             *pcbReturned = sizeof(*pOut);
+            /** @todo Somehow validate the client and negotiate a secure cookie... */
+            pReq->u.Out.u32Cookie         = pDevExt->u32Cookie;
+            pReq->u.Out.u32SessionCookie  = pSession->u32Cookie;
+            pReq->u.Out.u32SessionVersion = SUPDRVIOC_VERSION;
+            pReq->u.Out.u32DriverVersion  = SUPDRVIOC_VERSION;
+            pReq->u.Out.pSession          = pSession;
+            pReq->u.Out.cFunctions        = sizeof(g_aFunctions) / sizeof(g_aFunctions[0]);
+            pReq->Hdr.rc = VINF_SUCCESS;
             return 0;
+        }
+        case SUP_IOCTL_QUERY_FUNCS:
+        {
+            unsigned            cFunctions;
+            PSUPQUERYFUNCS_IN   pIn = (PSUPQUERYFUNCS_IN)pvIn;
+            PSUPQUERYFUNCS_OUT  pOut = (PSUPQUERYFUNCS_OUT)pvOut;
+            /*
+             * Validate.
+             */
+            if (    cbIn != sizeof(*pIn)
+                ||  cbOut < sizeof(*pOut))
+        case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_QUERY_FUNCS(0)):
+        {
+            /* validate */
+            PSUPQUERYFUNCS pReq = (PSUPQUERYFUNCS)pReqHdr;
+            REQ_CHECK_SIZES_EX(SUP_IOCTL_QUERY_FUNCS, SUP_IOCTL_QUERY_FUNCS_SIZE_IN, SUP_IOCTL_QUERY_FUNCS_SIZE_OUT(RT_ELEMENTS(g_aFunctions)));
+            /* execute */
+            pReq->u.Out.cFunctions = RT_ELEMENTS(g_aFunctions);
+            memcpy(&pReq->u.Out.aFunctions[0], g_aFunctions, sizeof(g_aFunctions));
+            pReq->Hdr.rc = VINF_SUCCESS;
+            return 0;
+        }
+        case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_IDT_INSTALL):
+        {
+            /* validate */
+            PSUPIDTINSTALL pReq = (PSUPIDTINSTALL)pReqHdr;
+            REQ_CHECK_SIZES(SUP_IOCTL_IDT_INSTALL);
+            /* execute */
+#ifndef VBOX_WITHOUT_IDT_PATCHING
+            pReq->Hdr.rc = supdrvIOCtl_IdtInstall(pDevExt, pSession, pReq);
+#else
+            pReq->u.Out.u8Idt = 3;
+            pReq->Hdr.rc = VERR_NOT_SUPPORTED;
+#endif
+            return 0;
+        }
+        case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_IDT_REMOVE):
+        {
+            /* validate */
+            PSUPIDTREMOVE pReq = (PSUPIDTREMOVE)pReqHdr;
+            REQ_CHECK_SIZES(SUP_IOCTL_IDT_REMOVE);
+            /* execute */
+#ifndef VBOX_WITHOUT_IDT_PATCHING
+            pReq->Hdr.rc = supdrvIOCtl_IdtRemoveAll(pDevExt, pSession);
+#else
+            pReq->Hdr.rc = VERR_NOT_SUPPORTED;
+#endif
+            return 0;
+        }
+        case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_PAGE_LOCK):
+        {
+            /* validate */
+            PSUPPAGELOCK pReq = (PSUPPAGELOCK)pReqHdr;
+            REQ_CHECK_SIZE_IN(SUP_IOCTL_PAGE_LOCK, SUP_IOCTL_PAGE_LOCK_SIZE_IN);
+            REQ_CHECK_SIZE_OUT(SUP_IOCTL_PAGE_LOCK, SUP_IOCTL_PAGE_LOCK_SIZE_OUT(pReq->u.In.cPages));
+            REQ_CHECK_EXPR(SUP_IOCTL_PAGE_LOCK, pReq->u.In.cPages > 0);
+            REQ_CHECK_EXPR(SUP_IOCTL_PAGE_LOCK, pReq->u.In.pvR3 >= PAGE_SIZE);
+            /* execute */
+            pReq->Hdr.rc = SUPR0LockMem(pSession, pReq->u.In.pvR3, pReq->u.In.cPages, &pReq->u.Out.aPages[0]);
+            if (RT_FAILURE(pReq->Hdr.rc))
+                pReq->Hdr.cbOut = sizeof(pReq->Hdr);
+            return 0;
+        }
+        case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_PAGE_UNLOCK):
+        {
+            /* validate */
+            PSUPPAGEUNLOCK pReq = (PSUPPAGEUNLOCK)pReqHdr;
+            REQ_CHECK_SIZES(SUP_IOCTL_PAGE_UNLOCK);
+            /* execute */
+            pReq->Hdr.rc = SUPR0UnlockMem(pSession, pReq->u.In.pvR3);
+            return 0;
+        }
+        case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_CONT_ALLOC):
+        {
+            /* validate */
+            PSUPCONTALLOC pReq = (PSUPCONTALLOC)pReqHdr;
+            REQ_CHECK_SIZES(SUP_IOCTL_CONT_ALLOC);
+            /* execute */
+            pReq->Hdr.rc = SUPR0ContAlloc(pSession, pReq->u.In.cPages, &pReq->u.Out.pvR0, &pReq->u.Out.pvR3, &pReq->u.Out.HCPhys);
+            if (RT_FAILURE(pReq->Hdr.rc))
+                pReq->Hdr.cbOut = sizeof(pReq->Hdr);
+            return 0;
+        }
+        case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_CONT_FREE):
+        {
+            /* validate */
+            PSUPCONTFREE pReq = (PSUPCONTFREE)pReqHdr;
+            REQ_CHECK_SIZES(SUP_IOCTL_CONT_FREE);
+            /* execute */
+            pReq->Hdr.rc = SUPR0ContFree(pSession, (RTHCUINTPTR)pReq->u.In.pvR3);
+            return 0;
+        }
+        case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_LDR_OPEN):
+        {
+            /* validate */
+            PSUPLDROPEN pReq = (PSUPLDROPEN)pReqHdr;
+            REQ_CHECK_SIZES(SUP_IOCTL_LDR_OPEN);
+            REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, pReq->u.In.cbImage > 0);
+            REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, pReq->u.In.cbImage < _1M*16);
+            REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, pReq->u.In.szName[0]);
+            REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, memchr(pReq->u.In.szName, '\0', sizeof(pReq->u.In.szName)));
+            REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, !strpbrk(pReq->u.In.szName, ";:()[]{}/\\|&*%#@!~`\"'"));
+            /* execute */
+            pReq->Hdr.rc = supdrvIOCtl_LdrOpen(pDevExt, pSession, pReq);
+            return 0;
+        }
+        case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_LDR_LOAD):
+        {
+            /* validate */
+            PSUPLDRLOAD pReq = (PSUPLDRLOAD)pReqHdr;
+            REQ_CHECK_EXPR(Name, pReq->Hdr.cbIn >= sizeof(*pReq));
+            REQ_CHECK_SIZES_EX(SUP_IOCTL_LDR_LOAD, SUP_IOCTL_LDR_LOAD_SIZE_IN(pReq->u.In.cbImage), SUP_IOCTL_LDR_LOAD_SIZE_OUT);
+            REQ_CHECK_EXPR(SUP_IOCTL_LDR_LOAD, pReq->u.In.cSymbols <= 16384);
+            REQ_CHECK_EXPR_FMT(     !pReq->u.In.cSymbols
+                               ||   (   pReq->u.In.offSymbols < pReq->u.In.cbImage
+                                     && pReq->u.In.offSymbols + pReq->u.In.cSymbols * sizeof(SUPLDRSYM) <= pReq->u.In.cbImage),
+                               ("SUP_IOCTL_LDR_LOAD: offSymbols=%#lx cSymbols=%#lx cbImage=%#lx\n", (long)pReq->u.In.offSymbols,
+                                (long)pReq->u.In.cSymbols, (long)pReq->u.In.cbImage));
+            REQ_CHECK_EXPR_FMT(     !pReq->u.In.cbStrTab
+                               ||   (   pReq->u.In.offStrTab < pReq->u.In.cbImage
+                                     && pReq->u.In.offStrTab + pReq->u.In.cbStrTab <= pReq->u.In.cbImage
+                                     && pReq->u.In.cbStrTab <= pReq->u.In.cbImage),
+                               ("SUP_IOCTL_LDR_LOAD: offStrTab=%#lx cbStrTab=%#lx cbImage=%#lx\n", (long)pReq->u.In.offStrTab,
+                                (long)pReq->u.In.cbStrTab, (long)pReq->u.In.cbImage));
+            if (pReq->u.In.cSymbols)
+            {
+                dprintf(("SUP_IOCTL_QUERY_FUNCS: Invalid input/output sizes. cbIn=%ld expected %ld. cbOut=%ld expected %ld.\n",
+                         (long)cbIn, (long)sizeof(*pIn), (long)cbOut, (long)sizeof(*pOut)));
+                return SUPDRV_ERR_INVALID_PARAM;
+            }
+            if (    pIn->u32Cookie != pDevExt->u32Cookie
+                ||  pIn->u32SessionCookie != pSession->u32Cookie )
+            {
+                dprintf(("SUP_IOCTL_QUERY_FUNCS: Cookie mismatch {%#x,%#x} != {%#x,%#x}!\n",
+                         pIn->u32Cookie, pDevExt->u32Cookie, pIn->u32SessionCookie, pSession->u32Cookie));
+                return SUPDRV_ERR_INVALID_MAGIC;
+            }
+            /*
+             * Copy the functions.
+             */
+            cFunctions = (cbOut - RT_OFFSETOF(SUPQUERYFUNCS_OUT, aFunctions)) / sizeof(pOut->aFunctions[0]);
+            cFunctions = RT_MIN(cFunctions, ELEMENTS(g_aFunctions));
+            AssertMsg(cFunctions == ELEMENTS(g_aFunctions),
+                      ("Why aren't R3 querying all the functions!?! cFunctions=%d while there are %d available\n",
+                       cFunctions, ELEMENTS(g_aFunctions)));
+            pOut->cFunctions = cFunctions;
+            memcpy(&pOut->aFunctions[0], g_aFunctions, sizeof(pOut->aFunctions[0]) * cFunctions);
+            *pcbReturned = RT_OFFSETOF(SUPQUERYFUNCS_OUT, aFunctions[cFunctions]);
+            return 0;
+        }
+        case SUP_IOCTL_IDT_INSTALL:
+        {
+            PSUPIDTINSTALL_IN   pIn = (PSUPIDTINSTALL_IN)pvIn;
+            PSUPIDTINSTALL_OUT  pOut = (PSUPIDTINSTALL_OUT)pvOut;
+            /*
+             * Validate.
+             */
+            if (    cbIn != sizeof(*pIn)
+                ||  cbOut != sizeof(*pOut))
+            {
+                dprintf(("SUP_IOCTL_INSTALL: Invalid input/output sizes. cbIn=%ld expected %ld. cbOut=%ld expected %ld.\n",
+                         (long)cbIn, (long)sizeof(*pIn), (long)cbOut, (long)sizeof(*pOut)));
+                return SUPDRV_ERR_INVALID_PARAM;
+            }
+            if (    pIn->u32Cookie != pDevExt->u32Cookie
+                ||  pIn->u32SessionCookie != pSession->u32Cookie )
+            {
+                dprintf(("SUP_IOCTL_INSTALL: Cookie mismatch {%#x,%#x} != {%#x,%#x}!\n",
+                         pIn->u32Cookie,  pDevExt->u32Cookie,
+                         pIn->u32SessionCookie, pSession->u32Cookie));
+                return SUPDRV_ERR_INVALID_MAGIC;
+            }
+            *pcbReturned = sizeof(*pOut);
+#ifndef VBOX_WITHOUT_IDT_PATCHING
+            return supdrvIOCtl_IdtInstall(pDevExt, pSession, pIn, pOut);
+#else
+            pOut->u8Idt = 3;
+            return 0;
+#endif
+        }
+        case SUP_IOCTL_IDT_REMOVE:
+        {
+            PSUPIDTREMOVE_IN   pIn = (PSUPIDTREMOVE_IN)pvIn;
+            /*
+             * Validate.
+             */
+            if (    cbIn != sizeof(*pIn)
+                ||  cbOut != 0)
+            {
+                dprintf(("SUP_IOCTL_REMOVE: Invalid input/output sizes. cbIn=%ld expected %ld. cbOut=%ld expected %ld.\n",
+                         (long)cbIn, (long)sizeof(*pIn), (long)cbOut, (long)0));
+                return SUPDRV_ERR_INVALID_PARAM;
+            }
+            if (    pIn->u32Cookie != pDevExt->u32Cookie
+                ||  pIn->u32SessionCookie != pSession->u32Cookie )
+            {
+                dprintf(("SUP_IOCTL_REMOVE: Cookie mismatch {%#x,%#x} != {%#x,%#x}!\n",
+                         pIn->u32Cookie, pDevExt->u32Cookie, pIn->u32SessionCookie, pSession->u32Cookie));
+                return SUPDRV_ERR_INVALID_MAGIC;
+            }
+#ifndef VBOX_WITHOUT_IDT_PATCHING
+            return supdrvIOCtl_IdtRemoveAll(pDevExt, pSession);
+#else
+            return 0;
+#endif
+        }
+        case SUP_IOCTL_PINPAGES:
+        {
+            int                 rc;
+            PSUPPINPAGES_IN     pIn = (PSUPPINPAGES_IN)pvIn;
+            PSUPPINPAGES_OUT    pOut = (PSUPPINPAGES_OUT)pvOut;
+            /*
+             * Validate.
+             */
+            if (    cbIn != sizeof(*pIn)
+                ||  cbOut < sizeof(*pOut))
+            {
+                dprintf(("SUP_IOCTL_PINPAGES: Invalid input/output sizes. cbIn=%ld expected %ld. cbOut=%ld expected %ld.\n",
+                         (long)cbIn, (long)sizeof(*pIn), (long)cbOut, (long)sizeof(*pOut)));
+                return SUPDRV_ERR_INVALID_PARAM;
+            }
+            if (    pIn->u32Cookie != pDevExt->u32Cookie
+                ||  pIn->u32SessionCookie != pSession->u32Cookie )
+            {
+                dprintf(("SUP_IOCTL_PINPAGES: Cookie mismatch {%#x,%#x} != {%#x,%#x}!\n",
+                         pIn->u32Cookie,  pDevExt->u32Cookie, pIn->u32SessionCookie, pSession->u32Cookie));
+                return SUPDRV_ERR_INVALID_MAGIC;
+            }
+            if (pIn->cPages <= 0 || !pIn->pvR3)
+            {
+                dprintf(("SUP_IOCTL_PINPAGES: Illegal request %p %d\n", (void *)pIn->pvR3, pIn->cPages));
+                return SUPDRV_ERR_INVALID_PARAM;
+            }
+            if ((unsigned)RT_OFFSETOF(SUPPINPAGES_OUT, aPages[pIn->cPages]) > cbOut)
+            {
+                dprintf(("SUP_IOCTL_PINPAGES: Output buffer is too small! %d required %d passed in.\n",
+                         RT_OFFSETOF(SUPPINPAGES_OUT, aPages[pIn->cPages]), cbOut));
+                return SUPDRV_ERR_INVALID_PARAM;
+            }
+            /*
+             * Execute.
+             */
+            *pcbReturned = RT_OFFSETOF(SUPPINPAGES_OUT, aPages[pIn->cPages]);
+            rc = SUPR0LockMem(pSession, pIn->pvR3, pIn->cPages, &pOut->aPages[0]);
+            if (rc)
+                *pcbReturned = 0;
+            return rc;
+        }
+        case SUP_IOCTL_UNPINPAGES:
+        {
+            PSUPUNPINPAGES_IN   pIn = (PSUPUNPINPAGES_IN)pvIn;
+            /*
+             * Validate.
+             */
+            if (    cbIn != sizeof(*pIn)
+                ||  cbOut != 0)
+            {
+                dprintf(("SUP_IOCTL_UNPINPAGES: Invalid input/output sizes. cbIn=%ld expected %ld. cbOut=%ld expected %ld.\n",
+                         (long)cbIn, (long)sizeof(*pIn), (long)cbOut, (long)0));
+                return SUPDRV_ERR_INVALID_PARAM;
+            }
+            if (    pIn->u32Cookie != pDevExt->u32Cookie
+                ||  pIn->u32SessionCookie != pSession->u32Cookie)
+            {
+                dprintf(("SUP_IOCTL_UNPINPAGES: Cookie mismatch {%#x,%#x} != {%#x,%#x}!\n",
+                         pIn->u32Cookie, pDevExt->u32Cookie, pIn->u32SessionCookie, pSession->u32Cookie));
+                return SUPDRV_ERR_INVALID_MAGIC;
+            }
+            /*
+             * Execute.
+             */
+            return SUPR0UnlockMem(pSession, pIn->pvR3);
+        }
+        case SUP_IOCTL_CONT_ALLOC:
+        {
+            int                 rc;
+            PSUPCONTALLOC_IN    pIn = (PSUPCONTALLOC_IN)pvIn;
+            PSUPCONTALLOC_OUT   pOut = (PSUPCONTALLOC_OUT)pvOut;
+            /*
+             * Validate.
+             */
+            if (    cbIn != sizeof(*pIn)
+                ||  cbOut < sizeof(*pOut))
+            {
+                dprintf(("SUP_IOCTL_CONT_ALLOC: Invalid input/output sizes. cbIn=%ld expected %ld. cbOut=%ld expected %ld.\n",
+                         (long)cbIn, (long)sizeof(*pIn), (long)cbOut, (long)sizeof(*pOut)));
+                return SUPDRV_ERR_INVALID_PARAM;
+            }
+            if (    pIn->u32Cookie != pDevExt->u32Cookie
+                ||  pIn->u32SessionCookie != pSession->u32Cookie )
+            {
+                dprintf(("SUP_IOCTL_CONT_ALLOC: Cookie mismatch {%#x,%#x} != {%#x,%#x}!\n",
+                         pIn->u32Cookie, pDevExt->u32Cookie, pIn->u32SessionCookie, pSession->u32Cookie));
+                return SUPDRV_ERR_INVALID_MAGIC;
+            }
+            /*
+             * Execute.
+             */
+            rc = SUPR0ContAlloc(pSession, pIn->cPages, &pOut->pvR0, &pOut->pvR3, &pOut->HCPhys);
+            if (!rc)
+                *pcbReturned = sizeof(*pOut);
+            return rc;
+        }
+        case SUP_IOCTL_CONT_FREE:
+        {
+            PSUPCONTFREE_IN   pIn = (PSUPCONTFREE_IN)pvIn;
+            /*
+             * Validate.
+             */
+            if (    cbIn != sizeof(*pIn)
+                ||  cbOut != 0)
+            {
+                dprintf(("SUP_IOCTL_CONT_FREE: Invalid input/output sizes. cbIn=%ld expected %ld. cbOut=%ld expected %ld.\n",
+                         (long)cbIn, (long)sizeof(*pIn), (long)cbOut, (long)0));
+                return SUPDRV_ERR_INVALID_PARAM;
+            }
+            if (    pIn->u32Cookie != pDevExt->u32Cookie
+                ||  pIn->u32SessionCookie != pSession->u32Cookie)
+            {
+                dprintf(("SUP_IOCTL_CONT_FREE: Cookie mismatch {%#x,%#x} != {%#x,%#x}!\n",
+                         pIn->u32Cookie, pDevExt->u32Cookie, pIn->u32SessionCookie, pSession->u32Cookie));
+                return SUPDRV_ERR_INVALID_MAGIC;
+            }
+            /*
+             * Execute.
+             */
+            return SUPR0ContFree(pSession, (RTHCUINTPTR)pIn->pvR3);
+        }
+        case SUP_IOCTL_LDR_OPEN:
+        {
+            PSUPLDROPEN_IN  pIn = (PSUPLDROPEN_IN)pvIn;
+            PSUPLDROPEN_OUT pOut = (PSUPLDROPEN_OUT)pvOut;
+            /*
+             * Validate.
+             */
+            if (    cbIn != sizeof(*pIn)
+                ||  cbOut != sizeof(*pOut))
+            {
+                dprintf(("SUP_IOCTL_LDR_OPEN: Invalid input/output sizes. cbIn=%ld expected %ld. cbOut=%ld expected %ld.\n",
+                         (long)cbIn, (long)sizeof(*pIn), (long)cbOut, (long)sizeof(*pOut)));
+                return SUPDRV_ERR_INVALID_PARAM;
+            }
+            if (    pIn->u32Cookie != pDevExt->u32Cookie
+                ||  pIn->u32SessionCookie != pSession->u32Cookie)
+            {
+                dprintf(("SUP_IOCTL_LDR_OPEN: Cookie mismatch {%#x,%#x} != {%#x,%#x}!\n",
+                         pIn->u32Cookie, pDevExt->u32Cookie, pIn->u32SessionCookie, pSession->u32Cookie));
+                return SUPDRV_ERR_INVALID_MAGIC;
+            }
+            if (    pIn->cbImage <= 0
+                ||  pIn->cbImage >= 16*1024*1024 /*16MB*/)
+            {
+                dprintf(("SUP_IOCTL_LDR_OPEN: Invalid size %d. (max is 16MB)\n", pIn->cbImage));
+                return SUPDRV_ERR_INVALID_PARAM;
+            }
+            if (!memchr(pIn->szName, '\0', sizeof(pIn->szName)))
+            {
+                dprintf(("SUP_IOCTL_LDR_OPEN: The image name isn't terminated!\n"));
+                return SUPDRV_ERR_INVALID_PARAM;
+            }
+            if (!pIn->szName[0])
+            {
+                dprintf(("SUP_IOCTL_LDR_OPEN: The image name is too short\n"));
+                return SUPDRV_ERR_INVALID_PARAM;
+            }
+            if (strpbrk(pIn->szName, ";:()[]{}/\\|&*%#@!~`\"'"))
+            {
+                dprintf(("SUP_IOCTL_LDR_OPEN: The name is invalid '%s'\n", pIn->szName));
+                return SUPDRV_ERR_INVALID_PARAM;
+            }
+            *pcbReturned = sizeof(*pOut);
+            return supdrvIOCtl_LdrOpen(pDevExt, pSession, pIn, pOut);
+        }
+        case SUP_IOCTL_LDR_LOAD:
+        {
+            PSUPLDRLOAD_IN  pIn = (PSUPLDRLOAD_IN)pvIn;
+            /*
+             * Validate.
+             */
+            if (    cbIn <= sizeof(*pIn)
+                ||  cbOut != 0)
+            {
+                dprintf(("SUP_IOCTL_LDR_LOAD: Invalid input/output sizes. cbIn=%ld expected greater than %ld. cbOut=%ld expected %ld.\n",
+                         (long)cbIn, (long)sizeof(*pIn), (long)cbOut, (long)0));
+                return SUPDRV_ERR_INVALID_PARAM;
+            }
+            if (    pIn->u32Cookie != pDevExt->u32Cookie
+                ||  pIn->u32SessionCookie != pSession->u32Cookie)
+            {
+                dprintf(("SUP_IOCTL_LDR_LOAD: Cookie mismatch {%#x,%#x} != {%#x,%#x}!\n",
+                         pIn->u32Cookie, pDevExt->u32Cookie, pIn->u32SessionCookie, pSession->u32Cookie));
+                return SUPDRV_ERR_INVALID_MAGIC;
+            }
+            if ((unsigned)RT_OFFSETOF(SUPLDRLOAD_IN, achImage[pIn->cbImage]) > cbIn)
+            {
+                dprintf(("SUP_IOCTL_LDR_LOAD: Invalid size %d. InputBufferLength=%d\n",
+                         pIn->cbImage, cbIn));
+                return SUPDRV_ERR_INVALID_PARAM;
+            }
+            if (pIn->cSymbols > 16384)
+            {
+                dprintf(("SUP_IOCTL_LDR_LOAD: Too many symbols. cSymbols=%u max=16384\n", pIn->cSymbols));
+                return SUPDRV_ERR_INVALID_PARAM;
+            }
+            if (    pIn->cSymbols
+                &&  (   pIn->offSymbols >= pIn->cbImage
+                     || pIn->offSymbols + pIn->cSymbols * sizeof(SUPLDRSYM) > pIn->cbImage)
+               )
+            {
+                dprintf(("SUP_IOCTL_LDR_LOAD: symbol table is outside the image bits! offSymbols=%u cSymbols=%d cbImage=%d\n",
+                         pIn->offSymbols, pIn->cSymbols, pIn->cbImage));
+                return SUPDRV_ERR_INVALID_PARAM;
+            }
+            if (    pIn->cbStrTab
+                &&  (   pIn->offStrTab >= pIn->cbImage
+                     || pIn->offStrTab + pIn->cbStrTab > pIn->cbImage
+                     || pIn->offStrTab + pIn->cbStrTab < pIn->offStrTab)
+               )
+            {
+                dprintf(("SUP_IOCTL_LDR_LOAD: string table is outside the image bits! offStrTab=%u cbStrTab=%d cbImage=%d\n",
+                         pIn->offStrTab, pIn->cbStrTab, pIn->cbImage));
+                return SUPDRV_ERR_INVALID_PARAM;
+            }
+            if (pIn->cSymbols)
+            {
+                uint32_t    i;
+                PSUPLDRSYM  paSyms = (PSUPLDRSYM)&pIn->achImage[pIn->offSymbols];
+                for (i = 0; i < pIn->cSymbols; i++)
+                uint32_t i;
+                PSUPLDRSYM paSyms = (PSUPLDRSYM)&pReq->u.In.achImage[pReq->u.In.offSymbols];
+                for (i = 0; i < pReq->u.In.cSymbols; i++)
+                {
+                    if (paSyms[i].offSymbol >= pIn->cbImage)
+                    {
+                        dprintf(("SUP_IOCTL_LDR_LOAD: symbol i=%d has an invalid symbol offset: %#x (max=%#x)\n",
+                                 i, paSyms[i].offSymbol, pIn->cbImage));
+                        return SUPDRV_ERR_INVALID_PARAM;
+                    }
+                    if (paSyms[i].offName >= pIn->cbStrTab)
+                    {
+                        dprintf(("SUP_IOCTL_LDR_LOAD: symbol i=%d has an invalid name offset: %#x (max=%#x)\n",
+                                 i, paSyms[i].offName, pIn->cbStrTab));
+                        return SUPDRV_ERR_INVALID_PARAM;
+                    }
+                    if (!memchr(&pIn->achImage[pIn->offStrTab + paSyms[i].offName], '\0', pIn->cbStrTab - paSyms[i].offName))
+                    {
+                        dprintf(("SUP_IOCTL_LDR_LOAD: symbol i=%d has an unterminated name! offName=%#x (max=%#x)\n",
+                                 i, paSyms[i].offName, pIn->cbStrTab));
+                        return SUPDRV_ERR_INVALID_PARAM;
+                    }
+                    REQ_CHECK_EXPR_FMT(paSyms[i].offSymbol < pReq->u.In.cbImage,
+                                       ("SUP_IOCTL_LDR_LOAD: sym #%ld: symb off %#lx (max=%#lx)\n", (long)i, (long)paSyms[i].offSymbol, (long)pReq->u.In.cbImage));
+                    REQ_CHECK_EXPR_FMT(paSyms[i].offName < pReq->u.In.cbStrTab,
+                                       ("SUP_IOCTL_LDR_LOAD: sym #%ld: name off %#lx (max=%#lx)\n", (long)i, (long)paSyms[i].offName, (long)pReq->u.In.cbImage));
+                    REQ_CHECK_EXPR_FMT(memchr(&pReq->u.In.achImage[pReq->u.In.offStrTab + paSyms[i].offName], '\0', pReq->u.In.cbStrTab - paSyms[i].offName),
+                                       ("SUP_IOCTL_LDR_LOAD: sym #%ld: unterminated name! (%#lx / %#lx)\n", (long)i, (long)paSyms[i].offName, (long)pReq->u.In.cbImage));
+                }
+            }
+            return supdrvIOCtl_LdrLoad(pDevExt, pSession, pIn);
+        }
+        case SUP_IOCTL_LDR_FREE:
+        {
+            PSUPLDRFREE_IN  pIn = (PSUPLDRFREE_IN)pvIn;
+            /*
+             * Validate.
+             */
+            if (    cbIn != sizeof(*pIn)
+                ||  cbOut != 0)
+            /* execute */
+            pReq->Hdr.rc = supdrvIOCtl_LdrLoad(pDevExt, pSession, pReq);
+            return 0;
+        }
+        case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_LDR_FREE):
+        {
+            /* validate */
+            PSUPLDRFREE pReq = (PSUPLDRFREE)pReqHdr;
+            REQ_CHECK_SIZES(SUP_IOCTL_LDR_FREE);
+            /* execute */
+            pReq->Hdr.rc = supdrvIOCtl_LdrFree(pDevExt, pSession, pReq);
+            return 0;
+        }
+        case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_LDR_GET_SYMBOL):
+        {
+            /* validate */
+            PSUPLDRGETSYMBOL pReq = (PSUPLDRGETSYMBOL)pReqHdr;
+            REQ_CHECK_SIZES(SUP_IOCTL_LDR_GET_SYMBOL);
+            REQ_CHECK_EXPR(SUP_IOCTL_LDR_GET_SYMBOL, memchr(pReq->u.In.szSymbol, '\0', sizeof(pReq->u.In.szSymbol)));
+            /* execute */
+            pReq->Hdr.rc = supdrvIOCtl_LdrGetSymbol(pDevExt, pSession, pReq);
+            return 0;
+        }
+        case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_CALL_VMMR0(0)):
+        {
+            /* validate */
+            PSUPCALLVMMR0 pReq = (PSUPCALLVMMR0)pReqHdr;
+            if (pReq->Hdr.cbIn == SUP_IOCTL_CALL_VMMR0(0))
+            {
+                dprintf(("SUP_IOCTL_LDR_FREE: Invalid input/output sizes. cbIn=%ld expected %ld. cbOut=%ld expected %ld.\n",
+                         (long)cbIn, (long)sizeof(*pIn), (long)cbOut, (long)0));
+                return SUPDRV_ERR_INVALID_PARAM;
+                REQ_CHECK_SIZES_EX(SUP_IOCTL_CALL_VMMR0, SUP_IOCTL_CALL_VMMR0_SIZE_IN(0), SUP_IOCTL_CALL_VMMR0_SIZE_OUT(0));
+                /* execute */
+                if (RT_LIKELY(pDevExt->pfnVMMR0Entry))
+                    pReq->Hdr.rc = pDevExt->pfnVMMR0Entry(pReq->u.In.pVMR0, pReq->u.In.uOperation, (void *)pReq->u.In.uArg);
+                else
+                    pReq->Hdr.rc = VERR_WRONG_ORDER;
+            }
+            if (    pIn->u32Cookie != pDevExt->u32Cookie
+                ||  pIn->u32SessionCookie != pSession->u32Cookie)
+            else
+            {
+                dprintf(("SUP_IOCTL_LDR_FREE: Cookie mismatch {%#x,%#x} != {%#x,%#x}!\n",
+                         pIn->u32Cookie, pDevExt->u32Cookie, pIn->u32SessionCookie, pSession->u32Cookie));
+                return SUPDRV_ERR_INVALID_MAGIC;
+                PSUPVMMR0REQHDR pVMMReq = (PSUPVMMR0REQHDR)&pReq->abReqPkt[0];
+                REQ_CHECK_EXPR(SUP_IOCTL_CALL_VMMR0, pReq->Hdr.cbIn >= SUP_IOCTL_CALL_VMMR0_SIZE(sizeof(SUPVMMR0REQHDR)));
+                REQ_CHECK_EXPR(SUP_IOCTL_CALL_VMMR0, pVMMReq->u32Magic == SUPVMMR0REQHDR_MAGIC);
+                REQ_CHECK_SIZES_EX(SUP_IOCTL_CALL_VMMR0, SUP_IOCTL_CALL_VMMR0_SIZE_IN(pVMMReq->cbReq), SUP_IOCTL_CALL_VMMR0_SIZE_OUT(pVMMReq->cbReq));
+                /* execute */
+                if (RT_LIKELY(pDevExt->pfnVMMR0Entry))
+                    pReq->Hdr.rc = pDevExt->pfnVMMR0Entry(pReq->u.In.pVMR0, pReq->u.In.uOperation, pVMMReq);
+                else
+                    pReq->Hdr.rc = VERR_WRONG_ORDER;
+            }
-            return supdrvIOCtl_LdrFree(pDevExt, pSession, pIn);
+        }
-        case SUP_IOCTL_LDR_GET_SYMBOL:
+        {
-            PSUPLDRGETSYMBOL_IN  pIn  = (PSUPLDRGETSYMBOL_IN)pvIn;
-            PSUPLDRGETSYMBOL_OUT pOut = (PSUPLDRGETSYMBOL_OUT)pvOut;
-            char                *pszEnd;
-            /*
-             * Validate.
-             */
-            if (    cbIn < (unsigned)RT_OFFSETOF(SUPLDRGETSYMBOL_IN, szSymbol[2])
-                ||  cbOut != sizeof(*pOut))
+            {
-                dprintf(("SUP_IOCTL_LDR_GET_SYMBOL: Invalid input/output sizes. cbIn=%d expected >=%d. cbOut=%d expected at%d.\n",
-                         cbIn, RT_OFFSETOF(SUPLDRGETSYMBOL_IN, szSymbol[2]), cbOut, 0));
-                return SUPDRV_ERR_INVALID_PARAM;
+            }
-            if (    pIn->u32Cookie != pDevExt->u32Cookie
-                ||  pIn->u32SessionCookie != pSession->u32Cookie)
+            {
-                dprintf(("SUP_IOCTL_LDR_GET_SYMBOL: Cookie mismatch {%#x,%#x} != {%#x,%#x}!\n",
-                         pIn->u32Cookie, pDevExt->u32Cookie, pIn->u32SessionCookie, pSession->u32Cookie));
-                return SUPDRV_ERR_INVALID_MAGIC;
+            }
-            pszEnd = memchr(pIn->szSymbol, '\0', cbIn - RT_OFFSETOF(SUPLDRGETSYMBOL_IN, szSymbol));
-            if (!pszEnd)
+            {
-                dprintf(("SUP_IOCTL_LDR_GET_SYMBOL: The symbol name isn't terminated!\n"));
-                return SUPDRV_ERR_INVALID_PARAM;
+            }
-            if (pszEnd - &pIn->szSymbol[0] >= 1024)
+            {
-                dprintf(("SUP_IOCTL_LDR_GET_SYMBOL: The symbol name too long (%ld chars, max is %d)!\n",
-                         (long)(pszEnd - &pIn->szSymbol[0]), 1024));
-                return SUPDRV_ERR_INVALID_PARAM;
+            }
-            pOut->pvSymbol = NULL;
-            *pcbReturned = sizeof(*pOut);
-            return supdrvIOCtl_LdrGetSymbol(pDevExt, pSession, pIn, pOut);
+        }
-        /** @todo this interface needs re-doing, we're accessing Ring-3 buffers directly here! */
-        case SUP_IOCTL_CALL_VMMR0:
+        {
-            PSUPCALLVMMR0_IN    pIn = (PSUPCALLVMMR0_IN)pvIn;
-            PSUPCALLVMMR0_OUT   pOut = (PSUPCALLVMMR0_OUT)pvOut;
-            RTCCUINTREG         uFlags;
-            /*
-             * Validate.
-             */
-            if (    cbIn != sizeof(*pIn)
-                ||  cbOut != sizeof(*pOut))
+            {
-                dprintf(("SUP_IOCTL_CALL_VMMR0: Invalid input/output sizes. cbIn=%ld expected %ld. cbOut=%ld expected %ld.\n",
-                         (long)cbIn, (long)sizeof(*pIn), (long)cbOut, (long)sizeof(*pOut)));
-                return SUPDRV_ERR_INVALID_PARAM;
+            }
-            if (    pIn->u32Cookie != pDevExt->u32Cookie
-                ||  pIn->u32SessionCookie != pSession->u32Cookie )
+            {
-                dprintf(("SUP_IOCTL_CALL_VMMR0: Cookie mismatch {%#x,%#x} != {%#x,%#x}!\n",
-                         pIn->u32Cookie, pDevExt->u32Cookie, pIn->u32SessionCookie, pSession->u32Cookie));
-                return SUPDRV_ERR_INVALID_MAGIC;
+            }
-            /*
-             * Do we have an entrypoint?
-             */
-            if (!pDevExt->pfnVMMR0Entry)
-                return SUPDRV_ERR_GENERAL_FAILURE;
-            /*
-             * Execute.
-             */
-            uFlags = ASMGetFlags();
-            ASMIntDisable();
-            pOut->rc = pDevExt->pfnVMMR0Entry(pIn->pVMR0, pIn->uOperation, (void *)pIn->pvArg); /** @todo address the pvArg problem! */
-            ASMSetFlags(uFlags);
-            *pcbReturned = sizeof(*pOut);
             return 0;
+        }
+        case SUP_IOCTL_GET_PAGING_MODE:
+        {
+            int                     rc;
+            PSUPGETPAGINGMODE_IN    pIn = (PSUPGETPAGINGMODE_IN)pvIn;
+            PSUPGETPAGINGMODE_OUT   pOut = (PSUPGETPAGINGMODE_OUT)pvOut;
+            /*
+             * Validate.
+             */
+            if (    cbIn != sizeof(*pIn)
+                ||  cbOut != sizeof(*pOut))
+            {
+                dprintf(("SUP_IOCTL_GET_PAGING_MODE: Invalid input/output sizes. cbIn=%ld expected %ld. cbOut=%ld expected %ld.\n",
+                         (long)cbIn, (long)sizeof(*pIn), (long)cbOut, (long)sizeof(*pOut)));
+                return SUPDRV_ERR_INVALID_PARAM;
+            }
+            if (    pIn->u32Cookie != pDevExt->u32Cookie
+                ||  pIn->u32SessionCookie != pSession->u32Cookie )
+            {
+                dprintf(("SUP_IOCTL_GET_PAGING_MODE: Cookie mismatch {%#x,%#x} != {%#x,%#x}!\n",
+                         pIn->u32Cookie, pDevExt->u32Cookie, pIn->u32SessionCookie, pSession->u32Cookie));
+                return SUPDRV_ERR_INVALID_MAGIC;
+            }
+            /*
+             * Execute.
+             */
+            *pcbReturned = sizeof(*pOut);
+            rc = supdrvIOCtl_GetPagingMode(pOut);
+            if (rc)
+                *pcbReturned = 0;
+            return rc;
+        }
+        case SUP_IOCTL_LOW_ALLOC:
+        {
+            int                 rc;
+            PSUPLOWALLOC_IN     pIn = (PSUPLOWALLOC_IN)pvIn;
+            PSUPLOWALLOC_OUT    pOut = (PSUPLOWALLOC_OUT)pvOut;
+            /*
+             * Validate.
+             */
+            if (    cbIn != sizeof(*pIn)
+                ||  cbOut < sizeof(*pOut))
+            {
+                dprintf(("SUP_IOCTL_LOW_ALLOC: Invalid input/output sizes. cbIn=%ld expected %ld. cbOut=%ld expected %ld.\n",
+                         (long)cbIn, (long)sizeof(*pIn), (long)cbOut, (long)sizeof(*pOut)));
+                return SUPDRV_ERR_INVALID_PARAM;
+            }
+            if (    pIn->u32Cookie != pDevExt->u32Cookie
+                ||  pIn->u32SessionCookie != pSession->u32Cookie )
+            {
+                dprintf(("SUP_IOCTL_LOW_ALLOC: Cookie mismatch {%#x,%#x} != {%#x,%#x}!\n",
+                         pIn->u32Cookie,  pDevExt->u32Cookie, pIn->u32SessionCookie, pSession->u32Cookie));
+                return SUPDRV_ERR_INVALID_MAGIC;
+            }
+            if ((unsigned)RT_OFFSETOF(SUPLOWALLOC_OUT, aPages[pIn->cPages]) > cbOut)
+            {
+                dprintf(("SUP_IOCTL_LOW_ALLOC: Output buffer is too small! %d required %d passed in.\n",
+                         RT_OFFSETOF(SUPLOWALLOC_OUT, aPages[pIn->cPages]), cbOut));
+                return SUPDRV_ERR_INVALID_PARAM;
+            }
+            /*
+             * Execute.
+             */
+            *pcbReturned = RT_OFFSETOF(SUPLOWALLOC_OUT, aPages[pIn->cPages]);
+            rc = SUPR0LowAlloc(pSession, pIn->cPages, &pOut->pvR0, &pOut->pvR3, &pOut->aPages[0]);
+            if (rc)
+                *pcbReturned = 0;
+            return rc;
+        }
+        case SUP_IOCTL_LOW_FREE:
+        {
+            PSUPLOWFREE_IN  pIn = (PSUPLOWFREE_IN)pvIn;
+            /*
+             * Validate.
+             */
+            if (    cbIn != sizeof(*pIn)
+                ||  cbOut != 0)
+            {
+                dprintf(("SUP_IOCTL_LOW_FREE: Invalid input/output sizes. cbIn=%ld expected %ld. cbOut=%ld expected %ld.\n",
+                         (long)cbIn, (long)sizeof(*pIn), (long)cbOut, (long)0));
+                return SUPDRV_ERR_INVALID_PARAM;
+            }
+            if (    pIn->u32Cookie != pDevExt->u32Cookie
+                ||  pIn->u32SessionCookie != pSession->u32Cookie)
+            {
+                dprintf(("SUP_IOCTL_LOW_FREE: Cookie mismatch {%#x,%#x} != {%#x,%#x}!\n",
+                         pIn->u32Cookie, pDevExt->u32Cookie, pIn->u32SessionCookie, pSession->u32Cookie));
+                return SUPDRV_ERR_INVALID_MAGIC;
+            }
+            /*
+             * Execute.
+             */
+            return SUPR0LowFree(pSession, (RTHCUINTPTR)pIn->pvR3);
+        }
+        case SUP_IOCTL_GIP_MAP:
+        {
+            int             rc;
+            PSUPGIPMAP_IN   pIn = (PSUPGIPMAP_IN)pvIn;
+            PSUPGIPMAP_OUT  pOut = (PSUPGIPMAP_OUT)pvOut;
+            /*
+             * Validate.
+             */
+            if (    cbIn != sizeof(*pIn)
+                ||  cbOut != sizeof(*pOut))
+            {
+                dprintf(("SUP_IOCTL_GIP_MAP: Invalid input/output sizes. cbIn=%ld expected %ld. cbOut=%ld expected %ld.\n",
+                         (long)cbIn, (long)sizeof(*pIn), (long)cbOut, (long)0));
+                return SUPDRV_ERR_INVALID_PARAM;
+            }
+            if (    pIn->u32Cookie != pDevExt->u32Cookie
+                ||  pIn->u32SessionCookie != pSession->u32Cookie)
+            {
+                dprintf(("SUP_IOCTL_GIP_MAP: Cookie mismatch {%#x,%#x} != {%#x,%#x}!\n",
+                         pIn->u32Cookie, pDevExt->u32Cookie, pIn->u32SessionCookie, pSession->u32Cookie));
+                return SUPDRV_ERR_INVALID_MAGIC;
+            }
+            /*
+             * Execute.
+             */
+            rc = SUPR0GipMap(pSession, &pOut->pGipR3, &pOut->HCPhysGip);
+            if (!rc)
+            {
+                pOut->pGipR0 = pDevExt->pGip;
+                *pcbReturned = sizeof(*pOut);
+            }
+            return rc;
+        }
+        case SUP_IOCTL_GIP_UNMAP:
+        {
+            PSUPGIPUNMAP_IN pIn = (PSUPGIPUNMAP_IN)pvIn;
+            /*
+             * Validate.
+             */
+            if (    cbIn != sizeof(*pIn)
+                ||  cbOut != 0)
+            {
+                dprintf(("SUP_IOCTL_GIP_UNMAP: Invalid input/output sizes. cbIn=%ld expected %ld. cbOut=%ld expected %ld.\n",
+                         (long)cbIn, (long)sizeof(*pIn), (long)cbOut, (long)0));
+                return SUPDRV_ERR_INVALID_PARAM;
+            }
+            if (    pIn->u32Cookie != pDevExt->u32Cookie
+                ||  pIn->u32SessionCookie != pSession->u32Cookie)
+            {
+                dprintf(("SUP_IOCTL_GIP_UNMAP: Cookie mismatch {%#x,%#x} != {%#x,%#x}!\n",
+                         pIn->u32Cookie, pDevExt->u32Cookie, pIn->u32SessionCookie, pSession->u32Cookie));
+                return SUPDRV_ERR_INVALID_MAGIC;
+            }
+            /*
+             * Execute.
+             */
+            return SUPR0GipUnmap(pSession);
+        }
+        case SUP_IOCTL_SET_VM_FOR_FAST:
+        {
+            PSUPSETVMFORFAST_IN pIn = (PSUPSETVMFORFAST_IN)pvIn;
+            /*
+             * Validate.
+             */
+            if (    cbIn != sizeof(*pIn)
+                ||  cbOut != 0)
+            {
+                dprintf(("SUP_IOCTL_SET_VM_FOR_FAST: Invalid input/output sizes. cbIn=%ld expected %ld. cbOut=%ld expected %ld.\n",
+                         (long)cbIn, (long)sizeof(*pIn), (long)cbOut, (long)0));
+                return SUPDRV_ERR_INVALID_PARAM;
+            }
+            if (    pIn->u32Cookie != pDevExt->u32Cookie
+                ||  pIn->u32SessionCookie != pSession->u32Cookie)
+            {
+                dprintf(("SUP_IOCTL_SET_VM_FOR_FAST: Cookie mismatch {%#x,%#x} != {%#x,%#x}!\n",
+                         pIn->u32Cookie, pDevExt->u32Cookie, pIn->u32SessionCookie, pSession->u32Cookie));
+                return SUPDRV_ERR_INVALID_MAGIC;
+            }
+            if (    pIn->pVMR0 != NULL
+                && (    !VALID_PTR(pIn->pVMR0)
+                    ||  ((uintptr_t)pIn->pVMR0 & (PAGE_SIZE - 1))
+                   )
+                )
+            {
+                dprintf(("SUP_IOCTL_SET_VM_FOR_FAST: pVMR0=%p! Must be a valid, page aligned, pointer.\n", pIn->pVMR0));
+                return SUPDRV_ERR_INVALID_POINTER;
+            }
+            /*
+             * Execute.
+             */
+        case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_GET_PAGING_MODE):
+        {
+            /* validate */
+            PSUPGETPAGINGMODE pReq = (PSUPGETPAGINGMODE)pReqHdr;
+            REQ_CHECK_SIZES(SUP_IOCTL_GET_PAGING_MODE);
+            /* execute */
+            pReq->Hdr.rc = VINF_SUCCESS;
+            pReq->u.Out.enmMode = supdrvIOCtl_GetPagingMode();
+            return 0;
+        }
+        case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_LOW_ALLOC):
+        {
+            /* validate */
+            PSUPLOWALLOC pReq = (PSUPLOWALLOC)pReqHdr;
+            REQ_CHECK_EXPR(SUP_IOCTL_LOW_ALLOC, pReq->Hdr.cbIn <= SUP_IOCTL_LOW_ALLOC_SIZE_IN);
+            REQ_CHECK_SIZES_EX(SUP_IOCTL_LOW_ALLOC, SUP_IOCTL_LOW_ALLOC_SIZE_IN, SUP_IOCTL_LOW_ALLOC_SIZE_OUT(pReq->u.In.cPages));
+            /* execute */
+            pReq->Hdr.rc = SUPR0LowAlloc(pSession, pReq->u.In.cPages, &pReq->u.Out.pvR0, &pReq->u.Out.pvR3, &pReq->u.Out.aPages[0]);
+            if (RT_FAILURE(pReq->Hdr.rc))
+                pReq->Hdr.cbOut = sizeof(pReq->Hdr);
+            return 0;
+        }
+        case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_LOW_FREE):
+        {
+            /* validate */
+            PSUPLOWFREE pReq = (PSUPLOWFREE)pReqHdr;
+            REQ_CHECK_SIZES(SUP_IOCTL_LOW_FREE);
+            /* execute */
+            pReq->Hdr.rc = SUPR0LowFree(pSession, (RTHCUINTPTR)pReq->u.In.pvR3);
+            return 0;
+        }
+        case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_GIP_MAP):
+        {
+            /* validate */
+            PSUPGIPMAP pReq = (PSUPGIPMAP)pReqHdr;
+            REQ_CHECK_SIZES(SUP_IOCTL_GIP_MAP);
+            /* execute */
+            pReq->Hdr.rc = SUPR0GipMap(pSession, &pReq->u.Out.pGipR3, &pReq->u.Out.HCPhysGip);
+            if (RT_SUCCESS(pReq->Hdr.rc))
+                pReq->u.Out.pGipR0 = pDevExt->pGip;
+            return 0;
+        }
+        case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_GIP_UNMAP):
+        {
+            /* validate */
+            PSUPGIPUNMAP pReq = (PSUPGIPUNMAP)pReqHdr;
+            REQ_CHECK_SIZES(SUP_IOCTL_GIP_UNMAP);
+            /* execute */
+            pReq->Hdr.rc = SUPR0GipUnmap(pSession);
+            return 0;
+        }
+        case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_SET_VM_FOR_FAST):
+        {
+            /* validate */
+            PSUPSETVMFORFAST pReq = (PSUPSETVMFORFAST)pReqHdr;
+            REQ_CHECK_SIZES(SUP_IOCTL_SET_VM_FOR_FAST);
+            REQ_CHECK_EXPR_FMT(     !pReq->u.In.pVMR0
+                               ||   (   VALID_PTR(pReq->u.In.pVMR0)
+                                     && !((uintptr_t)pReq->u.In.pVMR0 & (PAGE_SIZE - 1))),
+                               ("SUP_IOCTL_SET_VM_FOR_FAST: pVMR0=%p!\n", pReq->u.In.pVMR0));
+            /* execute */
 #ifndef VBOX_WITHOUT_IDT_PATCHING
             OSDBGPRINT(("SUP_IOCTL_SET_VM_FOR_FAST: !VBOX_WITHOUT_IDT_PATCHING\n"));
             return SUPDRV_ERR_GENERAL_FAILURE;
+            pReq->Hdr.rc = VERR_NOT_SUPPORTED;
 #else
+            pSession->pVM = pIn->pVMR0;
+            pSession->pVM = pReq->u.In.pVMR0;
+            pReq->Hdr.rc = VINF_SUCCESS;
+#endif
             return 0;
-#endif
+        }
 #ifdef USE_NEW_OS_INTERFACE_FOR_MM
+        case SUP_IOCTL_PAGE_ALLOC:
+        {
+            int               rc;
+            PSUPALLOCPAGE_IN  pIn  = (PSUPALLOCPAGE_IN)pvIn;
+            PSUPALLOCPAGE_OUT pOut = (PSUPALLOCPAGE_OUT)pvOut;
+            /*
+             * Validate.
+             */
+            if (    cbIn != sizeof(*pIn)
+                ||  cbOut < sizeof(*pOut))
+            {
+                dprintf(("SUP_IOCTL_PAGE_ALLOC: Invalid input/output sizes. cbIn=%ld expected %ld. cbOut=%ld expected %ld.\n",
+                         (long)cbIn, (long)sizeof(*pIn), (long)cbOut, (long)sizeof(*pOut)));
+                return SUPDRV_ERR_INVALID_PARAM;
+            }
+            if (    pIn->u32Cookie != pDevExt->u32Cookie
+                ||  pIn->u32SessionCookie != pSession->u32Cookie
+                ||  pOut->u32Cookie != pDevExt->u32Cookie)
+            {
+                dprintf(("SUP_IOCTL_PAGE_ALLOC: Cookie mismatch {%#x,%#x} != {%#x,%#x}!\n",
+                         pIn->u32Cookie,  pDevExt->u32Cookie, pIn->u32SessionCookie, pSession->u32Cookie));
+                return SUPDRV_ERR_INVALID_MAGIC;
+            }
+            /*
+             * Execute.
+             */
+            *pcbReturned = sizeof(*pOut);
+            rc = SUPR0PageAlloc(pSession, pIn->cPages, &pOut->pvR3);
+            if (rc)
+                *pcbReturned = 0;
+            return rc;
+        }
+        case SUP_IOCTL_PAGE_FREE:
+        {
+            PSUPFREEPAGE_IN pIn = (PSUPFREEPAGE_IN)pvIn;
+            /*
+             * Validate.
+             */
+            if (    cbIn != sizeof(*pIn)
+                ||  cbOut != 0)
+            {
+                dprintf(("SUP_IOCTL_PAGE_FREE: Invalid input/output sizes. cbIn=%ld expected %ld. cbOut=%ld expected %ld.\n",
+                         (long)cbIn, (long)sizeof(*pIn), (long)cbOut, (long)0));
+                return SUPDRV_ERR_INVALID_PARAM;
+            }
+            if (    pIn->u32Cookie != pDevExt->u32Cookie
+                ||  pIn->u32SessionCookie != pSession->u32Cookie)
+            {
+                dprintf(("SUP_IOCTL_PAGE_FREE: Cookie mismatch {%#x,%#x} != {%#x,%#x}!\n",
+                         pIn->u32Cookie, pDevExt->u32Cookie, pIn->u32SessionCookie, pSession->u32Cookie));
+                return SUPDRV_ERR_INVALID_MAGIC;
+            }
+            /*
+             * Execute.
+             */
+            return SUPR0PageFree(pSession, (RTHCUINTPTR)pIn->pvR3);
+        case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_PAGE_ALLOC):
+        {
+            /* validate */
+            PSUPPAGEALLOC pReq = (PSUPPAGEALLOC)pReqHdr;
+            REQ_CHECK_EXPR(SUP_IOCTL_PAGE_ALLOC, pReq->Hdr.cbIn <= SUP_IOCTL_PAGE_ALLOC_SIZE_IN);
+            REQ_CHECK_SIZES_EX(SUP_IOCTL_PAGE_ALLOC, SUP_IOCTL_PAGE_ALLOC_SIZE_IN, SUP_IOCTL_PAGE_ALLOC_SIZE_OUT(pReq->u.In.cPages));
+            /* execute */
+            pReq->Hdr.rc = SUPR0PageAlloc(pSession, pReq->u.In.cPages, &pReq->u.Out.pvR3, &pReq->u.Out.aPages[0]);
+            if (RT_FAILURE(pReq->Hdr.rc))
+                pReq->Hdr.cbOut = sizeof(pReq->Hdr);
+            return 0;
+        }
+        case SUP_CTL_CODE_NO_SIZE(SUP_IOCTL_PAGE_FREE):
+        {
+            /* validate */
+            PSUPPAGEFREE pReq = (PSUPPAGEFREE)pReqHdr;
+            REQ_CHECK_SIZES(SUP_IOCTL_PAGE_FREE);
+            /* execute */
+            pReq->Hdr.rc = SUPR0PageFree(pSession, pReq->u.In.pvR3);
+            return 0;
+        }
 #endif /* USE_NEW_OS_INTERFACE_FOR_MM */
         default:
             dprintf(("Unknown IOCTL %#x\n", uIOCtl));
+            dprintf(("Unknown IOCTL %#lx\n", (long)uIOCtl));
             break;
+    }
 …
      * Validate the input.
      */
+    if (!pSession)
+    {
+        AssertMsgFailed(("Invalid pSession=%p\n", pSession));
+        return NULL;
+    }
+    if (    enmType <= SUPDRVOBJTYPE_INVALID
+        ||  enmType >= SUPDRVOBJTYPE_END)
+    {
+        AssertMsgFailed(("Invalid enmType=%d\n", enmType));
+        return NULL;
+    }
+    if (!pfnDestructor)
+    {
+        AssertMsgFailed(("Invalid pfnDestructor=%d\n", pfnDestructor));
+        return NULL;
+    }
+    AssertReturn(SUP_IS_SESSION_VALID(pSession), NULL);
+    AssertReturn(enmType > SUPDRVOBJTYPE_INVALID && enmType < SUPDRVOBJTYPE_END, NULL);
+    AssertPtrReturn(pfnDestructor, NULL);
     /*
 …
  * with the specified session.
+ *
+ * @returns 0 on success.
+ * @returns SUPDRV_ERR_* on failure.
+ * @returns IPRT status code.
  * @param   pvObj           The identifier returned by SUPR0ObjRegister().
  * @param   pSession        The session which is referencing the object.
 …
      * Validate the input.
      */
+    if (!pSession)
+    {
+        AssertMsgFailed(("Invalid pSession=%p\n", pSession));
+        return SUPDRV_ERR_INVALID_PARAM;
+    }
+    if (!pObj || pObj->u32Magic != SUPDRVOBJ_MAGIC)
+    {
+        AssertMsgFailed(("Invalid pvObj=%p magic=%#x (exepcted %#x)\n",
+                         pvObj, pObj ? pObj->u32Magic : 0, SUPDRVOBJ_MAGIC));
+        return SUPDRV_ERR_INVALID_PARAM;
+    }
+    AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
+    AssertMsgReturn(VALID_PTR(pObj) && pObj->u32Magic == SUPDRVOBJ_MAGIC,
+                    ("Invalid pvObj=%p magic=%#x (exepcted %#x)\n", pvObj, pObj ? pObj->u32Magic : 0, SUPDRVOBJ_MAGIC),
+                    VERR_INVALID_PARAMETER);
     /*
 …
         pUsagePre = (PSUPDRVUSAGE)RTMemAlloc(sizeof(*pUsagePre));
         if (!pUsagePre)
             return SUPDRV_ERR_NO_MEMORY;
+            return VERR_NO_MEMORY;
         RTSpinlockAcquire(pDevExt->Spinlock, &SpinlockTmp);
+    }
 …
     RTSpinlockRelease(pDevExt->Spinlock, &SpinlockTmp);
     return 0;
+    return VINF_SUCCESS;
+}
 …
  * The object is uniquely identified by pfnDestructor+pvUser1+pvUser2.
+ *
+ * @returns 0 on success.
+ * @returns SUPDRV_ERR_* on failure.
+ * @returns IPRT status code.
  * @param   pvObj           The identifier returned by SUPR0ObjRegister().
  * @param   pSession        The session which is referencing the object.
 …
      * Validate the input.
      */
+    if (!pSession)
+    {
+        AssertMsgFailed(("Invalid pSession=%p\n", pSession));
+        return SUPDRV_ERR_INVALID_PARAM;
+    }
+    if (!pObj || pObj->u32Magic != SUPDRVOBJ_MAGIC)
+    {
+        AssertMsgFailed(("Invalid pvObj=%p magic=%#x (exepcted %#x)\n",
+                         pvObj, pObj ? pObj->u32Magic : 0, SUPDRVOBJ_MAGIC));
+        return SUPDRV_ERR_INVALID_PARAM;
+    }
+    AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
+    AssertMsgReturn(VALID_PTR(pObj) && pObj->u32Magic == SUPDRVOBJ_MAGIC,
+                    ("Invalid pvObj=%p magic=%#x (exepcted %#x)\n", pvObj, pObj ? pObj->u32Magic : 0, SUPDRVOBJ_MAGIC),
+                    VERR_INVALID_PARAMETER);
     /*
 …
     AssertMsg(pUsage, ("pvObj=%p\n", pvObj));
     return pUsage ? 0 : SUPDRV_ERR_INVALID_PARAM;
+    return pUsage ? VINF_SUCCESS : VERR_INVALID_PARAMETER;
+}
 …
  * Verifies that the current process can access the specified object.
+ *
+ * @returns 0 if access is granted.
+ * @returns SUPDRV_ERR_PERMISSION_DENIED if denied access.
+ * @returns SUPDRV_ERR_INVALID_PARAM if invalid parameter.
+ * @returns The following IPRT status code:
+ * @retval  VINF_SUCCESS if access was granted.
+ * @retval  VERR_PERMISSION_DENIED if denied access.
+ * @retval  VERR_INVALID_PARAMETER if invalid parameter.
+ *
  * @param   pvObj           The identifier returned by SUPR0ObjRegister().
 …
+{
     PSUPDRVOBJ  pObj = (PSUPDRVOBJ)pvObj;
     int         rc   = SUPDRV_ERR_GENERAL_FAILURE;
+    int         rc;
     /*
      * Validate the input.
      */
+    if (!pSession)
+    {
+        AssertMsgFailed(("Invalid pSession=%p\n", pSession));
+        return SUPDRV_ERR_INVALID_PARAM;
+    }
+    if (!pObj || pObj->u32Magic != SUPDRVOBJ_MAGIC)
+    {
+        AssertMsgFailed(("Invalid pvObj=%p magic=%#x (exepcted %#x)\n",
+                         pvObj, pObj ? pObj->u32Magic : 0, SUPDRVOBJ_MAGIC));
+        return SUPDRV_ERR_INVALID_PARAM;
+    }
+    AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
+    AssertMsgReturn(VALID_PTR(pObj) && pObj->u32Magic == SUPDRVOBJ_MAGIC,
+                    ("Invalid pvObj=%p magic=%#x (exepcted %#x)\n", pvObj, pObj ? pObj->u32Magic : 0, SUPDRVOBJ_MAGIC),
+                    VERR_INVALID_PARAMETER);
     /*
      * Check access. (returns true if a decision has been made.)
      */
+    rc = VERR_INTERNAL_ERROR;
     if (supdrvOSObjCanAccess(pObj, pSession, pszObjName, &rc))
         return rc;
 …
      */
     if (pObj->CreatorUid == pSession->Uid)
         return 0;
     return SUPDRV_ERR_PERMISSION_DENIED;
+        return VINF_SUCCESS;
+    return VERR_PERMISSION_DENIED;
+}
 …
  * Lock pages.
+ *
+ * @returns IPRT status code.
  * @param   pSession    Session to which the locked memory should be associated.
  * @param   pvR3        Start of the memory range to lock.
 …
  *                      This must be page aligned.
  */
 SUPR0DECL(int) SUPR0LockMem(PSUPDRVSESSION pSession, RTR3PTR pvR3, uint32_t cPages, PSUPPAGE paPages)
+SUPR0DECL(int) SUPR0LockMem(PSUPDRVSESSION pSession, RTR3PTR pvR3, uint32_t cPages, PRTHCPHYS paPages)
+{
     int             rc;
     SUPDRVMEMREF    Mem = {0};
     const size_t    cb = (size_t)cPages << PAGE_SHIFT;
+    dprintf(("SUPR0LockMem: pSession=%p pvR3=%p cPages=%d paPages=%p\n",
+             pSession, (void *)pvR3, cPages, paPages));
+    dprintf(("SUPR0LockMem: pSession=%p pvR3=%p cPages=%d paPages=%p\n", pSession, (void *)pvR3, cPages, paPages));
     /*
      * Verify input.
      */
+    if (RT_ALIGN_R3PT(pvR3, PAGE_SIZE, RTR3PTR) != pvR3 || !pvR3)
+    AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
+    AssertPtrReturn(paPages, VERR_INVALID_PARAMETER);
+    if (    RT_ALIGN_R3PT(pvR3, PAGE_SIZE, RTR3PTR) != pvR3
+        ||  !pvR3)
+    {
         dprintf(("pvR3 (%p) must be page aligned and not NULL!\n", (void *)pvR3));
+        return SUPDRV_ERR_INVALID_PARAM;
+    }
+    if (!paPages)
+    {
+        dprintf(("paPages is NULL!\n"));
+        return SUPDRV_ERR_INVALID_PARAM;
+        return VERR_INVALID_PARAMETER;
+    }
 #ifdef USE_NEW_OS_INTERFACE_FOR_MM
+# ifdef RT_OS_WINDOWS /* A temporary hack for windows, will be removed once all ring-3 code has been cleaned up. */
     /* First check if we allocated it using SUPPageAlloc; if so then we don't need to lock it again */
     rc = SUPR0PageGetPhys(pSession, pvR3, cPages, paPages);
+    rc = supdrvPageGetPhys(pSession, pvR3, cPages, paPages);
     if (RT_SUCCESS(rc))
         return rc;
+# endif
     /*
 …
     if (RT_SUCCESS(rc))
+    {
         unsigned iPage = cPages;
+        uint32_t iPage = cPages;
         AssertMsg(RTR0MemObjAddressR3(Mem.MemObj) == pvR3, ("%p == %p\n", RTR0MemObjAddressR3(Mem.MemObj), pvR3));
         AssertMsg(RTR0MemObjSize(Mem.MemObj) == cb, ("%x == %x\n", RTR0MemObjSize(Mem.MemObj), cb));
 …
         while (iPage-- > 0)
+        {
+            paPages[iPage].uReserved = 0;
+            paPages[iPage].Phys = RTR0MemObjGetPagePhysAddr(Mem.MemObj, iPage);
+            if (RT_UNLIKELY(paPages[iPage].Phys == NIL_RTCCPHYS))
+            paPages[iPage] = RTR0MemObjGetPagePhysAddr(Mem.MemObj, iPage);
+            if (RT_UNLIKELY(paPages[iPage] == NIL_RTCCPHYS))
+            {
                 AssertMsgFailed(("iPage=%d\n", iPage));
 …
  * Unlocks the memory pointed to by pv.
+ *
+ * @returns 0 on success.
+ * @returns SUPDRV_ERR_* on failure
+ * @returns IPRT status code.
  * @param   pSession    Session to which the memory was locked.
  * @param   pvR3        Memory to unlock.
 …
+{
     dprintf(("SUPR0UnlockMem: pSession=%p pvR3=%p\n", pSession, (void *)pvR3));
+    /* SUPR0PageFree will unlock SUPR0PageAlloc allocations; ignore this call */
+    if (SUPR0PageWasLockedByPageAlloc(pSession, pvR3))
+    AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
+#ifdef RT_OS_WINDOWS
+    /*
+     * Temporary hack for windows - SUPR0PageFree will unlock SUPR0PageAlloc
+     * allocations; ignore this call.
+     */
+    if (supdrvPageWasLockedByPageAlloc(pSession, pvR3))
+    {
         dprintf(("Page will be unlocked in SUPR0PageFree -> ignore\n"));
         return 0;
+    }
+        return VINF_SUCCESS;
+    }
+#endif
     return supdrvMemRelease(pSession, (RTHCUINTPTR)pvR3, MEMREF_TYPE_LOCKED);
+}
 …
  * backing.
+ *
+ * @returns 0 on success.
+ * @returns SUPDRV_ERR_* on failure.
+ * @returns IPRT status code.
  * @param   pSession    Session data.
  * @param   cb          Number of bytes to allocate.
 …
      * Validate input.
      */
+    if (!pSession || !ppvR3 || !ppvR0 || !pHCPhys)
+    AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
+    if (!ppvR3 || !ppvR0 || !pHCPhys)
+    {
         dprintf(("Null pointer. All of these should be set: pSession=%p ppvR0=%p ppvR3=%p pHCPhys=%p\n",
                  pSession, ppvR0, ppvR3, pHCPhys));
         return SUPDRV_ERR_INVALID_PARAM;
+    }
     if (cPages == 0 || cPages >= 256)
+        return VERR_INVALID_PARAMETER;
+    }
+    if (cPages < 1 || cPages >= 256)
+    {
         dprintf(("Illegal request cPages=%d, must be greater than 0 and smaller than 256\n", cPages));
         return SUPDRV_ERR_INVALID_PARAM;
+        return VERR_INVALID_PARAMETER;
+    }
 …
  * Frees memory allocated using SUPR0ContAlloc().
+ *
+ * @returns 0 on success.
+ * @returns SUPDRV_ERR_* on failure.
+ * @returns IPRT status code.
  * @param   pSession    The session to which the memory was allocated.
  * @param   uPtr        Pointer to the memory (ring-3 or ring-0).
 …
+{
     dprintf(("SUPR0ContFree: pSession=%p uPtr=%p\n", pSession, (void *)uPtr));
+    AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
     return supdrvMemRelease(pSession, uPtr, MEMREF_TYPE_CONT);
+}
 …
  * Allocates a chunk of page aligned memory with fixed physical backing below 4GB.
+ *
+ * @returns 0 on success.
+ * @returns SUPDRV_ERR_* on failure.
+ * @returns IPRT status code.
  * @param   pSession    Session data.
  * @param   cPages      Number of pages to allocate.
 …
  * @param   paPages     Where to put the physical addresses of allocated memory.
  */
 SUPR0DECL(int) SUPR0LowAlloc(PSUPDRVSESSION pSession, uint32_t cPages, PRTR0PTR ppvR0, PRTR3PTR ppvR3, PSUPPAGE paPages)
+SUPR0DECL(int) SUPR0LowAlloc(PSUPDRVSESSION pSession, uint32_t cPages, PRTR0PTR ppvR0, PRTR3PTR ppvR3, PRTHCPHYS paPages)
+{
     unsigned        iPage;
 …
      * Validate input.
      */
+    if (!pSession || !ppvR3 || !ppvR0 || !paPages)
+    AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
+    if (!ppvR3 || !ppvR0 || !paPages)
+    {
         dprintf(("Null pointer. All of these should be set: pSession=%p ppvR3=%p ppvR0=%p paPages=%p\n",
                  pSession, ppvR3, ppvR0, paPages));
         return SUPDRV_ERR_INVALID_PARAM;
+        return VERR_INVALID_PARAMETER;
+    }
 …
+    {
         dprintf(("Illegal request cPages=%d, must be greater than 0 and smaller than 256.\n", cPages));
         return SUPDRV_ERR_INVALID_PARAM;
+        return VERR_INVALID_PARAMETER;
+    }
 …
                 for (iPage = 0; iPage < cPages; iPage++)
+                {
+                    paPages[iPage].Phys = RTR0MemObjGetPagePhysAddr(Mem.MemObj, iPage);
+                    paPages[iPage].uReserved = 0;
+                    AssertMsg(!(paPages[iPage].Phys & (PAGE_SIZE - 1)), ("iPage=%d Phys=%VHp\n", paPages[iPage].Phys));
+                    paPages[iPage] = RTR0MemObjGetPagePhysAddr(Mem.MemObj, iPage);
+                    AssertMsg(!(paPages[iPage] & (PAGE_SIZE - 1)), ("iPage=%d Phys=%VHp\n", paPages[iPage]));
+                }
                 *ppvR0 = RTR0MemObjAddress(Mem.MemObj);
 …
  * Frees memory allocated using SUPR0LowAlloc().
+ *
+ * @returns 0 on success.
+ * @returns SUPDRV_ERR_* on failure.
+ * @returns IPRT status code.
  * @param   pSession    The session to which the memory was allocated.
  * @param   uPtr        Pointer to the memory (ring-3 or ring-0).
 …
+{
     dprintf(("SUPR0LowFree: pSession=%p uPtr=%p\n", pSession, (void *)uPtr));
+    AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
     return supdrvMemRelease(pSession, uPtr, MEMREF_TYPE_LOW);
+}
 …
  * The memory is fixed and it's possible to query the physical addresses using SUPR0MemGetPhys().
+ *
+ * @returns 0 on success.
+ * @returns SUPDRV_ERR_* on failure.
+ * @returns IPRT status code.
  * @param   pSession    The session to associated the allocation with.
  * @param   cb          Number of bytes to allocate.
 …
      * Validate input.
      */
+    if (!pSession || !ppvR0 || !ppvR3)
+    {
+        dprintf(("Null pointer. All of these should be set: pSession=%p ppvR0=%p ppvR3=%p\n",
+                 pSession, ppvR0, ppvR3));
+        return SUPDRV_ERR_INVALID_PARAM;
+    }
+    if (cb < 1 || cb >= PAGE_SIZE * 256)
+    AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
+    AssertPtrReturn(ppvR0, VERR_INVALID_POINTER);
+    AssertPtrReturn(ppvR3, VERR_INVALID_POINTER);
+    if (cb < 1 || cb >= _4M)
+    {
         dprintf(("Illegal request cb=%u; must be greater than 0 and smaller than 4MB.\n", cb));
         return SUPDRV_ERR_INVALID_PARAM;
+        return VERR_INVALID_PARAMETER;
+    }
 …
                 *ppvR0 = RTR0MemObjAddress(Mem.MemObj);
                 *ppvR3 = RTR0MemObjAddressR3(Mem.MapObjR3);
                 return 0;
+                return VINF_SUCCESS;
+            }
             rc2 = RTR0MemObjFree(Mem.MapObjR3, false);
 …
  * Get the physical addresses of memory allocated using SUPR0MemAlloc().
+ *
+ * @returns 0 on success.
+ * @returns SUPDRV_ERR_* on failure.
+ * @returns IPRT status code.
  * @param   pSession        The session to which the memory was allocated.
  * @param   uPtr            The Ring-0 or Ring-3 address returned by SUPR0MemAlloc().
  * @param   paPages         Where to store the physical addresses.
  */
 SUPR0DECL(int) SUPR0MemGetPhys(PSUPDRVSESSION pSession, RTHCUINTPTR uPtr, PSUPPAGE paPages)
+SUPR0DECL(int) SUPR0MemGetPhys(PSUPDRVSESSION pSession, RTHCUINTPTR uPtr, PSUPPAGE paPages) /** @todo switch this bugger to RTHCPHYS */
+{
     PSUPDRVBUNDLE pBundle;
 …
      * Validate input.
      */
+    if (!pSession)
+    {
+        dprintf(("pSession must not be NULL!"));
+        return SUPDRV_ERR_INVALID_PARAM;
+    }
+    if (!uPtr || !paPages)
+    {
+        dprintf(("Illegal address uPtr=%p or/and paPages=%p\n", (void *)uPtr, paPages));
+        return SUPDRV_ERR_INVALID_PARAM;
+    }
+    AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
+    AssertPtrReturn(paPages, VERR_INVALID_POINTER);
+    AssertReturn(uPtr, VERR_INVALID_PARAMETER);
     /*
 …
+        {
             unsigned i;
             for (i = 0; i < sizeof(pBundle->aMem) / sizeof(pBundle->aMem[0]); i++)
+            for (i = 0; i < RT_ELEMENTS(pBundle->aMem); i++)
+            {
 #ifdef USE_NEW_OS_INTERFACE_FOR_MM
 …
+                    }
                     RTSpinlockRelease(pSession->Spinlock, &SpinlockTmp);
                     return 0;
+                    return VINF_SUCCESS;
+                }
 #else /* !USE_NEW_OS_INTERFACE_FOR_MM */
 …
     RTSpinlockRelease(pSession->Spinlock, &SpinlockTmp);
     dprintf(("Failed to find %p!!!\n", (void *)uPtr));
     return SUPDRV_ERR_INVALID_PARAM;
+    return VERR_INVALID_PARAMETER;
+}
 …
  * Free memory allocated by SUPR0MemAlloc().
+ *
+ * @returns 0 on success.
+ * @returns SUPDRV_ERR_* on failure.
+ * @returns IPRT status code.
  * @param   pSession        The session owning the allocation.
  * @param   uPtr            The Ring-0 or Ring-3 address returned by SUPR0MemAlloc().
 …
+{
     dprintf(("SUPR0MemFree: pSession=%p uPtr=%p\n", pSession, (void *)uPtr));
+    AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
     return supdrvMemRelease(pSession, uPtr, MEMREF_TYPE_MEM);
+}
 …
  * The memory is fixed and it's possible to query the physical addresses using SUPR0MemGetPhys().
+ *
+ * @returns 0 on success.
+ * @returns SUPDRV_ERR_* on failure.
+ * @returns IPRT status code.
  * @param   pSession    The session to associated the allocation with.
  * @param   cb          Number of bytes to allocate.
+ * @param   cPages      The number of pages to allocate.
  * @param   ppvR3       Where to store the address of the Ring-3 mapping.
+ */
+SUPR0DECL(int) SUPR0PageAlloc(PSUPDRVSESSION pSession, uint32_t cb, PRTR3PTR ppvR3)
+ * @param   paPages     Where to store the addresses of the pages. Optional.
+ */
+SUPR0DECL(int) SUPR0PageAlloc(PSUPDRVSESSION pSession, uint32_t cPages, PRTR3PTR ppvR3, PRTHCPHYS paPages)
+{
     int             rc;
     SUPDRVMEMREF    Mem = {0};
     dprintf(("SUPR0PageAlloc: pSession=%p cb=%d ppvR3=%p\n", pSession, cb, ppvR3));
+    dprintf(("SUPR0PageAlloc: pSession=%p cb=%d ppvR3=%p\n", pSession, cPages, ppvR3));
     /*
      * Validate input.
      */
+    if (!pSession || !ppvR3)
+    {
+        dprintf(("Null pointer. All of these should be set: pSession=%p ppvR3=%p\n",
+                 pSession, ppvR3));
+        return SUPDRV_ERR_INVALID_PARAM;
+    }
+    if (cb < 1 || cb >= 4096)
+    {
+        dprintf(("Illegal request cb=%u; must be greater than 0 and smaller than 16MB.\n", cb));
+        return SUPDRV_ERR_INVALID_PARAM;
+    AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
+    AssertPtrReturn(ppvR3, VERR_INVALID_POINTER);
+    if (cPages < 1 || cPages >= 4096)
+    {
+        dprintf(("SUPR0PageAlloc: Illegal request cb=%u; must be greater than 0 and smaller than 16MB.\n", cPages));
+        return VERR_INVALID_PARAMETER;
+    }
 …
      * Let IPRT do the work.
      */
     rc = RTR0MemObjAllocPhysNC(&Mem.MemObj, cb * PAGE_SIZE, NIL_RTHCPHYS);
+    rc = RTR0MemObjAllocPhysNC(&Mem.MemObj, (size_t)cPages * PAGE_SIZE, NIL_RTHCPHYS);
     if (RT_SUCCESS(rc))
+    {
 …
+            {
                 *ppvR3 = RTR0MemObjAddressR3(Mem.MapObjR3);
+                dprintf(("SUPR0PageAlloc returned %p\n", *ppvR3));
+                return 0;
+                if (paPages)
+                {
+                    uint32_t iPage = cPages;
+                    while (iPage-- > 0)
+                    {
+                        paPages[iPage] = RTR0MemObjGetPagePhysAddr(Mem.MapObjR3, iPage);
+                        Assert(paPages[iPage] != NIL_RTHCPHYS);
+                    }
+                }
+                return VINF_SUCCESS;
+            }
             rc2 = RTR0MemObjFree(Mem.MapObjR3, false);
 …
+}
+#ifdef RT_OS_WINDOWS
 /**
  * Check if the pages were locked by SUPR0PageAlloc
+ *
+ * This function will be removed along with the lock/unlock hacks when
+ * we've cleaned up the ring-3 code properly.
+ *
  * @returns boolean
  * @param   pSession        The session to which the memory was allocated.
  * @param   uPtr            The Ring-3 address returned by SUPR0PageAlloc().
  */
 SUPR0DECL(bool) SUPR0PageWasLockedByPageAlloc(PSUPDRVSESSION pSession, RTHCUINTPTR uPtr)
+ * @param   pvR3            The Ring-3 address returned by SUPR0PageAlloc().
+ */
+static bool supdrvPageWasLockedByPageAlloc(PSUPDRVSESSION pSession, RTR3PTR pvR3)
+{
     PSUPDRVBUNDLE pBundle;
     RTSPINLOCKTMP SpinlockTmp = RTSPINLOCKTMP_INITIALIZER;
+    dprintf(("SUPR0PageIsLockedByPageAlloc: pSession=%p uPtr=%p\n", pSession, (void *)uPtr));
+    /*
+     * Validate input.
+     */
+    if (!pSession)
+    {
+        dprintf(("pSession must not be NULL!"));
+        return false;
+    }
+    if (!uPtr)
+    {
+        dprintf(("Illegal address uPtr=%p\n", (void *)uPtr));
+        return false;
+    }
+    dprintf(("SUPR0PageIsLockedByPageAlloc: pSession=%p pvR3=%p\n", pSession, (void *)pvR3));
     /*
 …
+        {
             unsigned i;
             for (i = 0; i < sizeof(pBundle->aMem) / sizeof(pBundle->aMem[0]); i++)
+            for (i = 0; i < RT_ELEMENTS(pBundle->aMem); i++)
+            {
                 if (    pBundle->aMem[i].eType == MEMREF_TYPE_LOCKED_SUP
                     &&  pBundle->aMem[i].MemObj != NIL_RTR0MEMOBJ
+                    &&  (   (RTHCUINTPTR)RTR0MemObjAddress(pBundle->aMem[i].MemObj) == uPtr
+                         || (   pBundle->aMem[i].MapObjR3 != NIL_RTR0MEMOBJ
+                             && RTR0MemObjAddressR3(pBundle->aMem[i].MapObjR3) == uPtr)
+                        )
+                   )
+                    &&  pBundle->aMem[i].MapObjR3 != NIL_RTR0MEMOBJ
+                    &&  RTR0MemObjAddressR3(pBundle->aMem[i].MapObjR3) == pvR3)
+                {
                     RTSpinlockRelease(pSession->Spinlock, &SpinlockTmp);
 …
+}
 /**
  * Get the physical addresses of memory allocated using SUPR0PageAlloc().
+ *
+ * @returns 0 on success.
+ * @returns SUPDRV_ERR_* on failure.
+ * This function will be removed along with the lock/unlock hacks when
+ * we've cleaned up the ring-3 code properly.
+ *
+ * @returns IPRT status code.
  * @param   pSession        The session to which the memory was allocated.
  * @param   uPtr            The Ring-3 address returned by SUPR0PageAlloc().
+ * @param   pvR3            The Ring-3 address returned by SUPR0PageAlloc().
  * @param   cPages          Number of pages in paPages
  * @param   paPages         Where to store the physical addresses.
  */
 SUPR0DECL(int) SUPR0PageGetPhys(PSUPDRVSESSION pSession, RTHCUINTPTR uPtr, uint32_t cPages, PSUPPAGE paPages)
+static int supdrvPageGetPhys(PSUPDRVSESSION pSession, RTR3PTR pvR3, uint32_t cPages, PRTHCPHYS paPages)
+{
     PSUPDRVBUNDLE pBundle;
     RTSPINLOCKTMP SpinlockTmp = RTSPINLOCKTMP_INITIALIZER;
+    dprintf(("SUPR0PageGetPhys: pSession=%p uPtr=%p paPages=%p\n", pSession, (void *)uPtr, paPages));
+    /*
+     * Validate input.
+     */
+    if (!pSession)
+    {
+        dprintf(("pSession must not be NULL!"));
+        return SUPDRV_ERR_INVALID_PARAM;
+    }
+    if (!uPtr || !paPages)
+    {
+        dprintf(("Illegal address uPtr=%p or/and paPages=%p\n", (void *)uPtr, paPages));
+        return SUPDRV_ERR_INVALID_PARAM;
+    }
+    dprintf(("supdrvPageGetPhys: pSession=%p pvR3=%p cPages=%#lx paPages=%p\n", pSession, (void *)pvR3, (long)cPages, paPages));
     /*
 …
+        {
             unsigned i;
             for (i = 0; i < sizeof(pBundle->aMem) / sizeof(pBundle->aMem[0]); i++)
+            for (i = 0; i < RT_ELEMENTS(pBundle->aMem); i++)
+            {
                 if (    pBundle->aMem[i].eType == MEMREF_TYPE_LOCKED_SUP
                     &&  pBundle->aMem[i].MemObj != NIL_RTR0MEMOBJ
+                    &&  (   (RTHCUINTPTR)RTR0MemObjAddress(pBundle->aMem[i].MemObj) == uPtr
+                         || (   pBundle->aMem[i].MapObjR3 != NIL_RTR0MEMOBJ
+                             && RTR0MemObjAddressR3(pBundle->aMem[i].MapObjR3) == uPtr)
+                        )
+                   )
+                    &&  pBundle->aMem[i].MapObjR3 != NIL_RTR0MEMOBJ
+                    &&  RTR0MemObjAddressR3(pBundle->aMem[i].MapObjR3) == pvR3)
+                {
                     unsigned iPage;
                     cPages = RT_MIN(RTR0MemObjSize(pBundle->aMem[i].MemObj) >> PAGE_SHIFT, cPages);
+                    uint32_t iPage = RTR0MemObjSize(pBundle->aMem[i].MemObj) >> PAGE_SHIFT;
+                    cPages = RT_MIN(iPage, cPages);
                     for (iPage = 0; iPage < cPages; iPage++)
+                    {
+                        paPages[iPage].Phys = RTR0MemObjGetPagePhysAddr(pBundle->aMem[i].MemObj, iPage);
+                        paPages[iPage].uReserved = 0;
+                    }
+                        paPages[iPage] = RTR0MemObjGetPagePhysAddr(pBundle->aMem[i].MemObj, iPage);
                     RTSpinlockRelease(pSession->Spinlock, &SpinlockTmp);
                     return 0;
+                    return VINF_SUCCESS;
+                }
+            }
 …
+    }
     RTSpinlockRelease(pSession->Spinlock, &SpinlockTmp);
+    dprintf(("Failed to find %p!!!\n", (void *)uPtr));
+    return SUPDRV_ERR_INVALID_PARAM;
+}
+    return VERR_INVALID_PARAMETER;
+}
+#endif /* RT_OS_WINDOWS */
 /**
  * Free memory allocated by SUPR0PageAlloc().
+ *
+ * @returns 0 on success.
+ * @returns SUPDRV_ERR_* on failure.
+ * @returns IPRT status code.
  * @param   pSession        The session owning the allocation.
+ * @param   uPtr            The Ring-3 address returned by SUPR0PageAlloc().
+ */
+SUPR0DECL(int) SUPR0PageFree(PSUPDRVSESSION pSession, RTHCUINTPTR uPtr)
+{
+    dprintf(("SUPR0PageFree: pSession=%p uPtr=%p\n", pSession, (void *)uPtr));
+    return supdrvMemRelease(pSession, uPtr, MEMREF_TYPE_LOCKED_SUP);
+ * @param   pvR3             The Ring-3 address returned by SUPR0PageAlloc().
+ */
+SUPR0DECL(int) SUPR0PageFree(PSUPDRVSESSION pSession, RTR3PTR pvR3)
+{
+    dprintf(("SUPR0PageFree: pSession=%p pvR3=%p\n", pSession, (void *)pvR3));
+    AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
+    return supdrvMemRelease(pSession, (RTHCUINTPTR)pvR3, MEMREF_TYPE_LOCKED_SUP);
+}
 #endif /* USE_NEW_OS_INTERFACE_FOR_MM */
 …
  * Maps the GIP into userspace and/or get the physical address of the GIP.
+ *
+ * @returns 0 on success.
+ * @returns SUPDRV_ERR_* on failure.
+ * @returns IPRT status code.
  * @param   pSession        Session to which the GIP mapping should belong.
  * @param   ppGipR3         Where to store the address of the ring-3 mapping. (optional)
 …
  *          and remove the session as a GIP user.
  */
 SUPR0DECL(int) SUPR0GipMap(PSUPDRVSESSION pSession, PRTR3PTR ppGipR3, PRTHCPHYS pHCPhysGid)
+SUPR0DECL(int) SUPR0GipMap(PSUPDRVSESSION pSession, PRTR3PTR ppGipR3, PRTHCPHYS pHCPhysGip)
+{
     int             rc = 0;
 …
     RTR3PTR         pGip = NIL_RTR3PTR;
     RTHCPHYS        HCPhys = NIL_RTHCPHYS;
     dprintf(("SUPR0GipMap: pSession=%p ppGipR3=%p pHCPhysGid=%p\n", pSession, ppGipR3, pHCPhysGid));
+    dprintf(("SUPR0GipMap: pSession=%p ppGipR3=%p pHCPhysGip=%p\n", pSession, ppGipR3, pHCPhysGip));
     /*
      * Validate
      */
+    if (!ppGipR3 && !pHCPhysGid)
+        return 0;
+    AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
+    AssertPtrNullReturn(ppGipR3, VERR_INVALID_POINTER);
+    AssertPtrNullReturn(pHCPhysGip, VERR_INVALID_POINTER);
     RTSemFastMutexRequest(pDevExt->mtxGip);
 …
          * Get physical address.
          */
         if (pHCPhysGid && !rc)
+        if (pHCPhysGip && !rc)
             HCPhys = pDevExt->HCPhysGip;
 …
 #ifdef USE_NEW_OS_INTERFACE_FOR_GIP
                 rc = RTTimerStart(pDevExt->pGipTimer, 0);
                 AssertRC(rc); rc = 0;
+                AssertRC(rc); rc = VINF_SUCCESS;
 #else
                 supdrvOSGipResume(pDevExt);
 …
      * Write returns.
      */
     if (pHCPhysGid)
         *pHCPhysGid = HCPhys;
+    if (pHCPhysGip)
+        *pHCPhysGip = HCPhys;
     if (ppGipR3)
         *ppGipR3 = pGip;
 #ifdef DEBUG_DARWIN_GIP
     OSDBGPRINT(("SUPR0GipMap: returns %d *pHCPhysGid=%lx *ppGip=%p GipMapObjR3\n", rc, (unsigned long)HCPhys, pGip, pSession->GipMapObjR3));
+    OSDBGPRINT(("SUPR0GipMap: returns %d *pHCPhysGip=%lx *ppGip=%p GipMapObjR3\n", rc, (unsigned long)HCPhys, pGip, pSession->GipMapObjR3));
 #else
     dprintf(("SUPR0GipMap: returns %d *pHCPhysGid=%lx *ppGipR3=%p\n", rc, (unsigned long)HCPhys, (void *)(uintptr_t)pGip));
+    dprintf(("SUPR0GipMap: returns %d *pHCPhysGip=%lx *ppGipR3=%p\n", rc, (unsigned long)HCPhys, (void *)(uintptr_t)pGip));
 #endif
     return rc;
 …
  * from this session.
+ *
+ * @returns 0 on success.
+ * @returns SUPDRV_ERR_* on failure.
+ * @returns IPRT status code.
  * @param   pSession        Session to which the GIP mapping should belong.
  */
 SUPR0DECL(int) SUPR0GipUnmap(PSUPDRVSESSION pSession)
+{
     int                     rc = 0;
+    int                     rc = VINF_SUCCESS;
     PSUPDRVDEVEXT           pDevExt = pSession->pDevExt;
 #ifdef DEBUG_DARWIN_GIP
 …
     dprintf(("SUPR0GipUnmap: pSession=%p\n", pSession));
 #endif
+    AssertReturn(SUP_IS_SESSION_VALID(pSession), VERR_INVALID_PARAMETER);
     RTSemFastMutexRequest(pDevExt->mtxGip);
 …
  * Adds a memory object to the session.
+ *
+ * @returns 0 on success.
+ * @returns SUPDRV_ERR_* on failure.
+ * @returns IPRT status code.
  * @param   pMem        Memory tracking structure containing the
  *                      information to track.
 …
     for (pBundle = &pSession->Bundle; pBundle; pBundle = pBundle->pNext)
+    {
         if (pBundle->cUsed < sizeof(pBundle->aMem) / sizeof(pBundle->aMem[0]))
+        if (pBundle->cUsed < RT_ELEMENTS(pBundle->aMem))
+        {
             unsigned i;
             for (i = 0; i < sizeof(pBundle->aMem) / sizeof(pBundle->aMem[0]); i++)
+            for (i = 0; i < RT_ELEMENTS(pBundle->aMem); i++)
+            {
 #ifdef USE_NEW_OS_INTERFACE_FOR_MM
 …
                     pBundle->aMem[i] = *pMem;
                     RTSpinlockRelease(pSession->Spinlock, &SpinlockTmp);
                     return 0;
+                    return VINF_SUCCESS;
+                }
+            }
 …
     pBundle = (PSUPDRVBUNDLE)RTMemAllocZ(sizeof(*pBundle));
     if (!pBundle)
         return SUPDRV_ERR_NO_MEMORY;
+        return VERR_NO_MEMORY;
     /* take last entry. */
     pBundle->cUsed++;
     pBundle->aMem[sizeof(pBundle->aMem) / sizeof(pBundle->aMem[0]) - 1] = *pMem;
+    pBundle->aMem[RT_ELEMENTS(pBundle->aMem) - 1] = *pMem;
     /* insert into list. */
 …
     RTSpinlockRelease(pSession->Spinlock, &SpinlockTmp);
     return 0;
+    return VINF_SUCCESS;
+}
 …
  * Releases a memory object referenced by pointer and type.
+ *
+ * @returns 0 on success.
+ * @returns SUPDRV_ERR_INVALID_PARAM on failure.
+ * @returns IPRT status code.
  * @param   pSession    Session data.
  * @param   uPtr        Pointer to memory. This is matched against both the R0 and R3 addresses.
 …
      * Validate input.
      */
-    if (!pSession)
+    {
-        dprintf(("pSession must not be NULL!"));
-        return SUPDRV_ERR_INVALID_PARAM;
+    }
     if (!uPtr)
+    {
         dprintf(("Illegal address %p\n", (void *)uPtr));
         return SUPDRV_ERR_INVALID_PARAM;
+        return VERR_INVALID_PARAMETER;
+    }
 …
+        {
             unsigned i;
             for (i = 0; i < sizeof(pBundle->aMem) / sizeof(pBundle->aMem[0]); i++)
+            for (i = 0; i < RT_ELEMENTS(pBundle->aMem); i++)
+            {
 #ifdef USE_NEW_OS_INTERFACE_FOR_MM
 …
                         AssertRC(rc); /** @todo figure out how to handle this. */
+                    }
                     return 0;
+                    return VINF_SUCCESS;
+                }
 #else /* !USE_NEW_OS_INTERFACE_FOR_MM */
 …
                             break;
+                    }
                     return 0;
+                    return VINF_SUCCESS;
+               }
 #endif /* !USE_NEW_OS_INTERFACE_FOR_MM */
 …
     RTSpinlockRelease(pSession->Spinlock, &SpinlockTmp);
     dprintf(("Failed to find %p!!! (eType=%d)\n", (void *)uPtr, eType));
     return SUPDRV_ERR_INVALID_PARAM;
+    return VERR_INVALID_PARAMETER;
+}
 …
  * Install IDT for the current CPU.
+ *
+ * @returns 0 on success.
+ * @returns SUPDRV_ERR_NO_MEMORY or SUPDRV_ERROR_IDT_FAILED on failure.
+ * @param   pIn         Input data.
+ * @param   pOut        Output data.
+ */
+static int supdrvIOCtl_IdtInstall(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPIDTINSTALL_IN pIn, PSUPIDTINSTALL_OUT pOut)
+ * @returns One of the following IPRT status codes:
+ * @retval  VINF_SUCCESS on success.
+ * @retval  VERR_IDT_FAILED.
+ * @retval  VERR_NO_MEMORY.
+ * @param   pDevExt     The device extension.
+ * @param   pSession    The session data.
+ * @param   pReq        The request.
+ */
+static int supdrvIOCtl_IdtInstall(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPIDTINSTALL pReq)
+{
     PSUPDRVPATCHUSAGE   pUsagePre;
 …
     pUsagePre = (PSUPDRVPATCHUSAGE)RTMemAlloc(sizeof(*pUsagePre));
     if (!pUsagePre)
         return SUPDRV_ERR_NO_MEMORY;
+        return VERR_NO_MEMORY;
     /*
 …
         pPatchPre = (PSUPDRVPATCH)RTMemExecAlloc(sizeof(*pPatchPre));
         if (!pPatchPre)
             return SUPDRV_ERR_NO_MEMORY;
+            return VERR_NO_MEMORY;
         RTSpinlockAcquireNoInts(pDevExt->Spinlock, &SpinlockTmp);
 …
         RTMemFree(pUsagePre);
     pOut->u8Idt = pDevExt->u8Idt;
     return pPatch ? 0 : SUPDRV_ERR_IDT_FAILED;
+    pReq->u.Out.u8Idt = pDevExt->u8Idt;
+    return pPatch ? VINF_SUCCESS : VERR_IDT_FAILED;
+}
 …
  * This will uninstall our IDT patch if we left unreferenced.
+ *
  * @returns 0 indicating success.
+ * @returns VINF_SUCCESS.
  * @param   pDevExt     Device globals.
  * @param   pSession    Session data.
 …
     /*
      * Walk usage list.
+     * Walk usage list, removing patches as their usage count reaches zero.
      */
     pUsage = pSession->pPatchUsage;
 …
+    }
     return 0;
+    return VINF_SUCCESS;
+}
 …
 /**
  * Remove one patch.
+ *
+ * Worker for supdrvIOCtl_IdtRemoveAll.
+ *
  * @param   pDevExt     Device globals.
 …
  * This is the 1st step of the loading.
+ *
+ * @returns 0 on success.
+ * @returns SUPDRV_ERR_* on failure.
+ * @returns IPRT status code.
  * @param   pDevExt     Device globals.
  * @param   pSession    Session data.
+ * @param   pIn         Input.
+ * @param   pOut        Output. (May overlap pIn.)
+ */
+static int supdrvIOCtl_LdrOpen(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPLDROPEN_IN pIn, PSUPLDROPEN_OUT pOut)
+ * @param   pReq        The open request.
+ */
+static int supdrvIOCtl_LdrOpen(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPLDROPEN pReq)
+{
     PSUPDRVLDRIMAGE pImage;
     unsigned        cb;
     void           *pv;
     dprintf(("supdrvIOCtl_LdrOpen: szName=%s cbImage=%d\n", pIn->szName, pIn->cbImage));
+    dprintf(("supdrvIOCtl_LdrOpen: szName=%s cbImage=%d\n", pReq->u.In.szName, pReq->u.In.cbImage));
     /*
 …
     for (pImage = pDevExt->pLdrImages; pImage; pImage = pImage->pNext)
+    {
         if (!strcmp(pImage->szName, pIn->szName))
+        if (!strcmp(pImage->szName, pReq->u.In.szName))
+        {
             pImage->cUsage++;
             pOut->pvImageBase   = pImage->pvImage;
             pOut->fNeedsLoading = pImage->uState == SUP_IOCTL_LDR_OPEN;
+            pReq->u.Out.pvImageBase   = pImage->pvImage;
+            pReq->u.Out.fNeedsLoading = pImage->uState == SUP_IOCTL_LDR_OPEN;
             supdrvLdrAddUsage(pSession, pImage);
             RTSemFastMutexRelease(pDevExt->mtxLdr);
             return 0;
+            return VINF_SUCCESS;
+        }
+    }
 …
      * Allocate memory.
      */
     cb = pIn->cbImage + sizeof(SUPDRVLDRIMAGE) + 31;
+    cb = pReq->u.In.cbImage + sizeof(SUPDRVLDRIMAGE) + 31;
     pv = RTMemExecAlloc(cb);
     if (!pv)
+    {
         RTSemFastMutexRelease(pDevExt->mtxLdr);
         return SUPDRV_ERR_NO_MEMORY;
+        return VERR_NO_MEMORY;
+    }
 …
     pImage = (PSUPDRVLDRIMAGE)pv;
     pImage->pvImage         = ALIGNP(pImage + 1, 32);
     pImage->cbImage         = pIn->cbImage;
+    pImage->cbImage         = pReq->u.In.cbImage;
     pImage->pfnModuleInit   = NULL;
     pImage->pfnModuleTerm   = NULL;
     pImage->uState          = SUP_IOCTL_LDR_OPEN;
     pImage->cUsage          = 1;
     strcpy(pImage->szName, pIn->szName);
+    strcpy(pImage->szName, pReq->u.In.szName);
     pImage->pNext           = pDevExt->pLdrImages;
 …
     supdrvLdrAddUsage(pSession, pImage);
     pOut->pvImageBase       = pImage->pvImage;
     pOut->fNeedsLoading     = 1;
+    pReq->u.Out.pvImageBase = pImage->pvImage;
+    pReq->u.Out.fNeedsLoading = true;
     RTSemFastMutexRelease(pDevExt->mtxLdr);
     return 0;
+    return VINF_SUCCESS;
+}
 …
  * This is the 2nd step of the loading.
+ *
+ * @returns 0 on success.
+ * @returns SUPDRV_ERR_* on failure.
+ * @returns IPRT status code.
  * @param   pDevExt     Device globals.
  * @param   pSession    Session data.
  * @param   pIn         Input.
  */
 static int supdrvIOCtl_LdrLoad(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPLDRLOAD_IN pIn)
+ * @param   pReq        The request.
+ */
+static int supdrvIOCtl_LdrLoad(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPLDRLOAD pReq)
+{
     PSUPDRVLDRUSAGE pUsage;
     PSUPDRVLDRIMAGE pImage;
     int             rc;
     dprintf(("supdrvIOCtl_LdrLoad: pvImageBase=%p cbImage=%d\n", pIn->pvImageBase, pIn->cbImage));
+    dprintf(("supdrvIOCtl_LdrLoad: pvImageBase=%p cbImage=%d\n", pReq->u.In.pvImageBase, pReq->u.In.cbImage));
     /*
 …
     RTSemFastMutexRequest(pDevExt->mtxLdr);
     pUsage = pSession->pLdrUsage;
     while (pUsage && pUsage->pImage->pvImage != pIn->pvImageBase)
+    while (pUsage && pUsage->pImage->pvImage != pReq->u.In.pvImageBase)
         pUsage = pUsage->pNext;
     if (!pUsage)
 …
         RTSemFastMutexRelease(pDevExt->mtxLdr);
         dprintf(("SUP_IOCTL_LDR_LOAD: couldn't find image!\n"));
         return SUPDRV_ERR_INVALID_HANDLE;
+        return VERR_INVALID_HANDLE;
+    }
     pImage = pUsage->pImage;
     if (pImage->cbImage != pIn->cbImage)
+    if (pImage->cbImage != pReq->u.In.cbImage)
+    {
         RTSemFastMutexRelease(pDevExt->mtxLdr);
         dprintf(("SUP_IOCTL_LDR_LOAD: image size mismatch!! %d(prep) != %d(load)\n", pImage->cbImage, pIn->cbImage));
         return SUPDRV_ERR_INVALID_HANDLE;
+        dprintf(("SUP_IOCTL_LDR_LOAD: image size mismatch!! %d(prep) != %d(load)\n", pImage->cbImage, pReq->u.In.cbImage));
+        return VERR_INVALID_HANDLE;
+    }
     if (pImage->uState != SUP_IOCTL_LDR_OPEN)
 …
         return SUPDRV_ERR_ALREADY_LOADED;
+    }
     switch (pIn->eEPType)
+    switch (pReq->u.In.eEPType)
+    {
         case EP_NOTHING:
             break;
         case EP_VMMR0:
             if (!pIn->EP.VMMR0.pvVMMR0 || !pIn->EP.VMMR0.pvVMMR0Entry)
+            if (!pReq->u.In.EP.VMMR0.pvVMMR0 || !pReq->u.In.EP.VMMR0.pvVMMR0Entry)
+            {
                 RTSemFastMutexRelease(pDevExt->mtxLdr);
                 dprintf(("pvVMMR0=%p or pIn->EP.VMMR0.pvVMMR0Entry=%p is NULL!\n",
                          pIn->EP.VMMR0.pvVMMR0, pIn->EP.VMMR0.pvVMMR0Entry));
                 return SUPDRV_ERR_INVALID_PARAM;
+                dprintf(("pvVMMR0=%p or pReq->u.In.EP.VMMR0.pvVMMR0Entry=%p is NULL!\n",
+                         pReq->u.In.EP.VMMR0.pvVMMR0, pReq->u.In.EP.VMMR0.pvVMMR0Entry));
+                return VERR_INVALID_PARAMETER;
+            }
             if ((uintptr_t)pIn->EP.VMMR0.pvVMMR0Entry - (uintptr_t)pImage->pvImage >= pIn->cbImage)
+            if ((uintptr_t)pReq->u.In.EP.VMMR0.pvVMMR0Entry - (uintptr_t)pImage->pvImage >= pReq->u.In.cbImage)
+            {
                 RTSemFastMutexRelease(pDevExt->mtxLdr);
                 dprintf(("SUP_IOCTL_LDR_LOAD: pvVMMR0Entry=%p is outside the image (%p %d bytes)\n",
                          pIn->EP.VMMR0.pvVMMR0Entry, pImage->pvImage, pIn->cbImage));
                 return SUPDRV_ERR_INVALID_PARAM;
+                         pReq->u.In.EP.VMMR0.pvVMMR0Entry, pImage->pvImage, pReq->u.In.cbImage));
+                return VERR_INVALID_PARAMETER;
+            }
             break;
         default:
             RTSemFastMutexRelease(pDevExt->mtxLdr);
             dprintf(("Invalid eEPType=%d\n", pIn->eEPType));
             return SUPDRV_ERR_INVALID_PARAM;
+    }
     if (    pIn->pfnModuleInit
         &&  (uintptr_t)pIn->pfnModuleInit - (uintptr_t)pImage->pvImage >= pIn->cbImage)
+            dprintf(("Invalid eEPType=%d\n", pReq->u.In.eEPType));
+            return VERR_INVALID_PARAMETER;
+    }
+    if (    pReq->u.In.pfnModuleInit
+        &&  (uintptr_t)pReq->u.In.pfnModuleInit - (uintptr_t)pImage->pvImage >= pReq->u.In.cbImage)
+    {
         RTSemFastMutexRelease(pDevExt->mtxLdr);
         dprintf(("SUP_IOCTL_LDR_LOAD: pfnModuleInit=%p is outside the image (%p %d bytes)\n",
                  pIn->pfnModuleInit, pImage->pvImage, pIn->cbImage));
         return SUPDRV_ERR_INVALID_PARAM;
+    }
     if (    pIn->pfnModuleTerm
         &&  (uintptr_t)pIn->pfnModuleTerm - (uintptr_t)pImage->pvImage >= pIn->cbImage)
+                 pReq->u.In.pfnModuleInit, pImage->pvImage, pReq->u.In.cbImage));
+        return VERR_INVALID_PARAMETER;
+    }
+    if (    pReq->u.In.pfnModuleTerm
+        &&  (uintptr_t)pReq->u.In.pfnModuleTerm - (uintptr_t)pImage->pvImage >= pReq->u.In.cbImage)
+    {
         RTSemFastMutexRelease(pDevExt->mtxLdr);
         dprintf(("SUP_IOCTL_LDR_LOAD: pfnModuleTerm=%p is outside the image (%p %d bytes)\n",
                  pIn->pfnModuleTerm, pImage->pvImage, pIn->cbImage));
         return SUPDRV_ERR_INVALID_PARAM;
+                 pReq->u.In.pfnModuleTerm, pImage->pvImage, pReq->u.In.cbImage));
+        return VERR_INVALID_PARAMETER;
+    }
 …
      */
     /* no need to do try/except as this is a buffered request. */
     memcpy(pImage->pvImage, &pIn->achImage[0], pImage->cbImage);
+    memcpy(pImage->pvImage, &pReq->u.In.achImage[0], pImage->cbImage);
     pImage->uState = SUP_IOCTL_LDR_LOAD;
     pImage->pfnModuleInit = pIn->pfnModuleInit;
     pImage->pfnModuleTerm = pIn->pfnModuleTerm;
     pImage->offSymbols    = pIn->offSymbols;
     pImage->cSymbols      = pIn->cSymbols;
     pImage->offStrTab     = pIn->offStrTab;
     pImage->cbStrTab      = pIn->cbStrTab;
+    pImage->pfnModuleInit = pReq->u.In.pfnModuleInit;
+    pImage->pfnModuleTerm = pReq->u.In.pfnModuleTerm;
+    pImage->offSymbols    = pReq->u.In.offSymbols;
+    pImage->cSymbols      = pReq->u.In.cSymbols;
+    pImage->offStrTab     = pReq->u.In.offStrTab;
+    pImage->cbStrTab      = pReq->u.In.cbStrTab;
     /*
      * Update any entry points.
      */
     switch (pIn->eEPType)
+    switch (pReq->u.In.eEPType)
+    {
         default:
         case EP_NOTHING:
             rc = 0;
+            rc = VINF_SUCCESS;
             break;
         case EP_VMMR0:
             rc = supdrvLdrSetR0EP(pDevExt, pIn->EP.VMMR0.pvVMMR0, pIn->EP.VMMR0.pvVMMR0Entry);
+            rc = supdrvLdrSetR0EP(pDevExt, pReq->u.In.EP.VMMR0.pvVMMR0, pReq->u.In.EP.VMMR0.pvVMMR0Entry);
             break;
+    }
 …
  * Frees a previously loaded (prep'ed) image.
+ *
+ * @returns 0 on success.
+ * @returns SUPDRV_ERR_* on failure.
+ * @returns IPRT status code.
  * @param   pDevExt     Device globals.
  * @param   pSession    Session data.
  * @param   pIn         Input.
  */
 static int supdrvIOCtl_LdrFree(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPLDRFREE_IN pIn)
+ * @param   pReq        The request.
+ */
+static int supdrvIOCtl_LdrFree(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPLDRFREE pReq)
+{
     PSUPDRVLDRUSAGE pUsagePrev;
     PSUPDRVLDRUSAGE pUsage;
     PSUPDRVLDRIMAGE pImage;
     dprintf(("supdrvIOCtl_LdrFree: pvImageBase=%p\n", pIn->pvImageBase));
+    dprintf(("supdrvIOCtl_LdrFree: pvImageBase=%p\n", pReq->u.In.pvImageBase));
     /*
 …
     pUsagePrev = NULL;
     pUsage = pSession->pLdrUsage;
     while (pUsage && pUsage->pImage->pvImage != pIn->pvImageBase)
+    while (pUsage && pUsage->pImage->pvImage != pReq->u.In.pvImageBase)
+    {
         pUsagePrev = pUsage;
 …
         RTSemFastMutexRelease(pDevExt->mtxLdr);
         dprintf(("SUP_IOCTL_LDR_FREE: couldn't find image!\n"));
         return SUPDRV_ERR_INVALID_HANDLE;
+        return VERR_INVALID_HANDLE;
+    }
 …
     RTSemFastMutexRelease(pDevExt->mtxLdr);
     return 0;
+    return VINF_SUCCESS;
+}
 …
  * @param   pDevExt     Device globals.
  * @param   pSession    Session data.
+ * @param   pIn         Input.
+ * @param   pOut        Output. (May overlap pIn.)
+ */
+static int supdrvIOCtl_LdrGetSymbol(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPLDRGETSYMBOL_IN pIn, PSUPLDRGETSYMBOL_OUT pOut)
+ * @param   pReq        The request buffer.
+ */
+static int supdrvIOCtl_LdrGetSymbol(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PSUPLDRGETSYMBOL pReq)
+{
     PSUPDRVLDRIMAGE pImage;
 …
     PSUPLDRSYM      paSyms;
     const char     *pchStrings;
     const size_t    cbSymbol = strlen(pIn->szSymbol) + 1;
+    const size_t    cbSymbol = strlen(pReq->u.In.szSymbol) + 1;
     void           *pvSymbol = NULL;
     int             rc = SUPDRV_ERR_GENERAL_FAILURE; /** @todo better error code. */
     dprintf2(("supdrvIOCtl_LdrGetSymbol: pvImageBase=%p szSymbol=\"%s\"\n", pIn->pvImageBase, pIn->szSymbol));
+    int             rc = VERR_GENERAL_FAILURE;
+    dprintf2(("supdrvIOCtl_LdrGetSymbol: pvImageBase=%p szSymbol=\"%s\"\n", pReq->u.In.pvImageBase, pReq->u.In.szSymbol));
     /*
 …
     RTSemFastMutexRequest(pDevExt->mtxLdr);
     pUsage = pSession->pLdrUsage;
     while (pUsage && pUsage->pImage->pvImage != pIn->pvImageBase)
+    while (pUsage && pUsage->pImage->pvImage != pReq->u.In.pvImageBase)
         pUsage = pUsage->pNext;
     if (!pUsage)
 …
         RTSemFastMutexRelease(pDevExt->mtxLdr);
         dprintf(("SUP_IOCTL_LDR_GET_SYMBOL: couldn't find image!\n"));
         return SUPDRV_ERR_INVALID_HANDLE;
+        return VERR_INVALID_HANDLE;
+    }
     pImage = pUsage->pImage;
 …
         RTSemFastMutexRelease(pDevExt->mtxLdr);
         dprintf(("SUP_IOCTL_LDR_GET_SYMBOL: invalid image state %d (%#x)!\n", uState, uState)); NOREF(uState);
         return SUPDRV_ERR_ALREADY_LOADED;
+        return VERR_ALREADY_LOADED;
+    }
 …
         if (    paSyms[i].offSymbol < pImage->cbImage /* paranoia */
             &&  paSyms[i].offName + cbSymbol <= pImage->cbStrTab
             &&  !memcmp(pchStrings + paSyms[i].offName, pIn->szSymbol, cbSymbol))
+            &&  !memcmp(pchStrings + paSyms[i].offName, pReq->u.In.szSymbol, cbSymbol))
+        {
             pvSymbol = (uint8_t *)pImage->pvImage + paSyms[i].offSymbol;
             rc = 0;
+            rc = VINF_SUCCESS;
             break;
+        }
+    }
     RTSemFastMutexRelease(pDevExt->mtxLdr);
     pOut->pvSymbol = pvSymbol;
+    pReq->u.Out.pvSymbol = pvSymbol;
     return rc;
+}
 …
  * point (i.e. VMMR0Enter()).
+ *
+ * @returns 0 on success.
+ * @returns SUPDRV_ERR_* on failure.
+ * @returns IPRT status code.
  * @param   pDevExt     Device globals.
  * @param   pSession    Session data.
 …
 static int supdrvLdrSetR0EP(PSUPDRVDEVEXT pDevExt, void *pvVMMR0, void *pvVMMR0Entry)
+{
     int     rc;
+    int rc = VINF_SUCCESS;
     dprintf(("supdrvLdrSetR0EP pvVMMR0=%p pvVMMR0Entry=%p\n", pvVMMR0, pvVMMR0Entry));
 …
      * Check if not yet set.
      */
-    rc = 0;
     if (!pDevExt->pvVMMR0)
+    {
 …
+        {
             AssertMsgFailed(("SUP_IOCTL_LDR_SETR0EP: Already set pointing to a different module!\n"));
             rc = SUPDRV_ERR_INVALID_PARAM;
+            rc = VERR_INVALID_PARAMETER;
+        }
+    }
 …
  * Gets the current paging mode of the CPU and stores in in pOut.
  */
+static int supdrvIOCtl_GetPagingMode(PSUPGETPAGINGMODE_OUT pOut)
+{
+static SUPPAGINGMODE supdrvIOCtl_GetPagingMode(void)
+{
+    SUPPAGINGMODE enmMode;
     RTUINTREG cr0 = ASMGetCR0();
     if ((cr0 & (X86_CR0_PG | X86_CR0_PE)) != (X86_CR0_PG | X86_CR0_PE))
         pOut->enmMode = SUPPAGINGMODE_INVALID;
+        enmMode = SUPPAGINGMODE_INVALID;
     else
+    {
 …
+        {
             case 0:
                 pOut->enmMode = SUPPAGINGMODE_32_BIT;
+                enmMode = SUPPAGINGMODE_32_BIT;
                 break;
             case X86_CR4_PGE:
                 pOut->enmMode = SUPPAGINGMODE_32_BIT_GLOBAL;
+                enmMode = SUPPAGINGMODE_32_BIT_GLOBAL;
                 break;
             case X86_CR4_PAE:
                 pOut->enmMode = SUPPAGINGMODE_PAE;
+                enmMode = SUPPAGINGMODE_PAE;
                 break;
             case X86_CR4_PAE | BIT(0):
                 pOut->enmMode = SUPPAGINGMODE_PAE_NX;
+                enmMode = SUPPAGINGMODE_PAE_NX;
                 break;
             case X86_CR4_PAE | X86_CR4_PGE:
                 pOut->enmMode = SUPPAGINGMODE_PAE_GLOBAL;
+                enmMode = SUPPAGINGMODE_PAE_GLOBAL;
                 break;
             case X86_CR4_PAE | X86_CR4_PGE | BIT(0):
                 pOut->enmMode = SUPPAGINGMODE_PAE_GLOBAL;
+                enmMode = SUPPAGINGMODE_PAE_GLOBAL;
                 break;
             case BIT(1) | X86_CR4_PAE:
                 pOut->enmMode = SUPPAGINGMODE_AMD64;
+                enmMode = SUPPAGINGMODE_AMD64;
                 break;
             case BIT(1) | X86_CR4_PAE | BIT(0):
                 pOut->enmMode = SUPPAGINGMODE_AMD64_NX;
+                enmMode = SUPPAGINGMODE_AMD64_NX;
                 break;
             case BIT(1) | X86_CR4_PAE | X86_CR4_PGE:
                 pOut->enmMode = SUPPAGINGMODE_AMD64_GLOBAL;
+                enmMode = SUPPAGINGMODE_AMD64_GLOBAL;
                 break;
             case BIT(1) | X86_CR4_PAE | X86_CR4_PGE | BIT(0):
                 pOut->enmMode = SUPPAGINGMODE_AMD64_GLOBAL_NX;
+                enmMode = SUPPAGINGMODE_AMD64_GLOBAL_NX;
                 break;
             default:
                 AssertMsgFailed(("Cannot happen! cr4=%#x fNXEPlusLMA=%d\n", cr4, fNXEPlusLMA));
                 pOut->enmMode = SUPPAGINGMODE_INVALID;
+                enmMode = SUPPAGINGMODE_INVALID;
                 break;
+        }
+    }
     return 0;
+    return enmMode;
+}
 …
                 *ppvR0 = RTR0MemObjAddress(pMem->u.iprt.MemObj);
                 *ppvR3 = RTR0MemObjAddressR3(pMem->u.iprt.MapObjR3);
                 return 0;
+                return VINF_SUCCESS;
+            }
 …
      */
     supdrvGipInit(pDevExt, pGip, HCPhysGip, RTTimeSystemNanoTS(), 1000000000 / u32Interval /*=Hz*/);
     return 0;
+    return VINF_SUCCESS;
+}
 …
  * Terminates the GIP.
+ *
- * @returns negative errno.
  * @param   pDevExt     Instance data. GIP stuff may be updated.
  */
 static int supdrvGipDestroy(PSUPDRVDEVEXT pDevExt)
+static void supdrvGipDestroy(PSUPDRVDEVEXT pDevExt)
+{
     int rc;
 …
+    {
         supdrvGipTerm(pDevExt->pGip);
         pDevExt->pGip = 0;
+        pDevExt->pGip = NULL;
+    }
 …
         pDevExt->u32SystemTimerGranularityGrant = 0;
+    }
-    return 0;
+}
 …
  * Initializes the GIP data.
+ *
  * @returns VBox status code.
+ * @returns IPRT status code.
  * @param   pDevExt     Pointer to the device instance data.
  * @param   pGip        Pointer to the read-write kernel mapping of the GIP.
 …
     pDevExt->cGipUsers = 0;
     return 0;
+    return VINF_SUCCESS;
+}
 …
  * @param   u64NanoTS   The current nanosecond timesamp.
  */
 void VBOXCALL   supdrvGipUpdate(PSUPGLOBALINFOPAGE pGip, uint64_t u64NanoTS)
+void VBOXCALL supdrvGipUpdate(PSUPGLOBALINFOPAGE pGip, uint64_t u64NanoTS)
+{
     /*
 …
  * @param   iCpu        The CPU index.
  */
 void VBOXCALL   supdrvGipUpdatePerCpu(PSUPGLOBALINFOPAGE pGip, uint64_t u64NanoTS, unsigned iCpu)
+void VBOXCALL supdrvGipUpdatePerCpu(PSUPGLOBALINFOPAGE pGip, uint64_t u64NanoTS, unsigned iCpu)
+{
     PSUPGIPCPU  pGipCpu;

trunk/src/VBox/HostDrivers/Support/SUPLib.cpp

-              r4765
+              r4800
 #include <VBox/err.h>
 #include <VBox/param.h>
+#ifdef VBOX_WITHOUT_IDT_PATCHING
+# include <VBox/vmm.h>
+#endif
+#include <VBox/vmm.h>
 #include <VBox/log.h>
 …
 #include <iprt/string.h>
 #include <iprt/env.h>
+#include <iprt/rand.h>
 #include "SUPLibInternal.h"
 …
 PSUPDRVSESSION      g_pSession;
 /** R0 SUP Functions used for resolving referenced to the SUPR0 module. */
 static PSUPQUERYFUNCS_OUT g_pFunctions;
+static PSUPQUERYFUNCS g_pFunctions;
 #ifndef VBOX_WITHOUT_IDT_PATCHING
 …
 /** Init counter. */
 static unsigned     g_cInits = 0;
+/** PAGE_ALLOC support indicator. */
+static bool         g_fSupportsPageAllocLocked = true;
 /** Fake mode indicator. (~0 at first, 0 or 1 after first test) */
 static uint32_t     g_u32FakeMode = ~0;
 …
      */
     int rc = suplibOsInit(cbReserve);
     if (VBOX_SUCCESS(rc))
+    if (RT_SUCCESS(rc))
+    {
         /*
          * Negotiate the cookie.
          */
+        SUPCOOKIE_IN    In;
+        SUPCOOKIE_OUT   Out = {0,0,0,0,0,NIL_RTR0PTR};
+        strcpy(In.szMagic, SUPCOOKIE_MAGIC);
+        In.u32ReqVersion = SUPDRVIOC_VERSION;
+        In.u32MinVersion = SUPDRVIOC_VERSION & 0xffff0000;
+        rc = suplibOsIOCtl(SUP_IOCTL_COOKIE, &In, sizeof(In), &Out, sizeof(Out));
+        if (VBOX_SUCCESS(rc))
+        SUPCOOKIE CookieReq;
+        memset(&CookieReq, 0xff, sizeof(CookieReq));
+        CookieReq.Hdr.u32Cookie = SUPCOOKIE_INITIAL_COOKIE;
+        CookieReq.Hdr.u32SessionCookie = RTRandU32();
+        CookieReq.Hdr.cbIn = SUP_IOCTL_COOKIE_SIZE_IN;
+        CookieReq.Hdr.cbOut = SUP_IOCTL_COOKIE_SIZE_OUT;
+        CookieReq.Hdr.fFlags = SUPREQHDR_FLAGS_DEFAULT;
+        CookieReq.Hdr.rc = VERR_INTERNAL_ERROR;
+        strcpy(CookieReq.u.In.szMagic, SUPCOOKIE_MAGIC);
+        CookieReq.u.In.u32ReqVersion = SUPDRVIOC_VERSION;
+        CookieReq.u.In.u32MinVersion = SUPDRVIOC_VERSION & 0xffff0000;
+        rc = suplibOsIOCtl(SUP_IOCTL_COOKIE, &CookieReq, SUP_IOCTL_COOKIE_SIZE);
+        if (    RT_SUCCESS(rc)
+            &&  RT_SUCCESS(CookieReq.Hdr.rc))
+        {
             if ((Out.u32SessionVersion & 0xffff0000) == (SUPDRVIOC_VERSION & 0xffff0000))
+            if ((CookieReq.u.Out.u32SessionVersion & 0xffff0000) == (SUPDRVIOC_VERSION & 0xffff0000))
+            {
                 /*
                  * Query the functions.
                  */
+                SUPQUERYFUNCS_IN    FuncsIn;
+                FuncsIn.u32Cookie           = Out.u32Cookie;
+                FuncsIn.u32SessionCookie    = Out.u32SessionCookie;
+                unsigned            cbFuncsOut = RT_OFFSETOF(SUPQUERYFUNCS_OUT, aFunctions[Out.cFunctions]);
+                PSUPQUERYFUNCS_OUT  pFuncsOut = (PSUPQUERYFUNCS_OUT)RTMemAllocZ(cbFuncsOut);
+                if (pFuncsOut)
+                PSUPQUERYFUNCS pFuncsReq = (PSUPQUERYFUNCS)RTMemAllocZ(SUP_IOCTL_QUERY_FUNCS_SIZE(CookieReq.u.Out.cFunctions));
+                if (pFuncsReq)
+                {
+                    rc = suplibOsIOCtl(SUP_IOCTL_QUERY_FUNCS, &FuncsIn, sizeof(FuncsIn), pFuncsOut, cbFuncsOut);
+                    if (VBOX_SUCCESS(rc))
+                    pFuncsReq->Hdr.u32Cookie            = CookieReq.u.Out.u32Cookie;
+                    pFuncsReq->Hdr.u32SessionCookie     = CookieReq.u.Out.u32SessionCookie;
+                    pFuncsReq->Hdr.cbIn                 = SUP_IOCTL_QUERY_FUNCS_SIZE_IN;
+                    pFuncsReq->Hdr.cbOut                = SUP_IOCTL_QUERY_FUNCS_SIZE_OUT(CookieReq.u.Out.cFunctions);
+                    pFuncsReq->Hdr.fFlags               = SUPREQHDR_FLAGS_DEFAULT;
+                    pFuncsReq->Hdr.rc                   = VERR_INTERNAL_ERROR;
+                    rc = suplibOsIOCtl(SUP_IOCTL_QUERY_FUNCS(CookieReq.u.Out.cFunctions), pFuncsReq, SUP_IOCTL_QUERY_FUNCS_SIZE(CookieReq.u.Out.cFunctions));
+                    if (RT_SUCCESS(rc))
+                        rc = pFuncsReq->Hdr.rc;
+                    if (RT_SUCCESS(rc))
+                    {
                         g_u32Cookie         = Out.u32Cookie;
                         g_u32SessionCookie  = Out.u32SessionCookie;
                         g_pSession          = Out.pSession;
                         g_pFunctions        = pFuncsOut;
+                        g_u32Cookie         = CookieReq.u.Out.u32Cookie;
+                        g_u32SessionCookie  = CookieReq.u.Out.u32SessionCookie;
+                        g_pSession          = CookieReq.u.Out.pSession;
+                        g_pFunctions        = pFuncsReq;
                         if (ppSession)
                             *ppSession = Out.pSession;
+                            *ppSession = CookieReq.u.Out.pSession;
                         /*
 …
                         if (!g_pSUPGlobalInfoPage)
+                        {
+                            SUPGIPMAP_IN GipIn = {0};
+                            SUPGIPMAP_OUT GipOut = {NULL, 0};
+                            GipIn.u32Cookie           = Out.u32Cookie;
+                            GipIn.u32SessionCookie    = Out.u32SessionCookie;
+                            rc = suplibOsIOCtl(SUP_IOCTL_GIP_MAP, &GipIn, sizeof(GipIn), &GipOut, sizeof(GipOut));
+                            if (VBOX_SUCCESS(rc))
+                            SUPGIPMAP GipMapReq;
+                            GipMapReq.Hdr.u32Cookie = g_u32Cookie;
+                            GipMapReq.Hdr.u32SessionCookie = g_u32SessionCookie;
+                            GipMapReq.Hdr.cbIn = SUP_IOCTL_GIP_MAP_SIZE_IN;
+                            GipMapReq.Hdr.cbOut = SUP_IOCTL_GIP_MAP_SIZE_OUT;
+                            GipMapReq.Hdr.fFlags = SUPREQHDR_FLAGS_DEFAULT;
+                            GipMapReq.Hdr.rc = VERR_INTERNAL_ERROR;
+                            GipMapReq.u.Out.HCPhysGip = NIL_RTHCPHYS;
+                            GipMapReq.u.Out.pGipR0 = NIL_RTR0PTR;
+                            GipMapReq.u.Out.pGipR3 = NULL;
+                            rc = suplibOsIOCtl(SUP_IOCTL_GIP_MAP, &GipMapReq, SUP_IOCTL_GIP_MAP_SIZE);
+                            if (RT_SUCCESS(rc))
+                                rc = pFuncsReq->Hdr.rc;
+                            if (RT_SUCCESS(rc))
+                            {
                                 AssertRelease(GipOut.pGipR3->u32Magic == SUPGLOBALINFOPAGE_MAGIC);
                                 AssertRelease(GipOut.pGipR3->u32Version >= SUPGLOBALINFOPAGE_VERSION);
                                 ASMAtomicXchgSize(&g_HCPhysSUPGlobalInfoPage, GipOut.HCPhysGip);
                                 ASMAtomicCmpXchgPtr((void * volatile *)&g_pSUPGlobalInfoPage, (void *)GipOut.pGipR3, NULL);
                                 ASMAtomicCmpXchgPtr((void * volatile *)&g_pSUPGlobalInfoPageR0, (void *)GipOut.pGipR0, NULL);
+                                AssertRelease(GipMapReq.u.Out.pGipR3->u32Magic == SUPGLOBALINFOPAGE_MAGIC);
+                                AssertRelease(GipMapReq.u.Out.pGipR3->u32Version >= SUPGLOBALINFOPAGE_VERSION);
+                                ASMAtomicXchgSize(&g_HCPhysSUPGlobalInfoPage, GipMapReq.u.Out.HCPhysGip);
+                                ASMAtomicCmpXchgPtr((void * volatile *)&g_pSUPGlobalInfoPage, GipMapReq.u.Out.pGipR3, NULL);
+                                ASMAtomicCmpXchgPtr((void * volatile *)&g_pSUPGlobalInfoPageR0, (void *)GipMapReq.u.Out.pGipR0, NULL);
+                            }
-                            else
-                                rc = VINF_SUCCESS;
+                        }
                         return rc;
+                        return VINF_SUCCESS;
+                    }
+                    RTMemFree(pFuncsOut);
+                    /* bailout */
+                    RTMemFree(pFuncsReq);
+                }
                 else
 …
+            {
                 LogRel(("Support driver version mismatch: SessionVersion=%#x DriverVersion=%#x ClientVersion=%#x\n",
                         Out.u32SessionVersion, Out.u32DriverVersion, SUPDRVIOC_VERSION));
+                        CookieReq.u.Out.u32SessionVersion, CookieReq.u.Out.u32DriverVersion, SUPDRVIOC_VERSION));
                 rc = VERR_VM_DRIVER_VERSION_MISMATCH;
+            }
 …
         else
+        {
+             if (rc == VERR_INVALID_PARAMETER) /* for pre 0x00040002 drivers */
+                 rc = VERR_VM_DRIVER_VERSION_MISMATCH;
+             if (rc == VERR_VM_DRIVER_VERSION_MISMATCH)
+                 LogRel(("Support driver version mismatch: DriverVersion=%#x ClientVersion=%#x\n",
+                         Out.u32DriverVersion, SUPDRVIOC_VERSION));
+             else
+                 LogRel(("Support driver version/Cookie negotiations error: rc=%Vrc\n", rc));
+            if (RT_SUCCESS(rc))
+            {
+                rc = CookieReq.Hdr.rc;
+                LogRel(("Support driver version mismatch: DriverVersion=%#x ClientVersion=%#x rc=%Rrc\n",
+                        CookieReq.u.Out.u32DriverVersion, SUPDRVIOC_VERSION, rc));
+                if (rc != VERR_VM_DRIVER_VERSION_MISMATCH)
+                    rc = VERR_VM_DRIVER_VERSION_MISMATCH;
+            }
+            else
+            {
+                /* for pre 0x00060000 drivers */
+                LogRel(("Support driver version mismatch: DriverVersion=too-old ClientVersion=%#x\n", SUPDRVIOC_VERSION));
+                rc = VERR_VM_DRIVER_VERSION_MISMATCH;
+            }
+        }
 …
     /* fake r0 functions. */
     g_pFunctions = (PSUPQUERYFUNCS_OUT)RTMemAllocZ(RT_OFFSETOF(SUPQUERYFUNCS_OUT, aFunctions[RT_ELEMENTS(s_aFakeFunctions)]));
+    g_pFunctions = (PSUPQUERYFUNCS)RTMemAllocZ(SUP_IOCTL_QUERY_FUNCS_SIZE(RT_ELEMENTS(s_aFakeFunctions)));
     if (g_pFunctions)
+    {
         g_pFunctions->cFunctions = RT_ELEMENTS(s_aFakeFunctions);
         memcpy(&g_pFunctions->aFunctions[0], &s_aFakeFunctions[0], sizeof(s_aFakeFunctions));
+        g_pFunctions->u.Out.cFunctions = RT_ELEMENTS(s_aFakeFunctions);
+        memcpy(&g_pFunctions->u.Out.aFunctions[0], &s_aFakeFunctions[0], sizeof(s_aFakeFunctions));
         g_pSession = (PSUPDRVSESSION)(void *)g_pFunctions;
         if (ppSession)
 …
         /* fake the GIP. */
         g_pSUPGlobalInfoPage = (PSUPGLOBALINFOPAGE)RTMemPageAlloc(PAGE_SIZE);
+        g_pSUPGlobalInfoPage = (PSUPGLOBALINFOPAGE)RTMemPageAllocZ(PAGE_SIZE);
         if (g_pSUPGlobalInfoPage)
+        {
 …
 SUPR3DECL(SUPPAGINGMODE) SUPGetPagingMode(void)
+{
+    /* fake */
+    if (RT_UNLIKELY(g_u32FakeMode))
+#ifdef RT_ARCH_AMD64
+        return SUPPAGINGMODE_AMD64_GLOBAL_NX;
+#else
+        return SUPPAGINGMODE_32_BIT_GLOBAL;
+#endif
     /*
      * Issue IOCtl to the SUPDRV kernel module.
      */
+    SUPGETPAGINGMODE_IN In;
+    In.u32Cookie        = g_u32Cookie;
+    In.u32SessionCookie = g_u32SessionCookie;
+    SUPGETPAGINGMODE_OUT Out = {SUPPAGINGMODE_INVALID};
+    SUPGETPAGINGMODE Req;
+    Req.Hdr.u32Cookie = g_u32Cookie;
+    Req.Hdr.u32SessionCookie = g_u32SessionCookie;
+    Req.Hdr.cbIn = SUP_IOCTL_GET_PAGING_MODE_SIZE_IN;
+    Req.Hdr.cbOut = SUP_IOCTL_GET_PAGING_MODE_SIZE_OUT;
+    Req.Hdr.fFlags = SUPREQHDR_FLAGS_DEFAULT;
+    Req.Hdr.rc = VERR_INTERNAL_ERROR;
+    int rc = suplibOsIOCtl(SUP_IOCTL_GET_PAGING_MODE, &Req, SUP_IOCTL_GET_PAGING_MODE_SIZE);
+    if (    RT_FAILURE(rc)
+        ||  RT_FAILURE(Req.Hdr.rc))
+    {
+        LogRel(("SUPGetPagingMode: %Rrc %Rrc\n", rc, Req.Hdr.rc));
+        Req.u.Out.enmMode = SUPPAGINGMODE_INVALID;
+    }
+    return Req.u.Out.enmMode;
+}
+/**
+ * For later.
+ */
+static int supCallVMMR0ExFake(PVMR0 pVMR0, unsigned uOperation, void *pvVMMReq, size_t cbVMMReq)
+{
+    AssertMsgFailed(("%d\n", uOperation));
+    return VERR_NOT_SUPPORTED;
+}
+SUPR3DECL(int) SUPCallVMMR0Ex(PVMR0 pVMR0, unsigned uOperation, void *pvVMMReq, size_t cbVMMReq)
+{
+    /*
+     * The following operations don't belong here.
+     */
+    AssertMsgReturn(    uOperation != VMMR0_DO_RAW_RUN
+                    &&  uOperation != VMMR0_DO_HWACC_RUN
+                    &&  uOperation != VMMR0_DO_NOP,
+                    ("%#x\n", uOperation),
+                    VERR_INTERNAL_ERROR);
+    /* fake */
+    if (RT_UNLIKELY(g_u32FakeMode))
+        return supCallVMMR0ExFake(pVMR0, uOperation, pvVMMReq, cbVMMReq);
     int rc;
+    if (!g_u32FakeMode)
+    {
+        rc = suplibOsIOCtl(SUP_IOCTL_GET_PAGING_MODE, &In, sizeof(In), &Out, sizeof(Out));
+        if (VBOX_FAILURE(rc))
+            Out.enmMode = SUPPAGINGMODE_INVALID;
+    }
+    else
+#ifdef RT_ARCH_AMD64
+        Out.enmMode = SUPPAGINGMODE_AMD64_GLOBAL_NX;
+#else
+        Out.enmMode = SUPPAGINGMODE_32_BIT_GLOBAL;
+#endif
+    return Out.enmMode;
+}
+SUPR3DECL(int) SUPCallVMMR0Ex(PVMR0 pVMR0, unsigned uOperation, void *pvArg, unsigned cbArg)
+{
+    /*
+     * Issue IOCtl to the SUPDRV kernel module.
+     */
+    SUPCALLVMMR0_IN In;
+    In.u32Cookie        = g_u32Cookie;
+    In.u32SessionCookie = g_u32SessionCookie;
+    In.pVMR0            = pVMR0;
+    In.uOperation       = uOperation;
+    In.cbArg            = cbArg;
+    In.pvArg            = pvArg;
+    Assert(!g_u32FakeMode);
+    SUPCALLVMMR0_OUT Out = {VINF_SUCCESS};
+    int rc = suplibOsIOCtl(SUP_IOCTL_CALL_VMMR0, &In, sizeof(In), &Out, sizeof(Out));
+    if (VBOX_SUCCESS(rc))
+        rc = Out.rc;
+    if (!cbVMMReq)
+    {
+        /* no data. */
+        SUPCALLVMMR0 Req;
+        Req.Hdr.u32Cookie = g_u32Cookie;
+        Req.Hdr.u32SessionCookie = g_u32SessionCookie;
+        Req.Hdr.cbIn = SUP_IOCTL_CALL_VMMR0_SIZE_IN(0);
+        Req.Hdr.cbOut = SUP_IOCTL_CALL_VMMR0_SIZE_OUT(0);
+        Req.Hdr.fFlags = SUPREQHDR_FLAGS_DEFAULT;
+        Req.Hdr.rc = VERR_INTERNAL_ERROR;
+        Req.u.In.pVMR0 = pVMR0;
+        Req.u.In.uOperation = uOperation;
+        Req.u.In.uArg = (uintptr_t)pvVMMReq;
+        rc = suplibOsIOCtl(SUP_IOCTL_CALL_VMMR0(0), &Req, SUP_IOCTL_CALL_VMMR0_SIZE(0));
+        if (RT_SUCCESS(rc))
+            rc = Req.Hdr.rc;
+    }
+    else if (SUP_IOCTL_CALL_VMMR0_SIZE(cbVMMReq) < _4K) /* FreeBSD won't copy more than 4K. */
+    {
+        AssertPtr(pvVMMReq);
+        PSUPCALLVMMR0 pReq = (PSUPCALLVMMR0)alloca(SUP_IOCTL_CALL_VMMR0_SIZE(cbVMMReq));
+        pReq->Hdr.u32Cookie = g_u32Cookie;
+        pReq->Hdr.u32SessionCookie = g_u32SessionCookie;
+        pReq->Hdr.cbIn = SUP_IOCTL_CALL_VMMR0_SIZE_IN(cbVMMReq);
+        pReq->Hdr.cbOut = SUP_IOCTL_CALL_VMMR0_SIZE_OUT(cbVMMReq);
+        pReq->Hdr.fFlags = SUPREQHDR_FLAGS_DEFAULT;
+        pReq->Hdr.rc = VERR_INTERNAL_ERROR;
+        pReq->u.In.pVMR0 = pVMR0;
+        pReq->u.In.uOperation = uOperation;
+        pReq->u.In.uArg = 0;
+        memcpy(&pReq->abReqPkt[0], pvVMMReq, cbVMMReq);
+        rc = suplibOsIOCtl(SUP_IOCTL_CALL_VMMR0(cbVMMReq), pReq, SUP_IOCTL_CALL_VMMR0_SIZE(cbVMMReq));
+        if (RT_SUCCESS(rc))
+            rc = pReq->Hdr.rc;
+        memcpy(pvVMMReq, &pReq->abReqPkt[0], cbVMMReq);
+    }
+    else /** @todo may have to remove the size limits one this request... */
+        AssertMsgFailedReturn(("cbVMMReq=%#x\n", cbVMMReq), VERR_INTERNAL_ERROR);
     return rc;
+}
 …
         return suplibOSIOCtlFast(SUP_IOCTL_FAST_DO_HWACC_RUN);
+    }
     if (uOperation == VMMR0_DO_NOP)
+    if (RT_LIKELY(uOperation == VMMR0_DO_NOP))
+    {
         Assert(!pvArg);
         return suplibOSIOCtlFast(SUP_IOCTL_FAST_DO_NOP);
+    }
     return SUPCallVMMR0Ex(pVMR0, uOperation, pvArg, pvArg ? sizeof(pvArg) : 0);
+    AssertMsgFailedReturn(("uOperation=%#x\n", uOperation), VERR_INTERNAL_ERROR);
 #endif
+}
 …
 SUPR3DECL(int) SUPSetVMForFastIOCtl(PVMR0 pVMR0)
+{
+    SUPSETVMFORFAST_IN In;
+    In.u32Cookie        = g_u32Cookie;
+    In.u32SessionCookie = g_u32SessionCookie;
+    In.pVMR0            = pVMR0;
+    int rc;
+    if (RT_LIKELY(!g_u32FakeMode))
+        rc = suplibOsIOCtl(SUP_IOCTL_SET_VM_FOR_FAST, &In, sizeof(In), NULL, 0);
+    else
+        rc = VINF_SUCCESS;
+    if (RT_UNLIKELY(g_u32FakeMode))
+        return VINF_SUCCESS;
+    SUPSETVMFORFAST Req;
+    Req.Hdr.u32Cookie = g_u32Cookie;
+    Req.Hdr.u32SessionCookie = g_u32SessionCookie;
+    Req.Hdr.cbIn = SUP_IOCTL_SET_VM_FOR_FAST_SIZE_IN;
+    Req.Hdr.cbOut = SUP_IOCTL_SET_VM_FOR_FAST_SIZE_OUT;
+    Req.Hdr.fFlags = SUPREQHDR_FLAGS_DEFAULT;
+    Req.Hdr.rc = VERR_INTERNAL_ERROR;
+    Req.u.In.pVMR0 = pVMR0;
+    int rc = suplibOsIOCtl(SUP_IOCTL_SET_VM_FOR_FAST, &Req, SUP_IOCTL_SET_VM_FOR_FAST_SIZE);
+    if (RT_SUCCESS(rc))
+        rc = Req.Hdr.rc;
     return rc;
+}
+SUPR3DECL(int) SUPPageAlloc(size_t cPages, void **ppvPages)
+{
+    /*
+     * Validate.
+     */
+    AssertPtrReturn(ppvPages, VERR_INVALID_POINTER);
+    *ppvPages = NULL;
+    AssertReturn(cPages > 0, VERR_INVALID_PARAMETER);
+#ifdef RT_OS_WINDOWS
+    /*
+     * Temporary hack for windows until we've sorted out the
+     * locked memory that doesn't need to be accessible from kernel space.
+     */
+    return SUPPageAllocLockedEx(cPages, ppvPages, NULL);
+#else
+    /*
+     * Call OS specific worker.
+     */
+    return suplibOsPageAlloc(cPages, ppvPages);
+#endif
+}
+SUPR3DECL(int) SUPPageFree(void *pvPages, size_t cPages)
+{
+    /*
+     * Validate.
+     */
+    AssertPtrReturn(pvPages, VERR_INVALID_POINTER);
+    AssertReturn(cPages > 0, VERR_INVALID_PARAMETER);
+#ifdef RT_OS_WINDOWS
+    /*
+     * Temporary hack for windows, see above.
+     */
+    return SUPPageFreeLocked(pvPages, cPages);
+#else
+    /*
+     * Call OS specific worker.
+     */
+    return suplibOsPageFree(pvPages, cPages);
+#endif
+}
 …
     AssertPtr(paPages);
+    /*
+     * Issue IOCtl to the SUPDRV kernel module.
+     */
+    SUPPINPAGES_IN      In;
+    In.u32Cookie        = g_u32Cookie;
+    In.u32SessionCookie = g_u32SessionCookie;
+    In.pvR3             = pvStart;
+    In.cPages           = cPages; AssertRelease(In.cPages == cPages);
+    int rc;
+    if (!g_u32FakeMode)
+    {
+        PSUPPINPAGES_OUT pOut;
+        AssertCompile(sizeof(paPages[0]) == sizeof(pOut->aPages[0]));
+#if 0
+        size_t cbOut = RT_OFFSETOF(SUPPINPAGES_OUT, aPages[cPages]);
+        pOut = (PSUPPINPAGES_OUT)RTMemTmpAllocZ(cbOut);
+        if (!pOut)
+            return VERR_NO_TMP_MEMORY;
+        rc = suplibOsIOCtl(SUP_IOCTL_PINPAGES, &In, sizeof(In), pOut, cbOut);
+        if (RT_SUCCESS(rc))
+            memcpy(paPages, &pOut->aPages[0], sizeof(paPages[0]) * cPages);
+        RTMemTmpFree(pOut);
+#else
+        /* a hack to save some time. */
+        pOut = (PSUPPINPAGES_OUT)(void*)paPages;
+        Assert(RT_OFFSETOF(SUPPINPAGES_OUT, aPages) == 0 && sizeof(paPages[0]) == sizeof(pOut->aPages[0]));
+        rc = suplibOsIOCtl(SUP_IOCTL_PINPAGES, &In, sizeof(In), pOut, RT_OFFSETOF(SUPPINPAGES_OUT, aPages[cPages]));
+#endif
+    }
+    else
+    {
+        /* fake a successfull result. */
+    /* fake */
+    if (RT_UNLIKELY(g_u32FakeMode))
+    {
         RTHCPHYS    Phys = (uintptr_t)pvStart + PAGE_SIZE * 1024;
         unsigned    iPage = cPages;
         while (iPage-- > 0)
             paPages[iPage].Phys = Phys + (iPage << PAGE_SHIFT);
+        rc = VINF_SUCCESS;
+    }
+        return VINF_SUCCESS;
+    }
+    /*
+     * Issue IOCtl to the SUPDRV kernel module.
+     */
+    int rc;
+    PSUPPAGELOCK pReq = (PSUPPAGELOCK)RTMemTmpAllocZ(SUP_IOCTL_PAGE_LOCK_SIZE(cPages));
+    if (RT_LIKELY(pReq))
+    {
+        pReq->Hdr.u32Cookie = g_u32Cookie;
+        pReq->Hdr.u32SessionCookie = g_u32SessionCookie;
+        pReq->Hdr.cbIn = SUP_IOCTL_PAGE_LOCK_SIZE_IN;
+        pReq->Hdr.cbOut = SUP_IOCTL_PAGE_LOCK_SIZE_OUT(cPages);
+        pReq->Hdr.fFlags = SUPREQHDR_FLAGS_MAGIC | SUPREQHDR_FLAGS_EXTRA_OUT;
+        pReq->Hdr.rc = VERR_INTERNAL_ERROR;
+        pReq->u.In.pvR3 = pvStart;
+        pReq->u.In.cPages = cPages; AssertRelease(pReq->u.In.cPages == cPages);
+        rc = suplibOsIOCtl(SUP_IOCTL_PAGE_LOCK, pReq, SUP_IOCTL_PAGE_LOCK_SIZE(cPages));
+        if (RT_SUCCESS(rc))
+            rc = pReq->Hdr.rc;
+        if (RT_SUCCESS(rc))
+        {
+            for (uint32_t iPage = 0; iPage < cPages; iPage++)
+            {
+                paPages[iPage].uReserved = 0;
+                paPages[iPage].Phys = pReq->u.Out.aPages[iPage];
+                Assert(!(paPages[iPage].Phys & ~X86_PTE_PAE_PG_MASK));
+            }
+        }
+        RTMemTmpFree(pReq);
+    }
+    else
+        rc = VERR_NO_TMP_MEMORY;
     return rc;
 …
     AssertMsg(RT_ALIGN_P(pvStart, PAGE_SIZE) == pvStart, ("pvStart (%p) must be page aligned\n", pvStart));
+    /* fake */
+    if (RT_UNLIKELY(g_u32FakeMode))
+        return VINF_SUCCESS;
     /*
      * Issue IOCtl to the SUPDRV kernel module.
      */
+    SUPUNPINPAGES_IN  In;
+    In.u32Cookie        = g_u32Cookie;
+    In.u32SessionCookie = g_u32SessionCookie;
+    In.pvR3             = pvStart;
+    SUPPAGEUNLOCK Req;
+    Req.Hdr.u32Cookie = g_u32Cookie;
+    Req.Hdr.u32SessionCookie = g_u32SessionCookie;
+    Req.Hdr.cbIn = SUP_IOCTL_PAGE_UNLOCK_SIZE_IN;
+    Req.Hdr.cbOut = SUP_IOCTL_PAGE_UNLOCK_SIZE_OUT;
+    Req.Hdr.fFlags = SUPREQHDR_FLAGS_DEFAULT;
+    Req.Hdr.rc = VERR_INTERNAL_ERROR;
+    Req.u.In.pvR3 = pvStart;
+    int rc = suplibOsIOCtl(SUP_IOCTL_PAGE_UNLOCK, &Req, SUP_IOCTL_PAGE_UNLOCK_SIZE);
+    if (RT_SUCCESS(rc))
+        rc = Req.Hdr.rc;
+    return rc;
+}
+SUPR3DECL(int) SUPPageAllocLocked(size_t cPages, void **ppvPages)
+{
+    return SUPPageAllocLockedEx(cPages, ppvPages, NULL);
+}
+/**
+ * Fallback for SUPPageAllocLockedEx on systems where RTR0MemObjPhysAllocNC isn't supported.
+ */
+static int supPageAllocLockedFallback(size_t cPages, void **ppvPages, PSUPPAGE paPages)
+{
+    int rc = suplibOsPageAlloc(cPages, ppvPages);
+    if (RT_SUCCESS(rc))
+    {
+        if (!paPages)
+            paPages = (PSUPPAGE)alloca(sizeof(paPages[0]) * cPages);
+        rc = SUPPageLock(*ppvPages, cPages, paPages);
+        if (RT_FAILURE(rc))
+            suplibOsPageFree(*ppvPages, cPages);
+    }
+    return rc;
+}
+SUPR3DECL(int) SUPPageAllocLockedEx(size_t cPages, void **ppvPages, PSUPPAGE paPages)
+{
+    /*
+     * Validate.
+     */
+    AssertPtrReturn(ppvPages, VERR_INVALID_POINTER);
+    *ppvPages = NULL;
+    AssertReturn(cPages > 0, VERR_INVALID_PARAMETER);
+    /* fake */
+    if (RT_UNLIKELY(g_u32FakeMode))
+    {
+        *ppvPages = RTMemPageAllocZ((size_t)cPages * PAGE_SIZE);
+        if (!*ppvPages)
+            return VERR_NO_MEMORY;
+        if (paPages)
+            for (size_t iPage = 0; iPage < cPages; iPage++)
+            {
+                paPages[iPage].uReserved = 0;
+                paPages[iPage].Phys = (iPage + 1234) << PAGE_SHIFT;
+                Assert(!(paPages[iPage].Phys & ~X86_PTE_PAE_PG_MASK));
+            }
+        return VINF_SUCCESS;
+    }
+    /* use fallback? */
+    if (!g_fSupportsPageAllocLocked)
+        return supPageAllocLockedFallback(cPages, ppvPages, paPages);
+    /*
+     * Issue IOCtl to the SUPDRV kernel module.
+     */
     int rc;
+    if (!g_u32FakeMode)
+        rc = suplibOsIOCtl(SUP_IOCTL_UNPINPAGES, &In, sizeof(In), NULL, 0);
+    PSUPPAGEALLOC pReq = (PSUPPAGEALLOC)RTMemTmpAllocZ(SUP_IOCTL_PAGE_ALLOC_SIZE(cPages));
+    if (pReq)
+    {
+        pReq->Hdr.u32Cookie = g_u32Cookie;
+        pReq->Hdr.u32SessionCookie = g_u32SessionCookie;
+        pReq->Hdr.cbIn = SUP_IOCTL_PAGE_ALLOC_SIZE_IN;
+        pReq->Hdr.cbOut = SUP_IOCTL_PAGE_ALLOC_SIZE_OUT(cPages);
+        pReq->Hdr.fFlags = SUPREQHDR_FLAGS_MAGIC | SUPREQHDR_FLAGS_EXTRA_OUT;
+        pReq->Hdr.rc = VERR_INTERNAL_ERROR;
+        pReq->u.In.cPages = cPages; AssertRelease(pReq->u.In.cPages == cPages);
+        rc = suplibOsIOCtl(SUP_IOCTL_PAGE_ALLOC, pReq, SUP_IOCTL_PAGE_ALLOC_SIZE(cPages));
+        if (RT_SUCCESS(rc))
+        {
+            rc = pReq->Hdr.rc;
+            if (RT_SUCCESS(rc))
+            {
+                *ppvPages = pReq->u.Out.pvR3;
+                if (paPages)
+                    for (size_t iPage = 0; iPage < cPages; iPage++)
+                    {
+                        paPages[iPage].uReserved = 0;
+                        paPages[iPage].Phys = pReq->u.Out.aPages[iPage];
+                        Assert(!(paPages[iPage].Phys & ~X86_PTE_PAE_PG_MASK));
+                    }
+            }
+            else if (rc == VERR_NOT_SUPPORTED)
+            {
+                g_fSupportsPageAllocLocked = false;
+                rc = supPageAllocLockedFallback(cPages, ppvPages, paPages);
+            }
+        }
+        RTMemTmpFree(pReq);
+    }
     else
+        rc = VINF_SUCCESS;
+        rc = VERR_NO_TMP_MEMORY;
     return rc;
+}
+SUPR3DECL(int) SUPPageFreeLocked(void *pvPages, size_t cPages)
+{
+    /*
+     * Validate.
+     */
+    AssertPtrReturn(pvPages, VERR_INVALID_POINTER);
+    AssertReturn(cPages > 0, VERR_INVALID_PARAMETER);
+    /* fake */
+    if (RT_UNLIKELY(g_u32FakeMode))
+    {
+        RTMemPageFree(pvPages);
+        return VINF_SUCCESS;
+    }
+    /*
+     * Issue IOCtl to the SUPDRV kernel module.
+     */
+    int rc;
+    if (g_fSupportsPageAllocLocked)
+    {
+        SUPPAGEFREE Req;
+        Req.Hdr.u32Cookie = g_u32Cookie;
+        Req.Hdr.u32SessionCookie = g_u32SessionCookie;
+        Req.Hdr.cbIn = SUP_IOCTL_PAGE_FREE_SIZE_IN;
+        Req.Hdr.cbOut = SUP_IOCTL_PAGE_FREE_SIZE_OUT;
+        Req.Hdr.fFlags = SUPREQHDR_FLAGS_DEFAULT;
+        Req.Hdr.rc = VERR_INTERNAL_ERROR;
+        Req.u.In.pvR3 = pvPages;
+        rc = suplibOsIOCtl(SUP_IOCTL_PAGE_FREE, &Req, SUP_IOCTL_PAGE_FREE_SIZE);
+        if (RT_SUCCESS(rc))
+            rc = Req.Hdr.rc;
+    }
+    else
+    {
+        /* fallback */
+        rc = SUPPageUnlock(pvPages);
+        if (RT_SUCCESS(rc))
+            rc = suplibOsPageFree(pvPages, cPages);
+    }
+    return rc;
+}
 SUPR3DECL(void *) SUPContAlloc(size_t cPages, PRTHCPHYS pHCPhys)
+{
 …
      * Validate.
      */
+    AssertMsg(cPages > 0 && cPages < 256, ("cPages=%d must be > 0 and < 256\n", cPages));
+    AssertPtr(pHCPhys);
+    AssertPtrReturn(pHCPhys, NULL);
     *pHCPhys = NIL_RTHCPHYS;
     AssertPtrNull(pR0Ptr);
+    AssertPtrNullReturn(pR0Ptr, NULL);
     if (pR0Ptr)
         *pR0Ptr = NIL_RTR0PTR;
+    AssertPtrNullReturn(pHCPhys, NULL);
+    AssertMsgReturn(cPages > 0 && cPages < 256, ("cPages=%d must be > 0 and < 256\n", cPages), NULL);
+    /* fake */
+    if (RT_UNLIKELY(g_u32FakeMode))
+    {
+        void *pv = RTMemPageAllocZ(cPages * PAGE_SIZE);
+        if (pR0Ptr)
+            *pR0Ptr = (RTR0PTR)pv;
+        if (pHCPhys)
+            *pHCPhys = (uintptr_t)pv + (PAGE_SHIFT * 1024);
+        return pv;
+    }
     /*
      * Issue IOCtl to the SUPDRV kernel module.
      */
+    SUPCONTALLOC_IN     In;
+    In.u32Cookie        = g_u32Cookie;
+    In.u32SessionCookie = g_u32SessionCookie;
+    In.cPages           = cPages;
+    SUPCONTALLOC_OUT    Out;
+    int rc;
+    if (!g_u32FakeMode)
+        rc = suplibOsIOCtl(SUP_IOCTL_CONT_ALLOC, &In, sizeof(In), &Out, sizeof(Out));
+    else
+    {
+        rc = SUPPageAlloc(In.cPages, &Out.pvR3);
+        Out.HCPhys = (uintptr_t)Out.pvR3 + (PAGE_SHIFT * 1024);
+        Out.pvR0 = (uintptr_t)Out.pvR3;
+    }
+    if (VBOX_SUCCESS(rc))
+    {
+        *pHCPhys = (RTHCPHYS)Out.HCPhys;
+    SUPCONTALLOC Req;
+    Req.Hdr.u32Cookie = g_u32Cookie;
+    Req.Hdr.u32SessionCookie = g_u32SessionCookie;
+    Req.Hdr.cbIn = SUP_IOCTL_CONT_ALLOC_SIZE_IN;
+    Req.Hdr.cbOut = SUP_IOCTL_CONT_ALLOC_SIZE_OUT;
+    Req.Hdr.fFlags = SUPREQHDR_FLAGS_DEFAULT;
+    Req.Hdr.rc = VERR_INTERNAL_ERROR;
+    Req.u.In.cPages = cPages;
+    int rc = suplibOsIOCtl(SUP_IOCTL_CONT_ALLOC, &Req, SUP_IOCTL_CONT_ALLOC_SIZE);
+    if (    RT_SUCCESS(rc)
+        &&  RT_SUCCESS(Req.Hdr.rc))
+    {
+        *pHCPhys = Req.u.Out.HCPhys;
         if (pR0Ptr)
             *pR0Ptr = Out.pvR0;
         return Out.pvR3;
+            *pR0Ptr = Req.u.Out.pvR0;
+        return Req.u.Out.pvR3;
+    }
 …
      * Validate.
      */
-    AssertPtr(pv);
     if (!pv)
         return VINF_SUCCESS;
+    AssertPtrReturn(pv, VERR_INVALID_POINTER);
+    AssertReturn(cPages > 0, VERR_INVALID_PARAMETER);
+    /* fake */
+    if (RT_UNLIKELY(g_u32FakeMode))
+    {
+        RTMemPageFree(pv);
+        return VINF_SUCCESS;
+    }
     /*
      * Issue IOCtl to the SUPDRV kernel module.
      */
+    SUPCONTFREE_IN     In;
+    In.u32Cookie        = g_u32Cookie;
+    In.u32SessionCookie = g_u32SessionCookie;
+    In.pvR3             = pv;
+    SUPCONTFREE Req;
+    Req.Hdr.u32Cookie = g_u32Cookie;
+    Req.Hdr.u32SessionCookie = g_u32SessionCookie;
+    Req.Hdr.cbIn = SUP_IOCTL_CONT_FREE_SIZE_IN;
+    Req.Hdr.cbOut = SUP_IOCTL_CONT_FREE_SIZE_OUT;
+    Req.Hdr.fFlags = SUPREQHDR_FLAGS_DEFAULT;
+    Req.Hdr.rc = VERR_INTERNAL_ERROR;
+    Req.u.In.pvR3 = pv;
+    int rc = suplibOsIOCtl(SUP_IOCTL_CONT_FREE, &Req, SUP_IOCTL_CONT_FREE_SIZE);
+    if (RT_SUCCESS(rc))
+        rc = Req.Hdr.rc;
+    return rc;
+}
+SUPR3DECL(int) SUPLowAlloc(size_t cPages, void **ppvPages, PRTR0PTR ppvPagesR0, PSUPPAGE paPages)
+{
+    /*
+     * Validate.
+     */
+    AssertPtrReturn(ppvPages, VERR_INVALID_POINTER);
+    *ppvPages = NULL;
+    AssertPtrReturn(paPages, VERR_INVALID_POINTER);
+    AssertMsgReturn(cPages > 0 && cPages < 256, ("cPages=%d must be > 0 and < 256\n", cPages), VERR_INVALID_PARAMETER);
+    /* fake */
+    if (RT_UNLIKELY(g_u32FakeMode))
+    {
+        *ppvPages = RTMemPageAllocZ((size_t)cPages * PAGE_SIZE);
+        if (!*ppvPages)
+            return VERR_NO_LOW_MEMORY;
+        /* fake physical addresses. */
+        RTHCPHYS    Phys = (uintptr_t)*ppvPages + PAGE_SIZE * 1024;
+        unsigned    iPage = cPages;
+        while (iPage-- > 0)
+            paPages[iPage].Phys = Phys + (iPage << PAGE_SHIFT);
+        return VINF_SUCCESS;
+    }
+    /*
+     * Issue IOCtl to the SUPDRV kernel module.
+     */
     int rc;
+    if (!g_u32FakeMode)
+        rc = suplibOsIOCtl(SUP_IOCTL_CONT_FREE, &In, sizeof(In), NULL, 0);
+    PSUPLOWALLOC pReq = (PSUPLOWALLOC)RTMemTmpAllocZ(SUP_IOCTL_LOW_ALLOC_SIZE(cPages));
+    if (pReq)
+    {
+        pReq->Hdr.u32Cookie = g_u32Cookie;
+        pReq->Hdr.u32SessionCookie = g_u32SessionCookie;
+        pReq->Hdr.cbIn = SUP_IOCTL_LOW_ALLOC_SIZE_IN;
+        pReq->Hdr.cbOut = SUP_IOCTL_LOW_ALLOC_SIZE_OUT(cPages);
+        pReq->Hdr.fFlags = SUPREQHDR_FLAGS_MAGIC | SUPREQHDR_FLAGS_EXTRA_OUT;
+        pReq->Hdr.rc = VERR_INTERNAL_ERROR;
+        pReq->u.In.cPages = cPages; AssertRelease(pReq->u.In.cPages == cPages);
+        rc = suplibOsIOCtl(SUP_IOCTL_LOW_ALLOC, pReq, SUP_IOCTL_LOW_ALLOC_SIZE(cPages));
+        if (RT_SUCCESS(rc))
+            rc = pReq->Hdr.rc;
+        if (RT_SUCCESS(rc))
+        {
+            *ppvPages = pReq->u.Out.pvR3;
+            if (ppvPagesR0)
+                *ppvPagesR0 = pReq->u.Out.pvR0;
+            if (paPages)
+                for (size_t iPage = 0; iPage < cPages; iPage++)
+                {
+                    paPages[iPage].uReserved = 0;
+                    paPages[iPage].Phys = pReq->u.Out.aPages[iPage];
+                    Assert(!(paPages[iPage].Phys & ~X86_PTE_PAE_PG_MASK));
+                    Assert(paPages[iPage].Phys <= UINT32_C(0xffffff000));
+                }
+        }
+        RTMemTmpFree(pReq);
+    }
     else
         rc = SUPPageFree(pv, cPages);
+        rc = VERR_NO_TMP_MEMORY;
     return rc;
 …
 SUPR3DECL(int) SUPLowAlloc(size_t cPages, void **ppvPages, PRTR0PTR ppvPagesR0, PSUPPAGE paPages)
+SUPR3DECL(int) SUPLowFree(void *pv, size_t cPages)
+{
     /*
      * Validate.
      */
-    AssertMsg(cPages > 0 && cPages < 256, ("cPages=%d must be > 0 and < 256\n", cPages));
-    AssertPtr(ppvPages);
-    *ppvPages = NULL;
-    AssertPtr(paPages);
-    int rc;
-    if (!g_u32FakeMode)
+    {
-        /*
-         * Issue IOCtl to the SUPDRV kernel module.
-         */
-        SUPLOWALLOC_IN      In;
-        In.u32Cookie        = g_u32Cookie;
-        In.u32SessionCookie = g_u32SessionCookie;
-        In.cPages           = cPages;
-        size_t              cbOut = RT_OFFSETOF(SUPLOWALLOC_OUT, aPages[cPages]);
-        PSUPLOWALLOC_OUT    pOut = (PSUPLOWALLOC_OUT)RTMemTmpAllocZ(cbOut);
-        if (pOut)
+        {
-            rc = suplibOsIOCtl(SUP_IOCTL_LOW_ALLOC, &In, sizeof(In), pOut, cbOut);
-            if (VBOX_SUCCESS(rc))
+            {
-                *ppvPages = pOut->pvR3;
-                if (ppvPagesR0)
-                    *ppvPagesR0 = pOut->pvR0;
-                AssertCompile(sizeof(paPages[0]) == sizeof(pOut->aPages[0]));
-                memcpy(paPages, &pOut->aPages[0], sizeof(paPages[0]) * cPages);
-#ifdef VBOX_STRICT
-                for (unsigned i = 0; i < cPages; i++)
-                    AssertReleaseMsg(   paPages[i].Phys <= 0xfffff000
-                                     && !(paPages[i].Phys & PAGE_OFFSET_MASK)
-                                     && paPages[i].Phys > 0,
-                                     ("[%d]=%VHp\n", paPages[i].Phys));
-#endif
+            }
-            RTMemTmpFree(pOut);
+        }
-        else
-            rc = VERR_NO_TMP_MEMORY;
+    }
-    else
+    {
-        rc = SUPPageAlloc(cPages, ppvPages);
-        if (VBOX_SUCCESS(rc))
+        {
-            /* fake physical addresses. */
-            RTHCPHYS    Phys = (uintptr_t)*ppvPages + PAGE_SIZE * 1024;
-            unsigned    iPage = cPages;
-            while (iPage-- > 0)
-                paPages[iPage].Phys = Phys + (iPage << PAGE_SHIFT);
+        }
+    }
-    return rc;
+}
-SUPR3DECL(int) SUPLowFree(void *pv, size_t cPages)
+{
-    /*
-     * Validate.
-     */
-    AssertPtr(pv);
     if (!pv)
         return VINF_SUCCESS;
+    AssertPtrReturn(pv, VERR_INVALID_POINTER);
+    AssertReturn(cPages > 0, VERR_INVALID_PARAMETER);
+    /* fake */
+    if (RT_UNLIKELY(g_u32FakeMode))
+    {
+        RTMemPageFree(pv);
+        return VINF_SUCCESS;
+    }
     /*
      * Issue IOCtl to the SUPDRV kernel module.
      */
+    SUPLOWFREE_IN     In;
+    In.u32Cookie        = g_u32Cookie;
+    In.u32SessionCookie = g_u32SessionCookie;
+    In.pvR3             = pv;
+    int rc;
+    if (!g_u32FakeMode)
+        rc = suplibOsIOCtl(SUP_IOCTL_LOW_FREE, &In, sizeof(In), NULL, 0);
+    else
+        rc = SUPPageFree(pv, cPages);
+    SUPCONTFREE Req;
+    Req.Hdr.u32Cookie = g_u32Cookie;
+    Req.Hdr.u32SessionCookie = g_u32SessionCookie;
+    Req.Hdr.cbIn = SUP_IOCTL_LOW_FREE_SIZE_IN;
+    Req.Hdr.cbOut = SUP_IOCTL_LOW_FREE_SIZE_OUT;
+    Req.Hdr.fFlags = SUPREQHDR_FLAGS_DEFAULT;
+    Req.Hdr.rc = VERR_INTERNAL_ERROR;
+    Req.u.In.pvR3 = pv;
+    int rc = suplibOsIOCtl(SUP_IOCTL_LOW_FREE, &Req, SUP_IOCTL_LOW_FREE_SIZE);
+    if (RT_SUCCESS(rc))
+        rc = Req.Hdr.rc;
     return rc;
+}
-SUPR3DECL(int) SUPPageAlloc(size_t cPages, void **ppvPages)
+{
-    /*
-     * Validate.
-     */
-    if (cPages == 0)
+    {
-        AssertMsgFailed(("Invalid param cPages=0, must be > 0\n"));
-        return VERR_INVALID_PARAMETER;
+    }
-    AssertPtr(ppvPages);
-    if (!ppvPages)
-        return VERR_INVALID_PARAMETER;
-    *ppvPages = NULL;
-#ifdef RT_OS_WINDOWS
-    SUPALLOCPAGE_IN  In;
-    SUPALLOCPAGE_OUT Out;
-    In.u32Cookie        = g_u32Cookie;
-    In.u32SessionCookie = g_u32SessionCookie;
-    In.cPages           = cPages;
-    Out.u32Cookie       = g_u32Cookie;
-    int rc = suplibOsIOCtl(SUP_IOCTL_PAGE_ALLOC, &In, sizeof(In), &Out, sizeof(Out));
-    if (VBOX_SUCCESS(rc))
-        *ppvPages = Out.pvR3;
-    return rc;
-#else
-    /*
-     * Call OS specific worker.
-     */
-    return suplibOsPageAlloc(cPages, ppvPages);
-#endif
+}
-SUPR3DECL(int) SUPPageFree(void *pvPages, size_t cPages)
+{
-    /*
-     * Validate.
-     */
-    AssertPtr(pvPages);
-    if (!pvPages)
-        return VINF_SUCCESS;
-#ifdef RT_OS_WINDOWS
-    SUPFREEPAGE_IN  In;
-    In.u32Cookie        = g_u32Cookie;
-    In.u32SessionCookie = g_u32SessionCookie;
-    In.pvR3             = pvPages;
-    return suplibOsIOCtl(SUP_IOCTL_PAGE_FREE, &In, sizeof(In), NULL, 0);
-#else
-    /*
-     * Call OS specific worker.
-     */
-    return suplibOsPageFree(pvPages, cPages);
-#endif
+}
-SUPR3DECL(int) SUPPageAllocLocked(size_t cPages, void **ppvPages)
+{
-    /*
-     * Validate.
-     */
-    if (cPages == 0)
+    {
-        AssertMsgFailed(("Invalid param cPages=0, must be > 0\n"));
-        return VERR_INVALID_PARAMETER;
+    }
-    AssertPtr(ppvPages);
-    if (!ppvPages)
-        return VERR_INVALID_PARAMETER;
-    *ppvPages = NULL;
-    SUPALLOCPAGE_IN  In;
-    SUPALLOCPAGE_OUT Out;
-    In.u32Cookie        = g_u32Cookie;
-    In.u32SessionCookie = g_u32SessionCookie;
-    In.cPages           = cPages;
-    Out.u32Cookie       = g_u32Cookie;
-    int rc = suplibOsIOCtl(SUP_IOCTL_PAGE_ALLOC, &In, sizeof(In), &Out, sizeof(Out));
-    if (VBOX_SUCCESS(rc))
-        *ppvPages = Out.pvR3;
-    return rc;
+}
-SUPR3DECL(int) SUPPageFreeLocked(void *pvPages, size_t cPages)
+{
-    /*
-     * Validate.
-     */
-    AssertPtr(pvPages);
-    if (!pvPages)
-        return VINF_SUCCESS;
-    SUPFREEPAGE_IN  In;
-    In.u32Cookie        = g_u32Cookie;
-    In.u32SessionCookie = g_u32SessionCookie;
-    In.pvR3             = pvPages;
-    return suplibOsIOCtl(SUP_IOCTL_PAGE_FREE, &In, sizeof(In), NULL, 0);
+}
 …
     int rc = supLoadModule(pszFilename, pszModule, ppvImageBase);
 #ifndef VBOX_WITHOUT_IDT_PATCHING
     if (    VBOX_SUCCESS(rc)
+    if (    RT_SUCCESS(rc)
         &&  !strcmp(pszModule, "VMMR0.r0"))
+    {
         rc = supInstallIDTE();
         if (VBOX_FAILURE(rc))
+        if (RT_FAILURE(rc))
             SUPFreeModule(*ppvImageBase);
+    }
 …
+    {
         /* UNI */
+        SUPIDTINSTALL_IN  In;
+        In.u32Cookie        = g_u32Cookie;
+        In.u32SessionCookie = g_u32SessionCookie;
+        SUPIDTINSTALL_OUT Out = {3};
+        rc = suplibOsIOCtl(SUP_IOCTL_IDT_INSTALL, &In, sizeof(In), &Out, sizeof(Out));
+        if (VBOX_SUCCESS(rc))
+        SUPIDTINSTALL Req;
+        Req.Hdr.u32Cookie = g_u32Cookie;
+        Req.Hdr.u32SessionCookie = g_u32SessionCookie;
+        Req.Hdr.cbIn = SUP_IOCTL_IDT_INSTALL_SIZE_IN;
+        Req.Hdr.cbOut = SUP_IOCTL_IDT_INSTALL_SIZE_OUT;
+        Req.Hdr.fFlags = SUPREQHDR_FLAGS_DEFAULT;
+        Req.Hdr.rc = VERR_INTERNAL_ERROR;
+        rc = suplibOsIOCtl(SUP_IOCTL_IDT_INSTALL, &Req, SUP_IOCTL_IDT_INSTALL_SIZE);
+        if (RT_SUCCESS(rc))
+            rc = Req.Hdr.rc;
+        if (RT_SUCCESS(rc))
+        {
             g_u8Interrupt = Out.u8Idt;
             rc = suplibGenerateCallVMMR0(Out.u8Idt);
+            g_u8Interrupt = Req.u.Out.u8Idt;
+            rc = suplibGenerateCallVMMR0(Req.u.Out.u8Idt);
+        }
+    }
 …
             /* Change CPU */
             int rc2 = RTThreadSetAffinity(u64Mask);
             if (VBOX_FAILURE(rc2))
+            if (RT_FAILURE(rc2))
+            {
                 u64AffMaskPatched &= ~u64Mask;
                 Log(("SUPLoadVMM: Failed to set affinity to cpu no. %d, rc=%Vrc.\n", i, rc2));
+                LogRel(("SUPLoadVMM: Failed to set affinity to cpu no. %d, rc=%Vrc.\n", i, rc2));
                 continue;
+            }
             /* Patch the CPU. */
+            SUPIDTINSTALL_IN  In;
+            In.u32Cookie        = g_u32Cookie;
+            In.u32SessionCookie = g_u32SessionCookie;
+            SUPIDTINSTALL_OUT Out = {3};
+            rc2 = suplibOsIOCtl(SUP_IOCTL_IDT_INSTALL, &In, sizeof(In), &Out, sizeof(Out));
+            if (VBOX_SUCCESS(rc2))
+            SUPIDTINSTALL Req;
+            Req.Hdr.u32Cookie = g_u32Cookie;
+            Req.Hdr.u32SessionCookie = g_u32SessionCookie;
+            Req.Hdr.cbIn = SUP_IOCTL_IDT_INSTALL_SIZE_IN;
+            Req.Hdr.cbOut = SUP_IOCTL_IDT_INSTALL_SIZE_OUT;
+            Req.Hdr.fFlags = SUPREQHDR_FLAGS_DEFAULT;
+            Req.Hdr.rc = VERR_INTERNAL_ERROR;
+            rc2 = suplibOsIOCtl(SUP_IOCTL_IDT_INSTALL, &Req, SUP_IOCTL_IDT_INSTALL_SIZE);
+            if (RT_SUCCESS(rc2))
+                rc2 = Req.Hdr.rc;
+            if (RT_SUCCESS(rc2))
+            {
                 if (!cCpusPatched)
+                {
+                    g_u8Interrupt = Out.u8Idt;
+                    rc2 = suplibGenerateCallVMMR0(Out.u8Idt);
+                    if (VBOX_FAILURE(rc))
+                        rc2 = rc;
+                    g_u8Interrupt = Req.u.Out.u8Idt;
+                    rc2 = suplibGenerateCallVMMR0(Req.u.Out.u8Idt);
+                    if (RT_FAILURE(rc2))
+                    {
+                        LogRel(("suplibGenerateCallVMMR0 failed with rc=%Vrc.\n", i, rc2));
+                        rc = rc2;
+                    }
+                }
                 else
                     Assert(g_u8Interrupt == Out.u8Idt);
+                    Assert(g_u8Interrupt == Req.u.Out.u8Idt);
                 cCpusPatched++;
+            }
 …
+            {
                 Log(("SUPLoadVMM: Failed to patch cpu no. %d, rc=%Vrc.\n", i, rc2));
                 if (VBOX_SUCCESS(rc))
+                LogRel(("SUPLoadVMM: Failed to patch cpu no. %d, rc=%Vrc.\n", i, rc2));
+                if (RT_SUCCESS(rc))
                     rc = rc2;
+            }
 …
         /* Fail if no CPUs was patched! */
         if (VBOX_SUCCESS(rc) && cCpusPatched <= 0)
+        if (RT_SUCCESS(rc) && cCpusPatched <= 0)
             rc = VERR_GENERAL_FAILURE;
         /* Ignore failures if a CPU was patched. */
+        else if (VBOX_FAILURE(rc) && cCpusPatched > 0)
+        {
+            /** @todo add an eventlog/syslog line out this. */
+        else if (RT_FAILURE(rc) && cCpusPatched > 0)
             rc = VINF_SUCCESS;
+        }
         /* Set/restore the thread affinity. */
         if (VBOX_SUCCESS(rc))
+        if (RT_SUCCESS(rc))
+        {
             rc = RTThreadSetAffinity(u64AffMaskPatched);
 …
     /* iterate the function table. */
     int c = g_pFunctions->cFunctions;
     PSUPFUNC pFunc = &g_pFunctions->aFunctions[0];
+    int c = g_pFunctions->u.Out.cFunctions;
+    PSUPFUNC pFunc = &g_pFunctions->u.Out.aFunctions[0];
     while (c-- > 0)
+    {
 …
      * Despair.
      */
     c = g_pFunctions->cFunctions;
     pFunc = &g_pFunctions->aFunctions[0];
+    c = g_pFunctions->u.Out.cFunctions;
+    pFunc = &g_pFunctions->u.Out.aFunctions[0];
     while (c-- > 0)
+    {
         AssertMsg2("%d: %s\n", g_pFunctions->cFunctions - c, pFunc->szName);
+        AssertMsg2("%d: %s\n", g_pFunctions->u.Out.cFunctions - c, pFunc->szName);
         pFunc++;
+    }
 …
     AssertPtrReturn(pszModule, VERR_INVALID_PARAMETER);
     AssertPtrReturn(ppvImageBase, VERR_INVALID_PARAMETER);
     AssertReturn(strlen(pszModule) < SIZEOFMEMB(SUPLDROPEN_IN, szName), VERR_FILENAME_TOO_LONG);
+    AssertReturn(strlen(pszModule) < RT_SIZEOFMEMB(SUPLDROPEN, u.In.szName), VERR_FILENAME_TOO_LONG);
     const bool fIsVMMR0 = !strcmp(pszModule, "VMMR0.r0");
 …
     RTLDRMOD hLdrMod;
     int rc = RTLdrOpen(pszFilename, &hLdrMod);
     if (!VBOX_SUCCESS(rc))
+    if (!RT_SUCCESS(rc))
         return rc;
 …
     CalcArgs.cbImage = RTLdrSize(hLdrMod);
     rc = RTLdrEnumSymbols(hLdrMod, 0, NULL, 0, supLoadModuleCalcSizeCB, &CalcArgs);
     if (VBOX_SUCCESS(rc))
+    if (RT_SUCCESS(rc))
+    {
         const uint32_t  offSymTab = RT_ALIGN_32(CalcArgs.cbImage, 8);
 …
          * Open the R0 image.
          */
+        SUPLDROPEN_IN OpenIn;
+        OpenIn.u32Cookie        = g_u32Cookie;
+        OpenIn.u32SessionCookie = g_u32SessionCookie;
+        OpenIn.cbImage          = cbImage;
+        strcpy(OpenIn.szName, pszModule);
+        SUPLDROPEN_OUT OpenOut;
+        SUPLDROPEN OpenReq;
+        OpenReq.Hdr.u32Cookie = g_u32Cookie;
+        OpenReq.Hdr.u32SessionCookie = g_u32SessionCookie;
+        OpenReq.Hdr.cbIn = SUP_IOCTL_LDR_OPEN_SIZE_IN;
+        OpenReq.Hdr.cbOut = SUP_IOCTL_LDR_OPEN_SIZE_OUT;
+        OpenReq.Hdr.fFlags = SUPREQHDR_FLAGS_DEFAULT;
+        OpenReq.Hdr.rc = VERR_INTERNAL_ERROR;
+        OpenReq.u.In.cbImage = cbImage;
+        strcpy(OpenReq.u.In.szName, pszModule);
         if (!g_u32FakeMode)
+            rc = suplibOsIOCtl(SUP_IOCTL_LDR_OPEN, &OpenIn, sizeof(OpenIn), &OpenOut, sizeof(OpenOut));
+        {
+            rc = suplibOsIOCtl(SUP_IOCTL_LDR_OPEN, &OpenReq, SUP_IOCTL_LDR_OPEN_SIZE);
+            if (RT_SUCCESS(rc))
+                rc = OpenReq.Hdr.rc;
+        }
         else
+        {
             OpenOut.fNeedsLoading = true;
             OpenOut.pvImageBase = 0xef423420;
+            OpenReq.u.Out.fNeedsLoading = true;
+            OpenReq.u.Out.pvImageBase = 0xef423420;
+        }
         *ppvImageBase = (void *)OpenOut.pvImageBase;
         if (    VBOX_SUCCESS(rc)
             &&  OpenOut.fNeedsLoading)
+        *ppvImageBase = (void *)OpenReq.u.Out.pvImageBase;
+        if (    RT_SUCCESS(rc)
+            &&  OpenReq.u.Out.fNeedsLoading)
+        {
             /*
 …
              * Allocate memory for the image bits.
              */
+            unsigned        cbIn = RT_OFFSETOF(SUPLDRLOAD_IN, achImage[cbImage]);
+            PSUPLDRLOAD_IN  pIn = (PSUPLDRLOAD_IN)RTMemTmpAlloc(cbIn);
+            if (pIn)
+            PSUPLDRLOAD pLoadReq = (PSUPLDRLOAD)RTMemTmpAlloc(SUP_IOCTL_LDR_LOAD_SIZE(cbImage));
+            if (pLoadReq)
+            {
                 /*
                  * Get the image bits.
                  */
                 rc = RTLdrGetBits(hLdrMod, &pIn->achImage[0], (uintptr_t)OpenOut.pvImageBase,
+                rc = RTLdrGetBits(hLdrMod, &pLoadReq->u.In.achImage[0], (uintptr_t)OpenReq.u.Out.pvImageBase,
                                   supLoadModuleResolveImport, (void *)pszModule);
                 if (VBOX_SUCCESS(rc))
+                if (RT_SUCCESS(rc))
+                {
                     /*
 …
                     RTUINTPTR ModuleTerm = 0;
                     if (fIsVMMR0)
                         rc = RTLdrGetSymbolEx(hLdrMod, &pIn->achImage[0], (uintptr_t)OpenOut.pvImageBase, "VMMR0Entry", &VMMR0Entry);
                     if (VBOX_SUCCESS(rc))
+                        rc = RTLdrGetSymbolEx(hLdrMod, &pLoadReq->u.In.achImage[0], (uintptr_t)OpenReq.u.Out.pvImageBase, "VMMR0Entry", &VMMR0Entry);
+                    if (RT_SUCCESS(rc))
+                    {
                         int rc2 = RTLdrGetSymbolEx(hLdrMod, &pIn->achImage[0], (uintptr_t)OpenOut.pvImageBase, "ModuleInit", &ModuleInit);
                         if (VBOX_FAILURE(rc2))
+                        int rc2 = RTLdrGetSymbolEx(hLdrMod, &pLoadReq->u.In.achImage[0], (uintptr_t)OpenReq.u.Out.pvImageBase, "ModuleInit", &ModuleInit);
+                        if (RT_FAILURE(rc2))
                             ModuleInit = 0;
                         rc2 = RTLdrGetSymbolEx(hLdrMod, &pIn->achImage[0], (uintptr_t)OpenOut.pvImageBase, "ModuleTerm", &ModuleTerm);
                         if (VBOX_FAILURE(rc2))
+                        rc2 = RTLdrGetSymbolEx(hLdrMod, &pLoadReq->u.In.achImage[0], (uintptr_t)OpenReq.u.Out.pvImageBase, "ModuleTerm", &ModuleTerm);
+                        if (RT_FAILURE(rc2))
                             ModuleTerm = 0;
+                    }
                     if (VBOX_SUCCESS(rc))
+                    if (RT_SUCCESS(rc))
+                    {
                         /*
 …
                         SUPLDRCREATETABSARGS CreateArgs;
                         CreateArgs.cbImage = CalcArgs.cbImage;
                         CreateArgs.pSym    = (PSUPLDRSYM)&pIn->achImage[offSymTab];
                         CreateArgs.pszBase =     (char *)&pIn->achImage[offStrTab];
+                        CreateArgs.pSym    = (PSUPLDRSYM)&pLoadReq->u.In.achImage[offSymTab];
+                        CreateArgs.pszBase =     (char *)&pLoadReq->u.In.achImage[offStrTab];
                         CreateArgs.psz     = CreateArgs.pszBase;
                         rc = RTLdrEnumSymbols(hLdrMod, 0, NULL, 0, supLoadModuleCreateTabsCB, &CreateArgs);
                         if (VBOX_SUCCESS(rc))
+                        if (RT_SUCCESS(rc))
+                        {
                             AssertRelease((size_t)(CreateArgs.psz - CreateArgs.pszBase) <= CalcArgs.cbStrings);
                             AssertRelease((size_t)(CreateArgs.pSym - (PSUPLDRSYM)&pIn->achImage[offSymTab]) <= CalcArgs.cSymbols);
+                            AssertRelease((size_t)(CreateArgs.pSym - (PSUPLDRSYM)&pLoadReq->u.In.achImage[offSymTab]) <= CalcArgs.cSymbols);
                             /*
                              * Upload the image.
                              */
+                            pIn->u32Cookie                  = g_u32Cookie;
+                            pIn->u32SessionCookie           = g_u32SessionCookie;
+                            pIn->pfnModuleInit              = (RTR0PTR)ModuleInit;
+                            pIn->pfnModuleTerm              = (RTR0PTR)ModuleTerm;
+                            pLoadReq->Hdr.u32Cookie = g_u32Cookie;
+                            pLoadReq->Hdr.u32SessionCookie = g_u32SessionCookie;
+                            pLoadReq->Hdr.cbIn = SUP_IOCTL_LDR_LOAD_SIZE_IN(cbImage);
+                            pLoadReq->Hdr.cbOut = SUP_IOCTL_LDR_LOAD_SIZE_OUT;
+                            pLoadReq->Hdr.fFlags = SUPREQHDR_FLAGS_MAGIC | SUPREQHDR_FLAGS_EXTRA_IN;
+                            pLoadReq->Hdr.rc = VERR_INTERNAL_ERROR;
+                            pLoadReq->u.In.pfnModuleInit              = (RTR0PTR)ModuleInit;
+                            pLoadReq->u.In.pfnModuleTerm              = (RTR0PTR)ModuleTerm;
                             if (fIsVMMR0)
+                            {
                                 pIn->eEPType                = pIn->EP_VMMR0;
                                 pIn->EP.VMMR0.pvVMMR0       = OpenOut.pvImageBase;
                                 pIn->EP.VMMR0.pvVMMR0Entry  = (RTR0PTR)VMMR0Entry;
+                                pLoadReq->u.In.eEPType                = pLoadReq->u.In.EP_VMMR0;
+                                pLoadReq->u.In.EP.VMMR0.pvVMMR0       = OpenReq.u.Out.pvImageBase;
+                                pLoadReq->u.In.EP.VMMR0.pvVMMR0Entry  = (RTR0PTR)VMMR0Entry;
+                            }
                             else
                                 pIn->eEPType                = pIn->EP_NOTHING;
                             pIn->offStrTab                  = offStrTab;
                             pIn->cbStrTab                   = (uint32_t)CalcArgs.cbStrings;
                             AssertRelease(pIn->cbStrTab == CalcArgs.cbStrings);
                             pIn->offSymbols                 = offSymTab;
                             pIn->cSymbols                   = CalcArgs.cSymbols;
                             pIn->cbImage                    = cbImage;
                             pIn->pvImageBase                = OpenOut.pvImageBase;
+                                pLoadReq->u.In.eEPType                = pLoadReq->u.In.EP_NOTHING;
+                            pLoadReq->u.In.offStrTab                  = offStrTab;
+                            pLoadReq->u.In.cbStrTab                   = (uint32_t)CalcArgs.cbStrings;
+                            AssertRelease(pLoadReq->u.In.cbStrTab == CalcArgs.cbStrings);
+                            pLoadReq->u.In.offSymbols                 = offSymTab;
+                            pLoadReq->u.In.cSymbols                   = CalcArgs.cSymbols;
+                            pLoadReq->u.In.cbImage                    = cbImage;
+                            pLoadReq->u.In.pvImageBase                = OpenReq.u.Out.pvImageBase;
                             if (!g_u32FakeMode)
+                                rc = suplibOsIOCtl(SUP_IOCTL_LDR_LOAD, pIn, cbIn, NULL, 0);
+                            {
+                                rc = suplibOsIOCtl(SUP_IOCTL_LDR_LOAD, pLoadReq, SUP_IOCTL_LDR_LOAD_SIZE(cbImage));
+                                if (RT_SUCCESS(rc))
+                                    rc = pLoadReq->Hdr.rc;
+                            }
                             else
                                 rc = VINF_SUCCESS;
                             if (    VBOX_SUCCESS(rc)
                                 ||  rc == VERR_ALREADY_LOADED /* this is because of a competing process. */
+                            if (    RT_SUCCESS(rc)
+                                ||  rc == VERR_ALREADY_LOADED /* A competing process. */
+                               )
+                            {
                                 if (fIsVMMR0)
                                     g_pvVMMR0 = OpenOut.pvImageBase;
                                 RTMemTmpFree(pIn);
+                                    g_pvVMMR0 = OpenReq.u.Out.pvImageBase;
+                                RTMemTmpFree(pLoadReq);
                                 RTLdrClose(hLdrMod);
                                 return VINF_SUCCESS;
 …
+                    }
+                }
                 RTMemTmpFree(pIn);
+                RTMemTmpFree(pLoadReq);
+            }
             else
+            {
                 AssertMsgFailed(("failed to allocated %d bytes for SUPLDRLOAD_IN structure!\n", cbIn));
+                AssertMsgFailed(("failed to allocated %d bytes for SUPLDRLOAD_IN structure!\n", SUP_IOCTL_LDR_LOAD_SIZE(cbImage)));
                 rc = VERR_NO_TMP_MEMORY;
+            }
+        }
         else if (VBOX_SUCCESS(rc) && fIsVMMR0)
             g_pvVMMR0 = OpenOut.pvImageBase;
+        else if (RT_SUCCESS(rc) && fIsVMMR0)
+            g_pvVMMR0 = OpenReq.u.Out.pvImageBase;
+    }
     RTLdrClose(hLdrMod);
 …
 SUPR3DECL(int) SUPFreeModule(void *pvImageBase)
+{
+    /* fake */
+    if (RT_UNLIKELY(g_u32FakeMode))
+    {
+#ifndef VBOX_WITHOUT_IDT_PATCHING
+        g_u8Interrupt = 3;
+        RTMemExecFree(*(void **)&g_pfnCallVMMR0);
+        g_pfnCallVMMR0 = NULL;
+#endif
+        g_pvVMMR0 = NIL_RTR0PTR;
+        return VINF_SUCCESS;
+    }
+#ifndef VBOX_WITHOUT_IDT_PATCHING
     /*
      * There is one special module. When this is freed we'll
 …
      *      first unload will free it.
      */
+    if ((RTR0PTR)pvImageBase == g_pvVMMR0)
+    {
+        /*
+         * This is the point where we remove the IDT hook. We do
+         * that before unloading the R0 VMM part.
+         */
+        if (g_u32FakeMode)
+        {
+#ifndef VBOX_WITHOUT_IDT_PATCHING
+            g_u8Interrupt = 3;
+            RTMemExecFree(*(void **)&g_pfnCallVMMR0);
+            g_pfnCallVMMR0 = NULL;
+#endif
+            g_pvVMMR0 = NIL_RTR0PTR;
+            return VINF_SUCCESS;
+        }
+#ifndef VBOX_WITHOUT_IDT_PATCHING
+        /*
+         * Uninstall IDT entry.
+         */
+        int rc = 0;
+        if (g_u8Interrupt != 3)
+        {
+            SUPIDTREMOVE_IN  In;
+            In.u32Cookie        = g_u32Cookie;
+            In.u32SessionCookie = g_u32SessionCookie;
+            rc = suplibOsIOCtl(SUP_IOCTL_IDT_REMOVE, &In, sizeof(In), NULL, 0);
+            g_u8Interrupt = 3;
+            RTMemExecFree(*(void **)&g_pfnCallVMMR0);
+            g_pfnCallVMMR0 = NULL;
+        }
+#endif
+    }
+    if (    (RTR0PTR)pvImageBase == g_pvVMMR0
+        &&  g_u8Interrupt != 3)
+    {
+        SUPIDTREMOVE Req;
+        Req.Hdr.u32Cookie = g_u32Cookie;
+        Req.Hdr.u32SessionCookie = g_u32SessionCookie;
+        Req.Hdr.cbIn = SUP_IOCTL_IDT_REMOVE_SIZE_IN;
+        Req.Hdr.cbOut = SUP_IOCTL_IDT_REMOVE_SIZE_OUT;
+        Req.Hdr.fFlags = SUPREQHDR_FLAGS_DEFAULT;
+        Req.Hdr.rc = VERR_INTERNAL_ERROR;
+        int rc = suplibOsIOCtl(SUP_IOCTL_IDT_REMOVE, &Req, SUP_IOCTL_IDT_REMOVE_SIZE);
+        if (RT_SUCCESS(rc))
+            rc = Req.Hdr.rc;
+        AssertRC(rc);
+        g_u8Interrupt = 3;
+        RTMemExecFree(*(void **)&g_pfnCallVMMR0);
+        g_pfnCallVMMR0 = NULL;
+    }
+#endif /* VBOX_WITHOUT_IDT_PATCHING */
     /*
      * Free the requested module.
      */
+    SUPLDRFREE_IN In;
+    In.u32Cookie        = g_u32Cookie;
+    In.u32SessionCookie = g_u32SessionCookie;
+    In.pvImageBase      = (RTR0PTR)pvImageBase;
+    int rc = VINF_SUCCESS;
+    if (!g_u32FakeMode)
+        rc = suplibOsIOCtl(SUP_IOCTL_LDR_FREE, &In, sizeof(In), NULL, 0);
+    if (    VBOX_SUCCESS(rc)
+    SUPLDRFREE Req;
+    Req.Hdr.u32Cookie = g_u32Cookie;
+    Req.Hdr.u32SessionCookie = g_u32SessionCookie;
+    Req.Hdr.cbIn = SUP_IOCTL_LDR_FREE_SIZE_IN;
+    Req.Hdr.cbOut = SUP_IOCTL_LDR_FREE_SIZE_OUT;
+    Req.Hdr.fFlags = SUPREQHDR_FLAGS_DEFAULT;
+    Req.Hdr.rc = VERR_INTERNAL_ERROR;
+    Req.u.In.pvImageBase = (RTR0PTR)pvImageBase;
+    int rc = suplibOsIOCtl(SUP_IOCTL_LDR_FREE, &Req, SUP_IOCTL_LDR_FREE_SIZE);
+    if (RT_SUCCESS(rc))
+        rc = Req.Hdr.rc;
+    if (    RT_SUCCESS(rc)
         &&  (RTR0PTR)pvImageBase == g_pvVMMR0)
         g_pvVMMR0 = NIL_RTR0PTR;
 …
     *ppvValue = NULL;
+    /* fake */
+    if (RT_UNLIKELY(g_u32FakeMode))
+    {
+        *ppvValue = (void *)(uintptr_t)0xdeadf00d;
+        return VINF_SUCCESS;
+    }
     /*
      * Do ioctl.
      */
+    size_t              cchSymbol = strlen(pszSymbol);
+    const size_t        cbIn = RT_OFFSETOF(SUPLDRGETSYMBOL_IN, szSymbol[cchSymbol + 1]);
+    SUPLDRGETSYMBOL_OUT Out = { NIL_RTR0PTR };
+    PSUPLDRGETSYMBOL_IN pIn = (PSUPLDRGETSYMBOL_IN)alloca(cbIn);
+    pIn->u32Cookie        = g_u32Cookie;
+    pIn->u32SessionCookie = g_u32SessionCookie;
+    pIn->pvImageBase      = (RTR0PTR)pvImageBase;
+    memcpy(pIn->szSymbol, pszSymbol, cchSymbol + 1);
+    int rc;
+    if (RT_LIKELY(!g_u32FakeMode))
+        rc = suplibOsIOCtl(SUP_IOCTL_LDR_GET_SYMBOL, pIn, cbIn, &Out, sizeof(Out));
+    else
+    {
+        rc = VINF_SUCCESS;
+        Out.pvSymbol = 0xdeadf00d;
+    }
+    if (VBOX_SUCCESS(rc))
+        *ppvValue = (void *)Out.pvSymbol;
+    SUPLDRGETSYMBOL Req;
+    Req.Hdr.u32Cookie = g_u32Cookie;
+    Req.Hdr.u32SessionCookie = g_u32SessionCookie;
+    Req.Hdr.cbIn = SUP_IOCTL_LDR_GET_SYMBOL_SIZE_IN;
+    Req.Hdr.cbOut = SUP_IOCTL_LDR_GET_SYMBOL_SIZE_OUT;
+    Req.Hdr.fFlags = SUPREQHDR_FLAGS_DEFAULT;
+    Req.Hdr.rc = VERR_INTERNAL_ERROR;
+    Req.u.In.pvImageBase = (RTR0PTR)pvImageBase;
+    size_t cchSymbol = strlen(pszSymbol);
+    if (cchSymbol >= sizeof(Req.u.In.szSymbol))
+        return VERR_SYMBOL_NOT_FOUND;
+    memcpy(Req.u.In.szSymbol, pszSymbol, cchSymbol + 1);
+    int rc = suplibOsIOCtl(SUP_IOCTL_LDR_GET_SYMBOL, &Req, SUP_IOCTL_LDR_GET_SYMBOL_SIZE);
+    if (RT_SUCCESS(rc))
+        rc = Req.Hdr.rc;
+    if (RT_SUCCESS(rc))
+        *ppvValue = (void *)Req.u.Out.pvSymbol;
     return rc;
+}

trunk/src/VBox/HostDrivers/Support/SUPLibInternal.h

-              r4071
+              r4800
 int     suplibOsInit(size_t cbReserve);
 int     suplibOsTerm(void);
 int     suplibOsIOCtl(unsigned uFunction, void *pvIn, size_t cbIn, void *pvOut, size_t cbOut);
+int     suplibOsIOCtl(uintptr_t uFunction, void *pvReq, size_t cbReq);
 #ifdef VBOX_WITHOUT_IDT_PATCHING
 int     suplibOSIOCtlFast(unsigned uFunction);
+int     suplibOSIOCtlFast(uintptr_t uFunction);
 #endif
 int     suplibOsPageAlloc(size_t cPages, void **ppvPages);

trunk/src/VBox/HostDrivers/Support/darwin/SUPDrv-darwin.cpp

-              r4071
+              r4800
     g_iMajorDeviceNo = -1;
+    rc = supdrvDeleteDevExt(&g_DevExt);
+    AssertRC(rc);
+    supdrvDeleteDevExt(&g_DevExt);
     rc = RTSpinlockDestroy(g_Spinlock);
 …
     if (!pSession)
+    {
         OSDBGPRINT(("VBoxSupDrvClose: WHAT?!? pSession == NULL! This must be a mistake... pid=%d (close)\n",
+        OSDBGPRINT(("VBoxSupDrvClose: WHAT?!? pSession == NULL! This must be a mistake... pid=%d (close)\n",
                     (int)Process));
         return EINVAL;
 …
     if (!pSession)
+    {
         OSDBGPRINT(("VBoxSupDrvIOCtl: WHAT?!? pSession == NULL! This must be a mistake... pid=%d iCmd=%#x\n",
+        OSDBGPRINT(("VBoxSupDrvIOCtl: WHAT?!? pSession == NULL! This must be a mistake... pid=%d iCmd=%#x\n",
                     (int)Process, iCmd));
         return EINVAL;

trunk/src/VBox/HostDrivers/Support/darwin/SUPLib-darwin.cpp

-              r4071
+              r4800
-/**
- * Installs anything required by the support library.
+ *
- * @returns 0 on success.
- * @returns error code on failure.
- */
 int suplibOsInstall(void)
+{
-//    int rc = mknod(DEVICE_NAME, S_IFCHR, );
     return VERR_NOT_IMPLEMENTED;
+}
-/**
- * Installs anything required by the support library.
+ *
- * @returns 0 on success.
- * @returns error code on failure.
- */
 int suplibOsUninstall(void)
+{
-//    int rc = unlink(DEVICE_NAME);
     return VERR_NOT_IMPLEMENTED;
+}
+/**
+ * Send a I/O Control request to the device.
+ *
+ * @returns 0 on success.
+ * @returns VBOX error code on failure.
+ * @param   uFunction   IO Control function.
+ * @param   pvIn        Input data buffer.
+ * @param   cbIn        Size of input data.
+ * @param   pvOut       Output data buffer.
+ * @param   cbOut       Size of output data.
+ */
+int suplibOsIOCtl(unsigned uFunction, void *pvIn, size_t cbIn, void *pvOut, size_t cbOut)
+int suplibOsIOCtl(uintptr_t uFunction, void *pvReq, size_t cbReq)
+{
     AssertMsg(g_hDevice != -1, ("SUPLIB not initiated successfully!\n"));
+    /*
+     * Issue device iocontrol.
+     */
+    SUPDRVIOCTLDATA Args;
+    Args.pvIn = pvIn;
+    Args.cbIn = cbIn;
+    Args.pvOut = pvOut;
+    Args.cbOut = cbOut;
+    if (ioctl(g_hDevice, uFunction, &Args) >= 0)
+        return 0;
+    /* This is the reverse operation of the one found in SUPDrv-linux.c */
+    switch (errno)
+    {
+        case EACCES: return VERR_GENERAL_FAILURE;
+        case EINVAL: return VERR_INVALID_PARAMETER;
+        case ENOSYS: return VERR_INVALID_MAGIC;
+        case ENXIO:  return VERR_INVALID_HANDLE;
+        case EFAULT: return VERR_INVALID_POINTER;
+        case ENOLCK: return VERR_LOCK_FAILED;
+        case EEXIST: return VERR_ALREADY_LOADED;
+    }
+    if (RT_LIKELY(ioctl(g_hDevice, uFunction, pvReq) >= 0))
+        return VINF_SUCCESS;
     return RTErrConvertFromErrno(errno);
+}
 #ifdef VBOX_WITHOUT_IDT_PATCHING
 int suplibOSIOCtlFast(unsigned uFunction)
+int suplibOSIOCtlFast(uintptr_t uFunction)
+{
     int rc = ioctl(g_hDevice, uFunction, NULL);
 …
-/**
- * Allocate a number of zero-filled pages in user space.
+ *
- * @returns VBox status code.
- * @param   cPages      Number of pages to allocate.
- * @param   ppvPages    Where to return the base pointer.
- */
 int suplibOsPageAlloc(size_t cPages, void **ppvPages)
+{
 …
-/**
- * Frees pages allocated by suplibOsPageAlloc().
+ *
- * @returns VBox status code.
- * @param   pvPages     Pointer to pages.
- */
 int suplibOsPageFree(void *pvPages, size_t /* cPages */)
+{

trunk/src/VBox/HostDrivers/Support/freebsd/SUPDrv-freebsd.c

-              r4016
+              r4800
+    }
+    rc = supdrvDeleteDevExt(&g_DevExt);
+    AssertRC(rc);
+    supdrvDeleteDevExt(&g_DevExt);
     rc = RTSpinlockDestroy(g_Spinlock);
 …
     cch = RTStrPrintfV(szMsg, sizeof(szMsg), pszFormat, va);
     va_end(va);
     printf("%s", szMsg);

trunk/src/VBox/HostDrivers/Support/freebsd/SUPLib-freebsd.cpp

-              r4071
+              r4800
-/**
- * Installs anything required by the support library.
+ *
- * @returns 0 on success.
- * @returns error code on failure.
- */
 int suplibOsInstall(void)
+{
-//    int rc = mknod(DEVICE_NAME, S_IFCHR, );
     return VERR_NOT_IMPLEMENTED;
+}
-/**
- * Installs anything required by the support library.
+ *
- * @returns 0 on success.
- * @returns error code on failure.
- */
 int suplibOsUninstall(void)
+{
-//    int rc = unlink(DEVICE_NAME);
     return VERR_NOT_IMPLEMENTED;
+}
+/**
+ * Send a I/O Control request to the device.
+ *
+ * @returns 0 on success.
+ * @returns VBOX error code on failure.
+ * @param   uFunction   IO Control function.
+ * @param   pvIn        Input data buffer.
+ * @param   cbIn        Size of input data.
+ * @param   pvOut       Output data buffer.
+ * @param   cbOut       Size of output data.
+ */
+int suplibOsIOCtl(unsigned uFunction, void *pvIn, size_t cbIn, void *pvOut, size_t cbOut)
+int suplibOsIOCtl(uintptr_t uFunction, void *pvReq, size_t cbReq)
+{
     AssertMsg(g_hDevice != -1, ("SUPLIB not initiated successfully!\n"));
-    /*
-     * Issue device iocontrol.
-     */
-    SUPDRVIOCTLDATA Args;
-    Args.pvIn = pvIn;
-    Args.cbIn = cbIn;
-    Args.pvOut = pvOut;
-    Args.cbOut = cbOut;
+    if (ioctl(g_hDevice, uFunction, &Args) >= 0)
+        return 0;
+    /* This is the reverse operation of the one found in SUPDrv-linux.c */
+    switch (errno)
+    {
+        case EACCES: return VERR_GENERAL_FAILURE;
+        case EINVAL: return VERR_INVALID_PARAMETER;
+        case ENOSYS: return VERR_INVALID_MAGIC;
+        case ENXIO:  return VERR_INVALID_HANDLE;
+        case EFAULT: return VERR_INVALID_POINTER;
+        case ENOLCK: return VERR_LOCK_FAILED;
+        case EEXIST: return VERR_ALREADY_LOADED;
+    }
+    if (RT_LIKELY(ioctl((g_hDevice, uFunction, pvReq) >= 0))
+        return VINF_SUCCESS;
     return RTErrConvertFromErrno(errno);
+}
 #ifdef VBOX_WITHOUT_IDT_PATCHING
 int suplibOSIOCtlFast(unsigned uFunction)
+int suplibOSIOCtlFast(uintptr_t uFunction)
+{
     int rc = ioctl(g_hDevice, uFunction, NULL);
 …
-/**
- * Allocate a number of zero-filled pages in user space.
+ *
- * @returns VBox status code.
- * @param   cPages      Number of pages to allocate.
- * @param   ppvPages    Where to return the base pointer.
- */
 int suplibOsPageAlloc(size_t cPages, void **ppvPages)
+{
 …
-/**
- * Frees pages allocated by suplibOsPageAlloc().
+ *
- * @returns VBox status code.
- * @param   pvPages     Pointer to pages.
- */
 int suplibOsPageFree(void *pvPages, size_t /* cPages */)
+{

trunk/src/VBox/HostDrivers/Support/linux/SUPDrv-linux.c

-              r4791
+              r4800
 #endif
+#include <iprt/mem.h>
 /* devfs defines */
 #if defined(CONFIG_DEVFS_FS) && !defined(CONFIG_VBOXDRV_AS_MISC)
 …
  * Device extention & session data association structure.
  */
 static SUPDRVDEVEXT     g_DevExt;
+static SUPDRVDEVEXT         g_DevExt;
 /** Timer structure for the GIP update. */
 static struct timer_list g_GipTimer;
+static struct timer_list    g_GipTimer;
 /** Pointer to the page structure for the GIP. */
 struct page            *g_pGipPage;
+struct page                *g_pGipPage;
 /** Registered devfs device handle. */
 #if defined(CONFIG_DEVFS_FS) && !defined(CONFIG_VBOXDRV_AS_MISC)
 # if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 0)
 static void            *g_hDevFsVBoxDrv = NULL;
+static void                *g_hDevFsVBoxDrv = NULL;
 # else
 static devfs_handle_t   g_hDevFsVBoxDrv = NULL;
+static devfs_handle_t       g_hDevFsVBoxDrv = NULL;
 # endif
 #endif
 …
 #ifndef CONFIG_VBOXDRV_AS_MISC
 /** Module major number */
 #define DEVICE_MAJOR   234
+#define DEVICE_MAJOR        234
 /** Saved major device number */
 static int              g_iModuleMajor;
+static int                  g_iModuleMajor;
 #endif /* !CONFIG_VBOXDRV_AS_MISC */
 /** The module name. */
 #define DEVICE_NAME    "vboxdrv"
+#define DEVICE_NAME         "vboxdrv"
 #ifdef RT_ARCH_AMD64
 …
 *   Internal Functions                                                         *
 *******************************************************************************/
 static int      VBoxSupDrvInit(void);
 static void     VBoxSupDrvUnload(void);
 static int      VBoxSupDrvCreate(struct inode *pInode, struct file *pFilp);
 static int      VBoxSupDrvClose(struct inode *pInode, struct file *pFilp);
 static int      VBoxSupDrvDeviceControl(struct inode *pInode, struct file *pFilp,
                                         unsigned int IOCmd, unsigned long IOArg);
+static int      VBoxDrvLinuxInit(void);
+static void     VBoxDrvLinuxUnload(void);
+static int      VBoxDrvLinuxCreate(struct inode *pInode, struct file *pFilp);
+static int      VBoxDrvLinuxClose(struct inode *pInode, struct file *pFilp);
+static int      VBoxDrvLinuxIOCtl(struct inode *pInode, struct file *pFilp, unsigned int uCmd, unsigned long ulArg);
+static int      VBoxDrvLinuxIOCtlSlow(struct inode *pInode, struct file *pFilp, unsigned int uCmd, unsigned long ulArg);
 #ifndef USE_NEW_OS_INTERFACE_FOR_MM
 static RTR3PTR  VBoxSupDrvMapUser(struct page **papPages, unsigned cPages, unsigned fProt, pgprot_t pgFlags);
+static RTR3PTR  VBoxDrvLinuxMapUser(struct page **papPages, unsigned cPages, unsigned fProt, pgprot_t pgFlags);
 #endif /* !USE_NEW_OS_INTERFACE_FOR_MM */
 static int      VBoxSupDrvInitGip(PSUPDRVDEVEXT pDevExt);
 static int      VBoxSupDrvTermGip(PSUPDRVDEVEXT pDevExt);
 static void     VBoxSupGipTimer(unsigned long ulUser);
+static int      VBoxDrvLinuxInitGip(PSUPDRVDEVEXT pDevExt);
+static int      VBoxDrvLinuxTermGip(PSUPDRVDEVEXT pDevExt);
+static void     VBoxDrvLinuxGipTimer(unsigned long ulUser);
 #ifdef CONFIG_SMP
 static void     VBoxSupGipTimerPerCpu(unsigned long ulUser);
 static void     VBoxSupGipResumePerCpu(void *pvUser);
 #endif
 static int      VBoxSupDrvErr2LinuxErr(int);
+static void     VBoxDrvLinuxGipTimerPerCpu(unsigned long ulUser);
+static void     VBoxDrvLinuxGipResumePerCpu(void *pvUser);
+#endif
+static int      VBoxDrvLinuxErr2LinuxErr(int);
 …
+{
     owner:      THIS_MODULE,
     open:       VBoxSupDrvCreate,
     release:    VBoxSupDrvClose,
     ioctl:      VBoxSupDrvDeviceControl,
+    open:       VBoxDrvLinuxCreate,
+    release:    VBoxDrvLinuxClose,
+    ioctl:      VBoxDrvLinuxIOCtl,
 };
 …
  * @returns appropriate status code.
  */
 static int __init VBoxSupDrvInit(void)
+static int __init VBoxDrvLinuxInit(void)
+{
     int                 rc;
 …
                  * Create the GIP page.
                  */
                 rc = VBoxSupDrvInitGip(&g_DevExt);
+                rc = VBoxDrvLinuxInitGip(&g_DevExt);
                 if (!rc)
+                {
 …
  * Unload the module.
  */
 static void __exit VBoxSupDrvUnload(void)
+static void __exit VBoxDrvLinuxUnload(void)
+{
     int                 rc;
     dprintf(("VBoxSupDrvUnload\n"));
+    dprintf(("VBoxDrvLinuxUnload\n"));
     /*
 …
      * Destroy GIP, delete the device extension and terminate IPRT.
      */
     VBoxSupDrvTermGip(&g_DevExt);
+    VBoxDrvLinuxTermGip(&g_DevExt);
     supdrvDeleteDevExt(&g_DevExt);
     RTR0Term();
 …
  * @param   pFilp       Associated file pointer.
  */
 static int VBoxSupDrvCreate(struct inode *pInode, struct file *pFilp)
+static int VBoxDrvLinuxCreate(struct inode *pInode, struct file *pFilp)
+{
     int                 rc;
     PSUPDRVSESSION      pSession;
     dprintf(("VBoxSupDrvCreate: pFilp=%p\n", pFilp));
+    dprintf(("VBoxDrvLinuxCreate: pFilp=%p\n", pFilp));
     /*
 …
+    }
     dprintf(("VBoxSupDrvCreate: g_DevExt=%p pSession=%p rc=%d\n", &g_DevExt, pSession, rc));
+    dprintf(("VBoxDrvLinuxCreate: g_DevExt=%p pSession=%p rc=%d\n", &g_DevExt, pSession, rc));
     pFilp->private_data = pSession;
     return VBoxSupDrvErr2LinuxErr(rc);
+    return VBoxDrvLinuxErr2LinuxErr(rc);
+}
 …
  * @param   pFilp       Associated file pointer.
  */
 static int VBoxSupDrvClose(struct inode *pInode, struct file *pFilp)
+{
     dprintf(("VBoxSupDrvClose: pFilp=%p private_data=%p\n", pFilp, pFilp->private_data));
+static int VBoxDrvLinuxClose(struct inode *pInode, struct file *pFilp)
+{
+    dprintf(("VBoxDrvLinuxClose: pFilp=%p private_data=%p\n", pFilp, pFilp->private_data));
     supdrvCloseSession(&g_DevExt, (PSUPDRVSESSION)pFilp->private_data);
     pFilp->private_data = NULL;
 …
  * @param   pInode      Pointer to inode info structure.
  * @param   pFilp       Associated file pointer.
+ * @param   IOCmd       The function specified to ioctl().
+ * @param   IOArg       The argument specified to ioctl().
+ */
+static int VBoxSupDrvDeviceControl(struct inode *pInode, struct file *pFilp,
+                                   unsigned int IOCmd, unsigned long IOArg)
+ * @param   uCmd        The function specified to ioctl().
+ * @param   ulArg       The argument specified to ioctl().
+ */
+static int VBoxDrvLinuxIOCtl(struct inode *pInode, struct file *pFilp, unsigned int uCmd, unsigned long ulArg)
+{
+#ifdef VBOX_WITHOUT_IDT_PATCHING
+    /*
+     * Deal with the two high-speed IOCtl that takes it's arguments from
+     * the session and iCmd, and only returns a VBox status code.
+     */
+    if (RT_LIKELY(   uCmd == SUP_IOCTL_FAST_DO_RAW_RUN
+                  || uCmd == SUP_IOCTL_FAST_DO_HWACC_RUN
+                  || uCmd == SUP_IOCTL_FAST_DO_NOP))
+        return supdrvIOCtlFast(iCmd, &g_DevExt, (PSUPDRVSESSION)pFilp->private_data);
+#endif
+    return VBoxDrvLinuxIOCtlSlow(pInode, pFilp, uCmd, ulArg);
+}
+/**
+ * Device I/O Control entry point.
+ *
+ * @param   pInode      Pointer to inode info structure.
+ * @param   pFilp       Associated file pointer.
+ * @param   uCmd        The function specified to ioctl().
+ * @param   ulArg       The argument specified to ioctl().
+ */
+static int VBoxDrvLinuxIOCtlSlow(struct inode *pInode, struct file *pFilp, unsigned int uCmd, unsigned long ulArg)
+{
     int                 rc;
+    SUPDRVIOCTLDATA     Args;
+    void               *pvBuf = NULL;
+    int                 cbBuf = 0;
+    unsigned            cbOut = 0;
+    dprintf2(("VBoxSupDrvDeviceControl: pFilp=%p IOCmd=%x IOArg=%p\n", pFilp, IOCmd, (void *)IOArg));
+    /*
+     * Copy ioctl data structure from user space.
+     */
+    if (_IOC_SIZE(IOCmd) != sizeof(SUPDRVIOCTLDATA))
+    {
+        dprintf(("VBoxSupDrvDeviceControl: incorrect input length! cbArgs=%d\n", _IOC_SIZE(IOCmd)));
+    SUPREQHDR           Hdr;
+    PSUPREQHDR          pHdr;
+    uint32_t            cbBuf;
+    dprintf2(("VBoxDrvLinuxIOCtl: pFilp=%p uCmd=%#x ulArg=%p\n", pFilp, uCmd, (void *)ulArg));
+    /*
+     * Read the header.
+     */
+    if (RT_UNLIKELY(copy_from_user(&Hdr, (void *)ulArg, sizeof(Hdr))))
+    {
+        dprintf(("VBoxDrvLinuxIOCtl: copy_from_user(,%#lx,) failed; uCmd=%#x.\n", ulArg, uCmd));
+        return -EFAULT;
+    }
+    if (RT_UNLIKELY((Hdr.fFlags & SUPREQHDR_FLAGS_MAGIC_MASK) != SUPREQHDR_FLAGS_MAGIC))
+    {
+        dprintf(("VBoxDrvLinuxIOCtl: bad header magic %#x; uCmd=%#x\n", Hdr.fFlags & SUPREQHDR_FLAGS_MAGIC_MASK, uCmd));
         return -EINVAL;
+    }
+    if (copy_from_user(&Args, (void *)IOArg, _IOC_SIZE(IOCmd)))
+    {
+        dprintf(("VBoxSupDrvDeviceControl: copy_from_user(&Args) failed.\n"));
+    /*
+     * Buffer the request.
+     */
+    cbBuf = RT_MAX(Hdr.cbIn, Hdr.cbOut);
+    if (RT_UNLIKELY(cbBuf > _1M*16))
+    {
+        dprintf(("VBoxDrvLinuxIOCtl: too big cbBuf=%#x; uCmd=%#x\n", cbBuf, uCmd));
+        return -E2BIG;
+    }
+    if (RT_UNLIKELY(cbBuf != _IOC_SIZE(uCmd) && _IOC_SIZE(uCmd)))
+    {
+        dprintf(("VBoxDrvLinuxIOCtl: bad ioctl cbBuf=%#x _IOC_SIZE=%#x; uCmd=%#x.\n", cbBuf, _IOC_SIZE(uCmd), uCmd));
+        return -EINVAL;
+    }
+    pHdr = RTMemAlloc(cbBuf);
+    if (RT_UNLIKELY(!pHdr))
+    {
+        OSDBGPRINT(("VBoxDrvLinuxIOCtl: failed to allocate buffer of %d bytes for uCmd=%#x.\n", cbBuf, uCmd));
+        return -ENOMEM;
+    }
+    if (RT_UNLIKELY(copy_from_user(pHdr, (void *)ulArg, Hdr.cbIn)))
+    {
+        dprintf(("VBoxDrvLinuxIOCtl: copy_from_user(,%#lx, %#x) failed; uCmd=%#x.\n", ulArg, Hdr.cbIn, uCmd));
+        RTMemFree(pHdr);
         return -EFAULT;
+    }
     /*
+     * Allocate and copy user space input data buffer to kernel space.
+     */
+    if (Args.cbIn > 0 || Args.cbOut > 0)
+    {
+        cbBuf = max(Args.cbIn, Args.cbOut);
+        pvBuf = vmalloc(cbBuf);
+        if (pvBuf == NULL)
+     * Process the IOCtl.
+     */
+    rc = supdrvIOCtl(uCmd, &g_DevExt, (PSUPDRVSESSION)pFilp->private_data, pHdr);
+    /*
+     * Copy ioctl data and output buffer back to user space.
+     */
+    if (RT_LIKELY(!rc))
+    {
+        uint32_t cbOut = pHdr->cbOut;
+        if (RT_UNLIKELY(cbOut > cbBuf))
+        {
             dprintf(("VBoxSupDrvDeviceControl: failed to allocate buffer of %d bytes.\n", cbBuf));
             return -ENOMEM;
+            OSDBGPRINT(("VBoxDrvLinuxIOCtl: too much output! %#x > %#x; uCmd=%#x!\n", cbOut, cbBuf, uCmd));
+            cbOut = cbBuf;
+        }
+        if (copy_from_user(pvBuf, (void *)Args.pvIn, Args.cbIn))
+        if (RT_UNLIKELY(copy_to_user((void *)ulArg, pHdr, cbOut)))
+        {
             dprintf(("VBoxSupDrvDeviceControl: copy_from_user(pvBuf) failed.\n"));
             vfree(pvBuf);
             return -EFAULT;
+            /* this is really bad! */
+            OSDBGPRINT(("VBoxDrvLinuxIOCtl: copy_to_user(%#lx,,%#x); uCmd=%#x!\n", ulArg, cbOut, uCmd));
+            rc = -EFAULT;
+        }
+    }
+    /*
+     * Process the IOCtl.
+     */
+    rc = supdrvIOCtl(IOCmd, &g_DevExt, (PSUPDRVSESSION)pFilp->private_data,
+                     pvBuf, Args.cbIn, pvBuf, Args.cbOut, &cbOut);
+    /*
+     * Copy ioctl data and output buffer back to user space.
+     */
+    if (rc)
+    {
+        dprintf(("VBoxSupDrvDeviceControl: pFilp=%p IOCmd=%x IOArg=%p failed, rc=%d (linux rc=%d)\n",
+                 pFilp, IOCmd, (void *)IOArg, rc, VBoxSupDrvErr2LinuxErr(rc)));
+        rc = VBoxSupDrvErr2LinuxErr(rc);
+    }
+    else if (cbOut > 0)
+    {
+        if (pvBuf != NULL && cbOut <= cbBuf)
+        {
+            if (copy_to_user((void *)Args.pvOut, pvBuf, cbOut))
+            {
+                dprintf(("copy_to_user failed.\n"));
+                rc = -EFAULT;
+            }
+        }
+        else
+        {
+            dprintf(("WHAT!?! supdrvIOCtl messed up! cbOut=%d cbBuf=%d pvBuf=%p\n", cbOut, cbBuf, pvBuf));
+            rc = -EPERM;
+        }
+    }
+    if (pvBuf)
+        vfree(pvBuf);
+    dprintf2(("VBoxSupDrvDeviceControl: returns %d\n", rc));
+    else
+    {
+        dprintf(("VBoxDrvLinuxIOCtl: pFilp=%p uCmd=%#x ulArg=%p failed, rc=%d\n", pFilp, uCmd, (void *)ulArg, rc));
+        rc = -EINVAL;
+    }
+    RTMemFree(pHdr);
+    dprintf2(("VBoxDrvLinuxIOCtl: returns %d\n", rc));
     return rc;
+}
 …
  * @param   cPages      Number of pages.
  */
 static int VBoxSupDrvOrder(unsigned long cPages)
+static int VBoxDrvOrder(unsigned long cPages)
+{
     int             iOrder;
 …
     unsigned    cbAligned = RT_ALIGN(pMem->cb, PAGE_SIZE);
     unsigned    cPages = cbAligned >> PAGE_SHIFT;
     unsigned    cOrder = VBoxSupDrvOrder(cPages);
+    unsigned    cOrder = VBoxDrvOrder(cPages);
     unsigned long ulAddr;
     dma_addr_t  HCPhys;
 …
             MY_CHANGE_PAGE_ATTR(&pMem->u.cont.paPages[iPage], 1, PAGE_KERNEL);
+    }
     __free_pages(pMem->u.cont.paPages, VBoxSupDrvOrder(pMem->u.cont.cPages));
+    __free_pages(pMem->u.cont.paPages, VBoxDrvOrder(pMem->u.cont.cPages));
     pMem->u.cont.cPages = 0;
 …
     const unsigned  cPages = cbAligned >> PAGE_SHIFT;
 #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 4, 22)
     unsigned        cOrder = VBoxSupDrvOrder(cPages);
+    unsigned        cOrder = VBoxDrvOrder(cPages);
     struct page    *paPages;
 #endif
 …
          */
         if (ppvR3)
             *ppvR3 = pMem->pvR3 = VBoxSupDrvMapUser(papPages, cPages, PROT_READ | PROT_WRITE | PROT_EXEC, pgFlags);
+            *ppvR3 = pMem->pvR3 = VBoxDrvLinuxMapUser(papPages, cPages, PROT_READ | PROT_WRITE | PROT_EXEC, pgFlags);
         if (pMem->pvR3 || !ppvR3)
             return 0;
 …
 #else
         if (cPages > 0)
             __free_pages(papPages[0], VBoxSupDrvOrder(cPages));
+            __free_pages(papPages[0], VBoxDrvOrder(cPages));
 #endif
         /* Free the page pointer array. */
 …
  * @param   pgFlags     The page level protection.
  */
 static RTR3PTR VBoxSupDrvMapUser(struct page **papPages, unsigned cPages, unsigned fProt, pgprot_t pgFlags)
+static RTR3PTR VBoxDrvLinuxMapUser(struct page **papPages, unsigned cPages, unsigned fProt, pgprot_t pgFlags)
+{
     int             rc = SUPDRV_ERR_NO_MEMORY;
 …
         /* no, cleanup! */
         if (rc)
             dprintf(("VBoxSupDrvMapUser: remap_[page|pfn]_range failed! rc=%d\n", rc));
+            dprintf(("VBoxDrvLinuxMapUser: remap_[page|pfn]_range failed! rc=%d\n", rc));
         else
             dprintf(("VBoxSupDrvMapUser: find_vma failed!\n"));
+            dprintf(("VBoxDrvLinuxMapUser: find_vma failed!\n"));
         MY_DO_MUNMAP(current->mm, ulAddr, cPages << PAGE_SHIFT);
 …
  * @param   pDevExt     Instance data. GIP stuff may be updated.
  */
 static int VBoxSupDrvInitGip(PSUPDRVDEVEXT pDevExt)
+static int VBoxDrvLinuxInitGip(PSUPDRVDEVEXT pDevExt)
+{
     struct page *pPage;
 …
     unsigned i;
 #endif
     dprintf(("VBoxSupDrvInitGip:\n"));
+    dprintf(("VBoxDrvLinuxInitGip:\n"));
     /*
 …
     if (!pPage)
+    {
         dprintf(("VBoxSupDrvInitGip: failed to allocate the GIP page\n"));
+        dprintf(("VBoxDrvLinuxInitGip: failed to allocate the GIP page\n"));
         return -ENOMEM;
+    }
 …
 #ifdef TICK_NSEC
     pDevExt->u64LastMonotime = (uint64_t)pDevExt->ulLastJiffies * TICK_NSEC;
     dprintf(("VBoxSupDrvInitGIP: TICK_NSEC=%ld HZ=%d jiffies=%ld now=%lld\n",
+    dprintf(("VBoxDrvInitGIP: TICK_NSEC=%ld HZ=%d jiffies=%ld now=%lld\n",
              TICK_NSEC, HZ, pDevExt->ulLastJiffies, pDevExt->u64LastMonotime));
 #else
     pDevExt->u64LastMonotime = (uint64_t)pDevExt->ulLastJiffies * (1000000 / HZ);
     dprintf(("VBoxSupDrvInitGIP: TICK_NSEC=%d HZ=%d jiffies=%ld now=%lld\n",
+    dprintf(("VBoxDrvInitGIP: TICK_NSEC=%d HZ=%d jiffies=%ld now=%lld\n",
              (int)(1000000 / HZ), HZ, pDevExt->ulLastJiffies, pDevExt->u64LastMonotime));
 #endif
 …
     init_timer(&g_GipTimer);
     g_GipTimer.data = (unsigned long)pDevExt;
     g_GipTimer.function = VBoxSupGipTimer;
+    g_GipTimer.function = VBoxDrvLinuxGipTimer;
     g_GipTimer.expires = jiffies;
 #ifdef CONFIG_SMP
 …
         init_timer(&pDevExt->aCPUs[i].Timer);
         pDevExt->aCPUs[i].Timer.data      = i;
         pDevExt->aCPUs[i].Timer.function  = VBoxSupGipTimerPerCpu;
+        pDevExt->aCPUs[i].Timer.function  = VBoxDrvLinuxGipTimerPerCpu;
         pDevExt->aCPUs[i].Timer.expires   = jiffies;
+    }
 …
  * @param   pDevExt     Instance data. GIP stuff may be updated.
  */
 static int VBoxSupDrvTermGip(PSUPDRVDEVEXT pDevExt)
+static int VBoxDrvLinuxTermGip(PSUPDRVDEVEXT pDevExt)
+{
     struct page *pPage;
 …
     unsigned i;
 #endif
     dprintf(("VBoxSupDrvTermGip:\n"));
+    dprintf(("VBoxDrvLinuxTermGip:\n"));
     /*
 …
  * @param   ulUser  The device extension pointer.
  */
 static void     VBoxSupGipTimer(unsigned long ulUser)
+static void     VBoxDrvLinuxGipTimer(unsigned long ulUser)
+{
     PSUPDRVDEVEXT       pDevExt;
 …
  * @param   iTimerCPU     The APIC ID of this timer.
  */
 static void VBoxSupGipTimerPerCpu(unsigned long iTimerCPU)
+static void VBoxDrvLinuxGipTimerPerCpu(unsigned long iTimerCPU)
+{
     PSUPDRVDEVEXT       pDevExt;
 …
+    {
         mod_timer(&g_GipTimer, jiffies);
         smp_call_function(VBoxSupGipResumePerCpu, pDevExt, 0 /* retry */, 1 /* wait */);
+        smp_call_function(VBoxDrvLinuxGipResumePerCpu, pDevExt, 0 /* retry */, 1 /* wait */);
+    }
 #endif
 …
  * @param   pvUser  Pointer to the device instance.
  */
 static void VBoxSupGipResumePerCpu(void *pvUser)
+static void VBoxDrvLinuxGipResumePerCpu(void *pvUser)
+{
     PSUPDRVDEVEXT pDevExt = (PSUPDRVDEVEXT)pvUser;
 …
  * @param   rc  supdrv error code (SUPDRV_ERR_* defines).
  */
 static int     VBoxSupDrvErr2LinuxErr(int rc)
+static int     VBoxDrvLinuxErr2LinuxErr(int rc)
+{
     switch (rc)
 …
 module_init(VBoxSupDrvInit);
 module_exit(VBoxSupDrvUnload);
+module_init(VBoxDrvLinuxInit);
+module_exit(VBoxDrvLinuxUnload);
 MODULE_AUTHOR("innotek GmbH");

trunk/src/VBox/HostDrivers/Support/linux/SUPLib-linux.cpp

-              r4071
+              r4800
  * @returns VBOX error code on failure.
  * @param   uFunction   IO Control function.
+ * @param   pvIn        Input data buffer.
+ * @param   cbIn        Size of input data.
+ * @param   pvOut       Output data buffer.
+ * @param   cbOut       Size of output data.
+ */
+int     suplibOsIOCtl(unsigned uFunction, void *pvIn, size_t cbIn, void *pvOut, size_t cbOut)
+ * @param   pvReq       The request buffer.
+ * @param   cbReq       The size of the request buffer.
+ */
+int suplibOsIOCtl(uintptr_t uFunction, void *pvReq, size_t cbReq)
+{
     AssertMsg(g_hDevice != -1, ("SUPLIB not initiated successfully!\n"));
     /*
      * Issue device iocontrol.
      */
+    SUPDRVIOCTLDATA Args;
+    Args.pvIn = pvIn;
+    Args.cbIn = cbIn;
+    Args.pvOut = pvOut;
+    Args.cbOut = cbOut;
+    if (ioctl(g_hDevice, uFunction, &Args) >= 0)
+    if (RT_LIKELY(ioctl(g_hDevice, uFunction, pvReq) >= 0))
         return VINF_SUCCESS;

trunk/src/VBox/HostDrivers/Support/os2/SUPLib-os2.cpp

-              r4071
+              r4800
 int suplibOsIOCtl(unsigned uFunction, void *pvIn, size_t cbIn, void *pvOut, size_t cbOut)
+int suplibOsIOCtl(uintptr_t uFunction, void *pvReq, size_t cbReq)
+{
     AssertMsg(g_hDevice != (HFILE)-1, ("SUPLIB not initiated successfully!\n"));
+    SUPDRVIOCTLDATA Args;
+    Args.pvIn = pvIn;
+    Args.cbIn = cbIn;
+    Args.pvOut = pvOut;
+    Args.cbOut = cbOut;
+    Args.rc = VERR_INTERNAL_ERROR;
+    ULONG cbReturned = sizeof(Args);
+    ULONG cbReturned = sizeof(SUPREQHDR);
     int rc = DosDevIOCtl(g_hDevice, SUP_CTL_CATEGORY, uFunction,
                          &Args, sizeof(Args), &cbReturned,
+                         &cbIn, cbReturned, &cbReturned,
                          NULL, 0, NULL);
     if (RT_LIKELY(rc == NO_ERROR))
+        rc = Args.rc;
+    else
+        rc = RTErrConvertFromOS2(rc);
+    return rc;
+        return VINF_SUCCESS;
+    return RTErrConvertFromOS2(rc);
+}
 #ifdef VBOX_WITHOUT_IDT_PATCHING
 int suplibOSIOCtlFast(unsigned uFunction)
+int suplibOSIOCtlFast(uintptr_t uFunction)
+{
     int32_t rcRet = VERR_INTERNAL_ERROR;

trunk/src/VBox/HostDrivers/Support/solaris/SUPDrv-solaris.c

-              r4717
+              r4800
             break;
+    }
     if (instance >= DEVICE_MAXINSTANCES)
+    {
 …
         return ENXIO;
+    }
     *pDev = makedevice(getmajor(*pDev), instance);
     return VBoxSupDrvErr2SolarisErr(rc);
+}
 …
     if (!pSession)
+    {
         OSDBGPRINT(("VBoxDrvSolarisClose: WHAT?!? pSession == NULL! This must be a mistake... pid=%d (close)\n",
+        OSDBGPRINT(("VBoxDrvSolarisClose: WHAT?!? pSession == NULL! This must be a mistake... pid=%d (close)\n",
                     (int)Process));
         return DDI_FAILURE;
 …
     int instance = 0;
     vbox_devstate_t *pState;
     switch (enmCmd)
+    {
 …
                 return DDI_FAILURE;
+            }
             pState = ddi_get_soft_state(g_pVBoxDrvSolarisState, instance);
             /*
              * Initialize IPRT R0 driver, which internally calls OS-specific r0 init.
 …
             ddi_remove_minor_node(pDip, NULL);
             ddi_soft_state_free(g_pVBoxDrvSolarisState, instance);
+            rc = supdrvDeleteDevExt(&g_DevExt);
+            AssertRC(rc);
+            supdrvDeleteDevExt(&g_DevExt);
             rc = RTSpinlockDestroy(g_Spinlock);
 …
     if (!pSession)
+    {
         OSDBGPRINT(("VBoxSupDrvIOCtl: WHAT?!? pSession == NULL! This must be a mistake... pid=%d iCmd=%#x\n",
+        OSDBGPRINT(("VBoxSupDrvIOCtl: WHAT?!? pSession == NULL! This must be a mistake... pid=%d iCmd=%#x\n",
                     (int)Process, Cmd));
         return EINVAL;
 …
  * @returns Solaris errno.
+ *
+ * @param pSession  The session.
+ * @param Cmd       The IOCtl command.
+ * @param Mode      Information bitfield (for specifying ownership of data)
+ * @param pArgs     Pointer to the kernel copy of the SUPDRVIOCTLDATA buffer.
+ */
+static int VBoxDrvSolarisIOCtlSlow(PSUPDRVSESSION pSession, int Cmd, int Mode, intptr_t pArgs)
+{
+    int                 rc;
+    void               *pvBuf = NULL;
+    unsigned long       cbBuf = 0;
+    unsigned            cbOut = 0;
+    PSUPDRVIOCTLDATA    pArgData = (PSUPDRVIOCTLDATA)pArgs;
+   /*
+     * Allocate and copy user space input data buffer to kernel space.
+     */
+    if (pArgData->cbIn > 0 || pArgData->cbOut > 0)
+    {
+        cbBuf = max(pArgData->cbIn, pArgData->cbOut);
+        pvBuf = RTMemTmpAlloc(cbBuf);
+        if (pvBuf == NULL)
+ * @param   pSession    The session.
+ * @param   Cmd         The IOCtl command.
+ * @param   Mode        Information bitfield (for specifying ownership of data)
+ * @param   iArg        User space address of the request buffer.
+ */
+static int VBoxDrvSolarisIOCtlSlow(PSUPDRVSESSION pSession, int iCmd, int Mode, intptr_t iArg)
+{
+    int         rc;
+    uint32_t    cbBuf = 0;
+    SUPREQHDR   Hdr;
+    PSUPREQHDR  pHdr;
+    /*
+     * Read the header.
+     */
+    rc = ddi_copyin(&Hdr, (void *)iArg, sizeof(Hdr), Mode);
+    if (RT_UNLIKELY(rc))
+    {
+        dprintf(("VBoxDrvSolarisIOCtlSlow: ddi_copyin(,%#lx,) failed; iCmd=%#x. rc=%d\n", iArg, iCmd, rc));
+        return EFAULT;
+    }
+    if (RT_UNLIKELY((Hdr.fFlags & SUPREQHDR_FLAGS_MAGIC_MASK) != SUPREQHDR_FLAGS_MAGIC))
+    {
+        dprintf(("VBoxDrvSolarisIOCtlSlow: bad header magic %#x; iCmd=%#x\n", Hdr.fFlags & SUPREQHDR_FLAGS_MAGIC_MASK, iCmd));
+        return EINVAL;
+    }
+    /*
+     * Buffer the request.
+     */
+    cbBuf = RT_MAX(Hdr.cbIn, Hdr.cbOut);
+    if (RT_UNLIKELY(cbBuf > _1M*16))
+    {
+        dprintf(("VBoxDrvSolarisIOCtlSlow: too big cbBuf=%#x; iCmd=%#x\n", cbBuf, iCmd));
+        return E2BIG;
+    }
+    if (RT_UNLIKELY(cbBuf < sizeof(Hdr)))
+    {
+        dprintf(("VBoxDrvSolarisIOCtlSlow: bad ioctl cbBuf=%#x; iCmd=%#x.\n", cbBuf, iCmd));
+        return EINVAL;
+    }
+    pHdr = RTMemAlloc(cbBuf);
+    if (RT_UNLIKELY(!pHdr))
+    {
+        OSDBGPRINT(("VBoxDrvSolarisIOCtlSlow: failed to allocate buffer of %d bytes for iCmd=%#x.\n", cbBuf, iCmd));
+        return ENOMEM;
+    }
+    rc = ddi_copyin(pHdr, (void *)iArg, cbBuf, Mode);
+    if (RT_UNLIKELY(rc))
+    {
+        dprintf(("VBoxDrvSolarisIOCtlSlow: copy_from_user(,%#lx, %#x) failed; iCmd=%#x. rc=%d\n", iArg, Hdr.cbIn, iCmd, rc));
+        RTMemFree(pHdr);
+        return EFAULT;
+    }
+    /*
+     * Process the IOCtl.
+     */
+    rc = supdrvIOCtl(Cmd, &g_DevExt, pSession, pHdr);
+    /*
+     * Copy ioctl data and output buffer back to user space.
+     */
+    if (RT_LIKELY(!rc))
+    {
+        uint32_t cbOut = pHdr->cbOut;
+        if (RT_UNLIKELY(cbOut > cbBuf))
+        {
             OSDBGPRINT(("VBoxDrvSolarisIOCtlSlow: failed to allocate buffer of %d bytes.\n", cbBuf));
             return ENOMEM;
+            OSDBGPRINT(("VBoxDrvSolarisIOCtlSlow: too much output! %#x > %#x; iCmd=%#x!\n", cbOut, cbBuf, iCmd));
+            cbOut = cbBuf;
+        }
+        rc = ddi_copyin(pArgData->pvIn, pvBuf, pArgData->cbIn, Mode);
+        if (rc != 0)
+        rc = ddi_copyout(pHdr, (void *)iArg, cbOut, Mode);
+        if (RT_UNLIKELY(rc != 0))
+        {
+            OSDBGPRINT(("VBoxDrvSolarisIOCtlSlow: ddi_copyin(%p,%d) failed.\n", pArgData->pvIn, pArgData->cbIn));
+            RTMemTmpFree(pvBuf);
+            return EFAULT;
+            /* this is really bad */
+            OSDBGPRINT(("VBoxDrvSolarisIOCtlSlow: ddi_copyout(,%p,%d) failed. rc=%d\n", (void *)iArg, cbBuf, rc));
+            rc = EFAULT;
+        }
+    }
+    /*
+     * Process the IOCtl.
+     */
+    rc = supdrvIOCtl(Cmd, &g_DevExt, pSession, pvBuf, pArgData->cbIn, pvBuf, pArgData->cbOut, &cbOut);
+    /*
+     * Copy ioctl data and output buffer back to user space.
+     */
+    if (rc != 0)
+        rc = VBoxSupDrvErr2SolarisErr(rc);
+    else if (cbOut > 0)
+    {
+        if (pvBuf != NULL && cbOut <= cbBuf)
+        {
+            rc = ddi_copyout(pvBuf, pArgData->pvOut, cbOut, Mode);
+            if (rc != 0)
+            {
+                OSDBGPRINT(("VBoxDrvSolarisIOCtlSlow: ddi_copyout(,%p,%d) failed.\n", pArgData->pvOut, cbBuf));
+                rc = EFAULT;
+            }
+        }
+        else
+        {
+            OSDBGPRINT(("WHAT!?! supdrvIOCtl messed up! cbOut=%d cbBuf=%d pvBuf=%p\n", cbOut, cbBuf, pvBuf));
+            rc = EPERM;
+        }
+    }
+    if (pvBuf)
+        RTMemTmpFree(pvBuf);
+    else
+        rc = EINVAL;
+    RTMemTmpFree(pHdr);
     return rc;
+}

trunk/src/VBox/HostDrivers/Support/solaris/SUPLib-solaris.cpp

-              r4178
+              r4800
-/**
- * Installs anything required by the support library.
+ *
- * @returns 0 on success.
- * @returns error code on failure.
- */
 int suplibOsInstall(void)
+{
-//    int rc = mknod(DEVICE_NAME, S_IFCHR, );
     return VERR_NOT_IMPLEMENTED;
+}
-/**
- * Installs anything required by the support library.
+ *
- * @returns 0 on success.
- * @returns error code on failure.
- */
 int suplibOsUninstall(void)
+{
-//    int rc = unlink(DEVICE_NAME);
     return VERR_NOT_IMPLEMENTED;
+}
+/**
+ * Send a I/O Control request to the device.
+ *
+ * @returns 0 on success.
+ * @returns VBOX error code on failure.
+ * @param   uFunction   IO Control function.
+ * @param   pvIn        Input data buffer.
+ * @param   cbIn        Size of input data.
+ * @param   pvOut       Output data buffer.
+ * @param   cbOut       Size of output data.
+ */
+int suplibOsIOCtl(unsigned uFunction, void *pvIn, size_t cbIn, void *pvOut, size_t cbOut)
+int suplibOsIOCtl(uintptr_t uFunction, void *pvReq, size_t cbReq)
+{
     AssertMsg(g_hDevice != -1, ("SUPLIB not initiated successfully!\n"));
     /*
      * Issue device iocontrol.
      */
+    SUPDRVIOCTLDATA Args;
+    Args.pvIn = pvIn;
+    Args.cbIn = cbIn;
+    Args.pvOut = pvOut;
+    Args.cbOut = cbOut;
+    if (RT_LIKELY(ioctl(g_hDevice, uFunction, &pvReq) >= 0))
+        return VINF_SUCCESS;
-    if (ioctl(g_hDevice, uFunction, &Args) >= 0)
-        return 0;
     /* This is the reverse operation of the one found in SUPDrv-solaris.c */
     switch (errno)
 …
 #ifdef VBOX_WITHOUT_IDT_PATCHING
 int suplibOSIOCtlFast(unsigned uFunction)
+int suplibOSIOCtlFast(uintptr_t uFunction)
+{
     int rc = ioctl(g_hDevice, uFunction, NULL);
 …
-/**
- * Allocate a number of zero-filled pages in user space.
+ *
- * @returns VBox status code.
- * @param   cPages      Number of pages to allocate.
- * @param   ppvPages    Where to return the base pointer.
- */
 int suplibOsPageAlloc(size_t cPages, void **ppvPages)
+{
 …
-/**
- * Frees pages allocated by suplibOsPageAlloc().
+ *
- * @returns VBox status code.
- * @param   pvPages     Pointer to pages.
- */
 int suplibOsPageFree(void *pvPages, size_t /* cPages */)
+{

trunk/src/VBox/HostDrivers/Support/win/SUPDrv-win.cpp

-              r4755
+              r4800
 *   Internal Functions                                                         *
 *******************************************************************************/
 static void     _stdcall   VBoxSupDrvUnload(PDRIVER_OBJECT pDrvObj);
 static NTSTATUS _stdcall   VBoxSupDrvCreate(PDEVICE_OBJECT pDevObj, PIRP pIrp);
 static NTSTATUS _stdcall   VBoxSupDrvClose(PDEVICE_OBJECT pDevObj, PIRP pIrp);
 static NTSTATUS _stdcall   VBoxSupDrvDeviceControl(PDEVICE_OBJECT pDevObj, PIRP pIrp);
 static int                 VBoxSupDrvDeviceControlSlow(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PIRP pIrp, PIO_STACK_LOCATION pStack);
 static NTSTATUS _stdcall   VBoxSupDrvNotSupportedStub(PDEVICE_OBJECT pDevObj, PIRP pIrp);
 static NTSTATUS            VBoxSupDrvErr2NtStatus(int rc);
 static NTSTATUS            VBoxSupDrvGipInit(PSUPDRVDEVEXT pDevExt);
 static void                VBoxSupDrvGipTerm(PSUPDRVDEVEXT pDevExt);
 static void     _stdcall   VBoxSupDrvGipTimer(IN PKDPC pDpc, IN PVOID pvUser, IN PVOID SystemArgument1, IN PVOID SystemArgument2);
 static void     _stdcall   VBoxSupDrvGipPerCpuDpc(IN PKDPC pDpc, IN PVOID pvUser, IN PVOID SystemArgument1, IN PVOID SystemArgument2);
+static void     _stdcall   VBoxDrvNtUnload(PDRIVER_OBJECT pDrvObj);
+static NTSTATUS _stdcall   VBoxDrvNtCreate(PDEVICE_OBJECT pDevObj, PIRP pIrp);
+static NTSTATUS _stdcall   VBoxDrvNtClose(PDEVICE_OBJECT pDevObj, PIRP pIrp);
+static NTSTATUS _stdcall   VBoxDrvNtDeviceControl(PDEVICE_OBJECT pDevObj, PIRP pIrp);
+static int                 VBoxDrvNtDeviceControlSlow(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PIRP pIrp, PIO_STACK_LOCATION pStack);
+static NTSTATUS _stdcall   VBoxDrvNtNotSupportedStub(PDEVICE_OBJECT pDevObj, PIRP pIrp);
+static NTSTATUS            VBoxDrvNtErr2NtStatus(int rc);
+static NTSTATUS            VBoxDrvNtGipInit(PSUPDRVDEVEXT pDevExt);
+static void                VBoxDrvNtGipTerm(PSUPDRVDEVEXT pDevExt);
+static void     _stdcall   VBoxDrvNtGipTimer(IN PKDPC pDpc, IN PVOID pvUser, IN PVOID SystemArgument1, IN PVOID SystemArgument2);
+static void     _stdcall   VBoxDrvNtGipPerCpuDpc(IN PKDPC pDpc, IN PVOID pvUser, IN PVOID SystemArgument1, IN PVOID SystemArgument2);
 …
                  * Inititalize the GIP.
                  */
                 rc = VBoxSupDrvGipInit(pDevExt);
+                rc = VBoxDrvNtGipInit(pDevExt);
                 if (NT_SUCCESS(rc))
+                {
 …
                      * Setup the driver entry points in pDrvObj.
                      */
                     pDrvObj->DriverUnload                           = VBoxSupDrvUnload;
                     pDrvObj->MajorFunction[IRP_MJ_CREATE]           = VBoxSupDrvCreate;
                     pDrvObj->MajorFunction[IRP_MJ_CLOSE]            = VBoxSupDrvClose;
                     pDrvObj->MajorFunction[IRP_MJ_DEVICE_CONTROL]   = VBoxSupDrvDeviceControl;
                     pDrvObj->MajorFunction[IRP_MJ_READ]             = VBoxSupDrvNotSupportedStub;
                     pDrvObj->MajorFunction[IRP_MJ_WRITE]            = VBoxSupDrvNotSupportedStub;
+                    pDrvObj->DriverUnload                           = VBoxDrvNtUnload;
+                    pDrvObj->MajorFunction[IRP_MJ_CREATE]           = VBoxDrvNtCreate;
+                    pDrvObj->MajorFunction[IRP_MJ_CLOSE]            = VBoxDrvNtClose;
+                    pDrvObj->MajorFunction[IRP_MJ_DEVICE_CONTROL]   = VBoxDrvNtDeviceControl;
+                    pDrvObj->MajorFunction[IRP_MJ_READ]             = VBoxDrvNtNotSupportedStub;
+                    pDrvObj->MajorFunction[IRP_MJ_WRITE]            = VBoxDrvNtNotSupportedStub;
                     /* more? */
                     dprintf(("VBoxDrv::DriverEntry   returning STATUS_SUCCESS\n"));
                     return STATUS_SUCCESS;
+                }
                 dprintf(("VBoxSupDrvGipInit failed with rc=%#x!\n", rc));
+                dprintf(("VBoxDrvNtGipInit failed with rc=%#x!\n", rc));
                 supdrvDeleteDevExt(pDevExt);
 …
+            {
                 dprintf(("supdrvInitDevExit failed with vrc=%d!\n", vrc));
                 rc = VBoxSupDrvErr2NtStatus(vrc);
+                rc = VBoxDrvNtErr2NtStatus(vrc);
+            }
 …
  * @param   pDrvObj     Driver object.
  */
 void _stdcall VBoxSupDrvUnload(PDRIVER_OBJECT pDrvObj)
+{
     dprintf(("VBoxSupDrvUnload\n"));
+void _stdcall VBoxDrvNtUnload(PDRIVER_OBJECT pDrvObj)
+{
+    dprintf(("VBoxDrvNtUnload\n"));
     PSUPDRVDEVEXT       pDevExt = (PSUPDRVDEVEXT)pDrvObj->DeviceObject->DeviceExtension;
 …
      * Terminate the GIP page and delete the device extension.
      */
     VBoxSupDrvGipTerm(pDevExt);
+    VBoxDrvNtGipTerm(pDevExt);
     supdrvDeleteDevExt(pDevExt);
     IoDeleteDevice(pDrvObj->DeviceObject);
 …
  * @param   pIrp        Request packet.
  */
 NTSTATUS _stdcall VBoxSupDrvCreate(PDEVICE_OBJECT pDevObj, PIRP pIrp)
+{
     dprintf(("VBoxSupDrvCreate\n"));
+NTSTATUS _stdcall VBoxDrvNtCreate(PDEVICE_OBJECT pDevObj, PIRP pIrp)
+{
+    dprintf(("VBoxDrvNtCreate\n"));
     PIO_STACK_LOCATION  pStack = IoGetCurrentIrpStackLocation(pIrp);
     PFILE_OBJECT        pFileObj = pStack->FileObject;
 …
+    }
     NTSTATUS    rcNt = pIrp->IoStatus.Status = VBoxSupDrvErr2NtStatus(rc);
+    NTSTATUS    rcNt = pIrp->IoStatus.Status = VBoxDrvNtErr2NtStatus(rc);
     pIrp->IoStatus.Information  = 0;
     IoCompleteRequest(pIrp, IO_NO_INCREMENT);
 …
  * @param   pIrp        Request packet.
  */
 NTSTATUS _stdcall VBoxSupDrvClose(PDEVICE_OBJECT pDevObj, PIRP pIrp)
+NTSTATUS _stdcall VBoxDrvNtClose(PDEVICE_OBJECT pDevObj, PIRP pIrp)
+{
     PSUPDRVDEVEXT       pDevExt = (PSUPDRVDEVEXT)pDevObj->DeviceExtension;
     PIO_STACK_LOCATION  pStack = IoGetCurrentIrpStackLocation(pIrp);
     PFILE_OBJECT        pFileObj = pStack->FileObject;
     dprintf(("VBoxSupDrvClose: pDevExt=%p pFileObj=%p pSession=%p\n",
+    dprintf(("VBoxDrvNtClose: pDevExt=%p pFileObj=%p pSession=%p\n",
              pDevExt, pFileObj, pFileObj->FsContext));
     supdrvCloseSession(pDevExt, (PSUPDRVSESSION)pFileObj->FsContext);
 …
  * @param   pIrp        Request packet.
  */
 NTSTATUS _stdcall VBoxSupDrvDeviceControl(PDEVICE_OBJECT pDevObj, PIRP pIrp)
+NTSTATUS _stdcall VBoxDrvNtDeviceControl(PDEVICE_OBJECT pDevObj, PIRP pIrp)
+{
     PSUPDRVDEVEXT       pDevExt = (PSUPDRVDEVEXT)pDevObj->DeviceExtension;
 …
 #endif /* VBOX_WITHOUT_IDT_PATCHING */
     return VBoxSupDrvDeviceControlSlow(pDevExt, pSession, pIrp, pStack);
+}
 /**
  * Worker for VBoxSupDrvDeviceControl that takes the slow IOCtl functions.
+    return VBoxDrvNtDeviceControlSlow(pDevExt, pSession, pIrp, pStack);
+}
+/**
+ * Worker for VBoxDrvNtDeviceControl that takes the slow IOCtl functions.
+ *
  * @returns NT status code.
 …
  * @param   pStack      The stack location containing the DeviceControl parameters.
  */
 static int VBoxSupDrvDeviceControlSlow(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PIRP pIrp, PIO_STACK_LOCATION pStack)
+{
     NTSTATUS    rcNt = STATUS_NOT_SUPPORTED;
+static int VBoxDrvNtDeviceControlSlow(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, PIRP pIrp, PIO_STACK_LOCATION pStack)
+{
+    NTSTATUS    rcNt;
     unsigned    cbOut = 0;
     int         rc = 0;
     dprintf2(("VBoxSupDrvDeviceControlSlow(%p,%p): ioctl=%#x pBuf=%p cbIn=%#x cbOut=%#x pSession=%p\n",
+    dprintf2(("VBoxDrvNtDeviceControlSlow(%p,%p): ioctl=%#x pBuf=%p cbIn=%#x cbOut=%#x pSession=%p\n",
              pDevExt, pIrp, pStack->Parameters.DeviceIoControl.IoControlCode,
              pIrp->AssociatedIrp.SystemBuffer, pStack->Parameters.DeviceIoControl.InputBufferLength,
 …
         if ((pStack->Parameters.DeviceIoControl.IoControlCode & 0x3) == METHOD_BUFFERED)
+        {
+            char *pBuf = (char *)pIrp->AssociatedIrp.SystemBuffer;
+            /*
+             * Do the job.
+             */
+            rc = supdrvIOCtl(pStack->Parameters.DeviceIoControl.IoControlCode, pDevExt, pSession,
+                             pBuf, pStack->Parameters.DeviceIoControl.InputBufferLength,
+                             pBuf, pStack->Parameters.DeviceIoControl.OutputBufferLength,
+                             &cbOut);
+            rcNt = VBoxSupDrvErr2NtStatus(rc);
+            /* sanity check. */
+            AssertMsg(cbOut <= pStack->Parameters.DeviceIoControl.OutputBufferLength,
+                      ("cbOut is too large! cbOut=%d max=%d! ioctl=%#x\n",
+                       cbOut, pStack->Parameters.DeviceIoControl.OutputBufferLength,
+                       pStack->Parameters.DeviceIoControl.IoControlCode));
+            if (cbOut > pStack->Parameters.DeviceIoControl.OutputBufferLength)
+                cbOut = pStack->Parameters.DeviceIoControl.OutputBufferLength;
+            dprintf2(("VBoxSupDrvDeviceControlSlow: returns %#x cbOut=%d rc=%#x\n", rcNt, cbOut, rc));
+            /* Verify that the sizes in the request header are correct. */
+            PSUPREQHDR pHdr = (PSUPREQHDR)pIrp->AssociatedIrp.SystemBuffer;
+            if (    pStack->Parameters.DeviceIoControl.InputBufferLength >= sizeof(*pHdr)
+                &&  pStack->Parameters.DeviceIoControl.InputBufferLength ==  pHdr->cbIn
+                &&  pStack->Parameters.DeviceIoControl.OutputBufferLength ==  pHdr->cbOut)
+            {
+                /*
+                 * Do the job.
+                 */
+                rc = supdrvIOCtl(pStack->Parameters.DeviceIoControl.IoControlCode, pDevExt, pSession, pHdr);
+                if (!rc)
+                {
+                    rcNt = STATUS_SUCCESS;
+                    cbOut = pHdr->cbOut;
+                    if (cbOut > pStack->Parameters.DeviceIoControl.OutputBufferLength)
+                    {
+                        cbOut = pStack->Parameters.DeviceIoControl.OutputBufferLength;
+                        OSDBGPRINT(("VBoxDrvLinuxIOCtl: too much output! %#x > %#x; uCmd=%#x!\n",
+                                    pHdr->cbOut, cbOut, pStack->Parameters.DeviceIoControl.IoControlCode));
+                    }
+                }
+                else
+                    rcNt = STATUS_INVALID_PARAMETER;
+                dprintf2(("VBoxDrvNtDeviceControlSlow: returns %#x cbOut=%d rc=%#x\n", rcNt, cbOut, rc));
+            }
+            else
+            {
+                dprintf(("VBoxDrvNtDeviceControlSlow: Mismatching sizes (%#x) - Hdr=%#lx/%#lx Irp=%#lx/%#lx!\n",
+                         pStack->Parameters.DeviceIoControl.IoControlCode,
+                         pStack->Parameters.DeviceIoControl.InputBufferLength >= sizeof(*pHdr) ? pHdr->cbIn : 0,
+                         pStack->Parameters.DeviceIoControl.InputBufferLength >= sizeof(*pHdr) ? pHdr->cbOut : 0,
+                         pStack->Parameters.DeviceIoControl.InputBufferLength,
+                         pStack->Parameters.DeviceIoControl.OutputBufferLength));
+                rcNt = STATUS_INVALID_PARAMETER;
+            }
+        }
         else
+            dprintf(("VBoxSupDrvDeviceControlSlow: not buffered request (%#x) - not supported\n",
+        {
+            dprintf(("VBoxDrvNtDeviceControlSlow: not buffered request (%#x) - not supported\n",
                      pStack->Parameters.DeviceIoControl.IoControlCode));
+            rcNt = STATUS_NOT_SUPPORTED;
+        }
+    }
 #ifdef RT_ARCH_AMD64
     else
+        dprintf(("VBoxSupDrvDeviceControlSlow: WOW64 req - not supported\n"));
+    {
+        dprintf(("VBoxDrvNtDeviceControlSlow: WOW64 req - not supported\n"));
+        rcNt = STATUS_NOT_SUPPORTED;
+    }
 #endif
     /* complete the request. */
     pIrp->IoStatus.Status = rcNt;
     pIrp->IoStatus.Information = NT_SUCCESS(rcNt) ? cbOut : rc; /* does this rc passing actually work?!? */
+    pIrp->IoStatus.Information = cbOut;
     IoCompleteRequest(pIrp, IO_NO_INCREMENT);
     return rcNt;
 …
  * @param   pIrp        IRP.
  */
 NTSTATUS _stdcall VBoxSupDrvNotSupportedStub(PDEVICE_OBJECT pDevObj, PIRP pIrp)
+{
     dprintf(("VBoxSupDrvNotSupportedStub\n"));
+NTSTATUS _stdcall VBoxDrvNtNotSupportedStub(PDEVICE_OBJECT pDevObj, PIRP pIrp)
+{
+    dprintf(("VBoxDrvNtNotSupportedStub\n"));
     pDevObj = pDevObj;
 …
  * @param   pDevExt     Instance data. GIP stuff may be updated.
  */
 static NTSTATUS VBoxSupDrvGipInit(PSUPDRVDEVEXT pDevExt)
+static NTSTATUS VBoxDrvNtGipInit(PSUPDRVDEVEXT pDevExt)
+{
     dprintf2(("VBoxSupDrvTermGip:\n"));
 …
                  */
                 KeInitializeTimerEx(&pDevExt->GipTimer, SynchronizationTimer);
                 KeInitializeDpc(&pDevExt->GipDpc, VBoxSupDrvGipTimer, pDevExt);
+                KeInitializeDpc(&pDevExt->GipDpc, VBoxDrvNtGipTimer, pDevExt);
                 /*
 …
                 for (unsigned i = 0; i < RT_ELEMENTS(pDevExt->aGipCpuDpcs); i++)
+                {
                     KeInitializeDpc(&pDevExt->aGipCpuDpcs[i], VBoxSupDrvGipPerCpuDpc, pGip);
+                    KeInitializeDpc(&pDevExt->aGipCpuDpcs[i], VBoxDrvNtGipPerCpuDpc, pGip);
                     KeSetImportanceDpc(&pDevExt->aGipCpuDpcs[i], HighImportance);
                     if (pfnKeSetTargetProcessorDpc)
 …
+                }
                 dprintf(("VBoxSupDrvGipInit: ulClockFreq=%ld ulClockInterval=%ld ulClockIntervalActual=%ld Phys=%x%08x\n",
+                dprintf(("VBoxDrvNtGipInit: ulClockFreq=%ld ulClockInterval=%ld ulClockIntervalActual=%ld Phys=%x%08x\n",
                          ulClockFreq, ulClockInterval, ulClockIntervalActual, Phys.HighPart, Phys.LowPart));
                 return STATUS_SUCCESS;
 …
  * @param   pDevExt     Instance data. GIP stuff may be updated.
  */
 static void VBoxSupDrvGipTerm(PSUPDRVDEVEXT pDevExt)
+static void VBoxDrvNtGipTerm(PSUPDRVDEVEXT pDevExt)
+{
     dprintf(("VBoxSupDrvTermGip:\n"));
 …
  * The pvUser parameter is the pDevExt pointer.
  */
 static void _stdcall VBoxSupDrvGipTimer(IN PKDPC pDpc, IN PVOID pvUser, IN PVOID SystemArgument1, IN PVOID SystemArgument2)
+static void _stdcall VBoxDrvNtGipTimer(IN PKDPC pDpc, IN PVOID pvUser, IN PVOID SystemArgument1, IN PVOID SystemArgument2)
+{
     PSUPDRVDEVEXT pDevExt = (PSUPDRVDEVEXT)pvUser;
 …
  * The pvUser parameter is the pGip pointer.
  */
 static void _stdcall VBoxSupDrvGipPerCpuDpc(IN PKDPC pDpc, IN PVOID pvUser, IN PVOID SystemArgument1, IN PVOID SystemArgument2)
+static void _stdcall VBoxDrvNtGipPerCpuDpc(IN PKDPC pDpc, IN PVOID pvUser, IN PVOID SystemArgument1, IN PVOID SystemArgument2)
+{
     PSUPGLOBALINFOPAGE pGip = (PSUPGLOBALINFOPAGE)pvUser;
 …
  * @param   rc  supdrv error code (SUPDRV_ERR_* defines).
  */
 static NTSTATUS     VBoxSupDrvErr2NtStatus(int rc)
+static NTSTATUS     VBoxDrvNtErr2NtStatus(int rc)
+{
     switch (rc)

trunk/src/VBox/HostDrivers/Support/win/SUPLib-win.cpp

-              r4071
+              r4800
 *******************************************************************************/
 #define LOG_GROUP LOG_GROUP_SUP
 #include <windows.h>
+#include <Windows.h>
 #include <VBox/sup.h>
 …
 #include <iprt/string.h>
 #include "SUPLibInternal.h"
+#include "SUPDRVIOC.h"
 …
  * @returns VBOX error code on failure.
  * @param   uFunction   IO Control function.
+ * @param   pvIn        Input data buffer.
+ * @param   cbIn        Size of input data.
+ * @param   pvOut       Output data buffer.
+ * @param   cbOut       Size of output data.
+ */
+int     suplibOsIOCtl(unsigned uFunction, void *pvIn, size_t cbIn, void *pvOut, size_t cbOut)
+ * @param   pvIn        The request buffer.
+ * @param   cbReq       The size of the request buffer.
+ */
+int suplibOsIOCtl(uintptr_t uFunction, void *pvReq, size_t cbReq)
+{
     AssertMsg(g_hDevice != INVALID_HANDLE_VALUE, ("SUPLIB not initiated successfully!\n"));
+    /*
+     * Issue device I/O control.
+     */
+    DWORD cbReturned = (ULONG)cbOut;
+    if (DeviceIoControl(g_hDevice, uFunction, pvIn, (ULONG)cbIn, pvOut, (ULONG)cbOut, &cbReturned, NULL))
+    /*
+     * Issue the device I/O control.
+     */
+    PSUPREQHDR pHdr = (PSUPREQHDR)pvReq;
+    Assert(cbReq == RT_MAX(pHdr->cbIn, pHdr->cbOut));
+    DWORD cbReturned = (ULONG)pHdr->cbOut;
+    if (DeviceIoControl(g_hDevice, uFunction, pvReq, pHdr->cbIn, pvReq, cbReturned, &cbReturned, NULL))
         return 0;
     return suplibConvertWin32Err(GetLastError());
+}

Note: See TracChangeset for help on using the changeset viewer.

Changeset 4800 in vbox for trunk/src/VBox/HostDrivers/Support

Legend:

Download in other formats: