VirtualBox

Browse Source

Changeset 5031 in vbox for trunk/src

Timestamp:

Sep 25, 2007 10:27:37 PM (17 years ago)

Author:

vboxsync

Message:

Use GVMMR3CreateVM. the new GVM structure is a ring-0 only VM structure. the old VM structure is the shared ring-0, ring-3 and GC VM structure.

Location:

Files:

: 1 added
: 9 edited

HostDrivers/Support/SUPDRVShared.c (modified) (1 diff)
HostDrivers/Support/SUPLib.cpp (modified) (1 diff)
HostDrivers/Support/SUPR0.def (modified) (2 diffs)
VMM/PDM.cpp (modified) (1 diff)
VMM/PDMLdr.cpp (modified) (5 diffs)
VMM/VM.cpp (modified) (11 diffs)
VMM/VMEmt.cpp (modified) (1 diff)
VMM/VMMR0/GVMMR0.cpp (modified) (21 diffs)
VMM/VMMR0/GVMMR0Internal.h (added)
VMM/VMMR0/VMMR0.cpp (modified) (5 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/src/VBox/HostDrivers/Support/SUPDRVShared.c

-              r4971
+              r5031
     { "RTMemAllocZ",                            (void *)RTMemAllocZ },
     { "RTMemFree",                              (void *)RTMemFree },
+    /*{ "RTMemDup",                               (void *)RTMemDup },*/
+    { "RTMemRealloc",                           (void *)RTMemRealloc },
+    { "RTR0MemObjAllocLow",                     (void *)RTR0MemObjAllocLow },
+    { "RTR0MemObjAllocPage",                    (void *)RTR0MemObjAllocPage },
+    { "RTR0MemObjAllocPhys",                    (void *)RTR0MemObjAllocPhys },
+    { "RTR0MemObjAllocPhysNC",                  (void *)RTR0MemObjAllocPhysNC },
+    { "RTR0MemObjLockUser",                     (void *)RTR0MemObjLockUser },
+    { "RTR0MemObjMapKernel",                    (void *)RTR0MemObjMapKernel },
+    { "RTR0MemObjMapUser",                      (void *)RTR0MemObjMapUser },
+    { "RTR0MemObjAddress",                      (void *)RTR0MemObjAddress },
+    { "RTR0MemObjAddressR3",                    (void *)RTR0MemObjAddressR3 },
+    { "RTR0MemObjSize",                         (void *)RTR0MemObjSize },
+    { "RTR0MemObjIsMapping",                    (void *)RTR0MemObjIsMapping },
+    { "RTR0MemObjGetPagePhysAddr",              (void *)RTR0MemObjGetPagePhysAddr },
+    { "RTR0MemObjFree",                         (void *)RTR0MemObjFree },
 /* These doesn't work yet on linux - use fast mutexes!
     { "RTSemMutexCreate",                       (void *)RTSemMutexCreate },

trunk/src/VBox/HostDrivers/Support/SUPLib.cpp

r4987	r5031
525	525	{
526	526	AssertPtrReturn(pReqHdr, VERR_INVALID_POINTER);
527		AssertReturn(pReqHdr->u32Magic != SUPVMMR0REQHDR_MAGIC, VERR_INVALID_MAGIC);
	527	AssertReturn(pReqHdr->u32Magic == SUPVMMR0REQHDR_MAGIC, VERR_INVALID_MAGIC);
528	528	const size_t cbReq = pReqHdr->cbReq;
529	529

trunk/src/VBox/HostDrivers/Support/SUPR0.def

-              r4974
+              r5031
 ;  distribution. VirtualBox OSE is distributed in the hope that it will
 ;  be useful, but WITHOUT ANY WARRANTY of any kind.
+;
 LIBRARY SUPR0.dll
 …
     RTMemAllocZ
     RTMemFree
+    RTMemRealloc
+    RTR0MemObjAllocLow
+    RTR0MemObjAllocPage
+    RTR0MemObjAllocPhys
+    RTR0MemObjAllocPhysNC
+    RTR0MemObjLockUser
+    RTR0MemObjMapKernel
+    RTR0MemObjMapUser
+    RTR0MemObjAddress
+    RTR0MemObjAddressR3
+    RTR0MemObjSize
+    RTR0MemObjIsMapping
+    RTR0MemObjGetPagePhysAddr
+    RTR0MemObjFree
     ; broken - RTSemMutexCreate
     ; broken - RTSemMutexRequest

trunk/src/VBox/VMM/PDM.cpp

r4188	r5031
149	149	{
150	150	LogFlow(("PDMR3Init\n"));
	151
151	152	/*
152	153	* Assert alignment and sizes.

trunk/src/VBox/VMM/PDMLdr.cpp

-              r4071
+              r5031
 /**
+ * Loads the VMMR0.r0 module before the VM is created.
+ *
+ * The opqaue VMMR0 module pointer is passed on to PDMR3Init later in
+ * the init process or PDMR3LdrUnloadVMMR0 in case of some init failure before PDMR3Init.
+ *
+ * @returns VBox status code.
+ * @param   ppvOpaque       Where to return the opaque VMMR0.r0 module handle one success.
+ *
+ * @remarks Yes, this is a kind of hacky and should go away. See @todo in VMR3Create.
+ */
+PDMR3DECL(int) PDMR3LdrLoadVMMR0(void **ppvOpaque)
+{
+    *ppvOpaque = NULL;
+    /*
+     * Resolve the filename and allocate the module list node.
+     */
+    char *pszFilename = pdmR3FileR0(VMMR0_MAIN_MODULE_NAME);
+    PPDMMOD pModule = (PPDMMOD)RTMemAllocZ(sizeof(*pModule) + strlen(pszFilename));
+    if (!pModule)
+    {
+        RTMemTmpFree(pszFilename);
+        return VERR_NO_MEMORY;
+    }
+    strcpy(pModule->szName, VMMR0_MAIN_MODULE_NAME);
+    pModule->eType = PDMMOD_TYPE_R0;
+    strcpy(pModule->szFilename, pszFilename);
+    RTMemTmpFree(pszFilename);
+    /*
+     * Ask the support library to load it.
+     */
+    void *pvImageBase;
+    int rc = SUPLoadModule(pModule->szFilename, pModule->szName, &pvImageBase);
+    if (RT_SUCCESS(rc))
+    {
+        pModule->hLdrMod = NIL_RTLDRMOD;
+        pModule->ImageBase = (uintptr_t)pvImageBase;
+        *ppvOpaque = pModule;
+        Log(("PDMR3LdrLoadVMMR0: Loaded %s at %VGvx (%s)\n", pModule->szName, (RTGCPTR)pModule->ImageBase, pModule->szFilename));
+        return VINF_SUCCESS;
+    }
+    LogRel(("PDMR3LdrLoadVMMR0: rc=%Vrc szName=%s szFilename=%s\n", rc, pModule->szName, pModule->szFilename));
+    RTMemFree(pModule);
+    return rc;
+}
+/**
+ * Register the VMMR0.r0 module with the created VM or unload it if
+ * we failed to create the VM (pVM == NULL).
+ *
+ * @param   pVM         The VM pointer. NULL if we failed to create the VM and
+ *                      the module should be unloaded and freed.
+ * @param   pvOpaque    The value returned by PDMR3LDrLoadVMMR0().
+ *
+ * @remarks Yes, this is a kind of hacky and should go away. See @todo in VMR3Create.
+ */
+PDMR3DECL(void) PDMR3LdrLoadVMMR0Part2(PVM pVM, void *pvOpaque)
+{
+    PPDMMOD pModule = (PPDMMOD)pvOpaque;
+    AssertPtrReturnVoid(pModule);
+    if (pVM)
+    {
+        /*
+         * Register the R0 module loaded by PDMR3LdrLoadVMMR0
+         */
+        Assert(!pVM->pdm.s.pModules);
+        pModule->pNext = pVM->pdm.s.pModules;
+        pVM->pdm.s.pModules = pModule;
+    }
+    else
+    {
+        /*
+         * Failed, unload the module.
+         */
+        int rc2 = SUPFreeModule((void *)(uintptr_t)pModule->ImageBase);
+        AssertRC(rc2);
+        pModule->ImageBase = 0;
+        RTMemFree(pvOpaque);
+    }
+}
+/**
  * Init the module loader part of PDM.
+ *
 …
  * @returns VBox stutus code.
  * @param   pVM         VM handle.
+ * @param   pvVMMR0Mod  The opqaue returned by PDMR3LdrLoadVMMR0.
  */
 int pdmR3LdrInit(PVM pVM)
 …
     /*
+     * Load the mandatory R0 and GC modules.
+     */
+    int rc = pdmR3LoadR0(pVM, NULL, "VMMR0.r0");
+    if (VBOX_SUCCESS(rc))
+        rc = PDMR3LoadGC(pVM, NULL, VMMGC_MAIN_MODULE_NAME);
+    return rc;
+     * Load the mandatory GC module, the VMMR0.r0 is loaded before VM creation.
+     */
+    return PDMR3LoadGC(pVM, NULL, VMMGC_MAIN_MODULE_NAME);
 #endif
+}
 /**
 …
         pCur = pCur->pNext;
+    }
+    AssertReturn(!strcmp(pszName, VMMR0_MAIN_MODULE_NAME), VERR_INTERNAL_ERROR);
     /*
 …
     char szPath[RTPATH_MAX];
     int  rc;
     rc = fShared ? RTPathSharedLibs(szPath, sizeof(szPath))
+    rc = fShared ? RTPathSharedLibs(szPath, sizeof(szPath))
                  : RTPathAppPrivateArch(szPath, sizeof(szPath));
     if (!VBOX_SUCCESS(rc))

trunk/src/VBox/VMM/VM.cpp

-              r4958
+              r5031
 #include <VBox/cfgm.h>
 #include <VBox/vmm.h>
+#include <VBox/gvmm.h>
 #include <VBox/mm.h>
 #include <VBox/cpum.h>
 …
     /*
      * Init support library.
+     * Init support library and load the VMMR0.r0 module.
      */
     PSUPDRVSESSION pSession = 0;
 …
     if (VBOX_SUCCESS(rc))
+    {
+        /*
+         * Allocate memory for the VM structure.
+         */
+        PVMR0 pVMR0 = NIL_RTR0PTR;
+        PVM pVM = NULL;
+        const unsigned cPages = RT_ALIGN_Z(sizeof(*pVM), PAGE_SIZE) >> PAGE_SHIFT;
+        PSUPPAGE paPages = (PSUPPAGE)RTMemAllocZ(cPages * sizeof(SUPPAGE));
+        AssertReturn(paPages, VERR_NO_MEMORY);
+        rc = SUPLowAlloc(cPages, (void **)&pVM, &pVMR0, &paPages[0]);
+        if (VBOX_SUCCESS(rc))
+        /** @todo This is isn't very nice, it would be preferrable to move the loader bits
+         * out of the VM structure and into a ring-3 only thing. There's a big deal of the
+         * error path that we now won't unload the VMMR0.r0 module in. This isn't such a
+         * big deal right now, but I'll have to get back to this later. (bird) */
+        void *pvVMMR0Opaque;
+        rc = PDMR3LdrLoadVMMR0(&pvVMMR0Opaque);
+        if (RT_SUCCESS(rc))
+        {
-            Log(("VMR3Create: Allocated pVM=%p pVMR0=%p\n", pVM, pVMR0));
             /*
              * Do basic init of the VM structure.
+             * Request GVMM to create a new VM for us.
              */
+            memset(pVM, 0, sizeof(*pVM));
+            pVM->pVMR0 = pVMR0;
+            pVM->pVMR3 = pVM;
+            pVM->paVMPagesR3 = paPages;
+            pVM->pSession = pSession;
+            pVM->vm.s.offVM = RT_OFFSETOF(VM, vm.s);
+            pVM->vm.s.ppAtResetNext = &pVM->vm.s.pAtReset;
+            pVM->vm.s.ppAtStateNext = &pVM->vm.s.pAtState;
+            pVM->vm.s.ppAtErrorNext = &pVM->vm.s.pAtError;
+            pVM->vm.s.ppAtRuntimeErrorNext = &pVM->vm.s.pAtRuntimeError;
+            rc = RTSemEventCreate(&pVM->vm.s.EventSemWait);
+            AssertRCReturn(rc, rc);
+            /*
+             * Initialize STAM.
+             */
+            rc = STAMR3Init(pVM);
+            if (VBOX_SUCCESS(rc))
+            GVMMCREATEVMREQ CreateVMReq;
+            CreateVMReq.Hdr.u32Magic = SUPVMMR0REQHDR_MAGIC;
+            CreateVMReq.Hdr.cbReq = sizeof(CreateVMReq);
+            CreateVMReq.pSession = pSession;
+            CreateVMReq.pVMR0 = NIL_RTR0PTR;
+            CreateVMReq.pVMR3 = NULL;
+            rc = SUPCallVMMR0Ex(NIL_RTR0PTR, VMMR0_DO_GVMM_CREATE_VM, 0, &CreateVMReq.Hdr);
+            if (RT_SUCCESS(rc))
+            {
+                PVM pVM = CreateVMReq.pVMR3;
+                AssertRelease(VALID_PTR(pVM));
+                Log(("VMR3Create: Created pVM=%p pVMR0=%p\n", pVM, pVM->pVMR0));
+                PDMR3LdrLoadVMMR0Part2(pVM, pvVMMR0Opaque);
                 /*
+                 * Create the EMT thread and make it do VM initialization and go sleep
+                 * in EM waiting for requests.
+                 * Do basic init of the VM structure.
                  */
+                VMEMULATIONTHREADARGS Args;
+                Args.pVM = pVM;
+                rc = RTThreadCreate(&pVM->ThreadEMT, &vmR3EmulationThread, &Args, _1M,
+                                    RTTHREADTYPE_EMULATION, RTTHREADFLAGS_WAITABLE, "EMT");
+                pVM->vm.s.offVM = RT_OFFSETOF(VM, vm.s);
+                pVM->vm.s.ppAtResetNext = &pVM->vm.s.pAtReset;
+                pVM->vm.s.ppAtStateNext = &pVM->vm.s.pAtState;
+                pVM->vm.s.ppAtErrorNext = &pVM->vm.s.pAtError;
+                pVM->vm.s.ppAtRuntimeErrorNext = &pVM->vm.s.pAtRuntimeError;
+                rc = RTSemEventCreate(&pVM->vm.s.EventSemWait);
+                AssertRCReturn(rc, rc);
+                /*
+                 * Initialize STAM.
+                 */
+                rc = STAMR3Init(pVM);
                 if (VBOX_SUCCESS(rc))
+                {
                     /*
                      * Issue a VM Create request and wait for it to complete.
+                     * Create the EMT thread, it will start up and wait for requests to process.
                      */
+                    PVMREQ pReq;
+                    rc = VMR3ReqCall(pVM, &pReq, RT_INDEFINITE_WAIT, (PFNRT)vmR3Create, 5, pVM, pfnVMAtError, pvUserVM, pfnCFGMConstructor, pvUserCFGM);
+                    VMEMULATIONTHREADARGS Args;
+                    Args.pVM = pVM;
+                    rc = RTThreadCreate(&pVM->ThreadEMT, vmR3EmulationThread, &Args, _1M,
+                                        RTTHREADTYPE_EMULATION, RTTHREADFLAGS_WAITABLE, "EMT");
                     if (VBOX_SUCCESS(rc))
+                    {
+                        rc = pReq->iStatus;
+                        VMR3ReqFree(pReq);
+                        /*
+                         * Issue a VM Create request and wait for it to complete.
+                         */
+                        PVMREQ pReq;
+                        rc = VMR3ReqCall(pVM, &pReq, RT_INDEFINITE_WAIT, (PFNRT)vmR3Create, 5,
+                                         pVM, pfnVMAtError, pvUserVM, pfnCFGMConstructor, pvUserCFGM);
                         if (VBOX_SUCCESS(rc))
+                        {
+                            *ppVM = pVM;
+                            LogFlow(("VMR3Create: returns VINF_SUCCESS *ppVM=%p\n", pVM));
+                            return VINF_SUCCESS;
+                            rc = pReq->iStatus;
+                            VMR3ReqFree(pReq);
+                            if (VBOX_SUCCESS(rc))
+                            {
+                                *ppVM = pVM;
+                                LogFlow(("VMR3Create: returns VINF_SUCCESS *ppVM=%p\n", pVM));
+                                return VINF_SUCCESS;
+                            }
+                            AssertMsgFailed(("vmR3Create failed rc=%Vrc\n", rc));
+                        }
+                        AssertMsgFailed(("vmR3Create failed rc=%Vrc\n", rc));
+                        else
+                            AssertMsgFailed(("VMR3ReqCall failed rc=%Vrc\n", rc));
+                        /*
+                         * An error occurred during VM creation. Set the error message directly
+                         * using the initial callback, as the callback list doesn't exist yet.
+                         */
+                        const char *pszError;
+                        switch (rc)
+                        {
+                            case VERR_VMX_IN_VMX_ROOT_MODE:
+#ifdef RT_OS_LINUX
+                                pszError = N_("VirtualBox can't operate in VMX root mode. "
+                                              "Please disable the KVM kernel extension, recompile your kernel and reboot");
+#else
+                                pszError = N_("VirtualBox can't operate in VMX root mode");
+#endif
+                                break;
+                            default:
+                                pszError = N_("Unknown error creating VM (%Vrc)");
+                                AssertMsgFailed(("Add error message for rc=%d (%Vrc)\n", rc, rc));
+                        }
+                        vmR3CallVMAtError(pfnVMAtError, pvUserVM, rc, RT_SRC_POS, pszError, rc);
+                        /* Forcefully terminate the emulation thread. */
+                        VM_FF_SET(pVM, VM_FF_TERMINATE);
+                        VMR3NotifyFF(pVM, false);
+                        RTThreadWait(pVM->ThreadEMT, 1000, NULL);
+                    }
+                    else
+                        AssertMsgFailed(("VMR3ReqCall failed rc=%Vrc\n", rc));
+                    const char *pszError;
+                    /*
+                     * An error occurred during VM creation. Set the error message directly
+                     * using the initial callback, as the callback list doesn't exist yet.
+                     */
+                    switch (rc)
+                    {
+                    case VERR_VMX_IN_VMX_ROOT_MODE:
+#ifdef RT_OS_LINUX
+                        pszError = N_("VirtualBox can't operate in VMX root mode. "
+                                              "Please disable the KVM kernel extension, recompile "
+                                      "your kernel and reboot");
+#else
+                        pszError = N_("VirtualBox can't operate in VMX root mode");
+#endif
+                        break;
+                    default:
+                        pszError = N_("Unknown error creating VM (%Vrc)");
+                        AssertMsgFailed(("Add error message for rc=%d (%Vrc)\n", rc, rc));
+                    }
+                    vmR3CallVMAtError(pfnVMAtError, pvUserVM, rc, RT_SRC_POS, pszError, rc);
+                    /* Forcefully terminate the emulation thread. */
+                    VM_FF_SET(pVM, VM_FF_TERMINATE);
+                    VMR3NotifyFF(pVM, false);
+                    RTThreadWait(pVM->ThreadEMT, 1000, NULL);
+                    int rc2 = STAMR3Term(pVM);
+                    AssertRC(rc2);
+                }
+                int rc2 = STAMR3Term(pVM);
+                /* cleanup the heap. */
+                int rc2 = MMR3Term(pVM);
+                AssertRC(rc2);
+                /* Tell GVMM that it can destroy the VM now. */
+                rc2 = SUPCallVMMR0Ex(CreateVMReq.pVMR0, VMMR0_DO_GVMM_DESTROY_VM, 0, NULL);
                 AssertRC(rc2);
+            }
+            /* cleanup the heap. */
+            int rc2 = MMR3Term(pVM);
+            AssertRC(rc2);
+            /* free the VM memory */
+            rc2 = SUPLowFree(pVM, cPages);
+            AssertRC(rc2);
+            else
+            {
+                PDMR3LdrLoadVMMR0Part2(NULL, pvVMMR0Opaque);
+                vmR3CallVMAtError(pfnVMAtError, pvUserVM, rc, RT_SRC_POS, N_("VM creation failed"));
+                AssertMsgFailed(("GMMR0CreateVMReq returned %Rrc\n", rc));
+            }
+        }
         else
+        {
+            rc = VERR_NO_MEMORY;
+            vmR3CallVMAtError(pfnVMAtError, pvUserVM, rc, RT_SRC_POS,
+                              N_("Failed to allocate %d bytes of low memory for the VM structure"),
+                              RT_ALIGN(sizeof(*pVM), PAGE_SIZE));
+            AssertMsgFailed(("Failed to allocate %d bytes of low memory for the VM structure!\n", RT_ALIGN(sizeof(*pVM), PAGE_SIZE)));
+            vmR3CallVMAtError(pfnVMAtError, pvUserVM, rc, RT_SRC_POS, N_("Failed to load VMMR0.r0"));
+            AssertMsgFailed(("PDMR3LdrLoadVMMR0 returned %Rrc\n", rc));
+        }
-        RTMemFree(paPages);
         /* terminate SUPLib */
 …
     else
+    {
-        const char *pszError;
         /*
          * An error occurred at support library initialization time (before the
 …
          * initial callback, as the callback list doesn't exist yet.
          */
+        const char *pszError;
         switch (rc)
+        {
 …
 static void vmR3CallVMAtError(PFNVMATERROR pfnVMAtError, void *pvUser, int rc, RT_SRC_POS_DECL, const char *pszError, ...)
+{
+    if (!pfnVMAtError)
+        return;
     va_list va;
     va_start(va, pszError);
 …
+}
 /**
  * Suspends a running VM.
 …
  * @returns VBox error code on failure.
  * @param   pVM         The VM to resume.
  * @thread      EMT
+ * @thread  EMT
  */
 static DECLCALLBACK(int) vmR3Resume(PVM pVM)
 …
     rc = HWACCMR3Term(pVM);
     AssertRC(rc);
     rc = VMMR3Term(pVM);
+    rc = PGMR3Term(pVM);
     AssertRC(rc);
     rc = PGMR3Term(pVM);
+    rc = VMMR3Term(pVM); /* Terminates the ring-0 code! */
     AssertRC(rc);
     rc = CPUMR3Term(pVM);
 …
+{
     /*
      * Free the event semaphores associated with the request packets.s
+     * Free the event semaphores associated with the request packets.
      */
     unsigned cReqs = 0;
 …
     /*
      * Free the VM structure.
      */
     rc = SUPLowFree(pVM, RT_ALIGN_Z(sizeof(*pVM), PAGE_SIZE) >> PAGE_SHIFT);
+     * Tell GVMM that it can destroy the VM now.
+     */
+    rc = SUPCallVMMR0Ex(pVM->pVMR0, VMMR0_DO_GVMM_DESTROY_VM, 0, NULL);
     AssertRC(rc);
     rc = SUPTerm();

trunk/src/VBox/VMM/VMEmt.cpp

r4295	r5031
86	86	break;
87	87	}
88		~~else~~ if (pVM->vm.s.pReqs)
	88	if (pVM->vm.s.pReqs)
89	89	{
90	90	/*

trunk/src/VBox/VMM/VMMR0/GVMMR0.cpp

-              r5026
+              r5031
 *   Header Files                                                               *
 *******************************************************************************/
 #define LOG_GROUP LOG_GROUP_GVM
+#define LOG_GROUP LOG_GROUP_GVMM
 #include <VBox/gvmm.h>
+/* #include "GVMMInternal.h" */
+#include "GVMMR0Internal.h"
+#include <VBox/gvm.h>
 #include <VBox/vm.h>
 #include <VBox/err.h>
 #include <iprt/alloc.h>
 #include <iprt/semaphore.h>
 #include <iprt/log.h>
+#include <VBox/log.h>
 #include <iprt/thread.h>
 #include <iprt/param.h>
 #include <iprt/string.h>
+#include <iprt/assert.h>
+#include <iprt/mem.h>
+#include <iprt/memobj.h>
 …
     /** Our own index / handle value. */
     uint16_t            iSelf;
-    /** Whether to free the VM structure or not. */
-    bool                fFreeVM;
     /** The pointer to the ring-0 only (aka global) VM structure. */
     PGVM                pGVM;
 …
 static PGVMM g_pGVMM = NULL;
+/** Macro for obtaining and validating the g_pGVMM pointer.
+ * On failure it will return from the invoking function with the specified return value.
+ *
+ * @param   pGVMM   The name of the pGVMM variable.
+ * @param   rc      The return value on failure. Use VERR_INTERNAL_ERROR for
+ *                  VBox status codes.
+ */
+#define GVMM_GET_VALID_INSTANCE(pGVMM, rc) \
+    do { \
+        (pGVMM) = g_pGVMM;\
+        AssertPtrReturn((pGVMM), (rc)); \
+        AssertMsgReturn((pGVMM)->u32Magic == GVMM_MAGIC, ("%p - %#x\n", (pGVMM), (pGVMM)->u32Magic), (rc)); \
+    } while (0)
+/** Macro for obtaining and validating the g_pGVMM pointer, void function variant.
+ * On failure it will return from the invoking function.
+ *
+ * @param   pGVMM   The name of the pGVMM variable.
+ */
+#define GVMM_GET_VALID_INSTANCE_VOID(pGVMM) \
+    do { \
+        (pGVMM) = g_pGVMM;\
+        AssertPtrReturnVoid((pGVMM)); \
+        AssertMsgReturnVoid((pGVMM)->u32Magic == GVMM_MAGIC, ("%p - %#x\n", (pGVMM), (pGVMM)->u32Magic)); \
+    } while (0)
 /*******************************************************************************
 …
+#if 0 /* not currently used */
+/**
+ * Request wrapper for the GVMMR0CreateVM API.
+ *
+ * @returns VBox status code.
+ * @param   pReqHdr     The request buffer.
+ */
+GVMMR0DECL(int) GVMMR0CreateVMReq(PSUPVMMR0REQHDR pReqHdr)
+{
+    PGVMMCREATEVMREQ pReq = (PGVMMCREATEVMREQ)pReqHdr;
+    /*
+     * Validate the request.
+     */
+    if (!VALID_PTR(pReq))
+        return VERR_INVALID_POINTER;
+    if (pReq->Hdr.cbReq != sizeof(*pReq))
+        return VERR_INVALID_PARAMETER;
+    if (!VALID_PTR(pReq->pSession))
+        return VERR_INVALID_POINTER;
+    /*
+     * Execute it.
+     */
+    PVM pVM;
+    pReq->pVMR0 = NULL;
+    pReq->pVMR3 = NIL_RTR3PTR;
+    int rc = GVMMR0CreateVM(pReq->pSession, &pVM);
+    if (RT_SUCCESS(rc))
+    {
+        pReq->pVMR0 = pVM;
+        pReq->pVMR3 = pVM->pVMR3;
+    }
+    return rc;
+}
 /**
  * Allocates the VM structure and registers it with GVM.
 …
  * @param   ppVM        Where to store the pointer to the VM structure.
+ *
  * @thread  EMT.
+ * @thread  Any thread.
  */
 GVMMR0DECL(int) GVMMR0CreateVM(PSUPDRVSESSION pSession, PVM *ppVM)
+{
     SUPR0Printf("GVMMR0CreateVM: pSession=%p\n", pSession);
     PGVMM pGVMM = g_pGVMM;
     AssertPtrReturn(pGVMM, VERR_INTERNAL_ERROR);
+    LogFlow(("GVMMR0CreateVM: pSession=%p\n", pSession));
+    PGVMM pGVMM;
+    GVMM_GET_VALID_INSTANCE(pGVMM, VERR_INTERNAL_ERROR);
     AssertPtrReturn(ppVM, VERR_INVALID_POINTER);
     *ppVM = NULL;
+    RTNATIVETHREAD hEMT = RTThreadNativeSelf();
+    AssertReturn(hEMT != NIL_RTNATIVETHREAD, VERR_INTERNAL_ERROR);
+    AssertReturn(RTThreadNativeSelf() != NIL_RTNATIVETHREAD, VERR_INTERNAL_ERROR);
     /*
 …
     if (iHandle)
+    {
         PGVMMHANDLE pHandle = &pGVMM->aHandles[iHandle];
+        PGVMHANDLE pHandle = &pGVMM->aHandles[iHandle];
         /* consistency checks, a bit paranoid as always. */
         if (    !pHandle->pVM
             /*&&  !pHandle->pGVM */
+            &&  !pHandle->pGVM
             &&  !pHandle->pvObj
             &&  pHandle->iSelf == iHandle)
 …
                 pGVMM->iUsedHead = iHandle;
-                pHandle->fFreeVM = true;
                 pHandle->pVM = NULL;
                 pHandle->pGVM = NULL; /* to be allocated */
+                pHandle->pGVM = NULL;
                 pHandle->pSession = pSession;
                 pHandle->hEMT = hEMT;
+                pHandle->hEMT = NIL_RTNATIVETHREAD;
                 rc = SUPR0ObjVerifyAccess(pHandle->pvObj, pSession, NULL);
 …
+                {
                     /*
                      * Allocate and initialize the VM structure.
+                     * Allocate the global VM structure (GVM) and initialize it.
                      */
+                    RTR3PTR     paPagesR3;
+                    PRTHCPHYS   paPagesR0;
+                    size_t      cPages = RT_ALIGN_Z(sizeof(VM), PAGE_SIZE) >> PAGE_SHIFT;
+                    rc = SUPR0MemAlloc(pSession, cPages * sizeof(RTHCPHYS), (void **)&paPagesR0, &paPagesR3);
+                    if (RT_SUCCESS(rc))
+                    PGVM pGVM = (PGVM)RTMemAllocZ(sizeof(*pGVM));
+                    if (pGVM)
+                    {
+                        PVM pVM;
+                        PVMR3 pVMR3;
+                        rc = SUPR0LowAlloc(pSession, cPages, (void **)&pVM, &pVMR3, paPagesR0);
+                        pGVM->u32Magic = GVM_MAGIC;
+                        pGVM->hSelf = iHandle;
+                        pGVM->hEMT = NIL_RTNATIVETHREAD;
+                        pGVM->pVM = NULL;
+                        /* gvmmR0InitPerVMData: */
+                        AssertCompile(RT_SIZEOFMEMB(GVM,gvmm.s) <= RT_SIZEOFMEMB(GVM,gvmm.padding));
+                        Assert(RT_SIZEOFMEMB(GVM,gvmm.s) <= RT_SIZEOFMEMB(GVM,gvmm.padding));
+                        pGVM->gvmm.s.VMMemObj = NIL_RTR0MEMOBJ;
+                        pGVM->gvmm.s.VMMapObj = NIL_RTR0MEMOBJ;
+                        pGVM->gvmm.s.VMPagesMemObj = NIL_RTR0MEMOBJ;
+                        pGVM->gvmm.s.VMPagesMapObj = NIL_RTR0MEMOBJ;
+                        /* GVMMR0InitPerVMData(pGVM); - later */
+                        /*
+                         * Allocate the shared VM structure and associated page array.
+                         */
+                        const size_t cPages = RT_ALIGN(sizeof(VM), PAGE_SIZE) >> PAGE_SHIFT;
+                        rc = RTR0MemObjAllocLow(&pGVM->gvmm.s.VMMemObj, cPages << PAGE_SHIFT, false /* fExecutable */);
                         if (RT_SUCCESS(rc))
+                        {
+                            memset(pVM, 0, cPages * PAGE_SIZE);
+                            PVM pVM = (PVM)RTR0MemObjAddress(pGVM->gvmm.s.VMMemObj); AssertPtr(pVM);
+                            memset(pVM, 0, cPages << PAGE_SHIFT);
                             pVM->enmVMState = VMSTATE_CREATING;
-                            pVM->paVMPagesR3 = paPagesR3;
-                            pVM->pVMR3 = pVMR3;
                             pVM->pVMR0 = pVM;
                             pVM->pSession = pSession;
                             pVM->hSelf = iHandle;
+                            RTSemFastMutexRelease(pGVMM->Lock);
+                            *ppVM = pVM;
+                            SUPR0Printf("GVMMR0CreateVM: pVM=%p pVMR3=%p\n", pVM, pVMR3);
+                            return VINF_SUCCESS;
+                            rc = RTR0MemObjAllocPage(&pGVM->gvmm.s.VMPagesMemObj, cPages * sizeof(SUPPAGE), false /* fExecutable */);
+                            if (RT_SUCCESS(rc))
+                            {
+                                PSUPPAGE paPages = (PSUPPAGE)RTR0MemObjAddress(pGVM->gvmm.s.VMPagesMemObj); AssertPtr(paPages);
+                                for (size_t iPage = 0; iPage < cPages; iPage++)
+                                {
+                                    paPages[iPage].uReserved = 0;
+                                    paPages[iPage].Phys = RTR0MemObjGetPagePhysAddr(pGVM->gvmm.s.VMMemObj, iPage);
+                                    Assert(paPages[iPage].Phys != NIL_RTHCPHYS);
+                                }
+                                /*
+                                 * Map them into ring-3.
+                                 */
+                                rc = RTR0MemObjMapUser(&pGVM->gvmm.s.VMMapObj, pGVM->gvmm.s.VMMemObj, (RTR3PTR)-1, 0,
+                                                       RTMEM_PROT_READ | RTMEM_PROT_WRITE, NIL_RTR0PROCESS);
+                                if (RT_SUCCESS(rc))
+                                {
+                                    pVM->pVMR3 = RTR0MemObjAddressR3(pGVM->gvmm.s.VMMapObj);
+                                    AssertPtr((void *)pVM->pVMR3);
+                                    rc = RTR0MemObjMapUser(&pGVM->gvmm.s.VMPagesMapObj, pGVM->gvmm.s.VMPagesMemObj, (RTR3PTR)-1, 0,
+                                                           RTMEM_PROT_READ | RTMEM_PROT_WRITE, NIL_RTR0PROCESS);
+                                    if (RT_SUCCESS(rc))
+                                    {
+                                        pVM->paVMPagesR3 = RTR0MemObjAddressR3(pGVM->gvmm.s.VMPagesMapObj);
+                                        AssertPtr((void *)pVM->paVMPagesR3);
+                                        /* complete the handle. */
+                                        pHandle->pVM = pVM;
+                                        pHandle->pGVM = pGVM;
+                                        RTSemFastMutexRelease(pGVMM->Lock);
+                                        *ppVM = pVM;
+                                        SUPR0Printf("GVMMR0CreateVM: pVM=%p pVMR3=%p pGVM=%p hGVM=%d\n", pVM, pVM->pVMR3, pGVM, iHandle);
+                                        return VINF_SUCCESS;
+                                    }
+                                    RTR0MemObjFree(pGVM->gvmm.s.VMMapObj, false /* fFreeMappings */);
+                                    pGVM->gvmm.s.VMMapObj = NIL_RTR0MEMOBJ;
+                                }
+                                RTR0MemObjFree(pGVM->gvmm.s.VMPagesMemObj, false /* fFreeMappings */);
+                                pGVM->gvmm.s.VMPagesMemObj = NIL_RTR0MEMOBJ;
+                            }
+                            RTR0MemObjFree(pGVM->gvmm.s.VMMemObj, false /* fFreeMappings */);
+                            pGVM->gvmm.s.VMMemObj = NIL_RTR0MEMOBJ;
+                        }
-                        SUPR0MemFree(pSession, (uintptr_t)paPagesR0);
+                    }
+                }
 …
     return rc;
+}
+#endif /* not used yet. */
+/**
+ * Deregistres the VM and destroys the VM structure.
+/**
+ * Destroys the VM, freeing all associated resources (the ring-0 ones anyway).
+ *
+ * This is call from the vmR3DestroyFinalBit and from a error path in VMR3Create,
+ * and the caller is not the EMT thread, unfortunately. For security reasons, it
+ * would've been nice if the caller was actually the EMT thread or that we somehow
+ * could've associated the calling thread with the VM up front.
+ *
  * @returns VBox status code.
  * @param   pVM         Where to store the pointer to the VM structure.
+ *
  * @thread  EMT.
+ * @thread  EMT if it's associated with the VM, otherwise any thread.
  */
 GVMMR0DECL(int) GVMMR0DestroyVM(PVM pVM)
+{
     SUPR0Printf("GVMMR0DestroyVM: pVM=%p\n", pVM);
     PGVMM pGVMM = g_pGVMM;
+    AssertPtrReturn(pGVMM, VERR_INTERNAL_ERROR);
+    LogFlow(("GVMMR0DestroyVM: pVM=%p\n", pVM));
+    PGVMM pGVMM;
+    GVMM_GET_VALID_INSTANCE(pGVMM, VERR_INTERNAL_ERROR);
     /*
 …
     PGVMHANDLE pHandle = &pGVMM->aHandles[hGVM];
-    AssertReturn(pHandle->hEMT != NIL_RTNATIVETHREAD, VERR_WRONG_ORDER);
     AssertReturn(pHandle->pVM == pVM, VERR_NOT_OWNER);
     RTNATIVETHREAD hSelf = RTThreadNativeSelf();
     AssertReturn(pHandle->hEMT == hSelf, VERR_NOT_OWNER);
+    AssertReturn(pHandle->hEMT == hSelf || pHandle->hEMT == NIL_RTNATIVETHREAD, VERR_NOT_OWNER);
     /*
      * Lookup the handle and destroy the object.
      * Since the lock isn't recursive, we have to make sure nobody can
      * race us as we leave the lock and call SUPR0ObjRelease.
+     * Since the lock isn't recursive and we'll have to leave it before dereferencing the
+     * object, we take some precautions against racing callers just in case...
      */
     int rc = RTSemFastMutexRequest(pGVMM->Lock);
     AssertRC(rc);
     /* be very careful here because we might be racing someone else cleaning up... */
+    /* be careful here because we might theoretically be racing someone else cleaning up. */
     if (    pHandle->pVM == pVM
+        &&  pHandle->hEMT == hSelf
+        &&  VALID_PTR(pHandle->pvObj))
+        &&  (   pHandle->hEMT == hSelf
+             || pHandle->hEMT == NIL_RTNATIVETHREAD)
+        &&  VALID_PTR(pHandle->pvObj)
+        &&  VALID_PTR(pHandle->pSession)
+        &&  VALID_PTR(pHandle->pGVM)
+        &&  pHandle->pGVM->u32Magic == GVM_MAGIC)
+    {
         void *pvObj = pHandle->pvObj;
 …
         RTSemFastMutexRelease(pGVMM->Lock);
         SUPR0ObjRelease(pvObj, pVM->pSession);
+        SUPR0ObjRelease(pvObj, pHandle->pSession);
+    }
     else
+    {
+        SUPR0Printf("GVMMR0DestroyVM: pHandle=%p:{.pVM=%p, hEMT=%p, .pvObj=%p} pVM=%p hSelf=%p\n",
+                    pHandle, pHandle->pVM, pHandle->hEMT, pHandle->pvObj, pVM, hSelf);
         RTSemFastMutexRelease(pGVMM->Lock);
         rc = VERR_INTERNAL_ERROR;
 …
-#if 1 /* this approach is unsafe wrt to the freeing of pVM. Keeping it as a possible fallback for 1.5.x. */
-/**
- * Register the specified VM with the GGVM.
+ *
- * Permission polices and resource consumption polices may or may
- * not be checked that this poin, be ready to deald nicely with failure.
+ *
- * @returns VBox status code.
+ *
- * @param   pVM         The VM instance data (aka handle), ring-0 mapping of ccourse.
- *                      The VM::hGVM field may be updated by this call.
- * @thread  EMT.
- */
-GVMMR0DECL(int) GVMMR0RegisterVM(PVM pVM)
+{
-    SUPR0Printf("GVMMR0RegisterVM: pVM=%p\n", pVM);
-    PGVMM pGVMM = g_pGVMM;
-    AssertPtrReturn(pGVMM, VERR_INTERNAL_ERROR);
-    /*
-     * Validate the VM structure and state.
-     */
-    AssertPtrReturn(pVM, VERR_INVALID_POINTER);
-    AssertReturn(!((uintptr_t)pVM & PAGE_OFFSET_MASK), VERR_INVALID_POINTER);
-    AssertMsgReturn(pVM->enmVMState == VMSTATE_CREATING, ("%d\n", pVM->enmVMState), VERR_WRONG_ORDER);
-    RTNATIVETHREAD hEMT = RTThreadNativeSelf();
-    AssertReturn(hEMT != NIL_RTNATIVETHREAD, VERR_NOT_SUPPORTED);
-    /*
-     * Take the lock and call the worker function.
-     */
-    int rc = RTSemFastMutexRequest(pGVMM->Lock);
-    AssertRCReturn(rc, rc);
-    /*
-     * Allocate a handle.
-     */
-    uint16_t iHandle = pGVMM->iFreeHead;
-    if (iHandle)
+    {
-        PGVMHANDLE pHandle = &pGVMM->aHandles[iHandle];
-        /* consistency checks, a bit paranoid as always. */
-        if (    !pHandle->pVM
-            &&  !pHandle->pvObj
-            &&  pHandle->iSelf == iHandle)
+        {
-            pHandle->pvObj = SUPR0ObjRegister(pVM->pSession, SUPDRVOBJTYPE_VM, gvmmR0HandleObjDestructor, pGVMM, pHandle);
-            if (pHandle->pvObj)
+            {
-                /*
-                 * Move the handle from the free to used list and
-                 * perform permission checks.
-                 */
-                pGVMM->iFreeHead = pHandle->iNext;
-                pHandle->iNext = pGVMM->iUsedHead;
-                pGVMM->iUsedHead = iHandle;
-                pHandle->fFreeVM = false;
-                pHandle->pVM = pVM;
-                pHandle->pGVM = NULL; /** @todo to be allocated */
-                pHandle->pSession = pVM->pSession;
-                pHandle->hEMT = hEMT;
-                rc = SUPR0ObjVerifyAccess(pHandle->pvObj, pVM->pSession, NULL);
-                if (RT_SUCCESS(rc))
+                {
-                    pVM->hSelf = iHandle;
-                    RTSemFastMutexRelease(pGVMM->Lock);
+                }
-                else
+                {
-                    /*
-                     * The user wasn't permitted to create this VM.
-                     * Must use gvmmR0HandleObjDestructor via SUPR0ObjRelease to do the
-                     * cleanups. The lock isn't recursive, thus the extra mess.
-                     */
-                    void *pvObj = pHandle->pvObj;
-                    pHandle->pvObj = NULL;
-                    RTSemFastMutexRelease(pGVMM->Lock);
-                    SUPR0ObjRelease(pvObj, pVM->pSession);
+                }
-                if (RT_FAILURE(rc))
-                    SUPR0Printf("GVMMR0RegisterVM: permission denied, rc=%d\n", rc);
-                return rc;
+            }
-            rc = VERR_NO_MEMORY;
+        }
-        else
-            rc = VERR_INTERNAL_ERROR;
+    }
-    else
-        rc = VERR_GVM_TOO_MANY_VMS;
-    RTSemFastMutexRelease(pGVMM->Lock);
-    SUPR0Printf("GVMMR0RegisterVM: failed, rc=%d, iHandle=%d\n", rc, iHandle);
-    return rc;
+}
-/**
- * Deregister a VM previously registered using the GVMMR0RegisterVM API.
+ *
+ *
- * @returns VBox status code.
- * @param   pVM         The VM handle.
- * @thread  EMT.
- */
-GVMMR0DECL(int) GVMMR0DeregisterVM(PVM pVM)
+{
-    SUPR0Printf("GVMMR0DeregisterVM: pVM=%p\n", pVM);
-    return GVMMR0DestroyVM(pVM);
+}
-#endif /* ... */
 /**
  * Handle destructor.
 …
 static DECLCALLBACK(void) gvmmR0HandleObjDestructor(void *pvObj, void *pvGVMM, void *pvHandle)
+{
     SUPR0Printf("gvmmR0HandleObjDestructor: %p %p %p\n", pvObj, pvGVMM, pvHandle);
+    LogFlow(("gvmmR0HandleObjDestructor: %p %p %p\n", pvObj, pvGVMM, pvHandle));
     /*
 …
     /*
+     * Do the global cleanup round, currently only GMM.
+     * Can't trust the VM pointer unless it was allocated in ring-0...
+     */
+    PVM pVM = pHandle->pVM;
+    if (    VALID_PTR(pVM)
+        &&  VALID_PTR(pHandle->pSession)
+        &&  pHandle->fFreeVM)
+    {
+        /// @todo GMMR0CleanupVM(pVM);
+     * Do the global cleanup round.
+     */
+    PGVM pGVM = pHandle->pGVM;
+    if (    VALID_PTR(pGVM)
+        &&  pGVM->u32Magic == GVM_MAGIC)
+    {
+        /// @todo GMMR0CleanupVM(pGVM);
         /*
          * Free the VM structure.
+         * Do the GVMM cleanup - must be done last.
          */
+        ASMAtomicXchgU32((uint32_t volatile *)&pVM->hSelf, NIL_GVM_HANDLE);
+        SUPR0MemFree(pHandle->pSession, pVM->paVMPagesR3);
+        SUPR0LowFree(pHandle->pSession, (uintptr_t)pVM);
+    }
+        /* The VM and VM pages mappings/allocations. */
+        if (pGVM->gvmm.s.VMPagesMapObj != NIL_RTR0MEMOBJ)
+        {
+            rc = RTR0MemObjFree(pGVM->gvmm.s.VMPagesMapObj, false /* fFreeMappings */); AssertRC(rc);
+            pGVM->gvmm.s.VMPagesMapObj = NIL_RTR0MEMOBJ;
+        }
+        if (pGVM->gvmm.s.VMMapObj != NIL_RTR0MEMOBJ)
+        {
+            rc = RTR0MemObjFree(pGVM->gvmm.s.VMMapObj, false /* fFreeMappings */); AssertRC(rc);
+            pGVM->gvmm.s.VMMapObj = NIL_RTR0MEMOBJ;
+        }
+        if (pGVM->gvmm.s.VMPagesMemObj != NIL_RTR0MEMOBJ)
+        {
+            rc = RTR0MemObjFree(pGVM->gvmm.s.VMPagesMemObj, false /* fFreeMappings */); AssertRC(rc);
+            pGVM->gvmm.s.VMPagesMemObj = NIL_RTR0MEMOBJ;
+        }
+        if (pGVM->gvmm.s.VMMemObj != NIL_RTR0MEMOBJ)
+        {
+            rc = RTR0MemObjFree(pGVM->gvmm.s.VMMemObj, false /* fFreeMappings */); AssertRC(rc);
+            pGVM->gvmm.s.VMMemObj = NIL_RTR0MEMOBJ;
+        }
+        /* the GVM structure itself. */
+        pGVM->u32Magic++;
+        RTMemFree(pGVM);
+    }
+    /* else: GVMMR0CreateVM cleanup.  */
     /*
 …
      */
     pHandle->iNext = pGVMM->iFreeHead;
-    pHandle->fFreeVM = false;
     pGVMM->iFreeHead = iHandle;
+    ASMAtomicXchgPtr((void * volatile *)&pHandle->pGVM, NULL);
     ASMAtomicXchgPtr((void * volatile *)&pHandle->pVM, NULL);
     ASMAtomicXchgPtr((void * volatile *)&pHandle->pvObj, NULL);
 …
 /**
+ * Lookup a GVM pointer by its handle.
+ * Associates an EMT thread with a VM.
+ *
+ * This is called early during the ring-0 VM initialization so assertions later in
+ * the process can be handled gracefully.
+ *
+ * @returns VBox status code.
+ *
+ * @param   pVM         The VM instance data (aka handle), ring-0 mapping of course.
+ * @thread  EMT.
+ */
+GVMMR0DECL(int) GVMMR0AssociateEMTWithVM(PVM pVM)
+{
+    LogFlow(("GVMMR0AssociateEMTWithVM: pVM=%p\n", pVM));
+    PGVMM pGVMM;
+    GVMM_GET_VALID_INSTANCE(pGVMM, VERR_INTERNAL_ERROR);
+    /*
+     * Validate the VM structure, state and handle.
+     */
+    AssertPtrReturn(pVM, VERR_INVALID_POINTER);
+    AssertReturn(!((uintptr_t)pVM & PAGE_OFFSET_MASK), VERR_INVALID_POINTER);
+    AssertMsgReturn(pVM->enmVMState == VMSTATE_CREATING, ("%d\n", pVM->enmVMState), VERR_WRONG_ORDER);
+    RTNATIVETHREAD hEMT = RTThreadNativeSelf();
+    AssertReturn(hEMT != NIL_RTNATIVETHREAD, VERR_NOT_SUPPORTED);
+    const uint16_t hGVM = pVM->hSelf;
+    AssertReturn(hGVM != NIL_GVM_HANDLE, VERR_INVALID_HANDLE);
+    AssertReturn(hGVM < RT_ELEMENTS(pGVMM->aHandles), VERR_INVALID_HANDLE);
+    PGVMHANDLE pHandle = &pGVMM->aHandles[hGVM];
+    AssertReturn(pHandle->pVM == pVM, VERR_NOT_OWNER);
+    /*
+     * Take the lock, validate the handle and update the structure members.
+     */
+    int rc = RTSemFastMutexRequest(pGVMM->Lock);
+    AssertRCReturn(rc, rc);
+    if (    pHandle->pVM == pVM
+        &&  VALID_PTR(pHandle->pvObj)
+        &&  VALID_PTR(pHandle->pSession)
+        &&  VALID_PTR(pHandle->pGVM)
+        &&  pHandle->pGVM->u32Magic == GVM_MAGIC)
+    {
+        pHandle->hEMT = hEMT;
+        pHandle->pGVM->hEMT = hEMT;
+    }
+    else
+        rc = VERR_INTERNAL_ERROR;
+    RTSemFastMutexRelease(pGVMM->Lock);
+    LogFlow(("GVMMR0AssociateEMTWithVM: returns %Vrc (hEMT=%RTnthrd)\n", rc, hEMT));
+    return rc;
+}
+/**
+ * Disassociates the EMT thread from a VM.
+ *
+ * This is called last in the ring-0 VM termination. After this point anyone is
+ * allowed to destroy the VM. Ideally, we should associate the VM with the thread
+ * that's going to call GVMMR0DestroyVM for optimal security, but that's impractical
+ * at present.
+ *
+ * @returns VBox status code.
+ *
+ * @param   pVM         The VM instance data (aka handle), ring-0 mapping of course.
+ * @thread  EMT.
+ */
+GVMMR0DECL(int) GVMMR0DisassociateEMTFromVM(PVM pVM)
+{
+    LogFlow(("GVMMR0DisassociateEMTFromVM: pVM=%p\n", pVM));
+    PGVMM pGVMM;
+    GVMM_GET_VALID_INSTANCE(pGVMM, VERR_INTERNAL_ERROR);
+    /*
+     * Validate the VM structure, state and handle.
+     */
+    AssertPtrReturn(pVM, VERR_INVALID_POINTER);
+    AssertReturn(!((uintptr_t)pVM & PAGE_OFFSET_MASK), VERR_INVALID_POINTER);
+    AssertMsgReturn(pVM->enmVMState >= VMSTATE_CREATING && pVM->enmVMState <= VMSTATE_DESTROYING, ("%d\n", pVM->enmVMState), VERR_WRONG_ORDER);
+    RTNATIVETHREAD hEMT = RTThreadNativeSelf();
+    AssertReturn(hEMT != NIL_RTNATIVETHREAD, VERR_NOT_SUPPORTED);
+    const uint16_t hGVM = pVM->hSelf;
+    AssertReturn(hGVM != NIL_GVM_HANDLE, VERR_INVALID_HANDLE);
+    AssertReturn(hGVM < RT_ELEMENTS(pGVMM->aHandles), VERR_INVALID_HANDLE);
+    PGVMHANDLE pHandle = &pGVMM->aHandles[hGVM];
+    AssertReturn(pHandle->pVM == pVM, VERR_NOT_OWNER);
+    /*
+     * Take the lock, validate the handle and update the structure members.
+     */
+    int rc = RTSemFastMutexRequest(pGVMM->Lock);
+    AssertRCReturn(rc, rc);
+    if (    VALID_PTR(pHandle->pvObj)
+        &&  VALID_PTR(pHandle->pSession)
+        &&  VALID_PTR(pHandle->pGVM)
+        &&  pHandle->pGVM->u32Magic == GVM_MAGIC)
+    {
+        if (    pHandle->pVM == pVM
+            &&  pHandle->hEMT == hEMT)
+        {
+            pHandle->hEMT = NIL_RTNATIVETHREAD;
+            pHandle->pGVM->hEMT = NIL_RTNATIVETHREAD;
+        }
+        else
+            rc = VERR_NOT_OWNER;
+    }
+    else
+        rc = VERR_INVALID_HANDLE;
+    RTSemFastMutexRelease(pGVMM->Lock);
+    LogFlow(("GVMMR0DisassociateEMTFromVM: returns %Vrc (hEMT=%RTnthrd)\n", rc, hEMT));
+    return rc;
+}
+/**
+ * Lookup a GVM structure by its handle.
+ *
  * @returns The GVM pointer on success, NULL on failure.
 …
 GVMMR0DECL(PGVM) GVMMR0ByHandle(uint32_t hGVM)
+{
     PGVMM pGVMM = g_pGVMM;
     AssertPtrReturn(pGVMM, NULL);
+    PGVMM pGVMM;
+    GVMM_GET_VALID_INSTANCE(pGVMM, NULL);
     /*
 …
      * Look it up.
      */
+    AssertReturn(VALID_PTR(pGVMM->aHandles[hGVM].pvObj), NULL);
+    AssertReturn(pGVMM->aHandles[hGVM].hEMT != NIL_RTNATIVETHREAD, NULL);
+    Assert(VALID_PTR(pGVMM->aHandles[hGVM].pVM));
+    return pGVMM->aHandles[hGVM].pGVM;
+    PGVMHANDLE pHandle = &pGVMM->aHandles[hGVM];
+    AssertPtrReturn(pHandle->pVM, NULL);
+    AssertPtrReturn(pHandle->pvObj, NULL);
+    PGVM pGVM = pHandle->pGVM;
+    AssertPtrReturn(pGVM, NULL);
+    AssertReturn(pGVM->pVM == pHandle->pVM, NULL);
+    return pHandle->pGVM;
+}
+/**
+ * Lookup a GVM structure by the shared VM structure.
+ *
+ * @returns The GVM pointer on success, NULL on failure.
+ * @param   pVM     The shared VM structure (the ring-0 mapping).
+ */
+GVMMR0DECL(PGVM) GVMMR0ByVM(PVM pVM)
+{
+    PGVMM pGVMM;
+    GVMM_GET_VALID_INSTANCE(pGVMM, NULL);
+    /*
+     * Validate.
+     */
+    AssertPtrReturn(pVM, NULL);
+    AssertReturn(!((uintptr_t)pVM & PAGE_OFFSET_MASK), NULL);
+    uint16_t hGVM = pVM->hSelf;
+    AssertReturn(hGVM != NIL_GVM_HANDLE, NULL);
+    AssertReturn(hGVM < RT_ELEMENTS(pGVMM->aHandles), NULL);
+    /*
+     * Look it up.
+     */
+    PGVMHANDLE pHandle = &pGVMM->aHandles[hGVM];
+    AssertReturn(pHandle->pVM == pVM, NULL);
+    AssertPtrReturn(pHandle->pvObj, NULL);
+    PGVM pGVM = pHandle->pGVM;
+    AssertPtrReturn(pGVM, NULL);
+    AssertReturn(pGVM->pVM == pVM, NULL);
+    return pGVM;
+}
 …
 GVMMR0DECL(PVM) GVMMR0GetVMByHandle(uint32_t hGVM)
+{
+    PGVMM pGVMM = g_pGVMM;
+    AssertPtrReturn(pGVMM, NULL);
+    /*
+     * Validate.
+     */
+    AssertReturn(hGVM != NIL_GVM_HANDLE, NULL);
+    AssertReturn(hGVM < RT_ELEMENTS(pGVMM->aHandles), NULL);
+    /*
+     * Look it up.
+     */
+    AssertReturn(VALID_PTR(pGVMM->aHandles[hGVM].pvObj), NULL);
+    AssertReturn(pGVMM->aHandles[hGVM].hEMT != NIL_RTNATIVETHREAD, NULL);
+    Assert(VALID_PTR(pGVMM->aHandles[hGVM].pVM));
+    return pGVMM->aHandles[hGVM].pVM;
+    PGVM pGVM = GVMMR0ByHandle(hGVM);
+    return pGVM ? pGVM->pVM : NULL;
+}
 …
+{
     /*
+     * Be very careful here as we're called in AssertMsgN context.
+     * No Assertions here as we're usually called in a AssertMsgN or
+     * RTAssert* context.
      */
     PGVMM pGVMM = g_pGVMM;
+    if (!VALID_PTR(pGVMM))
+    if (    !VALID_PTR(pGVMM)
+        ||  pGVMM->u32Magic != GVMM_MAGIC)
         return NULL;
 …
     /*
      * Search the handles, we don't dare take the lock (assert).
+     * Search the handles in a linear fashion as we don't dare take the lock (assert).
      */
     for (unsigned i = 1; i < RT_ELEMENTS(pGVMM->aHandles); i++)

trunk/src/VBox/VMM/VMMR0/VMMR0.cpp

-              r5026
+              r5031
  * @param   pVM         The VM instance in question.
  * @param   uVersion    The minimum module version required.
+ * @thread  EMT.
  */
 static int VMMR0Init(PVM pVM, unsigned uVersion)
 …
     /*
      * Try register the VM with GVMM.
+     * Associate the ring-0 EMT thread with the GVM.
      */
     int rc = GVMMR0RegisterVM(pVM);
+    int rc = GVMMR0AssociateEMTWithVM(pVM);
     if (RT_SUCCESS(rc))
+    {
 …
                 return rc;
+        }
-        GVMMR0DeregisterVM(pVM);
+    }
 …
+ *
  * @param   pVM         The VM instance in question.
+ * @thread  EMT.
  */
 static int VMMR0Term(PVM pVM)
+{
     /*
      * Deregister the VM and the logger.
+     * Deregister the logger.
      */
     GVMMR0DeregisterVM(pVM);
+    GVMMR0DisassociateEMTFromVM(pVM);
     RTLogSetDefaultInstanceThread(NULL, 0);
     return VINF_SUCCESS;
 …
  * @param   pVM             The VM to operate on.
  * @param   enmOperation    Which operation to execute.
  * @param   pReq            This points to a SUPVMMR0REQHDR packet. Optional.
+ * @param   pReqHdr         This points to a SUPVMMR0REQHDR packet. Optional.
  * @param   u64Arg          Some simple constant argument.
  * @remarks Assume called with interrupts _enabled_.
  */
 static int vmmR0EntryExWorker(PVM pVM, VMMR0OPERATION enmOperation, PSUPVMMR0REQHDR pReq, uint64_t u64Arg)
+static int vmmR0EntryExWorker(PVM pVM, VMMR0OPERATION enmOperation, PSUPVMMR0REQHDR pReqHdr, uint64_t u64Arg)
+{
     switch (enmOperation)
+    {
+        /*
+         * GVM requests
+         */
+        case VMMR0_DO_GVMM_CREATE_VM:
+            if (pVM || u64Arg)
+                return VERR_INVALID_PARAMETER;
+            SUPR0Printf("-> GVMMR0CreateVMReq\n");
+            return GVMMR0CreateVMReq(pReqHdr);
+        case VMMR0_DO_GVMM_DESTROY_VM:
+            if (pReqHdr || u64Arg)
+                return VERR_INVALID_PARAMETER;
+            return GVMMR0DestroyVM(pVM);
         /*
          * Initialize the R0 part of a VM instance.

Note: See TracChangeset for help on using the changeset viewer.

Download in other formats:

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette