Changeset 62302 in vbox for trunk

Timestamp:

Jul 18, 2016 1:58:10 PM (9 years ago)

Author:

vboxsync

Message:

IEM,PGM: Got code TLB working in ring-3, execution is 3-4 times faster when active (still disabled of course).

Location:

trunk

Files:

• include/VBox/vmm/iem.h (modified) (1 diff)
• include/VBox/vmm/pgm.h (modified) (1 diff)
• src/VBox/VMM/VMMAll/IEMAll.cpp (modified) (9 diffs)
• src/VBox/VMM/VMMAll/PGMAll.cpp (modified) (3 diffs)
• src/VBox/VMM/VMMAll/PGMAllPhys.cpp (modified) (1 diff)
• src/VBox/VMM/VMMR3/IEMR3.cpp (modified) (2 diffs)
• src/VBox/VMM/VMMR3/PGMPhys.cpp (modified) (2 diffs)
• src/VBox/VMM/include/IEMInternal.h (modified) (6 diffs)

trunk/include/VBox/vmm/iem.h

@@ -117 +117 @@
 VMM_INT_DECL(int)           IEMBreakpointClear(PVM pVM, RTGCPTR GCPtrBp);
 
+VMM_INT_DECL(void)          IEMTlbInvalidateAll(PVMCPU pVCpu, bool fVmm);
+VMM_INT_DECL(void)          IEMTlbInvalidatePage(PVMCPU pVCpu, RTGCPTR GCPtr);
+VMM_INT_DECL(void)          IEMTlbInvalidateAllPhysical(PVMCPU pVCpu);
+
+
 /** @name Given Instruction Interpreters
  * @{ */

trunk/include/VBox/vmm/pgm.h

@@ -619 +619 @@
 VMMDECL(int)        PGMPhysInterpretedReadNoHandlers(PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, void *pvDst, RTGCUINTPTR GCPtrSrc, size_t cb, bool fRaiseTrap);
 VMMDECL(int)        PGMPhysInterpretedWriteNoHandlers(PVMCPU pVCpu, PCPUMCTXCORE pCtxCore, RTGCPTR GCPtrDst, void const *pvSrc, size_t cb, bool fRaiseTrap);
+
 VMM_INT_DECL(int)   PGMPhysIemGCPhys2Ptr(PVM pVM, PVMCPU pVCpu, RTGCPHYS GCPhys, bool fWritable, bool fByPassHandlers, void **ppv, PPGMPAGEMAPLOCK pLock);
 VMM_INT_DECL(int)   PGMPhysIemQueryAccess(PVM pVM, RTGCPHYS GCPhys, bool fWritable, bool fByPassHandlers);
+VMM_INT_DECL(int)   PGMPhysIemGCPhys2PtrNoLock(PVM pVM, PVMCPU pVCpu, RTGCPHYS GCPhys, uint64_t const volatile *puTlbPhysRev,
+#if defined(IN_RC) || defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0)
+                                               R3PTRTYPE(uint8_t *) *ppb,
+#else
+                                               R3R0PTRTYPE(uint8_t *) *ppb,
+#endif
+                                               uint64_t *pfTlb);
+/** @name Flags returned by PGMPhysIemGCPhys2PtrNoLock
+ * @{ */
+#define PGMIEMGCPHYS2PTR_F_NO_WRITE     RT_BIT_32(3)    /**< Not writable (IEMTLBE_F_PG_NO_WRITE). */
+#define PGMIEMGCPHYS2PTR_F_NO_READ      RT_BIT_32(4)    /**< Not readable (IEMTLBE_F_PG_NO_READ). */
+#define PGMIEMGCPHYS2PTR_F_NO_MAPPINGR3 RT_BIT_32(7)    /**< No ring-3 mapping (IEMTLBE_F_NO_MAPPINGR3). */
+/** @} */
 
 #ifdef VBOX_STRICT

trunk/src/VBox/VMM/VMMAll/IEMAll.cpp

@@ -82 +82 @@
 //#define IEM_LOG_MEMORY_WRITES
 #define IEM_IMPLEMENTS_TASKSWITCH
-//#define IEM_WITH_CODE_TLB - work in progress
 
 
@@ -873 +872 @@
     pVCpu->iem.s.cbInstrBuf         = UINT16_MAX;
     pVCpu->iem.s.cbInstrBufTotal    = UINT16_MAX;
-    pVCpu->iem.s.offCurInstrStart   = UINT16_MAX;
+    pVCpu->iem.s.offCurInstrStart   = INT16_MAX;
     pVCpu->iem.s.uInstrBufPc        = UINT64_C(0xc0ffc0ffcff0c0ff);
 # else
@@ -1087 +1086 @@
             pVCpu->iem.s.offInstrNextByte = 0;
             pVCpu->iem.s.offCurInstrStart = 0;
+            pVCpu->iem.s.cbInstrBuf       = 0;
+            pVCpu->iem.s.cbInstrBufTotal  = 0;
         }
     }
@@ -1093 +1094 @@
         pVCpu->iem.s.offInstrNextByte = 0;
         pVCpu->iem.s.offCurInstrStart = 0;
+        pVCpu->iem.s.cbInstrBuf       = 0;
+        pVCpu->iem.s.cbInstrBufTotal  = 0;
     }
 #else
@@ -1312 +1315 @@
  * @param   fVmm        Set when PGM calls us with a remapping.
  */
-void IEMInvalidTLBs(PVMCPU pVCpu, bool fVmm)
+VMM_INT_DECL(void) IEMTlbInvalidateAll(PVMCPU pVCpu, bool fVmm)
 {
 #ifdef IEM_WITH_CODE_TLB
+    pVCpu->iem.s.cbInstrBufTotal = 0;
     pVCpu->iem.s.CodeTlb.uTlbRevision += IEMTLB_REVISION_INCR;
     if (pVCpu->iem.s.CodeTlb.uTlbRevision != 0)
@@ -1344 +1348 @@
 
 /**
- * Invalidates the host physical aspects of the IEM TLBs.
- *
- * This is called internally as well as by PGM when moving GC mappings.
+ * Invalidates a page in the TLBs.
  *
  * @param   pVCpu       The cross context virtual CPU structure of the calling
  *                      thread.
- * @param   uTlbPhysRev The revision of the phys stuff.
- * @param   fFullFlush  Whether we're doing a full flush or not.
- */
-void IEMInvalidTLBsHostPhys(PVMCPU pVCpu, uint64_t uTlbPhysRev, bool fFullFlush)
+ * @param   GCPtr       The address of the page to invalidate
+ */
+VMM_INT_DECL(void) IEMTlbInvalidatePage(PVMCPU pVCpu, RTGCPTR GCPtr)
+{
+#if defined(IEM_WITH_CODE_TLB) || defined(IEM_WITH_DATA_TLB)
+    GCPtr = GCPtr >> X86_PAGE_SHIFT;
+    AssertCompile(RT_ELEMENTS(pVCpu->iem.s.CodeTlb.aEntries) == 256);
+    AssertCompile(RT_ELEMENTS(pVCpu->iem.s.DataTlb.aEntries) == 256);
+    uintptr_t idx = (uint8_t)GCPtr;
+
+# ifdef IEM_WITH_CODE_TLB
+    if (pVCpu->iem.s.CodeTlb.aEntries[idx].uTag == (GCPtr | pVCpu->iem.s.CodeTlb.uTlbRevision))
+    {
+        pVCpu->iem.s.CodeTlb.aEntries[idx].uTag = 0;
+        if (GCPtr == (pVCpu->iem.s.uInstrBufPc >> X86_PAGE_SHIFT))
+            pVCpu->iem.s.cbInstrBufTotal = 0;
+    }
+# endif
+
+# ifdef IEM_WITH_DATA_TLB
+    if (pVCpu->iem.s.DataTlb.aEntries[idx].uTag == (GCPtr | pVCpu->iem.s.DataTlb.uTlbRevision))
+        pVCpu->iem.s.DataTlb.aEntries[idx].uTag = 0;
+# endif
+#else
+    NOREF(pVCpu); NOREF(GCPtr);
+#endif
+}
+
+
+/**
+ * Invalidates the host physical aspects of the IEM TLBs.
+ *
+ * This is called internally as well as by PGM when moving GC mappings.
+ *
+ * @param   pVCpu       The cross context virtual CPU structure of the calling
+ *                      thread.
+ */
+VMM_INT_DECL(void) IEMTlbInvalidateAllPhysical(PVMCPU pVCpu)
 {
 #if defined(IEM_WITH_CODE_TLB) || defined(IEM_WITH_DATA_TLB)
     /* Note! This probably won't end up looking exactly like this, but it give an idea... */
 
-    pVCpu->iem.s.CodeTlb.uTlbPhysRev = uTlbPhysRev;
-    pVCpu->iem.s.DataTlb.uTlbPhysRev = uTlbPhysRev;
-
-    if (!fFullFlush)
-    { /* very likely */ }
+# ifdef IEM_WITH_CODE_TLB
+    pVCpu->iem.s.cbInstrBufTotal = 0;
+# endif
+    uint64_t uTlbPhysRev = pVCpu->iem.s.CodeTlb.uTlbPhysRev + IEMTLB_PHYS_REV_INCR;
+    if (uTlbPhysRev != 0)
+    {
+        pVCpu->iem.s.CodeTlb.uTlbPhysRev = uTlbPhysRev;
+        pVCpu->iem.s.DataTlb.uTlbPhysRev = uTlbPhysRev;
+    }
     else
     {
+        pVCpu->iem.s.CodeTlb.uTlbPhysRev = IEMTLB_PHYS_REV_INCR;
+        pVCpu->iem.s.DataTlb.uTlbPhysRev = IEMTLB_PHYS_REV_INCR;
+
         unsigned i;
 # ifdef IEM_WITH_CODE_TLB
@@ -1370 +1413 @@
         while (i-- > 0)
         {
-            pVCpu->iem.s.CodeTlb.aEntries[i].pMappingR3        = NULL;
+            pVCpu->iem.s.CodeTlb.aEntries[i].pbMappingR3       = NULL;
             pVCpu->iem.s.CodeTlb.aEntries[i].fFlagsAndPhysRev &= ~(IEMTLBE_F_PG_NO_WRITE | IEMTLBE_F_PG_NO_READ | IEMTLBE_F_PHYS_REV);
         }
@@ -1378 +1421 @@
         while (i-- > 0)
         {
-            pVCpu->iem.s.DataTlb.aEntries[i].pMappingR3        = NULL;
+            pVCpu->iem.s.DataTlb.aEntries[i].pbMappingR3       = NULL;
             pVCpu->iem.s.DataTlb.aEntries[i].fFlagsAndPhysRev &= ~(IEMTLBE_F_PG_NO_WRITE | IEMTLBE_F_PG_NO_READ | IEMTLBE_F_PHYS_REV);
         }
 # endif
     }
-#endif
-    NOREF(pVCpu); NOREF(fFullFlush);
-}
-
+#else
+    NOREF(pVCpu);
+#endif
+}
+
+
+/**
+ * Invalidates the host physical aspects of the IEM TLBs.
+ *
+ * This is called internally as well as by PGM when moving GC mappings.
+ *
+ * @param   pVM         The cross context VM structure.
+ *
+ * @remarks Caller holds the PGM lock.
+ */
+VMM_INT_DECL(void) IEMTlbInvalidateAllPhysicalAllCpus(PVM pVM)
+{
+
+}
 
 #ifdef IEM_WITH_CODE_TLB
@@ -1409 +1467 @@
 IEM_STATIC void iemOpcodeFetchBytesJmp(PVMCPU pVCpu, size_t cbDst, void *pvDst)
 {
-    Assert(cbDst <= 8);
-    uint32_t offBuf = pVCpu->iem.s.offInstrNextByte;
-
-    /*
-     * We might have a partial buffer match, deal with that first to make the
-     * rest simpler.  This is the first part of the cross page/buffer case.
-     */
-    if (pVCpu->iem.s.pbInstrBuf != NULL)
-    {
-        if (offBuf < pVCpu->iem.s.cbInstrBuf)
+#ifdef IN_RING3
+//__debugbreak();
+#else
+    longjmp(*CTX_SUFF(pVCpu->iem.s.pJmpBuf), VERR_INTERNAL_ERROR);
+#endif
+    for (;;)
+    {
+        Assert(cbDst <= 8);
+        uint32_t offBuf = pVCpu->iem.s.offInstrNextByte;
+
+        /*
+         * We might have a partial buffer match, deal with that first to make the
+         * rest simpler.  This is the first part of the cross page/buffer case.
+         */
+        if (pVCpu->iem.s.pbInstrBuf != NULL)
         {
-            Assert(offBuf + cbDst > pVCpu->iem.s.cbInstrBuf);
-            uint32_t const cbCopy = pVCpu->iem.s.cbInstrBuf - pVCpu->iem.s.offInstrNextByte;
-            memcpy(pvDst, &pVCpu->iem.s.pbInstrBuf[offBuf], cbCopy);
-
-            cbDst  -= cbCopy;
-            pvDst   = (uint8_t *)pvDst + cbCopy;
-            offBuf += cbCopy;
-            pVCpu->iem.s.offInstrNextByte += offBuf;
+            if (offBuf < pVCpu->iem.s.cbInstrBuf)
+            {
+                Assert(offBuf + cbDst > pVCpu->iem.s.cbInstrBuf);
+                uint32_t const cbCopy = pVCpu->iem.s.cbInstrBuf - pVCpu->iem.s.offInstrNextByte;
+                memcpy(pvDst, &pVCpu->iem.s.pbInstrBuf[offBuf], cbCopy);
+
+                cbDst  -= cbCopy;
+                pvDst   = (uint8_t *)pvDst + cbCopy;
+                offBuf += cbCopy;
+                pVCpu->iem.s.offInstrNextByte += offBuf;
+            }
         }
-    }
-
-    /*
-     * Check segment limit, figuring how much we're allowed to access at this point.
-     */
-    PCPUMCTX pCtx = IEM_GET_CTX(pVCpu);
-    RTGCPTR  GCPtrFirst;
-    uint32_t cbMaxRead;
-    if (pVCpu->iem.s.enmCpuMode == IEMMODE_64BIT)
-    {
-        GCPtrFirst = pCtx->rip + (offBuf - pVCpu->iem.s.offCurInstrStart);
-        if (RT_LIKELY(IEM_IS_CANONICAL(GCPtrFirst)))
-        { /* likely */ }
-        else
-            iemRaiseGeneralProtectionFault0Jmp(pVCpu);
-        cbMaxRead = X86_PAGE_SIZE - ((uint32_t)GCPtrFirst & X86_PAGE_OFFSET_MASK);
-    }
-    else
-    {
-        GCPtrFirst = pCtx->eip + (offBuf - pVCpu->iem.s.offCurInstrStart);
-        Assert(!(GCPtrFirst & ~(uint32_t)UINT16_MAX) || pVCpu->iem.s.enmCpuMode == IEMMODE_32BIT);
-        if (RT_LIKELY((uint32_t)GCPtrFirst <= pCtx->cs.u32Limit))
-        { /* likely */ }
-        else
-            iemRaiseSelectorBoundsJmp(pVCpu, X86_SREG_CS, IEM_ACCESS_INSTRUCTION);
-        cbMaxRead = pCtx->cs.u32Limit - (uint32_t)GCPtrFirst + 1;
-        if (cbMaxRead != 0)
-        { /* likely */ }
+
+        /*
+         * Check segment limit, figuring how much we're allowed to access at this point.
+         *
+         * We will fault immediately if RIP is past the segment limit / in non-canonical
+         * territory.  If we do continue, there are one or more bytes to read before we
+         * end up in trouble and we need to do that first before faulting.
+         */
+        PCPUMCTX pCtx = IEM_GET_CTX(pVCpu);
+        RTGCPTR  GCPtrFirst;
+        uint32_t cbMaxRead;
+        if (pVCpu->iem.s.enmCpuMode == IEMMODE_64BIT)
+        {
+            GCPtrFirst = pCtx->rip + (offBuf - (uint32_t)(int32_t)pVCpu->iem.s.offCurInstrStart);
+            if (RT_LIKELY(IEM_IS_CANONICAL(GCPtrFirst)))
+            { /* likely */ }
+            else
+                iemRaiseGeneralProtectionFault0Jmp(pVCpu);
+            cbMaxRead = X86_PAGE_SIZE - ((uint32_t)GCPtrFirst & X86_PAGE_OFFSET_MASK);
+        }
         else
         {
-            /* Overflowed because address is 0 and limit is max. */
-            Assert(GCPtrFirst == 0); Assert(pCtx->cs.u32Limit == UINT32_MAX);
-            cbMaxRead = X86_PAGE_SIZE;
+            GCPtrFirst = pCtx->eip + (offBuf - (uint32_t)(int32_t)pVCpu->iem.s.offCurInstrStart);
+            Assert(!(GCPtrFirst & ~(uint32_t)UINT16_MAX) || pVCpu->iem.s.enmCpuMode == IEMMODE_32BIT);
+            if (RT_LIKELY((uint32_t)GCPtrFirst <= pCtx->cs.u32Limit))
+            { /* likely */ }
+            else
+                iemRaiseSelectorBoundsJmp(pVCpu, X86_SREG_CS, IEM_ACCESS_INSTRUCTION);
+            cbMaxRead = pCtx->cs.u32Limit - (uint32_t)GCPtrFirst + 1;
+            if (cbMaxRead != 0)
+            { /* likely */ }
+            else
+            {
+                /* Overflowed because address is 0 and limit is max. */
+                Assert(GCPtrFirst == 0); Assert(pCtx->cs.u32Limit == UINT32_MAX);
+                cbMaxRead = X86_PAGE_SIZE;
+            }
+            GCPtrFirst = (uint32_t)GCPtrFirst + (uint32_t)pCtx->cs.u64Base;
+            uint32_t cbMaxRead2 = X86_PAGE_SIZE - ((uint32_t)GCPtrFirst & X86_PAGE_OFFSET_MASK);
+            if (cbMaxRead2 < cbMaxRead)
+                cbMaxRead = cbMaxRead2;
+            /** @todo testcase: unreal modes, both huge 16-bit and 32-bit. */
         }
-        GCPtrFirst = (uint32_t)GCPtrFirst + (uint32_t)pCtx->cs.u64Base;
-        uint32_t cbMaxRead2 = X86_PAGE_SIZE - ((uint32_t)GCPtrFirst & X86_PAGE_OFFSET_MASK);
-        if (cbMaxRead2 < cbMaxRead)
-            cbMaxRead = cbMaxRead2;
-        /** @todo testcase: unreal modes, both huge 16-bit and 32-bit. */
-    }
-
-    /*
-     * Get the TLB entry for this piece of code.
-     */
-    uint64_t     uTag  = (GCPtrFirst >> X86_PAGE_SHIFT) | pVCpu->iem.s.CodeTlb.uTlbRevision;
-    AssertCompile(RT_ELEMENTS(pVCpu->iem.s.CodeTlb.aEntries) == 256);
-    PIEMTLBENTRY pTlbe = &pVCpu->iem.s.CodeTlb.aEntries[(uint8_t)uTag];
-    if (pTlbe->uTag == uTag)
-    {
-        /* likely when executing lots of code, otherwise unlikely */
+
+        /*
+         * Get the TLB entry for this piece of code.
+         */
+        uint64_t     uTag  = (GCPtrFirst >> X86_PAGE_SHIFT) | pVCpu->iem.s.CodeTlb.uTlbRevision;
+        AssertCompile(RT_ELEMENTS(pVCpu->iem.s.CodeTlb.aEntries) == 256);
+        PIEMTLBENTRY pTlbe = &pVCpu->iem.s.CodeTlb.aEntries[(uint8_t)uTag];
+        if (pTlbe->uTag == uTag)
+        {
+            /* likely when executing lots of code, otherwise unlikely */
 # ifdef VBOX_WITH_STATISTICS
-        pVCpu->iem.s.CodeTlb.cTlbHits++;
+            pVCpu->iem.s.CodeTlb.cTlbHits++;
 # endif
-    }
-    else
-    {
-        pVCpu->iem.s.CodeTlb.cTlbMisses++;
-        pVCpu->iem.s.CodeTlb.cTlbMissesTag++;
+        }
+        else
+        {
+            pVCpu->iem.s.CodeTlb.cTlbMisses++;
 # ifdef VBOX_WITH_RAW_MODE_NOT_R0
-        if (PATMIsPatchGCAddr(pVCpu->CTX_SUFF(pVM), pCtx->eip))
+            if (PATMIsPatchGCAddr(pVCpu->CTX_SUFF(pVM), pCtx->eip))
+            {
+                pTlbe->uTag             = uTag;
+                pTlbe->fFlagsAndPhysRev = IEMTLBE_F_PATCH_CODE  | IEMTLBE_F_PT_NO_WRITE | IEMTLBE_F_PT_NO_USER
+                                        | IEMTLBE_F_PT_NO_WRITE | IEMTLBE_F_PT_NO_DIRTY | IEMTLBE_F_NO_MAPPINGR3;
+                pTlbe->GCPhys           = NIL_RTGCPHYS;
+                pTlbe->pbMappingR3      = NULL;
+            }
+            else
+# endif
+            {
+                RTGCPHYS    GCPhys;
+                uint64_t    fFlags;
+                int rc = PGMGstGetPage(pVCpu, GCPtrFirst, &fFlags, &GCPhys);
+                if (RT_FAILURE(rc))
+                {
+                    Log(("iemOpcodeFetchMoreBytes: %RGv - rc=%Rrc\n", GCPtrFirst, rc));
+                    iemRaisePageFaultJmp(pVCpu, GCPtrFirst, IEM_ACCESS_INSTRUCTION, rc);
+                }
+
+                AssertCompile(IEMTLBE_F_PT_NO_EXEC == 1);
+                pTlbe->uTag             = uTag;
+                pTlbe->fFlagsAndPhysRev = (~fFlags & (X86_PTE_US | X86_PTE_RW | X86_PTE_D)) | (fFlags >> X86_PTE_PAE_BIT_NX);
+                pTlbe->GCPhys           = GCPhys;
+                pTlbe->pbMappingR3      = NULL;
+            }
+        }
+
+        /*
+         * Check TLB page table level access flags.
+         */
+        if (pTlbe->fFlagsAndPhysRev & (IEMTLBE_F_PT_NO_USER | IEMTLBE_F_PT_NO_EXEC))
         {
-            pTlbe->uTag             = uTag;
-            pTlbe->fFlagsAndPhysRev = IEMTLBE_F_PATCH_CODE  | IEMTLBE_F_PT_NO_WRITE | IEMTLBE_F_PT_NO_USER
-                                    | IEMTLBE_F_PT_NO_WRITE | IEMTLBE_F_PT_NO_DIRTY | IEMTLBE_F_NO_MAPPINGR3;
-            pTlbe->GCPhys           = NIL_RTGCPHYS;
-            pTlbe->pMappingR3       = NULL;
+            if ((pTlbe->fFlagsAndPhysRev & IEMTLBE_F_PT_NO_USER) && pVCpu->iem.s.uCpl == 3)
+            {
+                Log(("iemOpcodeFetchBytesJmp: %RGv - supervisor page\n", GCPtrFirst));
+                iemRaisePageFaultJmp(pVCpu, GCPtrFirst, IEM_ACCESS_INSTRUCTION, VERR_ACCESS_DENIED);
+            }
+            if ((pTlbe->fFlagsAndPhysRev & IEMTLBE_F_PT_NO_EXEC) && (pCtx->msrEFER & MSR_K6_EFER_NXE))
+            {
+                Log(("iemOpcodeFetchMoreBytes: %RGv - NX\n", GCPtrFirst));
+                iemRaisePageFaultJmp(pVCpu, GCPtrFirst, IEM_ACCESS_INSTRUCTION, VERR_ACCESS_DENIED);
+            }
+        }
+
+# ifdef VBOX_WITH_RAW_MODE_NOT_R0
+        /*
+         * Allow interpretation of patch manager code blocks since they can for
+         * instance throw #PFs for perfectly good reasons.
+         */
+        if (!(pTlbe->fFlagsAndPhysRev & IEMTLBE_F_PATCH_CODE))
+        { /* no unlikely */ }
+        else
+        {
+            /** @todo Could be optimized this a little in ring-3 if we liked. */
+            size_t cbRead = 0;
+            int rc = PATMReadPatchCode(pVCpu->CTX_SUFF(pVM), GCPtrFirst, pvDst, cbDst, &cbRead);
+            AssertRCStmt(rc, longjmp(*CTX_SUFF(pVCpu->iem.s.pJmpBuf), rc));
+            AssertStmt(cbRead == cbDst, longjmp(*CTX_SUFF(pVCpu->iem.s.pJmpBuf), VERR_IEM_IPE_1));
+            return;
+        }
+# endif /* VBOX_WITH_RAW_MODE_NOT_R0 */
+
+        /*
+         * Look up the physical page info if necessary.
+         */
+        if ((pTlbe->fFlagsAndPhysRev & IEMTLBE_F_PHYS_REV) == pVCpu->iem.s.CodeTlb.uTlbPhysRev)
+        { /* not necessary */ }
+        else
+        {
+            AssertCompile(PGMIEMGCPHYS2PTR_F_NO_WRITE     == IEMTLBE_F_PG_NO_WRITE);
+            AssertCompile(PGMIEMGCPHYS2PTR_F_NO_READ      == IEMTLBE_F_PG_NO_READ);
+            AssertCompile(PGMIEMGCPHYS2PTR_F_NO_MAPPINGR3 == IEMTLBE_F_NO_MAPPINGR3);
+            pTlbe->fFlagsAndPhysRev &= ~(  IEMTLBE_F_PHYS_REV
+                                         | IEMTLBE_F_NO_MAPPINGR3 | IEMTLBE_F_PG_NO_READ | IEMTLBE_F_PG_NO_WRITE);
+            int rc = PGMPhysIemGCPhys2PtrNoLock(pVCpu->CTX_SUFF(pVM), pVCpu, pTlbe->GCPhys, &pVCpu->iem.s.CodeTlb.uTlbPhysRev,
+                                                &pTlbe->pbMappingR3, &pTlbe->fFlagsAndPhysRev);
+            AssertRCStmt(rc, longjmp(*CTX_SUFF(pVCpu->iem.s.pJmpBuf), rc));
+        }
+
+# if defined(IN_RING3) || (defined(IN_RING0) && !defined(VBOX_WITH_2X_4GB_ADDR_SPACE))
+        /*
+         * Try do a direct read using the pbMappingR3 pointer.
+         */
+        if (    (pTlbe->fFlagsAndPhysRev & (IEMTLBE_F_PHYS_REV | IEMTLBE_F_NO_MAPPINGR3 | IEMTLBE_F_PG_NO_READ))
+             == pVCpu->iem.s.CodeTlb.uTlbPhysRev)
+        {
+            uint32_t const offPg = (GCPtrFirst & X86_PAGE_OFFSET_MASK);
+            pVCpu->iem.s.cbInstrBufTotal  = offPg + cbMaxRead;
+            if (offBuf == (uint32_t)(int32_t)pVCpu->iem.s.offCurInstrStart)
+            {
+                pVCpu->iem.s.cbInstrBuf       = offPg + RT_MIN(15, cbMaxRead);
+                pVCpu->iem.s.offCurInstrStart = (int16_t)offPg;
+            }
+            else
+            {
+                uint32_t const cbInstr = offBuf - (uint32_t)(int32_t)pVCpu->iem.s.offCurInstrStart;
+                Assert(cbInstr < cbMaxRead);
+                pVCpu->iem.s.cbInstrBuf       = offPg + RT_MIN(cbMaxRead + cbInstr, 15) - cbInstr;
+                pVCpu->iem.s.offCurInstrStart = (int16_t)(offPg - cbInstr);
+            }
+            if (cbDst <= cbMaxRead)
+            {
+                pVCpu->iem.s.offInstrNextByte = offPg + (uint32_t)cbDst;
+                pVCpu->iem.s.uInstrBufPc      = GCPtrFirst & ~(RTGCPTR)X86_PAGE_OFFSET_MASK;
+                pVCpu->iem.s.pbInstrBuf       = pTlbe->pbMappingR3;
+                memcpy(pvDst, &pTlbe->pbMappingR3[offPg], cbDst);
+                return;
+            }
+            pVCpu->iem.s.pbInstrBuf = NULL;
+
+            memcpy(pvDst, &pTlbe->pbMappingR3[offPg], cbMaxRead);
+            pVCpu->iem.s.offInstrNextByte = offPg + cbMaxRead;
         }
         else
 # endif
+#if 0
+        /*
+         * If there is no special read handling, so we can read a bit more and
+         * put it in the prefetch buffer.
+         */
+        if (   cbDst < cbMaxRead
+            && (pTlbe->fFlagsAndPhysRev & (IEMTLBE_F_PHYS_REV | IEMTLBE_F_PG_NO_READ)) == pVCpu->iem.s.CodeTlb.uTlbPhysRev)
         {
-            RTGCPHYS    GCPhys;
-            uint64_t    fFlags;
-            int rc = PGMGstGetPage(pVCpu, GCPtrFirst, &fFlags, &GCPhys);
-            if (RT_FAILURE(rc))
+            VBOXSTRICTRC rcStrict = PGMPhysRead(pVCpu->CTX_SUFF(pVM), pTlbe->GCPhys,
+                                                &pVCpu->iem.s.abOpcode[0], cbToTryRead, PGMACCESSORIGIN_IEM);
+            if (RT_LIKELY(rcStrict == VINF_SUCCESS))
+            { /* likely */ }
+            else if (PGM_PHYS_RW_IS_SUCCESS(rcStrict))
             {
-                Log(("iemOpcodeFetchMoreBytes: %RGv - rc=%Rrc\n", GCPtrFirst, rc));
-                iemRaisePageFaultJmp(pVCpu, GCPtrFirst, IEM_ACCESS_INSTRUCTION, rc);
+                Log(("iemOpcodeFetchMoreBytes: %RGv/%RGp LB %#x - read status -  rcStrict=%Rrc\n",
+                     GCPtrNext, GCPhys, VBOXSTRICTRC_VAL(rcStrict), cbToTryRead));
+                rcStrict = iemSetPassUpStatus(pVCpu, rcStrict);
+                AssertStmt(rcStrict == VINF_SUCCESS, longjmp(*CTX_SUFF(pVCpu->iem.s.pJmpBuf), VBOXSTRICRC_VAL(rcStrict)));
             }
-
-            AssertCompile(IEMTLBE_F_PT_NO_EXEC == 1);
-            pTlbe->uTag             = uTag;
-            pTlbe->fFlagsAndPhysRev = (~fFlags & (X86_PTE_US | X86_PTE_RW | X86_PTE_D)) | (fFlags >> X86_PTE_PAE_BIT_NX);
-            pTlbe->GCPhys           = GCPhys;
-            pTlbe->pMappingR3       = NULL;
+            else
+            {
+                Log((RT_SUCCESS(rcStrict)
+                     ? "iemOpcodeFetchMoreBytes: %RGv/%RGp LB %#x - read status - rcStrict=%Rrc\n"
+                     : "iemOpcodeFetchMoreBytes: %RGv/%RGp LB %#x - read error - rcStrict=%Rrc (!!)\n",
+                     GCPtrNext, GCPhys, VBOXSTRICTRC_VAL(rcStrict), cbToTryRead));
+                longjmp(*CTX_SUFF(pVCpu->iem.s.pJmpBuf), VBOXSTRICTRC_VAL(rcStrict));
+            }
         }
-    }
-
-    /*
-     * Check TLB page table level access flags.
-     */
-    if (pTlbe->fFlagsAndPhysRev & (IEMTLBE_F_PT_NO_USER | IEMTLBE_F_PT_NO_EXEC))
-    {
-        if ((pTlbe->fFlagsAndPhysRev & IEMTLBE_F_PT_NO_USER) && pVCpu->iem.s.uCpl == 3)
+        /*
+         * Special read handling, so only read exactly what's needed.
+         * This is a highly unlikely scenario.
+         */
+        else
+#endif
         {
-            Log(("iemOpcodeFetchBytesJmp: %RGv - supervisor page\n", GCPtrFirst));
-            iemRaisePageFaultJmp(pVCpu, GCPtrFirst, IEM_ACCESS_INSTRUCTION, VERR_ACCESS_DENIED);
+            pVCpu->iem.s.CodeTlb.cTlbSlowReadPath++;
+            uint32_t const cbToRead = RT_MIN((uint32_t)cbDst, cbMaxRead);
+            VBOXSTRICTRC rcStrict = PGMPhysRead(pVCpu->CTX_SUFF(pVM), pTlbe->GCPhys + (GCPtrFirst & X86_PAGE_OFFSET_MASK),
+                                                pvDst, cbToRead, PGMACCESSORIGIN_IEM);
+            if (RT_LIKELY(rcStrict == VINF_SUCCESS))
+            { /* likely */ }
+            else if (PGM_PHYS_RW_IS_SUCCESS(rcStrict))
+            {
+                Log(("iemOpcodeFetchMoreBytes: %RGv/%RGp LB %#x - read status -  rcStrict=%Rrc\n",
+                     GCPtrFirst, pTlbe->GCPhys + (GCPtrFirst & X86_PAGE_OFFSET_MASK), VBOXSTRICTRC_VAL(rcStrict), cbToRead));
+                rcStrict = iemSetPassUpStatus(pVCpu, rcStrict);
+                AssertStmt(rcStrict == VINF_SUCCESS, longjmp(*CTX_SUFF(pVCpu->iem.s.pJmpBuf), VBOXSTRICTRC_VAL(rcStrict)));
+            }
+            else
+            {
+                Log((RT_SUCCESS(rcStrict)
+                     ? "iemOpcodeFetchMoreBytes: %RGv/%RGp LB %#x - read status - rcStrict=%Rrc\n"
+                     : "iemOpcodeFetchMoreBytes: %RGv/%RGp LB %#x - read error - rcStrict=%Rrc (!!)\n",
+                     GCPtrFirst, pTlbe->GCPhys + (GCPtrFirst & X86_PAGE_OFFSET_MASK), VBOXSTRICTRC_VAL(rcStrict), cbToRead));
+                longjmp(*CTX_SUFF(pVCpu->iem.s.pJmpBuf), VBOXSTRICTRC_VAL(rcStrict));
+            }
+            pVCpu->iem.s.offInstrNextByte = offBuf + cbToRead;
+            if (cbToRead == cbDst)
+                return;
         }
-        if ((pTlbe->fFlagsAndPhysRev & IEMTLBE_F_PT_NO_EXEC) && (pCtx->msrEFER & MSR_K6_EFER_NXE))
-        {
-            Log(("iemOpcodeFetchMoreBytes: %RGv - NX\n", GCPtrFirst));
-            iemRaisePageFaultJmp(pVCpu, GCPtrFirst, IEM_ACCESS_INSTRUCTION, VERR_ACCESS_DENIED);
-        }
-    }
-
-# ifdef VBOX_WITH_RAW_MODE_NOT_R0
-    /*
-     * Allow interpretation of patch manager code blocks since they can for
-     * instance throw #PFs for perfectly good reasons.
-     */
-    if (!(pTlbe->fFlagsAndPhysRev & IEMTLBE_F_PATCH_CODE))
-    { /* no unlikely */ }
-    else
-    {
-        /** @todo Could be optimized this a little in ring-3 if we liked. */
-        size_t cbRead = 0;
-        int rc = PATMReadPatchCode(pVCpu->CTX_SUFF(pVM), GCPtrFirst, pvDst, cbDst, &cbRead);
-        AssertRCStmt(rc, longjmp(*CTX_SUFF(pVCpu->iem.s.pJmpBuf), rc));
-        AssertStmt(cbRead == cbDst, longjmp(*CTX_SUFF(pVCpu->iem.s.pJmpBuf), VERR_IEM_IPE_1));
-        return;
-    }
-# endif /* VBOX_WITH_RAW_MODE_NOT_R0 */
-
-    /*
-     * Look up the physical page info if necessary.
-     */
-    if ((pTlbe->fFlagsAndPhysRev & IEMTLBE_F_PHYS_REV) == pVCpu->iem.s.CodeTlb.uTlbPhysRev)
-    { /* not necessary */ }
-    else
-    {
-    }
-
-
-# if defined(IN_RING3) || (defined(IN_RING0) && !defined(VBOX_WITH_2X_4GB_ADDR_SPACE))
-    /*
-     * Try do a direct read using the pMappingR3 pointer.
-     */
-    if (!(pTlbe->fFlagsAndPhysRev & (IEMTLBE_F_NO_MAPPINGR3 | IEMTLBE_F_PG_NO_READ))
-    {
-
-    }
-# endif
-
-
-# if 0
-    /*
-     * Read the bytes at this address.
-     *
-     * We read all unpatched bytes in iemInitDecoderAndPrefetchOpcodes already,
-     * and since PATM should only patch the start of an instruction there
-     * should be no need to check again here.
-     */
-    if (!pVCpu->iem.s.fBypassHandlers)
-    {
-        VBOXSTRICTRC rcStrict = PGMPhysRead(pVCpu->CTX_SUFF(pVM), GCPhys, &pVCpu->iem.s.abOpcode[pVCpu->iem.s.cbOpcode],
-                                            cbToTryRead, PGMACCESSORIGIN_IEM);
-        if (RT_LIKELY(rcStrict == VINF_SUCCESS))
-        { /* likely */ }
-        else if (PGM_PHYS_RW_IS_SUCCESS(rcStrict))
-        {
-            Log(("iemOpcodeFetchMoreBytes: %RGv/%RGp LB %#x - read status -  rcStrict=%Rrc\n",
-                 GCPtrNext, GCPhys, VBOXSTRICTRC_VAL(rcStrict), cbToTryRead));
-            rcStrict = iemSetPassUpStatus(pVCpu, rcStrict);
-        }
-        else
-        {
-            Log((RT_SUCCESS(rcStrict)
-                 ? "iemOpcodeFetchMoreBytes: %RGv/%RGp LB %#x - read status - rcStrict=%Rrc\n"
-                 : "iemOpcodeFetchMoreBytes: %RGv/%RGp LB %#x - read error - rcStrict=%Rrc (!!)\n",
-                 GCPtrNext, GCPhys, VBOXSTRICTRC_VAL(rcStrict), cbToTryRead));
-            return rcStrict;
-        }
-    }
-    else
-    {
-        rc = PGMPhysSimpleReadGCPhys(pVCpu->CTX_SUFF(pVM), &pVCpu->iem.s.abOpcode[pVCpu->iem.s.cbOpcode], GCPhys, cbToTryRead);
-        if (RT_SUCCESS(rc))
-        { /* likely */ }
-        else
-        {
-            Log(("iemOpcodeFetchMoreBytes: %RGv - read error - rc=%Rrc (!!)\n", GCPtrNext, rc));
-            return rc;
-        }
-    }
-    pVCpu->iem.s.cbOpcode += cbToTryRead;
-    Log5(("%.*Rhxs\n", pVCpu->iem.s.cbOpcode, pVCpu->iem.s.abOpcode));
-# endif
+
+        /*
+         * More to read, loop.
+         */
+        cbDst -= cbMaxRead;
+        pvDst  = (uint8_t *)pvDst + cbMaxRead;
+    }
 }
 

trunk/src/VBox/VMM/VMMAll/PGMAll.cpp

@@ -24 +24 @@
 #include <VBox/vmm/cpum.h>
 #include <VBox/vmm/selm.h>
+#include <VBox/vmm/iem.h>
 #include <VBox/vmm/iom.h>
 #include <VBox/sup.h>
@@ -731 +732 @@
     REMNotifyInvalidatePage(pVM, GCPtrPage);
 #endif /* !IN_RING3 */
+    IEMTlbInvalidatePage(pVCpu, GCPtrPage);
 
 
@@ -2021 +2023 @@
     }
 
+    IEMTlbInvalidateAll(pVCpu, false /*fVmm*/);
     STAM_PROFILE_STOP(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,FlushTLB), a);
     return rc;

trunk/src/VBox/VMM/VMMAll/PGMAllPhys.cpp

@@ -4377 +4377 @@
 
 
+/**
+ * Converts a GC physical address to a HC ring-3 pointer, with some
+ * additional checks.
+ *
+ * @returns VBox status code (no informational statuses).
+ *
+ * @param   pVM             The cross context VM structure.
+ * @param   pVCpu           The cross context virtual CPU structure of the
+ *                          calling EMT.
+ * @param   GCPhys          The GC physical address to convert.  This API mask
+ *                          the A20 line when necessary.
+ * @param   puTlbPhysRev    Where to read the physical TLB revision.  Needs to
+ *                          be done while holding the PGM lock.
+ * @param   ppb             Where to store the pointer corresponding to GCPhys
+ *                          on success.
+ * @param   pfTlb           The TLB flags and revision.  We only add stuff.
+ *
+ * @remarks This is more or a less a copy of PGMR3PhysTlbGCPhys2Ptr and
+ *          PGMPhysIemGCPhys2Ptr.
+ *
+ * @thread  EMT(pVCpu).
+ */
+VMM_INT_DECL(int) PGMPhysIemGCPhys2PtrNoLock(PVM pVM, PVMCPU pVCpu, RTGCPHYS GCPhys, uint64_t const volatile *puTlbPhysRev,
+#if defined(IN_RC) || defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0)
+                                             R3PTRTYPE(uint8_t *) *ppb,
+#else
+                                             R3R0PTRTYPE(uint8_t *) *ppb,
+#endif
+                                             uint64_t *pfTlb)
+{
+    PGM_A20_APPLY_TO_VAR(pVCpu, GCPhys);
+    Assert(!(GCPhys & X86_PAGE_OFFSET_MASK));
+
+    pgmLock(pVM);
+
+    PPGMRAMRANGE pRam;
+    PPGMPAGE pPage;
+    int rc = pgmPhysGetPageAndRangeEx(pVM, GCPhys, &pPage, &pRam);
+    if (RT_SUCCESS(rc))
+    {
+        if (!PGM_PAGE_IS_BALLOONED(pPage))
+        {
+            if (!PGM_PAGE_IS_SPECIAL_ALIAS_MMIO(pPage))
+            {
+                if (!PGM_PAGE_HAS_ANY_HANDLERS(pPage))
+                {
+                    /*
+                     * No access handler.
+                     */
+                    switch (PGM_PAGE_GET_STATE(pPage))
+                    {
+                        case PGM_PAGE_STATE_ALLOCATED:
+                            *pfTlb |= *puTlbPhysRev;
+                            break;
+                        case PGM_PAGE_STATE_BALLOONED:
+                            AssertFailed();
+                        case PGM_PAGE_STATE_ZERO:
+                        case PGM_PAGE_STATE_SHARED:
+                        case PGM_PAGE_STATE_WRITE_MONITORED:
+                            *pfTlb |= *puTlbPhysRev | PGMIEMGCPHYS2PTR_F_NO_WRITE;
+                            break;
+                    }
+#if defined(IN_RC) || defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0)
+                    *pfTlb |= PGMIEMGCPHYS2PTR_F_NO_MAPPINGR3;
+                    *ppb = NULL;
+#else
+                    PPGMPAGER3MAPTLBE pTlbe;
+                    rc = pgmPhysPageQueryTlbeWithPage(pVM, pPage, GCPhys, &pTlbe);
+                    AssertLogRelRCReturn(rc, rc);
+                    *ppb = (uint8_t *)pTlbe->pv;
+#endif
+                }
+                else if (PGM_PAGE_HAS_ACTIVE_ALL_HANDLERS(pPage))
+                {
+                    /*
+                     * MMIO or similar all access handler: Catch all access.
+                     */
+                    *pfTlb |= *puTlbPhysRev
+                           | PGMIEMGCPHYS2PTR_F_NO_WRITE | PGMIEMGCPHYS2PTR_F_NO_READ | PGMIEMGCPHYS2PTR_F_NO_MAPPINGR3;
+                    *ppb   = NULL;
+                }
+                else
+                {
+                    /*
+                     * Write access handler: Catch write accesses if active.
+                     */
+                    if (PGM_PAGE_HAS_ACTIVE_HANDLERS(pPage))
+                        *pfTlb |= *puTlbPhysRev | PGMIEMGCPHYS2PTR_F_NO_WRITE;
+                    else
+                        switch (PGM_PAGE_GET_STATE(pPage))
+                        {
+                            case PGM_PAGE_STATE_ALLOCATED:
+                                *pfTlb |= *puTlbPhysRev;
+                                break;
+                            case PGM_PAGE_STATE_BALLOONED:
+                                AssertFailed();
+                            case PGM_PAGE_STATE_ZERO:
+                            case PGM_PAGE_STATE_SHARED:
+                            case PGM_PAGE_STATE_WRITE_MONITORED:
+                                *pfTlb |= *puTlbPhysRev | PGMIEMGCPHYS2PTR_F_NO_WRITE;
+                                break;
+                        }
+#if defined(IN_RC) || defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0)
+                    *pfTlb |= PGMIEMGCPHYS2PTR_F_NO_MAPPINGR3;
+                    *ppb = NULL;
+#else
+                    PPGMPAGER3MAPTLBE pTlbe;
+                    rc = pgmPhysPageQueryTlbeWithPage(pVM, pPage, GCPhys, &pTlbe);
+                    AssertLogRelRCReturn(rc, rc);
+                    *ppb = (uint8_t *)pTlbe->pv;
+#endif
+                }
+            }
+            else
+            {
+                /* Alias MMIO: For now, we catch all access.  */
+                *pfTlb |= *puTlbPhysRev
+                       |  PGMIEMGCPHYS2PTR_F_NO_WRITE | PGMIEMGCPHYS2PTR_F_NO_READ | PGMIEMGCPHYS2PTR_F_NO_MAPPINGR3;
+                *ppb    = NULL;
+            }
+        }
+        else
+        {
+            /* Ballooned: Shouldn't get here, but we read zero page via PGMPhysRead and writes goes to /dev/null. */
+            *pfTlb |= *puTlbPhysRev | PGMIEMGCPHYS2PTR_F_NO_WRITE | PGMIEMGCPHYS2PTR_F_NO_READ | PGMIEMGCPHYS2PTR_F_NO_MAPPINGR3;
+            *ppb    = NULL;
+        }
+        Log6(("PGMPhysIemGCPhys2PtrNoLock: GCPhys=%RGp *ppb=%p *pfTlb=%#x pPage=%R[pgmpage]\n", GCPhys, rc, *ppb, *pfTlb, pPage));
+    }
+    else
+    {
+        *pfTlb |= *puTlbPhysRev | PGMIEMGCPHYS2PTR_F_NO_WRITE | PGMIEMGCPHYS2PTR_F_NO_READ | PGMIEMGCPHYS2PTR_F_NO_MAPPINGR3;
+        *ppb    = NULL;
+        Log6(("PGMPhysIemGCPhys2PtrNoLock: GCPhys=%RGp *ppb=%p *pfTlb=%#x\n", GCPhys, rc, pPage, *ppb, *pfTlb));
+    }
+
+    pgmUnlock(pVM);
+    return VINF_SUCCESS;
+}
 
 

trunk/src/VBox/VMM/VMMR3/IEMR3.cpp

@@ -60 +60 @@
 VMMR3DECL(int)      IEMR3Init(PVM pVM)
 {
+    uint64_t const uInitialTlbRevision = UINT64_C(0) - (IEMTLB_REVISION_INCR * 200U);
+    uint64_t const uInitialTlbPhysRev  = UINT64_C(0) - (IEMTLB_PHYS_REV_INCR * 100U);
+
     for (VMCPUID idCpu = 0; idCpu < pVM->cCpus; idCpu++)
     {
@@ -67 +70 @@
         pVCpu->iem.s.pCtxRC = VM_RC_ADDR(pVM, pVCpu->iem.s.pCtxR3);
 
-        STAMR3RegisterF(pVM, &pVCpu->iem.s.cInstructions,             STAMTYPE_U32,       STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
-                        "Instructions interpreted",          "/IEM/CPU%u/cInstructions", idCpu);
-        STAMR3RegisterF(pVM, &pVCpu->iem.s.cLongJumps,                STAMTYPE_U32,       STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
-                        "Number of longjmp calls",           "/IEM/CPU%u/cLongJumps", idCpu);
-        STAMR3RegisterF(pVM, &pVCpu->iem.s.cPotentialExits,           STAMTYPE_U32,       STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
-                        "Potential exits",                   "/IEM/CPU%u/cPotentialExits", idCpu);
-        STAMR3RegisterF(pVM, &pVCpu->iem.s.cRetAspectNotImplemented,  STAMTYPE_U32_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
-                        "VERR_IEM_ASPECT_NOT_IMPLEMENTED",   "/IEM/CPU%u/cRetAspectNotImplemented", idCpu);
-        STAMR3RegisterF(pVM, &pVCpu->iem.s.cRetInstrNotImplemented,   STAMTYPE_U32_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
-                        "VERR_IEM_INSTR_NOT_IMPLEMENTED",    "/IEM/CPU%u/cRetInstrNotImplemented", idCpu);
-        STAMR3RegisterF(pVM, &pVCpu->iem.s.cRetInfStatuses,           STAMTYPE_U32_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
-                        "Informational statuses returned",   "/IEM/CPU%u/cRetInfStatuses", idCpu);
-        STAMR3RegisterF(pVM, &pVCpu->iem.s.cRetErrStatuses,           STAMTYPE_U32_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
-                        "Error statuses returned",           "/IEM/CPU%u/cRetErrStatuses", idCpu);
-        STAMR3RegisterF(pVM, &pVCpu->iem.s.cbWritten,                 STAMTYPE_U32,       STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
-                        "Approx bytes written",              "/IEM/CPU%u/cbWritten", idCpu);
-        STAMR3RegisterF(pVM, &pVCpu->iem.s.cPendingCommit,            STAMTYPE_U32,       STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
+        pVCpu->iem.s.CodeTlb.uTlbRevision = pVCpu->iem.s.DataTlb.uTlbRevision = uInitialTlbRevision;
+        pVCpu->iem.s.CodeTlb.uTlbPhysRev  = pVCpu->iem.s.DataTlb.uTlbPhysRev  = uInitialTlbPhysRev;
+
+        STAMR3RegisterF(pVM, &pVCpu->iem.s.cInstructions,               STAMTYPE_U32,       STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
+                        "Instructions interpreted",                     "/IEM/CPU%u/cInstructions", idCpu);
+        STAMR3RegisterF(pVM, &pVCpu->iem.s.cLongJumps,                  STAMTYPE_U32,       STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
+                        "Number of longjmp calls",                      "/IEM/CPU%u/cLongJumps", idCpu);
+        STAMR3RegisterF(pVM, &pVCpu->iem.s.cPotentialExits,             STAMTYPE_U32,       STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
+                        "Potential exits",                              "/IEM/CPU%u/cPotentialExits", idCpu);
+        STAMR3RegisterF(pVM, &pVCpu->iem.s.cRetAspectNotImplemented,    STAMTYPE_U32_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
+                        "VERR_IEM_ASPECT_NOT_IMPLEMENTED",              "/IEM/CPU%u/cRetAspectNotImplemented", idCpu);
+        STAMR3RegisterF(pVM, &pVCpu->iem.s.cRetInstrNotImplemented,     STAMTYPE_U32_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
+                        "VERR_IEM_INSTR_NOT_IMPLEMENTED",               "/IEM/CPU%u/cRetInstrNotImplemented", idCpu);
+        STAMR3RegisterF(pVM, &pVCpu->iem.s.cRetInfStatuses,             STAMTYPE_U32_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
+                        "Informational statuses returned",              "/IEM/CPU%u/cRetInfStatuses", idCpu);
+        STAMR3RegisterF(pVM, &pVCpu->iem.s.cRetErrStatuses,             STAMTYPE_U32_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
+                        "Error statuses returned",                      "/IEM/CPU%u/cRetErrStatuses", idCpu);
+        STAMR3RegisterF(pVM, &pVCpu->iem.s.cbWritten,                   STAMTYPE_U32,       STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
+                        "Approx bytes written",                         "/IEM/CPU%u/cbWritten", idCpu);
+        STAMR3RegisterF(pVM, &pVCpu->iem.s.cPendingCommit,              STAMTYPE_U32,       STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
                         "Times RC/R0 had to postpone instruction committing to ring-3", "/IEM/CPU%u/cPendingCommit", idCpu);
+
+#ifdef VBOX_WITH_STATISTICS
+        STAMR3RegisterF(pVM, &pVCpu->iem.s.CodeTlb.cTlbHits,            STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
+                        "Code TLB hits",                            "/IEM/CPU%u/CodeTlb-Hits", idCpu);
+        STAMR3RegisterF(pVM, &pVCpu->iem.s.DataTlb.cTlbHits,            STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
+                        "Data TLB hits",                            "/IEM/CPU%u/DataTlb-Hits", idCpu);
+#endif
+        STAMR3RegisterF(pVM, &pVCpu->iem.s.CodeTlb.cTlbMisses,          STAMTYPE_U32_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
+                        "Code TLB misses",                          "/IEM/CPU%u/CodeTlb-Misses", idCpu);
+        STAMR3RegisterF(pVM, &pVCpu->iem.s.CodeTlb.uTlbRevision,        STAMTYPE_X64,       STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
+                        "Code TLB revision",                        "/IEM/CPU%u/CodeTlb-Revision", idCpu);
+        STAMR3RegisterF(pVM, (void *)&pVCpu->iem.s.CodeTlb.uTlbPhysRev, STAMTYPE_X64,       STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
+                        "Code TLB physical revision",               "/IEM/CPU%u/CodeTlb-PhysRev", idCpu);
+        STAMR3RegisterF(pVM, &pVCpu->iem.s.CodeTlb.cTlbSlowReadPath,    STAMTYPE_U32_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
+                        "Code TLB slow read path",                  "/IEM/CPU%u/CodeTlb-SlowReads", idCpu);
+
+        STAMR3RegisterF(pVM, &pVCpu->iem.s.DataTlb.cTlbMisses,          STAMTYPE_U32_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
+                        "Data TLB misses",                          "/IEM/CPU%u/DataTlb-Misses", idCpu);
+        STAMR3RegisterF(pVM, &pVCpu->iem.s.DataTlb.uTlbRevision,        STAMTYPE_X64,       STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
+                        "Data TLB revision",                        "/IEM/CPU%u/DataTlb-Revision", idCpu);
+        STAMR3RegisterF(pVM, (void *)&pVCpu->iem.s.DataTlb.uTlbPhysRev, STAMTYPE_X64,       STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
+                        "Data TLB physical revision",               "/IEM/CPU%u/DataTlb-PhysRev", idCpu);
+
 
         /*

trunk/src/VBox/VMM/VMMR3/PGMPhys.cpp

@@ -22 +22 @@
 #define LOG_GROUP LOG_GROUP_PGM_PHYS
 #include <VBox/vmm/pgm.h>
+#include <VBox/vmm/iem.h>
 #include <VBox/vmm/iom.h>
 #include <VBox/vmm/mm.h>
@@ -3762 +3763 @@
         HMFlushTLB(pVCpu);
 #endif
+        IEMTlbInvalidateAllPhysical(pVCpu);
         STAM_REL_COUNTER_INC(&pVCpu->pgm.s.cA20Changes);
     }

trunk/src/VBox/VMM/include/IEMInternal.h

@@ -64 +64 @@
 #endif
 
+
+//#define IEM_WITH_CODE_TLB// - work in progress
 
 
@@ -310 +312 @@
     /** Pointer to the ring-3 mapping (possibly also valid in ring-0). */
 #ifdef VBOX_WITH_2X_4GB_ADDR_SPACE
-    R3PTRTYPE(uint8_t *)    pMappingR3;
+    R3PTRTYPE(uint8_t *)    pbMappingR3;
 #else
-    R3R0PTRTYPE(uint8_t *)  pMappingR3;
+    R3R0PTRTYPE(uint8_t *)  pbMappingR3;
 #endif
 #if HC_ARCH_BITS == 32
@@ -371 +373 @@
     /** TLB misses. */
     uint32_t            cTlbMisses;
+    /** Slow read path.  */
+    uint32_t            cTlbSlowReadPath;
+#if 0
     /** TLB misses because of tag mismatch. */
     uint32_t            cTlbMissesTag;
@@ -383 +388 @@
     /** TLB misses because no r3(/r0) mapping. */
     uint32_t            cTlbMissesMapping;
+#endif
     /** Alignment padding. */
-    uint32_t            au32Padding[3];
+    uint32_t            au32Padding[3+5];
 } IEMTLB;
 AssertCompileSizeAlignment(IEMTLB, 64);
@@ -448 +454 @@
      * This takes the CS segment limit into account. */
     uint16_t                cbInstrBufTotal;                                                                /* 0x24 */
-    /** Offset into pbInstrBuf of the first byte of the current instruction. */
-    uint16_t                offCurInstrStart;                                                               /* 0x26 */
+    /** Offset into pbInstrBuf of the first byte of the current instruction.
+     * Can be negative to efficiently handle cross page instructions. */
+    int16_t                 offCurInstrStart;                                                               /* 0x26 */
 
     /** The prefix mask (IEM_OP_PRF_XXX). */
@@ -722 +729 @@
 /** @def Gets the instruction length. */
 #ifdef IEM_WITH_CODE_TLB
-# define IEM_GET_INSTR_LEN(a_pVCpu)     ((a_pVCpu)->iem.s.offInstrNextByte - (uint32_t)(a_pVCpu)->iem.s.offCurInstrStart)
+# define IEM_GET_INSTR_LEN(a_pVCpu)     ((a_pVCpu)->iem.s.offInstrNextByte - (uint32_t)(int32_t)(a_pVCpu)->iem.s.offCurInstrStart)
 #else
 # define IEM_GET_INSTR_LEN(a_pVCpu)     ((a_pVCpu)->iem.s.offOpcode)