Changeset 64115 in vbox

Timestamp:

Sep 30, 2016 8:14:27 PM (9 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

111072

Message:

PDM,IOM,PGM: Morphed the MMIO2 API into a mixed MMIO2 and pre-registered MMIO API that is able to deal with really large (<= 64GB) MMIO ranges. Limited testing, so back out at first sign of trouble.

Location:

trunk

Files:

• include/VBox/err.h (modified) (1 diff)
• include/VBox/param.h (modified) (1 diff)
• include/VBox/vmm/iom.h (modified) (1 diff)
• include/VBox/vmm/pdmdev.h (modified) (11 diffs)
• include/VBox/vmm/pgm.h (modified) (1 diff)
• src/VBox/Devices/Bus/DevPCI.cpp (modified) (1 diff)
• src/VBox/Devices/Bus/DevPciIch9.cpp (modified) (1 diff)
• src/VBox/Devices/GIMDev/GIMDev.cpp (modified) (1 diff)
• src/VBox/Devices/Graphics/DevVGA-SVGA.cpp (modified) (1 diff)
• src/VBox/Devices/Graphics/DevVGA.cpp (modified) (1 diff)
• src/VBox/Devices/Network/DevE1000.cpp (modified) (5 diffs)
• src/VBox/Devices/Network/DevPCNet.cpp (modified) (1 diff)
• src/VBox/Devices/Samples/DevPlayground.cpp (modified) (2 diffs)
• src/VBox/Devices/VMMDev/VMMDev.cpp (modified) (2 diffs)
• src/VBox/VMM/VMMAll/PGMAllHandler.cpp (modified) (3 diffs)
• src/VBox/VMM/VMMAll/PGMAllPhys.cpp (modified) (1 diff)
• src/VBox/VMM/VMMR3/GIM.cpp (modified) (1 diff)
• src/VBox/VMM/VMMR3/IOM.cpp (modified) (1 diff)
• src/VBox/VMM/VMMR3/PDM.cpp (modified) (1 diff)
• src/VBox/VMM/VMMR3/PDMDevHlp.cpp (modified) (7 diffs)
• src/VBox/VMM/VMMR3/PDMDevMiscHlp.cpp (modified) (1 diff)
• src/VBox/VMM/VMMR3/PGM.cpp (modified) (1 diff)
• src/VBox/VMM/VMMR3/PGMPhys.cpp (modified) (37 diffs)
• src/VBox/VMM/VMMR3/PGMSavedState.cpp (modified) (12 diffs)
• src/VBox/VMM/include/PGMInternal.h (modified) (9 diffs)
• src/VBox/VMM/testcase/tstVMStruct.h (modified) (1 diff)
• src/VBox/VMM/testcase/tstVMStructSize.cpp (modified) (1 diff)

trunk/include/VBox/err.h

@@ -520 +520 @@
 /** Don't mess around with ballooned pages. */
 #define VERR_PGM_PHYS_PAGE_BALLOONED            (-1646)
+/** Internal processing error \#1 in page access handler code. */
+#define VERR_PGM_HANDLER_IPE_1                  (-1647)
 
 

trunk/include/VBox/param.h

@@ -39 +39 @@
 /** The maximum number of pages that can be allocated and mapped
  * by various MM, PGM and SUP APIs. */
-#define VBOX_MAX_ALLOC_PAGE_COUNT   (256U * _1M / PAGE_SIZE)
+#if ARCH_BITS == 64
+# define VBOX_MAX_ALLOC_PAGE_COUNT   (_512M / PAGE_SIZE)
+#else
+# define VBOX_MAX_ALLOC_PAGE_COUNT   (_256M / PAGE_SIZE)
+#endif
 
 /** @def VBOX_WITH_PAGE_SHARING

trunk/include/VBox/vmm/iom.h

@@ -350 +350 @@
                                          RCPTRTYPE(PFNIOMMMIOFILL)  pfnFillCallback);
 VMMR3_INT_DECL(int)  IOMR3MmioDeregister(PVM pVM, PPDMDEVINS pDevIns, RTGCPHYS GCPhysStart, RTGCPHYS cbRange);
+VMMR3_INT_DECL(int)  IOMR3MmioExPreRegister(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS cbRange,
+                                            uint32_t fFlags, const char *pszDesc,
+                                            RTR3PTR pvUserR3,
+                                            R3PTRTYPE(PFNIOMMMIOWRITE) pfnWriteCallbackR3,
+                                            R3PTRTYPE(PFNIOMMMIOREAD)  pfnReadCallbackR3,
+                                            R3PTRTYPE(PFNIOMMMIOFILL)  pfnFillCallbackR3,
+                                            RTR0PTR pvUserR0,
+                                            R0PTRTYPE(PFNIOMMMIOWRITE) pfnWriteCallbackR0,
+                                            R0PTRTYPE(PFNIOMMMIOREAD)  pfnReadCallbackR0,
+                                            R0PTRTYPE(PFNIOMMMIOFILL)  pfnFillCallbackR0,
+                                            RTRCPTR pvUserRC,
+                                            RCPTRTYPE(PFNIOMMMIOWRITE) pfnWriteCallbackRC,
+                                            RCPTRTYPE(PFNIOMMMIOREAD)  pfnReadCallbackRC,
+                                            RCPTRTYPE(PFNIOMMMIOFILL)  pfnFillCallbackRC);
+VMMR3_INT_DECL(int)  IOMR3MmioExNotifyMapped(PVM pVM, void *pvUser, RTGCPHYS GCPhys);
+VMMR3_INT_DECL(void) IOMR3MmioExNotifyUnmapped(PVM pVM, void *pvUser, RTGCPHYS GCPhys);
+VMMR3_INT_DECL(void) IOMR3MmioExNotifyDeregistered(PVM pVM, void *pvUser);
+
 VMMR3_INT_DECL(VBOXSTRICTRC) IOMR3ProcessForceFlag(PVM pVM, PVMCPU pVCpu, VBOXSTRICTRC rcStrict);
 

trunk/include/VBox/vmm/pdmdev.h

@@ -808 +808 @@
 
     /**
-     * Checks if the given address is an MMIO2 base address or not.
+     * Checks if the given address is an MMIO2 or pre-registered MMIO base address.
      *
      * @returns true/false accordingly.
@@ -814 +814 @@
      * @param   pOwner          The owner of the memory, optional.
      * @param   GCPhys          The address to check.
-     */
-    DECLR3CALLBACKMEMBER(bool,  pfnIsMMIO2Base,(PPDMDEVINS pDevIns, PPDMDEVINS pOwner, RTGCPHYS GCPhys));
+     * @sa      PGMR3PhysMMIOExIsBase
+     */
+    DECLR3CALLBACKMEMBER(bool,  pfnIsMMIOExBase,(PPDMDEVINS pDevIns, PPDMDEVINS pOwner, RTGCPHYS GCPhys));
 
     /**
@@ -867 +868 @@
 
 /** Current PDMPCIHLPR3 version number. */
-#define PDM_PCIHLPR3_VERSION                    PDM_VERSION_MAKE(0xfffb, 3, 0)
+#define PDM_PCIHLPR3_VERSION                    PDM_VERSION_MAKE(0xfffb, 3, 1)
 
 
@@ -2525 +2526 @@
 
     /**
-     * Deregisters and frees a MMIO2 region.
+     * Deregisters and frees a MMIO or MMIO2 region.
      *
      * Any physical (and virtual) access handlers registered for the region must
-     * be deregistered before calling this function.
+     * be deregistered before calling this function (MMIO2 only).
      *
      * @returns VBox status code.
@@ -2535 +2536 @@
      * @thread  EMT.
      */
-    DECLR3CALLBACKMEMBER(int, pfnMMIO2Deregister,(PPDMDEVINS pDevIns, uint32_t iRegion));
-
-    /**
-     * Maps a MMIO2 region into the physical memory space.
-     *
-     * A MMIO2 range may overlap with base memory if a lot of RAM
-     * is configured for the VM, in which case we'll drop the base
-     * memory pages. Presently we will make no attempt to preserve
-     * anything that happens to be present in the base memory that
-     * is replaced, this is of course incorrect but it's too much
-     * effort.
+    DECLR3CALLBACKMEMBER(int, pfnMMIOExDeregister,(PPDMDEVINS pDevIns, uint32_t iRegion));
+
+    /**
+     * Maps a MMIO or MMIO2 region into the physical memory space.
+     *
+     * A MMIO2 range or a pre-registered MMIO range may overlap with base memory if
+     * a lot of RAM is configured for the VM, in  which case we'll drop the base
+     * memory pages.  Presently we will make no attempt to preserve anything that
+     * happens to be present in the base memory that is replaced, this is of course
+     * incorrect but it's too much effort.
      *
      * @returns VBox status code.
@@ -2553 +2553 @@
      * @thread  EMT.
      */
-    DECLR3CALLBACKMEMBER(int, pfnMMIO2Map,(PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS GCPhys));
-
-    /**
-     * Unmaps a MMIO2 region previously mapped using pfnMMIO2Map.
+    DECLR3CALLBACKMEMBER(int, pfnMMIOExMap,(PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS GCPhys));
+
+    /**
+     * Unmaps a MMIO or MMIO2 region previously mapped using pfnMMIOExMap.
      *
      * @returns VBox status code.
@@ -2564 +2564 @@
      * @thread  EMT.
      */
-    DECLR3CALLBACKMEMBER(int, pfnMMIO2Unmap,(PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS GCPhys));
+    DECLR3CALLBACKMEMBER(int, pfnMMIOExUnmap,(PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS GCPhys));
 
     /**
@@ -3607 +3607 @@
     DECLR3CALLBACKMEMBER(VMRESUMEREASON, pfnVMGetResumeReason,(PPDMDEVINS pDevIns));
 
+    /**
+     * Pre-register a Memory Mapped I/O (MMIO) region.
+     *
+     * This API must be used for large PCI MMIO regions, as it handles these much
+     * more efficiently and with greater flexibility when it comes to heap usage.
+     * It is only available during device construction.
+     *
+     * To map and unmap the pre-registered region into and our of guest address
+     * space, use the PDMDevHlpMMIOExMap and PDMDevHlpMMIOExUnmap helpers.
+     *
+     * You may call PDMDevHlpMMIOExDeregister from the destructor to free the region
+     * for reasons of symmetry, but it will be automatically deregistered by PDM
+     * once the destructor returns.
+     *
+     * @returns VBox status.
+     * @param   pDevIns             The device instance to register the MMIO with.
+     * @param   iRegion             The region number.
+     * @param   cbRegion            The size of the range (in bytes).
+     * @param   fFlags              Flags, IOMMMIO_FLAGS_XXX.
+     * @param   pszDesc             Pointer to description string. This must not be freed.
+     * @param   pvUser              Ring-3 user argument.
+     * @param   pfnWrite            Pointer to function which is gonna handle Write operations.
+     * @param   pfnRead             Pointer to function which is gonna handle Read operations.
+     * @param   pfnFill             Pointer to function which is gonna handle Fill/memset operations. (optional)
+     * @param   pvUserR0            Ring-0 user argument. Optional.
+     * @param   pszWriteR0          The name of the ring-0 write handler method. Optional.
+     * @param   pszReadR0           The name of the ring-0 read handler method. Optional.
+     * @param   pszFillR0           The name of the ring-0 fill/memset handler method. Optional.
+     * @param   pvUserRC            Raw-mode context user argument. Optional.  If
+     *                              unsigned value is 0x10000 or higher, it will be
+     *                              automatically relocated with the hypervisor
+     *                              guest mapping.
+     * @param   pszWriteRC          The name of the raw-mode context write handler method. Optional.
+     * @param   pszReadRC           The name of the raw-mode context read handler method. Optional.
+     * @param   pszFillRC           The name of the raw-mode context fill/memset handler method. Optional.
+     * @thread  EMT
+     *
+     * @remarks Caller enters the device critical section prior to invoking the
+     *          registered callback methods.
+     * @sa      PDMDevHlpMMIOExMap, PDMDevHlpMMIOExUnmap, PDMDevHlpMMIOExDeregister,
+     *          PDMDevHlpMMIORegisterEx
+     */
+    DECLR3CALLBACKMEMBER(int, pfnMMIOExPreRegister,(PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS cbRegion,
+                                                    uint32_t fFlags, const char *pszDesc, RTHCPTR pvUser,
+                                                    PFNIOMMMIOWRITE pfnWrite, PFNIOMMMIOREAD pfnRead, PFNIOMMMIOFILL pfnFill,
+                                                    RTR0PTR pvUserR0, const char *pszWriteR0, const char *pszReadR0, const char *pszFillR0,
+                                                    RTRCPTR pvUserRC, const char *pszWriteRC, const char *pszReadRC, const char *pszFillRC));
 
     /** Space reserved for future members.
@@ -3616 +3663 @@
     DECLR3CALLBACKMEMBER(void, pfnReserved5,(void));
     DECLR3CALLBACKMEMBER(void, pfnReserved6,(void));
-    DECLR3CALLBACKMEMBER(void, pfnReserved7,(void));
-    /*DECLR3CALLBACKMEMBER(void, pfnReserved8,(void));
+    /*DECLR3CALLBACKMEMBER(void, pfnReserved7,(void));
+    DECLR3CALLBACKMEMBER(void, pfnReserved8,(void));
     DECLR3CALLBACKMEMBER(void, pfnReserved9,(void));*/
     /*DECLR3CALLBACKMEMBER(void, pfnReserved10,(void));*/
@@ -3819 +3866 @@
 /** Current PDMDEVHLPR3 version number. */
 /* 5.0 is (18, 0) so the next version for trunk has to be (19, 0)! */
-#define PDM_DEVHLPR3_VERSION                    PDM_VERSION_MAKE(0xffe7, 17, 0)
+#define PDM_DEVHLPR3_VERSION                    PDM_VERSION_MAKE(0xffe7, 17, 1)
 
 
@@ -4644 +4691 @@
 
 /**
- * @copydoc PDMDEVHLPR3::pfnMMIO2Deregister
- */
-DECLINLINE(int) PDMDevHlpMMIO2Deregister(PPDMDEVINS pDevIns, uint32_t iRegion)
-{
-    return pDevIns->pHlpR3->pfnMMIO2Deregister(pDevIns, iRegion);
-}
-
-/**
- * @copydoc PDMDEVHLPR3::pfnMMIO2Map
- */
-DECLINLINE(int) PDMDevHlpMMIO2Map(PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS GCPhys)
-{
-    return pDevIns->pHlpR3->pfnMMIO2Map(pDevIns, iRegion, GCPhys);
-}
-
-/**
- * @copydoc PDMDEVHLPR3::pfnMMIO2Unmap
- */
-DECLINLINE(int) PDMDevHlpMMIO2Unmap(PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS GCPhys)
-{
-    return pDevIns->pHlpR3->pfnMMIO2Unmap(pDevIns, iRegion, GCPhys);
+ * @copydoc PDMDEVHLPR3::pfnMMIOExPreRegister
+ */
+DECLINLINE(int) PDMDevHlpMMIOExPreRegister(PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS cbRegion,
+                                           uint32_t fFlags, const char *pszDesc, RTHCPTR pvUser,
+                                           PFNIOMMMIOWRITE pfnWrite, PFNIOMMMIOREAD pfnRead, PFNIOMMMIOFILL pfnFill,
+                                           RTR0PTR pvUserR0, const char *pszWriteR0, const char *pszReadR0, const char *pszFillR0,
+                                           RTRCPTR pvUserRC, const char *pszWriteRC, const char *pszReadRC, const char *pszFillRC)
+{
+    return pDevIns->pHlpR3->pfnMMIOExPreRegister(pDevIns, iRegion, cbRegion, fFlags, pszDesc,
+                                                 pvUser, pfnWrite, pfnRead, pfnFill,
+                                                 pvUserR0, pszWriteR0, pszReadR0, pszFillR0,
+                                                 pvUserRC, pszWriteRC, pszReadRC, pszFillRC);
+}
+
+/**
+ * @copydoc PDMDEVHLPR3::pfnMMIOExDeregister
+ */
+DECLINLINE(int) PDMDevHlpMMIOExDeregister(PPDMDEVINS pDevIns, uint32_t iRegion)
+{
+    return pDevIns->pHlpR3->pfnMMIOExDeregister(pDevIns, iRegion);
+}
+
+/**
+ * @copydoc PDMDEVHLPR3::pfnMMIOExMap
+ */
+DECLINLINE(int) PDMDevHlpMMIOExMap(PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS GCPhys)
+{
+    return pDevIns->pHlpR3->pfnMMIOExMap(pDevIns, iRegion, GCPhys);
+}
+
+/**
+ * @copydoc PDMDEVHLPR3::pfnMMIOExUnmap
+ */
+DECLINLINE(int) PDMDevHlpMMIOExUnmap(PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS GCPhys)
+{
+    return pDevIns->pHlpR3->pfnMMIOExUnmap(pDevIns, iRegion, GCPhys);
 }
 

trunk/include/VBox/vmm/pgm.h

@@ -742 +742 @@
 VMMR3DECL(int)      PGMR3PhysMMIODeregister(PVM pVM, RTGCPHYS GCPhys, RTGCPHYS cb);
 VMMR3DECL(int)      PGMR3PhysMMIO2Register(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS cb, uint32_t fFlags, void **ppv, const char *pszDesc);
-VMMR3DECL(int)      PGMR3PhysMMIO2Deregister(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion);
-VMMR3DECL(int)      PGMR3PhysMMIO2Map(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS GCPhys);
-VMMR3DECL(int)      PGMR3PhysMMIO2Unmap(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS GCPhys);
-VMMR3DECL(bool)     PGMR3PhysMMIO2IsBase(PVM pVM, PPDMDEVINS pDevIns, RTGCPHYS GCPhys);
-VMMR3DECL(int)      PGMR3PhysMMIO2GetHCPhys(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS off, PRTHCPHYS pHCPhys);
-VMMR3DECL(int)      PGMR3PhysMMIO2MapKernel(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS off, RTGCPHYS cb, const char *pszDesc, PRTR0PTR pR0Ptr);
+VMMR3DECL(int)      PGMR3PhysMMIOExPreRegister(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS cb, PGMPHYSHANDLERTYPE hType,
+                                               RTR3PTR pvUserR3, RTR0PTR pvUserR0, RTRCPTR pvUserRC, const char *pszDesc);
+VMMR3DECL(int)      PGMR3PhysMMIOExDeregister(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion);
+VMMR3DECL(int)      PGMR3PhysMMIOExMap(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS GCPhys);
+VMMR3DECL(int)      PGMR3PhysMMIOExUnmap(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS GCPhys);
+VMMR3DECL(bool)     PGMR3PhysMMIOExIsBase(PVM pVM, PPDMDEVINS pDevIns, RTGCPHYS GCPhys);
+VMMR3_INT_DECL(int) PGMR3PhysMMIO2GetHCPhys(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS off, PRTHCPHYS pHCPhys);
+VMMR3_INT_DECL(int) PGMR3PhysMMIO2MapKernel(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS off, RTGCPHYS cb, const char *pszDesc, PRTR0PTR pR0Ptr);
 
 /** @name PGMR3PhysRegisterRom flags.

trunk/src/VBox/Devices/Bus/DevPCI.cpp

@@ -319 +319 @@
                         RTGCPHYS GCPhysBase = r->addr;
                         int rc;
-                        if (pBus->pPciHlpR3->pfnIsMMIO2Base(pBus->pDevInsR3, d->pDevIns, GCPhysBase))
+                        if (pBus->pPciHlpR3->pfnIsMMIOExBase(pBus->pDevInsR3, d->pDevIns, GCPhysBase))
                         {
                             /* unmap it. */
                             rc = r->map_func(d, i, NIL_RTGCPHYS, r->size, (PCIADDRESSSPACE)(r->type));
                             AssertRC(rc);
-                            rc = PDMDevHlpMMIO2Unmap(d->pDevIns, i, GCPhysBase);
+                            rc = PDMDevHlpMMIOExUnmap(d->pDevIns, i, GCPhysBase);
                         }
                         else

trunk/src/VBox/Devices/Bus/DevPciIch9.cpp

@@ -841 +841 @@
         {
             RTGCPHYS GCPhysBase = pRegion->addr;
-            if (pBus->pPciHlpR3->pfnIsMMIO2Base(pBus->pDevInsR3, pDev->pDevIns, GCPhysBase))
+            if (pBus->pPciHlpR3->pfnIsMMIOExBase(pBus->pDevInsR3, pDev->pDevIns, GCPhysBase))
             {
                 /* unmap it. */
                 rc = pRegion->map_func(pDev, iRegion, NIL_RTGCPHYS, pRegion->size, (PCIADDRESSSPACE)(pRegion->type));
                 AssertRC(rc);
-                rc = PDMDevHlpMMIO2Unmap(pDev->pDevIns, iRegion, GCPhysBase);
+                rc = PDMDevHlpMMIOExUnmap(pDev->pDevIns, iRegion, GCPhysBase);
             }
             else

trunk/src/VBox/Devices/GIMDev/GIMDev.cpp

@@ -340 +340 @@
     for (uint32_t i = 0; i < cRegions; i++, pCur++)
     {
-        int rc = PDMDevHlpMMIO2Deregister(pDevIns, pCur->iRegion);
+        int rc = PDMDevHlpMMIOExDeregister(pDevIns, pCur->iRegion);
         if (RT_FAILURE(rc))
             return rc;

trunk/src/VBox/Devices/Graphics/DevVGA-SVGA.cpp

@@ -3814 +3814 @@
              * Mapping the FIFO RAM.
              */
-            rc = PDMDevHlpMMIO2Map(pDevIns, iRegion, GCPhysAddress);
+            rc = PDMDevHlpMMIOExMap(pDevIns, iRegion, GCPhysAddress);
             AssertRC(rc);
 

trunk/src/VBox/Devices/Graphics/DevVGA.cpp

@@ -5432 +5432 @@
          * Mapping the VRAM.
          */
-        rc = PDMDevHlpMMIO2Map(pDevIns, iRegion, GCPhysAddress);
+        rc = PDMDevHlpMMIOExMap(pDevIns, iRegion, GCPhysAddress);
         AssertRC(rc);
         if (RT_SUCCESS(rc))

trunk/src/VBox/Devices/Network/DevE1000.cpp

@@ -48 +48 @@
 
 
-/* Options *******************************************************************/
+/*********************************************************************************************************************************
+*   Defined Constants And Macros                                                                                                 *
+*********************************************************************************************************************************/
+/** @name E1000 Build Options
+ * @{ */
 /** @def E1K_INIT_RA0
  * E1K_INIT_RA0 forces E1000 to set the first entry in Receive Address filter
@@ -117 +121 @@
  */
 #define E1K_WITH_RXD_CACHE
+/** @def E1K_WITH_PREREG_MMIO
+ * E1K_WITH_PREREG_MMIO enables a new style MMIO registration and is
+ * currently only done for testing the relateted PDM, IOM and PGM code. */
+//#define E1K_WITH_PREREG_MMIO
+/* @} */
 /* End of Options ************************************************************/
 
@@ -6113 +6122 @@
              *    byte enables.
              */
+#ifdef E1K_WITH_PREREG_MMIO
+            pThis->addrMMReg = GCPhysAddress;
+            if (GCPhysAddress == NIL_RTGCPHYS)
+                rc = VINF_SUCCESS;
+            else
+            {
+                Assert(!(GCPhysAddress & 7));
+                rc = PDMDevHlpMMIOExMap(pPciDev->pDevIns, iRegion, GCPhysAddress);
+            }
+#else
             pThis->addrMMReg = GCPhysAddress; Assert(!(GCPhysAddress & 7));
             rc = PDMDevHlpMMIORegister(pPciDev->pDevIns, GCPhysAddress, cb, NULL /*pvUser*/,
@@ -6123 +6142 @@
                 rc = PDMDevHlpMMIORegisterRC(pPciDev->pDevIns, GCPhysAddress, cb, NIL_RTRCPTR /*pvUser*/,
                                              "e1kMMIOWrite", "e1kMMIORead");
+#endif
             break;
 
@@ -7641 +7661 @@
     if (RT_FAILURE(rc))
         return rc;
+#ifdef E1K_WITH_PREREG_MMIO
+    rc = PDMDevHlpMMIOExPreRegister(pDevIns, 0, E1K_MM_SIZE, IOMMMIO_FLAGS_READ_DWORD | IOMMMIO_FLAGS_WRITE_ONLY_DWORD, "E1000",
+                                    NULL        /*pvUserR3*/, e1kMMIOWrite, e1kMMIORead, NULL /*pfnFillR3*/,
+                                    NIL_RTR0PTR /*pvUserR0*/, pThis->fR0Enabled ? "e1kMMIOWrite" : NULL,
+                                    pThis->fR0Enabled ? "e1kMMIORead" : NULL, NULL /*pszFillR0*/,
+                                    NIL_RTRCPTR /*pvUserRC*/, pThis->fRCEnabled ? "e1kMMIOWrite" : NULL,
+                                    pThis->fRCEnabled ? "e1kMMIORead" : NULL, NULL /*pszFillRC*/);
+    AssertLogRelRCReturn(rc, rc);
+#endif
     /* Map our registers to IO space (region 2, see e1kConfigurePCI) */
     rc = PDMDevHlpPCIIORegionRegister(pDevIns, 2, E1K_IOPORT_SIZE, PCI_ADDRESS_SPACE_IO, e1kMap);

trunk/src/VBox/Devices/Network/DevPCNet.cpp

@@ -4418 +4418 @@
     {
         /* drop this dummy region */
-        rc = PDMDevHlpMMIO2Deregister(pDevIns, 2);
+        rc = PDMDevHlpMMIOExDeregister(pDevIns, 2);
         pThis->fSharedRegion = false;
     }

trunk/src/VBox/Devices/Samples/DevPlayground.cpp

@@ -80 +80 @@
  * @callback_method_impl{FNPCIIOREGIONMAP}
  */
-static DECLCALLBACK(int) devPlaygroundMap(PPCIDEVICE pPciDev, int iRegion, RTGCPHYS GCPhysAddress, RTGCPHYS cb, PCIADDRESSSPACE enmType)
-{
-    NOREF(enmType);
-    int rc;
+static DECLCALLBACK(int)
+devPlaygroundMap(PPCIDEVICE pPciDev, int iRegion, RTGCPHYS GCPhysAddress, RTGCPHYS cb, PCIADDRESSSPACE enmType)
+{
+    RT_NOREF(enmType, cb);
 
     switch (iRegion)
     {
         case 0:
-            rc = PDMDevHlpMMIORegister(pPciDev->pDevIns, GCPhysAddress, cb, NULL,
-                                       IOMMMIO_FLAGS_READ_PASSTHRU | IOMMMIO_FLAGS_WRITE_PASSTHRU,
-                                       devPlaygroundMMIOWrite, devPlaygroundMMIORead, "PG-BAR0");
-            break;
         case 2:
-            rc = PDMDevHlpMMIORegister(pPciDev->pDevIns, GCPhysAddress, cb, NULL,
-                                       IOMMMIO_FLAGS_READ_PASSTHRU | IOMMMIO_FLAGS_WRITE_PASSTHRU,
-                                       devPlaygroundMMIOWrite, devPlaygroundMMIORead, "PG-BAR2");
-            break;
+            Assert(enmType == (PCIADDRESSSPACE)(PCI_ADDRESS_SPACE_MEM | PCI_ADDRESS_SPACE_BAR64));
+            return PDMDevHlpMMIOExMap(pPciDev->pDevIns, iRegion, GCPhysAddress);
+
         default:
             /* We should never get here */
-            AssertMsgFailed(("Invalid PCI region param in map callback"));
-            rc = VERR_INTERNAL_ERROR;
+            AssertMsgFailedReturn(("Invalid PCI region param in map callback"), VERR_INTERNAL_ERROR);
     }
-    return rc;
-
 }
 
@@ -153 +145 @@
     if (RT_FAILURE(rc))
         return rc;
+    /* First region. */
     rc = PDMDevHlpPCIIORegionRegister(pDevIns, 0, 8*_1G64,
                                       (PCIADDRESSSPACE)(PCI_ADDRESS_SPACE_MEM | PCI_ADDRESS_SPACE_BAR64),
                                       devPlaygroundMap);
-    if (RT_FAILURE(rc))
-        return rc;
-    rc = PDMDevHlpPCIIORegionRegister(pDevIns, 2, 8*_1G64,
+    AssertLogRelRCReturn(rc, rc);
+    rc = PDMDevHlpMMIOExPreRegister(pDevIns, 0, 8*_1G64, IOMMMIO_FLAGS_READ_PASSTHRU | IOMMMIO_FLAGS_WRITE_PASSTHRU, "PG-BAR0",
+                                    NULL /*pvUser*/,  devPlaygroundMMIOWrite, devPlaygroundMMIORead, NULL /*pfnFill*/,
+                                    NIL_RTR0PTR /*pvUserR0*/, NULL /*pszWriteR0*/, NULL /*pszReadR0*/, NULL /*pszFillR0*/,
+                                    NIL_RTRCPTR /*pvUserRC*/, NULL /*pszWriteRC*/, NULL /*pszReadRC*/, NULL /*pszFillRC*/);
+    AssertLogRelRCReturn(rc, rc);
+
+    /* Second region. */
+    rc = PDMDevHlpPCIIORegionRegister(pDevIns, 2, 64*_1G64,
                                       (PCIADDRESSSPACE)(PCI_ADDRESS_SPACE_MEM | PCI_ADDRESS_SPACE_BAR64),
                                       devPlaygroundMap);
-    if (RT_FAILURE(rc))
-        return rc;
+    AssertLogRelRCReturn(rc, rc);
+    rc = PDMDevHlpMMIOExPreRegister(pDevIns, 2, 64*_1G64, IOMMMIO_FLAGS_READ_PASSTHRU | IOMMMIO_FLAGS_WRITE_PASSTHRU, "PG-BAR2",
+                                    NULL /*pvUser*/,  devPlaygroundMMIOWrite, devPlaygroundMMIORead, NULL /*pfnFill*/,
+                                    NIL_RTR0PTR /*pvUserR0*/, NULL /*pszWriteR0*/, NULL /*pszReadR0*/, NULL /*pszFillR0*/,
+                                    NIL_RTRCPTR /*pvUserRC*/, NULL /*pszWriteRC*/, NULL /*pszReadRC*/, NULL /*pszFillRC*/);
+    AssertLogRelRCReturn(rc, rc);
 
     return VINF_SUCCESS;

trunk/src/VBox/Devices/VMMDev/VMMDev.cpp

@@ -2897 +2897 @@
             pThis->GCPhysVMMDevRAM = GCPhysAddress;
             Assert(pThis->GCPhysVMMDevRAM == GCPhysAddress);
-            rc = PDMDevHlpMMIO2Map(pPciDev->pDevIns, iRegion, GCPhysAddress);
+            rc = PDMDevHlpMMIOExMap(pPciDev->pDevIns, iRegion, GCPhysAddress);
         }
         else
@@ -2919 +2919 @@
             pThis->GCPhysVMMDevHeap = GCPhysAddress;
             Assert(pThis->GCPhysVMMDevHeap == GCPhysAddress);
-            rc = PDMDevHlpMMIO2Map(pPciDev->pDevIns, iRegion, GCPhysAddress);
+            rc = PDMDevHlpMMIOExMap(pPciDev->pDevIns, iRegion, GCPhysAddress);
             if (RT_SUCCESS(rc))
                 rc = PDMDevHlpRegisterVMMDevHeap(pPciDev->pDevIns, GCPhysAddress, pThis->pVMMDevHeapR3, VMMDEV_HEAP_SIZE);

trunk/src/VBox/VMM/VMMAll/PGMAllHandler.cpp

@@ -123 +123 @@
 
 
+/**
+ * Creates an physical access handler.
+ *
+ * @returns VBox status code.
+ * @retval  VINF_SUCCESS when successfully installed.
+ * @retval  VINF_PGM_GCPHYS_ALIASED when the shadow PTs could be updated because
+ *          the guest page aliased or/and mapped by multiple PTs. A CR3 sync has been
+ *          flagged together with a pool clearing.
+ * @retval  VERR_PGM_HANDLER_PHYSICAL_CONFLICT if the range conflicts with an existing
+ *          one. A debug assertion is raised.
+ *
+ * @param   pVM             The cross context VM structure.
+ * @param   hType           The handler type registration handle.
+ * @param   pvUserR3        User argument to the R3 handler.
+ * @param   pvUserR0        User argument to the R0 handler.
+ * @param   pvUserRC        User argument to the RC handler. This can be a value
+ *                          less that 0x10000 or a (non-null) pointer that is
+ *                          automatically relocated.
+ * @param   pszDesc         Description of this handler.  If NULL, the type
+ *                          description will be used instead.
+ * @param   ppPhysHandler   Where to return the access handler structure on
+ *                          success.
+ */
+int pgmHandlerPhysicalExCreate(PVM pVM, PGMPHYSHANDLERTYPE hType, RTR3PTR pvUserR3, RTR0PTR pvUserR0, RTRCPTR pvUserRC,
+                               R3PTRTYPE(const char *) pszDesc, PPGMPHYSHANDLER *ppPhysHandler)
+{
+    PPGMPHYSHANDLERTYPEINT pType = PGMPHYSHANDLERTYPEINT_FROM_HANDLE(pVM, hType);
+    Log(("pgmHandlerPhysicalExCreate: pvUserR3=%RHv pvUserR0=%RHv pvUserGC=%RRv hType=%#x (%d, %s) pszDesc=%RHv:%s\n",
+         pvUserR3, pvUserR0, pvUserRC, hType, pType->enmKind, R3STRING(pType->pszDesc), pszDesc, R3STRING(pszDesc)));
+
+    /*
+     * Validate input.
+     */
+    AssertPtr(ppPhysHandler);
+    AssertReturn(pType->u32Magic == PGMPHYSHANDLERTYPEINT_MAGIC, VERR_INVALID_HANDLE);
+    AssertMsgReturn(    (RTRCUINTPTR)pvUserRC < 0x10000
+                    ||  MMHyperR3ToRC(pVM, MMHyperRCToR3(pVM, pvUserRC)) == pvUserRC,
+                    ("Not RC pointer! pvUserRC=%RRv\n", pvUserRC),
+                    VERR_INVALID_PARAMETER);
+    AssertMsgReturn(    (RTR0UINTPTR)pvUserR0 < 0x10000
+                    ||  MMHyperR3ToR0(pVM, MMHyperR0ToR3(pVM, pvUserR0)) == pvUserR0,
+                    ("Not R0 pointer! pvUserR0=%RHv\n", pvUserR0),
+                    VERR_INVALID_PARAMETER);
+
+    /*
+     * Allocate and initialize the new entry.
+     */
+    PPGMPHYSHANDLER pNew;
+    int rc = MMHyperAlloc(pVM, sizeof(*pNew), 0, MM_TAG_PGM_HANDLERS, (void **)&pNew);
+    if (RT_SUCCESS(rc))
+    {
+        pNew->Core.Key      = NIL_RTGCPHYS;
+        pNew->Core.KeyLast  = NIL_RTGCPHYS;
+        pNew->cPages        = 0;
+        pNew->cAliasedPages = 0;
+        pNew->cTmpOffPages  = 0;
+        pNew->pvUserR3      = pvUserR3;
+        pNew->pvUserR0      = pvUserR0;
+        pNew->pvUserRC      = pvUserRC;
+        pNew->hType         = hType;
+        pNew->pszDesc       = pszDesc != NIL_RTR3PTR ? pszDesc : pType->pszDesc;
+        pgmHandlerPhysicalTypeRetain(pVM, pType);
+        *ppPhysHandler = pNew;
+        return VINF_SUCCESS;
+    }
+
+    return rc;
+}
+
+
+/**
+ * Register a access handler for a physical range.
+ *
+ * @returns VBox status code.
+ * @retval  VINF_SUCCESS when successfully installed.
+ * @retval  VINF_PGM_GCPHYS_ALIASED when the shadow PTs could be updated because
+ *          the guest page aliased or/and mapped by multiple PTs. A CR3 sync has been
+ *          flagged together with a pool clearing.
+ * @retval  VERR_PGM_HANDLER_PHYSICAL_CONFLICT if the range conflicts with an existing
+ *          one. A debug assertion is raised.
+ *
+ * @param   pVM             The cross context VM structure.
+ * @param   pPhysHandler    The physical handler.
+ * @param   GCPhys          Start physical address.
+ * @param   GCPhysLast      Last physical address. (inclusive)
+ */
+int pgmHandlerPhysicalExRegister(PVM pVM, PPGMPHYSHANDLER pPhysHandler, RTGCPHYS GCPhys, RTGCPHYS GCPhysLast)
+{
+    /*
+     * Validate input.
+     */
+    AssertPtr(pPhysHandler);
+#if defined(LOG_ENABLED) || defined(VBOX_STRICT)
+    PPGMPHYSHANDLERTYPEINT pType = PGMPHYSHANDLERTYPEINT_FROM_HANDLE(pVM, pPhysHandler->hType);
+    Assert(pType->u32Magic == PGMPHYSHANDLERTYPEINT_MAGIC);
+    Log(("pgmHandlerPhysicalExRegister: GCPhys=%RGp GCPhysLast=%RGp hType=%#x (%d, %s) pszDesc=%RHv:%s\n",
+         GCPhys, GCPhysLast, pPhysHandler->hType, pType->enmKind, R3STRING(pType->pszDesc), pPhysHandler->pszDesc, R3STRING(pPhysHandler->pszDesc)));
+#endif
+    AssertReturn(pPhysHandler->Core.Key == NIL_RTGCPHYS, VERR_WRONG_ORDER);
+
+    AssertMsgReturn(GCPhys < GCPhysLast, ("GCPhys >= GCPhysLast (%#x >= %#x)\n", GCPhys, GCPhysLast), VERR_INVALID_PARAMETER);
+    switch (pType->enmKind)
+    {
+        case PGMPHYSHANDLERKIND_WRITE:
+            break;
+        case PGMPHYSHANDLERKIND_MMIO:
+        case PGMPHYSHANDLERKIND_ALL:
+            /* Simplification for PGMPhysRead, PGMR0Trap0eHandlerNPMisconfig and others: Full pages. */
+            AssertMsgReturn(!(GCPhys & PAGE_OFFSET_MASK), ("%RGp\n", GCPhys), VERR_INVALID_PARAMETER);
+            AssertMsgReturn((GCPhysLast & PAGE_OFFSET_MASK) == PAGE_OFFSET_MASK, ("%RGp\n", GCPhysLast), VERR_INVALID_PARAMETER);
+            break;
+        default:
+            AssertMsgFailed(("Invalid input enmKind=%d!\n", pType->enmKind));
+            return VERR_INVALID_PARAMETER;
+    }
+
+    /*
+     * We require the range to be within registered ram.
+     * There is no apparent need to support ranges which cover more than one ram range.
+     */
+    PPGMRAMRANGE pRam = pgmPhysGetRange(pVM, GCPhys);
+    if (   !pRam
+        || GCPhysLast < pRam->GCPhys
+        || GCPhys > pRam->GCPhysLast)
+    {
+#ifdef IN_RING3
+        DBGFR3Info(pVM->pUVM, "phys", NULL, NULL);
+#endif
+        AssertMsgFailed(("No RAM range for %RGp-%RGp\n", GCPhys, GCPhysLast));
+        return VERR_PGM_HANDLER_PHYSICAL_NO_RAM_RANGE;
+    }
+
+    /*
+     * Try insert into list.
+     */
+    pPhysHandler->Core.Key     = GCPhys;
+    pPhysHandler->Core.KeyLast = GCPhysLast;
+    pPhysHandler->cPages       = (GCPhysLast - (GCPhys & X86_PTE_PAE_PG_MASK) + PAGE_SIZE) >> PAGE_SHIFT;
+
+    pgmLock(pVM);
+    if (RTAvlroGCPhysInsert(&pVM->pgm.s.CTX_SUFF(pTrees)->PhysHandlers, &pPhysHandler->Core))
+    {
+        int rc = pgmHandlerPhysicalSetRamFlagsAndFlushShadowPTs(pVM, pPhysHandler, pRam);
+        if (rc == VINF_PGM_SYNC_CR3)
+            rc = VINF_PGM_GCPHYS_ALIASED;
+        pgmUnlock(pVM);
+
+#ifdef VBOX_WITH_REM
+# ifndef IN_RING3
+        REMNotifyHandlerPhysicalRegister(pVM, pType->enmKind, GCPhys, GCPhysLast - GCPhys + 1, !!pType->pfnHandlerR3);
+# else
+        REMR3NotifyHandlerPhysicalRegister(pVM, pType->enmKind, GCPhys, GCPhysLast - GCPhys + 1, !!pType->pfnHandlerR3);
+# endif
+#endif
+        if (rc != VINF_SUCCESS)
+            Log(("PGMHandlerPhysicalRegisterEx: returns %Rrc (%RGp-%RGp)\n", rc, GCPhys, GCPhysLast));
+        return rc;
+    }
+    pgmUnlock(pVM);
+
+    pPhysHandler->Core.Key     = NIL_RTGCPHYS;
+    pPhysHandler->Core.KeyLast = NIL_RTGCPHYS;
+
+#if defined(IN_RING3) && defined(VBOX_STRICT)
+    DBGFR3Info(pVM->pUVM, "handlers", "phys nostats", NULL);
+#endif
+    AssertMsgFailed(("Conflict! GCPhys=%RGp GCPhysLast=%RGp pszDesc=%s/%s\n",
+                     GCPhys, GCPhysLast, R3STRING(pPhysHandler->pszDesc), R3STRING(pType->pszDesc)));
+    return VERR_PGM_HANDLER_PHYSICAL_CONFLICT;
+}
+
 
 /**
@@ -154 +325 @@
          GCPhys, GCPhysLast, pvUserR3, pvUserR0, pvUserRC, hType, pType->enmKind, R3STRING(pType->pszDesc), pszDesc, R3STRING(pszDesc)));
 
-    /*
-     * Validate input.
-     */
-    AssertReturn(pType->u32Magic == PGMPHYSHANDLERTYPEINT_MAGIC, VERR_INVALID_HANDLE);
-    AssertMsgReturn(GCPhys < GCPhysLast, ("GCPhys >= GCPhysLast (%#x >= %#x)\n", GCPhys, GCPhysLast), VERR_INVALID_PARAMETER);
-    switch (pType->enmKind)
-    {
-        case PGMPHYSHANDLERKIND_WRITE:
-            break;
-        case PGMPHYSHANDLERKIND_MMIO:
-        case PGMPHYSHANDLERKIND_ALL:
-            /* Simplification for PGMPhysRead, PGMR0Trap0eHandlerNPMisconfig and others: Full pages. */
-            AssertMsgReturn(!(GCPhys & PAGE_OFFSET_MASK), ("%RGp\n", GCPhys), VERR_INVALID_PARAMETER);
-            AssertMsgReturn((GCPhysLast & PAGE_OFFSET_MASK) == PAGE_OFFSET_MASK, ("%RGp\n", GCPhysLast), VERR_INVALID_PARAMETER);
-            break;
-        default:
-            AssertMsgFailed(("Invalid input enmKind=%d!\n", pType->enmKind));
-            return VERR_INVALID_PARAMETER;
-    }
-    AssertMsgReturn(    (RTRCUINTPTR)pvUserRC < 0x10000
-                    ||  MMHyperR3ToRC(pVM, MMHyperRCToR3(pVM, pvUserRC)) == pvUserRC,
-                    ("Not RC pointer! pvUserRC=%RRv\n", pvUserRC),
-                    VERR_INVALID_PARAMETER);
-    AssertMsgReturn(    (RTR0UINTPTR)pvUserR0 < 0x10000
-                    ||  MMHyperR3ToR0(pVM, MMHyperR0ToR3(pVM, pvUserR0)) == pvUserR0,
-                    ("Not R0 pointer! pvUserR0=%RHv\n", pvUserR0),
-                    VERR_INVALID_PARAMETER);
-
-    /*
-     * We require the range to be within registered ram.
-     * There is no apparent need to support ranges which cover more than one ram range.
-     */
-    PPGMRAMRANGE pRam = pgmPhysGetRange(pVM, GCPhys);
-    if (   !pRam
-        || GCPhysLast < pRam->GCPhys
-        || GCPhys > pRam->GCPhysLast)
-    {
-#ifdef IN_RING3
-        DBGFR3Info(pVM->pUVM, "phys", NULL, NULL);
-#endif
-        AssertMsgFailed(("No RAM range for %RGp-%RGp\n", GCPhys, GCPhysLast));
-        return VERR_PGM_HANDLER_PHYSICAL_NO_RAM_RANGE;
-    }
-
-    /*
-     * Allocate and initialize the new entry.
-     */
     PPGMPHYSHANDLER pNew;
-    int rc = MMHyperAlloc(pVM, sizeof(*pNew), 0, MM_TAG_PGM_HANDLERS, (void **)&pNew);
-    if (RT_FAILURE(rc))
-        return rc;
-
-    pNew->Core.Key      = GCPhys;
-    pNew->Core.KeyLast  = GCPhysLast;
-    pNew->cPages        = (GCPhysLast - (GCPhys & X86_PTE_PAE_PG_MASK) + PAGE_SIZE) >> PAGE_SHIFT;
-    pNew->cAliasedPages = 0;
-    pNew->cTmpOffPages  = 0;
-    pNew->pvUserR3      = pvUserR3;
-    pNew->pvUserR0      = pvUserR0;
-    pNew->pvUserRC      = pvUserRC;
-    pNew->hType         = hType;
-    pNew->pszDesc       = pszDesc != NIL_RTR3PTR ? pszDesc : pType->pszDesc;
-    pgmHandlerPhysicalTypeRetain(pVM, pType);
-
-    pgmLock(pVM);
-
-    /*
-     * Try insert into list.
-     */
-    if (RTAvlroGCPhysInsert(&pVM->pgm.s.CTX_SUFF(pTrees)->PhysHandlers, &pNew->Core))
-    {
-        rc = pgmHandlerPhysicalSetRamFlagsAndFlushShadowPTs(pVM, pNew, pRam);
-        if (rc == VINF_PGM_SYNC_CR3)
-            rc = VINF_PGM_GCPHYS_ALIASED;
-        pgmUnlock(pVM);
-#ifdef VBOX_WITH_REM
-# ifndef IN_RING3
-        REMNotifyHandlerPhysicalRegister(pVM, pType->enmKind, GCPhys, GCPhysLast - GCPhys + 1, !!pType->pfnHandlerR3);
-# else
-        REMR3NotifyHandlerPhysicalRegister(pVM, pType->enmKind, GCPhys, GCPhysLast - GCPhys + 1, !!pType->pfnHandlerR3);
-# endif
-#endif
-        if (rc != VINF_SUCCESS)
-            Log(("PGMHandlerPhysicalRegisterEx: returns %Rrc (%RGp-%RGp)\n", rc, GCPhys, GCPhysLast));
-        return rc;
-    }
-
-    pgmUnlock(pVM);
-
-#if defined(IN_RING3) && defined(VBOX_STRICT)
-    DBGFR3Info(pVM->pUVM, "handlers", "phys nostats", NULL);
-#endif
-    AssertMsgFailed(("Conflict! GCPhys=%RGp GCPhysLast=%RGp pszDesc=%s/%s\n",
-                     GCPhys, GCPhysLast, R3STRING(pszDesc), R3STRING(pType->pszDesc)));
-    pgmHandlerPhysicalTypeRelease(pVM, pType);
-    MMHyperFree(pVM, pNew);
-    return VERR_PGM_HANDLER_PHYSICAL_CONFLICT;
+    int rc = pgmHandlerPhysicalExCreate(pVM, hType, pvUserR3, pvUserR0, pvUserRC, pszDesc, &pNew);
+    if (RT_SUCCESS(rc))
+    {
+        rc = pgmHandlerPhysicalExRegister(pVM, pNew, GCPhys, GCPhysLast);
+        if (RT_SUCCESS(rc))
+            return rc;
+        pgmHandlerPhysicalExDestroy(pVM, pNew);
+    }
+    return rc;
 }
 
@@ -313 +397 @@
 
 /**
- * Register a physical page access handler.
+ * Deregister a physical page access handler.
  *
  * @returns VBox status code.
- * @param   pVM         The cross context VM structure.
- * @param   GCPhys      Start physical address.
- */
-VMMDECL(int)  PGMHandlerPhysicalDeregister(PVM pVM, RTGCPHYS GCPhys)
-{
-    /*
-     * Find the handler.
+ * @param   pVM             The cross context VM structure.
+ * @param   pPhysHandler    The handler to deregister (but not free).
+ */
+int pgmHandlerPhysicalExDeregister(PVM pVM, PPGMPHYSHANDLER pPhysHandler)
+{
+    LogFlow(("pgmHandlerPhysicalExDeregister: Removing Range %RGp-%RGp %s\n",
+             pPhysHandler->Core.Key, pPhysHandler->Core.KeyLast, R3STRING(pPhysHandler->pszDesc)));
+    AssertReturn(pPhysHandler->Core.Key != NIL_RTGCPHYS, VERR_PGM_HANDLER_NOT_FOUND);
+
+    /*
+     * Remove the handler from the tree.
      */
     pgmLock(pVM);
-    PPGMPHYSHANDLER pCur = (PPGMPHYSHANDLER)RTAvlroGCPhysRemove(&pVM->pgm.s.CTX_SUFF(pTrees)->PhysHandlers, GCPhys);
-    if (pCur)
-    {
-        LogFlow(("PGMHandlerPhysicalDeregister: Removing Range %RGp-%RGp %s\n", pCur->Core.Key, pCur->Core.KeyLast, R3STRING(pCur->pszDesc)));
-
+    PPGMPHYSHANDLER pRemoved = (PPGMPHYSHANDLER)RTAvlroGCPhysRemove(&pVM->pgm.s.CTX_SUFF(pTrees)->PhysHandlers,
+                                                                    pPhysHandler->Core.Key);
+    if (pRemoved == pPhysHandler)
+    {
         /*
          * Clear the page bits, notify the REM about this change and clear
          * the cache.
          */
-        pgmHandlerPhysicalResetRamFlags(pVM, pCur);
-        pgmHandlerPhysicalDeregisterNotifyREM(pVM, pCur);
+        pgmHandlerPhysicalResetRamFlags(pVM, pPhysHandler);
+        pgmHandlerPhysicalDeregisterNotifyREM(pVM, pPhysHandler);
         pVM->pgm.s.pLastPhysHandlerR0 = 0;
         pVM->pgm.s.pLastPhysHandlerR3 = 0;
         pVM->pgm.s.pLastPhysHandlerRC = 0;
-        PGMHandlerPhysicalTypeRelease(pVM, pCur->hType);
-        MMHyperFree(pVM, pCur);
+
+        pPhysHandler->Core.Key     = NIL_RTGCPHYS;
+        pPhysHandler->Core.KeyLast = NIL_RTGCPHYS;
+
         pgmUnlock(pVM);
+
         return VINF_SUCCESS;
     }
+
+    /*
+     * Both of the failure conditions here are considered internal processing
+     * errors because they can only be caused by race conditions or corruption.
+     * If we ever need to handle concurrent deregistration, we have to move
+     * the NIL_RTGCPHYS check inside the PGM lock.
+     */
+    if (pRemoved)
+        RTAvlroGCPhysInsert(&pVM->pgm.s.CTX_SUFF(pTrees)->PhysHandlers, &pRemoved->Core);
+
+    pgmUnlock(pVM);
+
+    if (!pRemoved)
+        AssertMsgFailed(("Didn't find range starting at %RGp in the tree!\n", pPhysHandler->Core.Key));
+    else
+        AssertMsgFailed(("Found different handle at %RGp in the tree: got %p insteaded of %p\n",
+                         pPhysHandler->Core.Key, pRemoved, pPhysHandler));
+    return VERR_PGM_HANDLER_IPE_1;
+}
+
+
+/**
+ * Destroys (frees) a physical handler.
+ *
+ * The caller must deregister it before destroying it!
+ *
+ * @returns VBox status code.
+ * @param   pVM         The cross context VM structure.
+ * @param   pHandler    The handler to free.  NULL if ignored.
+ */
+int pgmHandlerPhysicalExDestroy(PVM pVM, PPGMPHYSHANDLER pHandler)
+{
+    if (pHandler)
+    {
+        AssertPtr(pHandler);
+        AssertReturn(pHandler->Core.Key == NIL_RTGCPHYS, VERR_WRONG_ORDER);
+        PGMHandlerPhysicalTypeRelease(pVM, pHandler->hType);
+        MMHyperFree(pVM, pHandler);
+    }
+    return VINF_SUCCESS;
+}
+
+
+/**
+ * Deregister a physical page access handler.
+ *
+ * @returns VBox status code.
+ * @param   pVM         The cross context VM structure.
+ * @param   GCPhys      Start physical address.
+ */
+VMMDECL(int)  PGMHandlerPhysicalDeregister(PVM pVM, RTGCPHYS GCPhys)
+{
+    /*
+     * Find the handler.
+     */
+    pgmLock(pVM);
+    PPGMPHYSHANDLER pRemoved = (PPGMPHYSHANDLER)RTAvlroGCPhysRemove(&pVM->pgm.s.CTX_SUFF(pTrees)->PhysHandlers, GCPhys);
+    if (pRemoved)
+    {
+        LogFlow(("PGMHandlerPhysicalDeregister: Removing Range %RGp-%RGp %s\n",
+                 pRemoved->Core.Key, pRemoved->Core.KeyLast, R3STRING(pRemoved->pszDesc)));
+
+        /*
+         * Clear the page bits, notify the REM about this change and clear
+         * the cache.
+         */
+        pgmHandlerPhysicalResetRamFlags(pVM, pRemoved);
+        pgmHandlerPhysicalDeregisterNotifyREM(pVM, pRemoved);
+        pVM->pgm.s.pLastPhysHandlerR0 = 0;
+        pVM->pgm.s.pLastPhysHandlerR3 = 0;
+        pVM->pgm.s.pLastPhysHandlerRC = 0;
+
+        pgmUnlock(pVM);
+
+        pRemoved->Core.Key = NIL_RTGCPHYS;
+        pgmHandlerPhysicalExDestroy(pVM, pRemoved);
+        return VINF_SUCCESS;
+    }
+
     pgmUnlock(pVM);
 

trunk/src/VBox/VMM/VMMAll/PGMAllPhys.cpp

@@ -1229 +1229 @@
                                pPage->s.idPage, pPage->s.uStateY),
                               VERR_PGM_PHYS_PAGE_MAP_MMIO2_IPE);
-        PPGMMMIO2RANGE pMmio2Range = pVM->pgm.s.CTX_SUFF(apMmio2Ranges)[idMmio2 - 1];
+        PPGMREGMMIORANGE pMmio2Range = pVM->pgm.s.CTX_SUFF(apMmio2Ranges)[idMmio2 - 1];
         AssertLogRelReturn(pMmio2Range, VERR_PGM_PHYS_PAGE_MAP_MMIO2_IPE);
         AssertLogRelReturn(pMmio2Range->idMmio2 == idMmio2, VERR_PGM_PHYS_PAGE_MAP_MMIO2_IPE);

trunk/src/VBox/VMM/VMMR3/GIM.cpp

@@ -634 +634 @@
      * Map the MMIO2 region over the specified guest-physical address.
      */
-    int rc = PDMDevHlpMMIO2Map(pDevIns, pRegion->iRegion, GCPhysRegion);
+    int rc = PDMDevHlpMMIOExMap(pDevIns, pRegion->iRegion, GCPhysRegion);
     if (RT_SUCCESS(rc))
     {

trunk/src/VBox/VMM/VMMR3/IOM.cpp

@@ -1654 +1654 @@
 
 /**
+ * Pre-Registers a MMIO region.
+ *
+ * The rest of of the manipulation of this region goes thru the PGMPhysMMIOEx*
+ * APIs: PGMR3PhysMMIOExMap, PGMR3PhysMMIOExUnmap, PGMR3PhysMMIOExDeregister
+ *
+ * @returns VBox status code.
+ * @param   pVM                 Pointer to the cross context VM structure.
+ * @param   pDevIns             The device.
+ * @param   iRegion             The region number.
+ * @param   cbRegion            The size of the MMIO region.  Must be a multiple
+ *                              of X86_PAGE_SIZE
+ * @param   fFlags              Flags, see IOMMMIO_FLAGS_XXX.
+ * @param   pszDesc             Pointer to description string. This must not be
+ *                              freed.
+ * @param   pvUserR3            Ring-3 user pointer.
+ * @param   pfnWriteCallbackR3  Callback for handling writes, ring-3. Mandatory.
+ * @param   pfnReadCallbackR3   Callback for handling reads, ring-3. Mandatory.
+ * @param   pfnFillCallbackR3   Callback for handling fills, ring-3. Optional.
+ * @param   pvUserR0            Ring-0 user pointer.
+ * @param   pfnWriteCallbackR0  Callback for handling writes, ring-0. Optional.
+ * @param   pfnReadCallbackR0   Callback for handling reads, ring-0. Optional.
+ * @param   pfnFillCallbackR0   Callback for handling fills, ring-0. Optional.
+ * @param   pvUserRC            Raw-mode context user pointer.  This will be
+ *                              relocated with the hypervisor guest mapping if
+ *                              the unsigned integer value is 0x10000 or above.
+ * @param   pfnWriteCallbackRC  Callback for handling writes, RC. Optional.
+ * @param   pfnReadCallbackRC   Callback for handling reads, RC. Optional.
+ * @param   pfnFillCallbackRC   Callback for handling fills, RC. Optional.
+ */
+VMMR3_INT_DECL(int)  IOMR3MmioExPreRegister(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS cbRegion,
+                                            uint32_t fFlags, const char *pszDesc,
+                                            RTR3PTR pvUserR3,
+                                            R3PTRTYPE(PFNIOMMMIOWRITE) pfnWriteCallbackR3,
+                                            R3PTRTYPE(PFNIOMMMIOREAD)  pfnReadCallbackR3,
+                                            R3PTRTYPE(PFNIOMMMIOFILL)  pfnFillCallbackR3,
+                                            RTR0PTR pvUserR0,
+                                            R0PTRTYPE(PFNIOMMMIOWRITE) pfnWriteCallbackR0,
+                                            R0PTRTYPE(PFNIOMMMIOREAD)  pfnReadCallbackR0,
+                                            R0PTRTYPE(PFNIOMMMIOFILL)  pfnFillCallbackR0,
+                                            RTRCPTR pvUserRC,
+                                            RCPTRTYPE(PFNIOMMMIOWRITE) pfnWriteCallbackRC,
+                                            RCPTRTYPE(PFNIOMMMIOREAD)  pfnReadCallbackRC,
+                                            RCPTRTYPE(PFNIOMMMIOFILL)  pfnFillCallbackRC)
+{
+    LogFlow(("IOMR3MmioExPreRegister: pDevIns=%p iRegion=%u cbRegion=%RGp fFlags=%#x pszDesc=%s\n"
+             "                        pvUserR3=%RHv pfnWriteCallbackR3=%RHv pfnReadCallbackR3=%RHv pfnFillCallbackR3=%RHv\n"
+             "                        pvUserR0=%RHv pfnWriteCallbackR0=%RHv pfnReadCallbackR0=%RHv pfnFillCallbackR0=%RHv\n"
+             "                        pvUserRC=%RRv pfnWriteCallbackRC=%RRv pfnReadCallbackRC=%RRv pfnFillCallbackRC=%RRv\n",
+             pDevIns, iRegion, cbRegion, fFlags, pszDesc,
+             pvUserR3, pfnWriteCallbackR3, pfnReadCallbackR3, pfnFillCallbackR3,
+             pvUserR0, pfnWriteCallbackR0, pfnReadCallbackR0, pfnFillCallbackR0,
+             pvUserRC, pfnWriteCallbackRC, pfnReadCallbackRC, pfnFillCallbackRC));
+
+    /*
+     * Validate input.
+     */
+    AssertReturn(cbRegion > 0,  VERR_INVALID_PARAMETER);
+    AssertReturn(RT_ALIGN_T(cbRegion, X86_PAGE_SIZE, RTGCPHYS), VERR_INVALID_PARAMETER);
+    AssertMsgReturn(   !(fFlags & ~IOMMMIO_FLAGS_VALID_MASK)
+                    && (fFlags & IOMMMIO_FLAGS_READ_MODE)  <= IOMMMIO_FLAGS_READ_DWORD_QWORD
+                    && (fFlags & IOMMMIO_FLAGS_WRITE_MODE) <= IOMMMIO_FLAGS_WRITE_ONLY_DWORD_QWORD,
+                    ("%#x\n", fFlags),
+                    VERR_INVALID_PARAMETER);
+    AssertPtrReturn(pfnWriteCallbackR3, VERR_INVALID_POINTER);
+    AssertPtrReturn(pfnReadCallbackR3, VERR_INVALID_POINTER);
+
+    /*
+     * Allocate new range record and initialize it.
+     */
+    PIOMMMIORANGE pRange;
+    int rc = MMHyperAlloc(pVM, sizeof(*pRange), 0, MM_TAG_IOM, (void **)&pRange);
+    if (RT_SUCCESS(rc))
+    {
+        pRange->Core.Key            = NIL_RTGCPHYS;
+        pRange->Core.KeyLast        = NIL_RTGCPHYS;
+        pRange->GCPhys              = NIL_RTGCPHYS;
+        pRange->cb                  = cbRegion;
+        pRange->cRefs               = 1; /* The PGM reference. */
+        pRange->fFlags              = fFlags;
+
+        pRange->pvUserR3            = pvUserR3;
+        pRange->pDevInsR3           = pDevIns;
+        pRange->pfnReadCallbackR3   = pfnReadCallbackR3;
+        pRange->pfnWriteCallbackR3  = pfnWriteCallbackR3;
+        pRange->pfnFillCallbackR3   = pfnFillCallbackR3;
+        pRange->pszDesc             = pszDesc;
+
+        if (pfnReadCallbackR0 || pfnWriteCallbackR0 || pfnFillCallbackR0)
+        {
+            pRange->pvUserR0            = pvUserR0;
+            pRange->pDevInsR0           = MMHyperCCToR0(pVM, pDevIns);
+            pRange->pfnReadCallbackR0   = pfnReadCallbackR0;
+            pRange->pfnWriteCallbackR0  = pfnWriteCallbackR0;
+            pRange->pfnFillCallbackR0   = pfnFillCallbackR0;
+        }
+
+        if (pfnReadCallbackRC || pfnWriteCallbackRC || pfnFillCallbackRC)
+        {
+            pRange->pvUserRC            = pvUserRC;
+            pRange->pDevInsRC           = MMHyperCCToRC(pVM, pDevIns);
+            pRange->pfnReadCallbackRC   = pfnReadCallbackRC;
+            pRange->pfnWriteCallbackRC  = pfnWriteCallbackRC;
+            pRange->pfnFillCallbackRC   = pfnFillCallbackRC;
+        }
+
+        /*
+         * Try register it with PGM.  PGM will call us back when it's mapped in
+         * and out of the guest address space, and once it's destroyed.
+         */
+        rc = PGMR3PhysMMIOExPreRegister(pVM, pDevIns, iRegion, cbRegion, pVM->iom.s.hMmioHandlerType,
+                                        pRange, MMHyperR3ToR0(pVM, pRange), MMHyperR3ToRC(pVM, pRange), pszDesc);
+        if (RT_SUCCESS(rc))
+            return VINF_SUCCESS;
+
+        MMHyperFree(pVM, pRange);
+    }
+    if (pDevIns->iInstance > 0)
+        MMR3HeapFree((void *)pszDesc);
+    return rc;
+
+}
+
+
+/**
+ * Notfication from PGM that the pre-registered MMIO region has been mapped into
+ * user address space.
+ *
+ * @returns VBox status code.
+ * @param   pVM             Pointer to the cross context VM structure.
+ * @param   pvUser          The pvUserR3 argument of PGMR3PhysMMIOExPreRegister.
+ * @param   GCPhys          The mapping address.
+ * @remarks Called while owning the PGM lock.
+ */
+VMMR3_INT_DECL(int) IOMR3MmioExNotifyMapped(PVM pVM, void *pvUser, RTGCPHYS GCPhys)
+{
+    PIOMMMIORANGE pRange = (PIOMMMIORANGE)pvUser;
+    AssertReturn(pRange->GCPhys == NIL_RTGCPHYS, VERR_IOM_MMIO_IPE_1);
+
+    IOM_LOCK_EXCL(pVM);
+    Assert(pRange->GCPhys == NIL_RTGCPHYS);
+    pRange->GCPhys       = GCPhys;
+    pRange->Core.Key     = GCPhys;
+    pRange->Core.KeyLast = GCPhys + pRange->cb - 1;
+    if (RTAvlroGCPhysInsert(&pVM->iom.s.pTreesR3->MMIOTree, &pRange->Core))
+    {
+        iomR3FlushCache(pVM);
+        IOM_UNLOCK_EXCL(pVM);
+        return VINF_SUCCESS;
+    }
+    IOM_UNLOCK_EXCL(pVM);
+
+    AssertLogRelMsgFailed(("RTAvlroGCPhysInsert failed on %RGp..%RGp - %s\n", pRange->Core.Key, pRange->Core.KeyLast, pRange->pszDesc));
+    pRange->GCPhys       = NIL_RTGCPHYS;
+    pRange->Core.Key     = NIL_RTGCPHYS;
+    pRange->Core.KeyLast = NIL_RTGCPHYS;
+    return VERR_IOM_MMIO_IPE_2;
+}
+
+
+/**
+ * Notfication from PGM that the pre-registered MMIO region has been unmapped
+ * from user address space.
+ *
+ * @param   pVM             Pointer to the cross context VM structure.
+ * @param   pvUser          The pvUserR3 argument of PGMR3PhysMMIOExPreRegister.
+ * @param   GCPhys          The mapping address.
+ * @remarks Called while owning the PGM lock.
+ */
+VMMR3_INT_DECL(void) IOMR3MmioExNotifyUnmapped(PVM pVM, void *pvUser, RTGCPHYS GCPhys)
+{
+    PIOMMMIORANGE pRange = (PIOMMMIORANGE)pvUser;
+    AssertLogRelReturnVoid(pRange->GCPhys == GCPhys);
+
+    IOM_LOCK_EXCL(pVM);
+    Assert(pRange->GCPhys == GCPhys);
+    PIOMMMIORANGE pRemoved = (PIOMMMIORANGE)RTAvlroGCPhysRemove(&pVM->iom.s.pTreesR3->MMIOTree, GCPhys);
+    if (pRemoved == pRange)
+    {
+        pRange->GCPhys       = NIL_RTGCPHYS;
+        pRange->Core.Key     = NIL_RTGCPHYS;
+        pRange->Core.KeyLast = NIL_RTGCPHYS;
+        iomR3FlushCache(pVM);
+        IOM_UNLOCK_EXCL(pVM);
+    }
+    else
+    {
+        if (pRemoved)
+            RTAvlroGCPhysInsert(&pVM->iom.s.pTreesR3->MMIOTree, &pRemoved->Core);
+        IOM_UNLOCK_EXCL(pVM);
+        AssertLogRelMsgFailed(("RTAvlroGCPhysRemove returned %p instead of %p for %RGp (%s)\n", pRemoved, pRange, pRange->pszDesc));
+    }
+}
+
+
+/**
+ * Notfication from PGM that the pre-registered MMIO region has been mapped into
+ * user address space.
+ *
+ * @param   pVM             Pointer to the cross context VM structure.
+ * @param   pvUser          The pvUserR3 argument of PGMR3PhysMMIOExPreRegister.
+ * @param   GCPhys          The mapping address.
+ * @remarks Called while owning the PGM lock.
+ */
+VMMR3_INT_DECL(void) IOMR3MmioExNotifyDeregistered(PVM pVM, void *pvUser)
+{
+    PIOMMMIORANGE pRange = (PIOMMMIORANGE)pvUser;
+    AssertLogRelReturnVoid(pRange->GCPhys == NIL_RTGCPHYS);
+    iomMmioReleaseRange(pVM, pRange);
+}
+
+
+/**
  * Handles the unlikely and probably fatal merge cases.
  *

trunk/src/VBox/VMM/VMMR3/PDM.cpp

@@ -739 +739 @@
         pdmR3ThreadDestroyDevice(pVM, pDevIns);
         PDMR3QueueDestroyDevice(pVM, pDevIns);
-        PGMR3PhysMMIO2Deregister(pVM, pDevIns, UINT32_MAX);
+        PGMR3PhysMMIOExDeregister(pVM, pDevIns, UINT32_MAX);
 #ifdef VBOX_WITH_PDM_ASYNC_COMPLETION
         pdmR3AsyncCompletionTemplateDestroyDevice(pVM, pDevIns);

trunk/src/VBox/VMM/VMMR3/PDMDevHlp.cpp

@@ -444 +444 @@
 
 /**
- * @copydoc PDMDEVHLPR3::pfnMMIO2Deregister
+ * @interface_method_impl{PDMDEVHLPR3,pfnMMIOExPreRegister}
  */
-static DECLCALLBACK(int) pdmR3DevHlp_MMIO2Deregister(PPDMDEVINS pDevIns, uint32_t iRegion)
+static DECLCALLBACK(int)
+pdmR3DevHlp_MMIOExPreRegister(PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS cbRegion, uint32_t fFlags, const char *pszDesc,
+                              RTHCPTR pvUser, PFNIOMMMIOWRITE pfnWrite, PFNIOMMMIOREAD pfnRead, PFNIOMMMIOFILL pfnFill,
+                              RTR0PTR pvUserR0, const char *pszWriteR0, const char *pszReadR0, const char *pszFillR0,
+                              RTRCPTR pvUserRC, const char *pszWriteRC, const char *pszReadRC, const char *pszFillRC)
+{
+    PDMDEV_ASSERT_DEVINS(pDevIns);
+    PVM pVM = pDevIns->Internal.s.pVMR3;
+    VM_ASSERT_EMT(pVM);
+    LogFlow(("pdmR3DevHlp_MMIOExPreRegister: caller='%s'/%d: iRegion=%#x cbRegion=%#RGp fFlags=%RX32 pszDesc=%p:{%s}\n"
+             "                               pvUser=%p pfnWrite=%p pfnRead=%p pfnFill=%p\n"
+             "                               pvUserR0=%p pszWriteR0=%s pszReadR0=%s pszFillR0=%s\n"
+             "                               pvUserRC=%p pszWriteRC=%s pszReadRC=%s pszFillRC=%s\n",
+             pDevIns->pReg->szName, pDevIns->iInstance, iRegion, cbRegion, fFlags, pszDesc, pszDesc,
+             pvUser, pfnWrite, pfnRead, pfnFill,
+             pvUserR0, pszWriteR0, pszReadR0, pszFillR0,
+             pvUserRC, pszWriteRC, pszReadRC, pszFillRC));
+
+    /*
+     * Resolve the functions.
+     */
+    AssertLogRelReturn(   (!pszWriteR0 && !pszReadR0 && !pszFillR0)
+                       || (pDevIns->pReg->szR0Mod[0] && (pDevIns->pReg->fFlags & PDM_DEVREG_FLAGS_R0)),
+                       VERR_INVALID_PARAMETER);
+    AssertLogRelReturn(   (!pszWriteRC && !pszReadRC && !pszFillRC)
+                       || (pDevIns->pReg->szRCMod[0] && (pDevIns->pReg->fFlags & PDM_DEVREG_FLAGS_RC)),
+                       VERR_INVALID_PARAMETER);
+
+    /* Ring-0 */
+    int rc;
+    R0PTRTYPE(PFNIOMMMIOWRITE) pfnWriteR0 = 0;
+    if (pszWriteR0)
+    {
+        rc = pdmR3DevGetSymbolR0Lazy(pDevIns, pszWriteR0, &pfnWriteR0);
+        AssertLogRelMsgRCReturn(rc, ("pszWriteR0=%s rc=%Rrc\n", pszWriteR0, rc), rc);
+    }
+
+    R0PTRTYPE(PFNIOMMMIOREAD) pfnReadR0 = 0;
+    if (pszReadR0)
+    {
+        rc = pdmR3DevGetSymbolR0Lazy(pDevIns, pszReadR0, &pfnReadR0);
+        AssertLogRelMsgRCReturn(rc, ("pszReadR0=%s rc=%Rrc\n", pszReadR0, rc), rc);
+    }
+    R0PTRTYPE(PFNIOMMMIOFILL) pfnFillR0 = 0;
+    if (pszFillR0)
+    {
+        rc = pdmR3DevGetSymbolR0Lazy(pDevIns, pszFillR0, &pfnFillR0);
+        AssertLogRelMsgRCReturn(rc, ("pszFillR0=%s rc=%Rrc\n", pszFillR0, rc), rc);
+    }
+
+    /* Raw-mode */
+    rc = VINF_SUCCESS;
+    RCPTRTYPE(PFNIOMMMIOWRITE) pfnWriteRC = 0;
+    if (pszWriteRC)
+    {
+        rc = pdmR3DevGetSymbolRCLazy(pDevIns, pszWriteRC, &pfnWriteRC);
+        AssertLogRelMsgRCReturn(rc, ("pszWriteRC=%s rc=%Rrc\n", pszWriteRC, rc), rc);
+    }
+
+    RCPTRTYPE(PFNIOMMMIOREAD) pfnReadRC = 0;
+    if (pszReadRC)
+    {
+        rc = pdmR3DevGetSymbolRCLazy(pDevIns, pszReadRC, &pfnReadRC);
+        AssertLogRelMsgRCReturn(rc, ("pszReadRC=%s rc=%Rrc\n", pszReadRC, rc), rc);
+    }
+    RCPTRTYPE(PFNIOMMMIOFILL) pfnFillRC = 0;
+    if (pszFillRC)
+    {
+        rc = pdmR3DevGetSymbolRCLazy(pDevIns, pszFillRC, &pfnFillRC);
+        AssertLogRelMsgRCReturn(rc, ("pszFillRC=%s rc=%Rrc\n", pszFillRC, rc), rc);
+    }
+
+    /*
+     * Call IOM to make the registration.
+     */
+    rc = IOMR3MmioExPreRegister(pVM, pDevIns, iRegion, cbRegion, fFlags, pszDesc,
+                                pvUser,   pfnWrite,   pfnRead,   pfnFill,
+                                pvUserR0, pfnWriteR0, pfnReadR0, pfnFillR0,
+                                pvUserRC, pfnWriteRC, pfnReadRC, pfnFillRC);
+
+    LogFlow(("pdmR3DevHlp_MMIOExPreRegister: caller='%s'/%d: returns %Rrc\n", pDevIns->pReg->szName, pDevIns->iInstance, rc));
+    return rc;
+}
+
+
+/**
+ * @copydoc PDMDEVHLPR3::pfnMMIOExDeregister
+ */
+static DECLCALLBACK(int) pdmR3DevHlp_MMIOExDeregister(PPDMDEVINS pDevIns, uint32_t iRegion)
 {
     PDMDEV_ASSERT_DEVINS(pDevIns);
     VM_ASSERT_EMT(pDevIns->Internal.s.pVMR3);
-    LogFlow(("pdmR3DevHlp_MMIO2Deregister: caller='%s'/%d: iRegion=%#x\n",
+    LogFlow(("pdmR3DevHlp_MMIOExDeregister: caller='%s'/%d: iRegion=%#x\n",
              pDevIns->pReg->szName, pDevIns->iInstance, iRegion));
 
     AssertReturn(iRegion <= UINT8_MAX || iRegion == UINT32_MAX, VERR_INVALID_PARAMETER);
 
-    int rc = PGMR3PhysMMIO2Deregister(pDevIns->Internal.s.pVMR3, pDevIns, iRegion);
-
-    LogFlow(("pdmR3DevHlp_MMIO2Deregister: caller='%s'/%d: returns %Rrc\n", pDevIns->pReg->szName, pDevIns->iInstance, rc));
+    int rc = PGMR3PhysMMIOExDeregister(pDevIns->Internal.s.pVMR3, pDevIns, iRegion);
+
+    LogFlow(("pdmR3DevHlp_MMIOExDeregister: caller='%s'/%d: returns %Rrc\n", pDevIns->pReg->szName, pDevIns->iInstance, rc));
     return rc;
 }
@@ -463 +551 @@
 
 /**
- * @copydoc PDMDEVHLPR3::pfnMMIO2Map
+ * @copydoc PDMDEVHLPR3::pfnMMIOExMap
  */
-static DECLCALLBACK(int) pdmR3DevHlp_MMIO2Map(PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS GCPhys)
+static DECLCALLBACK(int) pdmR3DevHlp_MMIOExMap(PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS GCPhys)
 {
     PDMDEV_ASSERT_DEVINS(pDevIns);
     VM_ASSERT_EMT(pDevIns->Internal.s.pVMR3);
-    LogFlow(("pdmR3DevHlp_MMIO2Map: caller='%s'/%d: iRegion=%#x GCPhys=%#RGp\n",
+    LogFlow(("pdmR3DevHlp_MMIOExMap: caller='%s'/%d: iRegion=%#x GCPhys=%#RGp\n",
              pDevIns->pReg->szName, pDevIns->iInstance, iRegion, GCPhys));
 
-    int rc = PGMR3PhysMMIO2Map(pDevIns->Internal.s.pVMR3, pDevIns, iRegion, GCPhys);
-
-    LogFlow(("pdmR3DevHlp_MMIO2Map: caller='%s'/%d: returns %Rrc\n", pDevIns->pReg->szName, pDevIns->iInstance, rc));
+    int rc = PGMR3PhysMMIOExMap(pDevIns->Internal.s.pVMR3, pDevIns, iRegion, GCPhys);
+
+    LogFlow(("pdmR3DevHlp_MMIOExMap: caller='%s'/%d: returns %Rrc\n", pDevIns->pReg->szName, pDevIns->iInstance, rc));
     return rc;
 }
@@ -480 +568 @@
 
 /**
- * @copydoc PDMDEVHLPR3::pfnMMIO2Unmap
+ * @copydoc PDMDEVHLPR3::pfnMMIOExUnmap
  */
-static DECLCALLBACK(int) pdmR3DevHlp_MMIO2Unmap(PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS GCPhys)
+static DECLCALLBACK(int) pdmR3DevHlp_MMIOExUnmap(PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS GCPhys)
 {
     PDMDEV_ASSERT_DEVINS(pDevIns);
     VM_ASSERT_EMT(pDevIns->Internal.s.pVMR3);
-    LogFlow(("pdmR3DevHlp_MMIO2Unmap: caller='%s'/%d: iRegion=%#x GCPhys=%#RGp\n",
+    LogFlow(("pdmR3DevHlp_MMIOExUnmap: caller='%s'/%d: iRegion=%#x GCPhys=%#RGp\n",
              pDevIns->pReg->szName, pDevIns->iInstance, iRegion, GCPhys));
 
-    int rc = PGMR3PhysMMIO2Unmap(pDevIns->Internal.s.pVMR3, pDevIns, iRegion, GCPhys);
-
-    LogFlow(("pdmR3DevHlp_MMIO2Unmap: caller='%s'/%d: returns %Rrc\n", pDevIns->pReg->szName, pDevIns->iInstance, rc));
+    int rc = PGMR3PhysMMIOExUnmap(pDevIns->Internal.s.pVMR3, pDevIns, iRegion, GCPhys);
+
+    LogFlow(("pdmR3DevHlp_MMIOExUnmap: caller='%s'/%d: returns %Rrc\n", pDevIns->pReg->szName, pDevIns->iInstance, rc));
     return rc;
 }
@@ -3621 +3709 @@
     pdmR3DevHlp_MMIODeregister,
     pdmR3DevHlp_MMIO2Register,
-    pdmR3DevHlp_MMIO2Deregister,
-    pdmR3DevHlp_MMIO2Map,
-    pdmR3DevHlp_MMIO2Unmap,
+    pdmR3DevHlp_MMIOExDeregister,
+    pdmR3DevHlp_MMIOExMap,
+    pdmR3DevHlp_MMIOExUnmap,
     pdmR3DevHlp_MMHyperMapMMIO2,
     pdmR3DevHlp_MMIO2MapKernel,
@@ -3699 +3787 @@
     pdmR3DevHlp_VMGetSuspendReason,
     pdmR3DevHlp_VMGetResumeReason,
-    0,
+    pdmR3DevHlp_MMIOExPreRegister,
     0,
     0,
@@ -3874 +3962 @@
     pdmR3DevHlp_MMIODeregister,
     pdmR3DevHlp_MMIO2Register,
-    pdmR3DevHlp_MMIO2Deregister,
-    pdmR3DevHlp_MMIO2Map,
-    pdmR3DevHlp_MMIO2Unmap,
+    pdmR3DevHlp_MMIOExDeregister,
+    pdmR3DevHlp_MMIOExMap,
+    pdmR3DevHlp_MMIOExUnmap,
     pdmR3DevHlp_MMHyperMapMMIO2,
     pdmR3DevHlp_MMIO2MapKernel,
@@ -3952 +4040 @@
     pdmR3DevHlp_VMGetSuspendReason,
     pdmR3DevHlp_VMGetResumeReason,
-    0,
+    pdmR3DevHlp_MMIOExPreRegister,
     0,
     0,

trunk/src/VBox/VMM/VMMR3/PDMDevMiscHlp.cpp

@@ -579 +579 @@
 }
 
-/** @interface_method_impl{PDMPCIHLPR3,pfnIsMMIO2Base} */
+/** @interface_method_impl{PDMPCIHLPR3,pfnIsMMIOExBase} */
 static DECLCALLBACK(bool) pdmR3PciHlp_IsMMIO2Base(PPDMDEVINS pDevIns, PPDMDEVINS pOwner, RTGCPHYS GCPhys)
 {
     PDMDEV_ASSERT_DEVINS(pDevIns);
     VM_ASSERT_EMT(pDevIns->Internal.s.pVMR3);
-    bool fRc = PGMR3PhysMMIO2IsBase(pDevIns->Internal.s.pVMR3, pOwner, GCPhys);
-    Log4(("pdmR3PciHlp_IsMMIO2Base: pOwner=%p GCPhys=%RGp -> %RTbool\n", pOwner, GCPhys, fRc));
+    bool fRc = PGMR3PhysMMIOExIsBase(pDevIns->Internal.s.pVMR3, pOwner, GCPhys);
+    Log4(("pdmR3PciHlp_IsMMIOExBase: pOwner=%p GCPhys=%RGp -> %RTbool\n", pOwner, GCPhys, fRc));
     return fRc;
 }

trunk/src/VBox/VMM/VMMR3/PGM.cpp

@@ -2376 +2376 @@
      * be mapped and thus not included in the above exercise.
      */
-    for (PPGMMMIO2RANGE pCur = pVM->pgm.s.pMmio2RangesR3; pCur; pCur = pCur->pNextR3)
+    for (PPGMREGMMIORANGE pCur = pVM->pgm.s.pRegMmioRangesR3; pCur; pCur = pCur->pNextR3)
         if (!(pCur->RamRange.fFlags & PGM_RAM_RANGE_FLAGS_FLOATING))
             pCur->RamRange.pSelfRC = MMHyperCCToRC(pVM, &pCur->RamRange);

trunk/src/VBox/VMM/VMMR3/PGMPhys.cpp

@@ -1498 +1498 @@
 
 /**
- * Relocate a floating RAM range.
- *
- * @copydoc FNPGMRELOCATE
+ * @callbackmethodimpl{FNPGMRELOCATE, Relocate a floating RAM range.}
+ * @sa pgmR3PhysMMIO2ExRangeRelocate
  */
 static DECLCALLBACK(bool) pgmR3PhysRamRangeRelocate(PVM pVM, RTGCPTR GCPtrOld, RTGCPTR GCPtrNew,
@@ -2445 +2444 @@
  * @param   iRegion         The region.
  */
-DECLINLINE(PPGMMMIO2RANGE) pgmR3PhysMMIO2Find(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion)
-{
-    /*
-     * Search the list.
-     */
-    for (PPGMMMIO2RANGE pCur = pVM->pgm.s.pMmio2RangesR3; pCur; pCur = pCur->pNextR3)
+DECLINLINE(PPGMREGMMIORANGE) pgmR3PhysMMIOExFind(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion)
+{
+    /*
+     * Search the list.  There shouldn't be many entries.
+     */
+    for (PPGMREGMMIORANGE pCur = pVM->pgm.s.pRegMmioRangesR3; pCur; pCur = pCur->pNextR3)
         if (   pCur->pDevInsR3 == pDevIns
             && pCur->iRegion == iRegion)
@@ -2459 +2458 @@
 
 /**
- * Allocate and register an MMIO2 region.
- *
- * As mentioned elsewhere, MMIO2 is just RAM spelled differently.  It's RAM
- * associated with a device. It is also non-shared memory with a permanent
- * ring-3 mapping and page backing (presently).
- *
- * A MMIO2 range may overlap with base memory if a lot of RAM is configured for
- * the VM, in which case we'll drop the base memory pages.  Presently we will
- * make no attempt to preserve anything that happens to be present in the base
- * memory that is replaced, this is of course incorrect but it's too much
- * effort.
+ * @callbackmethodimpl{FNPGMRELOCATE, Relocate a floating MMIO/MMIO2 range.}
+ * @sa pgmR3PhysRamRangeRelocate
+ */
+static DECLCALLBACK(bool) pgmR3PhysMMIOExRangeRelocate(PVM pVM, RTGCPTR GCPtrOld, RTGCPTR GCPtrNew,
+                                                       PGMRELOCATECALL enmMode, void *pvUser)
+{
+    PPGMREGMMIORANGE pMmio = (PPGMREGMMIORANGE)pvUser;
+    Assert(pMmio->RamRange.fFlags & PGM_RAM_RANGE_FLAGS_FLOATING);
+    Assert(pMmio->RamRange.pSelfRC == GCPtrOld + PAGE_SIZE + RT_UOFFSETOF(PGMREGMMIORANGE, RamRange)); RT_NOREF_PV(GCPtrOld);
+
+    switch (enmMode)
+    {
+        case PGMRELOCATECALL_SUGGEST:
+            return true;
+
+        case PGMRELOCATECALL_RELOCATE:
+        {
+            /*
+             * Update myself, then relink all the ranges and flush the RC TLB.
+             */
+            pgmLock(pVM);
+
+            pMmio->RamRange.pSelfRC = (RTRCPTR)(GCPtrNew + PAGE_SIZE + RT_UOFFSETOF(PGMREGMMIORANGE, RamRange));
+
+            pgmR3PhysRelinkRamRanges(pVM);
+            for (unsigned i = 0; i < PGM_RAMRANGE_TLB_ENTRIES; i++)
+                pVM->pgm.s.apRamRangesTlbRC[i] = NIL_RTRCPTR;
+
+            pgmUnlock(pVM);
+            return true;
+        }
+
+        default:
+            AssertFailedReturn(false);
+    }
+}
+
+
+/**
+ * Worker for PGMR3PhysMMIOExPreRegister & PGMR3PhysMMIO2Register that allocates
+ * and the PGMREGMMIORANGE structure and does basic initialization.
+ *
+ * Caller must set type specfic members and initialize the PGMPAGE structures.
+ *
+ * @returns VBox status code.
+ * @param   pVM             The cross context VM structure.
+ * @param   pDevIns         The device instance owning the region.
+ * @param   iRegion         The region number.  If the MMIO2 memory is a PCI
+ *                          I/O region this number has to be the number of that
+ *                          region. Otherwise it can be any number safe
+ *                          UINT8_MAX.
+ * @param   cb              The size of the region.  Must be page aligned.
+ * @param   pszDesc         The description.
+ * @param   ppNew           Where to return the pointer to the registration.
+ *
+ * @thread  EMT
+ */
+static int pgmR3PhysMMIOExCreate(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS cb, const char *pszDesc,
+                                 PPGMREGMMIORANGE *ppNew)
+{
+    /*
+     * We currently do a single RAM range for the whole thing.  This will
+     * probably have to change once someone needs really large MMIO regions,
+     * as we will be running into SUPR3PageAllocEx limitations and such.
+     */
+    const uint32_t   cPages  = cb >> X86_PAGE_SHIFT;
+    const size_t     cbRange = RT_OFFSETOF(PGMREGMMIORANGE, RamRange.aPages[cPages]);
+    PPGMREGMMIORANGE pNew    = NULL;
+    if (cb >= _2G)
+    {
+        /*
+         * Allocate memory for the registration structure.
+         */
+        size_t const cChunkPages  = RT_ALIGN_Z(cbRange, PAGE_SIZE) >> PAGE_SHIFT;
+        size_t const cbChunk      = (1 + cChunkPages + 1) << PAGE_SHIFT;
+        AssertLogRelReturn(cbChunk == (uint32_t)cbChunk, VERR_OUT_OF_RANGE);
+        PSUPPAGE     paChunkPages = (PSUPPAGE)RTMemTmpAllocZ(sizeof(SUPPAGE) * cChunkPages);
+        AssertReturn(paChunkPages, VERR_NO_TMP_MEMORY);
+        RTR0PTR      R0PtrChunk   = NIL_RTR0PTR;
+        void        *pvChunk      = NULL;
+        int rc = SUPR3PageAllocEx(cChunkPages, 0 /*fFlags*/, &pvChunk,
+#if defined(VBOX_WITH_MORE_RING0_MEM_MAPPINGS)
+                                  &R0PtrChunk,
+#elif defined(VBOX_WITH_2X_4GB_ADDR_SPACE)
+                                  HMIsEnabled(pVM) ? &R0PtrChunk : NULL,
+#else
+                                  NULL,
+#endif
+                                  paChunkPages);
+        AssertLogRelMsgRCReturnStmt(rc, ("rc=%Rrc, cChunkPages=%#zx\n", rc, cChunkPages), RTMemTmpFree(paChunkPages), rc);
+
+#if defined(VBOX_WITH_MORE_RING0_MEM_MAPPINGS)
+        Assert(R0PtrChunk != NIL_RTR0PTR);
+#elif defined(VBOX_WITH_2X_4GB_ADDR_SPACE)
+        if (!HMIsEnabled(pVM))
+            R0PtrChunk = NIL_RTR0PTR;
+#else
+        R0PtrChunk = (uintptr_t)pvChunk;
+#endif
+        memset(pvChunk, 0, cChunkPages << PAGE_SHIFT);
+
+        pNew = (PPGMREGMMIORANGE)pvChunk;
+        pNew->RamRange.fFlags   = PGM_RAM_RANGE_FLAGS_FLOATING;
+        pNew->RamRange.pSelfR0  = R0PtrChunk + RT_OFFSETOF(PGMREGMMIORANGE, RamRange);
+
+        /*
+         * If we might end up in raw-mode, make a HMA mapping of the range,
+         * just like we do for memory above 4GB.
+         */
+        if (HMIsEnabled(pVM))
+            pNew->RamRange.pSelfRC  = NIL_RTRCPTR;
+        else
+        {
+            RTGCPTR         GCPtrChunkMap = pVM->pgm.s.GCPtrPrevRamRangeMapping - cbChunk;
+            RTGCPTR const   GCPtrChunk    = GCPtrChunkMap + PAGE_SIZE;
+            rc = PGMR3MapPT(pVM, GCPtrChunkMap, (uint32_t)cbChunk, 0 /*fFlags*/, pgmR3PhysMMIOExRangeRelocate, pNew, pszDesc);
+            if (RT_SUCCESS(rc))
+            {
+                pVM->pgm.s.GCPtrPrevRamRangeMapping = GCPtrChunkMap;
+
+                RTGCPTR GCPtrPage  = GCPtrChunk;
+                for (uint32_t iPage = 0; iPage < cChunkPages && RT_SUCCESS(rc); iPage++, GCPtrPage += PAGE_SIZE)
+                    rc = PGMMap(pVM, GCPtrPage, paChunkPages[iPage].Phys, PAGE_SIZE, 0);
+            }
+            if (RT_FAILURE(rc))
+            {
+                SUPR3PageFreeEx(pvChunk, cChunkPages);
+                return rc;
+            }
+            pNew->RamRange.pSelfRC  = GCPtrChunk + RT_OFFSETOF(PGMREGMMIORANGE, RamRange);
+        }
+    }
+    /*
+     * Not so big, do a one time hyper allocation.
+     */
+    else
+    {
+        int rc = MMR3HyperAllocOnceNoRel(pVM, cbRange, 0, MM_TAG_PGM_PHYS, (void **)&pNew);
+        AssertLogRelMsgRC(rc, ("cbRange=%zu\n", cbRange));
+
+        /*
+         * Initialize allocation specific items.
+         */
+        //pNew->RamRange.fFlags = 0;
+        pNew->RamRange.pSelfR0  = MMHyperCCToR0(pVM, &pNew->RamRange);
+        pNew->RamRange.pSelfRC  = MMHyperCCToRC(pVM, &pNew->RamRange);
+    }
+
+    /*
+     * Initialize the registration structure (caller does specific bits).
+     */
+    pNew->pDevInsR3             = pDevIns;
+    //pNew->pvR3                = NULL;
+    //pNew->pNext               = NULL;
+    //pNew->fMmio2              = false;
+    //pNew->fMapped             = false;
+    //pNew->fOverlapping        = false;
+    pNew->iRegion               = iRegion;
+    pNew->idSavedState          = UINT8_MAX;
+    pNew->idMmio2               = UINT8_MAX;
+    //pNew->pPhysHandlerR3      = NULL;
+    //pNew->paLSPages           = NULL;
+    pNew->RamRange.GCPhys       = NIL_RTGCPHYS;
+    pNew->RamRange.GCPhysLast   = NIL_RTGCPHYS;
+    pNew->RamRange.pszDesc      = pszDesc;
+    pNew->RamRange.cb           = cb;
+    pNew->RamRange.fFlags      |= PGM_RAM_RANGE_FLAGS_AD_HOC_MMIO_EX;
+    //pNew->RamRange.pvR3       = NULL;
+    //pNew->RamRange.paLSPages  = NULL;
+
+    *ppNew = pNew;
+    return VINF_SUCCESS;
+}
+
+
+/**
+ * Common worker PGMR3PhysMMIOExPreRegister & PGMR3PhysMMIO2Register that links
+ * a complete registration entry into the lists and lookup tables.
+ *
+ * @param   pVM             The cross context VM structure.
+ * @param   pNew            The new MMIO / MMIO2 registration to link.
+ */
+static void pgmR3PhysMMIOExLink(PVM pVM, PPGMREGMMIORANGE pNew)
+{
+    /*
+     * Link it into the list.
+     * Since there is no particular order, just push it.
+     */
+    pgmLock(pVM);
+
+    pNew->pNextR3 = pVM->pgm.s.pRegMmioRangesR3;
+    pVM->pgm.s.pRegMmioRangesR3 = pNew;
+
+    uint8_t idMmio2 = pNew->idMmio2;
+    if (idMmio2 != UINT8_MAX)
+    {
+        Assert(pNew->fMmio2);
+        Assert(pVM->pgm.s.apMmio2RangesR3[idMmio2 - 1] == NULL);
+        Assert(pVM->pgm.s.apMmio2RangesR0[idMmio2 - 1] == NIL_RTR0PTR);
+        pVM->pgm.s.apMmio2RangesR3[idMmio2 - 1] = pNew;
+        pVM->pgm.s.apMmio2RangesR0[idMmio2 - 1] = MMHyperCCToR0(pVM, pNew);
+    }
+    else
+        Assert(!pNew->fMmio2);
+
+    pgmPhysInvalidatePageMapTLB(pVM);
+    pgmUnlock(pVM);
+}
+
+
+/**
+ * Allocate and pre-register an MMIO region.
+ *
+ * This is currently the way to deal with large MMIO regions.  It may in the
+ * future be extended to be the way we deal with all MMIO regions, but that
+ * means we'll have to do something about the simple list based approach we take
+ * to tracking the registrations.
  *
  * @returns VBox status code.
@@ -2487 +2692 @@
  *                          the memory.
  * @param   pszDesc         The description.
+ *
+ * @thread  EMT
+ *
+ * @sa      PGMR3PhysMMIORegister, PGMR3PhysMMIO2Register,
+ *          PGMR3PhysMMIOExMap, PGMR3PhysMMIOExUnmap, PGMR3PhysMMIOExDeregister.
+ */
+VMMR3DECL(int) PGMR3PhysMMIOExPreRegister(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS cb, PGMPHYSHANDLERTYPE hType,
+                                          RTR3PTR pvUserR3, RTR0PTR pvUserR0, RTRCPTR pvUserRC, const char *pszDesc)
+{
+    /*
+     * Validate input.
+     */
+    VM_ASSERT_EMT_RETURN(pVM, VERR_VM_THREAD_NOT_EMT);
+    AssertPtrReturn(pDevIns, VERR_INVALID_PARAMETER);
+    AssertReturn(iRegion <= UINT8_MAX, VERR_INVALID_PARAMETER);
+    AssertPtrReturn(pszDesc, VERR_INVALID_POINTER);
+    AssertReturn(*pszDesc, VERR_INVALID_PARAMETER);
+    AssertReturn(pgmR3PhysMMIOExFind(pVM, pDevIns, iRegion) == NULL, VERR_ALREADY_EXISTS);
+    AssertReturn(!(cb & PAGE_OFFSET_MASK), VERR_INVALID_PARAMETER);
+    AssertReturn(cb, VERR_INVALID_PARAMETER);
+
+    const uint32_t cPages = cb >> PAGE_SHIFT;
+    AssertLogRelReturn(((RTGCPHYS)cPages << PAGE_SHIFT) == cb, VERR_INVALID_PARAMETER);
+    AssertLogRelReturn(cPages <= PGM_MMIO2_MAX_PAGE_COUNT, VERR_OUT_OF_RANGE);
+
+    /*
+     * For the 2nd+ instance, mangle the description string so it's unique.
+     */
+    if (pDevIns->iInstance > 0) /** @todo Move to PDMDevHlp.cpp and use a real string cache. */
+    {
+        pszDesc = MMR3HeapAPrintf(pVM, MM_TAG_PGM_PHYS, "%s [%u]", pszDesc, pDevIns->iInstance);
+        if (!pszDesc)
+            return VERR_NO_MEMORY;
+    }
+
+    /*
+     * Register the MMIO callbacks.
+     */
+    PPGMPHYSHANDLER pPhysHandler;
+    int rc = pgmHandlerPhysicalExCreate(pVM, hType, pvUserR3, pvUserR0, pvUserRC, pszDesc, &pPhysHandler);
+    if (RT_SUCCESS(rc))
+    {
+        /*
+         * Create the registered MMIO range record for it.
+         */
+        PPGMREGMMIORANGE pNew;
+        rc = pgmR3PhysMMIOExCreate(pVM, pDevIns, iRegion, cb, pszDesc, &pNew);
+        if (RT_SUCCESS(rc))
+        {
+            pNew->fMmio2         = false;
+            pNew->pPhysHandlerR3 = pPhysHandler;
+
+            uint32_t iPage = cPages;
+            while (iPage-- > 0)
+            {
+                PGM_PAGE_INIT_ZERO(&pNew->RamRange.aPages[iPage], pVM, PGMPAGETYPE_MMIO);
+            }
+
+            /*
+             * Update the page count stats, link the registration and we're done.
+             */
+            pVM->pgm.s.cAllPages += cPages;
+            pVM->pgm.s.cPureMmioPages += cPages;
+
+            pgmR3PhysMMIOExLink(pVM, pNew);
+            return VINF_SUCCESS;
+        }
+
+        pgmHandlerPhysicalExDestroy(pVM, pPhysHandler);
+    }
+    return rc;
+}
+
+
+/**
+ * Allocate and register an MMIO2 region.
+ *
+ * As mentioned elsewhere, MMIO2 is just RAM spelled differently.  It's RAM
+ * associated with a device. It is also non-shared memory with a permanent
+ * ring-3 mapping and page backing (presently).
+ *
+ * A MMIO2 range may overlap with base memory if a lot of RAM is configured for
+ * the VM, in which case we'll drop the base memory pages.  Presently we will
+ * make no attempt to preserve anything that happens to be present in the base
+ * memory that is replaced, this is of course incorrect but it's too much
+ * effort.
+ *
+ * @returns VBox status code.
+ * @retval  VINF_SUCCESS on success, *ppv pointing to the R3 mapping of the
+ *          memory.
+ * @retval  VERR_ALREADY_EXISTS if the region already exists.
+ *
+ * @param   pVM             The cross context VM structure.
+ * @param   pDevIns         The device instance owning the region.
+ * @param   iRegion         The region number.  If the MMIO2 memory is a PCI
+ *                          I/O region this number has to be the number of that
+ *                          region. Otherwise it can be any number safe
+ *                          UINT8_MAX.
+ * @param   cb              The size of the region.  Must be page aligned.
+ * @param   fFlags          Reserved for future use, must be zero.
+ * @param   ppv             Where to store the pointer to the ring-3 mapping of
+ *                          the memory.
+ * @param   pszDesc         The description.
+ * @thread  EMT
  */
 VMMR3DECL(int) PGMR3PhysMMIO2Register(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS cb, uint32_t fFlags,
@@ -2500 +2809 @@
     AssertPtrReturn(pszDesc, VERR_INVALID_POINTER);
     AssertReturn(*pszDesc, VERR_INVALID_PARAMETER);
-    AssertReturn(pgmR3PhysMMIO2Find(pVM, pDevIns, iRegion) == NULL, VERR_ALREADY_EXISTS);
+    AssertReturn(pgmR3PhysMMIOExFind(pVM, pDevIns, iRegion) == NULL, VERR_ALREADY_EXISTS);
     AssertReturn(!(cb & PAGE_OFFSET_MASK), VERR_INVALID_PARAMETER);
     AssertReturn(cb, VERR_INVALID_PARAMETER);
@@ -2507 +2816 @@
     const uint32_t cPages = cb >> PAGE_SHIFT;
     AssertLogRelReturn(((RTGCPHYS)cPages << PAGE_SHIFT) == cb, VERR_INVALID_PARAMETER);
-    AssertLogRelReturn(cPages <= PGM_MMIO2_MAX_PAGE_COUNT, VERR_NO_MEMORY);
+    AssertLogRelReturn(cPages <= PGM_MMIO2_MAX_PAGE_COUNT, VERR_OUT_OF_RANGE);
 
     /*
@@ -2550 +2859 @@
 
                 /*
-                 * Create the MMIO2 range record for it.
+                 * Create the registered MMIO range record for it.
                  */
-                const size_t cbRange = RT_OFFSETOF(PGMMMIO2RANGE, RamRange.aPages[cPages]);
-                PPGMMMIO2RANGE pNew;
-                rc = MMR3HyperAllocOnceNoRel(pVM, cbRange, 0, MM_TAG_PGM_PHYS, (void **)&pNew);
-                AssertLogRelMsgRC(rc, ("cbRamRange=%zu\n", cbRange));
+                PPGMREGMMIORANGE pNew;
+                rc = pgmR3PhysMMIOExCreate(pVM, pDevIns, iRegion, cb, pszDesc, &pNew);
                 if (RT_SUCCESS(rc))
                 {
-                    pNew->pDevInsR3             = pDevIns;
-                    pNew->pvR3                  = pvPages;
-                    //pNew->pNext               = NULL;
-                    //pNew->fMapped             = false;
-                    //pNew->fOverlapping        = false;
-                    pNew->iRegion               = iRegion;
-                    pNew->idSavedState          = UINT8_MAX;
-                    pNew->idMmio2               = idMmio2;
-                    pNew->RamRange.pSelfR0      = MMHyperCCToR0(pVM, &pNew->RamRange);
-                    pNew->RamRange.pSelfRC      = MMHyperCCToRC(pVM, &pNew->RamRange);
-                    pNew->RamRange.GCPhys       = NIL_RTGCPHYS;
-                    pNew->RamRange.GCPhysLast   = NIL_RTGCPHYS;
-                    pNew->RamRange.pszDesc      = pszDesc;
-                    pNew->RamRange.cb           = cb;
-                    pNew->RamRange.fFlags       = PGM_RAM_RANGE_FLAGS_AD_HOC_MMIO2;
-                    pNew->RamRange.pvR3         = pvPages;
-                    //pNew->RamRange.paLSPages    = NULL;
+                    pNew->pvR3      = pvPages;
+                    pNew->idMmio2   = idMmio2;
+                    pNew->fMmio2    = true;
 
                     uint32_t iPage = cPages;
@@ -2585 +2878 @@
                     }
 
-                    /* update page count stats */
-                    pVM->pgm.s.cAllPages     += cPages;
+                    RTMemTmpFree(paPages);
+
+                    /*
+                     * Update the page count stats, link the registration and we're done.
+                     */
+                    pVM->pgm.s.cAllPages += cPages;
                     pVM->pgm.s.cPrivatePages += cPages;
 
-                    /*
-                     * Link it into the list.
-                     * Since there is no particular order, just push it.
-                     */
-                    /** @todo we can save us the linked list now, just search the lookup table... */
-                    pgmLock(pVM);
-                    Assert(pVM->pgm.s.apMmio2RangesR3[idMmio2 - 1] == NULL);
-                    Assert(pVM->pgm.s.apMmio2RangesR0[idMmio2 - 1] == NIL_RTR0PTR);
-                    pNew->pNextR3 = pVM->pgm.s.pMmio2RangesR3;
-                    pVM->pgm.s.pMmio2RangesR3 = pNew;
-                    pVM->pgm.s.apMmio2RangesR3[idMmio2 - 1] = pNew;
-                    pVM->pgm.s.apMmio2RangesR0[idMmio2 - 1] = MMHyperCCToR0(pVM, pNew);
-                    pgmUnlock(pVM);
+                    pgmR3PhysMMIOExLink(pVM, pNew);
 
                     *ppv = pvPages;
-                    RTMemTmpFree(paPages);
-                    pgmPhysInvalidatePageMapTLB(pVM);
                     return VINF_SUCCESS;
                 }
@@ -2622 +2905 @@
 
 /**
- * Deregisters and frees an MMIO2 region.
+ * Deregisters and frees an MMIO2 region or a pre-registered MMIO region
  *
  * Any physical (and virtual) access handlers registered for the region must
@@ -2632 +2915 @@
  * @param   iRegion         The region. If it's UINT32_MAX it'll be a wildcard match.
  */
-VMMR3DECL(int) PGMR3PhysMMIO2Deregister(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion)
+VMMR3DECL(int) PGMR3PhysMMIOExDeregister(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion)
 {
     /*
@@ -2644 +2927 @@
     int rc = VINF_SUCCESS;
     unsigned cFound = 0;
-    PPGMMMIO2RANGE pPrev = NULL;
-    PPGMMMIO2RANGE pCur = pVM->pgm.s.pMmio2RangesR3;
+    PPGMREGMMIORANGE pPrev = NULL;
+    PPGMREGMMIORANGE pCur = pVM->pgm.s.pRegMmioRangesR3;
     while (pCur)
     {
@@ -2659 +2942 @@
             if (pCur->fMapped)
             {
-                int rc2 = PGMR3PhysMMIO2Unmap(pVM, pCur->pDevInsR3, pCur->iRegion, pCur->RamRange.GCPhys);
+                int rc2 = PGMR3PhysMMIOExUnmap(pVM, pCur->pDevInsR3, pCur->iRegion, pCur->RamRange.GCPhys);
                 AssertRC(rc2);
                 if (RT_FAILURE(rc2) && RT_SUCCESS(rc))
@@ -2666 +2949 @@
 
             /*
+             * Must tell IOM about MMIO.
+             */
+            if (!pCur->fMmio2)
+                IOMR3MmioExNotifyDeregistered(pVM, pCur->pPhysHandlerR3->pvUserR3);
+
+            /*
              * Unlink it
              */
-            PPGMMMIO2RANGE pNext = pCur->pNextR3;
+            PPGMREGMMIORANGE pNext = pCur->pNextR3;
             if (pPrev)
                 pPrev->pNextR3 = pNext;
             else
-                pVM->pgm.s.pMmio2RangesR3 = pNext;
+                pVM->pgm.s.pRegMmioRangesR3 = pNext;
             pCur->pNextR3 = NULL;
 
             uint8_t idMmio2 = pCur->idMmio2;
-            Assert(pVM->pgm.s.apMmio2RangesR3[idMmio2 - 1] == pCur);
-            pVM->pgm.s.apMmio2RangesR3[idMmio2 - 1] = NULL;
-            pVM->pgm.s.apMmio2RangesR0[idMmio2 - 1] = NIL_RTR0PTR;
+            if (idMmio2 != UINT8_MAX)
+            {
+                Assert(pVM->pgm.s.apMmio2RangesR3[idMmio2 - 1] == pCur);
+                pVM->pgm.s.apMmio2RangesR3[idMmio2 - 1] = NULL;
+                pVM->pgm.s.apMmio2RangesR0[idMmio2 - 1] = NIL_RTR0PTR;
+            }
 
             /*
              * Free the memory.
              */
-            int rc2 = SUPR3PageFreeEx(pCur->pvR3, pCur->RamRange.cb >> PAGE_SHIFT);
-            AssertRC(rc2);
-            if (RT_FAILURE(rc2) && RT_SUCCESS(rc))
-                rc = rc2;
-
             uint32_t const cPages = pCur->RamRange.cb >> PAGE_SHIFT;
-            rc2 = MMR3AdjustFixedReservation(pVM, -(int32_t)cPages, pCur->RamRange.pszDesc);
-            AssertRC(rc2);
-            if (RT_FAILURE(rc2) && RT_SUCCESS(rc))
-                rc = rc2;
+            if (pCur->fMmio2)
+            {
+                int rc2 = SUPR3PageFreeEx(pCur->pvR3, cPages);
+                AssertRC(rc2);
+                if (RT_FAILURE(rc2) && RT_SUCCESS(rc))
+                    rc = rc2;
+
+                rc2 = MMR3AdjustFixedReservation(pVM, -(int32_t)cPages, pCur->RamRange.pszDesc);
+                AssertRC(rc2);
+                if (RT_FAILURE(rc2) && RT_SUCCESS(rc))
+                    rc = rc2;
+            }
 
             /* we're leaking hyper memory here if done at runtime. */
@@ -2706 +3001 @@
                       , ("%s\n", VMR3GetStateName(enmState)));
 #endif
-            /*rc = MMHyperFree(pVM, pCur);
-            AssertRCReturn(rc, rc); - not safe, see the alloc call. */
+
+            const bool fMmio2 = pCur->fMmio2;
+            if (pCur->RamRange.fFlags & PGM_RAM_RANGE_FLAGS_FLOATING)
+            {
+                const size_t    cbRange     = RT_OFFSETOF(PGMREGMMIORANGE, RamRange.aPages[cPages]);
+                size_t const    cChunkPages = RT_ALIGN_Z(cbRange, PAGE_SIZE) >> PAGE_SHIFT;
+                SUPR3PageFreeEx(pCur, cChunkPages);
+            }
+            /*else
+            {
+                rc = MMHyperFree(pVM, pCur); - does not work, see the alloc call.
+                AssertRCReturn(rc, rc);
+            } */
 
 
             /* update page count stats */
-            pVM->pgm.s.cAllPages     -= cPages;
-            pVM->pgm.s.cPrivatePages -= cPages;
+            pVM->pgm.s.cAllPages -= cPages;
+            if (fMmio2)
+                pVM->pgm.s.cPrivatePages -= cPages;
+            else
+                pVM->pgm.s.cPureMmioPages -= cPages;
 
             /* next */
@@ -2730 +3039 @@
 
 /**
- * Maps a MMIO2 region.
+ * Maps a MMIO2 region or a pre-registered MMIO region.
  *
  * This is done when a guest / the bios / state loading changes the
@@ -2743 +3052 @@
  * @param   GCPhys          The guest-physical address to be remapped.
  */
-VMMR3DECL(int) PGMR3PhysMMIO2Map(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS GCPhys)
+VMMR3DECL(int) PGMR3PhysMMIOExMap(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS GCPhys)
 {
     /*
@@ -2755 +3064 @@
     AssertReturn(!(GCPhys & PAGE_OFFSET_MASK), VERR_INVALID_PARAMETER);
 
-    PPGMMMIO2RANGE pCur = pgmR3PhysMMIO2Find(pVM, pDevIns, iRegion);
+    PPGMREGMMIORANGE pCur = pgmR3PhysMMIOExFind(pVM, pDevIns, iRegion);
     AssertReturn(pCur, VERR_NOT_FOUND);
     AssertReturn(!pCur->fMapped, VERR_WRONG_ORDER);
@@ -2765 +3074 @@
 
     /*
-     * Find our location in the ram range list, checking for
-     * restriction we don't bother implementing yet (partially overlapping).
-     */
+     * Find our location in the ram range list, checking for restriction
+     * we don't bother implementing yet (partially overlapping).
+     */
+    pgmLock(pVM);
+
     bool fRamExists = false;
     PPGMRAMRANGE pRamPrev = NULL;
@@ -2776 +3087 @@
             &&  GCPhysLast >= pRam->GCPhys)
         {
-            /* completely within? */
-            AssertLogRelMsgReturn(   GCPhys     >= pRam->GCPhys
-                                  && GCPhysLast <= pRam->GCPhysLast,
-                                  ("%RGp-%RGp (MMIO2/%s) falls partly outside %RGp-%RGp (%s)\n",
-                                   GCPhys, GCPhysLast, pCur->RamRange.pszDesc,
-                                   pRam->GCPhys, pRam->GCPhysLast, pRam->pszDesc),
-                                  VERR_PGM_RAM_CONFLICT);
+            /* Completely within? */
+            AssertLogRelMsgReturnStmt(   GCPhys     >= pRam->GCPhys
+                                      && GCPhysLast <= pRam->GCPhysLast,
+                                      ("%RGp-%RGp (MMIO2/%s) falls partly outside %RGp-%RGp (%s)\n",
+                                       GCPhys, GCPhysLast, pCur->RamRange.pszDesc,
+                                       pRam->GCPhys, pRam->GCPhysLast, pRam->pszDesc),
+                                      pgmUnlock(pVM),
+                                      VERR_PGM_RAM_CONFLICT);
+
+            /* Check that all the pages are RAM pages. */
+            PPGMPAGE pPage = &pRam->aPages[(GCPhys - pRam->GCPhys) >> PAGE_SHIFT];
+            uint32_t cPagesLeft = pCur->RamRange.cb >> PAGE_SHIFT;
+            while (cPagesLeft-- > 0)
+            {
+                AssertLogRelMsgReturnStmt(PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_RAM,
+                                          ("%RGp isn't a RAM page (%d) - mapping %RGp-%RGp (MMIO2/%s).\n",
+                                           GCPhys, PGM_PAGE_GET_TYPE(pPage), GCPhys, GCPhysLast, pCur->RamRange.pszDesc),
+                                          pgmUnlock(pVM),
+                                          VERR_PGM_RAM_CONFLICT);
+                pPage++;
+            }
+
             fRamExists = true;
             break;
@@ -2791 +3117 @@
         pRam = pRam->pNextR3;
     }
-    if (fRamExists)
-    {
-        PPGMPAGE pPage = &pRam->aPages[(GCPhys - pRam->GCPhys) >> PAGE_SHIFT];
-        uint32_t cPagesLeft = pCur->RamRange.cb >> PAGE_SHIFT;
-        while (cPagesLeft-- > 0)
-        {
-            AssertLogRelMsgReturn(PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_RAM,
-                                  ("%RGp isn't a RAM page (%d) - mapping %RGp-%RGp (MMIO2/%s).\n",
-                                   GCPhys, PGM_PAGE_GET_TYPE(pPage), GCPhys, GCPhysLast, pCur->RamRange.pszDesc),
-                                  VERR_PGM_RAM_CONFLICT);
-            pPage++;
-        }
-    }
-    Log(("PGMR3PhysMMIO2Map: %RGp-%RGp fRamExists=%RTbool %s\n",
-         GCPhys, GCPhysLast, fRamExists, pCur->RamRange.pszDesc));
+    Log(("PGMR3PhysMMIOExMap: %RGp-%RGp fRamExists=%RTbool %s\n", GCPhys, GCPhysLast, fRamExists, pCur->RamRange.pszDesc));
+
 
     /*
      * Make the changes.
      */
-    pgmLock(pVM);
-
     pCur->RamRange.GCPhys = GCPhys;
     pCur->RamRange.GCPhysLast = GCPhysLast;
-    pCur->fMapped = true;
-    pCur->fOverlapping = fRamExists;
-
     if (fRamExists)
     {
-/** @todo use pgmR3PhysFreePageRange here. */
-        uint32_t            cPendingPages = 0;
-        PGMMFREEPAGESREQ    pReq;
-        int rc = GMMR3FreePagesPrepare(pVM, &pReq, PGMPHYS_FREE_PAGE_BATCH_SIZE, GMMACCOUNT_BASE);
-        AssertLogRelRCReturn(rc, rc);
-
-        /* replace the pages, freeing all present RAM pages. */
-        PPGMPAGE pPageSrc = &pCur->RamRange.aPages[0];
-        PPGMPAGE pPageDst = &pRam->aPages[(GCPhys - pRam->GCPhys) >> PAGE_SHIFT];
-        uint32_t cPagesLeft = pCur->RamRange.cb >> PAGE_SHIFT;
-        while (cPagesLeft-- > 0)
-        {
-            rc = pgmPhysFreePage(pVM, pReq, &cPendingPages, pPageDst, GCPhys);
-            AssertLogRelRCReturn(rc, rc); /* We're done for if this goes wrong. */
-
-            RTHCPHYS const HCPhys = PGM_PAGE_GET_HCPHYS(pPageSrc);
-            uint32_t const idPage = PGM_PAGE_GET_PAGEID(pPageSrc);
-            PGM_PAGE_SET_PAGEID(pVM, pPageDst, idPage);
-            PGM_PAGE_SET_HCPHYS(pVM, pPageDst, HCPhys);
-            PGM_PAGE_SET_TYPE(pVM, pPageDst, PGMPAGETYPE_MMIO2);
-            PGM_PAGE_SET_STATE(pVM, pPageDst, PGM_PAGE_STATE_ALLOCATED);
-            PGM_PAGE_SET_PDE_TYPE(pVM, pPageDst, PGM_PAGE_PDE_TYPE_DONTCARE);
-            PGM_PAGE_SET_PTE_INDEX(pVM, pPageDst, 0);
-            PGM_PAGE_SET_TRACKING(pVM, pPageDst, 0);
-
-            pVM->pgm.s.cZeroPages--;
-            GCPhys += PAGE_SIZE;
-            pPageSrc++;
-            pPageDst++;
+        /*
+         * Make all the pages in the range MMIO/ZERO pages, freeing any
+         * RAM pages currently mapped here. This might not be 100% correct
+         * for PCI memory, but we're doing the same thing for MMIO2 pages.
+         *
+         * We replace this MMIO/ZERO pages with real pages in the MMIO2 case.
+         */
+        int rc = pgmR3PhysFreePageRange(pVM, pRam, GCPhys, GCPhysLast, PGMPAGETYPE_MMIO);
+        AssertRCReturnStmt(rc, pgmUnlock(pVM), rc);
+        if (pCur->fMmio2)
+        {
+            /* replace the pages, freeing all present RAM pages. */
+            PPGMPAGE pPageSrc = &pCur->RamRange.aPages[0];
+            PPGMPAGE pPageDst = &pRam->aPages[(GCPhys - pRam->GCPhys) >> PAGE_SHIFT];
+            uint32_t cPagesLeft = pCur->RamRange.cb >> PAGE_SHIFT;
+            while (cPagesLeft-- > 0)
+            {
+                Assert(PGM_PAGE_IS_MMIO(pPageDst));
+
+                RTHCPHYS const HCPhys = PGM_PAGE_GET_HCPHYS(pPageSrc);
+                uint32_t const idPage = PGM_PAGE_GET_PAGEID(pPageSrc);
+                PGM_PAGE_SET_PAGEID(pVM, pPageDst, idPage);
+                PGM_PAGE_SET_HCPHYS(pVM, pPageDst, HCPhys);
+                PGM_PAGE_SET_TYPE(pVM, pPageDst, PGMPAGETYPE_MMIO2);
+                PGM_PAGE_SET_STATE(pVM, pPageDst, PGM_PAGE_STATE_ALLOCATED);
+                PGM_PAGE_SET_PDE_TYPE(pVM, pPageDst, PGM_PAGE_PDE_TYPE_DONTCARE);
+                PGM_PAGE_SET_PTE_INDEX(pVM, pPageDst, 0);
+                PGM_PAGE_SET_TRACKING(pVM, pPageDst, 0);
+
+                pVM->pgm.s.cZeroPages--;
+                GCPhys += PAGE_SIZE;
+                pPageSrc++;
+                pPageDst++;
+            }
         }
 
         /* Flush physical page map TLB. */
         pgmPhysInvalidatePageMapTLB(pVM);
-
-        if (cPendingPages)
-        {
-            rc = GMMR3FreePagesPerform(pVM, pReq, cPendingPages);
-            AssertLogRelRCReturn(rc, rc);
-        }
-        GMMR3FreePagesCleanup(pReq);
 
         /* Force a PGM pool flush as guest ram references have been changed. */
@@ -2866 +3172 @@
         pVCpu->pgm.s.fSyncFlags |= PGM_SYNC_CLEAR_PGM_POOL;
         VMCPU_FF_SET(pVCpu, VMCPU_FF_PGM_SYNC_CR3);
-
-        pgmUnlock(pVM);
     }
     else
     {
-#ifdef VBOX_WITH_REM
-        RTGCPHYS cb = pCur->RamRange.cb;
-#endif
-
+        /*
+         * No RAM range, insert the one prepared during registration.
+         */
         /* Clear the tracking data of pages we're going to reactivate. */
         PPGMPAGE pPageSrc = &pCur->RamRange.aPages[0];
@@ -2887 +3190 @@
         /* link in the ram range */
         pgmR3PhysLinkRamRange(pVM, &pCur->RamRange, pRamPrev);
-        pgmUnlock(pVM);
+    }
+
+    /*
+     * Register the access handler if plain MMIO.
+     */
+    if (!pCur->fMmio2)
+    {
+        int rc = pgmHandlerPhysicalExRegister(pVM, pCur->pPhysHandlerR3, GCPhys, GCPhysLast);
+        if (RT_SUCCESS(rc))
+        {
+            rc = IOMR3MmioExNotifyMapped(pVM, pCur->pPhysHandlerR3->pvUserR3, GCPhys);
+            if (RT_FAILURE(rc))
+                pgmHandlerPhysicalExDeregister(pVM, pCur->pPhysHandlerR3);
+        }
+        if (RT_FAILURE(rc))
+        {
+            /* Almost impossible, but try clean up properly and get out of here. */
+            if (!fRamExists)
+                pgmR3PhysUnlinkRamRange2(pVM, &pCur->RamRange, pRamPrev);
+            else
+            {
+                uint32_t cPagesLeft = pCur->RamRange.cb >> PAGE_SHIFT;
+                if (pCur->fMmio2)
+                    pVM->pgm.s.cZeroPages += cPagesLeft;
+
+                PPGMPAGE pPageDst = &pRam->aPages[(pCur->RamRange.GCPhys - pRam->GCPhys) >> PAGE_SHIFT];
+                while (cPagesLeft-- > 0)
+                {
+                    PGM_PAGE_INIT_ZERO(pPageDst, pVM, PGMPAGETYPE_RAM);
+                    pPageDst++;
+                }
+            }
+            pCur->RamRange.GCPhys     = NIL_RTGCPHYS;
+            pCur->RamRange.GCPhysLast = NIL_RTGCPHYS;
+
+            pgmUnlock(pVM);
+            return rc;
+        }
+    }
+
+    pCur->fMapped = true;
+    pCur->fOverlapping = fRamExists;
+    pgmPhysInvalidatePageMapTLB(pVM);
+    pgmUnlock(pVM);
 
 #ifdef VBOX_WITH_REM
-        REMR3NotifyPhysRamRegister(pVM, GCPhys, cb, REM_NOTIFY_PHYS_RAM_FLAGS_MMIO2);
+    /*
+     * Inform REM without holding the PGM lock.
+     */
+    if (!fRamExists && pCur->fMmio2)
+        REMR3NotifyPhysRamRegister(pVM, GCPhys, pCur->RamRange.cb, REM_NOTIFY_PHYS_RAM_FLAGS_MMIO2);
 #endif
-    }
-
-    pgmPhysInvalidatePageMapTLB(pVM);
     return VINF_SUCCESS;
 }
@@ -2900 +3247 @@
 
 /**
- * Unmaps a MMIO2 region.
+ * Unmaps a MMIO2 or a pre-registered MMIO region.
  *
  * This is done when a guest / the bios / state loading changes the
@@ -2906 +3253 @@
  * as during registration, of course.
  */
-VMMR3DECL(int) PGMR3PhysMMIO2Unmap(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS GCPhys)
+VMMR3DECL(int) PGMR3PhysMMIOExUnmap(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS GCPhys)
 {
     /*
@@ -2918 +3265 @@
     AssertReturn(!(GCPhys & PAGE_OFFSET_MASK), VERR_INVALID_PARAMETER);
 
-    PPGMMMIO2RANGE pCur = pgmR3PhysMMIO2Find(pVM, pDevIns, iRegion);
+    PPGMREGMMIORANGE pCur = pgmR3PhysMMIOExFind(pVM, pDevIns, iRegion);
     AssertReturn(pCur, VERR_NOT_FOUND);
     AssertReturn(pCur->fMapped, VERR_WRONG_ORDER);
@@ -2924 +3271 @@
     Assert(pCur->RamRange.GCPhysLast != NIL_RTGCPHYS);
 
-    Log(("PGMR3PhysMMIO2Unmap: %RGp-%RGp %s\n",
+    Log(("PGMR3PhysMMIOExUnmap: %RGp-%RGp %s\n",
          pCur->RamRange.GCPhys, pCur->RamRange.GCPhysLast, pCur->RamRange.pszDesc));
 
+    int rc = pgmLock(pVM);
+    AssertRCReturn(rc, rc);
+    AssertReturnStmt(pCur->fMapped, pgmUnlock(pVM),VERR_WRONG_ORDER);
+
+    /*
+     * If plain MMIO, we must deregister the handler first.
+     */
+    if (!pCur->fMmio2)
+    {
+        rc = pgmHandlerPhysicalExDeregister(pVM, pCur->pPhysHandlerR3);
+        AssertRCReturnStmt(rc, pgmUnlock(pVM), rc);
+
+        IOMR3MmioExNotifyUnmapped(pVM, pCur->pPhysHandlerR3->pvUserR3, GCPhys);
+    }
+
     /*
      * Unmap it.
      */
-    pgmLock(pVM);
-
 #ifdef VBOX_WITH_REM
-    RTGCPHYS    GCPhysRangeREM;
-    RTGCPHYS    cbRangeREM;
-    bool        fInformREM;
+    RTGCPHYS        GCPhysRangeREM;
+    bool            fInformREM;
 #endif
     if (pCur->fOverlapping)
@@ -2944 +3303 @@
             pRam = pRam->pNextR3;
 
+        uint32_t cPagesLeft = pCur->RamRange.cb >> PAGE_SHIFT;
+        if (pCur->fMmio2)
+            pVM->pgm.s.cZeroPages += cPagesLeft;
+
         PPGMPAGE pPageDst = &pRam->aPages[(pCur->RamRange.GCPhys - pRam->GCPhys) >> PAGE_SHIFT];
-        uint32_t cPagesLeft = pCur->RamRange.cb >> PAGE_SHIFT;
         while (cPagesLeft-- > 0)
         {
             PGM_PAGE_INIT_ZERO(pPageDst, pVM, PGMPAGETYPE_RAM);
-            pVM->pgm.s.cZeroPages++;
             pPageDst++;
         }
@@ -2957 +3318 @@
 #ifdef VBOX_WITH_REM
         GCPhysRangeREM = NIL_RTGCPHYS;  /* shuts up gcc */
-        cbRangeREM     = RTGCPHYS_MAX;  /* ditto */
         fInformREM     = false;
 #endif
@@ -2965 +3325 @@
 #ifdef VBOX_WITH_REM
         GCPhysRangeREM = pCur->RamRange.GCPhys;
-        cbRangeREM     = pCur->RamRange.cb;
-        fInformREM     = true;
+        fInformREM     = pCur->fMmio2;
 #endif
         pgmR3PhysUnlinkRamRange(pVM, &pCur->RamRange);
@@ -2986 +3345 @@
     pgmPhysInvalidatePageMapTLB(pVM);
     pgmPhysInvalidRamRangeTlbs(pVM);
+
     pgmUnlock(pVM);
 
 #ifdef VBOX_WITH_REM
+    /*
+     * Inform REM without holding the PGM lock.
+     */
     if (fInformREM)
-        REMR3NotifyPhysRamDeregister(pVM, GCPhysRangeREM, cbRangeREM);
+        REMR3NotifyPhysRamDeregister(pVM, GCPhysRangeREM, pCur->RamRange.cb);
 #endif
 
@@ -2998 +3361 @@
 
 /**
- * Checks if the given address is an MMIO2 base address or not.
+ * Checks if the given address is an MMIO2 or pre-registered MMIO base address
+ * or not.
  *
  * @returns true/false accordingly.
@@ -3005 +3369 @@
  * @param   GCPhys          The address to check.
  */
-VMMR3DECL(bool) PGMR3PhysMMIO2IsBase(PVM pVM, PPDMDEVINS pDevIns, RTGCPHYS GCPhys)
+VMMR3DECL(bool) PGMR3PhysMMIOExIsBase(PVM pVM, PPDMDEVINS pDevIns, RTGCPHYS GCPhys)
 {
     /*
@@ -3020 +3384 @@
      */
     pgmLock(pVM);
-    for (PPGMMMIO2RANGE pCur = pVM->pgm.s.pMmio2RangesR3; pCur; pCur = pCur->pNextR3)
+    for (PPGMREGMMIORANGE pCur = pVM->pgm.s.pRegMmioRangesR3; pCur; pCur = pCur->pNextR3)
         if (pCur->RamRange.GCPhys == GCPhys)
         {
@@ -3045 +3409 @@
  * @param   pHCPhys         Where to store the result.
  */
-VMMR3DECL(int) PGMR3PhysMMIO2GetHCPhys(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS off, PRTHCPHYS pHCPhys)
+VMMR3_INT_DECL(int) PGMR3PhysMMIO2GetHCPhys(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS off, PRTHCPHYS pHCPhys)
 {
     /*
@@ -3055 +3419 @@
 
     pgmLock(pVM);
-    PPGMMMIO2RANGE pCur = pgmR3PhysMMIO2Find(pVM, pDevIns, iRegion);
+    PPGMREGMMIORANGE pCur = pgmR3PhysMMIOExFind(pVM, pDevIns, iRegion);
     AssertReturn(pCur, VERR_NOT_FOUND);
+    AssertReturn(pCur->fMmio2, VERR_WRONG_TYPE);
     AssertReturn(off < pCur->RamRange.cb, VERR_INVALID_PARAMETER);
 
@@ -3082 +3447 @@
  * @param   pR0Ptr      Where to store the R0 address.
  */
-VMMR3DECL(int) PGMR3PhysMMIO2MapKernel(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS off, RTGCPHYS cb,
-                                       const char *pszDesc, PRTR0PTR pR0Ptr)
+VMMR3_INT_DECL(int) PGMR3PhysMMIO2MapKernel(PVM pVM, PPDMDEVINS pDevIns, uint32_t iRegion, RTGCPHYS off, RTGCPHYS cb,
+                                            const char *pszDesc, PRTR0PTR pR0Ptr)
 {
     /*
@@ -3092 +3457 @@
     AssertReturn(iRegion <= UINT8_MAX, VERR_INVALID_PARAMETER);
 
-    PPGMMMIO2RANGE pCur = pgmR3PhysMMIO2Find(pVM, pDevIns, iRegion);
+    PPGMREGMMIORANGE pCur = pgmR3PhysMMIOExFind(pVM, pDevIns, iRegion);
     AssertReturn(pCur, VERR_NOT_FOUND);
+    AssertReturn(pCur->fMmio2, VERR_WRONG_TYPE);
     AssertReturn(off < pCur->RamRange.cb, VERR_INVALID_PARAMETER);
     AssertReturn(cb <= pCur->RamRange.cb, VERR_INVALID_PARAMETER);

trunk/src/VBox/VMM/VMMR3/PGMSavedState.cpp

@@ -642 +642 @@
      */
     pgmLock(pVM);
-    for (PPGMMMIO2RANGE pMmio2 = pVM->pgm.s.pMmio2RangesR3; pMmio2; pMmio2 = pMmio2->pNextR3)
-    {
-        uint32_t const  cPages = pMmio2->RamRange.cb >> PAGE_SHIFT;
-        pgmUnlock(pVM);
-
-        PPGMLIVESAVEMMIO2PAGE paLSPages = (PPGMLIVESAVEMMIO2PAGE)MMR3HeapAllocZ(pVM, MM_TAG_PGM, sizeof(PGMLIVESAVEMMIO2PAGE) * cPages);
-        if (!paLSPages)
-            return VERR_NO_MEMORY;
-        for (uint32_t iPage = 0; iPage < cPages; iPage++)
-        {
-            /* Initialize it as a dirty zero page. */
-            paLSPages[iPage].fDirty          = true;
-            paLSPages[iPage].cUnchangedScans = 0;
-            paLSPages[iPage].fZero           = true;
-            paLSPages[iPage].u32CrcH1        = PGM_STATE_CRC32_ZERO_HALF_PAGE;
-            paLSPages[iPage].u32CrcH2        = PGM_STATE_CRC32_ZERO_HALF_PAGE;
-        }
-
-        pgmLock(pVM);
-        pMmio2->paLSPages = paLSPages;
-        pVM->pgm.s.LiveSave.Mmio2.cDirtyPages += cPages;
+    for (PPGMREGMMIORANGE pRegMmio = pVM->pgm.s.pRegMmioRangesR3; pRegMmio; pRegMmio = pRegMmio->pNextR3)
+    {
+        if (pRegMmio->fMmio2)
+        {
+            uint32_t const  cPages = pRegMmio->RamRange.cb >> PAGE_SHIFT;
+            pgmUnlock(pVM);
+
+            PPGMLIVESAVEMMIO2PAGE paLSPages = (PPGMLIVESAVEMMIO2PAGE)MMR3HeapAllocZ(pVM, MM_TAG_PGM, sizeof(PGMLIVESAVEMMIO2PAGE) * cPages);
+            if (!paLSPages)
+                return VERR_NO_MEMORY;
+            for (uint32_t iPage = 0; iPage < cPages; iPage++)
+            {
+                /* Initialize it as a dirty zero page. */
+                paLSPages[iPage].fDirty          = true;
+                paLSPages[iPage].cUnchangedScans = 0;
+                paLSPages[iPage].fZero           = true;
+                paLSPages[iPage].u32CrcH1        = PGM_STATE_CRC32_ZERO_HALF_PAGE;
+                paLSPages[iPage].u32CrcH2        = PGM_STATE_CRC32_ZERO_HALF_PAGE;
+            }
+
+            pgmLock(pVM);
+            pRegMmio->paLSPages = paLSPages;
+            pVM->pgm.s.LiveSave.Mmio2.cDirtyPages += cPages;
+        }
     }
     pgmUnlock(pVM);
@@ -680 +683 @@
     pgmLock(pVM);
     uint8_t id = 1;
-    for (PPGMMMIO2RANGE pMmio2 = pVM->pgm.s.pMmio2RangesR3; pMmio2; pMmio2 = pMmio2->pNextR3, id++)
-    {
-        pMmio2->idSavedState = id;
-        SSMR3PutU8(pSSM, id);
-        SSMR3PutStrZ(pSSM, pMmio2->pDevInsR3->pReg->szName);
-        SSMR3PutU32(pSSM, pMmio2->pDevInsR3->iInstance);
-        SSMR3PutU8(pSSM, pMmio2->iRegion);
-        SSMR3PutStrZ(pSSM, pMmio2->RamRange.pszDesc);
-        int rc = SSMR3PutGCPhys(pSSM, pMmio2->RamRange.cb);
-        if (RT_FAILURE(rc))
-            break;
+    for (PPGMREGMMIORANGE pRegMmio = pVM->pgm.s.pRegMmioRangesR3; pRegMmio; pRegMmio = pRegMmio->pNextR3)
+    {
+        if (pRegMmio->fMmio2)
+        {
+            pRegMmio->idSavedState = id;
+            SSMR3PutU8(pSSM, id);
+            SSMR3PutStrZ(pSSM, pRegMmio->pDevInsR3->pReg->szName);
+            SSMR3PutU32(pSSM, pRegMmio->pDevInsR3->iInstance);
+            SSMR3PutU8(pSSM, pRegMmio->iRegion);
+            SSMR3PutStrZ(pSSM, pRegMmio->RamRange.pszDesc);
+            int rc = SSMR3PutGCPhys(pSSM, pRegMmio->RamRange.cb);
+            if (RT_FAILURE(rc))
+                break;
+            id++;
+        }
     }
     pgmUnlock(pVM);
@@ -709 +716 @@
     PGM_LOCK_ASSERT_OWNER(pVM);
 
-    for (PPGMMMIO2RANGE pMmio2 = pVM->pgm.s.pMmio2RangesR3; pMmio2; pMmio2 = pMmio2->pNextR3)
-        pMmio2->idSavedState = UINT8_MAX;
+    for (PPGMREGMMIORANGE pRegMmio = pVM->pgm.s.pRegMmioRangesR3; pRegMmio; pRegMmio = pRegMmio->pNextR3)
+        if (pRegMmio->fMmio2)
+            pRegMmio->idSavedState = UINT8_MAX;
 
     for (;;)
@@ -723 +731 @@
         if (id == UINT8_MAX)
         {
-            for (PPGMMMIO2RANGE pMmio2 = pVM->pgm.s.pMmio2RangesR3; pMmio2; pMmio2 = pMmio2->pNextR3)
-                AssertLogRelMsg(pMmio2->idSavedState != UINT8_MAX, ("%s\n", pMmio2->RamRange.pszDesc));
+            for (PPGMREGMMIORANGE pRegMmio = pVM->pgm.s.pRegMmioRangesR3; pRegMmio; pRegMmio = pRegMmio->pNextR3)
+                AssertLogRelMsg(pRegMmio->idSavedState != UINT8_MAX || !pRegMmio->fMmio2, ("%s\n", pRegMmio->RamRange.pszDesc));
             return VINF_SUCCESS;        /* the end */
         }
@@ -749 +757 @@
          * Locate a matching MMIO2 range.
          */
-        PPGMMMIO2RANGE pMmio2;
-        for (pMmio2 = pVM->pgm.s.pMmio2RangesR3; pMmio2; pMmio2 = pMmio2->pNextR3)
-        {
-            if (    pMmio2->idSavedState == UINT8_MAX
-                &&  pMmio2->iRegion == iRegion
-                &&  pMmio2->pDevInsR3->iInstance == uInstance
-                &&  !strcmp(pMmio2->pDevInsR3->pReg->szName, szDevName))
-            {
-                pMmio2->idSavedState = id;
+        PPGMREGMMIORANGE pRegMmio;
+        for (pRegMmio = pVM->pgm.s.pRegMmioRangesR3; pRegMmio; pRegMmio = pRegMmio->pNextR3)
+        {
+            if (    pRegMmio->idSavedState == UINT8_MAX
+                &&  pRegMmio->iRegion == iRegion
+                &&  pRegMmio->pDevInsR3->iInstance == uInstance
+                &&  pRegMmio->fMmio2
+                &&  !strcmp(pRegMmio->pDevInsR3->pReg->szName, szDevName))
+            {
+                pRegMmio->idSavedState = id;
                 break;
             }
         }
-        if (!pMmio2)
+        if (!pRegMmio)
             return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("Failed to locate a MMIO2 range called '%s' owned by %s/%u, region %d"),
                                     szDesc, szDevName, uInstance, iRegion);
@@ -769 +778 @@
          * the same.
          */
-        if (cb != pMmio2->RamRange.cb)
+        if (cb != pRegMmio->RamRange.cb)
         {
             LogRel(("PGM: MMIO2 region \"%s\" size mismatch: saved=%RGp config=%RGp\n",
-                    pMmio2->RamRange.pszDesc, cb, pMmio2->RamRange.cb));
-            if (cb > pMmio2->RamRange.cb) /* bad idea? */
+                    pRegMmio->RamRange.pszDesc, cb, pRegMmio->RamRange.cb));
+            if (cb > pRegMmio->RamRange.cb) /* bad idea? */
                 return SSMR3SetCfgError(pSSM, RT_SRC_POS, N_("MMIO2 region \"%s\" size mismatch: saved=%RGp config=%RGp"),
-                                        pMmio2->RamRange.pszDesc, cb, pMmio2->RamRange.cb);
+                                        pRegMmio->RamRange.pszDesc, cb, pRegMmio->RamRange.cb);
         }
     } /* forever */
@@ -873 +882 @@
 
     pgmLock(pVM);                       /* paranoia */
-    for (PPGMMMIO2RANGE pMmio2 = pVM->pgm.s.pMmio2RangesR3; pMmio2; pMmio2 = pMmio2->pNextR3)
-    {
-        PPGMLIVESAVEMMIO2PAGE paLSPages = pMmio2->paLSPages;
-        uint32_t              cPages    = pMmio2->RamRange.cb >> PAGE_SHIFT;
-        pgmUnlock(pVM);
-
-        for (uint32_t iPage = 0; iPage < cPages; iPage++)
-        {
-            uint8_t const *pbPage = (uint8_t const *)pMmio2->pvR3 + iPage * PAGE_SIZE;
-            pgmR3ScanMmio2Page(pVM, pbPage, &paLSPages[iPage]);
-        }
-
-        pgmLock(pVM);
-    }
+    for (PPGMREGMMIORANGE pRegMmio = pVM->pgm.s.pRegMmioRangesR3; pRegMmio; pRegMmio = pRegMmio->pNextR3)
+        if (pRegMmio->fMmio2)
+        {
+            PPGMLIVESAVEMMIO2PAGE paLSPages = pRegMmio->paLSPages;
+            uint32_t              cPages    = pRegMmio->RamRange.cb >> PAGE_SHIFT;
+            pgmUnlock(pVM);
+
+            for (uint32_t iPage = 0; iPage < cPages; iPage++)
+            {
+                uint8_t const *pbPage = (uint8_t const *)pRegMmio->pvR3 + iPage * PAGE_SIZE;
+                pgmR3ScanMmio2Page(pVM, pbPage, &paLSPages[iPage]);
+            }
+
+            pgmLock(pVM);
+        }
     pgmUnlock(pVM);
 
@@ -913 +923 @@
          */
         pgmLock(pVM);
-        for (PPGMMMIO2RANGE pMmio2 = pVM->pgm.s.pMmio2RangesR3;
-             pMmio2 && RT_SUCCESS(rc);
-             pMmio2 = pMmio2->pNextR3)
-        {
-            PPGMLIVESAVEMMIO2PAGE paLSPages = pMmio2->paLSPages;
-            uint8_t const        *pbPage    = (uint8_t const *)pMmio2->RamRange.pvR3;
-            uint32_t              cPages    = pMmio2->RamRange.cb >> PAGE_SHIFT;
-            uint32_t              iPageLast = cPages;
-            for (uint32_t iPage = 0; iPage < cPages; iPage++, pbPage += PAGE_SIZE)
-            {
-                uint8_t u8Type;
-                if (!fLiveSave)
-                    u8Type = ASMMemIsZeroPage(pbPage) ? PGM_STATE_REC_MMIO2_ZERO : PGM_STATE_REC_MMIO2_RAW;
-                else
+        for (PPGMREGMMIORANGE pRegMmio = pVM->pgm.s.pRegMmioRangesR3;
+             pRegMmio && RT_SUCCESS(rc);
+             pRegMmio = pRegMmio->pNextR3)
+            if (pRegMmio->fMmio2)
+            {
+                PPGMLIVESAVEMMIO2PAGE paLSPages = pRegMmio->paLSPages;
+                uint8_t const        *pbPage    = (uint8_t const *)pRegMmio->RamRange.pvR3;
+                uint32_t              cPages    = pRegMmio->RamRange.cb >> PAGE_SHIFT;
+                uint32_t              iPageLast = cPages;
+                for (uint32_t iPage = 0; iPage < cPages; iPage++, pbPage += PAGE_SIZE)
                 {
-                    /* Try figure if it's a clean page, compare the SHA-1 to be really sure. */
-                    if (   !paLSPages[iPage].fDirty
-                        && !pgmR3ScanMmio2Page(pVM, pbPage, &paLSPages[iPage]))
+                    uint8_t u8Type;
+                    if (!fLiveSave)
+                        u8Type = ASMMemIsZeroPage(pbPage) ? PGM_STATE_REC_MMIO2_ZERO : PGM_STATE_REC_MMIO2_RAW;
+                    else
                     {
-                        if (paLSPages[iPage].fZero)
-                            continue;
-
-                        uint8_t abSha1Hash[RTSHA1_HASH_SIZE];
-                        RTSha1(pbPage, PAGE_SIZE, abSha1Hash);
-                        if (!memcmp(abSha1Hash, paLSPages[iPage].abSha1Saved, sizeof(abSha1Hash)))
-                            continue;
+                        /* Try figure if it's a clean page, compare the SHA-1 to be really sure. */
+                        if (   !paLSPages[iPage].fDirty
+                            && !pgmR3ScanMmio2Page(pVM, pbPage, &paLSPages[iPage]))
+                        {
+                            if (paLSPages[iPage].fZero)
+                                continue;
+
+                            uint8_t abSha1Hash[RTSHA1_HASH_SIZE];
+                            RTSha1(pbPage, PAGE_SIZE, abSha1Hash);
+                            if (!memcmp(abSha1Hash, paLSPages[iPage].abSha1Saved, sizeof(abSha1Hash)))
+                                continue;
+                        }
+                        u8Type = paLSPages[iPage].fZero ? PGM_STATE_REC_MMIO2_ZERO : PGM_STATE_REC_MMIO2_RAW;
+                        pVM->pgm.s.LiveSave.cSavedPages++;
                     }
-                    u8Type = paLSPages[iPage].fZero ? PGM_STATE_REC_MMIO2_ZERO : PGM_STATE_REC_MMIO2_RAW;
-                    pVM->pgm.s.LiveSave.cSavedPages++;
+
+                    if (iPage != 0 && iPage == iPageLast + 1)
+                        rc = SSMR3PutU8(pSSM, u8Type);
+                    else
+                    {
+                        SSMR3PutU8(pSSM, u8Type | PGM_STATE_REC_FLAG_ADDR);
+                        SSMR3PutU8(pSSM, pRegMmio->idSavedState);
+                        rc = SSMR3PutU32(pSSM, iPage);
+                    }
+                    if (u8Type == PGM_STATE_REC_MMIO2_RAW)
+                        rc = SSMR3PutMem(pSSM, pbPage, PAGE_SIZE);
+                    if (RT_FAILURE(rc))
+                        break;
+                    iPageLast = iPage;
                 }
-
-                if (iPage != 0 && iPage == iPageLast + 1)
-                    rc = SSMR3PutU8(pSSM, u8Type);
-                else
-                {
-                    SSMR3PutU8(pSSM, u8Type | PGM_STATE_REC_FLAG_ADDR);
-                    SSMR3PutU8(pSSM, pMmio2->idSavedState);
-                    rc = SSMR3PutU32(pSSM, iPage);
-                }
-                if (u8Type == PGM_STATE_REC_MMIO2_RAW)
-                    rc = SSMR3PutMem(pSSM, pbPage, PAGE_SIZE);
-                if (RT_FAILURE(rc))
-                    break;
-                iPageLast = iPage;
-            }
-        }
+            }
         pgmUnlock(pVM);
     }
@@ -970 +981 @@
     {
         pgmLock(pVM);
-        for (PPGMMMIO2RANGE pMmio2 = pVM->pgm.s.pMmio2RangesR3;
-             pMmio2 && RT_SUCCESS(rc);
-             pMmio2 = pMmio2->pNextR3)
-        {
-            PPGMLIVESAVEMMIO2PAGE paLSPages = pMmio2->paLSPages;
-            uint8_t const        *pbPage    = (uint8_t const *)pMmio2->RamRange.pvR3;
-            uint32_t              cPages    = pMmio2->RamRange.cb >> PAGE_SHIFT;
-            uint32_t              iPageLast = cPages;
-            pgmUnlock(pVM);
-
-            for (uint32_t iPage = 0; iPage < cPages; iPage++, pbPage += PAGE_SIZE)
-            {
-                /* Skip clean pages and pages which hasn't quiesced. */
-                if (!paLSPages[iPage].fDirty)
-                    continue;
-                if (paLSPages[iPage].cUnchangedScans < 3)
-                    continue;
-                if (pgmR3ScanMmio2Page(pVM, pbPage, &paLSPages[iPage]))
-                    continue;
-
-                /* Save it. */
-                bool const fZero = paLSPages[iPage].fZero;
-                uint8_t abPage[PAGE_SIZE];
-                if (!fZero)
+        for (PPGMREGMMIORANGE pRegMmio = pVM->pgm.s.pRegMmioRangesR3;
+             pRegMmio && RT_SUCCESS(rc);
+             pRegMmio = pRegMmio->pNextR3)
+            if (pRegMmio->fMmio2)
+            {
+                PPGMLIVESAVEMMIO2PAGE paLSPages = pRegMmio->paLSPages;
+                uint8_t const        *pbPage    = (uint8_t const *)pRegMmio->RamRange.pvR3;
+                uint32_t              cPages    = pRegMmio->RamRange.cb >> PAGE_SHIFT;
+                uint32_t              iPageLast = cPages;
+                pgmUnlock(pVM);
+
+                for (uint32_t iPage = 0; iPage < cPages; iPage++, pbPage += PAGE_SIZE)
                 {
-                    memcpy(abPage, pbPage, PAGE_SIZE);
-                    RTSha1(abPage, PAGE_SIZE, paLSPages[iPage].abSha1Saved);
+                    /* Skip clean pages and pages which hasn't quiesced. */
+                    if (!paLSPages[iPage].fDirty)
+                        continue;
+                    if (paLSPages[iPage].cUnchangedScans < 3)
+                        continue;
+                    if (pgmR3ScanMmio2Page(pVM, pbPage, &paLSPages[iPage]))
+                        continue;
+
+                    /* Save it. */
+                    bool const fZero = paLSPages[iPage].fZero;
+                    uint8_t abPage[PAGE_SIZE];
+                    if (!fZero)
+                    {
+                        memcpy(abPage, pbPage, PAGE_SIZE);
+                        RTSha1(abPage, PAGE_SIZE, paLSPages[iPage].abSha1Saved);
+                    }
+
+                    uint8_t u8Type = paLSPages[iPage].fZero ? PGM_STATE_REC_MMIO2_ZERO : PGM_STATE_REC_MMIO2_RAW;
+                    if (iPage != 0 && iPage == iPageLast + 1)
+                        rc = SSMR3PutU8(pSSM, u8Type);
+                    else
+                    {
+                        SSMR3PutU8(pSSM, u8Type | PGM_STATE_REC_FLAG_ADDR);
+                        SSMR3PutU8(pSSM, pRegMmio->idSavedState);
+                        rc = SSMR3PutU32(pSSM, iPage);
+                    }
+                    if (u8Type == PGM_STATE_REC_MMIO2_RAW)
+                        rc = SSMR3PutMem(pSSM, abPage, PAGE_SIZE);
+                    if (RT_FAILURE(rc))
+                        break;
+
+                    /* Housekeeping. */
+                    paLSPages[iPage].fDirty = false;
+                    pVM->pgm.s.LiveSave.Mmio2.cDirtyPages--;
+                    pVM->pgm.s.LiveSave.Mmio2.cReadyPages++;
+                    if (u8Type == PGM_STATE_REC_MMIO2_ZERO)
+                        pVM->pgm.s.LiveSave.Mmio2.cZeroPages++;
+                    pVM->pgm.s.LiveSave.cSavedPages++;
+                    iPageLast = iPage;
                 }
 
-                uint8_t u8Type = paLSPages[iPage].fZero ? PGM_STATE_REC_MMIO2_ZERO : PGM_STATE_REC_MMIO2_RAW;
-                if (iPage != 0 && iPage == iPageLast + 1)
-                    rc = SSMR3PutU8(pSSM, u8Type);
-                else
-                {
-                    SSMR3PutU8(pSSM, u8Type | PGM_STATE_REC_FLAG_ADDR);
-                    SSMR3PutU8(pSSM, pMmio2->idSavedState);
-                    rc = SSMR3PutU32(pSSM, iPage);
-                }
-                if (u8Type == PGM_STATE_REC_MMIO2_RAW)
-                    rc = SSMR3PutMem(pSSM, abPage, PAGE_SIZE);
-                if (RT_FAILURE(rc))
-                    break;
-
-                /* Housekeeping. */
-                paLSPages[iPage].fDirty = false;
-                pVM->pgm.s.LiveSave.Mmio2.cDirtyPages--;
-                pVM->pgm.s.LiveSave.Mmio2.cReadyPages++;
-                if (u8Type == PGM_STATE_REC_MMIO2_ZERO)
-                    pVM->pgm.s.LiveSave.Mmio2.cZeroPages++;
-                pVM->pgm.s.LiveSave.cSavedPages++;
-                iPageLast = iPage;
-            }
-
-            pgmLock(pVM);
-        }
+                pgmLock(pVM);
+            }
         pgmUnlock(pVM);
     }
@@ -1044 +1056 @@
      */
     pgmLock(pVM);
-    for (PPGMMMIO2RANGE pMmio2 = pVM->pgm.s.pMmio2RangesR3; pMmio2; pMmio2 = pMmio2->pNextR3)
-    {
-        void *pvMmio2ToFree = pMmio2->paLSPages;
-        if (pvMmio2ToFree)
-        {
-            pMmio2->paLSPages = NULL;
-            pgmUnlock(pVM);
-            MMR3HeapFree(pvMmio2ToFree);
-            pgmLock(pVM);
-        }
-    }
+    for (PPGMREGMMIORANGE pRegMmio = pVM->pgm.s.pRegMmioRangesR3; pRegMmio; pRegMmio = pRegMmio->pNextR3)
+        if (pRegMmio->fMmio2)
+        {
+            void *pvMmio2ToFree = pRegMmio->paLSPages;
+            if (pvMmio2ToFree)
+            {
+                pRegMmio->paLSPages = NULL;
+                pgmUnlock(pVM);
+                MMR3HeapFree(pvMmio2ToFree);
+                pgmLock(pVM);
+            }
+        }
     pgmUnlock(pVM);
 }
@@ -2613 +2626 @@
      * Process page records until we hit the terminator.
      */
-    RTGCPHYS        GCPhys   = NIL_RTGCPHYS;
-    PPGMRAMRANGE    pRamHint = NULL;
-    uint8_t         id       = UINT8_MAX;
-    uint32_t        iPage    = UINT32_MAX - 10;
-    PPGMROMRANGE    pRom     = NULL;
-    PPGMMMIO2RANGE  pMmio2   = NULL;
+    RTGCPHYS            GCPhys   = NIL_RTGCPHYS;
+    PPGMRAMRANGE        pRamHint = NULL;
+    uint8_t             id       = UINT8_MAX;
+    uint32_t            iPage    = UINT32_MAX - 10;
+    PPGMROMRANGE        pRom     = NULL;
+    PPGMREGMMIORANGE    pRegMmio = NULL;
 
     /*
@@ -2792 +2805 @@
                         return rc;
                 }
-                if (    !pMmio2
-                    ||  pMmio2->idSavedState != id)
+                if (   !pRegMmio
+                    || pRegMmio->idSavedState != id)
                 {
-                    for (pMmio2 = pVM->pgm.s.pMmio2RangesR3; pMmio2; pMmio2 = pMmio2->pNextR3)
-                        if (pMmio2->idSavedState == id)
+                    for (pRegMmio = pVM->pgm.s.pRegMmioRangesR3; pRegMmio; pRegMmio = pRegMmio->pNextR3)
+                        if (   pRegMmio->idSavedState == id
+                            && pRegMmio->fMmio2)
                             break;
-                    AssertLogRelMsgReturn(pMmio2, ("id=%#u iPage=%#x\n", id, iPage), VERR_PGM_SAVED_MMIO2_RANGE_NOT_FOUND);
+                    AssertLogRelMsgReturn(pRegMmio, ("id=%#u iPage=%#x\n", id, iPage), VERR_PGM_SAVED_MMIO2_RANGE_NOT_FOUND);
                 }
-                AssertLogRelMsgReturn(iPage < (pMmio2->RamRange.cb >> PAGE_SHIFT), ("iPage=%#x cb=%RGp %s\n", iPage, pMmio2->RamRange.cb, pMmio2->RamRange.pszDesc), VERR_PGM_SAVED_MMIO2_PAGE_NOT_FOUND);
-                void *pvDstPage = (uint8_t *)pMmio2->RamRange.pvR3 + ((size_t)iPage << PAGE_SHIFT);
+                AssertLogRelMsgReturn(iPage < (pRegMmio->RamRange.cb >> PAGE_SHIFT), ("iPage=%#x cb=%RGp %s\n", iPage, pRegMmio->RamRange.cb, pRegMmio->RamRange.pszDesc), VERR_PGM_SAVED_MMIO2_PAGE_NOT_FOUND);
+                void *pvDstPage = (uint8_t *)pRegMmio->RamRange.pvR3 + ((size_t)iPage << PAGE_SHIFT);
 
                 /*

trunk/src/VBox/VMM/include/PGMInternal.h

@@ -1539 +1539 @@
 /** Ad hoc RAM range for an MMIO mapping. */
 #define PGM_RAM_RANGE_FLAGS_AD_HOC_MMIO     RT_BIT(22)
-/** Ad hoc RAM range for an MMIO2 mapping. */
-#define PGM_RAM_RANGE_FLAGS_AD_HOC_MMIO2    RT_BIT(23)
+/** Ad hoc RAM range for an MMIO2 or pre-registered MMIO mapping. */
+#define PGM_RAM_RANGE_FLAGS_AD_HOC_MMIO_EX  RT_BIT(23)
 /** @} */
 
@@ -1548 +1548 @@
  */
 #define PGM_RAM_RANGE_IS_AD_HOC(pRam) \
-    (!!( (pRam)->fFlags & (PGM_RAM_RANGE_FLAGS_AD_HOC_ROM | PGM_RAM_RANGE_FLAGS_AD_HOC_MMIO | PGM_RAM_RANGE_FLAGS_AD_HOC_MMIO2) ) )
+    (!!( (pRam)->fFlags & (PGM_RAM_RANGE_FLAGS_AD_HOC_ROM | PGM_RAM_RANGE_FLAGS_AD_HOC_MMIO | PGM_RAM_RANGE_FLAGS_AD_HOC_MMIO_EX) ) )
 
 /** The number of entries in the RAM range TLBs (there is one for each
@@ -1688 +1688 @@
 
 /**
- * A registered MMIO2 (= Device RAM) range.
- *
- * There are a few reason why we need to keep track of these
- * registrations.  One of them is the deregistration & cleanup stuff,
- * while another is that the PGMRAMRANGE associated with such a region may
- * have to be removed from the ram range list.
- *
- * Overlapping with a RAM range has to be 100% or none at all.  The pages
- * in the existing RAM range must not be ROM nor MMIO.  A guru meditation
- * will be raised if a partial overlap or an overlap of ROM pages is
- * encountered.  On an overlap we will free all the existing RAM pages and
- * put in the ram range pages instead.
- */
-typedef struct PGMMMIO2RANGE
+ * A registered MMIO2 (= Device RAM) or pre-registered MMIO range.
+ *
+ * There are a few reason why we need to keep track of these registrations.  One
+ * of them is the deregistration & cleanup stuff, while another is that the
+ * PGMRAMRANGE associated with such a region may have to be removed from the ram
+ * range list.
+ *
+ * Overlapping with a RAM range has to be 100% or none at all.  The pages in the
+ * existing RAM range must not be ROM nor MMIO.  A guru meditation will be
+ * raised if a partial overlap or an overlap of ROM pages is encountered.  On an
+ * overlap we will free all the existing RAM pages and put in the ram range
+ * pages instead.
+ */
+typedef struct PGMREGMMIORANGE
 {
     /** The owner of the range. (a device) */
     PPDMDEVINSR3                        pDevInsR3;
-    /** Pointer to the ring-3 mapping of the allocation. */
+    /** Pointer to the ring-3 mapping of the allocation, if MMIO2. */
     RTR3PTR                             pvR3;
     /** Pointer to the next range - R3. */
-    R3PTRTYPE(struct PGMMMIO2RANGE *)   pNextR3;
+    R3PTRTYPE(struct PGMREGMMIORANGE *) pNextR3;
+    /** Whether this is MMIO2 or plain MMIO. */
+    bool                                fMmio2;
     /** Whether it's mapped or not. */
     bool                                fMapped;
@@ -1722 +1724 @@
     uint8_t                             idMmio2;
     /** Alignment padding for putting the ram range on a PGMPAGE alignment boundary. */
-    uint8_t                             abAlignment[HC_ARCH_BITS == 32 ? 11 : 11];
-    /** Live save per page tracking data. */
+    uint8_t                             abAlignment[HC_ARCH_BITS == 32 ? 6 : 2];
+    /** Pointer to the physical handler for MMIO. */
+    R3PTRTYPE(PPGMPHYSHANDLER)          pPhysHandlerR3;
+    /** Live save per page tracking data for MMIO2. */
     R3PTRTYPE(PPGMLIVESAVEMMIO2PAGE)    paLSPages;
     /** The associated RAM range. */
     PGMRAMRANGE                         RamRange;
-} PGMMMIO2RANGE;
-/** Pointer to a MMIO2 range. */
-typedef PGMMMIO2RANGE *PPGMMMIO2RANGE;
+} PGMREGMMIORANGE;
+AssertCompileMemberAlignment(PGMREGMMIORANGE, RamRange, 16);
+/** Pointer to a MMIO2 or pre-registered MMIO range. */
+typedef PGMREGMMIORANGE *PPGMREGMMIORANGE;
 
 /** @name Internal MMIO2 constants.
@@ -1736 +1741 @@
 #define PGM_MMIO2_MAX_RANGES                        8
 /** The maximum number of pages in a MMIO2 range. */
-#define PGM_MMIO2_MAX_PAGE_COUNT                    UINT32_C(0x00ffffff)
+#define PGM_MMIO2_MAX_PAGE_COUNT                    UINT32_C(0x01000000)
 /** Makes a MMIO2 page ID out of a MMIO2 range ID and page index number. */
 #define PGM_MMIO2_PAGEID_MAKE(a_idMmio2, a_iPage)   ( ((uint32_t)(a_idMmio2) << 24) | (uint32_t)(a_iPage) )
@@ -3308 +3313 @@
     /** Pointer to the list of MMIO2 ranges - for R3.
      * Registration order. */
-    R3PTRTYPE(PPGMMMIO2RANGE)       pMmio2RangesR3;
+    R3PTRTYPE(PPGMREGMMIORANGE)     pRegMmioRangesR3;
     /** Pointer to SHW+GST mode data (function pointers).
      * The index into this table is made up from */
@@ -3314 +3319 @@
     RTR3PTR                         R3PtrAlignment0;
     /** MMIO2 lookup array for ring-3.  Indexed by idMmio2 minus 1. */
-    R3PTRTYPE(PPGMMMIO2RANGE)       apMmio2RangesR3[PGM_MMIO2_MAX_RANGES];
+    R3PTRTYPE(PPGMREGMMIORANGE)     apMmio2RangesR3[PGM_MMIO2_MAX_RANGES];
 
     /** RAM range TLB for R0. */
@@ -3334 +3339 @@
     R0PTRTYPE(PPGMROMRANGE)         pRomRangesR0;
     RTR0PTR                         R0PtrAlignment0;
-    /** MMIO2 lookup array for ring-3.  Indexed by idMmio2 minus 1. */
-    R0PTRTYPE(PPGMMMIO2RANGE)       apMmio2RangesR0[PGM_MMIO2_MAX_RANGES];
+    /** MMIO2 lookup array for ring-0.  Indexed by idMmio2 minus 1. */
+    R0PTRTYPE(PPGMREGMMIORANGE)     apMmio2RangesR0[PGM_MMIO2_MAX_RANGES];
 
     /** RAM range TLB for RC. */
@@ -4139 +4144 @@
 DECLCALLBACK(void) pgmR3MapInfo(PVM pVM, PCDBGFINFOHLP pHlp, const char *pszArgs);
 
+int             pgmHandlerPhysicalExCreate(PVM pVM, PGMPHYSHANDLERTYPE hType, RTR3PTR pvUserR3, RTR0PTR pvUserR0,
+                                           RTRCPTR pvUserRC, R3PTRTYPE(const char *) pszDesc, PPGMPHYSHANDLER *ppPhysHandler);
+int             pgmHandlerPhysicalExRegister(PVM pVM, PPGMPHYSHANDLER pPhysHandler, RTGCPHYS GCPhys, RTGCPHYS GCPhysLast);
+int             pgmHandlerPhysicalExDeregister(PVM pVM, PPGMPHYSHANDLER pPhysHandler);
+int             pgmHandlerPhysicalExDestroy(PVM pVM, PPGMPHYSHANDLER pHandler);
 void            pgmR3HandlerPhysicalUpdateAll(PVM pVM);
 bool            pgmHandlerPhysicalIsAll(PVM pVM, RTGCPHYS GCPhys);

trunk/src/VBox/VMM/testcase/tstVMStruct.h

@@ -878 +878 @@
     GEN_CHECK_OFF(PGMROMRANGE, aPages);
     GEN_CHECK_OFF(PGMROMRANGE, aPages[1]);
-    GEN_CHECK_SIZE(PGMMMIO2RANGE);
-    GEN_CHECK_OFF(PGMMMIO2RANGE, pDevInsR3);
-    GEN_CHECK_OFF(PGMMMIO2RANGE, pNextR3);
-    GEN_CHECK_OFF(PGMMMIO2RANGE, fMapped);
-    GEN_CHECK_OFF(PGMMMIO2RANGE, fOverlapping);
-    GEN_CHECK_OFF(PGMMMIO2RANGE, iRegion);
-    GEN_CHECK_OFF(PGMMMIO2RANGE, RamRange);
+    GEN_CHECK_SIZE(PGMREGMMIORANGE);
+    GEN_CHECK_OFF(PGMREGMMIORANGE, pDevInsR3);
+    GEN_CHECK_OFF(PGMREGMMIORANGE, pNextR3);
+    GEN_CHECK_OFF(PGMREGMMIORANGE, fMmio2);
+    GEN_CHECK_OFF(PGMREGMMIORANGE, fMapped);
+    GEN_CHECK_OFF(PGMREGMMIORANGE, fOverlapping);
+    GEN_CHECK_OFF(PGMREGMMIORANGE, iRegion);
+    GEN_CHECK_OFF(PGMREGMMIORANGE, RamRange);
     GEN_CHECK_SIZE(PGMTREES);
     GEN_CHECK_OFF(PGMTREES, PhysHandlers);

trunk/src/VBox/VMM/testcase/tstVMStructSize.cpp

@@ -385 +385 @@
     CHECK_SIZE(PGMPAGE, 16);
     CHECK_MEMBER_ALIGNMENT(PGMRAMRANGE, aPages, 16);
-    CHECK_MEMBER_ALIGNMENT(PGMMMIO2RANGE, RamRange, 16);
+    CHECK_MEMBER_ALIGNMENT(PGMREGMMIORANGE, RamRange, 16);
 
     /* rem */