Changeset 86699 in vbox

Timestamp:

Oct 25, 2020 10:44:39 AM (5 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

141083

Message:

VMM/DBGF: Updates to the new breakpoint manager, implement global breakpoint table chunk allocation and register breakpoints which should work again, bugref:9837

Location:

trunk

Files:

• include/VBox/err.h (modified) (1 diff)
• include/VBox/vmm/dbgf.h (modified) (7 diffs)
• include/VBox/vmm/gvm.h (modified) (1 diff)
• include/VBox/vmm/uvm.h (modified) (1 diff)
• include/VBox/vmm/vmm.h (modified) (1 diff)
• src/VBox/VMM/Makefile.kmk (modified) (2 diffs)
• src/VBox/VMM/VMMR0/DBGFR0.cpp (modified) (2 diffs)
• src/VBox/VMM/VMMR0/DBGFR0Bp.cpp (added)
• src/VBox/VMM/VMMR0/VMMR0.cpp (modified) (3 diffs)
• src/VBox/VMM/VMMR3/DBGF.cpp (modified) (3 diffs)
• src/VBox/VMM/VMMR3/DBGFR3Bp.cpp (modified) (14 diffs)
• src/VBox/VMM/include/DBGFInternal.h (modified) (9 diffs)

trunk/include/VBox/err.h

@@ -331 +331 @@
 /** The breakpoint owner handle is still used by one or more breakpoints. */
 #define VERR_DBGF_OWNER_BUSY                (-1225)
+/** Internal processing error \#1 in the DBGF breakpoint manager code. */
+#define VERR_DBGF_BP_IPE_1                  (-1226)
+/** Internal processing error \#2 in the DBGF breakpoint manager code. */
+#define VERR_DBGF_BP_IPE_2                  (-1227)
+/** Internal processing error \#3 in the DBGF breakpoint manager code. */
+#define VERR_DBGF_BP_IPE_3                  (-1228)
+/** Internal processing error \#4 in the DBGF breakpoint manager code. */
+#define VERR_DBGF_BP_IPE_4                  (-1229)
+/** Internal processing error \#5 in the DBGF breakpoint manager code. */
+#define VERR_DBGF_BP_IPE_5                  (-1230)
 /** @} */
 

trunk/include/VBox/vmm/dbgf.h

@@ -86 +86 @@
 
 VMMR0_INT_DECL(int) DBGFR0TracerCreateReqHandler(PGVM pGVM, PDBGFTRACERCREATEREQ pReq);
+
+#ifdef VBOX_WITH_LOTS_OF_DBGF_BPS
+/**
+ * Request buffer for DBGFR0BpInitReqHandler / VMMR0_DO_DBGF_BP_INIT.
+ * @see DBGFR0BpInitReqHandler.
+ */
+typedef struct DBGFBPINITREQ
+{
+    /** The header. */
+    SUPVMMR0REQHDR                  Hdr;
+    /** Out: Ring-3 pointer of the L1 lookup table on success. */
+    R3PTRTYPE(volatile uint32_t *)  paBpLocL1R3;
+} DBGFBPINITREQ;
+/** Pointer to a DBGFR0BpInitReqHandler / VMMR0_DO_DBGF_BP_INIT request buffer. */
+typedef DBGFBPINITREQ *PDBGFBPINITREQ;
+
+VMMR0_INT_DECL(int) DBGFR0BpInitReqHandler(PGVM pGVM, PDBGFBPINITREQ pReq);
+
+/**
+ * Request buffer for DBGFR0BpChunkAllocReqHandler / VMMR0_DO_DBGF_CHUNK_ALLOC.
+ * @see DBGFR0BpChunkAllocReqHandler.
+ */
+typedef struct DBGFBPCHUNKALLOCREQ
+{
+    /** The header. */
+    SUPVMMR0REQHDR          Hdr;
+    /** Out: Ring-3 pointer of the chunk base on success. */
+    R3PTRTYPE(void *)       pChunkBaseR3;
+
+    /** The chunk ID to allocate. */
+    uint32_t                idChunk;
+} DBGFBPCHUNKALLOCREQ;
+/** Pointer to a DBGFR0BpChunkAllocReqHandler / VMMR0_DO_DBGF_CHUNK_ALLOC request buffer. */
+typedef DBGFBPCHUNKALLOCREQ *PDBGFBPCHUNKALLOCREQ;
+
+VMMR0_INT_DECL(int) DBGFR0BpChunkAllocReqHandler(PGVM pGVM, PDBGFBPCHUNKALLOCREQ pReq);
+#endif
 /** @} */
 
@@ -829 +866 @@
      * debugger). */
     DBGFBPOWNER     hOwner;
-    /** The breakpoint type. */
-    DBGFBPTYPE      enmType;
-    /** The breakpoint handle this state belongs to. */
-    DBGFBP          hBp;
-    /** Breakpoint flags, see DBGF_BP_F_XXX. */
-    uint32_t        fFlags;
+    /** Breakpoint type and flags, see DBGFBPTYPE for type and DBGF_BP_F_XXX for flags.
+     * Needs to be smashed together to be able to stay in the size limits. */
+    uint32_t        fFlagsAndType;
 
     /** Union of type specific data. */
@@ -889 +923 @@
 
         /** Padding to the anticipated size. */
-        uint64_t    u64Padding[3];
+        uint64_t    u64Padding[2];
     } u;
 } DBGFBPPUB;
-AssertCompileSize(DBGFBPPUB, 64);
+AssertCompileSize(DBGFBPPUB, 64 - 8);
 AssertCompileMembersAtSameOffset(DBGFBPPUB, u.GCPtr, DBGFBPPUB, u.Reg.GCPtr);
 AssertCompileMembersAtSameOffset(DBGFBPPUB, u.GCPtr, DBGFBPPUB, u.Int3.GCPtr);
@@ -901 +935 @@
 typedef const DBGFBPPUB *PCDBGFBPPUB;
 
-/** @name Possible DBGFBPPUB::fFlags flags.
+/** Sets the DBGFPUB::fFlagsAndType member. */
+#define DBGF_BP_PUB_SET_FLAGS_AND_TYPE(a_enmType, a_fFlags) ((uint32_t)(a_enmType) | (a_fFlags))
+/** Returns the type of the DBGFPUB::fFlagsAndType member. */
+#define DBGF_BP_PUB_GET_TYPE(a_fFlagsAndType) ((DBGFBPTYPE)((a_fFlagsAndType) & (UINT32_C(0x7fffffff))))
+/** Returns the enabled status of DBGFPUB::fFlagsAndType member. */
+#define DBGF_BP_PUB_IS_ENABLED(a_fFlagsAndType) RT_BOOL((DBGFBPTYPE)((a_fFlagsAndType) & DBGF_BP_F_ENABLED))
+
+/** @name Possible DBGFBPPUB::fFlagsAndType flags.
  * @{ */
+/** Default flags. */
+#define DBGF_BP_F_DEFAULT                   0
 /** Flag whether the breakpoint is enabled currently. */
-#define DBGF_BP_F_ENABLED                   RT_BIT_32(0)
+#define DBGF_BP_F_ENABLED                   RT_BIT_32(31)
 /** @} */
+
 
 /**
@@ -916 +960 @@
  * @param   pVM         The cross-context VM structure pointer.
  * @param   idCpu       ID of the vCPU triggering the breakpoint.
- * @param   pvUser      User argument of the set breakpoint.
+ * @param   pvUserBp    User argument of the set breakpoint.
+ * @param   hBp         The breakpoint handle.
  * @param   pBpPub      Pointer to the readonly public state of the breakpoint.
  *
@@ -923 +968 @@
  *          guru meditation.
  */
-typedef DECLCALLBACKTYPE(VBOXSTRICTRC, FNDBGFBPHIT,(PVM pVM, VMCPUID idCpu, void *pvUserBp, PCDBGFBPPUB pBpPub));
+typedef DECLCALLBACKTYPE(VBOXSTRICTRC, FNDBGFBPHIT,(PVM pVM, VMCPUID idCpu, void *pvUserBp, DBGFBP hBp, PCDBGFBPPUB pBpPub));
 /** Pointer to a FNDBGFBPHIT(). */
 typedef FNDBGFBPHIT *PFNDBGFBPHIT;
@@ -967 +1012 @@
  * @param   pUVM        The user mode VM handle.
  * @param   pvUser      The user argument.
- * @param   pBp         Pointer to the breakpoint information. (readonly)
- */
-typedef DECLCALLBACKTYPE(int, FNDBGFBPENUM,(PUVM pUVM, PCDBGFBPPUB pBpPub));
+ * @param   hBp         The breakpoint handle.
+ * @param   pBp         Pointer to the public breakpoint information. (readonly)
+ */
+typedef DECLCALLBACKTYPE(int, FNDBGFBPENUM,(PUVM pUVM, void *pvUser, DBGFBP hBp, PCDBGFBPPUB pBpPub));
 /** Pointer to a breakpoint enumeration callback function. */
 typedef FNDBGFBPENUM *PFNDBGFBPENUM;

trunk/include/VBox/vmm/gvm.h

@@ -234 +234 @@
         struct DBGFR0PERVM   s;
 #endif
-        uint8_t             padding[64];
+        uint8_t             padding[1024];
     } dbgfr0;
 
     /** Padding so aCpus starts on a page boundrary.  */
 #ifdef VBOX_WITH_NEM_R0
-    uint8_t         abPadding2[4096*2 - 64 - 256 - 1024 - 256 - 64 - 2176 - 640 - 512 - 64 - 64 - sizeof(PGVMCPU) * VMM_MAX_CPU_COUNT];
-#else
-    uint8_t         abPadding2[4096*2 - 64 - 256 - 1024       - 64 - 2176 - 640 - 512 - 64 - 64 - sizeof(PGVMCPU) * VMM_MAX_CPU_COUNT];
+    uint8_t         abPadding2[4096*2 - 64 - 256 - 1024 - 256 - 64 - 2176 - 640 - 512 - 64 - 1024 - sizeof(PGVMCPU) * VMM_MAX_CPU_COUNT];
+#else
+    uint8_t         abPadding2[4096*2 - 64 - 256 - 1024       - 64 - 2176 - 640 - 512 - 64 - 1024 - sizeof(PGVMCPU) * VMM_MAX_CPU_COUNT];
 #endif
 

trunk/include/VBox/vmm/uvm.h

@@ -148 +148 @@
         struct DBGFUSERPERVM    s;
 #endif
-        uint8_t                 padding[384];
+        uint8_t                 padding[1024];
     } dbgf;
 

trunk/include/VBox/vmm/vmm.h

@@ -431 +431 @@
     /** Call DBGFR0TraceCallReqHandler. */
     VMMR0_DO_DBGF_TRACER_CALL_REQ_HANDLER,
+    /** Call DBGFR0BpInitReqHandler(). */
+    VMMR0_DO_DBGF_BP_INIT,
+    /** Call DBGFR0BpChunkAllocReqHandler(). */
+    VMMR0_DO_DBGF_BP_CHUNK_ALLOC,
 
     /** The usual 32-bit type blow up. */

trunk/src/VBox/VMM/Makefile.kmk

@@ -457 +457 @@
 VMMR0_DEFS     += VBOX_WITH_DBGF_TRACING
  endif
+ ifdef VBOX_WITH_LOTS_OF_DBGF_BPS
+VMMR0_DEFS     += VBOX_WITH_LOTS_OF_DBGF_BPS
+ endif
  ifdef VBOX_WITH_VMM_R0_SWITCH_STACK
 VMMR0_DEFS     += VMM_R0_SWITCH_STACK
@@ -479 +482 @@
         VMMR0/CPUMR0A.asm \
         VMMR0/DBGFR0.cpp \
+        $(if-expr defined(VBOX_WITH_LOTS_OF_DBGF_BPS), VMMR0/DBGFR0Bp.cpp,) \
         $(if-expr defined(VBOX_WITH_DBGF_TRACING), VMMR0/DBGFR0Tracer.cpp,) \
         VMMR0/GIMR0.cpp \

trunk/src/VBox/VMM/VMMR0/DBGFR0.cpp

@@ -55 +55 @@
 {
     pGVM->dbgfr0.s.pTracerR0 = NULL;
+
+#ifdef VBOX_WITH_LOTS_OF_DBGF_BPS
+    dbgfR0BpInit(pGVM);
+#endif
 }
 
@@ -68 +72 @@
     pGVM->dbgfr0.s.pTracerR0 = NULL;
 #endif
+
+#ifdef VBOX_WITH_LOTS_OF_DBGF_BPS
+    dbgfR0BpDestroy(pGVM);
+#endif
 }
 

trunk/src/VBox/VMM/VMMR0/VMMR0.cpp

@@ -2242 +2242 @@
         }
 
+        /*
+         * DBGF requests.
+         */
 #ifdef VBOX_WITH_DBGF_TRACING
         case VMMR0_DO_DBGF_TRACER_CREATE:
@@ -2261 +2264 @@
             rc = VERR_NOT_IMPLEMENTED;
 #endif
+            VMM_CHECK_SMAP_CHECK2(pGVM, RT_NOTHING);
+            break;
+        }
+#endif
+
+#ifdef VBOX_WITH_LOTS_OF_DBGF_BPS
+        case VMMR0_DO_DBGF_BP_INIT:
+        {
+            if (!pReqHdr || u64Arg || idCpu != 0)
+                return VERR_INVALID_PARAMETER;
+            rc = DBGFR0BpInitReqHandler(pGVM, (PDBGFBPINITREQ)pReqHdr);
+            VMM_CHECK_SMAP_CHECK2(pGVM, RT_NOTHING);
+            break;
+        }
+
+        case VMMR0_DO_DBGF_BP_CHUNK_ALLOC:
+        {
+            if (!pReqHdr || u64Arg || idCpu != 0)
+                return VERR_INVALID_PARAMETER;
+            rc = DBGFR0BpChunkAllocReqHandler(pGVM, (PDBGFBPCHUNKALLOCREQ)pReqHdr);
             VMM_CHECK_SMAP_CHECK2(pGVM, RT_NOTHING);
             break;
@@ -2368 +2391 @@
             case VMMR0_DO_IOM_GROW_IO_PORTS:
             case VMMR0_DO_IOM_GROW_IO_PORT_STATS:
+
+#ifdef VBOX_WITH_LOTS_OF_DBGF_BPS
+            case VMMR0_DO_DBGF_BP_INIT:
+            case VMMR0_DO_DBGF_BP_CHUNK_ALLOC:
+#endif
             {
                 PGVMCPU        pGVCpu        = &pGVM->aCpus[idCpu];

trunk/src/VBox/VMM/VMMR3/DBGF.cpp

@@ -149 +149 @@
                 if (RT_SUCCESS(rc))
                 {
+#ifndef VBOX_WITH_LOTS_OF_DBGF_BPS
                     rc = dbgfR3BpInit(pVM);
+#else
+                    rc = dbgfR3BpInit(pUVM);
+#endif
                     if (RT_SUCCESS(rc))
                     {
@@ -175 +179 @@
                         }
 #ifdef VBOX_WITH_LOTS_OF_DBGF_BPS
-                        dbgfR3BpTerm(pVM);
+                        dbgfR3BpTerm(pUVM);
 #endif
                     }
@@ -207 +211 @@
     dbgfR3OSTermPart2(pUVM);
 #ifdef VBOX_WITH_LOTS_OF_DBGF_BPS
-    dbgfR3BpTerm(pVM);
+    dbgfR3BpTerm(pUVM);
 #endif
     dbgfR3AsTerm(pUVM);

trunk/src/VBox/VMM/VMMR3/DBGFR3Bp.cpp

@@ -110 +110 @@
  *        from the L1 table. The key for the table are the upper 6 bytes of the breakpoint address
  *        used for searching. This tree is traversed until either a matching address is found and
- *        the breakpoint is being processed or again forwardedto the guest if it isn't successful.
+ *        the breakpoint is being processed or again forwarded to the guest if it isn't successful.
  *        Each entry in the L2 table is 16 bytes big and densly packed to avoid excessive memory usage.
  *
@@ -155 +155 @@
 #include <VBox/log.h>
 #include <iprt/assert.h>
-#include <iprt/string.h>
+#include <iprt/mem.h>
 
 
@@ -170 +170 @@
 
 
-
 /**
  * Initialize the breakpoint mangement.
  *
  * @returns VBox status code.
- * @param   pVM                 The cross context VM structure.
- */
-DECLHIDDEN(int) dbgfR3BpInit(PVM pVM)
-{
-    RT_NOREF(pVM);
+ * @param   pUVM                The user mode VM handle.
+ */
+DECLHIDDEN(int) dbgfR3BpInit(PUVM pUVM)
+{
+    PVM pVM = pUVM->pVM;
+
+    /* Init hardware breakpoint states. */
+    for (uint32_t i = 0; i < RT_ELEMENTS(pVM->dbgf.s.aHwBreakpoints); i++)
+    {
+        PDBGFBPHW pHwBp = &pVM->dbgf.s.aHwBreakpoints[i];
+
+        AssertCompileSize(DBGFBP, sizeof(uint32_t));
+        pHwBp->hBp      = NIL_DBGFBP;
+        //pHwBp->fEnabled = false;
+    }
+
+    /* Now the global breakpoint table chunks. */
+    for (uint32_t i = 0; i < RT_ELEMENTS(pUVM->dbgf.s.aBpChunks); i++)
+    {
+        PDBGFBPCHUNKR3 pBpChunk = &pUVM->dbgf.s.aBpChunks[i];
+
+        //pBpChunk->pBpBaseR3 = NULL;
+        //pBpChunk->pbmAlloc  = NULL;
+        //pBpChunk->cBpsFree  = 0;
+        pBpChunk->idChunk = DBGF_BP_CHUNK_ID_INVALID; /* Not allocated. */
+    }
+
+    //pUVM->dbgf.s.paBpLocL1R3 = NULL;
     return VINF_SUCCESS;
 }
@@ -188 +210 @@
  *
  * @returns VBox status code.
- * @param   pVM                 The cross context VM structure.
- */
-DECLHIDDEN(int) dbgfR3BpTerm(PVM pVM)
-{
-    RT_NOREF(pVM);
+ * @param   pUVM                The user mode VM handle.
+ */
+DECLHIDDEN(int) dbgfR3BpTerm(PUVM pUVM)
+{
+    /* Free all allocated chunk bitmaps (the chunks itself are destroyed during ring-0 VM destruction). */
+    for (uint32_t i = 0; i < RT_ELEMENTS(pUVM->dbgf.s.aBpChunks); i++)
+    {
+        PDBGFBPCHUNKR3 pBpChunk = &pUVM->dbgf.s.aBpChunks[i];
+
+        if (pBpChunk->idChunk != DBGF_BP_CHUNK_ID_INVALID)
+        {
+            AssertPtr(pBpChunk->pbmAlloc);
+            RTMemFree((void *)pBpChunk->pbmAlloc);
+            pBpChunk->pbmAlloc = NULL;
+            pBpChunk->idChunk = DBGF_BP_CHUNK_ID_INVALID;
+        }
+    }
+
     return VINF_SUCCESS;
+}
+
+
+/**
+ * @callback_method_impl{FNVMMEMTRENDEZVOUS}
+ */
+static DECLCALLBACK(VBOXSTRICTRC) dbgfR3BpInitEmtWorker(PVM pVM, PVMCPU pVCpu, void *pvUser)
+{
+    RT_NOREF(pvUser);
+
+    VMCPU_ASSERT_EMT(pVCpu);
+    VM_ASSERT_VALID_EXT_RETURN(pVM, VERR_INVALID_VM_HANDLE);
+
+    /*
+     * The initialization will be done on EMT(0). It is possible that multiple
+     * initialization attempts are done because dbgfR3BpEnsureInit() can be called
+     * from racing non EMT threads when trying to set a breakpoint for the first time.
+     * Just fake success if the L1 is already present which means that a previous rendezvous
+     * successfully initialized the breakpoint manager.
+     */
+    PUVM pUVM = pVM->pUVM;
+    if (   pVCpu->idCpu == 0
+        && !pUVM->dbgf.s.paBpLocL1R3)
+    {
+        DBGFBPINITREQ Req;
+        Req.Hdr.u32Magic = SUPVMMR0REQHDR_MAGIC;
+        Req.Hdr.cbReq    = sizeof(Req);
+        Req.paBpLocL1R3  = NULL;
+        int rc = VMMR3CallR0Emt(pVM, pVCpu, VMMR0_DO_DBGF_BP_INIT, 0 /*u64Arg*/, &Req.Hdr);
+        AssertLogRelMsgRCReturn(rc, ("VMMR0_DO_DBGF_BP_INIT failed: %Rrc\n", rc), rc);
+        pUVM->dbgf.s.paBpLocL1R3 = Req.paBpLocL1R3;
+    }
+
+    return VINF_SUCCESS;
+}
+
+
+/**
+ * Ensures that the breakpoint manager is fully initialized.
+ *
+ * @returns VBox status code.
+ * @param   pUVM                The user mode VM handle.
+ *
+ * @thread Any thread.
+ */
+static int dbgfR3BpEnsureInit(PUVM pUVM)
+{
+    /* If the L1 lookup table is allocated initialization succeeded before. */
+    if (RT_LIKELY(pUVM->dbgf.s.paBpLocL1R3))
+        return VINF_SUCCESS;
+
+    /* Gather all EMTs and call into ring-0 to initialize the breakpoint manager. */
+    return VMMR3EmtRendezvous(pUVM->pVM, VMMEMTRENDEZVOUS_FLAGS_TYPE_ALL_AT_ONCE, dbgfR3BpInitEmtWorker, NULL /*pvUser*/);
+}
+
+
+/**
+ * Returns the internal breakpoint state for the given handle.
+ *
+ * @returns Pointer to the internal breakpoint state or NULL if the handle is invalid.
+ * @param   pUVM                The user mode VM handle.
+ * @param   hBp                 The breakpoint handle to resolve.
+ */
+DECLINLINE(PDBGFBPINT) dbgfR3BpGetByHnd(PUVM pUVM, DBGFBP hBp)
+{
+    uint32_t idChunk  = DBGF_BP_HND_GET_CHUNK_ID(hBp);
+    uint32_t idxEntry = DBGF_BP_HND_GET_ENTRY(hBp);
+
+    AssertReturn(idChunk < DBGF_BP_CHUNK_COUNT, NULL);
+    AssertReturn(idxEntry < DBGF_BP_COUNT_PER_CHUNK, NULL);
+
+    PDBGFBPCHUNKR3 pBpChunk = &pUVM->dbgf.s.aBpChunks[idChunk];
+    AssertReturn(pBpChunk->idChunk == idChunk, NULL);
+    AssertPtrReturn(pBpChunk->pbmAlloc, NULL);
+    AssertReturn(ASMBitTest(pBpChunk->pbmAlloc, idxEntry), NULL);
+
+    return &pBpChunk->pBpBaseR3[idxEntry];
+}
+
+
+/**
+ * Get a breakpoint give by address.
+ *
+ * @returns The breakpoint handle on success or NIL_DBGF if not found.
+ * @param   pUVM                The user mode VM handle.
+ * @param   enmType             The breakpoint type.
+ * @param   GCPtr               The breakpoint address.
+ * @param   ppBp                Where to store the pointer to the internal breakpoint state on success, optional.
+ */
+static DBGFBP dbgfR3BpGetByAddr(PUVM pUVM, DBGFBPTYPE enmType, RTGCUINTPTR GCPtr, PDBGFBPINT *ppBp)
+{
+    DBGFBP hBp = NIL_DBGFBP;
+
+    switch (enmType)
+    {
+        case DBGFBPTYPE_REG:
+        {
+            PVM pVM = pUVM->pVM;
+            VM_ASSERT_VALID_EXT_RETURN(pVM, NIL_DBGFBP);
+
+            for (uint32_t i = 0; i < RT_ELEMENTS(pVM->dbgf.s.aHwBreakpoints); i++)
+            {
+                PDBGFBPHW pHwBp = &pVM->dbgf.s.aHwBreakpoints[i];
+
+                AssertCompileSize(DBGFBP, sizeof(uint32_t));
+                DBGFBP hBpTmp = ASMAtomicReadU32(&pHwBp->hBp);
+                if (   pHwBp->GCPtr == GCPtr
+                    && hBpTmp != NIL_DBGFBP)
+                {
+                    hBp = hBpTmp;
+                    break;
+                }
+            }
+
+            break;
+        }
+
+        case DBGFBPTYPE_INT3:
+            break;
+
+        default:
+            AssertMsgFailed(("enmType=%d\n", enmType));
+            break;
+    }
+
+    if (   hBp != NIL_DBGFBP
+        && ppBp)
+        *ppBp =  dbgfR3BpGetByHnd(pUVM, hBp);
+    return hBp;
+}
+
+
+/**
+ * @callback_method_impl{FNVMMEMTRENDEZVOUS}
+ */
+static DECLCALLBACK(VBOXSTRICTRC) dbgfR3BpChunkAllocEmtWorker(PVM pVM, PVMCPU pVCpu, void *pvUser)
+{
+    uint32_t idChunk = (uint32_t)(uintptr_t)pvUser;
+
+    VMCPU_ASSERT_EMT(pVCpu);
+    VM_ASSERT_VALID_EXT_RETURN(pVM, VERR_INVALID_VM_HANDLE);
+
+    AssertReturn(idChunk < DBGF_BP_CHUNK_COUNT, VERR_DBGF_BP_IPE_1);
+
+    PUVM pUVM = pVM->pUVM;
+    PDBGFBPCHUNKR3 pBpChunk = &pUVM->dbgf.s.aBpChunks[idChunk];
+
+    AssertReturn(   pBpChunk->idChunk == DBGF_BP_CHUNK_ID_INVALID
+                 || pBpChunk->idChunk == idChunk,
+                 VERR_DBGF_BP_IPE_2);
+
+    /*
+     * The initialization will be done on EMT(0). It is possible that multiple
+     * allocation attempts are done when multiple racing non EMT threads try to
+     * allocate a breakpoint and a new chunk needs to be allocated.
+     * Ignore the request and succeed if the chunk is allocated meaning that a
+     * previous rendezvous successfully allocated the chunk.
+     */
+    int rc = VINF_SUCCESS;
+    if (   pVCpu->idCpu == 0
+        && pBpChunk->idChunk == DBGF_BP_CHUNK_ID_INVALID)
+    {
+        /* Allocate the bitmap first so we can skip calling into VMMR0 if it fails. */
+        AssertCompile(!(DBGF_BP_COUNT_PER_CHUNK % 8));
+        volatile void *pbmAlloc = RTMemAllocZ(DBGF_BP_COUNT_PER_CHUNK / 8);
+        if (RT_LIKELY(pbmAlloc))
+        {
+            DBGFBPCHUNKALLOCREQ Req;
+            Req.Hdr.u32Magic = SUPVMMR0REQHDR_MAGIC;
+            Req.Hdr.cbReq    = sizeof(Req);
+            Req.idChunk      = idChunk;
+            Req.pChunkBaseR3 = NULL;
+            rc = VMMR3CallR0Emt(pVM, pVCpu, VMMR0_DO_DBGF_BP_CHUNK_ALLOC, 0 /*u64Arg*/, &Req.Hdr);
+            AssertLogRelMsgRC(rc, ("VMMR0_DO_DBGF_BP_CHUNK_ALLOC failed: %Rrc\n", rc));
+            if (RT_SUCCESS(rc))
+            {
+                pBpChunk->pBpBaseR3 = (PDBGFBPINT)Req.pChunkBaseR3;
+                pBpChunk->pbmAlloc   = pbmAlloc;
+                pBpChunk->cBpsFree  = DBGF_BP_COUNT_PER_CHUNK;
+                pBpChunk->idChunk   = idChunk;
+                return VINF_SUCCESS;
+            }
+
+            RTMemFree((void *)pbmAlloc);
+        }
+        else
+            rc = VERR_NO_MEMORY;
+    }
+
+    return rc;
+}
+
+
+/**
+ * Tries to allocate the given chunk which requires an EMT rendezvous.
+ *
+ * @returns VBox status code.
+ * @param   pUVM                The user mode VM handle.
+ * @param   idChunk             The chunk to allocate.
+ *
+ * @thread Any thread.
+ */
+DECLINLINE(int) dbgfR3BpChunkAlloc(PUVM pUVM, uint32_t idChunk)
+{
+    return VMMR3EmtRendezvous(pUVM->pVM, VMMEMTRENDEZVOUS_FLAGS_TYPE_ALL_AT_ONCE, dbgfR3BpChunkAllocEmtWorker, (void *)(uintptr_t)idChunk);
+}
+
+
+/**
+ * Tries to allocate a new breakpoint of the given type.
+ *
+ * @returns VBox status code.
+ * @param   pUVM                The user mode VM handle.
+ * @param   hOwner              The owner handle, NIL_DBGFBPOWNER if none assigned.
+ * @param   pvUser              Opaque user data passed in the owner callback.
+ * @param   enmType             Breakpoint type to allocate.
+ * @param   iHitTrigger         The hit count at which the breakpoint start triggering.
+ *                              Use 0 (or 1) if it's gonna trigger at once.
+ * @param   iHitDisable         The hit count which disables the breakpoint.
+ *                              Use ~(uint64_t) if it's never gonna be disabled.
+ * @param   phBp                Where to return the opaque breakpoint handle on success.
+ * @param   ppBp                Where to return the pointer to the internal breakpoint state on success.
+ *
+ * @thread Any thread.
+ */
+static int dbgfR3BpAlloc(PUVM pUVM, DBGFBPOWNER hOwner, void *pvUser, DBGFBPTYPE enmType,
+                         uint64_t iHitTrigger, uint64_t iHitDisable, PDBGFBP phBp,
+                         PDBGFBPINT *ppBp)
+{
+    /*
+     * Search for a chunk having a free entry, allocating new chunks
+     * if the encountered ones are full.
+     *
+     * This can be called from multiple threads at the same time so special care
+     * has to be taken to not require any locking here.
+     */
+    for (uint32_t i = 0; i < RT_ELEMENTS(pUVM->dbgf.s.aBpChunks); i++)
+    {
+        PDBGFBPCHUNKR3 pBpChunk = &pUVM->dbgf.s.aBpChunks[i];
+
+        uint32_t idChunk  = ASMAtomicReadU32(&pBpChunk->idChunk);
+        if (idChunk == DBGF_BP_CHUNK_ID_INVALID)
+        {
+            int rc = dbgfR3BpChunkAlloc(pUVM, i);
+            if (RT_FAILURE(rc))
+            {
+                LogRel(("DBGF/Bp: Allocating new breakpoint table chunk failed with %Rrc\n", rc));
+                break;
+            }
+
+            idChunk = ASMAtomicReadU32(&pBpChunk->idChunk);
+            Assert(idChunk == i);
+        }
+
+        /** @todo Optimize with some hinting if this turns out to be too slow. */
+        for (;;)
+        {
+            uint32_t cBpsFree = ASMAtomicReadU32(&pBpChunk->cBpsFree);
+            if (cBpsFree)
+            {
+                /*
+                 * Scan the associated bitmap for a free entry, if none can be found another thread
+                 * raced us and we go to the next chunk.
+                 */
+                int32_t iClr = ASMBitFirstClear(pBpChunk->pbmAlloc, DBGF_BP_COUNT_PER_CHUNK);
+                if (iClr != -1)
+                {
+                    /*
+                     * Try to allocate, we could get raced here as well. In that case
+                     * we try again.
+                     */
+                    if (!ASMAtomicBitTestAndSet(pBpChunk->pbmAlloc, iClr))
+                    {
+                        /* Success, immediately mark as allocated, initialize the breakpoint state and return. */
+                        ASMAtomicDecU32(&pBpChunk->cBpsFree);
+
+                        PDBGFBPINT pBp = &pBpChunk->pBpBaseR3[iClr];
+                        pBp->Pub.cHits = 0;
+                        pBp->Pub.iHitTrigger   = iHitTrigger;
+                        pBp->Pub.iHitDisable   = iHitDisable;
+                        pBp->Pub.hOwner        = hOwner;
+                        pBp->Pub.fFlagsAndType = DBGF_BP_PUB_SET_FLAGS_AND_TYPE(enmType, DBGF_BP_F_DEFAULT);
+                        pBp->pvUserR3          = pvUser;
+
+                        /** @todo Owner handling (reference and call ring-0 if it has an ring-0 callback). */
+
+                        *phBp = DBGF_BP_HND_CREATE(idChunk, iClr);
+                        *ppBp = pBp;
+                        return VINF_SUCCESS;
+                    }
+                    /* else Retry with another spot. */
+                }
+                else /* no free entry in bitmap, go to the next chunk */
+                    break;
+            }
+            else /* !cBpsFree, go to the next chunk */
+                break;
+        }
+    }
+
+    return VERR_DBGF_NO_MORE_BP_SLOTS;
+}
+
+
+/**
+ * Frees the given breakpoint handle.
+ *
+ * @returns nothing.
+ * @param   pUVM                The user mode VM handle.
+ * @param   hBp                 The breakpoint handle to free.
+ * @param   pBp                 The internal breakpoint state pointer.
+ */
+static void dbgfR3BpFree(PUVM pUVM, DBGFBP hBp, PDBGFBPINT pBp)
+{
+    uint32_t idChunk  = DBGF_BP_HND_GET_CHUNK_ID(hBp);
+    uint32_t idxEntry = DBGF_BP_HND_GET_ENTRY(hBp);
+
+    AssertReturnVoid(idChunk < DBGF_BP_CHUNK_COUNT);
+    AssertReturnVoid(idxEntry < DBGF_BP_COUNT_PER_CHUNK);
+
+    PDBGFBPCHUNKR3 pBpChunk = &pUVM->dbgf.s.aBpChunks[idChunk];
+    AssertPtrReturnVoid(pBpChunk->pbmAlloc);
+    AssertReturnVoid(ASMBitTest(pBpChunk->pbmAlloc, idxEntry));
+
+    /** @todo Need a trip to Ring-0 if an owner is assigned with a Ring-0 part to clear the breakpoint. */
+    /** @todo Release owner. */
+    memset(pBp, 0, sizeof(*pBp));
+
+    ASMAtomicBitClear(pBpChunk->pbmAlloc, idxEntry);
+    ASMAtomicIncU32(&pBpChunk->cBpsFree);
+}
+
+
+/**
+ * Sets the enabled flag of the given breakpoint to the given value.
+ *
+ * @returns nothing.
+ * @param   pBp                 The breakpoint to set the state.
+ * @param   fEnabled            Enabled status.
+ */
+DECLINLINE(void) dbgfR3BpSetEnabled(PDBGFBPINT pBp, bool fEnabled)
+{
+    DBGFBPTYPE enmType = DBGF_BP_PUB_GET_TYPE(pBp->Pub.fFlagsAndType);
+    if (fEnabled)
+        pBp->Pub.fFlagsAndType = DBGF_BP_PUB_SET_FLAGS_AND_TYPE(enmType, DBGF_BP_F_ENABLED);
+    else
+        pBp->Pub.fFlagsAndType = DBGF_BP_PUB_SET_FLAGS_AND_TYPE(enmType, 0 /*fFlags*/);
+}
+
+
+/**
+ * Assigns a hardware breakpoint state to the given register breakpoint.
+ *
+ * @returns VBox status code.
+ * @param   pVM                 The cross-context VM structure pointer.
+ * @param   hBp                 The breakpoint handle to assign.
+ * @param   pBp                 The internal breakpoint state.
+ *
+ * @thread Any thread.
+ */
+static int dbgfR3BpRegAssign(PVM pVM, DBGFBP hBp, PDBGFBPINT pBp)
+{
+    AssertReturn(pBp->Pub.u.Reg.iReg == UINT8_MAX, VERR_DBGF_BP_IPE_3);
+
+    for (uint8_t i = 0; i < RT_ELEMENTS(pVM->dbgf.s.aHwBreakpoints); i++)
+    {
+        PDBGFBPHW pHwBp = &pVM->dbgf.s.aHwBreakpoints[i];
+
+        AssertCompileSize(DBGFBP, sizeof(uint32_t));
+        if (ASMAtomicCmpXchgU32(&pHwBp->hBp, hBp, NIL_DBGFBP))
+        {
+            pHwBp->GCPtr    = pBp->Pub.u.Reg.GCPtr;
+            pHwBp->fType    = pBp->Pub.u.Reg.fType;
+            pHwBp->cb       = pBp->Pub.u.Reg.cb;
+            pHwBp->fEnabled = DBGF_BP_PUB_IS_ENABLED(pBp->Pub.fFlagsAndType);
+
+            pBp->Pub.u.Reg.iReg = i;
+            return VINF_SUCCESS;
+        }
+    }
+
+    return VERR_DBGF_NO_MORE_BP_SLOTS;
+}
+
+
+/**
+ * Removes the assigned hardware breakpoint state from the given register breakpoint.
+ *
+ * @returns VBox status code.
+ * @param   pVM                 The cross-context VM structure pointer.
+ * @param   hBp                 The breakpoint handle to remove.
+ * @param   pBp                 The internal breakpoint state.
+ *
+ * @thread Any thread.
+ */
+static int dbgfR3BpRegRemove(PVM pVM, DBGFBP hBp, PDBGFBPINT pBp)
+{
+    AssertReturn(pBp->Pub.u.Reg.iReg < RT_ELEMENTS(pVM->dbgf.s.aHwBreakpoints), VERR_DBGF_BP_IPE_3);
+
+    PDBGFBPHW pHwBp = &pVM->dbgf.s.aHwBreakpoints[pBp->Pub.u.Reg.iReg];
+    AssertReturn(pHwBp->hBp == hBp, VERR_DBGF_BP_IPE_4);
+    AssertReturn(!pHwBp->fEnabled, VERR_DBGF_BP_IPE_5);
+
+    pHwBp->GCPtr = 0;
+    pHwBp->fType = 0;
+    pHwBp->cb    = 0;
+    ASMCompilerBarrier();
+
+    ASMAtomicWriteU32(&pHwBp->hBp, NIL_DBGFBP);
+    return VINF_SUCCESS;
+}
+
+
+/**
+ * @callback_method_impl{FNVMMEMTRENDEZVOUS}
+ */
+static DECLCALLBACK(VBOXSTRICTRC) dbgfR3BpRegRecalcOnCpu(PVM pVM, PVMCPU pVCpu, void *pvUser)
+{
+    RT_NOREF(pvUser);
+
+    /*
+     * CPU 0 updates the enabled hardware breakpoint counts.
+     */
+    if (pVCpu->idCpu == 0)
+    {
+        pVM->dbgf.s.cEnabledHwBreakpoints   = 0;
+        pVM->dbgf.s.cEnabledHwIoBreakpoints = 0;
+
+        for (uint32_t iBp = 0; iBp < RT_ELEMENTS(pVM->dbgf.s.aHwBreakpoints); iBp++)
+        {
+            if (pVM->dbgf.s.aHwBreakpoints[iBp].fEnabled)
+            {
+                pVM->dbgf.s.cEnabledHwBreakpoints   += 1;
+                pVM->dbgf.s.cEnabledHwIoBreakpoints += pVM->dbgf.s.aHwBreakpoints[iBp].fType == X86_DR7_RW_IO;
+            }
+        }
+    }
+
+    return CPUMRecalcHyperDRx(pVCpu, UINT8_MAX, false);
+}
+
+
+/**
+ * Arms the given breakpoint.
+ *
+ * @returns VBox status code.
+ * @param   pUVM                The user mode VM handle.
+ * @param   hBp                 The breakpoint handle to arm.
+ * @param   pBp                 The internal breakpoint state pointer for the handle.
+ */
+static int dbgfR3BpArm(PUVM pUVM, DBGFBP hBp, PDBGFBPINT pBp)
+{
+    int rc = VINF_SUCCESS;
+    PVM pVM = pUVM->pVM;
+
+    Assert(!DBGF_BP_PUB_IS_ENABLED(pBp->Pub.fFlagsAndType));
+    switch (DBGF_BP_PUB_GET_TYPE(pBp->Pub.fFlagsAndType))
+    {
+        case DBGFBPTYPE_REG:
+        {
+            Assert(pBp->Pub.u.Reg.iReg < RT_ELEMENTS(pVM->dbgf.s.aHwBreakpoints));
+            PDBGFBPHW pBpHw = &pVM->dbgf.s.aHwBreakpoints[pBp->Pub.u.Reg.iReg];
+            Assert(pBpHw->hBp == hBp); RT_NOREF(hBp);
+
+            dbgfR3BpSetEnabled(pBp, true /*fEnabled*/);
+            ASMAtomicWriteBool(&pBpHw->fEnabled, true);
+            rc = VMMR3EmtRendezvous(pVM, VMMEMTRENDEZVOUS_FLAGS_TYPE_ALL_AT_ONCE, dbgfR3BpRegRecalcOnCpu, NULL);
+            if (RT_FAILURE(rc))
+            {
+                ASMAtomicWriteBool(&pBpHw->fEnabled, false);
+                dbgfR3BpSetEnabled(pBp, false /*fEnabled*/);
+            }
+            break;
+        }
+        case DBGFBPTYPE_INT3:
+        case DBGFBPTYPE_PORT_IO:
+        case DBGFBPTYPE_MMIO:
+            rc = VERR_NOT_IMPLEMENTED;
+            break;
+        default:
+            AssertMsgFailedReturn(("Invalid breakpoint type %d\n", DBGF_BP_PUB_GET_TYPE(pBp->Pub.fFlagsAndType)),
+                                  VERR_IPE_NOT_REACHED_DEFAULT_CASE);
+    }
+
+    return rc;
+}
+
+
+/**
+ * Disarms the given breakpoint.
+ *
+ * @returns VBox status code.
+ * @param   pUVM                The user mode VM handle.
+ * @param   hBp                 The breakpoint handle to disarm.
+ * @param   pBp                 The internal breakpoint state pointer for the handle.
+ */
+static int dbgfR3BpDisarm(PUVM pUVM, DBGFBP hBp, PDBGFBPINT pBp)
+{
+    int rc = VINF_SUCCESS;
+    PVM pVM = pUVM->pVM;
+
+    Assert(DBGF_BP_PUB_IS_ENABLED(pBp->Pub.fFlagsAndType));
+    switch (DBGF_BP_PUB_GET_TYPE(pBp->Pub.fFlagsAndType))
+    {
+        case DBGFBPTYPE_REG:
+        {
+            Assert(pBp->Pub.u.Reg.iReg < RT_ELEMENTS(pVM->dbgf.s.aHwBreakpoints));
+            PDBGFBPHW pBpHw = &pVM->dbgf.s.aHwBreakpoints[pBp->Pub.u.Reg.iReg];
+            Assert(pBpHw->hBp == hBp); RT_NOREF(hBp);
+
+            dbgfR3BpSetEnabled(pBp, false /*fEnabled*/);
+            ASMAtomicWriteBool(&pBpHw->fEnabled, false);
+            rc = VMMR3EmtRendezvous(pVM, VMMEMTRENDEZVOUS_FLAGS_TYPE_ALL_AT_ONCE, dbgfR3BpRegRecalcOnCpu, NULL);
+            if (RT_FAILURE(rc))
+            {
+                ASMAtomicWriteBool(&pBpHw->fEnabled, true);
+                dbgfR3BpSetEnabled(pBp, true /*fEnabled*/);
+            }
+            break;
+        }
+        case DBGFBPTYPE_INT3:
+        case DBGFBPTYPE_PORT_IO:
+        case DBGFBPTYPE_MMIO:
+            rc = VERR_NOT_IMPLEMENTED;
+            break;
+        default:
+            AssertMsgFailedReturn(("Invalid breakpoint type %d\n", DBGF_BP_PUB_GET_TYPE(pBp->Pub.fFlagsAndType)),
+                                  VERR_IPE_NOT_REACHED_DEFAULT_CASE);
+    }
+
+    return rc;
 }
 
@@ -285 +851 @@
 {
     UVM_ASSERT_VALID_EXT_RETURN(pUVM, VERR_INVALID_VM_HANDLE);
-    AssertReturn(hOwner != NIL_DBGFBPOWNER || pvUser != NULL, VERR_INVALID_PARAMETER);
+    AssertReturn(hOwner != NIL_DBGFBPOWNER || pvUser == NULL, VERR_INVALID_PARAMETER);
     AssertReturn(DBGFR3AddrIsValid(pUVM, pAddress), VERR_INVALID_PARAMETER);
     AssertReturn(iHitTrigger <= iHitDisable, VERR_INVALID_PARAMETER);
     AssertPtrReturn(phBp, VERR_INVALID_POINTER);
 
-    RT_NOREF(idSrcCpu);
-
-    return VERR_NOT_IMPLEMENTED;
+    int rc = dbgfR3BpEnsureInit(pUVM);
+    AssertRCReturn(rc, rc);
+
+    DBGFBP hBp = NIL_DBGFBP;
+    PDBGFBPINT pBp = NULL;
+    rc = dbgfR3BpAlloc(pUVM, hOwner, pvUser, DBGFBPTYPE_INT3, iHitTrigger, iHitDisable, &hBp, &pBp);
+    if (RT_SUCCESS(rc))
+    {
+        /*
+         * Translate & save the breakpoint address into a guest-physical address.
+         */
+        rc = DBGFR3AddrToPhys(pUVM, idSrcCpu, pAddress, &pBp->Pub.u.Int3.PhysAddr);
+        if (RT_SUCCESS(rc))
+        {
+            /*
+             * The physical address from DBGFR3AddrToPhys() is the start of the page,
+             * we need the exact byte offset into the page while writing to it in dbgfR3BpInt3Arm().
+             */
+            pBp->Pub.u.Int3.PhysAddr |= (pAddress->FlatPtr & X86_PAGE_OFFSET_MASK);
+            pBp->Pub.u.Int3.GCPtr     = pAddress->FlatPtr;
+
+            /* Enable the breakpoint. */
+            rc = dbgfR3BpArm(pUVM, hBp, pBp);
+            if (RT_SUCCESS(rc))
+            {
+                *phBp = hBp;
+                return VINF_SUCCESS;
+            }
+        }
+
+        dbgfR3BpFree(pUVM, hBp, pBp);
+    }
+
+    return rc;
 }
 
@@ -345 +942 @@
 {
     UVM_ASSERT_VALID_EXT_RETURN(pUVM, VERR_INVALID_VM_HANDLE);
-    AssertReturn(hOwner != NIL_DBGFBPOWNER || pvUser != NULL, VERR_INVALID_PARAMETER);
+    AssertReturn(hOwner != NIL_DBGFBPOWNER || pvUser == NULL, VERR_INVALID_PARAMETER);
     AssertReturn(DBGFR3AddrIsValid(pUVM, pAddress), VERR_INVALID_PARAMETER);
     AssertReturn(iHitTrigger <= iHitDisable, VERR_INVALID_PARAMETER);
@@ -364 +961 @@
     }
 
-    return VERR_NOT_IMPLEMENTED;
+    int rc = dbgfR3BpEnsureInit(pUVM);
+    AssertRCReturn(rc, rc);
+
+    PDBGFBPINT pBp = NULL;
+    DBGFBP hBp = dbgfR3BpGetByAddr(pUVM, DBGFBPTYPE_REG, pAddress->FlatPtr, &pBp);
+    if (    hBp != NIL_DBGFBP
+        &&  pBp->Pub.u.Reg.cb == cb
+        &&  pBp->Pub.u.Reg.fType == fType)
+    {
+        rc = VINF_SUCCESS;
+        if (!DBGF_BP_PUB_IS_ENABLED(pBp->Pub.fFlagsAndType))
+            rc = dbgfR3BpArm(pUVM, hBp, pBp);
+        if (RT_SUCCESS(rc))
+        {
+            rc = VINF_DBGF_BP_ALREADY_EXIST;
+            if (phBp)
+                *phBp = hBp;
+        }
+        return rc;
+    }
+
+    /* Allocate new breakpoint. */
+    rc = dbgfR3BpAlloc(pUVM, hOwner, pvUser, DBGFBPTYPE_REG, iHitTrigger, iHitDisable, &hBp, &pBp);
+    if (RT_SUCCESS(rc))
+    {
+        pBp->Pub.u.Reg.GCPtr = pAddress->FlatPtr;
+        pBp->Pub.u.Reg.fType = fType;
+        pBp->Pub.u.Reg.cb    = cb;
+        pBp->Pub.u.Reg.iReg  = UINT8_MAX;
+        ASMCompilerBarrier();
+
+        /* Assign the proper hardware breakpoint. */
+        rc = dbgfR3BpRegAssign(pUVM->pVM, hBp, pBp);
+        if (RT_SUCCESS(rc))
+        {
+            /* Arm the breakpoint. */
+            rc = dbgfR3BpArm(pUVM, hBp, pBp);
+            if (RT_SUCCESS(rc))
+            {
+                if (phBp)
+                    *phBp = hBp;
+                return VINF_SUCCESS;
+            }
+            else
+            {
+                int rc2 = dbgfR3BpRegRemove(pUVM->pVM, hBp, pBp);
+                AssertRC(rc2); RT_NOREF(rc2);
+            }
+        }
+
+        dbgfR3BpFree(pUVM, hBp, pBp);
+    }
+
+    return rc;
 }
 
@@ -430 +1080 @@
 {
     UVM_ASSERT_VALID_EXT_RETURN(pUVM, VERR_INVALID_VM_HANDLE);
-    AssertReturn(hOwner != NIL_DBGFBPOWNER || pvUser != NULL, VERR_INVALID_PARAMETER);
+    AssertReturn(hOwner != NIL_DBGFBPOWNER || pvUser == NULL, VERR_INVALID_PARAMETER);
     AssertReturn(!(fAccess & ~DBGFBPIOACCESS_VALID_MASK_PORT_IO), VERR_INVALID_FLAGS);
     AssertReturn(fAccess, VERR_INVALID_FLAGS);
@@ -437 +1087 @@
     AssertReturn(cPorts > 0, VERR_OUT_OF_RANGE);
     AssertReturn((RTIOPORT)(uPort + cPorts) < uPort, VERR_OUT_OF_RANGE);
+
+    int rc = dbgfR3BpEnsureInit(pUVM);
+    AssertRCReturn(rc, rc);
 
     return VERR_NOT_IMPLEMENTED;
@@ -491 +1144 @@
 {
     UVM_ASSERT_VALID_EXT_RETURN(pUVM, VERR_INVALID_VM_HANDLE);
-    AssertReturn(hOwner != NIL_DBGFBPOWNER || pvUser != NULL, VERR_INVALID_PARAMETER);
+    AssertReturn(hOwner != NIL_DBGFBPOWNER || pvUser == NULL, VERR_INVALID_PARAMETER);
     AssertReturn(!(fAccess & ~DBGFBPIOACCESS_VALID_MASK_MMIO), VERR_INVALID_FLAGS);
     AssertReturn(fAccess, VERR_INVALID_FLAGS);
@@ -499 +1152 @@
     AssertReturn(GCPhys + cb < GCPhys, VERR_OUT_OF_RANGE);
 
+    int rc = dbgfR3BpEnsureInit(pUVM);
+    AssertRCReturn(rc, rc);
+
     return VERR_NOT_IMPLEMENTED;
 }
@@ -517 +1173 @@
     AssertReturn(hBp != NIL_DBGFBPOWNER, VERR_INVALID_HANDLE);
 
-    return VERR_NOT_IMPLEMENTED;
+    PDBGFBPINT pBp = dbgfR3BpGetByHnd(pUVM, hBp);
+    AssertPtrReturn(pBp, VERR_DBGF_BP_NOT_FOUND);
+
+    /* Disarm the breakpoint when it is enabled. */
+    if (DBGF_BP_PUB_IS_ENABLED(pBp->Pub.fFlagsAndType))
+    {
+        int rc = dbgfR3BpDisarm(pUVM, hBp, pBp);
+        AssertRC(rc);
+    }
+
+    switch (DBGF_BP_PUB_GET_TYPE(pBp->Pub.fFlagsAndType))
+    {
+        case DBGFBPTYPE_REG:
+        {
+            int rc = dbgfR3BpRegRemove(pUVM->pVM, hBp, pBp);
+            AssertRC(rc);
+            break;
+        }
+        default:
+            break;
+    }
+
+    dbgfR3BpFree(pUVM, hBp, pBp);
+    return VINF_SUCCESS;
 }
 
@@ -531 +1210 @@
  */
 VMMR3DECL(int) DBGFR3BpEnable(PUVM pUVM, DBGFBP hBp)
-{
-    UVM_ASSERT_VALID_EXT_RETURN(pUVM, VERR_INVALID_VM_HANDLE);
-    AssertReturn(hBp != NIL_DBGFBPOWNER, VERR_INVALID_HANDLE);
-
-    return VERR_NOT_IMPLEMENTED;
-}
-
-
-/**
- * Disables a breakpoint.
- *
- * @returns VBox status code.
- * @param   pUVM        The user mode VM handle.
- * @param   hBp         The handle of the breakpoint which should be disabled.
- *
- * @thread  Any thread.
- */
-VMMR3DECL(int) DBGFR3BpDisable(PUVM pUVM, DBGFBP hBp)
 {
     /*
@@ -556 +1217 @@
     AssertReturn(hBp != NIL_DBGFBPOWNER, VERR_INVALID_HANDLE);
 
-    return VERR_NOT_IMPLEMENTED;
+    PDBGFBPINT pBp = dbgfR3BpGetByHnd(pUVM, hBp);
+    AssertPtrReturn(pBp, VERR_DBGF_BP_NOT_FOUND);
+
+    int rc = VINF_SUCCESS;
+    if (!DBGF_BP_PUB_IS_ENABLED(pBp->Pub.fFlagsAndType))
+        rc = dbgfR3BpArm(pUVM, hBp, pBp);
+    else
+        rc = VINF_DBGF_BP_ALREADY_ENABLED;
+
+    return rc;
+}
+
+
+/**
+ * Disables a breakpoint.
+ *
+ * @returns VBox status code.
+ * @param   pUVM        The user mode VM handle.
+ * @param   hBp         The handle of the breakpoint which should be disabled.
+ *
+ * @thread  Any thread.
+ */
+VMMR3DECL(int) DBGFR3BpDisable(PUVM pUVM, DBGFBP hBp)
+{
+    /*
+     * Validate the input.
+     */
+    UVM_ASSERT_VALID_EXT_RETURN(pUVM, VERR_INVALID_VM_HANDLE);
+    AssertReturn(hBp != NIL_DBGFBPOWNER, VERR_INVALID_HANDLE);
+
+    PDBGFBPINT pBp = dbgfR3BpGetByHnd(pUVM, hBp);
+    AssertPtrReturn(pBp, VERR_DBGF_BP_NOT_FOUND);
+
+    int rc = VINF_SUCCESS;
+    if (DBGF_BP_PUB_IS_ENABLED(pBp->Pub.fFlagsAndType))
+        rc = dbgfR3BpDisarm(pUVM, hBp, pBp);
+    else
+        rc = VINF_DBGF_BP_ALREADY_DISABLED;
+
+    return rc;
 }
 

trunk/src/VBox/VMM/include/DBGFInternal.h

@@ -54 +54 @@
 #define DBGF_TRACER_EVT_SZ               (DBGF_TRACER_EVT_HDR_SZ + DBGF_TRACER_EVT_PAYLOAD_SZ)
 
+
+#ifdef VBOX_WITH_LOTS_OF_DBGF_BPS
+/** @name Breakpoint handling defines.
+ * @{ */
+/** Maximum number of breakpoints supported (power of two). */
+#define DBGF_BP_COUNT_MAX                   _1M
+/** Size of a single breakpoint structure in bytes. */
+#define DBGF_BP_ENTRY_SZ                    64
+/** Number of breakpoints handled in one chunk (power of two). */
+#define DBGF_BP_COUNT_PER_CHUNK             _64K
+/** Number of chunks required to support all breakpoints. */
+#define DBGF_BP_CHUNK_COUNT                 (DBGF_BP_COUNT_MAX / DBGF_BP_COUNT_PER_CHUNK)
+/** @} */
+#endif
 
 
@@ -763 +777 @@
 typedef DBGFBPSEARCHOPT *PDBGFBPSEARCHOPT;
 #else
+
+/** An invalid breakpoint chunk ID. */
+#define DBGF_BP_CHUNK_ID_INVALID                    UINT32_MAX
+/** Generates a unique breakpoint handle from the given chunk ID and entry inside the chunk. */
+#define DBGF_BP_HND_CREATE(a_idChunk, a_idEntry)    RT_MAKE_U32(a_idEntry, a_idChunk);
+/** Returns the chunk ID from the given breakpoint handle. */
+#define DBGF_BP_HND_GET_CHUNK_ID(a_hBp)             ((uint32_t)RT_HI_U16(a_hBp))
+/** Returns the entry index inside a chunk from the given breakpoint handle. */
+#define DBGF_BP_HND_GET_ENTRY(a_hBp)                ((uint32_t)RT_LO_U16(a_hBp))
+
+
+/**
+ * The internal breakpoint state, shared part.
+ */
+typedef struct DBGFBPINT
+{
+    /** The publicly visible part. */
+    DBGFBPPUB                   Pub;
+    /** The opaque user argument for the owner callback, Ring-3 Ptr. */
+    R3PTRTYPE(void *)           pvUserR3;
+} DBGFBPINT;
+AssertCompileSize(DBGFBPINT, DBGF_BP_ENTRY_SZ);
+/** Pointer to an internal breakpoint state. */
+typedef DBGFBPINT *PDBGFBPINT;
+/** Pointer to an const internal breakpoint state. */
+typedef const DBGFBPINT *PCDBGFBPINT;
+
+
+/**
+ * The internal breakpoint state, R0 part.
+ */
+typedef struct DBGFBPINTR0
+{
+    /** The owner handle. */
+    DBGFBPOWNER                 hOwner;
+    /** Flag whether the breakpoint is in use. */
+    bool                        fInUse;
+    /** Padding to 8 byte alignment. */
+    bool                        afPad[3];
+    /** Opaque user data for the owner callback, Ring-0 Ptr. */
+    R0PTRTYPE(void *)           pvUserR0;
+} DBGFBPINTR0;
+AssertCompileMemberAlignment(DBGFBPINTR0, pvUserR0, 8);
+AssertCompileSize(DBGFBPINTR0, 16);
+/** Pointer to an internal breakpoint state - Ring-0 Ptr. */
+typedef R0PTRTYPE(DBGFBPINTR0 *) PDBGFBPINTR0;
+
+
 /**
  * Hardware breakpoint state.
@@ -769 +831 @@
 {
     /** The flat GC address of the breakpoint. */
-    RTGCUINTPTR     GCPtr;
-    /** The breakpoint handle if active, NIL_DBGFBP if disabled. */
-    DBGFBP          hBp;
+    RTGCUINTPTR                 GCPtr;
+    /** The breakpoint handle if active, NIL_DBGFBP if not in use. */
+    volatile DBGFBP             hBp;
     /** The access type (one of the X86_DR7_RW_* value). */
-    uint8_t         fType;
+    uint8_t                     fType;
     /** The access size. */
-    uint8_t         cb;
+    uint8_t                     cb;
     /** Flag whether the breakpoint is currently enabled. */
-    bool            fEnabled;
+    volatile bool               fEnabled;
     /** Padding. */
-    uint8_t         bPad;
+    uint8_t                     bPad;
 } DBGFBPHW;
 AssertCompileSize(DBGFBPHW, 16);
@@ -786 +848 @@
 /** Pointer to a const hardware breakpoint state. */
 typedef const DBGFBPHW *PCDBGFBPHW;
+
+
+/**
+ * A breakpoint table chunk, ring-3 state.
+ */
+typedef struct DBGFBPCHUNKR3
+{
+    /** Pointer to the R3 base of the chunk. */
+    R3PTRTYPE(PDBGFBPINT)       pBpBaseR3;
+    /** Bitmap of free/occupied breakpoint entries. */
+    R3PTRTYPE(volatile void *)  pbmAlloc;
+    /** Number of free breakpoints in the chunk. */
+    volatile uint32_t           cBpsFree;
+    /** The chunk index this tracking structure refers to. */
+    uint32_t                    idChunk;
+} DBGFBPCHUNKR3;
+/** Pointer to a breakpoint table chunk - Ring-3 Ptr. */
+typedef DBGFBPCHUNKR3 *PDBGFBPCHUNKR3;
+/** Pointer to a const breakpoint table chunk - Ring-3 Ptr. */
+typedef const DBGFBPCHUNKR3 *PCDBGFBPCHUNKR3;
+
+
+/**
+ * Breakpoint table chunk, ring-0 state.
+ */
+typedef struct DBGFBPCHUNKR0
+{
+    /** The chunks memory. */
+    RTR0MEMOBJ                  hMemObj;
+    /** The ring-3 mapping object. */
+    RTR0MEMOBJ                  hMapObj;
+    /** Pointer to the breakpoint entries base. */
+    R0PTRTYPE(PDBGFBPINT)       paBpBaseSharedR0;
+    /** Pointer to the Ring-0 only part of the breakpoints. */
+    PDBGFBPINTR0                paBpBaseR0Only;
+} DBGFBPCHUNKR0;
+/** Pointer to a breakpoint table chunk - Ring-0 Ptr. */
+typedef R0PTRTYPE(DBGFBPCHUNKR0 *) PDBGFBPCHUNKR0;
 #endif
 
@@ -875 +975 @@
     DBGFBPSEARCHOPT             Int3;
 #else
+    /** @name Breakpoint handling related state.
+     * @{ */
     /** Array of hardware breakpoints (0..3).
      * This is shared among all the CPUs because life is much simpler that way. */
-    DBGFBPHW                    aHwBreakpoints[4];
+    DBGFBPHW                        aHwBreakpoints[4];
+    /** @} */
 #endif
 
@@ -1017 +1120 @@
     /** Pointer to the tracer instance if enabled. */
     R0PTRTYPE(struct DBGFTRACERINSR0 *) pTracerR0;
+
+#ifdef VBOX_WITH_LOTS_OF_DBGF_BPS
+    /** @name Breakpoint handling related state, Ring-0 only part.
+     * @{ */
+    /** Global breakpoint table chunk array. */
+    DBGFBPCHUNKR0                       aBpChunks[DBGF_BP_CHUNK_COUNT];
+    /** The L1 lookup tables memory object. */
+    RTR0MEMOBJ                          hMemObjBpLocL1;
+    /** The L1 lookup tables mapping object. */
+    RTR0MEMOBJ                          hMapObjBpLocL1;
+    /** Base pointer to the L1 locator table. */
+    R0PTRTYPE(volatile uint32_t *)      paBpLocL1R0;
+    /** Flag whether the breakpoint manager was initialized (on demand). */
+    bool                                fInit;
+    /** @} */
+#endif
 } DBGFR0PERVM;
 
@@ -1091 +1210 @@
     /** @} */
 
+#ifdef VBOX_WITH_LOTS_OF_DBGF_BPS
+    /** @name Breakpoint handling related state.
+     * @{ */
+    /** Global breakpoint table chunk array. */
+    DBGFBPCHUNKR3                   aBpChunks[DBGF_BP_CHUNK_COUNT];
+    /** Base pointer to the L1 locator table. */
+    R3PTRTYPE(volatile uint32_t *)  paBpLocL1R3;
+    /** @} */
+#endif
+
     /** The type database lock. */
     RTSEMRW                     hTypeDbLock;
@@ -1138 +1267 @@
 void dbgfR3AsRelocate(PUVM pUVM, RTGCUINTPTR offDelta);
 #ifdef VBOX_WITH_LOTS_OF_DBGF_BPS
-DECLHIDDEN(int) dbgfR3BpInit(PVM pVM);
-DECLHIDDEN(int) dbgfR3BpTerm(PVM pVM);
+DECLHIDDEN(int) dbgfR3BpInit(PUVM pUVM);
+DECLHIDDEN(int) dbgfR3BpTerm(PUVM pUVM);
 #else
 int  dbgfR3BpInit(PVM pVM);
@@ -1188 +1317 @@
 #ifdef IN_RING0
 DECLHIDDEN(void) dbgfR0TracerDestroy(PGVM pGVM, PDBGFTRACERINSR0 pTracer);
+DECLHIDDEN(void) dbgfR0BpInit(PGVM pGVM);
+DECLHIDDEN(void) dbgfR0BpDestroy(PGVM pGVM);
 #endif /* !IN_RING0 */