Changeset 86726 in vbox

Timestamp:

Oct 28, 2020 10:10:29 AM (4 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

141114

Message:

VMM/DBGF: Implement L2 binary search tree node insertion and walking the tree in R0, bugref:9837

Location:

trunk

Files:

• include/VBox/err.h (modified) (1 diff)
• src/VBox/VMM/VMMR3/DBGFR3Bp.cpp (modified) (5 diffs)
• src/VBox/VMM/VMMRZ/DBGFRZ.cpp (modified) (2 diffs)
• src/VBox/VMM/include/DBGFInline.h (added)
• src/VBox/VMM/include/DBGFInternal.h (modified) (2 diffs)

trunk/include/VBox/err.h

@@ -331 +331 @@
 /** The breakpoint owner handle is still used by one or more breakpoints. */
 #define VERR_DBGF_OWNER_BUSY                (-1225)
+/** Number of tries to add an int3 breakpoint table to the lookup tables reached. */
+#define VERR_DBGF_BP_INT3_ADD_TRIES_REACHED (-1226)
 /** Internal processing error \#1 in the DBGF breakpoint manager code. */
-#define VERR_DBGF_BP_IPE_1                  (-1226)
+#define VERR_DBGF_BP_IPE_1                  (-1227)
 /** Internal processing error \#2 in the DBGF breakpoint manager code. */
-#define VERR_DBGF_BP_IPE_2                  (-1227)
+#define VERR_DBGF_BP_IPE_2                  (-1228)
 /** Internal processing error \#3 in the DBGF breakpoint manager code. */
-#define VERR_DBGF_BP_IPE_3                  (-1228)
+#define VERR_DBGF_BP_IPE_3                  (-1229)
 /** Internal processing error \#4 in the DBGF breakpoint manager code. */
-#define VERR_DBGF_BP_IPE_4                  (-1229)
+#define VERR_DBGF_BP_IPE_4                  (-1230)
 /** Internal processing error \#5 in the DBGF breakpoint manager code. */
-#define VERR_DBGF_BP_IPE_5                  (-1230)
+#define VERR_DBGF_BP_IPE_5                  (-1231)
 /** Internal processing error \#6 in the DBGF breakpoint manager code. */
-#define VERR_DBGF_BP_IPE_6                  (-1231)
-/** Number of tries to add an int3 breakpoint table to the lookup tables reached. */
-#define VERR_DBGF_BP_INT3_ADD_TRIES_REACHED (-1232)
+#define VERR_DBGF_BP_IPE_6                  (-1232)
+/** Internal processing error \#7 in the DBGF breakpoint manager code. */
+#define VERR_DBGF_BP_IPE_7                  (-1233)
+/** Internal processing error \#8 in the DBGF breakpoint manager code. */
+#define VERR_DBGF_BP_IPE_8                  (-1234)
+/** Internal processing error \#9 in the DBGF breakpoint manager code. */
+#define VERR_DBGF_BP_IPE_9                  (-1235)
+/** Level 2 lookup failed because the L1 lookup table is corrupted. */
+#define VERR_DBGF_BP_L1_LOOKUP_FAILED       (-1236)
+/** Level 2 lookup failed because the L2 lookup table is corrupted. */
+#define VERR_DBGF_BP_L2_LOOKUP_FAILED       (-1237)
 /** @} */
 

trunk/src/VBox/VMM/VMMR3/DBGFR3Bp.cpp

@@ -157 +157 @@
 #include <iprt/mem.h>
 
+#include "DBGFInline.h"
+
 
 /*********************************************************************************************************************************
@@ -855 +857 @@
 
 /**
+ * Returns the pointer to the L2 table entry from the given index.
+ *
+ * @returns Current context pointer to the L2 table entry or NULL if the provided index value is invalid.
+ * @param   pUVM        The user mode VM handle.
+ * @param   idxL2       The L2 table index to resolve.
+ *
+ * @note The content of the resolved L2 table entry is not validated!.
+ */
+DECLINLINE(PDBGFBPL2ENTRY) dbgfR3BpL2GetByIdx(PUVM pUVM, uint32_t idxL2)
+{
+    uint32_t idChunk  = DBGF_BP_L2_IDX_GET_CHUNK_ID(idxL2);
+    uint32_t idxEntry = DBGF_BP_L2_IDX_GET_ENTRY(idxL2);
+
+    AssertReturn(idChunk < DBGF_BP_L2_TBL_CHUNK_COUNT, NULL);
+    AssertReturn(idxEntry < DBGF_BP_L2_TBL_ENTRIES_PER_CHUNK, NULL);
+
+    PDBGFBPL2TBLCHUNKR3 pL2Chunk = &pUVM->dbgf.s.aBpL2TblChunks[idChunk];
+    AssertPtrReturn(pL2Chunk->pbmAlloc, NULL);
+    AssertReturn(ASMBitTest(pL2Chunk->pbmAlloc, idxEntry), NULL);
+
+    return &pL2Chunk->CTX_SUFF(pL2Base)[idxEntry];
+}
+
+
+/**
+ * Creates a binary search tree with the given root and leaf nodes.
+ *
+ * @returns VBox status code.
+ * @param   pUVM                The user mode VM handle.
+ * @param   idxL1               The index into the L1 table where the created tree should be linked into.
+ * @param   u32EntryOld         The old entry in the L1 table used to compare with in the atomic update.
+ * @param   hBpRoot             The root node DBGF handle to assign.
+ * @param   GCPtrRoot           The root nodes GC pointer to use as a key.
+ * @param   hBpLeaf             The leafs node DBGF handle to assign.
+ * @param   GCPtrLeaf           The leafs node GC pointer to use as a key.
+ */
+static int dbgfR3BpInt3L2BstCreate(PUVM pUVM, uint32_t idxL1, uint32_t u32EntryOld,
+                                   DBGFBP hBpRoot, RTGCUINTPTR GCPtrRoot,
+                                   DBGFBP hBpLeaf, RTGCUINTPTR GCPtrLeaf)
+{
+    AssertReturn(GCPtrRoot != GCPtrLeaf, VERR_DBGF_BP_IPE_9);
+    Assert(DBGF_BP_INT3_L1_IDX_EXTRACT_FROM_ADDR(GCPtrRoot) == DBGF_BP_INT3_L1_IDX_EXTRACT_FROM_ADDR(GCPtrLeaf));
+
+    /* Allocate two nodes. */
+    uint32_t idxL2Root = 0;
+    PDBGFBPL2ENTRY pL2Root = NULL;
+    int rc = dbgfR3BpL2TblEntryAlloc(pUVM, &idxL2Root, &pL2Root);
+    if (RT_SUCCESS(rc))
+    {
+        uint32_t idxL2Leaf = 0;
+        PDBGFBPL2ENTRY pL2Leaf = NULL;
+        rc = dbgfR3BpL2TblEntryAlloc(pUVM, &idxL2Leaf, &pL2Leaf);
+        if (RT_SUCCESS(rc))
+        {
+            dbgfBpL2TblEntryInit(pL2Leaf, hBpLeaf, GCPtrLeaf, DBGF_BP_L2_ENTRY_IDX_END, DBGF_BP_L2_ENTRY_IDX_END, 0 /*iDepth*/);
+            if (GCPtrLeaf < GCPtrRoot)
+                dbgfBpL2TblEntryInit(pL2Root, hBpRoot, GCPtrRoot, idxL2Leaf, DBGF_BP_L2_ENTRY_IDX_END, 0 /*iDepth*/);
+            else
+                dbgfBpL2TblEntryInit(pL2Root, hBpRoot, GCPtrRoot, DBGF_BP_L2_ENTRY_IDX_END, idxL2Leaf, 0 /*iDepth*/);
+
+            uint32_t const u32Entry = DBGF_BP_INT3_L1_ENTRY_CREATE_L2_IDX(idxL2Root);
+            if (ASMAtomicCmpXchgU32(&pUVM->dbgf.s.paBpLocL1R3[idxL1], u32Entry, u32EntryOld))
+                return VINF_SUCCESS;
+
+            /* The L1 entry has changed due to another thread racing us during insertion, free nodes and try again. */
+            rc = VINF_TRY_AGAIN;
+            dbgfR3BpL2TblEntryFree(pUVM, idxL2Leaf, pL2Leaf);
+        }
+
+        dbgfR3BpL2TblEntryFree(pUVM, idxL2Root, pL2Root);
+    }
+
+    return rc;
+}
+
+
+/**
+ * Inserts the given breakpoint handle into an existing binary search tree.
+ *
+ * @returns VBox status code.
+ * @param   pUVM                The user mode VM handle.
+ * @param   idxL2Root           The index of the tree root in the L2 table.
+ * @param   hBpRoot             The node DBGF handle to insert.
+ * @param   GCPtrRoot           The nodes GC pointer to use as a key.
+ */
+static int dbgfR3BpInt2L2BstNodeInsert(PUVM pUVM, uint32_t idxL2Root, DBGFBP hBp, RTGCUINTPTR GCPtr)
+{
+    /* Allocate a new node first. */
+    uint32_t idxL2Nd = 0;
+    PDBGFBPL2ENTRY pL2Nd = NULL;
+    int rc = dbgfR3BpL2TblEntryAlloc(pUVM, &idxL2Nd, &pL2Nd);
+    if (RT_SUCCESS(rc))
+    {
+        /* Walk the tree and find the correct node to insert to. */
+        PDBGFBPL2ENTRY pL2Entry = dbgfR3BpL2GetByIdx(pUVM, idxL2Root);
+        while (RT_LIKELY(pL2Entry))
+        {
+            /* Make a copy of the entry. */
+            DBGFBPL2ENTRY L2Entry;
+            L2Entry.u64GCPtrKeyAndBpHnd1       = ASMAtomicReadU64((volatile uint64_t *)&pL2Entry->u64GCPtrKeyAndBpHnd1);
+            L2Entry.u64LeftRightIdxDepthBpHnd2 = ASMAtomicReadU64((volatile uint64_t *)&pL2Entry->u64LeftRightIdxDepthBpHnd2);
+
+            RTGCUINTPTR GCPtrL2Entry = DBGF_BP_L2_ENTRY_GET_GCPTR(L2Entry.u64GCPtrKeyAndBpHnd1);
+            AssertBreak(GCPtr != GCPtrL2Entry);
+
+            /* Not found, get to the next level. */
+            uint32_t idxL2Next =   (GCPtr < GCPtrL2Entry)
+                                 ? DBGF_BP_L2_ENTRY_GET_IDX_LEFT(L2Entry.u64LeftRightIdxDepthBpHnd2)
+                                 : DBGF_BP_L2_ENTRY_GET_IDX_RIGHT(L2Entry.u64LeftRightIdxDepthBpHnd2);
+            if (idxL2Next == DBGF_BP_L2_ENTRY_IDX_END)
+            {
+                /* Insert the new node here. */
+                dbgfBpL2TblEntryInit(pL2Nd, hBp, GCPtr, DBGF_BP_L2_ENTRY_IDX_END, DBGF_BP_L2_ENTRY_IDX_END, 0 /*iDepth*/);
+                if (GCPtr < GCPtrL2Entry)
+                    dbgfBpL2TblEntryUpdateLeft(pL2Entry, idxL2Next, 0 /*iDepth*/);
+                else
+                    dbgfBpL2TblEntryUpdateRight(pL2Entry, idxL2Next, 0 /*iDepth*/);
+                return VINF_SUCCESS;
+            }
+
+            pL2Entry = dbgfR3BpL2GetByIdx(pUVM, idxL2Next);
+        }
+
+        rc = VERR_DBGF_BP_L2_LOOKUP_FAILED;
+        dbgfR3BpL2TblEntryFree(pUVM, idxL2Nd, pL2Nd);
+    }
+
+    return rc;
+}
+
+
+/**
+ * Adds the given breakpoint handle keyed with the GC pointer to the proper L2 binary search tree
+ * possibly creating a new tree.
+ *
+ * @returns VBox status code.
+ * @param   pUVM                The user mode VM handle.
+ * @param   idxL1               The index into the L1 table the breakpoint uses.
+ * @param   hBp                 The breakpoint handle which is to be added.
+ * @param   GCPtr               The GC pointer the breakpoint is keyed with.
+ */
+static int dbgfR3BpInt3L2BstNodeAdd(PUVM pUVM, uint32_t idxL1, DBGFBP hBp, RTGCUINTPTR GCPtr)
+{
+    int rc = RTSemFastMutexRequest(pUVM->dbgf.s.hMtxBpL2Wr); AssertRC(rc);
+
+    uint32_t u32Entry = ASMAtomicReadU32(&pUVM->dbgf.s.paBpLocL1R3[idxL1]); /* Re-read, could get raced by a remove operation. */
+    uint8_t u8Type = DBGF_BP_INT3_L1_ENTRY_GET_TYPE(u32Entry);
+    if (u8Type == DBGF_BP_INT3_L1_ENTRY_TYPE_BP_HND)
+    {
+        /* Create a new search tree, gather the necessary information first. */
+        DBGFBP hBp2 = DBGF_BP_INT3_L1_ENTRY_GET_BP_HND(u32Entry);
+        PDBGFBPINT pBp2 = dbgfR3BpGetByHnd(pUVM, hBp2);
+        AssertStmt(VALID_PTR(pBp2), rc = VERR_DBGF_BP_IPE_7);
+        if (RT_SUCCESS(rc))
+            rc = dbgfR3BpInt3L2BstCreate(pUVM, idxL1, u32Entry, hBp, GCPtr, hBp2, pBp2->Pub.u.Int3.GCPtr);
+    }
+    else if (u8Type == DBGF_BP_INT3_L1_ENTRY_TYPE_L2_IDX)
+        rc = dbgfR3BpInt2L2BstNodeInsert(pUVM, DBGF_BP_INT3_L1_ENTRY_GET_L2_IDX(u32Entry), hBp, GCPtr);
+
+    int rc2 = RTSemFastMutexRelease(pUVM->dbgf.s.hMtxBpL2Wr); AssertRC(rc2);
+    return rc;
+}
+
+
+/**
+ * Removes the given breakpoint handle keyed with the GC pointer from the L2 binary search tree
+ * pointed to by the given L2 root index.
+ *
+ * @returns VBox status code.
+ * @param   pUVM                The user mode VM handle.
+ * @param   idxL1               The index into the L1 table pointing to the binary search tree.
+ * @param   idxL2Root           The L2 table index where the tree root is located.
+ * @param   hBp                 The breakpoint handle which is to be removed.
+ * @param   GCPtr               The GC pointer the breakpoint is keyed with.
+ */
+static int dbgfR3BpInt2L2BstNodeRemove(PUVM pUVM, uint32_t idxL1, uint32_t idxL2Root, DBGFBP hBp, RTGCUINTPTR GCPtr)
+{
+    int rc = RTSemFastMutexRequest(pUVM->dbgf.s.hMtxBpL2Wr); AssertRC(rc);
+
+    RT_NOREF(idxL1, idxL2Root, hBp, GCPtr);
+
+    int rc2 = RTSemFastMutexRelease(pUVM->dbgf.s.hMtxBpL2Wr); AssertRC(rc2);
+
+    return rc;
+}
+
+
+/**
  * Adds the given int3 breakpoint to the appropriate lookup tables.
  *
@@ -886 +1076 @@
         else
         {
-            uint8_t u8Type = DBGF_BP_INT3_L1_ENTRY_GET_TYPE(u32Entry);
-            if (u8Type == DBGF_BP_INT3_L1_ENTRY_TYPE_BP_HND)
-            {
-                /** @todo Allocate a new root entry and one leaf to accomodate for the two handles,
-                 * then replace the new entry. */
-                rc = VERR_NOT_IMPLEMENTED;
-                break;
-            }
-            else if (u8Type == DBGF_BP_INT3_L1_ENTRY_TYPE_L2_IDX)
-            {
-                /** @todo Walk the L2 tree searching for the correct spot, add the new entry
-                 * and rebalance the tree. */
-                rc = VERR_NOT_IMPLEMENTED;
-                break;
-            }
+            rc = dbgfR3BpInt3L2BstNodeAdd(pUVM, idxL1, hBp, pBp->Pub.u.Int3.GCPtr);
+            if (rc == VINF_TRY_AGAIN)
+                continue;
+
+            break;
         }
     }
@@ -913 +1093 @@
 
 /**
+ * @callback_method_impl{FNVMMEMTRENDEZVOUS}
+ */
+static DECLCALLBACK(VBOXSTRICTRC) dbgfR3BpInt3RemoveEmtWorker(PVM pVM, PVMCPU pVCpu, void *pvUser)
+{
+    DBGFBP hBp = (DBGFBP)(uintptr_t)pvUser;
+
+    VMCPU_ASSERT_EMT(pVCpu);
+    VM_ASSERT_VALID_EXT_RETURN(pVM, VERR_INVALID_VM_HANDLE);
+
+    PUVM pUVM = pVM->pUVM;
+    PDBGFBPINT pBp = dbgfR3BpGetByHnd(pUVM, hBp);
+    AssertPtrReturn(pBp, VERR_DBGF_BP_IPE_8);
+
+    int rc = VINF_SUCCESS;
+    if (pVCpu->idCpu == 0)
+    {
+        uint16_t idxL1 = DBGF_BP_INT3_L1_IDX_EXTRACT_FROM_ADDR(pBp->Pub.u.Int3.GCPtr);
+        uint32_t u32Entry = ASMAtomicReadU32(&pUVM->dbgf.s.paBpLocL1R3[idxL1]);
+        AssertReturn(u32Entry != DBGF_BP_INT3_L1_ENTRY_TYPE_NULL, VERR_DBGF_BP_IPE_6);
+
+        uint8_t u8Type = DBGF_BP_INT3_L1_ENTRY_GET_TYPE(u32Entry);
+        if (u8Type == DBGF_BP_INT3_L1_ENTRY_TYPE_BP_HND)
+        {
+            /* Single breakpoint, just exchange atomically with the null value. */
+            if (!ASMAtomicCmpXchgU32(&pUVM->dbgf.s.paBpLocL1R3[idxL1], DBGF_BP_INT3_L1_ENTRY_TYPE_NULL, u32Entry))
+            {
+                /*
+                 * A breakpoint addition must have raced us converting the L1 entry to an L2 index type, re-read
+                 * and remove the node from the created binary search tree.
+                 *
+                 * This works because after the entry was converted to an L2 index it can only be converted back
+                 * to a direct handle by removing one or more nodes which always goes through the fast mutex
+                 * protecting the L2 table. Likewise adding a new breakpoint requires grabbing the mutex as well
+                 * so there is serialization here and the node can be removed safely without having to worry about
+                 * concurrent tree modifications.
+                 */
+                u32Entry = ASMAtomicReadU32(&pUVM->dbgf.s.paBpLocL1R3[idxL1]);
+                AssertReturn(DBGF_BP_INT3_L1_ENTRY_GET_TYPE(u32Entry) == DBGF_BP_INT3_L1_ENTRY_TYPE_L2_IDX, VERR_DBGF_BP_IPE_9);
+
+                rc = dbgfR3BpInt2L2BstNodeRemove(pUVM, idxL1, DBGF_BP_INT3_L1_ENTRY_GET_L2_IDX(u32Entry),
+                                                 hBp, pBp->Pub.u.Int3.GCPtr);
+            }
+        }
+        else if (u8Type == DBGF_BP_INT3_L1_ENTRY_TYPE_L2_IDX)
+            rc = dbgfR3BpInt2L2BstNodeRemove(pUVM, idxL1, DBGF_BP_INT3_L1_ENTRY_GET_L2_IDX(u32Entry),
+                                             hBp, pBp->Pub.u.Int3.GCPtr);
+    }
+
+    return rc;
+}
+
+
+/**
  * Removes the given int3 breakpoint from all lookup tables.
  *
@@ -924 +1157 @@
     AssertReturn(DBGF_BP_PUB_GET_TYPE(pBp->Pub.fFlagsAndType) == DBGFBPTYPE_INT3, VERR_DBGF_BP_IPE_3);
 
-    int rc = VINF_SUCCESS;
-    uint16_t idxL1 = DBGF_BP_INT3_L1_IDX_EXTRACT_FROM_ADDR(pBp->Pub.u.Int3.GCPtr);
-
-    for (;;)
-    {
-        uint32_t u32Entry = ASMAtomicReadU32(&pUVM->dbgf.s.paBpLocL1R3[idxL1]);
-        AssertReturn(u32Entry != DBGF_BP_INT3_L1_ENTRY_TYPE_NULL, VERR_DBGF_BP_IPE_6);
-
-        uint8_t u8Type = DBGF_BP_INT3_L1_ENTRY_GET_TYPE(u32Entry);
-        if (u8Type == DBGF_BP_INT3_L1_ENTRY_TYPE_BP_HND)
-        {
-            /* Single breakpoint, just exchange atomically with the null value. */
-            if (ASMAtomicCmpXchgU32(&pUVM->dbgf.s.paBpLocL1R3[idxL1], DBGF_BP_INT3_L1_ENTRY_TYPE_NULL, u32Entry))
-                break;
-            break;
-        }
-        else if (u8Type == DBGF_BP_INT3_L1_ENTRY_TYPE_L2_IDX)
-        {
-            /** @todo Walk the L2 tree searching for the correct spot, remove the entry
-             * and rebalance the tree. */
-            RT_NOREF(hBp);
-            rc = VERR_NOT_IMPLEMENTED;
-            break;
-        }
-    }
-
-    return rc;
+    /*
+     * This has to be done by an EMT rendezvous in order to not have an EMT traversing
+     * any L2 trees while it is being removed.
+     */
+    return VMMR3EmtRendezvous(pUVM->pVM, VMMEMTRENDEZVOUS_FLAGS_TYPE_ALL_AT_ONCE, dbgfR3BpInt3RemoveEmtWorker, (void *)(uintptr_t)hBp);
 }
 

trunk/src/VBox/VMM/VMMRZ/DBGFRZ.cpp

@@ -246 +246 @@
          : VINF_EM_DBG_BREAKPOINT;
 }
+
+
+/**
+ * Returns the pointer to the L2 table entry from the given index.
+ *
+ * @returns Current context pointer to the L2 table entry or NULL if the provided index value is invalid.
+ * @param   pVM         The cross context VM structure.
+ * @param   idxL2       The L2 table index to resolve.
+ *
+ * @note The content of the resolved L2 table entry is not validated!.
+ */
+DECLINLINE(PCDBGFBPL2ENTRY) dbgfRZBpL2GetByIdx(PVMCC pVM, uint32_t idxL2)
+{
+    uint32_t idChunk  = DBGF_BP_L2_IDX_GET_CHUNK_ID(idxL2);
+    uint32_t idxEntry = DBGF_BP_L2_IDX_GET_ENTRY(idxL2);
+
+    AssertReturn(idChunk < DBGF_BP_L2_TBL_CHUNK_COUNT, NULL);
+    AssertReturn(idxEntry < DBGF_BP_L2_TBL_ENTRIES_PER_CHUNK, NULL);
+
+    PDBGFBPL2TBLCHUNKR0 pL2Chunk = &pVM->dbgfr0.s.aBpL2TblChunks[idChunk];
+    AssertPtrReturn(pL2Chunk->paBpL2TblBaseSharedR0, NULL);
+
+    return &pL2Chunk->CTX_SUFF(paBpL2TblBaseShared)[idxEntry];
+}
+
+
+/**
+ * Walks the L2 table starting at the given root index searching for the given key.
+ *
+ * @returns VBox status code.
+ * @param   pVM         The cross context VM structure.
+ * @param   pVCpu       The cross context virtual CPU structure.
+ * @param   pRegFrame   Pointer to the register frame for the trap.
+ * @param   fInHyper    Flag whether the breakpoint triggered in hypervisor code.
+ * @param   idxL2Root   L2 table index of the table root.
+ * @param   GCPtrKey    The key to search for.
+ */
+static int dbgfRZBpL2Walk(PVMCC pVM, PVMCPUCC pVCpu, PCPUMCTXCORE pRegFrame, bool fInHyper,
+                          uint32_t idxL2Root, RTGCUINTPTR GCPtrKey)
+{
+    /** @todo We don't use the depth right now but abort the walking after a fixed amount of levels. */
+    uint8_t iDepth = 32;
+    PCDBGFBPL2ENTRY pL2Entry = dbgfRZBpL2GetByIdx(pVM, idxL2Root);
+
+    while (RT_LIKELY(   iDepth-- > 0
+                     && pL2Entry))
+    {
+        /* Make a copy of the entry before verification. */
+        DBGFBPL2ENTRY L2Entry;
+        L2Entry.u64GCPtrKeyAndBpHnd1       = ASMAtomicReadU64((volatile uint64_t *)&pL2Entry->u64GCPtrKeyAndBpHnd1);
+        L2Entry.u64LeftRightIdxDepthBpHnd2 = ASMAtomicReadU64((volatile uint64_t *)&pL2Entry->u64LeftRightIdxDepthBpHnd2);
+
+        RTGCUINTPTR GCPtrL2Entry = DBGF_BP_L2_ENTRY_GET_GCPTR(L2Entry.u64GCPtrKeyAndBpHnd1);
+        if (GCPtrKey == GCPtrL2Entry)
+        {
+            DBGFBP hBp = DBGF_BP_L2_ENTRY_GET_BP_HND(L2Entry.u64GCPtrKeyAndBpHnd1, L2Entry.u64LeftRightIdxDepthBpHnd2);
+
+            /* Query the internal breakpoint state from the handle. */
+            PDBGFBPINTR0 pBpR0 = NULL;
+            PDBGFBPINT pBp = dbgfR0BpGetByHnd(pVM, hBp, &pBpR0);
+            if (   pBp
+                && DBGF_BP_PUB_GET_TYPE(pBp->Pub.fFlagsAndType) == DBGFBPTYPE_INT3)
+                return dbgfRZBpHit(pVM, pVCpu, pRegFrame, hBp, pBp, pBpR0, fInHyper);
+
+            /* The entry got corrupted, just abort. */
+            return VERR_DBGF_BP_L2_LOOKUP_FAILED;
+        }
+
+        /* Not found, get to the next level. */
+        uint32_t idxL2Next =   (GCPtrKey < GCPtrL2Entry)
+                             ? DBGF_BP_L2_ENTRY_GET_IDX_LEFT(L2Entry.u64LeftRightIdxDepthBpHnd2)
+                             : DBGF_BP_L2_ENTRY_GET_IDX_RIGHT(L2Entry.u64LeftRightIdxDepthBpHnd2);
+        /* It is genuine guest trap or we hit some assertion if we are at the end. */
+        if (idxL2Next == DBGF_BP_L2_ENTRY_IDX_END)
+            return fInHyper
+                 ? VINF_EM_DBG_HYPER_ASSERTION
+                 : VINF_EM_RAW_GUEST_TRAP;
+
+        pL2Entry = dbgfRZBpL2GetByIdx(pVM, idxL2Next);
+    }
+
+    return VERR_DBGF_BP_L2_LOOKUP_FAILED;
+}
 #endif /* !VBOX_WITH_LOTS_OF_DBGF_BPS */
 
@@ -342 +425 @@
                     /* else Genuine guest trap. */
                 }
-                /** @todo else Guru meditation */
+
+                return VERR_DBGF_BP_L1_LOOKUP_FAILED;
             }
             else if (u8Type == DBGF_BP_INT3_L1_ENTRY_TYPE_L2_IDX)
-            {
-                /** @todo Walk the L2 tree searching for the correct spot. */
-            }
-            /** @todo else Guru meditation */
+                return dbgfRZBpL2Walk(pVM, pVCpu, pRegFrame, fInHyper, DBGF_BP_INT3_L1_ENTRY_GET_L2_IDX(u32L1Entry),
+                                      DBGF_BP_INT3_L2_KEY_EXTRACT_FROM_ADDR((RTGCUINTPTR)GCPtrBp));
+
+            /* Some invalid type. */
+            return VERR_DBGF_BP_L1_LOOKUP_FAILED;
         }
     }

trunk/src/VBox/VMM/include/DBGFInternal.h

@@ -956 +956 @@
 typedef const DBGFBPL2ENTRY *PCDBGFBPL2ENTRY;
 
+/** Extracts the part from the given GC pointer used as the key in the L2 binary search tree. */
+#define DBGF_BP_INT3_L2_KEY_EXTRACT_FROM_ADDR(a_GCPtr)  ((uint64_t)((a_GCPtr) >> 16))
+
 /** An invalid breakpoint chunk ID. */
 #define DBGF_BP_L2_IDX_CHUNK_ID_INVALID             UINT32_MAX
@@ -967 +970 @@
 /** Number of bits for the left/right index pointers. */
 #define DBGF_BP_L2_ENTRY_LEFT_RIGHT_IDX_BITS            22
+/** Special index value marking the end of a tree. */
+#define DBGF_BP_L2_ENTRY_IDX_END                        UINT32_C(0x3fffff)
+/** Number of bits to shift the breakpoint handle in the first part. */
+#define DBGF_BP_L2_ENTRY_BP_1ST_SHIFT                   48
+/** Mask for the first part of the breakpoint handle. */
+#define DBGF_BP_L2_ENTRY_BP_1ST_MASK                    UINT32_C(0x0000ffff)
+/** Number of bits to shift the breakpoint handle in the second part. */
+#define DBGF_BP_L2_ENTRY_BP_2ND_SHIFT                   52
+/** Mask for the second part of the breakpoint handle. */
+#define DBGF_BP_L2_ENTRY_BP_2ND_MASK                    UINT32_C(0x0fff0000)
+/** Mask for the second part of the breakpoint handle stored in the L2 entry. */
+#define DBGF_BP_L2_ENTRY_BP_2ND_L2_ENTRY_MASK           UINT64_C(0xfff0000000000000)
+/** Number of bits to shift the depth in the second part. */
+#define DBGF_BP_L2_ENTRY_DEPTH_SHIFT                    44
+/** Mask for the depth. */
+#define DBGF_BP_L2_ENTRY_DEPTH_MASK                     UINT8_MAX
+/** Number of bits to shift the right L2 index in the second part. */
+#define DBGF_BP_L2_ENTRY_RIGHT_IDX_SHIFT                22
+/** Number of bits to shift the left L2 index in the second part. */
+#define DBGF_BP_L2_ENTRY_LEFT_IDX_SHIFT                 0
 /** Index mask. */
 #define DBGF_BP_L2_ENTRY_LEFT_RIGHT_IDX_MASK            (RT_BIT_32(DBGF_BP_L2_ENTRY_LEFT_RIGHT_IDX_BITS) - 1)
+/** Left index mask. */
+#define DBGF_BP_L2_ENTRY_LEFT_IDX_MASK                  (DBGF_BP_L2_ENTRY_LEFT_RIGHT_IDX_MASK << DBGF_BP_L2_ENTRY_LEFT_IDX_SHIFT)
+/** Right index mask. */
+#define DBGF_BP_L2_ENTRY_RIGHT_IDX_MASK                 (DBGF_BP_L2_ENTRY_LEFT_RIGHT_IDX_MASK << DBGF_BP_L2_ENTRY_RIGHT_IDX_SHIFT)
 /** Returns the upper 6 bytes of the GC pointer from the given breakpoint entry. */
 #define DBGF_BP_L2_ENTRY_GET_GCPTR(a_u64GCPtrKeyAndBpHnd1) ((a_u64GCPtrKeyAndBpHnd1) & UINT64_C(0x0000ffffffffffff))
 /** Returns the breakpoint handle from both L2 entry members. */
 #define DBGF_BP_L2_ENTRY_GET_BP_HND(a_u64GCPtrKeyAndBpHnd1, a_u64LeftRightIdxDepthBpHnd2) \
-    ((DBGFBP)(((a_u64GCPtrKeyAndBpHnd1) >> 48) | (((a_u64LeftRightIdxDepthBpHnd2) >> 52) << 16)))
+    ((DBGFBP)(((a_u64GCPtrKeyAndBpHnd1) >> DBGF_BP_L2_ENTRY_BP_1ST_SHIFT) | (((a_u64LeftRightIdxDepthBpHnd2) >> DBGF_BP_L2_ENTRY_BP_2ND_SHIFT) << 16)))
 /** Extracts the depth of the second 64bit L2 entry value. */
-#define DBGF_BP_L2_ENTRY_GET_DEPTH(a_u64LeftRightIdxDepthBpHnd2) ((uint8_t)(((a_u64LeftRightIdxDepthBpHnd2) >> 44) & UINT8_MAX))
+#define DBGF_BP_L2_ENTRY_GET_DEPTH(a_u64LeftRightIdxDepthBpHnd2) ((uint8_t)(((a_u64LeftRightIdxDepthBpHnd2) >> DBGF_BP_L2_ENTRY_DEPTH_SHIFT) & DBGF_BP_L2_ENTRY_DEPTH_MASK))
 /** Extracts the lower right index value from the L2 entry value. */
 #define DBGF_BP_L2_ENTRY_GET_IDX_RIGHT(a_u64LeftRightIdxDepthBpHnd2) \