VirtualBox

Changeset 92162 in vbox for trunk/src/VBox

Timestamp:

Oct 31, 2021 11:34:31 PM (4 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

147985

Message:

VMM/PGM,DevVGA: Baked MMIO2 dirty page tracking into PGM, moving it out of DevVGA. Using the handler state to record a page as dirty (PGM_PAGE_HNDL_PHYS_STATE_DISABLED). bugref:10122

Location:

Files:

: 13 edited

Devices/Graphics/DevVGA.cpp (modified) (18 diffs)
Devices/Graphics/DevVGA.h (modified) (3 diffs)
VMM/VMMAll/PGMAllBth.h (modified) (1 diff)
VMM/VMMAll/PGMAllHandler.cpp (modified) (8 diffs)
VMM/VMMAll/PGMAllPhys.cpp (modified) (3 diffs)
VMM/VMMR3/IEMR3.cpp (modified) (1 diff)
VMM/VMMR3/IOM.cpp (modified) (1 diff)
VMM/VMMR3/PDMDevHlp.cpp (modified) (7 diffs)
VMM/VMMR3/PGM.cpp (modified) (2 diffs)
VMM/VMMR3/PGMHandler.cpp (modified) (6 diffs)
VMM/VMMR3/PGMPhys.cpp (modified) (20 diffs)
VMM/VMMR3/PGMPool.cpp (modified) (1 diff)
VMM/include/PGMInternal.h (modified) (5 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/src/VBox/Devices/Graphics/DevVGA.cpp

-              r91930
+              r92162
+{
     AssertMsg(offVRAM < pThis->vram_size, ("offVRAM = %p, pThis->vram_size = %p\n", offVRAM, pThis->vram_size));
     ASMBitSet(&pThis->au32DirtyBitmap[0], offVRAM >> PAGE_SHIFT);
+    ASMBitSet(&pThis->bmDirtyBitmap[0], offVRAM >> PAGE_SHIFT);
     pThis->fHasDirtyBits = true;
+}
 …
+{
     AssertMsg(offVRAM < pThis->vram_size, ("offVRAM = %p, pThis->vram_size = %p\n", offVRAM, pThis->vram_size));
     return ASMBitTest(&pThis->au32DirtyBitmap[0], offVRAM >> PAGE_SHIFT);
+    return ASMBitTest(&pThis->bmDirtyBitmap[0], offVRAM >> PAGE_SHIFT);
+}
 #ifdef IN_RING3
 /**
  * Reset dirty flags in a give range.
 …
     Assert(offVRAMEnd <= pThis->vram_size);
     Assert(offVRAMStart < offVRAMEnd);
+    ASMBitClearRange(&pThis->au32DirtyBitmap[0], offVRAMStart >> PAGE_SHIFT, offVRAMEnd >> PAGE_SHIFT);
+}
+    ASMBitClearRange(&pThis->bmDirtyBitmap[0], offVRAMStart >> PAGE_SHIFT, offVRAMEnd >> PAGE_SHIFT);
+}
+/**
+ * Queries the VRAM dirty bits and resets the monitoring.
+ */
+static void vgaR3UpdateDirtyBitsAndResetMonitoring(PPDMDEVINS pDevIns, PVGASTATE pThis)
+{
+    size_t const cbBitmap = RT_ALIGN_Z(RT_MIN(pThis->vram_size, VGA_VRAM_MAX), PAGE_SIZE * 64) / PAGE_SIZE / 8;
+    /*
+     * If we don't have any dirty bits from MMIO accesses, we can just query
+     * straight into the dirty buffer.
+     */
+    if (!pThis->fHasDirtyBits)
+    {
+        int rc = PDMDevHlpMmio2QueryAndResetDirtyBitmap(pDevIns, pThis->hMmio2VRam, pThis->bmDirtyBitmap, cbBitmap);
+        AssertRC(rc);
+    }
+    /*
+     * Otherwise we'll have to query and merge the two.
+     */
+    else
+    {
+        uint64_t bmDirtyPages[VGA_VRAM_MAX / PAGE_SIZE / 64]; /* (256 MB VRAM -> 8KB bitmap) */
+        int rc = PDMDevHlpMmio2QueryAndResetDirtyBitmap(pDevIns, pThis->hMmio2VRam, bmDirtyPages, cbBitmap);
+        if (RT_SUCCESS(rc))
+        {
+            /** @todo could use ORPS or VORPS here, I think. */
+            uint64_t     *pbmDst      = pThis->bmDirtyBitmap;
+            size_t const  cTodo       = cbBitmap / sizeof(uint64_t);
+            /* Do 64 bytes at a time first. */
+            size_t const  cTodoFirst  = cTodo & ~(size_t)7;
+            size_t        idx;
+            for (idx = 0; idx < cTodoFirst; idx += 8)
+            {
+                pbmDst[idx + 0] |= bmDirtyPages[idx + 0];
+                pbmDst[idx + 1] |= bmDirtyPages[idx + 1];
+                pbmDst[idx + 2] |= bmDirtyPages[idx + 2];
+                pbmDst[idx + 3] |= bmDirtyPages[idx + 3];
+                pbmDst[idx + 4] |= bmDirtyPages[idx + 4];
+                pbmDst[idx + 5] |= bmDirtyPages[idx + 5];
+                pbmDst[idx + 6] |= bmDirtyPages[idx + 6];
+                pbmDst[idx + 7] |= bmDirtyPages[idx + 7];
+            }
+            /* Then do a mopup of anything remaining. */
+            switch (cTodo - idx)
+            {
+                case 7:     pbmDst[idx + 6] |= bmDirtyPages[idx + 6]; RT_FALL_THRU();
+                case 6:     pbmDst[idx + 5] |= bmDirtyPages[idx + 5]; RT_FALL_THRU();
+                case 5:     pbmDst[idx + 4] |= bmDirtyPages[idx + 4]; RT_FALL_THRU();
+                case 4:     pbmDst[idx + 3] |= bmDirtyPages[idx + 3]; RT_FALL_THRU();
+                case 3:     pbmDst[idx + 2] |= bmDirtyPages[idx + 2]; RT_FALL_THRU();
+                case 2:     pbmDst[idx + 1] |= bmDirtyPages[idx + 1]; RT_FALL_THRU();
+                case 1:     pbmDst[idx]     |= bmDirtyPages[idx];     break;
+                case 0:     break;
+                default:    AssertFailedBreak();
+            }
+            pThis->fHasDirtyBits = false;
+        }
+    }
+}
 #endif /* IN_RING3 */
 …
         /* round up page_max by one page, as otherwise this can be -PAGE_SIZE,
          * which causes assertion trouble in vgaR3ResetDirty. */
+        page_max = (  pThis->start_addr * 4 + pThis->line_offset * pThis->last_scr_height
+                    - 1 + PAGE_SIZE) & ~PAGE_OFFSET_MASK;
+        page_max = (pThis->start_addr * 4 + pThis->line_offset * pThis->last_scr_height - 1 + PAGE_SIZE) & ~PAGE_OFFSET_MASK;
         vgaR3ResetDirty(pThis, page_min, page_max + PAGE_SIZE);
+    }
 …
 /**
  * Worker for vgaR3PortUpdateDisplay(), vboxR3UpdateDisplayAllInternal() and
+ * Worker for vgaR3PortUpdateDisplay(), vgaR3UpdateDisplayAllInternal() and
  * vgaR3PortTakeScreenshot().
  */
 …
-/**
- * Handle LFB access.
+ *
- * @returns Strict VBox status code.
- * @param   pVM         VM handle.
- * @param   pDevIns     The device instance.
- * @param   pThis       The shared VGA instance data.
- * @param   GCPhys      The access physical address.
- * @param   GCPtr       The access virtual address (only GC).
- */
-static VBOXSTRICTRC vgaLFBAccess(PVMCC pVM, PPDMDEVINS pDevIns, PVGASTATE pThis, RTGCPHYS GCPhys, RTGCPTR GCPtr)
+{
-    RT_NOREF(pVM);
-    VBOXSTRICTRC rc = PDMDevHlpCritSectEnter(pDevIns, &pThis->CritSect, VINF_EM_RAW_EMULATE_INSTR);
-    if (rc == VINF_SUCCESS)
+    {
-        /*
-         * Set page dirty bit.
-         */
-        vgaR3MarkDirty(pThis, GCPhys - pThis->GCPhysVRAM);
-        pThis->fLFBUpdated = true;
-        /*
-         * Turn of the write handler for this particular page and make it R/W.
-         * Then return telling the caller to restart the guest instruction.
-         * ASSUME: the guest always maps video memory RW.
-         */
-        rc = PDMDevHlpPGMHandlerPhysicalPageTempOff(pDevIns, pThis->GCPhysVRAM, GCPhys);
-        if (RT_SUCCESS(rc))
+        {
-#ifndef IN_RING3
-            rc = PGMShwMakePageWritable(PDMDevHlpGetVMCPU(pDevIns), GCPtr,
-                                        PGM_MK_PG_IS_MMIO2 | PGM_MK_PG_IS_WRITE_FAULT);
-            PDMDevHlpCritSectLeave(pDevIns, &pThis->CritSect);
-            AssertMsgReturn(    rc == VINF_SUCCESS
-                            /* In the SMP case the page table might be removed while we wait for the PGM lock in the trap handler. */
-                            ||  rc == VERR_PAGE_TABLE_NOT_PRESENT
-                            ||  rc == VERR_PAGE_NOT_PRESENT,
-                            ("PGMShwModifyPage -> GCPtr=%RGv rc=%d\n", GCPtr, VBOXSTRICTRC_VAL(rc)),
-                            rc);
-#else  /* IN_RING3 - We don't have any virtual page address of the access here. */
-            PDMDevHlpCritSectLeave(pDevIns, &pThis->CritSect);
-            Assert(GCPtr == 0);
-            RT_NOREF1(GCPtr);
-#endif
-            return VINF_SUCCESS;
+        }
-        PDMDevHlpCritSectLeave(pDevIns, &pThis->CritSect);
-        AssertMsgFailed(("PGMHandlerPhysicalPageTempOff -> rc=%d\n", VBOXSTRICTRC_VAL(rc)));
+    }
-    return rc;
+}
-#ifndef IN_RING3
-/**
- * @callback_method_impl{FNPGMRCPHYSHANDLER, \#PF Handler for VBE LFB access.}
- */
-PDMBOTHCBDECL(VBOXSTRICTRC) vgaLbfAccessPfHandler(PVMCC pVM, PVMCPUCC pVCpu, RTGCUINT uErrorCode, PCPUMCTXCORE pRegFrame,
-                                                  RTGCPTR pvFault, RTGCPHYS GCPhysFault, void *pvUser)
+{
-    PPDMDEVINS  pDevIns = (PPDMDEVINS)pvUser;
-    PVGASTATE   pThis   = PDMDEVINS_2_DATA(pDevIns, PVGASTATE);
-    //PVGASTATECC pThisCC = PDMDEVINS_2_DATA_CC(pDevIns, PVGASTATECC);
-    Assert(GCPhysFault >= pThis->GCPhysVRAM);
-    AssertMsg(uErrorCode & X86_TRAP_PF_RW, ("uErrorCode=%#x\n", uErrorCode));
-    RT_NOREF3(pVCpu, pRegFrame, uErrorCode);
-    return vgaLFBAccess(pVM, pDevIns, pThis, GCPhysFault, pvFault);
+}
-#endif /* !IN_RING3 */
-/**
- * @callback_method_impl{FNPGMPHYSHANDLER,
- *      VBE LFB write access handler for the dirty tracking.}
- */
-PGM_ALL_CB_DECL(VBOXSTRICTRC) vgaLFBAccessHandler(PVMCC pVM, PVMCPUCC pVCpu, RTGCPHYS GCPhys, void *pvPhys,
-                                                  void *pvBuf, size_t cbBuf, PGMACCESSTYPE enmAccessType,
-                                                  PGMACCESSORIGIN enmOrigin, void *pvUser)
+{
-    PPDMDEVINS  pDevIns = (PPDMDEVINS)pvUser;
-    PVGASTATE   pThis   = PDMDEVINS_2_DATA(pDevIns, PVGASTATE);
-    //PVGASTATECC pThisCC = PDMDEVINS_2_DATA_CC(pDevIns, PVGASTATECC);
-    Assert(GCPhys >= pThis->GCPhysVRAM);
-    RT_NOREF(pVCpu, pvPhys, pvBuf, cbBuf, enmAccessType, enmOrigin);
-    VBOXSTRICTRC rc = vgaLFBAccess(pVM, pDevIns, pThis, GCPhys, 0);
-    if (rc == VINF_SUCCESS)
-        rc = VINF_PGM_HANDLER_DO_DEFAULT;
-#ifdef IN_RING3
-    else
-        AssertMsg(rc < VINF_SUCCESS, ("rc=%Rrc\n", VBOXSTRICTRC_VAL(rc)));
-#endif
-    return rc;
+}
 /* -=-=-=-=-=- All rings: VGA BIOS I/Os -=-=-=-=-=- */
 …
     STAM_COUNTER_INC(&pThis->StatUpdateDisp);
+    if (pThis->fHasDirtyBits && pThis->GCPhysVRAM && pThis->GCPhysVRAM != NIL_RTGCPHYS)
+    {
+        PDMDevHlpPGMHandlerPhysicalReset(pDevIns, pThis->GCPhysVRAM);
+        pThis->fHasDirtyBits = false;
+    }
+    if (pThis->GCPhysVRAM != 0 && pThis->GCPhysVRAM != NIL_RTGCPHYS)
+        vgaR3UpdateDirtyBitsAndResetMonitoring(pDevIns, pThis);
     if (pThis->fRemappedVGA)
+    {
 …
  * Internal vgaR3PortUpdateDisplayAll worker called under pThis->CritSect.
  */
+/** @todo Why the 'vboxR3' prefix? */
+static int vboxR3UpdateDisplayAllInternal(PPDMDEVINS pDevIns, PVGASTATE pThis, PVGASTATECC pThisCC, bool fFailOnResize)
+static int vgaR3UpdateDisplayAllInternal(PPDMDEVINS pDevIns, PVGASTATE pThis, PVGASTATECC pThisCC, bool fFailOnResize)
+{
 # ifdef VBOX_WITH_VMSVGA
 …
 # endif
+    {
+        /* The dirty bits array has been just cleared, reset handlers as well. */
+        if (pThis->GCPhysVRAM && pThis->GCPhysVRAM != NIL_RTGCPHYS)
+            PDMDevHlpPGMHandlerPhysicalReset(pDevIns, pThis->GCPhysVRAM);
+    }
+        /* Update the dirty bits. */
+        if (pThis->GCPhysVRAM != 0 && pThis->GCPhysVRAM != NIL_RTGCPHYS)
+            vgaR3UpdateDirtyBitsAndResetMonitoring(pDevIns, pThis);
+    }
     if (pThis->fRemappedVGA)
+    {
 …
     AssertRCReturn(rc, rc);
     rc = vboxR3UpdateDisplayAllInternal(pDevIns, pThis, pThisCC, fFailOnResize);
+    rc = vgaR3UpdateDisplayAllInternal(pDevIns, pThis, pThisCC, fFailOnResize);
     PDMDevHlpCritSectLeave(pDevIns, &pThis->CritSect);
 …
     /*
      * Get screenshot. This function will fail if a resize is required.
      * So there is not need to do a 'vboxR3UpdateDisplayAllInternal' before taking screenshot.
+     * So there is not need to do a 'vgaR3UpdateDisplayAllInternal' before taking screenshot.
      */
 …
 int vgaR3RegisterVRAMHandler(PPDMDEVINS pDevIns, PVGASTATE pThis, uint64_t cbFrameBuffer)
+{
+    Assert(pThis->GCPhysVRAM);
+    int rc = PDMDevHlpPGMHandlerPhysicalRegister(pDevIns,
+                                                 pThis->GCPhysVRAM, pThis->GCPhysVRAM + (cbFrameBuffer - 1),
+                                                 pThis->hLfbAccessHandlerType, pDevIns, pDevIns->pDevInsR0RemoveMe,
+                                                 pDevIns->pDevInsForRC, "VGA LFB");
+    Assert(pThis->GCPhysVRAM != 0 && pThis->GCPhysVRAM != NIL_RTGCPHYS);
+    int rc = PDMDevHlpMmio2ControlDirtyPageTracking(pDevIns, pThis->hMmio2VRam, true /*fEnabled*/);
+    RT_NOREF(cbFrameBuffer);
     AssertRC(rc);
     return rc;
 …
 int vgaR3UnregisterVRAMHandler(PPDMDEVINS pDevIns, PVGASTATE pThis)
+{
     Assert(pThis->GCPhysVRAM);
     int rc = PDMDevHlpPGMHandlerPhysicalDeregister(pDevIns, pThis->GCPhysVRAM);
+    Assert(pThis->GCPhysVRAM != 0 && pThis->GCPhysVRAM != NIL_RTGCPHYS);
+    int rc = PDMDevHlpMmio2ControlDirtyPageTracking(pDevIns, pThis->hMmio2VRam, false /*fEnabled*/);
     AssertRC(rc);
     return rc;
 …
+    {
         /*
+         * Mapping the VRAM.
+         * Make sure the dirty page tracking state is up to date before mapping it.
+         */
+# ifdef VBOX_WITH_VMSVGA
+        rc = PDMDevHlpMmio2ControlDirtyPageTracking(pDevIns, pThis->hMmio2VRam,
+                                                    !pThis->svga.fEnabled ||(pThis->svga.fEnabled && pThis->svga.fVRAMTracking));
+# else
+        rc = PDMDevHlpMmio2ControlDirtyPageTracking(pDevIns, pThis->hMmio2VRam, true /*fEnabled*/);
+# endif
+        AssertLogRelRC(rc);
+        /*
+         * Map the VRAM.
          */
         rc = PDMDevHlpMmio2Map(pDevIns, pThis->hMmio2VRam, GCPhysAddress);
 …
         if (RT_SUCCESS(rc))
+        {
-# ifdef VBOX_WITH_VMSVGA
-            if (    !pThis->svga.fEnabled
-                ||  (   pThis->svga.fEnabled
-                     && pThis->svga.fVRAMTracking
+                    )
+               )
-# endif
+            {
-                rc = PDMDevHlpPGMHandlerPhysicalRegister(pDevIns, GCPhysAddress, GCPhysAddress + (pThis->vram_size - 1),
-                                                         pThis->hLfbAccessHandlerType, pDevIns, pDevIns->pDevInsR0RemoveMe,
-                                                         pDevIns->pDevInsForRC, "VGA LFB");
-                AssertLogRelRC(rc);
+            }
             pThis->GCPhysVRAM = GCPhysAddress;
             pThis->vbe_regs[VBE_DISPI_INDEX_FB_BASE_HI] = GCPhysAddress >> 16;
 …
         /*
          * Unmapping of the VRAM in progress (caller will do that).
-         * Deregister the access handler so PGM doesn't get upset.
          */
         Assert(pThis->GCPhysVRAM);
-# ifdef VBOX_WITH_VMSVGA
-        if (    !pThis->svga.fEnabled
-            ||  (   pThis->svga.fEnabled
-                 && pThis->svga.fVRAMTracking
+                )
+           )
-# endif
+        {
-            rc = PDMDevHlpPGMHandlerPhysicalDeregister(pDevIns, pThis->GCPhysVRAM);
-            AssertRC(rc);
+        }
-# ifdef VBOX_WITH_VMSVGA
-        else
-            rc = VINF_SUCCESS;
-# endif
         pThis->GCPhysVRAM = 0;
+        rc = VINF_SUCCESS;
         /* NB: VBE_DISPI_INDEX_FB_BASE_HI is left unchanged here. */
+    }
 …
      * Reset the LFB mapping.
      */
+    pThis->fLFBUpdated = false;
+    if (    (   pDevIns->fRCEnabled
+             || pDevIns->fR0Enabled)
+        &&  pThis->GCPhysVRAM
+        &&  pThis->GCPhysVRAM != NIL_RTGCPHYS)
+    {
+        int rc = PDMDevHlpPGMHandlerPhysicalReset(pDevIns, pThis->GCPhysVRAM);
+    if (   (   pDevIns->fRCEnabled
+            || pDevIns->fR0Enabled)
+        && pThis->GCPhysVRAM != 0
+        && pThis->GCPhysVRAM != NIL_RTGCPHYS)
+    {
+        /** @todo r=bird: This used to be a PDMDevHlpPGMHandlerPhysicalReset call.
+         *        Not quite sure if it was/is needed. Besides, where do we reset the
+         *        dirty bitmap (bmDirtyBitmap)? */
+        int rc = PDMDevHlpMmio2ResetDirtyBitmap(pDevIns, pThis->hMmio2VRam);
         AssertRC(rc);
+    }
 …
      */
     rc = PDMDevHlpPCIIORegionCreateMmio2Ex(pDevIns, pThis->pciRegions.iVRAM, pThis->vram_size,
                                            PCI_ADDRESS_SPACE_MEM_PREFETCH, 0 /*fFlags*/, vgaR3PciIORegionVRamMapUnmap,
                                            "VRam", (void **)&pThisCC->pbVRam, &pThis->hMmio2VRam);
+                                           PCI_ADDRESS_SPACE_MEM_PREFETCH, PGMPHYS_MMIO2_FLAGS_TRACK_DIRTY_PAGES,
+                                           vgaR3PciIORegionVRamMapUnmap, "VRam", (void **)&pThisCC->pbVRam, &pThis->hMmio2VRam);
     AssertLogRelRCReturn(rc, PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
                                                  N_("Failed to allocate %u bytes of VRAM"), pThis->vram_size));
-    /*
-     * Register access handler types for tracking dirty VRAM pages.
-     */
-    rc = PDMDevHlpPGMHandlerPhysicalTypeRegister(pDevIns, PGMPHYSHANDLERKIND_WRITE,
-                                                 vgaLFBAccessHandler,
-                                                 "vgaLFBAccessHandler", "vgaLbfAccessPfHandler",
-                                                 "vgaLFBAccessHandler", "vgaLbfAccessPfHandler",
-                                                 "VGA LFB", &pThis->hLfbAccessHandlerType);
-    AssertRCReturn(rc, rc);
     /*

trunk/src/VBox/Devices/Graphics/DevVGA.h

-              r87105
+              r92162
     uint32_t                    cMilliesRefreshInterval;
     /** Bitmap tracking dirty pages. */
     uint32_t                    au32DirtyBitmap[VGA_VRAM_MAX / PAGE_SIZE / 32];
+    uint64_t                    bmDirtyBitmap[VGA_VRAM_MAX / PAGE_SIZE / 64];
     /** Flag indicating that there are dirty bits. This is used to optimize the handler resetting. */
     bool                        fHasDirtyBits;
-    /** LFB was updated flag. */
-    bool                        fLFBUpdated;
     /** Flag indicating that the VGA memory in the 0xa0000-0xbffff region has been remapped to allow direct access. */
     bool                        fRemappedVGA;
 …
     bool                        fVMSVGAPciId;
     bool                        fVMSVGAPciBarLayout;
     bool                        Padding4[2];
+    bool                        Padding4[3];
 #else
     bool                        Padding4[4+2];
+    bool                        Padding4[4+3];
 #endif
 …
 #endif
     } pciRegions;
-    /** Physical access type for the linear frame buffer dirty page tracking. */
-    PGMPHYSHANDLERTYPE          hLfbAccessHandlerType;
     /** The physical address the VRAM was assigned. */

trunk/src/VBox/VMM/VMMAll/PGMAllBth.h

-              r92046
+              r92162
             if (pCurType->CTX_SUFF(pfnPfHandler))
+            {
-                PPGMPOOL    pPool  = pVM->pgm.s.CTX_SUFF(pPool);
-                void       *pvUser = pCur->CTX_SUFF(pvUser);
                 STAM_PROFILE_START(&pCur->Stat, h);
+                if (pCur->hType != pPool->hAccessHandlerType)
+                if (pCurType->fKeepPgmLock)
+                {
+                    rcStrict = pCurType->CTX_SUFF(pfnPfHandler)(pVM, pVCpu, uErr, pRegFrame, pvFault, GCPhysFault,
+                                                                pCur->CTX_SUFF(pvUser));
+#  ifdef VBOX_WITH_STATISTICS
+                    pCur = pgmHandlerPhysicalLookup(pVM, GCPhysFault); /* paranoia in case the handler deregistered itself */
+                    if (pCur)
+                        STAM_PROFILE_STOP(&pCur->Stat, h);
+#  endif
+                }
+                else
+                {
+                    void * const pvUser = pCur->CTX_SUFF(pvUser);
                     PGM_UNLOCK(pVM);
                     *pfLockTaken = false;
+                    rcStrict = pCurType->CTX_SUFF(pfnPfHandler)(pVM, pVCpu, uErr, pRegFrame, pvFault, GCPhysFault, pvUser);
+#  ifdef VBOX_WITH_STATISTICS
+                    PGM_LOCK_VOID(pVM);
+                    pCur = pgmHandlerPhysicalLookup(pVM, GCPhysFault);
+                    if (pCur)
+                        STAM_PROFILE_STOP(&pCur->Stat, h);
+                    PGM_UNLOCK(pVM);
+#  endif
+                }
-                rcStrict = pCurType->CTX_SUFF(pfnPfHandler)(pVM, pVCpu, uErr, pRegFrame, pvFault, GCPhysFault, pvUser);
-#  ifdef VBOX_WITH_STATISTICS
-                PGM_LOCK_VOID(pVM);
-                pCur = pgmHandlerPhysicalLookup(pVM, GCPhysFault);
-                if (pCur)
-                    STAM_PROFILE_STOP(&pCur->Stat, h);
-                PGM_UNLOCK(pVM);
-#  endif
+            }
             else

trunk/src/VBox/VMM/VMMAll/PGMAllHandler.cpp

-              r92157
+              r92162
 *   Internal Functions                                                                                                           *
 *********************************************************************************************************************************/
+static int  pgmHandlerPhysicalSetRamFlagsAndFlushShadowPTs(PVMCC pVM, PPGMPHYSHANDLER pCur, PPGMRAMRANGE pRam);
+static int  pgmHandlerPhysicalSetRamFlagsAndFlushShadowPTs(PVMCC pVM, PPGMPHYSHANDLER pCur, PPGMRAMRANGE pRam,
+                                                           void *pvBitmap, uint32_t offBitmap);
 static void pgmHandlerPhysicalDeregisterNotifyNEM(PVMCC pVM, PPGMPHYSHANDLER pCur);
 static void pgmHandlerPhysicalResetRamFlags(PVMCC pVM, PPGMPHYSHANDLER pCur);
 …
     if (RTAvlroGCPhysInsert(&pVM->pgm.s.CTX_SUFF(pTrees)->PhysHandlers, &pPhysHandler->Core))
+    {
         int rc = pgmHandlerPhysicalSetRamFlagsAndFlushShadowPTs(pVM, pPhysHandler, pRam);
+        int rc = pgmHandlerPhysicalSetRamFlagsAndFlushShadowPTs(pVM, pPhysHandler, pRam, NULL /*pvBitmap*/, 0 /*offBitmap*/);
         if (rc == VINF_PGM_SYNC_CR3)
             rc = VINF_PGM_GCPHYS_ALIASED;
 …
  * @retval  VINF_PGM_SYNC_CR3 when the shadow PTs could be updated because
  *          the guest page aliased or/and mapped by multiple PTs. FFs set.
+ * @param   pVM     The cross context VM structure.
+ * @param   pCur    The physical handler.
+ * @param   pRam    The RAM range.
+ */
+static int pgmHandlerPhysicalSetRamFlagsAndFlushShadowPTs(PVMCC pVM, PPGMPHYSHANDLER pCur, PPGMRAMRANGE pRam)
+ * @param   pVM         The cross context VM structure.
+ * @param   pCur        The physical handler.
+ * @param   pRam        The RAM range.
+ * @param   pvBitmap    Dirty bitmap. Optional.
+ * @param   offBitmap   Dirty bitmap offset.
+ */
+static int pgmHandlerPhysicalSetRamFlagsAndFlushShadowPTs(PVMCC pVM, PPGMPHYSHANDLER pCur, PPGMRAMRANGE pRam,
+                                                          void *pvBitmap, uint32_t offBitmap)
+{
     /*
 …
+            }
 #endif
+            if (pvBitmap)
+                ASMBitSet(pvBitmap, offBitmap);
+        }
 …
             break;
         i++;
+        offBitmap++;
+    }
 …
                      * Set ram flags, flush shadow PT entries and finally tell REM about this.
                      */
                     rc = pgmHandlerPhysicalSetRamFlagsAndFlushShadowPTs(pVM, pCur, pRam);
+                    rc = pgmHandlerPhysicalSetRamFlagsAndFlushShadowPTs(pVM, pCur, pRam, NULL, 0);
                     /** @todo NEM: not sure we need this notification... */
 …
                      * Set the flags and flush shadow PT entries.
                      */
                     rc = pgmHandlerPhysicalSetRamFlagsAndFlushShadowPTs(pVM, pCur, pRam);
+                    rc = pgmHandlerPhysicalSetRamFlagsAndFlushShadowPTs(pVM, pCur, pRam, NULL /*pvBitmap*/, 0 /*offBitmap*/);
+                }
 …
     PGM_UNLOCK(pVM);
+    return rc;
+}
+/**
+ * Special version of PGMHandlerPhysicalReset used by MMIO2 w/ dirty page
+ * tracking.
+ *
+ * @returns VBox status code.
+ * @param   pVM         The cross context VM structure.
+ * @param   GCPhys      The start address of the handler region.
+ * @param   pvBitmap    Dirty bitmap. Caller has cleared this already, only
+ *                      dirty bits will be set. Caller also made sure it's big
+ *                      enough.
+ * @param   offBitmap   Dirty bitmap offset.
+ * @remarks Caller must own the PGM critical section.
+ */
+DECLHIDDEN(int) pgmHandlerPhysicalResetMmio2WithBitmap(PVMCC pVM, RTGCPHYS GCPhys, void *pvBitmap, uint32_t offBitmap)
+{
+    LogFlow(("pgmHandlerPhysicalResetMmio2WithBitmap GCPhys=%RGp\n", GCPhys));
+    PGM_LOCK_ASSERT_OWNER(pVM);
+    /*
+     * Find the handler.
+     */
+    int rc;
+    PPGMPHYSHANDLER pCur = (PPGMPHYSHANDLER)RTAvlroGCPhysGet(&pVM->pgm.s.CTX_SUFF(pTrees)->PhysHandlers, GCPhys);
+    if (RT_LIKELY(pCur))
+    {
+        /*
+         * Validate kind.
+         */
+        PPGMPHYSHANDLERTYPEINT pCurType = PGMPHYSHANDLER_GET_TYPE(pVM, pCur);
+        if (pCurType->enmKind == PGMPHYSHANDLERKIND_WRITE)
+        {
+            STAM_COUNTER_INC(&pVM->pgm.s.Stats.CTX_MID_Z(Stat,PhysHandlerReset));
+            PPGMRAMRANGE pRam = pgmPhysGetRange(pVM, GCPhys);
+            Assert(pRam);
+            Assert(pRam->GCPhys     <= pCur->Core.Key);
+            Assert(pRam->GCPhysLast >= pCur->Core.KeyLast);
+            /*
+             * Set the flags and flush shadow PT entries.
+             */
+            if (pCur->cTmpOffPages > 0)
+            {
+                rc = pgmHandlerPhysicalSetRamFlagsAndFlushShadowPTs(pVM, pCur, pRam, pvBitmap, offBitmap);
+                pCur->cTmpOffPages  = 0;
+            }
+            else
+                rc = VINF_SUCCESS;
+        }
+        else
+        {
+            AssertFailed();
+            rc = VERR_WRONG_TYPE;
+        }
+    }
+    else
+    {
+        AssertMsgFailed(("Didn't find MMIO Range starting at %#x\n", GCPhys));
+        rc = VERR_PGM_HANDLER_NOT_FOUND;
+    }
     return rc;
+}

trunk/src/VBox/VMM/VMMAll/PGMAllPhys.cpp

-              r91855
+              r92162
+        }
+    }
+}
+/**
+ * Common worker for pgmPhysMmio2WriteHandler and pgmPhysMmio2WritePfHandler.
+ */
+static VBOXSTRICTRC pgmPhysMmio2WriteHandlerCommon(PVMCC pVM, PVMCPUCC pVCpu, uintptr_t hMmio2, RTGCPHYS GCPhys, RTGCPTR GCPtr)
+{
+    /*
+     * Get the MMIO2 range.
+     */
+    AssertReturn(hMmio2 < RT_ELEMENTS(pVM->pgm.s.apMmio2RangesR3), VERR_INTERNAL_ERROR_3);
+    AssertReturn(hMmio2 != 0, VERR_INTERNAL_ERROR_3);
+    PPGMREGMMIO2RANGE pMmio2 = pVM->pgm.s.CTX_SUFF(apMmio2Ranges)[hMmio2 - 1];
+    Assert(pMmio2->idMmio2 == hMmio2);
+    AssertReturn((pMmio2->fFlags & PGMREGMMIO2RANGE_F_TRACK_DIRTY_PAGES) == PGMREGMMIO2RANGE_F_TRACK_DIRTY_PAGES,
+                 VERR_INTERNAL_ERROR_4);
+    /*
+     * Get the page and make sure it's an MMIO2 page.
+     */
+    PPGMPAGE pPage = pgmPhysGetPage(pVM, GCPhys);
+    AssertReturn(pPage, VINF_EM_RAW_EMULATE_INSTR);
+    AssertReturn(PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_MMIO2, VINF_EM_RAW_EMULATE_INSTR);
+    /*
+     * Set the dirty flag so we can avoid scanning all the pages when it isn't dirty.
+     * (The PGM_PAGE_HNDL_PHYS_STATE_DISABLED handler state indicates that a single
+     * page is dirty, saving the need for additional storage (bitmap).)
+     */
+    pMmio2->fFlags |= PGMREGMMIO2RANGE_F_IS_DIRTY;
+    /*
+     * Disable the handler for this page.
+     */
+    int rc = PGMHandlerPhysicalPageTempOff(pVM, pMmio2->RamRange.GCPhys, GCPhys & X86_PTE_PG_MASK);
+    AssertRC(rc);
+#ifndef IN_RING3
+    if (RT_SUCCESS(rc) && GCPtr != ~(RTGCPTR)0)
+    {
+        rc = PGMShwMakePageWritable(pVCpu, GCPtr, PGM_MK_PG_IS_MMIO2 | PGM_MK_PG_IS_WRITE_FAULT);
+        AssertMsgReturn(rc == VINF_SUCCESS, ("PGMShwModifyPage -> GCPtr=%RGv rc=%d\n", GCPtr, rc), rc);
+    }
+#else
+    RT_NOREF(pVCpu, GCPtr);
+#endif
+    return VINF_SUCCESS;
+}
+#ifndef IN_RING3
+/**
+ * @callback_method_impl{FNPGMRZPHYSPFHANDLER,
+ *      \#PF access handler callback for guest MMIO2 dirty page tracing.}
+ *
+ * @remarks The @a pvUser is the MMIO2 index.
+ */
+DECLEXPORT(VBOXSTRICTRC) pgmPhysMmio2WritePfHandler(PVMCC pVM, PVMCPUCC pVCpu, RTGCUINT uErrorCode, PCPUMCTXCORE pRegFrame,
+                                                    RTGCPTR pvFault, RTGCPHYS GCPhysFault, void *pvUser)
+{
+    RT_NOREF(pVCpu, uErrorCode, pRegFrame);
+    VBOXSTRICTRC rcStrict = PGM_LOCK(pVM); /* We should already have it, but just make sure we do. */
+    if (RT_SUCCESS(rcStrict))
+    {
+        rcStrict = pgmPhysMmio2WriteHandlerCommon(pVM, pVCpu, (uintptr_t)pvUser, GCPhysFault, pvFault);
+        PGM_UNLOCK(pVM);
+    }
+    return rcStrict;
+}
+#endif /* !IN_RING3 */
+/**
+ * @callback_method_impl{FNPGMPHYSHANDLER,
+ *      Access handler callback for MMIO2 dirty page tracing.}
+ *
+ * @remarks The @a pvUser is the MMIO2 index.
+ */
+PGM_ALL_CB2_DECL(VBOXSTRICTRC)
+pgmPhysMmio2WriteHandler(PVMCC pVM, PVMCPUCC pVCpu, RTGCPHYS GCPhys, void *pvPhys, void *pvBuf, size_t cbBuf,
+                         PGMACCESSTYPE enmAccessType, PGMACCESSORIGIN enmOrigin, void *pvUser)
+{
+    VBOXSTRICTRC rcStrict = PGM_LOCK(pVM); /* We should already have it, but just make sure we do. */
+    if (RT_SUCCESS(rcStrict))
+    {
+        rcStrict = pgmPhysMmio2WriteHandlerCommon(pVM, pVCpu, (uintptr_t)pvUser, GCPhys, ~(RTGCPTR)0);
+        PGM_UNLOCK(pVM);
+        if (rcStrict == VINF_SUCCESS)
+            rcStrict = VINF_PGM_HANDLER_DO_DEFAULT;
+    }
+    RT_NOREF(pvPhys, pvBuf, cbBuf, enmAccessType, enmOrigin);
+    return rcStrict;
+}
 …
         if (RT_SUCCESS(rcStrict))
+        {
+            PFNPGMPHYSHANDLER pfnHandler = PGMPHYSHANDLER_GET_TYPE(pVM, pCur)->CTX_SUFF(pfnHandler);
+            void *pvUser = pCur->CTX_SUFF(pvUser);
+            PPGMPHYSHANDLERTYPEINT const pCurType   = PGMPHYSHANDLER_GET_TYPE(pVM, pCur);
+            PFNPGMPHYSHANDLER const      pfnHandler = pCurType->CTX_SUFF(pfnHandler);
+            void * const                 pvUser     = pCur->CTX_SUFF(pvUser);
             STAM_PROFILE_START(&pCur->Stat, h);
+            /* Release the PGM lock as MMIO handlers take the IOM lock. (deadlock prevention) */
+            /* Most handlers will want to release the PGM lock for deadlock prevention
+               (esp. MMIO), though some PGM internal ones like the page pool and MMIO2
+               dirty page trackers will want to keep it for performance reasons. */
             PGM_LOCK_ASSERT_OWNER(pVM);
+            PGM_UNLOCK(pVM);
+            rcStrict = pfnHandler(pVM, pVCpu, GCPhys, pvDst, (void *)pvBuf, cbRange, PGMACCESSTYPE_WRITE, enmOrigin, pvUser);
+            PGM_LOCK_VOID(pVM);
+            if (pCurType->fKeepPgmLock)
+                rcStrict = pfnHandler(pVM, pVCpu, GCPhys, pvDst, (void *)pvBuf, cbRange, PGMACCESSTYPE_WRITE, enmOrigin, pvUser);
+            else
+            {
+                PGM_UNLOCK(pVM);
+                rcStrict = pfnHandler(pVM, pVCpu, GCPhys, pvDst, (void *)pvBuf, cbRange, PGMACCESSTYPE_WRITE, enmOrigin, pvUser);
+                PGM_LOCK_VOID(pVM);
+            }
 #ifdef VBOX_WITH_STATISTICS
 …
                 cbRange = offPhysLast + 1;
+            PFNPGMPHYSHANDLER pfnHandler = PGMPHYSHANDLER_GET_TYPE(pVM, pPhys)->CTX_SUFF(pfnHandler);
+            void *pvUser = pPhys->CTX_SUFF(pvUser);
+            PPGMPHYSHANDLERTYPEINT const pCurType   = PGMPHYSHANDLER_GET_TYPE(pVM, pPhys);
+            PFNPGMPHYSHANDLER const      pfnHandler = pCurType->CTX_SUFF(pfnHandler);
+            void * const                 pvUser     = pPhys->CTX_SUFF(pvUser);
             Log5(("pgmPhysWriteHandler: GCPhys=%RGp cbRange=%#x pPage=%R[pgmpage] phys %s\n", GCPhys, cbRange, pPage, R3STRING(pPhys->pszDesc) ));
             STAM_PROFILE_START(&pPhys->Stat, h);
+            /* Release the PGM lock as MMIO handlers take the IOM lock. (deadlock prevention) */
+            /* Most handlers will want to release the PGM lock for deadlock prevention
+               (esp. MMIO), though some PGM internal ones like the page pool and MMIO2
+               dirty page trackers will want to keep it for performance reasons. */
             PGM_LOCK_ASSERT_OWNER(pVM);
+            PGM_UNLOCK(pVM);
+            rcStrict2 = pfnHandler(pVM, pVCpu, GCPhys, pvDst, (void *)pvBuf, cbRange, PGMACCESSTYPE_WRITE, enmOrigin, pvUser);
+            PGM_LOCK_VOID(pVM);
+            if (pCurType->fKeepPgmLock)
+                rcStrict2 = pfnHandler(pVM, pVCpu, GCPhys, pvDst, (void *)pvBuf, cbRange, PGMACCESSTYPE_WRITE, enmOrigin, pvUser);
+            else
+            {
+                PGM_UNLOCK(pVM);
+                rcStrict2 = pfnHandler(pVM, pVCpu, GCPhys, pvDst, (void *)pvBuf, cbRange, PGMACCESSTYPE_WRITE, enmOrigin, pvUser);
+                PGM_LOCK_VOID(pVM);
+            }
 #ifdef VBOX_WITH_STATISTICS

trunk/src/VBox/VMM/VMMR3/IEMR3.cpp

-              r91263
+              r92162
+    {
         PVMCPU pVCpu0 = pVM->apCpusR3[0];
+        int rc = PGMR3HandlerPhysicalTypeRegister(pVM, PGMPHYSHANDLERKIND_ALL, iemVmxApicAccessPageHandler,
+        int rc = PGMR3HandlerPhysicalTypeRegister(pVM, PGMPHYSHANDLERKIND_ALL, false /*fKeepPgmLock*/,
+                                                  iemVmxApicAccessPageHandler,
                                                   NULL /* pszModR0 */,
                                                   "iemVmxApicAccessPageHandler", NULL /* pszPfHandlerR0 */,

trunk/src/VBox/VMM/VMMR3/IOM.cpp

r82968	r92162
159	159	* Register the MMIO access handler type.
160	160	*/
161		rc = PGMR3HandlerPhysicalTypeRegister(pVM, PGMPHYSHANDLERKIND_MMIO,
	161	rc = PGMR3HandlerPhysicalTypeRegister(pVM, PGMPHYSHANDLERKIND_MMIO, false /fKeepPgmLock/,
162	162	iomMmioHandlerNew,
163	163	NULL, "iomMmioHandlerNew", "iomMmioPfHandlerNew",

trunk/src/VBox/VMM/VMMR3/PDMDevHlp.cpp

-              r92071
+              r92162
     PDMDEV_ASSERT_DEVINS(pDevIns);
     PVM pVM = pDevIns->Internal.s.pVMR3;
     LogFlow(("pdmR3DevHlp_Mmio2GetMappingAddress: caller='%s'/%d: hRegion=%#RX6r\n", pDevIns->pReg->szName, pDevIns->iInstance, hRegion));
+    LogFlow(("pdmR3DevHlp_Mmio2GetMappingAddress: caller='%s'/%d: hRegion=%#RX64\n", pDevIns->pReg->szName, pDevIns->iInstance, hRegion));
     VM_ASSERT_EMT0_RETURN(pVM, NIL_RTGCPHYS);
 …
     return GCPhys;
+}
+/** @interface_method_impl{PDMDEVHLPR3,pfnMmio2QueryAndResetDirtyBitmap} */
+static DECLCALLBACK(int) pdmR3DevHlp_Mmio2QueryAndResetDirtyBitmap(PPDMDEVINS pDevIns, PGMMMIO2HANDLE hRegion,
+                                                                   void *pvBitmap, size_t cbBitmap)
+{
+    PDMDEV_ASSERT_DEVINS(pDevIns);
+    PVM pVM = pDevIns->Internal.s.pVMR3;
+    LogFlow(("pdmR3DevHlp_Mmio2QueryAndResetDirtyBitmap: caller='%s'/%d: hRegion=%#RX64 pvBitmap=%p cbBitmap=%#zx\n",
+             pDevIns->pReg->szName, pDevIns->iInstance, hRegion, pvBitmap, cbBitmap));
+    int rc = PGMR3PhysMmio2QueryAndResetDirtyBitmap(pVM, pDevIns, hRegion, pvBitmap, cbBitmap);
+    LogFlow(("pdmR3DevHlp_Mmio2QueryAndResetDirtyBitmap: caller='%s'/%d: returns %Rrc\n", pDevIns->pReg->szName, pDevIns->iInstance, rc));
+    return rc;
+}
+/** @interface_method_impl{PDMDEVHLPR3,pfnMmio2ControlDirtyPageTracking} */
+static DECLCALLBACK(int) pdmR3DevHlp_Mmio2ControlDirtyPageTracking(PPDMDEVINS pDevIns, PGMMMIO2HANDLE hRegion, bool fEnabled)
+{
+    PDMDEV_ASSERT_DEVINS(pDevIns);
+    PVM pVM = pDevIns->Internal.s.pVMR3;
+    LogFlow(("pdmR3DevHlp_Mmio2ControlDirtyPageTracking: caller='%s'/%d: hRegion=%#RX64 fEnabled=%RTbool\n",
+             pDevIns->pReg->szName, pDevIns->iInstance, hRegion, fEnabled));
+    int rc = PGMR3PhysMmio2ControlDirtyPageTracking(pVM, pDevIns, hRegion, fEnabled);
+    LogFlow(("pdmR3DevHlp_Mmio2ControlDirtyPageTracking: caller='%s'/%d: returns %Rrc\n", pDevIns->pReg->szName, pDevIns->iInstance, rc));
+    return rc;
+}
 /**
 …
     PDMDEV_ASSERT_DEVINS(pDevIns);
     PVM pVM = pDevIns->Internal.s.pVMR3;
     LogFlow(("pdmR3DevHlp_Mmio2ChangeRegionNo: caller='%s'/%d: hRegion=%#RX6r iNewRegion=%#x\n", pDevIns->pReg->szName, pDevIns->iInstance, hRegion, iNewRegion));
+    LogFlow(("pdmR3DevHlp_Mmio2ChangeRegionNo: caller='%s'/%d: hRegion=%#RX64 iNewRegion=%#x\n", pDevIns->pReg->szName, pDevIns->iInstance, hRegion, iNewRegion));
     VM_ASSERT_EMT0_RETURN(pVM, VERR_VM_THREAD_NOT_EMT);
 …
              pszDesc, pszDesc, phType));
     int rc = PGMR3HandlerPhysicalTypeRegister(pVM, enmKind, pfnHandlerR3,
+    int rc = PGMR3HandlerPhysicalTypeRegister(pVM, enmKind, false /*fKeepPgmLock*/, pfnHandlerR3,
                                               pDevIns->pReg->pszR0Mod, pszHandlerR0, pszPfHandlerR0,
                                               pDevIns->pReg->pszRCMod, pszHandlerRC, pszPfHandlerRC,
 …
     pdmR3DevHlp_Mmio2Reduce,
     pdmR3DevHlp_Mmio2GetMappingAddress,
+    pdmR3DevHlp_Mmio2QueryAndResetDirtyBitmap,
+    pdmR3DevHlp_Mmio2ControlDirtyPageTracking,
     pdmR3DevHlp_Mmio2ChangeRegionNo,
     pdmR3DevHlp_MmioMapMmio2Page,
 …
     pdmR3DevHlp_Mmio2Reduce,
     pdmR3DevHlp_Mmio2GetMappingAddress,
+    pdmR3DevHlp_Mmio2QueryAndResetDirtyBitmap,
+    pdmR3DevHlp_Mmio2ControlDirtyPageTracking,
     pdmR3DevHlp_Mmio2ChangeRegionNo,
     pdmR3DevHlp_MmioMapMmio2Page,
 …
     pdmR3DevHlp_Mmio2Reduce,
     pdmR3DevHlp_Mmio2GetMappingAddress,
+    pdmR3DevHlp_Mmio2QueryAndResetDirtyBitmap,
+    pdmR3DevHlp_Mmio2ControlDirtyPageTracking,
     pdmR3DevHlp_Mmio2ChangeRegionNo,
     pdmR3DevHlp_MmioMapMmio2Page,

trunk/src/VBox/VMM/VMMR3/PGM.cpp

-              r92046
+              r92162
      */
     if (RT_SUCCESS(rc))
+        rc = PGMR3HandlerPhysicalTypeRegister(pVM, PGMPHYSHANDLERKIND_WRITE,
+        /** @todo why isn't pgmPhysRomWriteHandler registered for ring-0?   */
+        rc = PGMR3HandlerPhysicalTypeRegister(pVM, PGMPHYSHANDLERKIND_WRITE, false /*fKeepPgmLock*/,
                                               pgmPhysRomWriteHandler,
                                               NULL, NULL, "pgmPhysRomWritePfHandler",
 …
                                               "ROM write protection",
                                               &pVM->pgm.s.hRomPhysHandlerType);
+    /*
+     * Register the physical access handler doing dirty MMIO2 tracing.
+     */
+    if (RT_SUCCESS(rc))
+        rc = PGMR3HandlerPhysicalTypeRegister(pVM, PGMPHYSHANDLERKIND_WRITE, true /*fKeepPgmLock*/,
+                                              pgmPhysMmio2WriteHandler,
+                                              NULL, "pgmPhysMmio2WriteHandler", "pgmPhysMmio2WritePfHandler",
+                                              NULL, "pgmPhysMmio2WriteHandler", "pgmPhysMmio2WritePfHandler",
+                                              "MMIO2 dirty page tracing",
+                                              &pVM->pgm.s.hMmio2DirtyPhysHandlerType);
     /*

trunk/src/VBox/VMM/VMMR3/PGMHandler.cpp

-              r91848
+              r92162
  * @param   pVM             The cross context VM structure.
  * @param   enmKind         The kind of access handler.
+ * @param   fKeepPgmLock    Whether to hold the PGM lock while calling the
+ *                          handler or not.  Mainly for PGM callers.
  * @param   pfnHandlerR3    Pointer to the ring-3 handler callback.
  * @param   pfnHandlerR0    Pointer to the ring-0 handler callback.
 …
  *                          safe).
  */
 VMMR3_INT_DECL(int) PGMR3HandlerPhysicalTypeRegisterEx(PVM pVM, PGMPHYSHANDLERKIND enmKind,
+VMMR3_INT_DECL(int) PGMR3HandlerPhysicalTypeRegisterEx(PVM pVM, PGMPHYSHANDLERKIND enmKind, bool fKeepPgmLock,
                                                        PFNPGMPHYSHANDLER pfnHandlerR3,
                                                        R0PTRTYPE(PFNPGMPHYSHANDLER) pfnHandlerR0,
 …
         pType->uState           = enmKind == PGMPHYSHANDLERKIND_WRITE
                                 ? PGM_PAGE_HNDL_PHYS_STATE_WRITE : PGM_PAGE_HNDL_PHYS_STATE_ALL;
+        pType->fKeepPgmLock     = fKeepPgmLock;
         pType->pfnHandlerR3     = pfnHandlerR3;
         pType->pfnHandlerR0     = pfnHandlerR0;
 …
  * @param   pVM             The cross context VM structure.
  * @param   enmKind         The kind of access handler.
+ * @param   fKeepPgmLock    Whether to hold the PGM lock while calling the
+ *                          handler or not.  Mainly for PGM callers.
  * @param   pfnHandlerR3    Pointer to the ring-3 handler callback.
  * @param   pszModR0        The name of the ring-0 module, NULL is an alias for
 …
  *                          safe).
  */
 VMMR3DECL(int) PGMR3HandlerPhysicalTypeRegister(PVM pVM, PGMPHYSHANDLERKIND enmKind,
+VMMR3DECL(int) PGMR3HandlerPhysicalTypeRegister(PVM pVM, PGMPHYSHANDLERKIND enmKind, bool fKeepPgmLock,
                                                 R3PTRTYPE(PFNPGMPHYSHANDLER) pfnHandlerR3,
                                                 const char *pszModR0, const char *pszHandlerR0, const char *pszPfHandlerR0,
 …
+            }
             if (RT_SUCCESS(rc))
                 return PGMR3HandlerPhysicalTypeRegisterEx(pVM, enmKind, pfnHandlerR3,
+                return PGMR3HandlerPhysicalTypeRegisterEx(pVM, enmKind, fKeepPgmLock, pfnHandlerR3,
                                                           pfnHandlerR0, pfnPfHandlerR0, pszDesc, phType);
+        }

trunk/src/VBox/VMM/VMMR3/PGMPhys.cpp

-              r92157
+              r92162
+/*********************************************************************************************************************************
+*   MMIO2                                                                                                                        *
+*********************************************************************************************************************************/
 /**
  * Locate a MMIO2 range.
 …
 /**
+ * Worker for PGMR3PhysMmio2ControlDirtyPageTracking and PGMR3PhysMmio2Map.
+ */
+static int pgmR3PhysMmio2EnableDirtyPageTracing(PVM pVM, PPGMREGMMIO2RANGE pFirstMmio2)
+{
+    int rc = VINF_SUCCESS;
+    for (PPGMREGMMIO2RANGE pCurMmio2 = pFirstMmio2; pCurMmio2; pCurMmio2 = pCurMmio2->pNextR3)
+    {
+        Assert(!(pCurMmio2->fFlags & PGMREGMMIO2RANGE_F_IS_TRACKING));
+        int rc2 = pgmHandlerPhysicalExRegister(pVM, pCurMmio2->pPhysHandlerR3, pCurMmio2->RamRange.GCPhys,
+                                               pCurMmio2->RamRange.GCPhysLast);
+        AssertLogRelMsgRC(rc2, ("%#RGp-%#RGp %s failed -> %Rrc\n", pCurMmio2->RamRange.GCPhys, pCurMmio2->RamRange.GCPhysLast,
+                                pCurMmio2->RamRange.pszDesc, rc2));
+        if (RT_SUCCESS(rc2))
+            pCurMmio2->fFlags |= PGMREGMMIO2RANGE_F_IS_TRACKING;
+        else if (RT_SUCCESS(rc))
+            rc = rc2;
+        if (pCurMmio2->fFlags & PGMREGMMIO2RANGE_F_LAST_CHUNK)
+            return rc;
+    }
+    AssertFailed();
+    return rc;
+}
+/**
+ * Worker for PGMR3PhysMmio2ControlDirtyPageTracking and PGMR3PhysMmio2Unmap.
+ */
+static int pgmR3PhysMmio2DisableDirtyPageTracing(PVM pVM, PPGMREGMMIO2RANGE pFirstMmio2)
+{
+    for (PPGMREGMMIO2RANGE pCurMmio2 = pFirstMmio2; pCurMmio2; pCurMmio2 = pCurMmio2->pNextR3)
+    {
+        if (pCurMmio2->fFlags & PGMREGMMIO2RANGE_F_IS_TRACKING)
+        {
+            int rc2 = pgmHandlerPhysicalExDeregister(pVM, pCurMmio2->pPhysHandlerR3);
+            AssertLogRelMsgRC(rc2, ("%#RGp-%#RGp %s failed -> %Rrc\n", pCurMmio2->RamRange.GCPhys, pCurMmio2->RamRange.GCPhysLast,
+                                    pCurMmio2->RamRange.pszDesc, rc2));
+            pCurMmio2->fFlags &= ~PGMREGMMIO2RANGE_F_IS_TRACKING;
+        }
+        if (pCurMmio2->fFlags & PGMREGMMIO2RANGE_F_LAST_CHUNK)
+            return VINF_SUCCESS;
+    }
+    AssertFailed();
+    return VINF_SUCCESS;
+}
+/**
  * Calculates the number of chunks
+ *
 …
      * Note! In additions, we've got a 24 bit sub-page range for MMIO2 ranges, leaving
      *       us with an absolute maximum of 16777215 pages per chunk (close to 64 GB).
+     *
+     * P.S. If we want to include a dirty bitmap, we'd have to drop down to 1040384 pages.
      */
     uint32_t cbChunk = 16U*_1M;
+    uint32_t cPagesPerChunk = 1048048; /* max ~1048059 */
+    AssertCompile(sizeof(PGMREGMMIO2RANGE) + sizeof(PGMPAGE) * 1048048 < 16U*_1M - PAGE_SIZE * 2);
+    uint32_t cPagesPerChunk = 1048000; /* max ~1048059 */
+    Assert(cPagesPerChunk / 64 * 64 == cPagesPerChunk); /* (NEM requirement) */
+    AssertCompile(sizeof(PGMREGMMIO2RANGE) + sizeof(PGMPAGE) * 1048000 < 16U*_1M - PAGE_SIZE * 2);
     AssertRelease(cPagesPerChunk <= PGM_MMIO2_MAX_PAGE_COUNT); /* See above note. */
     AssertRelease(RT_UOFFSETOF_DYN(PGMREGMMIO2RANGE, RamRange.aPages[cPagesPerChunk]) + PAGE_SIZE * 2 <= cbChunk);
 …
  *                          UINT8_MAX.
  * @param   cb              The size of the region.  Must be page aligned.
+ * @param   fFlags          PGMPHYS_MMIO2_FLAGS_XXX.
+ * @param   idMmio2         The MMIO2 ID for the first chunk.
  * @param   pszDesc         The description.
  * @param   ppHeadRet       Where to return the pointer to the first
 …
  * @thread  EMT
  */
 static int pgmR3PhysMmio2Create(PVM pVM, PPDMDEVINS pDevIns, uint32_t iSubDev, uint32_t iRegion, RTGCPHYS cb,
                                 const char *pszDesc, PPGMREGMMIO2RANGE *ppHeadRet)
+static int pgmR3PhysMmio2Create(PVM pVM, PPDMDEVINS pDevIns, uint32_t iSubDev, uint32_t iRegion, RTGCPHYS cb, uint32_t fFlags,
+                                uint8_t idMmio2, const char *pszDesc, PPGMREGMMIO2RANGE *ppHeadRet)
+{
     /*
 …
     int rc = VINF_SUCCESS;
     uint32_t cPagesLeft = cb >> X86_PAGE_SHIFT;
     for (uint16_t iChunk = 0; iChunk < cChunks && RT_SUCCESS(rc); iChunk++)
+    for (uint16_t iChunk = 0; iChunk < cChunks && RT_SUCCESS(rc); iChunk++, idMmio2++)
+    {
         /*
 …
         //pNew->pvR3                = NULL;
         //pNew->pNext               = NULL;
-        //pNew->fFlags              = 0;
         if (iChunk == 0)
             pNew->fFlags |= PGMREGMMIO2RANGE_F_FIRST_CHUNK;
         if (iChunk + 1 == cChunks)
             pNew->fFlags |= PGMREGMMIO2RANGE_F_LAST_CHUNK;
+        if (fFlags & PGMPHYS_MMIO2_FLAGS_TRACK_DIRTY_PAGES)
+            pNew->fFlags |= PGMREGMMIO2RANGE_F_TRACK_DIRTY_PAGES;
         pNew->iSubDev               = iSubDev;
         pNew->iRegion               = iRegion;
         pNew->idSavedState          = UINT8_MAX;
         pNew->idMmio2               = UINT8_MAX;
+        pNew->idMmio2               = idMmio2;
         //pNew->pPhysHandlerR3      = NULL;
         //pNew->paLSPages           = NULL;
 …
         cPagesLeft -= cPagesTrackedByChunk;
         ppNext = &pNew->pNextR3;
+        /*
+         * Pre-allocate a handler if we're tracking dirty pages.
+         */
+        if (fFlags & PGMPHYS_MMIO2_FLAGS_TRACK_DIRTY_PAGES)
+        {
+            rc = pgmHandlerPhysicalExCreate(pVM, pVM->pgm.s.hMmio2DirtyPhysHandlerType,
+                                            (RTR3PTR)(uintptr_t)idMmio2, idMmio2, idMmio2, pszDesc, &pNew->pPhysHandlerR3);
+            AssertLogRelMsgRCBreak(rc, ("idMmio2=%zu\n", idMmio2));
+        }
+    }
     Assert(cPagesLeft == 0);
 …
         PPGMREGMMIO2RANGE pFree = *ppHeadRet;
         *ppHeadRet = pFree->pNextR3;
+        if (pFree->pPhysHandlerR3)
+        {
+            pgmHandlerPhysicalExDestroy(pVM, pFree->pPhysHandlerR3);
+            pFree->pPhysHandlerR3 = NULL;
+        }
         if (pFree->RamRange.fFlags & PGM_RAM_RANGE_FLAGS_FLOATING)
 …
     AssertReturn(!(cb & PAGE_OFFSET_MASK), VERR_INVALID_PARAMETER);
     AssertReturn(cb, VERR_INVALID_PARAMETER);
     AssertReturn(!fFlags, VERR_INVALID_PARAMETER);
+    AssertReturn(!(fFlags & ~PGMPHYS_MMIO2_FLAGS_VALID_MASK), VERR_INVALID_FLAGS);
     const uint32_t cPages = cb >> PAGE_SHIFT;
 …
      */
     unsigned cChunks = pgmR3PhysMmio2CalcChunkCount(pVM, cb, NULL, NULL);
     PGM_LOCK_VOID(pVM);
+    uint8_t  idMmio2 = pVM->pgm.s.cMmio2Regions + 1;
+    unsigned cNewMmio2Regions = pVM->pgm.s.cMmio2Regions + cChunks;
+    AssertCompile(PGM_MMIO2_MAX_RANGES < 255);
+    uint8_t const  idMmio2          = pVM->pgm.s.cMmio2Regions + 1;
+    unsigned const cNewMmio2Regions = pVM->pgm.s.cMmio2Regions + cChunks;
     if (cNewMmio2Regions > PGM_MMIO2_MAX_RANGES)
+    {
 …
                  */
                 PPGMREGMMIO2RANGE pNew;
                 rc = pgmR3PhysMmio2Create(pVM, pDevIns, iSubDev, iRegion, cb, pszDesc, &pNew);
+                rc = pgmR3PhysMmio2Create(pVM, pDevIns, iSubDev, iRegion, cb, fFlags, idMmio2, pszDesc, &pNew);
                 if (RT_SUCCESS(rc))
+                {
 …
 #endif
                         pCur->RamRange.pvR3 = pbCurPages;
-                        pCur->idMmio2       = idMmio2;
                         uint32_t iDstPage = pCur->RamRange.cb >> X86_PAGE_SHIFT;
 …
                         iSrcPage   += pCur->RamRange.cb >> X86_PAGE_SHIFT;
                         pbCurPages += pCur->RamRange.cb;
-                        idMmio2++;
+                    }
 …
             uint8_t idMmio2 = pCur->idMmio2;
+            if (idMmio2 != UINT8_MAX)
+            Assert(idMmio2 <= RT_ELEMENTS(pVM->pgm.s.apMmio2RangesR3));
+            if (idMmio2 <= RT_ELEMENTS(pVM->pgm.s.apMmio2RangesR3))
+            {
                 Assert(pVM->pgm.s.apMmio2RangesR3[idMmio2 - 1] == pCur);
 …
             if (RT_FAILURE(rc2) && RT_SUCCESS(rc))
                 rc = rc2;
+            if (pCur->pPhysHandlerR3)
+            {
+                pgmHandlerPhysicalExDestroy(pVM, pCur->pPhysHandlerR3);
+                pCur->pPhysHandlerR3 = NULL;
+            }
             /* we're leaking hyper memory here if done at runtime. */
 …
+    }
+#if 0 /* will be reused */
+    /*
+     * Register the access handler if plain MMIO.
+    /*
+     * If the range have dirty page monitoring enabled, enable that.
+     *
+     * We must register access handlers for each range since the access handler
+     * code refuses to deal with multiple ranges (and we can).
+     */
+    if (!(pFirstMmio->fFlags & PGMREGMMIO2RANGE_F_MMIO2))
+    {
+        AssertFailed();
+        int rc = VINF_SUCCESS;
+        for (PPGMREGMMIO2RANGE pCurMmio = pFirstMmio; ; pCurMmio = pCurMmio->pNextR3)
+        {
+            Assert(!(pCurMmio->fFlags & PGMREGMMIO2RANGE_F_MAPPED));
+            rc = pgmHandlerPhysicalExRegister(pVM, pCurMmio->pPhysHandlerR3, pCurMmio->RamRange.GCPhys,
+                                              pCurMmio->RamRange.GCPhysLast);
+            if (RT_FAILURE(rc))
+                break;
+            pCurMmio->fFlags |= PGMREGMMIO2RANGE_F_MAPPED; /* Use this to mark that the handler is registered. */
+            if (pCurMmio->fFlags & PGMREGMMIO2RANGE_F_LAST_CHUNK)
+                break;
+        }
+        if (RT_FAILURE(rc))
+        {
+            /* Almost impossible, but try clean up properly and get out of here. */
+            for (PPGMREGMMIO2RANGE pCurMmio = pFirstMmio; ; pCurMmio = pCurMmio->pNextR3)
+            {
+                if (pCurMmio->fFlags & PGMREGMMIO2RANGE_F_MAPPED)
+                {
+                    pCurMmio->fFlags &= ~PGMREGMMIO2RANGE_F_MAPPED;
+                    pgmHandlerPhysicalExDeregister(pVM, pCurMmio->pPhysHandlerR3);
+                }
+                if (!fRamExists)
+                    pgmR3PhysUnlinkRamRange(pVM, &pCurMmio->RamRange);
+                else
+                {
+                    Assert(pCurMmio->fFlags & PGMREGMMIO2RANGE_F_LAST_CHUNK); /* Only one chunk */
+                    uint32_t cPagesLeft = pCurMmio->RamRange.cb >> PAGE_SHIFT;
+                    PPGMPAGE pPageDst = &pRam->aPages[(pCurMmio->RamRange.GCPhys - pRam->GCPhys) >> PAGE_SHIFT];
+                    while (cPagesLeft-- > 0)
+                    {
+                        PGM_PAGE_INIT_ZERO(pPageDst, pVM, PGMPAGETYPE_RAM);
+                        pPageDst++;
+                    }
+                }
+                pCurMmio->RamRange.GCPhys     = NIL_RTGCPHYS;
+                pCurMmio->RamRange.GCPhysLast = NIL_RTGCPHYS;
+                if (pCurMmio->fFlags & PGMREGMMIO2RANGE_F_LAST_CHUNK)
+                    break;
+            }
+            /** @todo NEM notification cleanup */
+            PGM_UNLOCK(pVM);
+            return rc;
+        }
+    }
+#endif
+     * We ignore failures here for now because if we fail, the whole mapping
+     * will have to be reversed and we'll end up with nothing at all on the
+     * screen and a grumpy guest, whereas if we just go on, we'll only have
+     * visual distortions to gripe about.  There will be something in the
+     * release log.
+     */
+    if (   pFirstMmio->pPhysHandlerR3
+        && (pFirstMmio->fFlags & PGMREGMMIO2RANGE_F_TRACKING_ENABLED))
+        pgmR3PhysMmio2EnableDirtyPageTracing(pVM, pFirstMmio);
     /*
 …
     AssertReturnStmt(fOldFlags & PGMREGMMIO2RANGE_F_MAPPED, PGM_UNLOCK(pVM), VERR_WRONG_ORDER);
+#if 0 /* will be reused */
+    /*
+     * If plain MMIO, we must deregister the handlers first.
+     */
+    if (!(fOldFlags & PGMREGMMIO2RANGE_F_MMIO2))
+    {
+        AssertFailed();
+        PPGMREGMMIO2RANGE pCurMmio = pFirstMmio;
+        rc = pgmHandlerPhysicalExDeregister(pVM, pFirstMmio->pPhysHandlerR3);
+        AssertRCReturnStmt(rc, PGM_UNLOCK(pVM), rc);
+        while (!(pCurMmio->fFlags & PGMREGMMIO2RANGE_F_LAST_CHUNK))
+        {
+            pCurMmio = pCurMmio->pNextR3;
+            rc = pgmHandlerPhysicalExDeregister(pVM, pCurMmio->pPhysHandlerR3);
+            AssertRCReturnStmt(rc, PGM_UNLOCK(pVM), VERR_PGM_PHYS_MMIO_EX_IPE);
+        }
+    }
+#endif
+    /*
+     * If monitoring dirty pages, we must deregister the handlers first.
+     */
+    if (   pFirstMmio->pPhysHandlerR3
+        && (fOldFlags & PGMREGMMIO2RANGE_F_TRACKING_ENABLED))
+        pgmR3PhysMmio2DisableDirtyPageTracing(pVM, pFirstMmio);
     /*
 …
                                 ("%s: %#x\n", pFirstMmio->RamRange.pszDesc, pFirstMmio->fFlags),
                                 rc = VERR_NOT_SUPPORTED);
+#ifdef VBOX_WITH_PGM_NEM_MODE
+            /*
+             * Currently not supported for NEM in simple memory mode.
+             */
+            /** @todo implement this for NEM. */
+            if (RT_SUCCESS(rc))
+                AssertLogRelMsgStmt(VM_IS_NEM_ENABLED(pVM), ("%s: %#x\n", pFirstMmio->RamRange.pszDesc),
+                                    rc = VERR_PGM_NOT_SUPPORTED_FOR_NEM_MODE);
+#endif
             if (RT_SUCCESS(rc))
+            {
 …
     return NIL_RTGCPHYS;
+}
+/**
+ * Worker for PGMR3PhysMmio2QueryAndResetDirtyBitmap.
+ *
+ * Called holding the PGM lock.
+ */
+static int pgmR3PhysMmio2QueryAndResetDirtyBitmapLocked(PVM pVM, PPDMDEVINS pDevIns, PGMMMIO2HANDLE hMmio2,
+                                                        void *pvBitmap, size_t cbBitmap)
+{
+    /*
+     * Continue validation.
+     */
+    PPGMREGMMIO2RANGE pFirstRegMmio = pgmR3PhysMmio2Find(pVM, pDevIns, UINT32_MAX, UINT32_MAX, hMmio2);
+    AssertReturn(pFirstRegMmio, VERR_INVALID_HANDLE);
+    AssertReturn(   (pFirstRegMmio->fFlags & (PGMREGMMIO2RANGE_F_TRACK_DIRTY_PAGES | PGMREGMMIO2RANGE_F_FIRST_CHUNK))
+                 ==                          (PGMREGMMIO2RANGE_F_TRACK_DIRTY_PAGES | PGMREGMMIO2RANGE_F_FIRST_CHUNK),
+                 VERR_INVALID_FUNCTION);
+    AssertReturn(pDevIns == pFirstRegMmio->pDevInsR3, VERR_NOT_OWNER);
+    RTGCPHYS cbTotal     = 0;
+    uint16_t fTotalDirty = 0;
+    for (PPGMREGMMIO2RANGE pCur = pFirstRegMmio;;)
+    {
+        cbTotal     += pCur->cbReal; /** @todo good question for NEM... */
+        fTotalDirty |= pCur->fFlags;
+        if (pCur->fFlags & PGMREGMMIO2RANGE_F_LAST_CHUNK)
+            break;
+        pCur = pCur->pNextR3;
+        AssertPtrReturn(pCur, VERR_INTERNAL_ERROR_5);
+        AssertReturn(   (pCur->fFlags & (PGMREGMMIO2RANGE_F_TRACK_DIRTY_PAGES | PGMREGMMIO2RANGE_F_FIRST_CHUNK))
+                     ==                  PGMREGMMIO2RANGE_F_TRACK_DIRTY_PAGES,
+                     VERR_INTERNAL_ERROR_4);
+    }
+    size_t const cbTotalBitmap = RT_ALIGN_T(cbTotal, PAGE_SIZE * 64, RTGCPHYS) / PAGE_SIZE / 8;
+    if (cbBitmap)
+    {
+        AssertPtrReturn(pvBitmap, VERR_INVALID_POINTER);
+        AssertReturn(RT_ALIGN_P(pvBitmap, sizeof(uint64_t)) == pvBitmap, VERR_INVALID_POINTER);
+        AssertReturn(cbBitmap == cbTotalBitmap, VERR_INVALID_PARAMETER);
+    }
+    /*
+     * Do the work.
+     */
+    int rc = VINF_SUCCESS;
+    if (pvBitmap)
+    {
+        if (fTotalDirty & PGMREGMMIO2RANGE_F_IS_DIRTY)
+        {
+            if (   (pFirstRegMmio->fFlags & (PGMREGMMIO2RANGE_F_MAPPED | PGMREGMMIO2RANGE_F_TRACKING_ENABLED))
+                ==                          (PGMREGMMIO2RANGE_F_MAPPED | PGMREGMMIO2RANGE_F_TRACKING_ENABLED))
+            {
+                /*
+                 * Reset each chunk, gathering dirty bits.
+                 */
+                RT_BZERO(pvBitmap, cbBitmap); /* simpler for now. */
+                uint32_t iPageNo = 0;
+                for (PPGMREGMMIO2RANGE pCur = pFirstRegMmio; pCur; pCur = pCur->pNextR3)
+                {
+                    if (pCur->fFlags & PGMREGMMIO2RANGE_F_IS_DIRTY)
+                    {
+                        int rc2 = pgmHandlerPhysicalResetMmio2WithBitmap(pVM, pCur->RamRange.GCPhys, pvBitmap, iPageNo);
+                        if (RT_FAILURE(rc2) && RT_SUCCESS(rc))
+                            rc = rc2;
+                        pCur->fFlags &= ~PGMREGMMIO2RANGE_F_IS_DIRTY;
+                    }
+                    if (pCur->fFlags & PGMREGMMIO2RANGE_F_LAST_CHUNK)
+                        break;
+                    iPageNo += pCur->RamRange.cb >> PAGE_SHIFT;
+                }
+            }
+            else
+            {
+                /*
+                 * If not mapped or tracking is disabled, we return the
+                 * PGMREGMMIO2RANGE_F_IS_DIRTY status for all pages.  We cannot
+                 * get more accurate data than that after unmapping or disabling.
+                 */
+                RT_BZERO(pvBitmap, cbBitmap);
+                uint32_t iPageNo = 0;
+                for (PPGMREGMMIO2RANGE pCur = pFirstRegMmio; pCur; pCur = pCur->pNextR3)
+                {
+                    if (pCur->fFlags & PGMREGMMIO2RANGE_F_IS_DIRTY)
+                    {
+                        ASMBitSetRange(pvBitmap, iPageNo, iPageNo + (pCur->RamRange.cb >> PAGE_SHIFT));
+                        pCur->fFlags &= ~PGMREGMMIO2RANGE_F_IS_DIRTY;
+                    }
+                    if (pCur->fFlags & PGMREGMMIO2RANGE_F_LAST_CHUNK)
+                        break;
+                    iPageNo += pCur->RamRange.cb >> PAGE_SHIFT;
+                }
+            }
+        }
+        /*
+         * No dirty chunks.
+         */
+        else
+            RT_BZERO(pvBitmap, cbBitmap);
+    }
+    /*
+     * No bitmap. Reset the region if tracking is currently enabled.
+     */
+    else if (   (pFirstRegMmio->fFlags & (PGMREGMMIO2RANGE_F_MAPPED | PGMREGMMIO2RANGE_F_TRACKING_ENABLED))
+             ==                          (PGMREGMMIO2RANGE_F_MAPPED | PGMREGMMIO2RANGE_F_TRACKING_ENABLED))
+        rc = PGMHandlerPhysicalReset(pVM, pFirstRegMmio->RamRange.GCPhys);
+    return rc;
+}
+/**
+ * Queries the dirty page bitmap and resets the monitoring.
+ *
+ * The PGMPHYS_MMIO2_FLAGS_TRACK_DIRTY_PAGES flag must be specified when
+ * creating the range for this to work.
+ *
+ * @returns VBox status code.
+ * @retval  VERR_INVALID_FUNCTION if not created using
+ *          PGMPHYS_MMIO2_FLAGS_TRACK_DIRTY_PAGES.
+ * @param   pVM         The cross context VM structure.
+ * @param   pDevIns     The device owning the MMIO2 handle.
+ * @param   hMmio2      The region handle.
+ * @param   pvBitmap    The output bitmap.  Must be 8-byte aligned.  Ignored
+ *                      when @a cbBitmap is zero.
+ * @param   cbBitmap    The size of the bitmap.  Must be the size of the whole
+ *                      MMIO2 range, rounded up to the nearest 8 bytes.
+ *                      When zero only a reset is done.
+ */
+VMMR3_INT_DECL(int) PGMR3PhysMmio2QueryAndResetDirtyBitmap(PVM pVM, PPDMDEVINS pDevIns, PGMMMIO2HANDLE hMmio2,
+                                                           void *pvBitmap, size_t cbBitmap)
+{
+    /*
+     * Do some basic validation before grapping the PGM lock and continuing.
+     */
+    AssertPtrReturn(pDevIns, VERR_INVALID_POINTER);
+    AssertReturn(RT_ALIGN_Z(cbBitmap, sizeof(uint64_t)) == cbBitmap, VERR_INVALID_PARAMETER);
+    int rc = PGM_LOCK(pVM);
+    if (RT_SUCCESS(rc))
+    {
+        rc = pgmR3PhysMmio2QueryAndResetDirtyBitmapLocked(pVM, pDevIns, hMmio2, pvBitmap, cbBitmap);
+        PGM_UNLOCK(pVM);
+    }
+    return rc;
+}
+/**
+ * Worker for PGMR3PhysMmio2ControlDirtyPageTracking
+ *
+ * Called owning the PGM lock.
+ */
+static int pgmR3PhysMmio2ControlDirtyPageTrackingLocked(PVM pVM, PPDMDEVINS pDevIns, PGMMMIO2HANDLE hMmio2, bool fEnabled)
+{
+    /*
+     * Continue validation.
+     */
+    PPGMREGMMIO2RANGE pFirstRegMmio = pgmR3PhysMmio2Find(pVM, pDevIns, UINT32_MAX, UINT32_MAX, hMmio2);
+    AssertReturn(pFirstRegMmio, VERR_INVALID_HANDLE);
+    AssertReturn(   (pFirstRegMmio->fFlags & (PGMREGMMIO2RANGE_F_TRACK_DIRTY_PAGES | PGMREGMMIO2RANGE_F_FIRST_CHUNK))
+                 ==                          (PGMREGMMIO2RANGE_F_TRACK_DIRTY_PAGES | PGMREGMMIO2RANGE_F_FIRST_CHUNK)
+                 , VERR_INVALID_FUNCTION);
+    AssertReturn(pDevIns == pFirstRegMmio->pDevInsR3, VERR_NOT_OWNER);
+    /*
+     * Anyting needing doing?
+     */
+    if (fEnabled != RT_BOOL(pFirstRegMmio->fFlags & PGMREGMMIO2RANGE_F_TRACKING_ENABLED))
+    {
+        LogFlowFunc(("fEnabled=%RTbool %s\n", fEnabled, pFirstRegMmio->RamRange.pszDesc));
+        /*
+         * Update the PGMREGMMIO2RANGE_F_TRACKING_ENABLED flag.
+         */
+        for (PPGMREGMMIO2RANGE pCur = pFirstRegMmio;;)
+        {
+            if (fEnabled)
+                pCur->fFlags |= PGMREGMMIO2RANGE_F_TRACKING_ENABLED;
+            else
+                pCur->fFlags &= ~PGMREGMMIO2RANGE_F_TRACKING_ENABLED;
+            if (pCur->fFlags & PGMREGMMIO2RANGE_F_LAST_CHUNK)
+                break;
+            pCur = pCur->pNextR3;
+            AssertPtrReturn(pCur, VERR_INTERNAL_ERROR_5);
+            AssertReturn(   (pCur->fFlags & (PGMREGMMIO2RANGE_F_TRACK_DIRTY_PAGES | PGMREGMMIO2RANGE_F_FIRST_CHUNK))
+                         ==                  PGMREGMMIO2RANGE_F_TRACK_DIRTY_PAGES
+                         , VERR_INTERNAL_ERROR_4);
+        }
+        /*
+         * Enable/disable handlers if currently mapped.
+         *
+         * We ignore status codes here as we've already changed the flags and
+         * returning a failure status now would be confusing.  Besides, the two
+         * functions will continue past failures.  As argued in the mapping code,
+         * it's in the release log.
+         */
+        if (pFirstRegMmio->fFlags & PGMREGMMIO2RANGE_F_MAPPED)
+        {
+            if (fEnabled)
+                pgmR3PhysMmio2EnableDirtyPageTracing(pVM, pFirstRegMmio);
+            else
+                pgmR3PhysMmio2DisableDirtyPageTracing(pVM, pFirstRegMmio);
+        }
+    }
+    else
+        LogFlowFunc(("fEnabled=%RTbool %s - no change\n", fEnabled, pFirstRegMmio->RamRange.pszDesc));
+    return VINF_SUCCESS;
+}
+/**
+ * Controls the dirty page tracking for an MMIO2 range.
+ *
+ * @returns VBox status code.
+ * @param   pVM         The cross context VM structure.
+ * @param   pDevIns     The device owning the MMIO2 memory.
+ * @param   hMmio2      The handle of the region.
+ * @param   fEnabled    The new tracking state.
+ */
+VMMR3_INT_DECL(int) PGMR3PhysMmio2ControlDirtyPageTracking(PVM pVM, PPDMDEVINS pDevIns, PGMMMIO2HANDLE hMmio2, bool fEnabled)
+{
+    /*
+     * Do some basic validation before grapping the PGM lock and continuing.
+     */
+    AssertPtrReturn(pDevIns, VERR_INVALID_POINTER);
+    int rc = PGM_LOCK(pVM);
+    if (RT_SUCCESS(rc))
+    {
+        rc = pgmR3PhysMmio2ControlDirtyPageTrackingLocked(pVM, pDevIns, hMmio2, fEnabled);
+        PGM_UNLOCK(pVM);
+    }
+    return rc;
+}
 /**

trunk/src/VBox/VMM/VMMR3/PGMPool.cpp

r91854	r92162
280	280
281	281	pPool->hAccessHandlerType = NIL_PGMPHYSHANDLERTYPE;
282		rc = PGMR3HandlerPhysicalTypeRegister(pVM, PGMPHYSHANDLERKIND_WRITE,
	282	rc = PGMR3HandlerPhysicalTypeRegister(pVM, PGMPHYSHANDLERKIND_WRITE, true /fKeepPgmLock/,
283	283	pgmPoolAccessHandler,
284	284	NULL, "pgmPoolAccessHandler", "pgmRZPoolAccessPfHandler",

trunk/src/VBox/VMM/include/PGMInternal.h

-              r92157
+              r92162
     PGMPHYSHANDLERKIND                  enmKind;
     /** The PGM_PAGE_HNDL_PHYS_STATE_XXX value corresponding to enmKind. */
+    uint32_t                            uState;
+    uint8_t                             uState;
+    /** Whether to keep the PGM lock when calling the handler. */
+    bool                                fKeepPgmLock;
+    bool                                afPadding[2];
     /** Pointer to R3 callback function. */
     R3PTRTYPE(PFNPGMPHYSHANDLER)        pfnHandlerR3;
 …
  * @{ */
 /** Set if this is the first chunk in the MMIO2 range. */
 #define PGMREGMMIO2RANGE_F_FIRST_CHUNK      UINT16_C(0x0001)
+#define PGMREGMMIO2RANGE_F_FIRST_CHUNK          UINT16_C(0x0001)
 /** Set if this is the last chunk in the MMIO2 range. */
 #define PGMREGMMIO2RANGE_F_LAST_CHUNK       UINT16_C(0x0002)
+#define PGMREGMMIO2RANGE_F_LAST_CHUNK           UINT16_C(0x0002)
 /** Set if the whole range is mapped. */
 #define PGMREGMMIO2RANGE_F_MAPPED           UINT16_C(0x0004)
+#define PGMREGMMIO2RANGE_F_MAPPED               UINT16_C(0x0004)
 /** Set if it's overlapping, clear if not. */
+#define PGMREGMMIO2RANGE_F_OVERLAPPING      UINT16_C(0x0008)
+#define PGMREGMMIO2RANGE_F_OVERLAPPING          UINT16_C(0x0008)
+/** This mirrors the PGMPHYS_MMIO2_FLAGS_TRACK_DIRTY_PAGES creation flag.*/
+#define PGMREGMMIO2RANGE_F_TRACK_DIRTY_PAGES    UINT16_C(0x0010)
+/** Set if the access handler is registered.   */
+#define PGMREGMMIO2RANGE_F_IS_TRACKING          UINT16_C(0x0020)
+/** Set if dirty page tracking is currently enabled. */
+#define PGMREGMMIO2RANGE_F_TRACKING_ENABLED     UINT16_C(0x0040)
+/** Set if there are dirty pages in the range.   */
+#define PGMREGMMIO2RANGE_F_IS_DIRTY             UINT16_C(0x0080)
 /** @} */
 …
     /** Physical access handler type for ROM protection. */
     PGMPHYSHANDLERTYPE              hRomPhysHandlerType;
     /** Alignment padding.   */
     uint32_t                        u32Padding;
+    /** Physical access handler type for MMIO2 dirty page tracing. */
+    PGMPHYSHANDLERTYPE              hMmio2DirtyPhysHandlerType;
     /** 4 MB page mask; 32 or 36 bits depending on PSE-36 (identical for all VCPUs) */
 …
 bool            pgmHandlerPhysicalIsAll(PVMCC pVM, RTGCPHYS GCPhys);
 void            pgmHandlerPhysicalResetAliasedPage(PVMCC pVM, PPGMPAGE pPage, RTGCPHYS GCPhysPage, PPGMRAMRANGE pRam, bool fDoAccounting);
+DECLHIDDEN(int) pgmHandlerPhysicalResetMmio2WithBitmap(PVMCC pVM, RTGCPHYS GCPhys, void *pvBitmap, uint32_t offBitmap);
 DECLCALLBACK(void) pgmR3InfoHandlers(PVM pVM, PCDBGFINFOHLP pHlp, const char *pszArgs);
 int             pgmR3InitSavedState(PVM pVM, uint64_t cbRam);
 …
 void            pgmPhysReleaseInternalPageMappingLock(PVMCC pVM, PPGMPAGEMAPLOCK pLock);
 PGM_ALL_CB2_PROTO(FNPGMPHYSHANDLER) pgmPhysRomWriteHandler;
+PGM_ALL_CB2_PROTO(FNPGMPHYSHANDLER) pgmPhysMmio2WriteHandler;
 #ifndef IN_RING3
 DECLEXPORT(FNPGMPHYSHANDLER)        pgmPhysHandlerRedirectToHC;
 DECLEXPORT(FNPGMRZPHYSPFHANDLER)    pgmPhysPfHandlerRedirectToHC;
 DECLEXPORT(FNPGMRZPHYSPFHANDLER)    pgmPhysRomWritePfHandler;
+DECLEXPORT(FNPGMRZPHYSPFHANDLER)    pgmPhysMmio2WritePfHandler;
 #endif
 int             pgmPhysFreePage(PVM pVM, PGMMFREEPAGESREQ pReq, uint32_t *pcPendingPages, PPGMPAGE pPage, RTGCPHYS GCPhys,

Note: See TracChangeset for help on using the changeset viewer.

Download in other formats:

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette