Changeset 93609 in vbox

Timestamp:

Feb 5, 2022 7:03:08 PM (3 years ago)

Author:

vboxsync

Message:

VMM/PDMQueue: Rewrote the queue code to not use the hyper heap and be a bit safer. Added a testcase (driverless). bugref:10093

Location:

trunk

Files:

• include/VBox/types.h (modified) (1 diff)
• include/VBox/vmm/gvm.h (modified) (2 diffs)
• include/VBox/vmm/gvm.mac (modified) (1 diff)
• include/VBox/vmm/pdmapi.h (modified) (1 diff)
• include/VBox/vmm/pdmdev.h (modified) (3 diffs)
• include/VBox/vmm/pdmdrv.h (modified) (2 diffs)
• include/VBox/vmm/pdmqueue.h (modified) (2 diffs)
• include/VBox/vmm/vm.h (modified) (3 diffs)
• include/VBox/vmm/vm.mac (modified) (1 diff)
• include/VBox/vmm/vmm.h (modified) (1 diff)
• include/VBox/vmm/vmmr3vtable-def.h (modified) (1 diff)
• src/VBox/VMM/Makefile.kmk (modified) (1 diff)
• src/VBox/VMM/VMMAll/PDMAll.cpp (modified) (4 diffs)
• src/VBox/VMM/VMMAll/PDMAllQueue.cpp (modified) (3 diffs)
• src/VBox/VMM/VMMR0/PDMR0DevHlp.cpp (modified) (8 diffs)
• src/VBox/VMM/VMMR0/PDMR0DevHlpTracing.cpp (modified) (2 diffs)
• src/VBox/VMM/VMMR0/PDMR0Device.cpp (modified) (1 diff)
• src/VBox/VMM/VMMR0/VMMR0.cpp (modified) (1 diff)
• src/VBox/VMM/VMMR3/PDMDevHlp.cpp (modified) (5 diffs)
• src/VBox/VMM/VMMR3/PDMDevice.cpp (modified) (1 diff)
• src/VBox/VMM/VMMR3/PDMDriver.cpp (modified) (4 diffs)
• src/VBox/VMM/VMMR3/PDMQueue.cpp (modified) (21 diffs)
• src/VBox/VMM/include/PDMInternal.h (modified) (15 diffs)
• src/VBox/VMM/testcase/Makefile.kmk (modified) (2 diffs)
• src/VBox/VMM/testcase/tstPDMQueue.cpp (added)

trunk/include/VBox/types.h

@@ -446 +446 @@
 /** Pointer to a const PDM read/write critical section. */
 typedef union PDMCRITSECTRW const *PCPDMCRITSECTRW;
+
+/** PDM queue handle. */
+typedef uint64_t PDMQUEUEHANDLE;
+/** Pointer to a PDM queue handle. */
+typedef PDMQUEUEHANDLE *PPDMQUEUEHANDLE;
+/** NIL PDM queue handle. */
+#define NIL_PDMQUEUEHANDLE ((PDMQUEUEHANDLE)UINT64_MAX)
 
 /** R3 pointer to a timer. */

trunk/include/VBox/vmm/gvm.h

@@ -247 +247 @@
         struct PDMR0PERVM   s;
 #endif
-        uint8_t             padding[2176];
+        uint8_t             padding[3008];
     } pdmr0;
 
@@ -300 +300 @@
     /** Padding so aCpus starts on a page boundrary.  */
 #ifdef VBOX_WITH_NEM_R0
-    uint8_t         abPadding2[16384 - 64 - 4352 - 1024 - 256 - 256 - 64 - 2176 - 640 - 512 - 64 - 1024 - 128 - 704 - sizeof(PGVMCPU) * VMM_MAX_CPU_COUNT];
+    uint8_t         abPadding2[16384 - 64 - 4352 - 1024 - 256 - 256 - 64 - 3008 - 640 - 512 - 64 - 1024 - 128 - 704 - sizeof(PGVMCPU) * VMM_MAX_CPU_COUNT];
 #else
-    uint8_t         abPadding2[16384 - 64 - 4352 - 1024 - 256 -       64 - 2176 - 640 - 512 - 64 - 1024 - 128 - 704 - sizeof(PGVMCPU) * VMM_MAX_CPU_COUNT];
+    uint8_t         abPadding2[16384 - 64 - 4352 - 1024 - 256 -       64 - 3008 - 640 - 512 - 64 - 1024 - 128 - 704 - sizeof(PGVMCPU) * VMM_MAX_CPU_COUNT];
 #endif
 

trunk/include/VBox/vmm/gvm.mac

@@ -83 +83 @@
         .rawpci             resb 64
         alignb 64
-        .pdmr0              resb 2176
+        .pdmr0              resb 3008
         alignb 64
         .pgmr0              resb 640

trunk/include/VBox/vmm/pdmapi.h

@@ -343 +343 @@
 VMMR0_INT_DECL(int) PDMR0DeviceCompatSetCritSectReqHandler(PGVM pGVM, PPDMDEVICECOMPATSETCRITSECTREQ pReq);
 
+
+/**
+ * Request buffer for PDMR0QueueCreateReqHandler / VMMR0_DO_PDM_QUEUE_CREATE.
+ * @see PDMR0QueueCreateReqHandler.
+ */
+typedef struct PDMQUEUECREATEREQ
+{
+    /** The header. */
+    SUPVMMR0REQHDR          Hdr;
+
+    /** Number of queue items. */
+    uint32_t                cItems;
+    /** Queue item size.   */
+    uint32_t                cbItem;
+    /** Owner type (PDMQUEUETYPE). */
+    uint32_t                enmType;
+    /** The ring-3 owner pointer. */
+    RTR3PTR                 pvOwner;
+    /** The ring-3 callback function address. */
+    RTR3PTR                 pfnCallback;
+    /** The queue name. */
+    char                    szName[40];
+
+    /** Output: The queue handle. */
+    PDMQUEUEHANDLE          hQueue;
+} PDMQUEUECREATEREQ;
+/** Pointer to a PDMR0QueueCreateReqHandler / VMMR0_DO_PDM_QUEUE_CREATE request buffer. */
+typedef PDMQUEUECREATEREQ *PPDMQUEUECREATEREQ;
+
+VMMR0_INT_DECL(int) PDMR0QueueCreateReqHandler(PGVM pGVM, PPDMQUEUECREATEREQ pReq);
+
 /** @} */
 

trunk/include/VBox/vmm/pdmdev.h

@@ -4000 +4000 @@
 
     DECLR3CALLBACKMEMBER(PPDMQUEUEITEMCORE, pfnQueueAlloc,(PPDMDEVINS pDevIns, PDMQUEUEHANDLE hQueue));
-    DECLR3CALLBACKMEMBER(void, pfnQueueInsert,(PPDMDEVINS pDevIns, PDMQUEUEHANDLE hQueue, PPDMQUEUEITEMCORE pItem));
+    DECLR3CALLBACKMEMBER(int, pfnQueueInsert,(PPDMDEVINS pDevIns, PDMQUEUEHANDLE hQueue, PPDMQUEUEITEMCORE pItem));
     DECLR3CALLBACKMEMBER(bool, pfnQueueFlushIfNecessary,(PPDMDEVINS pDevIns, PDMQUEUEHANDLE hQueue));
     /** @} */
@@ -5767 +5767 @@
      * @{ */
     DECLR0CALLBACKMEMBER(PPDMQUEUEITEMCORE, pfnQueueAlloc,(PPDMDEVINS pDevIns, PDMQUEUEHANDLE hQueue));
-    DECLR0CALLBACKMEMBER(void, pfnQueueInsert,(PPDMDEVINS pDevIns, PDMQUEUEHANDLE hQueue, PPDMQUEUEITEMCORE pItem));
+    DECLR0CALLBACKMEMBER(int, pfnQueueInsert,(PPDMDEVINS pDevIns, PDMQUEUEHANDLE hQueue, PPDMQUEUEITEMCORE pItem));
     DECLR0CALLBACKMEMBER(bool, pfnQueueFlushIfNecessary,(PPDMDEVINS pDevIns, PDMQUEUEHANDLE hQueue));
     /** @} */
@@ -8424 +8424 @@
  * @copydoc PDMDEVHLPR3::pfnQueueInsert
  */
-DECLINLINE(void) PDMDevHlpQueueInsert(PPDMDEVINS pDevIns, PDMQUEUEHANDLE hQueue, PPDMQUEUEITEMCORE pItem)
-{
-    pDevIns->CTX_SUFF(pHlp)->pfnQueueInsert(pDevIns, hQueue, pItem);
+DECLINLINE(int) PDMDevHlpQueueInsert(PPDMDEVINS pDevIns, PDMQUEUEHANDLE hQueue, PPDMQUEUEITEMCORE pItem)
+{
+    return pDevIns->CTX_SUFF(pHlp)->pfnQueueInsert(pDevIns, hQueue, pItem);
 }
 

trunk/include/VBox/vmm/pdmdrv.h

@@ -841 +841 @@
 
     DECLR3CALLBACKMEMBER(PPDMQUEUEITEMCORE, pfnQueueAlloc,(PPDMDRVINS pDrvIns, PDMQUEUEHANDLE hQueue));
-    DECLR3CALLBACKMEMBER(void, pfnQueueInsert,(PPDMDRVINS pDrvIns, PDMQUEUEHANDLE hQueue, PPDMQUEUEITEMCORE pItem));
+    DECLR3CALLBACKMEMBER(int, pfnQueueInsert,(PPDMDRVINS pDrvIns, PDMQUEUEHANDLE hQueue, PPDMQUEUEITEMCORE pItem));
     DECLR3CALLBACKMEMBER(bool, pfnQueueFlushIfNecessary,(PPDMDRVINS pDrvIns, PDMQUEUEHANDLE hQueue));
     /** @} */
@@ -1705 +1705 @@
  * @copydoc PDMDRVHLPR3::pfnQueueInsert
  */
-DECLINLINE(void) PDMDrvHlpQueueInsert(PPDMDRVINS pDrvIns, PDMQUEUEHANDLE hQueue, PPDMQUEUEITEMCORE pItem)
-{
-    pDrvIns->CTX_SUFF(pHlp)->pfnQueueInsert(pDrvIns, hQueue, pItem);
+DECLINLINE(int) PDMDrvHlpQueueInsert(PPDMDRVINS pDrvIns, PDMQUEUEHANDLE hQueue, PPDMQUEUEITEMCORE pItem)
+{
+    return pDrvIns->CTX_SUFF(pHlp)->pfnQueueInsert(pDrvIns, hQueue, pItem);
 }
 

trunk/include/VBox/vmm/pdmqueue.h

@@ -39 +39 @@
  */
 
-/** PDM queue handle. */
-typedef uint64_t PDMQUEUEHANDLE;
-/** NIL PDM queue handle. */
-#define NIL_PDMQUEUEHANDLE      UINT64_MAX
-
 /** Pointer to a PDM queue. */
 typedef struct PDMQUEUE *PPDMQUEUE;
 
 /** Pointer to a PDM queue item core. */
-typedef struct PDMQUEUEITEMCORE *PPDMQUEUEITEMCORE;
+typedef union PDMQUEUEITEMCORE *PPDMQUEUEITEMCORE;
 
 /**
  * PDM queue item core.
  */
-typedef struct PDMQUEUEITEMCORE
+typedef union PDMQUEUEITEMCORE
 {
-    /** Pointer to the next item in the pending list - R3 Pointer. */
-    R3PTRTYPE(PPDMQUEUEITEMCORE)    pNextR3;
-    /** Pointer to the next item in the pending list - R0 Pointer. */
-    R0PTRTYPE(PPDMQUEUEITEMCORE)    pNextR0;
+    /** The next queue item on the pending list (UINT32_MAX for NIL). */
+    uint32_t volatile               iNext;
+    /** The next item about to be flushed. */
+    R3PTRTYPE(PPDMQUEUEITEMCORE)    pNext;
+    /** Make sure the core is 64-bit wide. */
+    uint64_t                        u64View;
 } PDMQUEUEITEMCORE;
 
@@ -134 +131 @@
 
 #ifdef VBOX_IN_VMM
-VMMR3_INT_DECL(int)  PDMR3QueueCreateDevice(PVM pVM, PPDMDEVINS pDevIns, size_t cbItem, uint32_t cItems, uint32_t cMilliesInterval,
-                                            PFNPDMQUEUEDEV pfnCallback, bool fRZEnabled, const char *pszName, PPDMQUEUE *ppQueue);
-VMMR3_INT_DECL(int)  PDMR3QueueCreateDriver(PVM pVM, PPDMDRVINS pDrvIns, size_t cbItem, uint32_t cItems, uint32_t cMilliesInterval,
-                                            PFNPDMQUEUEDRV pfnCallback, const char *pszName, PPDMQUEUE *ppQueue);
-VMMR3_INT_DECL(int)  PDMR3QueueCreateInternal(PVM pVM, size_t cbItem, uint32_t cItems, uint32_t cMilliesInterval,
-                                              PFNPDMQUEUEINT pfnCallback, bool fGCEnabled, const char *pszName, PPDMQUEUE *ppQueue);
-VMMR3_INT_DECL(int)  PDMR3QueueCreateExternal(PVM pVM, size_t cbItem, uint32_t cItems, uint32_t cMilliesInterval,
-                                              PFNPDMQUEUEEXT pfnCallback, void *pvUser, const char *pszName, PPDMQUEUE *ppQueue);
-VMMR3_INT_DECL(int)  PDMR3QueueDestroy(PPDMQUEUE pQueue);
+VMMR3_INT_DECL(int)  PDMR3QueueCreateDevice(PVM pVM, PPDMDEVINS pDevIns, size_t cbItem, uint32_t cItems,
+                                            uint32_t cMilliesInterval, PFNPDMQUEUEDEV pfnCallback,
+                                            bool fRZEnabled, const char *pszName, PDMQUEUEHANDLE *phQueue);
+VMMR3_INT_DECL(int)  PDMR3QueueCreateDriver(PVM pVM, PPDMDRVINS pDrvIns, size_t cbItem, uint32_t cItems,
+                                            uint32_t cMilliesInterval, PFNPDMQUEUEDRV pfnCallback,
+                                            const char *pszName, PDMQUEUEHANDLE *phQueue);
+VMMR3_INT_DECL(int)  PDMR3QueueCreateInternal(PVM pVM, size_t cbItem, uint32_t cItems,
+                                              uint32_t cMilliesInterval, PFNPDMQUEUEINT pfnCallback,
+                                              bool fRZEnabled, const char *pszName, PDMQUEUEHANDLE *phQueue);
+VMMR3DECL(int)       PDMR3QueueCreateExternal(PVM pVM, size_t cbItem, uint32_t cItems, uint32_t cMilliesInterval,
+                                              PFNPDMQUEUEEXT pfnCallback, void *pvUser, const char *pszName, PDMQUEUEHANDLE *phQueue);
+VMMR3DECL(int)       PDMR3QueueDestroy(PVM pVM, PDMQUEUEHANDLE hQueue, void *pvOwner);
 VMMR3_INT_DECL(int)  PDMR3QueueDestroyDevice(PVM pVM, PPDMDEVINS pDevIns);
 VMMR3_INT_DECL(int)  PDMR3QueueDestroyDriver(PVM pVM, PPDMDRVINS pDrvIns);
-VMMR3_INT_DECL(void) PDMR3QueueFlushAll(PVM pVM);
+VMMR3DECL(void)      PDMR3QueueFlushAll(PVM pVM);
 #endif /* VBOX_IN_VMM */
 
-VMMDECL(PPDMQUEUEITEMCORE)    PDMQueueAlloc(PPDMQUEUE pQueue);
-VMMDECL(void)                 PDMQueueInsert(PPDMQUEUE pQueue, PPDMQUEUEITEMCORE pItem);
-VMMDECL(void)                 PDMQueueInsertEx(PPDMQUEUE pQueue, PPDMQUEUEITEMCORE pItem, uint64_t NanoMaxDelay);
-VMMDECL(R0PTRTYPE(PPDMQUEUE)) PDMQueueR0Ptr(PPDMQUEUE pQueue);
-VMMDECL(bool)                 PDMQueueFlushIfNecessary(PPDMQUEUE pQueue);
+VMMDECL(PPDMQUEUEITEMCORE)  PDMQueueAlloc(PVMCC pVM, PDMQUEUEHANDLE hQueue, void *pvOwner);
+VMMDECL(int)                PDMQueueInsert(PVMCC pVM, PDMQUEUEHANDLE hQueue, void *pvOwner, PPDMQUEUEITEMCORE pInsert);
+VMMDECL(int)                PDMQueueFlushIfNecessary(PVMCC pVM, PDMQUEUEHANDLE hQueue, void *pvOwner);
 
 /** @} */

trunk/include/VBox/vmm/vm.h

@@ -1323 +1323 @@
         struct PDM s;
 #endif
-        uint8_t     padding[8320];      /* multiple of 64 */
+        uint8_t     padding[8448];      /* multiple of 64 */
     } pdm;
 
@@ -1458 +1458 @@
 
     /** Padding for aligning the structure size on a page boundrary. */
-    uint8_t         abAlignment2[6616 - sizeof(PVMCPUR3) * VMM_MAX_CPU_COUNT];
+    uint8_t         abAlignment2[6488 - sizeof(PVMCPUR3) * VMM_MAX_CPU_COUNT];
 
     /* ---- end small stuff ---- */
@@ -1468 +1468 @@
 } VM;
 #ifndef VBOX_FOR_DTRACE_LIB
-AssertCompileSizeAlignment(VM, 16384);
+//AssertCompileSizeAlignment(VM, 16384);
 #endif
 

trunk/include/VBox/vmm/vm.mac

@@ -143 +143 @@
     .mm                     resb 192
     alignb 64
-    .pdm                    resb 8320
+    .pdm                    resb 8448
     alignb 64
     .iom                    resb 1152

trunk/include/VBox/vmm/vmm.h

@@ -321 +321 @@
     /** Old style device compat: Set ring-0 critical section. */
     VMMR0_DO_PDM_DEVICE_COMPAT_SET_CRITSECT,
+    /** Call PDMR0QueueCreateReqHandler. */
+    VMMR0_DO_PDM_QUEUE_CREATE,
 
     /** Set a GVMM or GMM configuration value. */

trunk/include/VBox/vmm/vmmr3vtable-def.h

@@ -609 +609 @@
 VTABLE_ENTRY(PDMQueueAlloc)
 VTABLE_ENTRY(PDMQueueInsert)
-VTABLE_ENTRY(PDMQueueInsertEx)
+VTABLE_RESERVED(pfnPDMR3Reserved11)
 
 VTABLE_ENTRY(PDMR3ThreadDestroy)

trunk/src/VBox/VMM/Makefile.kmk

@@ -488 +488 @@
         $(if-expr defined(VBOX_WITH_DBGF_TRACING), VMMR0/PDMR0DevHlpTracing.cpp,) \
         VMMR0/PDMR0Driver.cpp \
+        VMMR0/PDMR0Queue.cpp \
         VMMR0/PGMR0.cpp \
         VMMR0/PGMR0Pool.cpp \

trunk/src/VBox/VMM/VMMAll/PDMAll.cpp

@@ -212 +212 @@
     {
         /* Queue for ring-3 execution. */
-        PPDMDEVHLPTASK pTask = (PPDMDEVHLPTASK)PDMQueueAlloc(pVM->pdm.s.pDevHlpQueueR0);
+        PPDMDEVHLPTASK pTask = (PPDMDEVHLPTASK)PDMQueueAlloc(pVM, pVM->pdm.s.hDevHlpQueue, pVM);
         if (pTask)
         {
@@ -218 +218 @@
             pTask->pDevInsR3 = NIL_RTR3PTR; /* not required */
             pTask->u.IoApicSetEoi.uVector = uVector;
-            PDMQueueInsertEx(pVM->pdm.s.pDevHlpQueueR0, &pTask->Core, 0);
+            PDMQueueInsert(pVM, pVM->pdm.s.hDevHlpQueue, pVM, &pTask->Core);
         }
         else
@@ -250 +250 @@
     {
         /* Queue for ring-3 execution. */
-        PPDMDEVHLPTASK pTask = (PPDMDEVHLPTASK)PDMQueueAlloc(pVM->pdm.s.pDevHlpQueueR0);
+        PPDMDEVHLPTASK pTask = (PPDMDEVHLPTASK)PDMQueueAlloc(pVM, pVM->pdm.s.hDevHlpQueue, pVM);
         if (pTask)
         {
@@ -258 +258 @@
             pTask->u.IoApicSendMsi.Msi       = *pMsi;
             pTask->u.IoApicSendMsi.uTagSrc   = uTagSrc;
-            PDMQueueInsertEx(pVM->pdm.s.pDevHlpQueueR0, &pTask->Core, 0);
+            PDMQueueInsert(pVM, pVM->pdm.s.hDevHlpQueue, pVM, &pTask->Core);
         }
         else

trunk/src/VBox/VMM/VMMAll/PDMAllQueue.cpp

@@ -31 +31 @@
 #include <iprt/asm.h>
 #include <iprt/assert.h>
-
-
-/**
- * Allocate an item from a queue.
+#include <iprt/string.h>
+
+
+/*********************************************************************************************************************************
+*   Defined Constants And Macros                                                                                                 *
+*********************************************************************************************************************************/
+/*
+ * Macros for thoroughly validating a queue handle and ownership.
+ */
+#define PDMQUEUE_HANDLE_TO_VARS_RETURN_COMMON(a_cbMax, a_cbTotalMax) \
+    AssertReturn(cbItem >= sizeof(PDMQUEUEITEMCORE), pQueue->rcOkay = VERR_INTERNAL_ERROR_4); \
+    AssertReturn(cbItem <= (a_cbMax), pQueue->rcOkay = VERR_INTERNAL_ERROR_4); \
+    \
+    /* paranoia^3: */ \
+    AssertReturn(cItems > 0, pQueue->rcOkay = VERR_INTERNAL_ERROR_4); \
+    AssertReturn(cItems <= PDMQUEUE_MAX_ITEMS, pQueue->rcOkay = VERR_INTERNAL_ERROR_4); \
+    AssertReturn(cbItem * cItems <= (a_cbTotalMax), pQueue->rcOkay = VERR_INTERNAL_ERROR_4)
+
+#ifdef IN_RING0
+# define PDMQUEUE_HANDLE_TO_VARS_RETURN(a_pVM, a_hQueue, a_pvOwner) \
+    AssertPtrReturn((a_pvOwner), VERR_INVALID_PARAMETER); \
+    \
+    AssertCompile(RT_ELEMENTS((a_pVM)->pdm.s.apRing0Queues) == RT_ELEMENTS((a_pVM)->pdmr0.s.aQueues)); \
+    AssertReturn((a_hQueue) < RT_ELEMENTS((a_pVM)->pdmr0.s.aQueues), VERR_INVALID_HANDLE); \
+    AssertReturn((a_hQueue) < (a_pVM)->pdmr0.s.cQueues, VERR_INVALID_HANDLE); \
+    AssertReturn((a_pVM)->pdmr0.s.aQueues[(a_hQueue)].pvOwner == (a_pvOwner), VERR_INVALID_HANDLE); \
+    PPDMQUEUE pQueue = (a_pVM)->pdmr0.s.aQueues[(a_hQueue)].pQueue; \
+    AssertPtrReturn(pQueue, VERR_INVALID_HANDLE); \
+    AssertReturn(pQueue->u32Magic == PDMQUEUE_MAGIC, VERR_INVALID_HANDLE); \
+    AssertReturn(pQueue->rcOkay == VINF_SUCCESS, pQueue->rcOkay); \
+    \
+    uint32_t const cbItem   = (a_pVM)->pdmr0.s.aQueues[(a_hQueue)].cbItem; \
+    uint32_t const cItems   = (a_pVM)->pdmr0.s.aQueues[(a_hQueue)].cItems; \
+    uint32_t const offItems = (a_pVM)->pdmr0.s.aQueues[(a_hQueue)].offItems; \
+    \
+    /* paranoia^2: */ \
+    AssertReturn(pQueue->cbItem == cbItem, pQueue->rcOkay = VERR_INTERNAL_ERROR_3); \
+    AssertReturn(pQueue->cItems == cItems, pQueue->rcOkay = VERR_INTERNAL_ERROR_3); \
+    AssertReturn(pQueue->offItems == offItems, pQueue->rcOkay = VERR_INTERNAL_ERROR_3); \
+    \
+    PDMQUEUE_HANDLE_TO_VARS_RETURN_COMMON(PDMQUEUE_MAX_ITEM_SIZE, PDMQUEUE_MAX_TOTAL_SIZE_R0)
+
+#else
+# define PDMQUEUE_HANDLE_TO_VARS_RETURN(a_pVM, a_hQueue, a_pvOwner) \
+    AssertPtrReturn((a_pvOwner), VERR_INVALID_PARAMETER); \
+    \
+    PPDMQUEUE pQueue; \
+    if ((a_hQueue) < RT_ELEMENTS((a_pVM)->pdm.s.apRing0Queues)) \
+        pQueue = (a_pVM)->pdm.s.apRing0Queues[(a_hQueue)]; \
+    else \
+    { \
+        (a_hQueue) -= RT_ELEMENTS((a_pVM)->pdm.s.apRing0Queues); \
+        AssertReturn((a_pVM)->pdm.s.cRing3Queues, VERR_INVALID_HANDLE); \
+        pQueue = (a_pVM)->pdm.s.papRing3Queues[(a_hQueue)]; \
+    } \
+    AssertPtrReturn(pQueue, VERR_INVALID_HANDLE); \
+    AssertReturn(pQueue->u32Magic == PDMQUEUE_MAGIC, VERR_INVALID_HANDLE); \
+    AssertReturn(pQueue->u.Gen.pvOwner == (a_pvOwner), VERR_INVALID_HANDLE); \
+    AssertReturn(pQueue->rcOkay == VINF_SUCCESS, pQueue->rcOkay); \
+    \
+    uint32_t const cbItem   = pQueue->cbItem; \
+    uint32_t const cItems   = pQueue->cItems; \
+    uint32_t const offItems = pQueue->offItems; \
+    \
+    PDMQUEUE_HANDLE_TO_VARS_RETURN_COMMON(PDMQUEUE_MAX_ITEM_SIZE, PDMQUEUE_MAX_TOTAL_SIZE_R3)
+
+#endif
+
+
+/**
+ * Commmon function for initializing the shared queue structure.
+ */
+void pdmQueueInit(PPDMQUEUE pQueue, uint32_t cbBitmap, uint32_t cbItem, uint32_t cItems,
+                  const char *pszName, PDMQUEUETYPE enmType, RTR3PTR pfnCallback, RTR3PTR pvOwner)
+{
+    Assert(cbBitmap * 8 >= cItems);
+
+    pQueue->u32Magic            = PDMQUEUE_MAGIC;
+    pQueue->cbItem              = cbItem;
+    pQueue->cItems              = cItems;
+    pQueue->offItems            = RT_UOFFSETOF(PDMQUEUE, bmAlloc) + cbBitmap;
+    pQueue->rcOkay              = VINF_SUCCESS;
+    pQueue->u32Padding          = 0;
+    pQueue->hTimer              = NIL_TMTIMERHANDLE;
+    pQueue->cMilliesInterval    = 0;
+    pQueue->enmType             = enmType;
+    pQueue->u.Gen.pfnCallback   = pfnCallback;
+    pQueue->u.Gen.pvOwner       = pvOwner;
+    RTStrCopy(pQueue->szName, sizeof(pQueue->szName), pszName);
+    pQueue->iPending            = UINT32_MAX;
+    RT_BZERO(pQueue->bmAlloc, cbBitmap);
+    ASMBitSetRange(pQueue->bmAlloc, 0, cItems);
+
+    uint8_t *pbItem = (uint8_t *)&pQueue->bmAlloc[0] + cbBitmap;
+    while (cItems-- > 0)
+    {
+        ((PPDMQUEUEITEMCORE)pbItem)->u64View = UINT64_C(0xfeedfeedfeedfeed);
+
+        /* next */
+        pbItem += cbItem;
+    }
+}
+
+
+/**
+ * Allocate an item from a queue, extended version.
+ *
  * The allocated item must be handed on to PDMR3QueueInsert() after the
  * data have been filled in.
  *
- * @returns Pointer to allocated queue item.
- * @returns NULL on failure. The queue is exhausted.
- * @param   pQueue      The queue handle.
+ * @returns VBox status code.
+ * @param   pVM         Pointer to the cross context VM structure w/ ring-0.
+ * @param   hQueue      The queue handle.
+ * @param   pvOwner     The queue owner.
+ * @param   ppNew       Where to return the item pointer on success.
  * @thread  Any thread.
  */
-VMMDECL(PPDMQUEUEITEMCORE) PDMQueueAlloc(PPDMQUEUE pQueue)
-{
-    Assert(RT_VALID_PTR(pQueue) && pQueue->CTX_SUFF(pVM));
-    PPDMQUEUEITEMCORE pNew;
-    uint32_t iNext;
-    uint32_t i;
-    do
+VMMDECL(int) PDMQueueAllocEx(PVMCC pVM, PDMQUEUEHANDLE hQueue, void *pvOwner, PPDMQUEUEITEMCORE *ppNew)
+{
+    /*
+     * Validate and translate input.
+     */
+    *ppNew = NULL;
+    PDMQUEUE_HANDLE_TO_VARS_RETURN(pVM, hQueue, pvOwner);
+
+    /*
+     * Do the allocation.
+     */
+    uint32_t cEmptyScans = 0;
+    for (;;)
     {
-        i = pQueue->iFreeTail;
-        if (i == pQueue->iFreeHead)
+        int32_t iBit = ASMBitFirstSet(pQueue->bmAlloc, cItems);
+        if (iBit >= 0)
+        {
+            if (ASMAtomicBitTestAndClear(pQueue->bmAlloc, iBit))
+            {
+                PPDMQUEUEITEMCORE pNew = (PPDMQUEUEITEMCORE)&((uint8_t *)pQueue)[offItems + iBit * cbItem];
+                pNew->u64View = UINT64_C(0xbeefbeefbeefbeef);
+                *ppNew = pNew;
+                return VINF_SUCCESS;
+            }
+            cEmptyScans = 0;
+        }
+        else if (++cEmptyScans < 16)
+            ASMNopPause();
+        else
         {
             STAM_REL_COUNTER_INC(&pQueue->StatAllocFailures);
-            return NULL;
+            return VERR_OUT_OF_RESOURCES;
         }
-        pNew = pQueue->aFreeItems[i].CTX_SUFF(pItem);
-        iNext = (i + 1) % (pQueue->cItems + PDMQUEUE_FREE_SLACK);
-    } while (!ASMAtomicCmpXchgU32(&pQueue->iFreeTail, iNext, i));
-    return pNew;
+    }
+}
+
+
+/**
+ * Allocate an item from a queue.
+ *
+ * The allocated item must be handed on to PDMR3QueueInsert() after the
+ * data have been filled in.
+ *
+ * @returns VBox status code.
+ * @param   pVM         Pointer to the cross context VM structure w/ ring-0.
+ * @param   hQueue      The queue handle.
+ * @param   pvOwner     The queue owner.
+ * @param   ppNew       Where to return the item pointer on success.
+ * @thread  Any thread.
+ */
+VMMDECL(PPDMQUEUEITEMCORE) PDMQueueAlloc(PVMCC pVM, PDMQUEUEHANDLE hQueue, void *pvOwner)
+{
+    PPDMQUEUEITEMCORE pNew = NULL;
+    int rc = PDMQueueAllocEx(pVM, hQueue, pvOwner, &pNew);
+    if (RT_SUCCESS(rc))
+        return pNew;
+    return NULL;
 }
 
@@ -67 +211 @@
  * Sets the FFs and fQueueFlushed.
  *
- * @param   pQueue              The PDM queue.
- */
-static void pdmQueueSetFF(PPDMQUEUE pQueue)
-{
-    PVM pVM = pQueue->CTX_SUFF(pVM);
+ * @param   pVM         Pointer to the cross context VM structure w/ ring-0.
+ */
+static void pdmQueueSetFF(PVMCC pVM)
+{
     Log2(("PDMQueueInsert: VM_FF_PDM_QUEUES %d -> 1\n", VM_FF_IS_SET(pVM, VM_FF_PDM_QUEUES)));
     VM_FF_SET(pVM, VM_FF_PDM_QUEUES);
@@ -87 +230 @@
  * have been passed to this function it must not be touched!
  *
- * @param   pQueue      The queue handle.
- * @param   pItem       The item to insert.
+ * @returns VBox status code.
+ * @param   pVM         Pointer to the cross context VM structure w/ ring-0.
+ * @param   hQueue      The queue handle.
+ * @param   pvOwner     The queue owner.
+ * @param   pInsert     The item to insert.
  * @thread  Any thread.
  */
-VMMDECL(void) PDMQueueInsert(PPDMQUEUE pQueue, PPDMQUEUEITEMCORE pItem)
-{
-    Assert(RT_VALID_PTR(pQueue) && pQueue->CTX_SUFF(pVM));
-    AssertPtr(pItem);
-
-#if 0 /* the paranoid android version: */
-    void *pvNext;
-    do
+VMMDECL(int) PDMQueueInsert(PVMCC pVM, PDMQUEUEHANDLE hQueue, void *pvOwner, PPDMQUEUEITEMCORE pInsert)
+{
+    /*
+     * Validate and translate input.
+     */
+    PDMQUEUE_HANDLE_TO_VARS_RETURN(pVM, hQueue, pvOwner);
+
+    uint8_t * const pbItems   = (uint8_t *)pQueue + offItems;
+    uintptr_t const offInsert = (uintptr_t)pInsert - (uintptr_t)pbItems;
+    uintptr_t const iInsert   = offInsert / cbItem;
+    AssertReturn(iInsert < cItems, VERR_INVALID_PARAMETER);
+    AssertReturn(iInsert * cbItem == offInsert, VERR_INVALID_PARAMETER);
+
+    AssertReturn(ASMBitTest(pQueue->bmAlloc, iInsert) == false, VERR_INVALID_PARAMETER);
+
+    /*
+     * Append the item to the pending list.
+     */
+    for (;;)
     {
-        pvNext = ASMAtomicUoReadPtr((void * volatile *)&pQueue->CTX_SUFF(pPending));
-        ASMAtomicUoWritePtr((void * volatile *)&pItem->CTX_SUFF(pNext), pvNext);
-    } while (!ASMAtomicCmpXchgPtr(&pQueue->CTX_SUFF(pPending), pItem, pvNext));
-#else
-    PPDMQUEUEITEMCORE pNext;
-    do
-    {
-        pNext = pQueue->CTX_SUFF(pPending);
-        pItem->CTX_SUFF(pNext) = pNext;
-    } while (!ASMAtomicCmpXchgPtr(&pQueue->CTX_SUFF(pPending), pItem, pNext));
-#endif
+        uint32_t const iOldPending = ASMAtomicUoReadU32(&pQueue->iPending);
+        pInsert->iNext = iOldPending;
+        if (ASMAtomicCmpXchgU32(&pQueue->iPending, iInsert, iOldPending))
+            break;
+        ASMNopPause();
+    }
 
     if (pQueue->hTimer == NIL_TMTIMERHANDLE)
-        pdmQueueSetFF(pQueue);
+        pdmQueueSetFF(pVM);
     STAM_REL_COUNTER_INC(&pQueue->StatInsert);
     STAM_STATS({ ASMAtomicIncU32(&pQueue->cStatPending); });
-}
-
-
-/**
- * Queue an item.
- *
- * The item must have been obtained using PDMQueueAlloc(). Once the item
- * have been passed to this function it must not be touched!
- *
- * @param   pQueue          The queue handle.
- * @param   pItem           The item to insert.
- * @param   NanoMaxDelay    The maximum delay before processing the queue, in nanoseconds.
- *                          This applies only to GC.
- * @thread  Any thread.
- */
-VMMDECL(void) PDMQueueInsertEx(PPDMQUEUE pQueue, PPDMQUEUEITEMCORE pItem, uint64_t NanoMaxDelay)
-{
-    NOREF(NanoMaxDelay);
-    PDMQueueInsert(pQueue, pItem);
-#ifdef IN_RC
-    PVM pVM = pQueue->CTX_SUFF(pVM);
-    /** @todo figure out where to put this, the next bit should go there too.
-    if (NanoMaxDelay)
+
+    return VINF_SUCCESS;
+}
+
+
+/**
+ * Schedule the queue for flushing (processing) if necessary.
+ *
+ * @returns VBox status code.
+ * @retval  VINF_SUCCESS if a flush was necessary.
+ * @retval  VINF_NO_CHANGE if no flushing needed.
+ *
+ * @param   pVM         The cross context VM structure.
+ * @param   pvOwner     The alleged queue owner.
+ * @param   hQueue      The queueu to maybe flush.
+ */
+VMMDECL(int) PDMQueueFlushIfNecessary(PVMCC pVM, PDMQUEUEHANDLE hQueue, void *pvOwner)
+{
+    /*
+     * Validate input.
+     */
+    PDMQUEUE_HANDLE_TO_VARS_RETURN(pVM, hQueue, pvOwner);
+    RT_NOREF(offItems);
+
+    /*
+     * Check and maybe flush.
+     */
+    if (ASMAtomicUoReadU32(&pQueue->iPending) != UINT32_MAX)
     {
-
+        pdmQueueSetFF(pVM);
+        return VINF_SUCCESS;
     }
-    else */
-    {
-        VMCPU_FF_SET(VMMGetCpu0(pVM), VMCPU_FF_TO_R3);
-        Log2(("PDMQueueInsertEx: Setting VMCPU_FF_TO_R3\n"));
-    }
-#endif
-}
-
-
-/**
- * Gets the ring-0 pointer for the specified queue.
- *
- * @returns The ring-0 address of the queue.
- * @returns NULL if pQueue is invalid.
- * @param   pQueue          The queue handle.
- */
-VMMDECL(R0PTRTYPE(PPDMQUEUE)) PDMQueueR0Ptr(PPDMQUEUE pQueue)
-{
-    AssertPtr(pQueue);
-    Assert(pQueue->pVMR3);
-#ifdef IN_RING0
-    AssertPtr(pQueue->pVMR0);
-    return pQueue;
-#else
-    Assert(pQueue->pVMR0 || SUPR3IsDriverless());
-    return MMHyperCCToR0(pQueue->CTX_SUFF(pVM), pQueue);
-#endif
-}
-
-
-/**
- * Schedule the queue for flushing (processing) if necessary.
- *
- * @returns @c true if necessary, @c false if not.
- * @param   pQueue              The queue.
- */
-VMMDECL(bool) PDMQueueFlushIfNecessary(PPDMQUEUE pQueue)
-{
-    AssertPtr(pQueue);
-    if (   pQueue->pPendingR3 != NIL_RTR3PTR
-        || pQueue->pPendingR0 != NIL_RTR0PTR)
-    {
-        pdmQueueSetFF(pQueue);
-        return false;
-    }
-    return false;
-}
-
+    return VINF_NO_CHANGE;
+}
+

trunk/src/VBox/VMM/VMMR0/PDMR0DevHlp.cpp

@@ -245 +245 @@
 
         /* queue for ring-3 execution. */
-        PPDMDEVHLPTASK pTask = (PPDMDEVHLPTASK)PDMQueueAlloc(pGVM->pdm.s.pDevHlpQueueR0);
+        PPDMDEVHLPTASK pTask = (PPDMDEVHLPTASK)PDMQueueAlloc(pGVM, pGVM->pdm.s.hDevHlpQueue, pGVM);
         AssertReturnVoid(pTask);
 
@@ -253 +253 @@
         pTask->u.PciSetIrq.iLevel = iLevel;
         pTask->u.PciSetIrq.uTagSrc = uTagSrc;
-        pTask->u.PciSetIrq.pPciDevR3 = MMHyperR0ToR3(pGVM, pPciDev);
-
-        PDMQueueInsertEx(pGVM->pdm.s.pDevHlpQueueR0, &pTask->Core, 0);
+        pTask->u.PciSetIrq.idxPciDev = pPciDev->Int.s.idxSubDev;
+
+        PDMQueueInsert(pGVM, pGVM->pdm.s.hDevHlpQueue, pGVM, &pTask->Core);
     }
 
@@ -581 +581 @@
 
 
-/** Converts a queue handle to a ring-0 queue pointer. */
-DECLINLINE(PPDMQUEUE)  pdmR0DevHlp_QueueToPtr(PPDMDEVINS pDevIns, PDMQUEUEHANDLE hQueue)
-{
-    PDMDEV_ASSERT_DEVINS(pDevIns);
-    return (PPDMQUEUE)MMHyperR3ToCC(pDevIns->Internal.s.pGVM, hQueue);
-}
-
-
 /** @interface_method_impl{PDMDEVHLPR0,pfnQueueAlloc} */
 static DECLCALLBACK(PPDMQUEUEITEMCORE) pdmR0DevHlp_QueueAlloc(PPDMDEVINS pDevIns, PDMQUEUEHANDLE hQueue)
 {
-    return PDMQueueAlloc(pdmR0DevHlp_QueueToPtr(pDevIns, hQueue));
+    PDMDEV_ASSERT_DEVINS(pDevIns);
+    return PDMQueueAlloc(pDevIns->Internal.s.pGVM, hQueue, pDevIns);
 }
 
 
 /** @interface_method_impl{PDMDEVHLPR0,pfnQueueInsert} */
-static DECLCALLBACK(void) pdmR0DevHlp_QueueInsert(PPDMDEVINS pDevIns, PDMQUEUEHANDLE hQueue, PPDMQUEUEITEMCORE pItem)
-{
-    return PDMQueueInsert(pdmR0DevHlp_QueueToPtr(pDevIns, hQueue), pItem);
+static DECLCALLBACK(int) pdmR0DevHlp_QueueInsert(PPDMDEVINS pDevIns, PDMQUEUEHANDLE hQueue, PPDMQUEUEITEMCORE pItem)
+{
+    PDMDEV_ASSERT_DEVINS(pDevIns);
+    return PDMQueueInsert(pDevIns->Internal.s.pGVM, hQueue, pDevIns, pItem);
 }
 
@@ -606 +600 @@
 static DECLCALLBACK(bool) pdmR0DevHlp_QueueFlushIfNecessary(PPDMDEVINS pDevIns, PDMQUEUEHANDLE hQueue)
 {
-    return PDMQueueFlushIfNecessary(pdmR0DevHlp_QueueToPtr(pDevIns, hQueue));
+    PDMDEV_ASSERT_DEVINS(pDevIns);
+    return PDMQueueFlushIfNecessary(pDevIns->Internal.s.pGVM, hQueue, pDevIns) == VINF_SUCCESS;
 }
 
@@ -1786 +1781 @@
     {
         /* queue for ring-3 execution. */
-        PPDMDEVHLPTASK pTask = (PPDMDEVHLPTASK)PDMQueueAlloc(pGVM->pdm.s.pDevHlpQueueR0);
+        PPDMDEVHLPTASK pTask = (PPDMDEVHLPTASK)PDMQueueAlloc(pGVM, pGVM->pdm.s.hDevHlpQueue, pGVM);
         if (pTask)
         {
@@ -1796 +1791 @@
             pTask->u.IoApicSetIrq.uTagSrc = uTagSrc;
 
-            PDMQueueInsertEx(pGVM->pdm.s.pDevHlpQueueR0, &pTask->Core, 0);
+            PDMQueueInsert(pGVM, pGVM->pdm.s.hDevHlpQueue, pGVM, &pTask->Core);
         }
         else
@@ -1975 +1970 @@
 
     /* queue for ring-3 execution. */
-    PPDMDEVHLPTASK pTask = (PPDMDEVHLPTASK)PDMQueueAlloc(pGVM->pdm.s.pDevHlpQueueR0);
+    PPDMDEVHLPTASK pTask = (PPDMDEVHLPTASK)PDMQueueAlloc(pGVM, pGVM->pdm.s.hDevHlpQueue, pGVM);
     AssertReturn(pTask, false);
 
@@ -1985 +1980 @@
     pTask->u.IsaSetIrq.uTagSrc = uTagSrc;
 
-    PDMQueueInsertEx(pGVM->pdm.s.pDevHlpQueueR0, &pTask->Core, 0);
+    PDMQueueInsert(pGVM, pGVM->pdm.s.hDevHlpQueue, pGVM, &pTask->Core);
     return false;
 }

trunk/src/VBox/VMM/VMMR0/PDMR0DevHlpTracing.cpp

@@ -408 +408 @@
 
         /* queue for ring-3 execution. */
-        PPDMDEVHLPTASK pTask = (PPDMDEVHLPTASK)PDMQueueAlloc(pGVM->pdm.s.pDevHlpQueueR0);
+        PPDMDEVHLPTASK pTask = (PPDMDEVHLPTASK)PDMQueueAlloc(pGVM, pGVM->pdm.s.hDevHlpQueue, pGVM);
         AssertReturnVoid(pTask);
 
@@ -416 +416 @@
         pTask->u.PciSetIrq.iLevel = iLevel;
         pTask->u.PciSetIrq.uTagSrc = uTagSrc;
-        pTask->u.PciSetIrq.pPciDevR3 = MMHyperR0ToR3(pGVM, pPciDev);
-
-        PDMQueueInsertEx(pGVM->pdm.s.pDevHlpQueueR0, &pTask->Core, 0);
+        pTask->u.PciSetIrq.idxPciDev = pPciDev->Int.s.idxSubDev;
+
+        PDMQueueInsert(pGVM, pGVM->pdm.s.hDevHlpQueue, pGVM, &pTask->Core);
     }
 

trunk/src/VBox/VMM/VMMR0/PDMR0Device.cpp

@@ -193 +193 @@
         if (pDevIns)
             pdmR0DeviceDestroy(pGVM, pDevIns, i);
+    }
+
+    i = pGVM->pdmr0.s.cQueues;
+    while (i-- > 0)
+    {
+        if (pGVM->pdmr0.s.aQueues[i].pQueue != NULL)
+            pdmR0QueueDestroy(pGVM, i);
     }
 }

trunk/src/VBox/VMM/VMMR0/VMMR0.cpp

@@ -2072 +2072 @@
         }
 
+        case VMMR0_DO_PDM_QUEUE_CREATE:
+        {
+            if (!pReqHdr || u64Arg || idCpu != 0)
+                return VERR_INVALID_PARAMETER;
+            rc = PDMR0QueueCreateReqHandler(pGVM, (PPDMQUEUECREATEREQ)pReqHdr);
+            break;
+        }
+
         /*
          * Requests to the internal networking service.

trunk/src/VBox/VMM/VMMR3/PDMDevHlp.cpp

@@ -2747 +2747 @@
     }
 
-    PPDMQUEUE pQueue = NULL;
-    int rc = PDMR3QueueCreateDevice(pVM, pDevIns, cbItem, cItems, cMilliesInterval, pfnCallback, fRZEnabled, pszName, &pQueue);
-    *phQueue = (uintptr_t)pQueue;
-
-    LogFlow(("pdmR3DevHlp_QueueCreate: caller='%s'/%d: returns %Rrc *ppQueue=%p\n", pDevIns->pReg->szName, pDevIns->iInstance, rc, *phQueue));
+    int rc = PDMR3QueueCreateDevice(pVM, pDevIns, cbItem, cItems, cMilliesInterval, pfnCallback, fRZEnabled, pszName, phQueue);
+
+    LogFlow(("pdmR3DevHlp_QueueCreate: caller='%s'/%d: returns %Rrc *phQueue=%p\n",
+             pDevIns->pReg->szName, pDevIns->iInstance, rc, *phQueue));
     return rc;
 }
@@ -2770 +2769 @@
 static DECLCALLBACK(PPDMQUEUEITEMCORE) pdmR3DevHlp_QueueAlloc(PPDMDEVINS pDevIns, PDMQUEUEHANDLE hQueue)
 {
-    return PDMQueueAlloc(pdmR3DevHlp_QueueToPtr(pDevIns, hQueue));
+    PDMDEV_ASSERT_DEVINS(pDevIns);
+    return PDMQueueAlloc(pDevIns->Internal.s.pVMR3, hQueue, pDevIns);
 }
 
 
 /** @interface_method_impl{PDMDEVHLPR3,pfnQueueInsert} */
-static DECLCALLBACK(void) pdmR3DevHlp_QueueInsert(PPDMDEVINS pDevIns, PDMQUEUEHANDLE hQueue, PPDMQUEUEITEMCORE pItem)
-{
-    return PDMQueueInsert(pdmR3DevHlp_QueueToPtr(pDevIns, hQueue), pItem);
+static DECLCALLBACK(int) pdmR3DevHlp_QueueInsert(PPDMDEVINS pDevIns, PDMQUEUEHANDLE hQueue, PPDMQUEUEITEMCORE pItem)
+{
+    return PDMQueueInsert(pDevIns->Internal.s.pVMR3, hQueue, pDevIns, pItem);
 }
 
@@ -2784 +2784 @@
 static DECLCALLBACK(bool) pdmR3DevHlp_QueueFlushIfNecessary(PPDMDEVINS pDevIns, PDMQUEUEHANDLE hQueue)
 {
-    return PDMQueueFlushIfNecessary(pdmR3DevHlp_QueueToPtr(pDevIns, hQueue));
+    return PDMQueueFlushIfNecessary(pDevIns->Internal.s.pVMR3, hQueue, pDevIns) == VINF_SUCCESS;
 }
 
@@ -6360 +6360 @@
         {
             /* Same as pdmR3DevHlp_PCISetIrq, except we've got a tag already. */
-            PPDMPCIDEV pPciDev = pTask->u.PciSetIrq.pPciDevR3;
+            PPDMDEVINSR3 pDevIns = pTask->pDevInsR3;
+            PPDMPCIDEV   pPciDev = pTask->u.PciSetIrq.idxPciDev < RT_ELEMENTS(pDevIns->apPciDevs)
+                                 ? pDevIns->apPciDevs[pTask->u.PciSetIrq.idxPciDev] : NULL;
             if (pPciDev)
             {
@@ -6373 +6375 @@
             }
             else
-                AssertReleaseMsgFailed(("No PCI device registered!\n"));
+                AssertReleaseMsgFailed(("No PCI device given! (%#x)\n", pPciDev->Int.s.idxSubDev));
             break;
         }

trunk/src/VBox/VMM/VMMR3/PDMDevice.cpp

@@ -131 +131 @@
      * Get the RC & R0 devhlps and create the devhlp R3 task queue.
      */
-    rc = PDMR3QueueCreateInternal(pVM, sizeof(PDMDEVHLPTASK), 8, 0, pdmR3DevHlpQueueConsumer, true, "DevHlp",
-                                  &pVM->pdm.s.pDevHlpQueueR3);
+    rc = PDMR3QueueCreateInternal(pVM, sizeof(PDMDEVHLPTASK), pVM->cCpus * 8, 0, pdmR3DevHlpQueueConsumer, true, "DevHlp",
+                                  &pVM->pdm.s.hDevHlpQueue);
     AssertRCReturn(rc, rc);
-    pVM->pdm.s.pDevHlpQueueR0 = PDMQueueR0Ptr(pVM->pdm.s.pDevHlpQueueR3);
 
     /*

trunk/src/VBox/VMM/VMMR3/PDMDriver.cpp

@@ -1255 +1255 @@
 
 
-/**
- * Conversion from handle to queue pointer (temporary).
- */
-DECLINLINE(PPDMQUEUE) pdmR3DrvHlp_QueueToPtr(PPDMDRVINS pDrvIns, PDMQUEUEHANDLE hQueue)
-{
-    PDMDRV_ASSERT_DRVINS(pDrvIns);
-    RT_NOREF(pDrvIns);
-    return (PPDMQUEUE)hQueue;
-}
-
-
 /** @interface_method_impl{PDMDRVHLPR3,pfnQueueCreate} */
 static DECLCALLBACK(int) pdmR3DrvHlp_QueueCreate(PPDMDRVINS pDrvIns, uint32_t cbItem, uint32_t cItems, uint32_t cMilliesInterval,
@@ -1282 +1271 @@
     }
 
-    PPDMQUEUE pQueue = NULL;
-    int rc = PDMR3QueueCreateDriver(pVM, pDrvIns, cbItem, cItems, cMilliesInterval, pfnCallback, pszName, &pQueue);
-    *phQueue = (PDMQUEUEHANDLE)pQueue;
+    int rc = PDMR3QueueCreateDriver(pVM, pDrvIns, cbItem, cItems, cMilliesInterval, pfnCallback, pszName, phQueue);
 
     LogFlow(("pdmR3DrvHlp_PDMQueueCreate: caller='%s'/%d: returns %Rrc *phQueue=%p\n", pDrvIns->pReg->szName, pDrvIns->iInstance, rc, *phQueue));
@@ -1294 +1281 @@
 static DECLCALLBACK(PPDMQUEUEITEMCORE) pdmR3DrvHlp_QueueAlloc(PPDMDRVINS pDrvIns, PDMQUEUEHANDLE hQueue)
 {
-    return PDMQueueAlloc(pdmR3DrvHlp_QueueToPtr(pDrvIns, hQueue));
+    return PDMQueueAlloc(pDrvIns->Internal.s.pVMR3, hQueue, pDrvIns);
 }
 
 
 /** @interface_method_impl{PDMDRVHLPR3,pfnQueueInsert} */
-static DECLCALLBACK(void) pdmR3DrvHlp_QueueInsert(PPDMDRVINS pDrvIns, PDMQUEUEHANDLE hQueue, PPDMQUEUEITEMCORE pItem)
-{
-    return PDMQueueInsert(pdmR3DrvHlp_QueueToPtr(pDrvIns, hQueue), pItem);
+static DECLCALLBACK(int) pdmR3DrvHlp_QueueInsert(PPDMDRVINS pDrvIns, PDMQUEUEHANDLE hQueue, PPDMQUEUEITEMCORE pItem)
+{
+    return PDMQueueInsert(pDrvIns->Internal.s.pVMR3, hQueue, pDrvIns, pItem);
 }
 
@@ -1308 +1295 @@
 static DECLCALLBACK(bool) pdmR3DrvHlp_QueueFlushIfNecessary(PPDMDRVINS pDrvIns, PDMQUEUEHANDLE hQueue)
 {
-    return PDMQueueFlushIfNecessary(pdmR3DrvHlp_QueueToPtr(pDrvIns, hQueue));
-}
-
+    return PDMQueueFlushIfNecessary(pDrvIns->Internal.s.pVMR3, hQueue, pDrvIns) == VINF_SUCCESS;
+}
 
 

trunk/src/VBox/VMM/VMMR3/PDMQueue.cpp

@@ -31 +31 @@
 #include <iprt/asm.h>
 #include <iprt/assert.h>
+#include <iprt/mem.h>
 #include <iprt/thread.h>
 
@@ -37 +38 @@
 *   Internal Functions                                                                                                           *
 *********************************************************************************************************************************/
-DECLINLINE(void)            pdmR3QueueFreeItem(PPDMQUEUE pQueue, PPDMQUEUEITEMCORE pItem);
-static bool                 pdmR3QueueFlush(PPDMQUEUE pQueue);
 static DECLCALLBACK(void)   pdmR3QueueTimer(PVM pVM, TMTIMERHANDLE hTimer, void *pvUser);
 
@@ -54 +53 @@
  * @param   fRZEnabled          Set if the queue will be used from RC/R0 and need to be allocated from the hyper heap.
  * @param   pszName             The queue name. Unique. Not copied.
- * @param   ppQueue             Where to store the queue handle.
+ * @param   enmType             Owner type.
+ * @param   pvOwner             The queue owner pointer.
+ * @param   uCallback           Callback function.
+ * @param   phQueue             Where to store the queue handle.
  */
 static int pdmR3QueueCreate(PVM pVM, size_t cbItem, uint32_t cItems, uint32_t cMilliesInterval, bool fRZEnabled,
-                            const char *pszName, PPDMQUEUE *ppQueue)
-{
-    PUVM pUVM = pVM->pUVM;
-
-    /*
-     * Validate input.
-     */
-    AssertMsgReturn(cbItem >= sizeof(PDMQUEUEITEMCORE) && cbItem < _1M, ("cbItem=%zu\n", cbItem), VERR_OUT_OF_RANGE);
-    AssertMsgReturn(cItems >= 1 && cItems <= _64K, ("cItems=%u\n", cItems), VERR_OUT_OF_RANGE);
+                            const char *pszName, PDMQUEUETYPE enmType, void *pvOwner, uintptr_t uCallback,
+                            PDMQUEUEHANDLE *phQueue)
+{
+    /*
+     * Validate and adjust the input.
+     */
+    VM_ASSERT_EMT0_RETURN(pVM, VERR_VM_THREAD_NOT_EMT); /* serialization by exclusivity */
+
+    cbItem = RT_ALIGN(cbItem, sizeof(uint64_t));
+    AssertMsgReturn(cbItem >= sizeof(PDMQUEUEITEMCORE) && cbItem < PDMQUEUE_MAX_ITEM_SIZE, ("cbItem=%zu\n", cbItem),
+                    VERR_OUT_OF_RANGE);
+    AssertMsgReturn(cItems >= 1 && cItems <= PDMQUEUE_MAX_ITEMS, ("cItems=%u\n", cItems), VERR_OUT_OF_RANGE);
+    AssertMsgReturn((uint64_t)cbItem * cItems <= (fRZEnabled ? PDMQUEUE_MAX_TOTAL_SIZE_R0 : PDMQUEUE_MAX_TOTAL_SIZE_R3),
+                    ("cItems=%u cbItem=%#x -> %#RX64, max %'u\n", cItems, cbItem, (uint64_t)cbItem * cItems,
+                     fRZEnabled ? PDMQUEUE_MAX_TOTAL_SIZE_R0 : PDMQUEUE_MAX_TOTAL_SIZE_R3),
+                    VERR_OUT_OF_RANGE);
+    AssertReturn(!fRZEnabled || enmType == PDMQUEUETYPE_INTERNAL || enmType == PDMQUEUETYPE_DEV, VERR_INVALID_PARAMETER);
+    if (SUPR3IsDriverless())
+        fRZEnabled = false;
+
+    /* Unqiue name that fits within the szName field: */
+    size_t cchName = strlen(pszName);
+    AssertReturn(cchName > 0, VERR_INVALID_NAME);
+    AssertMsgReturn(cchName < RT_SIZEOFMEMB(PDMQUEUE, szName), ("'%s' is too long\n", pszName), VERR_INVALID_NAME);
+    size_t i = pVM->pdm.s.cRing3Queues;
+    while (i-- > 0 )
+        AssertMsgReturn(strcmp(pVM->pdm.s.papRing3Queues[i]->szName, pszName) != 0, ("%s\n", pszName), VERR_DUPLICATE);
+    i = pVM->pdm.s.cRing0Queues;
+    while (i-- > 0 )
+        AssertMsgReturn(strcmp(pVM->pdm.s.apRing0Queues[i]->szName, pszName) != 0, ("%s\n", pszName), VERR_DUPLICATE);
 
     /*
      * Align the item size and calculate the structure size.
      */
-    cbItem = RT_ALIGN(cbItem, sizeof(RTUINTPTR));
-    size_t cb = cbItem * cItems + RT_ALIGN_Z(RT_UOFFSETOF_DYN(PDMQUEUE, aFreeItems[cItems + PDMQUEUE_FREE_SLACK]), 16);
-    PPDMQUEUE pQueue;
-    int rc;
+    PPDMQUEUE      pQueue;
+    PDMQUEUEHANDLE hQueue;
     if (fRZEnabled)
-        rc = MMHyperAlloc(pVM, cb, 0, MM_TAG_PDM_QUEUE, (void **)&pQueue );
+    {
+        /* Call ring-0 to allocate and create the queue: */
+        PDMQUEUECREATEREQ Req;
+        Req.Hdr.u32Magic = SUPVMMR0REQHDR_MAGIC;
+        Req.Hdr.cbReq    = sizeof(Req);
+        Req.cItems       = cItems;
+        Req.cbItem       = (uint32_t)cbItem;
+        Req.enmType      = enmType;
+        Req.pvOwner      = pvOwner;
+        Req.pfnCallback  = (RTR3PTR)uCallback;
+        RTStrCopy(Req.szName, sizeof(Req.szName), pszName);
+        AssertCompileMembersSameSize(PDMQUEUECREATEREQ, szName, PDMQUEUE, szName);
+        Req.hQueue       = NIL_PDMQUEUEHANDLE;
+
+        int rc = VMMR3CallR0(pVM, VMMR0_DO_PDM_QUEUE_CREATE, 0, &Req.Hdr);
+        if (RT_FAILURE(rc))
+            return rc;
+        hQueue = Req.hQueue;
+        AssertReturn(hQueue < RT_ELEMENTS(pVM->pdm.s.apRing0Queues), VERR_INTERNAL_ERROR_2);
+        pQueue = pVM->pdm.s.apRing0Queues[hQueue];
+        AssertPtrReturn(pQueue, VERR_INTERNAL_ERROR_3);
+        AssertReturn(pQueue->u32Magic == PDMQUEUE_MAGIC, VERR_INTERNAL_ERROR_4);
+        AssertReturn(pQueue->cbItem == cbItem, VERR_INTERNAL_ERROR_4);
+        AssertReturn(pQueue->cItems == cItems, VERR_INTERNAL_ERROR_4);
+        AssertReturn(pQueue->enmType == enmType, VERR_INTERNAL_ERROR_4);
+        AssertReturn(pQueue->u.Gen.pvOwner == pvOwner, VERR_INTERNAL_ERROR_4);
+        AssertReturn(pQueue->u.Gen.pfnCallback == (RTR3PTR)uCallback, VERR_INTERNAL_ERROR_4);
+    }
     else
-        rc = MMR3HeapAllocZEx(pVM, MM_TAG_PDM_QUEUE, cb, (void **)&pQueue);
-    if (RT_FAILURE(rc))
-        return rc;
-
-    /*
-     * Initialize the data fields.
-     */
-    pQueue->pVMR3 = pVM;
-    pQueue->pVMR0 = fRZEnabled ? pVM->pVMR0ForCall : NIL_RTR0PTR;
-    pQueue->pszName = pszName;
-    pQueue->cMilliesInterval = cMilliesInterval;
-    pQueue->hTimer = NIL_TMTIMERHANDLE;
-    pQueue->cbItem = (uint32_t)cbItem;
-    pQueue->cItems = cItems;
-    //pQueue->pPendingR3 = NULL;
-    //pQueue->pPendingR0 = NULL;
-    //pQueue->pPendingRC = NULL;
-    pQueue->iFreeHead = cItems;
-    //pQueue->iFreeTail = 0;
-    PPDMQUEUEITEMCORE pItem = (PPDMQUEUEITEMCORE)((char *)pQueue + RT_ALIGN_Z(RT_UOFFSETOF_DYN(PDMQUEUE, aFreeItems[cItems + PDMQUEUE_FREE_SLACK]), 16));
-    for (unsigned i = 0; i < cItems; i++, pItem = (PPDMQUEUEITEMCORE)((char *)pItem + cbItem))
-    {
-        pQueue->aFreeItems[i].pItemR3 = pItem;
-        if (fRZEnabled)
-            pQueue->aFreeItems[i].pItemR0 = MMHyperR3ToR0(pVM, pItem);
+    {
+        /* Do it here using the paged heap: */
+        uint32_t const cbBitmap = RT_ALIGN_32(RT_ALIGN_32(cItems, 64) / 8, 64); /* keep bitmap in it's own cacheline  */
+        uint32_t const cbQueue  = RT_OFFSETOF(PDMQUEUE, bmAlloc)
+                                + cbBitmap
+                                + (uint32_t)cbItem * cItems;
+        pQueue = (PPDMQUEUE)RTMemPageAllocZ(cbQueue);
+        if (!pQueue)
+            return VERR_NO_PAGE_MEMORY;
+        pdmQueueInit(pQueue, cbBitmap, (uint32_t)cbItem, cItems, pszName, enmType, (RTR3PTR)uCallback, pvOwner);
+
+        uint32_t iQueue = pVM->pdm.s.cRing3Queues;
+        if (iQueue >= pVM->pdm.s.cRing3QueuesAlloc)
+        {
+            AssertLogRelMsgReturnStmt(iQueue < _16K, ("%#x\n", iQueue), RTMemPageFree(pQueue, cbQueue), VERR_TOO_MANY_OPENS);
+
+            uint32_t const cNewAlloc = RT_ALIGN_32(iQueue, 64) + 64;
+            PPDMQUEUE *papQueuesNew = (PPDMQUEUE *)RTMemAllocZ(cNewAlloc * sizeof(papQueuesNew[0]));
+            AssertLogRelMsgReturnStmt(papQueuesNew, ("cNewAlloc=%u\n", cNewAlloc), RTMemPageFree(pQueue, cbQueue), VERR_NO_MEMORY);
+
+            if (iQueue)
+                memcpy(papQueuesNew, pVM->pdm.s.papRing3Queues, iQueue * sizeof(papQueuesNew[0]));
+            PPDMQUEUE *papQueuesOld = ASMAtomicXchgPtrT(&pVM->pdm.s.papRing3Queues, papQueuesNew, PPDMQUEUE *);
+            pVM->pdm.s.cRing3QueuesAlloc = cNewAlloc;
+            RTMemFree(papQueuesOld);
+        }
+
+        pVM->pdm.s.papRing3Queues[iQueue] = pQueue;
+        pVM->pdm.s.cRing3Queues           = iQueue + 1;
+        hQueue = iQueue + RT_ELEMENTS(pVM->pdm.s.apRing0Queues);
     }
 
@@ -109 +162 @@
     if (cMilliesInterval)
     {
-        char szName[32];
-        RTStrPrintf(szName, sizeof(szName), "Queue %s", pQueue->pszName);
-        rc = TMR3TimerCreate(pVM, TMCLOCK_REAL, pdmR3QueueTimer, pQueue, TMTIMER_FLAGS_NO_RING0, szName, &pQueue->hTimer);
+        char szName[48+6];
+        RTStrPrintf(szName, sizeof(szName), "Que/%s", pQueue->szName);
+        int rc = TMR3TimerCreate(pVM, TMCLOCK_REAL, pdmR3QueueTimer, pQueue, TMTIMER_FLAGS_NO_RING0, szName, &pQueue->hTimer);
         if (RT_SUCCESS(rc))
         {
             rc = TMTimerSetMillies(pVM, pQueue->hTimer, cMilliesInterval);
-            if (RT_FAILURE(rc))
+            if (RT_SUCCESS(rc))
+                pQueue->cMilliesInterval = cMilliesInterval;
+            else
             {
                 AssertMsgFailed(("TMTimerSetMillies failed rc=%Rrc\n", rc));
                 int rc2 = TMR3TimerDestroy(pVM, pQueue->hTimer); AssertRC(rc2);
+                pQueue->hTimer = NIL_TMTIMERHANDLE;
             }
         }
@@ -125 +181 @@
         if (RT_FAILURE(rc))
         {
-            if (fRZEnabled)
-                MMHyperFree(pVM, pQueue);
-            else
-                MMR3HeapFree(pQueue);
+            if (!fRZEnabled)
+                PDMR3QueueDestroy(pVM, hQueue, pvOwner);
+            /* else: will clean up queue when VM is destroyed */
             return rc;
         }
-
-        /*
-         * Insert into the queue list for timer driven queues.
-         */
-        pdmLock(pVM);
-        pQueue->pNext = pUVM->pdm.s.pQueuesTimer;
-        pUVM->pdm.s.pQueuesTimer = pQueue;
-        pdmUnlock(pVM);
-    }
-    else
-    {
-        /*
-         * Insert into the queue list for forced action driven queues.
-         * This is a FIFO, so insert at the end.
-         */
-        /** @todo we should add a priority to the queues so we don't have to rely on
-         * the initialization order to deal with problems like @bugref{1605} (pgm/pcnet
-         * deadlock caused by the critsect queue to be last in the chain).
-         * - Update, the critical sections are no longer using queues, so this isn't a real
-         *   problem any longer. The priority might be a nice feature for later though.
-         */
-        pdmLock(pVM);
-        if (!pUVM->pdm.s.pQueuesForced)
-            pUVM->pdm.s.pQueuesForced = pQueue;
-        else
-        {
-            PPDMQUEUE pPrev = pUVM->pdm.s.pQueuesForced;
-            while (pPrev->pNext)
-                pPrev = pPrev->pNext;
-            pPrev->pNext = pQueue;
-        }
-        pdmUnlock(pVM);
     }
 
@@ -168 +191 @@
      * Register the statistics.
      */
-    STAMR3RegisterF(pVM, &pQueue->cbItem,               STAMTYPE_U32,     STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,        "Item size.",                       "/PDM/Queue/%s/cbItem",         pQueue->pszName);
-    STAMR3RegisterF(pVM, &pQueue->cItems,               STAMTYPE_U32,     STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,        "Queue size.",                      "/PDM/Queue/%s/cItems",         pQueue->pszName);
-    STAMR3RegisterF(pVM, &pQueue->StatAllocFailures,    STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,   "PDMQueueAlloc failures.",          "/PDM/Queue/%s/AllocFailures",  pQueue->pszName);
-    STAMR3RegisterF(pVM, &pQueue->StatInsert,           STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_CALLS,        "Calls to PDMQueueInsert.",         "/PDM/Queue/%s/Insert",         pQueue->pszName);
-    STAMR3RegisterF(pVM, &pQueue->StatFlush,            STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_CALLS,        "Calls to pdmR3QueueFlush.",        "/PDM/Queue/%s/Flush",          pQueue->pszName);
-    STAMR3RegisterF(pVM, &pQueue->StatFlushLeftovers,   STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,   "Left over items after flush.",     "/PDM/Queue/%s/FlushLeftovers", pQueue->pszName);
+    STAMR3RegisterF(pVM, &pQueue->cbItem,               STAMTYPE_U32,     STAMVISIBILITY_ALWAYS, STAMUNIT_BYTES,
+                    "Item size.",                       "/PDM/Queue/%s/cbItem",         pQueue->szName);
+    STAMR3RegisterF(pVM, &pQueue->cItems,               STAMTYPE_U32,     STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
+                    "Queue size.",                      "/PDM/Queue/%s/cItems",         pQueue->szName);
+    STAMR3RegisterF(pVM, &pQueue->rcOkay,               STAMTYPE_U32, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
+                    "Non-zero means queue is busted.",  "/PDM/Queue/%s/rcOkay",         pQueue->szName);
+    STAMR3RegisterF(pVM, &pQueue->StatAllocFailures,    STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
+                    "PDMQueueAlloc failures.",          "/PDM/Queue/%s/AllocFailures",  pQueue->szName);
+    STAMR3RegisterF(pVM, &pQueue->StatInsert,           STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_CALLS,
+                    "Calls to PDMQueueInsert.",         "/PDM/Queue/%s/Insert",         pQueue->szName);
+    STAMR3RegisterF(pVM, &pQueue->StatFlush,            STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_CALLS,
+                    "Calls to pdmR3QueueFlush.",        "/PDM/Queue/%s/Flush",          pQueue->szName);
+    STAMR3RegisterF(pVM, &pQueue->StatFlushLeftovers,   STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_OCCURENCES,
+                    "Left over items after flush.",     "/PDM/Queue/%s/FlushLeftovers", pQueue->szName);
 #ifdef VBOX_WITH_STATISTICS
-    STAMR3RegisterF(pVM, &pQueue->StatFlushPrf,         STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL, "Profiling pdmR3QueueFlush.",     "/PDM/Queue/%s/FlushPrf",       pQueue->pszName);
-    STAMR3RegisterF(pVM, (void *)&pQueue->cStatPending, STAMTYPE_U32,     STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,        "Pending items.",                   "/PDM/Queue/%s/Pending",        pQueue->pszName);
+    STAMR3RegisterF(pVM, &pQueue->StatFlushPrf,         STAMTYPE_PROFILE, STAMVISIBILITY_ALWAYS, STAMUNIT_TICKS_PER_CALL,
+                    "Profiling pdmR3QueueFlush.",       "/PDM/Queue/%s/FlushPrf",       pQueue->szName);
+    STAMR3RegisterF(pVM, (void *)&pQueue->cStatPending, STAMTYPE_U32,     STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
+                    "Pending items.",                   "/PDM/Queue/%s/Pending",        pQueue->szName);
 #endif
 
-    *ppQueue = pQueue;
+    *phQueue = hQueue;
     return VINF_SUCCESS;
 }
@@ -196 +229 @@
  * @param   pfnCallback         The consumer function.
  * @param   fRZEnabled          Set if the queue must be usable from RC/R0.
- * @param   pszName             The queue name. Unique. Not copied.
- * @param   ppQueue             Where to store the queue handle on success.
+ * @param   pszName             The queue name. Unique. Copied.
+ * @param   phQueue             Where to store the queue handle on success.
  * @thread  Emulation thread only.
  */
-VMMR3_INT_DECL(int) PDMR3QueueCreateDevice(PVM pVM, PPDMDEVINS pDevIns, size_t cbItem, uint32_t cItems, uint32_t cMilliesInterval,
-                                           PFNPDMQUEUEDEV pfnCallback, bool fRZEnabled, const char *pszName, PPDMQUEUE *ppQueue)
+VMMR3_INT_DECL(int) PDMR3QueueCreateDevice(PVM pVM, PPDMDEVINS pDevIns, size_t cbItem, uint32_t cItems,
+                                           uint32_t cMilliesInterval, PFNPDMQUEUEDEV pfnCallback,
+                                           bool fRZEnabled, const char *pszName, PDMQUEUEHANDLE *phQueue)
 {
     LogFlow(("PDMR3QueueCreateDevice: pDevIns=%p cbItem=%d cItems=%d cMilliesInterval=%d pfnCallback=%p fRZEnabled=%RTbool pszName=%s\n",
@@ -210 +244 @@
      */
     VM_ASSERT_EMT0(pVM);
-    if (!pfnCallback)
-    {
-        AssertMsgFailed(("No consumer callback!\n"));
-        return VERR_INVALID_PARAMETER;
-    }
+    AssertPtrReturn(pfnCallback, VERR_INVALID_POINTER);
+    AssertPtrReturn(pDevIns, VERR_INVALID_POINTER);
+
+    if (!(pDevIns->Internal.s.fIntFlags & PDMDEVINSINT_FLAGS_R0_ENABLED))
+        fRZEnabled = false;
 
     /*
      * Create the queue.
      */
-    PPDMQUEUE pQueue;
-    int rc = pdmR3QueueCreate(pVM, cbItem, cItems, cMilliesInterval, fRZEnabled, pszName, &pQueue);
+    int rc = pdmR3QueueCreate(pVM, cbItem, cItems, cMilliesInterval, fRZEnabled, pszName,
+                              PDMQUEUETYPE_DEV, pDevIns, (uintptr_t)pfnCallback, phQueue);
     if (RT_SUCCESS(rc))
-    {
-        pQueue->enmType = PDMQUEUETYPE_DEV;
-        pQueue->u.Dev.pDevIns = pDevIns;
-        pQueue->u.Dev.pfnCallback = pfnCallback;
-
-        *ppQueue = pQueue;
-        Log(("PDM: Created device queue %p; cbItem=%d cItems=%d cMillies=%d pfnCallback=%p pDevIns=%p\n",
-             pQueue, cbItem, cItems, cMilliesInterval, pfnCallback, pDevIns));
-    }
+        Log(("PDM: Created device queue %#RX64; cbItem=%d cItems=%d cMillies=%d pfnCallback=%p pDevIns=%p\n",
+             *phQueue, cbItem, cItems, cMilliesInterval, pfnCallback, pDevIns));
     return rc;
 }
@@ -246 +273 @@
  *                              If 0 then the emulation thread will be notified whenever an item arrives.
  * @param   pfnCallback         The consumer function.
- * @param   pszName             The queue name. Unique. Not copied.
- * @param   ppQueue             Where to store the queue handle on success.
+ * @param   pszName             The queue name. Unique. Copied.
+ * @param   phQueue             Where to store the queue handle on success.
  * @thread  Emulation thread only.
  */
 VMMR3_INT_DECL(int) PDMR3QueueCreateDriver(PVM pVM, PPDMDRVINS pDrvIns, size_t cbItem, uint32_t cItems, uint32_t cMilliesInterval,
-                                           PFNPDMQUEUEDRV pfnCallback, const char *pszName, PPDMQUEUE *ppQueue)
+                                           PFNPDMQUEUEDRV pfnCallback, const char *pszName, PDMQUEUEHANDLE *phQueue)
 {
     LogFlow(("PDMR3QueueCreateDriver: pDrvIns=%p cbItem=%d cItems=%d cMilliesInterval=%d pfnCallback=%p pszName=%s\n",
@@ -261 +288 @@
     VM_ASSERT_EMT0(pVM);
     AssertPtrReturn(pfnCallback, VERR_INVALID_POINTER);
+    AssertPtrReturn(pDrvIns, VERR_INVALID_POINTER);
 
     /*
      * Create the queue.
      */
-    PPDMQUEUE pQueue;
-    int rc = pdmR3QueueCreate(pVM, cbItem, cItems, cMilliesInterval, false, pszName, &pQueue);
+    int rc = pdmR3QueueCreate(pVM, cbItem, cItems, cMilliesInterval, false /*fRZEnabled*/, pszName,
+                              PDMQUEUETYPE_DRV, pDrvIns, (uintptr_t)pfnCallback, phQueue);
     if (RT_SUCCESS(rc))
-    {
-        pQueue->enmType = PDMQUEUETYPE_DRV;
-        pQueue->u.Drv.pDrvIns = pDrvIns;
-        pQueue->u.Drv.pfnCallback = pfnCallback;
-
-        *ppQueue = pQueue;
-        Log(("PDM: Created driver queue %p; cbItem=%d cItems=%d cMillies=%d pfnCallback=%p pDrvIns=%p\n",
-             pQueue, cbItem, cItems, cMilliesInterval, pfnCallback, pDrvIns));
-    }
+        Log(("PDM: Created driver queue %#RX64; cbItem=%d cItems=%d cMillies=%d pfnCallback=%p pDrvIns=%p\n",
+             *phQueue, cbItem, cItems, cMilliesInterval, pfnCallback, pDrvIns));
     return rc;
 }
@@ -292 +313 @@
  * @param   pfnCallback         The consumer function.
  * @param   fRZEnabled          Set if the queue must be usable from RC/R0.
- * @param   pszName             The queue name. Unique. Not copied.
- * @param   ppQueue             Where to store the queue handle on success.
+ * @param   pszName             The queue name. Unique. Copied.
+ * @param   phQueue             Where to store the queue handle on success.
  * @thread  Emulation thread only.
  */
 VMMR3_INT_DECL(int) PDMR3QueueCreateInternal(PVM pVM, size_t cbItem, uint32_t cItems, uint32_t cMilliesInterval,
-                                             PFNPDMQUEUEINT pfnCallback, bool fRZEnabled, const char *pszName, PPDMQUEUE *ppQueue)
+                                             PFNPDMQUEUEINT pfnCallback, bool fRZEnabled,
+                                             const char *pszName, PDMQUEUEHANDLE *phQueue)
 {
     LogFlow(("PDMR3QueueCreateInternal: cbItem=%d cItems=%d cMilliesInterval=%d pfnCallback=%p fRZEnabled=%RTbool pszName=%s\n",
@@ -311 +333 @@
      * Create the queue.
      */
-    PPDMQUEUE pQueue;
-    int rc = pdmR3QueueCreate(pVM, cbItem, cItems, cMilliesInterval, fRZEnabled, pszName, &pQueue);
+    int rc = pdmR3QueueCreate(pVM, cbItem, cItems, cMilliesInterval, fRZEnabled, pszName,
+                              PDMQUEUETYPE_INTERNAL, pVM, (uintptr_t)pfnCallback, phQueue);
     if (RT_SUCCESS(rc))
-    {
-        pQueue->enmType = PDMQUEUETYPE_INTERNAL;
-        pQueue->u.Int.pfnCallback = pfnCallback;
-
-        *ppQueue = pQueue;
         Log(("PDM: Created internal queue %p; cbItem=%d cItems=%d cMillies=%d pfnCallback=%p\n",
-             pQueue, cbItem, cItems, cMilliesInterval, pfnCallback));
-    }
+             *phQueue, cbItem, cItems, cMilliesInterval, pfnCallback));
     return rc;
 }
@@ -338 +354 @@
  * @param   pvUser              The user argument to the consumer function.
  * @param   pszName             The queue name. Unique. Not copied.
- * @param   ppQueue             Where to store the queue handle on success.
+ * @param   phQueue             Where to store the queue handle on success.
  * @thread  Emulation thread only.
  */
-VMMR3_INT_DECL(int) PDMR3QueueCreateExternal(PVM pVM, size_t cbItem, uint32_t cItems, uint32_t cMilliesInterval,
-                                             PFNPDMQUEUEEXT pfnCallback, void *pvUser, const char *pszName, PPDMQUEUE *ppQueue)
-{
-    LogFlow(("PDMR3QueueCreateExternal: cbItem=%d cItems=%d cMilliesInterval=%d pfnCallback=%p pszName=%s\n", cbItem, cItems, cMilliesInterval, pfnCallback, pszName));
+VMMR3DECL(int) PDMR3QueueCreateExternal(PVM pVM, size_t cbItem, uint32_t cItems, uint32_t cMilliesInterval,
+                                        PFNPDMQUEUEEXT pfnCallback, void *pvUser,
+                                        const char *pszName, PDMQUEUEHANDLE *phQueue)
+{
+    LogFlow(("PDMR3QueueCreateExternal: cbItem=%d cItems=%d cMilliesInterval=%d pfnCallback=%p pszName=%s\n",
+             cbItem, cItems, cMilliesInterval, pfnCallback, pszName));
 
     /*
@@ -355 +373 @@
      * Create the queue.
      */
+    int rc = pdmR3QueueCreate(pVM, cbItem, cItems, cMilliesInterval, false /*fRZEnabled*/, pszName,
+                              PDMQUEUETYPE_EXTERNAL, pvUser, (uintptr_t)pfnCallback, phQueue);
+    if (RT_SUCCESS(rc))
+        Log(("PDM: Created external queue %p; cbItem=%d cItems=%d cMillies=%d pfnCallback=%p pvUser=%p\n",
+             *phQueue, cbItem, cItems, cMilliesInterval, pfnCallback, pvUser));
+    return rc;
+}
+
+
+/**
+ * Destroy a queue.
+ *
+ * @returns VBox status code.
+ * @param   pVM         Pointer to the cross context VM structure.
+ * @param   hQueue      Handle to the queue that should be destroyed.
+ * @param   pvOwner     The owner address.
+ * @thread  EMT(0)
+ * @note    Externally visible mainly for testing purposes.
+ */
+VMMR3DECL(int) PDMR3QueueDestroy(PVM pVM, PDMQUEUEHANDLE hQueue, void *pvOwner)
+{
+    LogFlow(("PDMR3QueueDestroy: hQueue=%p pvOwner=%p\n", hQueue, pvOwner));
+
+    /*
+     * Validate input.
+     */
+    VM_ASSERT_EMT0_RETURN(pVM, VERR_VM_THREAD_NOT_EMT); /* serialization */
+    if (hQueue == NIL_PDMQUEUEHANDLE)
+        return VINF_SUCCESS;
+
     PPDMQUEUE pQueue;
-    int rc = pdmR3QueueCreate(pVM, cbItem, cItems, cMilliesInterval, false, pszName, &pQueue);
-    if (RT_SUCCESS(rc))
-    {
-        pQueue->enmType = PDMQUEUETYPE_EXTERNAL;
-        pQueue->u.Ext.pvUser = pvUser;
-        pQueue->u.Ext.pfnCallback = pfnCallback;
-
-        *ppQueue = pQueue;
-        Log(("PDM: Created external queue %p; cbItem=%d cItems=%d cMillies=%d pfnCallback=%p pvUser=%p\n",
-             pQueue, cbItem, cItems, cMilliesInterval, pfnCallback, pvUser));
-    }
-    return rc;
-}
-
-
-/**
- * Destroy a queue.
- *
- * @returns VBox status code.
- * @param   pQueue      Queue to destroy.
- * @thread  Emulation thread only.
- */
-VMMR3_INT_DECL(int) PDMR3QueueDestroy(PPDMQUEUE pQueue)
-{
-    LogFlow(("PDMR3QueueDestroy: pQueue=%p\n", pQueue));
-
-    /*
-     * Validate input.
-     */
-    if (!pQueue)
-        return VERR_INVALID_PARAMETER;
-    Assert(pQueue && pQueue->pVMR3);
-    PVM     pVM  = pQueue->pVMR3;
-    PUVM    pUVM = pVM->pUVM;
-
-    pdmLock(pVM);
-
-    /*
-     * Unlink it.
-     */
-    if (pQueue->hTimer != NIL_TMTIMERHANDLE)
-    {
-        if (pUVM->pdm.s.pQueuesTimer != pQueue)
-        {
-            PPDMQUEUE pCur = pUVM->pdm.s.pQueuesTimer;
-            while (pCur)
-            {
-                if (pCur->pNext == pQueue)
-                {
-                    pCur->pNext = pQueue->pNext;
-                    break;
-                }
-                pCur = pCur->pNext;
-            }
-            AssertMsg(pCur, ("Didn't find the queue!\n"));
+    bool      fRZEnabled = false;
+    if (hQueue < RT_ELEMENTS(pVM->pdm.s.apRing0Queues))
+    {
+        AssertReturn(hQueue < pVM->pdm.s.cRing0Queues, VERR_INVALID_HANDLE);
+        pQueue = pVM->pdm.s.apRing0Queues[hQueue];
+        AssertPtrReturn(pQueue, VERR_INVALID_HANDLE);
+        AssertReturn(pQueue->u32Magic == PDMQUEUE_MAGIC, VERR_INVALID_HANDLE);
+        AssertReturn(pQueue->u.Gen.pvOwner == pvOwner, VERR_INVALID_HANDLE);
+
+        /* Lazy bird: Cannot dynamically delete ring-0 capable queues. */
+        AssertFailedReturn(VERR_NOT_SUPPORTED);
+    }
+    else
+    {
+        hQueue -= RT_ELEMENTS(pVM->pdm.s.apRing0Queues);
+        AssertReturn(hQueue < pVM->pdm.s.cRing3Queues, VERR_INVALID_HANDLE);
+        pQueue = pVM->pdm.s.papRing3Queues[hQueue];
+        AssertPtrReturn(pQueue, VERR_INVALID_HANDLE);
+        AssertReturn(pQueue->u32Magic == PDMQUEUE_MAGIC, VERR_INVALID_HANDLE);
+        AssertReturn(pQueue->u.Gen.pvOwner == pvOwner, VERR_INVALID_HANDLE);
+
+        /* Enter the lock here to serialize with other EMTs traversing the handles. */
+        pdmLock(pVM);
+        pVM->pdm.s.papRing3Queues[hQueue] = NULL;
+        if (hQueue + 1 == pVM->pdm.s.cRing3Queues)
+        {
+            while (hQueue > 0 && pVM->pdm.s.papRing3Queues[hQueue - 1] == NULL)
+                hQueue--;
+            pVM->pdm.s.cRing3Queues = hQueue;
         }
-        else
-            pUVM->pdm.s.pQueuesTimer = pQueue->pNext;
-    }
-    else
-    {
-        if (pUVM->pdm.s.pQueuesForced != pQueue)
-        {
-            PPDMQUEUE pCur = pUVM->pdm.s.pQueuesForced;
-            while (pCur)
-            {
-                if (pCur->pNext == pQueue)
-                {
-                    pCur->pNext = pQueue->pNext;
-                    break;
-                }
-                pCur = pCur->pNext;
-            }
-            AssertMsg(pCur, ("Didn't find the queue!\n"));
-        }
-        else
-            pUVM->pdm.s.pQueuesForced = pQueue->pNext;
-    }
-    pQueue->pNext = NULL;
-    pQueue->pVMR3 = NULL;
-    pdmUnlock(pVM);
+        pQueue->u32Magic = PDMQUEUE_MAGIC_DEAD;
+        pdmUnlock(pVM);
+    }
 
     /*
      * Deregister statistics.
      */
-    STAMR3DeregisterF(pVM->pUVM, "/PDM/Queue/%s/cbItem", pQueue->pszName);
+    STAMR3DeregisterF(pVM->pUVM, "/PDM/Queue/%s/*", pQueue->szName);
 
     /*
@@ -451 +451 @@
         pQueue->hTimer = NIL_TMTIMERHANDLE;
     }
-    if (pQueue->pVMR0)
-    {
-        pQueue->pVMR0 = NIL_RTR0PTR;
-        MMHyperFree(pVM, pQueue);
-    }
-    else
-        MMR3HeapFree(pQueue);
+    if (!fRZEnabled)
+        RTMemPageFree(pQueue, pQueue->offItems + pQueue->cbItem * pQueue->cItems);
+
+    return VINF_SUCCESS;
+}
+
+
+/**
+ * Destroy a all queues with a given owner.
+ *
+ * @returns VBox status code.
+ * @param   pVM         The cross context VM structure.
+ * @param   pvOwner     The owner pointer.
+ * @param   enmType     Owner type.
+ * @thread  EMT(0)
+ */
+static int pdmR3QueueDestroyByOwner(PVM pVM, void *pvOwner, PDMQUEUETYPE enmType)
+{
+    LogFlow(("pdmR3QueueDestroyByOwner: pvOwner=%p enmType=%d\n", pvOwner, enmType));
+
+    /*
+     * Validate input.
+     */
+    AssertPtrReturn(pvOwner, VERR_INVALID_PARAMETER);
+    AssertReturn(pvOwner != pVM, VERR_INVALID_PARAMETER);
+    VM_ASSERT_EMT0_RETURN(pVM, VERR_VM_THREAD_NOT_EMT); /* serialization */
+
+    /*
+     * Scan and destroy.
+     */
+    uint32_t i = pVM->pdm.s.cRing0Queues;
+    while (i-- > 0)
+    {
+        PPDMQUEUE pQueue = pVM->pdm.s.apRing0Queues[i];
+        if (   pQueue
+            && pQueue->u.Gen.pvOwner == pvOwner
+            && pQueue->enmType == enmType)
+        {
+            /* Not supported at runtime. */
+            VM_ASSERT_STATE_RETURN(pVM, VMSTATE_DESTROYING, VERR_WRONG_ORDER);
+        }
+    }
+
+    i = pVM->pdm.s.cRing3Queues;
+    while (i-- > 0)
+    {
+        PPDMQUEUE pQueue = pVM->pdm.s.papRing3Queues[i];
+        if (   pQueue
+            && pQueue->u.Gen.pvOwner == pvOwner
+            && pQueue->enmType       == enmType)
+            PDMR3QueueDestroy(pVM, i + RT_ELEMENTS(pVM->pdm.s.apRing0Queues), pvOwner);
+    }
 
     return VINF_SUCCESS;
@@ -469 +514 @@
  * @param   pVM         The cross context VM structure.
  * @param   pDevIns     Device instance.
- * @thread  Emulation thread only.
+ * @thread  EMT(0)
  */
 VMMR3_INT_DECL(int) PDMR3QueueDestroyDevice(PVM pVM, PPDMDEVINS pDevIns)
 {
     LogFlow(("PDMR3QueueDestroyDevice: pDevIns=%p\n", pDevIns));
-
-    /*
-     * Validate input.
-     */
-    if (!pDevIns)
-        return VERR_INVALID_PARAMETER;
-
-    PUVM pUVM = pVM->pUVM;
-    pdmLock(pVM);
-
-    /*
-     * Unlink it.
-     */
-    PPDMQUEUE pQueueNext = pUVM->pdm.s.pQueuesTimer;
-    PPDMQUEUE pQueue     = pUVM->pdm.s.pQueuesForced;
-    do
-    {
-        while (pQueue)
-        {
-            if (    pQueue->enmType == PDMQUEUETYPE_DEV
-                &&  pQueue->u.Dev.pDevIns == pDevIns)
-            {
-                PPDMQUEUE pQueueDestroy = pQueue;
-                pQueue = pQueue->pNext;
-                int rc = PDMR3QueueDestroy(pQueueDestroy);
-                AssertRC(rc);
-            }
-            else
-                pQueue = pQueue->pNext;
-        }
-
-        /* next queue list */
-        pQueue = pQueueNext;
-        pQueueNext = NULL;
-    } while (pQueue);
-
-    pdmUnlock(pVM);
-    return VINF_SUCCESS;
+    return pdmR3QueueDestroyByOwner(pVM, pDevIns, PDMQUEUETYPE_DEV);
 }
 
@@ -521 +529 @@
  * @param   pVM         The cross context VM structure.
  * @param   pDrvIns     Driver instance.
- * @thread  Emulation thread only.
+ * @thread  EMT(0)
  */
 VMMR3_INT_DECL(int) PDMR3QueueDestroyDriver(PVM pVM, PPDMDRVINS pDrvIns)
 {
     LogFlow(("PDMR3QueueDestroyDriver: pDrvIns=%p\n", pDrvIns));
-
-    /*
-     * Validate input.
-     */
-    if (!pDrvIns)
-        return VERR_INVALID_PARAMETER;
-
-    PUVM pUVM = pVM->pUVM;
-    pdmLock(pVM);
-
-    /*
-     * Unlink it.
-     */
-    PPDMQUEUE pQueueNext = pUVM->pdm.s.pQueuesTimer;
-    PPDMQUEUE pQueue     = pUVM->pdm.s.pQueuesForced;
-    do
-    {
-        while (pQueue)
-        {
-            if (    pQueue->enmType == PDMQUEUETYPE_DRV
-                &&  pQueue->u.Drv.pDrvIns == pDrvIns)
+    return pdmR3QueueDestroyByOwner(pVM, pDrvIns, PDMQUEUETYPE_DRV);
+}
+
+
+/**
+ * Free an item.
+ *
+ * @param   pQueue  The queue.
+ * @param   pItem   The item.
+ */
+DECLINLINE(void) pdmR3QueueFreeItem(PPDMQUEUE pQueue, uint8_t *pbItems, uint32_t cbItem, PPDMQUEUEITEMCORE pItem)
+{
+    pItem->u64View = UINT64_C(0xfeedfeedfeedfeed);
+
+    uintptr_t const offItem = (uintptr_t)pItem - (uintptr_t)pbItems;
+    uintptr_t const iItem   = offItem / cbItem;
+    Assert(!(offItem % cbItem));
+    Assert(iItem < pQueue->cItems);
+    AssertReturnVoidStmt(ASMAtomicBitTestAndSet(pQueue->bmAlloc, iItem) == false, pQueue->rcOkay = VERR_INTERNAL_ERROR_4);
+    STAM_STATS({ ASMAtomicDecU32(&pQueue->cStatPending); });
+}
+
+
+
+/**
+ * Process pending items in one queue.
+ *
+ * @returns VBox status code.
+ * @param   pVM     The cross context VM structure.
+ * @param   pQueue  The queue needing flushing.
+ */
+static int pdmR3QueueFlush(PVM pVM, PPDMQUEUE pQueue)
+{
+    STAM_PROFILE_START(&pQueue->StatFlushPrf,p);
+
+    uint32_t const  cbItem  = pQueue->cbItem;
+    uint32_t const  cItems  = pQueue->cItems;
+    uint8_t * const pbItems = (uint8_t *)pQueue + pQueue->offItems;
+
+    /*
+     * Get the list and reverse it into a pointer list (inserted in LIFO order to avoid locking).
+     */
+    uint32_t          cPending = 0;
+    PPDMQUEUEITEMCORE pHead    = NULL;
+    {
+        uint32_t iCur = ASMAtomicXchgU32(&pQueue->iPending, UINT32_MAX);
+        do
+        {
+            AssertMsgReturn(iCur < cItems, ("%#x vs %#x\n", iCur, cItems), pQueue->rcOkay = VERR_INTERNAL_ERROR_5);
+            AssertReturn(ASMBitTest(pQueue->bmAlloc, iCur) == false, pQueue->rcOkay = VERR_INTERNAL_ERROR_3);
+            PPDMQUEUEITEMCORE pCur = (PPDMQUEUEITEMCORE)&pbItems[iCur * cbItem];
+
+            iCur = pCur->iNext;
+            ASMCompilerBarrier(); /* paranoia */
+            pCur->pNext = pHead;
+            pHead = pCur;
+            cPending++;
+        } while (iCur != UINT32_MAX);
+    }
+    RT_NOREF(cPending);
+
+    /*
+     * Feed the items to the consumer function.
+     */
+    Log2(("pdmR3QueueFlush: pQueue=%p enmType=%d pHead=%p cItems=%u\n", pQueue, pQueue->enmType, pHead, cPending));
+    switch (pQueue->enmType)
+    {
+        case PDMQUEUETYPE_DEV:
+            while (pHead)
             {
-                PPDMQUEUE pQueueDestroy = pQueue;
-                pQueue = pQueue->pNext;
-                int rc = PDMR3QueueDestroy(pQueueDestroy);
-                AssertRC(rc);
+                if (!pQueue->u.Dev.pfnCallback(pQueue->u.Dev.pDevIns, pHead))
+                    break;
+                PPDMQUEUEITEMCORE pFree = pHead;
+                pHead = pHead->pNext;
+                ASMCompilerBarrier(); /* paranoia */
+                pdmR3QueueFreeItem(pQueue, pbItems, cbItem, pFree);
             }
-            else
-                pQueue = pQueue->pNext;
+            break;
+
+        case PDMQUEUETYPE_DRV:
+            while (pHead)
+            {
+                if (!pQueue->u.Drv.pfnCallback(pQueue->u.Drv.pDrvIns, pHead))
+                    break;
+                PPDMQUEUEITEMCORE pFree = pHead;
+                pHead = pHead->pNext;
+                ASMCompilerBarrier(); /* paranoia */
+                pdmR3QueueFreeItem(pQueue, pbItems, cbItem, pFree);
+            }
+            break;
+
+        case PDMQUEUETYPE_INTERNAL:
+            while (pHead)
+            {
+                if (!pQueue->u.Int.pfnCallback(pVM, pHead))
+                    break;
+                PPDMQUEUEITEMCORE pFree = pHead;
+                pHead = pHead->pNext;
+                ASMCompilerBarrier(); /* paranoia */
+                pdmR3QueueFreeItem(pQueue, pbItems, cbItem, pFree);
+            }
+            break;
+
+        case PDMQUEUETYPE_EXTERNAL:
+            while (pHead)
+            {
+                if (!pQueue->u.Ext.pfnCallback(pQueue->u.Ext.pvUser, pHead))
+                    break;
+                PPDMQUEUEITEMCORE pFree = pHead;
+                pHead = pHead->pNext;
+                ASMCompilerBarrier(); /* paranoia */
+                pdmR3QueueFreeItem(pQueue, pbItems, cbItem, pFree);
+            }
+            break;
+
+        default:
+            AssertMsgFailed(("Invalid queue type %d\n", pQueue->enmType));
+            break;
+    }
+
+    /*
+     * Success?
+     */
+    if (!pHead)
+    { /* likely */ }
+    else
+    {
+        /*
+         * Reverse the list and turn it back into index chain.
+         */
+        uint32_t iPendingHead = UINT32_MAX;
+        do
+        {
+            PPDMQUEUEITEMCORE pInsert = pHead;
+            pHead = pHead->pNext;
+            ASMCompilerBarrier(); /* paranoia */
+            pInsert->iNext = iPendingHead;
+            iPendingHead = ((uintptr_t)pInsert - (uintptr_t)pbItems) / cbItem;
+        } while (pHead);
+
+        /*
+         * Insert the list at the tail of the pending list.  If someone races
+         * us there, we have to join the new LIFO with the old.
+         */
+        for (;;)
+        {
+            if (ASMAtomicCmpXchgU32(&pQueue->iPending, iPendingHead, UINT32_MAX))
+                break;
+
+            uint32_t const iNewPending = ASMAtomicXchgU32(&pQueue->iPending, UINT32_MAX);
+            if (iNewPending != UINT32_MAX)
+            {
+                /* Find the last entry and chain iPendingHead onto it. */
+                uint32_t iCur = iNewPending;
+                for (;;)
+                {
+                    AssertReturn(iCur < cItems, pQueue->rcOkay = VERR_INTERNAL_ERROR_2);
+                    AssertReturn(ASMBitTest(pQueue->bmAlloc, iCur) == false, pQueue->rcOkay = VERR_INTERNAL_ERROR_3);
+                    PPDMQUEUEITEMCORE pCur = (PPDMQUEUEITEMCORE)&pbItems[iCur * cbItem];
+                    iCur = pCur->iNext;
+                    if (iCur == UINT32_MAX)
+                    {
+                        pCur->iNext = iPendingHead;
+                        break;
+                    }
+                }
+
+                iPendingHead = iNewPending;
+            }
         }
 
-        /* next queue list */
-        pQueue = pQueueNext;
-        pQueueNext = NULL;
-    } while (pQueue);
-
-    pdmUnlock(pVM);
+        STAM_REL_COUNTER_INC(&pQueue->StatFlushLeftovers);
+    }
+
+    STAM_PROFILE_STOP(&pQueue->StatFlushPrf,p);
     return VINF_SUCCESS;
 }
@@ -573 +719 @@
  * @param   pVM     The cross context VM structure.
  * @thread  Emulation thread only.
- */
-VMMR3_INT_DECL(void) PDMR3QueueFlushAll(PVM pVM)
+ * @note    Internal, but exported for use in the testcase.
+ */
+VMMR3DECL(void) PDMR3QueueFlushAll(PVM pVM)
 {
     VM_ASSERT_EMT(pVM);
@@ -593 +740 @@
         ASMAtomicBitClear(&pVM->pdm.s.fQueueFlushing, PDM_QUEUE_FLUSH_FLAG_PENDING_BIT);
 
-        for (PPDMQUEUE pCur = pVM->pUVM->pdm.s.pQueuesForced; pCur; pCur = pCur->pNext)
-            if (    pCur->pPendingR3
-                ||  pCur->pPendingR0)
-                pdmR3QueueFlush(pCur);
+        /* Scan the ring-0 queues: */
+        size_t i = pVM->pdm.s.cRing0Queues;
+        while (i-- > 0)
+        {
+            PPDMQUEUE pQueue = pVM->pdm.s.apRing0Queues[i];
+            if (   pQueue
+                && pQueue->iPending != UINT32_MAX
+                && pQueue->hTimer == NIL_TMTIMERHANDLE
+                && pQueue->rcOkay == VINF_SUCCESS)
+                pdmR3QueueFlush(pVM, pQueue);
+        }
+
+        /* Scan the ring-3 queues: */
+/** @todo Deal with destroy concurrency issues. */
+        i = pVM->pdm.s.cRing3Queues;
+        while (i-- > 0)
+        {
+            PPDMQUEUE pQueue = pVM->pdm.s.papRing3Queues[i];
+            if (   pQueue
+                && pQueue->iPending != UINT32_MAX
+                && pQueue->hTimer == NIL_TMTIMERHANDLE
+                && pQueue->rcOkay == VINF_SUCCESS)
+                pdmR3QueueFlush(pVM, pQueue);
+        }
 
         ASMAtomicBitClear(&pVM->pdm.s.fQueueFlushing, PDM_QUEUE_FLUSH_FLAG_ACTIVE_BIT);
@@ -609 +776 @@
 
 
-/**
- * Process pending items in one queue.
- *
- * @returns Success indicator.
- *          If false the item the consumer said "enough!".
- * @param   pQueue  The queue.
- */
-static bool pdmR3QueueFlush(PPDMQUEUE pQueue)
-{
-    STAM_PROFILE_START(&pQueue->StatFlushPrf,p);
-
-    /*
-     * Get the lists.
-     */
-    PPDMQUEUEITEMCORE pItems   = ASMAtomicXchgPtrT(&pQueue->pPendingR3, NULL, PPDMQUEUEITEMCORE);
-    RTR0PTR           pItemsR0 = ASMAtomicXchgR0Ptr(&pQueue->pPendingR0, NIL_RTR0PTR);
-
-    AssertMsgReturn(   pItemsR0
-                    || pItems,
-                    ("Someone is racing us? This shouldn't happen!\n"),
-                    true);
-
-    /*
-     * Reverse the list (it's inserted in LIFO order to avoid semaphores, remember).
-     */
-    PPDMQUEUEITEMCORE pCur = pItems;
-    pItems = NULL;
-    while (pCur)
-    {
-        PPDMQUEUEITEMCORE pInsert = pCur;
-        pCur = pCur->pNextR3;
-        pInsert->pNextR3 = pItems;
-        pItems = pInsert;
-    }
-
-    /*
-     * Do the same for any pending R0 items.
-     */
-    while (pItemsR0)
-    {
-        PPDMQUEUEITEMCORE pInsert = (PPDMQUEUEITEMCORE)MMHyperR0ToR3(pQueue->pVMR3, pItemsR0);
-        pItemsR0 = pInsert->pNextR0;
-        pInsert->pNextR0 = NIL_RTR0PTR;
-        pInsert->pNextR3 = pItems;
-        pItems = pInsert;
-    }
-
-    /*
-     * Feed the items to the consumer function.
-     */
-    Log2(("pdmR3QueueFlush: pQueue=%p enmType=%d pItems=%p\n", pQueue, pQueue->enmType, pItems));
-    switch (pQueue->enmType)
-    {
-        case PDMQUEUETYPE_DEV:
-            while (pItems)
-            {
-                if (!pQueue->u.Dev.pfnCallback(pQueue->u.Dev.pDevIns, pItems))
-                    break;
-                pCur = pItems;
-                pItems = pItems->pNextR3;
-                pdmR3QueueFreeItem(pQueue, pCur);
-            }
-            break;
-
-        case PDMQUEUETYPE_DRV:
-            while (pItems)
-            {
-                if (!pQueue->u.Drv.pfnCallback(pQueue->u.Drv.pDrvIns, pItems))
-                    break;
-                pCur = pItems;
-                pItems = pItems->pNextR3;
-                pdmR3QueueFreeItem(pQueue, pCur);
-            }
-            break;
-
-        case PDMQUEUETYPE_INTERNAL:
-            while (pItems)
-            {
-                if (!pQueue->u.Int.pfnCallback(pQueue->pVMR3, pItems))
-                    break;
-                pCur = pItems;
-                pItems = pItems->pNextR3;
-                pdmR3QueueFreeItem(pQueue, pCur);
-            }
-            break;
-
-        case PDMQUEUETYPE_EXTERNAL:
-            while (pItems)
-            {
-                if (!pQueue->u.Ext.pfnCallback(pQueue->u.Ext.pvUser, pItems))
-                    break;
-                pCur = pItems;
-                pItems = pItems->pNextR3;
-                pdmR3QueueFreeItem(pQueue, pCur);
-            }
-            break;
-
-        default:
-            AssertMsgFailed(("Invalid queue type %d\n", pQueue->enmType));
-            break;
-    }
-
-    /*
-     * Success?
-     */
-    if (pItems)
-    {
-        /*
-         * Reverse the list.
-         */
-        pCur = pItems;
-        pItems = NULL;
-        while (pCur)
-        {
-            PPDMQUEUEITEMCORE pInsert = pCur;
-            pCur = pInsert->pNextR3;
-            pInsert->pNextR3 = pItems;
-            pItems = pInsert;
-        }
-
-        /*
-         * Insert the list at the tail of the pending list.
-         */
-        for (;;)
-        {
-            if (ASMAtomicCmpXchgPtr(&pQueue->pPendingR3, pItems, NULL))
-                break;
-            PPDMQUEUEITEMCORE pPending = ASMAtomicXchgPtrT(&pQueue->pPendingR3, NULL, PPDMQUEUEITEMCORE);
-            if (pPending)
-            {
-                pCur = pPending;
-                while (pCur->pNextR3)
-                    pCur = pCur->pNextR3;
-                pCur->pNextR3 = pItems;
-                pItems = pPending;
-            }
-        }
-
-        STAM_REL_COUNTER_INC(&pQueue->StatFlushLeftovers);
-        STAM_PROFILE_STOP(&pQueue->StatFlushPrf,p);
-        return false;
-    }
-
-    STAM_PROFILE_STOP(&pQueue->StatFlushPrf,p);
-    return true;
-}
-
-
-/**
- * Free an item.
- *
- * @param   pQueue  The queue.
- * @param   pItem   The item.
- */
-DECLINLINE(void) pdmR3QueueFreeItem(PPDMQUEUE pQueue, PPDMQUEUEITEMCORE pItem)
-{
-    VM_ASSERT_EMT(pQueue->pVMR3);
-
-    int i = pQueue->iFreeHead;
-    int iNext = (i + 1) % (pQueue->cItems + PDMQUEUE_FREE_SLACK);
-
-    pQueue->aFreeItems[i].pItemR3 = pItem;
-    if (pQueue->pVMR0)
-        pQueue->aFreeItems[i].pItemR0 = MMHyperR3ToR0(pQueue->pVMR3, pItem);
-
-    if (!ASMAtomicCmpXchgU32(&pQueue->iFreeHead, iNext, i))
-        AssertMsgFailed(("huh? i=%d iNext=%d iFreeHead=%d iFreeTail=%d\n", i, iNext, pQueue->iFreeHead, pQueue->iFreeTail));
-    STAM_STATS({ ASMAtomicDecU32(&pQueue->cStatPending); });
-}
-
 
 /**
@@ -788 +785 @@
     Assert(hTimer == pQueue->hTimer);
 
-    if (   pQueue->pPendingR3
-        || pQueue->pPendingR0)
-        pdmR3QueueFlush(pQueue);
+    if (pQueue->iPending != UINT32_MAX)
+        pdmR3QueueFlush(pVM, pQueue);
+
     int rc = TMTimerSetMillies(pVM, hTimer, pQueue->cMilliesInterval);
     AssertRC(rc);

trunk/src/VBox/VMM/include/PDMInternal.h

@@ -985 +985 @@
 
 
-/** Extra space in the free array. */
-#define PDMQUEUE_FREE_SLACK         16
+/** Max number of items in a queue. */
+#define PDMQUEUE_MAX_ITEMS          _16K
+/** Max item size. */
+#define PDMQUEUE_MAX_ITEM_SIZE      _1M
+/** Max total queue item size for ring-0 capable queues.  */
+#define PDMQUEUE_MAX_TOTAL_SIZE_R0  _8M
+/** Max total queue item size for ring-3 only queues. */
+#define PDMQUEUE_MAX_TOTAL_SIZE_R3  _32M
 
 /**
@@ -1003 +1009 @@
 } PDMQUEUETYPE;
 
-/** Pointer to a PDM Queue. */
-typedef struct PDMQUEUE *PPDMQUEUE;
-
 /**
  * PDM Queue.
@@ -1011 +1014 @@
 typedef struct PDMQUEUE
 {
-    /** Pointer to the next queue in the list. */
-    R3PTRTYPE(PPDMQUEUE)            pNext;
+    /** Magic value (PDMQUEUE_MAGIC). */
+    uint32_t                u32Magic;
+    /** Item size (bytes). */
+    uint32_t                cbItem;
+    /** Number of items in the queue. */
+    uint32_t                cItems;
+    /** Offset of the the queue items relative to the PDMQUEUE structure. */
+    uint32_t                offItems;
+
+    /** Interval timer. Only used if cMilliesInterval is non-zero. */
+    TMTIMERHANDLE           hTimer;
+    /** The interval between checking the queue for events.
+     * The realtime timer below is used to do the waiting.
+     * If 0, the queue will use the VM_FF_PDM_QUEUE forced action. */
+    uint32_t                cMilliesInterval;
+
+    /** This is VINF_SUCCESS if the queue is okay, error status if not. */
+    int32_t                 rcOkay;
+    uint32_t                u32Padding;
+
+    /** Queue type. */
+    PDMQUEUETYPE            enmType;
     /** Type specific data. */
     union
@@ -1046 +1069 @@
             R3PTRTYPE(void *)           pvUser;
         } Ext;
+        struct
+        {
+            /** Generic callback pointer. */
+            RTR3PTR                     pfnCallback;
+            /** Generic owner pointer. */
+            RTR3PTR                     pvOwner;
+        } Gen;
     } u;
-    /** Queue type. */
-    PDMQUEUETYPE                    enmType;
-    /** The interval between checking the queue for events.
-     * The realtime timer below is used to do the waiting.
-     * If 0, the queue will use the VM_FF_PDM_QUEUE forced action. */
-    uint32_t                        cMilliesInterval;
-    /** Interval timer. Only used if cMilliesInterval is non-zero. */
-    TMTIMERHANDLE                   hTimer;
-    /** Pointer to the VM - R3. */
-    PVMR3                           pVMR3;
-    /** LIFO of pending items - R3. */
-    R3PTRTYPE(PPDMQUEUEITEMCORE) volatile pPendingR3;
-    /** Pointer to the VM - R0. */
-    PVMR0                           pVMR0;
-    /** LIFO of pending items - R0. */
-    R0PTRTYPE(PPDMQUEUEITEMCORE) volatile pPendingR0;
-
-    /** Item size (bytes). */
-    uint32_t                        cbItem;
-    /** Number of items in the queue. */
-    uint32_t                        cItems;
-    /** Index to the free head (where we insert). */
-    uint32_t volatile               iFreeHead;
-    /** Index to the free tail (where we remove). */
-    uint32_t volatile               iFreeTail;
 
     /** Unique queue name. */
-    R3PTRTYPE(const char *)         pszName;
-#if HC_ARCH_BITS == 32
-    RTR3PTR                         Alignment1;
-#endif
+    char                            szName[40];
+
+    /** LIFO of pending items (item index), UINT32_MAX if empty. */
+    uint32_t volatile               iPending;
+
+    /** State: Pending items. */
+    uint32_t volatile               cStatPending;
     /** Stat: Times PDMQueueAlloc fails. */
     STAMCOUNTER                     StatAllocFailures;
@@ -1086 +1094 @@
     /** Stat: Queue flushes with pending items left over. */
     STAMCOUNTER                     StatFlushLeftovers;
-#ifdef VBOX_WITH_STATISTICS
     /** State: Profiling the flushing. */
     STAMPROFILE                     StatFlushPrf;
-    /** State: Pending items. */
-    uint32_t volatile               cStatPending;
-    uint32_t volatile               cAlignment;
-#endif
-
-    /** Array of pointers to free items. Variable size. */
-    struct PDMQUEUEFREEITEM
-    {
-        /** Pointer to the free item - HC Ptr. */
-        R3PTRTYPE(PPDMQUEUEITEMCORE) volatile   pItemR3;
-        /** Pointer to the free item - HC Ptr. */
-        R0PTRTYPE(PPDMQUEUEITEMCORE) volatile   pItemR0;
-    }                               aFreeItems[1];
+    uint64_t                        au64Padding[3];
+
+    /** Allocation bitmap: Set bits means free, clear means allocated. */
+    RT_FLEXIBLE_ARRAY_EXTENSION
+    uint64_t                        bmAlloc[RT_FLEXIBLE_ARRAY];
+    /* The items follows after the end of the bitmap */
 } PDMQUEUE;
+AssertCompileMemberAlignment(PDMQUEUE, bmAlloc, 64);
+/** Pointer to a PDM Queue. */
+typedef struct PDMQUEUE *PPDMQUEUE;
+
+/** Magic value PDMQUEUE::u32Magic (Bud Powell). */
+#define PDMQUEUE_MAGIC              UINT32_C(0x19240927)
+/** Magic value PDMQUEUE::u32Magic after destroy. */
+#define PDMQUEUE_MAGIC_DEAD         UINT32_C(0x19660731)
 
 /** @name PDM::fQueueFlushing
@@ -1115 +1123 @@
 #define PDM_QUEUE_FLUSH_FLAG_PENDING_BIT    1
 /** @}  */
+
+/**
+ * Ring-0 queue
+ *
+ * @author bird (2022-02-04)
+ */
+typedef struct PDMQUEUER0
+{
+    /** Pointer to the shared queue data. */
+    R0PTRTYPE(PPDMQUEUE)    pQueue;
+    /** The memory allocation. */
+    RTR0MEMOBJ              hMemObj;
+    /** The ring-3 mapping object. */
+    RTR0MEMOBJ              hMapObj;
+    /** The owner pointer.  This is NULL if not allocated. */
+    RTR0PTR                 pvOwner;
+    /** Queue item size. */
+    uint32_t                cbItem;
+    /** Number of queue items. */
+    uint32_t                cItems;
+    /** Offset of the the queue items relative to the PDMQUEUE structure. */
+    uint32_t                offItems;
+    uint32_t                u32Reserved;
+} PDMQUEUER0;
 
 
@@ -1187 +1219 @@
 AssertCompileMemberAlignment(PDMTASKSET, fTriggered, 64);
 AssertCompileMemberAlignment(PDMTASKSET, aTasks, 64);
-/** Magic value for PDMTASKSET::u32Magic. */
-#define PDMTASKSET_MAGIC        UINT32_C(0x19320314)
+/** Magic value for PDMTASKSET::u32Magic (Quincy Delight Jones Jr.). */
+#define PDMTASKSET_MAGIC        UINT32_C(0x19330314)
 /** Pointer to a task set. */
 typedef PDMTASKSET *PPDMTASKSET;
@@ -1253 +1285 @@
         struct PDMDEVHLPTASKPCISETIRQ
         {
-            /** Pointer to the PCI device (R3 Ptr). */
-            R3PTRTYPE(PPDMPCIDEV)   pPciDevR3;
+            /** Index of the PCI device (into PDMDEVINSR3::apPciDevs). */
+            uint32_t                idxPciDev;
             /** The IRQ */
-            int                     iIrq;
+            int32_t                 iIrq;
             /** The new level. */
-            int                     iLevel;
+            int32_t                 iLevel;
             /** The IRQ tag and source. */
             uint32_t                uTagSrc;
@@ -1419 +1451 @@
     /** @name Queues
      * @{ */
-    /** Queue in which devhlp tasks are queued for R3 execution - R3 Ptr. */
-    R3PTRTYPE(PPDMQUEUE)            pDevHlpQueueR3;
-    /** Queue in which devhlp tasks are queued for R3 execution - R0 Ptr. */
-    R0PTRTYPE(PPDMQUEUE)            pDevHlpQueueR0;
-    /** Pointer to the queue which should be manually flushed - R0 Ptr.
-     * Only touched by EMT. */
-    R0PTRTYPE(struct PDMQUEUE *)    pQueueFlushR0;
+    /** Number of ring-0 capable queues in apQueues. */
+    uint32_t                        cRing0Queues;
+    uint32_t                        u32Padding1;
+    /** Array of ring-0 capable queues running in parallel to PDMR0PERVM::aQueues. */
+    R3PTRTYPE(PPDMQUEUE)            apRing0Queues[16];
+    /** Number of ring-3 only queues  */
+    uint32_t                        cRing3Queues;
+    /** The allocation size of the ring-3 queue handle table. */
+    uint32_t                        cRing3QueuesAlloc;
+    /** Handle table for the ring-3 only queues. */
+    R3PTRTYPE(PPDMQUEUE *)          papRing3Queues;
+
+    /** Queue in which devhlp tasks are queued for R3 execution. */
+    PDMQUEUEHANDLE                  hDevHlpQueue;
     /** Bitmask controlling the queue flushing.
      * See PDM_QUEUE_FLUSH_FLAG_ACTIVE and PDM_QUEUE_FLUSH_FLAG_PENDING. */
@@ -1507 +1546 @@
     /** Number of valid ring-0 device instances (apDevInstances). */
     uint32_t                        cDevInstances;
-    uint32_t                        u32Padding;
+    uint32_t                        u32Padding1;
     /** Pointer to ring-0 device instances. */
     R0PTRTYPE(struct PDMDEVINSR0 *) apDevInstances[190];
+    /** Number of valid ring-0 queue instances (aQueues). */
+    uint32_t                        cQueues;
+    uint32_t                        u32Padding2;
+    /** Array of ring-0 queues. */
+    PDMQUEUER0                      aQueues[16];
 } PDMR0PERVM;
 
@@ -1519 +1563 @@
 {
     /** @todo move more stuff over here. */
-
-    /** Linked list of timer driven PDM queues.
-     * Currently serialized by PDM::CritSect.  */
-    R3PTRTYPE(struct PDMQUEUE *)    pQueuesTimer;
-    /** Linked list of force action driven PDM queues.
-     * Currently serialized by PDM::CritSect. */
-    R3PTRTYPE(struct PDMQUEUE *)    pQueuesForced;
 
     /** Lock protecting the lists below it. */
@@ -1660 +1697 @@
 char       *pdmR3FileR3(const char *pszFile, bool fShared);
 int         pdmR3LoadR3U(PUVM pUVM, const char *pszFilename, const char *pszName);
-
+#endif /* IN_RING3 */
+
+void        pdmQueueInit(PPDMQUEUE pQueue, uint32_t cbBitmap, uint32_t cbItem, uint32_t cItems,
+                         const char *pszName, PDMQUEUETYPE enmType, RTR3PTR pfnCallback, RTR3PTR pvOwner);
+
+#ifdef IN_RING3
 int         pdmR3TaskInit(PVM pVM);
 void        pdmR3TaskTerm(PVM pVM);
@@ -1677 +1719 @@
 int         pdmR3ThreadSuspendAll(PVM pVM);
 
-#ifdef VBOX_WITH_PDM_ASYNC_COMPLETION
+# ifdef VBOX_WITH_PDM_ASYNC_COMPLETION
 int         pdmR3AsyncCompletionInit(PVM pVM);
 int         pdmR3AsyncCompletionTerm(PVM pVM);
@@ -1688 +1730 @@
 int         pdmR3AsyncCompletionTemplateDestroyDriver(PVM pVM, PPDMDRVINS pDrvIns);
 int         pdmR3AsyncCompletionTemplateDestroyUsb(PVM pVM, PPDMUSBINS pUsbIns);
-#endif
-
-#ifdef VBOX_WITH_NETSHAPER
+# endif
+
+# ifdef VBOX_WITH_NETSHAPER
 int         pdmR3NetShaperInit(PVM pVM);
 int         pdmR3NetShaperTerm(PVM pVM);
-#endif
+# endif
 
 int         pdmR3BlkCacheInit(PVM pVM);
 void        pdmR3BlkCacheTerm(PVM pVM);
 int         pdmR3BlkCacheResume(PVM pVM);
-
 #endif /* IN_RING3 */
 
@@ -1726 +1767 @@
 #ifdef IN_RING0
 DECLHIDDEN(bool)           pdmR0IsaSetIrq(PGVM pGVM, int iIrq, int iLevel, uint32_t uTagSrc);
+DECLHIDDEN(void)           pdmR0QueueDestroy(PGVM pGVM, uint32_t iQueue);
+
 #endif
 

trunk/src/VBox/VMM/testcase/Makefile.kmk

@@ -69 +69 @@
         tstCompressionBenchmark \
         tstIEMCheckMc \
+        tstPDMQueue \
         tstSSM \
         tstVMMR0CallHost-1 \
@@ -459 +460 @@
  endif
 endif
+
+#
+# PDM Queue tests.
+#
+tstPDMQueue_TEMPLATE := VBOXR3EXE
+tstPDMQueue_DEFS     = $(VMM_COMMON_DEFS)
+tstPDMQueue_SOURCES  := tstPDMQueue.cpp
+tstPDMQueue_LIBS     := $(LIB_VMM) $(LIB_RUNTIME)