Changeset 96979 in vbox for trunk/src/VBox

Timestamp:

Oct 4, 2022 12:46:05 PM (2 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

153902

Message:

VMM/PGM,IEM,HM: Added a PGMPHYSHANDLER_F_NOT_IN_HM flag to better deal with a nested APIC access page. bugref:10092

Location:

trunk/src/VBox/VMM

Files:

• VMMAll/PGMAll.cpp (modified) (1 diff)
• VMMAll/PGMAllBth.h (modified) (16 diffs)
• VMMAll/PGMAllHandler.cpp (modified) (12 diffs)
• VMMAll/PGMAllPool.cpp (modified) (2 diffs)
• VMMR0/IEMR0.cpp (modified) (1 diff)
• VMMR0/PGMR0.cpp (modified) (3 diffs)
• VMMR3/IEMR3.cpp (modified) (1 diff)
• VMMR3/PGMHandler.cpp (modified) (3 diffs)
• include/PGMInternal.h (modified) (6 diffs)
• testcase/tstVMStructSize.cpp (modified) (2 diffs)

trunk/src/VBox/VMM/VMMAll/PGMAll.cpp

@@ -3910 +3910 @@
         if (IS_PART_INCLUDED(5))
         {
-            static const char s_achHandlerStates[4] = { '-', 't', 'w', 'a' };
-            szTmp[cch++] = s_achHandlerStates[PGM_PAGE_GET_HNDL_PHYS_STATE(pPage)];
+            static const char s_achHandlerStates[4*2] = { '-', 't', 'w', 'a' , '_', 'T', 'W', 'A' };
+            szTmp[cch++] = s_achHandlerStates[  PGM_PAGE_GET_HNDL_PHYS_STATE(pPage)
+                                              | ((uint8_t)PGM_PAGE_IS_HNDL_PHYS_NOT_IN_HM(pPage) << 2)];
         }
 

trunk/src/VBox/VMM/VMMAll/PGMAllBth.h

@@ -711 +711 @@
      * Any handlers for this page?
      */
-    if (PGM_PAGE_HAS_ACTIVE_HANDLERS(pPage))
+    if (PGM_PAGE_HAS_ACTIVE_HANDLERS(pPage) && !PGM_PAGE_IS_HNDL_PHYS_NOT_IN_HM(pPage))
 # if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE)
         return VBOXSTRICTRC_TODO(PGM_BTH_NAME(Trap0eHandlerDoAccessHandlers)(pVCpu, uErr, pRegFrame, pvFault, pPage, pfLockTaken,
@@ -1253 +1253 @@
     rc = pgmPhysGetPageEx(pVM, GCPhysPage, &pPage);
     AssertRCReturn(rc, rc);
-    if (PGM_PAGE_HAS_ACTIVE_HANDLERS(pPage))
+    if (PGM_PAGE_HAS_ACTIVE_HANDLERS(pPage) && !PGM_PAGE_IS_HNDL_PHYS_NOT_IN_HM(pPage))
     {
         Log7Func(("MMIO: Calling NestedTrap0eHandlerDoAccessHandlers for GCPhys %RGp\n", GCPhysPage));
@@ -1791 +1791 @@
             )
     {
-#   if defined(VBOX_WITH_NESTED_HWVIRT_VMX) && PGM_SHW_TYPE == PGM_TYPE_EPT && defined(PGM_WITH_NESTED_APIC_ACCESS_PAGE)
-        /*
-         * If an "ALL" access handler has been registered for the VMX APIC-access page,
-         * we want to ensure EPT violations are triggered rather than EPT misconfigs
-         * as the former allows us to translate it to an APIC-access VM-exit. This is a
-         * weird case because this is not an MMIO page (it's regular guest RAM) but we
-         * want to treat it as an MMIO page wrt to trapping all accesses but we only
-         * want EPT violations for the reasons state above.
-         *
-         * NOTE! This is required even when the nested-hypervisor is not using EPT!
-         */
-        if (CPUMIsGuestVmxApicAccessPageAddr(pVCpu, GCPhysPage))
-        {
-            Log7Func(("SyncHandlerPte: VMX APIC-access page at %#RGp -> marking not present\n", GCPhysPage));
-            pPteDst->u = PGM_PAGE_GET_HCPHYS(pPage);
-            return;
-        }
-#   endif
-
         LogFlow(("SyncHandlerPte: MMIO page -> invalid \n"));
 #   if PGM_SHW_TYPE == PGM_TYPE_EPT
@@ -1940 +1921 @@
             uint64_t fGstShwPteFlags = X86_PTE_P | X86_PTE_RW | X86_PTE_US | X86_PTE_A | X86_PTE_D;
 # endif
-            if (PGM_PAGE_HAS_ACTIVE_HANDLERS(pPage))
-                PGM_BTH_NAME(SyncHandlerPte)(pVM, pVCpu, pPage, GCPhysPage, fGstShwPteFlags, &PteDst);
-            else
+            if (!PGM_PAGE_HAS_ACTIVE_HANDLERS(pPage) || PGM_PAGE_IS_HNDL_PHYS_NOT_IN_HM(pPage))
             {
 # if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE)
@@ -1993 +1972 @@
                 }
             }
+            else
+                PGM_BTH_NAME(SyncHandlerPte)(pVM, pVCpu, pPage, GCPhysPage, fGstShwPteFlags, &PteDst);
 
             /*
@@ -2311 +2292 @@
                      */
                     SHWPTE PteDst;
-                    if (PGM_PAGE_HAS_ACTIVE_HANDLERS(pPage))
+                    if (!PGM_PAGE_HAS_ACTIVE_HANDLERS(pPage) || PGM_PAGE_IS_HNDL_PHYS_NOT_IN_HM(pPage))
+                        SHW_PTE_SET(PteDst, GST_GET_BIG_PDE_SHW_FLAGS_4_PTE(pVCpu, PdeSrc) | PGM_PAGE_GET_HCPHYS(pPage));
+                    else
                         PGM_BTH_NAME(SyncHandlerPte)(pVM, pVCpu, pPage, GCPhys, GST_GET_BIG_PDE_SHW_FLAGS_4_PTE(pVCpu, PdeSrc), &PteDst);
-                    else
-                        SHW_PTE_SET(PteDst, GST_GET_BIG_PDE_SHW_FLAGS_4_PTE(pVCpu, PdeSrc) | PGM_PAGE_GET_HCPHYS(pPage));
 
                     const unsigned iPTDst = (GCPtrPage >> SHW_PT_SHIFT) & SHW_PT_MASK;
@@ -2525 +2506 @@
 #endif /* PGM_SHW_TYPE != PGM_TYPE_NONE */
 
-
 #if !defined(IN_RING3) && defined(VBOX_WITH_NESTED_HWVIRT_VMX_EPT) && PGM_SHW_TYPE == PGM_TYPE_EPT
+
 /**
  * Sync a shadow page for a nested-guest page.
@@ -2562 +2543 @@
 # ifndef VBOX_WITH_NEW_LAZY_PAGE_ALLOC
     /* Make the page writable if necessary. */
+    /** @todo This needs to be applied to the regular case below, not here. And,
+     *        no we should *NOT* make the page writble, instead we need to write
+     *        protect them if necessary. */
     if (   PGM_PAGE_GET_TYPE(pPage)  == PGMPAGETYPE_RAM
         && PGM_PAGE_IS_ZERO(pPage)
@@ -2582 +2566 @@
     SHWPTE Pte;
     uint64_t const fGstShwPteFlags = pGstWalkAll->u.Ept.Pte.u & pVCpu->pgm.s.fGstEptShadowedPteMask;
-    if (!PGM_PAGE_HAS_ACTIVE_HANDLERS(pPage))
-    {
+    if (!PGM_PAGE_HAS_ACTIVE_HANDLERS(pPage) || PGM_PAGE_IS_HNDL_PHYS_NOT_IN_HM(pPage))
+    {
+        /** @todo access bit. */
         Pte.u = PGM_PAGE_GET_HCPHYS(pPage) | fGstShwPteFlags;
-Log7Func(("regular page (%R[pgmpage]) at %RGp -> %RX64\n", pPage, GCPhysPage, Pte.u));
+        Log7Func(("regular page (%R[pgmpage]) at %RGp -> %RX64\n", pPage, GCPhysPage, Pte.u));
     }
     else if (!PGM_PAGE_HAS_ACTIVE_ALL_HANDLERS(pPage))
@@ -2595 +2580 @@
     else
     {
-# if defined(PGM_WITH_NESTED_APIC_ACCESS_PAGE)
-        if (CPUMIsGuestVmxApicAccessPageAddr(pVCpu, GCPhysPage))
-        {
-            Pte.u = PGM_PAGE_GET_HCPHYS(pPage) | fGstShwPteFlags;
-            Log7Func(("APIC-access page at %RGp -> shadowing nested-hypervisor %RX64 (%RGp)\n", GCPhysPage, fGstShwPteFlags, pShwPage->GCPhys));
-        }
-#  if 0 /** @todo r=bird: What on earth is the rational for this? */
-        else if (!PGM_PAGE_HAS_ACTIVE_ALL_HANDLERS(pPage))
-        {
-            if (fGstShwPteFlags & EPT_E_WRITE)
-            {
-                PGMHandlerPhysicalPageTempOff(pVCpu->CTX_SUFF(pVM), GCPhysPage, GCPhysPage);
-                Log7Func(("monitored page (%R[pgmpage]) at %RGp -> read-write, monitoring disabled\n", pPage, GCPhysPage));
-            }
-            Pte.u = PGM_PAGE_GET_HCPHYS(pPage) | fGstShwPteFlags;
-            Log7Func(("monitored page (%R[pgmpage]) at %RGp -> shadowing nested-hypervisor %RX64\n", pPage, GCPhysPage, fGstShwPteFlags));
-        }
-#  endif
-        else
-# endif
-        {
-# if defined(PGM_WITH_NESTED_APIC_ACCESS_PAGE)
-            /** @todo Track using fVirtVmxApicAccess bit in PGMPHYSHANDLER and maybe in PGMPAGE
-             *        too? */
-            /** @todo r=bird: this is wrong for device passthru among other scenarios.   */
-            PGMHandlerPhysicalDeregister(pVCpu->CTX_SUFF(pVM), GCPhysPage);
-            Pte.u = PGM_PAGE_GET_HCPHYS(pPage) | fGstShwPteFlags;
-            Log7Func(("MMIO at %RGp potentially former VMX APIC-access page -> unregistered\n", GCPhysPage));
-# else
-            /** @todo Do MMIO optimizations here too? */
-            Log7Func(("mmio page (%R[pgmpage]) at %RGp -> 0\n", pPage, GCPhysPage));
-            Pte.u = 0;
-# endif
-        }
+        /** @todo Do MMIO optimizations here too? */
+        Log7Func(("mmio/all page (%R[pgmpage]) at %RGp -> 0\n", pPage, GCPhysPage));
+        Pte.u = 0;
     }
 
@@ -2969 +2923 @@
     return rc;
 }
+
 #endif  /* !IN_RING3 && VBOX_WITH_NESTED_HWVIRT_VMX_EPT && PGM_SHW_TYPE == PGM_TYPE_EPT*/
-
-
 #if PGM_WITH_PAGING(PGM_GST_TYPE, PGM_SHW_TYPE) && PGM_SHW_TYPE != PGM_TYPE_NONE
 
@@ -3074 +3027 @@
                     if (RT_LIKELY(pPage))
                     {
-                        if (PGM_PAGE_HAS_ACTIVE_HANDLERS(pPage))
+                        if (PGM_PAGE_HAS_ACTIVE_HANDLERS(pPage) && !PGM_PAGE_IS_HNDL_PHYS_NOT_IN_HM(pPage))
                         {
                             //AssertMsgFailed(("%R[pgmpage] - we don't set PGM_PTFLAGS_TRACK_DIRTY for these pages\n", pPage));
@@ -3496 +3449 @@
 # endif
 
-                        if (PGM_PAGE_HAS_ACTIVE_HANDLERS(pPage))
+                        if (PGM_PAGE_HAS_ACTIVE_HANDLERS(pPage) && !PGM_PAGE_IS_HNDL_PHYS_NOT_IN_HM(pPage))
                             PGM_BTH_NAME(SyncHandlerPte)(pVM, pVCpu, pPage, GCPhys, SHW_PTE_GET_U(PteDstBase), &PteDst);
                         else if (PGM_PAGE_IS_BALLOONED(pPage))
@@ -4598 +4551 @@
 
                             /* flags */
-                            if (PGM_PAGE_HAS_ACTIVE_HANDLERS(pPhysPage))
+                            if (PGM_PAGE_HAS_ACTIVE_HANDLERS(pPhysPage) && !PGM_PAGE_IS_HNDL_PHYS_NOT_IN_HM(pPhysPage))
                             {
                                 if (!PGM_PAGE_HAS_ACTIVE_ALL_HANDLERS(pPhysPage))
@@ -4838 +4791 @@
                                     if (PGM_PAGE_GET_HNDL_PHYS_STATE(pPhysPage) != PGM_PAGE_HNDL_PHYS_STATE_DISABLED)
                                     {
-                                        if (SHW_PTE_IS_RW(PteDst))
+                                        if (   SHW_PTE_IS_RW(PteDst)
+                                            && !PGM_PAGE_IS_HNDL_PHYS_NOT_IN_HM(pPhysPage))
                                         {
                                             AssertMsgFailed(("WRITE access flagged at %RGv but the page is writable! pPhysPage=%R[pgmpage] PdeSrc=%#RX64 PteDst=%#RX64\n",
@@ -4851 +4805 @@
                                 {
                                     if (   SHW_PTE_IS_P(PteDst)
+                                        && !PGM_PAGE_IS_HNDL_PHYS_NOT_IN_HM(pPhysPage)
 #  if PGM_SHW_TYPE == PGM_TYPE_EPT || PGM_SHW_TYPE == PGM_TYPE_PAE || PGM_SHW_TYPE == PGM_TYPE_AMD64
                                         && !PGM_PAGE_IS_MMIO(pPhysPage)

trunk/src/VBox/VMM/VMMAll/PGMAllHandler.cpp

@@ -70 +70 @@
     /* .fRing0DevInsIdx = */    false,
 #ifdef IN_RING0
-    /* .afPadding = */          {false},
+    /* .fNotInHm = */           false,
     /* .pfnHandler = */         pgmR0HandlerPhysicalHandlerToRing3,
     /* .pfnPfHandler = */       pgmR0HandlerPhysicalPfHandlerToRing3,
 #elif defined(IN_RING3)
     /* .fRing0Enabled = */      false,
+    /* .fNotInHm = */           false,
     /* .pfnHandler = */         pgmR3HandlerPhysicalHandlerInvalid,
 #else
@@ -236 +237 @@
     {
         case PGMPHYSHANDLERKIND_WRITE:
-            break;
+            if (!pType->fNotInHm)
+                break;
+            RT_FALL_THRU(); /* Simplification: fNotInHm can only be used with full pages */
         case PGMPHYSHANDLERKIND_MMIO:
         case PGMPHYSHANDLERKIND_ALL:
@@ -384 +387 @@
         if (PGM_PAGE_GET_HNDL_PHYS_STATE(pPage) < uState)
         {
-            PGM_PAGE_SET_HNDL_PHYS_STATE(pPage, uState);
+            PGM_PAGE_SET_HNDL_PHYS_STATE(pPage, uState, pCurType->fNotInHm);
 
             const RTGCPHYS GCPhysPage = pRam->GCPhys + (i << GUEST_PAGE_SHIFT);
@@ -685 +688 @@
     /*
      * Update if we found something that is a higher priority state than the current.
+     * Note! The PGMPHYSHANDLER_F_NOT_IN_HM can be ignored here as it requires whole pages.
      */
     if (uState != PGM_PAGE_HNDL_PHYS_STATE_NONE)
@@ -690 +694 @@
         PPGMPAGE pPage;
         int rc = pgmPhysGetPageWithHintEx(pVM, GCPhys, &pPage, ppRamHint);
-        if (    RT_SUCCESS(rc)
-            &&  PGM_PAGE_GET_HNDL_PHYS_STATE(pPage) < uState)
+        if (   RT_SUCCESS(rc)
+            && PGM_PAGE_GET_HNDL_PHYS_STATE(pPage) < uState)
         {
             /* This should normally not be necessary. */
-            PGM_PAGE_SET_HNDL_PHYS_STATE(pPage, uState);
-            bool fFlushTLBs ;
+            PGM_PAGE_SET_HNDL_PHYS_STATE_ONLY(pPage, uState);
+            bool fFlushTLBs;
             rc = pgmPoolTrackUpdateGCPhys(pVM, GCPhys, pPage, false /*fFlushPTEs*/, &fFlushTLBs);
             if (RT_SUCCESS(rc) && fFlushTLBs)
@@ -757 +761 @@
     PGM_PAGE_SET_STATE(pVM, pPage, PGM_PAGE_STATE_ZERO);
     PGM_PAGE_SET_PAGEID(pVM, pPage, NIL_GMM_PAGEID);
-    PGM_PAGE_SET_HNDL_PHYS_STATE(pPage, PGM_PAGE_HNDL_PHYS_STATE_ALL);
+    PGM_PAGE_SET_HNDL_PHYS_STATE_ONLY(pPage, PGM_PAGE_HNDL_PHYS_STATE_ALL);
 
     /* Flush its TLB entry. */
@@ -839 +843 @@
                       ("%RGp %R[pgmpage]\n", GCPhys, pPage));
 #endif
-            PGM_PAGE_SET_HNDL_PHYS_STATE(pPage, PGM_PAGE_HNDL_PHYS_STATE_NONE);
+            PGM_PAGE_SET_HNDL_PHYS_STATE(pPage, PGM_PAGE_HNDL_PHYS_STATE_NONE, false);
 
 #ifdef VBOX_WITH_NATIVE_NEM
@@ -1399 +1403 @@
             if (PGM_PAGE_GET_HNDL_PHYS_STATE(pPage) != PGM_PAGE_HNDL_PHYS_STATE_DISABLED)
             {
-                PGM_PAGE_SET_HNDL_PHYS_STATE(pPage, PGM_PAGE_HNDL_PHYS_STATE_DISABLED);
+                PGM_PAGE_SET_HNDL_PHYS_STATE_ONLY(pPage, PGM_PAGE_HNDL_PHYS_STATE_DISABLED);
                 pCur->cTmpOffPages++;
 
@@ -1603 +1607 @@
             PGM_PAGE_SET_STATE(pVM, pPage, PGM_PAGE_STATE_ALLOCATED);
             PGM_PAGE_SET_PAGEID(pVM, pPage, PGM_PAGE_GET_PAGEID(pPageRemap));
-            PGM_PAGE_SET_HNDL_PHYS_STATE(pPage, PGM_PAGE_HNDL_PHYS_STATE_DISABLED);
+            PGM_PAGE_SET_HNDL_PHYS_STATE_ONLY(pPage, PGM_PAGE_HNDL_PHYS_STATE_DISABLED);
             pCur->cAliasedPages++;
             Assert(pCur->cAliasedPages <= pCur->cPages);
@@ -1727 +1731 @@
             PGM_PAGE_SET_STATE(pVM, pPage, PGM_PAGE_STATE_ALLOCATED);
             PGM_PAGE_SET_PAGEID(pVM, pPage, NIL_GMM_PAGEID);
-            PGM_PAGE_SET_HNDL_PHYS_STATE(pPage, PGM_PAGE_HNDL_PHYS_STATE_DISABLED);
+            PGM_PAGE_SET_HNDL_PHYS_STATE_ONLY(pPage, PGM_PAGE_HNDL_PHYS_STATE_DISABLED);
             pCur->cAliasedPages++;
             Assert(pCur->cAliasedPages <= pCur->cPages);
@@ -1908 +1912 @@
                     {
                         PCPGMPHYSHANDLERTYPEINT pPhysType = pgmHandlerPhysicalTypeHandleToPtr(pVM, pPhys->hType);
-                        unsigned uState = pPhysType->uState;
+                        unsigned   uState   = pPhysType->uState;
+                        bool const fNotInHm = pPhysType->fNotInHm; /* whole pages, so no need to accumulate sub-page configs. */
 
                         /* more? */
@@ -1934 +1939 @@
                             State.cErrors++;
                         }
+                        AssertMsgStmt(PGM_PAGE_IS_HNDL_PHYS_NOT_IN_HM(pPage) == fNotInHm,
+                                      ("ram range vs phys handler flags mismatch. GCPhys=%RGp fNotInHm=%d, %d %s\n",
+                                       State.GCPhys, PGM_PAGE_IS_HNDL_PHYS_NOT_IN_HM(pPage), fNotInHm, pPhysType->pszDesc),
+                                      State.cErrors++);
                     }
                     else

trunk/src/VBox/VMM/VMMAll/PGMAllPool.cpp

@@ -3371 +3371 @@
             if (!fFlushPTEs)
             {
+                /* Note! Disregarding the PGMPHYSHANDLER_F_NOT_IN_HM bit here. Should be harmless. */
                 switch (PGM_PAGE_GET_HNDL_PHYS_STATE(pPhysPage))
                 {
@@ -3447 +3448 @@
             if (!fFlushPTEs)
             {
+                /* Note! Disregarding the PGMPHYSHANDLER_F_NOT_IN_HM bit here. Should be harmless. */
                 switch (PGM_PAGE_GET_HNDL_PHYS_STATE(pPhysPage))
                 {

trunk/src/VBox/VMM/VMMR0/IEMR0.cpp

@@ -53 +53 @@
     if (pGVM->cpum.ro.GuestFeatures.fVmx)
     {
-        int rc = PGMR0HandlerPhysicalTypeSetUpContext(pGVM, PGMPHYSHANDLERKIND_ALL, 0 /*fFlags*/,
+        int rc = PGMR0HandlerPhysicalTypeSetUpContext(pGVM, PGMPHYSHANDLERKIND_ALL, PGMPHYSHANDLER_F_NOT_IN_HM,
                                                       iemVmxApicAccessPageHandler, iemVmxApicAccessPagePfHandler,
                                                       "VMX APIC-access page", pGVM->iem.s.hVmxApicAccessPage);

trunk/src/VBox/VMM/VMMR0/PGMR0.cpp

@@ -895 +895 @@
                     VERR_INVALID_HANDLE);
     AssertMsgReturn(pTypeR3->fKeepPgmLock == RT_BOOL(fFlags & PGMPHYSHANDLER_F_KEEP_PGM_LOCK),
-                    ("%#x: %d, fFlags=%d\n", hType, pTypeR3->fKeepPgmLock, fFlags),
+                    ("%#x: %d, fFlags=%#x\n", hType, pTypeR3->fKeepPgmLock, fFlags),
                     VERR_INVALID_HANDLE);
     AssertMsgReturn(pTypeR3->fRing0DevInsIdx == RT_BOOL(fFlags & PGMPHYSHANDLER_F_R0_DEVINS_IDX),
-                    ("%#x: %d, fFlags=%d\n", hType, pTypeR3->fRing0DevInsIdx, fFlags),
+                    ("%#x: %d, fFlags=%#x\n", hType, pTypeR3->fRing0DevInsIdx, fFlags),
+                    VERR_INVALID_HANDLE);
+    AssertMsgReturn(pTypeR3->fNotInHm == RT_BOOL(fFlags & PGMPHYSHANDLER_F_NOT_IN_HM),
+                    ("%#x: %d, fFlags=%#x\n", hType, pTypeR3->fNotInHm, fFlags),
                     VERR_INVALID_HANDLE);
 
@@ -909 +912 @@
     pTypeR0->fKeepPgmLock     = RT_BOOL(fFlags & PGMPHYSHANDLER_F_KEEP_PGM_LOCK);
     pTypeR0->fRing0DevInsIdx  = RT_BOOL(fFlags & PGMPHYSHANDLER_F_R0_DEVINS_IDX);
+    pTypeR0->fNotInHm         = RT_BOOL(fFlags & PGMPHYSHANDLER_F_NOT_IN_HM);
     pTypeR0->pfnHandler       = pfnHandler;
     pTypeR0->pfnPfHandler     = pfnPfHandler;
@@ -1296 +1300 @@
     {
         PCPGMPHYSHANDLERTYPEINT pHandlerType = PGMPHYSHANDLER_GET_TYPE_NO_NULL(pGVM, pHandler);
-        if (RT_LIKELY(pHandlerType->enmKind != PGMPHYSHANDLERKIND_WRITE))
+        if (RT_LIKELY(   pHandlerType->enmKind != PGMPHYSHANDLERKIND_WRITE
+                      && !pHandlerType->fNotInHm /*paranoia*/ ))
         {
             /*

trunk/src/VBox/VMM/VMMR3/IEMR3.cpp

@@ -246 +246 @@
     if (pVM->cpum.ro.GuestFeatures.fVmx)
     {
-        rc = PGMR3HandlerPhysicalTypeRegister(pVM, PGMPHYSHANDLERKIND_ALL, 0 /*fFlags*/,
+        rc = PGMR3HandlerPhysicalTypeRegister(pVM, PGMPHYSHANDLERKIND_ALL, PGMPHYSHANDLER_F_NOT_IN_HM,
                                               iemVmxApicAccessPageHandler,
                                               "VMX APIC-access page", &pVM->iem.s.hVmxApicAccessPage);

trunk/src/VBox/VMM/VMMR3/PGMHandler.cpp

@@ -128 +128 @@
     pType->fKeepPgmLock     = RT_BOOL(fFlags & PGMPHYSHANDLER_F_KEEP_PGM_LOCK);
     pType->fRing0DevInsIdx  = RT_BOOL(fFlags & PGMPHYSHANDLER_F_R0_DEVINS_IDX);
+    pType->fNotInHm         = RT_BOOL(fFlags & PGMPHYSHANDLER_F_NOT_IN_HM);
     pType->pfnHandler       = pfnHandler;
     pType->pszDesc          = pszDesc;
@@ -182 +183 @@
         if (RT_SUCCESS(rc))
         {
-            PGM_PAGE_SET_HNDL_PHYS_STATE(pPage, PGM_PAGE_HNDL_PHYS_STATE_NONE);
+            PGM_PAGE_SET_HNDL_PHYS_STATE(pPage, PGM_PAGE_HNDL_PHYS_STATE_NONE, false);
 
 #ifdef VBOX_WITH_NATIVE_NEM
@@ -228 +229 @@
         if (RT_SUCCESS(rc))
         {
-            PGM_PAGE_SET_HNDL_PHYS_STATE(pPage, uState);
+            PGM_PAGE_SET_HNDL_PHYS_STATE(pPage, uState, pType->fNotInHm);
 
 #ifdef VBOX_WITH_NATIVE_NEM

trunk/src/VBox/VMM/include/PGMInternal.h

@@ -86 +86 @@
 
 /**
- * Enables the nested APIC access page support tweaks in PGM.
- * If disabled, the nested VM's APIC accesses will by MMIO based in VT-x mode.
- */
-//#define PGM_WITH_NESTED_APIC_ACCESS_PAGE
-
-/**
  * Enables optimizations for MMIO handlers that exploits X86_TRAP_PF_RSVD and
  * VMX_EXIT_EPT_MISCONFIG.
@@ -526 +520 @@
      * @sa PGMPHYSHANDLER_F_R0_DEVINS_IDX  */
     bool                                fRing0DevInsIdx;
-    bool                                afPadding[1];
+    /** See PGMPHYSHANDLER_F_NOT_IN_HM. */
+    bool                                fNotInHm : 1;
     /** Pointer to the ring-0 callback function. */
     R0PTRTYPE(PFNPGMPHYSHANDLER)        pfnHandler;
@@ -557 +552 @@
     /** Set by ring-0 if the handler is ring-0 enabled (for debug). */
     bool                                fRing0Enabled : 1;
+    /** See PGMPHYSHANDLER_F_NOT_IN_HM. */
+    bool                                fNotInHm : 1;
     /** Pointer to the ring-3 callback function. */
     R3PTRTYPE(PFNPGMPHYSHANDLER)        pfnHandler;
@@ -662 +659 @@
          * (PGM_PAGE_PDE_TYPE_*). */
         uint64_t    u2PDETypeY          : 2;
-        /** 4     - Unused (was used by FTE for dirty tracking). */
-        uint64_t    fUnused1            : 1;
+        /** 4     - Don't apply the physical handler in HM mode (nested APIC hack). */
+        uint64_t    fHandlerPhysNotInHm : 1;
         /** 5     - Flag indicating that a write monitored page was written to
          *  when set. */
@@ -1060 +1057 @@
  * @param   a_pPage     Pointer to the physical guest page tracking structure.
  * @param   a_uState    The new state value.
- */
-#define PGM_PAGE_SET_HNDL_PHYS_STATE(a_pPage, a_uState) \
+ * @param   a_fNotIHm   The PGMPHYSHANDLER_F_NOT_HM bit.
+ */
+#define PGM_PAGE_SET_HNDL_PHYS_STATE(a_pPage, a_uState, a_fNotInHm) \
+    do { (a_pPage)->s.u2HandlerPhysStateY = (a_uState);  (a_pPage)->s.fHandlerPhysNotInHm = (a_fNotInHm); } while (0)
+
+/**
+ * Sets the physical access handler state of a page.
+ * @param   a_pPage     Pointer to the physical guest page tracking structure.
+ * @param   a_uState    The new state value.
+ */
+#define PGM_PAGE_SET_HNDL_PHYS_STATE_ONLY(a_pPage, a_uState) \
     do { (a_pPage)->s.u2HandlerPhysStateY = (a_uState); } while (0)
 
@@ -1104 +1110 @@
     ( PGM_PAGE_GET_HNDL_PHYS_STATE(a_pPage) == PGM_PAGE_HNDL_PHYS_STATE_ALL )
 
+/** @def PGM_PAGE_IS_HNDL_PHYS_NOT_IN_HM
+ * Checks if the physical handlers of the page should be ignored in shadow page
+ * tables and such.
+ * @returns true/false
+ * @param   a_pPage     Pointer to the physical guest page tracking structure.
+ */
+#define PGM_PAGE_IS_HNDL_PHYS_NOT_IN_HM(a_pPage) ((a_pPage)->s.fHandlerPhysNotInHm)
 
 /** @def PGM_PAGE_GET_TRACKING

trunk/src/VBox/VMM/testcase/tstVMStructSize.cpp

@@ -436 +436 @@
     CHECK_EXPR(PGM_PAGE_HAS_ACTIVE_ALL_HANDLERS(&Page) == false);
 
-    PGM_PAGE_SET_HNDL_PHYS_STATE(&Page, PGM_PAGE_HNDL_PHYS_STATE_ALL);
+    PGM_PAGE_SET_HNDL_PHYS_STATE(&Page, PGM_PAGE_HNDL_PHYS_STATE_ALL, false);
     CHECK_EXPR(PGM_PAGE_GET_HNDL_PHYS_STATE(&Page) == PGM_PAGE_HNDL_PHYS_STATE_ALL);
     CHECK_EXPR(PGM_PAGE_HAS_ANY_HANDLERS(&Page) == true);
@@ -442 +442 @@
     CHECK_EXPR(PGM_PAGE_HAS_ACTIVE_ALL_HANDLERS(&Page) == true);
 
-    PGM_PAGE_SET_HNDL_PHYS_STATE(&Page, PGM_PAGE_HNDL_PHYS_STATE_WRITE);
+    PGM_PAGE_SET_HNDL_PHYS_STATE(&Page, PGM_PAGE_HNDL_PHYS_STATE_WRITE, false);
     CHECK_EXPR(PGM_PAGE_GET_HNDL_PHYS_STATE(&Page) == PGM_PAGE_HNDL_PHYS_STATE_WRITE);
     CHECK_EXPR(PGM_PAGE_HAS_ANY_HANDLERS(&Page) == true);