Context Navigation

← Previous Revision
Next Revision →
Normal
Revision Log

IOMAllMmioNew.cpp

Last change on this file was 104255, checked in by vboxsync, 8 weeks ago
VMM/IOM: Initialize stack value before calling pfnReadCallback in iomMMIODoComplicatedRead. bugref:10651
Property svn:eol-style set to `native` Property svn:keywords set to `Id Revision`
File size: 52.7 KB

Rev	Line
[2297]	1	/* $Id: IOMAllMmioNew.cpp 104255 2024-04-09 15:12:40Z vboxsync $ */
	2	/** @file
[12772]	3	* IOM - Input / Output Monitor - Any Context, MMIO & String I/O.
[2297]	4	*/
	5
	6	/*
[98103]	7	* Copyright (C) 2006-2023 Oracle and/or its affiliates.
[2297]	8	*
[96407]	9	* This file is part of VirtualBox base platform packages, as
	10	* available from https://www.virtualbox.org.
	11	*
	12	* This program is free software; you can redistribute it and/or
	13	* modify it under the terms of the GNU General Public License
	14	* as published by the Free Software Foundation, in version 3 of the
	15	* License.
	16	*
	17	* This program is distributed in the hope that it will be useful, but
	18	* WITHOUT ANY WARRANTY; without even the implied warranty of
	19	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	20	* General Public License for more details.
	21	*
	22	* You should have received a copy of the GNU General Public License
	23	* along with this program; if not, see <https://www.gnu.org/licenses>.
	24	*
	25	* SPDX-License-Identifier: GPL-3.0-only
[2297]	26	*/
	27
	28
[57358]	29	/*********************************************************************************************************************************
	30	* Header Files *
	31	*********************************************************************************************************************************/
[81383]	32	#define LOG_GROUP LOG_GROUP_IOM_MMIO
[81333]	33	#define VMCPU_INCL_CPUM_GST_CTX
[35346]	34	#include <VBox/vmm/iom.h>
	35	#include <VBox/vmm/cpum.h>
	36	#include <VBox/vmm/pgm.h>
	37	#include <VBox/vmm/selm.h>
	38	#include <VBox/vmm/mm.h>
	39	#include <VBox/vmm/em.h>
	40	#include <VBox/vmm/pgm.h>
	41	#include <VBox/vmm/trpm.h>
[56080]	42	#include <VBox/vmm/iem.h>
[2297]	43	#include "IOMInternal.h"
[80268]	44	#include <VBox/vmm/vmcc.h>
[35346]	45	#include <VBox/vmm/vmm.h>
[43387]	46	#include <VBox/vmm/hm.h>
[37424]	47	#include "IOMInline.h"
[2297]	48
[35346]	49	#include <VBox/vmm/pdmdev.h>
[2297]	50	#include <VBox/param.h>
	51	#include <VBox/err.h>
	52	#include <iprt/assert.h>
	53	#include <VBox/log.h>
	54	#include <iprt/asm.h>
	55	#include <iprt/string.h>
	56
[57358]	57
[81333]	58	/*********************************************************************************************************************************
	59	* Defined Constants And Macros *
	60	*********************************************************************************************************************************/
	61	/** @def IOM_MMIO_STATS_COMMA_DECL
	62	* Parameter list declaration for statistics entry pointer. */
	63	/** @def IOM_MMIO_STATS_COMMA_ARG
	64	* Statistics entry pointer argument. */
[81369]	65	#if defined(VBOX_WITH_STATISTICS) \|\| defined(DOXYGEN_RUNNING)
[81333]	66	# define IOM_MMIO_STATS_COMMA_DECL , PIOMMMIOSTATSENTRY pStats
	67	# define IOM_MMIO_STATS_COMMA_ARG , pStats
	68	#else
	69	# define IOM_MMIO_STATS_COMMA_DECL
	70	# define IOM_MMIO_STATS_COMMA_ARG
	71	#endif
[2297]	72
[81333]	73
	74
[60852]	75	#ifndef IN_RING3
[56072]	76	/**
[60852]	77	* Defers a pending MMIO write to ring-3.
	78	*
	79	* @returns VINF_IOM_R3_MMIO_COMMIT_WRITE
	80	* @param pVCpu The cross context virtual CPU structure of the calling EMT.
	81	* @param GCPhys The write address.
	82	* @param pvBuf The bytes being written.
	83	* @param cbBuf How many bytes.
[81333]	84	* @param idxRegEntry The MMIO registration index (handle) if available,
	85	* otherwise UINT32_MAX.
[60852]	86	*/
[81333]	87	static VBOXSTRICTRC iomMmioRing3WritePending(PVMCPU pVCpu, RTGCPHYS GCPhys, void const *pvBuf, size_t cbBuf,
	88	uint32_t idxRegEntry)
[60852]	89	{
[81333]	90	Log5(("iomMmioRing3WritePending: %RGp LB %#x (idx=%#x)\n", GCPhys, cbBuf, idxRegEntry));
[72248]	91	if (pVCpu->iom.s.PendingMmioWrite.cbValue == 0)
	92	{
[81333]	93	pVCpu->iom.s.PendingMmioWrite.GCPhys = GCPhys;
[72248]	94	AssertReturn(cbBuf <= sizeof(pVCpu->iom.s.PendingMmioWrite.abValue), VERR_IOM_MMIO_IPE_2);
[81333]	95	pVCpu->iom.s.PendingMmioWrite.cbValue = (uint32_t)cbBuf;
	96	pVCpu->iom.s.PendingMmioWrite.idxMmioRegionHint = idxRegEntry;
[72248]	97	memcpy(pVCpu->iom.s.PendingMmioWrite.abValue, pvBuf, cbBuf);
	98	}
	99	else
	100	{
	101	/*
	102	* Join with pending if adjecent.
	103	*
	104	* This may happen if the stack overflows into MMIO territory and RSP/ESP/SP
	105	* isn't aligned. IEM will bounce buffer the access and do one write for each
	106	* page. We get here when the 2nd page part is written.
	107	*/
	108	uint32_t const cbOldValue = pVCpu->iom.s.PendingMmioWrite.cbValue;
	109	AssertMsgReturn(GCPhys == pVCpu->iom.s.PendingMmioWrite.GCPhys + cbOldValue,
	110	("pending %RGp LB %#x; incoming %RGp LB %#x\n",
	111	pVCpu->iom.s.PendingMmioWrite.GCPhys, cbOldValue, GCPhys, cbBuf),
	112	VERR_IOM_MMIO_IPE_1);
	113	AssertReturn(cbBuf <= sizeof(pVCpu->iom.s.PendingMmioWrite.abValue) - cbOldValue, VERR_IOM_MMIO_IPE_2);
	114	pVCpu->iom.s.PendingMmioWrite.cbValue = cbOldValue + (uint32_t)cbBuf;
	115	memcpy(&pVCpu->iom.s.PendingMmioWrite.abValue[cbOldValue], pvBuf, cbBuf);
	116	}
	117
[60852]	118	VMCPU_FF_SET(pVCpu, VMCPU_FF_IOM);
	119	return VINF_IOM_R3_MMIO_COMMIT_WRITE;
	120	}
	121	#endif
	122
	123
	124	/**
[39111]	125	* Deals with complicated MMIO writes.
	126	*
[44573]	127	* Complicated means unaligned or non-dword/qword sized accesses depending on
[39111]	128	* the MMIO region's access mode flags.
	129	*
	130	* @returns Strict VBox status code. Any EM scheduling status code,
[40280]	131	* VINF_IOM_R3_MMIO_WRITE, VINF_IOM_R3_MMIO_READ_WRITE or
	132	* VINF_IOM_R3_MMIO_READ may be returned.
[39111]	133	*
[60854]	134	* @param pVM The cross context VM structure.
	135	* @param pVCpu The cross context virtual CPU structure of the calling EMT.
[81333]	136	* @param pRegEntry The MMIO entry for the current context.
[60854]	137	* @param GCPhys The physical address to start writing.
[81336]	138	* @param offRegion MMIO region offset corresponding to @a GCPhys.
[60854]	139	* @param pvValue Where to store the value.
	140	* @param cbValue The size of the value to write.
[81369]	141	* @param pStats Pointer to the statistics (never NULL).
[39111]	142	*/
[81336]	143	static VBOXSTRICTRC iomMmioDoComplicatedWrite(PVM pVM, PVMCPU pVCpu, CTX_SUFF(PIOMMMIOENTRY) pRegEntry,
	144	RTGCPHYS GCPhys, RTGCPHYS offRegion,
[81333]	145	void const *pvValue, unsigned cbValue IOM_MMIO_STATS_COMMA_DECL)
[39111]	146	{
[81333]	147	AssertReturn( (pRegEntry->fFlags & IOMMMIO_FLAGS_WRITE_MODE) != IOMMMIO_FLAGS_WRITE_PASSTHRU
	148	&& (pRegEntry->fFlags & IOMMMIO_FLAGS_WRITE_MODE) <= IOMMMIO_FLAGS_WRITE_DWORD_QWORD_READ_MISSING,
[39402]	149	VERR_IOM_MMIO_IPE_1);
	150	AssertReturn(cbValue != 0 && cbValue <= 16, VERR_IOM_MMIO_IPE_2);
[39111]	151	RTGCPHYS const GCPhysStart = GCPhys; NOREF(GCPhysStart);
[81333]	152	bool const fReadMissing = (pRegEntry->fFlags & IOMMMIO_FLAGS_WRITE_MODE) == IOMMMIO_FLAGS_WRITE_DWORD_READ_MISSING
	153	\|\| (pRegEntry->fFlags & IOMMMIO_FLAGS_WRITE_MODE) == IOMMMIO_FLAGS_WRITE_DWORD_QWORD_READ_MISSING;
	154	RT_NOREF_PV(pVCpu); /* ring-3 */
[39111]	155
	156	/*
[39154]	157	* Do debug stop if requested.
	158	*/
[81333]	159	VBOXSTRICTRC rc = VINF_SUCCESS; NOREF(pVM);
[39154]	160	#ifdef VBOX_STRICT
[81333]	161	if (!(pRegEntry->fFlags & IOMMMIO_FLAGS_DBGSTOP_ON_COMPLICATED_WRITE))
	162	{ /* likely */ }
	163	else
[42726]	164	{
[39154]	165	# ifdef IN_RING3
[55841]	166	LogRel(("IOM: Complicated write %#x byte at %RGp to %s, initiating debugger intervention\n", cbValue, GCPhys,
[81333]	167	R3STRING(pRegEntry->pszDesc)));
[39154]	168	rc = DBGFR3EventSrc(pVM, DBGFEVENT_DEV_STOP, RT_SRC_POS,
[81333]	169	"Complicated write %#x byte at %RGp to %s\n", cbValue, GCPhys, pRegEntry->pszDesc);
[42726]	170	if (rc == VERR_DBGF_NOT_ATTACHED)
	171	rc = VINF_SUCCESS;
[39154]	172	# else
[40280]	173	return VINF_IOM_R3_MMIO_WRITE;
[39154]	174	# endif
[42726]	175	}
[39154]	176	#endif
	177
[81333]	178	STAM_COUNTER_INC(&pStats->ComplicatedWrites);
	179
[44564]	180	/*
	181	* Check if we should ignore the write.
	182	*/
[81333]	183	if ((pRegEntry->fFlags & IOMMMIO_FLAGS_WRITE_MODE) == IOMMMIO_FLAGS_WRITE_ONLY_DWORD)
[44564]	184	{
	185	Assert(cbValue != 4 \|\| (GCPhys & 3));
	186	return VINF_SUCCESS;
	187	}
[81333]	188	if ((pRegEntry->fFlags & IOMMMIO_FLAGS_WRITE_MODE) == IOMMMIO_FLAGS_WRITE_ONLY_DWORD_QWORD)
[44573]	189	{
	190	Assert((cbValue != 4 && cbValue != 8) \|\| (GCPhys & (cbValue - 1)));
	191	return VINF_SUCCESS;
	192	}
[39154]	193
	194	/*
[39111]	195	* Split and conquer.
	196	*/
	197	for (;;)
	198	{
	199	unsigned const offAccess = GCPhys & 3;
	200	unsigned cbThisPart = 4 - offAccess;
	201	if (cbThisPart > cbValue)
	202	cbThisPart = cbValue;
	203
	204	/*
	205	* Get the missing bits (if any).
	206	*/
	207	uint32_t u32MissingValue = 0;
	208	if (fReadMissing && cbThisPart != 4)
	209	{
[81333]	210	VBOXSTRICTRC rc2 = pRegEntry->pfnReadCallback(pRegEntry->pDevIns, pRegEntry->pvUser,
[81336]	211	!(pRegEntry->fFlags & IOMMMIO_FLAGS_ABS)
	212	? offRegion & ~(RTGCPHYS)3 : (GCPhys & ~(RTGCPHYS)3),
	213	&u32MissingValue, sizeof(u32MissingValue));
[81333]	214	switch (VBOXSTRICTRC_VAL(rc2))
[39111]	215	{
	216	case VINF_SUCCESS:
	217	break;
	218	case VINF_IOM_MMIO_UNUSED_FF:
[81333]	219	STAM_COUNTER_INC(&pStats->FFor00Reads);
[39111]	220	u32MissingValue = UINT32_C(0xffffffff);
	221	break;
	222	case VINF_IOM_MMIO_UNUSED_00:
[81333]	223	STAM_COUNTER_INC(&pStats->FFor00Reads);
[39111]	224	u32MissingValue = 0;
	225	break;
[60854]	226	#ifndef IN_RING3
[40280]	227	case VINF_IOM_R3_MMIO_READ:
	228	case VINF_IOM_R3_MMIO_READ_WRITE:
	229	case VINF_IOM_R3_MMIO_WRITE:
[81336]	230	LogFlow(("iomMmioDoComplicatedWrite: GCPhys=%RGp GCPhysStart=%RGp cbValue=%u rc=%Rrc [read]\n", GCPhys, GCPhysStart, cbValue, VBOXSTRICTRC_VAL(rc2)));
[81333]	231	rc2 = iomMmioRing3WritePending(pVCpu, GCPhys, pvValue, cbValue, pRegEntry->idxSelf);
[60854]	232	if (rc == VINF_SUCCESS \|\| rc2 < rc)
	233	rc = rc2;
	234	return rc;
	235	#endif
[39111]	236	default:
	237	if (RT_FAILURE(rc2))
	238	{
[81336]	239	Log(("iomMmioDoComplicatedWrite: GCPhys=%RGp GCPhysStart=%RGp cbValue=%u rc=%Rrc [read]\n", GCPhys, GCPhysStart, cbValue, VBOXSTRICTRC_VAL(rc2)));
[39111]	240	return rc2;
	241	}
[81338]	242	AssertMsgReturn(rc2 >= VINF_EM_FIRST && rc2 <= VINF_EM_LAST, ("%Rrc\n", VBOXSTRICTRC_VAL(rc2)), VERR_IPE_UNEXPECTED_INFO_STATUS);
[39111]	243	if (rc == VINF_SUCCESS \|\| rc2 < rc)
	244	rc = rc2;
	245	break;
	246	}
	247	}
	248
	249	/*
	250	* Merge missing and given bits.
	251	*/
	252	uint32_t u32GivenMask;
	253	uint32_t u32GivenValue;
	254	switch (cbThisPart)
	255	{
	256	case 1:
	257	u32GivenValue = (uint8_t const )pvValue;
	258	u32GivenMask = UINT32_C(0x000000ff);
	259	break;
	260	case 2:
	261	u32GivenValue = (uint16_t const )pvValue;
	262	u32GivenMask = UINT32_C(0x0000ffff);
	263	break;
	264	case 3:
	265	u32GivenValue = RT_MAKE_U32_FROM_U8(((uint8_t const )pvValue)[0], ((uint8_t const )pvValue)[1],
	266	((uint8_t const *)pvValue)[2], 0);
	267	u32GivenMask = UINT32_C(0x00ffffff);
	268	break;
	269	case 4:
	270	u32GivenValue = (uint32_t const )pvValue;
	271	u32GivenMask = UINT32_C(0xffffffff);
	272	break;
	273	default:
[39402]	274	AssertFailedReturn(VERR_IOM_MMIO_IPE_3);
[39111]	275	}
	276	if (offAccess)
	277	{
	278	u32GivenValue <<= offAccess * 8;
[44573]	279	u32GivenMask <<= offAccess * 8;
[39111]	280	}
	281
	282	uint32_t u32Value = (u32MissingValue & ~u32GivenMask)
	283	\| (u32GivenValue & u32GivenMask);
	284
	285	/*
	286	* Do DWORD write to the device.
	287	*/
[81333]	288	VBOXSTRICTRC rc2 = pRegEntry->pfnWriteCallback(pRegEntry->pDevIns, pRegEntry->pvUser,
[81336]	289	!(pRegEntry->fFlags & IOMMMIO_FLAGS_ABS)
	290	? offRegion & ~(RTGCPHYS)3 : GCPhys & ~(RTGCPHYS)3,
	291	&u32Value, sizeof(u32Value));
[81333]	292	switch (VBOXSTRICTRC_VAL(rc2))
[39111]	293	{
	294	case VINF_SUCCESS:
	295	break;
[60854]	296	#ifndef IN_RING3
[40280]	297	case VINF_IOM_R3_MMIO_READ:
	298	case VINF_IOM_R3_MMIO_READ_WRITE:
	299	case VINF_IOM_R3_MMIO_WRITE:
[81336]	300	Log3(("iomMmioDoComplicatedWrite: deferring GCPhys=%RGp GCPhysStart=%RGp cbValue=%u rc=%Rrc [write]\n", GCPhys, GCPhysStart, cbValue, VBOXSTRICTRC_VAL(rc2)));
[60854]	301	AssertReturn(pVCpu->iom.s.PendingMmioWrite.cbValue == 0, VERR_IOM_MMIO_IPE_1);
	302	AssertReturn(cbValue + (GCPhys & 3) <= sizeof(pVCpu->iom.s.PendingMmioWrite.abValue), VERR_IOM_MMIO_IPE_2);
	303	pVCpu->iom.s.PendingMmioWrite.GCPhys = GCPhys & ~(RTGCPHYS)3;
	304	pVCpu->iom.s.PendingMmioWrite.cbValue = cbValue + (GCPhys & 3);
	305	(uint32_t )pVCpu->iom.s.PendingMmioWrite.abValue = u32Value;
	306	if (cbValue > cbThisPart)
	307	memcpy(&pVCpu->iom.s.PendingMmioWrite.abValue[4],
	308	(uint8_t const *)pvValue + cbThisPart, cbValue - cbThisPart);
	309	VMCPU_FF_SET(pVCpu, VMCPU_FF_IOM);
	310	if (rc == VINF_SUCCESS)
	311	rc = VINF_IOM_R3_MMIO_COMMIT_WRITE;
[73520]	312	return rc;
[60854]	313	#endif
[39111]	314	default:
	315	if (RT_FAILURE(rc2))
	316	{
[81336]	317	Log(("iomMmioDoComplicatedWrite: GCPhys=%RGp GCPhysStart=%RGp cbValue=%u rc=%Rrc [write]\n", GCPhys, GCPhysStart, cbValue, VBOXSTRICTRC_VAL(rc2)));
[39111]	318	return rc2;
	319	}
[81338]	320	AssertMsgReturn(rc2 >= VINF_EM_FIRST && rc2 <= VINF_EM_LAST, ("%Rrc\n", VBOXSTRICTRC_VAL(rc2)), VERR_IPE_UNEXPECTED_INFO_STATUS);
[39111]	321	if (rc == VINF_SUCCESS \|\| rc2 < rc)
	322	rc = rc2;
	323	break;
	324	}
	325
	326	/*
	327	* Advance.
	328	*/
[81336]	329	cbValue -= cbThisPart;
[39111]	330	if (!cbValue)
	331	break;
[81336]	332	GCPhys += cbThisPart;
	333	offRegion += cbThisPart;
	334	pvValue = (uint8_t const *)pvValue + cbThisPart;
[39111]	335	}
	336
	337	return rc;
	338	}
	339
	340
	341
	342
	343	/**
[81333]	344	* Wrapper which does the write.
[2297]	345	*/
[81336]	346	DECLINLINE(VBOXSTRICTRC) iomMmioDoWrite(PVMCC pVM, PVMCPU pVCpu, CTX_SUFF(PIOMMMIOENTRY) pRegEntry,
	347	RTGCPHYS GCPhys, RTGCPHYS offRegion,
[81333]	348	const void *pvData, uint32_t cb IOM_MMIO_STATS_COMMA_DECL)
[2297]	349	{
[55966]	350	VBOXSTRICTRC rcStrict;
[81333]	351	if (RT_LIKELY(pRegEntry->pfnWriteCallback))
[39111]	352	{
[81336]	353	if ( (cb == 4 && !(GCPhys & 3))
[81333]	354	\|\| (pRegEntry->fFlags & IOMMMIO_FLAGS_WRITE_MODE) == IOMMMIO_FLAGS_WRITE_PASSTHRU
[81336]	355	\|\| (cb == 8 && !(GCPhys & 7) && IOMMMIO_DOES_WRITE_MODE_ALLOW_QWORD(pRegEntry->fFlags)) )
[81333]	356	rcStrict = pRegEntry->pfnWriteCallback(pRegEntry->pDevIns, pRegEntry->pvUser,
[81336]	357	!(pRegEntry->fFlags & IOMMMIO_FLAGS_ABS) ? offRegion : GCPhys, pvData, cb);
[39111]	358	else
[81336]	359	rcStrict = iomMmioDoComplicatedWrite(pVM, pVCpu, pRegEntry, GCPhys, offRegion, pvData, cb IOM_MMIO_STATS_COMMA_ARG);
[39111]	360	}
[7751]	361	else
[55966]	362	rcStrict = VINF_SUCCESS;
	363	return rcStrict;
[39111]	364	}
	365
	366
[81462]	367	#ifdef IN_RING3
[39111]	368	/**
[81462]	369	* Helper for IOMR3ProcessForceFlag() that lives here to utilize iomMmioDoWrite et al.
	370	*/
	371	VBOXSTRICTRC iomR3MmioCommitWorker(PVM pVM, PVMCPU pVCpu, PIOMMMIOENTRYR3 pRegEntry, RTGCPHYS offRegion)
	372	{
	373	# ifdef VBOX_WITH_STATISTICS
	374	STAM_PROFILE_START(UnusedMacroArg, Prf);
	375	PIOMMMIOSTATSENTRY const pStats = iomMmioGetStats(pVM, pRegEntry);
	376	# endif
	377	PPDMDEVINS const pDevIns = pRegEntry->pDevIns;
[90346]	378	int rc = PDMCritSectEnter(pVM, pDevIns->CTX_SUFF(pCritSectRo), VERR_IGNORED);
[81462]	379	AssertRCReturn(rc, rc);
	380
	381	VBOXSTRICTRC rcStrict = iomMmioDoWrite(pVM, pVCpu, pRegEntry, pVCpu->iom.s.PendingMmioWrite.GCPhys, offRegion,
	382	pVCpu->iom.s.PendingMmioWrite.abValue, pVCpu->iom.s.PendingMmioWrite.cbValue
	383	IOM_MMIO_STATS_COMMA_ARG);
	384
[90346]	385	PDMCritSectLeave(pVM, pDevIns->CTX_SUFF(pCritSectRo));
[81462]	386	STAM_PROFILE_STOP(&pStats->ProfWriteR3, Prf);
	387	return rcStrict;
	388	}
	389	#endif /* IN_RING3 */
	390
	391
	392	/**
[39111]	393	* Deals with complicated MMIO reads.
	394	*
[54669]	395	* Complicated means unaligned or non-dword/qword sized accesses depending on
[39111]	396	* the MMIO region's access mode flags.
	397	*
	398	* @returns Strict VBox status code. Any EM scheduling status code,
[40280]	399	* VINF_IOM_R3_MMIO_READ, VINF_IOM_R3_MMIO_READ_WRITE or
	400	* VINF_IOM_R3_MMIO_WRITE may be returned.
[39111]	401	*
[81336]	402	* @param pVM The cross context VM structure.
	403	* @param pRegEntry The MMIO entry for the current context.
	404	* @param GCPhys The physical address to start reading.
	405	* @param offRegion MMIO region offset corresponding to @a GCPhys.
	406	* @param pvValue Where to store the value.
	407	* @param cbValue The size of the value to read.
[81369]	408	* @param pStats Pointer to the statistics (never NULL).
[39111]	409	*/
[81336]	410	static VBOXSTRICTRC iomMMIODoComplicatedRead(PVM pVM, CTX_SUFF(PIOMMMIOENTRY) pRegEntry, RTGCPHYS GCPhys, RTGCPHYS offRegion,
[81333]	411	void *pvValue, unsigned cbValue IOM_MMIO_STATS_COMMA_DECL)
[39111]	412	{
[81333]	413	AssertReturn( (pRegEntry->fFlags & IOMMMIO_FLAGS_READ_MODE) == IOMMMIO_FLAGS_READ_DWORD
	414	\|\| (pRegEntry->fFlags & IOMMMIO_FLAGS_READ_MODE) == IOMMMIO_FLAGS_READ_DWORD_QWORD,
[39402]	415	VERR_IOM_MMIO_IPE_1);
	416	AssertReturn(cbValue != 0 && cbValue <= 16, VERR_IOM_MMIO_IPE_2);
[81333]	417	#ifdef LOG_ENABLED
	418	RTGCPHYS const GCPhysStart = GCPhys;
	419	#endif
[39111]	420
	421	/*
[39154]	422	* Do debug stop if requested.
	423	*/
[81333]	424	VBOXSTRICTRC rc = VINF_SUCCESS; NOREF(pVM);
[39154]	425	#ifdef VBOX_STRICT
[81333]	426	if (pRegEntry->fFlags & IOMMMIO_FLAGS_DBGSTOP_ON_COMPLICATED_READ)
[42726]	427	{
[39154]	428	# ifdef IN_RING3
	429	rc = DBGFR3EventSrc(pVM, DBGFEVENT_DEV_STOP, RT_SRC_POS,
[81333]	430	"Complicated read %#x byte at %RGp to %s\n", cbValue, GCPhys, R3STRING(pRegEntry->pszDesc));
[42726]	431	if (rc == VERR_DBGF_NOT_ATTACHED)
	432	rc = VINF_SUCCESS;
[39154]	433	# else
[40280]	434	return VINF_IOM_R3_MMIO_READ;
[39154]	435	# endif
[42726]	436	}
[39154]	437	#endif
	438
[81333]	439	STAM_COUNTER_INC(&pStats->ComplicatedReads);
	440
[39154]	441	/*
[39111]	442	* Split and conquer.
	443	*/
	444	for (;;)
	445	{
	446	/*
	447	* Do DWORD read from the device.
	448	*/
[104255]	449	uint32_t u32Value = 0;
[81333]	450	VBOXSTRICTRC rcStrict2 = pRegEntry->pfnReadCallback(pRegEntry->pDevIns, pRegEntry->pvUser,
[81336]	451	!(pRegEntry->fFlags & IOMMMIO_FLAGS_ABS)
	452	? offRegion & ~(RTGCPHYS)3 : GCPhys & ~(RTGCPHYS)3,
	453	&u32Value, sizeof(u32Value));
[81333]	454	switch (VBOXSTRICTRC_VAL(rcStrict2))
[39111]	455	{
	456	case VINF_SUCCESS:
	457	break;
	458	case VINF_IOM_MMIO_UNUSED_FF:
[81333]	459	STAM_COUNTER_INC(&pStats->FFor00Reads);
[39111]	460	u32Value = UINT32_C(0xffffffff);
	461	break;
	462	case VINF_IOM_MMIO_UNUSED_00:
[81333]	463	STAM_COUNTER_INC(&pStats->FFor00Reads);
[39111]	464	u32Value = 0;
	465	break;
[40280]	466	case VINF_IOM_R3_MMIO_READ:
	467	case VINF_IOM_R3_MMIO_READ_WRITE:
	468	case VINF_IOM_R3_MMIO_WRITE:
[39111]	469	/** @todo What if we've split a transfer and already read
	470	* something? Since reads can have sideeffects we could be
	471	* kind of screwed here... */
[81333]	472	LogFlow(("iomMMIODoComplicatedRead: GCPhys=%RGp GCPhysStart=%RGp cbValue=%u rcStrict2=%Rrc\n",
	473	GCPhys, GCPhysStart, cbValue, VBOXSTRICTRC_VAL(rcStrict2)));
	474	return rcStrict2;
[39111]	475	default:
[81333]	476	if (RT_FAILURE(rcStrict2))
[39111]	477	{
[81333]	478	Log(("iomMMIODoComplicatedRead: GCPhys=%RGp GCPhysStart=%RGp cbValue=%u rcStrict2=%Rrc\n",
	479	GCPhys, GCPhysStart, cbValue, VBOXSTRICTRC_VAL(rcStrict2)));
	480	return rcStrict2;
[39111]	481	}
[81333]	482	AssertMsgReturn(rcStrict2 >= VINF_EM_FIRST && rcStrict2 <= VINF_EM_LAST, ("%Rrc\n", VBOXSTRICTRC_VAL(rcStrict2)),
	483	VERR_IPE_UNEXPECTED_INFO_STATUS);
	484	if (rc == VINF_SUCCESS \|\| rcStrict2 < rc)
	485	rc = rcStrict2;
[39111]	486	break;
	487	}
	488	u32Value >>= (GCPhys & 3) * 8;
	489
	490	/*
	491	* Write what we've read.
	492	*/
	493	unsigned cbThisPart = 4 - (GCPhys & 3);
	494	if (cbThisPart > cbValue)
	495	cbThisPart = cbValue;
	496
	497	switch (cbThisPart)
	498	{
	499	case 1:
	500	(uint8_t )pvValue = (uint8_t)u32Value;
	501	break;
	502	case 2:
	503	(uint16_t )pvValue = (uint16_t)u32Value;
	504	break;
	505	case 3:
	506	((uint8_t *)pvValue)[0] = RT_BYTE1(u32Value);
	507	((uint8_t *)pvValue)[1] = RT_BYTE2(u32Value);
	508	((uint8_t *)pvValue)[2] = RT_BYTE3(u32Value);
	509	break;
	510	case 4:
	511	(uint32_t )pvValue = u32Value;
	512	break;
	513	}
	514
	515	/*
	516	* Advance.
	517	*/
[81336]	518	cbValue -= cbThisPart;
[39111]	519	if (!cbValue)
	520	break;
[81336]	521	GCPhys += cbThisPart;
	522	offRegion += cbThisPart;
	523	pvValue = (uint8_t *)pvValue + cbThisPart;
[39111]	524	}
	525
[7751]	526	return rc;
[2297]	527	}
	528
[12772]	529
[2297]	530	/**
[39111]	531	* Implements VINF_IOM_MMIO_UNUSED_FF.
	532	*
	533	* @returns VINF_SUCCESS.
[81369]	534	* @param pvValue Where to store the zeros.
	535	* @param cbValue How many bytes to read.
	536	* @param pStats Pointer to the statistics (never NULL).
[39111]	537	*/
[81333]	538	static int iomMMIODoReadFFs(void *pvValue, size_t cbValue IOM_MMIO_STATS_COMMA_DECL)
[39111]	539	{
	540	switch (cbValue)
	541	{
	542	case 1: (uint8_t )pvValue = UINT8_C(0xff); break;
	543	case 2: (uint16_t )pvValue = UINT16_C(0xffff); break;
	544	case 4: (uint32_t )pvValue = UINT32_C(0xffffffff); break;
	545	case 8: (uint64_t )pvValue = UINT64_C(0xffffffffffffffff); break;
	546	default:
	547	{
	548	uint8_t pb = (uint8_t )pvValue;
	549	while (cbValue--)
	550	*pb++ = UINT8_C(0xff);
	551	break;
	552	}
	553	}
[81333]	554	STAM_COUNTER_INC(&pStats->FFor00Reads);
[39111]	555	return VINF_SUCCESS;
	556	}
	557
	558
	559	/**
	560	* Implements VINF_IOM_MMIO_UNUSED_00.
	561	*
	562	* @returns VINF_SUCCESS.
[81369]	563	* @param pvValue Where to store the zeros.
	564	* @param cbValue How many bytes to read.
	565	* @param pStats Pointer to the statistics (never NULL).
[39111]	566	*/
[81333]	567	static int iomMMIODoRead00s(void *pvValue, size_t cbValue IOM_MMIO_STATS_COMMA_DECL)
[39111]	568	{
	569	switch (cbValue)
	570	{
	571	case 1: (uint8_t )pvValue = UINT8_C(0x00); break;
	572	case 2: (uint16_t )pvValue = UINT16_C(0x0000); break;
	573	case 4: (uint32_t )pvValue = UINT32_C(0x00000000); break;
	574	case 8: (uint64_t )pvValue = UINT64_C(0x0000000000000000); break;
	575	default:
	576	{
	577	uint8_t pb = (uint8_t )pvValue;
	578	while (cbValue--)
	579	*pb++ = UINT8_C(0x00);
	580	break;
	581	}
	582	}
[81333]	583	STAM_COUNTER_INC(&pStats->FFor00Reads);
[39111]	584	return VINF_SUCCESS;
	585	}
	586
	587
	588	/**
[81333]	589	* Wrapper which does the read.
[2297]	590	*/
[81336]	591	DECLINLINE(VBOXSTRICTRC) iomMmioDoRead(PVMCC pVM, CTX_SUFF(PIOMMMIOENTRY) pRegEntry, RTGCPHYS GCPhys, RTGCPHYS offRegion,
[81333]	592	void *pvValue, uint32_t cbValue IOM_MMIO_STATS_COMMA_DECL)
[2297]	593	{
[55966]	594	VBOXSTRICTRC rcStrict;
[81333]	595	if (RT_LIKELY(pRegEntry->pfnReadCallback))
[39111]	596	{
[44715]	597	if ( ( cbValue == 4
	598	&& !(GCPhys & 3))
[81333]	599	\|\| (pRegEntry->fFlags & IOMMMIO_FLAGS_READ_MODE) == IOMMMIO_FLAGS_READ_PASSTHRU
[44715]	600	\|\| ( cbValue == 8
	601	&& !(GCPhys & 7)
[81333]	602	&& (pRegEntry->fFlags & IOMMMIO_FLAGS_READ_MODE) == IOMMMIO_FLAGS_READ_DWORD_QWORD ) )
[81336]	603	rcStrict = pRegEntry->pfnReadCallback(pRegEntry->pDevIns, pRegEntry->pvUser,
	604	!(pRegEntry->fFlags & IOMMMIO_FLAGS_ABS) ? offRegion : GCPhys, pvValue, cbValue);
[39111]	605	else
[81336]	606	rcStrict = iomMMIODoComplicatedRead(pVM, pRegEntry, GCPhys, offRegion, pvValue, cbValue IOM_MMIO_STATS_COMMA_ARG);
[39111]	607	}
[7751]	608	else
[55966]	609	rcStrict = VINF_IOM_MMIO_UNUSED_FF;
	610	if (rcStrict != VINF_SUCCESS)
[2297]	611	{
[55966]	612	switch (VBOXSTRICTRC_VAL(rcStrict))
[7751]	613	{
[81333]	614	case VINF_IOM_MMIO_UNUSED_FF: rcStrict = iomMMIODoReadFFs(pvValue, cbValue IOM_MMIO_STATS_COMMA_ARG); break;
	615	case VINF_IOM_MMIO_UNUSED_00: rcStrict = iomMMIODoRead00s(pvValue, cbValue IOM_MMIO_STATS_COMMA_ARG); break;
[7751]	616	}
[2297]	617	}
[55966]	618	return rcStrict;
[2297]	619	}
	620
[81333]	621	#ifndef IN_RING3
[81379]	622
[12772]	623	/**
[81333]	624	* Checks if we can handle an MMIO \#PF in R0/RC.
	625	*/
	626	DECLINLINE(bool) iomMmioCanHandlePfInRZ(PVMCC pVM, uint32_t uErrorCode, CTX_SUFF(PIOMMMIOENTRY) pRegEntry)
	627	{
	628	if (pRegEntry->cbRegion > 0)
	629	{
	630	if ( pRegEntry->pfnWriteCallback
	631	&& pRegEntry->pfnReadCallback)
	632	return true;
	633
	634	PIOMMMIOENTRYR3 const pRegEntryR3 = &pVM->iomr0.s.paMmioRing3Regs[pRegEntry->idxSelf];
	635	if ( uErrorCode == UINT32_MAX
	636	? pRegEntryR3->pfnWriteCallback \|\| pRegEntryR3->pfnReadCallback
	637	: uErrorCode & X86_TRAP_PF_RW
	638	? !pRegEntry->pfnWriteCallback && pRegEntryR3->pfnWriteCallback
	639	: !pRegEntry->pfnReadCallback && pRegEntryR3->pfnReadCallback)
	640	return false;
	641
	642	return true;
	643	}
	644	return false;
	645	}
	646
[81379]	647
[81333]	648	/**
[56660]	649	* Common worker for the \#PF handler and IOMMMIOPhysHandler (APIC+VT-x).
[2297]	650	*
	651	* @returns VBox status code (appropriate for GC return).
[58122]	652	* @param pVM The cross context VM structure.
[58123]	653	* @param pVCpu The cross context virtual CPU structure of the calling EMT.
[31593]	654	* @param uErrorCode CPU Error code. This is UINT32_MAX when we don't have
	655	* any error code (the EPT misconfig hack).
[2297]	656	* @param GCPhysFault The GC physical address corresponding to pvFault.
[81333]	657	* @param pRegEntry The MMIO entry for the current context.
[2297]	658	*/
[81333]	659	DECLINLINE(VBOXSTRICTRC) iomMmioCommonPfHandlerNew(PVMCC pVM, PVMCPUCC pVCpu, uint32_t uErrorCode,
	660	RTGCPHYS GCPhysFault, CTX_SUFF(PIOMMMIOENTRY) pRegEntry)
[2297]	661	{
[81333]	662	Log(("iomMmioCommonPfHandler: GCPhysFault=%RGp uErr=%#x rip=%RGv\n", GCPhysFault, uErrorCode, CPUMGetGuestRIP(pVCpu) ));
	663	RT_NOREF(GCPhysFault, uErrorCode);
[2297]	664
[81333]	665	VBOXSTRICTRC rcStrict;
[7751]	666
	667	#ifndef IN_RING3
[2297]	668	/*
[31593]	669	* Should we defer the request right away? This isn't usually the case, so
	670	* do the simple test first and the try deal with uErrorCode being N/A.
[2297]	671	*/
[81333]	672	PPDMDEVINS const pDevIns = pRegEntry->pDevIns;
	673	if (RT_LIKELY( pDevIns
	674	&& iomMmioCanHandlePfInRZ(pVM, uErrorCode, pRegEntry)))
[7751]	675	{
[81333]	676	/*
	677	* Enter the device critsect prior to engaging IOM in case of lock contention.
	678	* Note! Perhaps not a good move?
	679	*/
[90346]	680	rcStrict = PDMCritSectEnter(pVM, pDevIns->CTX_SUFF(pCritSectRo), VINF_IOM_R3_MMIO_READ_WRITE);
[81333]	681	if (rcStrict == VINF_SUCCESS)
	682	{
	683	#endif /* !IN_RING3 */
	684
	685	/*
	686	* Let IEM call us back via iomMmioHandler.
	687	*/
	688	rcStrict = IEMExecOne(pVCpu);
	689
	690	#ifndef IN_RING3
[90346]	691	PDMCritSectLeave(pVM, pDevIns->CTX_SUFF(pCritSectRo));
[81333]	692	#endif
	693	if (RT_SUCCESS(rcStrict))
	694	{ /* likely */ }
	695	else if ( rcStrict == VERR_IEM_ASPECT_NOT_IMPLEMENTED
	696	\|\| rcStrict == VERR_IEM_INSTR_NOT_IMPLEMENTED)
	697	{
	698	Log(("IOM: Hit unsupported IEM feature!\n"));
	699	rcStrict = VINF_EM_RAW_EMULATE_INSTR;
	700	}
	701	#ifndef IN_RING3
	702	return rcStrict;
	703	}
[82380]	704	STAM_COUNTER_INC(&pVM->iom.s.StatMmioDevLockContentionR0);
[2297]	705	}
[81333]	706	else
	707	rcStrict = VINF_IOM_R3_MMIO_READ_WRITE;
[2297]	708
[81333]	709	# ifdef VBOX_WITH_STATISTICS
	710	if (rcStrict == VINF_IOM_R3_MMIO_READ_WRITE)
[37452]	711	{
[81333]	712	PIOMMMIOSTATSENTRY const pStats = iomMmioGetStats(pVM, pRegEntry);
	713	if (uErrorCode & X86_TRAP_PF_RW)
	714	{
	715	STAM_COUNTER_INC(&pStats->WriteRZToR3);
[82380]	716	STAM_COUNTER_INC(&pVM->iom.s.StatMmioWritesR0ToR3);
[81333]	717	}
	718	else
	719	{
	720	STAM_COUNTER_INC(&pStats->ReadRZToR3);
[82380]	721	STAM_COUNTER_INC(&pVM->iom.s.StatMmioReadsR0ToR3);
[81333]	722	}
[37452]	723	}
[81333]	724	# endif
	725	#else /* IN_RING3 */
[81334]	726	RT_NOREF(pVM, pRegEntry);
[81333]	727	#endif /* IN_RING3 */
[56063]	728	return rcStrict;
[2297]	729	}
	730
[56017]	731
[19993]	732	/**
[56017]	733	* @callback_method_impl{FNPGMRZPHYSPFHANDLER,
	734	* \#PF access handler callback for MMIO pages.}
[19993]	735	*
[93635]	736	* @remarks The @a uUser argument is the MMIO handle.
[19993]	737	*/
[97197]	738	DECLCALLBACK(VBOXSTRICTRC) iomMmioPfHandlerNew(PVMCC pVM, PVMCPUCC pVCpu, RTGCUINT uErrorCode, PCPUMCTX pCtx,
[93650]	739	RTGCPTR pvFault, RTGCPHYS GCPhysFault, uint64_t uUser)
[19993]	740	{
[82380]	741	STAM_PROFILE_START(&pVM->iom.s.StatMmioPfHandler, Prf);
[81375]	742	LogFlow(("iomMmioPfHandlerNew: GCPhys=%RGp uErr=%#x pvFault=%RGv rip=%RGv\n",
[97197]	743	GCPhysFault, (uint32_t)uErrorCode, pvFault, (RTGCPTR)pCtx->rip));
	744	RT_NOREF(pvFault, pCtx);
[81333]	745
	746	/* Translate the MMIO handle to a registration entry for the current context. */
[93635]	747	AssertReturn(uUser < RT_MIN(pVM->iom.s.cMmioRegs, pVM->iom.s.cMmioAlloc), VERR_IOM_INVALID_MMIO_HANDLE);
[81375]	748	# ifdef IN_RING0
[93635]	749	AssertReturn(uUser < pVM->iomr0.s.cMmioAlloc, VERR_IOM_INVALID_MMIO_HANDLE);
	750	CTX_SUFF(PIOMMMIOENTRY) pRegEntry = &pVM->iomr0.s.paMmioRegs[uUser];
[81375]	751	# else
[93635]	752	CTX_SUFF(PIOMMMIOENTRY) pRegEntry = &pVM->iom.s.paMmioRegs[uUser];
[81375]	753	# endif
[81333]	754
[82380]	755	VBOXSTRICTRC rcStrict = iomMmioCommonPfHandlerNew(pVM, pVCpu, (uint32_t)uErrorCode, GCPhysFault, pRegEntry);
	756
	757	STAM_PROFILE_STOP(&pVM->iom.s.StatMmioPfHandler, Prf);
	758	return rcStrict;
[19993]	759	}
[81379]	760
[81375]	761	#endif /* !IN_RING3 */
[2297]	762
[81333]	763	#ifdef IN_RING0
[19993]	764	/**
	765	* Physical access handler for MMIO ranges.
	766	*
[81333]	767	* This is actually only used by VT-x for APIC page accesses.
	768	*
[19993]	769	* @returns VBox status code (appropriate for GC return).
[58122]	770	* @param pVM The cross context VM structure.
[58123]	771	* @param pVCpu The cross context virtual CPU structure of the calling EMT.
[19993]	772	* @param uErrorCode CPU Error code.
	773	* @param GCPhysFault The GC physical address.
	774	*/
[81433]	775	VMM_INT_DECL(VBOXSTRICTRC) IOMR0MmioPhysHandler(PVMCC pVM, PVMCPUCC pVCpu, uint32_t uErrorCode, RTGCPHYS GCPhysFault)
[19993]	776	{
[82380]	777	STAM_PROFILE_START(&pVM->iom.s.StatMmioPhysHandler, Prf);
[81375]	778
[48410]	779	/*
	780	* We don't have a range here, so look it up before calling the common function.
	781	*/
[81333]	782	VBOXSTRICTRC rcStrict = IOM_LOCK_SHARED(pVM);
	783	if (RT_SUCCESS(rcStrict))
[48410]	784	{
[81333]	785	RTGCPHYS offRegion;
[81336]	786	CTX_SUFF(PIOMMMIOENTRY) pRegEntry = iomMmioGetEntry(pVM, GCPhysFault, &offRegion, &pVCpu->iom.s.idxMmioLastPhysHandler);
[82313]	787	IOM_UNLOCK_SHARED(pVM);
[81333]	788	if (RT_LIKELY(pRegEntry))
	789	rcStrict = iomMmioCommonPfHandlerNew(pVM, pVCpu, (uint32_t)uErrorCode, GCPhysFault, pRegEntry);
	790	else
[82313]	791	rcStrict = VERR_IOM_MMIO_RANGE_NOT_FOUND;
[81333]	792	}
	793	else if (rcStrict == VERR_SEM_BUSY)
	794	rcStrict = VINF_IOM_R3_MMIO_READ_WRITE;
[82380]	795
	796	STAM_PROFILE_STOP(&pVM->iom.s.StatMmioPhysHandler, Prf);
[81333]	797	return rcStrict;
[19993]	798	}
[81333]	799	#endif /* IN_RING0 */
[19993]	800
[37452]	801
[2297]	802	/**
[56017]	803	* @callback_method_impl{FNPGMPHYSHANDLER, MMIO page accesses}
[10538]	804	*
[93635]	805	* @remarks The @a uUser argument is the MMIO handle.
[10538]	806	*/
[93650]	807	DECLCALLBACK(VBOXSTRICTRC) iomMmioHandlerNew(PVMCC pVM, PVMCPUCC pVCpu, RTGCPHYS GCPhysFault, void pvPhys, void pvBuf,
	808	size_t cbBuf, PGMACCESSTYPE enmAccessType, PGMACCESSORIGIN enmOrigin, uint64_t uUser)
[10538]	809	{
[81333]	810	STAM_PROFILE_START(UnusedMacroArg, Prf);
[82380]	811	STAM_COUNTER_INC(&pVM->iom.s.CTX_SUFF(StatMmioHandler));
[93635]	812	Log4(("iomMmioHandlerNew: GCPhysFault=%RGp cbBuf=%#x enmAccessType=%d enmOrigin=%d uUser=%p\n", GCPhysFault, cbBuf, enmAccessType, enmOrigin, uUser));
[10538]	813
[81333]	814	Assert(enmAccessType == PGMACCESSTYPE_READ \|\| enmAccessType == PGMACCESSTYPE_WRITE);
	815	AssertMsg(cbBuf >= 1, ("%zu\n", cbBuf));
[61371]	816	NOREF(pvPhys); NOREF(enmOrigin);
[37452]	817
[81333]	818	#ifdef IN_RING3
	819	int const rcToRing3 = VERR_IOM_MMIO_IPE_3;
	820	#else
	821	int const rcToRing3 = enmAccessType == PGMACCESSTYPE_READ ? VINF_IOM_R3_MMIO_READ : VINF_IOM_R3_MMIO_WRITE;
	822	#endif
[61371]	823
[81333]	824	/*
[93635]	825	* Translate uUser to an MMIO registration table entry. We can do this
[81333]	826	* without any locking as the data is static after VM creation.
	827	*/
[93635]	828	AssertReturn(uUser < RT_MIN(pVM->iom.s.cMmioRegs, pVM->iom.s.cMmioAlloc), VERR_IOM_INVALID_MMIO_HANDLE);
[81333]	829	#ifdef IN_RING0
[93635]	830	AssertReturn(uUser < pVM->iomr0.s.cMmioAlloc, VERR_IOM_INVALID_MMIO_HANDLE);
	831	CTX_SUFF(PIOMMMIOENTRY) const pRegEntry = &pVM->iomr0.s.paMmioRegs[uUser];
	832	PIOMMMIOENTRYR3 const pRegEntryR3 = &pVM->iomr0.s.paMmioRing3Regs[uUser];
[81333]	833	#else
[93635]	834	CTX_SUFF(PIOMMMIOENTRY) const pRegEntry = &pVM->iom.s.paMmioRegs[uUser];
[81333]	835	#endif
	836	#ifdef VBOX_WITH_STATISTICS
[81336]	837	PIOMMMIOSTATSENTRY const pStats = iomMmioGetStats(pVM, pRegEntry); /* (Works even without ring-0 device setup.) */
[81333]	838	#endif
[81336]	839	PPDMDEVINS const pDevIns = pRegEntry->pDevIns;
[81333]	840
[81336]	841	#ifdef VBOX_STRICT
[37452]	842	/*
[81333]	843	* Assert the right entry in strict builds. This may yield a false positive
	844	* for SMP VMs if we're unlucky and the guest isn't well behaved.
	845	*/
[81336]	846	# ifdef IN_RING0
[81947]	847	Assert(pRegEntry && (GCPhysFault - pRegEntryR3->GCPhysMapping < pRegEntryR3->cbRegion \|\| !pRegEntryR3->fMapped));
[81336]	848	# else
[81947]	849	Assert(pRegEntry && (GCPhysFault - pRegEntry->GCPhysMapping < pRegEntry->cbRegion \|\| !pRegEntry->fMapped));
[81336]	850	# endif
	851	#endif
[81333]	852
[81336]	853	#ifndef IN_RING3
[81333]	854	/*
[61371]	855	* If someone is doing FXSAVE, FXRSTOR, XSAVE, XRSTOR or other stuff dealing with
	856	* large amounts of data, just go to ring-3 where we don't need to deal with partial
	857	* successes. No chance any of these will be problematic read-modify-write stuff.
[81333]	858	*
	859	* Also drop back if the ring-0 registration entry isn't actually used.
[61371]	860	*/
[81336]	861	if ( RT_LIKELY(cbBuf <= sizeof(pVCpu->iom.s.PendingMmioWrite.abValue))
[81333]	862	&& pRegEntry->cbRegion != 0
	863	&& ( enmAccessType == PGMACCESSTYPE_READ
[93635]	864	? pRegEntry->pfnReadCallback != NULL \|\| pVM->iomr0.s.paMmioRing3Regs[uUser].pfnReadCallback == NULL
	865	: pRegEntry->pfnWriteCallback != NULL \|\| pVM->iomr0.s.paMmioRing3Regs[uUser].pfnWriteCallback == NULL)
[81333]	866	&& pDevIns )
	867	{ /* likely */ }
	868	else
[60852]	869	{
[93635]	870	Log4(("iomMmioHandlerNew: to ring-3: to-big=%RTbool zero-size=%RTbool no-callback=%RTbool pDevIns=%p hRegion=%#RX64\n",
[81375]	871	!(cbBuf <= sizeof(pVCpu->iom.s.PendingMmioWrite.abValue)), !(pRegEntry->cbRegion != 0),
	872	!( enmAccessType == PGMACCESSTYPE_READ
[93635]	873	? pRegEntry->pfnReadCallback != NULL \|\| pVM->iomr0.s.paMmioRing3Regs[uUser].pfnReadCallback == NULL
	874	: pRegEntry->pfnWriteCallback != NULL \|\| pVM->iomr0.s.paMmioRing3Regs[uUser].pfnWriteCallback == NULL),
	875	pDevIns, uUser));
[81333]	876	STAM_COUNTER_INC(enmAccessType == PGMACCESSTYPE_READ ? &pStats->ReadRZToR3 : &pStats->WriteRZToR3);
[82380]	877	STAM_COUNTER_INC(enmAccessType == PGMACCESSTYPE_READ ? &pVM->iom.s.StatMmioReadsR0ToR3 : &pVM->iom.s.StatMmioWritesR0ToR3);
[81333]	878	return rcToRing3;
[60852]	879	}
[81333]	880	#endif /* !IN_RING3 */
[19474]	881
[81336]	882	/*
	883	* If we've got an offset that's outside the region, defer to ring-3 if we
	884	* can, or pretend there is nothing there. This shouldn't happen, but can
	885	* if we're unlucky with an SMP VM and the guest isn't behaving very well.
	886	*/
	887	#ifdef IN_RING0
	888	RTGCPHYS const GCPhysMapping = pRegEntryR3->GCPhysMapping;
	889	#else
	890	RTGCPHYS const GCPhysMapping = pRegEntry->GCPhysMapping;
	891	#endif
[81375]	892	RTGCPHYS const offRegion = GCPhysFault - GCPhysMapping;
[81336]	893	if (RT_LIKELY(offRegion < pRegEntry->cbRegion && GCPhysMapping != NIL_RTGCPHYS))
	894	{ /* likely */ }
	895	else
	896	{
[82380]	897	STAM_REL_COUNTER_INC(&pVM->iom.s.StatMmioStaleMappings);
[81336]	898	LogRelMax(64, ("iomMmioHandlerNew: Stale access at %#RGp to range #%#x currently residing at %RGp LB %RGp\n",
	899	GCPhysFault, pRegEntry->idxSelf, GCPhysMapping, pRegEntry->cbRegion));
	900	#ifdef IN_RING3
	901	if (enmAccessType == PGMACCESSTYPE_READ)
	902	iomMMIODoReadFFs(pvBuf, cbBuf IOM_MMIO_STATS_COMMA_ARG);
	903	return VINF_SUCCESS;
	904	#else
	905	STAM_COUNTER_INC(enmAccessType == PGMACCESSTYPE_READ ? &pStats->ReadRZToR3 : &pStats->WriteRZToR3);
[82380]	906	STAM_COUNTER_INC(enmAccessType == PGMACCESSTYPE_READ ? &pVM->iom.s.StatMmioReadsR0ToR3 : &pVM->iom.s.StatMmioWritesR0ToR3);
[81336]	907	return rcToRing3;
	908	#endif
	909	}
[81333]	910
[37452]	911	/*
[98045]	912	* Guard against device configurations causing recursive MMIO accesses
	913	* (see @bugref{10315}).
	914	*/
	915	uint8_t const idxDepth = pVCpu->iom.s.cMmioRecursionDepth;
	916	if (RT_LIKELY(idxDepth < RT_ELEMENTS(pVCpu->iom.s.apMmioRecursionStack)))
	917	{
	918	pVCpu->iom.s.cMmioRecursionDepth = idxDepth + 1;
	919	/** @todo Add iomr0 with a apMmioRecursionStack for ring-0. */
	920	#ifdef IN_RING3
	921	pVCpu->iom.s.apMmioRecursionStack[idxDepth] = pDevIns;
	922	#endif
	923	}
	924	else
	925	{
	926	STAM_REL_COUNTER_INC(&pVM->iom.s.StatMmioTooDeepRecursion);
	927	#ifdef IN_RING3
	928	AssertCompile(RT_ELEMENTS(pVCpu->iom.s.apMmioRecursionStack) == 2);
	929	LogRelMax(64, ("iomMmioHandlerNew: Too deep recursion %RGp LB %#zx: %p (%s); %p (%s); %p (%s)\n",
	930	GCPhysFault, cbBuf, pDevIns, pDevIns->pReg->szName,
	931	pVCpu->iom.s.apMmioRecursionStack[1], pVCpu->iom.s.apMmioRecursionStack[1]->pReg->szName,
	932	pVCpu->iom.s.apMmioRecursionStack[0], pVCpu->iom.s.apMmioRecursionStack[0]->pReg->szName));
	933	#else
	934	LogRelMax(64, ("iomMmioHandlerNew: Too deep recursion %RGp LB %#zx!: %p (%s)\n",
	935	GCPhysFault, cbBuf, pDevIns, pDevIns->pReg->szName));
	936	#endif
	937	return VINF_PGM_HANDLER_DO_DEFAULT;
	938	}
	939
	940
	941	/*
[81333]	942	* Perform locking and the access.
	943	*
	944	* Writes requiring a return to ring-3 are buffered by IOM so IEM can
	945	* commit the instruction.
	946	*
	947	* Note! We may end up locking the device even when the relevant callback is
	948	* NULL. This is supposed to be an unlikely case, so not optimized yet.
[98045]	949	*
	950	* Note! All returns goes thru the one return statement at the end of the
	951	* function in order to correctly maintaint the recursion counter.
[37452]	952	*/
[90346]	953	VBOXSTRICTRC rcStrict = PDMCritSectEnter(pVM, pDevIns->CTX_SUFF(pCritSectRo), rcToRing3);
[56017]	954	if (rcStrict == VINF_SUCCESS)
[37452]	955	{
[56017]	956	if (enmAccessType == PGMACCESSTYPE_READ)
[81333]	957	{
[81336]	958	/*
	959	* Read.
	960	*/
	961	rcStrict = iomMmioDoRead(pVM, pRegEntry, GCPhysFault, offRegion, pvBuf, (uint32_t)cbBuf IOM_MMIO_STATS_COMMA_ARG);
[81333]	962
[90346]	963	PDMCritSectLeave(pVM, pDevIns->CTX_SUFF(pCritSectRo));
[81333]	964	#ifndef IN_RING3
	965	if (rcStrict == VINF_IOM_R3_MMIO_READ)
	966	{
	967	STAM_COUNTER_INC(&pStats->ReadRZToR3);
[82380]	968	STAM_COUNTER_INC(&pVM->iom.s.StatMmioReadsR0ToR3);
[81333]	969	}
	970	else
	971	#endif
	972	STAM_COUNTER_INC(&pStats->Reads);
	973	STAM_PROFILE_STOP(&pStats->CTX_SUFF_Z(ProfRead), Prf);
	974	}
[56017]	975	else
[60852]	976	{
[81336]	977	/*
	978	* Write.
	979	*/
	980	rcStrict = iomMmioDoWrite(pVM, pVCpu, pRegEntry, GCPhysFault, offRegion, pvBuf, (uint32_t)cbBuf IOM_MMIO_STATS_COMMA_ARG);
[90346]	981	PDMCritSectLeave(pVM, pDevIns->CTX_SUFF(pCritSectRo));
[60852]	982	#ifndef IN_RING3
	983	if (rcStrict == VINF_IOM_R3_MMIO_WRITE)
[81333]	984	rcStrict = iomMmioRing3WritePending(pVCpu, GCPhysFault, pvBuf, cbBuf, pRegEntry->idxSelf);
	985	if (rcStrict == VINF_IOM_R3_MMIO_WRITE)
	986	{
	987	STAM_COUNTER_INC(&pStats->WriteRZToR3);
[82380]	988	STAM_COUNTER_INC(&pVM->iom.s.StatMmioWritesR0ToR3);
[81333]	989	}
	990	else if (rcStrict == VINF_IOM_R3_MMIO_COMMIT_WRITE)
	991	{
	992	STAM_COUNTER_INC(&pStats->CommitRZToR3);
[82380]	993	STAM_COUNTER_INC(&pVM->iom.s.StatMmioCommitsR0ToR3);
[81333]	994	}
	995	else
[60852]	996	#endif
[81333]	997	STAM_COUNTER_INC(&pStats->Writes);
	998	STAM_PROFILE_STOP(&pStats->CTX_SUFF_Z(ProfWrite), Prf);
[60852]	999	}
[56017]	1000
[81333]	1001	/*
	1002	* Check the return code.
	1003	*/
[56017]	1004	#ifdef IN_RING3
[73215]	1005	AssertMsg(rcStrict == VINF_SUCCESS, ("%Rrc - Access type %d - %RGp - %s\n",
[81333]	1006	VBOXSTRICTRC_VAL(rcStrict), enmAccessType, GCPhysFault, pRegEntry->pszDesc));
[56017]	1007	#else
	1008	AssertMsg( rcStrict == VINF_SUCCESS
[81333]	1009	\|\| rcStrict == rcToRing3
[60852]	1010	\|\| (rcStrict == VINF_IOM_R3_MMIO_COMMIT_WRITE && enmAccessType == PGMACCESSTYPE_WRITE)
[56017]	1011	\|\| rcStrict == VINF_EM_DBG_STOP
[59073]	1012	\|\| rcStrict == VINF_EM_DBG_EVENT
[56017]	1013	\|\| rcStrict == VINF_EM_DBG_BREAKPOINT
	1014	\|\| rcStrict == VINF_EM_OFF
	1015	\|\| rcStrict == VINF_EM_SUSPEND
	1016	\|\| rcStrict == VINF_EM_RESET
	1017	//\|\| rcStrict == VINF_EM_HALT /* ?? */
	1018	//\|\| rcStrict == VINF_EM_NO_MEMORY /* ?? */
[81333]	1019	, ("%Rrc - Access type %d - %RGp - %s #%u\n",
	1020	VBOXSTRICTRC_VAL(rcStrict), enmAccessType, GCPhysFault, pDevIns->pReg->szName, pDevIns->iInstance));
[56017]	1021	#endif
[37452]	1022	}
[81333]	1023	/*
	1024	* Deal with enter-critsect failures.
	1025	*/
	1026	#ifndef IN_RING3
	1027	else if (rcStrict == VINF_IOM_R3_MMIO_WRITE)
[60852]	1028	{
[81333]	1029	Assert(enmAccessType == PGMACCESSTYPE_WRITE);
	1030	rcStrict = iomMmioRing3WritePending(pVCpu, GCPhysFault, pvBuf, cbBuf, pRegEntry->idxSelf);
	1031	if (rcStrict == VINF_IOM_R3_MMIO_COMMIT_WRITE)
[60852]	1032	{
[81333]	1033	STAM_COUNTER_INC(&pStats->CommitRZToR3);
[82380]	1034	STAM_COUNTER_INC(&pVM->iom.s.StatMmioCommitsR0ToR3);
[60852]	1035	}
[81333]	1036	else
	1037	{
	1038	STAM_COUNTER_INC(&pStats->WriteRZToR3);
[82380]	1039	STAM_COUNTER_INC(&pVM->iom.s.StatMmioWritesR0ToR3);
[81333]	1040	}
[82380]	1041	STAM_COUNTER_INC(&pVM->iom.s.StatMmioDevLockContentionR0);
[60852]	1042	}
[81333]	1043	else if (rcStrict == VINF_IOM_R3_MMIO_READ)
	1044	{
	1045	Assert(enmAccessType == PGMACCESSTYPE_READ);
	1046	STAM_COUNTER_INC(&pStats->ReadRZToR3);
[82380]	1047	STAM_COUNTER_INC(&pVM->iom.s.StatMmioDevLockContentionR0);
[81333]	1048	}
[60852]	1049	#endif
[81333]	1050	else
	1051	AssertMsg(RT_FAILURE_NP(rcStrict), ("%Rrc\n", VBOXSTRICTRC_VAL(rcStrict)));
[98045]	1052
	1053	pVCpu->iom.s.cMmioRecursionDepth = idxDepth;
[55966]	1054	return rcStrict;
[10538]	1055	}
	1056
[37452]	1057
[10538]	1058	/**
[18230]	1059	* Mapping an MMIO2 page in place of an MMIO page for direct access.
[13387]	1060	*
[81333]	1061	* This is a special optimization used by the VGA device. Call
	1062	* IOMMmioResetRegion() to undo the mapping.
[18230]	1063	*
[40727]	1064	* @returns VBox status code. This API may return VINF_SUCCESS even if no
[81947]	1065	* remapping is made.
[90426]	1066	* @retval VERR_SEM_BUSY in ring-0 if we cannot get the IOM lock.
[13387]	1067	*
[58122]	1068	* @param pVM The cross context VM structure.
[81333]	1069	* @param pDevIns The device instance @a hRegion and @a hMmio2 are
	1070	* associated with.
	1071	* @param hRegion The handle to the MMIO region.
	1072	* @param offRegion The offset into @a hRegion of the page to be
	1073	* remapped.
	1074	* @param hMmio2 The MMIO2 handle.
	1075	* @param offMmio2 Offset into @a hMmio2 of the page to be use for the
	1076	* mapping.
[18230]	1077	* @param fPageFlags Page flags to set. Must be (X86_PTE_RW \| X86_PTE_P)
	1078	* for the time being.
[13387]	1079	*/
[82094]	1080	VMMDECL(int) IOMMmioMapMmio2Page(PVMCC pVM, PPDMDEVINS pDevIns, IOMMMIOHANDLE hRegion, RTGCPHYS offRegion,
	1081	uint64_t hMmio2, RTGCPHYS offMmio2, uint64_t fPageFlags)
[13387]	1082	{
[20722]	1083	/* Currently only called from the VGA device during MMIO. */
[81333]	1084	Log(("IOMMmioMapMmio2Page %#RX64/%RGp -> %#RX64/%RGp flags=%RX64\n", hRegion, offRegion, hMmio2, offMmio2, fPageFlags));
[18230]	1085	AssertReturn(fPageFlags == (X86_PTE_RW \| X86_PTE_P), VERR_INVALID_PARAMETER);
[81333]	1086	AssertReturn(pDevIns, VERR_INVALID_POINTER);
	1087
[99051]	1088	#if defined(VBOX_VMM_TARGET_ARMV8)
	1089	/** @todo NEM: MMIO page aliasing. */
[100108]	1090	RT_NOREF(pVM, hRegion, offRegion, hMmio2, offMmio2);
[99051]	1091	return VINF_SUCCESS; /* ignore / /* @todo return some indicator if we fail here */
	1092	#else
[81333]	1093	/** @todo Why is this restricted to protected mode??? Try it in all modes! */
[80281]	1094	PVMCPUCC pVCpu = VMMGetCpu(pVM);
[18927]	1095
[16567]	1096	/* This currently only works in real mode, protected mode without paging or with nested paging. */
[70948]	1097	/** @todo NEM: MMIO page aliasing. */
[43387]	1098	if ( !HMIsEnabled(pVM) /* useless without VT-x/AMD-V */
[18927]	1099	\|\| ( CPUMIsGuestInPagedProtectedMode(pVCpu)
[43387]	1100	&& !HMIsNestedPagingActive(pVM)))
[81333]	1101	return VINF_SUCCESS; /* ignore / /* @todo return some indicator if we fail here */
[16567]	1102
[81333]	1103	/*
	1104	* Translate the handle into an entry and check the region offset.
	1105	*/
	1106	AssertReturn(hRegion < RT_MIN(pVM->iom.s.cMmioRegs, pVM->iom.s.cMmioAlloc), VERR_IOM_INVALID_MMIO_HANDLE);
[99051]	1107	# ifdef IN_RING0
[81333]	1108	AssertReturn(hRegion < pVM->iomr0.s.cMmioAlloc, VERR_IOM_INVALID_MMIO_HANDLE);
	1109	PIOMMMIOENTRYR3 const pRegEntry = &pVM->iomr0.s.paMmioRing3Regs[hRegion];
	1110	AssertReturn(pRegEntry->cbRegion > 0, VERR_IOM_INVALID_MMIO_HANDLE);
	1111	AssertReturn(offRegion < pVM->iomr0.s.paMmioRegs[hRegion].cbRegion, VERR_OUT_OF_RANGE);
	1112	AssertReturn( pVM->iomr0.s.paMmioRegs[hRegion].pDevIns == pDevIns
	1113	\|\| ( pVM->iomr0.s.paMmioRegs[hRegion].pDevIns == NULL
	1114	&& pRegEntry->pDevIns == pDevIns->pDevInsForR3), VERR_ACCESS_DENIED);
[99051]	1115	# else
[81333]	1116	PIOMMMIOENTRYR3 const pRegEntry = &pVM->iom.s.paMmioRegs[hRegion];
	1117	AssertReturn(pRegEntry->cbRegion > 0, VERR_IOM_INVALID_MMIO_HANDLE);
	1118	AssertReturn(pRegEntry->pDevIns == pDevIns, VERR_ACCESS_DENIED);
[99051]	1119	# endif
[81333]	1120	AssertReturn(offRegion < pRegEntry->cbRegion, VERR_OUT_OF_RANGE);
[93554]	1121	Assert((pRegEntry->cbRegion & GUEST_PAGE_OFFSET_MASK) == 0);
[37452]	1122
[13387]	1123	/*
[81333]	1124	* When getting and using the mapping address, we must sit on the IOM lock
	1125	* to prevent remapping. Shared suffices as we change nothing.
[13387]	1126	*/
[81947]	1127	int rc = IOM_LOCK_SHARED(pVM);
	1128	if (rc == VINF_SUCCESS)
	1129	{
	1130	RTGCPHYS const GCPhys = pRegEntry->fMapped ? pRegEntry->GCPhysMapping : NIL_RTGCPHYS;
	1131	if (GCPhys != NIL_RTGCPHYS)
	1132	{
[93554]	1133	Assert(!(GCPhys & GUEST_PAGE_OFFSET_MASK));
[20722]	1134
[81947]	1135	/*
	1136	* Do the aliasing; page align the addresses since PGM is picky.
	1137	*/
[93554]	1138	rc = PGMHandlerPhysicalPageAliasMmio2(pVM, GCPhys, GCPhys + (offRegion & ~(RTGCPHYS)GUEST_PAGE_OFFSET_MASK),
[82094]	1139	pDevIns, hMmio2, offMmio2);
[81947]	1140	}
	1141	else
	1142	AssertFailedStmt(rc = VERR_IOM_MMIO_REGION_NOT_MAPPED);
[13387]	1143
[81947]	1144	IOM_UNLOCK_SHARED(pVM);
	1145	}
[37452]	1146
[81333]	1147	/** @todo either ditch this or replace it with something that works in the
	1148	* nested case, since we really only care about nested paging! */
[99051]	1149	# if 0
[18230]	1150	/*
	1151	* Modify the shadow page table. Since it's an MMIO page it won't be present and we
	1152	* can simply prefetch it.
	1153	*
	1154	* Note: This is a NOP in the EPT case; we'll just let it fault again to resync the page.
	1155	*/
[99051]	1156	# if 0 /* The assertion is wrong for the PGM_SYNC_CLEAR_PGM_POOL and VINF_PGM_HANDLER_ALREADY_ALIASED cases. */
	1157	# ifdef VBOX_STRICT
[13403]	1158	uint64_t fFlags;
	1159	RTHCPHYS HCPhys;
[18992]	1160	rc = PGMShwGetPage(pVCpu, (RTGCPTR)GCPhys, &fFlags, &HCPhys);
[15722]	1161	Assert(rc == VERR_PAGE_NOT_PRESENT \|\| rc == VERR_PAGE_TABLE_NOT_PRESENT);
[99051]	1162	# endif
[47719]	1163	# endif
[18992]	1164	rc = PGMPrefetchPage(pVCpu, (RTGCPTR)GCPhys);
[15722]	1165	Assert(rc == VINF_SUCCESS \|\| rc == VERR_PAGE_NOT_PRESENT \|\| rc == VERR_PAGE_TABLE_NOT_PRESENT);
[99051]	1166	# endif
	1167	return rc;
[81333]	1168	#endif
[13387]	1169	}
	1170
[37423]	1171
[81333]	1172	#ifdef IN_RING0 /* VT-x ring-0 only, move to IOMR0Mmio.cpp later. */
[19992]	1173	/**
	1174	* Mapping a HC page in place of an MMIO page for direct access.
	1175	*
[81333]	1176	* This is a special optimization used by the APIC in the VT-x case. This VT-x
	1177	* code uses PGMHandlerPhysicalReset rather than IOMMmioResetRegion() to undo
	1178	* the effects here.
[19992]	1179	*
[81333]	1180	* @todo Make VT-x usage more consistent.
	1181	*
[19992]	1182	* @returns VBox status code.
	1183	*
[58122]	1184	* @param pVM The cross context VM structure.
[58123]	1185	* @param pVCpu The cross context virtual CPU structure.
[19992]	1186	* @param GCPhys The address of the MMIO page to be changed.
	1187	* @param HCPhys The address of the host physical page.
	1188	* @param fPageFlags Page flags to set. Must be (X86_PTE_RW \| X86_PTE_P)
	1189	* for the time being.
	1190	*/
[82026]	1191	VMMR0_INT_DECL(int) IOMR0MmioMapMmioHCPage(PVMCC pVM, PVMCPUCC pVCpu, RTGCPHYS GCPhys, RTHCPHYS HCPhys, uint64_t fPageFlags)
[19992]	1192	{
[20722]	1193	/* Currently only called from VT-x code during a page fault. */
[81333]	1194	Log(("IOMR0MmioMapMmioHCPage %RGp -> %RGp flags=%RX64\n", GCPhys, HCPhys, fPageFlags));
[13413]	1195
[19992]	1196	AssertReturn(fPageFlags == (X86_PTE_RW \| X86_PTE_P), VERR_INVALID_PARAMETER);
[81333]	1197	/** @todo NEM: MMIO page aliasing?? */
[43387]	1198	Assert(HMIsEnabled(pVM));
[19992]	1199
[81333]	1200	# ifdef VBOX_STRICT
[19992]	1201	/*
[81333]	1202	* Check input address (it's HM calling, not the device, so no region handle).
[19992]	1203	*/
[81947]	1204	int rcSem = IOM_LOCK_SHARED(pVM);
	1205	if (rcSem == VINF_SUCCESS)
	1206	{
	1207	RTGCPHYS offIgn;
	1208	uint16_t idxIgn = UINT16_MAX;
	1209	PIOMMMIOENTRYR0 pRegEntry = iomMmioGetEntry(pVM, GCPhys, &offIgn, &idxIgn);
	1210	IOM_UNLOCK_SHARED(pVM);
	1211	Assert(pRegEntry);
[93554]	1212	Assert(pRegEntry && !(pRegEntry->cbRegion & GUEST_PAGE_OFFSET_MASK));
[81947]	1213	}
[72493]	1214	# endif
[19992]	1215
	1216	/*
	1217	* Do the aliasing; page align the addresses since PGM is picky.
	1218	*/
[93554]	1219	GCPhys &= ~(RTGCPHYS)GUEST_PAGE_OFFSET_MASK;
	1220	HCPhys &= ~(RTHCPHYS)GUEST_PAGE_OFFSET_MASK;
[19992]	1221
[20722]	1222	int rc = PGMHandlerPhysicalPageAliasHC(pVM, GCPhys, GCPhys, HCPhys);
[19992]	1223	AssertRCReturn(rc, rc);
	1224
[81333]	1225	/** @todo either ditch this or replace it with something that works in the
	1226	* nested case, since we really only care about nested paging! */
	1227
[19992]	1228	/*
	1229	* Modify the shadow page table. Since it's an MMIO page it won't be present and we
	1230	* can simply prefetch it.
	1231	*
	1232	* Note: This is a NOP in the EPT case; we'll just let it fault again to resync the page.
	1233	*/
	1234	rc = PGMPrefetchPage(pVCpu, (RTGCPTR)GCPhys);
	1235	Assert(rc == VINF_SUCCESS \|\| rc == VERR_PAGE_NOT_PRESENT \|\| rc == VERR_PAGE_TABLE_NOT_PRESENT);
	1236	return VINF_SUCCESS;
	1237	}
[81333]	1238	#endif
[19992]	1239
[37423]	1240
[13387]	1241	/**
	1242	* Reset a previously modified MMIO region; restore the access flags.
	1243	*
[81333]	1244	* This undoes the effects of IOMMmioMapMmio2Page() and is currently only
	1245	* intended for some ancient VGA hack. However, it would be great to extend it
	1246	* beyond VT-x and/or nested-paging.
	1247	*
[13413]	1248	* @returns VBox status code.
[13387]	1249	*
[58122]	1250	* @param pVM The cross context VM structure.
[81333]	1251	* @param pDevIns The device instance @a hRegion is associated with.
	1252	* @param hRegion The handle to the MMIO region.
[13387]	1253	*/
[82094]	1254	VMMDECL(int) IOMMmioResetRegion(PVMCC pVM, PPDMDEVINS pDevIns, IOMMMIOHANDLE hRegion)
[13387]	1255	{
[81333]	1256	Log(("IOMMMIOResetRegion %#RX64\n", hRegion));
	1257	AssertReturn(pDevIns, VERR_INVALID_POINTER);
[13392]	1258
[99051]	1259	#if defined(VBOX_VMM_TARGET_ARMV8)
	1260	/** @todo NEM: MMIO page aliasing. */
[100108]	1261	RT_NOREF(pVM, hRegion);
[99051]	1262	return VINF_SUCCESS; /* ignore / /* @todo return some indicator if we fail here */
	1263	#else
[81333]	1264	/** @todo Get rid of this this real/protected or nested paging restriction,
	1265	* it probably shouldn't be here and would be nasty when the CPU
	1266	* changes mode while we have the hack enabled... */
[80281]	1267	PVMCPUCC pVCpu = VMMGetCpu(pVM);
[18927]	1268
[16567]	1269	/* This currently only works in real mode, protected mode without paging or with nested paging. */
[70948]	1270	/** @todo NEM: MMIO page aliasing. */
[81333]	1271	if ( !HMIsEnabled(pVM) /* useless without VT-x/AMD-V */
	1272	\|\| ( CPUMIsGuestInPagedProtectedMode(pVCpu)
	1273	&& !HMIsNestedPagingActive(pVM)))
[16567]	1274	return VINF_SUCCESS; /* ignore */
	1275
[13387]	1276	/*
[81333]	1277	* Translate the handle into an entry and mapping address for PGM.
	1278	* We have to take the lock to safely access the mapping address here.
[13387]	1279	*/
[81333]	1280	AssertReturn(hRegion < RT_MIN(pVM->iom.s.cMmioRegs, pVM->iom.s.cMmioAlloc), VERR_IOM_INVALID_MMIO_HANDLE);
[99051]	1281	# ifdef IN_RING0
[81333]	1282	AssertReturn(hRegion < pVM->iomr0.s.cMmioAlloc, VERR_IOM_INVALID_MMIO_HANDLE);
	1283	PIOMMMIOENTRYR3 const pRegEntry = &pVM->iomr0.s.paMmioRing3Regs[hRegion];
	1284	AssertReturn(pRegEntry->cbRegion > 0, VERR_IOM_INVALID_MMIO_HANDLE);
	1285	AssertReturn( pVM->iomr0.s.paMmioRegs[hRegion].pDevIns == pDevIns
	1286	\|\| ( pVM->iomr0.s.paMmioRegs[hRegion].pDevIns == NULL
	1287	&& pRegEntry->pDevIns == pDevIns->pDevInsForR3), VERR_ACCESS_DENIED);
[99051]	1288	# else
[81333]	1289	PIOMMMIOENTRYR3 const pRegEntry = &pVM->iom.s.paMmioRegs[hRegion];
	1290	AssertReturn(pRegEntry->cbRegion > 0, VERR_IOM_INVALID_MMIO_HANDLE);
	1291	AssertReturn(pRegEntry->pDevIns == pDevIns, VERR_ACCESS_DENIED);
[99051]	1292	# endif
[93554]	1293	Assert((pRegEntry->cbRegion & GUEST_PAGE_OFFSET_MASK) == 0);
[13387]	1294
[81947]	1295	int rcSem = IOM_LOCK_SHARED(pVM);
[81333]	1296	RTGCPHYS GCPhys = pRegEntry->fMapped ? pRegEntry->GCPhysMapping : NIL_RTGCPHYS;
[81947]	1297	if (rcSem == VINF_SUCCESS)
	1298	IOM_UNLOCK_SHARED(pVM);
[81333]	1299
[93554]	1300	Assert(!(GCPhys & GUEST_PAGE_OFFSET_MASK));
	1301	Assert(!(pRegEntry->cbRegion & GUEST_PAGE_OFFSET_MASK));
[81333]	1302
[18230]	1303	/*
	1304	* Call PGM to do the job work.
	1305	*
[81333]	1306	* After the call, all the pages should be non-present, unless there is
[18230]	1307	* a page pool flush pending (unlikely).
	1308	*/
[20722]	1309	int rc = PGMHandlerPhysicalReset(pVM, GCPhys);
[16465]	1310	AssertRC(rc);
	1311
[56080]	1312	# ifdef VBOX_STRICT
[46420]	1313	if (!VMCPU_FF_IS_SET(pVCpu, VMCPU_FF_PGM_SYNC_CR3))
[13387]	1314	{
[81333]	1315	RTGCPHYS cb = pRegEntry->cbRegion;
[18230]	1316	while (cb)
	1317	{
	1318	uint64_t fFlags;
	1319	RTHCPHYS HCPhys;
[18988]	1320	rc = PGMShwGetPage(pVCpu, (RTGCPTR)GCPhys, &fFlags, &HCPhys);
[18230]	1321	Assert(rc == VERR_PAGE_NOT_PRESENT \|\| rc == VERR_PAGE_TABLE_NOT_PRESENT);
[93554]	1322	cb -= RT_MIN(GUEST_PAGE_SIZE, HOST_PAGE_SIZE);
	1323	GCPhys += RT_MIN(GUEST_PAGE_SIZE, HOST_PAGE_SIZE);
[18230]	1324	}
[13387]	1325	}
[56080]	1326	# endif
[18230]	1327	return rc;
[99051]	1328	#endif
[13387]	1329	}
[37423]	1330

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: vbox/trunk/src/VBox/VMM/VMMAll/IOMAllMmioNew.cpp

Download in other formats: