Changeset 31402 in vbox

Timestamp:

Aug 5, 2010 12:28:18 PM (14 years ago)

Author:

vboxsync

Message:

PGM: Replaced the hazzardous raw-mode context dynamic mapping code with the PGMR0DynMap code used by darwin/x86. This is a risky change but it should pay off once stable by providing 100% certainty that dynamically mapped pages aren't resued behind our back (this has been observed in seemingly benign code paths recently).

Location:

trunk

Files:

• include/VBox/pgm.h (modified) (3 diffs)
• src/VBox/VMM/Makefile.kmk (modified) (2 diffs)
• src/VBox/VMM/PATM/VMMGC/PATMGC.cpp (modified) (1 diff)
• src/VBox/VMM/PGM.cpp (modified) (6 diffs)
• src/VBox/VMM/PGMInline.h (modified) (23 diffs)
• src/VBox/VMM/PGMInternal.h (modified) (16 diffs)
• src/VBox/VMM/VMMAll/MMAllPagePool.cpp (modified) (1 diff)
• src/VBox/VMM/VMMAll/PGMAll.cpp (modified) (7 diffs)
• src/VBox/VMM/VMMAll/PGMAllBth.h (modified) (19 diffs)
• src/VBox/VMM/VMMAll/PGMAllMap.cpp (modified) (7 diffs)
• src/VBox/VMM/VMMAll/PGMAllPhys.cpp (modified) (7 diffs)
• src/VBox/VMM/VMMAll/PGMAllPool.cpp (modified) (27 diffs)
• src/VBox/VMM/VMMAll/TRPMAll.cpp (modified) (1 diff)
• src/VBox/VMM/VMMGC/PGMGC.cpp (modified) (1 diff)
• src/VBox/VMM/VMMGC/TRPMGCHandlers.cpp (modified) (21 diffs)
• src/VBox/VMM/VMMGC/TRPMGCHandlersA.asm (modified) (5 diffs)
• src/VBox/VMM/VMMGC/VMMGC.cpp (modified) (2 diffs)
• src/VBox/VMM/VMMR0/HWACCMR0.cpp (modified) (4 diffs)
• src/VBox/VMM/VMMR0/HWVMXR0.cpp (modified) (1 diff)
• src/VBox/VMM/VMMRZ/PGMRZDynMap.cpp (moved) (moved from trunk/src/VBox/VMM/VMMR0/PGMR0DynMap.cpp ) (90 diffs)
• src/VBox/VMM/testcase/tstVMStructRC.cpp (modified) (4 diffs)
• src/VBox/VMM/testcase/tstVMStructSize.cpp (modified) (1 diff)

trunk/include/VBox/pgm.h

@@ -386 +386 @@
 
 #if defined(IN_RC) || defined(VBOX_WITH_2X_4GB_ADDR_SPACE)
-VMMDECL(int)        PGMDynMapGCPage(PVM pVM, RTGCPHYS GCPhys, void **ppv);
-VMMDECL(int)        PGMDynMapGCPageOff(PVM pVM, RTGCPHYS GCPhys, void **ppv);
-# ifdef IN_RC
-VMMDECL(int)        PGMDynMapHCPage(PVM pVM, RTHCPHYS HCPhys, void **ppv);
-VMMDECL(void)       PGMDynLockHCPage(PVM pVM, RCPTRTYPE(uint8_t *) GCPage);
-VMMDECL(void)       PGMDynUnlockHCPage(PVM pVM, RCPTRTYPE(uint8_t *) GCPage);
-#  ifdef VBOX_STRICT
-VMMDECL(void)       PGMDynCheckLocks(PVM pVM);
-#  endif
-# endif
-VMMDECL(void)       PGMDynMapStartAutoSet(PVMCPU pVCpu);
-VMMDECL(bool)       PGMDynMapStartOrMigrateAutoSet(PVMCPU pVCpu);
-VMMDECL(void)       PGMDynMapReleaseAutoSet(PVMCPU pVCpu);
-VMMDECL(void)       PGMDynMapFlushAutoSet(PVMCPU pVCpu);
-VMMDECL(void)       PGMDynMapMigrateAutoSet(PVMCPU pVCpu);
-VMMDECL(uint32_t)   PGMDynMapPushAutoSubset(PVMCPU pVCpu);
-VMMDECL(void)       PGMDynMapPopAutoSubset(PVMCPU pVCpu, uint32_t iPrevSubset);
+VMMDECL(void)       PGMRZDynMapStartAutoSet(PVMCPU pVCpu);
+VMMDECL(void)       PGMRZDynMapReleaseAutoSet(PVMCPU pVCpu);
+VMMDECL(void)       PGMRZDynMapFlushAutoSet(PVMCPU pVCpu);
+VMMDECL(uint32_t)   PGMRZDynMapPushAutoSubset(PVMCPU pVCpu);
+VMMDECL(void)       PGMRZDynMapPopAutoSubset(PVMCPU pVCpu, uint32_t iPrevSubset);
 #endif
-
 
 VMMDECL(void) PGMSetLargePageUsage(PVM pVM, bool fUseLargePages);
@@ -422 +409 @@
  * @{
  */
+VMMRCDECL(int)      PGMRCDynMapInit(PVM pVM);
 /** @} */
 #endif /* IN_RC */
@@ -441 +429 @@
 VMMR0DECL(void)     PGMR0DynMapTermVM(PVM pVM);
 VMMR0DECL(int)      PGMR0DynMapAssertIntegrity(void);
+VMMR0DECL(bool)     PGMR0DynMapStartOrMigrateAutoSet(PVMCPU pVCpu);
+VMMR0DECL(void)     PGMR0DynMapMigrateAutoSet(PVMCPU pVCpu);
 # endif
 /** @} */

trunk/src/VBox/VMM/Makefile.kmk

@@ -362 +362 @@
         VMMGC/HWACCMGCA.asm \
         VMMRZ/DBGFRZ.cpp \
+        VMMRZ/PGMRZDynMap.cpp \
         VMMRZ/VMMRZ.cpp \
         VMMAll/CPUMAllRegs.cpp \
@@ -494 +495 @@
         VMMR0/VMMR0JmpA-x86.asm
 VMMR0_SOURCES.darwin.x86 = \
-        VMMR0/PGMR0DynMap.cpp
+        VMMRZ/PGMRZDynMap.cpp
 
 # disable annoying warnings about array subscript above array bounds in aPages[]

trunk/src/VBox/VMM/PATM/VMMGC/PATMGC.cpp

@@ -292 +292 @@
                     /* We are no longer executing PATM code; set PIF again. */
                     pVM->patm.s.CTXSUFF(pGCState)->fPIF = 1;
+                    PGMRZDynMapReleaseAutoSet(VMMGetCpu0(pVM));
                     CPUMGCCallV86Code(pRegFrame);
                     /* does not return */

trunk/src/VBox/VMM/PGM.cpp

@@ -481 +481 @@
  * In order to be able to map in and out memory and to be able to support
  * guest with more RAM than we've got virtual address space, we'll employing
- * a mapping cache. There is already a tiny one for GC (see PGMGCDynMapGCPageEx)
- * and we'll create a similar one for ring-0 unless we decide to setup a dedicate
- * memory context for the HWACCM execution.
+ * a mapping cache.  Normally ring-0 and ring-3 can share the same cache,
+ * however on 32-bit darwin the ring-0 code is running in a different memory
+ * context and therefore needs a separate cache.  In raw-mode context we also
+ * need a separate cache.  The 32-bit darwin mapping cache and the one for
+ * raw-mode context share a lot of code, see PGMRZDYNMAP.
  *
  *
@@ -1720 +1722 @@
 
     /* GC only: */
-    PGM_REG_COUNTER(&pStats->StatRCDynMapCacheHits,             "/PGM/RC/DynMapCache/Hits" ,          "Number of dynamic page mapping cache hits.");
-    PGM_REG_COUNTER(&pStats->StatRCDynMapCacheMisses,           "/PGM/RC/DynMapCache/Misses" ,        "Number of dynamic page mapping cache misses.");
     PGM_REG_COUNTER(&pStats->StatRCInvlPgConflict,              "/PGM/RC/InvlPgConflict",             "Number of times PGMInvalidatePage() detected a mapping conflict.");
     PGM_REG_COUNTER(&pStats->StatRCInvlPgSyncMonCR3,            "/PGM/RC/InvlPgSyncMonitorCR3",       "Number of times PGMInvalidatePage() ran into PGM_SYNC_MONITOR_CR3.");
@@ -1778 +1778 @@
 # endif
         /* R0 only: */
-        PGM_REG_COUNTER(&pCpuStats->StatR0DynMapMigrateInvlPg,         "/PGM/CPU%u/R0/DynMapMigrateInvlPg",        "invlpg count in PGMDynMapMigrateAutoSet.");
-        PGM_REG_PROFILE(&pCpuStats->StatR0DynMapGCPageInl,             "/PGM/CPU%u/R0/DynMapPageGCPageInl",        "Calls to pgmR0DynMapGCPageInlined.");
-        PGM_REG_COUNTER(&pCpuStats->StatR0DynMapGCPageInlHits,         "/PGM/CPU%u/R0/DynMapPageGCPageInl/Hits",   "Hash table lookup hits.");
-        PGM_REG_COUNTER(&pCpuStats->StatR0DynMapGCPageInlMisses,       "/PGM/CPU%u/R0/DynMapPageGCPageInl/Misses", "Misses that falls back to code common with PGMDynMapHCPage.");
-        PGM_REG_COUNTER(&pCpuStats->StatR0DynMapGCPageInlRamHits,      "/PGM/CPU%u/R0/DynMapPageGCPageInl/RamHits",   "1st ram range hits.");
-        PGM_REG_COUNTER(&pCpuStats->StatR0DynMapGCPageInlRamMisses,    "/PGM/CPU%u/R0/DynMapPageGCPageInl/RamMisses", "1st ram range misses, takes slow path.");
-        PGM_REG_PROFILE(&pCpuStats->StatR0DynMapHCPageInl,             "/PGM/CPU%u/R0/DynMapPageHCPageInl",        "Calls to pgmR0DynMapHCPageInlined.");
-        PGM_REG_COUNTER(&pCpuStats->StatR0DynMapHCPageInlHits,         "/PGM/CPU%u/R0/DynMapPageHCPageInl/Hits",   "Hash table lookup hits.");
-        PGM_REG_COUNTER(&pCpuStats->StatR0DynMapHCPageInlMisses,       "/PGM/CPU%u/R0/DynMapPageHCPageInl/Misses", "Misses that falls back to code common with PGMDynMapHCPage.");
-        PGM_REG_COUNTER(&pCpuStats->StatR0DynMapPage,                  "/PGM/CPU%u/R0/DynMapPage",                 "Calls to pgmR0DynMapPage");
-        PGM_REG_COUNTER(&pCpuStats->StatR0DynMapSetOptimize,           "/PGM/CPU%u/R0/DynMapPage/SetOptimize",     "Calls to pgmDynMapOptimizeAutoSet.");
-        PGM_REG_COUNTER(&pCpuStats->StatR0DynMapSetSearchFlushes,      "/PGM/CPU%u/R0/DynMapPage/SetSearchFlushes","Set search restorting to subset flushes.");
-        PGM_REG_COUNTER(&pCpuStats->StatR0DynMapSetSearchHits,         "/PGM/CPU%u/R0/DynMapPage/SetSearchHits",   "Set search hits.");
-        PGM_REG_COUNTER(&pCpuStats->StatR0DynMapSetSearchMisses,       "/PGM/CPU%u/R0/DynMapPage/SetSearchMisses", "Set search misses.");
-        PGM_REG_PROFILE(&pCpuStats->StatR0DynMapHCPage,                "/PGM/CPU%u/R0/DynMapPage/HCPage",          "Calls to PGMDynMapHCPage (ring-0).");
-        PGM_REG_COUNTER(&pCpuStats->StatR0DynMapPageHits0,             "/PGM/CPU%u/R0/DynMapPage/Hits0",           "Hits at iPage+0");
-        PGM_REG_COUNTER(&pCpuStats->StatR0DynMapPageHits1,             "/PGM/CPU%u/R0/DynMapPage/Hits1",           "Hits at iPage+1");
-        PGM_REG_COUNTER(&pCpuStats->StatR0DynMapPageHits2,             "/PGM/CPU%u/R0/DynMapPage/Hits2",           "Hits at iPage+2");
-        PGM_REG_COUNTER(&pCpuStats->StatR0DynMapPageInvlPg,            "/PGM/CPU%u/R0/DynMapPage/InvlPg",          "invlpg count in pgmR0DynMapPageSlow.");
-        PGM_REG_COUNTER(&pCpuStats->StatR0DynMapPageSlow,              "/PGM/CPU%u/R0/DynMapPage/Slow",            "Calls to pgmR0DynMapPageSlow - subtract this from pgmR0DynMapPage to get 1st level hits.");
-        PGM_REG_COUNTER(&pCpuStats->StatR0DynMapPageSlowLoopHits,      "/PGM/CPU%u/R0/DynMapPage/SlowLoopHits" ,   "Hits in the loop path.");
-        PGM_REG_COUNTER(&pCpuStats->StatR0DynMapPageSlowLoopMisses,    "/PGM/CPU%u/R0/DynMapPage/SlowLoopMisses",  "Misses in the loop path. NonLoopMisses = Slow - SlowLoopHit - SlowLoopMisses");
-        //PGM_REG_COUNTER(&pCpuStats->StatR0DynMapPageSlowLostHits,      "/PGM/CPU%u/R0/DynMapPage/SlowLostHits",    "Lost hits.");
-        PGM_REG_COUNTER(&pCpuStats->StatR0DynMapSubsets,               "/PGM/CPU%u/R0/Subsets",                    "Times PGMDynMapPushAutoSubset was called.");
-        PGM_REG_COUNTER(&pCpuStats->StatR0DynMapPopFlushes,            "/PGM/CPU%u/R0/SubsetPopFlushes",           "Times PGMDynMapPopAutoSubset flushes the subset.");
-        PGM_REG_COUNTER(&pCpuStats->aStatR0DynMapSetSize[0],           "/PGM/CPU%u/R0/SetSize000..09",              "00-09% filled");
-        PGM_REG_COUNTER(&pCpuStats->aStatR0DynMapSetSize[1],           "/PGM/CPU%u/R0/SetSize010..19",              "10-19% filled");
-        PGM_REG_COUNTER(&pCpuStats->aStatR0DynMapSetSize[2],           "/PGM/CPU%u/R0/SetSize020..29",              "20-29% filled");
-        PGM_REG_COUNTER(&pCpuStats->aStatR0DynMapSetSize[3],           "/PGM/CPU%u/R0/SetSize030..39",              "30-39% filled");
-        PGM_REG_COUNTER(&pCpuStats->aStatR0DynMapSetSize[4],           "/PGM/CPU%u/R0/SetSize040..49",              "40-49% filled");
-        PGM_REG_COUNTER(&pCpuStats->aStatR0DynMapSetSize[5],           "/PGM/CPU%u/R0/SetSize050..59",              "50-59% filled");
-        PGM_REG_COUNTER(&pCpuStats->aStatR0DynMapSetSize[6],           "/PGM/CPU%u/R0/SetSize060..69",              "60-69% filled");
-        PGM_REG_COUNTER(&pCpuStats->aStatR0DynMapSetSize[7],           "/PGM/CPU%u/R0/SetSize070..79",              "70-79% filled");
-        PGM_REG_COUNTER(&pCpuStats->aStatR0DynMapSetSize[8],           "/PGM/CPU%u/R0/SetSize080..89",              "80-89% filled");
-        PGM_REG_COUNTER(&pCpuStats->aStatR0DynMapSetSize[9],           "/PGM/CPU%u/R0/SetSize090..99",              "90-99% filled");
-        PGM_REG_COUNTER(&pCpuStats->aStatR0DynMapSetSize[10],          "/PGM/CPU%u/R0/SetSize100",                 "100% filled");
 
         /* RZ only: */
@@ -1869 +1833 @@
         PGM_REG_COUNTER(&pCpuStats->StatRZGuestROMWriteUnhandled,      "/PGM/CPU%u/RZ/ROMWriteUnhandled",              "The number of times the Guest ROM change was passed back to the recompiler.");
 
+        PGM_REG_COUNTER(&pCpuStats->StatRZDynMapMigrateInvlPg,         "/PGM/CPU%u/RZ/DynMap/MigrateInvlPg",            "invlpg count in PGMR0DynMapMigrateAutoSet.");
+        PGM_REG_PROFILE(&pCpuStats->StatRZDynMapGCPageInl,             "/PGM/CPU%u/RZ/DynMap/PageGCPageInl",            "Calls to pgmR0DynMapGCPageInlined.");
+        PGM_REG_COUNTER(&pCpuStats->StatRZDynMapGCPageInlHits,         "/PGM/CPU%u/RZ/DynMap/PageGCPageInl/Hits",       "Hash table lookup hits.");
+        PGM_REG_COUNTER(&pCpuStats->StatRZDynMapGCPageInlMisses,       "/PGM/CPU%u/RZ/DynMap/PageGCPageInl/Misses",     "Misses that falls back to the code common.");
+        PGM_REG_COUNTER(&pCpuStats->StatRZDynMapGCPageInlRamHits,      "/PGM/CPU%u/RZ/DynMap/PageGCPageInl/RamHits",    "1st ram range hits.");
+        PGM_REG_COUNTER(&pCpuStats->StatRZDynMapGCPageInlRamMisses,    "/PGM/CPU%u/RZ/DynMap/PageGCPageInl/RamMisses",  "1st ram range misses, takes slow path.");
+        PGM_REG_PROFILE(&pCpuStats->StatRZDynMapHCPageInl,             "/PGM/CPU%u/RZ/DynMap/PageHCPageInl",            "Calls to pgmRZDynMapHCPageInlined.");
+        PGM_REG_COUNTER(&pCpuStats->StatRZDynMapHCPageInlHits,         "/PGM/CPU%u/RZ/DynMap/PageHCPageInl/Hits",       "Hash table lookup hits.");
+        PGM_REG_COUNTER(&pCpuStats->StatRZDynMapHCPageInlMisses,       "/PGM/CPU%u/RZ/DynMap/PageHCPageInl/Misses",     "Misses that falls back to the code common.");
+        PGM_REG_COUNTER(&pCpuStats->StatRZDynMapPage,                  "/PGM/CPU%u/RZ/DynMap/Page",                     "Calls to pgmR0DynMapPage");
+        PGM_REG_COUNTER(&pCpuStats->StatRZDynMapSetOptimize,           "/PGM/CPU%u/RZ/DynMap/Page/SetOptimize",         "Calls to pgmRZDynMapOptimizeAutoSet.");
+        PGM_REG_COUNTER(&pCpuStats->StatRZDynMapSetSearchFlushes,      "/PGM/CPU%u/RZ/DynMap/Page/SetSearchFlushes",    "Set search restorting to subset flushes.");
+        PGM_REG_COUNTER(&pCpuStats->StatRZDynMapSetSearchHits,         "/PGM/CPU%u/RZ/DynMap/Page/SetSearchHits",       "Set search hits.");
+        PGM_REG_COUNTER(&pCpuStats->StatRZDynMapSetSearchMisses,       "/PGM/CPU%u/RZ/DynMap/Page/SetSearchMisses",     "Set search misses.");
+        PGM_REG_PROFILE(&pCpuStats->StatRZDynMapHCPage,                "/PGM/CPU%u/RZ/DynMap/Page/HCPage",              "Calls to pgmRZDynMapHCPageCommon (ring-0).");
+        PGM_REG_COUNTER(&pCpuStats->StatRZDynMapPageHits0,             "/PGM/CPU%u/RZ/DynMap/Page/Hits0",               "Hits at iPage+0");
+        PGM_REG_COUNTER(&pCpuStats->StatRZDynMapPageHits1,             "/PGM/CPU%u/RZ/DynMap/Page/Hits1",               "Hits at iPage+1");
+        PGM_REG_COUNTER(&pCpuStats->StatRZDynMapPageHits2,             "/PGM/CPU%u/RZ/DynMap/Page/Hits2",               "Hits at iPage+2");
+        PGM_REG_COUNTER(&pCpuStats->StatRZDynMapPageInvlPg,            "/PGM/CPU%u/RZ/DynMap/Page/InvlPg",              "invlpg count in pgmR0DynMapPageSlow.");
+        PGM_REG_COUNTER(&pCpuStats->StatRZDynMapPageSlow,              "/PGM/CPU%u/RZ/DynMap/Page/Slow",                "Calls to pgmR0DynMapPageSlow - subtract this from pgmR0DynMapPage to get 1st level hits.");
+        PGM_REG_COUNTER(&pCpuStats->StatRZDynMapPageSlowLoopHits,      "/PGM/CPU%u/RZ/DynMap/Page/SlowLoopHits" ,       "Hits in the loop path.");
+        PGM_REG_COUNTER(&pCpuStats->StatRZDynMapPageSlowLoopMisses,    "/PGM/CPU%u/RZ/DynMap/Page/SlowLoopMisses",      "Misses in the loop path. NonLoopMisses = Slow - SlowLoopHit - SlowLoopMisses");
+        //PGM_REG_COUNTER(&pCpuStats->StatRZDynMapPageSlowLostHits,      "/PGM/CPU%u/R0/DynMap/Page/SlowLostHits",        "Lost hits.");
+        PGM_REG_COUNTER(&pCpuStats->StatRZDynMapSubsets,               "/PGM/CPU%u/RZ/DynMap/Subsets",                  "Times PGMRZDynMapPushAutoSubset was called.");
+        PGM_REG_COUNTER(&pCpuStats->StatRZDynMapPopFlushes,            "/PGM/CPU%u/RZ/DynMap/SubsetPopFlushes",         "Times PGMRZDynMapPopAutoSubset flushes the subset.");
+        PGM_REG_COUNTER(&pCpuStats->aStatRZDynMapSetFilledPct[0],      "/PGM/CPU%u/RZ/DynMap/SetFilledPct000..09",      "00-09% filled (RC: min(set-size, dynmap-size))");
+        PGM_REG_COUNTER(&pCpuStats->aStatRZDynMapSetFilledPct[1],      "/PGM/CPU%u/RZ/DynMap/SetFilledPct010..19",      "10-19% filled (RC: min(set-size, dynmap-size))");
+        PGM_REG_COUNTER(&pCpuStats->aStatRZDynMapSetFilledPct[2],      "/PGM/CPU%u/RZ/DynMap/SetFilledPct020..29",      "20-29% filled (RC: min(set-size, dynmap-size))");
+        PGM_REG_COUNTER(&pCpuStats->aStatRZDynMapSetFilledPct[3],      "/PGM/CPU%u/RZ/DynMap/SetFilledPct030..39",      "30-39% filled (RC: min(set-size, dynmap-size))");
+        PGM_REG_COUNTER(&pCpuStats->aStatRZDynMapSetFilledPct[4],      "/PGM/CPU%u/RZ/DynMap/SetFilledPct040..49",      "40-49% filled (RC: min(set-size, dynmap-size))");
+        PGM_REG_COUNTER(&pCpuStats->aStatRZDynMapSetFilledPct[5],      "/PGM/CPU%u/RZ/DynMap/SetFilledPct050..59",      "50-59% filled (RC: min(set-size, dynmap-size))");
+        PGM_REG_COUNTER(&pCpuStats->aStatRZDynMapSetFilledPct[6],      "/PGM/CPU%u/RZ/DynMap/SetFilledPct060..69",      "60-69% filled (RC: min(set-size, dynmap-size))");
+        PGM_REG_COUNTER(&pCpuStats->aStatRZDynMapSetFilledPct[7],      "/PGM/CPU%u/RZ/DynMap/SetFilledPct070..79",      "70-79% filled (RC: min(set-size, dynmap-size))");
+        PGM_REG_COUNTER(&pCpuStats->aStatRZDynMapSetFilledPct[8],      "/PGM/CPU%u/RZ/DynMap/SetFilledPct080..89",      "80-89% filled (RC: min(set-size, dynmap-size))");
+        PGM_REG_COUNTER(&pCpuStats->aStatRZDynMapSetFilledPct[9],      "/PGM/CPU%u/RZ/DynMap/SetFilledPct090..99",      "90-99% filled (RC: min(set-size, dynmap-size))");
+        PGM_REG_COUNTER(&pCpuStats->aStatRZDynMapSetFilledPct[10],     "/PGM/CPU%u/RZ/DynMap/SetFilledPct100",          "100% filled (RC: min(set-size, dynmap-size))");
+
         /* HC only: */
 
@@ -2037 +2038 @@
     pVM->pgm.s.paDynPageMapPaePTEsGC   = pMapping->aPTs[iPT].paPaePTsRC + iPG * sizeof(pMapping->aPTs[0].paPaePTsR3->a[0]);
 
-    /* init cache */
+    /* init cache area */
     RTHCPHYS HCPhysDummy = MMR3PageDummyHCPhys(pVM);
-    for (unsigned i = 0; i < RT_ELEMENTS(pVM->pgm.s.aHCPhysDynPageMapCache); i++)
-        pVM->pgm.s.aHCPhysDynPageMapCache[i] = HCPhysDummy;
-
-    for (unsigned i = 0; i < MM_HYPER_DYNAMIC_SIZE; i += PAGE_SIZE)
-    {
-        rc = PGMMap(pVM, pVM->pgm.s.pbDynPageMapBaseGC + i, HCPhysDummy, PAGE_SIZE, 0);
+    for (uint32_t offDynMap = 0; offDynMap < MM_HYPER_DYNAMIC_SIZE; offDynMap += PAGE_SIZE)
+    {
+        rc = PGMMap(pVM, pVM->pgm.s.pbDynPageMapBaseGC + offDynMap, HCPhysDummy, PAGE_SIZE, 0);
         AssertRCReturn(rc, rc);
     }
@@ -2205 +2203 @@
      */
     pVM->pgm.s.paDynPageMap32BitPTEsGC += offDelta;
-    pVM->pgm.s.paDynPageMapPaePTEsGC += offDelta;
-    pVM->pgm.s.pbDynPageMapBaseGC += offDelta;
+    pVM->pgm.s.paDynPageMapPaePTEsGC   += offDelta;
+    pVM->pgm.s.pbDynPageMapBaseGC      += offDelta;
+
+    if (pVM->pgm.s.pRCDynMap)
+    {
+        pVM->pgm.s.pRCDynMap += offDelta;
+        PPGMRCDYNMAP pDynMap = (PPGMRCDYNMAP)MMHyperRCToCC(pVM, pVM->pgm.s.pRCDynMap);
+
+        pDynMap->paPages     += offDelta;
+        PPGMRCDYNMAPENTRY paPages = (PPGMRCDYNMAPENTRY)MMHyperRCToCC(pVM, pDynMap->paPages);
+
+        for (uint32_t iPage = 0; iPage < pDynMap->cPages; iPage++)
+        {
+            paPages[iPage].pvPage  += offDelta;
+            paPages[iPage].uPte.pv += offDelta;
+        }
+    }
 
     /*

trunk/src/VBox/VMM/PGMInline.h

@@ -286 +286 @@
 }
 
-#ifdef VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0
-
-/**
- * Inlined version of the ring-0 version of PGMDynMapHCPage that
- * optimizes access to pages already in the set.
+#if defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0) || defined(IN_RC)
+
+/**
+ * Inlined version of the ring-0 version of the host page mapping code
+ * that optimizes access to pages already in the set.
  *
  * @returns VINF_SUCCESS. Will bail out to ring-3 on failure.
@@ -297 +297 @@
  * @param   ppv         Where to store the mapping address.
  */
-DECLINLINE(int) pgmR0DynMapHCPageInlined(PVMCPU pVCpu, RTHCPHYS HCPhys, void **ppv)
+DECLINLINE(int) pgmRZDynMapHCPageInlined(PVMCPU pVCpu, RTHCPHYS HCPhys, void **ppv RTLOG_COMMA_SRC_POS_DECL)
 {
     PPGMMAPSET  pSet    = &pVCpu->pgm.s.AutoSet;
 
-    STAM_PROFILE_START(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatR0DynMapHCPageInl, a);
+    STAM_PROFILE_START(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapHCPageInl, a);
     Assert(!(HCPhys & PAGE_OFFSET_MASK));
     Assert(pSet->cEntries <= RT_ELEMENTS(pSet->aEntries));
@@ -308 +308 @@
     unsigned    iEntry  = pSet->aiHashTable[iHash];
     if (    iEntry < pSet->cEntries
-        &&  pSet->aEntries[iEntry].HCPhys == HCPhys)
-    {
+        &&  pSet->aEntries[iEntry].HCPhys == HCPhys
+        &&  pSet->aEntries[iEntry].cInlinedRefs < UINT16_MAX - 1)
+    {
+        pSet->aEntries[iEntry].cInlinedRefs++;
         *ppv = pSet->aEntries[iEntry].pvPage;
-        STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatR0DynMapHCPageInlHits);
+        STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapHCPageInlHits);
     }
     else
     {
-        STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatR0DynMapHCPageInlMisses);
-        pgmR0DynMapHCPageCommon(pSet, HCPhys, ppv);
-    }
-
-    STAM_PROFILE_STOP(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatR0DynMapHCPageInl, a);
+        STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapHCPageInlMisses);
+        pgmRZDynMapHCPageCommon(pSet, HCPhys, ppv RTLOG_COMMA_SRC_POS_ARGS);
+    }
+
+    STAM_PROFILE_STOP(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapHCPageInl, a);
     return VINF_SUCCESS;
 }
@@ -325 +327 @@
 
 /**
- * Inlined version of the ring-0 version of PGMDynMapGCPage that optimizes
- * access to pages already in the set.
- *
- * @returns See PGMDynMapGCPage.
+ * Inlined version of the guest page mapping code that optimizes access to pages
+ * already in the set.
+ *
+ * @returns VBox status code, see pgmRZDynMapGCPageCommon for details.
  * @param   pVM         The VM handle.
  * @param   pVCpu       The current CPU.
@@ -334 +336 @@
  * @param   ppv         Where to store the mapping address.
  */
-DECLINLINE(int) pgmR0DynMapGCPageV2Inlined(PVM pVM, PVMCPU pVCpu, RTGCPHYS GCPhys, void **ppv)
-{
-    STAM_PROFILE_START(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatR0DynMapGCPageInl, a);
+DECLINLINE(int) pgmRZDynMapGCPageV2Inlined(PVM pVM, PVMCPU pVCpu, RTGCPHYS GCPhys, void **ppv RTLOG_COMMA_SRC_POS_DECL)
+{
+    STAM_PROFILE_START(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapGCPageInl, a);
     AssertMsg(!(GCPhys & PAGE_OFFSET_MASK), ("%RGp\n", GCPhys));
 
@@ -347 +349 @@
         /** @todo   || page state stuff */))
     {
-        /* This case is not counted into StatR0DynMapGCPageInl. */
-        STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatR0DynMapGCPageInlRamMisses);
-        return PGMDynMapGCPage(pVM, GCPhys, ppv);
+        /* This case is not counted into StatRZDynMapGCPageInl. */
+        STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapGCPageInlRamMisses);
+        return pgmRZDynMapGCPageCommon(pVM, pVCpu, GCPhys, ppv RTLOG_COMMA_SRC_POS_ARGS);
     }
 
     RTHCPHYS HCPhys = PGM_PAGE_GET_HCPHYS(&pRam->aPages[off >> PAGE_SHIFT]);
-    STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatR0DynMapGCPageInlRamHits);
+    STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapGCPageInlRamHits);
 
     /*
-     * pgmR0DynMapHCPageInlined with out stats.
+     * pgmRZDynMapHCPageInlined with out stats.
      */
     PPGMMAPSET pSet = &pVCpu->pgm.s.AutoSet;
@@ -365 +367 @@
     unsigned    iEntry  = pSet->aiHashTable[iHash];
     if (    iEntry < pSet->cEntries
-        &&  pSet->aEntries[iEntry].HCPhys == HCPhys)
-    {
+        &&  pSet->aEntries[iEntry].HCPhys == HCPhys
+        &&  pSet->aEntries[iEntry].cInlinedRefs < UINT16_MAX - 1)
+    {
+        pSet->aEntries[iEntry].cInlinedRefs++;
         *ppv = pSet->aEntries[iEntry].pvPage;
-        STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatR0DynMapGCPageInlHits);
+        STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapGCPageInlHits);
     }
     else
     {
-        STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatR0DynMapGCPageInlMisses);
-        pgmR0DynMapHCPageCommon(pSet, HCPhys, ppv);
-    }
-
-    STAM_PROFILE_STOP(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatR0DynMapGCPageInl, a);
+        STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapGCPageInlMisses);
+        pgmRZDynMapHCPageCommon(pSet, HCPhys, ppv RTLOG_COMMA_SRC_POS_ARGS);
+    }
+
+    STAM_PROFILE_STOP(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapGCPageInl, a);
     return VINF_SUCCESS;
 }
@@ -382 +386 @@
 
 /**
- * Inlined version of the ring-0 version of PGMDynMapGCPage that optimizes
+ * Inlined version of the ring-0 version of guest page mapping that optimizes
  * access to pages already in the set.
  *
- * @returns See PGMDynMapGCPage.
+ * @returns VBox status code, see pgmRZDynMapGCPageCommon for details.
  * @param   pVCpu       The current CPU.
  * @param   GCPhys      The guest physical address of the page.
  * @param   ppv         Where to store the mapping address.
  */
-DECLINLINE(int) pgmR0DynMapGCPageInlined(PVMCPU pVCpu, RTGCPHYS GCPhys, void **ppv)
-{
-    return pgmR0DynMapGCPageV2Inlined(pVCpu->CTX_SUFF(pVM), pVCpu, GCPhys, ppv);
-}
-
-
-/**
- * Inlined version of the ring-0 version of PGMDynMapGCPageOff that optimizes
- * access to pages already in the set.
- *
- * @returns See PGMDynMapGCPage.
+DECLINLINE(int) pgmRZDynMapGCPageInlined(PVMCPU pVCpu, RTGCPHYS GCPhys, void **ppv RTLOG_COMMA_SRC_POS_DECL)
+{
+    return pgmRZDynMapGCPageV2Inlined(pVCpu->CTX_SUFF(pVM), pVCpu, GCPhys, ppv RTLOG_COMMA_SRC_POS_ARGS);
+}
+
+
+/**
+ * Inlined version of the ring-0 version of the guest byte mapping code
+ * that optimizes access to pages already in the set.
+ *
+ * @returns VBox status code, see pgmRZDynMapGCPageCommon for details.
  * @param   pVCpu       The current CPU.
  * @param   HCPhys      The physical address of the page.
- * @param   ppv         Where to store the mapping address.
- */
-DECLINLINE(int) pgmR0DynMapGCPageOffInlined(PVMCPU pVCpu, RTGCPHYS GCPhys, void **ppv)
-{
-    STAM_PROFILE_START(&pVCpu->pgm.s.StatR0DynMapGCPageInl, a);
+ * @param   ppv         Where to store the mapping address. The offset is
+ *                      preserved.
+ */
+DECLINLINE(int) pgmRZDynMapGCPageOffInlined(PVMCPU pVCpu, RTGCPHYS GCPhys, void **ppv RTLOG_COMMA_SRC_POS_DECL)
+{
+    STAM_PROFILE_START(&pVCpu->pgm.s.StatRZDynMapGCPageInl, a);
 
     /*
@@ -418 +423 @@
         /** @todo   || page state stuff */))
     {
-        /* This case is not counted into StatR0DynMapGCPageInl. */
-        STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatR0DynMapGCPageInlRamMisses);
-        return PGMDynMapGCPageOff(pVM, GCPhys, ppv);
+        /* This case is not counted into StatRZDynMapGCPageInl. */
+        STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapGCPageInlRamMisses);
+        return pgmRZDynMapGCPageCommon(pVM, pVCpu, GCPhys, ppv RTLOG_COMMA_SRC_POS_ARGS);
     }
 
     RTHCPHYS HCPhys = PGM_PAGE_GET_HCPHYS(&pRam->aPages[off >> PAGE_SHIFT]);
-    STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatR0DynMapGCPageInlRamHits);
+    STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapGCPageInlRamHits);
 
     /*
-     * pgmR0DynMapHCPageInlined with out stats.
+     * pgmRZDynMapHCPageInlined with out stats.
      */
     PPGMMAPSET pSet = &pVCpu->pgm.s.AutoSet;
@@ -436 +441 @@
     unsigned    iEntry  = pSet->aiHashTable[iHash];
     if (    iEntry < pSet->cEntries
-        &&  pSet->aEntries[iEntry].HCPhys == HCPhys)
-    {
+        &&  pSet->aEntries[iEntry].HCPhys == HCPhys
+        &&  pSet->aEntries[iEntry].cInlinedRefs < UINT16_MAX - 1)
+    {
+        STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapGCPageInlHits);
+        pSet->aEntries[iEntry].cInlinedRefs++;
         *ppv = (void *)((uintptr_t)pSet->aEntries[iEntry].pvPage | (PAGE_OFFSET_MASK & (uintptr_t)GCPhys));
-        STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatR0DynMapGCPageInlHits);
     }
     else
     {
-        STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatR0DynMapGCPageInlMisses);
-        pgmR0DynMapHCPageCommon(pSet, HCPhys, ppv);
+        STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapGCPageInlMisses);
+        pgmRZDynMapHCPageCommon(pSet, HCPhys, ppv RTLOG_COMMA_SRC_POS_ARGS);
         *ppv = (void *)((uintptr_t)*ppv | (PAGE_OFFSET_MASK & (uintptr_t)GCPhys));
     }
 
-    STAM_PROFILE_STOP(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatR0DynMapGCPageInl, a);
+    STAM_PROFILE_STOP(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapGCPageInl, a);
     return VINF_SUCCESS;
 }
@@ -462 +469 @@
  * @param   pPage       The page.
  */
-DECLINLINE(void *) pgmPoolMapPageInlined(PVM pVM, PPGMPOOLPAGE pPage)
+DECLINLINE(void *) pgmPoolMapPageInlined(PVM pVM, PPGMPOOLPAGE pPage RTLOG_COMMA_SRC_POS_DECL)
 {
     if (pPage->idx >= PGMPOOL_IDX_FIRST)
@@ -468 +475 @@
         Assert(pPage->idx < pVM->pgm.s.CTX_SUFF(pPool)->cCurPages);
         void *pv;
-# ifdef VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0
-        pgmR0DynMapHCPageInlined(VMMGetCpu(pVM), pPage->Core.Key, &pv);
-# else
-        PGMDynMapHCPage(pVM, pPage->Core.Key, &pv);
-# endif
+        pgmRZDynMapHCPageInlined(VMMGetCpu(pVM), pPage->Core.Key, &pv RTLOG_COMMA_SRC_POS_ARGS);
         return pv;
     }
@@ -486 +489 @@
  * @param   pPage       The page.
  */
-DECLINLINE(void *) pgmPoolMapPageV2Inlined(PVM pVM, PVMCPU pVCpu, PPGMPOOLPAGE pPage)
+DECLINLINE(void *) pgmPoolMapPageV2Inlined(PVM pVM, PVMCPU pVCpu, PPGMPOOLPAGE pPage RTLOG_COMMA_SRC_POS_DECL)
 {
     if (pPage->idx >= PGMPOOL_IDX_FIRST)
@@ -492 +495 @@
         Assert(pPage->idx < pVM->pgm.s.CTX_SUFF(pPool)->cCurPages);
         void *pv;
-# ifdef VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0
         Assert(pVCpu == VMMGetCpu(pVM));
-        pgmR0DynMapHCPageInlined(pVCpu, pPage->Core.Key, &pv);
-# else
-        PGMDynMapHCPage(pVM, pPage->Core.Key, &pv);
-# endif
+        pgmRZDynMapHCPageInlined(pVCpu, pPage->Core.Key, &pv RTLOG_COMMA_SRC_POS_ARGS);
         return pv;
     }
@@ -514 +513 @@
  * @param   HCPhys      HC Physical address of the page.
  */
-DECLINLINE(void *) pgmDynMapHCPageOff(PVM pVM, RTHCPHYS HCPhys)
+DECLINLINE(void *) pgmRZDynMapHCPageOff(PVM pVM, RTHCPHYS HCPhys RTLOG_COMMA_SRC_POS_DECL)
 {
     void *pv;
-# ifdef VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0
-    pgmR0DynMapHCPageInlined(VMMGetCpu(pVM), HCPhys & ~(RTHCPHYS)PAGE_OFFSET_MASK, &pv);
-# else
-    PGMDynMapHCPage(pVM, HCPhys & ~(RTHCPHYS)PAGE_OFFSET_MASK, &pv);
-# endif
+    pgmRZDynMapHCPageInlined(VMMGetCpu(pVM), HCPhys & ~(RTHCPHYS)PAGE_OFFSET_MASK, &pv RTLOG_COMMA_SRC_POS_ARGS);
     pv = (void *)((uintptr_t)pv | ((uintptr_t)HCPhys & PAGE_OFFSET_MASK));
     return pv;
@@ -651 +646 @@
 {
 #ifdef VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0
-    int rc = pgmR0DynMapGCPageInlined(pVCpu, pVCpu->pgm.s.GCPhysCR3, (void **)ppPd);
+    int rc = pgmRZDynMapGCPageInlined(pVCpu, pVCpu->pgm.s.GCPhysCR3, (void **)ppPd RTLOG_COMMA_SRC_POS);
     if (RT_FAILURE(rc))
     {
@@ -676 +671 @@
 #ifdef VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0
     PX86PD pGuestPD = NULL;
-    int rc = pgmR0DynMapGCPageInlined(pVCpu, pVCpu->pgm.s.GCPhysCR3, (void **)&pGuestPD);
+    int rc = pgmRZDynMapGCPageInlined(pVCpu, pVCpu->pgm.s.GCPhysCR3, (void **)&pGuestPD RTLOG_COMMA_SRC_POS);
     if (RT_FAILURE(rc))
     {
@@ -705 +700 @@
 {
 #ifdef VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0
-    int rc = pgmR0DynMapGCPageOffInlined(pVCpu, pVCpu->pgm.s.GCPhysCR3, (void **)ppPdpt);
+    int rc = pgmRZDynMapGCPageOffInlined(pVCpu, pVCpu->pgm.s.GCPhysCR3, (void **)ppPdpt RTLOG_COMMA_SRC_POS);
     if (RT_FAILURE(rc))
     {
@@ -749 +744 @@
 #ifdef VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0
     PX86PDPT pGuestPDPT = NULL;
-    int rc = pgmR0DynMapGCPageOffInlined(pVCpu, pVCpu->pgm.s.GCPhysCR3, (void **)&pGuestPDPT);
+    int rc = pgmRZDynMapGCPageOffInlined(pVCpu, pVCpu->pgm.s.GCPhysCR3, (void **)&pGuestPDPT RTLOG_COMMA_SRC_POS);
     AssertRCReturn(rc, NULL);
 #else
@@ -785 +780 @@
 #ifdef VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0
             PX86PDPAE   pGuestPD = NULL;
-            int rc = pgmR0DynMapGCPageInlined(pVCpu,
+            int rc = pgmRZDynMapGCPageInlined(pVCpu,
                                               pGuestPDPT->a[iPdpt].u & X86_PDPE_PG_MASK,
-                                              (void **)&pGuestPD);
+                                              (void **)&pGuestPD
+                                              RTLOG_COMMA_SRC_POS);
             if (RT_SUCCESS(rc))
                 return pGuestPD->a[iPD];
@@ -837 +833 @@
 #ifdef VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0
     PX86PDPAE   pGuestPD = NULL;
-    int rc = pgmR0DynMapGCPageInlined(pVCpu,
+    int rc = pgmRZDynMapGCPageInlined(pVCpu,
                                       pGuestPDPT->a[iPdpt].u & X86_PDPE_PG_MASK,
-                                      (void **)&pGuestPD);
+                                      (void **)&pGuestPD
+                                      RTLOG_COMMA_SRC_POS);
     if (RT_FAILURE(rc))
     {
@@ -868 +865 @@
 {
 #ifdef VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0
-    int rc = pgmR0DynMapGCPageInlined(pVCpu, pVCpu->pgm.s.GCPhysCR3, (void **)ppPml4);
+    int rc = pgmRZDynMapGCPageInlined(pVCpu, pVCpu->pgm.s.GCPhysCR3, (void **)ppPml4 RTLOG_COMMA_SRC_POS);
     if (RT_FAILURE(rc))
     {
@@ -910 +907 @@
 #ifdef VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0
     PX86PML4 pGuestPml4;
-    int rc = pgmR0DynMapGCPageInlined(pVCpu, pVCpu->pgm.s.GCPhysCR3, (void **)&pGuestPml4);
+    int rc = pgmRZDynMapGCPageInlined(pVCpu, pVCpu->pgm.s.GCPhysCR3, (void **)&pGuestPml4 RTLOG_COMMA_SRC_POS);
     AssertRCReturn(rc, NULL);
 #else

trunk/src/VBox/VMM/PGMInternal.h

@@ -234 +234 @@
  *                      this.
  *
- * @remark  In RC this uses PGMDynMapHCPage(), so it will consume of the small
- *          page window employeed by that function. Be careful.
+ * @remark  Use with care as we don't have so much dynamic mapping space in
+ *          ring-0 on 32-bit darwin and in RC.
  * @remark  There is no need to assert on the result.
  */
-#ifdef IN_RC
+#if defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0) || defined(IN_RC)
 # define PGM_HCPHYS_2_PTR(pVM, pVCpu, HCPhys, ppv) \
-     PGMDynMapHCPage(pVM, HCPhys, (void **)(ppv))
-#elif defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0)
-# define PGM_HCPHYS_2_PTR(pVM, pVCpu, HCPhys, ppv) \
-     pgmR0DynMapHCPageInlined(pVCpu, HCPhys, (void **)(ppv))
+     pgmRZDynMapHCPageInlined(pVCpu, HCPhys, (void **)(ppv) RTLOG_COMMA_SRC_POS)
 #else
 # define PGM_HCPHYS_2_PTR(pVM, pVCpu, HCPhys, ppv) \
@@ -258 +255 @@
  * @param   ppv     Where to store the virtual address. No need to cast this.
  *
- * @remark  In GC this uses PGMGCDynMapGCPage(), so it will consume of the
- *          small page window employeed by that function. Be careful.
+ * @remark  Use with care as we don't have so much dynamic mapping space in
+ *          ring-0 on 32-bit darwin and in RC.
  * @remark  There is no need to assert on the result.
  */
-#ifdef IN_RC
+#if defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0) || defined(IN_RC)
 # define PGM_GCPHYS_2_PTR_V2(pVM, pVCpu, GCPhys, ppv) \
-     PGMDynMapGCPage(pVM, GCPhys, (void **)(ppv))
-#elif defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0)
-# define PGM_GCPHYS_2_PTR_V2(pVM, pVCpu, GCPhys, ppv) \
-     pgmR0DynMapGCPageV2Inlined(pVM, pVCpu, GCPhys, (void **)(ppv))
+     pgmRZDynMapGCPageV2Inlined(pVM, pVCpu, GCPhys, (void **)(ppv) RTLOG_COMMA_SRC_POS)
 #else
 # define PGM_GCPHYS_2_PTR_V2(pVM, pVCpu, GCPhys, ppv) \
@@ -281 +275 @@
  * @param   ppv     Where to store the virtual address. No need to cast this.
  *
- * @remark  In GC this uses PGMGCDynMapGCPage(), so it will consume of the
- *          small page window employeed by that function. Be careful.
+ * @remark  Use with care as we don't have so much dynamic mapping space in
+ *          ring-0 on 32-bit darwin and in RC.
  * @remark  There is no need to assert on the result.
  */
@@ -295 +289 @@
  * @param   ppv     Where to store the virtual address. No need to cast this.
  *
- * @remark  In RC this uses PGMGCDynMapGCPage(), so it will consume of the
- *          small page window employeed by that function. Be careful.
+ * @remark  Use with care as we don't have so much dynamic mapping space in
+ *          ring-0 on 32-bit darwin and in RC.
  * @remark  There is no need to assert on the result.
  */
@@ -309 +303 @@
  * @param   ppv     Where to store the virtual address. No need to cast this.
  *
- * @remark  In GC this uses PGMGCDynMapGCPage(), so it will consume of the
- *          small page window employeed by that function. Be careful.
+ * @remark  Use with care as we don't have so much dynamic mapping space in
+ *          ring-0 on 32-bit darwin and in RC.
  * @remark  There is no need to assert on the result.
  */
 #if defined(IN_RC) || defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0)
 # define PGM_GCPHYS_2_PTR_EX(pVM, GCPhys, ppv) \
-     PGMDynMapGCPageOff(pVM, GCPhys, (void **)(ppv))
+     pgmRZDynMapGCPageOffInlined(VMMGetCpu(pVM), GCPhys, (void **)(ppv) RTLOG_COMMA_SRC_POS)
 #else
 # define PGM_GCPHYS_2_PTR_EX(pVM, GCPhys, ppv) \
      PGMPhysGCPhys2R3Ptr(pVM, GCPhys, 1 /* one page only */, (PRTR3PTR)(ppv)) /** @todo this isn't asserting, use PGMRamGCPhys2HCPtr! */
 #endif
+
+/** @def PGM_DYNMAP_UNUSED_HINT
+ * Hints to the dynamic mapping code in RC and R0/darwin that the specified page
+ * is no longer used.
+ *
+ * @param   pVCpu   The current CPU.
+ * @param   pPage   The pool page.
+ */
+#if defined(IN_RC) || defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0)
+# ifdef LOG_ENABLED
+#  define PGM_DYNMAP_UNUSED_HINT(pVCpu, pvPage)  pgmRZDynMapUnusedHint(pVCpu, pvPage, RT_SRC_POS)
+# else
+#  define PGM_DYNMAP_UNUSED_HINT(pVCpu, pvPage)  pgmRZDynMapUnusedHint(pVCpu, pvPage)
+# endif
+#else
+# define PGM_DYNMAP_UNUSED_HINT(pVCpu, pvPage)  do {} while (0)
+#endif
+
+/** @def PGM_DYNMAP_UNUSED_HINT_VM
+ * Hints to the dynamic mapping code in RC and R0/darwin that the specified page
+ * is no longer used.
+ *
+ * @param   pVM     The VM handle.
+ * @param   pPage   The pool page.
+ */
+#define PGM_DYNMAP_UNUSED_HINT_VM(pVM, pvPage)  PGM_DYNMAP_UNUSED_HINT(VMMGetCpu(pVM), pvPage)
+
 
 /** @def PGM_INVL_PG
@@ -1549 +1570 @@
 
 /**
+ * Raw-mode context dynamic mapping cache entry.
+ *
+ * Because of raw-mode context being reloctable and all relocations are applied
+ * in ring-3, this has to be defined here and be RC specfic.
+ *
+ * @sa PGMRZDYNMAPENTRY, PGMR0DYNMAPENTRY.
+ */
+typedef struct PGMRCDYNMAPENTRY
+{
+    /** The physical address of the currently mapped page.
+     * This is duplicate for three reasons: cache locality, cache policy of the PT
+     * mappings and sanity checks.   */
+    RTHCPHYS                    HCPhys;
+    /** Pointer to the page. */
+    RTRCPTR                     pvPage;
+    /** The number of references. */
+    int32_t volatile            cRefs;
+    /** PTE pointer union. */
+    union PGMRCDYNMAPENTRY_PPTE
+    {
+        /** PTE pointer, 32-bit legacy version. */
+        RCPTRTYPE(PX86PTE)      pLegacy;
+        /** PTE pointer, PAE version. */
+        RCPTRTYPE(PX86PTEPAE)   pPae;
+        /** PTE pointer, the void version. */
+        RTRCPTR                 pv;
+    } uPte;
+    /** Alignment padding. */
+    RTRCPTR                     RCPtrAlignment;
+} PGMRCDYNMAPENTRY;
+/** Pointer to a dynamic mapping cache entry for the raw-mode context. */
+typedef PGMRCDYNMAPENTRY *PPGMRCDYNMAPENTRY;
+
+
+/**
+ * Dynamic mapping cache for the raw-mode context.
+ *
+ * This is initialized during VMMRC init based upon the pbDynPageMapBaseGC and
+ * paDynPageMap* PGM members.  However, it has to be defined in PGMInternal.h
+ * so that we can perform relocations from PGMR3Relocate.  This has the
+ * consequence that we must have separate ring-0 and raw-mode context versions
+ * of this struct even if they share the basic elements.
+ *
+ * @sa PPGMRZDYNMAP, PGMR0DYNMAP.
+ */
+typedef struct PGMRCDYNMAP
+{
+    /** The usual magic number / eye catcher (PGMRZDYNMAP_MAGIC). */
+    uint32_t                        u32Magic;
+    /** Array for tracking and managing the pages.  */
+    RCPTRTYPE(PPGMRCDYNMAPENTRY)    paPages;
+    /** The cache size given as a number of pages. */
+    uint32_t                        cPages;
+    /** Whether it's 32-bit legacy or PAE/AMD64 paging mode. */
+    bool                            fLegacyMode;
+    /** The current load.
+     * This does not include guard pages. */
+    uint32_t                        cLoad;
+    /** The max load ever.
+     * This is maintained to get trigger adding of more mapping space. */
+    uint32_t                        cMaxLoad;
+    /** The number of guard pages. */
+    uint32_t                        cGuardPages;
+    /** The number of users (protected by hInitLock). */
+    uint32_t                        cUsers;
+} PGMRCDYNMAP;
+/** Pointer to the dynamic cache for the raw-mode context. */
+typedef PGMRCDYNMAP *PPGMRCDYNMAP;
+
+
+/**
  * Mapping cache usage set entry.
  *
  * @remarks 16-bit ints was choosen as the set is not expected to be used beyond
  *          the dynamic ring-0 and (to some extent) raw-mode context mapping
- *          cache. If it's extended to include ring-3, well, then something will
- *          have be changed here...
+ *          cache.  If it's extended to include ring-3, well, then something
+ *          will have be changed here...
  */
 typedef struct PGMMAPSETENTRY
 {
+    /** Pointer to the page. */
+#ifndef IN_RC
+    RTR0PTR                     pvPage;
+#else
+    RTRCPTR                     pvPage;
+# if HC_ARCH_BITS == 64
+    uint32_t                    u32Alignment2;
+# endif
+#endif
     /** The mapping cache index. */
     uint16_t                    iPage;
@@ -1563 +1664 @@
      * The max is UINT16_MAX - 1. */
     uint16_t                    cRefs;
-#if HC_ARCH_BITS == 64
-    uint32_t                    alignment;
-#endif
-    /** Pointer to the page. */
-    RTR0PTR                     pvPage;
+    /** The number inlined references.
+     * The max is UINT16_MAX - 1. */
+    uint16_t                    cInlinedRefs;
+    /** Unreferences.  */
+    uint16_t                    cUnrefs;
+
+#if HC_ARCH_BITS == 32
+    uint32_t                    u32Alignment1;
+#endif
     /** The physical address for this entry. */
     RTHCPHYS                    HCPhys;
 } PGMMAPSETENTRY;
+AssertCompileMemberOffset(PGMMAPSETENTRY, iPage, RT_MAX(sizeof(RTR0PTR), sizeof(RTRCPTR)));
+AssertCompileMemberAlignment(PGMMAPSETENTRY, HCPhys, sizeof(RTHCPHYS));
 /** Pointer to a mapping cache usage set entry. */
 typedef PGMMAPSETENTRY *PPGMMAPSETENTRY;
@@ -2150 +2257 @@
  * @remark  There is no need to assert on the result.
  */
-#if defined(IN_RC)
-# define PGMPOOL_PAGE_2_PTR(pVM, pPage)  pgmPoolMapPageInlined((pVM), (pPage))
-#elif defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0)
-# define PGMPOOL_PAGE_2_PTR(pVM, pPage)  pgmPoolMapPageInlined((pVM), (pPage))
+#if defined(IN_RC) || defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0)
+# define PGMPOOL_PAGE_2_PTR(pVM, pPage)  pgmPoolMapPageInlined((pVM), (pPage) RTLOG_COMMA_SRC_POS)
 #elif defined(VBOX_STRICT)
 # define PGMPOOL_PAGE_2_PTR(pVM, pPage)  pgmPoolMapPageStrict(pPage)
@@ -2178 +2283 @@
  * @remark  There is no need to assert on the result.
  */
-#if defined(IN_RC)
-# define PGMPOOL_PAGE_2_PTR_V2(pVM, pVCpu, pPage)   pgmPoolMapPageV2Inlined((pVM), (pVCpu), (pPage))
-#elif defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0)
-# define PGMPOOL_PAGE_2_PTR_V2(pVM, pVCpu, pPage)   pgmPoolMapPageV2Inlined((pVM), (pVCpu), (pPage))
+#if defined(IN_RC) || defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0)
+# define PGMPOOL_PAGE_2_PTR_V2(pVM, pVCpu, pPage)   pgmPoolMapPageV2Inlined((pVM), (pVCpu), (pPage) RTLOG_COMMA_SRC_POS)
 #else
 # define PGMPOOL_PAGE_2_PTR_V2(pVM, pVCpu, pPage)   PGMPOOL_PAGE_2_PTR((pVM), (pPage))
@@ -2623 +2726 @@
 
     /* RC only: */
-    STAMCOUNTER StatRCDynMapCacheMisses;            /**< RC: The number of dynamic page mapping cache misses */
-    STAMCOUNTER StatRCDynMapCacheHits;              /**< RC: The number of dynamic page mapping cache hits */
     STAMCOUNTER StatRCInvlPgConflict;               /**< RC: Number of times PGMInvalidatePage() detected a mapping conflict. */
     STAMCOUNTER StatRCInvlPgSyncMonCR3;             /**< RC: Number of times PGMInvalidatePage() ran into PGM_SYNC_MONITOR_CR3. */
@@ -2846 +2947 @@
     /** Base address of the dynamic page mapping area.
      * The array is MM_HYPER_DYNAMIC_SIZE bytes big.
+     *
+     * @todo The plan of keeping PGMRCDYNMAP private to PGMRZDynMap.cpp didn't
+     *       work out.  Some cleaning up of the initialization that would
+     *       remove this memory is yet to be done...
      */
     RCPTRTYPE(uint8_t *)            pbDynPageMapBaseGC;
-    /** The index of the last entry used in the dynamic page mapping area. */
-    RTUINT                          iDynPageMapLast;
-    /** Cache containing the last entries in the dynamic page mapping area.
-     * The cache size is covering half of the mapping area. */
-    RTHCPHYS                        aHCPhysDynPageMapCache[MM_HYPER_DYNAMIC_SIZE >> (PAGE_SHIFT + 1)];
-    /** Keep a lock counter for the full (!) mapping area. */
-    uint32_t                        aLockedDynPageMapCache[MM_HYPER_DYNAMIC_SIZE >> (PAGE_SHIFT)];
-
+    /** The address of the raw-mode context mapping cache. */
+    RCPTRTYPE(PPGMRCDYNMAP)         pRCDynMap;
     /** The address of the ring-0 mapping cache if we're making use of it.  */
     RTR0PTR                         pvR0DynMapUsed;
@@ -3052 +3151 @@
 AssertCompileMemberAlignment(PGM, GCPtrMappingFixed, sizeof(RTGCPTR));
 AssertCompileMemberAlignment(PGM, HCPhysInterPD, 8);
-AssertCompileMemberAlignment(PGM, aHCPhysDynPageMapCache, 8);
 AssertCompileMemberAlignment(PGM, CritSect, 8);
 AssertCompileMemberAlignment(PGM, ChunkR3Map, 8);
@@ -3072 +3170 @@
 
     /* R0 only: */
-    STAMCOUNTER StatR0DynMapMigrateInvlPg;          /**< R0: invlpg in PGMDynMapMigrateAutoSet. */
-    STAMPROFILE StatR0DynMapGCPageInl;              /**< R0: Calls to pgmR0DynMapGCPageInlined. */
-    STAMCOUNTER StatR0DynMapGCPageInlHits;          /**< R0: Hash table lookup hits. */
-    STAMCOUNTER StatR0DynMapGCPageInlMisses;        /**< R0: Misses that falls back to code common with PGMDynMapHCPage. */
-    STAMCOUNTER StatR0DynMapGCPageInlRamHits;       /**< R0: 1st ram range hits. */
-    STAMCOUNTER StatR0DynMapGCPageInlRamMisses;     /**< R0: 1st ram range misses, takes slow path. */
-    STAMPROFILE StatR0DynMapHCPageInl;              /**< R0: Calls to pgmR0DynMapHCPageInlined. */
-    STAMCOUNTER StatR0DynMapHCPageInlHits;          /**< R0: Hash table lookup hits. */
-    STAMCOUNTER StatR0DynMapHCPageInlMisses;        /**< R0: Misses that falls back to code common with PGMDynMapHCPage. */
-    STAMPROFILE StatR0DynMapHCPage;                 /**< R0: Calls to PGMDynMapHCPage. */
-    STAMCOUNTER StatR0DynMapSetOptimize;            /**< R0: Calls to pgmDynMapOptimizeAutoSet. */
-    STAMCOUNTER StatR0DynMapSetSearchFlushes;       /**< R0: Set search restorting to subset flushes. */
-    STAMCOUNTER StatR0DynMapSetSearchHits;          /**< R0: Set search hits. */
-    STAMCOUNTER StatR0DynMapSetSearchMisses;        /**< R0: Set search misses. */
-    STAMCOUNTER StatR0DynMapPage;                   /**< R0: Calls to pgmR0DynMapPage. */
-    STAMCOUNTER StatR0DynMapPageHits0;              /**< R0: Hits at iPage+0. */
-    STAMCOUNTER StatR0DynMapPageHits1;              /**< R0: Hits at iPage+1. */
-    STAMCOUNTER StatR0DynMapPageHits2;              /**< R0: Hits at iPage+2. */
-    STAMCOUNTER StatR0DynMapPageInvlPg;             /**< R0: invlpg. */
-    STAMCOUNTER StatR0DynMapPageSlow;               /**< R0: Calls to pgmR0DynMapPageSlow. */
-    STAMCOUNTER StatR0DynMapPageSlowLoopHits;       /**< R0: Hits in the pgmR0DynMapPageSlow search loop. */
-    STAMCOUNTER StatR0DynMapPageSlowLoopMisses;     /**< R0: Misses in the pgmR0DynMapPageSlow search loop. */
-    //STAMCOUNTER StatR0DynMapPageSlowLostHits;       /**< R0: Lost hits. */
-    STAMCOUNTER StatR0DynMapSubsets;                /**< R0: Times PGMDynMapPushAutoSubset was called. */
-    STAMCOUNTER StatR0DynMapPopFlushes;             /**< R0: Times PGMDynMapPopAutoSubset flushes the subset. */
-    STAMCOUNTER aStatR0DynMapSetSize[11];           /**< R0: Set size distribution. */
 
     /* RZ only: */
@@ -3148 +3220 @@
     STAMCOUNTER StatRZGuestROMWriteHandled;         /**< RC/R0: The number of times pgmPhysRomWriteHandler() was successfully called. */
     STAMCOUNTER StatRZGuestROMWriteUnhandled;       /**< RC/R0: The number of times pgmPhysRomWriteHandler() was called and we had to fall back to the recompiler */
+    STAMCOUNTER StatRZDynMapMigrateInvlPg;          /**< RZ: invlpg in PGMR0DynMapMigrateAutoSet. */
+    STAMPROFILE StatRZDynMapGCPageInl;              /**< RZ: Calls to pgmRZDynMapGCPageInlined. */
+    STAMCOUNTER StatRZDynMapGCPageInlHits;          /**< RZ: Hash table lookup hits. */
+    STAMCOUNTER StatRZDynMapGCPageInlMisses;        /**< RZ: Misses that falls back to the code common. */
+    STAMCOUNTER StatRZDynMapGCPageInlRamHits;       /**< RZ: 1st ram range hits. */
+    STAMCOUNTER StatRZDynMapGCPageInlRamMisses;     /**< RZ: 1st ram range misses, takes slow path. */
+    STAMPROFILE StatRZDynMapHCPageInl;              /**< RZ: Calls to pgmRZDynMapHCPageInlined. */
+    STAMCOUNTER StatRZDynMapHCPageInlHits;          /**< RZ: Hash table lookup hits. */
+    STAMCOUNTER StatRZDynMapHCPageInlMisses;        /**< RZ: Misses that falls back to the code common. */
+    STAMPROFILE StatRZDynMapHCPage;                 /**< RZ: Calls to pgmRZDynMapHCPageCommon. */
+    STAMCOUNTER StatRZDynMapSetOptimize;            /**< RZ: Calls to pgmRZDynMapOptimizeAutoSet. */
+    STAMCOUNTER StatRZDynMapSetSearchFlushes;       /**< RZ: Set search restorting to subset flushes. */
+    STAMCOUNTER StatRZDynMapSetSearchHits;          /**< RZ: Set search hits. */
+    STAMCOUNTER StatRZDynMapSetSearchMisses;        /**< RZ: Set search misses. */
+    STAMCOUNTER StatRZDynMapPage;                   /**< RZ: Calls to pgmR0DynMapPage. */
+    STAMCOUNTER StatRZDynMapPageHits0;              /**< RZ: Hits at iPage+0. */
+    STAMCOUNTER StatRZDynMapPageHits1;              /**< RZ: Hits at iPage+1. */
+    STAMCOUNTER StatRZDynMapPageHits2;              /**< RZ: Hits at iPage+2. */
+    STAMCOUNTER StatRZDynMapPageInvlPg;             /**< RZ: invlpg. */
+    STAMCOUNTER StatRZDynMapPageSlow;               /**< RZ: Calls to pgmR0DynMapPageSlow. */
+    STAMCOUNTER StatRZDynMapPageSlowLoopHits;       /**< RZ: Hits in the pgmR0DynMapPageSlow search loop. */
+    STAMCOUNTER StatRZDynMapPageSlowLoopMisses;     /**< RZ: Misses in the pgmR0DynMapPageSlow search loop. */
+    //STAMCOUNTER StatRZDynMapPageSlowLostHits;       /**< RZ: Lost hits. */
+    STAMCOUNTER StatRZDynMapSubsets;                /**< RZ: Times PGMDynMapPushAutoSubset was called. */
+    STAMCOUNTER StatRZDynMapPopFlushes;             /**< RZ: Times PGMDynMapPopAutoSubset flushes the subset. */
+    STAMCOUNTER aStatRZDynMapSetFilledPct[11];      /**< RZ: Set fill distribution, percent. */
 
     /* HC - R3 and (maybe) R0: */
@@ -3270 +3368 @@
 {
     /** Offset to the VM structure. */
-    RTINT                           offVM;
+    int32_t                         offVM;
     /** Offset to the VMCPU structure. */
-    RTINT                           offVCpu;
+    int32_t                         offVCpu;
     /** Offset of the PGM structure relative to VMCPU. */
-    RTINT                           offPGM;
-    RTINT                           uPadding0;      /**< structure size alignment. */
-
-#ifdef VBOX_WITH_2X_4GB_ADDR_SPACE
+    int32_t                         offPGM;
+    uint32_t                        uPadding0;      /**< structure size alignment. */
+
+#if defined(VBOX_WITH_2X_4GB_ADDR_SPACE) || defined(VBOX_WITH_RAW_MODE)
     /** Automatically tracked physical memory mapping set.
      * Ring-0 and strict raw-mode builds. */
@@ -3593 +3691 @@
 
 #endif /* IN_RING3 */
-#ifdef VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0
-int             pgmR0DynMapHCPageCommon(PPGMMAPSET pSet, RTHCPHYS HCPhys, void **ppv);
+#if defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0) || IN_RC
+int             pgmRZDynMapHCPageCommon(PPGMMAPSET pSet, RTHCPHYS HCPhys, void **ppv RTLOG_COMMA_SRC_POS_DECL);
+int             pgmRZDynMapGCPageCommon(PVM pVM, PVMCPU pVCpu, RTGCPHYS GCPhys, void **ppv RTLOG_COMMA_SRC_POS_DECL);
+# ifdef LOG_ENABLED
+void            pgmRZDynMapUnusedHint(PVMCPU pVCpu, void *pvHint, RT_SRC_POS_DECL);
+# else
+void            pgmRZDynMapUnusedHint(PVMCPU pVCpu, void *pvHint);
+# endif
 #endif
 int             pgmPoolAllocEx(PVM pVM, RTGCPHYS GCPhys, PGMPOOLKIND enmKind, PGMPOOLACCESS enmAccess, uint16_t iUser, uint32_t iUserTable, PPPGMPOOLPAGE ppPage, bool fLockPage = false);

trunk/src/VBox/VMM/VMMAll/MMAllPagePool.cpp

@@ -39 +39 @@
 
 
-#ifndef VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0
+#if !defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0) && !defined(IN_RC)
 
 /**

trunk/src/VBox/VMM/VMMAll/PGMAll.cpp

@@ -936 +936 @@
         PGMPOOLKIND enmKind;
 
-# if defined(IN_RC)
-        /* Make sure the dynamic pPdeDst mapping will not be reused during this function. */
-        PGMDynLockHCPage(pVM, (uint8_t *)pPdpe);
-# endif
-
         if (pVM->pgm.s.fNestedPaging || !CPUMIsGuestPagingEnabled(pVCpu))
         {
@@ -990 +985 @@
          */
         ASMReloadCR3();
-        PGMDynUnlockHCPage(pVM, (uint8_t *)pPdpe);
 # endif
+        PGM_DYNMAP_UNUSED_HINT(pVCpu, pPdpe);
     }
     else
@@ -1524 +1519 @@
 #endif /* !VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0 */
 #if !defined(IN_RC) && !defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0)
-
 /**
  * Performs the lazy mapping of the 32-bit guest PD.
@@ -1563 +1557 @@
     return rc;
 }
-
 #endif
 
@@ -2272 +2265 @@
 #if defined(IN_RC) || defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0)
 
-/** Common worker for PGMDynMapGCPage and PGMDynMapGCPageOff. */
-DECLINLINE(int) pgmDynMapGCPageInternal(PVM pVM, RTGCPHYS GCPhys, void **ppv)
+/**
+ * Common worker for pgmRZDynMapGCPageOffInlined and pgmRZDynMapGCPageV2Inlined.
+ *
+ * @returns VBox status code.
+ * @param   pVM         The VM handle.
+ * @param   pVCpu       The current CPU.
+ * @param   GCPhys      The guest physical address of the page to map.  The
+ *                      offset bits are not ignored.
+ * @param   ppv         Where to return the address corresponding to @a GCPhys.
+ */
+int pgmRZDynMapGCPageCommon(PVM pVM, PVMCPU pVCpu, RTGCPHYS GCPhys, void **ppv RTLOG_COMMA_SRC_POS_DECL)
 {
     pgmLock(pVM);
 
     /*
-     * Convert it to a writable page and it on to PGMDynMapHCPage.
+     * Convert it to a writable page and it on to the dynamic mapper.
      */
     int rc;
@@ -2287 +2289 @@
         if (RT_SUCCESS(rc))
         {
-            //Log(("PGMDynMapGCPage: GCPhys=%RGp pPage=%R[pgmpage]\n", GCPhys, pPage));
-#ifdef VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0
-            rc = pgmR0DynMapHCPageInlined(VMMGetCpu(pVM), PGM_PAGE_GET_HCPHYS(pPage), ppv);
-#else
-            rc = PGMDynMapHCPage(pVM, PGM_PAGE_GET_HCPHYS(pPage), ppv);
-#endif
+            void *pv;
+            rc = pgmRZDynMapHCPageInlined(pVCpu, PGM_PAGE_GET_HCPHYS(pPage), &pv RTLOG_COMMA_SRC_POS_ARGS);
+            if (RT_SUCCESS(rc))
+                *ppv = (void *)((uintptr_t)pv | ((uintptr_t)GCPhys & PAGE_OFFSET_MASK));
         }
         else
@@ -2307 +2307 @@
 }
 
-/**
- * Temporarily maps one guest page specified by GC physical address.
- * These pages must have a physical mapping in HC, i.e. they cannot be MMIO pages.
- *
- * Be WARNED that the dynamic page mapping area is small, 8 pages, thus the space is
- * reused after 8 mappings (or perhaps a few more if you score with the cache).
- *
- * @returns VBox status.
- * @param   pVM         VM handle.
- * @param   GCPhys      GC Physical address of the page.
- * @param   ppv         Where to store the address of the mapping.
- */
-VMMDECL(int) PGMDynMapGCPage(PVM pVM, RTGCPHYS GCPhys, void **ppv)
-{
-    AssertMsg(!(GCPhys & PAGE_OFFSET_MASK), ("GCPhys=%RGp\n", GCPhys));
-    return pgmDynMapGCPageInternal(pVM, GCPhys, ppv);
-}
-
-
-/**
- * Temporarily maps one guest page specified by unaligned GC physical address.
- * These pages must have a physical mapping in HC, i.e. they cannot be MMIO pages.
- *
- * Be WARNED that the dynamic page mapping area is small, 8 pages, thus the space is
- * reused after 8 mappings (or perhaps a few more if you score with the cache).
- *
- * The caller is aware that only the speicifed page is mapped and that really bad things
- * will happen if writing beyond the page!
- *
- * @returns VBox status.
- * @param   pVM         VM handle.
- * @param   GCPhys      GC Physical address within the page to be mapped.
- * @param   ppv         Where to store the address of the mapping address corresponding to GCPhys.
- */
-VMMDECL(int) PGMDynMapGCPageOff(PVM pVM, RTGCPHYS GCPhys, void **ppv)
-{
-    void *pv;
-    int rc = pgmDynMapGCPageInternal(pVM, GCPhys, &pv);
-    if (RT_SUCCESS(rc))
-    {
-        *ppv = (void *)((uintptr_t)pv | (uintptr_t)(GCPhys & PAGE_OFFSET_MASK));
-        return VINF_SUCCESS;
-    }
-    return rc;
-}
-
-# ifdef IN_RC
-
-/**
- * Temporarily maps one host page specified by HC physical address.
- *
- * Be WARNED that the dynamic page mapping area is small, 16 pages, thus the space is
- * reused after 16 mappings (or perhaps a few more if you score with the cache).
- *
- * @returns VINF_SUCCESS, will bail out to ring-3 on failure.
- * @param   pVM         VM handle.
- * @param   HCPhys      HC Physical address of the page.
- * @param   ppv         Where to store the address of the mapping. This is the
- *                      address of the PAGE not the exact address corresponding
- *                      to HCPhys. Use PGMDynMapHCPageOff if you care for the
- *                      page offset.
- */
-VMMDECL(int) PGMDynMapHCPage(PVM pVM, RTHCPHYS HCPhys, void **ppv)
-{
-    AssertMsg(!(HCPhys & PAGE_OFFSET_MASK), ("HCPhys=%RHp\n", HCPhys));
-
-    /*
-     * Check the cache.
-     */
-    register unsigned iCache;
-    for (iCache = 0;iCache < RT_ELEMENTS(pVM->pgm.s.aHCPhysDynPageMapCache);iCache++)
-    {
-        static const uint8_t au8Trans[MM_HYPER_DYNAMIC_SIZE >> PAGE_SHIFT][RT_ELEMENTS(pVM->pgm.s.aHCPhysDynPageMapCache)] =
-        {
-            { 0,  9, 10, 11, 12, 13, 14, 15},
-            { 0,  1, 10, 11, 12, 13, 14, 15},
-            { 0,  1,  2, 11, 12, 13, 14, 15},
-            { 0,  1,  2,  3, 12, 13, 14, 15},
-            { 0,  1,  2,  3,  4, 13, 14, 15},
-            { 0,  1,  2,  3,  4,  5, 14, 15},
-            { 0,  1,  2,  3,  4,  5,  6, 15},
-            { 0,  1,  2,  3,  4,  5,  6,  7},
-            { 8,  1,  2,  3,  4,  5,  6,  7},
-            { 8,  9,  2,  3,  4,  5,  6,  7},
-            { 8,  9, 10,  3,  4,  5,  6,  7},
-            { 8,  9, 10, 11,  4,  5,  6,  7},
-            { 8,  9, 10, 11, 12,  5,  6,  7},
-            { 8,  9, 10, 11, 12, 13,  6,  7},
-            { 8,  9, 10, 11, 12, 13, 14,  7},
-            { 8,  9, 10, 11, 12, 13, 14, 15},
-        };
-        AssertCompile(RT_ELEMENTS(au8Trans) == 16);
-        AssertCompile(RT_ELEMENTS(au8Trans[0]) == 8);
-
-        if (pVM->pgm.s.aHCPhysDynPageMapCache[iCache] == HCPhys)
-        {
-            int iPage = au8Trans[pVM->pgm.s.iDynPageMapLast][iCache];
-
-            /* The cache can get out of sync with locked entries. (10 locked, 2 overwrites its cache position, last = 11, lookup 2 -> page 10 instead of 2) */
-            if ((pVM->pgm.s.paDynPageMap32BitPTEsGC[iPage].u & X86_PTE_PG_MASK) == HCPhys)
-            {
-                void *pv = pVM->pgm.s.pbDynPageMapBaseGC + (iPage << PAGE_SHIFT);
-                *ppv = pv;
-                STAM_COUNTER_INC(&pVM->pgm.s.CTX_SUFF(pStats)->StatRCDynMapCacheHits);
-                Log4(("PGMGCDynMapHCPage: HCPhys=%RHp pv=%p iPage=%d iCache=%d\n", HCPhys, pv, iPage, iCache));
-                return VINF_SUCCESS;
-            }
-            LogFlow(("Out of sync entry %d\n", iPage));
-        }
-    }
-    AssertCompile(RT_ELEMENTS(pVM->pgm.s.aHCPhysDynPageMapCache) == 8);
-    AssertCompile((MM_HYPER_DYNAMIC_SIZE >> PAGE_SHIFT) == 16);
-    STAM_COUNTER_INC(&pVM->pgm.s.CTX_SUFF(pStats)->StatRCDynMapCacheMisses);
-
-    /*
-     * Update the page tables.
-     */
-    unsigned iPage = pVM->pgm.s.iDynPageMapLast;
-    unsigned i;
-    for (i = 0; i < (MM_HYPER_DYNAMIC_SIZE >> PAGE_SHIFT); i++)
-    {
-        pVM->pgm.s.iDynPageMapLast = iPage = (iPage + 1) & ((MM_HYPER_DYNAMIC_SIZE >> PAGE_SHIFT) - 1);
-        if (!pVM->pgm.s.aLockedDynPageMapCache[iPage])
-            break;
-        iPage++;
-    }
-    AssertRelease(i != (MM_HYPER_DYNAMIC_SIZE >> PAGE_SHIFT));
-
-    pVM->pgm.s.aHCPhysDynPageMapCache[iPage & (RT_ELEMENTS(pVM->pgm.s.aHCPhysDynPageMapCache) - 1)] = HCPhys;
-    pVM->pgm.s.paDynPageMap32BitPTEsGC[iPage].u = (uint32_t)HCPhys | X86_PTE_P | X86_PTE_A | X86_PTE_D;
-    pVM->pgm.s.paDynPageMapPaePTEsGC[iPage].u   =           HCPhys | X86_PTE_P | X86_PTE_A | X86_PTE_D;
-    pVM->pgm.s.aLockedDynPageMapCache[iPage]    = 0;
-
-    void *pv = pVM->pgm.s.pbDynPageMapBaseGC + (iPage << PAGE_SHIFT);
-    *ppv = pv;
-    ASMInvalidatePage(pv);
-    Log4(("PGMGCDynMapHCPage: HCPhys=%RHp pv=%p iPage=%d\n", HCPhys, pv, iPage));
-    return VINF_SUCCESS;
-}
-
-
-/**
- * Temporarily lock a dynamic page to prevent it from being reused.
- *
- * @param   pVM         VM handle.
- * @param   GCPage      GC address of page
- */
-VMMDECL(void) PGMDynLockHCPage(PVM pVM, RCPTRTYPE(uint8_t *) GCPage)
-{
-    unsigned iPage;
-
-    Assert(GCPage >= pVM->pgm.s.pbDynPageMapBaseGC && GCPage < (pVM->pgm.s.pbDynPageMapBaseGC + MM_HYPER_DYNAMIC_SIZE));
-    iPage = ((uintptr_t)(GCPage - pVM->pgm.s.pbDynPageMapBaseGC)) >> PAGE_SHIFT;
-    ASMAtomicIncU32(&pVM->pgm.s.aLockedDynPageMapCache[iPage]);
-    Log4(("PGMDynLockHCPage %RRv iPage=%d\n", GCPage, iPage));
-}
-
-
-/**
- * Unlock a dynamic page
- *
- * @param   pVM         VM handle.
- * @param   GCPage      GC address of page
- */
-VMMDECL(void) PGMDynUnlockHCPage(PVM pVM, RCPTRTYPE(uint8_t *) GCPage)
-{
-    unsigned iPage;
-
-    AssertCompile(RT_ELEMENTS(pVM->pgm.s.aLockedDynPageMapCache) == 2* RT_ELEMENTS(pVM->pgm.s.aHCPhysDynPageMapCache));
-    AssertCompileMemberSize(VM, pgm.s.aLockedDynPageMapCache, sizeof(uint32_t) * (MM_HYPER_DYNAMIC_SIZE >> (PAGE_SHIFT)));
-
-    Assert(GCPage >= pVM->pgm.s.pbDynPageMapBaseGC && GCPage < (pVM->pgm.s.pbDynPageMapBaseGC + MM_HYPER_DYNAMIC_SIZE));
-    iPage = ((uintptr_t)(GCPage - pVM->pgm.s.pbDynPageMapBaseGC)) >> PAGE_SHIFT;
-    Assert(pVM->pgm.s.aLockedDynPageMapCache[iPage]);
-    ASMAtomicDecU32(&pVM->pgm.s.aLockedDynPageMapCache[iPage]);
-    Log4(("PGMDynUnlockHCPage %RRv iPage=%d\n", GCPage, iPage));
-}
-
-
-#  ifdef VBOX_STRICT
-/**
- * Check for lock leaks.
- *
- * @param   pVM         VM handle.
- */
-VMMDECL(void) PGMDynCheckLocks(PVM pVM)
-{
-    for (unsigned i = 0; i < RT_ELEMENTS(pVM->pgm.s.aLockedDynPageMapCache); i++)
-        Assert(!pVM->pgm.s.aLockedDynPageMapCache[i]);
-}
-#  endif /* VBOX_STRICT */
-
-# endif /* IN_RC */
 #endif /* IN_RC || VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0 */
-
 #if !defined(IN_R0) || defined(LOG_ENABLED)
 

trunk/src/VBox/VMM/VMMAll/PGMAllBth.h

@@ -383 +383 @@
     *pfLockTaken = false;
 
-# if defined(IN_RC) && defined(VBOX_STRICT)
-    PGMDynCheckLocks(pVM);
-# endif
-
 # if  (   PGM_GST_TYPE == PGM_TYPE_32BIT || PGM_GST_TYPE == PGM_TYPE_REAL || PGM_GST_TYPE == PGM_TYPE_PROT \
        || PGM_GST_TYPE == PGM_TYPE_PAE   || PGM_GST_TYPE == PGM_TYPE_AMD64) \
@@ -433 +429 @@
     if (uErr & X86_TRAP_PF_RSVD)
     {
+/** @todo This is not complete code. take locks */
         Assert(uErr & X86_TRAP_PF_P);
         PPGMPAGE pPage;
@@ -563 +560 @@
             return VINF_SUCCESS;
         }
-#ifndef IN_RC
         AssertMsg(GstWalk.Pde.u == GstWalk.pPde->u || GstWalk.pPte->u == GstWalk.pPde->u, ("%RX64 %RX64\n", (uint64_t)GstWalk.Pde.u, (uint64_t)GstWalk.pPde->u));
         AssertMsg(GstWalk.Core.fBigPage || GstWalk.Pte.u == GstWalk.pPte->u, ("%RX64 %RX64\n", (uint64_t)GstWalk.Pte.u, (uint64_t)GstWalk.pPte->u));
-#else
-        /* Ugly hack, proper fix is comming up later. */
-        if (   !(GstWalk.Pde.u == GstWalk.pPde->u || GstWalk.pPte->u == GstWalk.pPde->u)
-            || !(GstWalk.Core.fBigPage || GstWalk.Pte.u == GstWalk.pPte->u) )
-        {
-            rc = PGM_GST_NAME(Walk)(pVCpu, pvFault, &GstWalk);
-            if (RT_FAILURE_NP(rc))
-                return VBOXSTRICTRC_TODO(PGM_BTH_NAME(Trap0eHandlerGuestFault)(pVCpu, &GstWalk, uErr));
-        }
-#endif
     }
 
@@ -1148 +1134 @@
     }
 
-# if defined(IN_RC)
-    /* Make sure the dynamic pPdeDst mapping will not be reused during this function. */
-    PGMDynLockHCPage(pVM, (uint8_t *)pPdeDst);
-# endif
-
     /*
      * Get the guest PD entry and calc big page.
@@ -1295 +1276 @@
                     LogFlow(("Skipping flush for big page containing %RGv (PD=%X .u=%RX64)-> nothing has changed!\n", GCPtrPage, iPDSrc, PdeSrc.u));
                     STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->CTX_MID_Z(Stat,InvalidatePage4MBPagesSkip));
-# if defined(IN_RC)
-                    /* Make sure the dynamic pPdeDst mapping will not be reused during this function. */
-                    PGMDynUnlockHCPage(pVM, (uint8_t *)pPdeDst);
-# endif
+                    PGM_DYNMAP_UNUSED_HINT(pVCpu, pPdeDst);
                     return VINF_SUCCESS;
                 }
@@ -1335 +1313 @@
         }
     }
-# if defined(IN_RC)
-    /* Make sure the dynamic pPdeDst mapping will not be reused during this function. */
-    PGMDynUnlockHCPage(pVM, (uint8_t *)pPdeDst);
-# endif
+    PGM_DYNMAP_UNUSED_HINT(pVCpu, pPdeDst);
     return rc;
 
@@ -1785 +1760 @@
     PPGMPOOLPAGE    pShwPde  = pgmPoolGetPage(pPool, pPdptDst->a[iPdpt].u & X86_PDPE_PG_MASK);
     Assert(pShwPde);
-# endif
-
-# if defined(IN_RC)
-    /* Make sure the dynamic pPdeDst mapping will not be reused during this function. */
-    PGMDynLockHCPage(pVM, (uint8_t *)pPdeDst);
 # endif
 
@@ -2021 +1991 @@
                 }
             }
-# if defined(IN_RC)
-            /* Make sure the dynamic pPdeDst mapping will not be reused during this function. */
-            PGMDynUnlockHCPage(pVM, (uint8_t *)pPdeDst);
-# endif
+            PGM_DYNMAP_UNUSED_HINT(pVCpu, pPdeDst);
             return VINF_SUCCESS;
         }
@@ -2050 +2017 @@
     ASMAtomicWriteSize(pPdeDst, 0);
 
-# if defined(IN_RC)
-    /* Make sure the dynamic pPdeDst mapping will not be reused during this function. */
-    PGMDynUnlockHCPage(pVM, (uint8_t *)pPdeDst);
-# endif
+    PGM_DYNMAP_UNUSED_HINT(pVCpu, pPdeDst);
     PGM_INVL_VCPU_TLBS(pVCpu);
     return VINF_PGM_SYNCPAGE_MODIFIED_PDE;
@@ -2564 +2528 @@
     Assert(!PdeDst.n.u1Present); /* We're only supposed to call SyncPT on PDE!P and conflicts.*/
 
-# if defined(IN_RC)
-    /* Make sure the dynamic pPdeDst mapping will not be reused during this function. */
-    PGMDynLockHCPage(pVM, (uint8_t *)pPdeDst);
-# endif
-
     /*
      * Sync page directory entry.
@@ -2646 +2605 @@
             }
             ASMAtomicWriteSize(pPdeDst, PdeDst.u);
-# if defined(IN_RC)
-            PGMDynUnlockHCPage(pVM, (uint8_t *)pPdeDst);
-# endif
+            PGM_DYNMAP_UNUSED_HINT(pVCpu, pPdeDst);
             return VINF_SUCCESS;
         }
@@ -2654 +2611 @@
         {
             VMCPU_FF_SET(pVCpu, VMCPU_FF_PGM_SYNC_CR3);
-# if defined(IN_RC)
-            PGMDynUnlockHCPage(pVM, (uint8_t *)pPdeDst);
-# endif
+            PGM_DYNMAP_UNUSED_HINT(pVCpu, pPdeDst);
             return VINF_PGM_SYNC_CR3;
         }
@@ -2687 +2642 @@
                          | (PdeSrc.u & ~(GST_PDE_PG_MASK | X86_PDE_AVL_MASK | X86_PDE_PCD | X86_PDE_PWT | X86_PDE_PS | X86_PDE4M_G | X86_PDE4M_D));
                 ASMAtomicWriteSize(pPdeDst, PdeDst.u);
-# if defined(IN_RC)
-                PGMDynUnlockHCPage(pVM, (uint8_t *)pPdeDst);
-# endif
+                PGM_DYNMAP_UNUSED_HINT(pVCpu, pPdeDst);
 
                 /*
@@ -2768 +2721 @@
 
             /**
-             * @todo It might be more efficient to sync only a part of the 4MB page (similar to what we do for 4kb PDs).
+             * @todo It might be more efficient to sync only a part of the 4MB
+             *       page (similar to what we do for 4KB PDs).
              */
 
@@ -2795 +2749 @@
             }
             ASMAtomicWriteSize(pPdeDst, PdeDst.u);
-# if defined(IN_RC)
-            PGMDynUnlockHCPage(pVM, (uint8_t *)pPdeDst);
-# endif
+            PGM_DYNMAP_UNUSED_HINT(pVCpu, pPdeDst);
 
             /*
@@ -3391 +3343 @@
 # endif
 
-# if defined(IN_RC)
-    /* Make sure the dynamic pPdeDst mapping will not be reused during this function. */
-    PGMDynLockHCPage(pVM, (uint8_t *)pPdeDst);
-# endif
-
     if (!pPdeDst->n.u1Present)
     {
@@ -3401 +3348 @@
         if (rc != VINF_SUCCESS)
         {
-# if defined(IN_RC)
-            /* Make sure the dynamic pPdeDst mapping will not be reused during this function. */
-            PGMDynUnlockHCPage(pVM, (uint8_t *)pPdeDst);
-# endif
+            PGM_DYNMAP_UNUSED_HINT(pVCpu, pPdeDst);
             pgmUnlock(pVM);
             AssertRC(rc);
@@ -3449 +3393 @@
         }
     }
-# if defined(IN_RC)
-    /* Make sure the dynamic pPdeDst mapping will not be reused during this function. */
-    PGMDynUnlockHCPage(pVM, (uint8_t *)pPdeDst);
-# endif
+    PGM_DYNMAP_UNUSED_HINT(pVCpu, pPdeDst);
     pgmUnlock(pVM);
     return rc;
@@ -4359 +4300 @@
     AssertReturn(pPageCR3, VERR_INTERNAL_ERROR_2);
     HCPhysGuestCR3 = PGM_PAGE_GET_HCPHYS(pPageCR3);
-    /** @todo this needs some reworking wrt. locking.  */
+    /** @todo this needs some reworking wrt. locking?  */
 # if defined(IN_RC) || defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0)
     HCPtrGuestCR3 = NIL_RTHCPTR;

trunk/src/VBox/VMM/VMMAll/PGMAllMap.cpp

@@ -247 +247 @@
                 PX86PD pShw32BitPd = pgmShwGet32BitPDPtr(pVCpu);
                 AssertFatal(pShw32BitPd);
-#ifdef IN_RC    /* Lock mapping to prevent it from being reused during pgmPoolFree. */
-                PGMDynLockHCPage(pVM, (uint8_t *)pShw32BitPd);
-#endif
+
                 /* Free any previous user, unless it's us. */
                 Assert(   (pShw32BitPd->a[iNewPDE].u & (X86_PDE_P | PGM_PDFLAGS_MAPPING)) != (X86_PDE_P | PGM_PDFLAGS_MAPPING)
@@ -260 +258 @@
                 pShw32BitPd->a[iNewPDE].u = PGM_PDFLAGS_MAPPING | X86_PDE_P | X86_PDE_A | X86_PDE_RW | X86_PDE_US
                                           | (uint32_t)pMap->aPTs[i].HCPhysPT;
-#ifdef IN_RC
-                /* Unlock dynamic mappings again. */
-                PGMDynUnlockHCPage(pVM, (uint8_t *)pShw32BitPd);
-#endif
+                PGM_DYNMAP_UNUSED_HINT_VM(pVM, pShw32BitPd);
                 break;
             }
@@ -274 +269 @@
                 PX86PDPT        pShwPdpt  = pgmShwGetPaePDPTPtr(pVCpu);
                 Assert(pShwPdpt);
-#ifdef IN_RC    /* Lock mapping to prevent it from being reused during pgmShwSyncPaePDPtr. */
-                PGMDynLockHCPage(pVM, (uint8_t *)pShwPdpt);
-#endif
 
                 /*
@@ -302 +294 @@
                 }
                 Assert(pShwPaePd);
-#ifdef IN_RC    /* Lock mapping to prevent it from being reused during pgmPoolFree. */
-                PGMDynLockHCPage(pVM, (uint8_t *)pShwPaePd);
-#endif
 
                 /*
@@ -357 +346 @@
                 pShwPdpt->a[iPdPt].u |= PGM_PLXFLAGS_MAPPING;
 
-#ifdef IN_RC
-                /* Unlock dynamic mappings again. */
-                PGMDynUnlockHCPage(pVM, (uint8_t *)pShwPaePd);
-                PGMDynUnlockHCPage(pVM, (uint8_t *)pShwPdpt);
-#endif
+                PGM_DYNMAP_UNUSED_HINT_VM(pVM, pShwPaePd);
+                PGM_DYNMAP_UNUSED_HINT_VM(pVM, pShwPdpt);
                 break;
             }
@@ -406 +392 @@
     if (    PGMGetGuestMode(pVCpu) >= PGMMODE_PAE
         &&  pShwPageCR3 != pVCpu->pgm.s.CTX_SUFF(pShwPageCR3))
-    {
         pCurrentShwPdpt = pgmShwGetPaePDPTPtr(pVCpu);
-#ifdef IN_RC    /* Lock mapping to prevent it from being reused (currently not possible). */
-        if (pCurrentShwPdpt)
-            PGMDynLockHCPage(pVM, (uint8_t *)pCurrentShwPdpt);
-#endif
-    }
 
     unsigned i = pMap->cPTs;
@@ -503 +483 @@
         }
     }
-#ifdef IN_RC
-    /* Unlock dynamic mappings again. */
-    if (pCurrentShwPdpt)
-        PGMDynUnlockHCPage(pVM, (uint8_t *)pCurrentShwPdpt);
-#endif
+
+    PGM_DYNMAP_UNUSED_HINT_VM(pVM, pCurrentShwPdpt);
 }
 #endif /* !IN_RING0 */

trunk/src/VBox/VMM/VMMAll/PGMAllPhys.cpp

@@ -738 +738 @@
     AssertReturn(idChunk != NIL_GMM_CHUNKID, VERR_INVALID_PARAMETER);
 
-#ifdef IN_RC
+#if defined(IN_RC) || defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0)
     /*
      * Map it by HCPhys.
      */
-    return PGMDynMapHCPage(pVM, HCPhys, ppv);
-
-#elif defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0)
-    /*
-     * Map it by HCPhys.
-     */
-    return pgmR0DynMapHCPageInlined(VMMGetCpu(pVM), HCPhys, ppv);
+    return pgmRZDynMapHCPageInlined(VMMGetCpu(pVM), HCPhys, ppv  RTLOG_COMMA_SRC_POS);
 
 #else
@@ -824 +818 @@
     RTHCPHYS HCPhys = PGM_PAGE_GET_HCPHYS(pPage);
     Assert(HCPhys != pVM->pgm.s.HCPhysZeroPg);
-# ifdef VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0
-    pgmR0DynMapHCPageInlined(VMMGetCpu(pVM), HCPhys, ppv);
-# else
-    PGMDynMapHCPage(pVM, HCPhys, ppv);
-# endif
+    pgmRZDynMapHCPageInlined(VMMGetCpu(pVM), HCPhys, ppv RTLOG_COMMA_SRC_POS);
     return VINF_SUCCESS;
 
@@ -1138 +1128 @@
      */
 #if defined(IN_RC) || defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0)
-    *ppv = pgmDynMapHCPageOff(pVM, PGM_PAGE_GET_HCPHYS(pPage) | (GCPhys & PAGE_OFFSET_MASK));
+    *ppv = pgmRZDynMapHCPageOff(pVM, PGM_PAGE_GET_HCPHYS(pPage) | (GCPhys & PAGE_OFFSET_MASK) RTLOG_COMMA_SRC_POS);
 #else
     PPGMPAGEMAPTLBE pTlbe;
@@ -1176 +1166 @@
      */
 #if defined(IN_RC) || defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0)
-    *ppv = pgmDynMapHCPageOff(pVM, PGM_PAGE_GET_HCPHYS(pPage) | (GCPhys & PAGE_OFFSET_MASK)); /** @todo add a read only flag? */
+    *ppv = pgmRZDynMapHCPageOff(pVM, PGM_PAGE_GET_HCPHYS(pPage) | (GCPhys & PAGE_OFFSET_MASK) RTLOG_COMMA_SRC_POS); /** @todo add a read only flag? */
 #else
     PPGMPAGEMAPTLBE pTlbe;
@@ -1234 +1224 @@
         if (RT_SUCCESS(rc))
         {
-            *ppv = pgmDynMapHCPageOff(pVM, PGM_PAGE_GET_HCPHYS(pPage) | (GCPhys & PAGE_OFFSET_MASK)); /** @todo add a read only flag? */
+            *ppv = pgmRZDynMapHCPageOff(pVM, PGM_PAGE_GET_HCPHYS(pPage) | (GCPhys & PAGE_OFFSET_MASK) RTLOG_COMMA_SRC_POS); /** @todo add a read only flag? */
 # if 0
             pLock->pvMap = 0;
@@ -1345 +1335 @@
         else
         {
-            *ppv = pgmDynMapHCPageOff(pVM, PGM_PAGE_GET_HCPHYS(pPage) | (GCPhys & PAGE_OFFSET_MASK)); /** @todo add a read only flag? */
+            *ppv = pgmRZDynMapHCPageOff(pVM, PGM_PAGE_GET_HCPHYS(pPage) | (GCPhys & PAGE_OFFSET_MASK) RTLOG_COMMA_SRC_POS); /** @todo add a read only flag? */
 # if 0
             pLock->pvMap = 0;
@@ -1493 +1483 @@
     pLock->u32Dummy = 0;
 
-#else   /* IN_RING3 */
+#else
     PPGMPAGEMAP pMap       = (PPGMPAGEMAP)pLock->pvMap;
     PPGMPAGE    pPage      = (PPGMPAGE)(pLock->uPageAndType & ~PGMPAGEMAPLOCK_TYPE_MASK);

trunk/src/VBox/VMM/VMMAll/PGMAllPool.cpp

@@ -88 +88 @@
 }
 
-/** @def PGMPOOL_PAGE_2_LOCKED_PTR
- * Maps a pool page pool into the current context and lock it (RC only).
- *
- * @returns VBox status code.
- * @param   pVM     The VM handle.
- * @param   pPage   The pool page.
- *
- * @remark  In RC this uses PGMGCDynMapHCPage(), so it will consume of the
- *          small page window employeed by that function. Be careful.
- * @remark  There is no need to assert on the result.
- */
-#if defined(IN_RC)
-DECLINLINE(void *) PGMPOOL_PAGE_2_LOCKED_PTR(PVM pVM, PPGMPOOLPAGE pPage)
-{
-    void *pv = pgmPoolMapPageInlined(pVM, pPage);
-
-    /* Make sure the dynamic mapping will not be reused. */
-    if (pv)
-        PGMDynLockHCPage(pVM, (uint8_t *)pv);
-
-    return pv;
-}
-#else
-# define PGMPOOL_PAGE_2_LOCKED_PTR(pVM, pPage)  PGMPOOL_PAGE_2_PTR(pVM, pPage)
-#endif
-
-/** @def PGMPOOL_UNLOCK_PTR
- * Unlock a previously locked dynamic caching (RC only).
- *
- * @returns VBox status code.
- * @param   pVM     The VM handle.
- * @param   pPage   The pool page.
- *
- * @remark  In RC this uses PGMGCDynMapHCPage(), so it will consume of the
- *          small page window employeed by that function. Be careful.
- * @remark  There is no need to assert on the result.
- */
-#if defined(IN_RC)
-DECLINLINE(void) PGMPOOL_UNLOCK_PTR(PVM pVM, void *pvPage)
-{
-    if (pvPage)
-        PGMDynUnlockHCPage(pVM, (uint8_t *)pvPage);
-}
-#else
-# define PGMPOOL_UNLOCK_PTR(pVM, pPage)  do {} while (0)
-#endif
-
 
 /**
@@ -247 +200 @@
             {
                 STAM_COUNTER_INC(&pPool->CTX_MID_Z(StatMonitor,FaultPT));
-                uShw.pv = PGMPOOL_PAGE_2_LOCKED_PTR(pVM, pPage);
+                uShw.pv = PGMPOOL_PAGE_2_PTR(pVM, pPage);
                 const unsigned iShw = off / sizeof(X86PTE);
                 LogFlow(("PGMPOOLKIND_32BIT_PT_FOR_32BIT_PT iShw=%x\n", iShw));
@@ -270 +223 @@
             {
                 STAM_COUNTER_INC(&pPool->CTX_MID_Z(StatMonitor,FaultPT));
-                uShw.pv = PGMPOOL_PAGE_2_LOCKED_PTR(pVM, pPage);
+                uShw.pv = PGMPOOL_PAGE_2_PTR(pVM, pPage);
                 if (!((off ^ pPage->GCPhys) & (PAGE_SIZE / 2)))
                 {
@@ -300 +253 @@
                 unsigned iShwPdpt = iGst / 256;
                 unsigned iShw     = (iGst % 256) * 2;
-                uShw.pv = PGMPOOL_PAGE_2_LOCKED_PTR(pVM, pPage);
+                uShw.pv = PGMPOOL_PAGE_2_PTR(pVM, pPage);
 
                 LogFlow(("pgmPoolMonitorChainChanging PAE for 32 bits: iGst=%x iShw=%x idx = %d page idx=%d\n", iGst, iShw, iShwPdpt, pPage->enmKind - PGMPOOLKIND_PAE_PD0_FOR_32BIT_PD));
@@ -363 +316 @@
             case PGMPOOLKIND_PAE_PT_FOR_PAE_PT:
             {
-                uShw.pv = PGMPOOL_PAGE_2_LOCKED_PTR(pVM, pPage);
+                uShw.pv = PGMPOOL_PAGE_2_PTR(pVM, pPage);
                 const unsigned iShw = off / sizeof(X86PTEPAE);
                 STAM_COUNTER_INC(&pPool->CTX_MID_Z(StatMonitor,FaultPT));
@@ -409 +362 @@
             case PGMPOOLKIND_32BIT_PD:
             {
-                uShw.pv = PGMPOOL_PAGE_2_LOCKED_PTR(pVM, pPage);
+                uShw.pv = PGMPOOL_PAGE_2_PTR(pVM, pPage);
                 const unsigned iShw = off / sizeof(X86PTE);         // ASSUMING 32-bit guest paging!
 
@@ -489 +442 @@
             case PGMPOOLKIND_PAE_PD_FOR_PAE_PD:
             {
-                uShw.pv = PGMPOOL_PAGE_2_LOCKED_PTR(pVM, pPage);
+                uShw.pv = PGMPOOL_PAGE_2_PTR(pVM, pPage);
                 const unsigned iShw = off / sizeof(X86PDEPAE);
                 STAM_COUNTER_INC(&pPool->CTX_MID_Z(StatMonitor,FaultPD));
@@ -566 +519 @@
                 const unsigned offPdpt = GCPhysFault - pPage->GCPhys;
 
-                uShw.pv = PGMPOOL_PAGE_2_LOCKED_PTR(pVM, pPage);
+                uShw.pv = PGMPOOL_PAGE_2_PTR(pVM, pPage);
                 const unsigned iShw = offPdpt / sizeof(X86PDPE);
                 if (iShw < X86_PG_PAE_PDPE_ENTRIES)          /* don't use RT_ELEMENTS(uShw.pPDPT->a), because that's for long mode only */
@@ -633 +586 @@
             {
                 STAM_COUNTER_INC(&pPool->CTX_MID_Z(StatMonitor,FaultPD));
-                uShw.pv = PGMPOOL_PAGE_2_LOCKED_PTR(pVM, pPage);
+                uShw.pv = PGMPOOL_PAGE_2_PTR(pVM, pPage);
                 const unsigned iShw = off / sizeof(X86PDEPAE);
                 Assert(!(uShw.pPDPae->a[iShw].u & PGM_PDFLAGS_MAPPING));
@@ -673 +626 @@
                  * - messing with the bits of pd pointers without changing the physical address
                  */
-                uShw.pv = PGMPOOL_PAGE_2_LOCKED_PTR(pVM, pPage);
+                uShw.pv = PGMPOOL_PAGE_2_PTR(pVM, pPage);
                 const unsigned iShw = off / sizeof(X86PDPE);
                 if (uShw.pPDPT->a[iShw].n.u1Present)
@@ -703 +656 @@
                  * - messing with the bits of pd pointers without changing the physical address
                  */
-                uShw.pv = PGMPOOL_PAGE_2_LOCKED_PTR(pVM, pPage);
+                uShw.pv = PGMPOOL_PAGE_2_PTR(pVM, pPage);
                 const unsigned iShw = off / sizeof(X86PDPE);
                 if (uShw.pPML4->a[iShw].n.u1Present)
@@ -730 +683 @@
                 AssertFatalMsgFailed(("enmKind=%d\n", pPage->enmKind));
         }
-        PGMPOOL_UNLOCK_PTR(pVM, uShw.pv);
+        PGM_DYNMAP_UNUSED_HINT_VM(pVM, uShw.pv);
 
         /* next */
@@ -960 +913 @@
     while (pRegFrame->rcx)
     {
-#ifdef VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0
-        uint32_t iPrevSubset = PGMDynMapPushAutoSubset(pVCpu);
+#if defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0) || defined(IN_RC)
+        uint32_t iPrevSubset = PGMRZDynMapPushAutoSubset(pVCpu);
         pgmPoolMonitorChainChanging(pVCpu, pPool, pPage, GCPhysFault, (RTGCPTR)pu32, uIncrement);
-        PGMDynMapPopAutoSubset(pVCpu, iPrevSubset);
+        PGMRZDynMapPopAutoSubset(pVCpu, iPrevSubset);
 #else
         pgmPoolMonitorChainChanging(pVCpu, pPool, pPage, GCPhysFault, (RTGCPTR)pu32, uIncrement);
@@ -1012 +965 @@
      * Clear all the pages. ASSUMES that pvFault is readable.
      */
-#ifdef VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0
-    uint32_t    iPrevSubset = PGMDynMapPushAutoSubset(pVCpu);
+#if defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0) || defined(IN_RC)
+    uint32_t    iPrevSubset = PGMRZDynMapPushAutoSubset(pVCpu);
     pgmPoolMonitorChainChanging(pVCpu, pPool, pPage, GCPhysFault, pvFault, DISGetParamSize(pDis, &pDis->param1));
-    PGMDynMapPopAutoSubset(pVCpu, iPrevSubset);
+    PGMRZDynMapPopAutoSubset(pVCpu, iPrevSubset);
 #else
     pgmPoolMonitorChainChanging(pVCpu, pPool, pPage, GCPhysFault, pvFault, DISGetParamSize(pDis, &pDis->param1));
@@ -1113 +1066 @@
     if (pPage->enmKind == PGMPOOLKIND_PAE_PT_FOR_PAE_PT)
     {
-        void *pvShw = PGMPOOL_PAGE_2_LOCKED_PTR(pPool->CTX_SUFF(pVM), pPage);
+        void *pvShw = PGMPOOL_PAGE_2_PTR(pPool->CTX_SUFF(pVM), pPage);
         void *pvGst;
         int rc = PGM_GCPHYS_2_PTR(pPool->CTX_SUFF(pVM), pPage->GCPhys, &pvGst); AssertReleaseRC(rc);
@@ -1421 +1374 @@
                     if (pTempPage->enmKind == PGMPOOLKIND_PAE_PT_FOR_PAE_PT)
                     {
-                        PX86PTPAE pShwPT2 = (PX86PTPAE)PGMPOOL_PAGE_2_LOCKED_PTR(pPool->CTX_SUFF(pVM), pTempPage);
+                        PX86PTPAE pShwPT2 = (PX86PTPAE)PGMPOOL_PAGE_2_PTR(pPool->CTX_SUFF(pVM), pTempPage);
 
                         for (unsigned j = 0; j < RT_ELEMENTS(pShwPT->a); j++)
@@ -1539 +1492 @@
     pPage->fDirty = false;
 
-#ifdef VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0
-    uint32_t iPrevSubset = PGMDynMapPushAutoSubset(VMMGetCpu(pVM));
+#if defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0) || defined(IN_RC)
+    PVMCPU   pVCpu = VMMGetCpu(pVM);
+    uint32_t iPrevSubset = PGMRZDynMapPushAutoSubset(pVCpu);
 #endif
 
@@ -1557 +1511 @@
     /* Flush those PTEs that have changed. */
     STAM_PROFILE_START(&pPool->StatTrackDeref,a);
-    void *pvShw = PGMPOOL_PAGE_2_LOCKED_PTR(pPool->CTX_SUFF(pVM), pPage);
+    void *pvShw = PGMPOOL_PAGE_2_PTR(pPool->CTX_SUFF(pVM), pPage);
     void *pvGst;
     bool  fFlush;
@@ -1589 +1543 @@
         Log(("Removed dirty page %RGp cMods=%d cChanges=%d\n", pPage->GCPhys, pPage->cModifications, cChanges));
 
-#ifdef VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0
-    PGMDynMapPopAutoSubset(VMMGetCpu(pVM), iPrevSubset);
+#if defined(VBOX_WITH_2X_4GB_ADDR_SPACE_R0) || defined(IN_RC)
+    PGMRZDynMapPopAutoSubset(pVCpu, iPrevSubset);
 #endif
 }
@@ -1627 +1581 @@
      * references to physical pages. (the HCPhys linear lookup is *extremely* expensive!)
      */
-    void *pvShw = PGMPOOL_PAGE_2_LOCKED_PTR(pPool->CTX_SUFF(pVM), pPage);
+    void *pvShw = PGMPOOL_PAGE_2_PTR(pPool->CTX_SUFF(pVM), pPage);
     void *pvGst;
     int rc = PGM_GCPHYS_2_PTR(pPool->CTX_SUFF(pVM), pPage->GCPhys, &pvGst); AssertReleaseRC(rc);
@@ -3352 +3306 @@
         else
         {
-# ifdef VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0
+# if defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0) || defined(IN_RC)
             /* Start a subset here because pgmPoolTrackFlushGCPhysPTsSlow and
                pgmPoolTrackFlushGCPhysPTs will/may kill the pool otherwise. */
-            uint32_t iPrevSubset = PGMDynMapPushAutoSubset(pVCpu);
+            uint32_t iPrevSubset = PGMRZDynMapPushAutoSubset(pVCpu);
 # endif
 
@@ -3370 +3324 @@
             *pfFlushTLBs = true;
 
-# ifdef VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0
-            PGMDynMapPopAutoSubset(pVCpu, iPrevSubset);
+# if defined(VBOX_WITH_2X_4GB_ADDR_SPACE_R0) || defined(IN_RC)
+            PGMRZDynMapPopAutoSubset(pVCpu, iPrevSubset);
 # endif
         }
@@ -3663 +3617 @@
             AssertFatalMsgFailed(("enmKind=%d iUser=%#x iUserTable=%#x\n", pUserPage->enmKind, pUser->iUser, pUser->iUserTable));
     }
+    PGM_DYNMAP_UNUSED_HINT_VM(pPool->CTX_SUFF(pVM), u.pau64);
 }
 
@@ -4435 +4390 @@
      * Map the shadow page and take action according to the page kind.
      */
-    void *pvShw = PGMPOOL_PAGE_2_LOCKED_PTR(pPool->CTX_SUFF(pVM), pPage);
+    void *pvShw = PGMPOOL_PAGE_2_PTR(pPool->CTX_SUFF(pVM), pPage);
     switch (pPage->enmKind)
     {
@@ -4539 +4494 @@
     STAM_PROFILE_STOP(&pPool->StatZeroPage, z);
     pPage->fZeroed = true;
-    PGMPOOL_UNLOCK_PTR(pPool->CTX_SUFF(pVM), pvShw);
+    PGM_DYNMAP_UNUSED_HINT_VM(pPool->CTX_SUFF(pVM), pvShw);
     Assert(!pPage->cPresent);
 }
@@ -4596 +4551 @@
     }
 
-#ifdef VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0
+#if defined(VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0) || defined(IN_RC)
     /* Start a subset so we won't run out of mapping space. */
     PVMCPU pVCpu = VMMGetCpu(pVM);
-    uint32_t iPrevSubset = PGMDynMapPushAutoSubset(pVCpu);
+    uint32_t iPrevSubset = PGMRZDynMapPushAutoSubset(pVCpu);
 #endif
 
@@ -4629 +4584 @@
     pgmPoolCacheFlushPage(pPool, pPage);
 
-#ifdef VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0
+#if defined(VBOX_WITH_2X_4GB_ADDR_SPACE_R0) || defined(IN_RC)
     /* Heavy stuff done. */
-    PGMDynMapPopAutoSubset(pVCpu, iPrevSubset);
+    PGMRZDynMapPopAutoSubset(pVCpu, iPrevSubset);
 #endif
 

trunk/src/VBox/VMM/VMMAll/TRPMAll.cpp

@@ -693 +693 @@
                         STAM_PROFILE_ADV_STOP(&pVM->trpm.s.aStatGCTraps[iOrgTrap], o);
 
-                    CPUMGCCallGuestTrapHandler(pRegFrame, GuestIdte.Gen.u16SegSel | 1, pVM->trpm.s.aGuestTrapHandler[iGate], eflags.u32, ss_r0, (RTRCPTR)esp_r0);
+                    PGMRZDynMapReleaseAutoSet(pVCpu);
+                    CPUMGCCallGuestTrapHandler(pRegFrame, GuestIdte.Gen.u16SegSel | 1, pVM->trpm.s.aGuestTrapHandler[iGate],
+                                               eflags.u32, ss_r0, (RTRCPTR)esp_r0);
                     /* does not return */
 #else

trunk/src/VBox/VMM/VMMGC/PGMGC.cpp

@@ -5 +5 @@
 
 /*
- * Copyright (C) 2006-2007 Oracle Corporation
+ * Copyright (C) 2006-2010 Oracle Corporation
  *
  * This file is part of VirtualBox Open Source Edition (OSE), as

trunk/src/VBox/VMM/VMMGC/TRPMGCHandlers.cpp

@@ -46 +46 @@
 #include <iprt/assert.h>
 
+
 /*******************************************************************************
 *   Defined Constants And Macros                                               *
@@ -130 +131 @@
  * @param   rc          The VBox status code to return.
  * @param   pRegFrame   Pointer to the register frame for the trap.
+ *
+ * @remarks This must not be used for hypervisor traps, only guest traps.
  */
 static int trpmGCExitTrap(PVM pVM, PVMCPU pVCpu, int rc, PCPUMCTXCORE pRegFrame)
@@ -231 +234 @@
          */
         else if (VMCPU_FF_ISPENDING(pVCpu, VMCPU_FF_PGM_SYNC_CR3 | VMCPU_FF_PGM_SYNC_CR3_NON_GLOBAL))
+        {
 #if 1
+            PGMRZDynMapReleaseAutoSet(pVCpu);
+            PGMRZDynMapStartAutoSet(pVCpu);
             rc = PGMSyncCR3(pVCpu, CPUMGetGuestCR0(pVCpu), CPUMGetGuestCR3(pVCpu), CPUMGetGuestCR4(pVCpu), VMCPU_FF_ISSET(pVCpu, VMCPU_FF_PGM_SYNC_CR3));
 #else
             rc = VINF_PGM_SYNC_CR3;
 #endif
+        }
         /* Pending request packets might contain actions that need immediate attention, such as pending hardware interrupts. */
         else if (   VM_FF_ISPENDING(pVM, VM_FF_REQUEST)
@@ -246 +253 @@
                     && ( pRegFrame->eflags.Bits.u2IOPL < (unsigned)(pRegFrame->ss & X86_SEL_RPL) || pRegFrame->eflags.Bits.u1VM))
               , ("rc=%Rrc\neflags=%RX32 ss=%RTsel IOPL=%d\n", rc, pRegFrame->eflags.u32, pRegFrame->ss, pRegFrame->eflags.Bits.u2IOPL));
+    PGMRZDynMapReleaseAutoSet(pVCpu);
     return rc;
 }
@@ -270 +278 @@
 
     /*
-     * We currently don't make sure of the X86_DR7_GD bit, but
+     * We currently don't make use of the X86_DR7_GD bit, but
      * there might come a time when we do.
      */
-    if ((uDr6 & X86_DR6_BD) == X86_DR6_BD)
-    {
-        AssertReleaseMsgFailed(("X86_DR6_BD isn't used, but it's set! dr7=%RTreg(%RTreg) dr6=%RTreg\n",
-                                ASMGetDR7(), CPUMGetHyperDR7(pVCpu), uDr6));
-        return VERR_NOT_IMPLEMENTED;
-    }
-
+    AssertReleaseMsgReturn((uDr6 & X86_DR6_BD) != X86_DR6_BD,
+                           ("X86_DR6_BD isn't used, but it's set! dr7=%RTreg(%RTreg) dr6=%RTreg\n",
+                            ASMGetDR7(), CPUMGetHyperDR7(pVCpu), uDr6),
+                           VERR_NOT_IMPLEMENTED);
     AssertReleaseMsg(!(uDr6 & X86_DR6_BT), ("X86_DR6_BT is impossible!\n"));
 
@@ -285 +290 @@
      * Now leave the rest to the DBGF.
      */
+    PGMRZDynMapStartAutoSet(pVCpu);
     int rc = DBGFRZTrap01Handler(pVM, pVCpu, pRegFrame, uDr6);
     if (rc == VINF_EM_RAW_GUEST_TRAP)
@@ -296 +302 @@
 
 /**
+ * \#DB (Debug event) handler for the hypervisor code.
+ *
+ * This is mostly the same as TRPMGCTrap01Handler, but we skip the PGM auto
+ * mapping set as well as the default trap exit path since they are both really
+ * bad ideas in this context.
+ *
+ * @returns VBox status code.
+ *          VINF_SUCCESS means we completely handled this trap,
+ *          other codes are passed execution to host context.
+ *
+ * @param   pTrpmCpu    Pointer to TRPMCPU data (within VM).
+ * @param   pRegFrame   Pointer to the register frame for the trap.
+ * @internal
+ */
+DECLASM(int) TRPMGCHyperTrap01Handler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
+{
+    RTGCUINTREG uDr6  = ASMGetAndClearDR6();
+    PVM         pVM   = TRPMCPU_2_VM(pTrpmCpu);
+    PVMCPU      pVCpu = TRPMCPU_2_VMCPU(pTrpmCpu);
+
+    LogFlow(("TRPMGCHyper01: cs:eip=%04x:%08x uDr6=%RTreg\n", pRegFrame->cs, pRegFrame->eip, uDr6));
+
+    /*
+     * We currently don't make use of the X86_DR7_GD bit, but
+     * there might come a time when we do.
+     */
+    AssertReleaseMsgReturn((uDr6 & X86_DR6_BD) != X86_DR6_BD,
+                           ("X86_DR6_BD isn't used, but it's set! dr7=%RTreg(%RTreg) dr6=%RTreg\n",
+                            ASMGetDR7(), CPUMGetHyperDR7(pVCpu), uDr6),
+                           VERR_NOT_IMPLEMENTED);
+    AssertReleaseMsg(!(uDr6 & X86_DR6_BT), ("X86_DR6_BT is impossible!\n"));
+
+    /*
+     * Now leave the rest to the DBGF.
+     */
+    int rc = DBGFRZTrap01Handler(pVM, pVCpu, pRegFrame, uDr6);
+    AssertStmt(rc != VINF_EM_RAW_GUEST_TRAP, rc = VERR_INTERNAL_ERROR_3);
+
+    Log6(("TRPMGCHyper01: %Rrc (%04x:%08x %RTreg)\n", rc, pRegFrame->cs, pRegFrame->eip, uDr6));
+    return rc;
+}
+
+
+/**
  * NMI handler, for when we are using NMIs to debug things.
  *
@@ -311 +361 @@
     LogFlow(("TRPMGCTrap02Handler: cs:eip=%04x:%08x\n", pRegFrame->cs, pRegFrame->eip));
     RTLogComPrintf("TRPMGCTrap02Handler: cs:eip=%04x:%08x\n", pRegFrame->cs, pRegFrame->eip);
+    return VERR_TRPM_DONT_PANIC;
+}
+
+
+/**
+ * NMI handler, for when we are using NMIs to debug things.
+ *
+ * This is the handler we're most likely to hit when the NMI fires (it is
+ * unlikely that we'll be stuck in guest code).
+ *
+ * @returns VBox status code.
+ *          VINF_SUCCESS means we completely handled this trap,
+ *          other codes are passed execution to host context.
+ *
+ * @param   pTrpmCpu    Pointer to TRPMCPU data (within VM).
+ * @param   pRegFrame   Pointer to the register frame for the trap.
+ * @internal
+ * @remark  This is not hooked up unless you're building with VBOX_WITH_NMI defined.
+ */
+DECLASM(int) TRPMGCHyperTrap02Handler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
+{
+    LogFlow(("TRPMGCHyperTrap02Handler: cs:eip=%04x:%08x\n", pRegFrame->cs, pRegFrame->eip));
+    RTLogComPrintf("TRPMGCHyperTrap02Handler: cs:eip=%04x:%08x\n", pRegFrame->cs, pRegFrame->eip);
     return VERR_TRPM_DONT_PANIC;
 }
@@ -332 +405 @@
     PVMCPU  pVCpu = TRPMCPU_2_VMCPU(pTrpmCpu);
     int     rc;
-
-    /*
-     * Both PATM are using INT3s, let them have a go first.
+    PGMRZDynMapStartAutoSet(pVCpu);
+
+    /*
+     * PATM is using INT3s, let them have a go first.
      */
     if (    (pRegFrame->ss & X86_SEL_RPL) == 1
@@ -357 +431 @@
 
 /**
+ * \#BP (Breakpoint) handler.
+ *
+ * This is similar to TRPMGCTrap03Handler but we bits which are potentially
+ * harmful to us (common trap exit and the auto mapping set).
+ *
+ * @returns VBox status code.
+ *          VINF_SUCCESS means we completely handled this trap,
+ *          other codes are passed execution to host context.
+ *
+ * @param   pTrpmCpu    Pointer to TRPMCPU data (within VM).
+ * @param   pRegFrame   Pointer to the register frame for the trap.
+ * @internal
+ */
+DECLASM(int) TRPMGCHyperTrap03Handler(PTRPMCPU pTrpmCpu, PCPUMCTXCORE pRegFrame)
+{
+    LogFlow(("TRPMGCHyper03: %04x:%08x\n", pRegFrame->cs, pRegFrame->eip));
+    PVM     pVM   = TRPMCPU_2_VM(pTrpmCpu);
+    PVMCPU  pVCpu = TRPMCPU_2_VMCPU(pTrpmCpu);
+
+    /*
+     * Hand it over to DBGF.
+     */
+    int rc = DBGFRZTrap03Handler(pVM, pVCpu, pRegFrame);
+    AssertStmt(rc != VINF_EM_RAW_GUEST_TRAP, rc = VERR_INTERNAL_ERROR_3);
+
+    Log6(("TRPMGCHyper03: %Rrc (%04x:%08x)\n", rc, pRegFrame->cs, pRegFrame->eip));
+    return rc;
+}
+
+
+/**
  * Trap handler for illegal opcode fault (\#UD).
  *
@@ -373 +478 @@
     PVMCPU  pVCpu = TRPMCPU_2_VMCPU(pTrpmCpu);
     int     rc;
+    PGMRZDynMapStartAutoSet(pVCpu);
 
     if (CPUMGetGuestCPL(pVCpu, pRegFrame) == 0)
@@ -402 +508 @@
         /*
          * UD2 in a patch?
+         * Note! PATMGCHandleIllegalInstrTrap doesn't always return.
          */
         if (    Cpu.pCurInstr->opcode == OP_ILLUD2
             &&  PATMIsPatchGCAddr(pVM, pRegFrame->eip))
         {
+            LogFlow(("TRPMGCTrap06Handler: -> PATMGCHandleIllegalInstrTrap\n"));
             rc = PATMGCHandleIllegalInstrTrap(pVM, pRegFrame);
             /** @todo  These tests are completely unnecessary, should just follow the
@@ -439 +547 @@
         else if (Cpu.pCurInstr->opcode == OP_MONITOR)
         {
+            LogFlow(("TRPMGCTrap06Handler: -> EMInterpretInstructionCPU\n"));
             uint32_t cbIgnored;
             rc = EMInterpretInstructionCPU(pVM, pVCpu, &Cpu, pRegFrame, PC, &cbIgnored);
@@ -446 +555 @@
         /* Never generate a raw trap here; it might be an instruction, that requires emulation. */
         else
+        {
+            LogFlow(("TRPMGCTrap06Handler: -> VINF_EM_RAW_EMULATE_INSTR\n"));
             rc = VINF_EM_RAW_EMULATE_INSTR;
+        }
     }
     else
     {
+        LogFlow(("TRPMGCTrap06Handler: -> TRPMForwardTrap\n"));
         rc = TRPMForwardTrap(pVCpu, pRegFrame, 0x6, 0, TRPM_TRAP_NO_ERRORCODE, TRPM_TRAP, 0x6);
         Assert(rc == VINF_EM_RAW_GUEST_TRAP);
@@ -478 +591 @@
     PVM     pVM   = TRPMCPU_2_VM(pTrpmCpu);
     PVMCPU  pVCpu = TRPMCPU_2_VMCPU(pTrpmCpu);
+    PGMRZDynMapStartAutoSet(pVCpu);
 
     int rc = CPUMHandleLazyFPU(pVCpu);
@@ -500 +614 @@
 {
     LogFlow(("TRPMGC0b: %04x:%08x\n", pRegFrame->cs, pRegFrame->eip));
-    PVM pVM = TRPMCPU_2_VM(pTrpmCpu);
+    PVM     pVM   = TRPMCPU_2_VM(pTrpmCpu);
+    PVMCPU  pVCpu = TRPMCPU_2_VMCPU(pTrpmCpu);
+    PGMRZDynMapStartAutoSet(pVCpu);
 
     /*
@@ -574 +690 @@
             pTrpmCpu->uActiveVector = ~0;
             Log6(("TRPMGC0b: %Rrc (%04x:%08x) (CG)\n", VINF_EM_RAW_RING_SWITCH, pRegFrame->cs, pRegFrame->eip));
+            PGMRZDynMapReleaseAutoSet(pVCpu);
             return VINF_EM_RAW_RING_SWITCH;
         }
@@ -582 +699 @@
      */
     Log6(("TRPMGC0b: %Rrc (%04x:%08x)\n", VINF_EM_RAW_GUEST_TRAP, pRegFrame->cs, pRegFrame->eip));
+    PGMRZDynMapReleaseAutoSet(pVCpu);
     return VINF_EM_RAW_GUEST_TRAP;
 }
@@ -933 +1051 @@
     LogFlow(("TRPMGC0d: %04x:%08x err=%x\n", pRegFrame->cs, pRegFrame->eip, (uint32_t)pVCpu->trpm.s.uActiveErrorCode));
 
+    PGMRZDynMapStartAutoSet(pVCpu);
     int rc = trpmGCTrap0dHandler(pVM, pTrpmCpu, pRegFrame);
     switch (rc)
@@ -994 +1113 @@
      * This is all PGM stuff.
      */
+    PGMRZDynMapStartAutoSet(pVCpu);
     int rc = PGMTrap0eHandler(pVCpu, pVCpu->trpm.s.uActiveErrorCode, pRegFrame, (RTGCPTR)pVCpu->trpm.s.uActiveCR2);
     switch (rc)
@@ -1009 +1129 @@
         case VINF_EM_RAW_GUEST_TRAP:
             if (PATMIsPatchGCAddr(pVM, pRegFrame->eip))
+            {
+                PGMRZDynMapReleaseAutoSet(pVCpu);
                 return VINF_PATM_PATCH_TRAP_PF;
+            }
 
             rc = TRPMForwardTrap(pVCpu, pRegFrame, 0xE, 0, TRPM_TRAP_HAS_ERRORCODE, TRPM_TRAP, 0xe);

trunk/src/VBox/VMM/VMMGC/TRPMGCHandlersA.asm

@@ -4 +4 @@
 ;
 
-; Copyright (C) 2006-2007 Oracle Corporation
+; Copyright (C) 2006-2010 Oracle Corporation
 ;
 ; This file is part of VirtualBox Open Source Edition (OSE), as
@@ -34 +34 @@
 extern IMPNAME(g_TRPM)                  ; where there is a pointer to the real symbol. PE imports
 extern IMPNAME(g_TRPMCPU)               ; are a bit confusing at first... :-)
-extern IMPNAME(g_VM)                    
+extern IMPNAME(g_VM)
 extern NAME(CPUMGCRestoreInt)
 extern NAME(cpumHandleLazyFPUAsm)
 extern NAME(CPUMHyperSetCtxCore)
 extern NAME(trpmGCTrapInGeneric)
-extern NAME(TRPMGCHyperTrap0bHandler)
-extern NAME(TRPMGCHyperTrap0dHandler)
-extern NAME(TRPMGCHyperTrap0eHandler)
 extern NAME(TRPMGCTrap01Handler)
+extern NAME(TRPMGCHyperTrap01Handler)
 %ifdef VBOX_WITH_NMI
 extern NAME(TRPMGCTrap02Handler)
+extern NAME(TRPMGCHyperTrap02Handler)
 %endif
 extern NAME(TRPMGCTrap03Handler)
+extern NAME(TRPMGCHyperTrap03Handler)
 extern NAME(TRPMGCTrap06Handler)
+extern NAME(TRPMGCTrap07Handler)
 extern NAME(TRPMGCTrap0bHandler)
+extern NAME(TRPMGCHyperTrap0bHandler)
 extern NAME(TRPMGCTrap0dHandler)
+extern NAME(TRPMGCHyperTrap0dHandler)
 extern NAME(TRPMGCTrap0eHandler)
-extern NAME(TRPMGCTrap07Handler)
+extern NAME(TRPMGCHyperTrap0eHandler)
 
 ;; IMPORTANT all COM_ functions trashes esi, some edi and the LOOP_SHORT_WHILE kills ecx.
@@ -71 +74 @@
                                         ; =============================================================
     dd 0                                ;  0 - #DE - F   - N - Divide error
-    dd NAME(TRPMGCTrap01Handler)        ;  1 - #DB - F/T - N - Single step, INT 1 instruction
+    dd NAME(TRPMGCHyperTrap01Handler)   ;  1 - #DB - F/T - N - Single step, INT 1 instruction
 %ifdef VBOX_WITH_NMI
-    dd NAME(TRPMGCTrap02Handler)        ;  2 -     - I   - N - Non-Maskable Interrupt (NMI)
+    dd NAME(TRPMGCHyperTrap02Handler)   ;  2 -     - I   - N - Non-Maskable Interrupt (NMI)
 %else
     dd 0                                ;  2 -     - I   - N - Non-Maskable Interrupt (NMI)
 %endif
-    dd NAME(TRPMGCTrap03Handler)        ;  3 - #BP - T   - N - Breakpoint, INT 3 instruction.
+    dd NAME(TRPMGCHyperTrap03Handler)   ;  3 - #BP - T   - N - Breakpoint, INT 3 instruction.
     dd 0                                ;  4 - #OF - T   - N - Overflow, INTO instruction.
     dd 0                                ;  5 - #BR - F   - N - BOUND Range Exceeded, BOUND instruction.
@@ -271 +274 @@
     mov     [esp + CPUMCTXCORE.eflags], eax
 
-%if GC_ARCH_BITS == 64    
+%if GC_ARCH_BITS == 64
     ; zero out the high dwords
     mov     dword [esp + CPUMCTXCORE.eax + 4], 0
@@ -775 +778 @@
     mov     [esp + CPUMCTXCORE.ss], eax
 
-%if GC_ARCH_BITS == 64    
+%if GC_ARCH_BITS == 64
     ; zero out the high dwords
     mov     dword [esp + CPUMCTXCORE.eax + 4], 0

trunk/src/VBox/VMM/VMMGC/VMMGC.cpp

@@ -5 +5 @@
 
 /*
- * Copyright (C) 2006-2007 Oracle Corporation
+ * Copyright (C) 2006-2010 Oracle Corporation
  *
  * This file is part of VirtualBox Open Source Edition (OSE), as
@@ -91 +91 @@
             AssertRCReturn(rc, rc);
 
+            rc = PGMRCDynMapInit(pVM);
+            AssertRCReturn(rc, rc);
             return VINF_SUCCESS;
         }

trunk/src/VBox/VMM/VMMR0/HWACCMR0.cpp

@@ -1094 +1094 @@
 
 #ifdef VBOX_WITH_2X_4GB_ADDR_SPACE
-    bool fStartedSet = PGMDynMapStartOrMigrateAutoSet(pVCpu);
+    bool fStartedSet = PGMR0DynMapStartOrMigrateAutoSet(pVCpu);
 #endif
 
@@ -1107 +1107 @@
 #ifdef VBOX_WITH_2X_4GB_ADDR_SPACE
     if (fStartedSet)
-        PGMDynMapReleaseAutoSet(pVCpu);
+        PGMRZDynMapReleaseAutoSet(pVCpu);
 #endif
 
@@ -1209 +1209 @@
 
 #ifdef VBOX_WITH_2X_4GB_ADDR_SPACE
-    PGMDynMapStartAutoSet(pVCpu);
+    PGMRZDynMapStartAutoSet(pVCpu);
 #endif
 
@@ -1217 +1217 @@
 
 #ifdef VBOX_WITH_2X_4GB_ADDR_SPACE
-    PGMDynMapReleaseAutoSet(pVCpu);
+    PGMRZDynMapReleaseAutoSet(pVCpu);
 #endif
     return rc;

trunk/src/VBox/VMM/VMMR0/HWVMXR0.cpp

@@ -2565 +2565 @@
 #endif
 #ifdef VBOX_WITH_2X_4GB_ADDR_SPACE_IN_R0
-    PGMDynMapFlushAutoSet(pVCpu);
+    PGMRZDynMapFlushAutoSet(pVCpu);
 #endif
 

trunk/src/VBox/VMM/VMMRZ/PGMRZDynMap.cpp

@@ -1 +1 @@
 /* $Id$ */
 /** @file
- * PGM - Page Manager and Monitor, ring-0 dynamic mapping cache.
+ * PGM - Page Manager and Monitor, dynamic mapping cache.
  */
 
 /*
- * Copyright (C) 2008 Oracle Corporation
+ * Copyright (C) 2008-2010 Oracle Corporation
  *
  * This file is part of VirtualBox Open Source Edition (OSE), as
@@ -16 +16 @@
  */
 
+
 /*******************************************************************************
 *   Internal Functions                                                         *
 *******************************************************************************/
-#define LOG_GROUP LOG_GROUP_PGM
+#define LOG_GROUP LOG_GROUP_PGM_DYNMAP
 #include <VBox/pgm.h>
 #include "../PGMInternal.h"
 #include <VBox/vm.h>
 #include "../PGMInline.h"
+#include <VBox/err.h>
+#include <VBox/param.h>
 #include <VBox/sup.h>
-#include <VBox/err.h>
 #include <iprt/asm.h>
 #include <iprt/asm-amd64-x86.h>
-#include <iprt/alloc.h>
 #include <iprt/assert.h>
-#include <iprt/cpuset.h>
-#include <iprt/memobj.h>
-#include <iprt/mp.h>
-#include <iprt/semaphore.h>
-#include <iprt/spinlock.h>
+#ifndef IN_RC
+# include <iprt/cpuset.h>
+# include <iprt/mem.h>
+# include <iprt/memobj.h>
+# include <iprt/mp.h>
+# include <iprt/semaphore.h>
+# include <iprt/spinlock.h>
+#endif
 #include <iprt/string.h>
 
@@ -41 +45 @@
 *   Defined Constants And Macros                                               *
 *******************************************************************************/
+#ifdef IN_RING0
 /** The max size of the mapping cache (in pages). */
-#define PGMR0DYNMAP_MAX_PAGES               ((16*_1M) >> PAGE_SHIFT)
+# define PGMR0DYNMAP_MAX_PAGES              ((16*_1M) >> PAGE_SHIFT)
 /** The small segment size that is adopted on out-of-memory conditions with a
  * single big segment. */
-#define PGMR0DYNMAP_SMALL_SEG_PAGES         128
+# define PGMR0DYNMAP_SMALL_SEG_PAGES        128
 /** The number of pages we reserve per CPU. */
-#define PGMR0DYNMAP_PAGES_PER_CPU           256
+# define PGMR0DYNMAP_PAGES_PER_CPU          256
 /** The minimum number of pages we reserve per CPU.
  * This must be equal or larger than the autoset size.  */
-#define PGMR0DYNMAP_PAGES_PER_CPU_MIN       64
+# define PGMR0DYNMAP_PAGES_PER_CPU_MIN      64
+/** Calcs the overload threshold (safety margin).  Current set at 50%. */
+# define PGMR0DYNMAP_CALC_OVERLOAD(cPages)  ((cPages) / 2)
 /** The number of guard pages.
  * @remarks Never do tuning of the hashing or whatnot with a strict build!  */
-#if defined(VBOX_STRICT)
-# define PGMR0DYNMAP_GUARD_PAGES            1
-#else
-# define PGMR0DYNMAP_GUARD_PAGES            0
-#endif
+# if defined(VBOX_STRICT)
+#  define PGMR0DYNMAP_GUARD_PAGES           1
+# else
+#  define PGMR0DYNMAP_GUARD_PAGES           0
+# endif
+#endif /* IN_RING0 */
 /** The dummy physical address of guard pages. */
 #define PGMR0DYNMAP_GUARD_PAGE_HCPHYS       UINT32_C(0x7777feed)
@@ -66 +74 @@
  * The alternative is to replace the entire PTE with an bad not-present
  * PTE. Either way, XNU will screw us. :-/   */
-#define PGMR0DYNMAP_GUARD_NP
+# define PGMR0DYNMAP_GUARD_NP
 #endif
 /** The dummy PTE value for a page. */
@@ -72 +80 @@
 /** The dummy PTE value for a page. */
 #define PGMR0DYNMAP_GUARD_PAGE_PAE_PTE      UINT64_MAX /*X86_PTE_PAE_PG_MASK*/
-/** Calcs the overload threshold. Current set at 50%. */
-#define PGMR0DYNMAP_CALC_OVERLOAD(cPages)   ((cPages) / 2)
-
-#if 0
-/* Assertions causes panics if preemption is disabled, this can be used to work around that. */
-//#define RTSpinlockAcquire(a,b) do {} while (0)
-//#define RTSpinlockRelease(a,b) do {} while (0)
-#endif
+
+#ifdef IN_RING0 /* Note! Assertions causes panics if preemption is disabled,
+                 *       disable this to work around that. */
+/**
+ * Acquire the spinlock.
+ * This will declare a temporary variable and expands to two statements!
+ */
+# define PGMRZDYNMAP_SPINLOCK_ACQUIRE(pThis) \
+    RTSPINLOCKTMP   MySpinlockTmp = RTSPINLOCKTMP_INITIALIZER; \
+    RTSpinlockAcquire((pThis)->hSpinlock, &MySpinlockTmp)
+/**
+ * Releases the spinlock.
+ */
+# define PGMRZDYNMAP_SPINLOCK_RELEASE(pThis) \
+    RTSpinlockRelease((pThis)->hSpinlock, &MySpinlockTmp)
+
+/**
+ * Re-acquires the spinlock.
+ */
+# define PGMRZDYNMAP_SPINLOCK_REACQUIRE(pThis) \
+    RTSpinlockAcquire((pThis)->hSpinlock, &MySpinlockTmp)
+#else
+# define PGMRZDYNMAP_SPINLOCK_ACQUIRE(pThis)   do { } while (0)
+# define PGMRZDYNMAP_SPINLOCK_RELEASE(pThis)   do { } while (0)
+# define PGMRZDYNMAP_SPINLOCK_REACQUIRE(pThis) do { } while (0)
+#endif
+
 
 /** Converts a PGMCPUM::AutoSet pointer into a PVMCPU. */
-#define PGMR0DYNMAP_2_VMCPU(pSet)           (RT_FROM_MEMBER(pSet, VMCPU, pgm.s.AutoSet))
+#define PGMRZDYNMAP_SET_2_VMCPU(pSet)       (RT_FROM_MEMBER(pSet, VMCPU, pgm.s.AutoSet))
 
 /** Converts a PGMCPUM::AutoSet pointer into a PVM. */
-#define PGMR0DYNMAP_2_VM(pSet)              (PGMR0DYNMAP_2_VMCPU(pSet)->CTX_SUFF(pVM))
+#define PGMRZDYNMAP_SET_2_VM(pSet)          (PGMRZDYNMAP_SET_2_VMCPU(pSet)->CTX_SUFF(pVM))
+
+/** Converts a PGMCPUM::AutoSet pointer into a PVM. */
+#ifdef IN_RC
+# define PGMRZDYNMAP_SET_2_DYNMAP(pSet)     (PGMRZDYNMAP_SET_2_VM(pSet)->pgm.s.pRCDynMap)
+#else
+# define PGMRZDYNMAP_SET_2_DYNMAP(pSet)     (g_pPGMR0DynMap)
+#endif
+
+/**
+ * Gets the set index of the current CPU.
+ *
+ * This always returns 0 when in raw-mode context because there is only ever
+ * one EMT in that context (at least presently).
+ */
+#ifdef IN_RC
+# define PGMRZDYNMAP_CUR_CPU()              (0)
+#else
+# define PGMRZDYNMAP_CUR_CPU()              RTMpCpuIdToSetIndex(RTMpCpuId())
+#endif
+
+/** PGMRZDYNMAP::u32Magic. (Jens Christian Bugge Wesseltoft) */
+#define PGMRZDYNMAP_MAGIC                   UINT32_C(0x19640201)
+
+
+/** Zaps an set entry. */
+#define PGMRZDYNMAP_ZAP_ENTRY(pEntry) \
+    do \
+    { \
+        (pEntry)->iPage        = UINT16_MAX; \
+        (pEntry)->cRefs        = 0; \
+        (pEntry)->cInlinedRefs = 0; \
+        (pEntry)->cUnrefs      = 0; \
+    } while (0)
 
 
@@ -91 +151 @@
 *   Structures and Typedefs                                                    *
 *******************************************************************************/
+#ifdef IN_RING0
 /**
  * Ring-0 dynamic mapping cache segment.
@@ -125 +186 @@
  * Ring-0 dynamic mapping cache entry.
  *
- * This structure tracks
+ * @sa PGMRZDYNMAPENTRY, PGMRCDYNMAPENTRY.
  */
 typedef struct PGMR0DYNMAPENTRY
@@ -147 +208 @@
         void                   *pv;
     } uPte;
+# ifndef IN_RC
     /** CPUs that haven't invalidated this entry after it's last update. */
     RTCPUSET                    PendingSet;
+# endif
 } PGMR0DYNMAPENTRY;
-/** Pointer to a ring-0 dynamic mapping cache entry. */
+/** Pointer a mapping cache entry for the ring-0.
+ * @sa PPGMRZDYNMAPENTRY, PPGMRCDYNMAPENTRY,  */
 typedef PGMR0DYNMAPENTRY *PPGMR0DYNMAPENTRY;
 
 
 /**
- * Ring-0 dynamic mapping cache.
- *
- * This is initialized during VMMR0 module init but no segments are allocated at
- * that time.  Segments will be added when the first VM is started and removed
- * again when the last VM shuts down, thus avoid consuming memory while dormant.
- * At module termination, the remaining bits will be freed up.
+ * Dynamic mapping cache for ring-0.
+ *
+ * This is initialized during VMMR0 module init but no segments are allocated
+ * at that time.  Segments will be added when the first VM is started and
+ * removed again when the last VM shuts down, thus avoid consuming memory while
+ * dormant. At module termination, the remaining bits will be freed up.
+ *
+ * @sa PPGMRZDYNMAP, PGMRCDYNMAP.
  */
 typedef struct PGMR0DYNMAP
 {
-    /** The usual magic number / eye catcher (PGMR0DYNMAP_MAGIC). */
+    /** The usual magic number / eye catcher (PGMRZDYNMAP_MAGIC). */
     uint32_t                    u32Magic;
+# ifndef IN_RC
     /** Spinlock serializing the normal operation of the cache. */
     RTSPINLOCK                  hSpinlock;
+# endif
     /** Array for tracking and managing the pages.  */
     PPGMR0DYNMAPENTRY           paPages;
@@ -180 +248 @@
      * This is maintained to get trigger adding of more mapping space. */
     uint32_t                    cMaxLoad;
+# ifndef IN_RC
     /** Initialization / termination lock. */
     RTSEMFASTMUTEX              hInitLock;
+# endif
     /** The number of guard pages. */
     uint32_t                    cGuardPages;
     /** The number of users (protected by hInitLock). */
     uint32_t                    cUsers;
+# ifndef IN_RC
     /** Array containing a copy of the original page tables.
      * The entries are either X86PTE or X86PTEPAE according to fLegacyMode. */
@@ -193 +264 @@
     /** The paging mode. */
     SUPPAGINGMODE               enmPgMode;
+# endif
 } PGMR0DYNMAP;
-/** Pointer to the ring-0 dynamic mapping cache */
-typedef PGMR0DYNMAP *PPGMR0DYNMAP;
-
-/** PGMR0DYNMAP::u32Magic. (Jens Christian Bugge Wesseltoft) */
-#define PGMR0DYNMAP_MAGIC       0x19640201
 
 
@@ -228 +295 @@
 /** Pointer to paging level data. */
 typedef PGMR0DYNMAPPGLVL *PPGMR0DYNMAPPGLVL;
+#endif
+
+/** Mapping cache entry for the current context.
+ * @sa PGMR0DYNMAPENTRY, PGMRCDYNMAPENTRY  */
+typedef CTX_MID(PGM,DYNMAPENTRY) PGMRZDYNMAPENTRY;
+/** Pointer a mapping cache entry for the current context.
+ * @sa PGMR0DYNMAPENTRY, PGMRCDYNMAPENTRY  */
+typedef PGMRZDYNMAPENTRY *PPGMRZDYNMAPENTRY;
+
+/** Pointer the mapping cache instance for the current context.
+ * @sa PGMR0DYNMAP, PGMRCDYNMAP  */
+typedef CTX_MID(PGM,DYNMAP) *PPGMRZDYNMAP;
+
 
 
@@ -233 +313 @@
 *   Global Variables                                                           *
 *******************************************************************************/
+#ifdef IN_RING0
 /** Pointer to the ring-0 dynamic mapping cache. */
-static PPGMR0DYNMAP g_pPGMR0DynMap;
+static PGMR0DYNMAP *g_pPGMR0DynMap;
+#endif
 /** For overflow testing. */
 static bool         g_fPGMR0DynMapTestRunning = false;
@@ -242 +324 @@
 *   Internal Functions                                                         *
 *******************************************************************************/
-static void pgmR0DynMapReleasePage(PPGMR0DYNMAP pThis, uint32_t iPage, uint32_t cRefs);
-static int  pgmR0DynMapSetup(PPGMR0DYNMAP pThis);
-static int  pgmR0DynMapExpand(PPGMR0DYNMAP pThis);
-static void pgmR0DynMapTearDown(PPGMR0DYNMAP pThis);
+static void pgmRZDynMapReleasePage(PPGMRZDYNMAP pThis, uint32_t iPage, uint32_t cRefs);
+#ifdef IN_RING0
+static int  pgmR0DynMapSetup(PPGMRZDYNMAP pThis);
+static int  pgmR0DynMapExpand(PPGMRZDYNMAP pThis);
+static void pgmR0DynMapTearDown(PPGMRZDYNMAP pThis);
+#endif
 #if 0 /*def DEBUG*/
 static int  pgmR0DynMapTest(PVM pVM);
@@ -252 +336 @@
 
 /**
+ * Initializes the auto mapping sets for a VM.
+ *
+ * @returns VINF_SUCCESS on success, VERR_INTERNAL_ERROR on failure.
+ * @param   pVM         The VM in question.
+ */
+static int pgmRZDynMapInitAutoSetsForVM(PVM pVM)
+{
+    VMCPUID idCpu = pVM->cCpus;
+    AssertReturn(idCpu > 0 && idCpu <= VMM_MAX_CPU_COUNT, VERR_INTERNAL_ERROR);
+    while (idCpu-- > 0)
+    {
+        PPGMMAPSET pSet = &pVM->aCpus[idCpu].pgm.s.AutoSet;
+        uint32_t j = RT_ELEMENTS(pSet->aEntries);
+        while (j-- > 0)
+        {
+            pSet->aEntries[j].pvPage        = NULL;
+            pSet->aEntries[j].HCPhys        = NIL_RTHCPHYS;
+            PGMRZDYNMAP_ZAP_ENTRY(&pSet->aEntries[j]);
+        }
+        pSet->cEntries = PGMMAPSET_CLOSED;
+        pSet->iSubset = UINT32_MAX;
+        pSet->iCpu = -1;
+        memset(&pSet->aiHashTable[0], 0xff, sizeof(pSet->aiHashTable));
+    }
+
+    return VINF_SUCCESS;
+}
+
+
+#ifdef IN_RING0
+
+/**
  * Initializes the ring-0 dynamic mapping cache.
  *
@@ -263 +379 @@
      * Create and initialize the cache instance.
      */
-    PPGMR0DYNMAP pThis = (PPGMR0DYNMAP)RTMemAllocZ(sizeof(*pThis));
+    PPGMRZDYNMAP pThis = (PPGMRZDYNMAP)RTMemAllocZ(sizeof(*pThis));
     AssertLogRelReturn(pThis, VERR_NO_MEMORY);
     int             rc = VINF_SUCCESS;
@@ -295 +411 @@
             if (RT_SUCCESS(rc))
             {
-                pThis->u32Magic = PGMR0DYNMAP_MAGIC;
+                pThis->u32Magic = PGMRZDYNMAP_MAGIC;
                 g_pPGMR0DynMap = pThis;
                 return VINF_SUCCESS;
@@ -322 +438 @@
      * is just a mirror image of PGMR0DynMapInit.
      */
-    PPGMR0DYNMAP pThis = g_pPGMR0DynMap;
+    PPGMRZDYNMAP pThis = g_pPGMR0DynMap;
     if (pThis)
     {
@@ -359 +475 @@
      * Initialize the auto sets.
      */
-    VMCPUID idCpu = pVM->cCpus;
-    AssertReturn(idCpu > 0 && idCpu <= VMM_MAX_CPU_COUNT, VERR_INTERNAL_ERROR);
-    while (idCpu-- > 0)
-    {
-        PPGMMAPSET pSet = &pVM->aCpus[idCpu].pgm.s.AutoSet;
-        uint32_t j = RT_ELEMENTS(pSet->aEntries);
-        while (j-- > 0)
-        {
-            pSet->aEntries[j].iPage  = UINT16_MAX;
-            pSet->aEntries[j].cRefs  = 0;
-            pSet->aEntries[j].pvPage = NULL;
-            pSet->aEntries[j].HCPhys = NIL_RTHCPHYS;
-        }
-        pSet->cEntries = PGMMAPSET_CLOSED;
-        pSet->iSubset = UINT32_MAX;
-        pSet->iCpu = -1;
-        memset(&pSet->aiHashTable[0], 0xff, sizeof(pSet->aiHashTable));
-    }
+    int rc = pgmRZDynMapInitAutoSetsForVM(pVM);
+    if (RT_FAILURE(rc))
+        return rc;
 
     /*
@@ -387 +488 @@
      * Reference and if necessary setup or expand the cache.
      */
-    PPGMR0DYNMAP pThis = g_pPGMR0DynMap;
+    PPGMRZDYNMAP pThis = g_pPGMR0DynMap;
     AssertPtrReturn(pThis, VERR_INTERNAL_ERROR);
-    int rc = RTSemFastMutexRequest(pThis->hInitLock);
+    rc = RTSemFastMutexRequest(pThis->hInitLock);
     AssertLogRelRCReturn(rc, rc);
 
@@ -430 +531 @@
         return;
 
-    PPGMR0DYNMAP pThis = g_pPGMR0DynMap;
+    PPGMRZDYNMAP pThis = g_pPGMR0DynMap;
     AssertPtrReturnVoid(pThis);
 
@@ -463 +564 @@
                     LogRel(("PGMR0DynMapTermVM: %d dangling refs to %#x\n", cRefs, iPage));
                     if (iPage < pThis->cPages && cRefs > 0)
-                        pgmR0DynMapReleasePage(pThis, iPage, cRefs);
+                        pgmRZDynMapReleasePage(pThis, iPage, cRefs);
                     else
                         AssertLogRelMsgFailed(("cRefs=%d iPage=%#x cPages=%u\n", cRefs, iPage, pThis->cPages));
 
-                    pSet->aEntries[j].iPage  = UINT16_MAX;
-                    pSet->aEntries[j].cRefs  = 0;
-                    pSet->aEntries[j].pvPage = NULL;
-                    pSet->aEntries[j].HCPhys = NIL_RTHCPHYS;
+                    PGMRZDYNMAP_ZAP_ENTRY(&pSet->aEntries[j]);
                 }
                 pSet->cEntries = PGMMAPSET_CLOSED;
@@ -512 +610 @@
 {
     Assert(!pvUser2);
-    PPGMR0DYNMAP        pThis   = (PPGMR0DYNMAP)pvUser1;
+    PPGMRZDYNMAP        pThis   = (PPGMRZDYNMAP)pvUser1;
     Assert(pThis == g_pPGMR0DynMap);
-    PPGMR0DYNMAPENTRY   paPages = pThis->paPages;
+    PPGMRZDYNMAPENTRY   paPages = pThis->paPages;
     uint32_t            iPage   = pThis->cPages;
     while (iPage-- > 0)
@@ -527 +625 @@
  * @param   pThis       The dynamic mapping cache instance.
  */
-static int pgmR0DynMapTlbShootDown(PPGMR0DYNMAP pThis)
+static int pgmR0DynMapTlbShootDown(PPGMRZDYNMAP pThis)
 {
     int rc = RTMpOnAll(pgmR0DynMapShootDownTlbs, pThis, NULL);
@@ -548 +646 @@
  * @param   pcMinPages  The minimal size in pages.
  */
-static uint32_t pgmR0DynMapCalcNewSize(PPGMR0DYNMAP pThis, uint32_t *pcMinPages)
+static uint32_t pgmR0DynMapCalcNewSize(PPGMRZDYNMAP pThis, uint32_t *pcMinPages)
 {
     Assert(pThis->cPages <= PGMR0DYNMAP_MAX_PAGES);
@@ -594 +692 @@
  * @param   pPgLvl      The paging level data.
  */
-void pgmR0DynMapPagingArrayInit(PPGMR0DYNMAP pThis, PPGMR0DYNMAPPGLVL pPgLvl)
+void pgmR0DynMapPagingArrayInit(PPGMRZDYNMAP pThis, PPGMR0DYNMAPPGLVL pPgLvl)
 {
     RTCCUINTREG     cr4 = ASMGetCR4();
@@ -704 +802 @@
  * @param   ppvPTE      Where to store the PTE address.
  */
-static int pgmR0DynMapPagingArrayMapPte(PPGMR0DYNMAP pThis, PPGMR0DYNMAPPGLVL pPgLvl, void *pvPage,
+static int pgmR0DynMapPagingArrayMapPte(PPGMRZDYNMAP pThis, PPGMR0DYNMAPPGLVL pPgLvl, void *pvPage,
                                         PPGMR0DYNMAPSEG pSeg, uint32_t cMaxPTs, void **ppvPTE)
 {
@@ -791 +889 @@
  * @param   pPage       The page.
  */
-DECLINLINE(void) pgmR0DynMapSetupGuardPage(PPGMR0DYNMAP pThis, PPGMR0DYNMAPENTRY pPage)
+DECLINLINE(void) pgmR0DynMapSetupGuardPage(PPGMRZDYNMAP pThis, PPGMRZDYNMAPENTRY pPage)
 {
     memset(pPage->pvPage, 0xfd, PAGE_SIZE);
@@ -815 +913 @@
  * @param   cPages      The size of the new segment, give as a page count.
  */
-static int pgmR0DynMapAddSeg(PPGMR0DYNMAP pThis, uint32_t cPages)
+static int pgmR0DynMapAddSeg(PPGMRZDYNMAP pThis, uint32_t cPages)
 {
     int rc2;
@@ -838 +936 @@
     }
 
-    RTSPINLOCKTMP Tmp = RTSPINLOCKTMP_INITIALIZER;
-    RTSpinlockAcquire(pThis->hSpinlock, &Tmp);
+    PGMRZDYNMAP_SPINLOCK_ACQUIRE(pThis);
 
     memcpy(pvPages, pThis->paPages, sizeof(pThis->paPages[0]) * pThis->cPages);
     void *pvToFree = pThis->paPages;
-    pThis->paPages = (PPGMR0DYNMAPENTRY)pvPages;
-
-    RTSpinlockRelease(pThis->hSpinlock, &Tmp);
+    pThis->paPages = (PPGMRZDYNMAPENTRY)pvPages;
+
+    PGMRZDYNMAP_SPINLOCK_RELEASE(pThis);
     RTMemFree(pvToFree);
 
@@ -882 +979 @@
             pThis->paPages[iPage].cRefs  = 0;
             pThis->paPages[iPage].uPte.pPae = 0;
+#ifndef IN_RC
             RTCpuSetFill(&pThis->paPages[iPage].PendingSet);
+#endif
 
             /* Map its page table, retry until we've got a clean run (paranoia). */
@@ -983 +1082 @@
  * @param   pThis       The dynamic mapping cache instance.
  */
-static int pgmR0DynMapSetup(PPGMR0DYNMAP pThis)
+static int pgmR0DynMapSetup(PPGMRZDYNMAP pThis)
 {
     /*
@@ -1026 +1125 @@
  * @param   pThis       The dynamic mapping cache instance.
  */
-static int pgmR0DynMapExpand(PPGMR0DYNMAP pThis)
+static int pgmR0DynMapExpand(PPGMRZDYNMAP pThis)
 {
     /*
@@ -1069 +1168 @@
  * @param   pThis       The dynamic mapping cache instance.
  */
-static void pgmR0DynMapTearDown(PPGMR0DYNMAP pThis)
+static void pgmR0DynMapTearDown(PPGMRZDYNMAP pThis)
 {
     /*
      * Restore the original page table entries
      */
-    PPGMR0DYNMAPENTRY   paPages = pThis->paPages;
+    PPGMRZDYNMAPENTRY   paPages = pThis->paPages;
     uint32_t            iPage   = pThis->cPages;
     if (pThis->fLegacyMode)
@@ -1145 +1244 @@
 }
 
+#endif /* IN_RING0 */
+#ifdef IN_RC
+
+/**
+ * Initializes the dynamic mapping cache in raw-mode context.
+ *
+ * @returns VBox status code.
+ * @param   pVM                 The VM handle.
+ */
+VMMRCDECL(int) PGMRCDynMapInit(PVM pVM)
+{
+    /*
+     * Allocate and initialize the instance data and page array.
+     */
+    PPGMRZDYNMAP    pThis;
+    size_t const    cPages = MM_HYPER_DYNAMIC_SIZE / PAGE_SIZE;
+    size_t const    cb     = RT_ALIGN_Z(sizeof(*pThis), 32)
+                           + sizeof(PGMRZDYNMAPENTRY) * cPages;
+    int rc = MMHyperAlloc(pVM, cb, 32, MM_TAG_PGM, (void **)&pThis);
+    if (RT_FAILURE(rc))
+        return rc;
+
+    pThis->u32Magic     = PGMRZDYNMAP_MAGIC;
+    pThis->paPages      = RT_ALIGN_PT(pThis + 1, 32, PPGMRZDYNMAPENTRY);
+    pThis->cPages       = cPages;
+    pThis->fLegacyMode  = PGMGetHostMode(pVM) == PGMMODE_32_BIT;
+    pThis->cLoad        = 0;
+    pThis->cMaxLoad     = 0;
+    pThis->cGuardPages  = 0;
+    pThis->cUsers       = 1;
+
+    for (size_t iPage = 0; iPage < cPages; iPage++)
+    {
+        pThis->paPages[iPage].HCPhys = NIL_RTHCPHYS;
+        pThis->paPages[iPage].pvPage = pVM->pgm.s.pbDynPageMapBaseGC + iPage * PAGE_SIZE;
+        pThis->paPages[iPage].cRefs  = 0;
+        if (pThis->fLegacyMode)
+            pThis->paPages[iPage].uPte.pLegacy = &pVM->pgm.s.paDynPageMap32BitPTEsGC[iPage];
+        else
+            pThis->paPages[iPage].uPte.pPae    = &pVM->pgm.s.paDynPageMapPaePTEsGC[iPage];
+    }
+
+    pVM->pgm.s.pRCDynMap = pThis;
+
+    /*
+     * Initialize the autosets the VM.
+     */
+    rc = pgmRZDynMapInitAutoSetsForVM(pVM);
+    if (RT_FAILURE(rc))
+        return rc;
+
+    return VINF_SUCCESS;
+}
+
+#endif /* IN_RC */
 
 /**
@@ -1153 +1307 @@
  * @param   cRefs       The number of references to release.
  */
-DECLINLINE(void) pgmR0DynMapReleasePageLocked(PPGMR0DYNMAP pThis, uint32_t iPage, int32_t cRefs)
+DECLINLINE(void) pgmRZDynMapReleasePageLocked(PPGMRZDYNMAP pThis, uint32_t iPage, int32_t cRefs)
 {
     cRefs = ASMAtomicSubS32(&pThis->paPages[iPage].cRefs, cRefs) - cRefs;
@@ -1169 +1323 @@
  * @param   cRefs       The number of references to release.
  */
-static void pgmR0DynMapReleasePage(PPGMR0DYNMAP pThis, uint32_t iPage, uint32_t cRefs)
-{
-    RTSPINLOCKTMP Tmp = RTSPINLOCKTMP_INITIALIZER;
-    RTSpinlockAcquire(pThis->hSpinlock, &Tmp);
-    pgmR0DynMapReleasePageLocked(pThis, iPage, cRefs);
-    RTSpinlockRelease(pThis->hSpinlock, &Tmp);
+static void pgmRZDynMapReleasePage(PPGMRZDYNMAP pThis, uint32_t iPage, uint32_t cRefs)
+{
+    PGMRZDYNMAP_SPINLOCK_ACQUIRE(pThis);
+    pgmRZDynMapReleasePageLocked(pThis, iPage, cRefs);
+    PGMRZDYNMAP_SPINLOCK_RELEASE(pThis);
 }
 
@@ -1186 +1339 @@
  * @param   iPage       The page index pgmR0DynMapPage hashed HCPhys to.
  * @param   pVCpu       The current CPU, for statistics.
- */
-static uint32_t pgmR0DynMapPageSlow(PPGMR0DYNMAP pThis, RTHCPHYS HCPhys, uint32_t iPage, PVMCPU pVCpu)
-{
-    STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatR0DynMapPageSlow);
+ * @param   pfNew       Set to @c true if a new entry was made and @c false if
+ *                      an old entry was found and reused.
+ */
+static uint32_t pgmR0DynMapPageSlow(PPGMRZDYNMAP pThis, RTHCPHYS HCPhys, uint32_t iPage, PVMCPU pVCpu, bool *pfNew)
+{
+    STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapPageSlow);
 
     /*
@@ -1199 +1354 @@
 #endif
     uint32_t const      cPages  = pThis->cPages;
-    PPGMR0DYNMAPENTRY   paPages = pThis->paPages;
+    PPGMRZDYNMAPENTRY   paPages = pThis->paPages;
     uint32_t            iFreePage;
     if (!paPages[iPage].cRefs)
@@ -1217 +1372 @@
             if (paPages[iFreePage].HCPhys == HCPhys)
             {
-                STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatR0DynMapPageSlowLoopHits);
+                STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapPageSlowLoopHits);
+                *pfNew = false;
                 return iFreePage;
             }
@@ -1228 +1384 @@
                 return UINT32_MAX;
         }
-        STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatR0DynMapPageSlowLoopMisses);
+        STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapPageSlowLoopMisses);
 #ifdef VBOX_WITH_STATISTICS
         fLooped = true;
@@ -1240 +1396 @@
         for (uint32_t iPage2 = (iPage + 3) % cPages; iPage2 != iPage; iPage2 = (iPage2 + 1) % cPages)
             if (paPages[iPage2].HCPhys == HCPhys)
-                STAM_COUNTER_INC(&pVCpu->pgm.s.StatR0DynMapPageSlowLostHits);
+                STAM_COUNTER_INC(&pVCpu->pgm.s.StatRZDynMapPageSlowLostHits);
 #endif
 
@@ -1246 +1402 @@
      * Setup the new entry.
      */
+    *pfNew = true;
     /*Log6(("pgmR0DynMapPageSlow: old - %RHp %#x %#llx\n", paPages[iFreePage].HCPhys, paPages[iFreePage].cRefs, paPages[iFreePage].uPte.pPae->u));*/
     paPages[iFreePage].HCPhys = HCPhys;
+#ifndef IN_RC
     RTCpuSetFill(&paPages[iFreePage].PendingSet);
+#endif
     if (pThis->fLegacyMode)
     {
@@ -1286 +1445 @@
  * @param   ppvPage     Where to the page address.
  */
-DECLINLINE(uint32_t) pgmR0DynMapPage(PPGMR0DYNMAP pThis, RTHCPHYS HCPhys, int32_t iRealCpu, PVMCPU pVCpu, void **ppvPage)
-{
-    RTSPINLOCKTMP       Tmp     = RTSPINLOCKTMP_INITIALIZER;
-    RTSpinlockAcquire(pThis->hSpinlock, &Tmp);
+DECLINLINE(uint32_t) pgmR0DynMapPage(PPGMRZDYNMAP pThis, RTHCPHYS HCPhys, int32_t iRealCpu, PVMCPU pVCpu, void **ppvPage)
+{
+    PGMRZDYNMAP_SPINLOCK_ACQUIRE(pThis);
     AssertMsg(!(HCPhys & PAGE_OFFSET_MASK), ("HCPhys=%RHp\n", HCPhys));
-    STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatR0DynMapPage);
+    STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapPage);
 
     /*
@@ -1301 +1459 @@
      * to pgmR0DynMapPageSlow().
      */
+    bool                fNew    = false;
     uint32_t const      cPages  = pThis->cPages;
     uint32_t            iPage   = (HCPhys >> PAGE_SHIFT) % cPages;
-    PPGMR0DYNMAPENTRY   paPages = pThis->paPages;
+    PPGMRZDYNMAPENTRY   paPages = pThis->paPages;
     if (RT_LIKELY(paPages[iPage].HCPhys == HCPhys))
-        STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatR0DynMapPageHits0);
+        STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapPageHits0);
     else
     {
@@ -1312 +1471 @@
         {
             iPage = iPage2;
-            STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatR0DynMapPageHits1);
+            STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapPageHits1);
         }
         else
@@ -1320 +1479 @@
             {
                 iPage = iPage2;
-                STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatR0DynMapPageHits2);
+                STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapPageHits2);
             }
             else
             {
-                iPage = pgmR0DynMapPageSlow(pThis, HCPhys, iPage, pVCpu);
+                iPage = pgmR0DynMapPageSlow(pThis, HCPhys, iPage, pVCpu, &fNew);
                 if (RT_UNLIKELY(iPage == UINT32_MAX))
                 {
-                    RTSpinlockRelease(pThis->hSpinlock, &Tmp);
+                    PGMRZDYNMAP_SPINLOCK_RELEASE(pThis);
                     *ppvPage = NULL;
                     return iPage;
@@ -1349 +1508 @@
     {
         ASMAtomicDecS32(&paPages[iPage].cRefs);
-        RTSpinlockRelease(pThis->hSpinlock, &Tmp);
+        PGMRZDYNMAP_SPINLOCK_RELEASE(pThis);
         *ppvPage = NULL;
         AssertLogRelMsgFailedReturn(("cRefs=%d iPage=%p HCPhys=%RHp\n", cRefs, iPage, HCPhys), UINT32_MAX);
@@ -1355 +1514 @@
     void *pvPage = paPages[iPage].pvPage;
 
+#ifndef IN_RC
     /*
      * Invalidate the entry?
@@ -1361 +1521 @@
     if (RT_UNLIKELY(fInvalidateIt))
         RTCpuSetDelByIndex(&paPages[iPage].PendingSet, iRealCpu);
-
-    RTSpinlockRelease(pThis->hSpinlock, &Tmp);
+#endif
+
+    PGMRZDYNMAP_SPINLOCK_RELEASE(pThis);
 
     /*
      * Do the actual invalidation outside the spinlock.
      */
+#ifdef IN_RC
+    if (RT_UNLIKELY(fNew))
+#else
     if (RT_UNLIKELY(fInvalidateIt))
-    {
-        STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatR0DynMapPageInvlPg);
+#endif
+    {
+        STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapPageInvlPg);
         ASMInvalidatePage(pvPage);
     }
@@ -1383 +1548 @@
  * @returns VBox status code.
  */
-VMMR0DECL(int) PGMR0DynMapAssertIntegrity(void)
+static int pgmRZDynMapAssertIntegrity(PPGMRZDYNMAP pThis)
 {
     /*
      * Basic pool stuff that doesn't require any lock, just assumes we're a user.
      */
-    PPGMR0DYNMAP        pThis       = g_pPGMR0DynMap;
     if (!pThis)
         return VINF_SUCCESS;
     AssertPtrReturn(pThis, VERR_INVALID_POINTER);
-    AssertReturn(pThis->u32Magic == PGMR0DYNMAP_MAGIC, VERR_INVALID_MAGIC);
+    AssertReturn(pThis->u32Magic == PGMRZDYNMAP_MAGIC, VERR_INVALID_MAGIC);
     if (!pThis->cUsers)
         return VERR_INVALID_PARAMETER;
@@ -1398 +1562 @@
 
     int                 rc          = VINF_SUCCESS;
-    RTSPINLOCKTMP       Tmp         = RTSPINLOCKTMP_INITIALIZER;
-    RTSpinlockAcquire(pThis->hSpinlock, &Tmp);
+    PGMRZDYNMAP_SPINLOCK_ACQUIRE(pThis);
 
 #define CHECK_RET(expr, a) \
@@ -1405 +1568 @@
         if (RT_UNLIKELY(!(expr))) \
         { \
-            RTSpinlockRelease(pThis->hSpinlock, &Tmp); \
+            PGMRZDYNMAP_SPINLOCK_RELEASE(pThis); \
             RTAssertMsg1Weak(#expr, __LINE__, __FILE__, __PRETTY_FUNCTION__); \
             RTAssertMsg2Weak a; \
@@ -1417 +1580 @@
     uint32_t            cGuard      = 0;
     uint32_t            cLoad       = 0;
-    PPGMR0DYNMAPENTRY   paPages     = pThis->paPages;
+    PPGMRZDYNMAPENTRY   paPages     = pThis->paPages;
     uint32_t            iPage       = pThis->cPages;
     if (pThis->fLegacyMode)
     {
+#ifdef IN_RING0
         PCX86PGUINT     paSavedPTEs = (PCX86PGUINT)pThis->pvSavedPTEs; NOREF(paSavedPTEs);
+#endif
         while (iPage-- > 0)
         {
@@ -1440 +1605 @@
             {
                 CHECK_RET(!(paPages[iPage].HCPhys & PAGE_OFFSET_MASK), ("#%u: %RHp\n", iPage, paPages[iPage].HCPhys));
-                X86PGUINT uPte = (paSavedPTEs[iPage] & (X86_PTE_G | X86_PTE_PAT | X86_PTE_PCD | X86_PTE_PWT))
-                               | X86_PTE_P | X86_PTE_RW | X86_PTE_A | X86_PTE_D
+                X86PGUINT uPte = X86_PTE_P | X86_PTE_RW | X86_PTE_A | X86_PTE_D
+#ifdef IN_RING0
+                               | (paSavedPTEs[iPage] & (X86_PTE_G | X86_PTE_PAT | X86_PTE_PCD | X86_PTE_PWT))
+#endif
                                | (paPages[iPage].HCPhys & X86_PTE_PAE_PG_MASK);
                 CHECK_RET(paPages[iPage].uPte.pLegacy->u == uPte,
@@ -1448 +1615 @@
                     cLoad++;
             }
+#ifdef IN_RING0
             else
                 CHECK_RET(paPages[iPage].uPte.pLegacy->u == paSavedPTEs[iPage],
                           ("#%u: %#x %#x", iPage, paPages[iPage].uPte.pLegacy->u, paSavedPTEs[iPage]));
+#endif
         }
     }
     else
     {
+#ifdef IN_RING0
         PCX86PGPAEUINT  paSavedPTEs = (PCX86PGPAEUINT)pThis->pvSavedPTEs; NOREF(paSavedPTEs);
+#endif
         while (iPage-- > 0)
         {
@@ -1474 +1645 @@
             {
                 CHECK_RET(!(paPages[iPage].HCPhys & PAGE_OFFSET_MASK), ("#%u: %RHp\n", iPage, paPages[iPage].HCPhys));
-                X86PGPAEUINT uPte = (paSavedPTEs[iPage] & (X86_PTE_G | X86_PTE_PAT | X86_PTE_PCD | X86_PTE_PWT))
-                                  | X86_PTE_P | X86_PTE_RW | X86_PTE_A | X86_PTE_D
+                X86PGPAEUINT uPte = X86_PTE_P | X86_PTE_RW | X86_PTE_A | X86_PTE_D
+#ifdef IN_RING0
+                                  | (paSavedPTEs[iPage] & (X86_PTE_G | X86_PTE_PAT | X86_PTE_PCD | X86_PTE_PWT))
+#endif
                                   | (paPages[iPage].HCPhys & X86_PTE_PAE_PG_MASK);
                 CHECK_RET(paPages[iPage].uPte.pPae->u == uPte,
@@ -1482 +1655 @@
                     cLoad++;
             }
+#ifdef IN_RING0
             else
                 CHECK_RET(paPages[iPage].uPte.pPae->u == paSavedPTEs[iPage],
                           ("#%u: %#llx %#llx", iPage, paPages[iPage].uPte.pPae->u, paSavedPTEs[iPage]));
+#endif
         }
     }
@@ -1492 +1667 @@
 
 #undef CHECK_RET
-    RTSpinlockRelease(pThis->hSpinlock, &Tmp);
+    PGMRZDYNMAP_SPINLOCK_RELEASE(pThis);
     return VINF_SUCCESS;
 }
+
+#ifdef IN_RING0
+/**
+ * Assert the the integrity of the pool.
+ *
+ * @returns VBox status code.
+ */
+VMMR0DECL(int) PGMR0DynMapAssertIntegrity(void)
+{
+    return pgmRZDynMapAssertIntegrity(g_pPGMR0DynMap);
+}
+#endif /* IN_RING0 */
+
+#ifdef IN_RC
+/**
+ * Assert the the integrity of the pool.
+ *
+ * @returns VBox status code.
+ */
+VMMRCDECL(int) PGMRCDynMapAssertIntegrity(PVM pVM)
+{
+    return pgmRZDynMapAssertIntegrity((PPGMRZDYNMAP)pVM->pgm.s.pRCDynMap);
+}
+#endif /* IN_RC */
+
+
+/**
+ * As a final resort for a (somewhat) full auto set or full cache, try merge
+ * duplicate entries and flush the ones we can.
+ *
+ * @param   pSet        The set.
+ */
+static void pgmDynMapOptimizeAutoSet(PPGMMAPSET pSet)
+{
+    LogFlow(("pgmDynMapOptimizeAutoSet\n"));
+
+    for (uint32_t i = 0 ; i < pSet->cEntries; i++)
+    {
+        /*
+         * Try merge entries.
+         */
+        uint16_t const  iPage = pSet->aEntries[i].iPage;
+        uint32_t        j     = i + 1;
+        while (   j < pSet->cEntries
+               && (   pSet->iSubset == UINT32_MAX
+                   || pSet->iSubset < pSet->cEntries) )
+        {
+            if (pSet->aEntries[j].iPage != iPage)
+                j++;
+            else
+            {
+                uint32_t const  cHardRefs    = (uint32_t)pSet->aEntries[i].cRefs
+                                             + (uint32_t)pSet->aEntries[j].cRefs;
+                uint32_t        cInlinedRefs = (uint32_t)pSet->aEntries[i].cInlinedRefs
+                                             + (uint32_t)pSet->aEntries[j].cInlinedRefs;
+                uint32_t        cUnrefs      = (uint32_t)pSet->aEntries[i].cUnrefs
+                                             + (uint32_t)pSet->aEntries[j].cUnrefs;
+                uint32_t        cSub         = RT_MIN(cUnrefs, cInlinedRefs);
+                cInlinedRefs -= cSub;
+                cUnrefs      -= cSub;
+
+                if (    cHardRefs    < UINT16_MAX
+                    &&  cInlinedRefs < UINT16_MAX
+                    &&  cUnrefs      < UINT16_MAX)
+                {
+                    /* merge j into i removing j. */
+                    Log2(("pgmDynMapOptimizeAutoSet: Merging #%u into #%u\n", j, i));
+                    pSet->aEntries[i].cRefs        = cHardRefs;
+                    pSet->aEntries[i].cInlinedRefs = cInlinedRefs;
+                    pSet->aEntries[i].cUnrefs      = cUnrefs;
+                    pSet->cEntries--;
+                    if (j < pSet->cEntries)
+                    {
+                        pSet->aEntries[j] = pSet->aEntries[pSet->cEntries];
+                        PGMRZDYNMAP_ZAP_ENTRY(&pSet->aEntries[pSet->cEntries]);
+                    }
+                    else
+                        PGMRZDYNMAP_ZAP_ENTRY(&pSet->aEntries[j]);
+                }
+#if 0 /* too complicated, skip it. */
+                else
+                {
+                    /* migrate the max number of refs from j into i and quit the inner loop. */
+                    uint32_t cMigrate = UINT16_MAX - 1 - pSet->aEntries[i].cRefs;
+                    Assert(pSet->aEntries[j].cRefs > cMigrate);
+                    pSet->aEntries[j].cRefs -= cMigrate;
+                    pSet->aEntries[i].cRefs = UINT16_MAX - 1;
+                    break;
+                }
+#endif
+            }
+        }
+
+        /*
+         * Try make use of the unused hinting (cUnrefs) to evict entries
+         * from both the set as well as the mapping cache.
+         */
+
+        uint32_t const cTotalRefs = (uint32_t)pSet->aEntries[i].cRefs + pSet->aEntries[i].cInlinedRefs;
+        Log2(("pgmDynMapOptimizeAutoSet: #%u/%u/%u pvPage=%p iPage=%u cRefs=%u cInlinedRefs=%u cUnrefs=%u cTotalRefs=%u\n",
+              i,
+              pSet->iSubset,
+              pSet->cEntries,
+              pSet->aEntries[i].pvPage,
+              pSet->aEntries[i].iPage,
+              pSet->aEntries[i].cRefs,
+              pSet->aEntries[i].cInlinedRefs,
+              pSet->aEntries[i].cUnrefs,
+              cTotalRefs));
+        Assert(cTotalRefs >= pSet->aEntries[i].cUnrefs);
+
+        if (    cTotalRefs == pSet->aEntries[i].cUnrefs
+            &&  (   pSet->iSubset == UINT32_MAX
+                 || pSet->iSubset < pSet->cEntries)
+           )
+        {
+            Log2(("pgmDynMapOptimizeAutoSet: Releasing iPage=%d/%p\n", pSet->aEntries[i].iPage, pSet->aEntries[i].pvPage));
+            //LogFlow(("pgmDynMapOptimizeAutoSet: Releasing iPage=%d/%p\n", pSet->aEntries[i].iPage, pSet->aEntries[i].pvPage));
+            pgmRZDynMapReleasePage(PGMRZDYNMAP_SET_2_DYNMAP(pSet),
+                                   pSet->aEntries[i].iPage,
+                                   pSet->aEntries[i].cRefs);
+            pSet->cEntries--;
+            if (i < pSet->cEntries)
+            {
+                pSet->aEntries[i] = pSet->aEntries[pSet->cEntries];
+                PGMRZDYNMAP_ZAP_ENTRY(&pSet->aEntries[pSet->cEntries]);
+            }
+
+            i--;
+        }
+    }
+}
+
+
 
 
@@ -1505 +1814 @@
  * @param   pVCpu       The shared data for the current virtual CPU.
  */
-VMMDECL(void) PGMDynMapStartAutoSet(PVMCPU pVCpu)
-{
+VMMDECL(void) PGMRZDynMapStartAutoSet(PVMCPU pVCpu)
+{
+    LogFlow(("PGMRZDynMapStartAutoSet:\n"));
     Assert(pVCpu->pgm.s.AutoSet.cEntries == PGMMAPSET_CLOSED);
     Assert(pVCpu->pgm.s.AutoSet.iSubset == UINT32_MAX);
     pVCpu->pgm.s.AutoSet.cEntries = 0;
-    pVCpu->pgm.s.AutoSet.iCpu = RTMpCpuIdToSetIndex(RTMpCpuId());
-}
-
-
+    pVCpu->pgm.s.AutoSet.iCpu = PGMRZDYNMAP_CUR_CPU();
+}
+
+
+#ifdef IN_RING0
 /**
  * Starts or migrates the autoset of a virtual CPU.
@@ -1526 +1837 @@
  * @thread  EMT
  */
-VMMDECL(bool) PGMDynMapStartOrMigrateAutoSet(PVMCPU pVCpu)
+VMMR0DECL(bool) PGMR0DynMapStartOrMigrateAutoSet(PVMCPU pVCpu)
 {
     bool fStartIt = pVCpu->pgm.s.AutoSet.cEntries == PGMMAPSET_CLOSED;
     if (fStartIt)
-        PGMDynMapStartAutoSet(pVCpu);
+        PGMRZDynMapStartAutoSet(pVCpu);
     else
-        PGMDynMapMigrateAutoSet(pVCpu);
+        PGMR0DynMapMigrateAutoSet(pVCpu);
     return fStartIt;
 }
+#endif /* IN_RING0 */
 
 
@@ -1551 +1863 @@
         &&  RT_LIKELY(cEntries <= RT_ELEMENTS(pSet->aEntries)))
     {
-        PPGMR0DYNMAP    pThis   = g_pPGMR0DynMap;
-        RTSPINLOCKTMP   Tmp     = RTSPINLOCKTMP_INITIALIZER;
-        RTSpinlockAcquire(pThis->hSpinlock, &Tmp);
+        PPGMRZDYNMAP    pThis   = PGMRZDYNMAP_SET_2_DYNMAP(pSet);
+        PGMRZDYNMAP_SPINLOCK_ACQUIRE(pThis);
 
         uint32_t i = cEntries;
@@ -1562 +1873 @@
             int32_t  cRefs = pSet->aEntries[i].cRefs;
             Assert(cRefs > 0);
-            pgmR0DynMapReleasePageLocked(pThis, iPage, cRefs);
-
-            pSet->aEntries[i].iPage = UINT16_MAX;
-            pSet->aEntries[i].cRefs = 0;
+            pgmRZDynMapReleasePageLocked(pThis, iPage, cRefs);
+
+            PGMRZDYNMAP_ZAP_ENTRY(&pSet->aEntries[i]);
         }
 
         Assert(pThis->cLoad <= pThis->cPages - pThis->cGuardPages);
-        RTSpinlockRelease(pThis->hSpinlock, &Tmp);
+        PGMRZDYNMAP_SPINLOCK_RELEASE(pThis);
     }
 }
@@ -1580 +1890 @@
  * @param   pVCpu       The shared data for the current virtual CPU.
  */
-VMMDECL(void) PGMDynMapReleaseAutoSet(PVMCPU pVCpu)
+VMMDECL(void) PGMRZDynMapReleaseAutoSet(PVMCPU pVCpu)
 {
     PPGMMAPSET  pSet = &pVCpu->pgm.s.AutoSet;
@@ -1593 +1903 @@
     pSet->iCpu = -1;
 
-    STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->aStatR0DynMapSetSize[(cEntries * 10 / RT_ELEMENTS(pSet->aEntries)) % 11]);
+#ifdef IN_RC
+    if (RT_ELEMENTS(pSet->aEntries) > MM_HYPER_DYNAMIC_SIZE / PAGE_SIZE)
+        STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->aStatRZDynMapSetFilledPct[(cEntries * 10 / (MM_HYPER_DYNAMIC_SIZE / PAGE_SIZE)) % 11]);
+    else
+#endif
+        STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->aStatRZDynMapSetFilledPct[(cEntries * 10 / RT_ELEMENTS(pSet->aEntries)) % 11]);
     AssertMsg(cEntries < PGMMAPSET_MAX_FILL, ("%u\n", cEntries));
     if (cEntries > RT_ELEMENTS(pSet->aEntries) * 50 / 100)
-        Log(("PGMDynMapReleaseAutoSet: cEntries=%d\n", pSet->cEntries));
+        Log(("PGMRZDynMapReleaseAutoSet: cEntries=%d\n", cEntries));
+    else
+        LogFlow(("PGMRZDynMapReleaseAutoSet: cEntries=%d\n", cEntries));
 
     pgmDynMapFlushAutoSetWorker(pSet, cEntries);
@@ -1607 +1924 @@
  * @param   pVCpu       The shared data for the current virtual CPU.
  */
-VMMDECL(void) PGMDynMapFlushAutoSet(PVMCPU pVCpu)
+VMMDECL(void) PGMRZDynMapFlushAutoSet(PVMCPU pVCpu)
 {
     PPGMMAPSET  pSet = &pVCpu->pgm.s.AutoSet;
-    AssertMsg(pSet->iCpu == RTMpCpuIdToSetIndex(RTMpCpuId()), ("%d %d(%d) efl=%#x\n", pSet->iCpu, RTMpCpuIdToSetIndex(RTMpCpuId()), RTMpCpuId(), ASMGetFlags()));
+    AssertMsg(pSet->iCpu == PGMRZDYNMAP_CUR_CPU(), ("%d %d efl=%#x\n", pSet->iCpu, PGMRZDYNMAP_CUR_CPU(), ASMGetFlags()));
 
     /*
@@ -1617 +1934 @@
     uint32_t cEntries = pSet->cEntries;
     AssertReturnVoid(cEntries != PGMMAPSET_CLOSED);
-    STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->aStatR0DynMapSetSize[(cEntries * 10 / RT_ELEMENTS(pSet->aEntries)) % 11]);
+#ifdef IN_RC
+    if (RT_ELEMENTS(pSet->aEntries) > MM_HYPER_DYNAMIC_SIZE / PAGE_SIZE)
+        STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->aStatRZDynMapSetFilledPct[(cEntries * 10 / (MM_HYPER_DYNAMIC_SIZE / PAGE_SIZE)) % 11]);
+    else
+#endif
+        STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->aStatRZDynMapSetFilledPct[(cEntries * 10 / RT_ELEMENTS(pSet->aEntries)) % 11]);
     if (cEntries >= RT_ELEMENTS(pSet->aEntries) * 45 / 100)
     {
@@ -1626 +1948 @@
 
         pgmDynMapFlushAutoSetWorker(pSet, cEntries);
-        AssertMsg(pSet->iCpu == RTMpCpuIdToSetIndex(RTMpCpuId()), ("%d %d(%d) efl=%#x\n", pSet->iCpu, RTMpCpuIdToSetIndex(RTMpCpuId()), RTMpCpuId(), ASMGetFlags()));
-    }
-}
-
-
+        AssertMsg(pSet->iCpu == PGMRZDYNMAP_CUR_CPU(), ("%d %d efl=%#x\n", pSet->iCpu, PGMRZDYNMAP_CUR_CPU(), ASMGetFlags()));
+    }
+}
+
+
+#ifndef IN_RC
 /**
  * Migrates the automatic mapping set of the current vCPU if it's active and
@@ -1644 +1967 @@
  * @thread  EMT
  */
-VMMDECL(void) PGMDynMapMigrateAutoSet(PVMCPU pVCpu)
-{
+VMMR0DECL(void) PGMR0DynMapMigrateAutoSet(PVMCPU pVCpu)
+{
+    LogFlow(("PGMR0DynMapMigrateAutoSet\n"));
     PPGMMAPSET      pSet     = &pVCpu->pgm.s.AutoSet;
-    int32_t         iRealCpu = RTMpCpuIdToSetIndex(RTMpCpuId());
+    int32_t         iRealCpu = PGMRZDYNMAP_CUR_CPU();
     if (pSet->iCpu != iRealCpu)
     {
@@ -1656 +1980 @@
             if (i != 0 && RT_LIKELY(i <= RT_ELEMENTS(pSet->aEntries)))
             {
-                PPGMR0DYNMAP    pThis  = g_pPGMR0DynMap;
-                RTSPINLOCKTMP   Tmp    = RTSPINLOCKTMP_INITIALIZER;
-                RTSpinlockAcquire(pThis->hSpinlock, &Tmp);
+                PPGMRZDYNMAP    pThis  = PGMRZDYNMAP_SET_2_DYNMAP(pSet);
+                PGMRZDYNMAP_SPINLOCK_ACQUIRE(pThis);
 
                 while (i-- > 0)
@@ -1668 +1991 @@
                     {
                         RTCpuSetDelByIndex(&pThis->paPages[iPage].PendingSet, iRealCpu);
-                        RTSpinlockRelease(pThis->hSpinlock, &Tmp);
+                        PGMRZDYNMAP_SPINLOCK_RELEASE(pThis);
 
                         ASMInvalidatePage(pThis->paPages[iPage].pvPage);
-                        STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatR0DynMapMigrateInvlPg);
-
-                        RTSpinlockAcquire(pThis->hSpinlock, &Tmp);
+                        STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapMigrateInvlPg);
+
+                        PGMRZDYNMAP_SPINLOCK_REACQUIRE(pThis);
                     }
                 }
 
-                RTSpinlockRelease(pThis->hSpinlock, &Tmp);
+                PGMRZDYNMAP_SPINLOCK_RELEASE(pThis);
             }
         }
@@ -1683 +2006 @@
     }
 }
+#endif /* !IN_RC */
 
 
@@ -1706 +2030 @@
         pSet->cEntries = iSubset;
 
-        PPGMR0DYNMAP    pThis = g_pPGMR0DynMap;
-        RTSPINLOCKTMP   Tmp   = RTSPINLOCKTMP_INITIALIZER;
-        RTSpinlockAcquire(pThis->hSpinlock, &Tmp);
+        PPGMRZDYNMAP    pThis = PGMRZDYNMAP_SET_2_DYNMAP(pSet);
+        PGMRZDYNMAP_SPINLOCK_ACQUIRE(pThis);
 
         while (i-- > iSubset)
@@ -1716 +2039 @@
             int32_t  cRefs = pSet->aEntries[i].cRefs;
             Assert(cRefs > 0);
-            pgmR0DynMapReleasePageLocked(pThis, iPage, cRefs);
-
-            pSet->aEntries[i].iPage = UINT16_MAX;
-            pSet->aEntries[i].cRefs = 0;
-        }
-
-        RTSpinlockRelease(pThis->hSpinlock, &Tmp);
+            pgmRZDynMapReleasePageLocked(pThis, iPage, cRefs);
+
+            PGMRZDYNMAP_ZAP_ENTRY(&pSet->aEntries[i]);
+        }
+
+        PGMRZDYNMAP_SPINLOCK_RELEASE(pThis);
     }
 }
@@ -1738 +2060 @@
  *
  * @returns The index of the previous subset. Pass this to
- *        PGMDynMapPopAutoSubset when poping it.
+ *          PGMDynMapPopAutoSubset when popping it.
  * @param   pVCpu           Pointer to the virtual cpu data.
  */
-VMMDECL(uint32_t) PGMDynMapPushAutoSubset(PVMCPU pVCpu)
+VMMDECL(uint32_t) PGMRZDynMapPushAutoSubset(PVMCPU pVCpu)
 {
     PPGMMAPSET      pSet = &pVCpu->pgm.s.AutoSet;
     AssertReturn(pSet->cEntries != PGMMAPSET_CLOSED, UINT32_MAX);
     uint32_t        iPrevSubset = pSet->iSubset;
-    LogFlow(("PGMDynMapPushAutoSubset: pVCpu=%p iPrevSubset=%u\n", pVCpu, iPrevSubset));
+    LogFlow(("PGMRZDynMapPushAutoSubset: pVCpu=%p iPrevSubset=%u\n", pVCpu, iPrevSubset));
+
+#ifdef IN_RC
+    /* kludge */
+    if (pSet->cEntries > MM_HYPER_DYNAMIC_SIZE / PAGE_SIZE / 2)
+    {
+        STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapSetOptimize);
+        pgmDynMapOptimizeAutoSet(pSet);
+    }
+#endif
 
     pSet->iSubset = pSet->cEntries;
-    STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatR0DynMapSubsets);
+    STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapSubsets);
+
     return iPrevSubset;
 }
@@ -1760 +2092 @@
  * @param   iPrevSubset     What PGMDynMapPushAutoSubset returned.
  */
-VMMDECL(void) PGMDynMapPopAutoSubset(PVMCPU pVCpu, uint32_t iPrevSubset)
+VMMDECL(void) PGMRZDynMapPopAutoSubset(PVMCPU pVCpu, uint32_t iPrevSubset)
 {
     PPGMMAPSET      pSet = &pVCpu->pgm.s.AutoSet;
     uint32_t        cEntries = pSet->cEntries;
-    LogFlow(("PGMDynMapPopAutoSubset: pVCpu=%p iPrevSubset=%u iSubset=%u cEntries=%u\n", pVCpu, iPrevSubset, pSet->iSubset, cEntries));
+    LogFlow(("PGMRZDynMapPopAutoSubset: pVCpu=%p iPrevSubset=%u iSubset=%u cEntries=%u\n", pVCpu, iPrevSubset, pSet->iSubset, cEntries));
     AssertReturnVoid(cEntries != PGMMAPSET_CLOSED);
     AssertReturnVoid(pSet->iSubset >= iPrevSubset || iPrevSubset == UINT32_MAX);
-    STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->aStatR0DynMapSetSize[(cEntries * 10 / RT_ELEMENTS(pSet->aEntries)) % 11]);
+#ifdef IN_RC
+    if (RT_ELEMENTS(pSet->aEntries) > MM_HYPER_DYNAMIC_SIZE / PAGE_SIZE)
+        STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->aStatRZDynMapSetFilledPct[(cEntries * 10 / (MM_HYPER_DYNAMIC_SIZE / PAGE_SIZE)) % 11]);
+    else
+#endif
+        STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->aStatRZDynMapSetFilledPct[(cEntries * 10 / RT_ELEMENTS(pSet->aEntries)) % 11]);
     if (    cEntries >= RT_ELEMENTS(pSet->aEntries) * 40 / 100
         &&  cEntries != pSet->iSubset)
@@ -1779 +2116 @@
 
 /**
- * As a final resort for a full auto set, try merge duplicate entries.
- *
- * @param   pSet        The set.
- */
-static void pgmDynMapOptimizeAutoSet(PPGMMAPSET pSet)
-{
-    for (uint32_t i = 0 ; i < pSet->cEntries; i++)
-    {
-        uint16_t const  iPage = pSet->aEntries[i].iPage;
-        uint32_t        j     = i + 1;
-        while (j < pSet->cEntries)
-        {
-            if (pSet->aEntries[j].iPage != iPage)
-                j++;
-            else if ((uint32_t)pSet->aEntries[i].cRefs + (uint32_t)pSet->aEntries[j].cRefs < UINT16_MAX)
-            {
-                /* merge j into i removing j. */
-                pSet->aEntries[i].cRefs += pSet->aEntries[j].cRefs;
-                pSet->cEntries--;
-                if (j < pSet->cEntries)
+ * Indicates that the given page is unused and its mapping can be re-used.
+ *
+ * @param   pVCpu           The current CPU.
+ * @param   pvHint          The page that is now unused.  This does not have to
+ *                          point at the start of the page.  NULL is ignored.
+ */
+#ifdef LOG_ENABLED
+void pgmRZDynMapUnusedHint(PVMCPU pVCpu, void *pvHint, RT_SRC_POS_DECL)
+#else
+void pgmRZDynMapUnusedHint(PVMCPU pVCpu, void *pvHint)
+#endif
+{
+    /*
+     * Ignore NULL pointers and mask off the page offset bits.
+     */
+    if (pvHint == NULL)
+        return;
+    pvHint = (void *)((uintptr_t)pvHint & ~(uintptr_t)PAGE_OFFSET_MASK);
+
+    PPGMMAPSET  pSet    = &pVCpu->pgm.s.AutoSet;
+    uint32_t    iEntry  = pSet->cEntries;
+    AssertReturnVoid(iEntry > 0);
+
+    /*
+     * Find the entry in the usual unrolled fashion.
+     */
+#define IS_MATCHING_ENTRY(pSet, iEntry, pvHint) \
+        (   (pSet)->aEntries[(iEntry)].pvPage == (pvHint) \
+         &&   (uint32_t)(pSet)->aEntries[(iEntry)].cRefs + (pSet)->aEntries[(iEntry)].cInlinedRefs \
+            > (pSet)->aEntries[(iEntry)].cUnrefs )
+    if (     iEntry >= 1 && IS_MATCHING_ENTRY(pSet, iEntry - 1, pvHint))
+        iEntry = iEntry - 1;
+    else if (iEntry >= 2 && IS_MATCHING_ENTRY(pSet, iEntry - 2, pvHint))
+        iEntry = iEntry - 2;
+    else if (iEntry >= 3 && IS_MATCHING_ENTRY(pSet, iEntry - 3, pvHint))
+        iEntry = iEntry - 3;
+    else if (iEntry >= 4 && IS_MATCHING_ENTRY(pSet, iEntry - 4, pvHint))
+        iEntry = iEntry - 4;
+    else if (iEntry >= 5 && IS_MATCHING_ENTRY(pSet, iEntry - 5, pvHint))
+        iEntry = iEntry - 5;
+    else if (iEntry >= 6 && IS_MATCHING_ENTRY(pSet, iEntry - 6, pvHint))
+        iEntry = iEntry - 6;
+    else if (iEntry >= 7 && IS_MATCHING_ENTRY(pSet, iEntry - 7, pvHint))
+        iEntry = iEntry - 7;
+    else
+    {
+        /*
+         * Loop till we find it.
+         */
+        bool fFound = false;
+        if (iEntry > 7)
+        {
+            iEntry -= 7;
+            while (iEntry-- > 0)
+                if (IS_MATCHING_ENTRY(pSet, iEntry, pvHint))
                 {
-                    pSet->aEntries[j] = pSet->aEntries[pSet->cEntries];
-                    pSet->aEntries[pSet->cEntries].iPage = UINT16_MAX;
-                    pSet->aEntries[pSet->cEntries].cRefs = 0;
+                    fFound = true;
+                    break;
                 }
-                else
-                {
-                    pSet->aEntries[j].iPage = UINT16_MAX;
-                    pSet->aEntries[j].cRefs = 0;
-                }
-            }
-            else
-            {
-                /* migrate the max number of refs from j into i and quit the inner loop. */
-                uint32_t cMigrate = UINT16_MAX - 1 - pSet->aEntries[i].cRefs;
-                Assert(pSet->aEntries[j].cRefs > cMigrate);
-                pSet->aEntries[j].cRefs -= cMigrate;
-                pSet->aEntries[i].cRefs = UINT16_MAX - 1;
-                break;
-            }
-        }
-    }
-}
-
-
-/**
- * Common worker code for PGMDynMapHCPhys, pgmR0DynMapHCPageInlined and
- * pgmR0DynMapGCPageInlined.
+        }
+        AssertMsgReturnVoid(fFound,
+                            ("pvHint=%p cEntries=%#x iSubset=%#x\n"
+                             "aEntries[0] = {%#x, %#x, %#x, %#x, %p}\n"
+                             "aEntries[1] = {%#x, %#x, %#x, %#x, %p}\n"
+                             "aEntries[2] = {%#x, %#x, %#x, %#x, %p}\n"
+                             "aEntries[3] = {%#x, %#x, %#x, %#x, %p}\n"
+                             "aEntries[4] = {%#x, %#x, %#x, %#x, %p}\n"
+                             "aEntries[5] = {%#x, %#x, %#x, %#x, %p}\n"
+                             ,
+                             pvHint, pSet->cEntries, pSet->iSubset,
+                             pSet->aEntries[0].iPage, pSet->aEntries[0].cRefs, pSet->aEntries[0].cInlinedRefs, pSet->aEntries[0].cUnrefs, pSet->aEntries[0].pvPage,
+                             pSet->aEntries[1].iPage, pSet->aEntries[1].cRefs, pSet->aEntries[1].cInlinedRefs, pSet->aEntries[1].cUnrefs, pSet->aEntries[1].pvPage,
+                             pSet->aEntries[2].iPage, pSet->aEntries[2].cRefs, pSet->aEntries[2].cInlinedRefs, pSet->aEntries[2].cUnrefs, pSet->aEntries[2].pvPage,
+                             pSet->aEntries[3].iPage, pSet->aEntries[3].cRefs, pSet->aEntries[3].cInlinedRefs, pSet->aEntries[3].cUnrefs, pSet->aEntries[3].pvPage,
+                             pSet->aEntries[4].iPage, pSet->aEntries[4].cRefs, pSet->aEntries[4].cInlinedRefs, pSet->aEntries[4].cUnrefs, pSet->aEntries[4].pvPage,
+                             pSet->aEntries[5].iPage, pSet->aEntries[5].cRefs, pSet->aEntries[5].cInlinedRefs, pSet->aEntries[5].cUnrefs, pSet->aEntries[5].pvPage));
+    }
+#undef IS_MATCHING_ENTRY
+
+    /*
+     * Update it.
+     */
+    uint32_t const  cTotalRefs = (uint32_t)pSet->aEntries[iEntry].cRefs + pSet->aEntries[iEntry].cInlinedRefs;
+    uint32_t const  cUnrefs    = pSet->aEntries[iEntry].cUnrefs;
+    LogFlow(("pgmRZDynMapUnusedHint: pvHint=%p #%u cRefs=%d cInlinedRefs=%d cUnrefs=%d (+1) cTotalRefs=%d %s(%d) %s\n",
+             pvHint, iEntry, pSet->aEntries[iEntry].cRefs, pSet->aEntries[iEntry].cInlinedRefs, cUnrefs, cTotalRefs, pszFile, iLine, pszFunction));
+    AssertReturnVoid(cTotalRefs > cUnrefs);
+
+    if (RT_LIKELY(cUnrefs < UINT16_MAX - 1))
+        pSet->aEntries[iEntry].cUnrefs++;
+    else if (pSet->aEntries[iEntry].cInlinedRefs)
+    {
+        uint32_t cSub = RT_MIN(pSet->aEntries[iEntry].cInlinedRefs, pSet->aEntries[iEntry].cUnrefs);
+        pSet->aEntries[iEntry].cInlinedRefs -= cSub;
+        pSet->aEntries[iEntry].cUnrefs      -= cSub;
+        pSet->aEntries[iEntry].cUnrefs++;
+    }
+    else
+        Log(("pgmRZDynMapUnusedHint: pvHint=%p ignored because of overflow! %s(%d) %s\n", pvHint, pszFile, iLine, pszFunction));
+}
+
+
+/**
+ * Common worker code for pgmRZDynMapHCPageInlined, pgmRZDynMapHCPageV2Inlined
+ * and pgmR0DynMapGCPageOffInlined.
  *
  * @returns VINF_SUCCESS, bails out to ring-3 on failure.
@@ -1835 +2229 @@
  * @remarks This is a very hot path.
  */
-int pgmR0DynMapHCPageCommon(PPGMMAPSET pSet, RTHCPHYS HCPhys, void **ppv)
-{
-    LogFlow(("pgmR0DynMapHCPageCommon: pSet=%p HCPhys=%RHp ppv=%p\n", pSet, HCPhys, ppv));
-    AssertMsg(pSet->iCpu == RTMpCpuIdToSetIndex(RTMpCpuId()), ("%d %d(%d) efl=%#x\n", pSet->iCpu, RTMpCpuIdToSetIndex(RTMpCpuId()), RTMpCpuId(), ASMGetFlags()));
-    PVMCPU pVCpu = PGMR0DYNMAP_2_VMCPU(pSet);
+int pgmRZDynMapHCPageCommon(PPGMMAPSET pSet, RTHCPHYS HCPhys, void **ppv RTLOG_COMMA_SRC_POS_DECL)
+{
+    AssertMsg(pSet->iCpu == PGMRZDYNMAP_CUR_CPU(), ("%d %d efl=%#x\n", pSet->iCpu, PGMRZDYNMAP_CUR_CPU(), ASMGetFlags()));
+    PVMCPU pVCpu = PGMRZDYNMAP_SET_2_VMCPU(pSet);
+    STAM_PROFILE_START(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapHCPage, a);
 
     /*
      * Map it.
      */
-    void *pvPage;
-    uint32_t const  iPage = pgmR0DynMapPage(g_pPGMR0DynMap, HCPhys, pSet->iCpu, pVCpu, &pvPage);
+    void           *pvPage;
+    PPGMRZDYNMAP    pThis = PGMRZDYNMAP_SET_2_DYNMAP(pSet);
+    uint32_t        iPage = pgmR0DynMapPage(pThis, HCPhys, pSet->iCpu, pVCpu, &pvPage);
     if (RT_UNLIKELY(iPage == UINT32_MAX))
     {
-        RTAssertMsg2Weak("PGMDynMapHCPage: cLoad=%u/%u cPages=%u cGuardPages=%u\n",
-                         g_pPGMR0DynMap->cLoad, g_pPGMR0DynMap->cMaxLoad, g_pPGMR0DynMap->cPages, g_pPGMR0DynMap->cGuardPages);
-        if (!g_fPGMR0DynMapTestRunning)
-            VMMRZCallRing3NoCpu(PGMR0DYNMAP_2_VM(pSet), VMMCALLRING3_VM_R0_ASSERTION, 0);
-        *ppv = NULL;
-        return VERR_PGM_DYNMAP_FAILED;
+        /*
+         * We're out of mapping space, optimize our set to try remedy the
+         * situation.  (Only works if there are unreference hints.)
+         */
+        STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapSetOptimize);
+        pgmDynMapOptimizeAutoSet(pSet);
+
+        iPage = pgmR0DynMapPage(pThis, HCPhys, pSet->iCpu, pVCpu, &pvPage);
+        if (RT_UNLIKELY(iPage == UINT32_MAX))
+        {
+            RTAssertMsg2Weak("pgmRZDynMapHCPageCommon: cLoad=%u/%u cPages=%u cGuardPages=%u\n",
+                             pThis->cLoad, pThis->cMaxLoad, pThis->cPages, pThis->cGuardPages);
+            if (!g_fPGMR0DynMapTestRunning)
+                VMMRZCallRing3NoCpu(PGMRZDYNMAP_SET_2_VM(pSet), VMMCALLRING3_VM_R0_ASSERTION, 0);
+            *ppv = NULL;
+            STAM_PROFILE_STOP(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapHCPage, a);
+            return VERR_PGM_DYNMAP_FAILED;
+        }
     }
 
@@ -1869 +2276 @@
     {
         unsigned iEntry = pSet->cEntries++;
-        pSet->aEntries[iEntry].cRefs  = 1;
-        pSet->aEntries[iEntry].iPage  = iPage;
-        pSet->aEntries[iEntry].pvPage = pvPage;
-        pSet->aEntries[iEntry].HCPhys = HCPhys;
+        pSet->aEntries[iEntry].cRefs        = 1;
+        pSet->aEntries[iEntry].cUnrefs      = 0;
+        pSet->aEntries[iEntry].cInlinedRefs = 0;
+        pSet->aEntries[iEntry].iPage        = iPage;
+        pSet->aEntries[iEntry].pvPage       = pvPage;
+        pSet->aEntries[iEntry].HCPhys       = HCPhys;
         pSet->aiHashTable[PGMMAPSET_HASH(HCPhys)] = iEntry;
+        LogFlow(("pgmRZDynMapHCPageCommon: pSet=%p HCPhys=%RHp #%u/%u/%p cRefs=%u/0/0 iPage=%#x  [a] %s(%d) %s\n",
+                 pSet, HCPhys, iEntry, iEntry + 1, pvPage, 1, iPage, pszFile, iLine, pszFunction));
     }
     /* Any of the last 5 pages? */
     else if (   pSet->aEntries[i - 0].iPage == iPage
              && pSet->aEntries[i - 0].cRefs < UINT16_MAX - 1)
+    {
         pSet->aEntries[i - 0].cRefs++;
+        LogFlow(("pgmRZDynMapHCPageCommon: pSet=%p HCPhys=%RHp #%u/%u/%p cRefs=%u/%u/%u iPage=%#x [0] %s(%d) %s\n", pSet, HCPhys, i - 0, pSet->cEntries, pvPage, pSet->aEntries[i - 0].cRefs, pSet->aEntries[i - 0].cInlinedRefs, pSet->aEntries[i - 0].cUnrefs, iPage, pszFile, iLine, pszFunction));
+    }
     else if (   pSet->aEntries[i - 1].iPage == iPage
              && pSet->aEntries[i - 1].cRefs < UINT16_MAX - 1)
+    {
         pSet->aEntries[i - 1].cRefs++;
+        LogFlow(("pgmRZDynMapHCPageCommon: pSet=%p HCPhys=%RHp #%u/%u/%p cRefs=%u/%u/%u iPage=%#x [1] %s(%d) %s\n", pSet, HCPhys, i - 1, pSet->cEntries, pvPage, pSet->aEntries[i - 1].cRefs, pSet->aEntries[i - 1].cInlinedRefs, pSet->aEntries[i - 1].cUnrefs, iPage, pszFile, iLine, pszFunction));
+    }
     else if (   pSet->aEntries[i - 2].iPage == iPage
              && pSet->aEntries[i - 2].cRefs < UINT16_MAX - 1)
+    {
         pSet->aEntries[i - 2].cRefs++;
+        LogFlow(("pgmRZDynMapHCPageCommon: pSet=%p HCPhys=%RHp #%u/%u/%p cRefs=%u/%u/%u iPage=%#x [2] %s(%d) %s\n", pSet, HCPhys, i - 2, pSet->cEntries, pvPage, pSet->aEntries[i - 2].cRefs, pSet->aEntries[i - 2].cInlinedRefs, pSet->aEntries[i - 2].cUnrefs, iPage, pszFile, iLine, pszFunction));
+    }
     else if (   pSet->aEntries[i - 3].iPage == iPage
              && pSet->aEntries[i - 3].cRefs < UINT16_MAX - 1)
+    {
         pSet->aEntries[i - 3].cRefs++;
+        LogFlow(("pgmRZDynMapHCPageCommon: pSet=%p HCPhys=%RHp #%u/%u/%p cRefs=%u/%u/%u iPage=%#x [4] %s(%d) %s\n", pSet, HCPhys, i - 3, pSet->cEntries, pvPage, pSet->aEntries[i - 3].cRefs, pSet->aEntries[i - 3].cInlinedRefs, pSet->aEntries[i - 3].cUnrefs, iPage, pszFile, iLine, pszFunction));
+    }
     else if (   pSet->aEntries[i - 4].iPage == iPage
              && pSet->aEntries[i - 4].cRefs < UINT16_MAX - 1)
+    {
         pSet->aEntries[i - 4].cRefs++;
+        LogFlow(("pgmRZDynMapHCPageCommon: pSet=%p HCPhys=%RHp #%u/%u/%p cRefs=%u/%u/%u iPage=%#x [4] %s(%d) %s\n", pSet, HCPhys, i - 4, pSet->cEntries, pvPage, pSet->aEntries[i - 4].cRefs, pSet->aEntries[i - 4].cInlinedRefs, pSet->aEntries[i - 4].cUnrefs, iPage, pszFile, iLine, pszFunction));
+    }
     /* Don't bother searching unless we're above a 60% load. */
     else if (RT_LIKELY(i <= (int32_t)RT_ELEMENTS(pSet->aEntries) * 60 / 100))
     {
         unsigned iEntry = pSet->cEntries++;
-        pSet->aEntries[iEntry].cRefs  = 1;
-        pSet->aEntries[iEntry].iPage  = iPage;
-        pSet->aEntries[iEntry].pvPage = pvPage;
-        pSet->aEntries[iEntry].HCPhys = HCPhys;
+        pSet->aEntries[iEntry].cRefs        = 1;
+        pSet->aEntries[iEntry].cUnrefs      = 0;
+        pSet->aEntries[iEntry].cInlinedRefs = 0;
+        pSet->aEntries[iEntry].iPage        = iPage;
+        pSet->aEntries[iEntry].pvPage       = pvPage;
+        pSet->aEntries[iEntry].HCPhys       = HCPhys;
         pSet->aiHashTable[PGMMAPSET_HASH(HCPhys)] = iEntry;
+        LogFlow(("pgmRZDynMapHCPageCommon: pSet=%p HCPhys=%RHp #%u/%u/%p cRefs=1/0/0 iPage=%#x [b] %s(%d) %s\n", pSet, HCPhys, iEntry, pSet->cEntries, pvPage, iPage, pszFile, iLine, pszFunction));
     }
     else
@@ -1911 +2340 @@
             {
                 pSet->aEntries[i].cRefs++;
-                STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatR0DynMapSetSearchHits);
+                STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapSetSearchHits);
+                LogFlow(("pgmRZDynMapHCPageCommon: pSet=%p HCPhys=%RHp #%u/%u/%p cRefs=%u/%u/%u iPage=%#x [c] %s(%d) %s\n", pSet, HCPhys, i, pSet->cEntries, pvPage, pSet->aEntries[i].cRefs, pSet->aEntries[i].cInlinedRefs, pSet->aEntries[i].cUnrefs, iPage, pszFile, iLine, pszFunction));
                 break;
             }
         if (i < 0)
         {
-            STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatR0DynMapSetSearchMisses);
+            STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapSetSearchMisses);
             if (pSet->iSubset < pSet->cEntries)
             {
-                STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatR0DynMapSetSearchFlushes);
-                STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->aStatR0DynMapSetSize[(pSet->cEntries * 10 / RT_ELEMENTS(pSet->aEntries)) % 11]);
+                STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapSetSearchFlushes);
+                STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->aStatRZDynMapSetFilledPct[(pSet->cEntries * 10 / RT_ELEMENTS(pSet->aEntries)) % 11]);
                 AssertMsg(pSet->cEntries < PGMMAPSET_MAX_FILL, ("%u\n", pSet->cEntries));
                 pgmDynMapFlushSubset(pSet);
@@ -1927 +2357 @@
             if (RT_UNLIKELY(pSet->cEntries >= RT_ELEMENTS(pSet->aEntries)))
             {
-                STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatR0DynMapSetOptimize);
+                STAM_COUNTER_INC(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapSetOptimize);
                 pgmDynMapOptimizeAutoSet(pSet);
             }
@@ -1934 +2364 @@
             {
                 unsigned iEntry = pSet->cEntries++;
-                pSet->aEntries[iEntry].cRefs  = 1;
-                pSet->aEntries[iEntry].iPage  = iPage;
-                pSet->aEntries[iEntry].pvPage = pvPage;
-                pSet->aEntries[iEntry].HCPhys = HCPhys;
+                pSet->aEntries[iEntry].cRefs        = 1;
+                pSet->aEntries[iEntry].cUnrefs      = 0;
+                pSet->aEntries[iEntry].cInlinedRefs = 0;
+                pSet->aEntries[iEntry].iPage        = iPage;
+                pSet->aEntries[iEntry].pvPage       = pvPage;
+                pSet->aEntries[iEntry].HCPhys       = HCPhys;
                 pSet->aiHashTable[PGMMAPSET_HASH(HCPhys)] = iEntry;
+                LogFlow(("pgmRZDynMapHCPageCommon: pSet=%p HCPhys=%RHp #%u/%u/%p cRefs=1/0/0 iPage=%#x [d] %s(%d) %s\n", pSet, HCPhys, iEntry, pSet->cEntries, pvPage, iPage, pszFile, iLine, pszFunction));
             }
             else
             {
                 /* We're screwed. */
-                pgmR0DynMapReleasePage(g_pPGMR0DynMap, iPage, 1);
-
-                RTAssertMsg2Weak("PGMDynMapHCPage: set is full!\n");
+                pgmRZDynMapReleasePage(pThis, iPage, 1);
+
+                RTAssertMsg2Weak("pgmRZDynMapHCPageCommon: set is full!\n");
                 if (!g_fPGMR0DynMapTestRunning)
-                    VMMRZCallRing3NoCpu(PGMR0DYNMAP_2_VM(pSet), VMMCALLRING3_VM_R0_ASSERTION, 0);
+                    VMMRZCallRing3NoCpu(PGMRZDYNMAP_SET_2_VM(pSet), VMMCALLRING3_VM_R0_ASSERTION, 0);
                 *ppv = NULL;
+                STAM_PROFILE_STOP(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapHCPage, a);
                 return VERR_PGM_DYNMAP_FULL_SET;
             }
@@ -1955 +2389 @@
 
     *ppv = pvPage;
+    STAM_PROFILE_STOP(&pVCpu->pgm.s.CTX_SUFF(pStats)->StatRZDynMapHCPage, a);
     return VINF_SUCCESS;
 }
-
-
-#if 0 /* Not used in R0, should internalized the other PGMDynMapHC/GCPage too. */
-/* documented elsewhere - a bit of a mess. */
-VMMDECL(int) PGMDynMapHCPage(PVM pVM, RTHCPHYS HCPhys, void **ppv)
-{
-#ifdef VBOX_WITH_STATISTICS
-    PVMCPU pVCpu = VMMGetCpu(pVM);
-#endif
-    /*
-     * Validate state.
-     */
-    STAM_PROFILE_START(&pVCpu->pgm.s.StatR0DynMapHCPage, a);
-    AssertPtr(ppv);
-    AssertMsg(pVM->pgm.s.pvR0DynMapUsed == g_pPGMR0DynMap,
-              ("%p != %p\n", pVM->pgm.s.pvR0DynMapUsed, g_pPGMR0DynMap));
-    AssertMsg(!(HCPhys & PAGE_OFFSET_MASK), ("HCPhys=%RHp\n", HCPhys));
-    PVMCPU          pVCpu   = VMMGetCpu(pVM);
-    AssertPtr(pVCpu);
-    PPGMMAPSET      pSet    = &pVCpu->pgm.s.AutoSet;
-    AssertMsg(pSet->cEntries <= RT_ELEMENTS(pSet->aEntries),
-              ("%#x (%u)\n", pSet->cEntries, pSet->cEntries));
-
-    /*
-     * Call common code.
-     */
-    int rc = pgmR0DynMapHCPageCommon(pSet, HCPhys, ppv);
-
-    STAM_PROFILE_STOP(&pVCpu->pgm.s.StatR0DynMapHCPage, a);
-    return rc;
-}
-#endif
 
 
@@ -2025 +2428 @@
 {
     LogRel(("pgmR0DynMapTest: ****** START ******\n"));
-    PPGMR0DYNMAP    pThis = g_pPGMR0DynMap;
     PPGMMAPSET      pSet  = &pVM->aCpus[0].pgm.s.AutoSet;
+    PPGMRZDYNMAP    pThis = PGMRZDYNMAP_SET_2_DYNMAP(pSet);
     uint32_t        i;
 
@@ -2047 +2450 @@
     LogRel(("Test #1\n"));
     ASMIntDisable();
-    PGMDynMapStartAutoSet(&pVM->aCpus[0]);
+    PGMRZDynMapStartAutoSet(&pVM->aCpus[0]);
 
     uint64_t cr3 = ASMGetCR3() & ~(uint64_t)PAGE_OFFSET_MASK;
     void    *pv  = (void *)(intptr_t)-1;
     void    *pv2 = (void *)(intptr_t)-2;
-    rc           = PGMDynMapHCPage(pVM, cr3, &pv);
-    int      rc2 = PGMDynMapHCPage(pVM, cr3, &pv2);
+    rc           = pgmRZDynMapHCPageCommon(pVM, cr3, &pv  RTLOG_COMMA_SRC_POS);
+    int      rc2 = pgmRZDynMapHCPageCommon(pVM, cr3, &pv2 RTLOG_COMMA_SRC_POS);
     ASMIntEnable();
     if (    RT_SUCCESS(rc2)
@@ -2068 +2471 @@
         LogRel(("Test #2\n"));
         ASMIntDisable();
-        PGMDynMapMigrateAutoSet(&pVM->aCpus[0]);
+        PGMR0DynMapMigrateAutoSet(&pVM->aCpus[0]);
         for (i = 0 ; i < UINT16_MAX*2 - 1 && RT_SUCCESS(rc) && pv2 == pv; i++)
         {
             pv2 = (void *)(intptr_t)-4;
-            rc = PGMDynMapHCPage(pVM, cr3, &pv2);
+            rc = pgmRZDynMapHCPageCommon(pVM, cr3, &pv2 RTLOG_COMMA_SRC_POS);
         }
         ASMIntEnable();
@@ -2106 +2509 @@
             LogRel(("Test #3\n"));
             ASMIntDisable();
-            PGMDynMapMigrateAutoSet(&pVM->aCpus[0]);
+            PGMR0DynMapMigrateAutoSet(&pVM->aCpus[0]);
             pv2 = NULL;
             for (i = 0 ; i < RT_ELEMENTS(pSet->aEntries) - 5 && RT_SUCCESS(rc) && pv2 != pv; i++)
             {
                 pv2 = (void *)(intptr_t)(-5 - i);
-                rc = PGMDynMapHCPage(pVM, cr3 + PAGE_SIZE * (i + 5), &pv2);
+                rc = pgmRZDynMapHCPageCommon(pVM, cr3 + PAGE_SIZE * (i + 5), &pv2 RTLOG_COMMA_SRC_POS);
             }
             ASMIntEnable();
@@ -2134 +2537 @@
                 LogRel(("Test #4\n"));
                 ASMIntDisable();
-                PGMDynMapMigrateAutoSet(&pVM->aCpus[0]);
+                PGMR0DynMapMigrateAutoSet(&pVM->aCpus[0]);
                 for (i = 0 ; i < RT_ELEMENTS(pSet->aEntries) + 2; i++)
                 {
-                    rc = PGMDynMapHCPage(pVM, cr3 - PAGE_SIZE * (i + 5), &pv2);
+                    rc = pgmRZDynMapHCPageCommon(pVM, cr3 - PAGE_SIZE * (i + 5), &pv2 RTLOG_COMMA_SRC_POS);
                     if (RT_SUCCESS(rc))
                         rc = PGMR0DynMapAssertIntegrity();
@@ -2149 +2552 @@
                     LogRel(("Test #5\n"));
                     ASMIntDisable();
-                    PGMDynMapMigrateAutoSet(&pVM->aCpus[0]);
-                    PGMDynMapReleaseAutoSet(&pVM->aCpus[0]);
-                    PGMDynMapStartAutoSet(&pVM->aCpus[0]);
+                    PGMR0DynMapMigrateAutoSet(&pVM->aCpus[0]);
+                    PGMRZDynMapReleaseAutoSet(&pVM->aCpus[0]);
+                    PGMRZDynMapStartAutoSet(&pVM->aCpus[0]);
                     ASMIntEnable();
 
@@ -2179 +2582 @@
         LogRel(("Test #5\n"));
         ASMIntDisable();
-        PGMDynMapMigrateAutoSet(&pVM->aCpus[0]);
+        PGMR0DynMapMigrateAutoSet(&pVM->aCpus[0]);
         RTHCPHYS  HCPhysPT = RTR0MemObjGetPagePhysAddr(pThis->pSegHead->ahMemObjPTs[0], 0);
-        rc  = PGMDynMapHCPage(pVM, HCPhysPT, &pv);
+        rc  = pgmRZDynMapHCPageCommon(pVM, HCPhysPT, &pv RTLOG_COMMA_SRC_POS);
         if (RT_SUCCESS(rc))
         {
@@ -2216 +2619 @@
     LogRel(("Cleanup.\n"));
     ASMIntDisable();
-    PGMDynMapMigrateAutoSet(&pVM->aCpus[0]);
-    PGMDynMapFlushAutoSet(&pVM->aCpus[0]);
-    PGMDynMapReleaseAutoSet(&pVM->aCpus[0]);
+    PGMR0DynMapMigrateAutoSet(&pVM->aCpus[0]);
+    PGMRZDynMapFlushAutoSet(&pVM->aCpus[0]);
+    PGMRZDynMapReleaseAutoSet(&pVM->aCpus[0]);
     ASMIntEnable();
 

trunk/src/VBox/VMM/testcase/tstVMStructRC.cpp

@@ -461 +461 @@
     GEN_CHECK_OFF(PGMCPU, offVCpu);
     GEN_CHECK_OFF(PGMCPU, offPGM);
-#ifdef VBOX_WITH_2X_4GB_ADDR_SPACE
+#if defined(VBOX_WITH_2X_4GB_ADDR_SPACE) || defined(VBOX_WITH_RAW_MODE)
     GEN_CHECK_OFF(PGMCPU, AutoSet);
 #endif
@@ -568 +568 @@
     GEN_CHECK_OFF(PGM, HCPhysInterPaePML4);
     GEN_CHECK_OFF(PGM, pbDynPageMapBaseGC);
-    GEN_CHECK_OFF(PGM, iDynPageMapLast);
-    GEN_CHECK_OFF(PGM, aHCPhysDynPageMapCache);
+    GEN_CHECK_OFF(PGM, pRCDynMap);
     GEN_CHECK_OFF(PGM, pvR0DynMapUsed);
     GEN_CHECK_OFF(PGM, GCPhys4MBPSEMask);
@@ -575 +574 @@
     GEN_CHECK_OFF(PGMCPU, fA20Enabled);
     GEN_CHECK_OFF(PGMCPU, fSyncFlags);
-    GEN_CHECK_OFF(PGM, aHCPhysDynPageMapCache);
-    GEN_CHECK_OFF(PGM, aLockedDynPageMapCache);
     GEN_CHECK_OFF(PGM, CritSect);
     GEN_CHECK_OFF(PGM, pPoolR3);
@@ -788 +785 @@
     GEN_CHECK_OFF(PGMPOOL, aPages[1]);
     GEN_CHECK_OFF(PGMPOOL, aPages[PGMPOOL_IDX_FIRST - 1]);
+    GEN_CHECK_SIZE(PGMRCDYNMAP);
+    GEN_CHECK_OFF(PGMRCDYNMAP, u32Magic);
+    GEN_CHECK_OFF(PGMRCDYNMAP, paPages);
+    GEN_CHECK_OFF(PGMRCDYNMAP, cPages);
+    GEN_CHECK_OFF(PGMRCDYNMAP, fLegacyMode);
+    GEN_CHECK_OFF(PGMRCDYNMAP, cLoad);
+    GEN_CHECK_OFF(PGMRCDYNMAP, cMaxLoad);
+    GEN_CHECK_OFF(PGMRCDYNMAP, cGuardPages);
+    GEN_CHECK_OFF(PGMRCDYNMAP, cUsers);
+    GEN_CHECK_SIZE(PGMRCDYNMAPENTRY);
+    GEN_CHECK_OFF(PGMRCDYNMAPENTRY, HCPhys);
+    GEN_CHECK_OFF(PGMRCDYNMAPENTRY, pvPage);
+    GEN_CHECK_OFF(PGMRCDYNMAPENTRY, cRefs);
+    GEN_CHECK_OFF(PGMRCDYNMAPENTRY, uPte.pLegacy);
+    GEN_CHECK_OFF(PGMRCDYNMAPENTRY, uPte.pPae);
+    GEN_CHECK_OFF(PGMRCDYNMAPENTRY, uPte.pv);
+    GEN_CHECK_OFF(PGMMAPSETENTRY, pvPage);
+    GEN_CHECK_OFF(PGMMAPSETENTRY, iPage);
+    GEN_CHECK_OFF(PGMMAPSETENTRY, cRefs);
+    GEN_CHECK_OFF(PGMMAPSETENTRY, cInlinedRefs);
+    GEN_CHECK_OFF(PGMMAPSETENTRY, cUnrefs);
+    GEN_CHECK_OFF(PGMMAPSETENTRY, HCPhys);
 
     GEN_CHECK_SIZE(REM);

trunk/src/VBox/VMM/testcase/tstVMStructSize.cpp

@@ -332 +332 @@
 
     /* pgm */
-#ifdef VBOX_WITH_2X_4GB_ADDR_SPACE
+#if defined(VBOX_WITH_2X_4GB_ADDR_SPACE)  || defined(VBOX_WITH_RAW_MODE)
     CHECK_MEMBER_ALIGNMENT(PGMCPU, AutoSet, 8);
 #endif