儲存庫 vbox 的更動 18291

時間撮記:

2009-3-26 上午05:11:07 (16 年 以前)

作者:

vboxsync

訊息:

PGM: Map PGMRAMRANGES above 4GB outside HMA (see defect). Changed PGMR3MapPT to take a flag indicating whether PGMR3UnmapPT will be used; this way we can select a more optimal allocation function for the ram ranges. PGMMapResolveConflicts: Walk the list correctly after reloc. pgmMapClearShadowPDEs: Don't clear PGM_PLXFLAGS_MAPPING when we shouldn't (odd PAE cases).

位置:

trunk

檔案:

• include/VBox/pgm.h (修改) (1 筆差異)
• src/VBox/VMM/MMHyper.cpp (修改) (1 筆差異)
• src/VBox/VMM/PGM.cpp (修改) (2 筆差異)
• src/VBox/VMM/PGMInternal.h (修改) (10 筆差異)
• src/VBox/VMM/PGMMap.cpp (修改) (12 筆差異)
• src/VBox/VMM/PGMPhys.cpp (修改) (16 筆差異)
• src/VBox/VMM/VMMAll/PGMAllMap.cpp (修改) (24 筆差異)

trunk/include/VBox/pgm.h

@@ -511 +511 @@
 #endif /* !VBOX_WITH_NEW_PHYS_CODE */
 VMMDECL(void)       PGMR3PhysSetA20(PVM pVM, bool fEnable);
-VMMR3DECL(int)      PGMR3MapPT(PVM pVM, RTGCPTR GCPtr, uint32_t cb, PFNPGMRELOCATE pfnRelocate, void *pvUser, const char *pszDesc);
+/** @name PGMR3MapPT flags.
+ * @{ */
+/** The mapping may be unmapped later. The default is permanent mappings. */
+#define PGMR3MAPPT_FLAGS_UNMAPPABLE     RT_BIT(0)
+/** @} */
+VMMR3DECL(int)      PGMR3MapPT(PVM pVM, RTGCPTR GCPtr, uint32_t cb, uint32_t fFlags, PFNPGMRELOCATE pfnRelocate, void *pvUser, const char *pszDesc);
 VMMR3DECL(int)      PGMR3UnmapPT(PVM pVM, RTGCPTR GCPtr);
 VMMR3DECL(int)      PGMR3FinalizeMappings(PVM pVM);

trunk/src/VBox/VMM/MMHyper.cpp

@@ -160 +160 @@
     while ((RTINT)pVM->mm.s.offHyperNextStatic + 64*_1K < (RTINT)pVM->mm.s.cbHyperArea - _4M)
         pVM->mm.s.cbHyperArea -= _4M;
-    int rc = PGMR3MapPT(pVM, pVM->mm.s.pvHyperAreaGC, pVM->mm.s.cbHyperArea,
+    int rc = PGMR3MapPT(pVM, pVM->mm.s.pvHyperAreaGC, pVM->mm.s.cbHyperArea, 0 /*fFlags*/,
                         mmR3HyperRelocateCallback, NULL, "Hypervisor Memory Area");
     if (RT_FAILURE(rc))

trunk/src/VBox/VMM/PGM.cpp

@@ -1185 +1185 @@
     pVM->pgm.s.enmHostMode      = SUPPAGINGMODE_INVALID;
     pVM->pgm.s.GCPhysCR3        = NIL_RTGCPHYS;
+    pVM->pgm.s.GCPtrPrevRamRangeMapping = MM_HYPER_AREA_ADDRESS;
     pVM->pgm.s.fA20Enabled      = true;
     pVM->pgm.s.GCPhys4MBPSEMask = RT_BIT_64(32) - 1; /* default; checked later */
@@ -1926 +1927 @@
     if (pVM->pgm.s.pRamRangesR3)
     {
-        pVM->pgm.s.pRamRangesRC = MMHyperR3ToRC(pVM, pVM->pgm.s.pRamRangesR3);
-        for (PPGMRAMRANGE pCur = pVM->pgm.s.pRamRangesR3; pCur->pNextR3; pCur = pCur->pNextR3)
-            pCur->pNextRC = MMHyperR3ToRC(pVM, pCur->pNextR3);
+        /* Update the pSelfRC pointers and relink them. */
+        for (PPGMRAMRANGE pCur = pVM->pgm.s.pRamRangesR3; pCur; pCur = pCur->pNextR3)
+            if (!(pCur->fFlags & PGM_RAM_RANGE_FLAGS_FLOATING))
+                pCur->pSelfRC = MMHyperCCToRC(pVM, pCur);
+        pgmR3PhysRelinkRamRanges(pVM);
     }
 

trunk/src/VBox/VMM/PGMInternal.h

@@ -364 +364 @@
 #endif
 
-/** Size of the GCPtrConflict array in PGMMAPPING. */
+/** Size of the GCPtrConflict array in PGMMAPPING.
+ * @remarks Must be a power of two. */
 #define PGMMAPPING_CONFLICT_MAX         8
 
@@ -395 +396 @@
     R3PTRTYPE(const char *)             pszDesc;
     /** Last 8 addresses that caused conflicts. */
-    RTGCPTR                             GCPtrConflict[PGMMAPPING_CONFLICT_MAX];
+    RTGCPTR                             aGCPtrConflicts[PGMMAPPING_CONFLICT_MAX];
     /** Number of conflicts for this hypervisor mapping. */
     uint32_t                            cConflicts;
@@ -1015 +1016 @@
 typedef struct PGMRAMRANGE
 {
+    /** Start of the range. Page aligned. */
+    RTGCPHYS                            GCPhys;
+    /** Size of the range. (Page aligned of course). */
+    RTGCPHYS                            cb;
     /** Pointer to the next RAM range - for R3. */
     R3PTRTYPE(struct PGMRAMRANGE *)     pNextR3;
@@ -1021 +1026 @@
     /** Pointer to the next RAM range - for RC. */
     RCPTRTYPE(struct PGMRAMRANGE *)     pNextRC;
-    /** Pointer alignment. */
-    RTRCPTR                             RCPtrAlignment;
-    /** Start of the range. Page aligned. */
-    RTGCPHYS                            GCPhys;
+    /** PGM_RAM_RANGE_FLAGS_* flags. */
+    uint32_t                            fFlags;
     /** Last address in the range (inclusive). Page aligned (-1). */
     RTGCPHYS                            GCPhysLast;
-    /** Size of the range. (Page aligned of course). */
-    RTGCPHYS                            cb;
-    /** MM_RAM_* flags */
-    uint32_t                            fFlags;
-    uint32_t                            u32Alignment; /**< alignment. */
+    /** Start of the HC mapping of the range. This is only used for MMIO2. */
+    R3PTRTYPE(void *)                   pvR3;
 #ifndef VBOX_WITH_NEW_PHYS_CODE
     /** R3 virtual lookup ranges for chunks.
@@ -1042 +1042 @@
 # endif
 #endif
-    /** Start of the HC mapping of the range. This is only used for MMIO2. */
-    R3PTRTYPE(void *)                   pvR3;
     /** The range description. */
     R3PTRTYPE(const char *)             pszDesc;
-
+    /** Pointer to self - R0 pointer. */
+    R0PTRTYPE(struct PGMRAMRANGE *)     pSelfR0;
+    /** Pointer to self - RC pointer. */
+    RCPTRTYPE(struct PGMRAMRANGE *)     pSelfRC;
     /** Padding to make aPage aligned on sizeof(PGMPAGE). */
-#ifdef VBOX_WITH_NEW_PHYS_CODE
-    uint32_t                            au32Reserved[2];
-#elif HC_ARCH_BITS == 32
-    uint32_t                            au32Reserved[1];
-#endif
-
+#if HC_ARCH_BITS == (defined(VBOX_WITH_NEW_PHYS_CODE) ? 64 : 32)
+    uint32_t                            u32Alignment2;
+#endif
     /** Array of physical guest page tracking structures. */
     PGMPAGE                             aPages[1];
@@ -1060 +1058 @@
 typedef PGMRAMRANGE *PPGMRAMRANGE;
 
-#ifndef VBOX_WITH_NEW_PHYS_CODE
+#ifdef VBOX_WITH_NEW_PHYS_CODE
+/** @name PGMRAMRANGE::fFlags
+ * @{ */
+/** The RAM range is floating around as an independent guest mapping. */
+#define PGM_RAM_RANGE_FLAGS_FLOATING        RT_BIT(20)
+/** @} */
+#else
 /** Return hc ptr corresponding to the ram range and physical offset */
 #define PGMRAMRANGE_GETHCPTR(pRam, off) \
@@ -2380 +2384 @@
     /** RC pointer corresponding to PGM::pRamRangesR3. */
     RCPTRTYPE(PPGMRAMRANGE)         pRamRangesRC;
-    /** The configured RAM size. */
+    /** The configured RAM size.
+     * @remarks Do NOT use this, it's too small to hold the whole stuff.
+     * @todo    Remove with VBOX_WITH_NEW_PHYS_CODE! */
     RTUINT                          cbRamSize;
 
@@ -2428 +2434 @@
     /** Base address (GC) of fixed mapping */
     RTGCPTR                         GCPtrMappingFixed;
-#if HC_ARCH_BITS == 64 && GC_ARCH_BITS == 32
-    uint32_t                        u32Padding0; /**< alignment padding. */
-#endif
-
+    /** The address of the previous RAM range mapping. */
+    RTGCPTR                         GCPtrPrevRamRangeMapping;
 
     /** @name Intermediate Context
@@ -2889 +2893 @@
 #ifdef IN_RING3
 int             pgmR3PhysChunkMap(PVM pVM, uint32_t idChunk, PPPGMCHUNKR3MAP ppChunk);
+void            pgmR3PhysRelinkRamRanges(PVM pVM);
 int             pgmR3PhysRamReset(PVM pVM);
 int             pgmR3PhysRomReset(PVM pVM);
@@ -2929 +2934 @@
 #endif
 
-void            pgmMapClearShadowPDEs(PVM pVM, PPGMPOOLPAGE pShwPageCR3, PPGMMAPPING pMap, unsigned iOldPDE);
 void            pgmMapSetShadowPDEs(PVM pVM, PPGMMAPPING pMap, unsigned iNewPDE);
+void            pgmMapClearShadowPDEs(PVM pVM, PPGMPOOLPAGE pShwPageCR3, PPGMMAPPING pMap, unsigned iOldPDE, bool fDeactivateCR3);
+int             pgmMapActivateCR3(PVM pVM, PPGMPOOLPAGE pShwPageCR3);
 int             pgmMapDeactivateCR3(PVM pVM, PPGMPOOLPAGE pShwPageCR3);
-int             pgmMapActivateCR3(PVM pVM, PPGMPOOLPAGE pShwPageCR3);
 
 int             pgmShwSyncPaePDPtr(PVM pVM, RTGCPTR GCPtr, PX86PDPE pGstPdpe, PX86PDPAE *ppPD);

trunk/src/VBox/VMM/PGMMap.cpp

@@ -53 +53 @@
  * @param   GCPtr           Virtual Address. (Page table aligned!)
  * @param   cb              Size of the range. Must be a 4MB aligned!
+ * @param   fFlags          PGMR3MAPPT_FLAGS_UNMAPPABLE or 0.
  * @param   pfnRelocate     Relocation callback function.
  * @param   pvUser          User argument to the callback.
  * @param   pszDesc         Pointer to description string. This must not be freed.
  */
-VMMR3DECL(int) PGMR3MapPT(PVM pVM, RTGCPTR GCPtr, uint32_t cb, PFNPGMRELOCATE pfnRelocate, void *pvUser, const char *pszDesc)
-{
-    LogFlow(("PGMR3MapPT: GCPtr=%#x cb=%d pfnRelocate=%p pvUser=%p pszDesc=%s\n", GCPtr, cb, pfnRelocate, pvUser, pszDesc));
+VMMR3DECL(int) PGMR3MapPT(PVM pVM, RTGCPTR GCPtr, uint32_t cb, uint32_t fFlags, PFNPGMRELOCATE pfnRelocate, void *pvUser, const char *pszDesc)
+{
+    LogFlow(("PGMR3MapPT: GCPtr=%#x cb=%d fFlags=%#x pfnRelocate=%p pvUser=%p pszDesc=%s\n", GCPtr, cb, fFlags, pfnRelocate, pvUser, pszDesc));
     AssertMsg(pVM->pgm.s.pInterPD, ("Paging isn't initialized, init order problems!\n"));
 
@@ -65 +66 @@
      * Validate input.
      */
+    Assert(!fFlags || fFlags == PGMR3MAPPT_FLAGS_UNMAPPABLE);
     if (cb < _2M || cb > 64 * _1M)
     {
@@ -130 +132 @@
      */
     PPGMMAPPING pNew;
-    int rc = MMHyperAlloc(pVM, RT_OFFSETOF(PGMMAPPING, aPTs[cPTs]), 0, MM_TAG_PGM, (void **)&pNew);
+    int rc;
+    if (fFlags & PGMR3MAPPT_FLAGS_UNMAPPABLE)
+        rc = MMHyperAlloc(           pVM, RT_OFFSETOF(PGMMAPPING, aPTs[cPTs]), 0, MM_TAG_PGM_MAPPINGS, (void **)&pNew);
+    else
+        rc = MMR3HyperAllocOnceNoRel(pVM, RT_OFFSETOF(PGMMAPPING, aPTs[cPTs]), 0, MM_TAG_PGM_MAPPINGS, (void **)&pNew);
     if (RT_FAILURE(rc))
         return rc;
@@ -146 +152 @@
      */
     uint8_t *pbPTs;
-    rc = MMHyperAlloc(pVM, PAGE_SIZE * 3 * cPTs, PAGE_SIZE, MM_TAG_PGM, (void **)&pbPTs);
+    if (fFlags & PGMR3MAPPT_FLAGS_UNMAPPABLE)
+        rc = MMHyperAlloc(           pVM, PAGE_SIZE * 3 * cPTs, PAGE_SIZE, MM_TAG_PGM_MAPPINGS, (void **)&pbPTs);
+    else
+        rc = MMR3HyperAllocOnceNoRel(pVM, PAGE_SIZE * 3 * cPTs, PAGE_SIZE, MM_TAG_PGM_MAPPINGS, (void **)&pbPTs);
     if (RT_FAILURE(rc))
     {
@@ -216 +225 @@
  * @param   pVM     VM Handle.
  * @param   GCPtr   Virtual Address. (Page table aligned!)
+ *
+ * @remarks Don't call this without passing PGMR3MAPPT_FLAGS_UNMAPPABLE to
+ *          PGMR3MapPT or you'll burn in the heap.
  */
 VMMR3DECL(int)  PGMR3UnmapPT(PVM pVM, RTGCPTR GCPtr)
@@ -648 +660 @@
 
     /*
-     * Mark the mappings as fixed (using fake values) and disabled. 
+     * Mark the mappings as fixed (using fake values) and disabled.
      */
     pVM->pgm.s.fDisableMappings  = true;
@@ -900 +912 @@
     unsigned i = pMap->cPTs;
 
-    pgmMapClearShadowPDEs(pVM, pVM->pgm.s.CTX_SUFF(pShwPageCR3), pMap, iOldPDE);
+    pgmMapClearShadowPDEs(pVM, pVM->pgm.s.CTX_SUFF(pShwPageCR3), pMap, iOldPDE, false /*fDeactivateCR3*/);
 
     iOldPDE += i;
@@ -1070 +1082 @@
 }
 
+
 /**
  * Checks if a new mapping address wasn't previously used and caused a clash with guest mappings.
@@ -1079 +1092 @@
 bool pgmR3MapIsKnownConflictAddress(PPGMMAPPING pMapping, RTGCPTR GCPtr)
 {
-    for (unsigned i=0; i<RT_ELEMENTS(pMapping->GCPtrConflict); i++)
-    {
-        if (GCPtr == pMapping->GCPtrConflict[i])
+    for (unsigned i = 0; i < RT_ELEMENTS(pMapping->aGCPtrConflicts); i++)
+    {
+        if (GCPtr == pMapping->aGCPtrConflicts[i])
             return true;
     }
     return false;
 }
+
 
 /**
@@ -1102 +1116 @@
     STAM_PROFILE_START(&pVM->pgm.s.StatR3ResolveConflict, a);
 
-    pMapping->GCPtrConflict[pMapping->cConflicts & (PGMMAPPING_CONFLICT_MAX-1)] = GCPtrOldMapping;
+    pMapping->aGCPtrConflicts[pMapping->cConflicts & (PGMMAPPING_CONFLICT_MAX-1)] = GCPtrOldMapping;
     pMapping->cConflicts++;
 
@@ -1175 +1189 @@
     STAM_PROFILE_START(&pVM->pgm.s.StatR3ResolveConflict, a);
 
-    pMapping->GCPtrConflict[pMapping->cConflicts & (PGMMAPPING_CONFLICT_MAX-1)] = GCPtrOldMapping;
+    pMapping->aGCPtrConflicts[pMapping->cConflicts & (PGMMAPPING_CONFLICT_MAX-1)] = GCPtrOldMapping;
     pMapping->cConflicts++;
 
@@ -1244 +1258 @@
 }
 
+
 /**
  * Read memory from the guest mappings.

trunk/src/VBox/VMM/PGMPhys.cpp

@@ -572 +572 @@
 
 /**
+ * Relinks the RAM ranges using the pSelfRC and pSelfR0 pointers.
+ *
+ * Called when anything was relocated.
+ *
+ * @param   pVM         Pointer to the shared VM structure.
+ */
+void pgmR3PhysRelinkRamRanges(PVM pVM)
+{
+    PPGMRAMRANGE pCur;
+
+#ifdef VBOX_STRICT
+    for (pCur = pVM->pgm.s.pRamRangesR3; pCur; pCur = pCur->pNextR3)
+    {
+        Assert((pCur->fFlags & PGM_RAM_RANGE_FLAGS_FLOATING) || pCur->pSelfR0 == MMHyperCCToR0(pVM, pCur));
+        Assert((pCur->fFlags & PGM_RAM_RANGE_FLAGS_FLOATING) || pCur->pSelfRC == MMHyperCCToRC(pVM, pCur));
+        Assert((pCur->GCPhys     & PAGE_OFFSET_MASK) == 0);
+        Assert((pCur->GCPhysLast & PAGE_OFFSET_MASK) == PAGE_OFFSET_MASK);
+        Assert((pCur->cb         & PAGE_OFFSET_MASK) == 0);
+        Assert(pCur->cb == pCur->GCPhysLast - pCur->GCPhys + 1);
+        for (PPGMRAMRANGE pCur2 = pVM->pgm.s.pRamRangesR3; pCur2; pCur2 = pCur2->pNextR3)
+            Assert(   pCur2 == pCur
+                   || strcmp(pCur2->pszDesc, pCur->pszDesc)); /** @todo fix MMIO ranges!! */
+    }
+#endif
+
+    pCur = pVM->pgm.s.pRamRangesR3;
+    if (pCur)
+    {
+        pVM->pgm.s.pRamRangesR0 = pCur->pSelfR0;
+        pVM->pgm.s.pRamRangesRC = pCur->pSelfRC;
+
+        for (; pCur->pNextR3; pCur = pCur->pNextR3)
+        {
+            pCur->pNextR0 = pCur->pNextR3->pSelfR0;
+            pCur->pNextRC = pCur->pNextR3->pSelfRC;
+        }
+
+        Assert(pCur->pNextR0 == NIL_RTR0PTR);
+        Assert(pCur->pNextRC == NIL_RTRCPTR);
+    }
+    else
+    {
+        Assert(pVM->pgm.s.pRamRangesR0 == NIL_RTR0PTR);
+        Assert(pVM->pgm.s.pRamRangesRC == NIL_RTRCPTR);
+    }
+}
+
+
+/**
  * Links a new RAM range into the list.
  *
@@ -581 +630 @@
 {
     AssertMsg(pNew->pszDesc, ("%RGp-%RGp\n", pNew->GCPhys, pNew->GCPhysLast));
+    Assert((pNew->fFlags & PGM_RAM_RANGE_FLAGS_FLOATING) || pNew->pSelfR0 == MMHyperCCToR0(pVM, pNew));
+    Assert((pNew->fFlags & PGM_RAM_RANGE_FLAGS_FLOATING) || pNew->pSelfRC == MMHyperCCToRC(pVM, pNew));
 
     pgmLock(pVM);
@@ -586 +637 @@
     PPGMRAMRANGE pRam = pPrev ? pPrev->pNextR3 : pVM->pgm.s.pRamRangesR3;
     pNew->pNextR3 = pRam;
-    pNew->pNextR0 = pRam ? MMHyperCCToR0(pVM, pRam) : NIL_RTR0PTR;
-    pNew->pNextRC = pRam ? MMHyperCCToRC(pVM, pRam) : NIL_RTRCPTR;
+    pNew->pNextR0 = pRam ? pRam->pSelfR0 : NIL_RTR0PTR;
+    pNew->pNextRC = pRam ? pRam->pSelfRC : NIL_RTRCPTR;
 
     if (pPrev)
     {
         pPrev->pNextR3 = pNew;
-        pPrev->pNextR0 = MMHyperCCToR0(pVM, pNew);
-        pPrev->pNextRC = MMHyperCCToRC(pVM, pNew);
+        pPrev->pNextR0 = pNew->pSelfR0;
+        pPrev->pNextRC = pNew->pSelfRC;
     }
     else
     {
         pVM->pgm.s.pRamRangesR3 = pNew;
-        pVM->pgm.s.pRamRangesR0 = MMHyperCCToR0(pVM, pNew);
-        pVM->pgm.s.pRamRangesRC = MMHyperCCToRC(pVM, pNew);
+        pVM->pgm.s.pRamRangesR0 = pNew->pSelfR0;
+        pVM->pgm.s.pRamRangesRC = pNew->pSelfRC;
     }
 
@@ -616 +667 @@
 {
     Assert(pPrev ? pPrev->pNextR3 == pRam : pVM->pgm.s.pRamRangesR3 == pRam);
+    Assert((pRam->fFlags & PGM_RAM_RANGE_FLAGS_FLOATING) || pRam->pSelfR0 == MMHyperCCToR0(pVM, pRam));
+    Assert((pRam->fFlags & PGM_RAM_RANGE_FLAGS_FLOATING) || pRam->pSelfRC == MMHyperCCToRC(pVM, pRam));
 
     pgmLock(pVM);
@@ -623 +676 @@
     {
         pPrev->pNextR3 = pNext;
-        pPrev->pNextR0 = pNext ? MMHyperCCToR0(pVM, pNext) : NIL_RTR0PTR;
-        pPrev->pNextRC = pNext ? MMHyperCCToRC(pVM, pNext) : NIL_RTRCPTR;
+        pPrev->pNextR0 = pNext ? pNext->pSelfR0 : NIL_RTR0PTR;
+        pPrev->pNextRC = pNext ? pNext->pSelfRC : NIL_RTRCPTR;
     }
     else
@@ -630 +683 @@
         Assert(pVM->pgm.s.pRamRangesR3 == pRam);
         pVM->pgm.s.pRamRangesR3 = pNext;
-        pVM->pgm.s.pRamRangesR0 = pNext ? MMHyperCCToR0(pVM, pNext) : NIL_RTR0PTR;
-        pVM->pgm.s.pRamRangesRC = pNext ? MMHyperCCToRC(pVM, pNext) : NIL_RTRCPTR;
+        pVM->pgm.s.pRamRangesR0 = pNext ? pNext->pSelfR0 : NIL_RTR0PTR;
+        pVM->pgm.s.pRamRangesRC = pNext ? pNext->pSelfRC : NIL_RTRCPTR;
     }
 
@@ -646 +699 @@
 static void pgmR3PhysUnlinkRamRange(PVM pVM, PPGMRAMRANGE pRam)
 {
+    pgmLock(pVM);
+
     /* find prev. */
     PPGMRAMRANGE pPrev = NULL;
@@ -657 +712 @@
 
     pgmR3PhysUnlinkRamRange2(pVM, pRam, pPrev);
+
+    pgmUnlock(pVM);
 }
 
@@ -702 +759 @@
 }
 #endif /* VBOX_WITH_NEW_PHYS_CODE */
+
+
+/**
+ * PGMR3PhysRegisterRam worker that initializes and links a RAM range.
+ *
+ * @param   pVM             The VM handle.
+ * @param   pNew            The new RAM range.
+ * @param   GCPhys          The address of the RAM range.
+ * @param   GCPhysLast      The last address of the RAM range.
+ * @param   RCPtrNew        The RC address if the range is floating. NIL_RTRCPTR
+ *                          if in HMA.
+ * @param   R0PtrNew        Ditto for R0.
+ * @param   pszDesc         The description.
+ * @param   pPrev           The previous RAM range (for linking).
+ */
+static void pgmR3PhysInitAndLinkRamRange(PVM pVM, PPGMRAMRANGE pNew, RTGCPHYS GCPhys, RTGCPHYS GCPhysLast,
+                                         RTRCPTR RCPtrNew, RTR0PTR R0PtrNew, const char *pszDesc, PPGMRAMRANGE pPrev)
+{
+    /*
+     * Initialize the range.
+     */
+    pNew->pSelfR0       = R0PtrNew != NIL_RTR0PTR ? R0PtrNew : MMHyperCCToR0(pVM, pNew);
+    pNew->pSelfRC       = RCPtrNew != NIL_RTRCPTR ? RCPtrNew : MMHyperCCToRC(pVM, pNew);
+    pNew->GCPhys        = GCPhys;
+    pNew->GCPhysLast    = GCPhysLast;
+    pNew->cb            = GCPhysLast - GCPhys + 1;
+    pNew->pszDesc       = pszDesc;
+    pNew->fFlags        = RCPtrNew != NIL_RTR0PTR ? PGM_RAM_RANGE_FLAGS_FLOATING : 0;
+    pNew->pvR3          = NULL;
+
+    uint32_t const cPages = pNew->cb >> PAGE_SHIFT;
+    RTGCPHYS iPage = cPages;
+    while (iPage-- > 0)
+        PGM_PAGE_INIT_ZERO(&pNew->aPages[iPage], pVM, PGMPAGETYPE_RAM);
+
+    /* Update the page count stats. */
+    pVM->pgm.s.cZeroPages += cPages;
+    pVM->pgm.s.cAllPages  += cPages;
+
+    /*
+     * Link it.
+     */
+    pgmR3PhysLinkRamRange(pVM, pNew, pPrev);
+}
+
+
+/**
+ * Relocate a floating RAM range.
+ *
+ * @copydoc FNPGMRELOCATE.
+ */
+static DECLCALLBACK(bool) pgmR3PhysRamRangeRelocate(PVM pVM, RTGCPTR GCPtrOld, RTGCPTR GCPtrNew, PGMRELOCATECALL enmMode, void *pvUser)
+{
+    PPGMRAMRANGE pRam = (PPGMRAMRANGE)pvUser;
+    Assert(pRam->fFlags & PGM_RAM_RANGE_FLAGS_FLOATING);
+    Assert(pRam->pSelfRC == GCPtrOld + PAGE_SIZE);
+
+    switch (enmMode)
+    {
+        case PGMRELOCATECALL_SUGGEST:
+            return true;
+        case PGMRELOCATECALL_RELOCATE:
+        {
+            /* Update myself and then relink all the ranges. */
+            pgmLock(pVM);
+            pRam->pSelfRC = (RTRCPTR)(GCPtrNew + PAGE_SIZE);
+            pgmR3PhysRelinkRamRanges(pVM);
+            pgmUnlock(pVM);
+            return true;
+        }
+
+        default:
+            AssertFailedReturn(false);
+    }
+}
+
+
+/**
+ * PGMR3PhysRegisterRam worker that registers a high chunk.
+ *
+ * @returns VBox status code.
+ * @param   pVM             The VM handle.
+ * @param   GCPhys          The address of the RAM.
+ * @param   cRamPages       The number of RAM pages to register.
+ * @param   cbChunk         The size of the PGMRAMRANGE guest mapping.
+ * @param   iChunk          The chunk number.
+ * @param   pszDesc         The RAM range description.
+ * @param   ppPrev          Previous RAM range pointer. In/Out.
+ */
+static int pgmR3PhysRegisterHighRamChunk(PVM pVM, RTGCPHYS GCPhys, uint32_t cRamPages,
+                                         uint32_t cbChunk, uint32_t iChunk, const char *pszDesc,
+                                         PPGMRAMRANGE *ppPrev)
+{
+    const char *pszDescChunk = iChunk == 0
+                             ? pszDesc
+                             : MMR3HeapAPrintf(pVM, MM_TAG_PGM_PHYS, "%s (#%u)", pszDesc, iChunk + 1);
+    AssertReturn(pszDescChunk, VERR_NO_MEMORY);
+
+    /*
+     * Allocate memory for the new chunk.
+     */
+    size_t const cChunkPages  = RT_ALIGN_Z(RT_UOFFSETOF(PGMRAMRANGE, aPages[cRamPages]), PAGE_SIZE) >> PAGE_SHIFT;
+    PSUPPAGE     paChunkPages = (PSUPPAGE)RTMemTmpAllocZ(sizeof(SUPPAGE) * cChunkPages);
+    AssertReturn(paChunkPages, VERR_NO_TMP_MEMORY);
+    RTR0PTR      R0PtrChunk   = NIL_RTR0PTR;
+    void        *pvChunk      = NULL;
+    int rc = SUPR3PageAllocEx(cChunkPages, 0 /*fFlags*/, &pvChunk,
+#ifdef VBOX_WITH_2X_4GB_ADDR_SPACE
+                              VMMIsHwVirtExtForced(pVM) ? &pvR0 : NULL,
+#else
+                              NULL,
+#endif
+                              paChunkPages);
+    if (RT_SUCCESS(rc))
+    {
+#ifdef VBOX_WITH_2X_4GB_ADDR_SPACE
+        if (!VMMIsHwVirtExtForced(pVM))
+            R0PtrChunk = NIL_RTR0PTR;
+#else
+        R0PtrChunk = (uintptr_t)pvChunk;
+#endif
+        memset(pvChunk, 0, cChunkPages << PAGE_SHIFT);
+
+        PPGMRAMRANGE pNew = (PPGMRAMRANGE)pvChunk;
+
+        /*
+         * Create a mapping and map the pages into it.
+         * We push these in below the HMA.
+         */
+        RTGCPTR GCPtrChunkMap = pVM->pgm.s.GCPtrPrevRamRangeMapping - cbChunk;
+        rc = PGMR3MapPT(pVM, GCPtrChunkMap, cbChunk, 0 /*fFlags*/, pgmR3PhysRamRangeRelocate, pNew, pszDescChunk);
+        if (RT_SUCCESS(rc))
+        {
+            pVM->pgm.s.GCPtrPrevRamRangeMapping = GCPtrChunkMap;
+
+            RTGCPTR const   GCPtrChunk = GCPtrChunkMap + PAGE_SIZE;
+            RTGCPTR         GCPtrPage  = GCPtrChunk;
+            for (uint32_t iPage = 0; iPage < cChunkPages && RT_SUCCESS(rc); iPage++, GCPtrPage += PAGE_SIZE)
+                rc = PGMMap(pVM, GCPtrPage, paChunkPages[iPage].Phys, PAGE_SIZE, 0);
+            if (RT_SUCCESS(rc))
+            {
+                /*
+                 * Ok, init and link the range.
+                 */
+                pgmR3PhysInitAndLinkRamRange(pVM, pNew, GCPhys, GCPhys + ((RTGCPHYS)cRamPages << PAGE_SHIFT) - 1,
+                                             (RTRCPTR)GCPtrChunk, R0PtrChunk, pszDescChunk, *ppPrev);
+                *ppPrev = pNew;
+            }
+        }
+
+        if (RT_FAILURE(rc))
+            SUPR3PageFreeEx(pvChunk, cChunkPages);
+    }
+
+    RTMemTmpFree(paChunkPages);
+    return rc;
+}
 
 
@@ -759 +973 @@
         return rc;
 
-    /*
-     * Allocate RAM range.
-     */
-    const size_t cbRamRange = RT_OFFSETOF(PGMRAMRANGE, aPages[cPages]);
-    PPGMRAMRANGE pNew;
-    rc = MMR3HyperAllocOnceNoRel(pVM, cbRamRange, 0, MM_TAG_PGM_PHYS, (void **)&pNew);
-    AssertLogRelMsgRCReturn(rc, ("cbRamRange=%zu\n", cbRamRange), rc);
-
-    /*
-     * Initialize the range.
-     */
-    pNew->GCPhys        = GCPhys;
-    pNew->GCPhysLast    = GCPhysLast;
-    pNew->pszDesc       = pszDesc;
-    pNew->cb            = cb;
-    pNew->fFlags        = 0;
-
-    pNew->pvR3          = NULL;
+#ifdef VBOX_WITH_NEW_PHYS_CODE
+    if (    GCPhys >= _4G
+        &&  cPages > 256)
+    {
+        /*
+         * The PGMRAMRANGE structures for the high memory can get very big.
+         * In order to avoid SUPR3PageAllocEx allocation failures due to the
+         * allocation size limit there and also to avoid being unable to find
+         * guest mapping space for them, we split this memory up into 4MB in
+         * (potential) raw-mode configs and 16MB chunks in forced AMD-V/VT-x
+         * mode.
+         *
+         * The first and last page of each mapping are guard pages and marked
+         * not-present. So, we've got 4186112 and 16769024 bytes available for
+         * the PGMRAMRANGE structure.
+         *
+         * Note! The sizes used here will influence the saved state.
+         */
+        uint32_t cbChunk;
+        uint32_t cPagesPerChunk;
+        if (VMMIsHwVirtExtForced(pVM))
+        {
+            cbChunk = 16U*_1M;
+            cPagesPerChunk = 1048048; /* max ~1048059 */
+            AssertCompile(sizeof(PGMRAMRANGE) + sizeof(PGMPAGE) * 1048048 < 16U*_1M - PAGE_SIZE * 2);
+        }
+        else
+        {
+            cbChunk = 4U*_1M;
+            cPagesPerChunk = 261616; /* max ~261627 */
+            AssertCompile(sizeof(PGMRAMRANGE) + sizeof(PGMPAGE) * 261616  <  4U*_1M - PAGE_SIZE * 2);
+        }
+        AssertRelease(RT_UOFFSETOF(PGMRAMRANGE, aPages[cPagesPerChunk]) + PAGE_SIZE * 2 <= cbChunk);
+
+        RTGCPHYS cPagesLeft  = cPages;
+        RTGCPHYS GCPhysChunk = GCPhys;
+        uint32_t iChunk      = 0;
+        while (cPagesLeft > 0)
+        {
+            uint32_t cPagesInChunk = cPagesLeft;
+            if (cPagesInChunk > cPagesPerChunk)
+                cPagesInChunk = cPagesPerChunk;
+
+            rc = pgmR3PhysRegisterHighRamChunk(pVM, GCPhysChunk, cPagesInChunk, cbChunk, iChunk, pszDesc, &pPrev);
+            AssertRCReturn(rc, rc);
+
+            /* advance */
+            GCPhysChunk += (RTGCPHYS)cPagesInChunk << PAGE_SHIFT;
+            cPagesLeft  -= cPagesInChunk;
+            iChunk++;
+        }
+    }
+    else
+#endif
+    {
+        /*
+         * Allocate, initialize and link the new RAM range.
+         */
+        const size_t cbRamRange = RT_OFFSETOF(PGMRAMRANGE, aPages[cPages]);
+        PPGMRAMRANGE pNew;
+        rc = MMR3HyperAllocOnceNoRel(pVM, cbRamRange, 0, MM_TAG_PGM_PHYS, (void **)&pNew);
+        AssertLogRelMsgRCReturn(rc, ("cbRamRange=%zu\n", cbRamRange), rc);
+
 #ifndef VBOX_WITH_NEW_PHYS_CODE
-    pNew->paChunkR3Ptrs = NULL;
-
-    /* Allocate memory for chunk to HC ptr lookup array. */
-    rc = MMHyperAlloc(pVM, (cb >> PGM_DYNAMIC_CHUNK_SHIFT) * sizeof(void *), 16, MM_TAG_PGM, (void **)&pNew->paChunkR3Ptrs);
-    AssertRCReturn(rc, rc);
-    pNew->fFlags |= MM_RAM_FLAGS_DYNAMIC_ALLOC;
-
+        /* Allocate memory for chunk to HC ptr lookup array. */
+        pNew->paChunkR3Ptrs = NULL;
+        rc = MMHyperAlloc(pVM, (cb >> PGM_DYNAMIC_CHUNK_SHIFT) * sizeof(void *), 16, MM_TAG_PGM, (void **)&pNew->paChunkR3Ptrs);
+        AssertRCReturn(rc, rc);
+        pNew->fFlags |= MM_RAM_FLAGS_DYNAMIC_ALLOC;
 #endif
-    RTGCPHYS iPage = cPages;
-    while (iPage-- > 0)
-        PGM_PAGE_INIT_ZERO(&pNew->aPages[iPage], pVM, PGMPAGETYPE_RAM);
-
-    /* Update the page count stats. */
-    pVM->pgm.s.cZeroPages += cPages;
-    pVM->pgm.s.cAllPages  += cPages;
-
-    /*
-     * Insert the new RAM range.
-     */
-    pgmR3PhysLinkRamRange(pVM, pNew, pPrev);
+
+        pgmR3PhysInitAndLinkRamRange(pVM, pNew, GCPhys, GCPhysLast, NIL_RTRCPTR, NIL_RTR0PTR, pszDesc, pPrev);
+    }
 
     /*
@@ -837 +1085 @@
     for (PPGMRAMRANGE pRam = pVM->pgm.s.pRamRangesR3; pRam; pRam = pRam->pNextR3)
     {
-        uint32_t    iPage = pRam->cb >> PAGE_SHIFT; Assert((RTGCPHYS)iPage << PAGE_SHIFT == pRam->cb);
+        uint32_t iPage = pRam->cb >> PAGE_SHIFT;
+        AssertMsg(((RTGCPHYS)iPage << PAGE_SHIFT) == pRam->cb, ("%RGp %RGp\n", (RTGCPHYS)iPage << PAGE_SHIFT, pRam->cb));
+
 #ifdef VBOX_WITH_NEW_PHYS_CODE
         if (!pVM->pgm.s.fRamPreAlloc)
@@ -1067 +1317 @@
 
         /* Initialize the range. */
+        pNew->pSelfR0       = MMHyperCCToR0(pVM, pNew);
+        pNew->pSelfRC       = MMHyperCCToRC(pVM, pNew);
         pNew->GCPhys        = GCPhys;
         pNew->GCPhysLast    = GCPhysLast;
+        pNew->cb            = cb;
         pNew->pszDesc       = pszDesc;
-        pNew->cb            = cb;
-        pNew->fFlags        = 0; /* Some MMIO flag here? */
+        pNew->fFlags        = 0; /** @todo add some kind of ad-hoc flag? */
 
         pNew->pvR3          = NULL;
@@ -1290 +1542 @@
 
     const uint32_t cPages = cb >> PAGE_SHIFT;
-    AssertLogRelReturn((RTGCPHYS)cPages << PAGE_SHIFT == cb, VERR_INVALID_PARAMETER);
+    AssertLogRelReturn(((RTGCPHYS)cPages << PAGE_SHIFT) == cb, VERR_INVALID_PARAMETER);
     AssertLogRelReturn(cPages <= INT32_MAX / 2, VERR_NO_MEMORY);
 
@@ -1318 +1570 @@
         if (RT_SUCCESS(rc))
         {
-            pNew->pDevInsR3 = pDevIns;
-            pNew->pvR3 = pvPages;
-            //pNew->pNext = NULL;
-            //pNew->fMapped = false;
-            //pNew->fOverlapping = false;
-            pNew->iRegion = iRegion;
-            pNew->RamRange.GCPhys = NIL_RTGCPHYS;
-            pNew->RamRange.GCPhysLast = NIL_RTGCPHYS;
-            pNew->RamRange.pszDesc = pszDesc;
-            pNew->RamRange.cb = cb;
-            //pNew->RamRange.fFlags = 0;
-
-            pNew->RamRange.pvR3 = pvPages;       ///@todo remove this [new phys code]
+            pNew->pDevInsR3             = pDevIns;
+            pNew->pvR3                  = pvPages;
+            //pNew->pNext               = NULL;
+            //pNew->fMapped             = false;
+            //pNew->fOverlapping        = false;
+            pNew->iRegion               = iRegion;
+            pNew->RamRange.pSelfR0      = MMHyperCCToR0(pVM, &pNew->RamRange);
+            pNew->RamRange.pSelfRC      = MMHyperCCToRC(pVM, &pNew->RamRange);
+            pNew->RamRange.GCPhys       = NIL_RTGCPHYS;
+            pNew->RamRange.GCPhysLast   = NIL_RTGCPHYS;
+            pNew->RamRange.pszDesc      = pszDesc;
+            pNew->RamRange.cb           = cb;
+            //pNew->RamRange.fFlags     = 0; /// @todo MMIO2 flag?
+
+            pNew->RamRange.pvR3         = pvPages;
 #ifndef VBOX_WITH_NEW_PHYS_CODE
-            pNew->RamRange.paChunkR3Ptrs = NULL; ///@todo remove this [new phys code]
+            pNew->RamRange.paChunkR3Ptrs = NULL;
 #endif
 
@@ -1880 +2134 @@
         {
             AssertLogRelMsgReturn(PGM_PAGE_GET_TYPE(pPage) == PGMPAGETYPE_RAM,
-                                  ("%RGp isn't a RAM page (%d) - registering %RGp-%RGp (%s).\n",
-                                   GCPhys, PGM_PAGE_GET_TYPE(pPage), GCPhys, GCPhysLast, pszDesc),
-                                  VERR_PGM_RAM_CONFLICT);
+                                  ("%RGp (%R[pgmpage]) isn't a RAM page - registering %RGp-%RGp (%s).\n",
+                                   pRam->GCPhys + (RTGCPTR)(uintptr_t)(pPage - &pRam->aPages[0]) << PAGE_SHIFT,
+                                   pPage, GCPhys, GCPhysLast, pszDesc), VERR_PGM_RAM_CONFLICT);
             Assert(PGM_PAGE_IS_ZERO(pPage));
             pPage++;
@@ -1944 +2198 @@
             if (!fRamExists)
             {
+                pRamNew->pSelfR0       = MMHyperCCToR0(pVM, pRamNew);
+                pRamNew->pSelfRC       = MMHyperCCToRC(pVM, pRamNew);
                 pRamNew->GCPhys        = GCPhys;
                 pRamNew->GCPhysLast    = GCPhysLast;
+                pRamNew->cb            = cb;
                 pRamNew->pszDesc       = pszDesc;
-                pRamNew->cb            = cb;
                 pRamNew->fFlags        = 0;
                 pRamNew->pvR3          = NULL;

trunk/src/VBox/VMM/VMMAll/PGMAllMap.cpp

@@ -268 +268 @@
             case PGMMODE_PAE_NX:
             {
-                PX86PDPT  pShwPdpt;
-                PX86PDPAE pShwPaePd;
-                const unsigned iPdPt = iNewPDE / 256;
-                unsigned iPDE = iNewPDE * 2 % 512;
-
-                pShwPdpt  = pgmShwGetPaePDPTPtr(&pVM->pgm.s);
+                const unsigned  iPdPt     = iNewPDE / 256;
+                unsigned        iPDE      = iNewPDE * 2 % 512;
+                PX86PDPT        pShwPdpt  = pgmShwGetPaePDPTPtr(&pVM->pgm.s);
                 Assert(pShwPdpt);
 #ifdef IN_RC    /* Lock mapping to prevent it from being reused during pgmShwSyncPaePDPtr. */
                 PGMDynLockHCPage(pVM, (uint8_t *)pShwPdpt);
 #endif
-                pShwPaePd = pgmShwGetPaePDPtr(&pVM->pgm.s, (iPdPt << X86_PDPT_SHIFT));
+                PX86PDPAE       pShwPaePd = pgmShwGetPaePDPtr(&pVM->pgm.s, (iPdPt << X86_PDPT_SHIFT));
                 if (!pShwPaePd)
                 {
@@ -312 +309 @@
                     pgmPoolLockPage(pVM->pgm.s.CTX_SUFF(pPool), pPoolPagePd);
                 }
-# ifdef VBOX_STRICT
-                else 
+#ifdef VBOX_STRICT
+                else
                 if (pShwPaePd->a[iPDE].u & PGM_PDFLAGS_MAPPING)
                 {
@@ -321 +318 @@
                     AssertFatalMsg((pShwPaePd->a[iPDE+1].u & X86_PDE_PG_MASK) == pMap->aPTs[i].HCPhysPaePT1, ("%RX64 vs %RX64\n", pShwPaePd->a[iPDE+1].u & X86_PDE_PG_MASK, pMap->aPTs[i].HCPhysPaePT1));
                 }
-# endif
+#endif
                 if (    pShwPaePd->a[iPDE].n.u1Present
                     &&  !(pShwPaePd->a[iPDE].u & PGM_PDFLAGS_MAPPING))
@@ -364 +361 @@
 }
 
+
 /**
  * Clears all PDEs involved with the mapping in the shadow page table.
  *
- * @param   pVM         The VM handle.
- * @param   pShwPageCR3 CR3 root page
- * @param   pMap        Pointer to the mapping in question.
- * @param   iOldPDE     The index of the 32-bit PDE corresponding to the base of the mapping.
- */
-void pgmMapClearShadowPDEs(PVM pVM, PPGMPOOLPAGE pShwPageCR3, PPGMMAPPING pMap, unsigned iOldPDE)
-{
-    Log(("pgmMapClearShadowPDEs old pde %x (cPTs=%x) (mappings enabled %d)\n", iOldPDE, pMap->cPTs, pgmMapAreMappingsEnabled(&pVM->pgm.s)));
+ * @param   pVM             The VM handle.
+ * @param   pShwPageCR3     CR3 root page
+ * @param   pMap            Pointer to the mapping in question.
+ * @param   iOldPDE         The index of the 32-bit PDE corresponding to the base of the mapping.
+ * @param   fDeactivateCR3  Set if it's pgmMapDeactivateCR3 calling.
+ */
+void pgmMapClearShadowPDEs(PVM pVM, PPGMPOOLPAGE pShwPageCR3, PPGMMAPPING pMap, unsigned iOldPDE, bool fDeactivateCR3)
+{
+    Log(("pgmMapClearShadowPDEs: old pde %x (cPTs=%x) (mappings enabled %d) fDeactivateCR3=%RTbool\n", iOldPDE, pMap->cPTs, pgmMapAreMappingsEnabled(&pVM->pgm.s), fDeactivateCR3));
 
     if (!pgmMapAreMappingsEnabled(&pVM->pgm.s))
@@ -415 +414 @@
             case PGMMODE_PAE_NX:
             {
-                PX86PDPT  pShwPdpt = NULL;
-                PX86PDPAE pShwPaePd = NULL;
-
-                const unsigned iPdpt = iOldPDE / 256;         /* iOldPDE * 2 / 512; iOldPDE is in 4 MB pages */
-                unsigned iPDE = iOldPDE * 2 % 512;
-                pShwPdpt  = (PX86PDPT)PGMPOOL_PAGE_2_PTR_BY_PGM(&pVM->pgm.s, pShwPageCR3);
-                pShwPaePd = pgmShwGetPaePDPtr(&pVM->pgm.s, pShwPdpt, (iPdpt << X86_PDPT_SHIFT));
+                const unsigned  iPdpt     = iOldPDE / 256;      /* iOldPDE * 2 / 512; iOldPDE is in 4 MB pages */
+                unsigned        iPDE      = iOldPDE * 2 % 512;
+                PX86PDPT        pShwPdpt  = (PX86PDPT)PGMPOOL_PAGE_2_PTR_BY_PGM(&pVM->pgm.s, pShwPageCR3);
+                PX86PDPAE       pShwPaePd = pgmShwGetPaePDPtr(&pVM->pgm.s, pShwPdpt, (iPdpt << X86_PDPT_SHIFT));
 
                 /* Clear the PGM_PDFLAGS_MAPPING flag for the page directory pointer entry. (legacy PAE guest mode) */
-                pShwPdpt->a[iPdpt].u &= ~PGM_PLXFLAGS_MAPPING;
-
+                if (fDeactivateCR3)
+                    pShwPdpt->a[iPdpt].u &= ~PGM_PLXFLAGS_MAPPING;
+                else if (pShwPdpt->a[iPdpt].u & PGM_PLXFLAGS_MAPPING)
+                {
+                    /* See if there are any other mappings here. This is suboptimal code. */
+                    pShwPdpt->a[iPdpt].u &= ~PGM_PLXFLAGS_MAPPING;
+                    for (PPGMMAPPING pCur = pVM->pgm.s.CTX_SUFF(pMappings); pCur; pCur = pCur->CTX_SUFF(pNext))
+                        if (    pCur != pMap
+                            &&  (   (pCur->GCPtr >> X86_PDPT_SHIFT) == iPdpt
+                                 || (pCur->GCPtrLast >> X86_PDPT_SHIFT) == iPdpt))
+                        {
+                            pShwPdpt->a[iPdpt].u |= PGM_PLXFLAGS_MAPPING;
+                            break;
+                        }
+                }
                 if (pCurrentShwPdpt)
                 {
@@ -474 +483 @@
  * @param   iPDE        The index of the 32-bit PDE corresponding to the base of the mapping.
  */
-void pgmMapCheckShadowPDEs(PVM pVM, PPGMPOOLPAGE pShwPageCR3, PPGMMAPPING pMap, unsigned iPDE)
+static void pgmMapCheckShadowPDEs(PVM pVM, PPGMPOOLPAGE pShwPageCR3, PPGMMAPPING pMap, unsigned iPDE)
 {
     Assert(pShwPageCR3);
 
-    unsigned i = pMap->cPTs;
+    uint32_t i = pMap->cPTs;
     PGMMODE  enmShadowMode = PGMGetShadowMode(pVM);
 
@@ -486 +495 @@
         iPDE--;
 
-        switch(enmShadowMode)
+        switch (enmShadowMode)
         {
             case PGMMODE_32_BIT:
@@ -494 +503 @@
 
                 AssertMsg(pShw32BitPd->a[iPDE].u == (PGM_PDFLAGS_MAPPING | X86_PDE_P | X86_PDE_A | X86_PDE_RW | X86_PDE_US | (uint32_t)pMap->aPTs[i].HCPhysPT),
-                          ("Expected %x vs %x\n", pShw32BitPd->a[iPDE].u, (PGM_PDFLAGS_MAPPING | X86_PDE_P | X86_PDE_A | X86_PDE_RW | X86_PDE_US | (uint32_t)pMap->aPTs[i].HCPhysPT)));
+                          ("Expected %x vs %x; iPDE=%#x %RGv %s\n",
+                           pShw32BitPd->a[iPDE].u,  (PGM_PDFLAGS_MAPPING | X86_PDE_P | X86_PDE_A | X86_PDE_RW | X86_PDE_US | (uint32_t)pMap->aPTs[i].HCPhysPT),
+                           iPDE, pMap->GCPtr, R3STRING(pMap->pszDesc) ));
                 break;
             }
@@ -501 +512 @@
             case PGMMODE_PAE_NX:
             {
-                PX86PDPT  pPdpt = NULL;
-                PX86PDPAE pShwPaePd = NULL;
-
-                const unsigned iPD = iPDE / 256;         /* iPDE * 2 / 512; iPDE is in 4 MB pages */
-                unsigned iPaePDE = iPDE * 2 % 512;
-                pPdpt     = (PX86PDPT)PGMPOOL_PAGE_2_PTR_BY_PGM(&pVM->pgm.s, pShwPageCR3);
-                pShwPaePd = pgmShwGetPaePDPtr(&pVM->pgm.s, pPdpt, (iPD << X86_PDPT_SHIFT));
+                const unsigned  iPD       = iPDE / 256;         /* iPDE * 2 / 512; iPDE is in 4 MB pages */
+                unsigned        iPaePDE   = iPDE * 2 % 512;
+                PX86PDPT        pPdpt     = (PX86PDPT)PGMPOOL_PAGE_2_PTR_BY_PGM(&pVM->pgm.s, pShwPageCR3);
+                PX86PDPAE       pShwPaePd = pgmShwGetPaePDPtr(&pVM->pgm.s, pPdpt, (iPD << X86_PDPT_SHIFT));
                 AssertFatal(pShwPaePd);
 
                 AssertMsg(pShwPaePd->a[iPaePDE].u == (PGM_PDFLAGS_MAPPING | X86_PDE_P | X86_PDE_A | X86_PDE_RW | X86_PDE_US | pMap->aPTs[i].HCPhysPaePT0),
-                         ("Expected %RX64 vs %RX64\n", pShwPaePd->a[iPDE].u, (PGM_PDFLAGS_MAPPING | X86_PDE_P | X86_PDE_A | X86_PDE_RW | X86_PDE_US | (uint32_t)pMap->aPTs[i].HCPhysPaePT0)));
+                          ("Expected %RX64 vs %RX64; iPDE=%#x iPD=%#x iPaePDE=%#x %RGv %s\n",
+                           pShwPaePd->a[iPDE].u,     (PGM_PDFLAGS_MAPPING | X86_PDE_P | X86_PDE_A | X86_PDE_RW | X86_PDE_US | pMap->aPTs[i].HCPhysPaePT0),
+                           iPDE, iPD, iPaePDE, pMap->GCPtr, R3STRING(pMap->pszDesc) ));
 
                 iPaePDE++;
@@ -517 +527 @@
 
                 AssertMsg(pShwPaePd->a[iPaePDE].u == (PGM_PDFLAGS_MAPPING | X86_PDE_P | X86_PDE_A | X86_PDE_RW | X86_PDE_US | pMap->aPTs[i].HCPhysPaePT1),
-                         ("Expected %RX64 vs %RX64\n", pShwPaePd->a[iPDE].u, (PGM_PDFLAGS_MAPPING | X86_PDE_P | X86_PDE_A | X86_PDE_RW | X86_PDE_US | (uint32_t)pMap->aPTs[i].HCPhysPaePT1)));
-
-                Assert(pPdpt->a[iPD].u & PGM_PLXFLAGS_MAPPING);
+                          ("Expected %RX64 vs %RX64; iPDE=%#x iPD=%#x iPaePDE=%#x %RGv %s\n",
+                           pShwPaePd->a[iPDE].u,     (PGM_PDFLAGS_MAPPING | X86_PDE_P | X86_PDE_A | X86_PDE_RW | X86_PDE_US | pMap->aPTs[i].HCPhysPaePT1),
+                           iPDE, iPD, iPaePDE, pMap->GCPtr, R3STRING(pMap->pszDesc) ));
+
+                AssertMsg(pPdpt->a[iPD].u & PGM_PLXFLAGS_MAPPING,
+                          ("%RX64; iPD=%#x iPDE=%#x iPaePDE=%#x %RGv %s\n",
+                           pPdpt->a[iPD].u,
+                           iPDE, iPD, iPaePDE, pMap->GCPtr, R3STRING(pMap->pszDesc) ));
                 break;
             }
@@ -530 +545 @@
 }
 
+
 /**
  * Check the hypervisor mappings in the active CR3.
@@ -558 +574 @@
 
 #ifndef IN_RING0
+
 /**
  * Apply the hypervisor mappings to the active CR3.
@@ -573 +590 @@
         return VINF_SUCCESS;
 
-    /* @note A log flush (in RC) can cause problems when called from MapCR3 (inconsistent state will trigger assertions). */
-    Log4(("PGMMapActivateAll fixed mappings=%d\n", pVM->pgm.s.fMappingsFixed));
+    /* Note. A log flush (in RC) can cause problems when called from MapCR3 (inconsistent state will trigger assertions). */
+    Log4(("pgmMapActivateCR3: fixed mappings=%d idxShwPageCR3=%#x\n", pVM->pgm.s.fMappingsFixed, pShwPageCR3 ? pShwPageCR3->idx : NIL_PGMPOOL_IDX));
 
     Assert(pShwPageCR3 && pShwPageCR3 == pVM->pgm.s.CTX_SUFF(pShwPageCR3));
@@ -584 +601 @@
     {
         unsigned iPDE = pCur->GCPtr >> X86_PD_SHIFT;
-
         pgmMapSetShadowPDEs(pVM, pCur, iPDE);
     }
@@ -607 +623 @@
 
     Assert(pShwPageCR3);
+    Log4(("pgmMapDeactivateCR3: fixed mappings=%d idxShwPageCR3=%#x\n", pVM->pgm.s.fMappingsFixed, pShwPageCR3 ? pShwPageCR3->idx : NIL_PGMPOOL_IDX));
 
     /*
@@ -614 +631 @@
     {
         unsigned iPDE = pCur->GCPtr >> X86_PD_SHIFT;
-
-        pgmMapClearShadowPDEs(pVM, pShwPageCR3, pCur, iPDE);
+        pgmMapClearShadowPDEs(pVM, pShwPageCR3, pCur, iPDE, true /*fDeactivateCR3*/);
     }
     return VINF_SUCCESS;
 }
+
 
 /**
@@ -711 +728 @@
 }
 
+
 /**
  * Checks and resolves (ring 3 only) guest conflicts with VMM GC mappings.
@@ -728 +746 @@
     Assert(enmGuestMode <= PGMMODE_PAE_NX);
 
-    /*
-     * Iterate mappings.
-     */
     if (enmGuestMode == PGMMODE_32_BIT)
     {
@@ -739 +754 @@
         Assert(pPD);
 
-        for (PPGMMAPPING pCur = pVM->pgm.s.CTX_SUFF(pMappings); pCur; pCur = pCur->CTX_SUFF(pNext))
+        /*
+         * Iterate mappings.
+         */
+        for (PPGMMAPPING pCur = pVM->pgm.s.CTX_SUFF(pMappings); pCur; )
         {
-            unsigned iPDE = pCur->GCPtr >> X86_PD_SHIFT;
-            unsigned iPT = pCur->cPTs;
+            PPGMMAPPING pNext = pCur->CTX_SUFF(pNext);
+            unsigned    iPDE  = pCur->GCPtr >> X86_PD_SHIFT;
+            unsigned    iPT   = pCur->cPTs;
             while (iPT-- > 0)
             {
                 if (    pPD->a[iPDE + iPT].n.u1Present /** @todo PGMGstGetPDE. */
-                    &&  (pVM->fRawR0Enabled || pPD->a[iPDE + iPT].n.u1User))
+                    &&  (   pVM->fRawR0Enabled
+                         || pPD->a[iPDE + iPT].n.u1User))
                 {
                     STAM_COUNTER_INC(&pVM->pgm.s.StatR3DetectedConflicts);
@@ -753 +773 @@
                     Log(("PGMHasMappingConflicts: Conflict was detected at %08RX32 for mapping %s (32 bits)\n"
                          "                        iPDE=%#x iPT=%#x PDE=%RGp.\n",
-                        (iPT + iPDE) << X86_PD_SHIFT, pCur->pszDesc,
-                        iPDE, iPT, pPD->a[iPDE + iPT].au32[0]));
+                         (iPT + iPDE) << X86_PD_SHIFT, pCur->pszDesc,
+                         iPDE, iPT, pPD->a[iPDE + iPT].au32[0]));
                     int rc = pgmR3SyncPTResolveConflict(pVM, pCur, pPD, iPDE << X86_PD_SHIFT);
                     AssertRCReturn(rc, rc);
-
-                    /*
-                     * Update pCur.
-                     */
-                    pCur = pVM->pgm.s.CTX_SUFF(pMappings);
-                    while (pCur && pCur->GCPtr < (iPDE << X86_PD_SHIFT))
-                        pCur = pCur->CTX_SUFF(pNext);
                     break;
 #else
                     Log(("PGMHasMappingConflicts: Conflict was detected at %08RX32 for mapping (32 bits)\n"
                          "                        iPDE=%#x iPT=%#x PDE=%RGp.\n",
-                        (iPT + iPDE) << X86_PD_SHIFT,
-                        iPDE, iPT, pPD->a[iPDE + iPT].au32[0]));
+                         (iPT + iPDE) << X86_PD_SHIFT,
+                         iPDE, iPT, pPD->a[iPDE + iPT].au32[0]));
                     return VINF_PGM_SYNC_CR3;
 #endif
                 }
             }
-            if (!pCur) 
-                break;
+            pCur = pNext;
         }
     }
@@ -781 +793 @@
              || enmGuestMode == PGMMODE_PAE_NX)
     {
-        for (PPGMMAPPING pCur = pVM->pgm.s.CTX_SUFF(pMappings); pCur; pCur = pCur->CTX_SUFF(pNext))
+        /*
+         * Iterate mappings.
+         */
+        for (PPGMMAPPING pCur = pVM->pgm.s.CTX_SUFF(pMappings); pCur;)
         {
-            RTGCPTR   GCPtr = pCur->GCPtr;
-
-            unsigned  iPT = pCur->cb >> X86_PD_PAE_SHIFT;
+            PPGMMAPPING pNext = pCur->CTX_SUFF(pNext);
+            RTGCPTR     GCPtr = pCur->GCPtr;
+            unsigned    iPT   = pCur->cb >> X86_PD_PAE_SHIFT;
             while (iPT-- > 0)
             {
@@ -797 +812 @@
                     Log(("PGMHasMappingConflicts: Conflict was detected at %RGv for mapping %s (PAE)\n"
                          "                        PDE=%016RX64.\n",
-                        GCPtr, pCur->pszDesc, Pde.u));
+                         GCPtr, pCur->pszDesc, Pde.u));
                     int rc = pgmR3SyncPTResolveConflictPAE(pVM, pCur, pCur->GCPtr);
                     AssertRCReturn(rc, rc);
-
-                    /*
-                     * Update pCur.
-                     */
-                    pCur = pVM->pgm.s.CTX_SUFF(pMappings);
-                    while (pCur && pCur->GCPtr < GCPtr)
-                        pCur = pCur->CTX_SUFF(pNext);
                     break;
 #else
                     Log(("PGMHasMappingConflicts: Conflict was detected at %RGv for mapping (PAE)\n"
                          "                        PDE=%016RX64.\n",
-                        GCPtr, Pde.u));
+                         GCPtr, Pde.u));
                     return VINF_PGM_SYNC_CR3;
 #endif
@@ -817 +825 @@
                 GCPtr += (1 << X86_PD_PAE_SHIFT);
             }
-            if (!pCur) 
-                break;
+            pCur = pNext;
         }
     }
@@ -824 +831 @@
         AssertFailed();
 
+    Assert(!PGMMapHasConflicts(pVM));
     return VINF_SUCCESS;
 }