enabled mapping of an empty page during TVM runtime

wojciechozga · wojciechozga · commit 79ce8925a7b0 · 2025-03-31T12:30:16.000-05:00
Signed-off-by: Wojciech Ozga &lt;woz@zurich.ibm.com&gt;
diff --git a/security-monitor/src/confidential_flow/handlers/mmio/mmio_access_fault.rs b/security-monitor/src/confidential_flow/handlers/mmio/mmio_access_fault.rs
@@ -1,24 +1,48 @@
 // SPDX-FileCopyrightText: 2023 IBM Corporation
 // SPDX-FileContributor: Wojciech Ozga <woz@zurich.ibm.com>, IBM Research - Zurich
 // SPDX-License-Identifier: Apache-2.0
-use crate::core::control_data::{ConfidentialHart, ConfidentialVmId, ConfidentialVmMmioRegion, ControlDataStorage};
+use crate::confidential_flow::handlers::symmetrical_multiprocessing::RemoteHfenceGvmaVmid;
+use crate::confidential_flow::{ApplyToConfidentialHart, ConfidentialFlow};
+use crate::core::architecture::{is_bit_enabled, PageSize};
+use crate::core::control_data::{
+    ConfidentialHart, ConfidentialHartRemoteCommand, ConfidentialVmId, ConfidentialVmMmioRegion, ControlDataStorage,
+};
+use crate::core::memory_layout::ConfidentialVmPhysicalAddress;
+
 use core::mem;
 
 pub struct MmioAccessFault {
     cause: usize,
     mtval: usize,
-    instruction_length: usize,
+    mtinst: usize,
+    fault_address: usize,
 }
 
 impl MmioAccessFault {
     pub const ADDRESS_ALIGNMENT: usize = mem::size_of::<usize>();
 
-    pub fn new(cause: usize, mtval: usize, instruction_length: usize) -> Self {
-        Self { cause, mtval, instruction_length }
+    pub fn new(cause: usize, mtval: usize, mtinst: usize, fault_address: usize) -> Self {
+        Self { cause, mtval, mtinst, fault_address }
+    }
+
+    pub fn handle(self, mut confidential_flow: ConfidentialFlow) -> ! {
+        match ControlDataStorage::try_confidential_vm_mut(confidential_flow.confidential_vm_id(), |mut confidential_vm| {
+            let confidential_vm_physical_address = ConfidentialVmPhysicalAddress::new(self.fault_address);
+            let page_size = confidential_vm.memory_protector_mut().map_empty_page(confidential_vm_physical_address, PageSize::Size4KiB)?;
+            let request = RemoteHfenceGvmaVmid::all_harts(None, page_size, confidential_flow.confidential_vm_id());
+            confidential_flow
+                .broadcast_remote_command(&mut confidential_vm, ConfidentialHartRemoteCommand::RemoteHfenceGvmaVmid(request))?;
+            Ok(())
+        }) {
+            Ok(_) => confidential_flow.exit_to_confidential_hart(),
+            Err(_) => confidential_flow.apply_and_exit_to_confidential_hart(ApplyToConfidentialHart::MmioAccessFault(self)),
+        }
     }
 
     pub fn apply_to_confidential_hart(&self, confidential_hart: &mut ConfidentialHart) {
-        let mepc = confidential_hart.csrs().mepc.read_from_main_memory() + self.instruction_length;
+        let instruction = self.mtinst | 0x3;
+        let instruction_length = if is_bit_enabled(self.mtinst, 1) { riscv_decode::instruction_length(instruction as u16) } else { 2 };
+        let mepc = confidential_hart.csrs().mepc.read_from_main_memory() + instruction_length;
         confidential_hart.csrs_mut().vsepc.write(mepc);
         let trap_vector_address = confidential_hart.csrs().vstvec.read();
         confidential_hart.csrs_mut().mepc.save_value_in_main_memory(trap_vector_address);
diff --git a/security-monitor/src/confidential_flow/handlers/mmio/mmio_load_request.rs b/security-monitor/src/confidential_flow/handlers/mmio/mmio_load_request.rs
@@ -3,7 +3,7 @@
 // SPDX-License-Identifier: Apache-2.0
 use crate::confidential_flow::handlers::mmio::{MmioAccessFault, MmioLoadPending};
 use crate::confidential_flow::handlers::sbi::SbiResponse;
-use crate::confidential_flow::{ApplyToConfidentialHart, ConfidentialFlow};
+use crate::confidential_flow::ConfidentialFlow;
 use crate::core::architecture::is_bit_enabled;
 use crate::core::architecture::specification::CAUSE_LOAD_ACCESS;
 use crate::core::control_data::{ConfidentialHart, HypervisorHart, ResumableOperation};
@@ -28,17 +28,15 @@ impl MmioLoadRequest {
     }
 
     pub fn handle(self, confidential_flow: ConfidentialFlow) -> ! {
-        // According to the RISC-V privilege spec, mtinst encodes faulted instruction (bit 0 is 1) or a pseudo instruction
-        assert!(self.mtinst & 0x1 > 0);
-        let instruction = self.mtinst | 0x3;
-        let instruction_length = if is_bit_enabled(self.mtinst, 1) { riscv_decode::instruction_length(instruction as u16) } else { 2 };
-
         let fault_address = (self.mtval2 << 2) | (self.mtval & 0x3);
         if !MmioAccessFault::tried_to_access_valid_mmio_region(confidential_flow.confidential_vm_id(), fault_address) {
-            let mmio_access_fault_handler = MmioAccessFault::new(CAUSE_LOAD_ACCESS.into(), self.mtval, instruction_length);
-            confidential_flow.apply_and_exit_to_confidential_hart(ApplyToConfidentialHart::MmioAccessFault(mmio_access_fault_handler));
+            MmioAccessFault::new(CAUSE_LOAD_ACCESS.into(), self.mtval, self.mtinst, fault_address).handle(confidential_flow)
         }
 
+        // According to the RISC-V privilege spec, mtinst encodes faulted instruction (bit 0 is 1) or a pseudo instruction
+        assert!(self.mtinst & 0x1 > 0);
+        let instruction = self.mtinst | 0x3;
+        let instruction_length = if is_bit_enabled(self.mtinst, 1) { riscv_decode::instruction_length(instruction as u16) } else { 2 };
         match crate::core::architecture::decode_result_register(instruction) {
             Ok(gpr) => confidential_flow
                 .set_resumable_operation(ResumableOperation::MmioLoad(MmioLoadPending::new(instruction_length, gpr)))
diff --git a/security-monitor/src/confidential_flow/handlers/mmio/mmio_store_request.rs b/security-monitor/src/confidential_flow/handlers/mmio/mmio_store_request.rs
@@ -3,7 +3,7 @@
 // SPDX-License-Identifier: Apache-2.0
 use crate::confidential_flow::handlers::mmio::{MmioAccessFault, MmioStorePending};
 use crate::confidential_flow::handlers::sbi::SbiResponse;
-use crate::confidential_flow::{ApplyToConfidentialHart, ConfidentialFlow};
+use crate::confidential_flow::ConfidentialFlow;
 use crate::core::architecture::specification::CAUSE_STORE_ACCESS;
 use crate::core::architecture::{is_bit_enabled, GeneralPurposeRegister};
 use crate::core::control_data::{ConfidentialHart, HypervisorHart, ResumableOperation};
@@ -28,9 +28,6 @@ impl MmioStoreRequest {
         let mtval = confidential_hart.csrs().mtval.read();
         let mtval2 = confidential_hart.csrs().mtval2.read();
 
-        // According to the RISC-V privilege spec, mtinst encodes faulted instruction when bit 0 is 1.
-        // Otherwise it is a pseudo instruction.
-        assert!(mtinst & 0x1 > 0);
         let instruction = mtinst | 0x3;
         let instruction_length = if is_bit_enabled(mtinst, 1) { riscv_decode::instruction_length(instruction as u16) } else { 2 };
         let gpr = crate::core::architecture::decode_result_register(instruction);
@@ -42,8 +39,7 @@ impl MmioStoreRequest {
     pub fn handle(self, confidential_flow: ConfidentialFlow) -> ! {
         let fault_address = (self.mtval2 << 2) | (self.mtval & 0x3);
         if !MmioAccessFault::tried_to_access_valid_mmio_region(confidential_flow.confidential_vm_id(), fault_address) {
-            let mmio_access_fault_handler = MmioAccessFault::new(CAUSE_STORE_ACCESS.into(), self.mtval, self.instruction_length);
-            confidential_flow.apply_and_exit_to_confidential_hart(ApplyToConfidentialHart::MmioAccessFault(mmio_access_fault_handler));
+            MmioAccessFault::new(CAUSE_STORE_ACCESS.into(), self.mtval, self.mtinst, fault_address).handle(confidential_flow)
         }
 
         match self.gpr {
diff --git a/security-monitor/src/confidential_flow/handlers/shared_page/share_page_complete.rs b/security-monitor/src/confidential_flow/handlers/shared_page/share_page_complete.rs
@@ -45,7 +45,8 @@ impl SharePageComplete {
 
         ControlDataStorage::try_confidential_vm_mut(confidential_flow.confidential_vm_id(), |mut confidential_vm| {
             let page_size = confidential_vm.memory_protector_mut().map_shared_page(hypervisor_address, self.request.address)?;
-            let request = RemoteHfenceGvmaVmid::all_harts(&self.request.address, page_size, confidential_flow.confidential_vm_id());
+            let request =
+                RemoteHfenceGvmaVmid::all_harts(Some(self.request.address.clone()), page_size, confidential_flow.confidential_vm_id());
             confidential_flow
                 .broadcast_remote_command(&mut confidential_vm, ConfidentialHartRemoteCommand::RemoteHfenceGvmaVmid(request))?;
             Ok(())
diff --git a/security-monitor/src/confidential_flow/handlers/shared_page/unshare_page_request.rs b/security-monitor/src/confidential_flow/handlers/shared_page/unshare_page_request.rs
@@ -48,7 +48,7 @@ impl UnsharePageRequest {
         let confidential_vm_id = confidential_flow.confidential_vm_id();
         ControlDataStorage::try_confidential_vm_mut(confidential_vm_id, |mut confidential_vm| {
             let unmapped_page_size = confidential_vm.memory_protector_mut().unmap_shared_page(&self.address)?;
-            let request = RemoteHfenceGvmaVmid::all_harts(&self.address, unmapped_page_size, confidential_vm_id);
+            let request = RemoteHfenceGvmaVmid::all_harts(Some(self.address.clone()), unmapped_page_size, confidential_vm_id);
             confidential_flow
                 .broadcast_remote_command(&mut confidential_vm, ConfidentialHartRemoteCommand::RemoteHfenceGvmaVmid(request))?;
             Ok(())
diff --git a/security-monitor/src/confidential_flow/handlers/shutdown/shutdown_vm.rs b/security-monitor/src/confidential_flow/handlers/shutdown/shutdown_vm.rs
@@ -13,7 +13,7 @@ use crate::core::control_data::{ConfidentialHart, ConfidentialHartRemoteCommand,
 /// To shutdown the entire confidential VM and remove it from the control data memory, all confidential harts must be
 /// shutdown (lifecycle state `Shutdown`). To do so, we send `Shutdown IPI` to all confidential harts. The last
 /// confidential hart that shutdowns itself, will remove the entire confidential VM from the control data.
-#[derive(Clone)]
+#[derive(Clone, PartialEq)]
 pub struct ShutdownRequest {
     calling_hart_id: usize,
 }
diff --git a/security-monitor/src/confidential_flow/handlers/symmetrical_multiprocessing/fence_i.rs b/security-monitor/src/confidential_flow/handlers/symmetrical_multiprocessing/fence_i.rs
@@ -9,7 +9,7 @@ use crate::core::control_data::{
 };
 
 /// Handles a request from one confidential hart to execute fence.i instruction on remote confidential harts.
-#[derive(Clone)]
+#[derive(Clone, PartialEq)]
 pub struct RemoteFenceI {
     ipi: Ipi,
 }
diff --git a/security-monitor/src/confidential_flow/handlers/symmetrical_multiprocessing/hfence_gvma_vmid.rs b/security-monitor/src/confidential_flow/handlers/symmetrical_multiprocessing/hfence_gvma_vmid.rs
@@ -7,17 +7,17 @@ use crate::core::control_data::{ConfidentialHart, ConfidentialHartRemoteCommandE
 use crate::core::memory_layout::ConfidentialVmPhysicalAddress;
 
 /// An inter hart request sent by the security monitor to clear G-stage level cached address translations.
-#[derive(Clone)]
+#[derive(Clone, PartialEq)]
 pub struct RemoteHfenceGvmaVmid {
     ipi: Ipi,
-    _start_address: usize,
+    _start_address: Option<ConfidentialVmPhysicalAddress>,
     _size: PageSize,
     _vmid: ConfidentialVmId,
 }
 
 impl RemoteHfenceGvmaVmid {
-    pub fn all_harts(start_address: &ConfidentialVmPhysicalAddress, _size: PageSize, _vmid: ConfidentialVmId) -> Self {
-        Self { ipi: Ipi::all_harts(), _start_address: start_address.usize(), _size, _vmid }
+    pub fn all_harts(start_address: Option<ConfidentialVmPhysicalAddress>, _size: PageSize, _vmid: ConfidentialVmId) -> Self {
+        Self { ipi: Ipi::all_harts(), _start_address: start_address, _size, _vmid }
     }
 }
 
diff --git a/security-monitor/src/confidential_flow/handlers/symmetrical_multiprocessing/sfence_vma.rs b/security-monitor/src/confidential_flow/handlers/symmetrical_multiprocessing/sfence_vma.rs
@@ -10,7 +10,7 @@ use crate::core::control_data::{
 };
 
 /// Handles a request from one confidential hart to execute sfence.vma instruction on remote confidential harts.
-#[derive(Clone)]
+#[derive(Clone, PartialEq)]
 pub struct RemoteSfenceVma {
     ipi: Ipi,
     _start_address: usize,
diff --git a/security-monitor/src/confidential_flow/handlers/symmetrical_multiprocessing/sfence_vma_asid.rs b/security-monitor/src/confidential_flow/handlers/symmetrical_multiprocessing/sfence_vma_asid.rs
@@ -11,7 +11,7 @@ use crate::core::control_data::{
 
 /// Handles a request from one confidential hart to execute sfence.vma instruction on remote confidential harts. It represents an inter hart
 /// request.
-#[derive(Clone)]
+#[derive(Clone, PartialEq)]
 pub struct RemoteSfenceVmaAsid {
     ipi: Ipi,
     _start_address: usize,
diff --git a/security-monitor/src/core/architecture/riscv/mmu/page_table.rs b/security-monitor/src/core/architecture/riscv/mmu/page_table.rs
@@ -9,7 +9,7 @@ use crate::core::architecture::mmu::HgatpMode;
 use crate::core::architecture::{PageSize, SharedPage};
 use crate::core::control_data::{ConfidentialVmMemoryLayout, MeasurementDigest, StaticMeasurements};
 use crate::core::memory_layout::{ConfidentialMemoryAddress, ConfidentialVmPhysicalAddress, NonConfidentialMemoryAddress};
-use crate::core::page_allocator::{Allocated, Page, PageAllocator};
+use crate::core::page_allocator::{Allocated, Page, PageAllocator, UnAllocated};
 use crate::error::Error;
 use alloc::boxed::Box;
 use alloc::vec::Vec;
@@ -152,36 +152,69 @@ impl PageTable {
         Ok(Self { level, paging_system, serialized_representation, logical_representation })
     }
 
-    /// This function maps the given page shared with the hypervisor into the address space of the confidential VM. A previous mapping at
-    /// the given guest physical address is overwritten. If the previous mapping pointed to a page in confidential memory, this page is
-    /// deallocated and returned to the page allocator.
+    /// This function maps an empty page into the address space of the confidential VM.
+    ///
+    /// # Confidential VM execution correctness
+    ///
+    /// The caller of this function must ensure that he synchronizes changes to page table configuration, i.e., by clearing address
+    /// translation caches.
+    pub fn map_empty_page(
+        &mut self, confidential_vm_address: &ConfidentialVmPhysicalAddress, page_size: &PageSize,
+    ) -> Result<PageSize, Error> {
+        let page = PageAllocator::acquire_page(*page_size)?.zeroize();
+        let entry = LogicalPageTableEntry::PageWithConfidentialVmData(Box::new(page));
+        self.map_page(confidential_vm_address, page_size, entry)?;
+        Ok(*page_size)
+    }
+
+    /// This function maps a page into the address space of the confidential VM. A previous mapping at the given guest physical address is
+    /// overwritten. If the previous mapping pointed to a page in confidential memory, this page is deallocated and returned to the page
+    /// allocator.
+    /// This function maps the given page shared with the hypervisor into the address space of the confidential VM.
+    ///
+    /// # Confidential VM execution correctness
+    ///
+    /// The caller of this function must ensure that he synchronizes changes to page table configuration, i.e., by clearing address
+    /// translation caches.
+    pub fn map_shared_page(
+        &mut self, hypervisor_address: NonConfidentialMemoryAddress, confidential_vm_physical_address: ConfidentialVmPhysicalAddress,
+    ) -> Result<PageSize, Error> {
+        let shared_page = SharedPage::new(hypervisor_address, confidential_vm_physical_address)?;
+        let shared_page_size = shared_page.page_size();
+        self.map_page(&confidential_vm_physical_address, &shared_page_size, LogicalPageTableEntry::PageSharedWithHypervisor(shared_page))?;
+        Ok(shared_page_size)
+    }
+
     ///
     /// This is a recursive function, which deepest execution is not larger than the number of paging system levels.
     ///
     /// # Confidential VM execution correctness
     ///
     /// The caller of this function must ensure that he synchronizes changes to page table configuration, i.e., by clearing address
     /// translation caches.
-    pub fn map_shared_page(&mut self, shared_page: SharedPage) -> Result<(), Error> {
+    fn map_page(
+        &mut self, confidential_vm_address: &ConfidentialVmPhysicalAddress, page_size: &PageSize, entry: LogicalPageTableEntry,
+    ) -> Result<(), Error> {
         let page_size_at_current_level = self.paging_system.data_page_size(self.level);
-        ensure!(page_size_at_current_level >= shared_page.page_size(), Error::InvalidParameter())?;
+        ensure!(page_size_at_current_level >= *page_size, Error::InvalidParameter())?;
 
-        let virtual_page_number = self.paging_system.vpn(&shared_page.confidential_vm_address, self.level);
-        if page_size_at_current_level > shared_page.page_size() {
+        let virtual_page_number = self.paging_system.vpn(confidential_vm_address, self.level);
+        if page_size_at_current_level > *page_size {
             // We are at the intermediary page table. We will recursively go to the next page table, creating it in case it does not exist.
             match self.logical_representation.get_mut(virtual_page_number).ok_or_else(|| Error::PageTableConfiguration())? {
-                LogicalPageTableEntry::PointerToNextPageTable(next_page_table) => next_page_table.map_shared_page(shared_page)?,
+                LogicalPageTableEntry::PointerToNextPageTable(next_page_table) => {
+                    next_page_table.map_page(confidential_vm_address, page_size, entry)?
+                }
                 LogicalPageTableEntry::NotMapped => {
                     let mut next_page_table = PageTable::empty(self.paging_system, self.level.lower().ok_or(Error::PageTableCorrupted())?)?;
-                    next_page_table.map_shared_page(shared_page)?;
+                    next_page_table.map_page(confidential_vm_address, page_size, entry)?;
                     self.set_entry(virtual_page_number, LogicalPageTableEntry::PointerToNextPageTable(Box::new(next_page_table)));
                 }
                 _ => return Err(Error::PageTableConfiguration()),
             }
         } else {
-            // We are at the correct page table level at which we must create the page table entry for the shared page. We will overwrite
-            // whatever was there before. We end the recursion here.
-            self.set_entry(virtual_page_number, LogicalPageTableEntry::PageSharedWithHypervisor(shared_page));
+            // We are at the correct page table level. We will overwrite whatever was mapped there before. We end the recursion here.
+            self.set_entry(virtual_page_number, entry);
         }
         Ok(())
     }
diff --git a/security-monitor/src/core/control_data/confidential_hart_remote_command.rs b/security-monitor/src/core/control_data/confidential_hart_remote_command.rs
@@ -13,7 +13,7 @@ use crate::core::control_data::ConfidentialHart;
 /// command preserve the same semantics: they originate from the outside of the hart and the receiver might be currently running or not. If
 /// the receiver hart is running, it is interrupted (IPI) and executes the command. If the hart is not running, the command is buffered and
 /// executed on the next time the receiver is scheduled to run.
-#[derive(Clone)]
+#[derive(Clone, PartialEq)]
 pub enum ConfidentialHartRemoteCommand {
     Ipi(Ipi),
     RemoteFenceI(RemoteFenceI),
diff --git a/security-monitor/src/core/control_data/confidential_vm.rs b/security-monitor/src/core/control_data/confidential_vm.rs
@@ -225,7 +225,10 @@ impl ConfidentialVm {
                         // confidential hart.
                         self.try_confidential_hart_remote_commands(confidential_hart_id, |ref mut remote_commands| {
                             ensure!(remote_commands.len() < Self::MAX_NUMBER_OF_COMMANDS, Error::ReachedMaxNumberOfRemoteCommands())?;
-                            Ok(remote_commands.push(remote_command.clone()))
+                            if remote_commands.iter().find(|c| **c == remote_command).is_none() {
+                                remote_commands.push(remote_command.clone());
+                            }
+                            Ok(())
                         })?;
                         InterruptController::try_read(|controller| controller.send_ipi(id_of_hardware_hart_running_confidential_hart))
                     }
diff --git a/security-monitor/src/core/memory_protector/confidential_vm_memory_protector.rs b/security-monitor/src/core/memory_protector/confidential_vm_memory_protector.rs
@@ -3,7 +3,7 @@
 // SPDX-License-Identifier: Apache-2.0
 use crate::core::architecture::mmu::{Hgatp, PageTable};
 use crate::core::architecture::riscv::{mmu, pmp, tlb};
-use crate::core::architecture::{PageSize, SharedPage};
+use crate::core::architecture::PageSize;
 use crate::core::control_data::{ConfidentialVmId, ConfidentialVmMemoryLayout, StaticMeasurements};
 use crate::core::memory_layout::{ConfidentialMemoryAddress, ConfidentialVmPhysicalAddress, NonConfidentialMemoryAddress};
 use crate::error::Error;
@@ -35,6 +35,13 @@ impl ConfidentialVmMemoryProtector {
         self.hgatp = Hgatp::new(self.root_page_table.address(), self.root_page_table.hgatp_mode(), id.usize());
     }
 
+    pub fn map_empty_page(
+        &mut self, confidential_vm_physical_address: ConfidentialVmPhysicalAddress, page_size: PageSize,
+    ) -> Result<PageSize, Error> {
+        self.root_page_table.map_empty_page(&confidential_vm_physical_address, &page_size)?;
+        Ok(page_size)
+    }
+
     /// Modifies the configuration of the underlying hardware memory isolation component (e.g., MMU) in a way that a
     /// shared page is mapped into the address space of the confidential VM.
     ///
@@ -46,10 +53,7 @@ impl ConfidentialVmMemoryProtector {
     pub fn map_shared_page(
         &mut self, hypervisor_address: NonConfidentialMemoryAddress, confidential_vm_physical_address: ConfidentialVmPhysicalAddress,
     ) -> Result<PageSize, Error> {
-        let shared_page = SharedPage::new(hypervisor_address, confidential_vm_physical_address)?;
-        let shared_page_size = shared_page.page_size();
-        self.root_page_table.map_shared_page(shared_page)?;
-        Ok(shared_page_size)
+        Ok(self.root_page_table.map_shared_page(hypervisor_address, confidential_vm_physical_address)?)
     }
 
     /// Modifies the configuration of the underlying hardware memory isolation component (e.g., MMU) in a way that a

Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@ use crate::core::control_data::{ConfidentialHart, ConfidentialHartRemoteCommand,`
`13`	`13`	`/// To shutdown the entire confidential VM and remove it from the control data memory, all confidential harts must be`
`14`	`14`	/// shutdown (lifecycle state `Shutdown`). To do so, we send `Shutdown IPI` to all confidential harts. The last
`15`	`15`	`/// confidential hart that shutdowns itself, will remove the entire confidential VM from the control data.`
`16`		`-#[derive(Clone)]`
	`16`	`+#[derive(Clone, PartialEq)]`
`17`	`17`	`pub struct ShutdownRequest {`
`18`	`18`	`calling_hart_id: usize,`
`19`	`19`	`}`
Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@ use crate::core::control_data::{`
`9`	`9`	`};`
`10`	`10`
`11`	`11`	`/// Handles a request from one confidential hart to execute fence.i instruction on remote confidential harts.`
`12`		`-#[derive(Clone)]`
	`12`	`+#[derive(Clone, PartialEq)]`
`13`	`13`	`pub struct RemoteFenceI {`
`14`	`14`	`ipi: Ipi,`
`15`	`15`	`}`
Original file line number	Diff line number	Diff line change
`@@ -7,17 +7,17 @@ use crate::core::control_data::{ConfidentialHart, ConfidentialHartRemoteCommandE`
`7`	`7`	`use crate::core::memory_layout::ConfidentialVmPhysicalAddress;`
`8`	`8`
`9`	`9`	`/// An inter hart request sent by the security monitor to clear G-stage level cached address translations.`
`10`		`-#[derive(Clone)]`
	`10`	`+#[derive(Clone, PartialEq)]`
`11`	`11`	`pub struct RemoteHfenceGvmaVmid {`
`12`	`12`	`ipi: Ipi,`
`13`		`- _start_address: usize,`
	`13`	`+ _start_address: Option<ConfidentialVmPhysicalAddress>,`
`14`	`14`	`_size: PageSize,`
`15`	`15`	`_vmid: ConfidentialVmId,`
`16`	`16`	`}`
`17`	`17`
`18`	`18`	`impl RemoteHfenceGvmaVmid {`
`19`		`- pub fn all_harts(start_address: &ConfidentialVmPhysicalAddress, _size: PageSize, _vmid: ConfidentialVmId) -> Self {`
`20`		`- Self { ipi: Ipi::all_harts(), _start_address: start_address.usize(), _size, _vmid }`
	`19`	`+ pub fn all_harts(start_address: Option<ConfidentialVmPhysicalAddress>, _size: PageSize, _vmid: ConfidentialVmId) -> Self {`
	`20`	`+ Self { ipi: Ipi::all_harts(), _start_address: start_address, _size, _vmid }`
`21`	`21`	`}`
`22`	`22`	`}`
`23`	`23`