refactoring and renaming to increase clarity

Signed-off-by: Wojciech Ozga <woz@zurich.ibm.com>

security-monitor/src/confidential_flow/control_flow/mod.rs

@@ -1,7 +1,7 @@
 // SPDX-FileCopyrightText: 2023 IBM Corporation
 // SPDX-FileContributor: Wojciech Ozga <woz@zurich.ibm.com>, IBM Research - Zurich
 // SPDX-License-Identifier: Apache-2.0
-use crate::core::arch::SbiExtension::*;
+use crate::core::architecture::SbiExtension::*;
 use crate::core::control_data::{ConfidentialVmId, ControlData, HardwareHart};
 use crate::core::transformations::{ExposeToConfidentialVm, PendingRequest};
 use crate::non_confidential_flow::NonConfidentialFlow;
@@ -32,13 +32,13 @@ impl<'a> ConfidentialFlow<'a> {
     /// Routes the control flow to a handler that will process the confidential hart interrupt or exception.
     pub fn route(self) -> ! {
         use crate::confidential_flow::handlers::*;
-        use crate::core::arch::AceExtension::*;
-        use crate::core::arch::BaseExtension::*;
-        use crate::core::arch::HsmExtension::*;
-        use crate::core::arch::IpiExtension::*;
-        use crate::core::arch::RfenceExtension::*;
-        use crate::core::arch::SrstExtension::*;
-        use crate::core::arch::TrapReason::*;
+        use crate::core::architecture::AceExtension::*;
+        use crate::core::architecture::BaseExtension::*;
+        use crate::core::architecture::HsmExtension::*;
+        use crate::core::architecture::IpiExtension::*;
+        use crate::core::architecture::RfenceExtension::*;
+        use crate::core::architecture::SrstExtension::*;
+        use crate::core::architecture::TrapReason::*;
 
         let confidential_hart = self.hart.confidential_hart();
         match confidential_hart.trap_reason() {

security-monitor/src/core/arch/mod.rs → security-monitor/src/core/architecture/mod.rs

@@ -2,8 +2,8 @@
 // SPDX-FileContributor: Wojciech Ozga <woz@zurich.ibm.com>, IBM Research - Zurich
 // SPDX-License-Identifier: Apache-2.0
 pub use riscv::{
-    AceExtension, BaseExtension, FpRegisters, GpRegister, GpRegisters, HartState, HsmExtension, IpiExtension,
-    RfenceExtension, SbiExtension, SrstExtension, TrapReason,
+    decode_result_register, AceExtension, BaseExtension, FpRegisters, GpRegister, GpRegisters, HartState, HsmExtension,
+    IpiExtension, RfenceExtension, SbiExtension, SrstExtension, TrapReason,
 };
 
 mod riscv;

security-monitor/src/core/architecture/riscv/compressed_instructions.rs

@@ -0,0 +1,89 @@
+// SPDX-FileCopyrightText: 2023 IBM Corporation
+// SPDX-FileContributor: Wojciech Ozga <woz@zurich.ibm.com>, IBM Research - Zurich
+// SPDX-License-Identifier: Apache-2.0
+use crate::core::architecture::GpRegister;
+use crate::error::Error;
+
+// TODO: remove below once riscv_decode supports compressed instructions
+pub fn decode_result_register(mtinst: usize) -> Result<GpRegister, Error> {
+    use riscv_decode::Instruction::{Lb, Lbu, Ld, Lh, Lhu, Lw, Lwu, Sb, Sd, Sh, Sw};
+    let register_index = match riscv_decode::decode(mtinst as u32) {
+        Ok(Sb(i)) => Ok(i.rs2()),
+        Ok(Sh(i)) => Ok(i.rs2()),
+        Ok(Sw(i)) => Ok(i.rs2()),
+        Ok(Sd(i)) => Ok(i.rs2()),
+        Ok(Lb(i)) => Ok(i.rd()),
+        Ok(Lbu(i)) => Ok(i.rd()),
+        Ok(Lhu(i)) => Ok(i.rd()),
+        Ok(Lwu(i)) => Ok(i.rd()),
+        Ok(Lh(i)) => Ok(i.rd()),
+        Ok(Lw(i)) => Ok(i.rd()),
+        Ok(Ld(i)) => Ok(i.rd()),
+        _ => {
+            // TODO: do not try to understand what is going on below. Remove all this
+            // section once compressed instructions are supported in the
+            // rust-decode crate!
+            const SH_RS2C: usize = 2;
+            const INSN_MATCH_C_LD: usize = 0x6000;
+            const INSN_MASK_C_LD: usize = 0xe003;
+            const INSN_MATCH_C_SD: usize = 0xe000;
+            const INSN_MASK_C_SD: usize = 0xe003;
+            const INSN_MATCH_C_LW: usize = 0x4000;
+            const INSN_MASK_C_LW: usize = 0xe003;
+            const INSN_MATCH_C_SW: usize = 0xc000;
+            const INSN_MASK_C_SW: usize = 0xe003;
+            const INSN_MATCH_C_LDSP: usize = 0x6002;
+            const INSN_MASK_C_LDSP: usize = 0xe003;
+            const INSN_MATCH_C_SDSP: usize = 0xe002;
+            const INSN_MASK_C_SDSP: usize = 0xe003;
+            const INSN_MATCH_C_LWSP: usize = 0x4002;
+            const INSN_MASK_C_LWSP: usize = 0xe003;
+            const INSN_MATCH_C_SWSP: usize = 0xc002;
+            const INSN_MASK_C_SWSP: usize = 0xe003;
+
+            let log_regbytes = 3; // for 64b!
+            let shift_right = |x: usize, y: isize| {
+                if y < 0 {
+                    x << -y
+                } else {
+                    x >> y
+                }
+            };
+            let reg_mask = (1 << (5 + log_regbytes)) - (1 << log_regbytes);
+            let rv_x = |x: usize, s: usize, n: usize| (((x) >> (s)) & ((1 << (n)) - 1));
+
+            if mtinst & INSN_MASK_C_LW == INSN_MATCH_C_LW {
+                let index = 8 + rv_x(mtinst, SH_RS2C, 3);
+                Ok(index as u32)
+            } else if mtinst & INSN_MASK_C_LD == INSN_MATCH_C_LD {
+                let index = 8 + rv_x(mtinst, SH_RS2C, 3);
+                Ok(index as u32)
+            } else if mtinst & INSN_MASK_C_SW == INSN_MATCH_C_SW {
+                let tmp_inst = 8 + rv_x(mtinst, SH_RS2C, 3);
+                let index = shift_right(tmp_inst, 0isize - log_regbytes as isize) & reg_mask;
+                let index = index / 8;
+                Ok(index as u32)
+            } else if mtinst & INSN_MASK_C_SD == INSN_MATCH_C_SD {
+                let tmp_inst = 8 + rv_x(mtinst, SH_RS2C, 3);
+                let index = shift_right(tmp_inst, 0isize - log_regbytes as isize) & reg_mask;
+                let index = index / 8;
+                Ok(index as u32)
+            } else if mtinst & INSN_MASK_C_LWSP == INSN_MATCH_C_LWSP {
+                Ok(0u32)
+            } else if mtinst & INSN_MASK_C_SWSP == INSN_MATCH_C_SWSP {
+                let index = shift_right(mtinst, SH_RS2C as isize - log_regbytes as isize) & reg_mask;
+                let index = index / 8;
+                Ok(index as u32)
+            } else if mtinst & INSN_MASK_C_LDSP == INSN_MATCH_C_LDSP {
+                Ok(0u32)
+            } else if mtinst & INSN_MASK_C_SDSP == INSN_MATCH_C_SDSP {
+                let index = shift_right(mtinst, SH_RS2C as isize - log_regbytes as isize) & reg_mask;
+                let index = index / 8;
+                Ok(index as u32)
+            } else {
+                Err(Error::InvalidRiscvInstruction(mtinst))
+            }
+        }
+    }?;
+    Ok(GpRegister::from_index(register_index as usize).ok_or(Error::InvalidRiscvInstruction(mtinst))?)
+}

security-monitor/src/core/arch/riscv/hart_state.rs → security-monitor/src/core/architecture/riscv/hart_state.rs

@@ -1,7 +1,7 @@
 // SPDX-FileCopyrightText: 2023 IBM Corporation
 // SPDX-FileContributor: Wojciech Ozga <woz@zurich.ibm.com>, IBM Research - Zurich
 // SPDX-License-Identifier: Apache-2.0
-use crate::core::arch::{FpRegisters, GpRegister, GpRegisters, TrapReason};
+use crate::core::architecture::{FpRegisters, GpRegister, GpRegisters, TrapReason};
 
 /// HartState is the dump state of the processor's core, called in RISC-V a hardware thread (HART).
 #[repr(C)]

security-monitor/src/core/arch/riscv/mod.rs → security-monitor/src/core/architecture/riscv/mod.rs

@@ -1,12 +1,14 @@
 // SPDX-FileCopyrightText: 2023 IBM Corporation
 // SPDX-FileContributor: Wojciech Ozga <woz@zurich.ibm.com>, IBM Research - Zurich
 // SPDX-License-Identifier: Apache-2.0
+pub use compressed_instructions::decode_result_register;
 pub use fp_registers::FpRegisters;
 pub use gp_registers::{GpRegister, GpRegisters};
 pub use hart_state::HartState;
 pub use sbi::{AceExtension, BaseExtension, HsmExtension, IpiExtension, RfenceExtension, SbiExtension, SrstExtension};
 pub use trap_reason::TrapReason;
 
+mod compressed_instructions;
 mod fp_registers;
 mod gp_registers;
 mod hart_state;

security-monitor/src/core/arch/riscv/sbi.rs → security-monitor/src/core/architecture/riscv/sbi.rs

@@ -1,7 +1,7 @@
 // SPDX-FileCopyrightText: 2023 IBM Corporation
 // SPDX-FileContributor: Wojciech Ozga <woz@zurich.ibm.com>, IBM Research - Zurich
 // SPDX-License-Identifier: Apache-2.0
-use crate::core::arch::{GpRegister, HartState};
+use crate::core::architecture::{GpRegister, HartState};
 
 #[derive(Debug)]
 pub enum SbiExtension {

security-monitor/src/core/arch/riscv/trap_reason.rs → security-monitor/src/core/architecture/riscv/trap_reason.rs

@@ -1,8 +1,8 @@
 // SPDX-FileCopyrightText: 2023 IBM Corporation
 // SPDX-FileContributor: Wojciech Ozga <woz@zurich.ibm.com>, IBM Research - Zurich
 // SPDX-License-Identifier: Apache-2.0
-use crate::core::arch::riscv::sbi::SbiExtension;
-use crate::core::arch::HartState;
+use crate::core::architecture::riscv::sbi::SbiExtension;
+use crate::core::architecture::HartState;
 
 #[derive(Debug)]
 pub enum TrapReason {

security-monitor/src/core/control_data/confidential_hart.rs

@@ -1,7 +1,7 @@
 // SPDX-FileCopyrightText: 2023 IBM Corporation
 // SPDX-FileContributor: Wojciech Ozga <woz@zurich.ibm.com>, IBM Research - Zurich
 // SPDX-License-Identifier: Apache-2.0
-use crate::core::arch::{FpRegisters, GpRegister, GpRegisters, HartState, TrapReason};
+use crate::core::architecture::{FpRegisters, GpRegister, GpRegisters, HartState, TrapReason};
 use crate::core::control_data::ConfidentialVmId;
 use crate::core::transformations::{
     ExposeToConfidentialVm, GuestLoadPageFaultRequest, GuestLoadPageFaultResult, GuestStorePageFaultRequest,
@@ -166,7 +166,7 @@ impl ConfidentialHart {
     pub fn guest_load_page_fault_request(&self) -> Result<(GuestLoadPageFaultRequest, MmioLoadRequest), Error> {
         let mcause = riscv::register::mcause::read().code();
         let (instruction, instruction_length) = self.read_instruction();
-        let gpr = read_result_gpr(instruction)?;
+        let gpr = crate::core::architecture::decode_result_register(instruction)?;
         let mtval = self.confidential_hart_state.mtval;
         let mtval2 = self.confidential_hart_state.mtval2;
 
@@ -179,7 +179,7 @@ impl ConfidentialHart {
     pub fn guest_store_page_fault_request(&self) -> Result<(GuestStorePageFaultRequest, MmioStoreRequest), Error> {
         let mcause = riscv::register::mcause::read().code();
         let (instruction, instruction_length) = self.read_instruction();
-        let gpr = read_result_gpr(instruction)?;
+        let gpr = crate::core::architecture::decode_result_register(instruction)?;
         let gpr_value = self.confidential_hart_state.gpr(gpr);
         let mtval = self.confidential_hart_state.mtval;
         let mtval2 = self.confidential_hart_state.mtval2;
@@ -262,87 +262,3 @@ impl ConfidentialHart {
         (instruction, instruction_length)
     }
 }
-
-// TODO: remove below once riscv_decode supports compressed instructions
-fn read_result_gpr(mtinst: usize) -> Result<GpRegister, Error> {
-    use riscv_decode::Instruction::{Lb, Lbu, Ld, Lh, Lhu, Lw, Lwu, Sb, Sd, Sh, Sw};
-    let register_index = match riscv_decode::decode(mtinst as u32) {
-        Ok(Sb(i)) => Ok(i.rs2()),
-        Ok(Sh(i)) => Ok(i.rs2()),
-        Ok(Sw(i)) => Ok(i.rs2()),
-        Ok(Sd(i)) => Ok(i.rs2()),
-        Ok(Lb(i)) => Ok(i.rd()),
-        Ok(Lbu(i)) => Ok(i.rd()),
-        Ok(Lhu(i)) => Ok(i.rd()),
-        Ok(Lwu(i)) => Ok(i.rd()),
-        Ok(Lh(i)) => Ok(i.rd()),
-        Ok(Lw(i)) => Ok(i.rd()),
-        Ok(Ld(i)) => Ok(i.rd()),
-        _ => {
-            // TODO: do not try to understand what is going on below. Remove all this
-            // section once compressed instructions are supported in the
-            // rust-decode crate!
-            const SH_RS2C: usize = 2;
-            const INSN_MATCH_C_LD: usize = 0x6000;
-            const INSN_MASK_C_LD: usize = 0xe003;
-            const INSN_MATCH_C_SD: usize = 0xe000;
-            const INSN_MASK_C_SD: usize = 0xe003;
-            const INSN_MATCH_C_LW: usize = 0x4000;
-            const INSN_MASK_C_LW: usize = 0xe003;
-            const INSN_MATCH_C_SW: usize = 0xc000;
-            const INSN_MASK_C_SW: usize = 0xe003;
-            const INSN_MATCH_C_LDSP: usize = 0x6002;
-            const INSN_MASK_C_LDSP: usize = 0xe003;
-            const INSN_MATCH_C_SDSP: usize = 0xe002;
-            const INSN_MASK_C_SDSP: usize = 0xe003;
-            const INSN_MATCH_C_LWSP: usize = 0x4002;
-            const INSN_MASK_C_LWSP: usize = 0xe003;
-            const INSN_MATCH_C_SWSP: usize = 0xc002;
-            const INSN_MASK_C_SWSP: usize = 0xe003;
-
-            let log_regbytes = 3; // for 64b!
-            let shift_right = |x: usize, y: isize| {
-                if y < 0 {
-                    x << -y
-                } else {
-                    x >> y
-                }
-            };
-            let reg_mask = (1 << (5 + log_regbytes)) - (1 << log_regbytes);
-            let rv_x = |x: usize, s: usize, n: usize| (((x) >> (s)) & ((1 << (n)) - 1));
-
-            if mtinst & INSN_MASK_C_LW == INSN_MATCH_C_LW {
-                let index = 8 + rv_x(mtinst, SH_RS2C, 3);
-                Ok(index as u32)
-            } else if mtinst & INSN_MASK_C_LD == INSN_MATCH_C_LD {
-                let index = 8 + rv_x(mtinst, SH_RS2C, 3);
-                Ok(index as u32)
-            } else if mtinst & INSN_MASK_C_SW == INSN_MATCH_C_SW {
-                let tmp_inst = 8 + rv_x(mtinst, SH_RS2C, 3);
-                let index = shift_right(tmp_inst, 0isize - log_regbytes as isize) & reg_mask;
-                let index = index / 8;
-                Ok(index as u32)
-            } else if mtinst & INSN_MASK_C_SD == INSN_MATCH_C_SD {
-                let tmp_inst = 8 + rv_x(mtinst, SH_RS2C, 3);
-                let index = shift_right(tmp_inst, 0isize - log_regbytes as isize) & reg_mask;
-                let index = index / 8;
-                Ok(index as u32)
-            } else if mtinst & INSN_MASK_C_LWSP == INSN_MATCH_C_LWSP {
-                Ok(0u32)
-            } else if mtinst & INSN_MASK_C_SWSP == INSN_MATCH_C_SWSP {
-                let index = shift_right(mtinst, SH_RS2C as isize - log_regbytes as isize) & reg_mask;
-                let index = index / 8;
-                Ok(index as u32)
-            } else if mtinst & INSN_MASK_C_LDSP == INSN_MATCH_C_LDSP {
-                Ok(0u32)
-            } else if mtinst & INSN_MASK_C_SDSP == INSN_MATCH_C_SDSP {
-                let index = shift_right(mtinst, SH_RS2C as isize - log_regbytes as isize) & reg_mask;
-                let index = index / 8;
-                Ok(index as u32)
-            } else {
-                Err(Error::InvalidRiscvInstruction(mtinst))
-            }
-        }
-    }?;
-    Ok(GpRegister::from_index(register_index as usize).ok_or(Error::InvalidRiscvInstruction(mtinst))?)
-}

security-monitor/src/core/control_data/hardware_hart.rs

@@ -1,7 +1,7 @@
 // SPDX-FileCopyrightText: 2023 IBM Corporation
 // SPDX-FileContributor: Wojciech Ozga <woz@zurich.ibm.com>, IBM Research - Zurich
 // SPDX-License-Identifier: Apache-2.0
-use crate::core::arch::{GpRegister, HartState, TrapReason};
+use crate::core::architecture::{GpRegister, HartState, TrapReason};
 use crate::core::control_data::ConfidentialHart;
 use crate::core::memory_protector::HypervisorMemoryProtector;
 use crate::core::page_allocator::{Allocated, Page, UnAllocated};

security-monitor/src/core/control_data/mod.rs

@@ -8,7 +8,7 @@ pub use confidential_vm_measurement::ConfidentialVmMeasurement;
 pub use hardware_hart::HardwareHart;
 pub use storage::{ControlData, CONTROL_DATA};
 
-use crate::core::arch::{GpRegister, HartState};
+use crate::core::architecture::{GpRegister, HartState};
 
 mod confidential_hart;
 mod confidential_vm;

security-monitor/src/core/memory_layout/confidential_vm_virtual_address.rs

@@ -0,0 +1,22 @@
+// SPDX-FileCopyrightText: 2023 IBM Corporation
+// SPDX-FileContributor: Wojciech Ozga <woz@zurich.ibm.com>, IBM Research - Zurich
+// SPDX-License-Identifier: Apache-2.0
+
+#[derive(PartialEq, Clone, Copy)]
+pub struct ConfidentialVmVirtualAddress(usize);
+
+impl ConfidentialVmVirtualAddress {
+    pub fn new(address: usize) -> Self {
+        Self(address)
+    }
+
+    pub fn usize(&self) -> usize {
+        self.0
+    }
+}
+
+impl core::fmt::Debug for ConfidentialVmVirtualAddress {
+    fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
+        write!(f, "[confidential_vm_virtual_address={:x}]", self.0)
+    }
+}

security-monitor/src/core/memory_layout/mod.rs

@@ -2,6 +2,7 @@
 // SPDX-FileContributor: Wojciech Ozga <woz@zurich.ibm.com>, IBM Research - Zurich
 // SPDX-License-Identifier: Apache-2.0
 pub use confidential_memory_address::ConfidentialMemoryAddress;
+pub use confidential_vm_virtual_address::ConfidentialVmVirtualAddress;
 pub use non_confidential_memory_address::NonConfidentialMemoryAddress;
 
 use crate::core::memory_protector::PageSize;
@@ -10,6 +11,7 @@ use pointers_utility::{ptr_align, ptr_byte_add_mut, ptr_byte_offset};
 use spin::Once;
 
 mod confidential_memory_address;
+mod confidential_vm_virtual_address;
 mod non_confidential_memory_address;
 
 const NOT_INITIALIZED_MEMORY_LAYOUT: &str = "Bug. Could not access MemoryLayout because is has not been initialized";

security-monitor/src/core/memory_protector/confidential_vm_memory_protector.rs

@@ -1,12 +1,12 @@
 // SPDX-FileCopyrightText: 2023 IBM Corporation
 // SPDX-FileContributor: Wojciech Ozga <woz@zurich.ibm.com>, IBM Research - Zurich
 // SPDX-License-Identifier: Apache-2.0
-use crate::core::arch::HartState;
+use crate::core::architecture::HartState;
 use crate::core::control_data::ConfidentialVmId;
+use crate::core::memory_layout::ConfidentialVmVirtualAddress;
 use crate::core::memory_protector::mmu::RootPageTable;
 use crate::core::memory_protector::{mmu, pmp};
 use crate::core::page_allocator::SharedPage;
-use crate::core::transformations::ConfidentialVmVirtualAddress;
 use crate::error::Error;
 use riscv::register::hgatp::Hgatp;
 

security-monitor/src/core/memory_protector/hypervisor_memory_protector.rs

@@ -42,6 +42,8 @@ impl HypervisorMemoryProtector {
     /// `non-confidential flow` and eventually to the hypervisor code.
     pub unsafe fn enable(&self, hgatp: usize) {
         pmp::close_access_to_confidential_memory();
+        // TODO: do we really need to set up the hgatp again? KVM probably used a hgatp corresponding to a
+        // non-confidential VM, so we do not really care.
         mmu::enable_address_translation(hgatp);
         super::tlb::tlb_shutdown();
     }

security-monitor/src/core/memory_protector/mmu/page_table.rs

@@ -1,14 +1,13 @@
 // SPDX-FileCopyrightText: 2023 IBM Corporation
 // SPDX-FileContributor: Wojciech Ozga <woz@zurich.ibm.com>, IBM Research - Zurich
 // SPDX-License-Identifier: Apache-2.0
-use crate::core::memory_layout::NonConfidentialMemoryAddress;
+use crate::core::memory_layout::{ConfidentialVmVirtualAddress, NonConfidentialMemoryAddress};
 use crate::core::memory_protector::mmu::page_table_entry::{
     PageTableAddress, PageTableBits, PageTableConfiguration, PageTableEntry, PageTablePermission,
 };
 use crate::core::memory_protector::mmu::page_table_memory::PageTableMemory;
 use crate::core::memory_protector::mmu::paging_system::{PageTableLevel, PagingSystem};
 use crate::core::page_allocator::{MemoryTracker, SharedPage};
-use crate::core::transformations::ConfidentialVmVirtualAddress;
 use crate::error::Error;
 use alloc::boxed::Box;
 use alloc::vec::Vec;

security-monitor/src/core/memory_protector/mmu/paging_system.rs

@@ -1,8 +1,8 @@
 // SPDX-FileCopyrightText: 2023 IBM Corporation
 // SPDX-FileContributor: Wojciech Ozga <woz@zurich.ibm.com>, IBM Research - Zurich
 // SPDX-License-Identifier: Apache-2.0
+use crate::core::memory_layout::ConfidentialVmVirtualAddress;
 use crate::core::memory_protector::PageSize;
-use crate::core::transformations::ConfidentialVmVirtualAddress;
 use riscv::register::hgatp::HgatpMode;
 
 // TODO: add more 2nd-level paging systems corresponding to 3 and 4 level page