nested-svm-vmrun: document and name GDT descriptor size checks

Copilot · bernhardkaindl · web-flow · commit 3cfd6ee75acc · 2026-05-11T18:14:54.000Z
Agent-Logs-Url: https://github.com/bernhard-xs/xtf/sessions/ff7f3b83-f4cf-44a0-be6e-69decc50df9f Co-authored-by: bernhardkaindl <43588962+bernhardkaindl@users.noreply.github.com>
diff --git a/tests/nested-svm-vmrun/main.c b/tests/nested-svm-vmrun/main.c
@@ -41,6 +41,8 @@ void svm_vmrun(unsigned long l2_vmcb_pa);
 #define L2_SENTINEL 0xc0ffeeULL
 static volatile uint64_t l2_handshake;
 
+#define GDT_DESC_BYTES 8
+
 static uint16_t user_desc_vmcb_attr(const user_desc *desc)
 {
     return desc->type |
@@ -63,7 +65,6 @@ static bool selector_is_null(uint16_t sel)
 static void vmcb_set_seg_desc(struct vmcb_seg *seg, const user_desc *gdt,
                               uint16_t gdt_limit, uint16_t sel)
 {
-    const uint16_t desc_size = 8;
     uint16_t sel_offset = sel & ~(X86_SEL_TI | X86_SEL_RPL_MASK);
     const user_desc *desc;
 
@@ -77,8 +78,9 @@ static void vmcb_set_seg_desc(struct vmcb_seg *seg, const user_desc *gdt,
         return;
     }
 
+    /* Verify the descriptor's last byte still lies within the GDT limit. */
     if ( (sel & X86_SEL_TI) ||
-         (sel_offset + desc_size - 1 > gdt_limit) )
+         (sel_offset + GDT_DESC_BYTES - 1 > gdt_limit) )
     {
         seg->attr = 0;
         seg->limit = 0;

Original file line number	Diff line number	Diff line change
`@@ -41,6 +41,8 @@ void svm_vmrun(unsigned long l2_vmcb_pa);`
`41`	`41`	`#define L2_SENTINEL 0xc0ffeeULL`
`42`	`42`	`static volatile uint64_t l2_handshake;`
`43`	`43`
	`44`	`+#define GDT_DESC_BYTES 8`
	`45`	`+`
`44`	`46`	`static uint16_t user_desc_vmcb_attr(const user_desc *desc)`
`45`	`47`	`{`
`46`	`48`	`return desc->type \|`
`@@ -63,7 +65,6 @@ static bool selector_is_null(uint16_t sel)`
`63`	`65`	`static void vmcb_set_seg_desc(struct vmcb_seg seg, const user_desc gdt,`
`64`	`66`	`uint16_t gdt_limit, uint16_t sel)`
`65`	`67`	`{`
`66`		`- const uint16_t desc_size = 8;`
`67`	`68`	`uint16_t sel_offset = sel & ~(X86_SEL_TI \| X86_SEL_RPL_MASK);`
`68`	`69`	`const user_desc *desc;`
`69`	`70`
`@@ -77,8 +78,9 @@ static void vmcb_set_seg_desc(struct vmcb_seg seg, const user_desc gdt,`
`77`	`78`	`return;`
`78`	`79`	`}`
`79`	`80`
	`81`	`+ /* Verify the descriptor's last byte still lies within the GDT limit. */`
`80`	`82`	`if ( (sel & X86_SEL_TI) \|\|`
`81`		`- (sel_offset + desc_size - 1 > gdt_limit) )`
	`83`	`+ (sel_offset + GDT_DESC_BYTES - 1 > gdt_limit) )`
`82`	`84`	`{`
`83`	`85`	`seg->attr = 0;`
`84`	`86`	`seg->limit = 0;`