1. Patchew
  2. QEMU
  3. [PATCH v3 00/59] target/arm/hvf: Consolidate
  4. View patch

[PATCH v3 50/59] target/arm/hvf: Do not abort in hvf_arm_get_*_ipa_bit_size()

Philippe Mathieu-Daudé posted 59 patches 3 months, 2 weeks ago
Maintainers: Richard Henderson <richard.henderson@linaro.org>, Paolo Bonzini <pbonzini@redhat.com>, "Philippe Mathieu-Daudé" <philmd@linaro.org>, Cameron Esfahani <dirty@apple.com>, Roman Bolshakov <rbolshakov@ddn.com>, Phil Dennis-Jordan <phil@philjordan.eu>, Mads Ynddal <mads@ynddal.dk>, Peter Maydell <peter.maydell@linaro.org>, Alexander Graf <agraf@csgraf.de>, Stefan Hajnoczi <stefanha@redhat.com>
There is a newer version of this series
[PATCH v3 50/59] target/arm/hvf: Do not abort in hvf_arm_get_*_ipa_bit_size()
Posted by Philippe Mathieu-Daudé 3 months, 2 weeks ago 
Do not abort in hvf_arm_get_default_ipa_bit_size()
and hvf_arm_get_max_ipa_bit_size() when the IPA can
not be fetched. Return 0 (and document it).

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
 target/arm/hvf_arm.h | 11 +++++++++++
 target/arm/hvf/hvf.c |  8 ++------
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/target/arm/hvf_arm.h b/target/arm/hvf_arm.h
index ea82f2691df..21a69e7d105 100644
--- a/target/arm/hvf_arm.h
+++ b/target/arm/hvf_arm.h
@@ -22,7 +22,18 @@ void hvf_arm_init_debug(void);
 
 void hvf_arm_set_cpu_features_from_host(ARMCPU *cpu);
 
+/**
+ * hvf_arm_get_default_ipa_bit_size:
+ *
+ * Returns the default intermediate physical address bit length or 0 on error.
+ */
 uint32_t hvf_arm_get_default_ipa_bit_size(void);
+
+/**
+ * hvf_arm_get_max_ipa_bit_size:
+ *
+ * Returns the maximum intermediate physical address bit length or 0 on error.
+ */
 uint32_t hvf_arm_get_max_ipa_bit_size(void);
 
 #endif
diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c
index 0788b20cc05..5b077744720 100644
--- a/target/arm/hvf/hvf.c
+++ b/target/arm/hvf/hvf.c
@@ -829,24 +829,20 @@ uint32_t hvf_arm_get_default_ipa_bit_size(void)
 {
     uint32_t default_ipa_size;
     hv_return_t ret = hv_vm_config_get_default_ipa_size(&default_ipa_size);
-    assert_hvf_ok(ret);
-
-    return default_ipa_size;
+    return ret == HV_SUCCESS ? default_ipa_size : 0;
 }
 
 uint32_t hvf_arm_get_max_ipa_bit_size(void)
 {
     uint32_t max_ipa_size;
     hv_return_t ret = hv_vm_config_get_max_ipa_size(&max_ipa_size);
-    assert_hvf_ok(ret);
-
     /*
      * We clamp any IPA size we want to back the VM with to a valid PARange
      * value so the guest doesn't try and map memory outside of the valid range.
      * This logic just clamps the passed in IPA bit size to the first valid
      * PARange value <= to it.
      */
-    return round_down_to_parange_bit_size(max_ipa_size);
+    return ret == HV_SUCCESS ? round_down_to_parange_bit_size(max_ipa_size) : 0;
 }
 
 void hvf_arm_set_cpu_features_from_host(ARMCPU *cpu)
-- 
2.51.0
Re: [PATCH v3 50/59] target/arm/hvf: Do not abort in hvf_arm_get_*_ipa_bit_size()
Posted by Richard Henderson 3 months, 2 weeks ago 
On 10/28/25 06:42, Philippe Mathieu-Daudé wrote:
> Do not abort in hvf_arm_get_default_ipa_bit_size()
> and hvf_arm_get_max_ipa_bit_size() when the IPA can
> not be fetched. Return 0 (and document it).
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
> ---
>   target/arm/hvf_arm.h | 11 +++++++++++
>   target/arm/hvf/hvf.c |  8 ++------
>   2 files changed, 13 insertions(+), 6 deletions(-)

Doesn't this just lead to a nonsensical error_report, e.g.

-m and ,maxmem option values require an IPA range (XX bits) larger than the one supported 
by the host (0 bits)

?

Is there a reasonable way to populate an Error return?
I guess this only happens with older versions of Darwin, because surely we can always 
probe the supported IPA size...


r~
Re: [PATCH v3 50/59] target/arm/hvf: Do not abort in hvf_arm_get_*_ipa_bit_size()
Posted by Mohamed Mediouni 2 weeks, 6 days ago 

> On 28. Oct 2025, at 13:06, Richard Henderson <richard.henderson@linaro.org> wrote:
> 
> because surely we can always probe the supported IPA size.


APIs for that were added on macOS 13.

Prior to that release, the only safe thing to do was to assume 36-bit.

But since then, there has been macOS 14, 15 and 26, so the support policy might still allow dropping this...
Re: [PATCH v3 50/59] target/arm/hvf: Do not abort in hvf_arm_get_*_ipa_bit_size()
Posted by Philippe Mathieu-Daudé 3 weeks, 1 day ago 
On 28/10/25 13:06, Richard Henderson wrote:
> On 10/28/25 06:42, Philippe Mathieu-Daudé wrote:
>> Do not abort in hvf_arm_get_default_ipa_bit_size()
>> and hvf_arm_get_max_ipa_bit_size() when the IPA can
>> not be fetched. Return 0 (and document it).
>>
>> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
>> ---
>>   target/arm/hvf_arm.h | 11 +++++++++++
>>   target/arm/hvf/hvf.c |  8 ++------
>>   2 files changed, 13 insertions(+), 6 deletions(-)
> 
> Doesn't this just lead to a nonsensical error_report, e.g.
> 
> -m and ,maxmem option values require an IPA range (XX bits) larger than 
> the one supported by the host (0 bits)
> 
> ?
> 
> Is there a reasonable way to populate an Error return?
> I guess this only happens with older versions of Darwin, because surely 
> we can always probe the supported IPA size...

I suppose (it came from 
https://gitlab.com/qemu-project/qemu/-/issues/2981). Let's drop this for 
now.

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.