[PATCH v2] ppc/pnv: fix dumpdtb option

[PATCH v2] ppc/pnv: fix dumpdtb option

[Shivang Upadhyay]

The '-machine dumpdtb' command line option stopped working on
PowerPC/pnv systems after recent design change [1].

Fixing this by generating fdt blob in `pnv_init`.

[1] https://lore.kernel.org/qemu-devel/20250206151214.2947842-1-peter.maydell@linaro.org/

Cc: Aditya Gupta <adityag@linux.ibm.com>
Cc: Harsh Prateek Bora <harshpb@linux.ibm.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: BALATON Zoltan <balaton@eik.bme.hu>
Cc: qemu-stable@nongnu.org
Fixes: 8fd2518ef2f8d34 ("hw: Centralize handling of -machine dumpdtb option")
Signed-off-by: Shivang Upadhyay <shivangu@linux.ibm.com>

---
Changes

V2:
    * added fdt_pack to newly generated fdt in pnv_init
    * cleared the fdt generation code from pnv_reset

V1:
    * https://lore.kernel.org/all/20260225081037.21990-1-shivangu@linux.ibm.com/
---
 hw/ppc/pnv.c | 25 ++++++-------------------
 1 file changed, 6 insertions(+), 19 deletions(-)

diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
index 1513575b8f..7e54b6bc60 100644
--- a/hw/ppc/pnv.c
+++ b/hw/ppc/pnv.c
@@ -773,26 +773,8 @@ static void pnv_reset(MachineState *machine, ResetType type)
         }
     }
 
-    if (machine->fdt) {
-        fdt = machine->fdt;
-    } else {
-        fdt = pnv_dt_create(machine);
-        /* Pack resulting tree */
-        _FDT((fdt_pack(fdt)));
-    }
-
+    fdt = machine->fdt;
     cpu_physical_memory_write(PNV_FDT_ADDR, fdt, fdt_totalsize(fdt));
-
-    /* Update machine->fdt with latest fdt */
-    if (machine->fdt != fdt) {
-        /*
-         * Set machine->fdt for 'dumpdtb' QMP/HMP command. Free
-         * the existing machine->fdt to avoid leaking it during
-         * a reset.
-         */
-        g_free(machine->fdt);
-        machine->fdt = fdt;
-    }
 }
 
 static ISABus *pnv_chip_power8_isa_create(PnvChip *chip, Error **errp)
@@ -1261,6 +1243,11 @@ static void pnv_init(MachineState *machine)
     if (pmc->i2c_init) {
         pmc->i2c_init(pnv);
     }
+
+    if (!machine->fdt) {
+        machine->fdt = pnv_dt_create(machine);
+        _FDT((fdt_pack(machine->fdt)));
+    }
 }
 
 /*
-- 
2.53.0

Re: [PATCH v2] ppc/pnv: fix dumpdtb option

[Peter Maydell]

On Wed, 11 Mar 2026 at 14:36, Shivang Upadhyay <shivangu@linux.ibm.com> wrote:
>
> The '-machine dumpdtb' command line option stopped working on
> PowerPC/pnv systems after recent design change [1].
>
> Fixing this by generating fdt blob in `pnv_init`.
>
> [1] https://lore.kernel.org/qemu-devel/20250206151214.2947842-1-peter.maydell@linaro.org/
>
> Cc: Aditya Gupta <adityag@linux.ibm.com>
> Cc: Harsh Prateek Bora <harshpb@linux.ibm.com>
> Cc: Peter Maydell <peter.maydell@linaro.org>
> Cc: BALATON Zoltan <balaton@eik.bme.hu>
> Cc: qemu-stable@nongnu.org
> Fixes: 8fd2518ef2f8d34 ("hw: Centralize handling of -machine dumpdtb option")
> Signed-off-by: Shivang Upadhyay <shivangu@linux.ibm.com>
>
> ---

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

thanks
-- PMM

Re: [PATCH v2] ppc/pnv: fix dumpdtb option

[Shivang Upadhyay]

On Wed, 2026-03-11 at 14:57 +0000, Peter Maydell wrote:
> On Wed, 11 Mar 2026 at 14:36, Shivang Upadhyay
> <shivangu@linux.ibm.com> wrote:
> > 
> > The '-machine dumpdtb' command line option stopped working on
> > PowerPC/pnv systems after recent design change [1].
> > 
> > Fixing this by generating fdt blob in `pnv_init`.
> > 
> > [1]
> > https://lore.kernel.org/qemu-devel/20250206151214.2947842-1-peter.maydell@linaro.org/
> > 
> > Cc: Aditya Gupta <adityag@linux.ibm.com>
> > Cc: Harsh Prateek Bora <harshpb@linux.ibm.com>
> > Cc: Peter Maydell <peter.maydell@linaro.org>
> > Cc: BALATON Zoltan <balaton@eik.bme.hu>
> > Cc: qemu-stable@nongnu.org
> > Fixes: 8fd2518ef2f8d34 ("hw: Centralize handling of -machine
> > dumpdtb option")
> > Signed-off-by: Shivang Upadhyay <shivangu@linux.ibm.com>
> > 
> > ---
> 
> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

Thanks.

~shivang.

Re: [PATCH v2] ppc/pnv: fix dumpdtb option

[Aditya Gupta]

On 26/03/11 08:05PM, Shivang Upadhyay wrote:
> The '-machine dumpdtb' command line option stopped working on
> PowerPC/pnv systems after recent design change [1].
> 
> Fixing this by generating fdt blob in `pnv_init`.
> 
> [1] https://lore.kernel.org/qemu-devel/20250206151214.2947842-1-peter.maydell@linaro.org/
> 
> Cc: Aditya Gupta <adityag@linux.ibm.com>
> Cc: Harsh Prateek Bora <harshpb@linux.ibm.com>
> Cc: Peter Maydell <peter.maydell@linaro.org>
> Cc: BALATON Zoltan <balaton@eik.bme.hu>
> Cc: qemu-stable@nongnu.org
> Fixes: 8fd2518ef2f8d34 ("hw: Centralize handling of -machine dumpdtb option")
> Signed-off-by: Shivang Upadhyay <shivangu@linux.ibm.com>
> 
> <...snip...>
> 
>  static ISABus *pnv_chip_power8_isa_create(PnvChip *chip, Error **errp)
> @@ -1261,6 +1243,11 @@ static void pnv_init(MachineState *machine)
>      if (pmc->i2c_init) {
>          pmc->i2c_init(pnv);
>      }
> +
> +    if (!machine->fdt) {
> +        machine->fdt = pnv_dt_create(machine);
> +        _FDT((fdt_pack(machine->fdt)));
> +    }

This if check is not needed, pnv_init is only called once during start,
and machine->fdt will always be NULL, so we can just assign machine->fdt
directly.

Rest all looks fine to me.

Thanks,
- Aditya G

Re: [PATCH v2] ppc/pnv: fix dumpdtb option

[Aditya Gupta]

On 26/03/13 11:45AM, Aditya Gupta wrote:
> On 26/03/11 08:05PM, Shivang Upadhyay wrote:
> > The '-machine dumpdtb' command line option stopped working on
> > PowerPC/pnv systems after recent design change [1].
> > 
> > Fixing this by generating fdt blob in `pnv_init`.
> > 
> > [1] https://lore.kernel.org/qemu-devel/20250206151214.2947842-1-peter.maydell@linaro.org/
> > 
> > Cc: Aditya Gupta <adityag@linux.ibm.com>
> > Cc: Harsh Prateek Bora <harshpb@linux.ibm.com>
> > Cc: Peter Maydell <peter.maydell@linaro.org>
> > Cc: BALATON Zoltan <balaton@eik.bme.hu>
> > Cc: qemu-stable@nongnu.org
> > Fixes: 8fd2518ef2f8d34 ("hw: Centralize handling of -machine dumpdtb option")
> > Signed-off-by: Shivang Upadhyay <shivangu@linux.ibm.com>
> > 
> > <...snip...>
> > 
> >  static ISABus *pnv_chip_power8_isa_create(PnvChip *chip, Error **errp)
> > @@ -1261,6 +1243,11 @@ static void pnv_init(MachineState *machine)
> >      if (pmc->i2c_init) {
> >          pmc->i2c_init(pnv);
> >      }
> > +
> > +    if (!machine->fdt) {
> > +        machine->fdt = pnv_dt_create(machine);
> > +        _FDT((fdt_pack(machine->fdt)));
> > +    }
> 
> This if check is not needed, pnv_init is only called once during start,
> and machine->fdt will always be NULL, so we can just assign machine->fdt
> directly.

Just noticed this can happen if dtb is passed, please ignore this
comment.

The patch looks good to me, will test and give rb.

Thanks,
- Aditya G

> 
> Rest all looks fine to me.
> 
> Thanks,
> - Aditya G
> 
> 

Re: [PATCH v2] ppc/pnv: fix dumpdtb option

[Aditya Gupta]

On 26/03/11 08:05PM, Shivang Upadhyay wrote:
> The '-machine dumpdtb' command line option stopped working on
> PowerPC/pnv systems after recent design change [1].
> 
> Fixing this by generating fdt blob in `pnv_init`.
> 
> [1] https://lore.kernel.org/qemu-devel/20250206151214.2947842-1-peter.maydell@linaro.org/
> 
> Cc: Aditya Gupta <adityag@linux.ibm.com>
> Cc: Harsh Prateek Bora <harshpb@linux.ibm.com>
> Cc: Peter Maydell <peter.maydell@linaro.org>
> Cc: BALATON Zoltan <balaton@eik.bme.hu>
> Cc: qemu-stable@nongnu.org
> Fixes: 8fd2518ef2f8d34 ("hw: Centralize handling of -machine dumpdtb option")
> Signed-off-by: Shivang Upadhyay <shivangu@linux.ibm.com>

Looks good to me.

Reviewed-by: Aditya Gupta <adityag@linux.ibm.com>

Thanks,
- Aditya G

Re: [PATCH v2] ppc/pnv: fix dumpdtb option

[Shivang Upadhyay]

On Fri, 2026-03-13 at 16:50 +0530, Aditya Gupta wrote:
> 
> Looks good to me.
> 
> Reviewed-by: Aditya Gupta <adityag@linux.ibm.com>
> 
> Thanks,
> - Aditya G

Thanks Aditya G.

~Shivang.

Re: [PATCH v2] ppc/pnv: fix dumpdtb option

[Shivang Upadhyay]

On Fri, 2026-03-13 at 16:50 +0530, Aditya Gupta wrote:
> 
> Looks good to me.
> 
> Reviewed-by: Aditya Gupta <adityag@linux.ibm.com>
> 
> Thanks,
> - Aditya G
Thanks Aditya.

~Shivang.

Re: [PATCH v2] ppc/pnv: fix dumpdtb option

[Nathan Chancellor]

Hi Shivang,

On Wed, Mar 11, 2026 at 08:05:49PM +0530, Shivang Upadhyay wrote:
> The '-machine dumpdtb' command line option stopped working on
> PowerPC/pnv systems after recent design change [1].
> 
> Fixing this by generating fdt blob in `pnv_init`.
> 
> [1] https://lore.kernel.org/qemu-devel/20250206151214.2947842-1-peter.maydell@linaro.org/
> 
> Cc: Aditya Gupta <adityag@linux.ibm.com>
> Cc: Harsh Prateek Bora <harshpb@linux.ibm.com>
> Cc: Peter Maydell <peter.maydell@linaro.org>
> Cc: BALATON Zoltan <balaton@eik.bme.hu>
> Cc: qemu-stable@nongnu.org
> Fixes: 8fd2518ef2f8d34 ("hw: Centralize handling of -machine dumpdtb option")
> Signed-off-by: Shivang Upadhyay <shivangu@linux.ibm.com>
> 
> ---
> Changes
> 
> V2:
>     * added fdt_pack to newly generated fdt in pnv_init
>     * cleared the fdt generation code from pnv_reset
> 
> V1:
>     * https://lore.kernel.org/all/20260225081037.21990-1-shivangu@linux.ibm.com/
> ---
>  hw/ppc/pnv.c | 25 ++++++-------------------
>  1 file changed, 6 insertions(+), 19 deletions(-)
> 
> diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
> index 1513575b8f..7e54b6bc60 100644
> --- a/hw/ppc/pnv.c
> +++ b/hw/ppc/pnv.c
> @@ -773,26 +773,8 @@ static void pnv_reset(MachineState *machine, ResetType type)
>          }
>      }
>  
> -    if (machine->fdt) {
> -        fdt = machine->fdt;
> -    } else {
> -        fdt = pnv_dt_create(machine);
> -        /* Pack resulting tree */
> -        _FDT((fdt_pack(fdt)));
> -    }
> -
> +    fdt = machine->fdt;
>      cpu_physical_memory_write(PNV_FDT_ADDR, fdt, fdt_totalsize(fdt));
> -
> -    /* Update machine->fdt with latest fdt */
> -    if (machine->fdt != fdt) {
> -        /*
> -         * Set machine->fdt for 'dumpdtb' QMP/HMP command. Free
> -         * the existing machine->fdt to avoid leaking it during
> -         * a reset.
> -         */
> -        g_free(machine->fdt);
> -        machine->fdt = fdt;
> -    }
>  }
>  
>  static ISABus *pnv_chip_power8_isa_create(PnvChip *chip, Error **errp)
> @@ -1261,6 +1243,11 @@ static void pnv_init(MachineState *machine)
>      if (pmc->i2c_init) {
>          pmc->i2c_init(pnv);
>      }
> +
> +    if (!machine->fdt) {
> +        machine->fdt = pnv_dt_create(machine);
> +        _FDT((fdt_pack(machine->fdt)));
> +    }
>  }
>  
>  /*
> -- 
> 2.53.0
> 
> 

After this patch landed in QEMU master as commit a16d4c2f16 ("ppc/pnv:
fix dumpdtb option"), I am seeing a hang on shutdown. With the files
available at [1]:

  $ qemu-system-ppc64 \
      -display none \
      -nodefaults \
      -device ipmi-bmc-sim,id=bmc0 \
      -device isa-ipmi-bt,bmc=bmc0,irq=10 \
      -machine powernv \
      -kernel zImage.epapr \
      -initrd rootfs.cpio \
      -m 2G \
      -serial mon:stdio
  ...
  [    1.308982][    T1] Run /init as init process
  [    1.626933][   T48] mount (48) used greatest stack depth: 27552 bytes left
  [    2.044092][   T53] mount (53) used greatest stack depth: 27472 bytes left
  Saving 256 bits of creditable seed for next boot
  Starting syslogd: OK
  Starting klogd: [    2.993121][   T68] start-stop-daem (68) used greatest stack depth: 27360 bytes left
  OK
  Running sysctl: [    3.576155][   T76] logger (76) used greatest stack depth: 27104 bytes left
  OK
  Starting network: [    3.955094][   T82] run-parts (82) used greatest stack depth: 26864 bytes left
  [    4.087124][   T84] ip (84) used greatest stack depth: 26816 bytes left
  OK
  Linux version 7.0.0-rc5 (nathan@ax162) (powerpc64-linux-gcc (GCC) 15.2.0, GNU ld (GNU Binutils) 2.45) #1 SMP PREEMPT Mon Mar 23 14:40:47 MST 2026
  Stopping network: OK
  Stopping klogd: OK
  Stopping syslogd: OK
  Seeding 256 bits and crediting
  Saving 256 bits of creditable seed for next boot
  umount: devtmpfs busy - remounted read-only
  The system is going down NOW!
  Sent SIGTERM to all processes
  Sent SIGKILL to all processes
  Requesting system poweroff
  [    8.177326][  T111] reboot: Power down
  [   13.204993942,5] OPAL: Shutdown request type 0x0...

and QEMU just hangs after the shutdown print. At the parent change, the
machine shuts down cleanly. If there is any other information I can
provide or patches I can test, I am more than happy to do so.

[1]: https://github.com/nathanchance/bug-files/tree/4e7f04b87d0f8c604365be15f1dead97a08e5aa4/qemu-a16d4c2f162a86db1f84ef0836d42eabaf57fe69

Cheers,
Nathan

# bad: [eb153d8fd3be325a5aa7e1a6a73be8854eeaaf27] Merge tag 'pull-target-arm-20260323' of https://gitlab.com/pm215/qemu into staging
# good: [559919ce54927d59b215a4665eda7ab6118a48aa] Merge tag 'pull-trivial-patches' of https://gitlab.com/mjt0k/qemu into staging
git bisect start 'eb153d8fd3be325a5aa7e1a6a73be8854eeaaf27' '559919ce54927d59b215a4665eda7ab6118a48aa'
# bad: [5a68a3add61208aad34d47134fdcfd3f407d2ce4] Update version for v11.0.0-rc0 release
git bisect bad 5a68a3add61208aad34d47134fdcfd3f407d2ce4
# bad: [f520fc4b047a2ecd026afa4e71a4e22fce4ed4cb] Merge tag 'for-11.0-pull-request' of https://gitlab.com/marcandre.lureau/qemu into staging
git bisect bad f520fc4b047a2ecd026afa4e71a4e22fce4ed4cb
# good: [f47a5a3d47fdcc577ed009b414a07d1de483d1e1] coreaudio: Commit the result of init in the end
git bisect good f47a5a3d47fdcc577ed009b414a07d1de483d1e1
# good: [ceaa7da4c4e78d355483753cdc7a7062cae0fd54] Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
git bisect good ceaa7da4c4e78d355483753cdc7a7062cae0fd54
# good: [60ed428e5d628c50bbd40f159bf13d40ee38628a] Merge tag 'pull-block-2026-03-17' of https://gitlab.com/hreitz/qemu into staging
git bisect good 60ed428e5d628c50bbd40f159bf13d40ee38628a
# good: [461632f0b1cb2c5c29ba9875857637e3356b903c] coreaudio: Initialize the buffer for device change
git bisect good 461632f0b1cb2c5c29ba9875857637e3356b903c
# bad: [c9dbd923f7ac291a4b5560b156898954d76e5ffa] Merge tag 'pull-ppc-for-11.0-hardfreeze-20260317' of https://gitlab.com/harshpb/qemu into staging
git bisect bad c9dbd923f7ac291a4b5560b156898954d76e5ffa
# bad: [a16d4c2f162a86db1f84ef0836d42eabaf57fe69] ppc/pnv: fix dumpdtb option
git bisect bad a16d4c2f162a86db1f84ef0836d42eabaf57fe69
# first bad commit: [a16d4c2f162a86db1f84ef0836d42eabaf57fe69] ppc/pnv: fix dumpdtb option

Re: [PATCH v2] ppc/pnv: fix dumpdtb option

[Shivang Upadhyay]

On Mon, 2026-03-23 at 16:16 -0700, Nathan Chancellor wrote:
> 
> and QEMU just hangs after the shutdown print. At the parent change,
> the
> machine shuts down cleanly. If there is any other information I can
> provide or patches I can test, I am more than happy to do so.
> 
> [1]:
> https://github.com/nathanchance/bug-files/tree/4e7f04b87d0f8c604365be15f1dead97a08e5aa4/qemu-a16d4c2f162a86db1f84ef0836d42eabaf57fe69
> 
> Cheers,
> Nathan
> 
Hi Nathan,

Thanks for reporting this, I am looking into this.

~Shivang.

Re: [PATCH v2] ppc/pnv: fix dumpdtb option

[Shivang Upadhyay]

On Mon, 2026-03-23 at 16:16 -0700, Nathan Chancellor wrote:
> 
> After this patch landed in QEMU master as commit a16d4c2f16
> ("ppc/pnv:
> fix dumpdtb option"), I am seeing a hang on shutdown. With the files
> available at [1]:
> 
>   $ qemu-system-ppc64 \
>       -display none \
>       -nodefaults \
>       -device ipmi-bmc-sim,id=bmc0 \
>       -device isa-ipmi-bt,bmc=bmc0,irq=10 \
>       -machine powernv \
>       -kernel zImage.epapr \
>       -initrd rootfs.cpio \
>       -m 2G \
>       -serial mon:stdio
>   ...
>   [    1.308982][    T1] Run /init as init process
> 
Hi Nathan,

 I have root-casued this issue. During discussion for this bug [1], I
made assumption about dtb not changing during between resets. To handle
that I removed the dt_recreation logic from `pnv_init` code.

But, As in your case the bmc details are provided from command line,
the bmc device is not present during `pnv_init`. And later on during
device initialization it gets filled with correct details. `pnv_reset`
is also called to start the cpu also, So previously the correct bmc
details were populated.

To handle this case, I should add the dt recreation logic to the "bmc
details found" case. [2].

Thanks for finding this case.

[1]https://lore.kernel.org/all/7yq2eac5yzsx2ve2nwbs7uhjguemravsimtm26dkgppeczqmix@wtrwux3aeswg/
[2]
https://gitlab.com/qemu-project/qemu/-/blob/master/hw/ppc/pnv.c?ref_type=heads#L772

~Shivang.

Re: [PATCH v2] ppc/pnv: fix dumpdtb option

[Peter Maydell]

On Tue, 24 Mar 2026 at 08:42, Shivang Upadhyay <shivangu@linux.ibm.com> wrote:
>
> On Mon, 2026-03-23 at 16:16 -0700, Nathan Chancellor wrote:
> >
> > After this patch landed in QEMU master as commit a16d4c2f16
> > ("ppc/pnv:
> > fix dumpdtb option"), I am seeing a hang on shutdown. With the files
> > available at [1]:
> >
> >   $ qemu-system-ppc64 \
> >       -display none \
> >       -nodefaults \
> >       -device ipmi-bmc-sim,id=bmc0 \
> >       -device isa-ipmi-bt,bmc=bmc0,irq=10 \
> >       -machine powernv \
> >       -kernel zImage.epapr \
> >       -initrd rootfs.cpio \
> >       -m 2G \
> >       -serial mon:stdio
> >   ...
> >   [    1.308982][    T1] Run /init as init process
> >
> Hi Nathan,
>
>  I have root-casued this issue. During discussion for this bug [1], I
> made assumption about dtb not changing during between resets. To handle
> that I removed the dt_recreation logic from `pnv_init` code.
>
> But, As in your case the bmc details are provided from command line,
> the bmc device is not present during `pnv_init`. And later on during
> device initialization it gets filled with correct details. `pnv_reset`
> is also called to start the cpu also, So previously the correct bmc
> details were populated.
>
> To handle this case, I should add the dt recreation logic to the "bmc
> details found" case. [2].

You might also consider using qemu_add_machine_init_done_notifier()
to register a callback that happens after machine-init is complete
(i.e. all command-line created devices have been completed): if
I understand correctly that would be a valid place to create the DTB
(the machine-init-done hook is called after everything is created,
but before we process the dumpdtb option).

-- PMM

Re: [PATCH v2] ppc/pnv: fix dumpdtb option

[Shivang Upadhyay]

On Tue, 2026-03-24 at 10:14 +0000, Peter Maydell wrote:
> 
> You might also consider using qemu_add_machine_init_done_notifier()
> to register a callback that happens after machine-init is complete
> (i.e. all command-line created devices have been completed): if
> I understand correctly that would be a valid place to create the DTB
> (the machine-init-done hook is called after everything is created,
> but before we process the dumpdtb option).

Ah, That would be a good direction. Thanks Ill check on this, and
report.

~Shivang.

Re: [PATCH v2] ppc/pnv: fix dumpdtb option

[Shivang Upadhyay]

On Tue, 2026-03-24 at 15:51 +0530, Shivang Upadhyay wrote:
> On Tue, 2026-03-24 at 10:14 +0000, Peter Maydell wrote:
> > 
> > You might also consider using qemu_add_machine_init_done_notifier()
> > to register a callback that happens after machine-init is complete
> > (i.e. all command-line created devices have been completed): if
> > I understand correctly that would be a valid place to create the
> > DTB
> > (the machine-init-done hook is called after everything is created,
> > but before we process the dumpdtb option).
> 
> Ah, That would be a good direction. Thanks Ill check on this, and
> report.

I tried adding dt_create in qemu_add_machine_init_done_notifier hook,
and that Does fix the above case.

Thanks for the suggestion Peter. I should send a patch after the tests.

~Shivang.